Friday Squid Blogging: A Tracking Device for Squid

Really:

After years of "making do" with the available technology for his squid studies, Mooney created a versatile tag that allows him to research squid behavior. With the help of Kakani Katija, an engineer adapting the tag for jellyfish at California's Monterey Bay Aquarium Research Institute (MBARI), Mooney's team is creating a replicable system flexible enough to work across a range of soft-bodied marine animals. As Mooney and Katija refine the tags, they plan to produce an adaptable, open-source package that scientists researching other marine invertebrates can also use.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on February 22, 2019 at 4:09 PM • 73 Comments

Comments

JC DentonFebruary 22, 2019 5:13 PM

The obvious question: is tracking squid like this a violation of their digital rights?

TatütataFebruary 22, 2019 5:16 PM

Cute! I guess we'd better start discussing IoS security. (Internet of Squids).

I notice a new picture on the right hand side. On the flap of the laptop I can "This machine kills fascists". Technology is not politically neutral after all.

TatütataFebruary 22, 2019 5:22 PM

The wired (or wirelessed?) cephalopod reminds me of the German construction "Datenkrake", "Data octopus", which is a designation for Big Tech evocative of a 1904 cartoon called the "Standard Oil octopus", by Udo J. Keppler. This word was allegedly borrowed by the English language according to Wiktionary.

TatütataFebruary 22, 2019 5:34 PM

I looked up the expression "This machine kills fascists", and learned that this is a quotation of Woody Guthrie. With that kind of pedigree you might still be safe in Trumpistanian airports. Well, I go to sleep a little less stoopid tonight.

When I first heard "This land" as a kid I totally misinterpreted it, thinking it was some sort of nationalist hymn. Silly.

I particularly like (or despair from) the 1993 MDC version:

This land is your land, this land is my land
From Love Canal to Three Mile Island
From the Livermore labs to the offshore rigs
This land was made for you and me
...

FaustusFebruary 22, 2019 6:05 PM

@ Tatütata

Everybody is somebody's fascist, so I think we should beware of machines that kill fascists. The next fascist they come for may be you.

Anyhow, isn't it clear by now that The Machine That Kill Fascists is running a celeron at 800GHz? I prefer The Machine That Tickles Fascists Until They Laugh Like Little Babies running a new i9 X chip at 5GHz.

It's time to upgrade this Killing X (where X could be whatever) mind technology.

FaustusFebruary 22, 2019 6:08 PM

Where is the edit capability when you need it? The Machine That Kills Fascists runs at 800MHz.

JG4February 22, 2019 6:37 PM


Thanks for the biting wit. I don't think that we could live without it, nor survive without gallows humor. Ignoring the distinction between live and survive.

Extra credit: articulate the connection between entropy maximization and humor. Extra extra credit: explain why humor goes to the heart of security.

https://www.nakedcapitalism.com/2019/02/links-2-22-19.html
...

Are we on the road to civilisation collapse? BBC (Dr. Kevin)
...

New Cold War

Russian Attacks Hit US-European Think Tank Emails, Says Microsoft Defense One
...

Big Brother is Watching You Watch

[I recommend tinfoil tape]

American Airlines Has Cameras In Their Screens Too BuzzFeed. Oh, great, I have to bring masking tape when I travel?

China Uses DNA to Track Its People, With the Help of American Expertise New York Times

Facebook Continued To Identify Users Who Are Interested in Nazis — and Then Used the Info To Let Advertisers Target Them, Investigation Finds Los Angeles Times
...

Imperial Collapse Watch

AFRICOM Adds Logistics Hub in West Africa, Hinting at an Enduring US Presence Defense One (resilc)
...

FAT Anomalies In Leaked DNC Emails Suggest Use Of Thumbdrive Disobedient Media (furzy). Not news if you’ve been following this controversy.

Inside a Fly-by-Night Operation to Harvest Ballots in North Carolina New York Times (resilc)
...

Experts Find Serious Problems With Switzerland’s Online Voting System Before Public Penetration Test Even Begins Motherboard. Paging CalPERS…..
...

Waymo Self-Driving Cars Can Now Obey Police Hand Signals Futurism. Oh, come on. I challenge them to be able to recognize the highly variable and always fast hand signals used by cops at 57th and Lex, where the traffic police regularly camp out (often more to deter gridlocking than anything else). And on top of that, what will these cars do if a traffic cop is giving directions that contradict traffic lights, which often happens? Or disobey a traffic light because that’s the only way to clear a path for an emergency vehicle?
...

Class Warfare

The AI Road to Serfdom? Project Syndicate

Google Will End Forced Arbitration For Employees CNET
...

Winston SmithFebruary 22, 2019 7:12 PM

Wall St. Journal reports that many of the most popular apps in the Google store and the Apple store send user data directly to Facebook without user knowledge, regardless of owning a Facebook account.

https://www.wsj.com/articles/you-give-apps-sensitive-personal-information-then-they-tell-facebook-11550851636

Summation from the article, "None of those apps provided users any apparent way to stop that information from being sent to Facebook."

These sorts of stories-- once shocking-- are now shrugged off as normal. The only way to win is not to play and that's not a particularly realistic choice for many who wish to remain on the grid.

Bob Dylan's Frosty MugFebruary 22, 2019 7:19 PM

https://reason.com/volokh/2019/02/22/short-circuit-a-roundup-of-recent-federa

Intelligence officer works long hours managing high stress situation—Edward Snowden. She's diagnosed with depression; her once "outstanding" performance deteriorates. She takes medical leave, is recommended for another position by an interview panel but is blocked by management. Fourth Circuit: Her claim that the agency interfered with her ability to take FMLA medical leave ought to go to trial.

I find it amusing that after all these years the NSA is still dealing with the legal fallout from the Edward Snowden affair.

HummmmFebruary 22, 2019 7:24 PM

@confused

I had not looked at the photo that closely. So the question becomes how much money did @bruce get paid for that product placement?

gordoFebruary 22, 2019 9:19 PM

@Ismar,

Re authenticity of the @Bruce’s photo- it does not pass the basic Pub test as we say it here in Australia.

@Bruce and his trusty laptop on Capitol Hill:

https://youtu.be/4_ydofXb7mU?t=7655

[Segue: Testifying on "Securing Consumers’ Credit Data in the Age of Digital Commerce" before the Subcommittee on Digital Commerce and Consumer Protection Committee on Energy and Commerce United States House of Representatives, 1 November 2017]
https://www.schneier.com/blog/archives/2017/11/me_on_the_equif.html

Rach ElFebruary 23, 2019 12:57 AM

JG4

humour for security! so easily forgotten. a story recently shared of someone avoided getting a hiding by some london thugs, because they were quick enough with their banter to make the thugs laugh, and were thus left alone. I can see Primitive Monkey Brain being useful in this regard

I like the idea of an evil maid attack thwarted by laptop somehow inducing fits of laughter when opened

Childrens author Roald Dahl was a fighter pilot in WWII. For some reason or another he was hospitalised and had high fever. In his memoir he describes feverish dreams of a secret weapon to protect fighter pilots - funny stories written on body of airplane,so brilliant the enemy laughed too hard to be able to attack

as for Mr Schneier's laptop. This is the Mr Schneier that, when writing about a controversial topic, misspells the name on purpose so he won't come up for abuse in a websearch. The same one who simply won't comment publically on his OS and setup, for security. And whose new biography photo on this website is actually a homeless man edited with photoshop

Rach ElFebruary 23, 2019 1:02 AM

I meant to say - so, it's not Mr Schneiers laptop
It was borrowed for the public display

In the french tv drama The Bureau I mentioned recently. A couple of the tech guys have an app on their phone, if someone else takes a photo of the tech guy the photo is replaced with a picture of their choosing. A middle finger held aloft for example, or a rude caption.
Triggered via bluetooth from the tech guys phone I suppose. Probably the only single non plausible moment in the whole series but interesting to consider technical means

WeatherFebruary 23, 2019 2:14 AM

Boris
Lsmod? Does wireguard have to be a kernel module ,and IP filtering is not much of a hurdle to stop pivotal fpipe nc ssh socat 1&2| .
They hardcode the private key in a conf with chmod 555 being root, if I understood that right,
Ssh also uses a key with the extra been a file, they just have a file,

VinnyGFebruary 23, 2019 7:20 AM

Yesterday I saw several reports of a study finding that various password managers sometimes left unencrypted passwords laying about in various locations in local memory. While the currently most popular managers were mentioned, Password Safe itself was not. My working assumption is that it is Windows sloppy management of data in memory (i.e. "shadow" tech) where the management app cannot purge it that is responsible for this vulnerability, and that as a consequence, Password Safe would also be vulnerable at about the same risk level. Can anyone who has "insider" knowledge of how the program is coded comment? Thanks.
Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators:
https://www.securityevaluators.com/casestudies/password-manager-hacking/

tazer2000February 23, 2019 7:57 AM

@JG4:

"Waymo Self-Driving Cars Can Now Obey Police Hand Signals Futurism."

Heard about this too. Thanks Waymo for introducing a new attack vector into the transportation sector. *rolls eyes* What happens if someone decides they want to slip on a uniform and go to a busy intersection and play traffic cop!? Im not familiar how the system works, so maybe someone more knowledgeable could comment; authentication? Protesters will love this sorta #$@$. If one thinks about this, its obvious that when self driving cars reach a certain threshold of the total volume of automobiles on the the public transport system, this recognition of hand signals for emergency purposes becomes a have-to. The evolution of technology WILL / DOES / ALWAYS parallel the decline in personal freedoms and self autonomy. This is the conversation society should be having right now...

NeilFebruary 23, 2019 10:24 AM

'...some airline security checks are a charade'

'...Mr Poole then managed to travel back from Prague to Amsterdam to Newcastle and reach home while unwittingly using Professor Vincent’s passport. Quite an achievement, considering that ground staff were supposed to check his name against the boarding pass at both Prague and Amsterdam airports – and passport officials in Amsterdam and Newcastle were required to match his appearance with the travel document he was carrying.'

tazer2000February 23, 2019 11:01 AM

"...but it is possible that it will show no evidence that Donald Trump, Sr. is directly implicated. I assumed that is the contingency about which tazer2000 was enquiring." -VinnyG

Yep. I was merely talking about collusion involving Trump w/Russia. I'd place the odds of finding collusion within the Trump administration at 100%. Just like with any administration, democratic or republican, sure as the sunrise, it'll happen. People with power wanting more will found other people with power wanting more and synergize. Nothing new here.

Thought Experiment:

Lets assume that Mueller did find strong evidence that Trump colluded or worse yet was an agent of Russia; rather knowingly or unknowingly. I do not think for a second, that the political establishment would be able to or want to contain it. The political fallout would be to much; this is the sort of thing that destroys careers. Somewhere today, I saw the report wouldnt be released next week either. Im just not seeing the corresponding things in the media or in the zeitgeist (Collective social mind), that I would expect if it were bombshell damaging to Trump personally.

tazer2000February 23, 2019 1:25 PM


Really neat algorithm that generates an image of a person
https://thispersondoesnotexist.com/

wget in a while() loop and 30 minutes, and I have hundreds of potential "agents".

Heres a hobbled together collage using ImageMagick of some of them.

https://i.postimg.cc/cCsctgkT/people.jpg

Maybe whip up a web spider tommorrow to crawl dating sites, sucking up bio's and profiles. Then do a little cut and pasting from different ones to create a totally new profile.

lol...ridiculous

IzzyFebruary 23, 2019 4:31 PM

This should be interesting. The sheer encompassing nature of the network makes me wonder how long before it’s taken advantage of, if not already. The surveillance possibilities of it are enormous.

Tata Communications’ Countrywide Internet of Things Will Manage the Chaos in India’s Booming Cities

...the network’s first command center opened in the city of Jamshedpur. In this center, JUSCO is using over 100,000 sensors to digitize 15 elements of its infrastructure, including streetlights, utilities, and parking meters, all connected to India’s first IoT network.

...a superlow-power, secure, bidirectional network specifically for massive IoT communications. It is now the world’s largest IoT network, connecting over 400 million people in India’s 44 largest cities as well as hundreds of villages along 12 national highways.

https://spectrum.ieee.org/telecom/internet/tata-communications-countrywide-internet-of-things-will-manage-the-chaos-in-indias-booming-cities

1&1~=UmmFebruary 23, 2019 7:36 PM

@:

"space camera tracks objects in real time, to prevent satellites crashing, labelled a 'game changer' by RAAF"

I can guess how it works, not to different from the old idea of a "stereo blinker box" to detect asteroids and similar, but with a computer to replace the human. Such a system but to detect supernovas etc was described by Arthur C Clark in one of his stories about a war taking place on the moon.

Oh one thing, that second picture of the Prof standing in front of the shipping container. For some reason it reminded me of "Number 5 is alive" ;-)

tazer2000February 23, 2019 8:39 PM

TODO list for tommorrow:

Identify social media users who fit a specific psychological profile that shows they are vulnerable to tribal politics. Arrange to have them meet in a designated area in a large metropolitan area for a protest/civic action event. Exploit their insecurities and desire to belong to a group.

Next, identify a second group of social media users from the same general area, whose ideological views oppose the first group. Arrange to have them meet in another area directly across the street from the first group.

For added efficiency, go ahead and find a couple street vendors in the same area, and provide them with merchandise (MAGA hats, BLM t-shirts) and a cut of the sales, to post up in the same area selling wares, thus inciting while at the same time turning a buck to fund further operations.

Make sure to maximize media coverage of course, by appealing to the innate biases of any local reporters (Discovered by online psychological profiling).

Offer local hooligan $2500 in $crypto$ to take a shot at ANYONE in either group at just the right time.

*BOOM*

Order one of those nifty meal kits from amazon...Que up a nice classical playlist to listen to...Kick back...watch it all burn

/sarcasm

tazer2000February 23, 2019 9:05 PM

Seriously...I want to know how your gonna defend against threats just like the one I mentioned? Come on...how?.

Rach ElFebruary 24, 2019 1:20 AM

1&1~=Umm

sorry for the cryptic post directed to you,it was immediately found to be in error but of course I could not delete it.


You posted this compleatly last week

Also getting rid of Android,

https://kevq.uk/why-im-ditching-android/

it's good that people are thinking about these things - and getting rid of google a a lifestyle choice, for example. As a rule I use the words 'do an internet search..' in conversation rather than 'do a giggle..' (nod to 65535)

the 'bottom line' is that it's personal choice. There will always be a compromise. Not owning a smart phone is also a compromise. I hate apple with a passion mostly because the exploitation is so overt, so it's a lot to do with ethics for me

i percieve the multiple issues with Android. Yet Android is superior to apple for a few reasons. Furthermore, Androids are not created equally.

the non 'go familyblog yourself' price point is one. Android is accesible to everyone and can be quickly replaced in a crisis.

the non 'go familyblog yourself' forced obsolesence is another.

the non 'go familyblog yourself' walled garden - even amongst apples own hardware range!!? - is another.

my compromise is presently somewhere around owning android and rarely using it for online browsing, and if so never anything sensitive - with the awareness that the web is 'public domain' . it's in airplane mode 90% of the time.


1&1~=UmmFebruary 24, 2019 3:41 AM

@David Walsh:

Sorry in my above @7:36 I forgot to put your name in.

Oh with regards,

"some guy launched a car up there"

Ever heard of 'technology type testing'?

Those who make vehicles for space need components such as batteries. But they are ultra conservative in nature, no matter how many tests you carry out on earth they will just nod but not use them.

However have a bunch of batteries working away in space for ten years or so then they will actually consider that battery type for use in their vehicle. But... By then you probably can not buy them as they are nolonger made (a problem that has happened many times).

But if you are the battery manufacturer looking to a future market ;-)

Maybe that incorrect orbit injection might have been 'not' accidental who knows it's certainly an odd orbit, it's just passed one of it's first milestones,

'Far point from Earth, on Feb. 21, 2019, at a distance of 2.446 AU.'

According to,

https://www.whereisroadster.com

Oh and have a look at the size of the base line for a 'speed camera' on earth to see it doing around 300m/s which is quite close to the speed of sound at sea level on Earth so not 'astronomically fast'.

But it's probably 'well thrashed' by now after a year in space without the protection of an atmosphere or magnetosphere the organics are going to have had their molecules shot through. Oh and don't forget those micro meteorites, they make an industrial grade sand blaster look like the dewey drops of a light summer shower,

https://www.livescience.com/64696-starman-tesla-celebrates-year-in-space.html

Oh and the 'round trip' will be over in around 174days, but Starman will find the Earth has moved on. So maybe Venus will be a little more friendly.

The real issue though is that the Tessler and Starman have way to little mass to maintain a sufficiently stable orbit to predict where it realy is. All we can say is it's unlikely to hit Earth or one of those expensive satellites currently up there in our life times.


P.S. I've run out of puns etc for this, but I've probably missed a few.

1&1~=UmmFebruary 24, 2019 4:10 AM

@Rach El:

"It's good that people are thinking about these things - and getting rid of google a a lifestyle choice, for example."

Yes it is a 'lifestyle choice' kind of the 'Keep out the swamp kids, it's full of ticks, leaches and other blood suckers' type of lifestyle choice.

The simple 'political' solution is of course to 'drain the swamp' but it's then that the crocodiles appear, and they tend to make the minds of those supposadly draining the swap wander, 'And the job just don't get done'.

One a more personal level if one has the resources an other lifestyle choice is 'To move away from the swamp'.

We hear from time to time about 'Android alternatives' in the form of ROMs or buying certain types of mobile phone that do not have 'nasties inside' by either the mobile phone manufacturer or Google etc.

The reality is there is actually little or no real usable choice. Somebody made a list that they recently updated,

https://itsfoss.com/open-source-alternatives-android/

Put simply of the seven choices presented only one looks feasable, and whilst it supposadly works on nearly two hundred different phones, the definition of 'works' is a little loose. That is whilst the core functionality works other things like fingerprint readers, accelerometers etc may well not. Oh and those mobiles that have even that level of support are shall we say getting rather long in the tooth.

65535February 24, 2019 6:49 AM

@ Rach El

'do a giggle..' (nod to 65535)

Yes, it is sort of funny :-)

“Androids…'go familyblog yourself' price point is one. Android is accesible to everyone and can be quickly replaced in a crisis.”

That is true. Even if you sit one one and break it just get another.

Just keep them in a RF pouch …or heavy metal pot... boil it when its battery dies and get a new one. just kidding.

vas pupFebruary 24, 2019 1:56 PM

Evidence-based recommendations aimed at reducing Illinois gun violence

https://www.sciencedaily.com/releases/2019/02/190221130245.htm

"Ilinois could reduce the number of people killed each year by gun violence by implementing ten policies supported by available research, according to a new report authored by researchers at the Johns Hopkins Center for Gun Policy and Research. The center is based at the Johns Hopkins Bloomberg School of Public Health."


That part addressing root causes of violance regardless of tool (aka gun)caught my attention:

"providing funding to support community programs such as focused deterrence, outreach and conflict mediation involving high-risk individuals."

@all: just some clarification on difference between Fascists (originated in Italy) and Nazis (originated in Germany). Former appreciated merits regardless of demographics (some Jews were high ranking members of their party up to 1938 -as best of my memory -when Adolf push Benito to accept German version of selection of people).
Latter from the very beginning appreciate DEMOGRAPHICS first up to psychical extermination of particular unwanted by their standards people regardless of their merits to the Germany. E.g. Nazi killed many Jews - veterans and heroes of WW1 who fought for Germany in tranches. Nazis forced prominent physicist out of the country based on their demographics only rather than utilizing their skills and knowledge.
For me Nazis are all those who put demographics (race, nationality, gender, etc.)first, and merits second when treating people. History shows the results of such practice vividly, and more than ones I recommended for all respected bloggers movie "Idiocracy' which shows final point of such practice.
As usually, all logical arguments in accordance with blog policy highly appreciated. Emotions and personal attacks are not, and should be left for street protest.

Bruce SchneierFebruary 24, 2019 2:44 PM

I just unpublished a bunch of comments about the Mueller investigation and a few about Woodie Guthrie. Yes, the quote on my laptop is his. And yes, it's a Dell laptop. And to answer the next question: yes, it runs Windows.

Rach ElFebruary 24, 2019 3:31 PM

vas pup

I read that Nazi as a term was also a wonderful parody for the Allies, having deregotary meaning. Perhaps Tautauta can assist here.
I have only encountered this once, in a historical facts book.
An equivalent is like a group of rednecks forming a society called the
Redemption Night Excellent Cold Knight Society. The acronym of which becomes REDNECK

vas pupFebruary 24, 2019 3:34 PM

https://www.sciencedaily.com/releases/2019/02/190222125228.htm

"Individuals often have different cognitive abilities," Baggio says. "For example, individuals with high general intelligence will be more able to discern patterns and dynamics of resources, and individuals with high social intelligence communicate more effectively and understand the mental state of others."

"In theory, people with higher levels of social intelligence are more effective in reducing conflict among group members and in getting people to work toward common goals," Coyle says. "Such 'people' skills are important for managing shared resources."


[!!!]"It suggests that our education systems should focus on cultivating both general and social intelligence to better equip groups to deal with complex, social-ecological challenges,"


"General intelligence was represented by ACT and SAT scores provided by the universities. =>Social intelligence was measured using a short story test that estimated the ability of individuals to infer others' intentions and feelings. The test is often used to predict social communication disorders, communication errors and the ability to infer the mental states of others."

My take: looks like that is important research for creating effective teams for any task other than research addressed directly.
Yeah, you may have good scientist, but not good teacher of science, i.e. to generate good ideas and communicate them in good way not the same. Social intelligence could be measured, so objective comparison on this quality is available as well.

vas pupFebruary 24, 2019 3:59 PM

Could hackers 'brainjack' your memories in future?

https://www.bbc.com/news/business-47277340

"In 20 years' time, the technology may evolve enough to allow us to capture the signals that build our memories, boost them, and return them to the brain.

By the middle of the century, we may have even more extensive control, with the ability to manipulate memories.
'Brainjacking'

But the consequences of control falling into the wrong hands could be "very grave", says Mr Pycroft.

Imagine a hacker has broken into the neurostimulator of a patient with Parkinson's disease and is tampering with the settings. They could influence his or her thoughts and behaviour, or even cause temporary paralysis.

A hacker could also threaten to erase or overwrite someone's memories if money is not paid to them - perhaps via the dark web.
If scientists successfully decode the neural signals of our memories, then the scenarios are infinite. Think of the valuable intelligence foreign hackers could collect by breaking into the servers of the Washington DC veterans' hospital, for example.

[!!!]In a 2012 experiment, researchers from the University of Oxford and University of California, Berkeley managed to figure out information such as bank cards and PIN numbers just by observing the brainwaves of people wearing a popular gaming headset.

Controlling your past

"Brainjacking and malicious memory alteration pose a variety of challenges to security - some quite novel or unique," says Dmitry Galov, a researcher at the cyber-security company Kaspersky Lab.

Kaspersky and University of Oxford researchers have collaborated on a project to map the potential threats and means of attack concerning these emerging technologies.

"Even at today's level of development - which is more advanced than many people realise - there is a clear tension between patient safety and patient security," says their report, The Memory Market: Preparing for a future where cyberthreats target your past.

It is not impossible to imagine future authoritarian governments trying to rewrite history by interfering with people's memories, and even uploading new memories, the report says.

Unauthorised access

Hacking into connected medical devices is not a new threat. In 2017, US authorities recalled 465,000 pacemakers after considering them vulnerable to cyber-security attacks.

The Food and Drug Administration (FDA) said ill-intentioned people could tamper with the devices, changing the pace of someone's heartbeat or draining the batteries, with the risk of death in either scenario.

Humans represent "one of the greatest vulnerabilities" because we can't ask doctors to become cyber-security experts, and "any system is only as secure as its weakest part".

Mr Pycroft says that in the future, brain implants will be more complex and more widely used to treat a broader range of conditions.

But he gives a stark warning.

"The confluence of these factors is likely to make it easier and more attractive for attackers to try to interfere with people's implants," he says.

"If we don't develop solutions for that first generation of implants, then the second and third generations will still be insecure - but the implants will be so much more powerful that the attackers will have the advantage."

Should medical devices/implants pass kind of UL test on vulnerabilities as part of FDA approval process?


TatütataFebruary 24, 2019 4:07 PM

Vice Motherboard just published on 21 February a scathing article about the Swiss online voting system currently being developed by the national post office together with a contractor from Barcelona. A public penetration test is due to begin next week, and researchers were able to inspect the code after registering and signing a fairly lousy NDA deemed incompatible with the tenets of open-source development. Of course, the poorly documented 275 KLOC blob was promptly leaked, and judged to be a convoluted mess.

Experts Find Serious Problems With Switzerland's Online Voting System Before Public Penetration Test Even Begins

The Heise.de article where I initially read about this seems to be derived from the Motherboard article, but completes the picture with references to Swiss media.

Rach ElFebruary 24, 2019 4:35 PM

For completeness but relocated from the reverse search warrants thread. It may be helpful to you one day. As a wildfire fighter we watched a reenactment of some famous US wildfire fighters from decades previous. One was on foot confronted by a fire front. He used a box of matches to burn out an area of grass he could use to seek refuge in,thus surviving the ordeal. I can't vouch for its effectiveness.
( Fire also burns faster uphill. For avoiding a firefront on foot head downhill. )

Alyer Babtu February 24, 2019 4:47 PM

@vas_pup

merits second

Understanding of social health and ills can’t begin until the standard of “merit” has been clarified. That’s the problem with meritocracy - who decides what is of merit? On what basis ? Meritocracies involve an arbitrary starting point and immediately tend to totalitarianism. Nazism was a meritocracy, so is Communism, so is democraticism pushed to extremes, so is progressivism, so is scientism. These are all utopian recipes for disaster. One has rather to begin with what is given by nature and historical rights and work case by case to correct insufficiencies and evils. This kind of realist questioning and no signing on the dotted line is the only way to security.

1&1~=UmmFebruary 24, 2019 5:08 PM

@Rach El:

"Fire also burns faster uphill. For avoiding a firefront on foot head downhill."

Hence firestorms on hill tops and up the top of valleys. The rising heat not only draws in clear air behind it, it also drys out and heats the fuel by radiant heat going out sideways as well as upwards. Thus any fuel even marginally above the current fire front is going to ignite a lot sooner than that below it, which might be, not just cooled but moistened by the incoming clear air.

I was once told when quite young when staying on a farm, that with grass and crop stubble fires to 'run with your face into the clear air' it kind of shocked me at the time, as that is often the direction the fire is coming from. However there is a logic behind it and the fire front on grass and stubble fires is usually just a couple of paces deep. Apparently running through the fire is something that hares do as well, unlike most creatures.

Thankfully it's not something I've ever had to put to the test.

gordoFebruary 24, 2019 11:37 PM

@ Alyer Babtu,

Parasitic symbiotic digital gangsters, or perhaps colonialist digital gangsters

Given the global reach of these companies, literally into the pockets of billions of people across the planet who have, in so many ways, been hoodwinked by these companies, 'parasitic symbiotic colonialist digital gangsters' is not off the mark.

Understanding that the "move fast and break things" meme, adopted by much of silicon valley and its ilk, extends beyond the mere breaking of websites to the breaking of societal norms and institutions globally is now common.

As so, it's fitting that the 'digital gangsters' characterization is found in the UK Parliament's "Disinformation and 'fake news': Final Report" section '3 Data use and data targeting', that is to say:

Facebook’s business model and further challenges for regulators


[. . .]

139. The Competitions and Market Authority (CMA) should conduct a comprehensive audit of the operation of the advertising market on social media. The Committee made this recommendation its interim report, and we are pleased that it has also been supported in the independent Cairncross Report commissioned by the government and published in February 2019. Given the contents of the Six4Three documents that we have published, it should also investigate whether Facebook specifically has been involved in any anti-competitive practices and conduct a review of Facebook’s business practices towards other developers, to decide whether Facebook is unfairly using its dominant market position in social media to decide which businesses should succeed or fail. We hope that the Government will include these considerations when it reviews the UK’s competition powers in April 2019, as stated in the Government response to our Interim Report. Companies like Facebook should not be allowed to behave like ‘digital gangsters’ in the online world, considering themselves to be ahead of and beyond the law.

https://publications.parliament.uk/pa/cm201719/cmselect/cmcumeds/1791/179106.htm#_idTextAnchor032

1&1~=UmmFebruary 25, 2019 1:56 AM

@Alyer Babtu @vas_pup:

"Meritocracies involve an arbitrary starting point and immediately tend to totalitarianism."

It's generally not the organisational 'ideals' that are the cause of the totalitarianism, because they quickly become secondary to the organisational 'structure'.

Organisational structure is more often than not hierarchical in nature with power focused towards the few at the top. Which is where you aim if you wish to corrupt it either as an insider or outsider to the organisation.

The natural result of more basic human nature is to favour those like you or who can assist you in your activities. Thus in a hierarchy favouritism, cronyism, patronage and paternalism all arise quite easily as a result 'of the human condition'. These provide a fairly easy path to corrupting the organisation irrespective of it's ideals. Hence the old reasoning of 'Power corrupts, absolute power corrupts absolutly'.

But it's not just social or organisational hierarchies that are bad this way, technical hierarchies such as control and trust systems also fail to being corrupted at the top of the structure.

We see this over and over with for instance Public Key Certificate Authorities, code signing systems and access control systems. Even unfortunately in the automated 'safety systems' in some of the newer vehicles you drive with engine managment, entertainment and braking systems all sharing a communications system that in some cases connects to the Internet. It would appear that hierarchies are built into our thinking processes as a way to manage complexity.

The problem is the minute any 'Master/Dominance' structure is put in place it becomes automatically the focus of corruption attempts.

Even when there is full true democracy almost the first thing that happens is that it becomes 'representational' in some way which is a 'Dominance' structute. From an attackers point of view why corrupt the majority when you can more easily corrupt the representative.

In essence this is what faux news was about and what Cambridge Analytica were doing. They were corrupting Facebook by the simple process of giving them money and Facebook chose not to look. We see similar with the MSM where 'advertisers' can buy off unfavourable criticism and even competition, as Google used to do in the UK.

The problems with 'representation' giving rise to 'Dominance' and the hierarchical structures they form that are easily susceptibility to corruption have been long known.

The issue is the majorities 'problem' is seen as an 'opportunity for advancment' by the few, which unsuprisingly is why they almost always encourage such systems. These few who see themselves as 'First amoungst Equals' or what ever other choice of language they use to support their view that they are 'exceptional' thus 'entitled' are the ones who are the 'rotten apples' in the system.

One of the original aims of Phil Zimmerman's 'PGP' was to replace a highly corruptable hierarchical system, the equivalent of which we now have with CAs, with a 'web of trust' which was in effect a 'reputational' system.

The problem with 'reputational' systems is they do not scale, anthropologists tend to put the cap on such systems group sizes to between fifty and a hundred and fifty entities[1]. As was seen with PGP Key Signing Parties, to get further range it fell back onto the hierarchical trust method of 'identity documents', which in effect made them an inefficient equivalent of a Pub Key CA.

Thus to avoid totalitarianism, we first have to avoid having 'dominance' structures that give rise to corruptable hierarchical structures. So far we have not found any that scale up without having some kind of dominance thus hierarchical structure under pinning them in some way (such as ID documents).

[1] An analysis using tree structures would tend to suggest that the real limit of equivalent trust is only two or three 'recommendation' steps or links. After that the assumptions flip from 'recommendation' links to 'distrust' broadcasts, along the old reasoning of 'bad news travels fast'. The problem is 'distrust' broadcasts work on weak trust links, thus only go a limited distance and only for a limited time unless refreshed. Which gives opportunities to those who want to exploit the reputational system.

JG4February 26, 2019 6:35 AM


Unpublishing off-topic comments definitely is a best practice, but I never seem to be able to pick up the nuance of what is over the line and what isn't.

https://www.nakedcapitalism.com/2019/02/links-2-26-19.html
...
Big Brother is Watching You Watch

People Are Concerned About Their Privacy in Theory, Not Practice, Says New Study Fortune. Not news.

Chinese police test gait-recognition technology from AI start-up Watrix that identifies people based on how they walk South China Morning Post

New Flaws In 4G, 5G Allow Attackers To Intercept Calls and Track Phone Locations Techcrunch

Are you being scanned? How facial recognition technology follows you, even as you shop Guardian

Researchers Break Digital Signatures For Most Desktop PDF Viewers ZDNet
...

Who?February 26, 2019 9:24 AM

@ Confused, Bruce

May I ask what is wrong with Dell computers?

Is it just because DEITYBOUNCE firmware implant on Dell PowerEdge servers? IRATEMONK firmware implant on HDDs? Indeed, Dell has been targeted but it is not the only manufacturer.

I do not think Dell is more vulnerable than other manufacturers. Right now our worse hardware nightmares are Meltdown and Spectre style attacks, Rowhammer and, of course, anything related to Intel ME/AMT, secure enclave, ARM trustzone... nothing that we can avoid switching to other manufacturers really.

I do not consider software (OS and software packages) Dell-specific.

Is hardware compromised? Sure, but I do not think we can blame Dell.

1&1~=UmmFebruary 26, 2019 12:49 PM

@Who?:

"Is hardware compromised? Sure, but I do not think we can blame Dell."

The problem is that Dell is seen by many attackers,as Business&Gov 'mainstay' not consumer computers, thus worth developing exploits for more than other brands, simply because of who uses them.

Thus it's probable Bruce's computer is not a personal choice but a small part of a corporate deal via his 'employers'.

As you say Dell are not realy any worse or better than other brands in most respects they are 'vanilla'. Mind you if it's Win10 it could well be different because of the way Microsoft do things re business/consumer.

Sancho_PFebruary 26, 2019 3:56 PM

Btw., what about @Clive Robinson?

Upgrading medical implants?
Still busy to set up email?
In conference with our host?
Trapped in / between Castle-v-Prison?

vas pupFebruary 26, 2019 3:56 PM

@Alyer Babtu • February 24, 2019 4:47 PM;
"Understanding of social health and ills can’t begin until the standard of “merit” has been clarified. That’s the problem with meritocracy - who decides what is of merit? On what basis ?"

Your questions are very reasonable. I could only provide my personal opinion/vision not pretending that is absolute truth.

(1)Merit is what is based on your own talents, efforts and achievements, and you should be rewarded for that.
You could not be rewarded or punished based on factors out of your control: race, nationality, gender,social status and/or wealth/connections of your parents.

When in Declaration of Independence there is statement 'God create all man equal', that is only applied to be equal for LAW. I feudal Europe (e.g.) there were separate laws for land lords, clergy, peasants, etc.
In biological sense each person is unique based of set of genes obtained from biological parents. That is why all idealistic ideas that you put all of them at the same equal environment and you will create level field is just illusion. But, as I recall some great scientist told genes is just 1% and other 99% is personal efforts to utilize them by hard work.
Do you see some black kids born in very unfavorable areas of poverty and crimes by their efforts become celebrities in sports, music, show business, movies?
That means just to be tall (genes) not enough to become good basketball player. You need hard work/training. On the other hand, being short (genes) to particular level could not be overcome by training to become good basketball player. You got what I mean. Same applied to some degree to math, science, chess and so on.

(2)Who decides? Those who have objective tools to decide on measurable metrics (quality and quantity). Sports is very good as example.
E.g. quantity - tennis, basketball, field athletics.
Quality - figure skating decided by set of independent judges/experts, but then still formalized in scores.

Whenever you substitute any measurable criteria by so called BS-type holistic approach, you will open wide gates for abuse/misuse of the system willful or otherwise.

In one of NY orchestra there were complains that musicians were selected for orchestra based on their demographics, not merits.
To stop such allegations, it was decided to provide audition of prospective members of the orchestra BEHIND the curtains, so evaluation of performance and decision on accepting musician as orchestra member was made purely on MERITS, not taking into consideration any irrelevant factors.

Definitely, such option is not always available, but that is the goal. Otherwise, you will have absolutely legitimate complain of prospective students of Asian decent regarding Harvard admission practice were merits were neither clearly specified nor uniformly applied regardless of applicant decent.

Rach ElFebruary 26, 2019 6:49 PM

Sancho P


At war time the BBS broadcasts would report a phrase after the news
'and now some messages for our friends'

ThothFebruary 26, 2019 10:40 PM

@Rach El et. al.

Re: Ditching Android

If you are going to ditch Android because it is invasive to privacy, might as well ditch iPhone too as they are a huge black box with who knows what running in it.

If you want a Linux based phone, go for Librem 5 by Purism linked below.

I have pointed out that Librem 5 uses ARM based NXP's i.MX chipset which comes with ARM TZ enclaves. It is a lesser offender than outright Android or iPhone if you ask me. At least you know that if someone decidea to use enclave level backdoors to get at you, it would typically be state level actors and most people are only concerned with ads and data collection and not worried about state level backdooring for the 90% people out there so if you want to be abit more thorough about the effort of removing privacy intruding systems instead of state level surveillance, Purism's Librem 5 would be a pretty good bet.

Link: https://puri.sm/products/librem-5/

ThothFebruary 26, 2019 11:21 PM

@Clive Robinson

More PUF nonsense claiming Snake Oil level security. This time it is coming from universities .... wait, isnt most PUF scheme nonsense mostly originating from universities anyway ?

It seems that schools and institutions for "learning" are promoting more nonsense Snake Oil than ever just to cash in the bucks especially for patents.

Schools are now run more like businesses.

That article isnt even unclonable to begin with. Just swap out the QR code tags and there goes the security too.

Link: https://www.science.ku.dk/english/press/news/2019/new-weapon-to-combat-counterfeit-goods-use-your-smartphone-to-check-for-fake-merchandise/

bttbFebruary 27, 2019 9:04 AM

On now, from https://www.pbs.org/newshour/politics/watch-live-michael-cohen-testifies-before-congress :

"WATCH LIVE: Michael Cohen testifies before Congress

WASHINGTON — The White House is seeking to discredit President Donald Trump’s former personal lawyer as he makes a series of appearances on Capitol Hill.

Michael Cohen is scheduled to testify before the House Oversight Committee at 10 a.m. ET on Wednesday. Watch his remarks in the player above.

White House spokeswoman Sarah Sanders issued a statement Tuesday, saying Michael Cohen was “going to prison for lying to Congress and making other false statements.”

Sanders says it’s “laughable that anyone would take a convicted liar like Cohen at his word, and pathetic to see him given yet another opportunity to spread his lies.”"

Perhaps available on other TV or radio stations near you, too.

JG4February 27, 2019 8:55 PM


file under side channel leakage

Machines whisper our secrets
https://www.sciencedaily.com/releases/2019/02/190225100721.htm
Spies can learn what a machine is making from the sounds it makes

https://www.nakedcapitalism.com/2019/02/links-2-27-19.html

...

How the UAE is Poaching Our Intelligence Operatives, Legally American Conservative (resilc)

Big Brother is Watching You Watch

Tech industry titans suddenly love internet privacy rules. Wanna know why? We’ll tell you The Register (Chuck L)

The Senate Commerce Committee is demanding answers from Google CEO Sundar Pichai about the company’s failure to disclose a microphone inside Nest home security devices Business Insider (David L)
...

AFR✔@RealBankReform
.@RepAOC explains how credit bureaus profit off of consumer data:
"So consumers own their data, but credit bureaus collect their data without their consent?"
Equifax CEO: Yes
13.3K likes | 2:12 PM - Feb 26, 2019
https://twitter.com/RealBankReform/status/1100473718344728582
4,109 people are talking about this
...

Alyer Babtu February 28, 2019 1:52 PM

@1&1~=Umm @vas_pup

Thanks for your thoughtful comments.

Regarding the “strong leader”, it seems that person uses the ideology of the meritocracy to progress in and solidify power. But such positions are unstable since the leader is always vulnerable to the charge of being “impure”. A moment of silence for poor old Robespierre.

Regarding talents, skills etc., the term merit if applied here is really pointing at certain natural intrinsic goods, or virtues (strengths) as it used to be termed. They have their place in independence any soclal system merit value attached to them. Why should tests and exams have any more to do with places in university than any other factors? In the old old days, universities or more generally environments of higher learning didn’t require tests. Modern merit based systems tend to reduce intellectual freedom. This happens even in the so-called STEM areas. E.g. Grigory Perelman received a mark and prize of merit, the Fields Medal. He refused to participate in the award and was put in bad odor by much of the mathematics community.

A final remark, politics seems to be important to good software development in that they both deal with finding a fruitful balance between competing demands and constraints. So we may need to develop a healthy political understanding to work well in computing. I find Aristotle valuable.

Sherman JerroldFebruary 28, 2019 5:08 PM

My cousin was researching washing machines. He even called GE and they confirmed that their washers GTW755 GTW750 GTW685 GTW680 and others are amazon alexa and google asssistant 'enabled' and the iOT wireless access to the washer CANNOT BE DISABLED. I'm just waiting for news of someone whose neighbor's alexa runs a bunch of full load hot water cycles on their machine. Many of the more 'advanced' models of all the major brands apparently have this vulnerability. (talk about being taken to the cleaners! silly pun intended)

Rach ElFebruary 28, 2019 10:30 PM

reading the 'reducing digital footprint in China' article. When the situation is that overt and concentrated, what of
using smoke and mirrors, detours, red herrings - using up resources, complicated mazes to conceal what turns out to be a celebrity article or video game. using a second phone, leaving it in hotel room on autopilot, have it running bucketloads of white noise

i recall reading about Philby. He was under surveillance in Russia. He was using
complex counter-surveillance measures. Eventually, turned out he was visiting a lover. 'oh, thats why the complex counter-surveillance routine'.
Surveillance was dropped.
The lover was the intentional smokescreen or decoy - his chess game was several moves ahead.
Miles Copeland, co founder of CIA said he was the absolute master of tradecraft

JG4March 1, 2019 5:04 AM


"Crime cartels harbor culture of revenge against those who hurt their business models."

https://www.nakedcapitalism.com/2019/02/links-2-28-19.html
...

Pentagon harbors culture of revenge against whistleblowers Roll Call

Big Brother Is Watching You Watch

Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked TechCrunch. “The data, since secured, is the financial giant’s Watchlist database, which companies use as part of their risk and compliance efforts.” Whoops.

Limiting Your Digital Footprints in a Surveillance State NYT

Police State Watch

Farm Aid for the Big House Vera
...

1&1~=UmmMarch 1, 2019 7:26 AM

@Rach El @Thoth:

You might both find this interesting (just ignore the cheese intro from the guy in the hat). It's from Phil Khan KA9Q and it's about using IP-Multicasting and RTP to "broadcast" from a Software Defined Radio (SDR) receiver across a network.

https://m.youtube.com/watch?v=D1LYLDGknOY

Think one layer down that is the SDR is just a 'data source' and a few interesting possabilities will come to mind.

One of which could be to replace Tor systems with Multicast pipes from node to node to limit Traffic Analaysis.

Rach ElMarch 1, 2019 2:43 PM

1&1~=Umm

I happen to very interesting in SDR and have already made headway thanks to commentators on this blog. How prescient of you, look forward to viewing

Rach ElMarch 1, 2019 2:49 PM

Thoth

Thanks for reminder about the Librem 5. With a grain of salt, looks less insecure.
To your point, indeed state level actors on the offense are not the threat model for the majority. It does make security a bit harder for the greener of us when they are mixed up with the totality of threats - absolutism.

There was a commentator here I really enjoyed reading who nonetheless was quite absoulutist in their views on the technical implementation of security.
it was helpful for the green me on one hand to see the size of the monster, but also slowed me down a bit in my progress as I kept saying no when I could have said yes. One needs to include the colour spectrum in perception.

I know our esteemed host doesn't review products but no doubt their will be owners of the Librem 5 here able to comment. Will be great to see what sort of splash it makes in the market and subsequent adoption rates. With love, Rachel

Rach ElMarch 1, 2019 2:54 PM

Thoth

I meant to add, further to your comment about state level targeted threats.
It's just insane the idea of keeping something so secret on your phone there would be a need to rely on complex security claims by the provider.
Perhaps Apple could begin a new series of advertising. 'Don't do stupid things with your phone so we don't have to save you'

Alyer Babtu March 2, 2019 11:59 AM

@Rach El

'Blockchain Phone'

In the “screwball” comedies of the late ‘30s ‘40s etc. there were typically prominent scenes involving phones (a kind of equivalent of lots of opening and closing doors in French farces). There is vast opportunity for some genius writer/director to revive the genre using mobile phones and in particular “blockchain phones”.

1&1~=UmmMarch 2, 2019 3:24 PM

@Alyer Babtu @Rach El:

"In the “screwball” comedies of the late ‘30s ‘40s etc. there were typically prominent scenes involving phones (a kind of equivalent of lots of opening and closing doors in French farces)."

You missed out the 'Yuck factor' or 'TMI Moments' of the earlier silent movies, where cinematographers used 'toilet humour' around phones. By getting cheap laughs out of 'Joe Rube' type charecters portrayed as 'fresh up from the country' who have come into town and mistake public phone boths as public toilets, and go through the motions as it were...

Yup even I find it quite distasteful. But not for the yuck factor as such. As history shows 'cheap laughs' have always been a furtile ground for bigotry of a whole manner of types. It's usually where those laughing find it funny because it reaffirms their feelings of superiority over the type of person being portrayed...

JeffMarch 4, 2019 3:02 AM

@1&1~=Umm

What you said makes sense, but I think you are missing a key point of meritocracy by assuming a benevolence of the system architect. You said these systems are vulnerable to be 'exploited' by those who wish to exploit, which is logical but left out the possibility of an 'exploit' as designed by the system architect.

The hierarchy is logically of a master/dominance stereotype, but those at the top are not certainly a system's architect. Some refer to an alternative system where those at the top are certain front men who take the 'fall' while the system architect knows what strings to pull. This is of a more sustainable meritocracy system, IMHO.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.