Hacking the GCHQ Backdoor

Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected:

In fact, we think when the ghost feature is active­ -- silently inserting a secret eavesdropping member into an otherwise end-to-end encrypted conversation in the manner described by the GCHQ authors­ -- it could be detected (by the target as well as certain third parties) with at least four different techniques: binary reverse engineering, cryptographic side channels, network-traffic analysis, and crash log analysis. Further, crash log analysis could lead unrelated third parties to find evidence of the ghost in use, and it's even possible that binary reverse engineering could lead researchers to find ways to disable the ghost capability on the client side. It should be obvious that none of these possibilities are desirable for law enforcement or society as a whole. And while we've theorized some types of mitigations that might make the ghost less detectable by particular techniques, they could also impose considerable costs to the network when deployed at the necessary scale, as well as creating new potential security risks or detection methods.

Other critiques of the system were written by Susan Landau and Matthew Green.

EDITED TO ADD (1/26): Good commentary on how to defeat the backdoor detection.

EDITED TO ADD (3/1): Another good essay on the security risks of this back door.

Posted on January 25, 2019 at 6:08 AM • 42 Comments

Comments

ChrisJanuary 25, 2019 7:35 AM

Long time listener, first time caller...
I'm not well versed in security nor am I aware of all the work on this front. But in the spirit of conversing on the challenge:

While reading this I thought of the work in WWII with Enigma. Could the end clients insert a fixed tiny string, embedded in the message and encrypted, that would allow the group wanting to break the encryption a foothold to drastically reduce cracking time. Similar to the phrase the British team searched for to crack the daily code knowing that phrase was always somewhere in the message.

You still have a number of the administrative issues you have with the proposal above however you retain end-to-end (1-to-1 not 1-to-many), could put some additional obfuscation routines for the string used (regular rotation, different for country/service/etc) or maybe it is only inserted upon a warrant.

It would also mean if you break in to the string store you don't have the keys to everything only an easier path to crack individual exchanges. May still take large resources to crack but wouldn't allow immediate decoding by anyone. The acceleration of processing power and quantum would make any time analysis obsolete by the time you finish the calculation.

ChrisJanuary 25, 2019 7:40 AM

If you could give your thoughts on that and compare it to the proposal you reviewed it would be appreciated.

ThothJanuary 25, 2019 9:13 AM

The problem now is those Government actors that have been asking for backdoors and front doors have always gave rather sketchy and abstract "suggestions" of what they perceived that they need to be able to eavesdrop and have always asked the industry to go figure out a way to do so with nothing concrete.

The winds have changed in the sense that these same actors have begun to figure out and come up with something more concrete of their own requirements (i.e. silently inserting nation state participants into encrypted conversation sessions) and the likes and are beginning to create their own technical proposals and specifications.

it's a matter of time that they would start to draft concrete technical architectures and guidelines for everyone in the IT/SEC industry to follow and shove it down forcefully everyone's throats.

It's the same as Clipper chip came to the scene where they wanted everyone to use it but eventually failed due to multiple reasons.

It seems like the same old cycle is coming back yet again.

Clive RobinsonJanuary 25, 2019 9:31 AM

@ All,

Unlike most of us Matthew Green has at least talked to the two GCHQ bods, who apparently have been doing a reverse "Louis Freeh"[1] in that they have been trolling around the US trying to sell the idea.

Matthew Green, gives more information on both the technical and political side which is worth reading.

He also had taken a side swipe at Ex FBI director James Comey, by effectively calling him a queen, in a very picturesque way ;-)

As Matthew Green points out the system that the GCHQ Two are proposing is based on a design flaw that not all mrssaging apps suffer from. And now their US Grand Tour is over they have effectively advertised the flaw loud and clear. As various vendors were in the process of fixing this flaw it's likely that they will now hasten their efforts to,

1, Avoid Bad Publicity.
2, Avoid loosing Market Share.
3, Avoid being stuck in a technical tar pool by legislation.

So the GCHQ Two might have done a lot of people a favour by killing off this idea. Something the GCHQ Two and their bosses must have been aware would be an outcome of pushing the idea.

Which in my hinky thinking mind brings up the 3Ws questions of "Who, What and Why". That is,

A, Who would benifit?
B, What would cause the benifit?
C, Why would they want that benifit?

As others posting in the past have accused me without reason, cause or evidence of needlessly speculating, I will let others think on it.

[1] Louis Freeh was a not very good Directorvof the FBI at the turn of the century and ended up "falling on his sword". However in the 1990's he went on a "Grand Tour" of European Capitals selling the "Going Dark" myth as far and wide as he could. His reason was he new that the US would never be the lead on bringing what is in effect a "Police State" on it's citizens. Thus his plan was to build a "ratchet effect" into getting his desired Police State Powers. Put simply he hoped to convince one or two orher Western Nations to take a small step in that direction, and use that to persuade other Western nations or the US to take a step, then go back to the first nations and using the changes that other nations had made as leverage get them to go up another notch. Thus if he could be persuasive enough and go round enough he could get all Western nations to ratchet up to handing over Police State Powers to the Nation Law Enforcment Agencies. Back then Crypto Wars One kicked off big style in the US over the NSA proposed key escrow system that they had built a rather convenient for them backdoor into. This was not a "spy on every one" back door the escrow system did that. No it was a supposadly NOBUS way of cheating the inbuilt Law Enforcment Access Field (LEAF) system that supposadly stopped people avoiding the key escrow system. Thus the NSA could have communications secure against the escrow system, that everyone else would be lumbered with. Unfortunatly for the NSA a mild mannered researcher Mat Blaze, not only discovered it but effectively advertised it far and wide. Whilst it might not have been the death knell of the NSA key escrow system it created "a bad political mesage" which hastened it's demise.

Clive RobinsonJanuary 25, 2019 10:18 AM

If you read the lengthy Susan Landau piece you will find the following,

    For what type of criminal activity? Are you tracking child porn? Insider threat?—Each of these might demonstrate interesting characteristics in the transmission that will aid an investigation. Different types of criminal activity may expose a particular set of time, place, and other communication characteristics that cannot be easily hidden by encryption. Just as each of the devices or communication systems will have certain aspects that are easier to push at, each of the criminal activities will have certain aspect of their action that provide critical telltale leads. GCHQ has been successful in cracking child porn, terrorism and other cases because it has followed these leads.

It is a good description of why the "Going Dark" argument is actually a myth. In other areas this information would be called "Meta-Data" or "OpSec-Failure" depending on who's side of the fence you are standing. From the SigInt aspect such Meta-Data is found using "Traffic Analysis" as has been pointed out in the past Trafic Analysis can actually be not just more powerful but more revealing than the actual message contents which could infact be meaningless.

The reason the message contents could be of no use to investigators is simple, it could be in code or cipher which they can not break into or in some cases even recognise it for what it is. Traffic analysis however follows patterns of communications looking for changes or other differences that indicate intentions, in some cases before those communicating even realise themselves.

Those that formed GCHQ after WWII invented Traffic Analysis during that war and it enabled predictions to be made in near real time, where as Enigma Decrypts might not happen for days or at all. The US who were informed of it likewise used it in the Pacific War against the Japanese to great effect. As it effectively sees the hand upon the ships wheel, not second guesses an Admirals thinking, that might change at any time.

FaustusJanuary 25, 2019 12:34 PM

@ Chris

Could the end clients insert a fixed tiny string, embedded in the message and encrypted, that would allow the group wanting to break the encryption a foothold to drastically reduce cracking time.

I would say no. The principal reason is that secure encryption is randomized. The same string is never (less than 2^-32 probability at most, probably less) encrypted the same way. Even if you knew exactly what string was being encrypted you would not be able to determine the key (within similar minuscule probability). Even with multiple strings chosen by you and encrypted (up to at least 2^31 or more) you would not be able to guess the key.

(The importance of randomization means that a bad random number generator is a big vulnerability in encryption.)

Secure encryption is secure against chosen plaintext (you choose what is encrypted) and chosen ciphertext (you chose other encrypted messages to decrypt besides your challenge message) attacks.

The commonly used AES is an example of such secure encryption.

The above is not a full proof, but it is a good basis for concluding that knowing or specifying a substring is not helpful in breaking encryption. In real life most messages are extremely likely to contain certain words and so such a property would make encryption pretty useless.

David RudlingJanuary 25, 2019 12:38 PM

@Clive Robinson
Good to see Traffic Analysis given the credit it deserves. Finally late last year GCHQ released the official history of Bletchley Park's SIXTA (Hut Six traffic Analysis) after a ridiculous 73 year delay. In assessing the direct contribution to ULTRA intelligence, not just internally to Hut 6, for the period JULY 1943 to NOVEMBER 1944 it states "The percentage of urgent Ultra reports carrying a comment based on T.A. advice was as high at times as 20 per cent. On Army-Air liaison networks, which gave a high proportion of the total tactical intelligence about German ground formations, the percentage was probably higher." Giving rise directly to 20% of urgent ULTRA material was no mean feat.

NathanJanuary 25, 2019 3:43 PM

@Chris

In addition to the fact that modern cryptosystems are not vulnerable to known plaintext attacks as Faustus explained above, there's the problem of keeping the secret words secret.

Anyone with access to the raw unencrypted contents of a message (like its recipient) would be able to see the secret word hidden in it. Now instead of having 1 secret (the key) that's easy to keep secret because only 2 entities in the whole world ever know what it is (and promptly destroy it when it's no longer needed), we have an extra piece of information that's known by at least 3. That means the attack surface has been increased by 50% (an extra participant) and probably more, since that extra participant has a juicy database with all the secret words in it.

Let's pretend, though, that there exists a cryptosystem that's perfectly secure except to governments. Journalists and activists in countries with oppressive governments are now unsafe. Is the benefit (nominally less human trafficking and lower crime in general) worth those people's lives? I can't say no definitively, but I also wouldn't want to be the person saying yes.

FaustusJanuary 25, 2019 6:53 PM

@ Chris

To be fully correct above I should have referenced

"AES
- not using Electronic Code Book (ECB) mode"
- with Message Authentication Code (MAC) on ciphertext (Encrypt-then-MAC)"

rather than AES alone as an example of secure encryption.

ECB is not randomized. The MAC detects tampering with the ciphertext. Tampering allows tricky attacks like https://crypto.stackexchange.com/questions/44071/aes-in-cbc-mode-is-totally-unsecure-if-no-defense-is-provided-for-padding-oracle

PleaseJanuary 26, 2019 2:08 AM

"As others posting in the past have accused me without reason, cause or evidence of needlessly speculating"

I'm sure nobody has ever witnessed such a thing, because you insinuate it.

Denton ScratchJanuary 26, 2019 4:12 AM

Landau says:

"Or as the British are fond of saying,'the proof is in the pudding'".

The proof is not 'in the pudding'. The saying is 'the proof of the pudding is in the eating'. That at least means something. What does it mean to say that the proof is in the pudding?

Denton ScratchJanuary 26, 2019 5:26 AM

Green says:

"In the worst-case outcome, we’ll be appointing agencies like GCHQ as the ultimate architect of Apple and Facebook’s communication systems."

Schemes like Signal (and PGP before it) were developed independently of communication providers. The internet is still a place where anyone can invent and deploy a protocol and set up a server. Attempts by three-letter agencies (e.g. GCHQ, which I know has four letters) to force comms providers like Apple and Facebook to backdoor their own systems are doomed, because wildcat comms providers will simply move in to the field.

I concede that wildcat communications systems are nowadays unfashionable. I have run my own mailserver for almost 20 years now; but nearly everyone I know uses gmail or hotmail. However wildcatting is a complete solution[1] to attempts by governments to mandate insecure comms. And unless the political architecture of the internet changes fundamentally, wildcatting will always be possible.

So I think these TLAs are on a hiding to nothing, if their goal is to frustrate serious crime - they will never be able to force insecure communications on people who are well-informed and determined. It follows that their real targets are not paedophiles and terrorists, but rather the bulk of the population.

Anyway, I guess the proof is in the pudding???

[1] Of course, governments can forbid wildcat mailservers, and imprison network operators who permit them on their networks. Or they can just try to shut down the internet. But even that won't defeat wildcats; before there was widespread internet there were bulletin board systems like Fidonet, running over POTS - these systems were entirely wildcat.

Clive RobinsonJanuary 26, 2019 8:37 AM

@ Denton Scratch,

The original was "The proof of the pudding is in the eating"[1]

But as with "often usage" you only had to say the first bit of "The proof of the pudding..." to get a nod of understanding.

Which has since WWII morphed to,

    The proof is in the pudding

Under the mistaken assumption by some it refers to much much older custom of a bean or later a silver thruppence in a plumb pudding, which confired "King for the day" on the lucky finder[2]

[1] Actually refered to the amount of meat in a suet pudding, not what we would call a pudding these days. Nearly all food would be "cooked in a kettle" which most would call a witches Calderon. It served a dual purpose, first to "slow cook" during the night as well as act as a bulk heat storage to keep a cottage etc warm with out the danger of sparks getting at the thatch etc whilst you slept around it in a chair, on the table or broad benches or even floor on a palliasse, that could be highly flamable.

[2] It's funny how things change, finding the "bean" which is what it once was got you treated as the Mystle King for the day. Then at dawn on the following day which was the shortest, you would be led into a field and your throat slit so your blood would bring fertility to the fields in the following year. So not exactly "a lucky find"...

Denton ScratchJanuary 26, 2019 8:53 AM

@Clive:

Really? Since WW2? I wasn't born then. I must have been raised by very traditional folk... maybe that explains my pedantic tendencies. Anyway, thanks for explaining.

&Thank youJanuary 26, 2019 10:52 AM

It's funny you know, but "mystle king" turns up NOT A GOD DAMN THING on google.

Not that anyone would ever have the temerity to call out a made up fact on this site.

Clive RobinsonJanuary 26, 2019 7:23 PM

@ &Thank you,

NOT A GOD DAMN THING on google

Looks like the Ratio of inability combined with that of dumb usage has poped up yet again...

If you actually knew anything at all about the alledged Druidic traditions you would know that one of the first written descriptions, of the mistletoe and the ancient/sacred oak fertility ritual was made by the Roman writer "Pliny the Elder" (Gaius Plinius Secundus). Although he had not seen it, because as with much of Pliny the Elders writtings, it was based not on first hand knowledge but what he got to hear about that he thought interesting[1].

The actual celtic ritual in various forms was practiced in quite a large part of pre-christian Europe and is remembered in the UK by the silver thrupence later sixpence now five pence in the figgy / plumb / xmas pudding. In France it's a little ceramic king in a sweet pie, and so on. It also made it's way to the USA,

https://blog.library.si.edu/blog/2013/01/04/twelfth-night-traditions-a-cake-a-bean-and-a-king/

The sacrifices also varied Pliny the Elder recording the sacrifice as being by the spilling of blood of bulls.

As for "mystle"[2] it's one spelling of the early word for Mistletoe (also "mistle" as in "mistle thrush" which eats the mistletoe berries). The plant in question was not like the more modern variety, it actually killed the Oak Tree with it's roots and the celts were well aware of it. It's been speculated that their collecting of it was to stop it killing the Oak, because amongst other things acorns were a very valuable source of food for certain live stock. Also as oak wood would apparently not get wood boring grubs[3] and was very strong and did not waterlog it was regarded as special to people who used rivers for transportation of trade goods etc.

At that pre-christian time around the winter solstice the snow white berry of mistletoe and the blood red of holly were about the only natural signs of life against their very green leaves, therefore had some symbolic meaning.

But as you should know one of the things Christianity is known for is stealing the traditions of earlier religions.

Any way once again some people are dumbly thinking that Google is the fount of all knowledge, and because they are incapable of searching correctly make wildly untrue accusations on which you have previous. So as you behave like an under the bridge cave dweller do everyone including yourself a favour and get back in your hole and stay there.

[1] The word "Druidae" is of Celtic origin, Pliny the Elder however believed incorrectly that it had a common route word (or cognat) with the Greek word "drus," meaning "an oak".

[2] Googles algorithms being historicaly "brain dead" due to being based on a weighting of word usage current to the Internet, thinks you mean "myrtle" which is an altogether different plant. But then it previously did not understand the usage of the "thorn" which looks like a capital Y but is actually not, it's a shortening of "TH" into a single charecter for carving. Which is why we get the "Ye olde pork pie fhope" with "Ye" actually pronounced as "The", not the jocularly dumb assed "yee".

[3] Oak actually does get wood boring grubs, for instance the once feared "Death Watch Beetle" which actually audibly knocks on the wood. But infestation was believed to only happen in English Oak after the oak has been felled and used as building material for around sixty years which was about one and a half times the average life expectancy back then. The ability of English Oak to resist wood boring grubs is the natural but very high levels of tannin[4] it has as well as it's close grained dense structure.

[4] tannin is a poison not just to insects but to fungi and mamals. Contrary to what,

https://www.britannica.com/science/tannin

Tannin and tanic acid are not the same (for instance the tea you drink has tannin in it but no tannic acid). It also has antimicrobial properties as well which means you can with care use English Oak as a preservative and flavoring for food and spirits,as well as the bark for leather.

65535January 26, 2019 10:08 PM

The GCHQ is selling snake oil.

One back door or one extra party to phone conversations will trickle down to criminal syndicates. Those backdoors will be abused. The GCHQ [ and probably the NSA] have run out of their cold war adversaries to fight or cannot successfully fight or track them [OMP hack – where was the NSA… Missing in action]. The GCHQ wants to creep into to law enforcement and mass survience. That is mission creep… and a bad example of it. They want 24/7/365 survielance of everyone or collect it all. They want push-button law enforcement. That is bad. It also breaks their oath to the US constitution.

“It’s worth noting that in the U.S. context, this is fundamentally a restatement of the Fourth Amendment—“no warrants shall issue, but upon probable cause”—and the requirements of the Wiretap Act, which permits the use of wiretapping in criminal cases only when other techniques appear unlikely to succeed…In the U.K., wiretap evidence is not introduced in court…[breaks the ] rulings of the European Court of Human Rights.”- Susan Landau

How true.

This is the exact reason the USA fought the war of independence from England. Our rights were stripped and our money was stolen by unfair taxation without reprentation. The USA rejects culture of Kingdoms and rejects those unfair traditions. Except for Chirstmas and the Word Series we don’t care for those repressive mechanisims -“Cultures of Kings” -and wrote a US Consitution.

Now back to mass spying and how to do it.

Double talk proposal by the GCHQ: "exceptional access solution should not fundamentally change the trust relationship between a service provider and its users."-GCHQ

“..the oft-repeated proposal that companies should use software update mechanisms to provide ways to unlock devices, would do exactly that.”- Susan Landau

Yes, I agree.

It is like forcing makers to put Clipper Chips into all computers. We have seen and done that cr*ppy bad idea. It is the S.O.S [Same Old Sh**] we have been through in the past.

Who wants booby-trapped updates from your “trusted” provider? I don’t.

It destroys trust between Apple and its customers. That is bad policy and bad business.

Who wants a ghost third person listening on their conversations? I don’t and I doubt Apple and it customer would want that.

Who wants stolen CA Certificats that give the GCHQ access to all your encrypted conversations and transactions? I don’t!

“Putting it another way, it's likely that the details of any [encryption back doored] system will leak out—and thus that the enemy will know the system. Thus security resides solely in the secrecy of the key. For this reason, public exposure of encryption algorithms provides an extremely valuable benefit: it enables outside cryptographers and security analysts to vet the algorithm. Such public vetting is important. The lack of [the publics] ability to vet the system means its security cannot be properly evaluated—and so, not surprisingly, cryptographers call proprietary encryption systems whose details are not public "snake oil."- Susan Landau

https://www.lawfareblog.com/exceptional-access-devil-details-0

I agree. The GCHQ is selling snake oil.

Clive RobinsonJanuary 27, 2019 3:10 AM

@ 65535,

It also breaks their oath to the US constitution.

I know you were refering to the US's NSA with that, but you last mentioned the UK's GCHG several sentances before.

Unfortunatly we have a trollish sock-puppet floating around at the moment who thinks they know everything because when they do a feeble search attempt via Google they claim "NOT A GOD DAMN THING on google",

https://www.schneier.com/blog/archives/2019/01/hacking_the_gch.html#c6788218

And as they've made themselves look stupid yet again for the umpteenth time. I don't want them going off and attacking somebody else.

@Wael and myself have been watching the behaviour and trying to work out where the real point of aim is, and we suspect it might actually be this blog and our host. Any way if they do pop up, then do as "Billy Goat Gruff" did and "off the bridge with the troll",

https://en.m.wikipedia.org/wiki/Three_Billy_Goats_Gruff

When you look at the Whitehouse picture, notice "the little hands" ;-)

MeherJanuary 27, 2019 7:11 PM

Moderator
Can you attend to the IP of the troll in the appropriate fashion?
This may include cross referencing it with recent scripting attacks on this blog

65535January 27, 2019 7:44 PM

@ Clive Robinson

“I know you were refering to the US's NSA with that, but you last mentioned the UK's GCHG several sentances before.”-Clive R

Yes, that is what I meant. I had to bang this out. I am not exactly Shakespeare or an expert on sentence construction.

Also, I have noticed the Toll trying to instigate arguments on this blog. This is a relative Hot-button blog and I would not doubt that some corporation’s PR firm say [Harris corporation the stingray maker] is hired to disrupt it.

Possibly, a K-street PR firm for any of the contractors working for any of the big TLAs. The Troll could be directly hired by the NSA for PR or even Public Retaliation on certain blogs. It could be any combination of the above. Who knows.

I try to ignore such undesirables. I am sure Bruce S. or the moderator has their IPs and can tell about where they are coming from – and probably could delete said posts.

ModeratorJanuary 28, 2019 9:26 AM

@Truth or Bust, @Oh please, @Ghost of Hmm, etc.: Your hostile comments and gobbledygook have been and will continue to be deleted. Please move on to a fulfilling, constructive life. @All: The troll craves attention. Please do not feed the troll.

RealFakeNewsJanuary 29, 2019 10:18 AM

Surely these backdoors only work thanks to a central server?? Encrypted traffic or not, if the messaging apps direct-connected to recipients, and "ghosts" would be rapidly detected, and subsequently easily blocked?

It seems trivial to me to secure messaging apps from such seemingly simple attacks.

I really wonder about the companies that develop these apps, and the people working for them.

Jonathan WilsonFebruary 1, 2019 4:29 AM

Until we can convince western law enforcement and intelligence agencies (FBI, DEA, NSA, GCHQ, ASIO, AFP and the others) that they dont need mass surveillance or backdoors to do the job of keeping their country safe and arresting bad guys, nothing is ever going to change in the realm of computer security (and yes I did just finish reading "Click here to kill everybody")

Clive RobinsonFebruary 6, 2019 1:45 AM

@ Jonathan Wilson,

Until we can convince ... law enforcement and intelligence agencies ... that they dont need mass surveillance or backdoors ... nothing is ever going to change in the realm of computer security

Not quite true, "nothing" implies a form of stasis, trust me it will get worse a lot worse with every passing day...

There is no downside for the agencies when it comes to the war of attrician that their grab for power is.

Untill the "citizens" convince the "politicians" to not just say NO to the LEAs and IC entities but actually institute a punishment regimen so they realy do have skin in the game then things will not change for the better.

One way to start the ball rolling might be to set up an indipendent review system that is free from political influance or lobbying etc (what those appropriations committees are supposed to be but are nothing even close these days). Not just for allocating budget but ethics and safeguards setting. But importantly back the committee with real researchers and scientists (that those US committees used to have before budget cutting). And most importantly make the submitting agencies pay for the committees time and researchers at a commerciall rate out of their buddget, oh and limit the number of submissions they can make in a year. Call it "bringing market forces to bare".

Whilst you can not stop political games with the way the underbelly of our government supply systems work, taking the "no loose" option out of the system for them puts their skin back in the game, and who knows "burning a few" might wake the others up.

C U AnonFebruary 6, 2019 2:28 AM

@ BS PP BS,

It's a new year, and after reviewing my available options with regards yellow cards and the mess that's still spreading as the polite invitation has gone unaccepted, and is clearly not going to be. To save certain people the time to clear the mess up I feel it's time to start looking into emulating other long timers.

Bong-Smoking Primitive Monkey-Brained SpookFebruary 6, 2019 3:19 AM

@C U Anon:

I feel it's time to start looking into emulating other long timers.

I hear ya! Sometimes you realize that your time is best spent doing other things you enjoy. Life is too short to deal with this ****.

I have problems with the eyes and work is getting to be too much. Perhaps a short emulation may help -- I don't know.

C U AnonFebruary 6, 2019 8:09 AM

@ BS PM BS,

Sometimes you realize that your time is best spent doing other things...

Yup, so I'll listen on this chan but it's over and out for now, how long I guess is up to others.

Bong-Smoking Primitive Monkey-Brained SpookFebruary 6, 2019 8:41 AM

@C U Anon,

You can always ignore them (or it). Don't give one or two coward individual(s) that much weight! 8PPM isn't worth that much ;)

C U AnonFebruary 7, 2019 5:35 PM

@ Bong-Smoking Primitive Monkey-Brained Spook : Your double up "guess" appears correct, but the mess is still there.

Bong-Smoking Primitive Monkey-Brained SpookFebruary 7, 2019 8:14 PM

@C U Anon:

but the mess is still there.

Dis cat thingy, don't need no dustpan to remove de garbage ;)

C U AnonFebruary 9, 2019 12:47 AM

@ Bong-Smoking Primitive Monkey-Brained Spook,

Dis cat thingy, don't need no dustpan to remove de garbage

I was thinking the "spread it thin" result from a run by with a "steam roller" technique, but those "who just stand by" generally don't like the "smuts" in the eye such steam roller approaches produce...

Bong-Smoking Primitive Monkey-Brained SpookFebruary 9, 2019 3:57 AM

@C U Anon:

"who just stand by" generally don't like the "smuts" in the eye such steam roller approaches produce...

Don't try to please everyone. You've got to get a few upset. Stoner[1] says: steam-roll'em. I'll cover me eyes :)

[1] 船長さんの命令

C U AnonFebruary 11, 2019 10:06 AM

@ Bong-Smoking Primitive Monkey-Brained Spook:

It would appear to be as you surmised, t 0841 "Type 2 / IT"...

Bong-Smoking Primitive Monkey-Brained SpookFebruary 11, 2019 10:24 AM

@C U Anon:

0841 "Type 2 / IT"

10-4 / recognize a campaign and don't give'em the time of day. Apparels are on sale these days. Buy one, get a few free. I recognize your other garment, by the way! Lol :)

Unfortunately I'm stuck on some deadlines, otherwise I would make a big bowl of popcorn (I'll smoke the husk too) and enjoy the show. Smile and don't let it get under your skin.

C U AnonFebruary 12, 2019 3:59 AM

@ Bong-Smoking Primitive Monkey-Brained Spook:

I recognize your other garment, by the way! Lol :)

Yeah I thought I'd go for a fashionably basic number, then was not so sure.

You were not the only one with a cautious eye, there were delayed delivery issues attached to the garment.

Part of the problem with smoke and mirrors, is sometimes what you think "is" is actually "not so". Thus caution dictates testing the ground ahead and as was once occasionaly joked "sometimes 'a size 14 boot stamped down' does not a good mine detector make, especially if you walk backwards...".

Tell me have you ever looked into the anthropological ideas behind "Cargo Cults" there are some odd dualities building up on the Internet these days with twitter tag naming and what goes on behind them with certain "click bait journalism" using them to manipulate those "not as up" to date on such things.

Any way those are for another day, onto much more important things. I hope that you eyes improve and you get a little bit more qiality time in your life.

Speaking of which I feel the need of fair wind in my hair and across the luff to stiffen the leech and hold the clew close in and a gentle lightly charted course to run as another personal year clocks over on the odometer of life. It's my only real "me day" in the calender and I generaly like to spend it "away" from civilisation. Somebody a little more famous than I am once noted of me that "Daniel Boone used to up sticks and move if he could see the smoke of another man's fire, which was totally gregarious compared to me having a 'get away'". He also observed only half jokingly that I would probably find deep space over crowded, sadly he's nolonger with us to stretch my other leg just a little. I'm not anti-social, good food good wine and convivial company I enjoy a lot, but I also like to have a place where I can shut the door or space to see people comming long before they see me. A place to think in peace, preferably a place to wander alone beholdent to no one. Sometimes I tell people there is a reason we call the button on a radio "the off switch" even though it's marked "on", but most don't get it. I guess unlike many others I've never felt the need to "live in others heads" especially when I've got a comfortable one of my own ;-)

Bong-Smoking Primitive Monkey-Brained SpookFebruary 12, 2019 6:01 AM

@C U Anon:

Tell me have you ever looked into the anthropological ideas behind "Cargo Cults"

I have not.

life. It's my only real "me day" in the calender

Ummm... For he's a jolly good fellow, for he's a jolly good fellow. Happy birthday?

I'm not anti-social,

Neither am I, but I'm not that "social" either!

A place to think in peace, preferably a place to wander alone

My kind of place.

C U AnonFebruary 12, 2019 11:48 AM

@ Bong-Smoking Primitive Monkey-Brained Spook:

I've managed to do a little reading this late afternoon, and a funny thing poped up.

I don't know about you but although I can think almost anywhere (including whilst riding a pushbike years ago). I still find whilst walking gently or absent mindlessly to the average onlooker was the most productive, with minor distractions like gently kicking a stone down a path etc adding to the process not detracting. Well it appears I am not alone, a study of lifestyles and activities of serious thinkers suggests that an unrelated distraction works well for them as well.

I guess the classic example would be Richard Feynman, who apparrntly did all his best thinking whilst either drumming or doodling on napkins in dancing girl bars... Whilst I've not tried it[1], it does strike me as being a wonderful excuse to be in one ;-)

Apparently one scientist being Scottish played golf, with his better scores coinciding with beter thinking.

Maybe it's just a random signal part of the brain needs to stir the thinking process up, I don't know but it would be nice to optimise the process.

[1] It was only in my younger days that I've been in such places as part of a night out crowd activity. I found them way to loud, noisy and above all smokey which I hated. I've been told by one or two Americans that their bars are more relaxed with the emphasis on bar not go-go.

Bong-Smoking Primitive Monkey-Brained SpookFebruary 12, 2019 12:25 PM

@C U Anon:

Richard Feynman

The man who didn't wash his hands after he used the bathroom!

in dancing girl bars...

He's done a lot more than that. His business...

a study of lifestyles and activities of serious thinkers suggests that an unrelated distraction works well for them as well.

Case-in-point: das Klo was the source of inspiration for some :-)

C U AnonFebruary 13, 2019 5:50 AM

@ Bong-Smoking Primitive Monkey-Brained Spook,

Case-in-point

Hmm, he had trouble starting a movment, untill he nailed his thesis to a church door...

Time to think up a lymeric, now what rhymes with thesis... Ohh hmm on second thoughts perhaps not, I think it would be more than a yellow card ;-)

Mind you it does throw a new light on the expression "May the devil take the hindmost"[1]. Which is in more modern times assumed to be the same as the order given on a sinking ship of "Every man for himself".

[1] The first time I heard it it was,"Deil tak the hindmost" which is from a little thing you hear once a year on Burns' night. Robert Burns' wrote his address/ode "To a Haggis" in 1787,

https://www.scottishpoetrylibrary.org.uk/poem/address-haggis/

I'll warn ye though, having done both, that getting yer toung around either the puddin or the poem can take some practice.

Clive RobinsonFebruary 17, 2019 1:32 PM

@ @ Bong-Smoking Primitive Monkey-Brained Spook,

Time for your 319 suggestion...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Security.