Friday Squid Blogging: Australian Fisherman Gets Inked

Pretty good video.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on November 9, 2018 at 4:07 PM • 66 Comments

Comments

AndersNovember 9, 2018 4:48 PM

Estonian Defense Forces documents marked for internal use only leaked from the document registry - they were searchable via Google.

Don't have time to translate the full story, sorry, but here's text in Estonian. Feel free to try Google translate - it's somewhat funny, but gives the basic overview, more or less.

---

Eesti julgeoleku eest vastutava kaitseväe avalikus dokumendiregistris rippusid aastaid avalikult asutusesiseseks kasutamiseks mõeldud dokumendid: delikaatsed isikuandmed, teave, mille avalikuks tulek kahjustab eraelu puutumatust, info kaitseväe varustuse ja turvameetmete kohta. Andmekaitse inspektsioon algatas järelevalvemenetluse.

„Saatsin seersandi p...i, kuna arvasin ja eeldasin, et ta pole ammu „saanud”,” põhjendas Kalevi jalaväepataljoni ajateenija, miks ta ei täitnud käsku minna WC-d koristama.

„Vaadata, mis läheb läbi, mis mitte. Kogu see protsess tundus minu jaoks põnev,” põhjendas staabi- ja sidekompanii ajateenijast nooremseersant väeosast loata lahkumist. Põgenemiseks rebis ta teise ajateenija vormi küljest nimesildi ja registreeris end pääslas võõra nimega.

„Avastasin oma naise teiste meestega joomast. See häiris mind väga. See pani ka mind jooma,” kirjeldas Kalevi pataljoni ajateenija sündmusi, mis juhtusid, kui ta tahtis oma tüdrukut ootamatu saabumisega üllatada. Ta ei saanud õigeks ajaks kaineks ja hilines väeossa 27 tundi.

Sauruse nime kandvas dokumendiregistris leidus sadakond seletuskirja või ettekannet, mille ajateenijad või nende ülemad kirjutasid distsiplinaarjuurdluse käigus. Nii seletuskirjade sisu (vaata kõrvallugu) kui ka fakt, et need olid avalikud, kahjustavad kaitseväe mainet.

Ajateenijad taunivad seletuskirjade avalikustamist

„Tunnen ennast siin väga ebakindlalt ja üksikuna, olen neli kuud maganud öösiti kaks-kolm tundi,” kirjeldas oma vaimset seisundit ajateenija, kes oli Tapa linnakust kolm päeva kadunud.

„Seletuskirjade sisu on väga personaalne, neid ei tohi ilma kirjutaja loata lugeda ka teised ajateenijad,” ütles reservväelane Taavi Kuuseok. Anonüümseks jääda soovinud reservväelane lisas, et ajateenijate teada lähevad seletuskirjad ainult leitnandi sahtlisse.

Peale isikliku teabe sai Saurusest vaid mõnenädalase nihkega lugeda, kes ja millist infot ohvitseridele ette kandis.

Peale isikliku teabe sai Saurusest vaid mõnenädalase nihkega lugeda, kes ja millist infot ohvitseridele ette kandis. Näiteks ühe nooremseersandist kadeti ettekandest sai nimeliselt teada, kes jagasid teavet väeosa kanepisuitsetajate ja -diilerite kohta.

Seletuskirjade kõrval sisaldasid juurdlustoimikud ka ajateenijate iseloomustusi. „Sõdur on laisk ja süüdimatu,” iseloomustas rühmaülem ajateenijat, kes ei täitnud käsku lõpetada lusikaga ühisest termosest söömine. „Minul kui ülemal puudub igasugune usaldus antud isiku vastu.”

Terviseandmed avalikult üleval

Sauruses leidus ka ajateenijate terviseandmeid. Ajateenija, kes pidi pühapäeva õhtul teenistusse ilmuma, tarbis terve nädalavahetuse alkoholi ja lõpetas joomise alles pühapäeva öösel. Mõistes, et on toime pannud süüteo, otsustas ta jätta teenistusse ilmumata halva tervise ettekäändel. Ta kutsus endale kiirabi. Kaart, mille kiirabi läbivaatuse käigus koostas, oli registris avalikult üleval.

Teise näitena rippus registris avalikult üleval fail, mis kirjeldas ajateenijal püsiva töövõimetuse tuvastamist 30% ulatuses. Failis oli näha ka täpne diagnoos.

Ajateenija, kes pidi pühapäeva õhtul teenistusse ilmuma, tarbis terve nädalavahetuse alkoholi ja lõpetas joomise alles pühapäeva öösel.

Andmekaitse inspektsiooni (AKI) avalike suhete nõuniku Signe Heibergi hinnangul kuulub ka joobeseisund terviseandmete hulka. Kaitseväe dokumendiregistris leidus aga mitu dokumenti, kus kajastus täpne joove koos isiku nimega.

Kõige suurem tuvastatud joobeaste oli reamehel, kes lubati välja neljaks tunniks. Selle ajaga suutis ajateenija tarbida alkoholi koguses, mis tekitas talle 4,8‰ joobe. Teise reamehe väljahingatavas õhus tuvastati alkoholisisaldus 1,78 mg/l ehk 3,7‰.

„See, et keegi nelja ja poole promillises joobes omal jalal väeossa tagasi tuli, paneb kulmu kergitama,” ütles psühhiaater Jaak Gramann. Tema sõnul võib nii-öelda algaja jaoks selline joove olla surmav.

Kohtulahendite register ja Google

Eestis tohib kedagi kinni pidada ainult kohtu loal. Väeosades koostatud juurdlustoimikud saadetakse kohtusse ning sealt tuleb kohtumäärus väeossa tagasi. Avalikust kohtulahendite registrist ajateenijate distsiplinaararestide kohtumäärusi ei leia. Isegi kui sealt leiabki kaitseväega seotud kohtulahendeid, siis on neis isikuandmed varjatud. Kaitseväe dokumendiregistris olid nii süüalused kui ka tunnistajad esitatud täisnimedega.

Pealegi aeguvad distsiplinaarkaristused kuus kuud pärast karistuse kandmist. Kaitseväe dokumendiregistris on vanimad karistused aga juba viis aastat nähtaval olnud.

Pealegi aeguvad distsiplinaarkaristused kuus kuud pärast karistuse kandmist. Kaitseväe dokumendiregistris on vanimad karistused aga juba viis aastat nähtaval olnud.

Riigiasutuste dokumendiregistrid peavad olema seadistatud selliselt, et nende sisu ei leiaks interneti otsingumootorite − näiteks Google’i − abil. Ehkki see ei käinud kogu kaitseväe dokumendiregistri kohta, oli võimalik ka lihtsa guugeldamisega jõuda isikuga seotud ajateenistuseaegse distsiplinaarkaristuseni. Google´i süsteemist nähtub, et probleemsed dokumendid on olnud avalikud juba aastaid. Ehkki kaitsevägi sulges probleemide ilmnedes Sauruse andmete korrastamiseks, kajastuvad Google´i otsingutulemustes endiselt probleemsete dokumentide katked.

Ametnik vastutab

Eestis kontrollib avaliku sektori asutuste dokumendiregistreid andmekaitse inspektsioon (AKI). AKI alustas 1. novembril kaitseväe kohta järelevalvemenetlust. „Digimajanduses on vaja luua usaldust selle kohta, kuidas asutused isikuandmeid kasutavad. Üks väga oluline mehhanism on kindlasti dokumendiregister. Isegi kui asutus töötab õigete väärtuste järgi ja toimetab korrektselt, siis dokumendiregister võib kõigele vee peale tõmmata, kui seal on avalikud dokumendid, mis avalikud olla ei tohi ja vastupidi,” selgitas AKI seisukohta avalike suhete nõunik Heiberg.

Kaitseväe avalikku dokumendiregistrisse panevad dokumente üles nende koostajad, väljastpoolt kaitseväge saabunud dokumendid sisestab selle ülesande saanud ametnik. „Dokumendi ebaõige märgistamise ja avalikustamise eest vastutab see konkreetne isik, kes on dokumendi jätnud märgistamata ja selle lohakusest või muul põhjusel avalikustanud,” ütles kaitseväe peastaabi pressijaoskonna nooremleitnant Taavi Laasik.

Laasiku sõnul selgub menetluse käigus vastus küsimusele, kuidas kaitsevägi pole viie aasta jooksul märganud, et nende avalikus dokumendiregistris on andmed, mida seal olla ei tohi. Kaitsevägi käivitab peale AKI menetluse samasuguse asjaolude selgitamise protsessi ning lubab tugevdada kontrolli avalikustatavate dokumentide üle.

AKI avalike suhete nõunik Signe Heiberg ütles, et karistusseadustiku alusel ei saa kaitseväele kui riigiasutusele karistust määrata. Rikkumise tuvastamise korral saab AKI määrata karistuse asutuse töötajatele, kes dokumentidega hooletult ümber käisid. Küsimusele trahvi suuruse kohta ei saa Heibergi sõnul menetluse ajal veel vastata.

Enne artikli trükkiminekut tuletas kaitseväe peastaabi pressijaoskond tudengitele meelde, et delikaatsete isikuandmete avaldamise korral on õigus väljaannet trahvida.

*Lehe trükiversioonis kirjutasid tudengid, et kaitseväe peastaabi pressijaoskond lubas tudengeid loo avalikustamise korral kuni 1200-eurose rahatrahviga, mis päris täpselt tõele ei vasta.

Lugu on valminud Tartu ülikooli ajakirjandustudengite tööna reporteritöö kursuse raames​​​​.

Ajakirjandustudengid tänavad oma juhendajaid Priit Pärnapuud, Signe Ivaskit ja Priit Pulleritsu.​

RG-2November 9, 2018 6:05 PM

Examining the penetration stages of social media into countries, we typical see varying degrees of chaos, riots and uprisings[0]. The more unstable the country, the more social media generates unrest. The last stage is can be a brutal government crackdowns which restricts or bans social media.

In the USA the constant feeding and social media addiction has polarized and divided the population. Most notably it created our ‘Pit Bull’ Press. They manipulating public opinion to generate outrage, advertising rates or further unstated agendas. Then keep repeating the same segment again and again. It would drive anyone crazy!
To cope Americans have many addictive drug choices to cope with the induced depression and stress[1]. Hence the legalization of marijuana[2] and the firing of those who opposed it.

The superb PBS Frontline documentary interviews key Facebook executives who tell the dark, dirty truth of a see-no-evil leadership who only care about profits. When confronted with gigantic uprisings they instantiated in other countries, they act polite but then excuse that they are ‘slow’ of mind.
In reality acceptance would confirm their Utopian vision of data-mining The World has collapsed [3].
https://www.pbs.org/wgbh/frontline/film/facebook-dilemma/#video-2

China’s Internet Alternative[4] or Cyber-Sovereignty
‘China’s regulators have trumpeted its concept of “cyber-sovereignty” since the inaugural conference in 2014. But the dichotomy between the American and Chinese tech industries has never attracted as much scrutiny as today, when the world’s two richest countries are butting heads in a conflict that may shape a new world order. As U.S. icons like Google and Facebook come under fire for privacy violations and enabling hate speech, their Chinese counterparts are touting theirs as the superior model: one geared toward the interests of the state.

The argument against China’s walled-garden (ed) fails to take into account a level of competition that puts the American industry to shame. Despite pervasive censorship, the Chinese internet has evolved into one of the most vibrant town halls the world’s fever seen -- it’s tough to truly rein in a billion people -- as an army of millenials live-stream in the millions and super apps thrive with more users than there are Americans. From Tencent’s WeChat to Bytedance Ltd.’s short-video repository Douyin, the GLOBAL INDUSTRY is starting to realize the richness of the Chinese internet.

Central to the idea of a Chinese-centric internet is data sovereignty and that information of citizens must be stored in-country (thanks to Ed Snowden) and accessible on demand, a concept enshrined in Chinese law since 2017. That philosophy has since been embraced by governments from India to Southeast Asia (Europe too).

China To Offer a Complete Internet Service Tailored to Each County’s Culture and Government

And as China plays the long game selling its concept of a closely controlled internet to the developing world - alongside the technology needed to pull it off - the Communist Party’s vision of a web where governments pull the strings could wind up the model for the next billion users. (Silicon Valley expansion is reportedly over).
“Every country is sovereign and understands its situation better than outsiders. We should never come and tell a country ‘this is good for you, this is bad for you’,” said former Pakistan Prime Minister Shaukat Aziz. “A sovereign country has to decide what’s good for it. I don’t think there’s one model that works for everything for any product around the world.” https://www.bloombergquint.com/technology/the-internet-is-splitting-in-two-amid-u-s-dispute-with-china

I’d really like to see a university study comparing China to American Internet innovation (including AI). A key concern is whether China is planning to ship other countries citizen data back to China. Is any mass surveillance software open-source yet[5]? China must surely must realize that each country wants control over of their internal Internet and citizens. Western corporations could license a country by country turn-key solution including hardware, software, AI, support and facilities. True innovation with huge contract rewards. Who wants to be the next billionaire?

[0] the ambitious but naive social media designers want to instill their personal values and biases upon different cultures. I’d like to teach the world to sing in MY perfect harmony too /s
[1] https://www.sciencedaily.com/releases/2018/11/181108164316.htm
[2] every-buddy must get stoned. Drop out. National Pot for Peace Day? /h
[3] social media and smart-phone growth has slowed or stopped. Cable falling off a cliff
[4] Looking back, China was brilliantly shrewd in excluding the worst of destructive American Data miners including Google, Facebook, Amazon(!) and the legions of secretive data-brokers[6]. Yet they allow the MS and Apple.
[5] ok that’s pretty funny (as IP is a one-way into China)
[6] the EU is beyond its transgression limit https://www.silicon.co.uk/workspace/information-commissioner-calls-for-regulation-of-social-media-238623

As Bruce states the Western governments need to start kicking as*!

Clive RobinsonNovember 10, 2018 5:20 AM

@ InSecure,

From the article,

In the meantime, this work suggests that the mere presence of Wi-Fi signals is a significant risk to privacy.

I've known that since before WiFi.

As I mentioned back when the TAO catalogue was being discussed both transmitters and receivers reveal their presence.

The clasic one being those automated direction finders the Police use to locate missing cars. They use four or more "electronicaly steered antennas" using "pin diode antenuators at the base of each antenna. The signal driving them is designed to get a sinewave amplitude increas and decrease in the antenna in almost the exact same way as if you were mechanically rotating it.

It is done at a relatively high frequency (800Hz) which would be the equivalent of 48,000RPM which would be at best impractical for a mechanical device of that size. The result though is that not only does it generate the desired direction information, it also creates a distortion in the RF field that acts like a low power transmitter, thus can be received by another receiver.

Back in the VHF Pirate Radio days of the 1980's we used this technique to know when the authorities were trying to Direction Find their way to the "studio link". Thus have early warning to go off air or switch to an alternative source. The way it worked was to have a receiver tuned to the link transmitter but not in direct sight, as a DF unit came close the receiver would pick up the modulation caused by the pin diode waveform as a tone on the audio output. A simple PLL tone detector and integrator system would make a sufficiently reliable alarm[1]

It was shortly after that time that those 10GHz "Gun diode" Doplar radar units for traffic lights became cheap and easy to get and thus a simple modification gave a 10GHz link the authorities did not then have the capability to track.

And it would appear that most "people forgot" yet again the lessons learned.

Some of us however did not, which is why we don't have RF sources that are not "caged" both in a screaned room which is also in a building that is screaned[2]. The screaning is not out of "paranoia" but because some hobbies just work better not getting all the low level and mains noise interference. It's the same principle as building a radio or optical telescope in an otherwise deserted valley.

[1] By the way the same technique works for picking up somebody using a number of early "Find, Fix and Finish" hand held receivers that used a similar designed antenna but at closer range. Which kind of makes the hunters very vulnerable to ambush and thus be "Finished" before their quarry. Something that was not mentioned in the TAO catalogue. But a "marketing point" that can be profitable if you design DF equipment that works by different principles...

[2] In the US and Australia this is relatively simple to do as aluminium external cladding is an easily available building material, as are still metal mesh "fly screans" for doorways and thus windows.

Jerome FosaaenNovember 10, 2018 6:38 AM

On October 26th @Bruce wrote of the arms race in creating/detecting fake video. Less than two weeks later, the White House Press Secretary Sarah Sanders retweeted a doctored video to justify revoking the "hard" White House press pass of CNN reporter Jim Acosta, who asks inconvenient questions of President Trump.

The doctored video seems to show Mr Acosta karate chopping a young woman's arm as she reaches to take the microphone from him. In fact, frames were added and the speed manipulated, and the audio deleted so you did not hear him say "Excuse me ma'am" as his arm brushed hers as she reaches for the mic.

As Bruce wrote in his blog post: "...the problem with fake videos goes deeper: they affect people even if they are later told that they are fake, and there always will be people that will believe they are real, despite any evidence to the contrary."

The video edits were relatively low tech, modest, and easily detected. What is amazing is that such blatant deception seems quite acceptable to President Trump; no apologies have been issued.

TimothyNovember 10, 2018 11:19 AM

The Five Eyes Countries spoke on a panel at the 2018 Aspen Cyber Summit on November 8, 2018.

Nicole Perlroth of the NYT moderated the discussion.

Nicole Perlroth at 1:59:54: “When we talk about security and good security hygiene sort of the elephant in the room these days seems to be the issue of encryption… Where do you all stand on the encryption debate and backdoor debate?

Earlier at 1:45:21 Nicole started the panel with the topic of attribution. Ciaran Martin, Director of the UK NCSC, talks about the Five Eyes Countries increasing stance on attribution and publishing details about threats that can help with remediation.

A Summit panel summary with times is available on the YouTube page; it includes panels covering: The Reality of the China Threat, “Five Eyes” Threat Briefing, A Cyber Agenda for 2019, Afternoon Keynote: A New Era for Data Privacy, and five more.

echoNovember 10, 2018 12:17 PM

https://www.theguardian.com/world/2018/nov/10/autonomous-drones-that-decide-who-they-kill-britain-funds-research

Britain funds research into drones that decide who they kill, says report.

Investigation reveals that technology for autonomous lethal weapons with artificial intelligence is being funded by MoD.

A spokesman for the MoD said: “There is no intent within the MOD to develop weapon systems that operate entirely without human input. Our weapons will always be under human control as an absolute guarantee of oversight, authority and accountability.”

I strongly suspect policy is a "legally arguable" loophole like previous slights of hand and denials. I expect a "trained officer" will be pressing their seratonin releasing gerbil pedal or yawning their way through an overlong shift. Unfortunately when you are dead a whitewashing public enquiry is too late and there are no Norton Utilities to undo formatting your conciousness out of existance with a missile.

KILL SOMEBODY

(Yes) (No) (Cancel)

We know how this works in practice!

h2odragonNovember 10, 2018 1:07 PM

(re video edits) "What is amazing is that such blatant deception seems quite acceptable to President Trump; no apologies have been issued."

OK, then, run the same analysis on other videos, see how they were edited. Is that just normal professional editing or is it imparting a deceptive spin with their video manipulations, too?

Clive RobinsonNovember 10, 2018 1:11 PM

@ echo,

We know how this works in practice!

Yup some people in Hawaii think they have only 15 minutes to live, thus do things they would not have otherwise done...

https://www.theguardian.com/us-news/2018/jan/13/hawaii-ballistic-missile-threat-alert-false-alarm

Well someone observed at the time that there "would probably be a bump in the births and marriages statistics", I guess that now we are about ten months down the line we will know if they are right or not...

FaustusNovember 10, 2018 2:00 PM

@ Anders

Black Death 1 certainly put up a beautiful description of the vulnerability and how to exploit it. Very impressive! His/her intelligence is palpable. Great link!

echoNovember 10, 2018 2:08 PM

@Clive

I don't know. I don't get people anymore. The world doesn't seem rationally driven or fair at all. It's a big mad scramble with dogs eating dogs and everyone forgetting what they were fighting for in the first place.

As per your advice (which I knew anyway but doesn't work in reality) I have a short comment to writeup on a request to know who the managering partner/practice manager is for a lawyers and contact details. This turned into staff making nosey demands and passing the parcel. The next thing I hear when I repeat for the Nth time the purpose of my contacting them and requesting a copy of their complaints procedure is the managing partner charging at me like a bull and making so many professional mistakes it's not funny followed by a door slam.

They don't know what the case is about nor was I telling them until we had discussed governance and professional standards and confidentially requirements, the balance of expertise between client and lawyers, and a plan to navigate the case with an agreement in writing prior to proceeding due to the need to protect my convention rights and reasonable adjustments among other things.

I'm fighting PTSD and depression every time this happens.

I also have a recent link I must dig up describing in eye watering detail how the beaurocracy is weaponised against vulnerable children who need and are entitled to help.

with regard to your link if someone revealed years later it was a "natural experiment" just to see what happned for no other reason than they could and "getting away with it" not being the same as legal I wouldn't disbelieve it.

There seems to be a lot of "static" like this about recently.

Clive RobinsonNovember 10, 2018 2:29 PM

@ echo,

Appart from HCI design issues, we act as though autonomous weapons are something new.

They are not, back in WWII the type 40 torpedo was given "independent targeting ability" in essence it was a "fire and forget" weapon that when it got to a certain range went into target acquisition mode and locked onto a target (any near target in fact) and self steared in.

Later we had air to ground and air to air missiles that likewise had independent targating ability.

Then there the various nuke delivery systems including cruise missiles.

Which is why we know that this comment from a UK MoD Spokesperson is compleatly false,

    Our weapons will always be under human control as an absolute guarantee of oversight, authority and accountability.”

That's the thing about all kinetic weapons, "oversight and authority" usually end when they leave the barrel or rack. Contrary to what some think Smart Weapons can extend authority to the point where the laws of physics can no longer be denied.

The thing about smart weapons is smaller payloads become much more effective. Thus a 250lb bomb can be delivered to a bunker door or cave entrance, rather than 50,000lb in multiple bombs pock marking a much larger area, possibly to no avail. Which generally means that collateral damage is likely to be much reduced.

But as we now know giving commanders smart weapons means they are more tempted to go after targets that would be ruled out with conventional weapons. That is dropping a bomb on a telephone exchange in a down town highly built up residential area. Which is only low collateral damage risk if the smart weapons are deployed and work flawlessly, which they have a habit of not doing...

It also throws the risk back on intel gathering. A smart weapon like a pilot can not tell the difference between a communications center and a hospital or factory making medicines, they deliver a payload where they are orderd to...

Thus the question arises as to at what point does the current risks of collateral damage get increased or decreased by giving smart weapons more autonomy.

The one thing we do know is war is very far from risk free and those who command the commanders will often push for targets that are on probability way to great a risk.

A study of NASA managment decisions over Space Shuttle launches shows that risk can easily be ignored when it has not yet --apparently-- gone wrong... Likewise in many areas of life humans are more optomistic than the cold hard logic of mathmatics and engineering...

Thus there is the possability that taking the decisions away from humans and giving it to machines could actually reduce --but not eliminate-- collateral damage risk... But would the War Hawks and Politicians allow that?

Well that's an open question, but history to date suggests that they would not under the notion of "positive action" / "first strike" is the best course of action. It's why we see the likes of the NSA giving priority to Attack over defence, where as virtually every independent security expert points out the plain stupidity of such behaviour...

echoNovember 10, 2018 2:32 PM

@Jerome Fosaaen, h2odragon

I read an article on this yesterday which went into the excrutiating details and explained how politicians and others have being using the tools of deception for years. Really people are hair splitting over the word "doctored". The whole video presentation was an altered reality. Any photographer worth their salt knows the camera tells a perspective on reality not "the truth". I'm sorry I don't have the link.

I'm not sure if it was in this article or another but I read how around the time of Newt Gingrich the US right wing developed a strategy of appropriating the other sides arguments and throwing in very corrosive and demonising attacks.

Somebody actually tried to pull this trick on me this past week. I made a claim verifiable simply by somebody looking themselves and de-escalated the situation. They barged in and they twisted everything around to make it seem like they were being objective and I was causing an argument. This was a petty abuse of power and designed to do nothing but muddy the waters and manufacture an excuse to get at me. I told them I wasn't taking the bait and they denied baiting me. You can't argue with irrational hatred.

Like most hustles the hustler always tries to move things along fast so nobody has time to stop and verify. Brexit is the same even as allegations of criminal misconduct and corruption and murky agendas surface.

https://inews.co.uk/opinion/comment/arron-banks-criminal-investigation-brexit-vote-void/

The Arron Banks criminal investigation could void Brexit – a lawyer explains how. The law tells us that every vote must be free and fair

echoNovember 10, 2018 3:12 PM

@Clive

Appart from HCI design issues, we act as though autonomous weapons are something new.

The general case is true. WhereI believe this differs is the weapon itself is becoming more autonomous. It's not so much a blunt hammer fired at a target but an AI capable of making selection decisions in a general environment. This is the critical difference.

Which is why we know that this comment from a UK MoD Spokesperson is compleatly false,
Our weapons will always be under human control as an absolute guarantee of oversight, authority and accountability.”

That's the thing about all kinetic weapons, "oversight and authority" usually end when they leave the barrel or rack. Contrary to what some think Smart Weapons can extend authority to the point where the laws of physics can no longer be denied.

I do agree with the general principle you articlate and your claim the MOD is telling fibs. The specialist case is slightly different though insofar as they pushing an on the face of it politically acceptable single bullet point but hidden behind this may be a fullblown AI with god knows what criteria available in its selection heuristic. Letting this off the leash is only one override, or NOP, or cosmic ray collision away. When in operational use in the field the AI will be gathering all kinds of telemetry which can be used to refine the heuristic even more even if it is not actually used.

At what point does under human control slide with clever lawyering to human "assistance".

I make no judgment on the technology or use of technology. I just dislike being lied to no matter how clever and benign the wordsmithing.

Well that's an open question, but history to date suggests that they would not under the notion of "positive action" / "first strike" is the best course of action. It's why we see the likes of the NSA giving priority to Attack over defence, where as virtually every independent security expert points out the plain stupidity of such behaviour...

They do seem to be in need of mood control.

echoNovember 10, 2018 3:20 PM

The Winning Trick at the World Championships of Magic Might Fry Your Brain Like an Egg
https://gizmodo.com/the-winning-trick-at-the-world-championships-of-magic-m-1830333869

This is not strictly speaking "security" but interests me because magicians are adept at a certain kind of deception and know the tricks to uncover deception. I suppose similar exists within other expert domains. Part of what intrigues me is this is a supplement in some ways to the "Masters of Disguise" topic because it articulates how advantage can be taken of points of view and how things can be made to be seen and unseen.

SpaceLifeFormNovember 10, 2018 5:19 PM

@Clive

So, I am scrolling and spot this:

"I've known that since before WiFi."

(no other context, just that line)

Immediate thought: 'this must be Clive'

Scroll back up, confirmed.

Men in BlackNovember 10, 2018 7:10 PM

@Anders

"vastutava" = somebody is responsible for something or supposed to answer for it or something like that.

"Tunnen ennast" = somebody has an opinion about it.

That's about the only words of this text I can make out.

AndersNovember 10, 2018 7:46 PM

@Men in Black

First one is correct, second one "Tunnen ennast" - means "I feel myself" in that context.

Men in BlackNovember 10, 2018 8:11 PM

@Anders

"Tunnen" would probably be literally translated "I know" in English in the sense of "I perceive" or "I am aware" -- but the verb "to know" is not really used that way in English because in this case the writer seems expressing an opinion rather than a fact, but it sounds a little bit more hard-headed and "stubborn" if you will, than simply saying "I feel" in English.

Stronger than "feel" but not quite as strong as "know."

I'm guessing "tunnen" ("tuntea") is pretty much the same as Finnish, but of course I'm going to be off here and there with that.

OtterNovember 10, 2018 8:42 PM

@ echo

Perhaps your stress would be somewhat reduced if you realized that they actually believe what they say. That's what they have been taught. They also believe they argue reasonably and respectfully and tolerantly. That's how they have been taught.

Human beings are not precise logic machines attached to vast accurate databases. They are rather messy stews of unknown and unknowable responses. That feels like it is gonna hurt. Donno why. Doneven know what. This worked last time. Well, it made me feel better.

Watch real people argue. Watch television and movies teach us how not to argue. Hardly ever about logic. The winner is not the one who establishes truth. The winner is the one who feels better. Or at least, not as bad as the other.

Watch politicians, who might be honourary humans. They never say what they know. They never say what they believe. They merely babble phases which have been pumped into their short term memories and telepromters.

Politicians, and bureaucrats, incompetent politicians, must be the saddest creatures in the universe. In a moment, everything they think they know and believe, everything they feel holy and comforting, can be replaced. A new briefing. A new teleprompter. In a moment, a real person might step in to inform them which fact, or rule, or cantation, is true here and now. Until the next time.

Don't watch for the word, action, or attitude, which will turn you into a seething mess of hurt and defeat. Watch what they do. Watch how they do. Watch why they do. Remember them. Go away and learn how to turn it against them. Reduce them to a floundering pile of loss and helplessness.

Once upon a time, they used to teach us this in schools. Some schools. We used to have books too. Instruction manuals.

We were taught that imperious lying bullies don't know how to be real conscious persons. They are imperious lying bullies because they are powerless ignorant failures. We were taught to tolerate and deal with them.

Above, you describe a string of helpless functions. They didn't know what you wanted. They had no authority to ask. They were forbidden to give it to you anyway. They were taught only to say no. And to kick you upstairs when you became belligerent. Finally, you reached the function who no more authority than the others, but a nicer suit. And no stairs they could or dared kick you up. He/she/it reacted to your intrusion with impotent rage.

(Anyone who does not meekly accept no is belligerent! Ask anyone with a gun or a desk, but no authority. Well, you have already asked that, indirectly.)

(An imperious lying bully with a gun is someone with a gun. Respect the gun.)

AndersNovember 11, 2018 4:23 AM

@Men in Black

The sentence you are referring:

The „Tunnen ennast siin väga ebakindlalt ja üksikuna, olen neli kuud maganud öösiti kaks-kolm tundi,” kirjeldas oma vaimset seisundit ajateenija, kes oli Tapa linnakust kolm päeva kadunud.

would be:

""I'm feeling (myself) very insecure and lonely here, i only got two or three hours of sleep each night during this four month" private describes his mental situation after being AWOL for three days"

Among those leaked documents there are disciplinary action documents, medical documents, cases involving heavy drinking, cannabis etc. It's still unclear why those documents were accessible from the internet via google search for years. Estonian Data Protection Inspectorate in now overseeing this incident.

RG-2November 11, 2018 7:13 AM

From Recode: Amazon’s HQ2 was a con, not a contest

“To dozens of cities across the United States, Amazon’s widely publicized search for a “second headquarters” looked like thousands of new jobs, up for grabs. To Pivot co-host Scott Galloway, it now looks like a “ruse.”
“I lease office space all the time for my businesses and I always tell my real estate agent, ‘We can lease any office in the world as long as I can walk there from where I live,’” Galloway said on the latest episode. “Amazon is now talking about having three headquarters, Seattle, Crystal City and Long Island City. The Bezos’s also own three homes, and the average distance from those three homes to a headquarters is 6.4 miles.
“This was never a contest,” he added. “It was a con meant to induce ridiculous terms that they then took to the cites all along that they knew they were going to be in.”
In other words: By soliciting bids from lots of place where it was never going to move, Galloway alleges, Amazon was probably able to get more tax breaks from the pre-determined “winners.””
https://www.recode.net/2018/11/9/18077342/amazon-hq2-headquarters-jeff-bezos-dc-ny-virginia-long-island-kara-swisher-scott-galloway
---
If true, is this the largest taxpayer con of all time? How much effort was expended by business and governments throughout America? Why were our city, government and business leaders so easily hoodwinked?

The evidence is rapidly building that Amazon leadership character has turned VERY DARK. They’ve also tarnished their sterling reputation by exploiting customer data given in trust.

Amazon is rapidly extending its evil tentacles similar to the pushing-the-privacy-envelope Google.
For example its Chinese inspired mass surveillance facial recognition AI weapon [1].

What separates Amazon from Silicon Valley is data security. Amazon has proven highly resistant to hacking. As a result our intelligence, law enforcement and Pentagon largely trust Amazon[2].

As pressure is building for Congress to regulate Silicon Valley, Amazon like Google have announced building up staff in NYC and Washington DC areas[3].

Obviously the real motive is building Wall St and political support[4] to counteract the coming data and privacy protection laws.

The Logical Outcome of Placing Trust in Cloud Storage or Putting All Your Eggs in One Basket
Imagine a brutal, ruthless, dark corporate AI system parsing the biggest data-mine of all; their own private cloud servers[5]? Yet we as a society have virtually no protection against this plausible yet mind boggling attack[6].


[1] both Google and Amazon employees have mass protested their secretive, dark corporate projects

[2] maybe Microsoft should win the Pentagon contract. However they have a working relationship with the Chinese government

[3] the hypocrisy is both cities are among the most expensive and stressful for employees to live

[4] creating jobs for the economy is always positive

[5] the resulting power to reign over would be limitless

[6] the ultimate irony is surveys rate Amazon and Google first in Trust

TõnisNovember 11, 2018 7:24 AM

@Otter, exceptionally enlightened reply to @echo -- thank you for it. I've saved it, as it was a pleasure to read. It's important to remember that most people don't have sufficiently high intellect to rise above minimal levels. E.g. they can't even reach discussions about morality, philosophy, logic, etc., and one must use psychology -- let them think they're right or "winning" -- to make any progress with them.

@Anders and others, I've enjoyed the discussion about Estonian. I read the long text. The language is slightly more advanced than my day-to-day Estonian, but I understood it when I read it slowly and remained focused. My Estonian vocabulary is much more limited than my English vocabulary. For example, I wouldn't have known that "ajateenia" meant "private" had I not read your reply or looked it up; that's not a word I would come across in my day-to-day life even in years.

echoNovember 11, 2018 12:38 PM

@Otter

Oh, so true. I'm utterly mentally exhausted with this kind of thing happening. Too exhausted to comment really.

I did point out to the "managing partner" the Companies Act and Health and Safety at Work Act and latest policies for the Legal Ombudsman then there is consumer law which explicitly allows for discussion of variation of contract. I haven't even got started on the Human Rights Act and Equality Act let alone potential perverting of the course of justice and various case law. As a lawyer he should know this! I have writing to do!

Men in BlackNovember 11, 2018 12:39 PM

@Anders

Tervitus!

So that's a "welcome" or is it some sort of a toast or a blessing for good health? Sort of like the Germans say "Gesundheit!" when somebody sneezes, but not exactly....

Clive RobinsonNovember 11, 2018 3:17 PM

@ ALL,

Why China frightens and fascinates the Western Techerati.

But do they realise what the price of supping with the devil will be?

https://www.theguardian.com/commentisfree/2018/nov/11/the-networker-how-the-new-china-confounds-everything-western-liberals-thought-about-the-internet

For those on this blog who have kept an ear and eye open it should not be at all surprising. Nor will the fact that most Western companies will "loose more than their shirts" if they try to play in the Devils play ground...

Perhaps what might surprise is that the likes of Amazon are taking one or three leaves out of the Chinese "play book"...

TõnisNovember 11, 2018 3:56 PM

@Men in Black, I'll defer to @Anders, but in my experience, for a toast one would use "Terviseks!" ("to (the) health!" A "tervitus" (noun) is a greeting, and I understood @Anders' use of the word as a greeting to me, almost like "Sveiks!" or "Aloha!"

Tõnis :D

TõnisNovember 11, 2018 4:02 PM

"Terviseks" -- a more literal translation might be "for health!" Also, Estonian doesn't have articles like e.g "the."

TõnisNovember 11, 2018 4:05 PM

Tervis = health
Terviseks = for health

Tervitus = greeting (noun)


Sorry -- I wish I could just edit my posts to add to them rather than keep adding these new ones, but it's not possible

AtAStoreNovember 11, 2018 5:02 PM

@Anders

Your VirtualBox 0 day, Github post, above, is well written and fascinating. For example:

All Hosts
All Guests...

Bob PaddockNovember 11, 2018 6:26 PM

Seems that China watched the 1981 cult-classic movie LOOKER and decided it was a good idea to actually do it.

In the movie lovely looking actresses (it is part of the movie plot) were being replaced with their digital representation.

China now is implementing that idea with a Digital Newscaster.

If things follow the movie plot in the Real World, we will reach a point where actors and actresses are unnecessary and indistinguishable between computer generated and real people.

So far you have no trouble knowing that this Digital Newscaster is not a real person. How long to that changes and then what are the security implications?

http://www.xinhuanet.com/english/2018-11/08/c_137591813.htm

https://www.imdb.com/title/tt0082677/

TimothyNovember 11, 2018 10:24 PM

The E12 or the European Intervention Initiative is a proposed defense collation (or ‘true European army") that has currently been agreed to by nine European countries, with Finland set to join. The original nine countries are Germany, Spain, the Netherlands, Belgium, Denmark, Estonia, Portugal, France, and Britain. The E12 would act independently of the EU and NATO and would be available to mount joint military operations or provide aid after a disaster. The initiative comes from the thought that Europe must be free to secure itself from Russia, China, or even the U.S. without relying on foreign aid.

The NATO military alliance that has guarded Europe since WWII recently held its largest exercise since the cold war. The premise of the NATO exercise called Trident Junction 2018 was premised on an invasion on Norway, causing the alliance to invoke its Article 5 mutual-defence clause. "The EU’s central and eastern European allies, like Poland and Estonia, are horrified by Mr Macron’s talk of protection against America. For all its troubles, NATO remains the only game in town.”

IsmarNovember 12, 2018 12:32 AM

Regarding the squid video- one can actually does not see the moment of “inking” so it makes me wander about how genuine the whole event was ?

k15November 12, 2018 8:57 AM

Is there an issue with mobile keyboards that could make it go through phases sometimes in the pre-coffee a.m. where it substitutes an adjacent letter for the one you typed? Where the momentary display at the keyboard shows the correct letter, then it changes to the wrong one? Only happens with some comments you're making and not on others?

Clive RobinsonNovember 12, 2018 9:29 AM

@ K15,

Is there an issue with mobile keyboards that could make it go through phases sometimes in the pre-coffee a.m. where it substitutes an adjacent letter for the one you typed?

What sort of kby, on screen, wifi, bluetooth, or even Wireless USB?

There are known issues with Android on screen kbys getting the wrong key if you don't quite hit the key square on (as I can attest to, and can be seen on some of my posts).

There is also if it is "befor the morning jolt" a possibility of "fat finger syndrome" where lack of alertness makes you hit the key more with the larger ball of your finger than the smaller tip of your finger.

Capacitive keys and some mechanical keys in a matrix get scanned, and also drbounced, you can get the scanrate and debounce times wrong in the hardware driver code that if you hit two keys in a certain way can cause the key to be read incorrectly.

k15November 12, 2018 9:51 AM

Thank you Clive. It is just the 'keyboard' on an Android phone. While the wrong-letter keyboard problem is happening, it is very consistent. Only happens with a very few, but common, letters. The 'transitory display' will show that I pressed the intended key, but then it will change to show the adjacent letter, and only the adjacent letter will appear in the word I am typing.
It still happens nearly as much when I am typing, carefully, with my little finger.

FaustusNovember 12, 2018 1:33 PM

Boingboing published an interesting link to descriptions of how AIs found unexpected solutions to problems: https://boingboing.net/2018/11/12/local-optima-r-us.html

This is what I like about working with AIs. I program them, but they create solutions that I don't anticipate.

Boingboing glosses this as AIs "gaming" the system, but for AIs any data you give them is as significant as any other. What seems like "gaming" or even "evil algorithms" to us is just AIs using all the available options in unexpected ways.

Which is a strong reason not to connect them to free roaming robots with chainsaws!!

Is it my imagination or have the ads on BB become easier to distinguish from articles, and the claims of career advancement through the BB store toned down? Good on them! After my thousand year ban for saying the equivalent of "Maybe it is not fair to guillotine all billionaires" I almost feel like my puny mortal words have been heard by the otiose deities in Kafka's Castle!

They gloss their forum rules as "Who shall be eaten first?" so I guess I should have been forewarned. The forum seems like a throwback to the harsh old BBS days when not just anybody could sit at the "cool" table. In the 90s I found The Well to be a spectacularly unwelcoming environment too.

All in all I feel a little less bonged by boingboing, which is a good thing, because I want to like them.

TimothyNovember 12, 2018 4:15 PM

The NITRD NCO* is seeking public comment for the Federal cybersecurity R&D strategic plan scheduled to be updated and released at the end of 2019. The plan must be updated every four years and is used to guide cybersecurity research in areas such as developing consensus-based standards and best practices.

The most recent version of the plan was released in February 2016.

There is a section in the current plan on ‘Cyber-Physical Systems and the Internet of Things’ as well as a list of technically-oriented objectives that address cryptography and the IoT.

*Networking and Information Technology Research and Development (NITRD), National Coordination Office (NCO)

TimothyNovember 12, 2018 5:15 PM

On November 5 the U.S. imposed sanctions against Iran targeting it’s growing nuclear program. It is illegal for European countries to obey these sanctions, as per rules designed by Europe who wants to keep Iran in the global trade fold. So when companies like British Airways and Air France both recently stopped flying to Tehran they ascribe it to other issues.

Per an August tweet from President Trump: “The Iran sanctions have officially been cast. These are the most biting sanctions ever imposed, and in November they ratchet up to yet another level. Anyone doing business with Iran will NOT be doing business with the United States. I am asking for WORLD PEACE, nothing less!”

MeriTalk published an article “What Iran Sanctions Mean For Cybersecurity” that references a recent report from the Foundation for Defense of Democracies (FDD). The November 6 report is titled “Evolving Menace Iran’s Use of Cyber-Enabled Economic Warfare.” From the MeriTalk article summarizing FDD's report:

“Chinese hackers pilfered ‘anything that looked like novel technical information,’” the FDD report explained, at times quoting the MalCrawler report. “Russians penetrated systems, ‘mapping them and implanting hard-to-find backdoor access for potential future use.’ In contrast, Iranian hackers sought to do ‘as much damage as possible.’ This is consistent with Iranian cyber behavior: Over the past decade, the Islamic Republic has shown it will exploit deficient cyber defenses to wreak havoc on its adversaries’ networks. The regime is now bolstering its capacity to cause even greater harm in the future.”

The report further explained that because Iran lacks “conventional forms of military, economic, and geopolitical power,” it uses “asymmetric capabilities to wage war against the United States and its allies.” While its asymmetric capabilities toolbox has previously included taking hostages, sponsoring terrorist activities, and overseas assassinations, FDD argued that Iran has added cyber-enabled economic warfare to its toolbox.

The article also summarizes the policy recommendations for countering Iranian cyber behavior outlined in FDD’s report.

Wesley ParishNovember 13, 2018 12:44 AM

@usual suspects

Shockingly, No One Trusts Facebook’s Portal Smart Displays
https://www.extremetech.com/internet/280352-shockingly-no-one-trusts-facebooks-portal-smart-displays

It’s a brave new world today: you can purchase a Facebook-powered smart display that lives in your home with a camera and always-on microphone. The Facebook Portal and Portal Plus are not the first smart displays with that sort of functionality, but this is Facebook. The remarkable thing about all the reviews is that everyone agrees the hardware is nice, and the video chat functionality is top-of-the-line. However, no one wants to recommend the Portal because no one trusts Facebook.

Nobody trusts Facebook? Who'd'a thunk it? Cambridge Analytica scandal taints Facebook. Nobody knows when it'll finally get rid of that stain.

And for something even more troubling:
Watch the film the Israel lobby didn’t want you to see
https://electronicintifada.net/content/watch-film-israel-lobby-didnt-want-you-see/25876

Several things worth commenting on - the Israel lobby is a quasi-state actor, and seems to get away with stuff that would bring instant condemnation if committed by the likes of the Russians or the Chinese; they confuse the issue, which is that of the state of Israel's implementation of policies that violate Palestinian human rights, with other issues; and they are scoring some rather horrible3 own goals by diving into Islamophobia.

Just for the record, the Crusades (against the Muslim-majority Middle East) were always preceded by the massacre of European Jewish populations; Islamophobia and anti-Semitism are historically linked. I accuse AIPAC and similar organizations of setting up the conditions for the massacre in the Tree of Life synagogue with their Islamophobic smear campaigns such as Julia Reifkind carried out in UCDavis.

vas pupNovember 14, 2018 11:26 AM

Spanish flu was one of the most serious pandemics humanity has faced over the last century. But there are others, and some have the capacity to be even deadlier:

http://www.bbc.com/future/story/20181101-the-mystery-viruses-far-worse-than-flu

Two extracts caught my attetion:

"One not-so-surprising finding was that the next pandemic will probably emerge from bats. No one knows why, but bats are absolutely riddled with nasty viruses. They’re known to be the source of many, many human pandemics, including Sars, which we picked up from cave-dwelling bats in China, as well as Ebola."

"Then there’s the risk of bioterrorism. It’s now possible to build viruses from scratch, using nothing more than their genetic sequence for instructions, so you don’t need to be a government scientist to have access to the world’s most lethal pathogen. If it’s ever released, the virus could change the world forever. As Bill Gates put it last year “With nuclear weapons, you’d think you would probably stop after killing 100 million. Smallpox won’t stop. Because the population is naïve, and there are no real preparations. That, if it got out and spread, would be a larger number.”

My take: During WWII even Hitler refused to develop biological weapon and use of chemical weapon at battle field. Both types of weapons are difficult to control/contain to enemy forces only. Japan did develop biological weapon, and Himmler cooperate with them on such research even without Fuhrer knowledge.
What about development of less-then-lethal biological or chemical weapon which affects only particular segment of population based on their genetics (e.g. becoming infertile, make them temporary black out, other weird for us not for military scenarios)?

TimothyNovember 14, 2018 2:19 PM

With regards to the topic of responsible disclosure, the Medical Device Innovation Consortium (MDIC) published a report on October 1 titled "Medical Device Cybersecurity Report: Advancing Coordinated Vulnerability Disclosure."

FDA Commissioner Scott Gottlieb, M.D. tweeted a link to a FDA Voices article that discusses the report and many events in the medical device ecosystem.

Section VI of the MDIC report reviews the legal and commercial considerations supporting medical device cybersecurity practices. Subsections of Section VI describe topics like product liability, securities fraud claims, federal criminal enforcement, privacy and data breaches, class actions and so on. An additional subsection also describes the litigation risks of not disclosing vulnerabilities:

H. The Potential Risk of Litigation Should Not Dissuade MDMs From Disclosing Vulnerabilities

Some MDMs may be concerned that the disclosure of potential vulnerabilities may invite lawsuits that are similar to those described above. As a general rule, disclosure is preferable for a variety of reasons:

  • The disclosure of vulnerabilities to FDA and other regulators may be required (see Section IV of this report).
  • Failure to disclose a vulnerability could itself be actionable.
  • A significant vulnerability is likely to be publicly disclosed at some point by a third party, so it is preferable to self-disclose while concurrently providing mitigation advice.
  • [ continues... ]


Commissioner Gottlieb M.D. also tweeted a link to a Washington Post article "The FDA is embracing ethical hackers in its push to secure medical devices" and he tweeted about a cybersecurity bill of materials:

"Updates to the draft guidance includes a cybersecurity bill of materials, a list of off-the-shelf software and hardware components of a device that could be susceptible to vulnerabilities, and introduces tiers of high and standard risks to devices https://go.usa.gov/xPRaA"

With regards to a cybersecurity bill of materials, Josh Corman, the co-founder of the security group I Am The Calvary and the CSO of PTC, gave an 8-minute presentation (starting at 44:30) on a Software Bill of Materials (SBOM) for medical devices at NTIA's Software Component Transparency meeting on July 19, 2018.

vas pupNovember 14, 2018 3:35 PM

@Clive - Thank you on provided link related to China.
My attention was caught by this part: "James O’Malley, a British journalist, was travelling on the Beijing-Shanghai bullet train when his reverie was interrupted by this announcement: “Dear passengers, people who travel without a ticket, or behave disorderly, or smoke in public areas, will be punished according to regulations and the behavior will be recorded in individual credit information system. To avoid a negative record of personal credit please follow the relevant regulations and help with the orders on the train and at the station.”"
I'll be glad same would be not only declared on the walls of US subway cars, but strictly enforced on daily basis. On the other hand, in China transportation (trains and stations) are clean, trains are running without delays. Just curious: is this possible only within authoritarian type of society? That is small thing, but old Italians still recall that time when trains started running on schedule - it was when Benito M. was the ruler.
Nobody should underestimate creativity of Chinese people. Even when they stole some technology/intellectual property from other nations, they not just mechanically make a copy by reverse engineering, but analyze and improve prototype. They did not spend time to reinvention of wheel - just use it as stepping stone and move forward.
Clive, do you remember when blueprints for design powerful pump station on big pipe was stolen by Russians from US? It was bug intentionally planted into design, so real pump made in accordance with blueprints was blown up in Russia. My assumption the probability of the same outcome with Chinese would be close to zero for the reason stated above.

echoNovember 14, 2018 5:25 PM

This is really interesting.

Friston’s free energy principle says that all life, at every scale of organization—from single cells to the human brain, with its billions of neurons—is driven by the same universal imperative, which can be reduced to a mathematical function. To be alive, he says, is to act in ways that reduce the gulf between your expectations and your sensory inputs. Or, in Fristonian terms, it is to minimize free energy.

[...]

Markov is the eponym of a concept called a Markov blanket, which in machine learning is essentially a shield that separates one set of variables from others in a layered, hierarchical system. The psychologist Christopher Frith—who has an h-index on par with Friston’s—once described a Markov blanket as “a cognitive version of a cell membrane, shielding states inside the blanket from states outside.”

[...]

The concept of free energy itself comes from physics, which means it’s difficult to explain precisely without wading into mathematical formulas. In a sense that’s what makes it powerful: It isn’t a merely rhetorical concept. It’s a measurable quantity that can be modeled, using much the same math that Friston has used to interpret brain images to such world-­changing effect. But if you translate the concept from math into English, here’s roughly what you get: Free energy is the difference between the states you expect to be in and the states your sensors tell you that you are in. Or, to put it another way, when you are minimizing free energy, you are minimizing surprise.

echoNovember 14, 2018 8:24 PM

@Clive

Which brings us back to "just what can you get on a Rizzler" cigarette paper where space is somewhat short in both directions.

Thus I'm still doubtful that an ordinary mortal using ordinary pens etc will get a 256bit AES key to fit when hand written no matter how you encode it.

As your comment rolled off the top page I thought I'd return to this as it has been niggling me.

Base 36 gives a little more compression. You can also use both sides.

In Hex I can fit an AES 256 bit key on one whole side using an HB pencil relatively easily and wasn't being careful. It was a proof of concept first try.

JG4November 15, 2018 5:41 AM


Thanks for the good and frequently great discussion. I've been busy or you'd hear from me more often.

@HJohn - Thanks. I can be a dumbass.

@echo - Your discussion of free energy is closely related to my lost post about entropy maximization. I got a very nice note from Dorion on the topic and once I've digested it, and catch up, I will repost. With apologies to von Clausewitz, "War is the continuation of entropy maximization by other means," the most effective means that humans have ever discovered. Tribalism and entropy maximization are the entwined roots of the need for security. Money is a proxy for Gibbs free energy and plays a major role in capitalism.

@Clive - The Buster Keaton movie Sherlock Jr. shows exploding billiard balls. I had thought he had a pocket full and threw them one by one like hand grenades at hard surfaces in an alley, but that may be a different movie. One relevant term of art is acid hydrolysis.

@vas pup - Your point is well taken, and people in the US underestimated the Japanese in the 1960's. Their quality revolution was done without PCs. The Chinese will get pollution and quality right as they progress and both will shock the west. The Chinese were caught flat-footed with a stolen formula for electrolytic capacitors. Dell took a $300M charge to cover their part of the damages.

Clive RobinsonNovember 15, 2018 6:14 AM

@ vas pup,

That is small thing, but old Italians still recall that time when trains started running on schedule - it was when Benito M. was the ruler.

According to some historians that belongs in the myths section of urban legands.

According to one if memory serves correctly, the train punctuality was worse after he became leader than it was before, and... The only train that he supposadly got to run on time was the one on on 28 October 1922 bringing him to take up his post after another myth of fascist propaganda the "Great March on Rome". The train was actually organised on behalf of the then King of Italy Vittorio Emanuele and the then democratic government who were appointing Benito Mussolini as prime minister of Italy... Which he then turned into a fascist state he controled for the next couple of degades, untill some Italian's quite litterly "kicked him to the road side"[1]

Never trust the memory of old people, according to them it was always better in the past than it is today... Because they were younger and fitter thus could do more both physically and socially, however when you get old and more decrepit you get weak and slow and people ignore you because you are nolonger seen as "Young and dynamic"... The only way to not be ignored is to make your pressence felt by having others exert physical power on your command when you have the power to command them, or by making a nuisance of your self by saying how much better things were back when people listened to you, or atleast you thought they did...

Although Winston Churchill did not say it for certain people "tradition" realy does involve "Rum, sodomy and the lash" that they experienced in various forms in their formative years. Now I'm assuming that like many your first quater century did not have such "questionable delights" in it. So when some old fart suggests that A, there is nothing wrong with it. B, It is character forming. C, Instills discipline and moral fiber. Thus D, What we should all be doing today especially to our children... You might have reason to disagree with their viewpoint..

Well it's exactly the same "misremembered, joys of youth" as "Il Duce got trains to run on time". Especially by those who were to young to use trains let alone own a watch (those that were are by distance of time nolonger with us). But all the same were old enough to here the propaganda before their brains had developed sufficiently to question what they were told.

https://www.independent.co.uk/voices/rear-window-making-italy-work-did-mussolini-really-get-the-trains-running-on-time-1367688.html

https://www.snopes.com/fact-check/loco-motive/

[1] The "official" story is he was attempting to escape to Switzerland in a German convoy that had been halted by an Italian Communist group. In exchange for passage the germans had to turn over all italians. Which they agreed to however Il Duce was found colapsed and unresponsive slumped over a vehicles stearing wheel, he was then draged and kicked to the roadside where he remained unresponsive. He was executed the following day and his body dumped in a square in Milan where "the people" then extensively abused the body further... There are other stories including one about British Special Forces, but the official story appears to match the few known facts more accurately.

Clive RobinsonNovember 15, 2018 6:42 AM

@ vas pup,

do you remember when blueprints for design powerful pump station on big pipe was stolen by Russians from US? It was bug intentionally planted into design, so real pump made in accordance with blueprints was blown up in Russia.

That is the story the CIA put about after the event that was at the time supposadly the largest non nuclear man made explosion at the time.

However there are lots of different stories of what the CIA supposedly did... Many of which --if not all-- fail to tie up with the facts. The nearest was deliberatly modified software on industrial control equipment purchased in Europe. But you have to remember it was the Russian's that had the longest and best successes puting implants into US equipment, and certainly had better software developers for whom reverse engineering and tidying up "western software" was an everyday activity.

Thus you have to ask why they would have let such a bug/implant through?

There are other stories it was infact a terrorist attack that was covered up. However Russia did have a reputation for authoritarianism managment where engineers with concerns were frequently over ruled. Thus it could have been a precursor to Chernobyl in that respect.

As for China stealing IP and improving it, there is the story about them stealibg the F35 plans, sorting out the issues and getting their version flying oh atleast two years prior to the US and for less thsn.a 1/10th the price. Hence industry jokes that "The US should have outsourced it to Beijing like the rest of US industry".

The real sad thing about the F35 apart from it's a mobile scrap heap disguised as a hearse, is the UK Gov giving the US the working reliable and more than sufficient Sea Harrier VTOL "jump jet" for next to nothing in return for a supposed discount on the F35 that any idiot except a politician would know would never materialize. With costs escalating out of countrol and knock on effects in other areas the F35 is the largest tuskless albino pachyderm ever born in the famed pachyderm graveyard...

echoNovember 15, 2018 8:33 AM

@Clive

I just proved a 256 bit AES keycan be hand written on a cigarette paper by a normal person without special equipment and you ignore this when you claimed the opposite? It's no big deal so what is it with people today?

Clive RobinsonNovember 15, 2018 11:04 AM

@ echo,

It's no big deal so what is it with people today?

Err it's just that this is not the thread we were talking on, and I was trying to think up a tactful way to say it...

vas pupNovember 15, 2018 12:36 PM

https://www.bbc.com/news/business-46064166

"New materials certainly show promise. Cement mixtures made from power station waste could turn buildings in to batteries, for example.

These potassium-geopolymetric (KGP) composites are cheaper than ordinary cement and can store electricity. A six-metre tall lamp-post made from KGP and equipped with a small solar panel could hold enough energy to power itself throughout the evening, researchers say."

Looks like good for perimeter security utilization (military bases, border wall, prisons, etc.) It combines mechanical (concrete) obstruction with lightning after sunset.

echoNovember 15, 2018 12:59 PM

@Clive

Err it's just that this is not the thread we were talking on, and I was trying to think up a tactful way to say it...

This why I explicity said it was a rollover issue because the topic had rolled off the front page. In any case there's nothing to prevent you posting a notice and continuing in the other topic with appropriate quotations.

As for the Specture topic and switchable high and low assurance modes I already proposed this which was later proposed by engineers in discussiona as a workable solution. I thought the world had moved on. For some reason everyone missed this and has dived in to dig everything up and make discussion much more muddled and problematic. I'm still trying to untangle this without causing a stink.

@vas pup

New materials science is fascinating. I don't understand half of a percent of it so I'm glad it's somebody else's job to worry about this.

I personally miss thedays when approachable experts discussed topics like this whether it's people like Bertrand Russel or J EGordon or Heinze Wolfe. The factthings are sanitised first by corporate media and brand names hiding behind commercialised walled gardens and PR driven awards ceremonies and God knows what other filters robs me of enthusiasm.

echoNovember 16, 2018 9:43 AM

@Clive

I have now corned you in two topics. I haveproven it is possible by an ordinary human being to write with no special instruments or training a 256 bit AESkey on one side of a cigarette paper. I'm not getting what the issue is here? A simple acknowledgement would be a start. If this is a male ego thing I'm not interested.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.