Friday Squid Blogging: Squid Deception

This is a fantastic video of a squid attracting prey with a tentacle that looks like a smaller squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on July 27, 2018 at 4:12 PM • 175 Comments

Comments

albertJuly 27, 2018 4:31 PM

Not surprised, Congress moves slowly:

https://fas.org/blogs/secrecy/2018/07/ndaa-cyber/

"...Another provision in the new conference report says that the Department of Defense ought to be just as assertive and “aggressive” in cyberspace as it is elsewhere...."

In other words, cyber-war.

"...“The administration’s passivity in combating this campaign. . . will encourage rather than dissuade additional aggression.”..."

Or is it war against Trump?

Hard to tell nowadays...

. .. . .. --- ....

Alyer Babtu July 27, 2018 5:35 PM

Re intellectual security

Why has it become the norm that hardcopy and also e-copy books are of such abysmal, uneadable production quality ? Even the big distinguished houses who have for many decades onto a century published high level academic material now produce hardcopy of typically low pulp paperback quality, and e-books in which only the basic text is satisfactory, with most symbols or equation text usable only for a limited range of fonts and page shading. It’s doubly strange given the availability of things like Knuth’s TeX system.

ThothJuly 27, 2018 7:39 PM

@all

ProtonMail Address Verification Possibe Snake Oil.

Is the setting of verification flag done via client side javascript of server side codes ? Can I undo the flag quietly on the server side and inject the flags on-the-fly to trick the user ?

How is the verification set ? By using the private key to sign the email address on the client side via javascript ?

How is the display of the verification flag shown on the client browser side ? Is the signed email address presented to the browser and the browser using the owner public key to execute the verification on browser javascript or is it some server side magic and then simply embedding the trusted email image on the webpage and simply fed to naive clients ?

There is lots of snake oil floating around and somehow a huge lack of technical information on the website from what I can see.

gordoJuly 27, 2018 7:45 PM

Julian Assange's fate rests on death penalty assurances, Ecuador's President says

Moreno said the previous Ecuadorian government granted Assange asylum because it agreed his life was in danger. "The death penalty does not exist in Ecuador, and we knew that possibility existed... The only thing we want is a guarantee that his life will not be in danger," Moreno said.

https://www.cnn.com/2018/07/27/uk/julian-assange-ecuador-embassy-intl/index.html

---

Inter-American Court Ruling Benefits Julian Assange

The Inter-American Court of Human Rights ruled on Friday the right to seek asylum in embassies and other diplomatic compounds. The ruling includes a mandatory safe process, and the obligation of states to provide safe passage to those granted asylum. Without naming Julian Assange, the ruling was deemed a huge victory for the WikiLeaks founder who has been held up in the Ecuadorean embassy in London since 2012.

https://www.telesurtv.net/english/news/Inter-American-Court-Ruling-Benefits-Julian-Assange-20180713-0003.html

---

https://en.wikipedia.org/wiki/Non-refoulement

MarkHJuly 27, 2018 9:17 PM

Consequences of GPS Vulnerability

Many who read this website will be aware that the Global Positioning System uses low-power radio signals, which render GPS easy to jam ...

and that the civil signals lack encryption, which render GPS easy to spoof (for almost all of its users).

What I hadn't given any thought to, was the cascade of consequences that would surely ensue from a GPS outage.

An article on Bloomberg tries to paint some picture of how fragile things are.

It tells of a 2016 January 26 incident in which a clerical error by USAF caused several GPS satellites to emit time codes with errors approaching 15 usec.

I don't know the innards of GPS, but apparently this timing error didn't cause the large navigation errors I would have expected. But lots of applications use GPS as a low-cost "atomic clock" stand-in rather than for navigation.

GPS is especially useful for networks requiring precise synchronization.

In consequence of the 2016 GPS timing fault, "cellphone towers lost their connections, U.S. police and fire stations reported communications errors, BBC radio signals were interrupted, and the telescope that tracks asteroids in Earth’s orbit went offline."
_________________________________________

I first became aware of the ubiquity of GPS timing when I was looking into systems to protect buried metallic infrastructure from corrosion. In the product descriptions from several manufacturers, I was surprised to see GPS mentioned.

My first thought was, "they can't need GPS to know where they buried these darn things in the ground!"

But from time to time these systems require a sort of "status test" in which the protection is briefly switched off, and measurements are made at various points along the buried infrastructure.

The precision requirement is low -- timing to 0.l second would be good enough, so in a sense GPS is super-overkill. But without it, the next best solution would be to establish some kind of communication network among the various nodes, which might be dispersed over a few hundred meters. GPS is simply the cheapest way to solve the synchronization problem.

In contrast, many of the GPS-as-clock applications require sub-microsecond accuracy ... from a system that is far too vulnerable to jamming or spoofing.

IsmarJuly 27, 2018 9:25 PM

&Toth
Can you elaborate on your snake oil claims and give an example of how the new features can be misused or defeated?
It can help us all to improve our understanding as well as help ProtonMail developers to fix the issues

WeatherJuly 27, 2018 10:10 PM

@Throuth when it gets to there sever they encrypt it, sometimes with a self destruct time, there app holds your keys, stopping there encryption being easy for them,
but the cell phone could,
just didn't won't to trust Gmail

Clive RobinsonJuly 27, 2018 10:32 PM

@ MarkH,

But lots of applications use GPS as a low-cost "atomic clock" stand-in rather than for navigation.

They use them for two things,

1, Frequency Stability.
2, Timing/sequrncy Stability.

If you look for GPS disciplined oscillator (GPSDO) you will find that there are two outputs,

1, 10MHz.
3, 1pps.

The first is a very high stability output aproaching that available from the best atomic clocks. Whilst usefull in test equipment and for carrier stabalisation in communications equipment it has limitations.

To successfuly send data communications not only do you need accurate frequency refrences if there are more than two directly connected nodes you need highly accurate data synchronization, which you can get from thr 1pps output.

The advantage of GPS is that in effect it synthesizes a highly accurate time refrence at the center of the earth. If you assume the earth is a true sphere[1] then it's easy to visualise that a pulse rise will arive at all places on the surface of the spere at the same time. This enables a complex multinode network to be kept correctly synchronised which a frequency refrence alone can not do.

The down side of course is what happens if GPS goes wrong or off?

The simplistic answer is that there are two other systems besides the US system. The big problem is that they are independent not synchronized. So whilst you could switch from one to another one for frequency stability, you can not do that for time synchronization...

It's the sort of thing that keeps some engineers --myself included-- awake at nights, for a whole host of reasons it's difficult for other engineers to even guess at, let alone other people.

For instance, with FM broadcast transmitters, there are a limited number of channels and a limited coverage area for the individual transmitter based on it's ERP and RF Horizon. The old way to cover larger areas was to use multiple channels in a "four colour" arangment. There are not the number of channels to go around these days so "on frequency repeaters" are the way things are going. Thus you have two transmitters on the same frequency, which if exactly the same does not produce "beat notes". The problem with Frequency Modulation is keeping not just the RF frequency and phase the same but also the modulation in synchronization. Whilst this can be done with DSP systems on the test bench, doing it on widely geographically dispersed systems needs a global or near global synchronization signal, which is what a GPSDO system can give you.

[1] Which it is not, it's an oblate spheroid (bulges at the equator). However you can "correct" back to the assumption of a true sphere if you alow for not just geographic hight but the movment of the moon and other celestial bodies.

Clive RobinsonJuly 27, 2018 10:39 PM

@ (required),

15 bits per HOUR though? Kind of a head scratcher.

Not realy, think in terms of how many AES 128bit keys you could "brut force" check in the length of time it would take to leak one key bit thus halve your brut force search space...

WeatherJuly 27, 2018 11:46 PM

@clive I will think about it, but am can have multiple data if locked, you can send two signals and make the maths binary

echoJuly 28, 2018 12:50 AM

Disentangling the politics of drugs policy is a bit difficult when politicians hide behind narrow cases and obfuscation. In the UK there is a very strong link between doctors and the police and state power, and buying lobby groups off and controlling the narrative for political advancement. I personally would prefer to hear the unfiltered message based on the science and the law not PR through the lens of job titles and turf wars and personal agendas.

https://www.independent.co.uk/news/health/medical-cannabis-uk-prescription-legal-epilepsy-pain-relief-home-office-moj-nhs-a8464766.html
Medical cannabis to be available on prescription in UK after being approved for use by government. Home secretary says change is 'in no way a first step to the legalisation of cannabis for recreational use'

https://www.theguardian.com/society/2018/jul/27/middle-class-cocaine-use-fuels-londons-rising-violence-says-sadiq-khan-knife-crime
Middle-class cocaine use fuels London's rising violence, says Sadiq Khan. Mayor says action needed against party-goers who buy drug as well as gang members.

The Brexit result was a result of poverty and low education and peer pressure. All of this combined into an action of "national self-harm". In an ironic and very unfaunny way the advisory referendum has been turned into a battering ram by a minority of millionaire fantasist extremist politicians exherting control over a government only propped up by a minority regional party who make Saudi Arabian Mullahs look moderate and who are, surprise surprise, holding up abortion law reform among other things.

https://www.jrf.org.uk/report/brexit-vote-explained-poverty-low-skills-and-lack-opportunities
Brexit vote explained: poverty, low skills and lack of opportunities.

@gordo

Julian Assange was wanted for rape in Sweden. Sweden had no right to extradite to the US on the back of an extradition to Sweden. All of these are settled facts. I would have more time for Julian assange if he tried to stop gaslighting this off the stage. It's not all about Julian Assange and his smoke and mirrors hysterics.

ThothJuly 28, 2018 12:58 AM

@Ismar

Please re-read my entire post from 2nd paragraph onwards. It already contains an attack scenario in it.

Gunter KönigsmannJuly 28, 2018 1:10 AM

GPS and timing: Each sattelite contains an accurate clock and in theory all you need to do is to measure the time difference in when the signals arrive: If the signal from Sattelite A Arrives 1ns later at your place than the signal from Sattelite B you are 30cm nearer to Sattelite A than to Sattelite B. With a third Sattelite you can triangulate your position without the height, with a 4th Sattelite the height, as well.

All you need is the exact place the sattelites are in.

In reality the moment the GPS sattelites send their signals relative to each other is varied from time to time and the datastream from the sattelites is equipped with enough info (in encrypted form) to accurately know everything you need - lest you have bought the right keys.

If the signal is meddled with its cryptographic protection might show that. But if you capture the signal you see and send it out again near to your local UPS headquarter all they see is the increased signal strength (which commercial receivers don't complain about) and your position: You did capture a signal with a valid datastream.

Perhaps testing if a GPS receiver at the other end of the ship if it sees a different position than the one on your end might be a good protection against that, besides measuring the signal strength.

Wesley ParishJuly 28, 2018 3:18 AM

Fun-n-games on the Inquirer:

https://www.theinquirer.net/inquirer/news/3036559/boffins-just-made-it-tougher-to-beat-iris-hackers-with-dead-eyeballs

https://www.theinquirer.net/inquirer/news/3036616/swann-security-cameras-fixed-after-major-security-flaw-discovered-again

and another from ElReg:

https://www.theregister.co.uk/2018/07/27/screaming_channels_attack/

The paper describing their work, “Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers”, explains that the physical mechanism involved is very simple. “Leakage from digital logic is inadvertently mixed with the radio carrier, which is amplified and then transmitted by the antenna”, because “mixed-signal chips include both digital circuits and analog circuits on the same silicon die in close physical proximity,” the paper says.

Happy, happy, joy, joy!!!

Johnny DebtJuly 28, 2018 4:45 AM

In Ubuntu systems, look at the file:

/etc/update-motd.d/50-motd-news.

It contains the line USER_AGENT="curl/$curl_ver $lsb $platform $cpu $uptime".

It means that your system platform, CPU type and uptime are transmitted when downloading the Ubuntu message of the day.

echoJuly 28, 2018 6:35 AM

The limits of cognition? I note bruce's papaer on Twofish mention tha the wanted to design an encryption scheme that could be held in a persons head. With respectto this study, which determind the total number of favourite places at any point in time, and other limits what does this mean for organisations and security and policy and law and other similar technical-social structures?

https://www.inverse.com/article/47538-human-movement-study-25-places

RGJuly 28, 2018 7:02 AM

In a remarkable game of poker, the USA is outfoxing China

Trump trashing everyone was a brilliant ploy. From Canada[1] we learn the actual immensely coherent plan closely working with our allies. Pure genesis compared to our current fragmented losing trade and geopolitical approach.

“To protect American and European companies better from unfair global trade practices,” the U.S. and EU said in a clear reference to China, “we will therefore work closely together with like-minded partners to reform the WTO and to address unfair trading practices, including intellectual property theft, forced technology transfer, industrial subsidies, distortions created by state owned enterprises, and overcapacity.”
https://business.financialpost.com/opinion/lawrence-solomon-trump-just-unveiled-the-new-trade-world-order-canada-not-included

[1] Canada did not play ball so is (rather mockingly) labeled a 'National Security Threat'

File under: American MSM Worthless

echoJuly 28, 2018 7:09 AM

@RG

I regard "national security threat" like a drunk using alchohol at a works crhistmas party to cover up a sexual assault. It's the same none logic.

AlejandroJuly 28, 2018 8:13 AM

There was recent discussion here about why I gave up my old friend CCleaner. Since then I've tried a few alternatives that had their own issues.

However, one route for Windows users that might be helpful is to create your own utility using the built-in OS app:

1. Rt Click anywhere on desktop. Select: New/Shortcut.
2. Browse to, or enter: C:\Windows\System32\cleanmgr.exe
3. Next
4. Enter a name like WinCleaner
5. Click Finish. Try it out.

The first time I used it, the cleaner found 3.5G, yes gigabytes, of old Windows update files that could be deleted. Good!

Also, it doesn't make persistent WAN connections, phone home at all hours or route traffic through foreign countries like some other app might.

I use the Windows app and Bleachbit alternately. Bleachbit isn't quite as thorough or complete as CCleaner, but it stays local on the machine without chit-chat, etc.

https://www.bleachbit.org/download

You can manually clean your own registry, too but small mistakes might make it more interesting than you would like. Create a Restore Point or Export the registry first.

CallMeLateForSupperJuly 28, 2018 8:48 AM

@MarkH

Thanks for the link to the Bloomberg article (GPS). Timing is long-time pet interest of mine, and GPS a long-time concern.

echoJuly 28, 2018 8:49 AM

I only just learned of the UK "Tempest" fighter project. Ordinarily I would be pelased that an initiative is being taken with industry. The problem is post-Brexit this is a little to close to nationalism and a distinct lack of ethical foreign policy for my liking not to mention a slight whiff of supremicism especially in some of the comments following this article. Meanwhile the homeless get blamed for being the wrong kind of policy and budget target.

A government without integrity.
Aircraft carriers without aircraft.
A banana republic without bananas.

I really don't understand the reasoning of some people.

https://ukdefencejournal.org.uk/boeing-would-be-thrilled-to-take-part-in-british-tempest-fighter-project/

@gordo

The charges against Assange were made and the only reason they were dropped as he knows full well is the Swedish statute of limitations and investigatory limits and one charge remains open. I will repeat again that Sweden couldn't by law extradite Assange to the US. All of the above is governed by law which Assange doesn't appear to get and why UK judges, extraditions and rape aside, are not very happy with him because of his contempt for the law.

bttbJuly 28, 2018 11:22 AM

@gordo, echo

Into the weeds regarding Assange, Wikileaks and 'Clinton related' email or information. From: https://www.newyorker.com/news/news-desk/what-the-latest-mueller-indictment-reveals-about-wikileaks-ties-to-russia-and-what-it-doesnt from July, 2018 :

"When did Russian intelligence give WikiLeaks the e-mails that it hacked from the Democratic National Committee and John Podesta, and how did it transmit them? Shortly after the election, James Clapper, then the director of National Intelligence, testified before Congress that American intelligence officials could not clearly pinpoint these facts. “We don’t have good insight into the sequencing of the releases, or when the data may have been provided,” he said. Today, almost two years later, and after months of investigation, we know a lot more than we once did. But our insight into the timing—at least from publicly available information—remains uncertain...."

And more from the same writer, Raffi Khatchadourian, on Assange and Wikileaks from August, 2017:

"The Ecuadorian Embassy in London is situated at the end of a wide brick lane, next to the Harrods department store, in Knightsbridge. Sometimes plainclothes police officers, or vans with tinted windows, can be found outside the building. Sometimes there are throngs of people around it. Sometimes there is virtually no one, which was the case in June, 2012, when Julian Assange, the publisher of WikiLeaks, arrived, disguised as a motorcycle courier, to seek political asylum. In the five years since then, he has not set foot beyond the Embassy. Nonetheless, he has become a global influence, proving that with simple digital tools a single person can craft a new kind of power—a distributed, transnational power, which functions outside norms of state sovereignty that have held for centuries. Encouraged by millions of supporters, Assange has interfered with the world’s largest institutions. His releases have helped fuel democratic uprisings—notably in Tunisia, where a revolution sparked the Arab Spring—and they have been submitted as evidence in human-rights cases around the world. At the same time, Assange’s methodology and his motivations have increasingly come under suspicion. During the Presidential election last year, he published tens of thousands of hacked e-mails written by Democratic operatives, releasing them at pivotal moments in the campaign. They provoked strikingly disparate receptions. “I love WikiLeaks,” Donald Trump declared, in exultant gratitude. After the election, Hillary Clinton argued that the releases had been instrumental in keeping her from the Oval Office...."

https://www.newyorker.com/magazine/2017/08/21/julian-assange-a-man-without-a-country

Deckard CainJuly 28, 2018 11:22 AM

@Alej

"There was recent discussion here about why I gave up my old friend CCleaner."

Yes, you said it was connecting to a bunch of strange IP addresses, then you didn't provide any and it turned out that no, it wasn't re-hacked since the initial event 1 year ago. But because it now had an auto-update feature (which is easily turned off in settings) you decided it was unsafe.

Deckard CainJuly 28, 2018 11:30 AM

@RG

"In a remarkable game of poker, the USA is outfoxing China"

It's remarkable just how incorrect your conclusion is.

I guess it depends if you're talking about the US farmers and manufacturers, distributors and speculators whose good are piling up in warehouses, whose sales have been cut in half while their costs have risen well over the 25% additional arbitrary tax scheme.

Or if you meant taking $12 BILLION in treasure and just throwing it over a few of those larger wounds that were self-created, albeit "picking winners and losers" as was accused just a few years back, if you recall. Genius that.

AlejandroJuly 28, 2018 12:50 PM

@Deckard Cain

Hmmmm...seems we've been over this ground previously.

A recent version of CCleaner I used was connecting to at least 2 ip addresses nominally in the USA (according to Whois), however I found the trace routes went to Europe, in particular London, Sweden and Czechoslovakia and points in between, then back to the USA. I won't load it anymore because I have made my own decision not to use it. That would violate my own personal security ops.

I understand the original hack was fixed. I never said it was still hacked. As far as I know the original hack is fixed. I have no problem with that. Only you do. It is your erroneous obsession alone.

There is a great deal of documentation that the original exploit has been cleaned up.

In turn, I am thinking the current intermittent and constant connections to the internet are intentional features of the program possibly to make ensure the app is updated, for marketing purposes and to keep users safe. The question in my mind, left unanswered, is safe from who and what?

Oddly, unchecking the update box did not completely shut down the unwanted connections. Indeed to completely uninstall CCleaner and stop the connections I had to use their own proprietary cleanup program and do some manual cleaning too. It didn't want to die.

Try it yourself. If you are so sure about it, post your own data.

I could care less. I am done with it. Seriously,

The End.

Deckard CainJuly 28, 2018 1:11 PM

@Alejandro

It would be a decent medium-sized story if what you say is correct.

It's difficult to just accept what you're saying is true without anything tangible to go on.
Can you not post the IP's so we can at least know what you're referring to?

PlutoJuly 28, 2018 1:16 PM

While admiring the spirit and necessity of some action this may be an outsized overreach:

https://www.reuters.com/article/us-facebook-privacy-britain/tech-firms-should-be-made-liable-for-fake-news-on-sites-uk-lawmakers-idUSKBN1KI053

Tech firms like Facebook (FB.O) should be made liable for “harmful and misleading” material on their websites and pay a levy so they can be regulated, British lawmakers said, warning of a crisis in democracy due to misuse of personal data.

bttbJuly 28, 2018 1:31 PM

long post warning

Regarding topics related to interference with USA elections, like: voter suppression, insecure voting machines, foreign meddling, let's not overlook a major actor, according to Noam Chomsky, Israel. Chomsky on multiple topics: https://www.democracynow.org/2018/7/27/noam_chomsky_on_mass_media_obsession :

"[...] AMY GOODMAN: Well, Barbara L’Italien [running for congress in Massachusetts] said a lot there, but she was then cut off, with the shock of the Fox & Friends crew in the morning that they had the wrong Democratic congressional candidate. But this kind of media activism also just goes to the whole issue of the media, Noam Chomsky, the issue of Fox News becoming really state media, with—you have the person who supported the sexual harasser Roger Ailes, Bill Shine, now a top aide to President Trump in the White House. That’s gotten little attention. So you have Fox being a mouthpiece for Trump and a place for him to hear what people have to say, and the other networks very much running counter to Trump, on certain issues, CNN and MSNBC. But your thoughts?

NOAM CHOMSKY: Well, my frank opinion is that—I must say I don’t pay much attention to television, so I don’t know a great deal about it. But, in general, I think the media—first of all, Fox News is, by now, basically a joke. It’s, as you said, state media. The other media, I think, are focusing on issues which are pretty marginal. There are much more serious issues that are being put to the side. So, the worst of—even on the case of immigration, once again, I think the real question is dealing with the roots of immigration, our responsibility for it, and what we can do to overcome that. And that’s almost never discussed. But I think that’s the crucial issue. And I think we find the same across the board.

So, of all Trump’s policies, the one that is the most dangerous and destructive, in fact poses an existential threat, is his policies on climate change, on global warming. That’s really destructive. And we’re facing an imminent threat, not far removed, of enormous damage. The effects are already visible but nothing like what’s going to come. A sea level rise of a couple of feet will be massively destructive. It will make today’s immigration issues look like trivialities. And it’s not that the administration is unaware of this. So, Donald Trump, for example, is perfectly aware of the dangerous effects, in the short term, of global warming. So, for example, recently he applied to the government of Ireland for permission to build a wall to protect his golf course in Ireland from rising sea levels. And Rex Tillerson, who was supposed to be the adult in the room before he was thrown out, as CEO of ExxonMobil, was devoting enormous resources to climate change denial, although he had, sitting on his desk, the reports of ExxonMobil scientists, who, since the '70s, in fact, were on the forefront of warning of the dire effects of this accelerating phenomenon. I don't know what word in the language—I can’t find one—that applies to people of that kind, who are willing to sacrifice the literal—the existence of organized human life, not in the distant future, so they can put a few more dollars in highly overstuffed pockets. The word “evil” doesn’t begin to approach it. These are the kinds of issues that should be under discussion. Instead, what’s being—there is a focus on what I believe are marginalia.

So, take, say, the huge issue of interference in our pristine elections. Did the Russians interfere in our elections? An issue of overwhelming concern in the media. I mean, in most of the world, that’s almost a joke. First of all, if you’re interested in foreign interference in our elections, whatever the Russians may have done barely counts or weighs in the balance as compared with what another state does, openly, brazenly and with enormous support. Israeli intervention in U.S. elections vastly overwhelms anything the Russians may have done, I mean, even to the point where the prime minister of Israel, Netanyahu, goes directly to Congress, without even informing the president, and speaks to Congress, with overwhelming applause, to try to undermine the president’s policies—what happened with Obama and Netanyahu in 2015. Did Putin come to give an address to the joint sessions of Congress trying to—calling on them to reverse U.S. policy, without even informing the president? And that’s just a tiny bit of this overwhelming influence. So if you happen to be interested in influence of—foreign influence on elections, there are places to look. But even that is a joke.

I mean, one of the most elementary principles of a functioning democracy is that elected representatives should be responsive to those who elected them. There’s nothing more elementary than that. But we know very well that that is simply not the case in the United States. There’s ample literature in mainstream academic political science simply comparing voters’ attitudes with the policies pursued by their representatives, and it shows that for a large majority of the population, they’re basically disenfranchised. Their own representatives pay no attention to their voices. They listen to the voices of the famous 1 percent—the rich and the powerful, the corporate sector. The elections—Tom Ferguson’s stellar work has demonstrated, very conclusively, that for a long period, way back, U.S. elections have been pretty much bought. You can predict the outcome of a presidential or congressional election with remarkable precision by simply looking at campaign spending. That’s only one part of it. Lobbyists practically write legislation in congressional offices. In massive ways, the concentrated private capital, corporate sector, super wealth, intervene in our elections, massively, overwhelmingly, to the extent that the most elementary principles of democracy are undermined. Now, of course, all that is technically legal, but that tells you something about the way the society functions. So, if you’re concerned with our elections and how they operate and how they relate to what would happen in a democratic society, taking a look at Russian hacking is absolutely the wrong place to look. Well, you see occasionally some attention to these matters in the media, but very minor as compared with the extremely marginal question of Russian hacking.

And I think we find this on issue after issue, also on issues on which what Trump says, for whatever reason, is not unreasonable. So, he’s perfectly right when he says we should have better relations with Russia. Being dragged through the mud for that is outlandish, makes—Russia shouldn’t refuse to deal with the United States because the U.S. carried out the worst crime of the century in the invasion of Iraq, much worse than anything Russia has done. But they shouldn’t refuse to deal with us for that reason, and we shouldn’t refuse to deal with them for whatever infractions they may have carried out, which certainly exist. This is just absurd. We have to move towards better—right at the Russian border, there are very extreme tensions, that could blow up anytime and lead to what would in fact be a terminal nuclear war, terminal for the species and life on Earth. We’re very close to that. Now, we could ask why. First of all, we should do things to ameliorate it. Secondly, we should ask why. Well, it’s because NATO expanded after the collapse of the Soviet Union, in violation of verbal promises to Mikhail Gorbachev, mostly under Clinton, partly under first Bush, then Clinton expanded right to the Russian border, expanded further under Obama. The U.S. has offered to bring Ukraine into NATO. That’s the kind of a heartland of Russian geostrategic concerns. So, yes, there’s tensions at the Russian border—and not, notice, at the Mexican border. Well, those are all issues that should be of primary concern. The fate of—the fate of organized human society, even of the survival of the species, depends on this. How much attention is given to these things as compared with, you know, whether Trump lied about something? I think those seem to me the fundamental criticisms of the media."

Other parts of Goodman's interview with Chomsky Thursday, broadcast yesterday:

"“Brutal and Sadistic”: Noam Chomsky on Family Separation & the U.S. Roots of Today’s Refugee Crisis"
https://www.democracynow.org/2018/7/27/brutal_and_sadistic_noam_chomsky_on

"Noam Chomsky on Alexandria Ocasio-Cortez’s “Spectacular” Victory & Growing Split in Democratic Party"
https://www.democracynow.org/2018/7/27/noam_chomsky_on_alexandria_ocasio_cortezs

"Chomsky Criticizes “Autocratic” Nicaraguan Government, Urges Ortega to Call for New Elections"
https://www.democracynow.org/2018/7/27/chomsky_criticizes_autocratic_nicaraguan_government_urges

MarkHJuly 28, 2018 2:09 PM

Chomsky has, beyond any reasonable dispute, an exceptionally brilliant mind.

Respect for truth? Not so much.

Chomsky is the High Priest of the Cult of the Great Satan. Like any good religionist, he uses "alternative facts" when the actual facts clash with his relentlessly held faith commitments.

In a favorite canard of Great Satanists, he reminds us that Russia's boys-will-be-boys naughtiness is "because NATO expanded after the collapse of the Soviet Union, in violation of verbal promises to Mikhail Gorbachev."

That is a Trump-style falsehood, easily disprovable. Gorbachev himself is on record that the promise concerning NATO was not broken. Among historians, this seems to be a settled matter.

"The U.S. has offered to bring Ukraine into NATO" ... well, maybe. But accession to NATO actually requires unanimous agreement of all present member states, so if anybody said such a thing, it was a lie.

Kremlin apologists love to excuse Russian aggression against its peaceful neighbors using the NATO bogeyman.

Just a few years before the Russian invasion, Ukraine's president asked NATO about joining. He was rebuffed.

If you want insight into the Cult of the Great Satan, read Chomsky (or numerous comments on this blog).

If you want to learn truth by reading Chomsky, you must fact-check claim by claim. Much of what he says is true, but he lacks the integrity to scrupulously adhere to fact.

gordoJuly 28, 2018 3:31 PM

@ MarkH,

Gorbachev himself is on record that the promise concerning NATO was not broken.

This is Gorbachev from the oft-cited, 2014 interview:

Mikhail Gorbachev: I am against all walls
OCT 16 2014 MAXIM KÓRSHUNOV RBTH

RBTH: One of the key issues that has arisen in connection with the events in Ukraine is NATO expansion into the East. Do you get the feeling that your Western partners lied to you when they were developing their future plans in Eastern Europe? Why didn’t you insist that the promises made to you – particularly U.S. Secretary of State James Baker’s promise that NATO would not expand into the East – be legally encoded? I will quote Baker: “NATO will not move one inch further east.”


M.G.: The topic of “NATO expansion” was not discussed at all, and it wasn’t brought up in those years. I say this with full responsibility. Not a singe Eastern European country raised the issue, not even after the Warsaw Pact ceased to exist in 1991. Western leaders didn’t bring it up, either. Another issue we brought up was discussed: making sure that NATO’s military structures would not advance and that additional armed forces from the alliance would not be deployed on the territory of the then-GDR after German reunification. Baker’s statement, mentioned in your question, was made in that context. Kohl and [German Vice Chancellor Hans-Dietrich] Genscher talked about it.

Everything that could have been and needed to be done to solidify that political obligation was done. And fulfilled. The agreement on a final settlement with Germany said that no new military structures would be created in the eastern part of the country; no additional troops would be deployed; no weapons of mass destruction would be placed there. It has been observed all these years. So don’t portray Gorbachev and the then-Soviet authorities as naïve people who were wrapped around the West’s finger. If there was naïveté, it was later, when the issue arose. Russia at first did not object.

The decision for the U.S. and its allies to expand NATO into the east was decisively made in 1993. I called this a big mistake from the very beginning. It was definitely a violation of the spirit of the statements and assurances made to us in 1990. With regards to Germany, they were legally enshrined and are being observed.

https://www.rbth.com/international/2014/10/16/mikhail_gorbachev_i_am_against_all_walls_40673.html

https://www.nytimes.com/1993/10/02/world/yeltsin-opposes-expansion-of-nato-in-eastern-europe.html

Maybe assurances aren't promises.

WeatherJuly 28, 2018 4:25 PM

@bttb,just some thought, the Northern hemisphere is having heat waves and the southern cold spells,
any heat that is released from the burning of coal dispeard after two days,
if CO2 blocks, reflects IR, then more will get reflected into space from the sun,
antecica is - 40 degrees, if it starts melting I think 60-70 degrees temperature will be more of a problem,

It is lack of oil, to raise money to keep society going, don't forget that point

justinacolmenaJuly 28, 2018 5:46 PM

@MarkH,gordo

NATO + TPP + NAFTA are heavy shackles for America. Is Trump forging even more manacles in Germany with another EU-US "trade" agreement to keep ordinary Americans enslaved to the New World Order in everlasting poenal servitude to the monied international elites?

65535July 28, 2018 6:51 PM

@ jdgalt and legal types

“Exactis (who provide "people data for a digital world") just published their entire DB to the internet”

I see the Troy Hunt post leads to a Wired post. This Exactis database seems to have a lot of information and probably lost it all.

[Wired]

“…security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server. The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses…from the sheer breadth of the Exactis leak, it may be even more remarkable for its depth: Each record contains entries that go far beyond contact information and public records to include more than 400 variables on a vast range of specific characteristics: whether the person smokes, their religion, whether they have dogs or cats, and interests as varied as scuba diving and plus-size apparel. WIRED independently analyzed a sample of the data Troia shared and confirmed its authenticity, though in some cases the information is outdated or inaccurate.”-Wired

https://www.wired.com/story/exactis-database-leak-340-million-records/

This seems to be both a data breach and a site that probably doesn’t allow people to correct their personal data. For all those privacy advocates and legal scholars would this breach be a violation of various federal and state law? For example would this be a breach of California privacy and data breach laws?

“Security breach notification laws”

“In general, most state laws follow the basic tenets of California's original law: Companies must immediately disclose a data breach to customers, usually in writing. California has since broadened its law to include compromised medical and health insurance information”-Wikipedia

https://en.wikipedia.org/wiki/Security_breach_notification_laws

[and]

"...California S.B. 1386 was a bill passed by the California legislature that amended civil codes 1798.29, 1798.82 and 1798.84, the California law regulating the privacy of personal information. The first of many U.S. and international security breach notification laws, it was introduced by California State Senator Peace on February 12, 2002, and became operative July 1, 2003… The bill mandates various mechanisms and procedures with respect to many aspects of this scenario, subject also to other defined provisions… An out-of-state corporation that has personal information relating to a California resident would fall under this statute...”-Wikipedia

https://en.wikipedia.org/wiki/California_S.B._1386

How about federal laws like HIPPA and PII laws and so on?

What about dual citizens of the USA and EU and their rights under GDPR?

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

This Exactis breach seems to be one of the larger data breaches to date. I would guess some laws were probably broken. Anybody care to guess at which laws were broken?

bttbJuly 28, 2018 6:55 PM

@MarkH, Humdee, gordo

MarkH wrote:
"If you want to learn truth by reading Chomsky, you must fact-check claim by claim. Much of what he says is true, but he lacks the integrity to scrupulously adhere to fact."

Interestingly enough I often listen to Chomsky for facts; facts not much in common to the facts discussed in the mainstream media (MSM). Regardless, while watching/listening to Chomsky on Friday I wondered 'did he have notes'?

Amy Goodman said, above at the first 'Democracy Now!' link, that Noam Chomsky will be on again next week at https://www.democracynow.org; I don't know what day(s).

"Tune in next week when we continue our conversation with Noam Chomsky about Gaza, Israel’s new nationality law, the recent Trump-Putin summit, Iran, North Kora, the war in Yemen and more. In December, Noam Chomsky will be celebrating his 90th birthday.
[and]
Noam Chomsky, world-renowned political dissident, author and linguist, now a laureate professor in the Department of Linguistics at the University of Arizona, Tucson. He taught for 50 years at the Massachusetts Institute of Technology in Cambridge, Massachusetts."

I agree that it is good to try to get at truth. For example, one can ask why do say that or question what is your basis for that assertion, etc.?

To learn more about getting towards truth, afaicr, I tried (good luck with that) to read "The Theory of Communicative Action, Volume 1: Reason and the Rationalization of Society" by Habermas.

https://en.wikipedia.org/wiki/The_Theory_of_Communicative_Action
https://www.amazon.com/Theory-Communicative-Action-Rationalization-Society/dp/0807015075
https://books.google.com/books/about/The_Theory_of_Communicative_Action.html?id=kuFhjNZuHTAC
http://www5.csudh.edu/dearhabermas/publsbm01.htm

I think Humdee linked to https://en.wikipedia.org/wiki/J%C3%BCrgen_Habermas recently.

Does anybody know about a book like "Habermas for Dummies"?

bttbJuly 28, 2018 7:07 PM

@Weather

In layman's terms, I think:

iirc Global Warming can increase weather variability

iirc combustion products like carbon dioxide, trap more heat inside the earth's atmosphere, thus leading to global warming.

iirc there is talk about possible mitigation of global warming. For example, by interventions in the upper atmosphere to possibly prevent some heat from reaching us lower down.

Regardless, there are the questions like: energy storage, timing or viability, cost, cost to whom, and so on, when shifting away from fossil fuels.

HmmJuly 28, 2018 8:16 PM

"there is talk about possible mitigation of global warming"

Talk. Ocean acidification mitigations have also been discussed, and mostly debunked.

Terraforming is more expensive than the mitigations we could take to avoid needing it.
Also it's complete theory with Earth's food web hanging in the balance.

If you apply the same cost/benefit calculations and don't weigh the long term ramifications of continuing to dump carbon and other worse insulants into the environment "like it doesn't matter" - as some staying rich on the idea seem to want you to believe, you will see quickly that the infrastructure we've put towards expanding and maintaining oil could be repurposed to massively dent the world's energy needs without killing the planet.

The economic giants have hedged bets to maximize their existing investments, and as a model of profit oil/gasoline is a much more privately profitable (and exploitable) endeavor than the "socialist" model of giving each person the means to make their own energy cleanly, after an initial hardware investment, indefinitely. Yes, there are bugs including storage and other infrastructure/econimic issues that will come of it. What's the alternative to those moderately painful changes? Again it's a cost/benefit analysis, and one where even infinite dollar bills of profit cannot reverse the damage once done.

justinacolmenaJuly 28, 2018 8:32 PM

@@ bttb, MarkH, Humdee, gordo, ...

Noam Chomsky was an expert computer scientist.

Probably not an expert politician: he simply doesn't have enough votes to qualify for that.

Nonetheless, his seemingly "extreme left-wing" political ideas, or however they are portrayed in the mainstream media, did not come about in a void. They are a symptom of a far larger problem: the severe persecution and harassment that nearly all computer scientists in the last century have faced.

Alan Turing? Talk about stealing a brilliant man's ideas and torturing him to death!

This dates back to the use of IBM's Hollerith punched-card tabulating machines to take the German census during the Holocaust. The universal gun registration and the categorization of Jews, homosexuals, mental defectives, and social undesirables? Directly in violation of the Biblical command not to number the people, especially in time of war.

MarkHJuly 28, 2018 9:13 PM

For the record, Chomsky isn't known as a computer scientist. The academic work that first made him famous, in linguistics, was fruitfully applied to the design of programming languages and their compilers.

But he was studying grammar abstractly; as far as I am aware, he didn't have automata in mind, and has not otherwise involved himself in CS.

Perhaps he is most distinguished for his contributions to philosophy.

Yes, his command and marshalling of facts is prodigious, and (to me at least) very impressive. Unfortunately, some of those facts become corrupted by his four-legs-good-two-legs-bad moralizing.

justinacolmenaJuly 28, 2018 9:50 PM

@MarkH

studying grammar abstractly ... contributions to philosophy

Theoretical computer science in a nutshell. You need to get your basic grammar right and be thinking clearly in order to program computers. This guy was not stupid.

four-legs-good-two-legs-bad moralizing.

For that which befalleth the sons of men befalleth beasts; even one thing befalleth them: as the one dieth, so dieth the other; yea, they have all one breath; so that a man hath no preeminence above a beast: for all is vanity. [Ecc 3:19]

Other people were not nice to him and he did not see them as behaving better than beasts. Solomon (who wrote Ecclesiastes) was very intelligent as well, and he was not not treated nicely by other people either.

Alyer Babtu July 28, 2018 10:40 PM

@Neil

”connected cars”

Just one of the latest examples of coding that does not relate to the actual “problem environment”. Nearly all IoT implementations fall into this category.

For an ode to the inglorious long past of such program design failures, and a way to address the fundamental issues, see the papers and books of Michael A. Jackson (not the singer)

http://mcs.open.ac.uk/mj665/

Clive RobinsonJuly 28, 2018 11:19 PM

@ Deckard Cain, RG,

It's remarkable just how incorrect your conclusion is.

Did you read the last line of @RG's original post?

    File under: American MSM Worthless

I would think there was a degree of sarcasm in the comment above, on reading that.

echoJuly 29, 2018 12:05 AM

The Housing and Finance Institute (HFI) has released a report suggesting how the UK housing system can be improved. On the surface this is a mundane "none security" issue except for one thing. How will people be able to gaurantee personal stability and a good life for their children and receive the full benefits of education if their housing situation is inadequate? How also will communities elevate themselves and reduce crime and drug abuse?

https://www.theguardian.com/society/2018/jul/29/housing-renting-mortgages-loans-home-ownership-first-time-buyers

echoJuly 29, 2018 12:22 AM

@bttb

I liked your comments on Chomsky. One thing I have discovered is a lot of large organisations and professional have a basic hatred of applied computer science. The reason is people often do not read their own policies or communciate well, nor pay attention to legal contraints and obligations. There is also a problem in the system with respect to equivalent systems and discrimination (which Clive indirectly touched on with his comments on "design patterns").

Pertty much every lawyer and doctor and administrator I have ever met isn't trained in systems thinking or the basic tools familiar to computer science. A lot also have no instititional memory which mean they cannot recall the detail of policies or law, the context, from before the last policy change (or 2-3 or more policy changes).

Manuals are rarely updated and in some cases never written or extremely badly written.

I am not wareof anyone in the UK with a media profile who has the depth of Noam Chomsky. Where is the next Bertrand Russell? This isn't encouraged. Shouldn't we be asking why?

This reminds me. I havea book case full of philosophy and computing books (plus a couple of other bookcases worth of other books) to donate, including classic works standard on current UK philosophy degrees and Bertrand Russell's History of Western Philosophy. The dust particles are already educated well enough by osmosis. I must get on the phone again.

Trust No. 1July 29, 2018 12:24 AM

Australia drafts laws forcing Facebook and Google to reveal encrypted data
[ slighly old - Jun 2018 ]
https://www.theguardian.com/technology/2018/jun/06/planned-laws-to-force-tech-firms-to-reveal-encrypted-data

At least mathematics (and Intel ME etc. - a.k.a current backdoors) need to obey the laws of Australia. So let's consider this passed by Christmas, because that's the time that keeps on giving!

(Meanwhilst, face-recognition continues in railway stations, CBD streets, bus terminals and shopping centres. Data retention on all network connections.)*

Although if you're using Facebook or Google, to some extent, well... you are getting what you PAID for.

Innocence is an endangered species. In fact, I'm surprised it's lasted this long.
Clear papers/network packets please, or you're in for some long-term SPECIAL ATTENTION(tm) a.k.a XKeyScore.

Why does it have to be this way?

On balance, I understand the need for law enforcement, period, even in the "cyber" era.
(Needs to clean oneself after saying "cyber")
I can easily be a rational being.

But Señor Jesus Tap-Dancing^ Christ, why can't proper non-secret warrants be issued?
Why does everything need to be shrouded in secrecy?
Where is the accountability?
I am happy to have a reasonable balance, but there is nothing reasonable about warrantless access a.k.a My Health Record, a.k.a Data Retention et. al.

Well... it's time I signed up to social media and to take photos of everything and submit to biometric interference. It's time to turn over my health data to the government.

It is only right. It's what 99% of the population are already happy to do.
I fear for the next 5 years, let alone the next 50.

---

* I currently have no evidence of the former, but given the 2013 disclosures, it is prudent to assume the very very worst. And anyway, who would ever be a leaker now, knowing all that is in place?

^ The Blues Brothers, Aykroyd and Belushi et. al., later gleefully appropriated by South Park.

Trust No. 1July 29, 2018 12:31 AM

Pardon the quick post but...

O, what a tangled web we weave When first we practise to deceive!
- Water Scott (not Shakespeare)

A nicely security-relevant squidly :)

tyrJuly 29, 2018 1:21 AM


@Echo

Nazi only applies to people who want
to impose the death penalty on those
who are war profiteers.

That narrows the term for usage by a
large margin.

Wesley ParishJuly 29, 2018 2:56 AM

Slashdot has some pointers:

A nod to people looking for something better than Intel's CISC

https://hardware.slashdot.org/story/18/07/28/2124225/nvidia-western-digital-turn-to-open-source-risc-v-processors

https://spectrum.ieee.org/semiconductors/devices/riscvs-opensource-architecture-shakes-up-chip-design.html

This technology lowers the cost of creating custom chips, which means more and more companies may elect to build their own. As for the existing players, I don’t think RISC-V represents a bigger threat to Intel than does the slow fade of Moore’s Law and former customers deciding to build their own dedicated silicon. And I don’t think Arm will necessarily lose licensing fees to RISC-V right away—but the technology could bring on a wave of competitive silicon that hurts incumbents in the long run.
One can hope that "incumbents != recumbents" - one can hope for the Moon.

Here's the regulators playing Russian Roulette with public trust

https://yro.slashdot.org/story/18/07/28/199216/one-year-after-data-breach-equifax-goes-unpunished

You know, I learnt a while back that deregulation in a market economy was supposed to mean that this sort of thing was exposed to vengeful stakeholders, who would not let it go unpunished. It looks as if it has not gone unrewarded.

https://boingboing.net/2018/07/25/doxing-the-nation.html

http://www.govtech.com/security/A-Year-After-Data-Breach-Atlanta-Based-Equifax-Unbowed.html

Anybody remember some mutterings about broken windows and property values? Something about maintained properties versus unmaintained properties? Security?

Equifax really do deserve to receive the Presidential Medal of Slavery.

echoJuly 29, 2018 4:16 AM

@tyr

When I said Nazi I meant Nazi. I think everyone knows what a Nazi is.

Clive RobinsonJuly 29, 2018 5:06 AM

@ Bruce and the usual suspects,

You might have heard of the new "London Protocol" from the Certificate Authority Security Council (CASC), if you had the misfortune to be standing in the wrong place at the wrong time...

Which supposadly "At its core" will according to Tony Perez, head of security products at GoDaddy

    [Is] designed to get back to the root of what EV and OV certificates were created for – providing online consumers better trust and assurance

Which coming as it does from GoDaddy and it's previous odd behaviour with private halves of PKIcerts does not inspire me in the slightest.

For those who might not have heard of the CASC, it's "an industry group" set up as a reaction, back in 2013 by a small number of CA's for the usuall reasons such groups are usually setup[1]

As Christian Simko, GlobalSign's vice president of marketing (for USEMEA) has said,

    While there is no arguing that the advent of the encrypted internet is a move in the positive direction, it has unfortunately created user confusion and fostered an increased threat of phishing attacks with more websites being ‘secured’ with anonymous DV certificates

Which some will recognise as "Marketing Speak" for "We dropped the ball big style, so we are going to talk about somebody else so you don't realise who you should realy blaim" and "Whilst we are at it we will use it as an excuse to push more of the same junk as new product at you"...

But the award for "No Sh1t Sherlock" surely goes to Chris Bailey, VP of strategy and business development for certificate services at Entrust Datacard, who said,

    Based on our research, we found that anonymity on the internet breeds nefarious activity

But was it realy the research of the CASC or it's members?

I actually doubt it, it's easy to find lots of academic research on this going back years with various CAs in "denial mode" over it.

Apparently it was reports about the "Let's Encrypt" issuing "PayPal" names from March 2017 that has made the problem so obvious that it can nolonger be denied nearly a year and a half later, but the CASC puff piece indicates that it will be March 2019 when the London Project will be final.

Well DarkReading has a piece that is easier reading than the CASC "puff piece"[2],

https://www.darkreading.com/endpoint/london-calling-with-new-strategies-to-stop-ransomware-/a/d-id/1332338

And it will tell you quite a bit more as well ;-)

That said the London Project is doomed to fail for a number of reasons as various academics can tell you.

Firstly the CA PKI model is hierarchical which means the greatest gains are in subverting the tops of the hierarchies. Worse their are hundreds of tops to attack.

Secondly the CA business is cut thoat, which as history showes "document checking" will be streamlined to lower costs, which increases the probability an attack will succeed.

Thirdly National Security interests will always over ride an individual CA's security policy. When combined with the difficulty of limiting the effects of hundreds of root certs, means the odds of success are in the favour of those attacking the system.

Fourthly business documents are not difficult to obtain, either legitimately, by theft or forgery.

Fithly, it's not exactly difficult to get hold of signing keys as Stuxnet showed some years ago. Whilst it should be harder "Business Process Optimisation" AKA "cost cutting" opened up all sorts of holes in the past, and almost certainly will do again.

But the most important thing that is missing and because of it will alow fraud etc to continue is that the CAs carry no liability and there is no "insurer of last resort" even if they did...

[1] https://www.digicert.com/blog/notice-of-withdrawal-from-the-ca-security-council/

[2] https://globenewswire.com/news-release/2018/06/27/1530380/0/en/CASC-Announces-Launch-of-London-Protocol-to-Improve-Identity-Assurance-and-Minimize-Phishing-on-Identity-Websites.html

Clive RobinsonJuly 29, 2018 5:26 AM

@ bttb,

From the quote,

    When did Russian intelligence give WikiLeaks the e-mails that it hacked from the Democratic National Committee and John Podesta, and how did it transmit them?... ...But our insight into the timing—at least from publicly available information—remains uncertain....

There is no "publicly available information" that can be verified it's still all in the realms of conjecture publicaly...

It's why originally people gave the "balance of probability" to "an inside job" over money issues within the DNC (Hillary stealing contributions pledged for Bernie).

Outside of the US many do regard the US MSM --especially the Murdoch part-- and it's fixation on Russia as at best odd. The question then arises as to what the "US MSM Agenda" actually is.

It's no secret that Murdoch considers himself via his media outlets to be a "King Maker/Breaker" and that politicians do pander to his wishes...

As for US Politics, it's again no secret to the rest of the world that the US citizens have no place in it, as those "1% of 1%" effectively buy the winner.

AndersJuly 29, 2018 5:28 AM

@Subleq

Any real computer running Linux yet?

But the answer is speed. Actually all the Intel processors starting
from Pentium Pro are RISC prcossors inside, the x86 instruction set
is only emulated around the RISC core.

ThothJuly 29, 2018 5:52 AM

@Clive Robinson

The success of Let's Encrypt project have made them jealous and also driven lots of people to take up free certificates via Let's Encrypt instead of paying for most commercial CA issued certificates. This causes a huge dip in the CA business and also less traffic to them and more traffic to Let's Encrypt.

Money is always the motivating factor and money have driven them to want to edit standards and redefine certificates in their own terms for their business.

Anyone believing that certificates are of any use in security other than for simple obfuscation of traffic would be naive and sadly most of them are because of the powerful commercial marketing that have successful created the image in peoole's mind that certificates are of much use in proper high assurance commsec.

MartinJuly 29, 2018 10:37 AM

@Deckard Cain
@Alejandro

Since CCleaner was acquired by Avast, CCleaner's past professional treatment of customers has been severely compromised. It is frustrating, but somewhat understandable, when a software company attempts to install "extra" software when a freeware version is installed.

But, it is unprofessional, unethical and a security concern when "extra" unwanted software is installed without the customers knowledge when a licensed (paid for) version of the software (CCleaner)in installed. Even more so, the the re-installation is being done to overcome a error in a new version of the software (CCLeaner). @Alenjandro's past messages clearly explains the problem.

Avast has driven CCleaner close to the edge of being crapware...paid for (licensed) crapware.

@Deckard Cain - CCleaner does NOT make it crystal clear the newer (Avast) versions of this software "phones home" with the frequency they do. Why, went, and were software "phones home" should be clearly stated not hidden of hard to identify. The only reference is a obscurely labeled check box in the back pages of the options page. It's clearly a marketing driven approach designed to take advantage of CCleaner's customer base. If they want customer usage information, they should be upfront in the request and data collection technique.

Enough on CCleaner. . . as it slips in to obscurity of mediocrity.

Deckard CainJuly 29, 2018 11:47 AM

@Martin

The auto-update is easily disabled in settings, it's not much obscured at all.
Separately it has a "system monitoring" feature that is also easily disabled and
basically runs in the taskbar/background. They do come enabled by default.

What you seem to be saying is it's doing "more phoning" than just the auto-update feature.
Can you confirm that's what you meant?

Because the next step is verifying that's true.

If it is, it should be very easy to verify these alleged packet findings.
I tried, I looked at two different versions with update disabled, nothing.

Asking for a little detail in this case shouldn't require any tooth extraction.
What version was Alejandro using would be a good starter question also.
Seeing how it has millions of users historically this could be an interesting story.

If true.

martinJuly 29, 2018 12:37 PM

@Deckard Cain

On by default is "enable active monitoring" in the monitoring menu. It would be in the customer's interest if this option was off by default and part of the set-up options notification screen.

On by default is "Help improve other apps by sending data to CCleaner" in the privacy menu. It should be off by default and be a clearly stated option.

No need to capture IP addresses to know the software is calling (phoning) home if the user doesn't take action. No in the customer's best security interest.

Installing Avest without customer explicit intent is horrible approach as this install affects, without customer's knowledge, the systems security systems.

There NO need for any secrecy, yet Avast approaches these install with secrecy. No need for end user to provide deep system examination results to note Avast's unprofessional treatment of their customers.

Rather than hassle me or @Alejandro for IP addresses, why don't you get Avast / CCleaner to certify there's no non-sense going on with their product...especially licenses (paid for) software. Has Avast claimed there's not "phoning home"...?

justina.colmenaJuly 29, 2018 1:05 PM

@@ Deckard Cain, martin, Alejandro ...

Re: "Avast / CCleaner ... (paid for)"

It's a dude problem. Don't surf all that pay-per-view or pay-for-download shit or whatever it is is and you won't have half the trouble with all the viruses, trojans, worms, adware, malware, spyware, and keyloggers.

Basically, if you know it's garbage, and you're choosing to run it on your computer anyway, there's not much anyone can do to save you from that.

GIGO = "Garbage in, garbage out," if you need an acronym.

65535July 29, 2018 1:24 PM

@ gordo

I hear you.

I will bring this huge problem over to the Squid thread.

[cont. from the New Report on Police Digital Forensics Techniques]

https://www.schneier.com/blog/archives/2018/07/new_report_on_p.html#c6779035

Snip:

Gordo

@ 65535,

'And, yes the NSA is entrenched so deeply in the IC area it will take a whole lot of nipping to reduce their control(s).'-65535

"Not to mention an organization seemingly at cross-purposes[1], the problem also seems to be NSA's "non-compliance with applicable requirements"[2], indicating a lack of control(s) on their part.
[1]
https://www.schneier.com/blog/archives/2016/02/nsa_reorganizin.html

[2] https://www.oversight.gov/sites/default/files/oig-sa-reports/OIG%20UNCLASS%20SAR%20OCT-MAR%202018.pdf#page=4 " -gordo

See:
https://www.schneier.com/blog/archives/2018/07/new_report_on_p.html#c6779035

@ gordo

Things are not good at the NSA. Something has to be changed.

The cross-purposes is a real problem because the “collect it all” mentality will be foisted on both sides of the NSA. The noncompliance problem should be immediately corrected and hard sanctions add [fines and jail time] to make compliance transparent.

The problem with the NSA is their old foe the Russians or the Bear is shrinking and new foes that are more nimble and are mostly in the criminal and some cross criminal-national actors have emerged.

The real problem is the NSA is experiencing a depression is Nation State attracts which could lead to a nuclear war. This to build customers the NSA are selling military grade intelligence and actual devices to law enforcement. This happens from the NSA to FBI down to local police. This is a dangerous and harmful trend. This race to the bottom eventually leads to criminals getting Military Grade spy equipment and tactics.

My suggestion is to shrink the NSA/CIA/FBI budget by a third. Then start breaking down the useful and harmful components and reorganizing the old structure [toss out the harmful chunks]. Bruce S. has talk a bit about it.

Bruce S. has recommended splitting the NSA up:

“…I recommended separating the attack and defense missions of the NSA even further, breaking up the agency.”-Bruce S.

See NSA Reorganization
https://www.schneier.com/blog/archives/2016/02/nsa_reorganizin.html
and Breaking Up the NSA
https://www.schneier.com/blog/archives/2014/02/breaking_up_the.html

Again, the NSA needs shrinking and shedding of non-useful departments. Currently, I believe they are TOO powerful for Congress or the President to control. The NSA probably has all law makers surveilled and intimidated. To regain control will mean far less budget money to the NSA and a few heads going on the chopping block. The same goes for the FBI/CIA.

If any posters have better suggestions please speak up.

Clive RobinsonJuly 29, 2018 1:52 PM

@ weather,

It is lack of oil, to raise money to keep society going, don't forget that point

When it comes to CO2 produced there is little difference between the combustion of coal and oil. The level of CO2 is proportional to the carbon content of the fuel. The difference is down to how easy it is to break the chemical bonds holding the carbon in the fuel.

However when you burn a hydro-carbon the energy output comes from the oxidization of both carbon to produce CO2 and hydrogen to produce H2O. The level of energy made available is the sum of the excess energy of both these processes. Which is why a gas fuel like CH4 produces more energy for the same CO2 output as C2H6.

Coal being mainly carbon thus produces more CO2 for a given thermal output, but it is not as great a multiple as you might think. There are various figures available such as, anthracite(228.6) to methane(117.0) giving a 1.95 to one ratio range for hydro-carbon combustion.

What makes a much bigger difference is all the processes surounding the extraction of the energy in a usefull form. That is the energy input hence CO2 output of the construction of the plant, transport infrastructure, transporting the fuel from source to combustion point and the extraction from the ground.

When you do a CO2 costing in it's entirety along the supply chain to combustion and the supply chain to consumption odd things appear such as the CO2 footprint per KW of electricity would be less if generated as localy as possible to the point of consumption from methane using medium sized plant. However for coal the CO2 is minimized by very large generation as close to the coal source as possible.

Oil however tends to be the worst of both worlds for a number of reasons sweet or light crude is favoured for many reasons and it is this that is generally in short supply in places like China. In part because the largest known reserves in the southern hemisphere are either not easily accessable or protected by treaty.

The simple fact is fossil fuels are a scarce commodity and we are burning through them with moronic greed. The worst offenders life style wise are those who live in the US at around ten times the world average economic level five times worse than Europeans. Is it suprising that the rest of the world wants the same life style as that of the US? Well the world can not support it so something has to give, the questions are, What? When? How? And does how involve warfare as historicaly it usually does?

Oh and do not think Science will get us out of this. The trend for the last century and a half is that the cost of each new scientific discovery rises to a power law. And the returns on each new discovery is diminishing. In part this is due to the focus of research with "Big Physics" and "Medical" being the largest consumers of resources. The former has little real world pay off the latter, well whilst we can increase our life spans the curve on the graph suggest 140-160 is the best we are going to do with what we currently have and the majority of that extra time will not be to our liking.

PeaceHeadJuly 29, 2018 2:01 PM

For what it's worth, which might be more than it seems,

I've been noticing what looks like strategic markings upon the infrastructural artifacts of a local urban community. There are what to me appear to be military-grade grafitti and loose jargon codelike stickers and other pseudoaesthetic markings upon the electricalI', and gas urban fixtures.

Sometimes it's on water suppy fixtures too, and a lot of it is upon bridges.

In my opinion, these aspects of the grid are being marked for targeting. I think it's like some group has their finger on the pulse (or jugular vein) of a local community that is otherwise conveniently forgotten. (But not really).

I've been a guest, resident, protector, and victim long enough to recognize the markings somewhat.
They have not always been this abundant, and usually they weren't upon power transformers.

First it was bridges, then streetlights, then water supply components, then maybe more bridges, and lately natural gas supply components and a heckuva lot more electrical components.

I read the PDF about if the grid were to fail. I think some folks are preparing for that and/or seeing who is prudent or not.

I'm not going to say a whole lot on here. But it needs to be said at least once by me.
Others know a little bit, but I see a lot of it.

There's a conversation happening right upon our critical structures.

Of course, a sticker or grafitti could be a crosshair target marking laid in person to be aimed at from long distances using pattern recognition.

I'll be leaving town, because this town has kicked my arse way too many times (although I've been protected too). I will try to prevent a calamity if I can, but I won't be here in a few months.

I am not naming this town because it's probably one of several targets or experimental playgrounds, and I've had it with the serreptitious and explicit attacks against my body and my brain.

Peaceful coexistence is the unalienable entitlement of all sentient beings.
May peacefulness prevail within all realms of existence, past, present, and future.

Stop the blackhole experiments.
Save the bees, save the foodsupply, save lives.
Stop eating squid.
Stop genetic chimera exploitation.

etc. etc.

echoJuly 29, 2018 2:53 PM

The IEA is trying to extract money from US big busienss by being sympathetic to "free trade" by advocating the importing chlorinated chicken among other things. Unfortunately for the IEA and US big business the UK legal system (and most of mainland Europe) is based on the "prevention of harm" versus the American system of "risk assessment". This will mean that any agreements or assurances given, or working documents, and so forth will very definately be legally challengable. Does anyoen remember the McLible case? Who in their right mind would queue up for this reputational damage?

There are legal arguments, mostly on a case by case basis, for an adjustment in UK legal doctrine to accomodate "risk assessment" especially within the medical field and where dogma or discrimiantion stands in the way of patient care, but generally there is no talk of a change to the "prevention of harm" doctrine which translates to "do no harm", clinical negligience and egotists aside. I also expect a UK government will not like a repeat run of legal cases covering such scandals as asbestos poisoning or contaminated blood for Leukemia patients. Food labelling and comsumer law and even a residual memory of British safety standard (before EU standard stook over) are fairly strong and would have traditional right wing voters kicking up a stink if this was watered down.

https://www.theguardian.com/politics/2018/jul/29/rightwing-thinktank-ministerial-access-potential-us-donors-insitute-of-economic-affairs-brexit

He also suggested the report might propose allowing the UK sale of chlorine-washed chicken from the US as long as it is labelled.

A spokesman for Gove confirmed Ridley had suggested the report to him.

But he added: “There will be no chlorinated chicken entering the UK and we will retain the precautionary principle [used to prohibit GM farming in the EU]. That position won’t change whatever any thinktank recommends.”

The IEA said Littlewood’s remarks about the report’s most likely conclusions did not mean it would be written to suit the donor’s interests.

“We think it is likely that [Ridley] will follow the evidence, which in our view leads to the conclusion that freedom of choice is best for consumers.”

PeaceHeadJuly 29, 2018 3:20 PM

Lest we forget, this is still a pertinent issue...

The URL of the video "moved", so here's the nice concise one again.:

Ignore the title, that's not the point.
The main content is about how the American People were Deceived by Americans Again...

https://www.youtube.com/watch?v=kR-WCDa4NSc

7 minutes and 7 seconds duration

There are plenty of others for those capable of keyword searches on the internet.

Peaceful coexistence is the unalienable entitlement of all sentient beings.

2ba2zJuly 29, 2018 3:44 PM

Regarding caffeine and to be alert (2b alert), from the WSJ

"What’s Your Ideal Caffeine Fix? An Algorithm Can Tell You
A mathematical model the Army developed to calculate the ideal dose of caffeine to keep soldiers alert could soon benefit drowsy civilians
By Jo Craven McGinty
July 20, 2018 7:02 a.m. ET

If you need to wake up, caffeine can help. But for the optimal jolt, how much and when?

The U.S. Army and the Department of Defense have developed an algorithm to answer that question."
https://www.wsj.com/articles/whats-your-ideal-caffeine-fix-an-algorithm-can-tell-you-1532084522
#
"RESULTS: The 2B-Alert Web tool allows users to obtain predictions for mean response time, mean reciprocal response time, and number of lapses. The graphing tool allows for simultaneous display of up to seven different sleep/wake andhttps://www.medscape.com/medline/abstract/27634801 caffeine schedules. The schedules and corresponding predicted outputs can be saved as a Microsoft Excel file; the corresponding plots can be saved as an image file. The schedules and predictions are erased when the user logs off, thereby maintaining privacy and confidentiality.

CONCLUSIONS: The publicly accessible 2B-Alert Web tool is available for operators, schedulers, and neurobehavioral scientists as well as the general public to determine the impact of any given sleep/wake schedule, caffeine consumption, and time of day on performance of a group of individuals. This evidence-based tool can be used as a decision aid to design effective work schedules, guide the design of future sleep restriction and caffeine studies, and increase public awareness of the effects of sleep amounts, time of day, and caffeine on alertness"
https://www.medscape.com/medline/abstract/27634801
#
"This software tool predicts alertness of an "average" individual as a function of sleep/wake schedule and caffeine consumption. Specifically, this tool allows users to manually enter a sleep/wake schedule and caffeine dosing and timing, and displays the corresponding predictions for three different psychomotor vigilance task alertness statistics."
https://2b-alert-web.bhsai.org/2b-alert-web/login.xhtml
#
http://fortune.com/2018/06/05/army-researcher-algorithm-optimize-caffeine-dosage/

echoJuly 29, 2018 4:15 PM

I was in boots shopping for makeup today and swung around the corner of an isle like James Hunt (swoon) and a young black man who nearly walked into me said nearly jumped out of his skin and said "Sorry!" That was nice of him. Apart from going out again for some tinned food and forgetting my money hence a second trip (dufus) this was as exciting as my day got unless you count OMG THE INTERNET.

Internet safety and the dangers of digital piracy
https://www.internetmatters.org/advice/internet-safety-and-the-dangers-of-digital-piracy/

https://torrentfreak.com/no-pirate-sites-are-not-the-1-online-source-for-malware-180728/
This week UK non-profit Internet Matters published a new guide designed to protect children from the apparent perils of using pirate sites. Like several before it, the report claims that pirate sites are the most common source of malware infection on the Internet and that streaming pirated media puts devices at risk. TF called in security experts - they do not agree.

https://www.mumsnet.com/internet-safety

Clive RobinsonJuly 29, 2018 4:17 PM

@ echo,

The IEA is trying to extract money from US big busienss by being sympathetic to "free trade" by advocating the importing chlorinated chicken among other things.

The Institute of Economic Reform is not about economics fact based or not, but political ideology, oh and a cozy lifestyle for those in it's circle.

With regards the chlorine washed chicken carcasses they are the least of the nasties that have eminated from US "science enhanced" industry and it's questionable treatment of animals. A simple look at standard US pig farming techniques would put most right of their bacon sandwich as would knowing about how the flesh is prepared in known causers of cancer on the excuse it might stop botulism (for which no evidence has ever been presented). Likewise the supposed flavourings of chemically made liquid smoke or worse.

But then there is the cattle and growth hormones along with antibiotics that cause excessive weight gain in young cattle.

Whilst the issues with excecive use of antibiotics are begining to be understood what is still kept quiet is the effects of growth hormone as it works through the food chain.

Look up "Precocious puberty" and it's connection to both natural and synthetic growth hormone. Then have a search around for what happened with it's incorrect use in chickens in Mexico with girls as young as five exhibiting the early stages of puberty.

There are strict rules about when growth hormone can and can not be used in the food chain. However there is considerable extra profit to be made by "pushing the envelope" in the darker corners of factory farming.

The fact that just a few years ago the UK had the "Neddyburger" scandle with horse meat getting into processed food in Eastern Europe is a strong indicator that the same could happen again. If it was with growth hormone cattle the results would be very undesirable to say the least.

It is just one of the reasons the UK does not go with "risk evaluation" on food and medicines, likewise paints and dyes in toys furniture and cloths.

But then I guess the people of Flint can tell you what is good or bad about "risk evaluation" and their water supply...

There was a reason that there was an outcry over the US trade negotiations under the Obama Administration. In part it was the despute resolution process that favoured lowest common denominator worst of mega-corp behaviour over the wishes of citizens. But as well in part the secrecy enforced on every countries negotiators, such that they could not talk to their own politicians, whilst US Corps had ring side seats pushing the US negotiators...

Those in Europe who have looked even a small way into US Politics know that the US Political system is not democratic, heck it's not even a valid form of representational democracy, it's bought and payed for by the 1% of the 1% who's only real interest is making the US a "rent seekers paradise" and surfdom for US citizens with the rest of the world turned into a worse living hell...

Clive RobinsonJuly 29, 2018 4:46 PM

Opps,

In my above the IEA is called the Insitute of Economic Affairs, not "reform" as I typoed.

Oh and if you google the IEA you will find connections with the Koch Brothers well known in the US for their funding of extream right wing political organisations. Along with the lunitic fringe of right wing Brexit such as Jacob Rees-Mogg,

https://iea.org.uk/films/free-markets-lead-to-a-better-society-socialism-leads-to-north-korea/

Who acts as a "useful idiot" for a number of questionable right wing entities.

echoJuly 29, 2018 5:35 PM

Blink and you would miss it but it is alleged McDonalds management on a nod and a wink diddled Canadian customers out of the chance of a win.

https://www.thedailybeast.com/how-an-ex-cop-rigged-mcdonalds-monopoly-game-and-stole-millions
How an Ex-Cop Rigged McDonald’s Monopoly Game and Stole Millions.
Jerome Jacobson and his network of mobsters, psychics, strip club owners, and drug traffickers won almost every prize for 12 years, until the FBI launched Operation ‘Final Answer.’

@Clive

TTIP was against the EU principles and insofar as UK law was concerned against the constititional principles established by the inter-kingdom courts which parliament evolved from. From the information which leaked TTIP was very one sided. I cannot imagine what the EU Commission was thinking of but the EU parliament had the last say.

They say "Jacob Rees-Mogg is a stupid persons idea of what a clever person is". I have no idea but understand he is deeply financially exposed to Russian oil.

I had one of those annoying autoplay popup videos on one site with Steve "two shirts" Bannon trying to amp up crisis and handwavign about something or other. He looks one burger away from a heart attack. Maybe he should take up knitting?

https://www.sciencealert.com/modern-life-is-brutal-here-s-why-craft-is-so-good-for-our-health
At a time when many of us feel overwhelmed by the 24/7 demands of the digital world, craft practices, alongside other activities such as colouring books for grown-ups and the up-surge of interest in cooking from scratch and productive home gardens, are being looked to as something of an antidote to the stresses and pressures of modern living.

Bitch Media is also doing a rewarm of an article on the masculine society.

https://www.bitchmedia.org/article/a-conversation-about-masculinity-and-violence
Male CallA Conversation About Masculinity and Violence with Byron Hurt and Jackson Katz

echoJuly 29, 2018 5:54 PM

This is all very odd.

The Pentagon is warning the military and its contractors not to use software it deems to have Russian and Chinese connections, according to the U.S. Defense Department’s acquisition chief.
https://thenextweb.com/insider/2017/05/25/russia-showcases-first-computers-based-indigenous-elbrus-8s-processor/

https://thenextweb.com/insider/2017/05/25/russia-showcases-first-computers-based-indigenous-elbrus-8s-processor/
In recent years, Russia has attempted to wean itself off US-made technology with its own domestic offerings. The justification for this is part economic, but also from a national security perspective.

justinacolmenaJuly 29, 2018 7:09 PM

This is all very odd.

The Pentagon is warning the military and its contractors not to use software it deems to have Russian and Chinese connections

  1. It's all running on silicon chips made in China.
  2. Either your system is infected adware, malware, spyware, worms, trojans, viruses, and keyloggers, or you are running that Russian anti-virus software.

They're talking out of both sides of their mouth, because this makes no sense at all.

65535July 29, 2018 8:06 PM

@ Martin, Deckard Cain, Alejandro and Clive R and others

Re: CCleaner

[compound post – read what to wish]

“Since CCleaner was acquired by Avast, CCleaner's past professional treatment of customers has been severely compromised… when a software company attempts to install "extra" software when a freeware version is installed… Avast has driven CCleaner close to the edge of being crapware…” -Martin

I have to agree. I had a client who installed the new and supposedly “fixed” CCleaner on his box only to find the above noted problems. I had to uninstalled and do some registry cleaning manually. There are better options.

@ Alejandro

“…one route for Windows users that might be helpful is to create your own utility using the built-in OS app: 1. Rt Click anywhere on desktop. Select: New/Shortcut. 2. Browse to, or enter: C:\Windows\System32\cleanmgr.exe 3. Next 4. Enter a name like WinCleaner 5. Click Finish. Try it out... “The first time I used it, the cleaner found 3.5G, yes gigabytes, of old Windows update files that could be deleted. Good!”- Alejandro

Neat trick. But as you mention it does connect to some odd IPs.

“A recent version of CCleaner I used was connecting to at least 2 ip addresses nominally in the USA (according to Whois), however I found the trace routes went to Europe, in particular London, Sweden and Czechoslovakia and points in between, then back to the USA. I won't load it anymore because I have made my own decision not to use it. That would violate my own personal security ops. I understand the original hack was fixed. I never said it was still hacked. As far as I know the original hack is fixed.”- Alejandro

I believe that was the main objection of my client after installing a newer version of CCleaner.

It is well know that certain intelligence agencies “route the packet” around the world to avoided certain laws in the USA while having their buddies do the collection of data. I don’t like that at all.

I will say that some “routing around the world” is caused mostly by the NSA and lessor amounts by IP squatters and other actors [the NSA does this routing to avoid legal problems. See above]. I don’t like that ether. I am with you on the opsec issue and would prefer not to have may packets “routed around the world” if possible.

I have gotten most of my clients to switch to bleachbit. I still like Bleachbit version 1 although version 2 is probably better. As you say Bleachbit doesn’t clean certain parts of the registry on other areas well. But, it is very usable.

I would not post a tracert, tracerout, or PathPing, if I could help it on this high profile blog. You can be sure our friends at Fort Meade or their other hired help are watching. That would be less then best personal OPsec standards. I don’t blame Alejandro for not posting those IP hops.

For those who trust Avast and their CCleaner go ahead and use it on your boxes. You are free to choose and take risks. I have no problem with that.

@ Clive Robinson

“…heard of the new "London Protocol" from the Certificate Authority Security Council (CASC)… Which supposadly "At its core" will according to Tony Perez, head of security products at GoDaddy…”

Ah, GoDaddy, how wonderful. I don’t like it already.

“…Bitcanal, a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company’s bandwidth providers chose to sever ties with the company.…current WHOIS registration records for ip4transfer.net are mostly redacted by domain registrar GoDaddy, but the name Ebony Horizon appears as the current business name, and Mr. Silveira’s name is on the original domain registration records from 2016, according to historic WHOIS records…” –Krebs on Security

https://krebsonsecurity.com/2018/07/notorious-hijack-factory-shunned-from-web/

Thanks a lot GoDaddy /

Clive's post cont.

“Christian Simko, GlobalSign's vice president of marketing (for USEMEA) has said,
While there is no arguing that the advent of the encrypted internet is a move in the positive direction, it has unfortunately created user confusion and fostered an increased threat of phishing attacks with more websites being ‘secured’ with anonymous DV certificates

"Which some will recognise as "Marketing Speak" for "We dropped the ball big style, so we are going to talk about somebody else so you don't realise who you should realy blaim" and "Whilst we are at it we will use it as an excuse to push more of the same junk as new product at you… DarkReading has a piece that is easier reading than the CASC "puff piece"[2]”-Clive Robinson on CASC

https://www.schneier.com/blog/archives/2018/07/friday_squid_bl_635.html#c6779086
and
https://globenewswire.com/news-release/2018/06/27/1530380/0/en/CASC-Announces-Launch-of-London-Protocol-to-Improve-Identity-Assurance-and-Minimize-Phishing-on-Identity-Websites.html

Nicely put Clive R. I would not trust the head of GoDaddy to float ice cream in a root beer let alone criticize Let’s Encrypt [DV certificates are Lets Encrypt bread and butter].

I think we covered the dubious method of GoDaddy creating certificates including the possible of GoDaddy scamming the private keys.

[old post by 65535 on GoDaddy]

“…the NSA has said it has no problem breaking encryption and their Bullrun slide indicates that the “Turmoil” box has arrows pointing to two “CA Service Requiests” boxes and then eventually to “Longhaul attack Orchestration.” It looks like NSA accessing CA’s on the fly - but that is only a guess. …Godaddy who requires you to use their crs and their SSL certificates on their sites - they provide SSL certificates from start to finish. You don’t really know if your private is key “escrow-ed” or otherwise copied – it’s a one stop shopping arraignment.

[Godaddy]

“NOTE: If you want to install an SSL certificate on our shared hosting, Website Builder or Quick Shopping… you must purchase one of our SSL certificates. We do not install SSL certificates from other providers on our shared hosting accounts.”

http -://support.godaddy.com/help/article/542/what-are-ssl-certificates

"Requesting a Standard or Wildcard SSL Certificate"

"1. Log in to your Account Manager… [their web console]..."
"8] Click Request Certificate next to the certificate credit you want to activate…"
"12] Verify the accuracy certificate request, and then click Next."
“After you submit your request, we must verify your application… If you selected Web Hosting, Grid Hosting, Website Builder... or Dream Web Site when you requested your certificate, we automatically update the IP address for your website when your SSL is approved.” -Godaddy

http:-//support.godaddy.com/help/article/562/requesting-a-standard-or-wildcard-ssl-certificate

[See for full discussion of GoDaddy “all in one” from Nick P, Clive and others]

https://www.schneier.com/blog/archives/2014/08/friday_squid_bl_437.html#c6676277

[Clive R. on CASC and CA problems]:

“Firstly the CA PKI model is hierarchical which means the greatest gains are in subverting the tops of the hierarchies. Worse their are hundreds of tops to attack…Secondly the CA business is cut thoat… Thirdly National Security interests will always over ride an individual CA's security policy… Fourthly business documents are not difficult to obtain, either legitimately, by theft or forgery… Fithly, it's not exactly difficult to get hold of signing keys as Stuxnet showed some years ago.”-Clive R

I concur. If a CA is located in the Five-Eyes countries they probably are beholden to the NSA/GCHQ and so on. If CA were to rebuff a request from the NSA/GCHQ they would go to the grave like Lavabit.

Lets Encrypt probably has done more good than harm on balance.

Sure, Lets Encrypt is a young company that let many if not thousands of phishers and other low life get certificats, but lets remember Bruce S. was for Lets Encrypt and it issued 100 million certificates in 2017. Yes, some of those certificates when astray but most did there job of encrypting sites not financially able to pay for certificates.

[Wikipedia]

"Let's Encrypt is a certificate authority that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the hitherto complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.] It launched on April 12, 2016…The project aims to make encrypted connections to World Wide Web servers ubiquitous. By eliminating payment, web server configuration, validation email management and certificate renewal tasks, it is meant to significantly lower the complexity of setting up and maintaining TLS encryption.[7] On a Linux web server, execution of only two commands is sufficient to set up HTTPS encryption and acquire and install certificates… Let's Encrypt is a service provided by the Internet Security Research Group (ISRG), a public benefit organization. Major sponsors are the Electronic Frontier Foundation (EFF), the Mozilla Foundation, OVH, Akamai, and Cisco Systems. Other partners include the certificate authority IdenTrust, the University of Michigan (U-M), the Stanford Law School, the Linux Foundation[18] as well as Stephen Kent from Raytheon/BBN Technologies and Alex Polvi from CoreOS.”-Wikipedia

https://en.wikipedia.org/wiki/Let%27s_Encrypt

[Kreb’s warns of misuse of Lets Encrypt certificates]

“…phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate… At a higher level, another reason phishers are more broadly adopting HTTPS is because more sites in general are using encryption: According to Let’s Encrypt, 65% of web pages loaded by Firefox in November used HTTPS, compared to 45% at the end of 2016... phishers no longer need to cough up a nominal fee each time they wish to obtain a new SSL certificate. Indeed, Let’s Encrypt now gives them away for free…” –Krebs on Security

https://krebsonsecurity.com/2017/12/phishers-are-upping-their-game-so-should-you/

You have been warned by Krebs on security.

@ Thoth

"The success of Let's Encrypt project have made them jealous and also driven lots of people to take up free certificates via Let's Encrypt instead of paying for most commercial CA issued certificates. This causes a huge dip in the CA business
“I would say use Let’s Encrypt Certs for legal purposes and discourage the use of Lets Encrypt for phishing scam. On balance, Lets Encrypt, has help the internet become somewhat more secure.”-Thoth

That is a very fair and even handed statement. I am sure the major 'for pay' CAs have lost some business and have an axe to grind with Lets Encrypt. I say give Let’s Encrypt a change. That goes for those who don’t have the resources to pay for a Certificate and want some level of security.

Excuse all of the errors. I was in a hurry. There are broken links for safety.

Subleq July 29, 2018 8:25 PM

@Anders

Every reference I could find seemed to have OISC discouragingly slow. Has no one tried to make hardware that would be natural and fast to OISC ?

65535July 29, 2018 8:42 PM

@ echo

“This is all very odd…The Pentagon is warning the military and its contractors not to use software it deems to have Russian and Chinese connections…”

Is this a NSA ban or CIA band, Army ban, Air force and Coast Guard ban, full military ban, or extends down to Senate subcommittee members and House members?

Does this include software for iPhones, Android phones, iPads, laptops, antivirus products, messaging apps, social apps, for politicians and police? Update for software? How about code for github? What about USB sticks, HDs, mobos and chips? There is probably some Chinese software in those items. Where does it end?

Is this a lifetime full employment project for all NSA employees and their contractors? Mission creep? It is a fine time to start now after Cisco build the Great FireWall for China.

ThothJuly 29, 2018 10:04 PM

@65535

The impact of Let's Encrypt not just on the sales of certificates but also with other services especially with sales of secure hardware.

The recent slowing down of sales (in my opinion as an industry insider) by huge buyers (CAs are one of the best customers) would also be indicative of the money flow issue that give rise to decisions made by GoDaddy et. al.

As @Clive Robinson loves to point out to us to follow the money trail which will lead us straight to the root of most problems.

What the CAs need to do to counter the problem with slower sales of certificates is to innovate around the problem instead of trying to play with the DV/OV terms but as we know, the security industry is highly stagnant.

I was exhibiting my latest product I have created during the recent RSA Conference a couple days ago as an exhibitor and during the boring periods where there are some keynotes or track sessions, I would walk around and look at other exhibitors' booth and my comments for this year's exhibition would be that the creativity of the products can be improved further.

ThothJuly 29, 2018 10:05 PM

@65535

In fact, some innovation was available in the hardware security space but those were innovations and improvements that were long term due already and what me and the other regulars have long ago envisioned but only recently somehow ripened.

Deckard CainJuly 29, 2018 11:08 PM

@martin

TBH I have no idea what avast has 'claimed' but I agree with most of your points.

"On by default is "Help improve other apps by sending data to CCleaner" in the privacy menu. It should be off by default and be a clearly stated option."

I agree. It's not "obscured" per se but it could and should be more obvious. It is default on.

" Installing Avest without customer explicit intent is horrible approach "

I agree, but doesn't it at least give you an "uncheckable" default-checked box on that?
Is it truly a "hidden" installation? That would be fairly shady on Avast's part.

"No need for end user to provide deep system examination results"

That I disagree with. How do you think most of these things get caught? You need that info.
Most vendors aren't going to objectively analyze their own cross section accurately w/o major effort.

That's why when someone reports strange stuff even in a rando-forum it's important to follow up.
These things are discovered like that all the time IMEx.


echoJuly 30, 2018 12:58 AM

All systems leak information. All you haveto do is wait patiently and gather information from multiple sources and slowly pull the pieces together. Facts can only tell you so much. I have discovered attitude also plays a role as it can indicate which way an organisation or individual tilts.

As part of my ongoing complaint with the finance industry I have needed to unravel statutory obligations, and companies political and commercial interests. I have already discovered information from one statutory body and only this weekend further information from this statutory body which indicates that bad guidance and behind closed doors influence were not coming from them which may indicate other influences encouraging finance companies to be inadequate and discriminatory in their provision of international money transfer services. This leaves the question as to where the pressure is coming from. I need to dig up policies covering service provision and so far none of the finance companies involved have been very forthcoming. Further to a public announcement this week by a statutory regulator the issue has technically elevated from a domestic public policy issue to become a national security issue as well as a foreign policy issue.

I also have historical data from another case involving a very high profile company within a different sector who used the system and tax system to their advantage. I approached them too about their inadequacy and discrimination and met a wall of silence.

I am also aware of systemic defrauding of citizens by parts of the state sector which certainly do impact on quality of services and discrimination. A lot of the pressure is either undisclosed by ministers, or undisclosed by management. I have obtained evidence this is the case in two sectors including perjury by one department.

I'm trying to work out how HMRC will respond to this. They have a poacher/gamekeeper role.

I haven't yet contacted ICO.

I had the idea ages ago that a lot of arguing isn't over how much money is being spent but who gets it.

Colonel HakiJuly 30, 2018 2:13 AM

@Hmm

Nice article, emphasizing the use of reasoned detail rather than impressions.

Clive RobinsonJuly 30, 2018 2:21 AM

LWN has a note on the Graz University remote Spectre hack,

https://lwn.net/Articles/761100/

This attack on cache timing takes me back to the AES contest and the remote cache timing attack that appeared a couple of weeks after it, which most of the AES "go faster code" was compleatly vulnerable to...

Something NISTs competition advisors the NSA must have known about, if not fostered in various ways. Which begs the question of have they been exploiting Spectre in the background...

Whilst one bit of leakage every four minutes might not sound a lot, you have to remember that every bit of key leakage halves the brut force search space...

Maxwell's DaemonJuly 30, 2018 2:33 AM

@bttb - assuming you are talking about Julian Habermas, you can check "Habermas: The Key Concepts," 1st Ed. Routledge Press. Published 2006 methinks. It's in a stack here, along with Chomsky, to read after civilization collapses and it's just me, a stack of tablet computers loaded with books, and a couple of solar chargers.


Clive RobinsonJuly 30, 2018 2:40 AM

Does the Block Chain have the legs to carry it through the bubble burst?

It's a question more are asking as the Hype gets higher and higher. One such is,

http://approximatelycorrect.com/2018/06/22/the-blockchain-bubble-will-pop-what-next/

The opening is at the very least funny as it takes a pop at the pretentiousness of bubble industry pundits, pushers, fixers and con merchants...

And if you have had the misfortune to fly on the airline mentioned and it's "Squeeze yer bits vomit comets" you have my sympathies. My experience with them just makes me glad I am nolong alowed to fly (although I'd rather not have the medical cause).

MarkHJuly 30, 2018 3:06 AM

@Clive:

In principle, gaseous petroleum fuel has an extra advantage over coal and petroleum oil: not only does its combustion release a substantial proportion of heat from hydrogen atoms ... but also it can be burned far more efficiently for electric power generation.

As far as I am aware, typical large steam-loop power plants give up about 2/3 of their thermal energy.

However, the great majority of new gas plants use internal combustion in Brayton cycle (turbine) engines. Modern Brayton cycle engines seem to have the best thermal efficiency of any large practical powerplants; this is one reason why the inflation-adjusted cost of airline tickets has shown such a diminishing trend over the decades.

In electric power applications, the Brayton engines are often followed by traditional steam loops to extract further power from the turbine exhaust.

These combined cycle plants are claimed to achieve about double (!!!) the thermal efficiency of steam loop plants, which is an awful lot of carbon footprint leverage.

However, as you observe, atmospheric methane leakage might destroy most of that advantage ... and the more this leakage is studied, the worse it looks.

65535July 30, 2018 5:14 AM

@ Thoth

“What the CAs need to do to counter the problem with slower sales of certificates is to innovate around the problem instead of trying to play with the DV/OV terms but as we know, the security industry is highly stagnant. I was exhibiting my latest product I have created during the recent RSA Conference a couple days ago as an exhibitor and during the boring periods where there are some keynotes or track sessions, I would walk around and look at other exhibitors' booth and my comments for this year's exhibition would be that the creativity of the products can be improved further…some innovation was available in the hardware security space but those were innovations and improvements that were long term due already and what me and the other regulars have long ago envisioned but only recently somehow ripened.”

I think you are correct. The answer for slow cert sales is to innovate around the problem. You comments on hardware side are good. All and all, that is sage advice.

I will say that RSA products still are the main stay of the big well known players in the PKI business as you know. That RSA conference will be around for a long time and is important. It is encouraging to hear people in the business talking about Innovation. There is hope in that area.

65535July 30, 2018 5:38 AM

@echo

“All systems leak information. All you haveto do is wait patiently and gather information from multiple sources and slowly pull the pieces together. Facts can only tell you so much…As part of my ongoing complaint with the finance industry I have needed to unravel statutory obligations, and companies political and commercial interests. I have already discovered information from one statutory body and only this weekend further information from this statutory body which indicates that bad guidance and behind closed doors influence were not coming from them which may indicate other influences encouraging finance companies to be inadequate and discriminatory in their provision of international money transfer services. This leaves the question as to where the pressure is coming from… Further to a public announcement this week by a statutory regulator the issue has technically elevated from a domestic public policy issue to become a national security issue as well as a foreign policy issue… I also have historical data from another case involving a very high profile company within a different sector who used the system and tax system to their advantage. I approached them too about their inadequacy and discrimination and met a wall of silence. I am also aware of systemic defrauding of citizens by parts of the state sector which certainly do impact on quality of services and discrimination. A lot of the pressure is either undisclosed by ministers, or undisclosed by management. I have obtained evidence this is the case in two sectors including perjury by one department…I'm trying to work out how HMRC will respond to this. They have a poacher/gamekeeper role…I had the idea ages ago that a lot of arguing isn't over how much money is being spent but who gets it.”

That sounds like a large and noble project. I think your efforts will lead to good out comes if you keep at it. Don’t get rolled-over by HMRC and their stonewall tactics. Business, tax, and politics can be a rough and tumble venue.

echoJuly 30, 2018 6:30 AM

@65535

I'm just trying to fix a problem the hard way! HMRC and ministers do have angles I am aware of. I obviously don't have the whole picture. Most of what I mentioned is just preperation for complaints against international finance companies. I found their service deficient in inconvenient ways without supporting law to justify their decisions so am complaining.

Some NGOs havebeen deathly silent on the particular issue. I wonder how much one eye on the government grant keeps some of them quiet.

Clive RobinsonJuly 30, 2018 7:52 AM

@ MarkH,

As far as I am aware, typical large steam-loop power plants give up about 2/3 of their thermal energy.

Some supposedly get higher, but as a working rule of thumb you get 40-47% conversion to electricity at the high voltage output of the "switch field". You then get upto a 25% loss in the "national/state grid" and rather more when you look at loss per mile in urban environments...

Things are improving in that new designs are replacing High Voltage AC with DC thus reducing IR losses as the improvment in breakdown voltage alows upto 2.8times the peak voltage thus increasing the power for the same current. There are even plans to bring DC to virtually the point of consumption as the price of high efficiency switch mode power supply units are decreasing rapidly in price compared to "wound components" such as 60Hz transformers and correction chokes.

In short the distribution side is a rapidly moving beast, with home wind/solar playing better with new grid systems than the old. However the power companies are fighting a re-guard action in the usuall FUD and nest feathering "lobbying" of politicos, currebtly using nightmare scenarios as an excuse to force what is a tax on those who wish to use alternatives. Oh and with a more realistic engineering investigation those night mare senarious will be more likely to take the grid out at the regional level than the urban level so it's mainly nonsense by the power companies.

With regards,

However, the great majority of new gas plants use internal combustion in Brayton cycle (turbine) engines.

Yup it has advantages not least being cheaper to build plant for. However it runs at more extream conditions that cuts plant life in some cases to 1/5 of other systems.

As for heat step down systems late Victorian steam engines used a similar three step process. However in some places a fourth or even fith stage was added in the form of LP steam and hot water supply to industrial, business and domestic users was one of the ideas behind what is now known as "Combined heat and power" plants in local areas.

I know of someone who runs a "bio-mass" system that uses scrap wood from both wood and copicing operations. It does not just produce power but heat for green houses for hydroponic growing. The trick there is to directly use the CO2 rich exhaust to promote faster growth in the plants, thus faster higher yield growth with reduced CO2 output (which actually gives negative Carbon foot print figures based on the "zero footprint" of using fresh bio-mass).

It's when we look into how to use what would otherwise be "waste" that things get interesting in terms of getting not just more for our buck, but less environmental impact.

Oddly perhaps for some to get to grips with is the carbon foot print of their carnivours pets, and the methane and other green house output of their herbivore pets/stock...

It's a complex subject, and small tweeks can actually make large differences with little or no change to peoples daily lives.

But at the end of the day we are using resources we can not yet replace, and it is that which will have the greatest impact on everyday lifestyles. Research in that area should get some level of importance, but it almost always ends up "beging for crumbs"...

Which brings us back via a slightly different route to your final point,

However, as you observe, atmospheric methane leakage might destroy most of that advantage ... and the more this leakage is studied, the worse it looks.

It's easy to see other examples where "research" has been deliberatly falsified then reinforced as a "mantra" builds up personality cults. The history of "sugar" from before WWII to today for example shows the danger of such things.

Bob PaddockJuly 30, 2018 11:44 AM

@echo

"The IEA is trying to extract money from US big business by being sympathetic to "free trade" by advocating the importing chlorinated chicken among other things..."

There are far worse things such as Fluoroquinolone antibiotics in imported chicken. A practice that has been banded in the US for a while.

J&J/Janssen Pharmaceuticals has recently stopped the production of Levaquin because of the raising number of warnings about it coming from the FDA.

https://floxiehope.com/2018/07/30/levaquin-production-stopped-by-jj-janssen-pharmaceuticals/

"Fluoroquinolone Antibiotics: FDA Requires Labeling Changes Due to Low Blood Sugar Levels and Mental Health Side Effects"

https://www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm612979.htm

added to all the previous warnings.

echoJuly 30, 2018 12:11 PM

At least somebody put a halt on CRISPR modified crops before thigns got out of hand! My personal opinion is extremely biased against GMO and similar new techniques which claim to be an equivalent of historical selective breeding when I'm not complely sure they are. The science as far as I'm aware is a stack of unknown unknowns and I'm not going near this stuff even with your or anyone else's gullet.

http://www.sciencemag.org/news/2018/07/european-court-ruling-raises-hurdles-crispr-crops
European court ruling raises hurdles for CRISPR crops
Hopes for an easier regulatory road for genetic engineering in European agriculture were dashed today by the Court of Justice of the European Union. In a closely watched decision, the court ruled that plants created with new gene-editing techniques that don’t involve transferring genes between organisms—such as CRISPR—must go through the same lengthy approval process as traditional transgenic plants.

https://curia.europa.eu/jcms/upload/docs/application/pdf/2018-07/cp180111en.pdf

Court of Justice of the European Union
PRESS RELEASE
No 111/18
Luxembourg,
25 July 2018

Organisms obtained by mutagenesis are GMOs and are, in principle, subject to the obligations laid down by the GMO Directive.

However, organisms obtained by mutagenesis techniques which have conventionally been used in a number of applications and have a long safety record are exempt from those obligations, on the understanding that the Member States are free to subject them, in compliance with EU law, to the obligations laid down by the directive or to other obligation

Bob PaddockJuly 30, 2018 12:13 PM

@weather, @bttb

"Albedo effect: Albedo is an expression of the ability of surfaces to reflect sunlight (heat from the sun). Light-coloured surfaces return a large part of the sunrays back to the atmosphere (high albedo). Dark surfaces absorb the rays from the sun (low albedo). ..." - http://www.npolar.no/en/facts/albedo-effect.html

See also Danish scientist Henrik Svensmark documentary "The Cloud Mystery".

The Sun is the major driver of climate and it goes thought several different cycles. ~11 years, 206/412 years, 2400 years, etc.

The historical records show that the levels of CO2 rise, before it gets cold for long periods of time.

The important bit is the amount of Total Solar Irradiance (TSI) that reaches us here on the ground:
https://www.nasa.gov/mission_pages/Glory/solar_irradiance/total_solar_irradiance.html

I've heard of predictions of the drop of TSI by one to seven percent. While that sounds small, the effects on Earth would be profound.

As the next Grand Solar Minimum, unofficially (so far) dubbed the Eddy Minimum, approaches there will be more volcano eruptions, due to increases in Cosmic Rays. That could cause the repeat of a Mount Tambora 1815 like eruption, level VE7, that puts so much particulates into the upper atmosphere that it blocks the Sun (Albedo) causing the planet cool. As well as fun things like disruption to the global food supply.

Look up the Dalton and Maunder minimums for historical examples of the future.

"Grand Solar Minimum much? Totally Fluxed!"

Bob PaddockJuly 30, 2018 12:19 PM

On GPS failing:

https://www.darpa.mil/program/adaptable-navigation-systems

https://dsiac.org/resources/news/darpa-pursuing-global-positioning-system-alternatives
:

"JULY 16, 2018 | SOURCE: NATIONAL DEFENSE MAGAZINE,
NATIONALDEFENSEMAGAZINE.ORG, 31 MAY 2018, CONNIE LEE
The Defense Advanced Research Projects Agency is looking to develop
alternative positioning, navigation and timing capabilities.

Dave Tremper, a program manager at the agency’s strategic technology
office, said relying solely on GPS provides users with a single point
of failure.

“GPS is so good that it’s kind of knocked all of the other players off
the field,” he said. “What happens when it’s not there and what
happens when your system still needs that degree of timing and you
still need that degree of position? … We’re going back and scrubbing
systems and saying, ‘We need to really think about having that
redundancy to GPS.’’’

One of the agency’s projects is the Spatial, Temporal and Orientation
Information in Contested Environments program, he said. The effort,
known as STOIC, is focused on developing a GPS backup, Tremper noted.

Part of the STOIC project leverages information gathered from a former
program called Adaptable Navigation Systems, he said, which examined
different types of signals for positioning, navigation and timing. One
of these signal types included very low frequency transmissions, he
said.

Related Information:

[See second link above, to get these links:]

DARPA Adaptable Navigation Systems (ANS) program

DARPA Micro-Technology for Positioning, Navigation and Timing
(Micro-PNT) program

DARPA Spatial, Temporal, and Orientation Information in Contested
Environments (STOIC) program

DARPA Quantum-Assisted Sensing and Readout (QuASAR) program

DARPA DARPA-funded Atomic Clock Sets Record for Stability, 29 August 2013"

That LORAN-C was destroyed with explosives, to make sure it could never be turned back on, does make you wonder if it was to force a dependence on GPS, that They knew would go away someday. eLORAN as a backup is not coming soon enough.

WeatherJuly 30, 2018 1:45 PM

@bob paddock, bttb
Most energy sources have come from the sun, while active disregard nuclear when it dies,
One to two generations of the lack or ability to teach we(society), goes back to the stone age,
food source is a propity so most of the energy will go to that,

What do you lot think would be the energy source from the above.

bttbJuly 30, 2018 3:38 PM

@Clive Robinson

You wrote (regarding the 13 July Indictment ; old bookmark https://www.emptywheel.net/2018/07/13/the-russian-hack/ :
"There is no "publicly available information" that can be verified it's still all in the realms of conjecture publicaly..."
Yes ( ianal), it is an indictment and nothing has been adjudicated. The specificity is great imo, but, as Greenwald might say, 'show us the evidence'. Which gets into protecting sources and methods, ...

"It's why originally people gave the "balance of probability" to "an inside job" over money issues within the DNC (Hillary stealing contributions pledged for Bernie)."
I'm still leaning toward the GRU hack evidence. otoh, afaik, Sy Hersch, may still be leaning away from it was the Russians who did it. https://en.wikipedia.org/wiki/Seymour_Hersh

WeatherJuly 30, 2018 6:15 PM

@bruce,it cracked it up shawell,
cheap shot
For 256
For 16
X=data^i
C=x&f
F=c|x
Val=¡f
Count=count+f
F=f-ox1ff
Store =store +f
Store = 0x1acb00
with data as 128 hash,
any more and pick a point

MarkHJuly 30, 2018 6:47 PM

@Clive:

At equal thermal efficiencies, a natural gas plant would emit about 73% the carbon dioxide of an oil-fired plant per unit of produced energy, and roughly 55% the CO2 of an average coal-fired plant.

However, combined cycle gas plants achieve efficiencies upwards of 60%. Assuming an average steam-loop plant to run at 45% thermal efficiency, the natural gas plant CO2 output drops to 54% of the oil-fired plant, and only 41% of the CO2 of a coal-fired plant.

The combined-cycle plants (sometimes called COGAS) are so efficient for several reasons:

• working temperatures of 1400C or greater, compared to 540C for typical steam loop plants, enables high Carnot efficiency

• modern power turbines (based on aviation technology) are extremely optimized

• the relatively high outlet temperatures from the turbine improves the thermal efficiency of the second stage

A nearly 60% reduction in greenhouse emissions (gas compared to coal) is a really big deal.
_______________________________________

The big caveat, is methane leakage.

If my figures are correct, a typical COGAS plant emits about 440 kg less CO2 than a typical coal plant per megawatt-hour of electrical output.

But if 2% of the gas leaked anywhere between the well where it was produced and the plumbing in the plant where it burns ... then that atmospheric methane is the equivalent of almost 55 kg of CO2 (based on 100-year effect) or almost 175 kg of CO2 (based on 20-year effect1).

Because real-world leakage of natural gas is likely at least 2%, the benefits for climate may be much less than advertised :(

1 Because the natural decrease of atmospheric methane is much more rapid than that of CO2, its greenhouse equivalency to CO2 is less at longer time scales.

Clive RobinsonJuly 30, 2018 7:36 PM

@ echo,

My personal opinion is extremely biased against GMO and similar new techniques which claim to be an equivalent of historical selective breeding when I'm not complely sure they are.

As far as I am concerned even "selective breeding" does not result in a safe Geneticaly Modified Organism (GMO).

Mankinds oldest GMO experiment is with various "grass grains" to produce wheat. As far as we can tell atleast 1% of the population would have their health impacted to the point they would die a very early death if they had to eat it as a main food source. Another 1-3% are effected by wheat to the point that they are in effect incapacitated by it's consumption. These are just two known effects (coeliac disease / dermatitis herpetiformis and IBS).

There are now questions about it's involvment with other autoimmune diseases and other intestinal disorders caused by an imbalance of gut flora or similar. It's a case of "The more we look the worse it looks" but there is significant push back from the same industry sector as gave us "High Fructose Corn Syrup" which likewise is being found to havr significant unhealthy effects.

Then there is cross breading in animals such that their nutritional content is changed to the detriment of those consuming them. The clasic example is the drop in various Essential Fatty Acids (EFAs) particularly the omega-3 fatty acids, which are important for brain. The human brain is nearly 60 percent fat, without the correct balance or worse minimum of omega-3 EFAs, the brain can not develop normally.

Omega-3 in particular is now virtually gone from certain food sources such as "chicken" and "milk" due to selective breeding.

It was a shortage of "natural fats" from animal sources during WWII and later that lead to certain types of cross breading that reduced omega-3 EFA in food and yet worse the development of hydrolised vegtable fats such as the all but inedible "margarine" thus in part why the later Transfats were developed. Whilst not GMO they are without doubt quite nasty, and now known to be harmful to consume.

But look on it another way, some selectively breed animals are way more sensitive to what would be ordinary diseases in less cross bred stock. Thus to exist as a seperate breed they are in effect dependent on the likes of antibiotics... We have known for thousands of years there are issues with cross breading especially when it results in "closed stud book breeding". It's why in humans close familial breeding is either illegal or strongly discouraged. Royal familes in particular broke these conventions and the list of genetic defects that resulted are long and unpleasent. Modern cross breeding almost always results in "closed stud book breading" to keep the "desired traits" such as fast weight gain, high milk yield, etc etc.

Does this all sound like "healthy eating, for man or beast"?

If people think so have a look at other issues such as how "mad cow" gets from bovine nervous systems into human nervous systems despite cooking, and the various biological barriers in humans including the blood-brain barrier. Whilst the actual initial cause of Mad Cow is officially unknown the one thing that is certain is it proliferated in highly cross bred cattle, most likely by what they were fed as food supliments to make up for their deficiencies due to cross breeding...

Oh and everybody "Enjoy your breakfast" by not asking about those brown shelled eggs you like, you realy do not want to know where their food supliments come from :-S

AnuraJuly 30, 2018 8:40 PM

@echo, Clive

There are a lot of foods that we eat that have problems; wheat gets a bad rap partly because it's so hard to avoid in our modern society. Lactose is another good example.

For this reason, I'm not particularly skeptical of GMO in and of itself provided we are transparent and use reason (hah!); however, we seem to be primarily using them to make herbicide resistant and pesticide producing plants, purely for the sake of monoculture farming. Adding more chemicals without nutritional value to my diet is not what most people have in mind when they talk about the safety of GMO.

65535July 30, 2018 8:45 PM

@ echo

“I'm just trying to fix a problem the hard way! HMRC and ministers do have angles…what I mentioned is just preperation for complaints against international finance companies. I found their service deficient in inconvenient ways without supporting law to justify their decisions so am complaining.Some NGOs havebeen deathly silent on the particular issue. I wonder how much one eye on the government grant keeps some of them quiet.”

I hear you. Finance companies can be some of the most deceptive, dirty and powerful players in the political-financial game. You are in for a uphill fight.

For example in the USA usury laws including redlining and discrimination used to be upheld in 1970s. Those laws have fallen by the wayside in the states and most financial institutions are charging over 25 percent per year on credit cards using clever late fees, penalties, and calculation of interest rate methods and so on. As far as I know usury in the USA is now a de facto method of making loans.

Large international financial firms should be ashamed of themselves for the dirty tricks they play. I hope you can bring some reform to this important sector of society.

I also would suspect NGOs considering their main income stream comes from government, corporations and shady “foundations” and the like. I share you distrust for them Turing a blind eye to abuse.

As I said this financial-political game can be rough and tumble at times. You have a noble cause. You just have to keep thrashing away at your goal and it will come.

A quick look at usury in the USA since 1970:

[Wikipedia]

“Usury laws are state laws that specify the maximum legal interest rate at which loans can be made. In the United States, the primary legal power to regulate usury rests primarily with the states… In some states, such as New York, usurious loans are voided ab initio… Texas also includes a provision for contracting for, charging, or receiving charges exceeding twice the amount authorized (A/K/A "double usury"). A person who violates this provision is liable to the obligor as an additional penatly for all principal or principal balance, as well as interest or time price differential… In 1980, Congress passed the Depository Institutions Deregulation and Monetary Control Act. Among the Act's provisions, it exempted federally chartered savings banks, installment plan sellers and chartered loan companies from state usury limits. Combined with the Marquette decision that applied to National Banks, this effectively overrode all state and local usury laws… the 1996 Smiley v. Citibank case, the Supreme Court further limited states' power to regulate credit card fees and extended the reach of the Marquette decision. The court held that the word "interest" used in the 1863 banking law included fees and, therefore, states could not regulate fees… the Dodd–Frank Wall Street Reform and Consumer Protection Act, was signed into law by President Obama... The act provides for a Consumer Financial Protection Bureau to regulate some credit practices but has no interest rate limit.”-Wikipedia

https://en.wikipedia.org/wiki/Usury#United_States

or

https://en.wikipedia.org/wiki/Usury

As you can see the USA really doesn’t have and usury laws of any potency. This is a sad situation. I can change that in your part of the world.

Alyer Babtu July 30, 2018 10:11 PM

@65535 @echo

Small footnote: any size fixed interest is usurious. Even assuming the interest rate was somehow equitable initially, a fixed money contact only makes sense if the conditons of the economics of the lender and borrower remain constant. There should be a mechanism to adjust the rate, equitably, to conform to prevailing realities. Otherwise, in case of failure of the venture for which the loan was made, there is only bankruptcy, with its attendant destruction of enterprise, value, material and lives. Something like a partnership with one side supplying money and the other expertise and innovation is a better form to shoot for. As an example, railways used bonds ie debt financing but airlines (because risky newfangled craziness couldn’t get loans) used stocks in the 1920-30s. In the depression, many railroads went backrupt and disappeared because they couldn’t pay their fixed bond debts. Most airlines survived because they could just delay dividends.

Clive RobinsonJuly 30, 2018 10:24 PM

@ MarkH,

But if 2% of the gas leaked anywhere between the well where it was produced and the plumbing in the plant where it burns ...

Yup, it's not easy working it out for the whole chain, and why it's easy for certain less than scrupulous people to "fudge the figures".

Even the scrupulously honest can not give accurate predictions due to the pace of change. For instance the technology for super critical steam turbines as well as gas turbines is evolving as new materials become available thus even higher tempratures will become possible. Each change changing the balance in the figures on an almost monthly basis, as the 50% overall efficiency goal is chased by "new coal" plant designers, and the low 60's by "new gas" plant designers.

But good as the gas sounds transportation costs have a big effect. For instance in Germany lignite or brown coal is fairly plentiful and mining it using modern techniques is not as difficult or unclean as it once was. However gas fired power plants in Germany are dependent on supplies from Russia. Ignoring the geo-political aspect getting the gas along such distances is not exactly efficient. The way seen as cheapest in India and China is the old "open cast minining" with minimal transport of the likes of "brown coal" which is fairly awful stuff due to the lower percentage carbon thus heat content and high levels of undesirable contaminates which require special flue systems to reduce emmissions that also degrade overall plant efficiency. So gains in one direction can often be lost in other directions.

As for "well head leakage" as long as it stays below about 5% of atmosphere it is below "The lower explosive/flamability limit" likewise if above about 17% for the upper limit[1][2]. It varies due to changes in the atmosphere and one or two other things but those are the accepted norms[4].

Thus in a valley that encorages winds a lot of well head gas can escape "safely" from the fire/explosion point of view, which is in effect the view taken by the industry, not the envoronmental view... Likewise venting from liquified gas storage and pipe lines. But gas does not "move it's self" down piplines, it has to be pumped at frequent points on a pipeline which takes energy thus reduces efficiency over all. A quater of a century ago I had figures for the likes of RB211 jet engines used to pump gas, but things have changed in that time but I suspect by only a couple of percent overall so not yet in the 40% catagory.

[0] https://www.powerengineeringint.com/articles/print/volume-25/issue-3/features/critical-thinking.html

https://www.ge.com/power/about/insights/articles/2016/04/power-plant-efficiency-record

[1] http://www.wermac.org/safety/safety_what_is_lel_and_uel.html

[2] I used to work in the petro-chem industry, and have been off shore on numerous occasions and have more helicopter flight hours than some pilots :-( During the "summer" most gas platforms go into a maintainence and upgrades phase, which is actually one of the most dangerous times. One little box you will see a lot of is the jovialy named "explosimeter" or flamable gas level warning personal monitor. It was brought home to me one day just what "bio-gas" realy is. We were on a rest break muching on egg and bacon rolls, when an explosimeter went off... After the momentry "Oh sh..." moment the Norwegian engineers started laughing and saying things to one of the engineers. My smattering of Norwegian "naughty words"[3] gave away what had happened. The engineer had his meter on the bench he was sitting on between him and a colleague, one of them had cracked of a "rumpentute" the methane content of which was sufficient to trigger the meter...

[3] Norwegian is an odd sounding language to many native English speakers. Put simply it sounds like there is a lot of expletives / naughty words being spoken, even from children. The reality is they are not, it's just the roots of the language robustly coming through. Oh and a few Norwegian naught words actually sound quite mild almost melodic... (Now of course a Norwegian is going to pop up and defend their language and rightly so, and in the process ask whether I've heard the Swedish language, to which the answer is yes ;-)

[4] Even if a flamable gas is above the LEL it will not burn if there is insufficient thermal energy. There are two generally accepted points "flash" and "autoignition". If the temprature remains below flash point ignition should not take place and at autoignition it will burn without a source of ignition. These points vary considerably with atmospheric preasure and change (Diesel effect) and the presence of catalitic materials etc (see "platinum black" which catalyzes hydrogen, thus effects hydro-carbons).

echoJuly 30, 2018 10:30 PM

Further to my comments on abuse and complicity, and UK police and government turning a blind eye to inconvenient women complaining about 'mob' trafficking; and the solutions required:

https://www.theguardian.com/global-development/2018/jul/31/mps-accuse-aid-groups-of-abject-failure-in-tackling-sexual-abuse
MPs accuse aid groups of 'abject failure' in tackling sexual abuse
Damning report says sector has shown ‘complacency verging on complicity’

@65535

Thanks for your information. This may help building a picture because it's not just on the surface information but indirect and sometimes indirect indirect information like which you supplied which feeds into it which is important.

Without checking more it's difficult to say but possible unwinding one specific complaint I have may be useful for US based human rights activisits. I say possible. I theorise that while there is as you say no pressure on usuary there is discriminatory pressure within government which international finance companies are colluding with. Sometimes the exact source of pressure can be difficult to pin down and may itself be an artifact and the actual intent isn't there. It is only when informed and no action is taken does it become unlawful. Once the discriminatory action is proven the burden of proof shifts.

The UK government is currently throwing a Brexit hissy fit over EU access to the UK market. The view I took is if international (and domestic) companies cannot respect UK law including human rights and discrimination law they should have their licence revoked. Dominic Raab is not the ideal person to have this conversation with nor is the UK government as a whole as UN condemnations about the mistreatment of disabled people indicate.

On the US usuary issue: The law is somewhat different over here and payday loan style companies which charged usurous rates received a lot of the wrong kind of attention. The IEA thinktank is also now being investigated for its abuse of charitable status. I successfully argued with one leading US campaigner that issues weren't race issues but economic issues: it was about money. I later learned another woman had argued this ages ago and had used this principle within her educational job to demonstrate an alternative. A ex US Navy American male friend argues it's about who gets attention.

Oh,I don't know. I suppose it all boils down to do what you do but do it well. Fix the smallest thing then go onto the next thing...

echoJuly 30, 2018 10:39 PM

@Alyer Babtu @@65535

Wow. This is interesting. I never perceived bonds and stocks this way before. It's amazing how much success is accidental yet when we succeed we perceive ourselves as winners not losers who merely got lucky although, of course, this can be a poisoned chalice too!

MarkHJuly 31, 2018 2:09 AM

@Clive:

Probably no surprise to you, that the procedure for entering a missile silo includes an LEL check, and lengthy ventilation if the rather conservative threshold is exceeded.

There's very little airflow when they're shut, and vapors from various systems can easily build up in excess of the threshold. Their normal condition is uninhabited and buttoned up, so they can go quite long stretches without hatches opened.

WeatherJuly 31, 2018 7:22 AM

@Clive
About double beta decay that release electrons into vacuum into a plate,
you can use American 251, plus 5MeV to make 7.5MeV to make isotopes of calcium, it has no way to go nuke but can solve a lot of problems, you spend the money on hydro and convert to batteries,
you can also start with hydrogen plus 3.2Mvolts 1nAmp to accelerate it to make a conversion to neutron and charger up that way,

You lot have the knowledge, NZ has the renewable energy to convert it to a battery

PeaceHeadJuly 31, 2018 12:05 PM

Let's please not waste bandwidth on Noam Chomsky.
I once wanted learn what Natural Language Programming was.
I had one book by Noam Chomsky on the subject and one computer science book.

The computer science book defined Natural Language Programming in plain English in 2 neat paragraphs with decent grammar and provided substantial supportive details for the remainder of the chapter and book.

Noam Chomsky's definition took about 25 pages of meandering blabbering using a combination of esoteric jargon and some homemade words and in gigantically long paragraphs with very poor grammar. For a so-called linguist, it was a linguistic semantic/syntactic/pragmatic disaster. It didn't explain anything efficiently at all.

So naturally, the non-fiction computer science book was preferred. Ever since then, I strategically avoid Noam Chomsky's content. It's a waste of intellectual time to try and follow somebody who can't communicate efficiently even though supposedly they are a linguist.

I can comprehend that some topics are not concise by nature, and that they can't be further reduced, kinda like data compression--there are limits.

But please, let's not waste or bandwidth and time and energy and let's not lose intellectual focus by going down the jabberwocky rabbit hole known as Noam Chomsky.
Please and thanks in advance.

So what's happening with the U.S. Power grid. Who is playing chess and checkers on top of the U.S. Power grid?

Personally, I'd like to tell the Jokers holding all the wildcards, "Hey, Please *DO* turn off the Internet and Television Networks, but please *DON'T* turn off all of our power/water/natural gas. We need time to get off of the grid first. If you don't give us enough time to get off the grid, many lives will die due to starvation, interrupted medical care, thirst, lack of police, lack of fire dept, social unrest, etc."

Really, the internet and television is in many ways killing societies already. They don't need any more "help".

Peaceful coexistence is yours if you want it; it belongs to everyone.

bttbJuly 31, 2018 12:06 PM

In layman's terms, and I haven't read all the posts above, here is my two cents worth on Climate Change (Global Warming):

1) What if something goes wrong with theories inadequately tested? We won't be able to go back, of course, to previous "snapshots" of planet earth. For example, what if we put the wrong gases or stuff in the upper atmosphere to try to reflect incoming 'heat' from space. Unintended Consequences? Will climate change mitigation choices become the only game in town? If so, how soon? Are they now?

2) Hydrocarbon chains, afaik, still make good, and cost-effective, precursors for manufacturing plastics and presumably other stuff (pharmaceuticals?). In other words, burning (oxidizing) hydrocarbon chains may be penny wise (near term) and pound foolish (long term). Keynes said, of course, something like "In the long run, we are all dead."

3) afaik, Fracking has problems with things like release of methane while fracking and potential detrimental problems (risks?) for drinking water.


I enjoyed reading, or skimming, the link below:

https://www.nytimes.com/interactive/2018/07/24/business/energy-environment/hoover-dam-renewable-energy.html

"The $3 Billion Plan to Turn Hoover Dam Into a Giant Battery

Hoover Dam helped transform the American West, harnessing the force of the Colorado River — along with millions of cubic feet of concrete and tens of millions of pounds of steel — to power millions of homes and businesses. It was one of the great engineering feats of the 20th century.

Now it is the focus of a distinctly 21st-century challenge: turning the dam into a vast reservoir of excess electricity, fed by the solar farms and wind turbines that represent the power sources of the future.

[...]

Lazard, the financial advisory and asset management firm, has estimated that utility-scale lithium-ion batteries cost 26 cents a kilowatt-hour, compared with 15 cents for a pumped-storage hydroelectric project. The typical household pays about 12.5 cents a kilowatt-hour for electricity.

Some dams already provide a basis for the Hoover Dam proposal. Los Angeles operates a hydroelectric plant at Pyramid Lake, about 50 miles northwest of the city, that stores energy by using the electric grid to spin a turbine backward and pump water back into the lake.

[Read more: It’s tricky to store energy on an industrial scale, but engineers have devised clever workarounds.]

But the Hoover Dam proposal would operate differently. The dam, with its towering 726-foot concrete wall and its 17 power generators that came online in 1936, would not be touched. Instead, engineers propose building a pump station about 20 miles downstream from the main reservoir, Lake Mead, the nation’s largest artificial lake. A pipeline would run partly or fully underground, depending on the location ultimately approved...."


bttbJuly 31, 2018 12:29 PM

Long article that may have had Binney, VIPs or VIPS, or others, chasing red herrings.

https://www.computerweekly.com/news/252445769/Briton-ran-pro-Kremlin-disinformation-campaign-that-helped-Trump-deny-Russian-links


“Briton ran pro-Kremlin disinformation campaign that helped Trump deny Russian links

[…]

A British IT manager and former hacker from Darlington ran a disinformation campaign that duped former US intelligence agents and provided Donald Trump with manufactured “evidence” to deny that Russia interfered with the US election
A British IT manager and former hacker launched and ran an international disinformation campaign that has provided US President Donald Trump with fake evidence and false arguments to deny that Russia interfered to help him win the election….”


https://twitter.com/Thomas_Drake1/status/1024271568854241281

“The story of "Adam Carter””
https://twitter.com/emptywheel/status/1024275458567876609

https://www.emptywheel.net/2017/11/07/about-the-timing-of-the-binney-meeting/ ; from November, 2017


bttbJuly 31, 2018 3:14 PM

From https://www.emptywheel.net/2018/07/31/did-gru-learn-that-democrats-had-hired-christopher-steele-when-they-hacked-dncs-email-server/

"According to Glenn Simpson’s [Fusion GPS] SJC [Senate Judiciary Committee] testimony, he hired Christopher Steele in May or June of 2016 to investigate Trump’s ties to Russia.

Q. And when did you engage Mr. Steele to conduct opposition research on Candidate Trump?

A. I don’t specifically recall, but it would 10 have been in the — it would have been May or June of 2016.

Q. And why did you engage Mr. Steele in May or June of 2016?

Simpson is maddeningly vague (undoubtedly deliberately) on this point. In one place he suggests he hired Steele after DCLeaks was registered and amid a bunch of chatter about Democrats being hacked, which would put it after June 8 and probably after June 15...."

bigmacbearJuly 31, 2018 3:24 PM

@MarkH:

The same procedure is required to enter a utility/communications manhole, and for very similar reasons.

Clive RobinsonJuly 31, 2018 3:33 PM

@ Bob Paddock, bttb, weather,

The Sun is the major driver of climate and it goes thought several different cycles.

You might find this on the solar cycle to be of interest,

https://www.science20.com/tommaso_dorigo/guest_post_eleni_petrakou_a_model_of_the_solar_cycle-233408

As someone who uses long haul HF Comms proffessional and likwise an intetest in "energy security" the Sun Spot and other solar weather is of great interest to me both professionally and for one or two hobbies as well.

What few outside radio circles know is that both the Critical Frequency thus the Maximum Usable Frequency for any given radio path are way way down on what they should be. The CF defines what frequencies can be used for NVIS mode communications, with the CF being down to the Marine band the military amongst others have some very real issues...

WeatherJuly 31, 2018 4:36 PM

A proton and a electron are in a room, the electron accelerate the proton, will the proton slows down the electron,
a planet and a electron, a electron accelerate the planet will the planet slows down the electron,
if electrons at enough density slow down a neutrino, but it's not voltage or current, but space charge, and you can get around that by rotation of neclue orbit even though it's a small value can punch through the eather, or like a van dee Graff put enough charge in one place, highlighting that tack, as you haven't proven the aes maths way.
May peace be with you, and kill all the vickens

JG4July 31, 2018 6:36 PM


Been busy or you'd hear from me more often. There are plenty of other interesting news items in the afternoon compendium beyond these. The morning compendium has a chilling article on the topic of doing what we are told.

https://www.nakedcapitalism.com/2018/07/200pm-water-cooler-7-31-2018.html

...

News of The Wired

“How to Fall Asleep in 120 Seconds” [Medium]. “The U.S. Navy Pre-Flight School developed a scientific method to fall asleep day or night, in any conditions, in under two minutes. After six weeks of practice, 96 percent of pilots could fall asleep in two minutes or less. Even after drinking coffee, with machine gunfire being played in the background. Which means if you follow these steps, falling asleep will be a piece of cake.” • I count backward from 400….

“Don’t Throw It Away—Take It to the Repair Cafe” [City Lab]. “It’s that throwaway culture that former sustainability journalist Martine Postma—now the founder of the Repair Cafe Foundation—aimed to tackle in October 2009 when she created the first of such cafes in Amsterdam… . From that first cafe in Amsterdam grew nearly 1,600 more across the globe, including 82 within the U.S…. She now sells a digital starter kit for €49 (about $58) that includes a manual, permission to use the foundation’s official logo, and communication access to all the other cafes out there.”

“The ethics of computer science: this researcher has a controversial proposal” [Nature]. • Love the Nature-style clickbait headline (“this researcher,” “controversial”). More:

If the peer-review policy only prompts authors to discuss negative consequences, how will it improve society?

Disclosing negative impacts is not just an end in itself, but a public statement of new problems that need to be solved. We need to bend the incentives in computer science towards making the net impact of innovations positive. When we retire will we tell our grandchildren, like those in the oil and gas industry: “We were just developing products and doing what we were told”? Or can we be the generation that finally took the reins on computing innovation and guided it towards positive impact?

Combine this with the precationary principle?

Kids these days:

Gordy Pls @GordyPls
https://twitter.com/GordyPls/status/1021879461023608833
I legit just saw an 8 year old at the school get their phone confiscated and they waited until the coast was clear, pulled an iPad mini from a schoolbag pocket, retrieved a sim from a ziplock bag, installed it, then resumed their conversation.
6:07 PM - Jul 24, 2018
4,766 likes | 915 people are talking about this

* * *

WeatherJuly 31, 2018 9:57 PM

Is there any one in New Zealand that needs a offsite security consultant?

echoAugust 1, 2018 12:34 AM

@Clive

I have a semi-occasional semi-professional interest in weather too. Seasons and weather patterns and the overall climate effect things like retail markets and individual psychology and work loading among others, as does the architectural and organic environment. For the more academically inclined "human geography" is a topic, or so somebody I later learned fancied me told me half way up a mountain when it was cold and windy and hacking down with rain.

They wouldn't be the only one who talked nonsense behind my back after I pulled out a camping stove and cooked dinner. They didn't complain when they were eating it. At least the chilled drinks pulled from nowhere on a baking hot day went down well with better company.

I was once asked my a man in a local newsagents why I always carry my bag with me. Like I told him it has my stuff in it.

echoAugust 1, 2018 12:44 AM

@JG4

I dislike how popular narrative labels people as "left" or "right" depending on their expressed opinion. One article you cited asks why "leftists" are so sceptical of the Russian investigation. (I daresay "rightists" dislike being called things too.) I have read enough comment from people who say right wing friends are skeptical of the Skipral investigation much like many extreme rightists are dismissive of the Russian investigations.

Studies prove that "left" and "right" psychologies can be found in a fairly equal distrubition in parties which traditionally identify as the opposite. Political parties also contain people of many differing levels of education too. Studies also confirm there is a relationship between education and wealth and basic behaviour: where resources are low behaviour is more reptile brain driven, and tribalistic and discriminating and violent.

65535August 1, 2018 4:39 AM

@ echo

“I theorise that while there is as you say no pressure on usuary there is discriminatory pressure within government which international finance companies are colluding with. Sometimes the exact source of pressure can be difficult to pin down and may itself be an artifact and the actual intent isn't there. It is only when informed and no action is taken does it become unlawful. Once the discriminatory action is proven the burden of proof shifts… I took is if international (and domestic) companies cannot respect UK law including human rights and discrimination law they should have their licence revoked. Dominic Raab is not the ideal person to have this conversation with nor is the UK government as a whole as UN condemnations about the mistreatment of disabled people indicate…The law is somewhat different over here and payday loan style companies which charged usurous rates received a lot of the wrong kind of attention. The IEA thinktank is also now being investigated for its abuse of charitable status. I successfully argued with one leading US campaigner that issues weren't race issues but economic issues: it was about money…”-echo

I understand. That last sentence is really what it is all about – money.

It’s about those who don’t have and those who do. Those who do tend to abuse those who don’t have money and have to borrow it. It’s a real problem.

If you want to go further down the rabbit examine who controls loan rates and money I think you will find plenty of abuse in credit rating agencies… cough Equifax. Everyone has a credit score in the USA and some people are low and other high. I really think there is something wrong with that credit score system.

@ Alyer Babtu

“...any size fixed interest is usurious…As an example, railways used bonds ie debt financing but airlines (because risky newfangled craziness couldn’t get loans) used stocks in the 1920-30s. In the depression, many railroads went backrupt and disappeared because they couldn’t pay their fixed bond debts…”

That is a good point.

There are many financial instruments which smooth this problem – but only avialiable to the upper class of society in the USA. The average Jane/Joe don’t have resources to hire and create the exact financial instrument needed.

Those financial instruments are only available to the wealthy and corporations. The paper work to constructing such financial instruments is so costly and it could involve trusts, partnerships, limited liability corporation or corporations which trade in such financial instruments such that average Jane/Joe would be bankrupted hiring lawyers and CPAs to do the government paper work.

The USA can be a very harsh place to do business for the average Jane/joe.

Now, move forward to Bitcoin and block chain currency and the people who got in first would be rich or are now rich. If the average person borrowed 400 USD and got in bitcoin semi-early the gains from Bitcoin would have out-paced any interest on a 400 USD loans and they would be rich. Forward to the present day the average person bitcoin is not such a good deal. That is one twist in the financial community - a bubble. I don’t know any easy answer.

echoAugust 1, 2018 4:51 AM

This made me wonder if there is an energy cost free way of calculating blockchain stuff as a by-product of other calculations like gaming or weather so the cost of the operation would be nil aiside from a simple copy operation. My maths isn't anywhere near good enough to know if my question is good or completely daft so does anyone have a clue?

As for security specific products how does whitelisting and/or application profiling help? Should this be an OSfunction? What degree of granularity should this provide?

https://www.polygon.com/2018/7/30/17630664/steam-abstractism-cryptocurrency-mining

Steam game pulled from store after allegations of cryptocurrency mining
11 comments.
In addition to numerous item scams, Abstractism was accused of hacking player’s computers.

JG4August 1, 2018 6:58 AM


@echo - I try to stay out of the left-right cognitive impairment quagmire. Neither are right or wrong. Newton missed the nuance that every action has a cascading series of consequences.

BTW, my quip about empire has recently been improved. "Empire is a machine, with gears made of guns and words, lubricated by the blood of the peasants, driven by greed, amorality and hubris, that crushes bodies and souls to make money and power."

Some time ago, I posted links to Leemon Baird's hashgraph algorithm, which is much lower in energy use than blockchain. I've suggested before that proof of work need not be directed to trapdoor algorithms, but could be applied to climate modeling, protein folding and the search for extraterrestrial intelligence. Concensus algorithms, like reality on your planet, operate in a tradespace.

I don't have the link handy, but your cold beverages might benefit from the technology that the Gates Foundation are deploying to move vaccines around the world. It provides portable cooling on the month timescale to just above 0 C.

https://www.nakedcapitalism.com/2018/08/links-8-1-18.html

...[the genital integrity subset of somal integrity security]

Body-snatching fungi that give rise to sex-crazed cicadas before ripping off their genitals found to contain compounds seen in hallucinogenic drugs Daily Mail

...

DoD unveils final JEDI Cloud RFP, sticks with single-vendor approach Federal News Radio (CO).

...

Big Brother Is Watching You

Eight AT&T Buildings and Ten Years of Litigation: Shining a Light on NSA Surveillance EFF

...

Comcast installed Wi-Fi gear without approval—and this city is not happy Ars Technica

Major Quantum Computing Advance Made Obsolete by Teenager Quanta

Audit the algorithms that are ruling our lives FT

RGAugust 1, 2018 9:14 AM


India’s GDPR with Additional Data Localization

India’s embrace of smartphones has triggered an explosion of sensitive information despite a dearth of regulation, fueling concern among privacy activists and citizens groups about potential abuse. Advocates of the bill argue for over-arching regulation to protect the rights of users -- an issue that’s come to the fore since revelations about the leak of data on millions of Facebook users and a series of high-profile cyber-attacks.

Srikrishna’s proposals bear similarities to the General Data Protection Regulation imposed in Europe.
As proposed, it requires data localization by companies and that a copy of all personal information be kept on servers within the country. Critical data is to be stored in-country only, while stringent rules apply for cross-border transfers. The committee also recommends the creation of a data protection regulatory authority, and penalties for violations of up to 150 million rupees ($2.2 million) or 4 percent of worldwide turnover in the preceding financial year, whichever is higher.

The draft additionally bans the collecting, recording or disclosure of personal data that identifies individuals. That includes financial, health and genetic data, biometrics, sexual orientation, and political or religious affiliations. (Ed: add IP address and analytics fingerprinting)
https://www.bloomberg.com/news/articles/2018-07-30/india-considers-sweeping-gdpr-style-curbs-for-online-data
The irony is that as nations increasingly reject Silicon Valley surveillance, the USA is busy rejecting China’s total surveillance state.

Window Dressing Privacy
Meanwhile in the USA, big-data is working Congress and White House to circumvent California’s new money-losing GDPR.

“The Trump administration is crafting a proposal to protect Web users’ privacy, aiming to blunt global criticism that the absence of strict federal rules in the United States has enabled data mishaps at Facebook and others in Silicon Valley.
Over the past month, the Commerce Department has been huddling with representatives of tech giants such as Facebook and Google, Internet providers including AT&T and Comcast, and consumer advocates, according to four people familiar with the matter but not authorized to speak on the record.
USA citizens are privacy losers due to corporate lobbyists buying political influence at the federal level. Big-data goal is to pass a vaguely worded, watered-down federal privacy law that will supersede California’s tough new GDPR state law.”
https://www.washingtonpost.com/technology/2018/07/27/trump-administration-is-working-new-proposal-protect-online-privacy/?utm_term=.5e5379f08005&noredirect=on

echoAugust 1, 2018 9:45 AM

By "Big Clive". No relation I suspect. Uses for heat sensitive nail varnish (to add to uses for glitter nail varnish) and "tropicalising" electronics with nail varnish. This may have applciations if you are in a pinch and all you have on you is nail varnish. As one does.

bigclivedotcom
https://www.youtube.com/watch?v=R4C3Lh71yFQ
Technical uses for nail varnish

Bob PaddockAugust 1, 2018 10:24 AM

@Clive Robinson

"You might find this on the solar cycle to be of interest,..."

Yes. Thank You.

What do you think of the Electric Universe Model of Cosmology?:
http://www.thunderbolts.info

The Sun may be more influenced by galactic Birkeland Currents that previously accounted for, which may be the missing 'trigger' in the link you provided.

"What few outside radio circles know is that both the Critical Frequency thus the Maximum Usable Frequency for any given radio path are way way down on what they should be. ..."

However do we know to attribute it to the Solar Cycle or do we attribute to the Magnetic Pole Flip, effecting the Magnetosphere, that is in process and accelerating?

There is nothing in the known historical record to show there has been a pole reversal and a Grand Solar Minimum simultaneously, so we are entering unprecedented territory.

Something I wonder about for the Magnetic Pole Flip is does it reach a hysteresis point where they snap or do they just continue their meandering toward convergence in the Indian Ocean around 2050?

http://spaceweathernews.com/ is always a good place to keep up on the daily happenings on the Sun and the science papers coming out.

PeaceHeadAugust 1, 2018 11:03 AM

@justinacolmena
@JGn

Thanks for interesting content.
I can very much relate.
Welcome to the many covert civil wars.
No need to be surprised much anylonger.

Stay safe.
Peace be with you, people.
Peace be with you hybrids.
Peace be with you, Artificial Intelligences.
Peace be with you, genetic chimeras; some of us will attempt to save you from the evils of us.
Peace be with you, those with severe conflicts of interest seeking peaceful resolutions.

Hiroshima, still not forgotten.
Nagasaki, still not forgotten.
Fukushima, still not forgotten.
Vietnam, still not forgotten.
Crimes against the Nuremburg Convention, still not forgotten.
Reduction of USA & Russian chemical weapons efforts, still not forgotten.

The honorable Dmitri Khalezov, still not forgotten.

All the accidental Nuclear Wars averted by both sanity and folly, still not forgotten.
Survivors of the torture and involuntary transhumanism of WWII and Third Reich, still not forgotten.

Tank man, still not forgotten.
Old lady hitmen, still not forgotten (and let's please stay the heck away from each other, OK.)
Navy and Marines who require SLEEP for SURVIVAL, still not forgotten. It's not mutiny if your commanders tell you commit suicide and you don't comply.

Coast Guard nearly gutted and defunded by the Trump/Pence threat to National Security, still not forgotten.

Innocent Holders of the 4 keys, defend your peace of mind with peace of actions, it's your entitlement and some of us stand with you, with or without launchcodes in our memories, still not forgotten.

Survivors of Project BLUEBIRD, still not forgotten, depsite bouts of artificially-induced amnesia and years of medical malpractice.

Thespian savants with skills to entertain and/or hide elegantly, I remember you, still not forgotten.

Heroic, blackhole crime interruptors, in advance, please advance, though we never met, still not forgotten.

Clever subtle acknowledgers of TRUTH, I will NOT betray you; you are still not forgotten, though I made sure not to memorize your images, nor sounds, nor behaviors.

If I die prematurely, please don't forget me.

May Peace Prevail Within All Realms of Existence.
Protect the Python.

vas pupAugust 1, 2018 11:07 AM

@all:

Russian outcry over prison brutality video:
https://www.bbc.com/news/world-europe-44982734

"When he looked into Yevgeny's case last year, the guards produced a video of him resisting orders to leave his cell, being aggressive.

The ombudsman didn't insist on viewing what happened next.

"It was pointless. They showed me what they showed me. The official part," he says, although {!!!!]all guards are obliged to wear bodycams[!!!]. Sergei Baburkin admits they are used "selectively", and "in the guards' interests, to cover up crimes".

My question: do other countries require prison guards wear body cameras (US, UK, Germany, France, other)?
I guess that is even more important than body cameras on police officers because there is no chance of bystander recording interaction in prison like in streets, etc.
Where are ACLU and Amnesty International on that?
Only 24/7 monitoring and recording of interaction of prison guards and prisoners is important to protect both sides of false accusations. Same should apply for jails, detention centers, forensic mental units, mental health facilities where any type of restraining could be applied.


echoAugust 1, 2018 11:14 AM

If I was the thieves I might double back and watch the mayhem from a nice cafe drinking tea. It would be the last place they looked while chomping on their doughnuts.

https://www.independent.co.uk/news/world/europe/sweden-crown-jewels-stolen-thief-motorboat-escape-strangnas-cathedral-police-manhunt-a8472281.html

Sweden crown jewels stolen by pair of thieves who fled scene by motorboat.

“I knew immediately they were burglars because of the way they were behaving.” The police spokesperson said the thieves may have left their boat and continued their escape by car. “We are spreading out in all directions,” he added. On Wednesday, Swedish police said the search continued through the night, but no arrests had been made.

echoAugust 1, 2018 11:25 AM

@vas pup

UK cops have a habit of turning their cameras on and off to skew perceptions. None of this is reported in UK media.

UK prisons used to be much worse.

While things overall have improved a lot so what used to be routine is now a minority and more reduced bad things still happen and not all of this is recorded in any way. In many instances people don't know their rights and have no access to an external authority or lawyer or political representation especially in the heat of the moment. Turning of blind eyes and pretending not to hear a complaint still very much happen especially with the police and doctors who have very conservative and tribalistic like attitudes not to mention whiff of sexism. Ditto lawyers to some degree.

I think we all know how the Russians can be a little direct (especially with security issues) but by and large they are honest as their sometimes unvarnished and untainted by Western style PR techniques as their responses you quoted show.

https://www.theguardian.com/society/2018/jul/28/bitter-learned-life-inside-john-massey

Clive RobinsonAugust 1, 2018 3:19 PM

@ bttb,

Now it is the focus of a distinctly 21st-century challenge: turning the dam into a vast reservoir of excess electricity, fed by the solar farms and wind turbines that represent the power sources of the future.

Err late 20th century actually, there is this mountain in Wales that got engineered that way back in the 1970's if I remember correctly. As far as I'm aware the UK Central Electricity Generating Board was one of the most forward looking in terms not just in research but actuall engineering. Thus IIRC the Welsh mountain was the first of it's type in the world. Back then things were looking good, then Maggie Thatcher came along, now we subsidize the French failing state owned? electricity service (EDF...) that has so many nuclear powerstations beyond End of Life limping along that they have absolutly no hope of ever cleaning up...

So EDF's wheeze was to sell the some what moronic UK Government an out of design and inhearently dangerous nuclear power plant, that they were going to "badge lable" from the Chinese Government... At such an outrageous price the UK would be covering EDF's chronic debt for a decade or so, without which EDF is most likely going to go "splat" against that wall known as bankruptcy...

Our previous Chancelor now part time over payed editor of the Evening Standard had a thing about the Chinese (and I gather Opiates as well) thus over ruled quite sensible opposition to the idiocy, I guess that's just one reason they call him "Gidiot" ;-)

Until someone gets a "Generation four, inherently fail safe" nuclear reactor up and running in anything other than "experimental" status it's probably not wise to invest in nuclear energy...

PeaceHeadAugust 1, 2018 8:37 PM

@vas pup: I share your concern about the significance of portable and/or wearable and/or localised surveillance systems/devices to hopefully and ideally reduce abuses in such places as you mentioned.

I've been unfairly detained several times on North American soil by North American abusers without due process where I was routinely abused and tax-payer dollars paid for the abuses which were scheduled to recurse at high cost every month of the year for the rest of my life in compound incidents.

Surveillance was not a deterrent. The so-called legal system was not a deterrent. Law enforcement was not yet a deterrent (and they would be at high-risk physically and mentally to go undercover; the damages could be permanently debilitating).

The aftermath and preliminary social supports were not a deterrent to the criminal abuses. The educational system was not an effective deterrent to the criminal abuses.

When a whole civilisation is built around a set of caustic tautologies, the only relief is to leave that civilisation rather than to be killed by it.

All this, in America.
If I ever become a radical, there will be no reason to blame any other nation. Every abuser who ever severely harmed me was North American citizen, usually with plenty of money and a reputation front designed to send all naysayers into social or literal oblivion.

I'm alive because I took some tips, hints, and historical cues from military intelligence knowledgesystems as well as from Peace Sustainers/Peace Maintainers/Peace Builders/Peace Rebuilders. (PeaceKeepers, of the kind which are not ICBMs!!!!!!). Also, I have a strong survival instinct and deliberate nature towards living.

I got damaged, but helped and healed, but it became a vicious cycle.
By the time yesterday rolled around, I realised that I've been collateral damage in several covert exchanges. Now I'm upping my literacy and making it clear, that I'm not a sure thing, nor a slam dunk.

Smart people are thankful that I'm not yet radicalised. Because if I ever became radicalised, I'd be a lot more dangerous than all of the false accusations designed to get me suppressed, damaged, subservient, and killed while being monetised.

No worries, I will NOT become radicalised as long as my corpus callosum is intact (and it is).
I have no interest in becoming a walking talking disaster.

Anyways, I digress.
As for solutions, the first step is to acknowledge the problems instead of denying them. Thankfully you and others are already at that point.

Typically, we are raised and enculturated to be subservient to dogmas and aristocratic ideologies. Resisting the bullshack goes a long way.

REPROGRAM YOURSELF goes a long way too.

Avoiding toxic relationships goes a long way too, but when that's impossible, raw strategy whilst avoiding provocations can get a person to safety. Raw illusory behaviors such as faking agreement can get a person to safety.

Ditching punkrock anarchists can avert becoming a victim of planted provocateurs and instigators.
Donald Trump is the White House version of a punkrock anarchist, by the way. I'm not even talking about music. But at the same time, the Koch Bros are punkrock anarchists, as are the Project Mockingbird media megacorporations regardless of whether or not they service the CIA or any other individual, group, or collective. At this point, most major players are probably struggling with internal civil wars, CIA included. I don't blame them and I don't blame Russia either.

Just beware the Anarchy sign upside down, like what was spraypainted on the side of the Pentagon's hole after 911 sept 2001. That seems to be an icon representing a warhead touchdown. Sure you weren't even talking about that, and neither was I until now. But sooner or later IT'S ALL RELATED. This is why PEACE MATTERS SO MUCH.

Those who worship destruction and death and disease and decay and deception and manipulation cannot be trusted. The golden rule doesn't work with them. They can't be appeased. They can't be shamed into good behavior. It's a constant race against time to put them back into the Pandora's Box and lock it back up. Thank goodness for every success. Otherwise none of us would be alive. This has been going on since 1929 and before.

When we stop compartenmentalising our perceptions, that's when epiphanies happen and then our actions can be more effective.

Give yourself permission first, and then you'll be able to do more, just like "super user do...". Sorry if I sound preachy. It comes with the territory.

I am not entirely dodging the stereotypes that portray me as eccentric. People who state the truth directly to the lie-machines typically get assassinated by said lie-machines. This is not going to happen to me, and I will not and do not threaten others with this historical mistake.

I don't need to submit an FOIA request about myself because I already know what results would finALLY show up 75 years later.

Don't give up hope. Your questions imply ethics and logic and reasoning and empathy and the will to survive. Sure I sound trippy and extreme, but so was every attempt to subvert several millions or billions of people for the wrong reasons to accomplish the wrong goals. Which is more perverse, me or those megalomaniacs? I think it's them.

I'm not as nuts as nukes nor NUK clear baby bottles and yellow cupcakes.
Consider me as a work in progress on how to NOT participate in JARGON CODES.
Stay sober. Peace be with you.

By the time people are sick of me on this site, I won't even be posting nor reading for several months if not years.

ThothAugust 1, 2018 10:57 PM

@all

Another nasty snake oil and scam selling as "World's First Unhackable Hardware Wallet".

The hardware is essentially almost similar to a run-off-the-mill Android phone and is only as good as the smartphone gets.

Also, it might even be backed doored as it sends data to Chinese servers like Baidu.

It is interesting that they never even bothered to use the Mediatek's MT6580 with ARM TrustZone as a way to "securely execute" their codes at the very list (although I do not encourage using ARM TZ - read older posts).

Links:
- https://www.theregister.co.uk/2018/08/01/unhackable_bitfi_wallet/
- https://bitfi.com/bitfi-wallet

WaelAugust 2, 2018 12:03 AM

@Thoth,

"World's First Unhackable Hardware Wallet".

That was funny... I needed that :) As for the bounty... they specifically defined the protection profile and limited the attack surface to extracting the key from an unadulterated device. This makes me believe that the key derivation function they used is Argon2 and not pbkdf2 or scrypt. Come to think of it, they probably used pbkdf1 or something lame ;)

Backed by John McAfee so you know it's going to be A+

Seriously, John, did you really back it up with these claims? A+, it is... in what subject, that's the question!

tracks the whereabouts of the device, and beams it off to Baidu and Adups servers in China.

That's interesting! So China is snooping on violators, then! China banned Cryptocurrency trading last year!

echoAugust 2, 2018 12:50 AM

@Clive

Further to mymeme that "it's not how much but who gets it" local councils are making a play for £1.5 billion from one of Camerons pet schemes.

I'm not at all sure the public or private sector really get each other, nor that citizens/consumers aren't taken for a ride to some degree or another by either. There are a lot of repots kicking aroudn that nobody seems to read let alone act upon not to mention a lot of dishonesty, or directing energy into all the wrong things, and namecallign and blaming and I don't believe this is very helpful.

Aside from the finance industry complaints I am pushing I am also pushing complaints about lawyers. It's a bit difficult unravelling the professional/discrimination/security issues but I am slowly getting there.

I know you dismiss "coders" but my training and experience stuck with me and has been both formative and very useful. I read the specificationa and all supporting documentation to the Nth level and I know when somebody is pullign a fastone and not telling me things I need to know. On more than one occassion I have shown up "certified professionals" who can't even do their basic job, or who have interferred or taken short cuts, or who very simply cannot be bothered.

https://www.theguardian.com/society/2018/aug/02/david-cameron-15bn-big-society-national-citizen-service-reaches-few-teenagers

tyrAugust 2, 2018 1:56 AM


@Bob Paddock

I've inclined to the theory that the
magnetic field reversals were due to
core deformation caused by the impact
that formed the moon.

If the original core was spherical and
solid then it should retain the impact
signature. Since there are a large
number of precession wobbles something
has to be causing them. The trouble is
we lack the technology to get a good
picture of the interior. As long as we
don't assume we possess all knowledge
we might actually find something new.

@Clive

Water control in the western USA has
been a bone of contention for years.
Pumping the Colorado back into Lake
Mead from Black Canyon would set off
a firestorm politically no matter how
wonderful it sounds. Cutting off the
downstream flow to California and
Mexico might not be as easy as building
the pumps.

bttbAugust 2, 2018 2:48 PM

The pee tapes could be another red herring.

From https://www.emptywheel.net/2018/08/02/lawfare-missing-the-kompromat-for-the-pee-glee/ :

"But Mueller’s not telling whether he has obtained the actual receipts.

["Putin obtained receipts at each stage of...Trump’s willing engagement in a conspiracy with Russians for help getting elected..." (from twitter.com/emptywheel)]

And that’s the kompromat. Trump knows that if Mueller can present those receipts, he’s sunk, unless he so discredits the Mueller investigation before that time as to convince voters not to give Democrats a majority in Congress, and convince Congress not to oust him as the sell-out to the country those receipts show him to be. He also knows that, on the off-chance Mueller hasn’t figured this all out yet, Putin can at any time make those receipts plain. Therein lies Trump’s uncertainty: It’s not that he has any doubt what Putin has on him. It’s that he’s not sure which path before him — placating Putin, even if it provides more evidence he’s paying off his campaign debt, or trying to end the Mueller inquiry before repaying that campaign debt, at the risk of Putin losing patience with him — holds more risk.

Trump knows he’s screwed. He’s just not sure whether Putin or Mueller presents the bigger threat."

bttbAugust 2, 2018 3:38 PM

From the comments section in the above post (w/o indentation): https://www.emptywheel.net/2018/08/02/lawfare-missing-the-kompromat-for-the-pee-glee/#comment-744725
"[...]
Ollie says:
August 2, 2018 at 1:59 pm

“Trump knows he’s screwed. He’s just not sure whether Putin or Mueller presents the bigger threat”

This. This right here makes me giddy. Oh please, please let it be Mueller and please triple please I pray the outcome is total destruction of that beastie drumpf and his spawns.
Reply

Bob Conyers says:
August 2, 2018 at 2:25 pm

I share your hope that Mueller catches him, but I would be very cautious to show any giddiness at the prospect that Trump fears Putin so much that he views him as the overriding danger. That can be a very bad scenario for all of us.
Reply

emptywheel says:
August 2, 2018 at 2:38 pm

Ditto what Bob said. I think Putin will not go quietly when he realizes he’s not going to get what he wants. That’s what I was trying to lay out in this post. [ https://www.emptywheel.net/2018/07/14/vladimir-putin-manages-trump-with-both-carrots-and-sticks/ ]

The country is not ready to respond to a renewed attack from Russia, and Trump has only made us less prepared.
Reply

Peterr says:
August 2, 2018 at 3:07 pm

It also leaves open questions about Mike Pence. Manafort had a very strong role in getting Trump to select Pence to be his VP, including telling Trump that his campaign plane had engine problems and he’d have to stay overnight in Indianapolis while waiting for repairs. Today I sit here wondering whether this was a brilliant political ploy by Manafort to get the Christian Right on board with Donald “Grab ’em” Trump (though that moniker didn’t come out til later) or if it was part of a fall-back plan that Putin and his oligarch pals put to Manafort, should something happen to Trump.

When possible, spooks like to have backups when they run a big operation.

earlofhuntingdon says:
August 2, 2018 at 3:22 pm

The too-conservative-for-arch-conservative Indiana Mike Pence was hand-picked to be on the Trump ticket by Manafort and his patrons. It would seem that there is some there there.

earlofhuntingdon says:
August 2, 2018 at 3:39 pm

If Trump disappoints Vlad, or for some reason Putin feels he needs to abandon him, the ways in which he could reveal dirt on Trump are myriad, and some of them virtually untraceable. It would lead to prosecution or impeachment and disarray among the normally tightly orchestrated GOP. It would preoccupy the Dems for quite some time.

Trump’s immediate successor would be Pence, though he himself might well be compromised. He is more conservative than Trump, more disciplined, self-righteous, judgmental and secretive. He would be more effectively bad than Trump, if much quieter about it.

The disorder from officially pursuing him, however deserved, would multiply the problem. Predictably theatrical GOP defenses, such as “witch hunt” and “coup” – the ironies would abound – would cause further disruption.

The 2020 election would inevitably be involved. The next, predictably Democratic president, would be ensnared in the process. Add to that that the Dems are notoriously poor at self-defense.

All in, Putin would have a win-win. Throw in Brexit – the trap door for that officially opens next March 29th – and the West will be in considerable disarray for years. I’ll bet Putin has already laid in the champagne and vodka; the beluga caviar won’t be far behind.
Reply

Trip says:
August 2, 2018 at 3:53 pm

Any way you look at it, we are pretty screwed for years and years to come.

[...]

emptywheel says:
August 2, 2018 at 2:40 pm

One reason I have harped on Manafort’s iPods to the extent I have is I wonder if he taped certain meetings.
Reply

earlofhuntingdon says:
August 2, 2018 at 3:13 pm

I wonder if any would match the audio-visual files Mr. Cohen might have.
Reply

[...]

Willis Warren says:
August 2, 2018 at 2:50 pm

If Mueller could prove this, why wouldn’t he? what’s the delay?
Reply

emptywheel says:
August 2, 2018 at 3:11 pm

I’m not sure how strong his case is without Manafort. And everyone knows that.
Reply

bmaz says:
August 2, 2018 at 3:45 pm

Maybe, and maybe some of it needs to be “cleaned up”. But it is likely known and available to Mueller.
Reply

Peterr says:
August 2, 2018 at 3:58 pm

Mueller has to prove his case not just in court but also in the political realm — without engaging in overt politics. He knows that whatever he presents will be put under the microscope by the House GOP, and he wants to make damn sure he’s got this nailed down in such a way that Congress cannot derail his work.

See “Walsh, Lawrence, Iran-Contra and”

People talk about parallels to Watergate (including me), but I-C [Iran-Contra] seems to be at least as much an appropriate analogy to make.
Reply

[...]"

Clive RobinsonAugust 2, 2018 4:59 PM

@ echo,

local councils are making a play for £1.5 billion from one of Camerons pet schemes.

Ahh Camerons "Big Society" like Gidiots "Northern Powerhouse" were never designed to be funded from central government. They were supposed to get funded by the "trickledown" effect. So the qiestion arises where has this little money chest arisen from...

RGAugust 2, 2018 5:02 PM

@bttb
Conspiracy Theories
Author emptywheel’s article history has nothing nice to say about any Republican.
The Lawfare site omits that her degree is in comparative literature.
https://www.emptywheel.net/author/emptywheel/

Lawfare’s is just posting conspiracy theories with more logic and intelligence than usual.
They started out with seven theories. We still don’t have all the facts necessary to make a meaningful judgment.

The Russian are very skilled in setting up honeypot hotel rooms. Get a VIP drunk/spike a drink then having the kompromat team ‘ready to roll’. I would not be surprised if a tape existed, but don’t care. To prevent blackmail its important is to liist these incidents on the security form SF86.

Would a prudent person be able to stop determined spies on their home turf? Russia is infamous for generating hooker kompromat. Many targets wake up the next morning wondering what happened.

The reality is due to the tremendous pressure, many world leaders have affairs to relax and recharge.
Not to make excuses but we are biologically programmed humans. Note: Google Analytics closely monitors porn sites. Imagine those possibilities...

Investigative reporters should ask the Chinese, who by now have our raw-dirt cataloged with an API front-end. Any of two million in critical positions (all requiring clearances) could be blackmailed.

Full Circle
Putting this in perspective the blackmail threat from China is many orders of magnitude higher than those from Russia. Even better they don’t need to generate false associations as the American MSM constantly do. When the China dump does start, I will ignore it too, as no one on Earth is perfect. I strive for empathy, compassion and forgiveness for those in difficult situations. But I equally detest those with ulterior motives.

Sed ContraAugust 2, 2018 7:55 PM

Perhaps if hotel and office robot vacuum cleaners were to be interrogated, more definitive information would be available to the investigation.

MarkHAugust 2, 2018 8:38 PM

@bttb:

As I commented here a few weeks ago, the public record offers strong basis for suspicion that Trump has been involved in embarrassing and/or illegal financial transactions throughout his career.

Those involving Russian entities -- likely, quite a few -- would routinely be documented in Russian intelligence files for any future need.

The "pee tape," whether real or imagined, is small change compared to Russia's library of blackmail ammunition.

echoAugust 3, 2018 12:27 AM

I couldn't care less about Trump. Wealready know what the narrative is with him. I'm more concerned with Brexit and the cavalier behaviour of a whole governent and measurable damage which will occur and is already occuring. Are people so brainwashed they can't ask themselves what form of idiot government drives the country into the ground then has to commission a report why so many people are now using foodbanks? Like, duh.

ApokrifAugust 3, 2018 7:55 AM

"A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.
[...]
On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers. Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA."

https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/

ThothAugust 3, 2018 8:59 AM

@all

Another attempt to create ethical conducts for bug reporting.

A good attempt but this is as good as telling your attacker to wait while you are caught pants down with your ammunition unloaded and defenses not ready. Attackers do not wait. They exploit.

This is the current state of security we are seeing where the due diligence of using higher assurance security is not done and simply hoping the attackers wont be too harsh on us.

Links:
- https://arstechnica.com/information-technology/2018/08/new-open-source-effort-legal-code-to-make-reporting-security-bugs-safer/
- https://disclose.io

ThothAugust 3, 2018 9:48 AM

@all, Apokrif

re: 2FA Security

The fact it's a Multi-Factor Authentication is because the original authentication method is weak. The current MFA techniques are not strong either and we are relying on weak grounds trying to build security on it.

Misplaced trust in the security is very rampant. Do you trust the chip and firmware in the security key ? Fact is almost 90+ % of them are NDA-ed and closed source and even if they use "similar to open source" codes, how similar is it ?

How about software authenticators leveraging some Secure Enclave ? I have ranted a ton on those "Enclaves" and their implementations in older posts.

How about the FIDO protocol ? They rely on TLS Channel ID for binding which means that once your TLS channel is intercepted and tampered, you are as good as sitting duck and how assuring is that by checking the huge amount of trusted certs in your certificate store used by your OS or browser ? As we know here, SSL/TLS is nonsense and anything that relies on SSL/TLS security is as good as compromised. Now, your tokens relies on the security of the SSL/TLS channel for binding and there are many implementations that don't even rely on SSL/TLS channel binding as well.

What we need is to start over again and build security from the ground up therefore we don't need to rely on supplementary technologies too often that complicates things.

echoAugust 3, 2018 11:09 AM

I had the temerity to complain about a criminal lawyers service. (I'm not a criminal but they provide other legal services and were local). I had actually been in contact with the legal ombudsman to sound things out before proceeding with a complaint which included the allegation of "security theatre" but, wow, did they come down hardball. Apart from a slightly tilted in their favour recollection of facts and policy they threatened police action and injunctions banning me from the premises.

This may get interesting as the criminal side of the legal profession lack expertise in a range of discrimination issues which place clients at risk from miscarriages of justice and inadequate treatment in prison. Banging harder with the same stick doesn't make you more clever, or right, nor is it very professional. And yes I have already reviewed the SRA code of conduct and they goofed big time. In my opinion...

I'm not sure if I can write up the security theatre issues about this specific item but will point out the Law Societies advice on electronic documents and IT security (not to mention GCHQs advice to the legal profession) is between thin to useless. Lawyers can be very amateur hour with IT which can result in lower value service (or none hah hah) or discrimination.

I know people do this but I wasn't very impressed with another lawyers while waiting on an appointment (which ran 30 minutes late because the lawyer was faffing with printing documents off which I expressly told them not to which destroyed any slack time built into the diary) when staff were openly and loudly discssing torrenting in the office adjacent to reception.

Clive RobinsonAugust 3, 2018 11:43 AM

@ Thoth, Wael and the usuall suspects,

Speaking of "unbreakable" not...

It would appear that some consider an MD5 hash of a truncated password is a good idea to use as an AES key...

https://latacora.micro.blog/2018/08/03/the-default-openssh.html

Hence the title,

    The default OpenSSH key encryption is worse than plaintext

And from a certain logical point of view the author is correct...

MarkHAugust 3, 2018 12:02 PM

@echo:

Should I care, whether you care about Trump? Actually, I care a little bit about that ;)

On the other hand, I feel your pain about Brexit. Though not a Briton myself, I grieve about it.

To borrow an expression I learned from the English, from the start Brexit seemed to me one of the great "own goals" of recent history.

As with the Trump election, it was propelled by voters who didn't understand how their countries have become so prosperous and have achieved many dimensions of success.

Those US voters who dream that Trump is "making America great again" are pig-ignorant about what made America work so well in the first place.

It's like asking a mechanic to modify the operation of a machine, when he hasn't the foggiest notion of how the machine presently functions.
_______________________________________

Another thing these elections had in common (along with other elections throughout Europe) was the active participation of the Kremlin.

Now, the UK and US are in a sad contest: in which will the damage from Putin's electoral victories be more lasting?

Clive RobinsonAugust 3, 2018 12:30 PM

@ Bruce and the usual suspects,

Increasing security by adding bugs?

Sounds mad but it's a bit like a tarpit approach.

If you analyse the work flow of attackers you can find ways to bog them down almost indefinitely. The trick is how to add bugs that are secure in their own right.

There said it the quick way, now read the paper from New York University titled,

    Chaff Bugs : Deterring Attackers by Making Software Buggier

https://arxiv.org/pdf/1808.00659.pdf

I should mention that the idea of tar pits is not new, nor is the idea of putting variois antitamper traps in software. However this is the first academic paper I've seen combining both.

echoAugust 3, 2018 2:19 PM

@MarkH

Yes, I share your view as close as... I'm not especially bothered about Putin. Russians are a thing unto themselves but atleast you can see them coming. Cutting across a few topics on the front page of Bruces blog this is a somewhat entertaining and a little too true article about the British from an American perspective.

Financial Times: "Why stubbornness is the secret to Britishness" - Robert Armstrong

Generalising about the British is hazardous. [...] What unifying threads can bind the culture of a place that has crammed 13 ways of talking — at least 13 — into a place a third the size of Texas? That said, indulge me. I would like to offer a sweeping hypothesis. Having arrived in the UK almost five years ago, and now being about to move back to the US next week, I posit that the British are a pain in the ass.

WaelAugust 4, 2018 2:08 AM

@Clive Robinson,

Increasing security by adding bugs?

I took a quick gander over the document... wasn't in the mood to read it all.
Semantics; there is a difference between traps and bugs. A carefully designed trap should not be viewed as a "bug", unless it really has a bug. A bug in the bug ;)

bttbAugust 4, 2018 2:03 PM

@Francis Fraud Crapola, MarkH, echo

From Francis's link above, the White House transcript now reads:

""Q: President Putin, did you want President Trump to win the election? And did you direct any of your officials to help him do that?"

"PRESIDENT PUTIN: (As interpreted.) Yes, I did. Yes, I did. Because he talked about bringing the U.S.-Russia relationship back to normal."

A search with the WayBack Machine tool reveals the online transcript was updated at some point in the first half of Thursday.

The transcript became a point of contention because of how widely Mr. Trump's performance in Helsinki was criticized, even by members of his own party. It was also a point of contention given that Mr. Trump at the news conference appeared to say he didn't see how it could have been Russia that meddled in the 2016 presidential election. Mr. Trump later said he misspoke, claiming he meant to say he didn't see how it couldn't have been Russia.

[...]

A White House official told CBS News earlier this week that the White House stenographer uses the White House audio to produce transcripts. The audio mixer at the site in Helsinki did not bring up the question mic level in time to catch the beginning of Mason's question because the translator was still speaking, the official said. That the video and transcript did not include the first part of the question, the official said, was by no means malicious.

The White House also said the transcript was updated for presidential records, although at the time on Wednesday, the online version of the transcript still omitted the reporter's first question."

and from before:
https://www.schneier.com/blog/archives/2018/07/friday_squid_bl_634.html#c6778809

bttbAugust 4, 2018 2:32 PM

@Mercantile

Regarding security clearances, which I assume many people on this blog care about, in one country or another, Scahill, https://theintercept.com/2018/07/25/double-negative-trump-putin-and-the-destruction-of-political-intelligence , had an interesting take:

“Jeremy argues that Trump is sort of right about stripping security clearances from former senior CIA officials, but for all the wrong reasons.

[…]

JS: I’m Jeremy Scahill, coming to you from The Intercept, and this is episode 64 of Intercepted.
Press Secretary Sarah Huckabee Sanders: Not only is the President looking to take away Brennan’s security clearance, he’s also looking into the clearances of Comey, Clapper, Hayden, Rice and McCabe ––
DJT: Before we get into the show, I just want to make a few quick points. As I’ve said before, Donald Trump sometimes does the right thing or says the right thing for the wrong reasons. And the case specifically that I’m talking about right now is this threat that he made to strip some of these cable news pundits and national security robber barons of their security clearances. I’m, of course, talking about so-called former intelligence officials, former CIA directors and senior CIA officers and FBI personnel and DNI officials and generals and national security advisors — these are among the worst class of people in American politics. Not just today, but always. The overwhelming majority of them use their previous posts to rake in huge amounts of corporate cash for influence peddling or to profit from wars that they helped sell that just happened to benefit the war corporations on whose boards they sit. Now, it’s not all of them, but it’s a lot of them.
And in this current moment, many of these former senior intelligence officials have basically taken up residency in the studios of cable news channels and on cable news sets. And they are constantly pushing a propaganda campaign disguised as opposition to Trump that really is about grooming the public to embrace the most authoritarian and secretive institutions in the United States government as somehow being the protectors of our democracy.
Last year, I raised this issue, which by the way was the very last time I was allowed on CNN’s airwaves. Here it is:
Jeremy Scahill: Alright, how about this Brian, when you have these retired generals and colonels on, let’s hear what defense companies they’re on the boards of. Let’s hear how they have their own private companies that benefited off of the Iraq war like Spider Marks.
Brian Stelter: I think CNN is quite careful about those disclosures, but I agree it’s important to have those disclosures.
Jeremy Scahill: Well, I mean, look: The fact is that when you talk about famous generals, and this is a different network, but Barry McCaffrey, you have your own Spider Marks, I think that the American people deserve to know what was the private sector record of these individuals when it came to the weapons industry or profiting in the private sector off of the proliferation of U.S. wars that happened in Iraq, Afghanistan, Syria and elsewhere there is not the kind of transparency that is required of a truly democratic process when you’re not revealing the extent to which these people have benefited in the private sector from these wars.
JS: Privatizing your supposedly national service, service that is constantly held up with no sense of irony or hypocrisy as evidence of the impeccable character of the pundit or corporate board member who is running their mouth off, that’s legalized corruption and it should be abolished — not for political reasons, not because these people are speaking publicly about Donald Trump, but because they are using their previous positions for private agendas, whether that be lucrative consulting gigs or to engage in historical revisionism in an effort to mislead the public into trusting the most dangerous institutions in our society. Or worse: viewing these people, because they were former senior CIA people, as above criticism or that they represent the very definition of patriotism and to oppose them makes you a traitor. It would be one thing if these people were being challenged when they go on TV or investigated, called out, exposed as part of their cushy lives in the private sector. But that never happens — ever. Instead, this has been a literal and political cash cow, for people, some of whom are responsible for some of the worst crimes committed in the name of the United States when they were doing their official jobs. Allowing these people now to engage in what amounts to insider trading with the most sensitive information possessed by the United States while never holding them accountable for their tenure while they were in office is undemocratic and worse.
Now, it’s clear that Trump wants his political opponents stripped of their clearances. We get that and that is a sophomoric reason to do this. But it does raise a real issue: Why do we as a society accept this monetization and politicization of so-called public service? Why should these private citizens be able to privatize intelligence for their own personal and political benefit, or the benefit of their former employers at the CIA, NSA, FBI, DNI, on and on and on? The answer is: They shouldn’t be able to.
Most of Congress is also wrapped up in this racket; so don’t expect them to get around to addressing this any time soon. But it is something that all of us should be aware of when we watch these former spooks selling their goods on the public airwaves.”


It would be nice if talking heads, with security clearances or financial interests, would disclose any potential conflicts of interest when pontificating.[1]

[1] Pontificate, from Merriam Webster, 1: to speak or express opinions in a pompous or dogmatic way

bttbAugust 4, 2018 3:27 PM

@Maxwell's Daemon

" assuming you are talking about Julian Habermas, you can check "Habermas: The Key Concepts," 1st Ed. Routledge Press. Published 2006 methinks. It's in a stack here, along with Chomsky, to read after civilization collapses and it's just me, a stack of tablet computers loaded with books, and a couple of solar chargers."

Thanks for the lead. You made me think of: Julian Assange, Julio Iglesias and, for some reason, Meat Loaf (ML). Regarding ML, https://www.youtube.com/watch?v=3QMCSFoKA (Bat out of Hell) , https://www.youtube.com/watch?v=C11MzbEchIw (Paradise by the Dashboard Light), https://www.songlyrics.com/meat-loaf-lyrics/

https://www.goodreads.com/book/show/17488247-habermas

https://www.questia.com/library/120092314/habermas-the-key-concepts

https://www.amazon.com/Habermas-Key-Concepts-Routledge-Guides/dp/0415303796

https://www.barnesandnoble.com/w/habermas-andrew-edgar/1103374251

and also at https://books.google.com/books

WhiskersInMenloAugust 22, 2018 11:41 AM

Alyer Babtu • July 27, 2018 5:35 PM

Re intellectual security

Why has it become the norm that hardcopy and also e-copy books are of such abysmal, uneadable production quality ?

There is no good reason except for the foolishness of systems that ignore basic type setting.

One often abused but important aspect is size. For example from fonts\.com:
"A point is equal to 1/72 inch. ... "

I have a beautiful high resolution screen on one computer that I almost never use because the OS ignores this basic measurement and the high resolution of fonts at a high pixel per inch turns a normal interactive application into an un-calibrated eye test. A ten pt font should be 10/72 inch tall. +/- one pixel.

Hardware vendors that find their beautiful display equipped hardware recieve unfavorable reviews need to hammer the OS and application vendors to get their act together.

Yes tools like TeX are under rated as they make a nice logical boundary between the content and the formatting. But when absolute measurements like centimeters, inches, points, feet, furlongs are ignored chaos ensues.

For what it is worth the "Harry Potter" books are a positive example. Written with clear sentences and typeset nicely.
I bought them all because I like to put my money where it expresses quality and value. They were so well executed that I ignored the foolishness of a children's magic story and put my $$ on the counter.

Browse the new book shelves of your local library with ten postcards. Five for praise and five for dung reports.
Try and use good penmanship and spalling.

A badly typeset book may be one way to widely distribute encryption keys and secret messages. But that is paranoia ;-) or is it?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.