On James Island.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Posted on September 21, 2018 at 4:14 PM • 195 Comments
moz • September 21, 2018 5:01 PM
"one of the most egregious data breaches ever"
"I cringed at the thought of that data being sold once, as it was dangerous enough. Then during further conversation, Jeff mentioned at least five other buyers,"
Since the originator is bankrupt, they are untouchable, even by the GDPR. The liquidator on the other hand could be an interesting target.
Dan Conner • September 21, 2018 8:12 PM
Firefox AND Tor Browser: Nasty MitM possibility with the blocklist service
-----------------------------------------------
https://trac.torproject.org/projects/tor/ticket/22966
-----------------------------------------------
(Proof of concept and Technical info within ticket's top post)
Once a day the Firefox/Tor browser will do a call to the Firefox blocklist service. The URL of this endpoint is (extensions.blocklist.url):
hxxps://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/
1) The browser suppresses bad certificate errors on this URL
The Firefox blocklist service suppresses bad certificates errors while downloading the blocklist.xml. In this way it is quite easy to setup a MitM attack and remove revoked certificates from the blocklist.xml
2) Mozilla is able to see Tor user specific information:
There is a lot of OS/platform/browser specific information in the URL. So Mozilla has a lot of statistics about the Tor browser usage. Not necessary IMHO.
APP_ID
APP_VERSION
PRODUCT
VERSION
BUILD_ID
BUILD_TARGET
OS_VERSION
LOCALE
CHANNEL
PLATFORM_VERSION
DISTRIBUTION
DISTRIBUTION_VERSION
PING_COUNT
TOTAL_PING_COUNT
DAYS_SINCE_LAST_PING
The TOTAL_PING_COUNT (stored in extensions.blocklist.pingCountTotal) is also interesting. Because this number increments every time you start the Tor browser. (note: once a day). As you can see the number in the URL above is 34, what means that the Tor browser was started at least 34 times/days.
Related tickets:
Sanitize the add-on blocklist update URL
https://trac.torproject.org/projects/tor/ticket/16931
----------------------------------------------------
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
User report:[1]
https://blog.torproject.org/comment/277375#comment-277375
related, old, closed ticket (unresolved):
[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/projects/tor/ticket/6734 without fix this privacy issue.
Thoth • September 21, 2018 8:51 PM
@all
Chilling effect on ths might of the major Silicon Valley tech companies brought together.
Whether you like or dislike, agree or diaagree with Infowars et. al., the fact that all the mighty tech companies in Silicon Valley actually banded together to starve and destroy Infowars et. al. In a rare instance where they band together to take someone down is troubling.
Very few people actually realized how dangerous the Silicon Valley and its hoardes residing there are as they control so much of the cyberspace and we in turn are so heavily reliant on their "electronic drugs" to keep ourselves going.
Link: https://arstechnica.com/tech-policy/2018/09/paypal-bans-alex-jones-saying-he-promoted-hate/
Hmm • September 21, 2018 9:02 PM
@Anders
It's only peanuts because it predated the stronger EU regulations.
This was the maximum allowed under the old system.
The new system has much higher limits as I'm sure we'll see shortly enough.
Clive Robinson • September 21, 2018 10:05 PM
@ moz,
Since the originator is bankrupt, they are untouchable, even by the GDPR.
Err according to the article mainly "American and Canadian" customers. So EU's GDPR would probavly not apply anyway.
It was back in the late 1980's and early 1990's I remember the industry first talking about "bankrupt database selling" and how nomatter what the original now bankrupt company had promised it was the receiver/liquidators duty to sell all data as an asset...
So hear we are with such a database and what's been done in thirty years?
"Well bless my cotton bedsocks, not a darn thing" the legislators have been "sleeping on the job" for so long now "their beards are bigger than Methuselah's"...
Now consider that the money is going out of the Internet PII market and also the private surveillance market. So there is a likely hood that the likes of Alphabets Google, Zuckerburg's Faceboom and Peter Tiel's Palatair could go "belly up" with three of the worlds largest PII databases potentially going for the scrap price (20 cent / hundredweight) of the custom storage systems...
Do you think that might wake US / Canadian or other legislators up?
Nagh me neither.
Wesley Parish • September 22, 2018 6:49 AM
Completely OT but very Squidlicious:
Ep #8 "Planet of the Squids" Chuck Chunder
https://www.youtube.com/watch?v=CFGGJoJjvyk
Chuck Chunder of the Space Patrol flies again!!! (As far as I know he's no relation of Chundar MacDonald of The Chundar McDonald Institute Jubilee and the First Congress of the Pacific Rim International Commission on Galactic Gravity Phenomena fame.)
Mike Acker • September 22, 2018 7:07 AM
Newegg hack
reference:
https://thehackernews.com/2018/09/newegg-credit-card-hack.html
Excerpt:
Magecart hackers used what researchers called a digital credit card skimmer wherein they inserted a few lines of malicious Javascript code into the checkout page of Newegg website that captured payment information of customers making purchasing on the site and then send it to a remote server.
Comment:
Could this be a Supply Chain Attack? Perhaps the code was attacked in the vendor system which was used to maintain the online shopping service?
Do any of these people know what CHANGE CONTROL is for ?????
albert • September 22, 2018 12:47 PM
Since their beginnings, tech companies have always pursued the goal of No Liability For Anything (NLFA). Unless 'regulators' can levy fines that bring those companies close to bankruptcy, it's all Theatre.
As long we're stuck with coffee-money fines, I vote for jail terms for management. Perhaps the fines can be taken from managements personal accounts.
Sorry, I drifted into a daydream.
It's highly likely that Europe will be the first to initiate somewhat more meaningful reforms.
..
@Clive, @whomever,
The financial terrorists(bankers) are already predicting the Next Crash. They are priming Congress to be ready for the bailouts.*
The Elite are buying 'getaway' estates in New Zealand**. They've already got their Gulfstreams fueled and checked.
When you have a positive feedback system, instability eventually reaches the point that breaks it.
-------------
* sorry, lost the link
** https://www.counterpunch.org/2018/09/07/billionaires-plan-escape-from-apocalypse/
. .. . .. --- ....
echo • September 22, 2018 2:44 PM
I'm having PTSD flashbacks at the moment so not up to commenting much.
It's interesting how this police officer is up for a misconduct hearing. I have been punched and sexually harassed and slammed into a wall by police officers and seen complaints go walkies. One complaint which was prusued by the Polcie Commissioner went to the IPCC who conducted an investigation behind my back and it was no surprise the (very) senior police officer got off because the investigation did not have access to critical evidence and legal argument I could supply.
Following on from more Quantum confusion by this weeks news of new approaches to the Shrodingers Cat thought experiment throwing scientisist into a bigger tiz a new tool to analyse quantum events has surfaced which questions fundamentals. What I find personally interesting is how what we believe and more importantly how we reason limits our exploring and explaining and understanding of new concepts.
https://www.independent.co.uk/news/uk/home-news/police-officer-sex-station-resign-south-wales-swansea-female-solicitor-a8548886.html
Police officer resigns after being caught 'having sex with solicitor in station interview room'. 'A misconduct hearing will be held in due course,' says South Wales Police
https://www.quantamagazine.org/physicists-discover-geometry-underlying-particle-physics-20130917/
A Jewel at the Heart of Quantum Physics.
Physicists have discovered a jewel-shaped geometric object that challenges the notion that space and time are fundamental constituents of nature.
Clive Robinson • September 22, 2018 3:04 PM
@ Albert,
The "Escape to the last bustop south story" goes hand in hand with this story,
https://www.counterpunch.org/2018/09/21/laquan-mcdonald-is-being-tried-for-his-own-racist-murder/
The point is it does not matter what minority you are in, even if it's the majority, the 1% see everything that way.
For them probability has no meaning, they throw four dice and they all come up six for a count of twenty four[1], that's due to their hard work, you get all one's for a count of six, that is your failing as a "waste of human flesh".
There is an old joke that is unfortunatly true, because they rig the game the same way.
That is the way neo-liberals think... As for their authoritarian "blue gang" followers they are generaly to dumb to realise that when that "minority that is the majority" turns as history shows it always does. The first targets of the "minority that are the majority" will be the foot soldiers of the "blue gang". At which point their glorious leaders and the 1% will start humming that old Peter Paul and Mary tune with those famous words, "I'm leaving on a jet plane, don't know when I'll be back again"...
[1] Not many people realise that whilst the odds of throwing four sixes or four one's is a little under one in thirteen hundred, less realise that the face value count "N" or spot value follows closely to a normal distribution. Even though it only goes from 6 to 24. Normalisation (0-18) then doing a X^(N^Y) if you get X and Y right gives you a curve not to disimilar to the "real asset" -v- population distribution...
Ratio • September 22, 2018 4:30 PM
… and again the most basic arithmetic turns out to be juuuuuust out of reach.
echo • September 22, 2018 4:45 PM
This is only my loose opinion but I believein some ways the UK is no better than the US. The only difference is the focus on the statistical average and constraints on the extremes. I surmise this is because UK dogma is more towards conserving resources than the US. The UK also plays the sweep it under the carpet routine better than the US which is more heart on sleeve.
Speaking of sweeping under the carpet more GCHQ shinanigans.
and
The Fog of Disinformation German Security Chief a Thorn in Merkel's SideThe president of Germany's domestic intelligence agency cast doubt on whether foreigners were attacked by right-wing extremists in Chemnitz recently. And now he has become a significant problem for Chancellor Angela Merkel.
Hans-Georg Maassen seems like the archetypcal bureaucrat. It's easy to preach as it is to judge so I wouldn't want to be too nasty about things. I will say though that the bureaucrat mindset doesn't help things from where I am sitting.
Wesley Parish • September 23, 2018 6:36 AM
If you're addicted to MS Windows, yadayadayada, here's some worrying news:
Using C# for post-PowerShell attacks
https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks
C# has received some recent attention in the security community, and the Microsoft.Workflow.Compiler.exe security issue recently identified by Matt Graber at SpecterOps prompted us to take a closer look at the potential for using this technique in real-world attacks. Firstly, we will look at how PowerShell fits into the ‘fileless’ attack ecosystem and talk about why attackers may find C# more attractive than PowerShell. Finally, we will look at why the newly found issue in Microsoft.Workflow.Compiler.exe may be useful but – in its current form – cannot be considered a truly ‘fileless’ technique.
Interesting method of attack.
Couple more:
Share and Enjoy!
Clive Robinson • September 23, 2018 7:33 AM
@ Rartio,
… and again the most basic arithmetic turns out to be juuuuuust out of reach.
I was tired but can't sleep as I'm unwell again, and wanted to keep things as brief as I could.
But your comment is too cryptic even for normal times. If you disagree with something say so? If you don't understand something then say so?[0]. But just to try to keep it short for the sake of other readers.
To try and shorten the potential for a long back and forth, I'll expand on what I said.
Most here understand four "fair dice" are dice each having a flat probabability, that is each face is equiprobable at 1 in 6 of conming up when thrown.
Further the reason to use four dice as opposed to one thrown four times is to get independent results (ie Bernoulli trials) as well as faster results.
Thus four dice or four throws of one dice gives 6^4 = 1296 possibilities, which is just under 1300 which many say as "thirteen hundred".
However unless you can tell the dice appart many throws will appear the same as other throws even though the actual throws are actually different. Which also has advantages as it helps reduce potential bias.
That said not every one has read Dr Donald Knuth's multi-volume "Art of Computer Programing" --hence the semi famous Bill Gates comment-- or the sometimes obscure or difficult to find primary sources the volumes are based on.
In the volume and chapter on Random Numbers[1], how to generator them, (RNG) and make use of their output effectively, you will find a bit on the approximation of a normal distribution with values from a flat distribution RNG.
Put simply if you add four or more Bernoulli trial results together, over many such operations the valurs you get form a fair enough aproximation to the normal distribution curve for many purposes[2]. Providing the RNG is "sufficient", even though fully determanistic, you will get this aproximation to the normal distribution with successive outputs. As the normal distribution pops up in more places than you could ever look this approximation is quite usefull to engineers, scientists and those doing "applied" subjects as study or as an endeavor.
With regards "curve fitting" that is a subject that has many books addressing it but with regards power law curves f(x)=c^x, fx=x^c, f(x,y)=x^y they are often a good aproximation to what goes on in natural processes with time provided they do not become bounded. As an example the rules for cooking meat in an oven of X minutes per pound plus a pound for the oven is a linearized aproximation to a power law curve over a limited range. So are many engineering "cheats", such as the "5CR" point etc., as it can save on the cost of log/lin or log/log graph paper or the use of log tables or slide rules or the time involved in using them.
As for "real wealth" or assets that do not devalue as money does and it's distribution across the population due to the simple fact of the way the 1%'s behave. Their aquisition follows the exponential power law[3] as the number of "real assets" is effectively fixed[4].
[0] We've been through the use of maths approximations in engineering befor, likewise with Shakespear and his influance on the English language. Unfortunatly each time has taken up a lot of blog space in giving you a one to one helping hand. Other people have likewise helped you as well. Unfortunatly it does not sit well with other blog readers as often it gets to tangental or long winded. Further the use of cryptic comments just makes things a whole lot worse.
[1] Volume 2 --the one that starts with the Shakespear Hamlet quote of "O dear Ophelia..."--- In chapter 3 "Random Numbers" that starts with a John Gay quote about "... Keep probability in view.". Dr Knuth provides a number of ways to convert a flat distribution RNG output into other distributions. As part of this he points out that the formular used to generate the continuous normal distribution curve is not realy amenable to being inverted thus aproximations of the required accuracy be sort as they are much more efficient in terms of both time and memory.
[2] You can see this fairly easily, it you use one "fair dice" after a while you will find that each face value comes up around one sixth of the time and the value average to 3.5 as the "law of large numbers" indicates it should. However if instead you take two throws --or Bernoulli trials-- and write down the sum of the spot values you get 2-12 value range with the thirty six combinations giving you a triangular distribution, which supprises most people the first time they see it. If you use three values it starts to round off towards a "bell curve" shape at the peak. With four throws starting to bring the tails up. With each additional throw / value improving not just the number of ranges under the curve it makes better tails. In most cases six Bernoulli trials are sufficient. It's one of the reasons Monte Carlo simulations used in engineering and finance can find or aproximate answers to questions that whilst determanistic in principle are not realy practical using other methods[1].
[3] There is a relitively simple way to produce an exponential curve on graph paper. Pick a finishing or maximum value D then starting at a the first increment mark N make a point that is a fixed percentage P of the finishing value D. At the next increment make a new N which is the percentage P of the finishing value D minus the previous N value. The N values get fractionally closer to D but each subsequent fraction is less so it never quite reaches D.
[4] As exemplified by the "Mark Twain" famous advice, “Buy land, they’re not making it anymore.”. In human terms currently our total "real assets" are defined by the physicality of our world hence for practical purposes is fixed. It's only energy that comes from the stars and ideas that are not bound in human terms.
Gerard van Vooren • September 23, 2018 8:24 AM
@ Wesley Parish,
The same with Rust[1] although at first sight these two aren't related. But that being said, if you are still today addicted to Windows, maybe it's time to see a shrink.
[1] https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html
Ratio • September 23, 2018 9:00 AM
@Clive Robinson,
But your comment is too cryptic even for normal times. If you disagree with something say so? If you don't understand something then say so?[0]. But just to try to keep it short for the sake of other readers.
I guess I’m having trouble understanding how it is that 4 × 1 = 6 as per footnote [1].
albert • September 23, 2018 10:19 AM
@echo,
"...Physicists have discovered a jewel-shaped geometric object that challenges the notion that space and time are fundamental constituents of nature..."
I might be interested in reviewing this if someone could give me -rigorous- definitions of 'space' and 'time'.
. .. . .. --- ....
Clive Robinson • September 23, 2018 11:42 AM
@ The usual suspects,
For a while now the subject of US Diplomats --CIA staffers-- and families in Canada, China and Cuba suffering decidedly odd causless symptoms has been discussed on this blog.
Various things have been suggested and history trotted out that might explain what could be "Fourth Generation Warfare" being practiced.
But if it is "Warefare" what is the motive and money trail, of the "Who benifits Why and Where?" question.
The people who have done most to investigate "Non Leathal Weapons" historically is the US and several other Western "White Anglo Saxon Protestant" (WASP) nations such as the Leads in the Many-Eyes nations such as Australia, Canada, Germany, UK and the likes of France and Israel.
More recently however other's have joind the club such as Super powers like China and Russia and a number of US and other National Defence Contractor Corporates.
Put simply it's not in Cuba's interests be it social, political or economic. Nor is it in most US citizens interests. Which provides possibly a distinguisher.
As I've mentioned before there are certain people in the US trying overly hard to restart the cold war with either China or Russia and the US MSM have played along as the "Usefull Idiot" to certainly the Russia-fobia and to a lesser extent China-fobia.
Thus even journalists are now starting to ask "Who in America benifits?" and it's not difficult to work out exactly where the finger is pointing.
https://www.counterpunch.org/2018/09/21/us-harasses-cuba-amid-mysterious-circumstances/
To be honest it makes only a modicum more sense, than the other potential super power candidates playing at "proxie war" even though they have the technological capabilities. Which not meaning to be nasty the Cuban's realy don't have sufficient excess GDP to divert to such a weapons program, especially as they have little or no need for such weapons.
Any way as with many other things in the "Great Game" we'll have to keep refining our theories, probably to only have them dashed by some other equally improbable event.
But I must admit I could warm to the idea it was certain US Corporates it has that delightfull 1960's feel of "The Billion Dollar Brain"[1] about it.
[1] Written by Len Deighton in the mid 1960's. In the book(s) the main protagonist is not named. However in the films a name was needed, it was desired to be the antithesis of "James Bond" so a boring name was sort. According to Michael Cain, due to a significant social gaff and the rememnerance of some dull school kid the name Harry Palmer was arived at. The brain of the book title was a computer that was programed to be an artificially intelligent war stratagist for an oil billionaire. Who had decided to go to war with "the commies". So bang upto date then ;-)
bttb • September 23, 2018 11:56 AM
From Matthew Green, https://twitter.com/matthew_d_green/status/1043504183633223680 :
"I’m still annoyed that Chrome has gone to mandatory Google login — exactly the same way Android did (and has received enormous criticism for) — and people at Google are acting like they’re surprised people are upset.
I mean it is, after all, Google’s browser and they can do whatever they want (modulo GDPR concerns). I just wish folks would acknowledge the difference.
[...]
I’m also annoyed at the people who say “it’s just all your browsing data so what’s the big deal?” It’s my *browsing data* that’s exactly why it’s a big deal!!!
[...]
And sure, I’m talking about porn. But honestly, that’s probably the least of it. Political opinions. Mental health websites. Abortion clinic websites. Who would think forced identification is a good thing?
[...]
One last thing about this Google Chrome mandatory login policy. It completely makes hash out of the Chrome privacy policy..."
https://blog.cryptographyengineering.com ; Green's website
dbCooper • September 23, 2018 11:58 AM
Octopuses Get Strangely Cuddly On The Mood Drug Ecstasy
"It turns out that octopuses and people have almost identical genes for a protein that binds the signaling molecule serotonin to brain cells. This protein is also the target of MDMA, so Dolen wondered how the drug would affect this usually unfriendly animal."
Clive Robinson • September 23, 2018 1:03 PM
@ Ratio,
Yup the figures are wrong, I must have been tireder than I thought, I know I edited it more than a couple of times to make it shorter.
They should be 4-24 and (0-20).
Ratio • September 23, 2018 2:00 PM
Russian passport leak after Salisbury may reveal spy methods:
A leak of Russian government data about the suspects in the Salisbury poisoning may provide a rare insight into how Russia’s military intelligence agency provides cover identities for its agents abroad.
Investigative journalists have unearthed what appears to be a series of passports with similar numbers belonging to suspected Russian intelligence officers, including the Salisbury suspects Ruslan Boshirov and Alexander Petrov.
The passport holders include a former Russian military attache who was expelled from Poland for espionage in 2014 and is alleged to be tied to an attempted coup in Montenegro.
Other men with similar passport numbers identified by the St Petersburg-based Fontanka news site listed their address as Khoroshevskoye Shosse 76 B, the Moscow headquarters of Russia’s Main Directorate, the military agency often referred to as the GRU.
Their travel records, as reported by Fontanka, could be tied to recent diplomatic incidents in Europe and, in at least one case, matched the details of a foreign trip taken by Vladimir Putin.
More details from Bellingcat:
Clive Robinson • September 23, 2018 2:11 PM
@ dbCooper,
As the old film scene has it,
"I don't care how friendly it is I aint geting in there!"
They are naturaly solitary animals because even octopi know that octopus tastes good...
Mind you the Japanese have strange longings for tenticals if some of their line drawings are to be believed...
Though my favourit octopus story comes from the London Aquarium. They had an octopus in a tank with a solid lid on. Anyway various other "exhibits started to disappear and theft was suspected but by who... So infra-red CCTV was set up "on the Q T" and the culprit was caught in the act on it, and many were quite supprised. It turns out that even though the octopus was a big brut with about a four foot tenticle spread, the lid on it's tank was not totally solid. There was a thumb sized hole little larger than the octopus's eye in it, which the octopus squeezed out of to go grab a midnight snack...
Two fun facts about octopus,
1, their blood is blue and based on copper not iron as mamals is. Oh and it has three hearts to pump it around,
https://animals.howstuffworks.com/marine-life/why-is-octopus-blood-blue.htm
2, their brain is not just very distributed part is wrapped around the digestive system, with food going through the middle... Oh and they have around half a percent of the number of neurons that we have, so you would expect them to be a lot more stupid than they actually are, so we have a great deal to learn about them.
http://cephalove.blogspot.com/2010/06/view-of-octopus-brain.html
https://www.wired.com/2013/10/how-the-freaky-octopus-can-help-us-understand-the-human-brain/
Oh, third sad fact they have sex and die. The male shortly after mating, the female as the young get going. So not only are they solitary beasts, they are all orphans as well so they have to learn everything they know the hard way.
Alyer Babtu • September 23, 2018 2:19 PM
@echo @albert
jewel-shaped geometric object
So glitter wins again !
But seriously folks, there is no space, time, or space-time, just as Newton’s “time flowing everywhere equably etc.” was unreal. What is real is things in motion, and their natural properties. Locality, unitarity, Feynman diagrams are all just convenient approximating assumptions in a mathematical model, with a limited usefulness that has now reached its limits. In all cases, the partial model was confused with the reality, entirely unnecessarily. This kind of thing seems peculiarly intrinsic to modern science. Why ? No need to go all paradox pear-shaped in the metaphysical department. Just stick to your sums.
echo • September 23, 2018 3:37 PM
http://www.osnews.com/story/30738/Dissecting_QNX
https://www.blackhat.com/docs/asia-18/asia-18-Wetzels_Abassi_dissecting_qnx__WP.pdf
This scientific article is not for people with short attention spans.
I know my security is Swiss cheese in a happy accident kind of way. I wouldn't recommend it for operating system venders though like with QNX.
Counterterror police are hoping that popular drama Bodyguard will inspire a new generation of recruits – but warn that the thriller diverges from the reality of life as an officer.
Very. I don't have much good to say about the police after what I know about them and how they behaved.
Your headline says “Croydon cat killer probe is halted as police blame foxes“. It should have said “…as police blame cars”, as they are saying the cats were killed by cars and then scavenged by foxes.The whole premise upon which the police are making their claims is ridiculous. These cats’ wounds were caused by slices. Foxes don’t carry knives, and to suggest that foxes routinely bite off the tails of roadkill is nonsense – there’s not much food on a cat’s tail. The details of some of the incidents of mutilation are very disturbing – for example, in one case the cat owner’s cat flap was kicked in the day after the remains were left, and in some cases the cats’ livers were placed in high up, prominent positions in the owners’ gardens.
Foxes are a convenient scapegoat for all sorts of human crimes, but surely nobody claims foxes did these things.
This ludicrous excuse from the police will only add to the misery of the cats’ owners, and to the harm done to foxes. Some people will believe this nonsense and more persecution will fall upon the fox, our most beautiful and entrancing wild mammal.
I know the police can be dim but didn't think they could be this dim. Perhaps it's an idiot test to see if the rest of us are awake?
Aye Ronny • September 23, 2018 4:54 PM
Re the Skripal case:
Has anyone noticed the curious irony of the two Russian attackers, agents of a repressive kleptocracy, being discovered by a vast web of government surveillance in an "open, democratic society"?
Used to be the other way round.
bttb • September 23, 2018 5:29 PM
From Matthew Green's twitter feed: "I switched to Firefox and I’m finding it every bit as Chrome. Also doesn’t surreptititiously associate your browsing with a Google account!" and from https://blog.cryptographyengineering.com/2018/09/23/why-im-leaving-chrome/ :
"Why I’m done with Chrome
This blog is mainly reserved for cryptography, and I try to avoid filling it with random “someone is wrong on the Internet” posts. After all, that’s what Twitter is for! But from time to time something bothers me enough that I have to make an exception. Today I wanted to write specifically about Google Chrome, how much I’ve loved it in the past, and why — due to Chrome’s new user-unfriendly forced login policy — I won’t be using it going forward.
A brief history of Chrome
When Google launched Chrome ten years ago, it seemed like one of those rare cases where everyone wins. In 2008, the browser market was dominated by Microsoft, a company with an ugly history of using browser dominance to crush their competitors. Worse, Microsoft was making noises about getting into the search business. This posed an existential threat to Google’s internet properties.
In this setting, Chrome was a beautiful solution. Even if the browser never produced a scrap of revenue for Google, it served its purpose just by keeping the Internet open to Google’s other products. As a benefit, the Internet community would receive a terrific open source browser with the best development team money could buy. This might be kind of sad for Mozilla (who have paid a high price due to Chrome) but overall it would be a good thing for Internet standards.
For many years this is exactly how things played out. Sure, Google offered an optional “sign in” feature for Chrome, which presumably vacuumed up your browsing data and shipped it off to Google, but that was an option. An option you could easily ignore. If you didn’t take advantage of this option, Google’s privacy policy was clear: your data would stay on your computer where it belonged.
What changed?
A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you. (However, and this is important: Google developers claim this will not actually start synchronizing your data to Google — yet. See further below.)
Your sole warning — in the event that you’re looking for it — is that your Google profile picture will appear in the upper-right hand corner of the browser window. I noticed mine the other day:..."
Hmm • September 23, 2018 6:18 PM
"Has anyone noticed the curious irony of the two Russian attackers, agents of a repressive kleptocracy, being discovered by a vast web of government surveillance in an "open, democratic society"?"
Nice one, that was good.
Alejandro • September 24, 2018 5:01 AM
Re: Chrome, Google
Google has become way too intrusive. They must have the explicit approval, encouragement and the blessing of .gov to get away with what they do. (and some others)
I am a Firefox fan, but they are beginning to have issues, too. Go to "about:config" then enter the search term "http" and you may be surprised to see at least a hundred ways Firefox phones home in order to help you, all the time. hmmmm, been here before. I deleted all I could find which quieted it down quite a bit, and it still mostly works. Anyway,
Comodo seems like a possible alternative:
"Comodo Dragon is a freeware web browser. It is based on Chromium and is produced by Comodo Group. Sporting a similar interface to Google Chrome, Dragon does not implement Chrome's user tracking and some other potentially privacy-compromising features, and provides additional security measures, such as indicating the authenticity and relative strength of a website's SSL certificate."
Download at: https://www.comodo.com/home/browsers-toolbars/browser.php
I am using it, but still haven't completely figured it out yet. It might be worth a try.
Clive Robinson • September 24, 2018 7:17 AM
@ Hmm,
You beat me to it, I should have posted here first rather than over on the previous thread on Primes Distribution to use it to pull @Bruce's leg a little ;-)
Clive Robinson • September 24, 2018 8:00 AM
@ Bruce and the usual suspects,
New Tor attack via AI called DeepCorr,
https://arxiv.org/pdf/1808.07285.pdf
Tor is vulnerable to trafic analysis as people have been saying for a while now. In fact a number of attacks have used "flow correlation attacks" already, what DeepCorr brings to the party is substantially improved deanonymisation through the use of "deep learning" AI.
When you think about it many privacy / security attacks would br considerably improved with deep learning, however untill recently deep learning has been hampered by the way can implement it on general purpose Turing Engines, something Google has been addressing in their new CPU design ad I mentioned a few days ago.
Whilst I've no doubt all "low latency mix nets" will suffer from this attack there are other architectures for anonymity networks. Some increase latency and add padding and others use fixed rate sending and padding other use not just padding but store and forward to move real traffic at a slower rate and use it in prefrence to padding thus increasing bandwidth utilisation especially when fixed.
As I've noted before Tor's biggest failing aside from not having any anti traffic analysis methods is that the end points are outside of the network, thus making correlation between an input and output possible and without the anti-traffic-analysis measures effectively trivial...
It's why I've indicated that clients and servers be inside the neywork snd fixed rate signalling as well as padding be used.
But is that sufficient?
For sometime now I've been doubtfull which is why I proposed a variation on the Fleet Broadcast method be used ontop of a link re-encrypting mix network with the clients and servers integrated as fixed rate nodes.
Hmm • September 24, 2018 8:02 AM
I mean I knew they were evil but this is obvious.
Clive Robinson • September 24, 2018 8:27 AM
@ bttb, Alejandro, ALL,
Getting Google out of chrome,
https://github.com/Eloston/ungoogled-chromium/blob/master/README.md
I know nothing further about it than what it says in the readme.
echo • September 24, 2018 9:49 AM
Jason Miller, the US president's former communications adviser, stepped down from his role as a political contributor for the CNN cable channel after the allegations surfaced. He has been accused of getting a woman he met at an Orlando strip club pregnant and then slipping an abortion pill into her smoothie.
This is why women need to practice 365/24/7 opsec. Too many men espcially men with "power" believe they have the right to control and invade women's bodies for their convenience. In some cases this does involve a risk of death as this case illustrates.
I am itching to name one person with a job title and reputation to lose who I accused of being a murderer. After a lot of effort and persistetence one police officer got this before one, sadly corrupt, police officer who I had already complained about cancelled my giving a statement under PACE conditions behind my back without my being notfied at the local police station. When I persisted the next thing I know I'm being punched and slammed into walls off camera by police officers.
She is lucky she is complaining about a fool in the private sector. If allegations involve an establishment figure in the UK state prepare to be monstered. Never happened? I recorded it all on my phone.
CallMeLateForSupper • September 24, 2018 10:07 AM
@bttb re: Chrome dickery
Tnx 4 heads-up. Have a friend who switched to Chrome on Win 10 who will go ballistic when I tell him.
@All
Who else here felt the worm turn when Google announced it would abandon its "Don't be evil" motto? To me, it was clear message: "We want to be free to be evil."
Hmm • September 24, 2018 10:13 AM
Pay no attention to mottos or slogans, watch actions. Google is evil AF.
albert • September 24, 2018 10:53 AM
@Alyer Babtu,
"...But seriously folks, there is no space, time, or space-time, just as Newton’s “time flowing everywhere equably etc.” was unreal...."
Newton was closer than you know.
For an explanation of this, see the paper posted here:
https://groups.google.com/forum/#!topic/diracwasright/sEZQnMAwzII
'Time' is a human construct.
'Space' is a BEC of negative-energy electron/positron pairs, which serves as a medium for EM radiation propagation.
The Universal Clock Speed of any process is 6.28e-24 seconds. It's the minimum interval possible between any two events. It is constant throughout the Universe, and synchronized everywhere.
'Space-time' is a human construct that has no meaning.
. .. . .. --- ....
echo • September 24, 2018 11:01 AM
RE: Bellingcat
https://www.craigmurray.org.uk/archives/2018/09/the-incredible-case-of-boshirov-and-petrovs-visas/
There are some problems with Bellingcat’s analysis. The first is that they also quote Russian website fontanka.ru as a source, but fontanka.ru actually say the precise opposite of what Bellingcat claim – that the passport number series is indeed a civilian one and civilians do have passports in that series.Fontanka also state it is not unusual for the two to have close passport numbers – it merely means they applied together. On other points, fontanka.ru do confirm Bellingcat’s account of another suspected GRU officer having serial numbers close to those of Boshirov and Petrov.
But there is a bigger question of the authenticity of the documents themselves. Fontanka.ru is a blind alley – they are not the source of the documents, just commenting on them, and Bellingcat are just attempting the old trick of setting up a circular “confirmation”. Russian Insider is neither Russian nor an Insider. Its name is a false claim and it consists of a combination of western “experts” writing on Russia, and reprints from the Russian media. It has no track record of inside access to Russian government secrets or documents, and nor does Bellingcat.
I don't want to get wrapped up with "hall of mirrors" covert state propganda sites or conspiracy sites and their ilk. All I know from personal unpleasant experiences is UK state actors lie and abuse and commit acts of fraud behind closed doors and surpress evidence and "no crime" complaints which don't suit them even on a fairly trivial detail. They can't even admit unauthorised behaviour caused by an "error of judgment" or an obvious mistake even when it is in writing. This is why I fully reserve the right to be sceptical and wait for all the evidence.
PeaceHead • September 24, 2018 11:27 AM
Most of the recent smorguessborat of quantomb physics are actually totally taboo and were never meant to have been released into any type of public or private domain. These types of reckless scientific forays would have otherwise remained forgotten and/or CLASSIFIED and/or all infos destroyed. Yet something went horribly wrong. Humans were never meant to be tampering with any of this type of thing. We are at extreme risk until all such esoteric materials are fully redacted back into complete occlusion and then destroyed before our existence is.
I will try to provide more understandable and safe info about this type of security threat, yet I am currently merely trying to survive.
Distress is a noun, yet not the be all end all.
Maximal Peaceful Coexistence Is The Only Longer-Term Future.
David • September 24, 2018 11:46 AM
The Wall Street Journal (September 21, page A5) has an ad for a Swiss rotor machine called the NEMA, designed to improve on the Enigma; it "contains an incredible 10-wheel rotor designed to correct the vulnerabilities of its predecessor." The price is not mentioned, but it's obviously high enough to pay for a quarter-page WSJ ad. The source is an antiques dealer in New Orleans.
echo • September 24, 2018 12:01 PM
@albert
I didn't download your linked documents but did a search and read another paper. I'm really fuzzy about the space-time thing. I did read or watch something the other week which mentioned a few things. It seems the universe was one big super atom thingy whatsit singularity doo dah then early in the big bang only space existed not time with spactime emerging slightly later. This paper helps explain Newton and also why spacetime and gravity emerged.
I only understand about 1% of this. I grasp most of the critical concepts but lack the internal mathematical language to make much sense of the whys.
I also read somewhere this week that scientists are rearranging Einsteins Relativity to try and open up new perspectives some of which I believe this paper alluded too.
https://arxiv.org/pdf/1001.0785.pdf
On the Origin of Gravity and the Laws of Newton
Erik Verlind
jdgalt • September 24, 2018 7:27 PM
Apologies to Bruce in advance, because this isn't directly related to security unless your idea of what is "security" is as broad as mine.
Why has EFF not said word one about Internet platforms (and services like Kickstarter and Paypal) that block or eject people for political dissent?
Even if EFF considers that action to be the organization's own freedom of speech/association, EFF could be a lot of help just as a meeting place for those who would work around these bans by creating competitors to the sites that perform them, and by promoting legislation so that indispensable low-level services such as Internet peering and DNS are not allowed to ban anybody unless ordered to by a court of law.
Seppi • September 24, 2018 8:59 PM
@David: "The Wall Street Journal (September 21, page A5) has an ad for a Swiss rotor machine called the NEMA,"
It's nothing more than the predecessor of the "Krypto-Funk-Fernschreiber KFF-58/68", a hihgly reliable encryption device that I also operated during my military service.
It just werked. All the digital stuff they introduced afterwards was crap. Now, the army talks about digital warfare aka moving the goalposts as if a power plant could be attacked from the outside.
So, they still have not gottten their act together re encryption. Another reason, perhaps, why Crypto AG went bankrupt.
Hmm • September 24, 2018 11:32 PM
" it is not unusual for the two to have close passport numbers – it merely means they applied together. "
Which is obviously suspicious of itself.
And when these two unrelated "fellows" got them, the first place they needed to visit was SALISBURY.
"Boshirov said the two had gone to visit Salisbury Cathedral, “famous not just in Europe, but in the whole world. It’s famous for its 123-metre spire, it’s famous for its clock, the first one [of its kind] ever created in the world, which is still working.”
-Oh, ooooookay.
While they walked around Salisbury, he added, the two men “maybe approached Skripal’s house, but we didn’t know where it was located”."
-Oh, of course not. It's just a coincidence.
They confirmed they visited Salisbury twice, on 3 and 4 March. British police say the first, brief, visit was designed to stake out the city in advance of the attack. Petrov said that they turned back because it was cold.
“We arrived in Salisbury on 3 March and tried to walk through the town, but we lasted for only half an hour because it was covered in snow,”
-Seems legit, take trains for hours to tromp around in snow for a few minutes. Lovely Salisbury.
https://interactive.guim.co.uk/uploader/embed/2018/09/movements-zip/giv-3902BNIR3611ZifK/
I hope they both bought winning lotto tickets on their way home to round out their coincidental trip!
Yes, let's be skeptics and not morons as they'd require of us to believe their story.
65535 • September 25, 2018 3:00 AM
@ Alejandro
“I am a Firefox fan, but they are beginning to have issues, too. Go to "about:config" then enter the search term "http" and you may be surprised to see at least a hundred ways Firefox phones home in order to help you, all the time. hmmmm, been here before. I deleted all I could find which quieted it down quite a bit, and it still mostly works. Anyway,”
That is a real issue and a troublesome issue with FF. Do you have a step-by-step method of eliminating those url calls back to FireFox? How about SSL everywhere? I recommend FF because it still hase the search window separated from the url window and it is the best of the worst data mining browsers.
echo • September 25, 2018 6:24 AM
@jdgalt
Thereis a fairly well established set of laws and arguments which cover both the exact categoristion of security issue and the technical issues. I personally would only seriously discuss this if this was on the table before discussion. Neverhavigb discussed anythign with you before I would also want to discover exactly what your agenda is and what you want.
With regard to Alex Jones (a multi-millionaire) and his ilk in UK law: There is a positive obligation to improve human rights and equality. When abuse and discrimination has been proven in law the burden of proof reverses. Health and safety and criminal law may also apply.
Much like Christine Blasey Ford I am prepared to testify against UK establishment abusers in a court of law in the public interest and do what needs to be done. It is actually quite a struggle in reality.
echo • September 25, 2018 6:44 AM
@Hmmm
You're posting opinion as fact again. The internet isn't really the place to pusha complex case because it involves a lot of careful work and fact checking and cross referencing and thingsproceeding in some kind of order. I hate to sound like Clive but without the formal processes of a court and certified professionals managing the data and a clear checkable record of the discussion in one place it is not possible to make sense of it.
I very clearly kept my comments focused on the one passport issue.It wasn't an invitation to drag everything and the kitchen sink in to "score a point".
I have no fixed view about the Skipral case. I'm well aware of the geo-political histories and ways of instititional working and problems with getting to the truth and miscarriages of justice and various peacocking and cover-up behaviours and confusiona and distraction techniques as anyone. As for whether it gets to court and the accused have a fair trial we will just have to wait and see. A courtdateisn't set so it's a little premature to decide a verdict don't you think?
JG4 • September 25, 2018 7:30 AM
@another John Galt - my view of security also is quite broad
here's another (near) nonagenerian doing important work. amazing that load-bearing exercise so directly affects memory.
Bone-derived hormone reverses age-related memory loss in mice
https://www.sciencedaily.com/releases/2017/08/170829091052.htm
another clue as to why eating fish is good for you, but fish oil pills haven't been - until now.
Amarin fish oil capsule shows dramatic benefit for cardiovascular patients, potentially upending market
https://www.statnews.com/2018/09/24/amarin-fish-oil-capsule-shows-dramatic-benefit-for-cardiovascular-patients
the usual excerpts from the usual daily news compendium
https://www.nakedcapitalism.com/2018/09/links-9-25-18.html
...
[...only meaningless to those outside the profit loop from selling the data to third-party aggregators]
DNA ancestry tests branded ‘meaningless’ Telegraph
...
Big Brother is Watching You Watch
Big Tech’s Business Model Is Broken, Report Says Wall Street Journal
Spotify Is Using DNA Tests to Curate Playlists, Which Is Pretty Creepy Noisey
...
[the capitalists' capitalist recognizes a deficiency in the ability of markets to allocate resources]
This is how UN scientists are preparing for the end of capitalism Independent (John C)
...
bttb • September 25, 2018 7:33 AM
Marcy Wheeler of https://www.emptywheel.net is on Democracy Now now. https://www.democracynow.org
Also, perhaps, on a radio station or video station near you. Check back, above, later for a transcript.
bttb • September 25, 2018 8:13 AM
@Alejandro, Hmm, Clive Robinson, CallMeLateForSupper
Other possible Chrome browser substitutes:
3) Brave browser, I’ve tried it some, it seems to work, albeit with a fairly unique browser fingerprint https:\\panopticlick.eff.org
4) Unsafe Browser, Tails
5) Tor Browser, torproject.org download, with or w/o Tor afaik
6) Firefox with httpseverywhere, uBlock Origin or Adblock Plus, Privacy Badger, Referrer Control, NoScript
7) Firefox as implemented in DoD’s TENS (formerly LPS)
Are there other good hardened live DVDs like Tails w/o Tor? Can Tor be turned off in Tails and can the Tor Browser be used while using Tails w/o Tor?
echo • September 25, 2018 8:14 AM
@JG4
I have picked up that a lot of media seem to follow a hierarchy and cherry pick off each other from a single originating source.
I read this past week that fish oil is also good for boosting breast size. The commentary was fairly predictable.
This past week I have been wearing a sports bra which makes me stick out a bit. I have also been wearing this with a light top makes things much more visible. While out shopping there has been a definate uptick of men deciding they had forgotten something for their shopping basket and looping back to take another look. I don't believe this is my imagination because it has been a sustained pattern. Men also behave differently and become more "interactive" when I wear high heels as I have been this past week while shopping. The attention has been gettign a bit too much so I will need to step back more towards the "grey woman" end of the spectrum. Invisibility has its advantages.
Following on... The eye and vision system is good at edge detection and contrast. This is why camoflage is designed to disrupt this. You wouldn't guess from a casual look comparing US, UK, and South Korean camoflage patterns but overall I find the South Korean camoflage pattern works very well. You would thing the South Korean camoflage pattern is complete junk but watching a Youtube comparison to my eyes works the best of all three. The US pattern by comparison seems a bit too clever for its own good.
albert • September 25, 2018 9:52 AM
@echo,
By all means read Don Hotsons paper in the link I posted. It's well written and easy to understand, no math. You won't have to worry about space-time, because it's BS.
. .. . .. --- ....
Clive Robinson • September 25, 2018 10:05 AM
@ echo,
This is why I fully reserve the right to be sceptical and wait for all the evidence.
You and me both.
Though I hate "circumstantial evidence" as I realy do not consider it anything other than an untested supposition on potential coincidence.
I'm not that keen on "forensic evidence" either, it argues backwards from effect to just one of many probable causes, as history shows "forensic practitioners" get it wrong oh so many times, especially if they work for the FBI.
That is I do not believe in applying the laws of probability in evidence when "intelligent agents" are involved. Because not only can the forensic examiners be wrong, they can be misled and worse willfully make statments they must know to be wrong. Sometimes this is due to Dunning-Kruger, sometimes cognative-bias, sometimes peer-preasure and other times due to what is best described as malicious-acts. All of which apply equally well to those who leave the evidenve to ne found.
Let's put it this way if you are going to commit a crime and you do not want to face any consequences your basic options as an "intelligent agent" are,
1, Make it not be a crime.
2, Remove or nullify evidence.
3, Place evidence that misleads.
4, Place evidence to frame another.
5, Get another to commit the crime.
As increasing numbers are pointing out, there are around twenty untimely deaths of prominent Russian's that have been put down by over streached underfunded police forcess as natural / accident. Which kind of makes a statistical anomaly out of them if treated as a group rather than separately.
But it's not just the police, there is a dirty little secret about "tox-reports" which is the tests they are based on only pick up a tiny tiny tiny fraction of poisons... Some poisons they do not test for can be found on supermarket shelves, believe it or not in the food isles as well as the cleaning products. Oh then there are "party makers" and a number of other easily available stuff in garden centers. Nature is both bountiful and deadly in tooth and claw.
Clive Robinson • September 25, 2018 10:22 AM
@ David,
... designed to improve on the Enigma; it "contains an incredible 10-wheel rotor designed to correct the vulnerabilities of its predecessor."
It does not matter how many extra rotors or slots for rotors it has that will not solve other issues three of which are,
1, The reflector.
2, The uniform rotor steping.
3, The unidirectional rotor steping.
Even the Germans were aware of this, which is why they designed other systems where on set of wheels stepped another set of wheels.
You would be better off with an old US ECM Mk2 SIGABA that attempted to fix those issues.
But at the end of the day the size of mapping you can get with Enigma style rotor machines is way to small and it's very amenable to attack not just with clasic computers but quantum computers as well.
CallMeLateForSupper • September 25, 2018 10:31 AM
@bttb
"Can Tor be turned off in Tails and can the Tor Browser be used while using Tails w/o Tor?"
Yes, Tails' Tor can be turned OFF.
What do you expect to happen when you start the Tor browser (which expects to find Tor functioning) with Tor turned OFF? (Rhetorical)
I think what you want can be accomplished in Tails by turning Tor OFF and then starting Unsafe Browser.
My HDDs are in removable "trays". Each drive is bootable and standalone. When I want to throw care to the winds and "go naked" into the internet - i.e. with ability to play video, and without NoScript and PrivacyBadger - I just remove whichever HDD tray is installed and boot Tails from DVD. Just to be clear, there is NO hard drive in the 'puter while I am running naked on the internet.
Hmm • September 25, 2018 11:21 AM
@echo
"You're posting opinion as fact again"
Quote me if you like on that.
(*I didn't actually, read carefully)
"I very clearly kept my comments focused on the one passport issue.It wasn't an invitation to drag everything and the kitchen sink in to "score a point"."
& I instantly killed your (quoted) inference that near-sequential passport #'s are "coincidental" and somehow not suspicious on that basis alone, that was actually my first point. From there I explored a few other "coincidences" that are actually reported and verified facts, and I can cite anything I referenced. I don't need their or your permission to do that, nor is it posting an opinion as a fact. Neither one.
I'm not passing legal judgment on the two men, I'm saying their story is ridiculous.
There's nothing wrong about saying that as my opine, which I did, using related facts.
The facts make my point. Their story is ridiculous on its face, experts also agree.
I don't have to wait for bureaucratic process takes place to make such observations.
They're verifiable right now. I quoted the accused directly. It's ridiculous right now.
Hmm • September 25, 2018 11:35 AM
"This is why I fully reserve the right to be sceptical and wait for all the evidence."
The word is SKEPTICAL.
It doesn't mean denying the known facts, it means looking for a logical rationale to question them.
A skeptic who finds nearly nothing supporting their skepticism has two options :
Continue believing their vague skepticism is warranted and come to no conclusions, -or-
Invent some counter-narrative that fits some % of the facts to "explain it away" -
- Such as insinuating without evidence that the suspects in the Skripal poisoning have been "set up" somehow, without actual real-world factual elaboration or a logical thread exploring that.
"Though I hate "circumstantial evidence" as I realy do not consider it anything other than an untested supposition on potential coincidence."
I'm not that keen on "forensic evidence" either, it argues backwards from effect to just one of many probable causes, as history shows "forensic practitioners" get it wrong oh so many times, especially if they work for the FBI."
So circumstantial and forensic evidence is out... you want a full confession we must assume?
I'm "skeptical" some will ever be satisfied by the facts, ridiculous as they are in this case.
There is as yet ZERO evidence these suspects are falsely accused, unless you've got some.
ZERO.
There's literal DAYS of CCTV footage of them wandering around, in SALISBURY,
near the house of the victims and with a damn implausible story to boot.
That's before you get to the Novachok, the motive, the history... any of that.
Skepticism is warranted, but evidence is required to support your counter-narrative.
As yet it does not exist.
Clive Robinson • September 25, 2018 11:40 AM
@ echo,
I hate to sound like Clive
Should I be :'(
Or as the French do celebrate the difference with a galic grin :-)
Oh and for those that suspect my spelling I do not mean garlic that would be :-S
Hmm • September 25, 2018 11:42 AM
I was half joking about the English/English spelling differences but I'd rightly better address it before someone accuses me of ugly American-centrism, which.. valid enough.
https://english.stackexchange.com/questions/36749/why-did-sceptical-become-skeptical-in-the-us
But it's the SECOND definition of skeptical that truly rings out here :
PHILOSOPHY
relating to the theory that certain knowledge is impossible.
THAT seems like the problem some seem to come up against, and they default to unreasonable info-nihilism as if nothing can be known or proven as a result of lingering doubts in some small areas that can never be satisfied.
Maskirova --> Doubtirova?
Hmm • September 25, 2018 11:48 AM
@echo
Minor point : Our standard isn't "absolute proof" - it's "beyond reasonable doubt"
Again none of this is my opine stated as fact, that's a fact without my help.
echo • September 25, 2018 12:30 PM
@Clive
We need a talk... The reason is the same methodologies are used by the state to abuse citizens who are simply claiming their entitlement to services. It is also used to cover up professional malpractice and rig investigations to get them and their chums off. Reading through some of the news about UK counter-terrorism and prisons creating more problems than they solve and foreign policy with respect to Iran who themselves were victims of a terrorist attack I suspect the same model is being applied abroad.
I have discovered what is said in public and what happens behind closed doors to be very different. To some degree this is an organisational problem but also due to a lot of "seat filler" avoiding work or being self-important, and in some cases playing favourites.
It's worse than you know. I have multiple harcopies of evidence which taken seperately mean nothing but when put together prove that one of the top establishment figures of a powerful and influential body committed fraud with respect to lawful none toxic substances simply to cement their power and build their empire. This isn't an isolated case of fraud leading to the harm and in some cases deaths of citizens who have committed no crime other than to ask for help.
Basically what you said from the other end of the Mobius strip.
I have a slight clue about the issues you outline plus the toxicology and toxicity issues. It's not something I cling to and have never followed up. My murder fantasies tend to be more graphic and get me locked up if they appeared outside a novel. I dislike the "war as art" academic papers because I suspect the subconcious motivations behind them and where they may lead which is why I never linked to a recent paper published on a think tank website the other week. Some things are best not encouraged.
Clive Robinson • September 25, 2018 12:34 PM
@ CallMrLatr..., bttb,
Just to be clear, there is NO hard drive in the 'puter while I am running naked on the internet.
How many years is it now we've been saying this on this blog and it's earlier incarnations?
It's why I used to like those CDs and DVDs on magazines, they had in effect an increased security margin over downloading an image off the Intetnet yourself.
The trouble with doing it these days aside from the download issues is that modern systems have Flash Memory everywhere you can imagine as well as places you would not imagine even in your darkest nightmare (keyboards maybe, mice probably not, but the battery WTF!!!).
For instance as was well demonstrated by Lenovo SoHo laptops all manner of persistant evils can be hidden in the BIOS Flash ROM due to legacy issues that went back atleast four decades to my certain knowledge (Apple][ I/O model copied later by IBM enhanced by Microsoft and still with us today).
Some Russian hackers have shown how flash ROM in thumb drives, hard drives, BlueRay/DVD/CD drives and even modern floppy drives can all be used to hide nasties.
Others have shown flash ROM in other IO such as network cards, printer cards and serial cards can be used.
Then of course all those high speed serial IO channels that start with USB and FireWire and rip through all the later versions their flash ROM hidden in the microcontrolers is another good place...
Then of course there is the main CPU it's self, it's argued that no current Intel or AMD CPU will work without a microcode update the motherboard manufacturer has put in the BIOS. Whilst I can not say this is 100% true, there appears to be sifficient basis in fact that it applies to quite a number. Which gives yet another hiding place to be got at...
It's why I still have and use pre 2000 hardware with EPROMs on sockets. But still don't connect to the Internet with a PC, or any device I do work of any kind on.
Funny thing is twenty years ago I looked realy realy paranoid. Today I look just a little more cautious than some. I guess tomorrow probably not cautious enough...
Which is why I talk not of "air gapping" and "prevention" but "energy-gapping" and "mitigation". The latter points being "You probbably can not stop them, but you can catch them out and put things out of their reach"
CallMeLateForSupper • September 25, 2018 12:43 PM
@Clive
"1) the reflector"
That was indeed an "Achilles heel", and your placing it as #1 is quite appropriate.
"You would be better off with an old US ECM Mk2 SIGABA [...]"
Yeah, from a complexity-improvement standpoint. From an esthetics standpoint though, the SIGABA is a sow's ear. NEMA is eye candy. Takes me back to the days of my Smith Coronas. :-)
@all Enigma newbies
The reflector rendered Enigma's operation reciprocal - i.e. if "P" enciphers to "B", then it is guaranteed that "B" enciphers to "P" (at the same machine settings) - but it was precisely this trait that Bombe design leveraged, to devastating effect.
A second consequence of the reflector was that no letter could encipher to itself. This property was a powerful tool used by Bletchley to eliminate from consideration all "impossible" Bombe setups.
bttb • September 25, 2018 12:59 PM
@CallMeLateForSupper, 65535, Alejandro, Hmm, Clive Robinson
Regarding Web Browsers and misc. stuff (2018)
TENS (not TENS Deluxe) seems to work pretty well in VirtualBox and its' Firefox will play Youtube videos with all scripts blocked with NoScript. (https://www.computerworld.com/article/3245645/linux/the-5-best-linux-distros-for-work-red-hat-suse-ubuntu-linux-mint-and-tens.html ; OT Linux Mint Debian Edition seems to work pretty well, too, afaik.)
I am interested in the Tor Browser, in Tails or the Tor Browser Bundle (TBB), not “pinging” the Tor network, but providing a “hardened” Firefox browser.
I found https://superuser.com/questions/1117383/can-i-use-tor-browser-without-using-tor-network (2016):
Question:
a) “Can I use the Tor Browser without the Tor network?
The TOR browser is a nice browser even without TOR. Using full on TOR seems a bit extreme to me and is beyond my patience, on the other hand, using a normal Firefox feels like yelling my canvas fingerprints all over the internet. Can I configure the TOR browser to not go through the TOR network?”
Answer:
“Upper right hand side of Tor Browser click on the three horizontal bars, click on Options, select the Advanced tab, click on Network, click on Settings, select "No Proxy" and hit OK.
Then type "about:config" into the url bar, go to "network.proxy.socks_remote_dns" right click and select Toggle.
At that point your browser won´t be using TOR proxy to access to the internet, but if you also want to disable the TOR service running in the background type "about:config" into the url bar, go to "extensions.torlauncher.start_tor", right click and select Toggle
Hope i`ve helped you :)”
I assume the above refers to the TBB. In the past I recall something like pointing or not pointing to 127.0.0.1 with the TBB or perhaps doing something like that with Knoppix’s Firefox built in Tor browser option.
b) CallMeLateForSupper wrote: “I think what you want can be accomplished in Tails by turning Tor OFF and then starting Unsafe Browser.”
At times it might be useful to use the “hardened” Tor Browser in Tails w/o Tor. Can Tor be turned off in Tails 3.9? If so will Tail's Tor Browser still work? Or might that require a custom build of Tails?
Has anybody tried this sort of thing ( a) or b) ) recently?
echo • September 25, 2018 1:25 PM
Police are demanding almost unfettered access to highly personal records and data from potential rape victims before pressing ahead with their cases, the Guardian can reveal. In some areas, complainants are being asked to disclose health, school and college records, counselling notes and all data from their electronic devices, documents obtained under freedom of information requests show.
I have experience this kind of invasion myself.
“On the other hand, we know suspects have much more leeway to refuse to disclose their personal data and in some cases that their phones aren’t even requested,” she said. “Victims are all too often left with the impression it is them and their credibility that is under investigation, not the person actually accused of a serious violent crime.”
Tell me about it...
echo • September 25, 2018 1:39 PM
I watched The Resistance Banker (2018) yesterday. This is a movie set during WWII in the Neterhlands and tells the story of how bankers secretly committed a massive act of banking fraud to pay for the war against the Nazis. The movie contains a few notable incidents highlighting data anonymity and opsec which many of you will find instantly familiar.
Clive Robinson • September 25, 2018 1:45 PM
@ Hmm,
So circumstantial and forensic evidence is out... you want a full confession we must assume?
Is not what I said is it...
What I am saying is that it needs to be treated not just with way more caution but with a great deal more skepticism than most juries ever do. Often because they are often effectively lied to by supposed experts, who treat the whole thing as a game to more prestige etc.
Have a look at the history of supposed "pour patterns" for claiming arson, they were nothing of the sort, ordinary fires would produce them for quiye easily explainable scientific reasons.
Likewise "cocain in banknotes" as a sign you are either a dealer or a habitual user, even though hair and other tests on the person show otherwise.
Or how about "metal mix" in bullets being indicative of individual batches thus tracable via purchase. Turned out to be yet another of the FBI's long list of fake science.
The list goes on and on and on, it's why I'm skeptical about both circumstantial and forensic evidence, and say it should be treated with care.
Which brings me onto your statment of,
I'm "skeptical" some will ever be satisfied by the facts, ridiculous as they are in this case. There is as yet ZERO evidence these suspects are falsely accused, unless you've got some. ZERO.
Actually you are wrong with that statment, all we currently know in the public domain is an accusation from the UK backed up by a little photographic information, and some statments from two Russian's who were not under oath.
Neither is actually "evidence" in the accepted sense, nor is it something we can "test" as evidence. What might or might not exist in the UK police / CPS and in Russia we have as yet no knowledge, and the chances are that is exactly the way it will remaine.
But lets go through the little we have been told by various journalists with regards the Salisbury visit by the two Russian's. Firstly I would expect that their visas would have been issued at a similar time if they had not been to England before and were planning a holiday here. Much as I would expect a husband and wife to obtained their visas at the same time if they were going to somewhere new and exotic etc on holiday for the first time.
As for passport numbers again if they had put in their applications at the same time to the same office then yes it's likely they would have numbers in the same range. But also it's posible that they could be from a "special batch" or a batch issued to a very infrequently used agency, so toss a coin on that.
However I know people with sequentially issued passports, they have lived abroad for many years, thus go to the consulate in the country they live in to get their passports renewed as it's quite a journy the whole family renew at the same time and place.
But also there is another aspect to consider, if people on holiday staying in the same room for various reasons got their room turned over by thieves they to could end up with sequentialy numbered replacments from the consulate, to get home etc.
Thus there are a number of reasons such things could happen, what we as members of the public don't have is the information as to which it is and what the probabilities are as nobody has said yet...
This is exactly the same issue as I have with forensics, we have an effect and we are trying to argue back to a cause, without actually knowing how many potential causes there are or what the probabilities are.
Somebody may well say, which is why I frequently say to wait and see what becomes available.
It's the sort of thing you would expect to get cleared up in court by cross questioning etc. Then when you have their explanation you can decide on if it's true, improbable to some degree, or false.
There was a recent case in the UK where a reasonably famous person was accused of assult and was charged. They went through several months of being pilloried by the media and being told not only were they a disgrace to the country but should loose there lively hood etc etc.
They were by law not alowed to say anything in public, which just made things worse. Come the trial a whole load of facts came out and they were found not only to be innocent but actually have been trying to prevent a serious crime from happening. Did the media apologize did they heck theyveither lied or ignored it...
So pardon me for taking the cautious approach but I've good reason to be, because a one sided series of ever odder statments is not a reasoned argument it's usually a free for all as talking heads line up to out do each other on supposition that either does not or can not for good and proper reasons be challenged. The media is the modern equivalent of a bear pit where the bear is chained and hobbled and the dogs way to numerous.
Clive Robinson • September 25, 2018 2:04 PM
@ Hmm,
The word is SKEPTICAL.
Wrong again, and in such a shout way, people would think you wanted everybody to know were proud of it.
Read,
https://www.grammar.com/skeptic_vs._sceptic
Both spellings are equally valid.
Oh and as for,
It doesn't mean denying the known facts,
There you go again, making a claim that is incorrect.
I talk about "waiting for all the evidence" and you go off half cocked tilting at windmills, on what is actually one sided supposition not "facts" as most dictionaries would define them,
You have a long history of doing this on this blog, and it's clearly upsetting people in various ways.
So why not tell every one why you do it in your own words?
echo • September 25, 2018 2:40 PM
@CLive, @Hmm
RE: History and forensics
Without stirring the pot too heavily this blog article touches upon the need for properly documented history and the provenance of evidence.
I wish I could have my day in court. Mostly, I just want to get on with my life. Sadly there is no hope of either at the moment.
Clive Robinson • September 25, 2018 3:18 PM
@ echo,
Are you old enough to remember "Aunt Aggies Bomb factory"? And the resulting miscarriage of justice?
Put simply not only was the lab doing the testing found to have contaminated centrifuges, their expert witnesses misled the jury as to how those involved could have easily been contaminated with the nitrated cellulose that they were essentially convicted by.
Put simply at that time there was a lot of historic celluloid around, it was used as we use plastics today. One major use was in artificial bone and ivory for many many products including the handles of cutlery. Most houses back then would have had quite a number of nitrated cellulose objects including playing cards.
It was known from initial statments that the suspects had been playing cards shortly before being arrested and hand swabed but at no time was the jury informed of the implications of the playing cards would have had on the swabs...
Eventually they were cleared but by that time one of them had died in prison.
Guess which laborotory / personnel it was?
And people wonder why I'm sceptical...
After all what is there to be worried about in good old "Show trials are us" blighty.
vas pup • September 25, 2018 3:39 PM
@Clive, Hmm, echo on evidence.
There is no 100% reliable evidence. Only constellation of all evidence could bring close as possible to actual event which occurred in the past.
I clearly against confession as the crown of all evidence because there are cases of false confession for different reasons. You could read about that any good book of forensic psychology.
Hmm • September 25, 2018 4:07 PM
"You have a long history of doing this on this blog, and it's clearly upsetting people in various ways."
Perhaps don't allow yourself to get so upset, there's no call for that silliness and it can't be good for your health - simply instead you may prove any aspect of your counter-narrative rather than insist it's the most likely occurrence and that evil intelligence agencies have faked any single aspect of this. It's a ridiculous charade at this point.
You do this all the time. You say "there are infinite doubts" when there are actually a very, very finite number of doubts that make total sense in all datasets/dimensions.
You want to consider "skepticism" a rationale for denying what is known on the basis that not all is known and faking everything is possible. Well, I do reject that with Occam's razor, handily. Vladimir Putin vouched for them personally as tourists. Fake that, I dare you.
What we now know is enough to convict them in front of even a RUSSIAN jury. Actual skeptics.
You may believe WMD USE TO MURDER ON UK SOIL after a series of as yet ridiculously explained coincidences by two operations-age "fit and trim" Russian males who just "happen" to get near-sequential passports and feel a burning desire to walk around Salisbury for a half hour in the snow a few days before a nerve agent attack on former Russian spies, that's all some sort of conceivable GCHQ/MI6 plot to smear Russia which doesn't also involve Russian agents playing along with Putin's on-Television-expressed assurances that they're TOURISTS. Your skepticism is intact, bravo.
So our two "tourists" just a snowy urge to see gothic buildings for the first time several hours away from LONDON(!) or any number of other closer places, travelling by train for hours~ both ways and spending 30 minutes by their own account "maybe walking around the victim's house, we don't know" on camera. And right after the attack they just happen to be on a plane back, because Salisbury is no longer freezing and gothic after you've walked it for 30-60 minutes or so, twice, despite your stated plausible reasons for travelling there all the way from Russia for the first time.
Good day, Sir Skeptic. I do hope your people get a reprieve-vote on your imminent Brexicution.
I've never seen Putin grin so hard as he did in that video saying they were clearly tourists.
I can't find it now but man, he loves this. Skepticism, heh. Blat.
Hmm • September 25, 2018 4:17 PM
" And the resulting miscarriage of justice? "
They're back in Russia. You don't have to worry about them being held to account.
NOBODY is rushing to justice, despite an innocent non-target woman dying of the WMD effects.
We're months after that now and nobody has been lynched or mobbed. CCTV and bad excuses on video.
GHCQ/MI6-7-13.. they sure are being damn subtle and patient about their rube-goldberg machinations.
Let's all remain skeptical, there's nothing to see here except tourism in the UK turned horribly wrong, ending in the death of an innocent woman and the evil UK government crying in Russo-phobic fear "they used WMD's to kill former spies on UK soil, and we have proof"
What arrogance, to think the "true Scot skeptics" would ever fall for that forensic and circumstantial evidence over the good word of Vladimir Putin! Will Salisbury township tourism ever recover under this Russophobia? Think of the hypothetical fractional chances of children!
echo • September 25, 2018 4:23 PM
@Clive
I have a very feint clue of what you may be talking about but my memory of specific cases is garbled. Speaking of miscarriages of justice it was discovered once with one case that evidence of bomb making was based on a forensic test which when they dug deeper was based on a chemical ingredient found in everday dishwashing liquid traces of which which the accused, of course, had all over their hands. Not even Bullshot Crummond was this stupid.
@Vas pup
I do agree.
Clive Robinson • September 25, 2018 4:36 PM
@ Hmm,
You do this all the time. You say "there are infinite doubts"
Here we go again with your very silly "strawman" argument, claiming things that I have not said.
It always comes down to this with you, you are at best a fantasist.
As I've frequently said "wait for the evidence", we don't actually have anything we can actually "test".
What I may or may not think, I've actually not said, but you are determined to make the world think I have with "infinite doubts" in the above just being yet another example.
Thus the question arises as to what personality defect is it that you have that makes you do this endlessly? Even after you have said you are going to desist from your previous behaviours...
Enough, I see no reason to continue wasting space on this thread and upseting other readers.
Conner • September 25, 2018 4:45 PM
Friday Squid Blogging getting comfy: Clash of the boomers...
Hmm • September 25, 2018 4:55 PM
"Here we go again with your very silly "strawman" argument, claiming things that I have not said."
A paraphrase is necessary, you tend to talk at length.
Agree or disagree but I think most would be forced to.
"It always comes down to this with you, you are at best a fantasist."
Yes, my account of what probably happened is so fantastic, I see.
"we don't actually have anything we can actually "test".
You do not have a security clearance and compartmentalized access, that's true.
We have to rely on what is reported and verifiable by that alone. Even so, it's plenty.
Their excuse is that flimsy and the series of circumstances that narrow.
The evidence is considerable even knowing what little of it we do. Whether absolute proof convinces you personally, it doesn't matter.
Yours is the opposite of that, based on conjectures and whatiffs and is-possibles.
You have no evidence. The video in this case speaks for itself, as do circumstances.
You want to not acknowledge it's very likely 100% true and you use skepticism as a crutch.
"Thus the question arises as to what personality defect is it that you have that makes you do this endlessly?"
A misdirected question I'm afraid. My analysis is shared by experts well read into this case.
I certainly am not attempting to upset you by stating what is factually reported already.
That shouldn't occur for that reason.
Hmm • September 25, 2018 4:56 PM
@ Conner
I thought I was still young and hip, dammit. Battle won, war lost.
Hmm • September 25, 2018 5:00 PM
"They're back in Russia. You don't have to worry about them being held to account.
NOBODY is rushing to justice, despite an innocent non-target woman dying of the WMD effects.
We're months after that now and nobody has been lynched or mobbed. CCTV and bad excuses on video."
-What of that is fantastic to you? Tell me.
Moderator • September 25, 2018 5:02 PM
@Hmm, please refrain from correcting other commenters' spelling and grammar unless errors result in misunderstanding. Variant spellings in British and American usage are common; some folks are dyslexic, some just don't spell well. It's rude and inconsiderate to shame people for spelling errors (real or imagined). Also, don't allow yourself to get so upset about the fact that Clive does not share your opinions on matters involving Russia, and refuses to bend to your rhetorical will. Your frequent outbursts are tedious and disruptive. Find a non-hostile way to debate, have your conversations with folks you don't feel the need to scream at, or find another place to rant.
Hmm • September 25, 2018 5:09 PM
The skeptic vs sceptic was a joke on the basis of UK/US rib-shotting.
I sure don't point out all the typos or misspellings nor would I for the purposes of demeaning someone, I understand everyone has their own language issues myself included.
So let me apologize for that.
"don't allow yourself to get so upset about the fact that Clive does not share your opinions on matters involving Russia"
I am not upset, I don't know why you would also think that other than Clive saying so.
"Your frequent outbursts are tedious and disruptive."
What specifically did I say that was more tedious or disruptive than usual? I want to know so I can stop doing it because I am genuine about your meaning there.
"your conversations with folks you don't feel the need to scream at,"
- I certainly didn't call anyone a fantasist. Nor did I complain about it.
So if there were any way for you to tell me what I said that offended I'd appreciate it.
Hmm • September 25, 2018 5:12 PM
I don't find my account fantastic nor do I find my pointing out there's no evidence of any other possibility present in the public milieu to be overtly disruptive as my intent.
I was actually told my @echo to stop "stating opinions as fact" - and I had not done so.
Clive jumped in right away after that. I responded. I don't see what I did exactly that was outrageous.
K15 • September 25, 2018 5:17 PM
Is there a store that sells locking devices for vehicles, a store that specializes in not going out of their way to make the devices insecure?
bttb • September 25, 2018 5:38 PM
From Democracy Now https://www.democracynow.org/2018/9/25/marcy_wheeler_rosensteins_ouster_would_not :
"....AMY GOODMAN: Rosenstein [Deputy Attorney General] has denied that he ever planned to record [i.e. wear a wire] Trump or weighed invoking the 25th Amendment [President unfit for that office]. He called the Times report “inaccurate and factually incorrect.” Some have said his remark about wiring the president was sarcastic.
To talk more about this and what it could mean, we are continuing with Marcy Wheeler.
What does this mean for special counsel Robert Mueller’s Russia investigation, which Trump has called a witch hunt? Marcy Wheeler is an independent reporter with EmptyWheel.net. Explain what took place, what unfolded.
MARCY WHEELER: So, New York Times story comes out, makes these claims, leaves out key details, such as that this discussion, whether it happened or not, happened after, for example, Trump admitted firing Jim Comey because of the Russia investigation, gave the Russians Israeli intelligence, had a chummy meeting with the Russians with no U.S. press there. And then this whole furor comes out of whether or not Rosenstein is going to be fired or not. Some discussion of that Friday between John Kelly and him. Monday morning, something we’ve seen in the past from John Kelly, which is reports coming out that somebody has resigned in an attempt to stave off a firing. And that’s critically important in the case of Rosenstein. And the press picks it up, as if he’s already resigned, and then reports from DOJ saying, “No, he’ll be forced to be fired.”
What happens is, of course, Rosenstein is overseeing Mueller’s investigation. He gets to sign off on indictments. He gets to sign off on the scope of the investigation. And if he is fired, then it’s not entirely clear who becomes Mueller’s boss. Probably it’s the solicitor general, but it might be the OLC head.
AMY GOODMAN: Because Sessions has recused himself.
MARCY WHEELER: Because Sessions has recused himself. Or Trump could then fire Sessions and rebuild his entire DOJ around getting out of this investigation. Who knows? We don’t know what’s going to happen. But the key point is, if Rosenstein resigns, Trump has more flexibility about who oversees Mueller. If he is fired, then—
AMY GOODMAN: But if he resigns, he can hold—he can put in someone for eight months without them being approved by Congress. But if he’s fired?
MARCY WHEELER: Then you go to the line of succession. So then you have the very conservative solicitor general, who’s not a big fan of special counsel investigations but who does believe that, under certain circumstances, the president can be criminally investigated.
JUAN GONZÁLEZ: But then there are questions as to whether the solicitor general would have to recuse himself. Why?
[...]
JUAN GONZÁLEZ: And what about the person who was supposedly the top law enforcement person in the land, Jeff Sessions, in terms of what he would do in the eventuality of Rosenstein leaving or being fired? Because he has said in the past that he would guess that he could not stay on if that happened with Rosenstein.
MARCY WHEELER: Yeah. I mean, three things. One is they have known that they’re under threat of this happening for a year, and therefore it’s clear they are thinking about succession patterns. We’ve seen Mueller kind of handing off parts of the investigation, whether indictments that have already been taken are sent off to other prosecutors. Michael Cohen is now cooperating with Mueller, but also with SDNY, the federal prosecutors here in Manhattan, and also with New York state. And all of those are investigations that would target Trump, and only the Mueller investigation would be affected directly by a Rosenstein firing.
And then the question you’ve got to ask is, if you could decide who would make better use of a 3-day warning that Rosenstein was going to get fired, would your money go on Trump, or would it go on Robert Mueller? I mean, he’s got three days to put into place plans of what’s going to happen if Rosenstein is fired on Thursday. I think that once Mueller got Paul Manafort’s testimony locked in, which happened about 10 days ago, I think, to some degree, it was too late for Trump to really completely undermine this investigation.
AMY GOODMAN: And do you think he did that because he was afraid something like this could happen?
MARCY WHEELER: Well, I think the timing of that was largely dictated by Manafort’s second trial coming up and by whatever else the prosecutor showed him about what was coming down the pike on the conspiracy case in chief. But regardless, you know, back in January, Trump was telling people, “I’m safe because Paul Manafort is not going to flip on me.” Paul Manafort has now flipped on him. And so, it may be too late for Trump to—short of shutting down the entire DOJ, it may be too late for Trump to completely avoid, if not him, then people like Don Jr. and Roger Stone being in serious trouble."
They go on to talk about Kavanaugh.
More on Rosenstein: https://www.emptywheel.net/2018/09/24/on-rosenstein-we-shall-see/
More on Kavanaugh: https://www.emptywheel.net/2018/09/25/brett-kavanaugh-it-depends-on-what-the-meaning-of-the-phrase-sexual-assault-is/
PeaceHead • September 25, 2018 6:19 PM
http://offbyone.com/offbyone/ob1_faq.htm
https://hearthis.at/protozone/voiceprint
Of Security Interests...
1) Allegedly, Donald Trump is a compound persona; an invention, a composite illusion based upon militay-grade illusionisms and regular old-fashioned propaganda and so-called "perception management". It's a high-profile marionette puppetry act with a heavy dose of ventriloquism and with a "none-of-the-above" type of demographic trail.
In my friendliest of opinions, the Donal Trump project and related administration and "operating system" needs to promptly retire into obscurity for the safety and sanity of geopolitics and national interests both domestic and diplomatic AS SOON AS POSSIBLE.
2) Allegedly, Mike Pence is at risk of being victimised by the same obscure cult that victimised me as well. He and his loved ones are advised to consult with the FBI cooperatively to assure a smooth and safe transition of powers in leu of the currently bizarre and dangerous circumstances which never ought to have occured.
3) Allegedly, The Central Intelligence Agency (CIA) does NOT exist. It is a linguistic phenomenon used to track gossip and speculation about yet not limited to intelligence agency actions or inactions. The term "CIA" is a keyword used to track conversations and dispositions. This is of course speculation and nearly impossible to verify. Consider this allegation to be gossip as well. Yet please consider the implications of this concept: discussion of certain ideas and topics may serve no other purpose than to be like "tracking inks" in linguistic form.
4) We honestly need to do more sharing of common-ground security infos rather than arguing with each other or baiting each other. I will try to also do less arguing or going off topic.
5) Some of the current biggest existential threats:
a) WMD's (weapons and technologies of massive destruction) of course
b) Rampant environmental degradation and destabilization of essential ecosystems. We still haven't yet recovered from the industrial revolution. Most modern technological trends can be proven to have been gigantic mistakes in terms of incompatibility with sustainable existence on Earth.
c) Injustices, crimes, and manipulations of social norms and formerly trusted institutions due to slavery to protocol and abusive exploitation
d) Accidental warfare due to miscommunication or any other non-desirable cicumstance.
e) Plagues due to sloppy and irresponsible customs and habits
f) Loss of intellectual and emotional freedoms and freedom of thought due to insidious technological invasions of the body and brain which undermine and destroy what it is to have autonomous free thought and independence of mind.
DARPA, your technological prospecting into transhumanistic neurology is a dangerous and damaging and non-desirable high-risk realm which puts billions plus lives squarely into the target areas of lingering NAZI worldwide problems. Please, halt your attempts to put so much technovulnerabilities into our metabolisms and DNA etc. I am not convinced that the technologies would benefit TBI (traumatic brain injury) survivors. It's a NAZI TROJAN HORSE. Please don't do it.
Organic stem cell tissue regrowth is a much safer and sane approach to healing and helping the wounded recover and improve.
g) Now is not the time for anything exotically dangerous. Now is not the time for danger whatsoever.
Maximal Peaceful Coexistence Is The Only Future With A Minimum Quantity of Stress And Distress And Severe Damages
h) Please HALT the Quantum Technological free-for-alls before our naturally occuring most critical infrastructure (the spacetime continuum) is contorted beyond it's own tolerances.
I will attempt to provide more helpful ideas and thoughts. I am just one person. I can't do so much, but anything progressive more than zero is worthwhile.
Peace be to all. Recovery and restoration are still possible.
Hmm • September 25, 2018 6:38 PM
"3. Allegedly, The Central Intelligence Agency (CIA) does NOT exist. It is a linguistic phenomenon used to track gossip and speculation about yet not limited to intelligence agency actions or inactions. The term "CIA" is a keyword used to track conversations and dispositions. This is of course speculation and nearly impossible to verify. Consider this allegation to be gossip as well. Yet please consider the implications of this concept: discussion of certain ideas and topics may serve no other purpose than to be like "tracking inks" in linguistic form."
https://theintercept.com/2018/01/19/voice-recognition-technology-nsa/
Andrew Clement, a computer scientist and expert in surveillance studies, has been mapping the NSA’s warrantless wiretapping activities since before Snowden’s disclosures. He strongly believes the agency would not be restrained in their uses of speaker recognition on U.S. citizens. The agency has often chosen to classify all of the information collected up until the point that a human analyst listens to it or reads it as metadata, he explained. “That’s just a huge loophole,” he said. “It appears that anything they can derive algorithmically from content they would classify simply as metadata.”
They have vays.
echo • September 25, 2018 7:38 PM
@other
A shoebox in the garden shed would be safer given the quantity of information the NSA et al have lost. Pho was just ahead of his time!
The funny thing is if bona fide journalists are genuinely publishing in the public interest having properly redated material after legal advcie and consultations in a funny kind of way the NSA et al may as well post everything to the media because they seem to be doing a better job of categorising information than the agencies themselves.
I strongly suspect GHCQ recruit for living in Cheltenham on must-be-braindead-to-accept pay levels to weed out anyone with initiative who may rock the boat not to mention investigative journalism is dead in the UK
Hmm • September 25, 2018 9:33 PM
I still believe I'm owed a response on whom I "screamed at" exactly and where.
That's an unreasonable read, and I've looked over what I said several times.
I call foul.
Weather • September 26, 2018 1:05 AM
Its a old exploit, but % at the 1022 header of PDF has a off by one bug,
Ratio • September 26, 2018 2:30 AM
(Some delayed items to avoid “piling on” again. How very considerate of me, if I may say so myself.)
AP Exclusive: Files show Assange sought Russian visa:
“I, Julian Assange, hereby grant full authority to my friend, Israel Shamir, to both drop off and collect my passport, in order to get a visa,” said the letter [Julian Assange wrote to the Russian Consulate in London on November 30, 2010], which was obtained exclusively by The Associated Press.
[…]
WikiLeaks has repeatedly been hit by unauthorized disclosures, but the tens of thousands of files obtained by the AP may be the biggest leak yet.
[…]
The AP couldn’t confirm whether or when the message was actually delivered, but the choice of Israel Shamir as a go-between was significant. Assange’s involvement with Shamir, a fringe intellectual who once said it was the duty of every Christian and Muslim to deny the Holocaust, would draw indignation when it became public.
[…]
[While Shamir told the AP he couldn’t remember the letter or say whether he eventually got the visa on Assange’s behalf, his] memory appeared sharper during a January 20, 2011, interview with Russian News Service radio — a Moscow-based station now known as Life Zvuk, or Life Sound. Shamir said he’d personally brokered a Russian visa for Assange, but that it had come too late to rescue him from the sex crimes investigation.
[…]
On Nov. 30, 2010 — the date on the letter — Interpol issued a Red Notice seeking Assange’s arrest, making any relocation to Russia virtually impossible. With legal bills mounting, Assange turned himself in on Dec. 7 and his staff’s focus turned to getting him out of jail. One WikiLeaks spreadsheet listed names of potential supporters arrayed by wealth and influence; a second one titled “Get Out of Jail Free” tracked proposed bail donations and pledges for surety.
Revealed: Russia’s secret plan to help Julian Assange escape from UK:
Russian diplomats held secret talks in London last year with people close to Julian Assange to assess whether they could help him flee the UK, the Guardian has learned.
A tentative plan was devised that would have seen the WikiLeaks founder smuggled out of Ecuador’s London embassy in a diplomatic vehicle and transported to another country.
One ultimate destination, multiple sources have said, was Russia, where Assange would not be at risk of extradition to the US. The plan was abandoned after it was deemed too risky.
[…]
Sources said the escape plot involved giving Assange diplomatic documents so that Ecuador would be able to claim he enjoyed diplomatic immunity. As part of the operation, Assange was to be collected from the embassy in a diplomatic vehicle.
Four separate sources said the Kremlin was willing to offer support for the plan – including the possibility of allowing Assange to travel to Russia and live there. One of them said that an unidentified Russian businessman served as an intermediary in these discussions.
The possibility that Assange could travel to Ecuador by boat was also considered.
Ecuador attempted to give Assange diplomat post in Russia - document:
Ecuador in 2017 gave Wikileaks founder Julian Assange a diplomatic post in Russia but rescinded it after Britain refused to give him diplomatic immunity, according to an Ecuadorean government document seen by Reuters.
The aborted effort suggests Ecuadorean President Lenin Moreno had engaged Moscow to resolve the situation of Assange, who has been holed up in the Ecuadorean embassy for six years to avoid arrest by British authorities on charges of skipping bail.
[…]
Ecuador last Dec. 19 approved a "special designation in favor of Mr. Julian Assange so that he can carry out functions at the Ecuadorean Embassy in Russia," according to the letter written to opposition legislator Paola Vintimilla.
"Special designation" refers to the Ecuadorean president's right to name political allies to a fixed number of diplomatic posts even if they are not career diplomats.
[…]
The letter from Ecuador's foreign ministry was a summary of 28 documents that were sent to Vintimilla in response to her request [for information about Ecuador’s decision last year to grant Assange citizenship].
Among those documents is a Dec. 4 letter from Assange in which he renounced his request for political asylum from Ecuador in preparation to become an Ecuadorean diplomat. The letter, which was seen by Reuters, said he ultimately planned to travel to Ecuador.
Vintimilla, who discussed some of the documents during a Thursday press conference, said Assange should lose his citizenship as a result of that letter.
Clive Robinson • September 26, 2018 4:54 AM
Zero Day, Microsoft Jet Engine
According to,
https://www.zerodayinitiative.com/advisories/ZDI-18-1075/
Microsoft have a nasty problem in their Jet Database engine. That MS have been unable to fix after 120 days.
I'm curious, not about the fact that an attack vector has been found, that as they say "happens to the best of us", but why it is MS have not fixed it in a third of a year...
Clive Robinson • September 26, 2018 6:25 AM
Riemann hypothesis solved?
Under the title,
The following article is presented,
Which appears to be a compleat downer on Michael Atiyah.
That said people are waiting to see the compleat documentation on the alledged proof. What we know of it appears to be somewhat tangential and even simplistic. But the hypothesis has stood for a century and a half thus a more conventional maths approach has had a century and a half to come forward, so conventional might not be expected to work.
So as normal we will have to wait for the evidence, then test it or atleast let others test it ;-)
But whilst solving the hypothesis might have a big effect on mathmatics, the reality as @Bruce notes is it's not likely to have much of an effect on Crypto.
Clive Robinson • September 26, 2018 8:19 AM
What Crazy had hit linux kernal
I'm seeing lots of frankly odd stories about the Linux Kernel development including claims that the person who stopped thr Intel RNG issue, has been booted out by people associated with Intel and NSA...
To be honest look for a head or a tail in this bag of snakes and I don't think you will find one...
Does anyone know what the real story is?
Alejandro • September 26, 2018 9:00 AM
@65535
Re: Firefox phones home, a lot.
The process I used to clean up was:
1: "about:config" in the FF address bar, enter
2: "http" in the search bar, all entries with "http" will appear
3: if http is in the "value" column, on the right, click it.
4: choose "modify"
5: hit backspace to clear the value entirely, go to the next
6: Over and over and over again.
Most of the values are to mozilla.org which may be for help tips, real or imaginary protection OR for "telemetry" which doesn't connote well to me.
Looking at the before and after network monitor log, before doing this FF was constantly connecting to AWS addresses usually in the 52.x.x.x and 54.x.x.x range, but others also.
I started firewalling them, but there was just too many to make separate block-outbound rules for each one. Then, when I started trying to guess a range for the firewall rule, the rule would block stuff I really wanted to see, maybe even amazon.com.
The problem is, there is no good way to match ip addresses with urls in the amazon aws system. Looking at a single address with Whois will usually only return that it belongs to Amazon, no url. Meanwhile, if you are lucky enough to have a url, it may have multiple varied ip addresses and ranges and in any case there are only one or two sites I have found that can even get you that far.
SO, I blasted away all rules with http in the FF config. No doubt many of them are truly helpful. Also, no doubt some of them are merely telemetry to spy on what you are doing.
At this moment FF seems to be doing fine, minus some help tips. I am good with that.
I remember some blog about a year ago with FF developers who addressed the FF telemetry issue. As I recall he/they took the position something like, "we are going to do it, if you don't like it, too bad".
Yes, it is too bad.
(thanks for asking about this, I would have took better notes if I knew someone was actually interested in this.)
bttb • September 26, 2018 9:28 AM
ianal, but this could be noteworthy: “If the court were to find that states have no right to prosecute a crime the Feds could not prosecute, then simple pardons out of the Oval Office, and Mr. Trump’s family problems go away.”
From https://www.emptywheel.net/2018/09/24/on-rosenstein-we-shall-see/#comment-752215 w/following comments and w/o indentation:
“James
September 25, 2018 at 6:41 am
My first time commenting. I’ve read for some time, but thought to dip a toe in the water over something I’ve not seen discussed here.
This is the first case up to bat for the Supreme Court, which might be why the GOP is pushing so hard to get Judge Kavanaugh confirmed to the high court. Via Twitter:
Thanks to @nastyproud for this heads up.
Orrin Hatch filed a friend of the court brief for Gamble vs the United States.Thats the case that would end state’s rights to prosecute crimes that the federal govt has tried? Y’all need to get this out https://t.co/7pUUcVUZQA [ https://www.supremecourt.gov/DocketPDF/17/17-646/63337/20180911145348110_17-646%20tsac%20Senator%20Orrin%20Hatch.pdf (pdf)]
If the court were to find that states have no right to prosecute a crime the Feds could not prosecute, then simple pardons out of the Oval Office, and Mr. Trump’s family problems go away.
Reply
bmaz says: September 25, 2018 at 8:52 am James – Welcome to Emptywheel! Comment often and get involved. As to that Hatch case, I have to admit I was not aware of it previously, so thank you. Reply
Trip says:
September 25, 2018 at 9:24 am
Oh, no.
Reply
Doctor My Eyes says:
September 25, 2018 at 9:50 am
Looks like a spot-on analysis of the situation. It’s surprising that this hasn’t been stated here more clearly before now, although I did learn on this site a while back that this case was coming up. My point is that it seems deeply true that while “our side” (to use a sloppy shorthand) focus on facts, due process, and fairness with a fair amount of distraction on personalities, “they” focus quite clearly on the levers of power. We look for truth and they look for power. I do think we could better resist them if we could remember more clearly that this is ALL they care about and always the end goal of their words and actions. Pointing out their hypocrisy or becoming apoplectic over their unfairness is generally as much a waste of time as speculating about Trump’s thinking or “feelings”. Of course, they will lie, cheat, and steal. Of course, they do not care two figs about democracy. I’m not sure how to flesh this thought out further, but I’ve been noticing it for a while now.
Reply
earlofhuntingdon says: September 25, 2018 at 10:08 am Precisely. The Goopers, backed and personified by billionaire bucks, play a complex, detailed, persistent, ludicrously well-funded long game. They seek to control the fulcra and levers, all the bottlenecks. They know the rest of the political geography will conform to whomever holds those. Dems lurch poll to poll, election to election, shackled to consultants, a leadership, and a pay-to-play system that sometimes favors the GOP’s priorities more than the nominally Democratic ones... "
bttb • September 26, 2018 10:15 AM
Michael Moore has a new film out:
https://www.youtube.com/watch?v=JXCUPS2LETg ; Fahrenheit 11/9
https://trailers.apple.com/trailers/independent/fahrenheit-11-9/
https://theintercept.com/2018/09/21/michael-moores-fahrenheit-119-aims-not-at-trump-but-at-those-who-created-the-conditions-that-led-to-his-rise/ ; Glenn Greenwald review
From https://www.democracynow.org/2018/9/21/michael_moore_are_we_going_to :
“I took this man [Trump] seriously from the beginning, and I’m here and I’m telling you now that he has his plans for the way he’d like things to be. He has no intention of leaving the White House. He knows he cannot be indicted. He knows the Constitution won’t allow Mueller to indict him. He can be an unindicted—not co-conspirator, but he’ll be an unindicted criminal. But he doesn’t think he’s going to be impeached. He’s going to call it all rigged. Even if he loases the 2020 election, he’ll say it’s rigged.
He has plans for calling off the election. Republicans last year were asked, “If he wanted to postpone the election because of all of these 'illegals' that are voting”—you know, if Hillary got those 3 million “illegal” votes—”would you support him postponing the election?” Fifty-two percent of Republicans said that they would support Trump postponing the 2020 election. We have to get serious about this, and we have to be real.
And if I could just tell you one last story, I tried to convince Steve Bannon to sit down in front of my camera so I could ask him some questions. He said, “Well, I’ll need to talk to you first. Let me come by, and we’ll see.” And he came over to my production office, and I sat there with him for two hours, talking to him. And I said, “Just tell us, really, how did you pull this off? How did you and Trump outsmart maybe the smartest candidate ever to run for office—just on pure IQ alone, perhaps, one of the smartest?”
And he said, “Well, I have a very easy answer for you. Our side, we go for the head wound. Your side, you like to have pillow fights. And that’s why we’ll win. Even though I agree with you”—as he says to me, and as I show in the film—there’s more of us than there are of them. He’s not afraid of that, because they’re fighters, and they will stand up, and they will fight for the things they believe in. And they know we will back down, and we will compromise, and we will say, “OK, Obamacare is OK, even though it’s not really universal healthcare. Yeah, we’ll go along with that. You know, we’re just happy that our kids can be covered until they’re 26.” And we just rationalize all this stuff.
And they know that about us, and they know how to defeat us with that. They have no intention of going away. And this is the angry white man party. And they know their days are numbered, because this nation right now is almost 70 percent either female, people of color or young adults between the ages of 18 and 35, or a combination of those three things. That’s America. They know it. They know their days are numbered, and they’re going to try to grab whatever they can, before—
AMY GOODMAN: And suppress the vote.
MICHAEL MOORE: And suppress the vote, and gerrymander it and do whatever they can—pack the Supreme Court—whatever it is, they’re going to try and do it, because they know we will not put our bodies on the line to stop them…”
I found the quote from Bannon, above, interesting. Brexit and the election of Trump were helped by Bannon and all; perhaps some countries might learn from other countries mistakes.
echo • September 26, 2018 10:20 AM
@Clive
Following your comments about academic politics and lack of iagination and curiosity in the other topic I thought I would posta minor update on the EHRC as this is a general topic.
I contacted the EHRCto complain I had heard nothing. The shortversion is the receptionistI have been stuck with (regardless of which number I phone) insisted I had received a response. I told them I had received everything else off them but not this. When they again tried to insistI had received it I had to point out I actually had not. I was then told a requestto reissue their response would be forwarded. My question as always is when?
I told them I had been advised to bring a judicial review against the EHRC and was actively planning to claim asylum in another EU member state but this hit the brick wall.
I have completely lost faith in the UK and people in general. as and when I receive their response (hah hah) I'm not sure wI want to read it. I'm expecting the same officious hairsplitting box ticky throw you on the scrapheap and go away and die attitide as the rest of the state sector.
Ratio • September 26, 2018 12:01 PM
Skripal Suspect Boshirov Identified as GRU Colonel Anatoliy Chepiga:
Bellingcat and its investigative partner The Insider – Russia have established conclusively the identity of one of the suspects in the poisoning of Sergey and Yulia Skripal, and in the homicide of British citizen Dawn Sturgess.
Part 1 and Part 2 of Bellingcat’s investigation into the Skripal poisoning suspects are available for background information. In these previous two parts of the investigation, Bellingcat and the Insider concluded that the two suspects – traveling internationally and appearing on Russian television under the aliases “Ruslan Boshirov” and “Alexander Petrov” – are in fact undercover officers of the Russian Military Intelligence, widely known as GRU.
Bellingcat has been able to confirm the actual identity of one of the two officers. The suspect using the cover identity of “Ruslan Boshirov” is in fact Colonel Anatoliy Chepiga, a highly decorated GRU officer bestowed with Russia’s highest state award, Hero of the Russian Federation. Following Bellingcat’s own identification, multiple sources familiar with the person and/or the investigation have confirmed the suspect’s identity.
This finding eliminates any remaining doubt that the two suspects in the Novichok poisonings were in fact Russian officers operating on a clandestine government mission.
While civilians in Russia can generally own more than one passport, no civilian – or even an intelligence service officer on a personal trip – can cross the state border under a fake identity. The discovery also highlights the extent of the effort – and public diplomacy risk – Russia has taken to protect the identities of the officers. President Putin publicly vouched that “Boshirov” and “Petrov” are civilians. As it is established practice that the awards Hero of the Russian Federation are handed out by the Russian president personally, it is highly likely that Vladimir Putin would have been familiar with the identity of Colonel Chepiga, given that only a handful of officers receive this award each year.
Uh-oh.
Clive Robinson • September 26, 2018 12:29 PM
@ bttb,
With regards,
It was once pointed out to me when I was in a less northerly part of the US many many years ago that,
It's time some people considered the third option with the likes of those who give Bannon and co house room... After all why bother with "head wounds" when all you needs is a shovel and with just a twitch, then twenty to forty minutes and job done, the average IQ in the US has gone up a fraction...
Hmm • September 26, 2018 1:07 PM
@Ratio
Certainly let's remain skeptical, they might just be really shy.
Who hasn't made up a fake name and fake ID to hide special forces service when on vacation?
Everyday tourist stuff.
Bong-Smoking Primitive Monkey-Brained Spook • September 26, 2018 2:32 PM
@Ratio:
What's the matter, atomic clock broken? Happens in the best families. If I was you, I'd think there is a Ruskie in The Browser that added, say: 15 seconds of delay! Check your CPU and network usage ;)
Ratio • September 26, 2018 3:00 PM
@Hmm,
Everyday tourist stuff.
I know, right? This is how I always travel in pairs, allegedly. ¯\_(ツ)_/¯
@Bong-Smoking Primitive Monkey-Brained Spook,
If I was you, I'd think there is a Ruskie in The Browser that added, say: 15 seconds of delay!
Grrr, those Russkies…! This time they’ve really gone too far!!!
Clive Robinson • September 26, 2018 4:46 PM
@ Ratio,
Uh-oh.
Yup
If this bit is true,
And it can be checked independently to a satisfactory level, which it appears to have been with,
Then Russia has "over played" it's hand, and been caught in a verifiable lie. Which is actually the sort of evidence prosecuters like even better than confessions. Especially as in effect it's direct verification of a crime in it's owm right (traveling under false documentation, unless Russia comes up with the equivalent of a "deed poll" as a legal deed of name change, which they could do, if their legal system alows this). With the potential for "fraud" charges as well, then there are false declarations at a boarder and no doubt a small heap of other charges that would now meet the requirments to procead to court.
I guess the real / original identity of the second person is the next most likely thing to come out. Unless the UK releases something else.
The problem is it does not realy move us forward to a court case as it's unlikely that either person will come out of Russia any time soon. Which brings up the question of DNA / fingerprints and does the UK have them and will Interpol "Red Notices" stay open.
Unlike Russia the UK does not have legislation in place for extra territorial executions. Nor does the UK have "snatch" legislation even for it's own citizens, it uses the International court system for such actions and trials.
But as the article notes Putin has slipped up as well, which is unusual to say the least of it. Not that it realy matters much in the big scheme of things.
As I said it will be intetesting to see what bit of evidence comes out next. We know that the two can be placed in the vicinity, but it's not "publicly known" yet if the UK authorities can place the pair at the door stop or not, or at the place the alleged nerve agent container "scent bottle" was dumped. Whilst we have a "smoking gun" it would be nice to have finger print and DNA evidence on it or wrappings etc. (which there might be but has not been made public).
echo • September 26, 2018 5:32 PM
@Clive
This is a feint memory but I remember when the US threatened snatch squads the then UK Prime Minister John Major threatened thatif US snatch sqauds were used against the UK he would to send in the SAS as snatch squads in return. We didn't hear much about snatch squads after then!
@Ratio
This is disappointing if verified to a credible standard. As for the rest of the case this is obviously work in progress.
From what I read anyone with enough money can buy access to passport and phone records in Russia. Other issues aside this is a worrying level of corruption.
TheUK has its own abuse and corruption issues espeically with regard to human rights and discrimination and access to justice among other thing. However bad things might be in Russia I am really sick of UK politicians bad behaviour and sweeping this under the carpet.
Ratio • September 26, 2018 10:00 PM
Quick transcript of BBC Newshour audio fragment (3:16):
Roman Dobrokhotov (Russian journalist and editor-in-chief of The Insider): Anatoliy Chepiga also was born in 1979, as we learned about “Boshirov.” He served in [the] GRU, which is Russian Military Intelligence, and he… First, he served in Chechnya, during [the Second] Chechen War in [the] early 2000[s]. Then, he moved to Ukraine, where he participated in this military invasion, and he even became [a] Hero of Russia. This honor [is] usually given directly from [the] President. And usually [the] President meets with Heroes of Russia when giving this award. That is the part of [his] biography that was hidden for us before, and what happened next we already know: that he then graduated from [the] special academy for GRU agents, and got [a] second name (“Ruslan Boshirov”), and went to Europe, and participated in at least several operations that we know about.
Host: Is it unusual that an agent would use the same false name, the same assumed identity (in this case you’re claiming it’s “Ruslan Boshirov”) time and time again? Because wouldn’t that make it easier for the authorities, in this case in Europe, to join the dots?
Roman Dobrokhotov: Well, that is very strange, because also we know that he went to Britain with a business visa, and that is very difficult to make it. You have to have a lot of papers proving that you really have [a] business. And he didn’t have any business, and it was very easy to check that he has no biography. So our theory is that our security services—Russian security services—obtained some access to [the] British Embassy, and the next part of our investigation will be dedicated directly to this topic: how Russian security services managed to manipulate [the] British Embassy to make their agents get to British ground.
Host: So that’s the next part of your investigation, you say, that you’re going to be publishing, or you’ve already got this evidence …
Roman Dobrokhotov: Yes. Yes. We already have evidence, and we’re going to publish it, I think, next week.
Host: Right. Which will show that somehow British visa systems were manipulated in order to get this man a business visa, which isn’t easy to come by if you’re coming from Russia.
Roman Dobrokhotov: Yes. Yes. It isn’t just, like, manipulation, in terms of, like, they changed their documents some way. It’s just, like, direct influence that Russian security services had on those people who were, like, participating in this scheme of making visas.
Host: Right. I mean, that’s—I realize that’s going to be next week’s scoop, but that’s quite alarming if you’re saying there’s influence that’s being wielded here.
Roman Dobrokhotov: Right. Right. That’s absolutely alarming and very surprising, even for us. And I guess for British citizens, either[?].
Nemtsov fired first • September 26, 2018 10:42 PM
Oh yes, we still must require DNA and fingerprints and certified polygraphs and homing beacons and 3d doppler radar modeling and satellite photography and camouflaged officers hiding in trash bins ready to DNA test deposited wads of chewing gum.
That's the only way to be at all sure what happened here.
Just finding two obviously lying Spetsnaz with forged documents walking around the Novachok murder scene on video, and noting that Putin personally decorated them with the Order of Lenin AND personally vouched for them as "mere tourists" with a huge grin, all of this still leaves open the possibility that it's an elaborate frame-up by Boris Johnson to make Russia look like they execute former spies with WMD's on UK soil.
After all wo knows, maybe Alexander Litvinenko swallowed Polonium and died horribly for the same motive, to frame Russia. I guess we can never be sure.
/Sar_____________________________________________________________________chasm
eek! • September 26, 2018 11:21 PM
Roman Dobrokhotov: Yes. Yes. It isn’t just, like, manipulation, in terms of, like, they changed their documents some way. It’s just, like, direct influence that Russian security services had on those people who were, like, participating in this scheme of making visas.Uh-oh.
Host: Right. I mean, that’s—I realize that’s going to be next week’s scoop, but that’s quite alarming if you’re saying there’s influence that’s being wielded here.
Clive Robinson • September 26, 2018 11:48 PM
@ Nemtsov fired first / Hmm?,
How's the foot covering itchy?
Oh did you hear about the third couple in the news because they went to hospital in Salisbury?
A UK "red top" made a big online splash with it, now... 404.
That's yet another reason to wait / check evidence rather than be a "half cocked starter".
"You'ld have thunk" people would have started to realize that when it comes to supposed "intelligent agency" stupidity knows no bounds with not just Z list types.
I guess "Patience is a virtue" is lost on some, likewise "beyond reasonable doubt", even "jump in with both feet first"
Nemtsov fired first • September 27, 2018 12:37 AM
"but medics quickly established they had not been the victims of a nerve agent attack."
Obviously 1:1 comparable.
Patience is a virtue, dithering in sub-credible false doubts is undefined.
Correction: • September 27, 2018 1:16 AM
Putin personally decorated "Boshirov" with as "Hero of the Russian Federation" in 2014.
Not the "OoL" but somewhat quite related.
I mildly enjoy how it takes him three times to understand the Russian word for "civilians"
Of course they're civilians. Putin said so personally, he would know.
Clive Robinson • September 27, 2018 5:39 AM
@ Nemtsov fired first / Hmm?,
How's the foot covering itchy?
"but medics quickly established they had not been the victims of a nerve agent attack."
And how did they do this?
They looked for "evidence" which they then "tested" and found that contrary to what was being portrayed, the couple were not poisoned by nerve agent.
What is it I say people should do, "Wait for the evidence and test it"...
So you try to use the fact that people have done this, as an argument I'm wrong... Hmm where's the logic in that?
But worse some idiot jumped in with both feet first at a red top online site and then had to cover up their rash and embarrassing action by removing the article from public viewing...
Just one reason I say "wait for the evidence and test it". Which again confirms my view point is valid, and your "go off half cocked" with accusations is not.
Now you appear to be congenitaly incapable of understanding this and lead a fantasy life or you are a troll.
Either way your behaviour can and has been seen by many to be not just "rash" (Trump is still in office) but "embarrassingly" so (list of quotes without meaning, newspaper articles that can be shown to be wrong etc).
What you appear to fail to understand is that "method and process" are not the same as "belief" and have frequently conflated them.
Thus you go off at best imprudently half cocked, effectively tilting at windmills. You then compound it by going into denial and failure to realise you got things grossely wrong. You repeatedly made claims that were against method and process (treason) and after much pushing I gave you a considered belief that President Trump would still be in the White House come midterm elections. As the mid terms have approached and Trumps is still in office, you have thus throw up spurious or strawman argument. And when that fails you resort to childish behaviour.
You get repeatedly warned but your behaviour changes not a jot. So you resort to "sock puppetry" in the vain hope it will go unnoticed by @Moderator. But you change neither your basic writing style or argument style.
It would be amusing but for the fact it is a Denial of Service attack on this blog, and has been ever since President Trump manipulated the weakness of a two party political system and gained the Republican nomination. Which eventually gave him his place in the White House due to the faillings of what many Americans have claimed is "the most democratic of democratic processes". Which I would suggest from your behaviour you now vehemently disagree with.
So rather than wasting your time trolling, why not go out and actually do something to change the US Political Process?
But you won't will you? Because you don't have "the right stuff" do you?..
I suspect you will now try to blaim someone else who disagres with your fragile fantasies, for your errant behaviour. But it should by now be clear it's all you, and you alone. Based I suspect, because you cherish your fantasy, and find any disagrement an afront to your apparent narcistic ego.
JG4 • September 27, 2018 5:56 AM
Thanks for the helpful discussion. Not sure if anyone else noticed the mockingbirds harping on nuclear power very recently. I'm on the fence myself, but I see a coordinated media campaign. The reason that I mention it here is that I managed to connect a few dots. The level of safety that I expect in nuclear power systems is at the level of mathematical certainly, e.g., the proofs in group theory that someone generously posted. The systems should fail-safe even when multiple subsystems are compromised. Clive and Nick P have done a good job of saying that if you can't prove that your system is secure - in the sense of mathematical proof - it isn't. It certainly is necessary that the software be secure in the sense of performing the intended function and only the intended function, but not sufficient. The hardware also has to be reliable in the sense of not being riddled with undocumented features that can be triggered at will. Claude Shannon would be right at home with these topics, because he formalized the connection between systems of arbitrary reliability based on components of arbitrary unreliability. Security is a form of reliability and it is only relative.
https://www.nakedcapitalism.com/2018/09/link-9-26-18.html
...
AP Explains: The US push to boost ‘quantum computing’ Associated Press
Walmart to salad growers: If you want to sell, you have to blockchain Los Angeles Times (David L)
...
Big Brother is Watching You Watch
Honeywell’s ‘smart’ thermostats had a big server outage and a key feature stopped working entirely — and customers were furious Business Insider (David L)
Why I’m done with Chrome A Few Thoughts on Cryptographic Engineering. EM: “Calls attention to classic dark-pattern UI design by Team Google, one of Lambert’s favorite (if that’s the appropriate term) web-related topics.”
Revamp of Google Chrome web browser risks new EU scrutiny Telegraph. One can only hope.
...
echo • September 27, 2018 6:55 AM
@Clive there are certainly to many race to the finish merchants with more imagination than sense.
I wouldn't treat this material as more than prelimary. It's intriguing but you need to be sure it's not just a passing resemblance. My eyes and judgment and experience are not good enough to know what I am looking at. I am not aware of any "offcial" source which has verified this evidence and I refuse to lean on a breathless agitation website. I don't discriminate so if the data is good the data is good so I think I'm being fair with this.
Clashes and even unlikely clashes can occur especially with large population samples. This is one reason why the weight of DNA evidence was downgraded.
The case is much more than this single item and we don't have enough certainty to rush to judgment on the rest of the allegations.
echo • September 27, 2018 7:13 AM
I'm afraid this case is a classic case of organisation issues, poor training, and error of judgment. I have seen this so many times with the state sector. While a man would lean on their "authority" and bluster their way through and to some degree "get of"because of an inherent bias to authority women have a nasty habit of beign subjective and defending the organisation and being in denial.
I have experienced instititional abuse because of issues like this. The trauma of the flashbacks is intense and very disabling. Just trying to explain this to people in these organisations is next to impossible which just magnifies organisational stupidity in a cycle of increasing abuse.
I may make myself very unpopular but the interaction of women who cannot properly manage authority and lazy men is a clearly identifiable problem at the initiative/communication level.Organisations and individuals are blind to this and nobody makes use of the large body of academic research which has accumulated.
Much like the De Menzies case this is an issue of bad leadership and poor communciation and inadequate evaluation of the available evidence.
UK state organisations are very very poor atdealig with exceptional and none routine issues. It seems th "lessons learned" because the victims are always on the wrong side of a public enquiry and the lessons areneverreally learned because theystop looking very deeply once the enquiry is over.
bttb • September 27, 2018 8:07 AM
From Susan Landau, https://www.lawfareblog.com/five-eyes-statement-encryption-things-are-seldom-what-they-seem :
"The Five Eyes Statement on Encryption: Things Are Seldom What They Seem
Earlier this September, law enforcement officials from the Five Eyes intelligence alliance—made up of Australia, Canada, New Zealand, the United Kingdom, and the United States—met in Australia and issued a Statement of Principles on Access to Evidence and Encryption. The statement is strongly worded, concluding with a warning that if industry does not make it easier for governments with lawful access to content to acquire decrypted versions, the nations “may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.” Though the statement has garnered much public attention, there are a number of curiosities about it, and I believe there is much less here than it seems.
There's a bit of a backstory to the statement, which came out from the law enforcement ministers of the Five Eyes just as the Australian government was about to put forth a bill requiring companies to circumvent encryption protections in order to provide law enforcement and intelligence with lawful access to encrypted devices. U.S. law enforcement has pressed hard for such access, and the Australian bill may well be a stalking horse for the rest of the Five Eyes. Australia is the perfect candidate: the country’s lack of a comprehensive set of human rights protections means that Australia does not face the balancing requirements of privacy and civil liberties protections that the U.K. and U.S. do. And if the Australian bill moves forward, U.S. law enforcement may use their doing so to push forward their own legislation along similar lines.
But the bill is not only highly invasive of privacy—it ignores technical realities as well as what is really needed for security. While the statement is an effort to show support from the Five Eyes for the legislation, this support is missing a crucial player: the intelligence agencies..."
Clive Robinson • September 27, 2018 9:10 AM
@ echo,
While a man would lean on their "authority" and bluster their way through and to some degree "get of"because of an inherent bias to authority women have a nasty habit of beign subjective and defending the organisation and being in denial.
I listened to part of her statment, I would say that from the bit I heard she was neither in denial or blustering.
In short her message was Grenfell should not have happened. The reason being fire regs etc, that others not just willfully ignored but self signed off on via ALMO's etc.
She runs a very resource limited organisation, therefor she has to devote resources to the expected not what should be at best highly improbable (she made comment about the space shuttle landing on the shard as an example of improbable).
Without actually saying it she made it clear that the people to blaim are government ministers and it takes little second guessing to realise the person chiefly to blaim is the current UK Prime Minister and the previous PM and chancellor. Which should make reading todays "Evening Standard" a hoot as that Chancellor is now it's editor...
Sadly she is possibly looking at the end of her career because she's "Not played the game the way she is supposed to" which is "blaim the victims"... In the grand neo-libetarian method Where those at the top are perfect whilst those at the bottom are thoroughly imperfect. That is work shy, shifty, or imbecilic etc, thus can be blaimed as failures in life. Which means by neo-lib logic the victimes must be 100% to blaim for any fate that befalls them even being struck by lightning or meteorites, falling scafolding, terrorist attacks, being shot by bank robbers and other criminals, etc, etc...
echo • September 27, 2018 9:58 AM
@Clive
I half agree with you. Thereis a problem within the state sector that it lacks leadership and is inflexible and doesn't make the case for itself. At the same time it contains the faults and failings of any organisation.
I'm sorry Clive but they did have the sepcialist knowledge which an earlier media report covered. The individual fire officer didn't believe it would spread beyond two flats hence their slow response.
I think you're missing the complete interactions of the system and how different perspectives interact. Yes it always boils down to money but involves a range of other factors all interacting and feeding back into each other. Like a lot of UK state issues the "gold standard" is anything but and done on the cheap butatthe same time individuals and organisational issues don't exactly sell themselves and can be too compartmentalised and inactive when it comes to changes with respect to other nodes in the system. This problem isn't just limited to this single incident but replicated across almost all of the state sector. People keep blaming "the system" but thesystem is an act of desing with nobody taking responsibility for improving it or when someone does everyone else pushes back. Ultimately this comes down to a leadership issue.
As for the EHRC I'm complaining again. Yes, a second time. Not only did they disrespect me and trample all over "reasonable adjustment" necessary due to PTSD among other things including some legal duties before we had begun but low level staff are insisting I havea copy of their reply to my complaint. I really think the one person who knows whether I do or not is me. Their "resend" did not happen and being gaslighted a second time really isn't creating a good impression of this organisation.
I think I know what is happening here. OFCOM once pushed in my face they don't deal with the public when actually was not true. The EHRC is likely expecting an MP or NGO or lawyer to request a strategic legal case which is why they are treating me like an "Oi you" and compounding the issues which are the reason for me making the request in the first place.
Sadly she is possibly looking at the end of her career because she's "Not played the game the way she is supposed to" which is "blaim the victims"... In the grand neo-libetarian method Where those at the top are perfect whilst those at the bottom are thoroughly imperfect. That is work shy, shifty, or imbecilic etc, thus can be blaimed as failures in life. Which means by neo-lib logic the victimes must be 100% to blaim for any fate that befalls them even being struck by lightning or meteorites, falling scafolding, terrorist attacks, being shot by bank robbers and other criminals, etc, etc...
This isn't just the neo-liberal system. This is an easy excuse. This is Britian in a nutshell. It is a choice. The Burkian doctrine of the state.
Clive Robinson • September 27, 2018 10:06 AM
@ bttb,
There's a bit of a backstory to the statement,
That as they say is "A bit of an understatment".
As I've mentioned here once or twice before, the US policy since Louis Joseph Freeh was the Director of the FBI back in the 1990's has been to get some other country to implement laws that the US Public would not accept. Then use that as leverage any which way they can till they succeed despite all contrary evidence that the policy is not just highly undesirable but just will not work.
Director Freeh, did several "whistle stop" secret briefing tours around the White Anglo Saxon Protestant nations including the Five-Eyes and was basically told to get stuffed, so he tried it with Europe and got a similar response.
As far as I can tell he was the first FBI Director to push "the disaster going dark" line, even though it has repeatedly been shown to be compleate BS.
But Freeh is a rather unpleasent neo-con who thought little or nothing to releasing FBI files on Puerto Rican political activists. Thus nearly 100,000 pages have been released and are being catalogued by the Office of Legislative Services of Puerto Rico... I dred to think what the final out come could be.
He was also recomended to be censured for a minimum of mismanigment over an enquire into an FBI shooting. Basically his view was that the FBI sharp shooter who committed murder should not have even been charged and, he was basically instrumental in interfering in due process.
Then there was Waco, he quite deliberatly withheld evidence and was running yet another cover up. Janet Reno had to send in the US Marshals to get evidence he was quite deliberatly witholding, some of which he is believed to have alowed to be lost/destroyed.
Then there was TWA Flight 800, where he illegaly blocked the NTSB from interviewing witnesses.
Oh then there was the Wen Ho Lee case of such monumentaly vial behaviour by the FBI that the judge who tried the case said to Wen Ho Lee, "Dr. Lee, you were terribly wronged by being held in pretrial custody in demeaning and unnecessarily punitive conditions. I am truly sorry.". The judge further went on to say the top decision makers in the case "have embarrassed this entire nation and each of us who is a citizen of it.". A Justice Department report of the investigation of Lee said that Director Freeh and the whole FBI involved had "bungled" the case from start to finish...
The list of his unplesantness, personal, political, administrative, and undesirability in general goes on and on...
With that sort of pedigree setting the agenda that has been followed ever since, you can get a general idea of what those in power think.
But the important take away is, "For people like that, there is absolitly no downside to trying the same failed idea over and over untill they finally find some method of getting it through".
They are to put it mildly "scum of the worst form" and encoraged to be so by others who more generally try to keep their dire neo-con and neo-libertarian motivations hidden from public view. As they lead to disasters like the invasion if Iraq where "useful idiots" like George W. Bush and worse Tony Blair become their willing enablers. The result enrichment for the neo-cons and body bags dire national debt for the rest of us and uncountable deaths, injuries and worse such as encoraging terrorism of the most barbaric forms...
Clive Robinson • September 27, 2018 10:26 AM
@ echo,
The case is much more than this single item and we don't have enough certainty to rush to judgment on the rest of the allegations.
Oh I agree, with the propaganda we have seen today --which I fully expected for obvious reasons-- contrary to what others have said it's desirable to have as much of a chain of evidence as we can get.
People just pointing and saying "It must be 'im wot dun it" does not cut the mustard when it comes to getting justice for not just the victims of what happened in Salisbury, but also getting the other cases where Russian's in the UK have died unexpectedly and the police have for a number of reasons failed to investigate the deaths properly.
I suspect the only way it will happen is via "the domino effect" where one investigation provides evidence etc for the next and so on. Provided of course we can stop certain political and administrative persons running inyerferance, which unfortunatly we have both witnessed on more than one occasion.
Moderator • September 27, 2018 11:06 AM
@Clive, enough with the psychologizing. @Clive and @Hmm aka @Nemtsov et al., please discontinue discussion of this subject and mutually disengage. The sockpuppetry hasn't gone unnoticed, but is obvious enough to anyone who cares that there hasn't seemed any need to intervene until now. @Hmm aka @Nemtsov et al., no more socks, please.
echo • September 27, 2018 12:41 PM
@Clive
Yes and I susepct this is why I was hammered to prevent me getting to court and why I may need to leave the UK to get justice. Some cooling of chatter seems to be the order of the day so I won't test #moderators patience with this.
Hmm • September 27, 2018 2:50 PM
@Moderator
I've disengaged on the topic as you request/demand, but @Clive acting like a tag-team wrestler (and attempting to then referee and moderate in the next breath) is an ongoing issue beyond this one topic of discussion.
I hope you're seeing that intent to control conversations and shut down lines of discussion.
Nemtsov fired first was my play on Han fired first. As you say, it was obvious.
The idea that Putin's goons possibly killed him in self defense was the unstated punchline.
I was attempting levity. You're right, some might be "confused" and so I won't do that.
My point was proven and I had already disengaged before Clive decided to attack me personally.
I'm not one to dither in false characterizations with sub-honest people no matter how eloquent.
Sometimes I can be brusque. That's my fault. But I maintain I "screamed" at nobody.
I felt the need to correct some characterizations that are not factual. I still do.
On this topic, I have said my piece and I appreciate the minor elbow room to do so.
Attempts by some to make your @moderator decisions "for you" seem obvious as well.
I would think that sort of thing might also need to be addressed lest it also repeat.
Thank you for allowing such less-structured conversations in your "living room" - I think the overall benefit of the debate still outweighs the occasional argument or confrontation.
bttb • September 27, 2018 2:58 PM
emptywheel on Kavanaugh [nominee for Supreme Court] (ongoing hearing now with Kavanaugh testifying), may be worth listening to, or watching (pbs.org, npr.org, c-span, etc., fox?) from https://mobile.twitter.com/emptywheel/status/1045396188495851525 :
"Kavanaugh has his douchebag voice on. I don't think this is going to help him...
K: You have replaced advise and consent with search and destroy. Says the guy who insisted on asking Clinton if he ejaculated in Lewinsky's mouth...
As Kavanaugh boasts about keeping calendars remember he refused to check his email to see if got explicit mails from Kozinski...
Now Kavanaugh making up stuff...
"This onslaught of last minute allegations does not ring true." Except it sounds like every other page of Mark Judge's autobiography...
Again, the guy who demanded that the President answer whether he ejaculated into Monica's mouth is angry people read his yearbook...
HAHAHAHA. Ken Starr's sex interrogator never imagined that sex would come up in a lifetime job interview..."
echo • September 27, 2018 2:59 PM
http://uopnews.port.ac.uk/2018/09/27/people-can-die-from-giving-up-the-fight/
People can die from giving up the fight
People can die simply because they’ve given up, life has beaten them and they feel defeat is inescapable, according to new research.The study, by Dr John Leach, a senior research fellow in the University of Portsmouth’s Department of Sport and Exercise Science, is the first to describe the clinical markers for ‘give-up-it is’, a term used to describe what is known medically as psychogenic death.
It usually follows a trauma from which a person thinks there is no escape, making death seem like the only rational outcome.
If not arrested, death usually occurs three weeks after the first stage of withdrawal.
One to file under psyops?
Coincidentally in the news today:
For Gaika, there is little difference between the personal and political. “Black Power from the 70s was in some ways ineffective, because we didn’t advance as quickly as other communities, but it was also necessary for survival.” A theme of Basic Volume, he says, is statelessness, an idea that sums up his experience as a black man in the UK. This summer he had an exhibition about the history of the Notting Hill Carnival at Somerset House “but on the street I’m still just a black guy monitored by the state, who can get stopped by police at any moment”. Gaika’s parents arrived in London in the 1960s as part of the Windrush generation. He rubs his temples when I mention the recent scandal and tells me he doesn’t want to go into it. “I don’t feel an affiliation with the state because it means to kill us – it exists to disempower us,” he says. “The trauma of Windrush alone is an example of that.”
Hmm • September 27, 2018 3:06 PM
@Bttb
I think he's facing a full-on investigation now, anything he said under oath is potentially perjury.
If he was actually "a virgin" in high school is now a legal liability. It's pretty remarkable.
Consider this isn't just about him getting the SCOTUS job, he's a sitting Federal judge.
If there's ANY credibility to any of the women accusing him, and then further evinced by his yearbook writings or other testimonies of friends contemporaneously, all of this is going to be an albatross around his neck indefinitely. I don't see how he can proceed, I don't see how the GOP could see clear to confirm him tomorrow morning on a purely party-line vote given a single day of unresolved testimony on a serious issue like this.
With elections 2 months away, to confirm him to the highest LIFETIME appointment in our legal system before a full investigation of these allegations could be absolutely catastrophic to their moderate/undecided support. Kavanaugh also cannot be quickly replaced before that, and the next nominee will almost certainly face additional scrutiny ahead of a vote as a result of this attempt at an end-run.
I agree with you that him being so angry and 100% denying of any culpability in this isn't going to cut it, if there's anything there to be found down the road it's absolutely going to come out now. This was a historic day whatever comes of it.
Hmm • September 27, 2018 3:11 PM
Correction, elections are just 5 weeks out, not 2 months.
bttb • September 27, 2018 3:23 PM
@Hmm
"This was a historic day whatever comes of it."
Many people have had 'youthful indiscretions'. Regardless, from Rayne at https://www.emptywheel.net/2018/09/03/contra-kavanaugh/ , other reasons to oppose Kavanaugh include:
"...Bad, Bad Faith
Unindicted Co-Conspirator-in-Chief
Health Care, Women’s Reproductive Rights, Settled Law Unsettled
Semi-Automatic Weapons Wankery
Net Neutrality No-Go
Surveillance State..."
Clive Robinson • September 27, 2018 3:37 PM
@ echo,
People can die from giving up the fight
It's something I've been aware of for quite a few years from having had a tangential involvement with a review of insurance company records.
As I said just the other day I'm a firm beliver that beyond a certain age it's the brain that keeps the body alive.
Hmm • September 27, 2018 3:39 PM
@Bttb
Very true, many have. But few have been under oath denying it on the world stage like this!
He testified he had never even been "in a room" with Judge and the victim.
One photograph makes that a perjury, if it exists. That's just a single example.
It's very possible that something he said will come back to bite him down the road.
They wanted to brush aside any "need" to investigate. That did not happen.
I agree there are valid legal/political reasons to oppose him, but that's all grist for the mill.
If he perjured himself he's not only not getting the job, he faces big problems ongoing.
Cosby went to prison the other day, anything can happen if credible testimony comes out now.
Hmm • September 27, 2018 4:11 PM
He also claimed NEVER to have drank enough to forget what happened. That's already beyond dubious.
"Drinking is one thing, but this is about truthfulness" -Sen. Harris
It also further defines everything he said under oath. He claims to have a perfect memory.
Honesty is the best policy, under oath or not, followed by brevity. Strike two.
Clive Robinson • September 27, 2018 4:11 PM
@ echo,
With regards,
“I don’t feel an affiliation with the state because it means to kill us – it exists to disempower us,”
Whilst I feel sorry for what he has experienced, it is unfortunatly not just people from the Caribbean who suffer this. I know and have helped disabled people who get treated almost as manikins, with just about everybody talking to me and not to the person, who is sitting next to me. One interviewer actually said to me "Do they have problems with going to the toilet?" and they did not appear to comprehend that the person was quite capable of answering for herself. But more importantly it was a totally inapropriate question to ask...
It is as you note endemic in certain UK agencies and probably many more that I've not experianced first hand. Worse it appears to be so ingrained and to such a level that I suspect those doing it are nolonger aware of just what they are doing, other than going through the motions of a process.
Back in the 1970's and 80's the Police especially the Met were accused of ingrained behaviour and it was eventually called "canteen culture" as an attempt to some how "minimise" it in the press, and to make it sound as though it was a "lower ranks only" issue. When in fact it became quite clear it went right up the hierarchy, only those at the top were a little more circumspect in how and when they voiced it.
k15 • September 27, 2018 4:29 PM
In a first world country, if someone in it kept having experiences of unreliability (and appearance of worse) that made it seem much more like a third world country, there would be some organization you could go to, to find out what was going on.
If we here in the U.S. live in a first world country, who is that organization that you can go to?
k15 • September 27, 2018 4:32 PM
An organization with a building, on a street.
k15 • September 27, 2018 4:36 PM
The Social Security office, for one, won't let you visit without an appointment, and won't let you have an appointment unless you tell them your SSN over channels that might not be secure.
Hmm • September 27, 2018 5:35 PM
"won't let you have an appointment unless you tell them your SSN over channels that might not be secure."
Is that actually true? I find it hard to fathom there's no work-around.
bttb • September 27, 2018 5:52 PM
Two from ars Technica:
PeaceHead • September 27, 2018 7:28 PM
*ASTERISK*
https://www.youtube.com/watch?v=kR-WCDa4NSc
Please note that the video linked above is MISTITLED!!!!
Skip the preamble and...
START the video linked above at 2:12 (two minutes and 12 seconds)
https://www.schneier.com/blog/archives/2018/09/friday_squid_bl_643.html#c6782387
Aside from the computeer-generated responses, please do NOT overlook the previous links and the EXTREMELY SIGNIFICANT infos posted.
As for those who dislike Mr. John McAffee, allegedly due to his alleged (and/or gossipped) behaviors. Are your grudges worth risking EVERYTHING? Please think this over. I'm not even convinced that gossips against Mr. John McAffee were true. Most situations are more complex than media outlets portray.
*ASTERISK*
bttb • September 27, 2018 8:52 PM
From earlofhuntingdon [ https://www.emptywheel.net/2018/09/27/the-christie-ouster-and-the-flynn-hiring/#comment-752690 ] and The long read, https://www.theguardian.com/news/2018/sep/27/this-guy-doesnt-know-anything-the-inside-story-of-trumps-shambolic-transition-team [from The Fifth Risk by Michael Lewis (edited)]:
“The excerpt from Michael Lewis’s book ends this way:
“All these people [new Trump administration hires] had two things in common. They were Trump loyalists. And they knew nothing whatsoever about the job they suddenly found themselves in. A new American experiment was underway.””
Also, from emptywheel at the above emptywheel.net link, https://www.emptywheel.net/2018/09/27/the-christie-ouster-and-the-flynn-hiring/ :
“As I surmised two years ago, there was a close tie between the moment Christie and other Republican realists got fired and when Flynn got picked.
According to this Michael Lewis account, though, the tie is far more direct than I imagined. The moment that Flynn got hired is the moment that Chris Christie got fired.”
Also, by Michael Lewis, https://www.vanityfair.com/news/2017/07/department-of-energy-risks-michael-lewis (2017) :
“Donald Trump’s secretary of energy, Rick Perry, once campaigned to abolish the $30 billion agency that he now runs, which oversees everything from our nuclear arsenal to the electrical grid. The department’s budget is now on the chopping block. But does anyone in the White House really understand what the Department of Energy actually does? And what a horrible risk it would be to ignore its extraordinary, life-or-death responsibilities?”
Hmm • September 27, 2018 11:10 PM
@Bttb
I believe Jared had a hand in Christie also, prosecution of Kushner's father was served cold...
Apples don't fall so far in that orchard.
Hmm • September 27, 2018 11:44 PM
It also makes sense given Jared's previous predilections for him to be connected with Flynn already in degrees.
Except for Flynn I mean, he already plead guilty and is fully cooperating.
https://www.washingtonpost.com/graphics/national/trump-russia/ - This interactive graphic links between core administration members and the Russian government much more succinctly.
But who knows? There's probably an innocent explanation!
Clive Robinson • September 28, 2018 1:29 AM
@ Hmm,
Is that actually true? I find it hard to fathom there's no work-around.
It's certainly true in the UK Benifits system, if you go in with a "claimant" the first question they ask after your name but sometimes before is "NI Number?".
They will if you push hard enough for several minutes reluctantly and with a very "put upon air" go and look it up at their computer which if they can type takes at most thirty seconds...
The only time I've seen it not asked was when an individual came in smelling of rotting excrement, compleatly disheveled, with matted hair and dirt on their hands and face. They got taken as an immediate priority to an interview room next to the "special exit". Shortly after the person that had interviewed them came back to their desk got a departmental issued aerosol can of insecticide out of their draw and sprayed themselves with it. Then offer the can to her colleague at the next desk making a comment that included the phrase "flea riddeled" which stuck in my mind as it should have been "flea ridden".
Clive Robinson • September 28, 2018 2:43 AM
@ bttb,
With regards the e-voting article, take special note of the "air gapped" vulnerabilities.
I did some research into how difficult it would be several years ago now (long prior to stuxnet) and found it was actually not that difficult to target a well known voting machine manufactures "Service and support technicians" with "fire and forget" malware (you searched for the support software keys in the registry).
Most ITSec individuals actually thought quite incorrectly it would not work (usual NIH response). Untill it was very publicly shoved down there throats by the "proof of concept" now known as Stuxnet...
This NIH response is as we have seen over and over the "Faux Guru" response beloved by talking heads and journalists who go "quote shopping". So "as they started it" I'll do a little "quote shopping" my self ;-)
NIH type behaviour is not just the province of ITSec as I've found out several times, --which I have mentioned before-- it's also seen in scientists and some engineers...
Sufficiently that we have the "old grey hair" observation from Arthur C. Clarke,
But there is a secondary effect that I have called "Golden Goose Syndrome" in the past. It's a more specialized version of the very old "rice bowl" comment that gave rise to Akio Morita's admonishment to,
And the observation by Upton Sinclair of,
Put simply most will avoid or ignore issues that will effect their prestige, status or income. And will if pushed go into "denial against logic, method, or process" and express some vague belief or worse by invoking the "flights of fancy" or "personal fault" stratagem variation of the strawman argument accompanied by much arm waving. Then when the inevitable happens they make some new argument as to why they were right and the person raising the issue was wrong. Usually it's a "blaim the victim" type response of trying to show that some how the person raising the issue was to blaim. Historicaly it would have been with the old religion trick of dishonestly saying that by mentioning the issue the person was actually responsible for "summoning it into existance" and "bringing it down onto peoples heads" in effect saying "Damm you, you have cursed us all to this pestilence"... Modern versions are not always as transparent, but it's certainly still alive and well in neo-libertarian thinking.
Thoth • September 28, 2018 5:58 AM
@Clive Robinson
I would need advise on how to do 64-bit word circular rotate left (ROTL64) on a 8-bit MCU with only 8-bit math operating on arbitrary amount of rotations up to 64 places.
Ratio • September 28, 2018 6:00 AM
‘Yeah it's the GRU HQ — so what?’:
The [second Bellingcat/Insider report on Petrov and Boshirov] highlights the case of Eduard Shirokov (Shishmakov), whom Montenegro accuses of trying to orchestrate a coup in 2016. According to The Insider, “[Petrov and Boshirov] had passport numbers ending in 294 and 297, while another previously exposed GRU agent, Eduard Shirokov (Shishmakov), had a passport ending in 323, meaning that their passport numbers were separated by just 25 and 28 slots, respectively.”
Using the passport information³ published by Bellingcat and The Insider, the St.-Petersburg-based news website Fontanka searched various databases for people whose passports were likely issued by the same branch of Russia’s Federal Migration Service, both before and after Petrov and Boshirov received their documents. On September 22, Fontanka published the results of its study, revealing that some of these individuals indicated on different documents that their home address was 76B Khoroshevskoe Highway, which is located just around the corner from the GRU’s Moscow headquarters.
According to Fontanka, the building at 76B Khoroshevskoe Highway belongs directly to the GRU, while Russia’s Unified State Registrar of Legal Entities says it’s home to several military units, including Branch Number 45807, whose commanding officer is Igor Korobov, the head of the GRU. According to federal law, Russian soldiers can register their documents at the address of their military unit.
The address “76B Khoroshevskoe Highway” also appears in court records for traffic fines issued to men with the surnames Krymsky and Andreev, whose passport numbers differ from Borishirov’s and Petrov’s by just a single digit. Fontanka says it learned that Andreev, like Eduard Shirokov, flew to Belgrade in the fall of 2016 (weeks before Montenegro announced that it had foiled an attempted coup). Travel records indicate that Andreev was accompanied by another man named Potemkin, who also indicated the GRU’s address in documents when buying real estate outside Moscow and a car.
The interview with one Alexander Polyakov, whose words are used as the title of the article, is worth reading. (“Kukharuk.”)
(By the way, this would be the article Craig Murray referred to. Now, why would a truth seeker of the caliber of mister Murray not mention any of this? I’m stumped. It just doesn’t make any sense.)
“Yeah that’s Tolya [i.e., Anatoliy Chepiga],” the woman told the newspaper Kommersant [about “Ruslan Boshirov”], on the condition of anonymity. She says the two were close back in high school, and she recognized his voice, when he appeared in a television interview with Margarita Simonyan on RT. The woman has only good things to say about Chepiga: “He didn’t drink, didn’t smoke, and never got involved with any bad crowd.”
Another woman in Berezovka told Kommersant that Chepiga served in “the secret service” in various “hot spots” after graduating from a military academy. “His mother would cry,” the woman said, adding that she last saw him roughly 10 years ago, but she didn’t recognize the photos of Chepiga published in the news media. “He was already almost bald,” the woman said. “He’s not very similar to this photo. He had an unguarded look, but this one’s looking up from under his eyebrows. Though his eyes were dark brown.”
A decade in his line of work would never affect that unguarded look. And besides, you just know if a spy is folicularly challenged. I learned that watching Sean Connery era James Bond. Looking more and more like a Kenyan false flag to me…
Wesley Parish • September 28, 2018 6:01 AM
from bad to verse ... some Slashdottery
https://www.wired.com/story/mobile-websites-can-tap-into-your-phones-sensors-without-asking/
https://www.engadget.com/2018/09/27/delta-fully-biometric-terminal-airport-facial-recognition-us/
https://www.documentcloud.org/documents/4940999-Inspector-General-report-into-airport-biometric.html
https://www.engadget.com/2018/09/25/airport-face-scanning-program-technical-problems/
(next they'll have faecal scanning ... :)
https://betanews.com/2018/09/27/apple-device-enrollment-program-security-vulnerability/
happy happy joy joy
Some more from ElReg:
https://www.theregister.co.uk/2018/09/26/aeroflot_server_code_open/
https://www.theregister.co.uk/2018/09/28/uefi_rootkit_apt28/
(oh the joys of having everything set up to permit external servers access to one's firmware - and having the external servers not exactly secure themselves, or easily spoofed ...)
https://www.theregister.co.uk/2018/09/28/fbi_dhs_rdp/
Your specialist subject? The bleedin' obvious... Feds warn of RDP woe
And last but hardly least: Why a Seal Smacked Kayaker in the Face with an Octopus
https://www.livescience.com/63693-seal-smacks-kayaker-with-octopus.html
There must be easier ways to protest room service, methinks ...
echo • September 28, 2018 6:45 AM
@Clive
As a brief update I was kicking up a stink with the EHRC yesterday and also with theEASS who have to date been extrenely unhelpful. I have now received a response.
The EHRC did not uphold my complaint. Taking things in the round I believe both are being bureaucratic. There is a typical secrecy and getting things wrong and both playing me off against each other. I am left feeling distressed and angry not to mention abused and disrespected. Instead of doing things right the first time I am now left with dealing with yet another complaint form. This is a massive cognitive load and hassle and a complete distraction when all the energy should be going into the case.
Buried at the very bottom of the document is basically an admission they messed up and did try to steal my intellectual property and trample over my rights so I'm puzzled how the complaint was not upheld. Following the behaviour of the EASS yesterdaythe EHRC is also derogating its responsibilities to an inadequate organisation and not exercising due diligence which is unlawful. They are also missing other information which I did not specificially document which shows a broader pattern of unhelpfulness from the beginning and over a sustained period of time nor any sensitivity to the specific human rights sensitivities of the case which they themseles are bound by law to observe.
On balance leaving the UK and claiming asylum in another EU country is less bother. I know then at leastI will get a lawyer and the help I need even if they send me back after the process is gone through.
Clive Robinson • September 28, 2018 6:50 AM
@ Wesley Parish,
There must be easier ways to protest room service, methinks ...
I posted a couple of links about wierd things about octopuses the other day. One of them has a story about some kept in captivity where a researcher feed them some not so fresh squid... One one significant eye contact with the researcher and then very deliberatly shoved the squid down the drain in the tank...
@ Ratio,
There are supposadly two photographs of the same person to my eyes they look more different than I would expect with age alone. But human face recognition outside ethnicity is natoriously poor...
However they are both face on, so someone could upload them to one of those Social Media sites that use facial recognition to see what the match coincidence is. At one point Apples software alledgedly could pick out relatives with ease without being prompted.
Might be worth a laugh to see what the results are.
Ratio • September 28, 2018 7:03 AM
@Clive Robinson,
Maybe Putin should invite Chepiga to go on RT for an interview like he did with Petrov and Boshirov. Expose the hoax. Should be easy enough.
@Thoth,
You have a 64-bit word in memory and want to ROTL up to 63 (not 64) places using instructions that operate on 8 bits at a time?
(@Wael, I have a bad feeling about this one… They’re in my browsers!)
Wael • September 28, 2018 7:25 AM
@Ratio,
I have a bad feeling about this one… They’re in my browsers!
I have a feeling the stoner might be correct! Although this particular one seems deliberate!
I used to be a local Triple-3 ¯\_(ツ)_/¯
folicularly challenged.
At least they didn't type it in кириллица. That would have been a dead giveaway.
Clive Robinson • September 28, 2018 7:56 AM
@ Thoth,
... how to do 64-bit word circular rotate left (ROTL64) on a 8-bit MCU with only 8-bit math
There are three forms of "logical" shift, those that fill with zeros, those that fill from the carry flag and those that "rotate within the word"[1].
Clearly you do not want the inword rotate. Likewise you don't want the fill with zeros. Which leaves the fill from carry.
In principle to do a one bit rotate to the left on a multiword unsigned integer object you mask off the most significant bit of the most significant word into the carry flag then do a Logical Left Shift through Carry (LLStC) instruction from the least significant word through every word in in monotonicaly increasing word order including the most significanf word.
However you say "only 8bit math", when it comes to shifting integers you have to distinguish between "unsigned" and "signed". Usually --but not always-- the most significant bit of the most significant word is used as a sign bit in signed arithmetic, and the shift functions for that word and that word alone are usually refered to as the "Arithmetic Shift" instrunctions like ALS for left shift and ARS for right shift. Often the "through carry" is implicit for ARS output but not the input because the "sign bit" is usually left as it was and it is also shifted in to the LSB-1 bit.
So you need to carefully check any "arithmetic" shift instruction for it's exact functionality.
However for multiword integers signed or unsigned all the other words are not signed so the ordinary logical shift instructions apply to them. So I would expect the LLStC and LRStC to be on the instruction list as well as the ALS and ASR instructions.
If you only have ALS and ASR with their akward sign bit corrections then you hit the problem of having to mask off bits do a reverse "pre-shift" and then shift in the required direction and then mask of any bits that are caught up in the sign bit manipulation...
It's way easier to describe with the assistance of pictures not just words only...
[1] Although an 8bit CPU is usually --but not always-- "byte wide" I'm going to mostly use the generic "word" as it applies to all CPU's from 4bit Bit Slice chips all the way up to 128bit or greater graphics procrssors. Provided the CPU aloes "bus width" integer or signed integer operations.
Ratio • September 28, 2018 8:20 AM
@Thoth,
It’s probably simplest to think of an n-place ROTL as a rotation of n & 7 bits followed by a rotation of n >> 3 bytes (right-shift fills with zeros, as for unsigned in C).
The first part (rotating bits m = n & 7 places; these are the bottom 3 bits of the number of steps) takes two source bytes a and b that are either adjacent or at the ends of the word and yields (a << m) | (b >> (8 - m)), where the right-shift again fills with zeroes.
The second part is a rotation of whole bytes; the bits within the bytes don’t change. If n is a multiple of 8, moving bytes around like this is all you have to do.
You can probably optimize this, depending on how many registers you have available and things like that, but this should be enough to at least get a working version. (Do yourself a favor and limit n to the range 1…63!)
Does that help?
Clive Robinson • September 28, 2018 8:24 AM
@ Ratio, Thoth,
You have a 64-bit word in memory and want to ROTL up to 63 (not 64) places
You have to be carefull although ROT[0] should be equall to ROT[64] and do nothing, either can be used for "special purposes" in some CPU's because some alow negative values in such as ROT[-1] etc and it then depends on if it is a two's complement or one's complement number system, the latter having both a +0 and a -0...
Which is as scary as it sounds, most are blissfully unaware of this because they just do not get to meet that sort of hardware any longer except in highly specialised systems (which even I stopped developing more than a decade ago). Unfortunatly it's only when they try to do crypto or similar that they find out that such things in CPUs because they alow for reduced gate count on chip, thus less real estate or more likely faster execution.
Worse not all data sheets include this "minor issue" untill you get to the signed NDA stage. As otherwise it might discourage people from using it (beware smart card NDAs)... However unlike the silicon the NDA "is for ever" so you can not run down the street pulling out your hair screaming "Never again will I use XXXY's products ever again" either...
Thoth • September 28, 2018 8:37 AM
@Clive Robinson
Example of 64-bit word: 11011111 11111111 11111111 11111110
Rotate Left by 2 bits: 01111111 11111111 11111111 11111011
That is what I am trying to achieve.
It can be 2 bits ROTL or even 63 bits ROTL.
So for the above, I would store each byte in a byte array object for high level languages or a register for the low level.
On C-based languages, I could simply do pretty direct via the long type but on places where there are no long and integers but only short and byte types, this would be a very problematic situation which I am trying to find a way to solve on short and byte types.
Thoth • September 28, 2018 8:44 AM
@Ratio, Clive Robinson
For the 'm = n & 7;', what is the assumption of m in terms of type ?
If byte and short are the only types available and I am handling a 64-bit word using the above example given to @Clive Robinson.
The above example is trying to do ROTL over 2 bits on 0xdffffffe (64-bit word) which is stored in a byte array as:
byte[] b = new byte[]{0xdf, 0xff, 0xff, 0xfe};
For 'm = n & 7', does m refers to every element b[i] of b array where it should be 'b[i] = n & 7;' ?
Ratio • September 28, 2018 8:46 AM
@Thoth,
An example in case that wasn’t clear: to rotate by 35 places, you’d rotate by 3 bits, followed by a rotation of the result by 4 bytes.
@Wael,
At least they didn't type it in кириллица. That would have been a dead giveaway.
صح At least they’re making themselves useful (I hope) by giving algorithmic suggestions
Thoth • September 28, 2018 8:48 AM
Errata:
Example of 64-bit word: 11011111 11111111 11111111 11111111 11111111 11111111 11111111 11111110
Rotate Left by 2 bits: 01111111 11111111 11111111 11111111 11111111 11111111 11111111 11111011
byte[] b = new byte[]{0xdf, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe};
Ratio • September 28, 2018 9:20 AM
@Thoth,
I’ll use your example word but rotate it by 10 instead to show both parts of the algorithm. Rotating by 10 means rotating by 2 bits (10 % 8 = 2) and 1 byte (10 / 8 = 1 in integer, or truncating, division).
First, ROTL by 2 bits involves taking two “adjacent” bytes and combining the bottom 6 bits of the “left” byte and the top 2 bits of the “right” byte. (By “adjacent” I mean adjacent if you think of the bitstring as circular, i.e. the first and last bytes are “adjacent.”) In C-like syntax: (left << 2) | (right >> (8 - 2)). This takes you from
11011111 11111111 11111111 11111111 11111111 11111111 11111111 11111110to
01111111 11111111 11111111 11111111 11111111 11111111 11111111 11111011This is the same thing as your example. (Rotating by 18, 26, 34, … also yields this same intermediary result.)
Then, ROTL by 1 byte by moving the bytes around, from
{0xdf, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe}to
{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xdf}
Clive Robinson • September 28, 2018 9:58 AM
@ Thoth,
As @Ratio has pointed out the fast way to rotate is to first "word" swap as those are just simple reads and writes with one word held in a tempory location. Then do the appropriate rotate up or down which should be at most half the number of bits in a word. So even if you are shifting left, it may be faster to shift left on word to many then bit shift right to get back to the desired value.
However you have to make a choice between increased code size thus ROM storage and slower executing code in each loop but many less loops used and small code less ROM used but faster executing code loops but sometimes many more loops used.
If however total execution speed is of most concern and ROM size is not an issue, you can have two blocks of code, one designed for small shifts one for large.
If you are only going to shift up by one bit, you can do a clear carry then shift with just ADDwC, INC and Branch on carry instructions in the array then a final INC if required to wrap the rotated bit back in at the bottom. On some CPUs without decent shift instructions you can end up using a few less CPU cycles.
You can also do it as a fixed period trick in a similar way to a barrel shifter but it's rarely worth it in software, as on average it takes longer...
As you've probably gathered indepth consultation of the data sheet will alow you to calculate which way uses the least number of CPU cycles and sometimes code.
Oh and on more modern 8bit CPUs avoid "Memory bit set" and "memory bit clear" instructions and also be suspicious of the equivalent in registers. Because on many occasions the microcode is fairly inefficient RTL and does an AND mask and OR set rather than just the one you need. The only real advantage is in effect a "hidden register" thus if you are running short of registers...
It's all this sort of stuff high level coders have "abstracted away" in return for some realy quite bad inefficiencies. Especially with complex pointer arithmetic in which way to many people try to be "clever" and make WOC that is never ever going to get ported to a different OS let alone hardware architecture.
Ratio • September 28, 2018 10:17 AM
@Thoth,
I didn’t answer your question about m…
m is the number of bits to rotate in the first step: it’s the total number of places to rotate modulo 8. One way to calculate its value is by AND-ing it with 7 to select just the 3 least significant bits. The type of m really doesn’t matter, as long as it can represent values in the range 0…7. (In my previous example of rotating by 10, m is the 2 you see.)
If you’re using Java, be sure to shift right using >>> (a logical shift right) instead of >> (an arithmetic shift right) and you should be fine.
MarkH • September 28, 2018 10:35 AM
@bttb:
Indebted to you for posting about Gamble v. US (the case which might well amplify Trump's pardon power as a means of obstructing justice).
It's quite unclear what the landscape would be, should Gamble win his case.
It could greatly strengthen Trump's hand, but would probably not quite amount to a "magic wand."
To give one example, when a person files fraudulent tax returns in the US, this often violates both federal and state tax laws. These are not the same thing -- they are separate processes, with separate filings and separate signatures.
A state's authority to tax is quite independent of the federal government's taxation authority.
I think it would be an implausibly expansive interpretation, should Gamble win his case, to say that a state is prohibited from prosecuting a fraudulent tax filing because a federal tax fraud case for the same year was pardoned.
__________________________________
Another possible limitation, would be preemptive pardon: if Trump pardoned someone before federal conviction (and especially, before any trial), then how could one say that the defendant was twice in jeopardy because of a subsequent state prosecution?
This might force Trump to wait until after federal conviction before pardoning. This has two big costs: one is that the entire evidentiary record, found convincing by a jury beyond reasonable doubt, would be before the public, including any part damaging to Trump or his family.
Another is the political effects of pardoning an undoubted felon for obviously corrupt purpose. Even Trump seems to be anxious about the consequences of going so far.
__________________________________
Probably the biggest deterrent so far to Trump's abuse of his pardon power, is that testimony can be compelled from a pardoned person, whose loses his ability to plead the 5th amendment with respect to any pardoned offense.
A win for Gamble might only strengthen this, preventing a pardoned person from claiming "I could incriminate myself under state law."
What Trump surely doesn't want, is a bunch of canaries giving sworn testimony against him.
__________________________________
A more debatable implication, is that a person accepting a pardon (yes, one can reject a pardon) implicitly admits guilt, with the effect that receiving a pardon does not erase the status of convicted criminal (though this has not been tested in court, to my knowledge).
__________________________________
A crazy consequence of a decision in favor of Gamble (at least in theory) could be the setting up of "race conditions" in which state and federal prosecutors would rush to indict, with the intention of preempting the other sovereign.
I suspect that this very scenario may be argued before SCOTUS as reason not the change the status quo.
vas pup • September 28, 2018 11:35 AM
@all: recently a lot of conspiracy assumptions were posted on this respectful blog. Research below related to personality traits of those who easy believers:
https://www.sciencedaily.com/releases/2018/09/180925075108.htm
"Our results clearly showed that the strongest predictor of conspiracy belief was a constellation of personality characteristics collectively referred to as 'schizotypy,' Hart said.
The trait borrows its name from schizophrenia, but it does not imply a clinical diagnosis. Hart's study also showed that conspiracists had distinct cognitive tendencies: they were more likely than nonbelievers to judge nonsensical statements as profound (a tendency known as "BS receptivity").
***
On conflict resolution - just confirmed old statement of S. Freud: more Eros (love) less Tanatos (violence) and vice versa:
http://www.bbc.com/capital/story/20180925-with-females-in-charge-bonobo-society-is-more-chilled-out
"Conflict is much less common in bonobo societies versus their scrappy chimp cousins. Female bonobo bosses, although smaller than males, regularly intervene as peacekeepers. While females often lose one-on-one scuffles with males, “When more than two females collaborate [to fight] males, 100% of the time, females win,” he says.
===>But given the choice, it seems bonobos would rather make love, not war. Intimate contact is common, and bonobo females use frequent sex to reduce tensions with both males and females. With females at the helm, bonobo society is a lot more chilled out."
@Ratio: for prospective recruits of special ops IS and LEAs with current social media such collisions as with Bashirov's identity become rather rule than exception. Maybe parallel construction of second identity on social media should start as soon as possible, BUT biometrics remains the same anyway. Comparison of fingerprints of same person with double identity could resolve any doubts.
bttb • September 28, 2018 12:21 PM
From https://www.wsj.com/articles/behind-the-messy-expensive-split-between-facebook-and-whatsapps-founders-1528208641 (also see https://twitter.com/matthew_d_green , currently, on this topic):
“Behind the Messy, Expensive Split Between Facebook and WhatsApp’s Founders
[...]
How ugly was the breakup between Facebook Inc. FB -3.46% and the two founders of WhatsApp, its biggest acquisition? The creators of the popular messaging service are walking away leaving about $1.3 billion on the table.
The expensive exit caps a long-simmering dispute about how to wring more revenue out of WhatsApp, according to people familiar with the matter. Facebook has remained committed to its ad-based business model amid criticism, even as Facebook Chief Executive Mark Zuckerberg has had to defend the company before American and European lawmakers.
The WhatsApp duo of Jan Koum and Brian Acton had persistent disagreements in recent years with Mr. Zuckerberg and Chief Operating Officer Sheryl Sandberg, who grew impatient for a greater return on the company’s 2014 blockbuster $22 billion purchase of the messaging app, according to the people.
Many of the disputes with Facebook involved how to manage data privacy while also making money from WhatsApp’s large user base, including through the targeted ads that WhatsApp’s founders had long opposed. In the past couple of years especially, Mr. Zuckerberg and Ms. Sandberg pushed the WhatsApp founders to be more flexible on those issues and move faster on other plans to generate revenue, the people say.
Once, after Mr. Koum said he “didn’t have enough people” to implement a project, Mr. Zuckerberg dismissed him with, “I have all the people you need,” according to one person familiar with the conversation.
WhatsApp was an incongruous fit within Facebook from the beginning. Messrs. Acton and Koum are true believers on privacy issues and have shown disdain for the potential commercial applications of the service...”
echo • September 28, 2018 12:40 PM
Nina Burrowes, a psychologist who was due to deliver a course to prosecutors about young women and intoxication before it was cancelled by the CPS, said she was so concerned about the apparent shift in direction at the organisation that she was reaching out to complainants whose cases had been dropped in the last year to help them “find a voice” through her group, the Consent Collective.“It’s not just complainants who’ve been in touch with me,” Burrowes said. “It’s also other criminal justice professionals, such as police officers, who are frustrated when the CPS refuses to charge a case that they feel has real merit.
“It’s incumbent on those of us who train prosecutors to learn about how the system is failing, so that we can help identify the ways in which it can improve. At the moment there’s plenty of room for improvement.”
Following on from my exposing the EHRC as obstructive and tone deaf as well as invading myprivacy and attempting to steal my intellectual property the Crown Prosecution Service is being exposed as failing too.
The strategic legal case I wanted to bring would have included systemic issues both for the reasons of my case and perhaps also protected women and abused children too. As part of my evidence I have hardcopy proof and expert professional testimony from a state contractor of cover-up of systemic failings which led to the death of more than one person none of which was heard during a public enquiry because of the guilty state organisations obstruction. I also have audio recordings proving another state institition is guilty of cover-up leading to continuing failings and the death of at least one individual. I have paid a very high personal price to obtain this information. It really upsets me when I am treated as a desk clearance exercise by the very people with the responsibility to hold the system to account.
“Justice is served by ensuring the right person is prosecuted for the right offence, and that charging decisions are made solely on the merits of the evidence.”
It helps if they actually look at the evidence and is perhaps more helpful if they know what they are looking at, and also if they don't cancel a meeting to present evidence because a rogue member of staff caught red handed acting outside of their powers interfered and cancelled it.
Weather • September 28, 2018 12:47 PM
Thor
For n
M[0]=(b[N]>>n)&0xff
V[1]=m[0]
Maybe type of like that
echo • September 28, 2018 1:00 PM
As a young girl, she would regularly threaten to kill me and I would have to plead for my life. She would discipline me by threatening to kill herself and get me to promise to kill people she didn’t like. She would also subject me to humiliating and intimate washing routines which went on until I was a teenager.
Unfortunately I had a neighbour who was as two faced as her mother and abused her children with threats of graphic violence. The police and social services and other agencies either refused to listen or when things began to become a cleary identifiable problem did nothing. It was only when her children began attacking other children at school did they begin to pay attention. Without disclosing details due to privacy issues there was an incident involving police action. Only after this was action taken.
My health was visibly failing from the consequences. From memory it took me more than three years to recover.
The UK government has effectively halved funding for rape refuges and early start for children programmes. None of the systemic failings have been acknowledged let alone fixed!
My experience with "specialist trained officers" is they are appalling. It's all about them and their personal work problems and not wishing to challenge canteen culture before shovelling people out the door. If it's not this it's ordinary police offers slamming you with "no criming" and scowling you down to scare you off discussing legal issues and the evidence. I have began to suspect this is standard practice unless the police think they are under the media spotlight or an MP is taking too keen an interest.
Weather • September 28, 2018 1:07 PM
Temp =(six>>I)&I
Tempy=(six>>I)&(I
Tempt=(six>>I+8)&I
....
Buf[7]=temp|Tempt|Tempy
Buf[6]=Tempt|Temp1
Clive Robinson • September 28, 2018 1:31 PM
@ echo,
I am now left with dealing with yet another complaint form. This is a massive cognitive load and hassle and a complete distraction when all the energy should be going into the case.
I suspect that unless you get a third pair of eyes in on it then exactly the same result is going to happen.
There is an old saying that,
Which is a somewhat rude way of getting two important points across about,
1, Independent viewpoint.
2, Proportionality of response.
The independent viewpoint is what the third pair of eyes can give you, but more importantly it stops that "She said you said" crap. Whilst they can snow you all they like and barefaced lie about it, and there is nothing you can do to stop them. They can not do it to an indepedent representative, because their independence will stand up in front of a judge. Which shifts thing to a whole different level.
Which is where proportionality of response comes in for them. Having bumped things up a level or three in their organisation less entrenched view points can --but not always-- come into place, where someone with authority can decide if a little groveling and some kind of performance they should be doing will lift them out of the potential whole they are digging for themselves.
But also that third pair of eyes can be brutally honest with you about tactics, outcomes and costs.
Whilst a pyric victory is a victory on paper you have to count the real cost. Having your day in court might feel like a good idea currently but in real terms what are the costs and benifits, even if you do win, then what will they be if you lose?
I've been known to do quite a few things on principle, but all bar a couple of times nobody has thanked me, and I've lost friendships and even been blaimed by those I've faught for because nothing ever goes back the way it was, which is what they actually wanted but were never ever going to get no mater how many times they were told.
Even judges don't have "fairy godmother wands" they can wave to make things go back in time. Employers and organisational seniors are very much venal in outlook remember they climb on the corpses of competitors as they fight their way to seniority. Thus theyvresent being told they are in the wrong and will do what ever nastyness they can not just before a court case but for as much as they can afterwords.
In their view "They are entitled and you are undeserving of anything other than being exploited every which way you can be", at the milder end it's neo-con thinking in the middle it's neo-libeterian ranging through to fully psycopathic. Remember the most dangerous of visable serial killers where you live are "business suits" in the likes of the construction industry and they are by no means the worst of psycopath business leaders...
Such mentalities are not predisposed to reason thus butting heads,and dirty tricks are to be expected. Show any sign of being "human" and you will be just another piece of road kill on their journy upwards.
They only respect those that can and will in effect slit their throats and nail their bloodless bodies over the entrance as a warning to others. That is you have to convince them you are without any shadow of doubt the shark and they are what's on the menu. Thus they will try and throw a more choice meal infront of you.
I've explained about the herd mentality and carving an individual off and offering them the choice of be the sacrifice or turn on those who have turned them out of the herd...
In other words you have to appear to be their worst nightmares in one, that like the mythical zombie is just going to keep coming...
Hmm • September 28, 2018 1:50 PM
@MarkH
"I think it would be an implausibly expansive interpretation, should Gamble win his case, to say that a state is prohibited from prosecuting a fraudulent tax filing because a federal tax fraud case for the same year was pardoned."
Yep that wouldn't fly. Two entirely separate systems, separate charges.
The governor/AG of the state in question could be "gotten to" though.
Hmm • September 28, 2018 2:08 PM
Security vendor ESET recently discovered the malware — dubbed LoJax — installed on a system as part of a broader Sednit APT campaign and described it this week as the first UEFI rootkit ever discovered in the wild. The discovery shows that UEFI rootkit attacks — long perceived as a theoretical threat — are a reality
ESET says it discovered LoJax on a system belonging to an organization that the Sednit group is targeting as part of a broad campaign against government entities in the Balkans and also in Central and Eastern Europe. Sednit, aka APT28, Sofacy, and Fancy Bear, is a notorious Russian threat actor, perhaps best known in recent times for its attack on the Democratic National Committee in 2016. The group's success in deploying the rootkit should serve as a warning to those it its crosshairs about the group's growing sophistication.
According to ESET, its analysis shows that the Sednit group used a kernel driver bundled with a legitimate and freely available utility called RWEverything to install the UEFI rootkit. The driver can be used to access a computer's UEFI/BIOS settings and gather information on almost all low-level settings on it.
Sednit bundled RWEverything's functionality into two custom tools. One of the tools was for reading the contents of the flash memory where the UEFI is located and saving the image to a file. The second was a patching tool to add the rootkit to the firmware image and write it back to flash memory, thereby installing it on the system, ESET said.
This module can drop and execute malware on disk during the boot process, making the malware hard to remove even with an OS reinstall and a hard disk replacement, ESET said.
"The infection mechanism was to write the entire UEFI firmware memory with unsigned code," Dorais-Joncas says. However, the same technique — flashing the UEFI firmware — would not work on a modern system with Secure Boot properly enabled, he says.
The only reason it did in this case was because the victim system was likely misconfigured or was running an older Intel chipset. "In this attack, either the firmware did not properly configure the BIOS write protection mechanisms or the victim's machine had a chipset older than the Platform Controller Hub," Dorais-Joncas says.
"We should not assume that Secure Boot will be a magic-bullet solution against UEFI rootkits going forward," Cui says. If not properly locked down, attackers can take advantage of new features that hardware manufacturers have begun implementing, like UEFI, CPU Management Engine, and One Time Protect, in flash to launch devastating attacks.
So now you have to version-match your chipset to your PCH to enable write security?
Or are older PCH/chipset setups simply not ABLE to protect the BIOS at all now?
UEFI needs to start over from scratch. The entire design needs a do-over.
Couple that with spec-ex issues, most of the modern PC needs a do-over.
#Landfill solutions
MarkH • September 28, 2018 2:52 PM
@Hmm:
Fortunately, some attorneys general -- like the very excellent non-political acting AG in New York, where Trump, his family and minions face considerable criminal exposure -- are not for sale.
Hmm • September 28, 2018 2:57 PM
https://en.wikipedia.org/wiki/Barbara_Underwood
I didn't remember her name eitehr. She clerked for Thurgood Marshall, so I would expect not.
That's a big step up from Schneiderman for sure.
Clive Robinson • September 28, 2018 5:26 PM
@ Hmm,
With regards LoJax what suprises me is how long it has taken to appear.
@Nick P, RobertT and my self discussed malwarecin Flash ROM in quite some depth on a number of occasions including the questions arising about BadBIOS. And then there was Lenovo's consumer level laptops etc ariving with malware built into the BIOS you could not easily remove.
The method and pieces of code were all waiting to be bolted together.
After that it was always a question of when not if it was found in the wild, I'm just suprised by how long it's taken...
Ratio • September 28, 2018 5:32 PM
@vas pup,
[Conspiracists] were more likely than nonbelievers to judge nonsensical statements as profound (a tendency known as "BS receptivity").
I wouldn’t be surprised if that were the case.
[…] old statement of S. Freud: more Eros (love) less Tanatos (violence) and vice versa: […]
“Thanatos” (θάνατος) means “death.” For example, “thanatology” is the study of death.
(No idea what old Sigmund was on about, and since my reading list is out of control as it is that’s unlikely to change.)
[What animals tell us about female leadership featuring bonobos]
You may be interested in Frans de Waal’s books.
Comparison of fingerprints of same person with double identity could resolve any doubts.
They’ve got “Boshirov”’s prints, and Chepiga’s are on file somewhere…
But I’m sure that, if the investigators get their hands on Chepiga’s fingerprints and it turns out they’re a perfect match, one of the “skeptics” will suddenly “remember” another piece of evidence or some question or other we really, REALLY, REALLY *MUST* deal with before we can say anything about who the perpetrators are.
JG4 • September 28, 2018 7:06 PM
Wasn't an assassination discussed here at length a few years ago, where a team of operatives staked out a war criminal and executed him in a hotel room in a famous middle Eastern resort? They had no illusions about being discovered after the fact, and in point of fact were sending a message. That is one possible conclusion from the news about two Russian operatives coming to the UK. The fact that the victims are alive suggests that the message was somewhat more benign than recent similar messages.
https://www.nakedcapitalism.com/2018/09/link-9-27-18.html
...
How bad maps are ruining American broadband The Verge
...
India’s Top Court Limits Sweep of Biometric ID Program NYT
...
Taiwan Can Win a War With China Foreign Policy
New Cold War
The Battle for Our Minds Consortium News
...
Big Brother Is Watching You
Uninformed Consent Harvard Business Review
Facebook Is Giving Advertisers Access to Your Shadow Contact Information Gizmodo
Google’s privacy chief confirms existence of ‘censored Chinese search engine’ Project Dragonfly SCMP
Former Google Scientist Tells Senate to Act Over Company’s “Unethical and Unaccountable” China Censorship Plan The Intercept
Big Tech Is Fighting to Change Washington’s Pioneering Rules on Election Ad Transparency The Stranger (CL). For “change”, read “gut.”
...
The Age of Fraud: the Link Between Capitalism and Profiteering by Deception Counterpunch (helpful in CA).
...
MarkH • September 29, 2018 4:19 AM
A propos de: Claimed proof of Riemann Hypothesis
What little I've been able to find so far about Michael Atiyah's work on RH looks very much like the predictable failure.
Atiyah's resume is extremely impressive, with a long record of important work on a variety of problems (and some of the highest honors a mathematician can attain).
As far as I can make out, his most recent big accomplishment is more than 30 years old. This would have been well into his 50s, which is extraordinary in itself.
According to one of the very few useful articles about this, Atiyah has been making blunders in recent years. Clive wrote on another thread about how heartening it would be to see someone close to age 90 make such a breakthrough (I heartily agree). Sadly, Mr Atiyah's situation appears to be more like that of the fine old gentleman who doesn't realize that he's dribbling his soup down his chin.
In his Monday presentation, he claimed to base a proof of RH on the fine structure constant (~ 1/137), a curious constant from physics. This strikes me as much closer to mysticism than mathematics.
Worse than that, his claims were reportedly vague, sweeping, and unsubstantiated.
__________________________________
This reflects little discredit on Mr Atiyah. There's a lengthy history of very distinguished mathematicians offering invalid proofs of difficult conjectures, sometimes with really elementary mistakes.
Anyway, I gladly concede that at 89, he very likely has more brainpower than I did at my peak (in whichever long-past decade that may have been).
It's a great gift in life to know when you've lost your edge, and I'm sure that quite a lot of us fail to recognize it.
As some wit has said, "time is a great teacher ... who unfortunately kills all of his students." (Ouch!)
__________________________________
On a related matter, Clive wrote "I'm a firm believer that beyond a certain age it's the brain that keeps the body alive."
I've seen interesting anecdotal evidence for this, inasmuch as it seems that mathematicians and highly trained musicians tend to age well, and seem to have a higher longevity than typical, often remaining active and coherent at very advanced age.
I don't know whether this has been systematically checked, but I've long supposed that this kind of "brain labor" may contribute to overall health.
Clive Robinson • September 29, 2018 10:37 AM
@ Ratio, vas pup,
one of the “skeptics” will suddenly “remember” another piece of evidence or some question or other we really, REALLY, REALLY *MUST* deal with before we can say anything about who the perpetrators are.
Some what over dramatic me thinks, an attempt at oratory not logic.
The reality is law is about method and processes, not belief. Policing on belief goes by the more common name of "vigilantism", with the "He's black, the bible says black is the sign of evil, hang him quick"...
The method of law not emotive belief is reasoned legislation, that is based on over a thousand years of experience. From years of "trial by combat" where skill with weapons got replaced with the far nastier skill with words or oratory, with all it's "fake evidence" potential.
To balance this oratory a reliance on the interpretation of physical facts became part of the process, but even this had problems due to eye witnesses who earned a living by giving false testimony who because of the way they advertised their services were called "strawmen". Yes we still have problems but we are I hope still moving in the right ditection.
However the oratory "fake news" stage is the situation we are now in with the Salisbury nerve agent poisonings, and we need evidence to move us past it...
Publically we have credible suspects but why? Well a variation of Oratory, that is we have been given cherry picked information and words by the UK authorities, could it be "fake news"? There could be political advantages in it as we have seen with the US. Pit simply we actualy do not know, which is very important. Because what ever it is it has made many people jump the method and process of justice and just "believe" the persons in the pictures are "Them wot dun it".
But the reality is at best all we have been given by the UK authorities is "chery picked" thus weak circumstantial evidence. But as you should remember I said in response to your posting at the time it was the first evidence. That is like any journey the method is the map but the process has a first step which we hope is in the right direction.
Now we have an interesting state the next evidence that we have publically is Putin and two persons appearing on Russian television making claims. Is it "fake news" again we didn't know but it's fairly certain most Russian's believed or wanted to believe it was not fake news.
Since then we've had an investagative news source saying that one of the people on the program was a GRU agent that had been given Russia's highest medal personally by Putin. Has this been verified, apparently so to some level. Though now not unexpectedly there are others in Russia claiming the opposite, for various reasons. Which is the "fake news"?
In reality What you might chose to "believe" is immaterial as the next piece of news or evidence might change it. Which is just one reason why you need conformatory independent evidence for "beyond reasonable doubt" for the required method and process... Otherwise you are no better than a vigilante working themselves up for a "hanging party".
Predictably Russia is now claiming what has been said by the investagative journalists is "fake news" with out unsuprisingly offering any "evidence", this was very much to be expected, as Russia under Putin has a history of doing this over and over ad nausium.
Because at this stage the Russians are "playing to the home audience" and trying to kick the issue into the long grass, so situation normal for politics not just Russian politics.
The only way you can defeat "fake news" tactics by either side is not to work by "belief" but "evidence" produced by time tested "process" from time tested "method". The down side of being a member of the public is the governments involved these days rarely hand out evidence, as it's not in their interest to do so.
It realy is that simple, when you take the surface politics out of it, a choice. Historicaly a belief driven oratory system which we would describe as a "witch trial" which in reality is a legitimised "vigilantism" for entertainment. Or a time tested and refined "method" and it's "processes" that have over a millennium or more given us the closest thing to "justice" we have.
Which do you personaly want the entertainment of a much discredited medieval belief system that was compleatly abused by people with personal agenders. Or a system that atleast gives an opportunity to seek out the truth even though it has faults, and needs improvment.
Then put yourself in the position of the accused that is you are the person facing the "hanging party" or the considered opinion of your peers evaluating as best they can what factual evidence there is?
If however you were to ask me not what my reasond opinion which is "wait for the evidence" but to take a little wager on what I think most likely, then my answer might supprise you.
It is that there have been quite a few untimely deaths of Russian's in the UK who Putin and his friends would like to be rid of. For whatever reason the UK Police have put them down to natural causes and accidents. Taken in issolation each untimely death might have been an accident or natural causes. However collectively, I would guess somebody is getting away repeatedly with murder. Which if you check I've already said a number of times on this blog.
So the thought in my mind is if it is Putin "Why make it obvious?" that is what has he to gain by two obvious assasinations in just a few days one in Salisbury and one in New Malden just a few days appart?
So far we've heard next to nothing about the New Malden murder why?
Now a problem arises, were there two independent assasination teams or one?
Which raises the question of why two teams? If you are getting away with murder up in the range of twenty plus in a couple of years, why use more than just one team? Multiple teams means multiple tongues that could wag... Which would be undesirable from a security asspect.
So whilst I've a belief Russia under Putin has been getting away with multiple assasinations in the UK, I also believe the UK government are hiding quite a bit as well, for political reasons. Especially as the woman who is now the UK Prime Minister was directly responsible for the UK Police Forces at the time the assasinations were taking place, and she was being a very busy beaver slashing resources not just to the Police but also to the forensic resources they are very much dependent on.
Who do you think the British Public would behave if say the Evening Standard ran an article under the banner of "PM May responsible for 20 murderers escaping Justice" or more punchy?
Hence my thoughts about "Fake News" from both the Russian and UK governments...
I suspect the key that will unlock the answers is the New Malden assasination, which suprise suprise we are not hearing anything...
albert • September 29, 2018 4:37 PM
@Alejandro, @65535, etc.
On the about:config page, after searching for "http", just double-click on the "value', then hit , then .
. .. . .. --- ....
Hmm • September 29, 2018 7:00 PM
"The reality is law is about method and processes, not belief"
Before a judge or jury? It's more complex.
The reality is there is plenty, over-plenty of documented method and process already pointing to an unchallenged, factually uncontested conclusion that can't be realistically explained in any other way given the public facts at hand. (YMMV)
You can say you're waiting for evidence but repeatedly re-voicing doubts not based in the case data itself become a narrative unto itself, one that intangibly defends the credibly accused - as that which they use exclusively to defend themselves from compounding scrutiny, constantly sowing unrelated counter-doubts where little-to-none actually exists in the fact being currently discussed. https://en.wikipedia.org/wiki/Whataboutism
So without delving back (as I said I wouldn't and I don't want to) let's try to move on to something we DO have information about, rather than seem to keep trying to assert a negative by pointing at unknowns as if that's a credible doubt.
"So whilst I've a belief Russia under Putin has been getting away with multiple assasinations in the UK, I also believe the UK government are hiding quite a bit as well, for political reasons."
-That's mixing two things, muddying both.
I think you have a right to disagree, but to repeat vague skepticism over and over is unproductive.
After all we're not going to have access to anything "secret" until it no longer is.
So why speculate beyond what is publicly known? It's against your own stated interest.
That's the entirety of my point. Shall we move on now while the evidence continues to mount?
It appears to me we all agree that's the only course that changes any aspect of this argument.
(Let us also respect the past, as the future has given us opportunity to evaluate it in new light.)
Ratio • September 29, 2018 7:00 PM
@Thoth,
In case you haven’t figured it out what I meant, here’s a snippet of Java code that produces a copy temp of an array of bytes word that is rotated left by places bits:
// assumes 1 ≤ places ≤ 8 × word.length - 1
byte[] temp = new byte[word.length];
int m = places % 8;
int n = places / 8;
byte right = word[0];
for (int i = word.length - 1; i >= 0; i--) {
byte left = word[i];
int j =
(i - n + word.length) % word.length;
temp[j] = (byte)
(left << m) |
(((byte) right & 0xff) >>> (8 - m));
right = left;
}
The two (wrapped) lines in bold combine the two conceptual steps I mentioned: the bit twiddling produces the bits that would form the i-th byte after rotating left by m bits, but these are stored as the j-th byte instead, rotating left by another n bytes (= 8n bits) for a total of places (= m + 8n) bits.
Hmm • September 29, 2018 7:10 PM
"With regards LoJax what suprises me is how long it has taken to appear."
True, but it's a lot of testing to make sure they don't waste it. A lot of UEFI niches.
"as outlined in a 2016 presentation at a security conference called Zero Nights, and again in more detail this May by researchers at security firm NetScout. Essentially, Fancy Bear figured out how to manipulate code from a decade-old version of LoJack to get it to call back not to the intended server, but one manned instead by Russian spies. That’s LoJax. And it’s a devil to get rid of."
I didn't realize it was directly borrowing the CODE from Lojack, I thought just the vector...
Isn't that ridiculous.
Thoth • September 29, 2018 7:18 PM
@Ratio, Clive Robinson et. al.
Thanks to everyone who contributed.
I understand the posts regarding the bit shifts and was able to reproduce the entire setups by hand via manually writing on paper and executing them first and ensuring I can get the steps working correctly on a variety of input ranges before converting the manually computed steps writing to code as is my habit.
Thanks a lot again especially for the many code snippets.
Clive Robinson • September 29, 2018 10:26 PM
@ Hmm,
I didn't realize it was directly borrowing the CODE from Lojack, I thought just the vector...
Well as everyone knows, code reuse is the way the software industry is supposed to get efficiency ;-)
Actually the reuse of not just old vectors but old code as well in malware is something we are starting to see more of.
The implication is somebody is not doing their job somewhere. Which if you think about it for a little while is rather worrying.
Look at it this way the software vendor is at the root of a tree of responsability the leaf or end nodes are the individual machines. The further down the tree of responsability the somebody who is not doing their job is the smaller the number of viable targets under their responsability.
For it to be viable to reuse code in malware, the larger a target population is the more viable it is to do.
So at the bottom of the tree of responsability an attacker would need a very large number of "somebodies" not doing their job, but at the very top of the tree just one somebody is enough.
One implication of this is that the software vendor is in effect "re-opening closed vectors"... If that is the case then the question of "by Accident, by negligence, or by intent?" arises.
A similar question applies to nodes further down the tree. For instance we have the example of the decision by the UK Government Minister in charge of the NHS chosing not to pay for extended support for Win XP. Thus knowingly and for reasons of "political mantra" leaving tens of thousands of computers that it was not possible to upgrade but could not be replaced for the same reasons vulnerable...
All of which is rather worrying.
Hmm • September 29, 2018 10:41 PM
"The implication is somebody is not doing their job somewhere."
You nailed it, these decisions are top down from the business model itself.
Security for its own sake is not a profit venture. It's a logistical concern to them.
They do the minimum to get back to business as usual.
Going in and out of business is too cheap to be serious about security, bottom line I think.
Clive Robinson • September 30, 2018 1:03 AM
@ Hmm,
Going in and out of business is too cheap to be serious about security, bottom line I think.
From the security POV yes, and quality likewise.
But there is a counter argument about "inovation". You will find people arguing that keeping the cost of trying and failing low as well as not stigmatizing failure alows inovation to not just succeed but happen frequently thus providing significant growth etc.
The two POV's appear to be in opposition, thus is there a middle ground or alternative.
Honest answer I don't know, but I think it should be a high priority for society that we seek to find one.
Hmm • September 30, 2018 1:59 AM
"You will find people arguing that keeping the cost of trying and failing low as well as not stigmatizing failure alows inovation to not just succeed but happen frequently thus providing significant growth etc."
Well in the world of IP hoarders and holding companies divested of any real risk, the "low cost" of going in an out of business becomes a shell game. Their losses can be compartmentalized and excreted, gains averaged to avoid taxation, legal defenses concentrated and competition bought off, licensed or volume crushed. The growth goes right into the pocket of the controlling interest without any promises, those companies and products could be gone tomorrow. Innovation was never their concern, they exist to stifle it for their interest as able. Innovation they don't own is a threat to the bottom line, better to kill it in the cradle than compete. And so they do.
In a world where innovation was actually rewarded and entry to market really low as described, absolutely those dynamics would foster growth and new things. But that's not the world we live in AFAIK.
Hmm • September 30, 2018 2:05 AM
The entry to market for real innovation IP is extremely high.
The entry/exit for chisler / IP hoarders is comparatively near zero.
MarkH • September 30, 2018 2:38 AM
@Hmm:
I respectfully recommend asking ourselves, why is it so important to persuade (or in the alternative, refute the arguments of) one eccentric geek nearing retirement age?
It's a mannerism of Clive's, that he typically comments here in a professorial tone, bestowing Truth upon his humble audience. The particular topic may be one on which he has rare expertise of great value; or a topic he knows no better than millions of others; or one on which gaps of knowledge precipitate wrong conclusions.
It's easy for me to feel exasperated about this, but it's just human. I've observed that engineers (like other people in cognitively demanding professions) tend to have a confidence in the rightness of our conclusions, which is very often unjustified.
When writing here, I try to be really careful about facts (though I sometimes lazily dredge stuff from memory which turns out to be wrong), and to clearly label my speculations and opinions as such.
Most folks aren't that German about it, and mix wheat and chaff with reckless abandon.
On certain topics, even the best critical reasoners forsake all logic and are guided by emotion. Sadly, most seem to lack enough self awareness to recognize when they've crossed the line, and still imagine themselves to be constructing valid arguments. It's just human ... such a weak vessel, is the human mind.
Hmm • September 30, 2018 4:15 PM
@MarkH
"why is it so important to persuade (or in the alternative, refute the arguments of) one eccentric geek nearing retirement age?"
Age brings an opportunity for a range of experiences that others may not have gleaned.
The distillation of those experiences is potential wisdom. Don't discount that.
(Also I try to avoid bringing up age or such features lest intent be misunderstood.)
I try (sometimes fail) to avoid judging 'a person' rather than evaluate a specific line.
People have reasons for thinking the way they do, and those are of the interest to me.
Even when I disagree or am exasperated by them, I still need to deal with them.
They exist and for a reason - sometimes a good one, others perhaps less so.
TBH I don't want to persuade "them," I want to BE persuaded of something I don't already think.
In being challenged maybe he'll throw out something I hadn't considered. All the time.
Then I can think about that and incorporate those bits or have reasons to reject them.
Where by comparison would my process be if these other facets weren't ever considered?
Incomplete and untested, untraveled and inexplicable to other people.
Therein are universals of understanding between people who disagree.
In a final tally of all things, Clive and I agree on like 99% of it.
We just don't go over ALL those things we see 1:1, it'd be.. boring.
"Sadly, most seem to lack enough self awareness to recognize when they've crossed the line, and still imagine themselves to be constructing valid arguments."
- I think that's a realistic function of living in our own heads exclusively.
All the more reason to challenge ourselves to listen to fellows and find the truths.
Even when we disagree with some aspect, that's ok. It's necessary. It's epistemological.
Raise a glass to those you disagree with, share your mind. Convincing ourselves is too easy!
Cheers to all.
MarkH • September 30, 2018 11:59 PM
@Hmm:
I commend the desire you express to seek challenges to your ideas. That's a rare and valuable quality.
I'm lucky to have an old friend whose skills at critical reasoning surpass any I have seen in the comments on schneier.com. I don't mean to disparage anybody -- I include myself in this inferior bracket.
His field is public policy, in which he obtained an advanced degree at a widely esteemed university. A few times in an average year, I will tell him my thinking about a question of US public or foreign policy, and ask him, "what am I getting wrong here?"
My big emotional investment is in finding out truth, NOT defending my own version of that truth. I welcome solid refutation.
I'm thinking particularly about my old friend, because as good as he is, there are a few topics on which his emotions overwhelm his logic. When we debate matters in these domains, he makes elementary mistakes of reasoning which he would have shot full of holes, had another person pressed the same argument.
Again, this is simply being human, and psychologists have a good understanding of how reasoning degrades in the presence of strong emotion (especially fear).
I used to burn up a fair amount of time debating online, but in recent years have decided that it ain't worth the candle debating another who isn't offering an intellectually serious case.
When people are making rapid-fire logical errors (for example, category mistakes), making assertions whose falsehood can readily be ascertained, or reciting fabrications which I am highly confident originated in the Kremlin ... then I find no hope of enhancing my understanding of the question under debate, by continuing such dialogue.
That's not to say that there is nothing to be learned at all -- quite the contrary. After Russia invaded Ukraine, I was shocked to learn how many people accepted Russian fairy-tales as established fact, and was sincerely curious to learn, what kind of world-view and reasoning process is necessary to reach such conclusions?
The term "useful idiot" refers not to people who lack mental capacity, but rather those who are deceived into serving another's purpose without awareness that they do so.
I made a rather intensive study of typical patterns of reasoning and belief among the Kremlin's present crop of useful idiots (you will understand I mean sincere adherents of Western values*, not the trolls who labor on Russia's payroll).
Having come to an understanding which satisfied my curiosity (while leaving me mighty discouraged), I now rarely engage the reciters of Kremlin talking points.
_________________________________
* My impression is that almost all of them are political liberals, with whom I largely agree on fundamental philosophical matters such as ideals of justice. It's all the more concerning, to see how the folks on "my side" come to invalid conclusion on several important subjects, of which Putin's Russia is only one example :(
_________________________________
PS I've inferred that Clive and I are probably close contemporaries. I certainly don't regard him as somehow on a lower plane than myself, on account of years!
At the same time, I am daily reminded of the aging process and its toll. Our generation has (Thank God!) almost finished its damage to our poor world (and hopefully, gotten a couple of things right too).
It will mainly be up to younger folks, to resolve as best they can, the many and dangerous crises we leave in our wake.
Subscribe to comments on this entry
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.
Leave a comment