David Walsh March 8, 2019 4:51 PM

Greetings from the land of the Lotus Eaters

couple of good security stories in the ungood news

Google delivery drones trial in the capital, threatened by residents opposing them – including threatening to shoo them down.
NB: the capital is compared with Milton-Keynes in England, if that means anything.
Also – almost nobody has guns in Australia. Certainly not in a sprawling suburb like this one. People are UPSET.

Quantum computing breakthrough in the University of Sydney

MarkH March 9, 2019 3:24 AM

NY Times article on the identification of strangers encountered in public spaces.

The author is a law professor who has assigned her students the exercise of attempting such identification, with the constraint that the students not spy or eavesdrop, but rather note speech and appearance readily observable by anyone near the subject.

The purpose of the exercise isn’t to explore the questions of feasibility or techniques, but rather to convey to the law students how easy it can be.

Regular readers of this blog probably won’t be surprised by the students’ success … and also will know the risks of “security by obscurity.”

The author proposes the interesting concept of privacy by obscurity: people tend to suppose that busy, noisy public spaces provide more anonymity and masking than is the true case.

As often happens in security problems, a core failing is the normal tendency toward large systematic errors in personal estimation. [By way of a more concrete example, motorists driving by their headlamps in darkness show a strong tendency to estimate the range at which they can see obstacles to be much greater than is shown by objective testing.]

rem5/2 March 9, 2019 9:00 AM

Bruce @RSA
Bruce states…there was no way Uncle Sam was going to risk upsetting homegrown data-slurping cash-cows like Facebook with any meaningful regulation or safeguards on the sharing of personal information. Europe, meanwhile, was leading the march on data harvesters, he said.
“The EU is the regulatory superpower on the planet,” Schneier told The Register. “We won’t be regulating surveillance capitalism in the US, it’s too profitable. If you want that done, then look to the EU.”

Trump’s Big Tech Bluster
Trump’s tweets criticize Facebook and Google, but his Antitrust Division of the Justice Department is strengthening Amazon, Facebook and Google monopoly control over Americans. Say goodbye democracy and individual freedoms.

The Trump administration’s chief antitrust enforcer is Silicon Valley’s champion. On top of granting tech platforms huge windfalls in his tax reform law, Mr. Trump appointed a friend of big tech, Makan Delrahim, to lead the Antitrust Division of the Department of Justice. Mr. Delrahim has consistently promoted the interests of the biggest tech companies. In court, the department has supported legal interpretations that would make Amazon, Google, Facebook and other dominant firms (even) more powerful.

Behind the scenes Google runs many federal, state and local government websites and systems. This enables Google to dragnet highly personal data across the Internet. Larger corporations have largely cut-off Google (recent example Walmart) as they will monetize customer data themselves. Smaller (click-bait) business are still highly dependent upon Google who surreptitiously makes the customer the product.

All Smiles @BigDataHome
A current example of government and industry gleefully weaponizing intrusive big-data to rule to over and oppress societies:
Photo Mohammed bin Salman (center), the crown prince of Saudi Arabia, with Google CEO Sundar Pichai (left) and co-founder Sergey Brin (right)

This new Trump/Saudi/Google Do-Evil partnership makes Silicon Valley legislation reform impossible. At least until the 2020 elections. In the mean-time (as Bruce fears) expect a sneaky assault against the CA data protection law.
Note: Big-Pharma just won too with the sudden FDA commissioner resignation.

News Corp CEO Robert Thomson Speech

Big Digital: After the Awakening, the Reckoning
At last we are discussing more seriously the fine lines between engagement and addiction, between repurposing and piracy and pillage, between belonging and bullying, between identity and insecurity, all of which are magnified digitally.
There is generally an understanding in business that connections lead to partnerships lead to relationships with responsibilities — and that’s the implied social contract, but digital relationships very quickly descended into abusive relationships.

David Webb March 9, 2019 12:15 PM

Just got back from the International Wireless Communications Expo in Las Vegas. A keynote was about how good AWS Gov was. She talked about a tool they use to “prove” security attributes. It is Zelkova. Searching the site here turned up no mentions of it. She did not go into how they prove the tool correct. There is some info on it at Amazon’s Provable Security page. Anyone heard of it before or know its background?

justinacolmena March 9, 2019 1:34 PM

RC Collect is a malicious debt collection app developed in Renton, Washington, probably in association with Microsoft corporate headquarters and city hall in Redmond, Washington as well.

A small-town bail bonds enforcement parking app, if you will.

The worst of the malicious part seems to be the collection of real-time GIS location information for the organized and “mobbed” use of physical force and violence to collect an alleged debt outside the law and without a court order.

A related app is 7me

The ostensible purpose of this Portuguese-language app, probably developed in São Paulo, Brazil, is to collect tithes for the Seventh Day Adventist Church.

The deceptive and unwanted installation of these apps by devious means, as well as the strong-arm grab for money, are red flags that warrant an aggressive defense. We have to fight back, and fight for our lives, to win the malicious app war.

JG4 March 9, 2019 5:19 PM

@bttb – I hope that I’ve mentioned the Bojinka Plot. It wasn’t a movie and if she wasn’t briefed on it, a lot of people should be burned at the stake. If she was briefed on it, she should be burned at the stake. After a fair and speedy trial and a finding that it would be neither cruel nor unusual for treason. There was a fantastic video clip on Youtube more or less proving that she was lying. It recounted the fact that in the weeks ahead of 9/11, she, Bush and others slept on boats in Europe to avoid being in buildings attacked with aircraft. I even saw a clip of Willie Brown recounting that she had called and warned him not to fly on commercial aircraft. Most of those videos have disappeared into the memory hole and I’m sorry that I didn’t download them. Especially The Secret History of the Japanese Atom Bomb.

I call Rick “The Contrarian’s Contrarian,” but he is eloquent. File under “All Your Data Are Safe With Us.” Or is it “All Your Data Are Belong to Us?”

Facebook Trying to Make Elephant in the Room Disappear

Facebook Pivots to Private Sharing. What a masterstroke of public relations!

This deftly planted story seems no more believable than if Elon Musk had announced Tesla is shifting away from electric automobiles toward the production of high-tensile paperclips. Is there any money in it, we might ask? And how high are the entry barriers?

More important, can Facebook’s leopard change its spots? Presently, the company makes its money selling out each and every one of its users a thousand times to advertisers (and, as we learned last year, to political consultants, even those who work for the “wrong” side.) For this, Zuckerberg & Co. has developed a reputation for lying about exactly how this is done, and how soon the company plans to stop doing it.

File under chromosomal security. If the DNA in your brain isn’t safe, how can your thoughts ever be safe? No amount of tinfoil will stop DSBs.

Sleep increases chromosome dynamics to enable reduction of accumulating DNA damage in single neurons

Manipulation of sleep, chromosome dynamics, neuronal activity, and DNA double-strand breaks (DSBs) showed that chromosome dynamics are low and the number of DSBs accumulates during wakefulness. In turn, sleep increases chromosome dynamics, which are necessary to reduce the amount of DSBs. These results establish chromosome dynamics as a potential marker to define single sleeping cells, and propose that the restorative function of sleep is nuclear maintenance.

1&1~=Umm March 9, 2019 5:37 PM


“Is there anything squids aren’t good for?”

Well… I would probably be banned if I gave a list 😉

On the protiens for plastics side of things few realise these days the connection between cheese and plastic, and the fact they might have buttons on their clothes that with minor differences in processing would have been cheese…

In mammalian milk there is a protien that is tightly wound up and does not form clumps. However the use of an acid, enzime or microorganism causes this protien to unwind and thus clump together. We call the clumped together solid as curd or junket with the remaining liquid called whey which contains sugars and other protiens, which can be used to make a twice or ‘re-cooked’ cheese we call ricotta.

What type of cheese you get depends on the curd which it’s self is dependent on what method you use and the temprature at three stages in the cheese making process (it’s why making cheese with pasturised or ultra heat treated milk is at best difficult).

If you over heat the curd then milk fats get driven out and the resulting protien will with a little work like kneeding bread or stretching pasta lock together in a particular way. Thus the real difference between casin the plastic and mozzarella cheese is the heat and to a lesser extent the amount of acid used.

So I guess the question for @ALL to find the answer for @Bruce is ‘Can squid protein be used to make cheese?’

gordo March 9, 2019 5:57 PM

‘digital gangsters’—a dual-use narrative?

Zuckerberg’s end-to-end encryption plan could put Facebook at odds with law enforcement
By David Ingram | NBC News | March 8, 2019

The FBI labels the trend “going dark.” To get encrypted messages, authorities generally need access to people’s phones or other devices. The FBI on Thursday declined to comment on Facebook’s encryption plans, but on Tuesday, a day before Zuckerberg announced the change, FBI Director Christopher Wray said at a security conference in San Francisco that he remained dissatisfied with the situation.

1&1~=Umm March 9, 2019 6:35 PM


“Interesting attack vector”

Whilst this instance is new, the idea behind it ‘servo positioning’ is not new.

There are devices such as force balance measuring scales that can measure fractional fractions of a percent of a gram. They do this by using the same basic moving coil mechanism as a speaker you would find in your HiFi.

What happens is a small light weight plate replaces the speaker cone and the assembly is tipped through 90degrees such that the coil moves vertically lifting the weighing plate against gravity. Out of sight under the plate is a reflecting surface and an infra red laser configured to work in the same sort of way as a mirror galvanometer. This is used in a feed back loop to keep the plate at a precise hight.

As mass is added to the plate it is attracted by gravity towards the approximate center of the earth. Which pushes the plate downwards, to counter act this the servo mechanism pushes more electrical current through the coil. Thus the current is proportional to the mass of the plate and what’s on it. Current can be very precisly measured in a number of ways.

The problem with such weighing scales is they are sensitive to movment such as tipping and mechanical vibration. This makes the design of the servo loop difficult as sound waves cause the plate to vibrate and thus act like a very linear microphone.

There are quite a few other highly sensitive servo systems around that people are generally not aware of. One of which is that of the Phase Locked Loop used in nearly all technology these days to control the phase thus frequency of an oscillator.

What even few electronic engineers realise these days is various components such as inductors (coils) and capacitors are transducers in their own right and minutely change their values due to mechanical movment or vibration. The result is that the oscillator will change frequency in response. This process is known as ‘microphonics’, and the PLL will try to correct the change in frequency by changing the servo loop voltage on a vari-cap diode.

With suitable filtering components in the servo loop microphonics can be greatly reduced. However the loop voltage contains the correction voltage which is in effect the inverse of the mechanical movment or vibration so is in it’s own right the same signal you would expect from an electret microphone.

You also get a similar effect in some high efficiency power supplies such as those that are ‘series resonant’ some of the coils will suffer from microphonics and the power supply control loop will correct it thus have a voltage or current proportional to the audio signal.

In all cases the hard trick is not bringing the servo loop to the point it behaves like a microphone, although it can be difficult. No the hard trick is getting the loop signal out to some other stage such that it can be not just amplified but also made available remotely.

This is where high speed microcontrolers come into their own. The old fashioned way to build a servo loop was with amplifiers and analog components. These days it’s both cheaper and much more effective to use Digital Signal Processing technology and have communications to other parts of the system by high speed busses. So small changes in the microcontrolers software held in Flash ROM makes the recovery and transmission of the audio signal possible.

Thus from a security asspect the use of a microcontroler to do servo control is a backwards step.

StunGun March 10, 2019 10:25 AM


I’m familiar with what you speak of. I have posted on here before in regards to my thoughts on whats actually possible by manipulation of EMF. If you can mess with the frequencies of various components, then you can certainly use this to impact other parts of the system, likely in ways that violate SECPOL. With your knowledge regarding things like PLL, chokes, mirror galvanometers, i’d be quite interested on your opinion on this? I mean, just the notion of air-gaping things like computers, microcontrollers, PLC, ASIC, FPGA, …ect (Pretty much any Turing machine), is pretty much a no-go when the system is leaking EMF constantly.

Bob in OK March 10, 2019 11:20 AM

I thought I’d leave a pointer to what Clive has called a code cutter. I first thought was a great parody. Then I shifted to thinking it’s just depressing and real. And now I’m just going to humbly say I hope its a hoax.

A former Google tech lead (youtube user name “TechLead”) describing his “Things I wish I new when I started Programming”. He talks about avoiding spending too much time becoming experienced with the components your using in favor of getting a working prototype out the door. If it’s useful enough, somebody will refactor it down the road. And it’s unlikely anybody would be there for more than a couple years anyway, so best not to get too invested in the details, as all code is ugly.

Still deciding whether to laugh or cry…


bpaddock March 10, 2019 2:04 PM

The documentary Third Eye Spies on the beginnings of Remote Viewing was released last week. It can be found in various places.

“…For more than 20 years the CIA used psychic abilities operationally in a top secret spy program. You paid for it, and now you deserve to know about it.

… After an experiment in psychic abilities at Stanford Research Institute accidentally reveals classified intel at a top secret NSA site, the two physicists behind it all are co-opted by the CIA and the amazing work of their psychic spies is silenced by the demands of ‘national security’. When America’s greatest psychic spy dies mysteriously, it spurs program co-founder Russell Targ to fight to get their work declassified even if it means going directly to his former enemies in the Soviet Union, to Wall Street and beyond to prove the reality of ESP.

The true story of physicist Russell Targ, his cold war psychic spies and his fight to bring this information public, with evidence presented by a Nobel Laureate, an Apollo Astronaut, and many formerly undercover military “remote viewers” and scientists that worked extensively for the U.S. Intelligence community, now able to speak for the first time in our film.

Third Eye Spies is a new documentary feature film by award winning director Lance Mungia. The film consists of compellingly cinematic re-enactments of actual remote viewings done at Stanford Research Institute for intelligence agencies, amazing new data retrieved from recently declassified documents via Freedom of Information Act and over 30 interviews with every top player involved and how those discoveries are being used today. …”

If you want to know how Remote Viewing works get the PDF at this link:

vas pup March 10, 2019 3:33 PM


That is very interesting article on biological basis of bias. It is important for many security/IC related applications to be taking into consideration. E.g. foreign spy put MAGA cap to easily being accepted by right wing supporters. Do you remember how Ms. Butina mingle easily with NRA related guys as claimimg I am pro-gun as you. I doubt all criminal intent on her side – she just want to easy fit in and move up for her own sake (my own opinion – not statement under oath for Grand Jury).
Same when LEA undercover agent put on some kind gang-related tattoos, attire, language to flag ‘I am yours’ to low down gang members suspicious. Or criminal used uniform to established his false affiliation with trusted group (police, firefighters).
Conclusion: in all cases perception of more familiar as less dangerous.

Alyer Babtu March 10, 2019 5:04 PM

@ Bob in OK

code cutter

I’ve been directed many times by supervisors to just get it out and let the users find the problems, fix as you go.

The video and my own experience seem to testify that the fundamental problem of program design and design principles is somehow normally disregarded or written off as negligible and is never addressed. “Coding” (of some kind) is a necessary technology but it’s at a very low level. It’s like the alphabet and grammar and spelling rules; no matter how good one is at it, it doesn’t help much with knowing what to say, which is design.

Faustus March 10, 2019 6:58 PM

@ Bob OK and Alyer

There is nothing wrong with what TechLead says. Your response is amazingly prudish besides being impractical.

I am getting the impression that neither of you have been production programmers. Outside of critical real time systems there is a point of diminishing returns for perfectionism, and generally more work than people to do it. Most code never goes into production. Real code is iteratively improved. And real programmers specialize in a few areas and leave the details of other areas to other people.

There are names for somebody who has studied everything about programming: Mediocre, Unproductive and probably, Annoying.

1&1~=Umm March 10, 2019 7:16 PM

@Bob in OK:

“I first thought was a great parody. Then I shifted to thinking it’s just depressing and real.”

First you need an antidote, to get back the smile factor,

Have you watched the video @Bruce posted a couple of days ago?

In there listen to what he says about code quality. He mentiones as the good examples areospace and NASA, the implication is the rest is well… Unfortunatly with a few other infrastructure and lower level exceptions you are going to get a lot of nods about the lack of quality in a lot of code.

To some people including many in the software industry its self, there are only two types of programmers ‘App developers’ and ‘Full Stack developers’, pause for a moment and consider what that actually means. Then have a think about what the ‘full computing stack’ realy is.

If you have to look at apps and web software from a high overview they are realy like the bubbles on a bath of bubble bath. They hide what the bath is realy all about and by and large they are very very short lived. Like all bubbles they burst easily and it’s very easy to make loads and loads more that all realy look the same.

Because of this very short time to live, any profit has to be not just made quickly but reinvested in the building of a new bubble before the existing one bursts, the old economic ‘grow or die’ model. Unfortunatly as the PC Games market is finding, their bubbles are poping faster than people want new ones. I guess because they have got out of that particular bath etc. It’s not just games it’s also applications, some people are still using win XP and Office 95 and won’t change untill some part of their hardware breaks and they are forced to change because of it (unless they find some smart bod who will get it all going in some virtual PC emulator of some form).

Thus the software industry is switching over to ‘cloud computing’ in various ways such as ‘software as a service’ where you subscribe to an application and after a year of use you are still paying a 10% tieth each month on what it would have cost to outright ‘lease’ the software on your own computer.

In effect the pendulum has swung back again, to what was once called ‘thin computing’ and a few swings before that ‘Terminal Server’ and likewise ‘Big Iron computing’. But this time you don’t have ‘the dog leash’ of a network or serial cable tying you down you can be ‘mobile’ and walk under a bus as you work down the street.

The point is the software bubble industry needs very high churn, which means quality is at best superficial and code is far from secure and mostly unstable with of you are unlikey organic grown spaghetti code that gets refactored more often than most people wash their hands let alone take a bath.

Whilst those in the software bubble industry talk as though it is the only game in town it’s not. There bubbles are highly dependent on things that are a lot more solid. They are at or above the notion of the ‘presentation level’ with a whole stack that gets increasingly reliable as you go down it.

If you want to spot the software bubble industry types ask them what language they would recommend beginners learn and it will be ‘webby’ either for the browser or mobile or server such as scripting or interpreter. The reason for scripting or interpreter is the very fast tool chain cycle. This tends to alow single line code and test programing, where as thoughtful design was a real requirment which you had to have if a build took all weekend, and the boss got their hands on the build logs monday morning before their first coffee.

When the expression RAD came into vogue the idea of the method was to ‘script’ a frontend prototype up using unix like command line tools and try it on the users. Then having knocked the buggs out of the specification and other design documents start writing the frontend in C or some other system level language to get a usable execution speed, and bring in what was required of the backend functionality to support it.

These days there are few specification or design docs other than a ‘mission statment and wish list’ for front ends, and that wish list changes faster than the lead in a drag race. The unsexy backend though hardly changes and is now at the point where it’s functionality can not be taken out and stability of the interface is generally reasonably high as is the up time. Thus we have two very different tempos, that just can not meet up without a chunk of translation in the middle, hence the notion of middleware, that does a lot of the business logic.

Oh another way to spot presentation layer developers talk to them about data flows and how they deal if at all with bi-directional data flows especially when it is for down stream events and errors being passed up, which are absolutly essential to stop data loss or corruption to ensure reliability and thus availability, just remember to be ready to duck as the arm waving starts.

The moral is that you need good solid foundations to build a house, good solid structure if it’s to be more than a couple of floors, but all the people who live in it see is little of the architecture but a heck of a lot of interior furnishings. Most people can paint a wall and move old furniture out and new furniture in. But if you wanted to build a new hotel would you consult first an architect, an interior designer or a party planner?

Each has their own expertise in a particular domain but there is a hierarchy and it’s best to select the right person at the right time and for the right reasons.

1&1~=Umm March 10, 2019 7:31 PM

@ All,

There are a number of comments about ‘Clive’ not being around. But his is not the only name we have not seen recently.

What’s happened to the other ‘usual suspects’?

I’ve not seen anything from @Wael for quite some time, nor @Thoth and others such as @CallMeLateForSupper are quite quiet.

I’m sure there are others that those still here miss as well.

What ever they are all doing, I wish them well, and hope they drop by soon.

MarkH March 10, 2019 8:42 PM

@Faustus, @Umm:

Too funny!

There are sophisticated tools available to help match up authorship of anonymous/pseudonymous texts.

In the case of the mysterious “source Clive,” such sophistication seems superfluous in the extreme. His/her/its (can we REALLY exclude some marvellously advanced AI?) modes of thought and expression are wonderfully idiosyncratic.

When Bernoulli saw Newton’s anonymous solution to the brachistochrone problem, he commented that he knew the lion by its paw … the big meandering pawprints of south England’s modern-day savant are recognizable from quite a long way off.

Herman March 11, 2019 12:33 AM

Rather than catching squid for plastic, we need to figure out what to do with Jelly Fish. There is a lot more jellies in the sea than squid (which also eat jellies).

Herman March 11, 2019 12:40 AM

“Zuckerberg’s end-to-end encryption plan could put Facebook at odds with law enforcement” – Retroshare ( already exists, but it requires a friendly Geek in a group of family and friends to set it up for everyone.

What is needed is a benevolent sponsor that will create a public instance of Retroshare, without the spyware backend. Well, one can wish…

Dubious March 11, 2019 2:31 AM

” (can we REALLY exclude some marvellously advanced AI?) ”

Even the latest AI can’t organically misspell words at such a clip.

VinnyG March 11, 2019 8:18 AM

@Bob in OK & 1&1~=Umm re: coding – So what’s new about that? How much rational design and development do you think takes place at the big IT players (e.g., MS or Alphabet?) I moved from (mostly)development to (mostly)infosec for the last half of my >38-year IT career. At the time I switched, the emphasis was already rapidly morphing from a structured design|validate|code|test paradigm to a rapid development/script kiddie/throw-it-at-the-wall-to-see-if-it-sticks methodology. In 1987, in the course of a systems migration project, I was forced to work with a “programmer” for the target system who was incapable of comprehending that there could be differences between the binary values underlying characters represented as “zero” “null” and “blank”… I quit in disgust shortly thereafter. Unfortunately that kind of farm animal offal pursued me at subsequent employers until I “changed majors”… Not that similar problems didn’t exist at all in infosec, but (at least at the time) the manure level was palpably lower…

Faustus March 11, 2019 9:13 AM

@ VinnyG

Structured methodologies are not all they were cracked up to be. I was a technical lead on several large projects under big 8->6 style consulting companies.

The methodology is beautiful and logical. The structured designs were most useful at a high level. E-R diagrams for example are great communication and collaborative design tools.

But detailed design at a pseudocode level is very close to writing the whole system in a programming language that cannot be run or tested. It always gets out of sync with the actual source because nobody has time to go back and update the design when inevitable problems and omissions are found in the pseudocode during programming and testing. The alternative is generating code from the pseudocode but these generators, however sophisticated, are still restrictive enough to frustrate everyone.

It was industry knowledge that more than 50% of such projects failed, although often victory was declared before shelving the results to cover everyone’s butts. Too much work needed to be completed too far in advance of getting feedback from running code. Early misconceptions could sink everything.

And clients’ objectives were always moving targets. There was little practical use in churning out monolithic detailed specs of what somebody thought a year ago. Projects needed to be more agile.

Part of my job was teaching beginners and sorting out issues like what is the difference between nullish values. A school environment is different that a production environment. In general people learn. I have always considered somebody needing to learn an important opportunity to help them become a better programmer. I was mentored and, in exchange, I mentored.

justinacolmena March 11, 2019 12:57 PM

The RC Collect app is installed as a drive-by download from Capital One Bank’s website.

The drive-by occurs after authenticating and logging into — get this — an actual FDIC-insured bank account.

The real problem is worse than anyone could have imagined. Capital One sold out to the Chicago Mob, and got into the baseball-bat and stiletto-knife debt collecting business. Lawyers are deposing witnesses in back alleys all over town on this, and they’re putting Jussie Smollett on trial.

Sherman Jerrold March 11, 2019 1:49 PM

to all,
Last week I commented that I appreciated all those who made positive contributions here and that I hoped the trolls would not degrade this blog. I still hope that. I hope people will continue to make positive contributions, won’t abandon it and will ignore the trolls. That is the only way it will succeed.

In regard to computing and program development, I am one of those who still use computers I built from parts circa 1999 running WinXP and Linux in a dual boot. I use a number of excellent specialized media creation shareware programs that won’t run on Win7-10. I have always been very pleased with and support the shareware model. Almost all the developers of shareware allow free upgrades to minor version improvements and loyalty discounts for major version updates. They invariably are responsive to ‘bug reports’, for they realize that improving their programs get them good recommendations from users resulting in more users.

Though heartily I support diligent software developers making a good living from their efforts, I also am a proponent of the vast FOSS and Linux volunteer communities which are altruistically helping people.

I have adopted a security based mantra: “Corporations are NOT your friend” especially when it comes to the mercenary way they steal your data and monetize it. In reading extensively here and on other tech sites, it becomes clear that Personal Privacy and Security has now become like a little frog in a pond full of alligators.

MarkH March 11, 2019 4:28 PM

I’m not insulting coders … but their default security level is Nil

This ZDnet article presents results of a study of freelance programmers who were paid to write a web login for a social media site.


• Unless expressly asked to provide security, the great majority stored passwords in plaintext.

• Even some who WERE expressly asked also stored passwords in plaintext.

• Many of the non-plaintext implementations were weak (or very weak). Some even used base64, which is a non-encryption encoding!!!

I guess the good news, is that after everyone who used plaintext was told to do it over, about one fourth of the total used recommended strong security for password storage.

bttb March 11, 2019 5:29 PM


You wrote, regarding Google/Nest’s (Google) hidden microphone in their home-security offering, :,

“… Personally, I think the giggle microphone dust-up amounts to nothing. It is not as though Giggle was caught spying; if it were caught, I’d be on the barricades too. Traces and pads were included in the PCB design for possible future use. This sort of thing – with various kinds of hardware components, not necessarily mics – has been done for decades, by many companies, and is not remarkable….”

Four things:

1) I enjoyed your technical description about how the hidden microphone might have been engineered and built.

2) Of course, afaik Google, could have provided future microphone hardware functionality with a disclaimer like: a) “a physical switch is provided to physically turn off the microphone, which will be an option in the future” or b) “drill here(s) to disable future planned microphone functionality”.

3) I might owe you an apology for involving you in my potty mouth rant. For example, it could have been posted independent of any SoS participant’s handle.

4) For more of why, in general, I think of sh!t when I think of Google or Facebook, at least until they are heavily regulated, with teeth or broken up, watching Zuboff, Surveillance Capitalism, on DemocracyNow and the TheIntercept, may have had something to do with it.

1&1~=Umm March 11, 2019 6:38 PM

@Sherman Jerrold:

“it becomes clear that Personal Privacy and Security has now become like a little frog in a pond full of alligators.”

More like piranha fish than alligators, little frogs have a better chance of slipping by alligators.

But what ever the analogy, the other thinng that has become clear is that between the IC and LE agencies on one side and corporate lobbyists on the other, the politicians care not a jot about either Privacy or Security. Untill of course it’s them and their own that are affected by the stupidity they have not only alowed to be created at the behest of agencies and corporates but have actually passed into law. Then the ‘headless chicken little dance’ starts…

As @Bruce has noted the politicians are so unknowledged it is not just embarrassing it’s negligent behaviour. The fact it is to the point of malfeasance makes it all the worse. Any Public Interest Specialist is going to find their work to be worse than the trial of Sisyphus and tasks of Hercules combined, every day with the present bunch of politicos in many places.

The simple fact is most are too old to be re-educated in the ways of the modern world, they fear technology for what it can do to them as individuals, whilst are mesmerized by the snake oil pedlers and similar who supposadly bring in so much revenue, but in reality do not pay one fraction of a percent of the dues they should do. There are what are little more than Mom-n-Pop businesses that pay more, not just as a ratio of income but in actual fiat currancy.

Maybe the politicos should check on the real taxes paid before dining out with the lobbyists and founders, they might find the representatives of a local school in their parish might pay more.

I must admit I’m drawn to the idea of denying politicians any privacy or secrecy, every thing they say and do should be recorded such that the voters can go through the recordings to ensure the elected representitives realy are working for the voters. After all the US President has nearly all they do recorded by law, why should any other elected representative be subject to anything less?

roberts robot double March 11, 2019 11:00 PM

re: Remote Viewing

I have not read anything on RV but have heard some fellow citizens speak in years gone by of such “tech” and that it was a part of an advanced military program. Regardless, it’s been years since that topic came up but in those years I have learned a bit about our human nature and how such things are possible.

Everything in this universe is created in pairs, including our human body. Our physical body has an energetic “other” (known as the soul) that is physically constrained within our physical body while we are conscious. When unconscious, our soul is no longer tethered to our physical body and is free to roam about in its dimension, one of the other five layers of the onion that inhabit this 3-space. (Note that the missing dark matter constitutes roughly 5/6ths of what should be present to keep the galaxies from spinning off).

Our soul has its own perceptual ability to see, hear and comprehend. The reason we lack conscious control of our soul while we dream is due to our lack of spiritual development in our lives; for one thing, knowledge of our true human nature is of no concern within our collective remedial materialistic level of development. Most people are not even willing to admit that the spiritual path exists because that would require them to extend their conceptual basis of reality to aspects of existence that are beyond our physical body’s abilities to directly perceive (“But where’s the proof, maaaaaan?”). Now, there are traditions that speak of “astral travel” but I do not know whether or not one can develop the soul’s abilities outside of the spiritual path, but I do know that the ability to consciously perceive the universe with our soul is a natural by-product of the spiritual path and should not a primary goal, lest it become another distraction from our primary purpose as human beings: to become consumed by love for ALL others such that we construct our societies to be perfectly just and compassionate.

Now, I’m just a struggling student, but what I understand is that the soul can be active in either its own dimension or within our physical body’s dimension. If we are “dreaming” and our soul is active in the body’s dimension then we can perceive events as they are happening in real-time. I have been told that you will know when that is the case because the people can’t hear or see you and that you can pass through walls.

In the Sufi tradition, we have stories called, simply enough, “Sufi Stories”. One such Sufi Story I know relates to RV.

There was a Sufi Murshid (Teacher) who lived his entire life in a small town probably in or around what is now Turkey. That small town had a single, not very long street with a few shops with the Mosque at the center. Turkish “Cami”s (pronounced Jah-me) were not only the place of worship but community centers with schools and care facilities and the like. So this Murshid lived his entire life on that street, eventually becoming the Imam by his having cleansed and purified his soul’s heart of its 19 vices and, by doing so, was granted the gift of perceiving the Godhead in all Its Glory. (That is what is referred to in Jesus’s beatitude “Blessed are the pure in heart, for they shall see God.”) Everyone who attains complete submission to God gains full conscious use of their soul while unconscious; in other words, they are consciously perceiving the universe whether their body is awake or not.

Anyway, after an entire life lived on that one single, simple street, that Murshid said that he knew the stars of the Milky Way better than he knew that street.

When the soul is travelling in the physical body’s dimension it is not bound by the physics of this plane as it is made up of a different configuration of energy. (That is why we can not find “dark matter”: our photons don’t interact with it; how it all combines to effect a total gravitational inertia is beyond my understanding, but the total effect has been measured and calculated.) So, when the soul is roaming this plane, it can be commanded at the literal “speed of thought”; i.e. you pick the star and then wish to go there and “whoosh” there you are in a milli-instant. And as soon as our physical body wakes up, “whoosh!”, our soul’s tether to the body snaps it back inside. Know that I only know this second-hand, excepting a handful of lucid dreams in my life, but my source is pure and good 😉

Anyway, that’s the basis for RV. Most people will reject this outright as utter BS, but it is no different than how Boltzmann and Einstein were rejected by the vast majority of their peers for years upon years. One thing is for absolutely certain, however: only by using love as our compass to perfect our individual and collective morality can we stop the destructive competition and selfishness that plagues and is destroying the Earth in 2019 and, therefore, allow us to manifest “On Earth as it is in Heaven” with peace and justice, FDR’s Four Freedoms and Dr. King’s Dream realized for ONE AND ALL.

Peace be with you all. Happy dreaming!

Curiousity March 12, 2019 1:46 AM

I have seen some hijackings in realtime, that’s formidable. You’ve literally kept this up for years now.

Bravo. The drama between @echo and men is palpable. Why are we talking about it though?

Why did people get censored for talking about unrelated things and that didn’t?

Alyer Babtu March 12, 2019 12:42 PM

@ 1&1~=Umm

There seem to be speculations and veiled hints as to what or whom your handle may designate. However, clearly, these are premature until one has the corrct interpretation of the string “~=“ . Is it

  1. Not equal to
  2. Approximately equal to
  3. Pattern matches
    D. All of the above
    E. None of the above
  4. Something else

Eager minds await …

Faustus March 12, 2019 1:01 PM

@ echo

This is the first I’ve seen you post in an while, but I don’t see every post. I was curious how you are doing. I’m sorry you have been having bad experiences.

@ Curiosity

Very few posts get censored. I have never seen a post that I read in the first place disappear. Generally it is people stirring up trouble or posting volumes on unrelated topics.

I’d say how a woman perceives her security in our society is exactly on topic. Echo speaks from the heart about urgent issues which is why she has been welcomed here for years.

Faustus March 12, 2019 1:10 PM

@ justinacolmena

I am interested in what you say about rc collect. It appears to be a benign forms app. I can’t find anything else. Do you have a reference?

Rach El March 12, 2019 3:52 PM


I’m bumping the youtube link you posted about software engineering. It’s priceless! Very smart and very funny! And, he goes so quickly, it’s easy to miss just one sentence or reference he makes that actually has a lot of weight (and is also very funny). Wow that is definitely worth watching more than once. I hope everyone here takes the time to review it.

A smart guy who actually has some performance chops as well.

Bob Paddock March 12, 2019 6:05 PM

Some profound security implications here?

“A quantum experiment suggests there’s no such thing as objective reality.

Physicists have long suspected that quantum mechanics allows two observers to experience different, conflicting realities. Now they’ve performed the first experiment that proves it. …” : Experimental Rejection of Observer-Independence in the Quantum World

1&1~=Umm March 12, 2019 7:23 PM

@Vas Pup:

“US seeks to allay fears over killer robots”

Not unrelated is,

For all the ‘Oh silly Donald’ style comments comming back he is basically correct, aircraft flight systems are getting overly complex, but perhaps not complex enough, the electronic version of ‘A little bit of learning…’.

Whilst the US President did not say in his tweet that he wanted the Boeing 737 Max 8 grounded pending investigation results, other US politicians certainly are,

Whilst other Countries have issued tempory flight bans, the Chinese civilian aviation authority has apparently directed on Monday that the planes to be “‘grounded indefinitely'”. It said the order was “‘taken in line with the management principle of zero tolerance for security risks.'”

Which might be a valid point of view as well. Because it is thought by some in the industry that the Ethiopian aircraft ET-AVJ which was a new 737 Max 8 delivered Nov last year and had about 1200 hours flight time total, actually flew it’s self into the ground. In a similar manner to that of a Lion Airlines Max 8 that flew into the sea in Indonesia less than five months ago.

What has been said is that because the auto-pilot has an obscure and not correctly documented anti-stall feature rather than just a more traditional stall warning, it is thought that the pilots were to busy fighting the auto-pilot to take the right corrective actions.

From a Bloomberg report[1],

“‘The FAA and Boeing have been finalizing a software fix for an obscure anti-stall measure created for the 737 Max that came to light with the Indonesia tragedy. The Maneuvering Characteristics Augmentation System, or MCAS, triggered by an erroneous sensor reading, had baffled pilots by pushing the Lion Air plane downward dozens of times before it crashed.'”

“‘The Lion Air tragedy in Indonesia, like the Ethiopian Airlines crash, occurred shortly after takeoff. Data from the Indonesian jet’s flight recorder showed that an errant sensor had signaled that the plane was in danger of stalling, causing the MCAS software to push the aircraft’s nose downward.'”


“‘The pilots on the Lion Air jet counteracted the movement repeatedly, but the cycle repeated itself more than two dozen times before the plane entered its final dive. The accident inflamed controversy over pilot training for the 737 Max, since Boeing hadn’t flagged the anti-stall feature in training materials or most flight crew manuals.'”

That is, it is being speculated that the 737 Max 8 auto pilot anti-stall had put the aircraft into a nose down attitude very shortly after take off and thus unsurprisingly the aircraft went down not up or leveled off.

Ethiopian Airlines who generally have a good reputation for professionalism in the industry have reported that the black boxes and flight data recorders etc have been recovered, so hopefully we will know the cause fairly soon.

[1] I’m aware that Bloomberg have a bit of a reputation issue with technology and China in particular here and in other places, so treat it with due caution,

Especially as the reporting on China’s actions have down graded in the report (see 4th paragraph that has been editorialy adjusted post original publishing).

W. Pooh March 12, 2019 7:28 PM

quantum mechanics allows two observers to experience different

Or even one observer. We got similar results at the TRESPASSERS W lab years ago. Not having, we just memorialized out results in a poem

“It’s very, very funny,
‘Cos I know I had some honey;
‘Cos it had a label on,
Saying HUNNY.
A goloptious full-up pot too,
And I don’t know where it’s got to,
No, I don’t know where it’s gone—
Well, it’s funny.”

You can see the result is high level from the appearance of Cosines. The whole thing has to do with Heffalump particles.

gordo March 12, 2019 8:22 PM

The World Wide Web Turns 30 Today. Here’s How Its Inventor Thinks We Can Fix It

TIME: The amount of data that is now generated can allow programmers to predict our behavior. Are you worried that information can be used to influence us in ways that we don’t understand?

Tim Berners Lee: I’ve got a vision for an alternative world, in which that data does exist, but it’s at the beck and call of the user themselves. Where the apps are actually separated from the data source. So when you use an app, it asks, where do you want me to store the data? And you have complete control over who gets access to it. It would be a new world. We’re talking about a future in which these programs work for you. They don’t work for Amazon, they don’t work for Apple.

See also:

1&1~=Umm March 12, 2019 8:41 PM

@Alyer Babtu:

“However, clearly, these are premature until one has the corrct interpretation of the string “~=“ .”

You also need to think what ‘1&1’ means syntacticaly, logically and mathmatically, but then philosophically about the whole statment.

Winston Churchill had a similar issue with Russians and allegedly described them as being a riddle within an enigma.

So you might think which is riddle and which is enigma, either, neither or both.

Young children are taught to say ‘one and one is two’. But realy that should be ‘one plus one in a base above two’, because in base two it would be 10 which they get taught when a little older and it confuses many of them. But then some go on and get taught ‘1 AND 1 is 1’ when using positive logic in programming or digital electronics. Hence that little ‘Umm’ noise students make when confused, due to ‘overloading’. Thus you might expet two or three Umms along their learning path from just this alone. So ‘~=Umm’ can be read as ‘aproximately equals confusion’ or in a more philosophical way ‘1&1~=Umm’ could be read to mean ‘lack of knowledge aproximates to confusion’ or ‘life is a succession of lies on the path of learning’ which approximates something said about the teaching of physics which is at the root of all science.

But then there is the not so old saying of ‘two and two equals five’, many know of it but not where it comes from which is Orwell’s 1984[1] thus miss the real meaning. When Winston Smith is being thought corrected / re-educated / tourtured in Room 101 his antagonist has to be certain Winston real believes two and two equals five and is not just saying it to avoid the process. So ‘1&1’ is also a ‘Big Brother half truth’ because it could mean one of several things quite legitimately.

It’s also a warning about facts and context, something that is true in one context might be false or neither in other contexts or might mean different things in different contexts.

Which brings us around to an important point in the difference between ‘data’, ‘information’ and ‘knowledge’. Data can and often is meaningless when seen without context thus it’s information content though not zero in practical terms might as well be because it conveys no reliable knowledge to the observer only the possability of supposition or correlation.

Which in turn brings us around to two other points of interest one is about ‘provable secrecy’ and the other about ‘false attribution’. Provable secrecy is not quite what many think it is, what it means in the case of the One Time Pad is that ‘all messages are equiprobable’ importantlt no more and no less. that is if you list every possible message of that length even though one of them is the secret message you have no know way of knowing which with any more certainty than any other message. This leaves open a very large door for those who wish to falsely attribute meaning to any given OTP message by sophistry or other deceitful persuasions. All they have to do is find or make up a message appropriate to their motives that is the same length as the OTP message, and claim it must be true because it fits the facts they are claiming so beautifully it could not be wrong. Such circular reasoning sparks the old philosophical debate about ‘Truth and beauty’. That is whilst the truth may be beautiful, beauty is most certainly not truth in all cases and contexts though many fail to remember this to their cost. Thus you have a psudo ‘one way’ relationship which also comes up in cryptography in many places such as all keyed determanistic cryptography including stream, block and mathmatical ciphers.

There may be a few other meanings hidden away in ‘1&1~=Umm’ but then each has a context you may or may not know, thus it could also be a covert message as well… It is after all a sufficiently unique combination to be used almost as a unique search key, yet admit to many meanings.

So you can pick your own context thus your own beauty which might be truth or then again not 😉


Bong-Smoking Primitive Monkey-Brained Spook March 12, 2019 9:42 PM


So you can pick your own context thus your own beauty which might be truth or then again not 😉

Thou canst not every day give me thy heart,
If thou canst give it, then thou never gavest it:
Love’s riddles are, that though thy heart depart,
It stays at home, and thou with losing savest it:
But we will have a way more liberal
Than changing hearts, to joyne them, so we shall
Be one, and one anothers All.

1&1~=Umm March 12, 2019 10:39 PM

@Rach El,

“A smart guy who actually has some performance chops as well.”

He’s no longer a ‘software person’ to smart I guess 😉

Any way another ‘antidote’ of his you might like is,

About why not to be a software person, and yes don’t blink or you will miss things B-)

1&1~=Umm March 12, 2019 11:20 PM

@Bong-Smoking Primitive Monkey-Brained Spook:

“Thou canst not every day give me thy heart”

‘Yet I would not have all yet.
He that hath all can have no more.’

An interesting choice and +5 for knowing the poem well enough.

For some reason as the clock ticks down this keeps comming to mind from the same author,

If a clod be washed away by the sea,
Europe is the less.

Rach El March 12, 2019 11:22 PM


thanks for the Berners-Lee comment. Who woulda thunk it? Good luck with that.
I think I may try ‘imagining a world’ myself. Who knows what I might dream up?

google play auto-installed something called ‘instant apps’ on my friends phone the other day, and began updating itself over data even though updates were only enabled for wifi. some strange concept where ‘an instant app is an app thats not available, can be used but only temporarily stored on your phone’. Without permission it just
turned up all of a sudden – they even keep google play store apps disabled all the time

Bong-Smoking Primitive Monkey-Brained Spook

Thou has’d a tender centre after all, oh our beloved mirth filled, cranky Primitive One
Did you have a happy incident in catching some bad guys?
Or get some free ‘bowls’ from the Agency (as you call them over there?)
I suppose the bold bits are a code

Alyer Babtu March 12, 2019 11:26 PM

@ 1&1~=Umm ; and @ Bong-Smoking Primitive Monkey-Brained Spook

You also need to think what ‘1&1’ means

Right after posting it came to me that I should have asked about the “&” also. But it didn’t seem sporting to immediately post again to ask about it.

And as G. K. Chesterton observes, one always says what one means. Even if one doesn’t realize it at the time.

@ BSPMBS , thanks for the lovely quote from Donne !

Til we have faces … we see through a glass darkly … but then I shall know even as I am known

Rach El March 12, 2019 11:28 PM

Berners-Lee is getting a lot of mileage out of the ‘man that invented the internet’ line

Rachel-the girl that once posted on Schneier on Security

Rach El March 13, 2019 12:39 AM


great video thankyou! he is skilled with script and editing as well as performance. I could relate to much of it (i rejected SE as a career for reasons therein)
Wasn’t too fond of the Seinfeld response to people asking if they should be a comedian, despite his reason being of value.
renowned former punk singer Henry Rollins says people ask him if they should start
a punk band, and he says if they need to ask -it’s not for them. If it’s for you
you just go and do it. Applies well to field of SE I feel – see ‘hobbyists’
I can see aspects of cryptography fitting here also, even more specialised.

a systems approach rather than weighing methods works better for finding ones place or role. Mr Schneier is good at advocating in this regard, IMHO
‘Faustus’ articulates components of this, enjoyably

awaiting the vote on the clods coming or going

wowow March 13, 2019 1:13 PM

It’s somewhat over my head; yet I still come to the conclusion that the golden age of computing is now behind us and never again to return. There’s just too much inane competitiveness destroying most data integrity (and/or security integrity) at EVERY plateau from manufacturer to hardware to firmware to operating systems to default configurations to softwares to preferences to interoperability issues …. etc etc.

About FireFox/Mozilla clown-wares…
If you spend several days studing the About:Config window, you will learn over and over again that Mozilla really hates it’s own users. Tons of the settings are there to antagonize the end-user and cater to the dataminers. Most of the defaults that would help a user are often toggled wrong and similarly the defaults tend to cater to tose entities and corporations and groups who are NOT the end-users.

On a different note…
Something interesting happened to me the other day in a security way…
I had physically disabled my computer’s wifi chip by opening up the chassis of the computer and disconnecting all of the power wires to the chip.

Now that I think of it, I should’ve removed the chip from it’s cradle too.
Nonetheless, when I started up the computer, an available wifi hotspot still showed up on the live wifi hotspot listing of my operating system.

It was not any of them that I use nor archive. Also, all of the other known wifi hotspots in that regional area (in that neighborhood) did NOT show up. The ones that did not show up I did not expect to show up; I expected them to not be detected because I assumed that with the wifi chip disconnected, it wouldn’t pick up anything at all. But since the system picked up one specific spot, and only that one, something is amiss…

I think what happened is that there’s an extra hidden wifi chip somewhere else in my computer hardware which is not listed nor documented. Also, my bluetooth chip was entirely removed and thrown away in a garbage can several weeks ago. I don’t use bluetooth at all.

This disconcerts me, yet it’s not entirely unexpected. I have long suspected there are hidden undocumented flash drives. And by the behaviors of the people who harrass me and try to talk to me about the contents of my hard drive that I haven’t told anybody about, I assume that there is a broadcasting function built into the hard drive to tell Intel workers (and also other groups) exactly what’s on my drive, even when my system seems mostly turned off to me.

I figure it’s some kind of differential backup shadow copy that uses a minimal amount of power and sends both directory contents and even actual file contents.
For example, I’ll be talking to a person about the weather and philosophy and all of a sudden out of the blue they start trying to talk to me about some contents of my downloaded pornography collection, even though I don’t talk to anybody about my porn collection and it’s not even anything unusual nor illegal nor that deep or whatever.

I know they get sidetracked by the porn because it’s of course alluring, but they are snafuing themselves. It reminds me of when a particular Senate Committee member said publicly that Intel workers saving or looking at porn are putting themselves at risk and should abstain from that. However, I am NOT an Intel worker, and thus am exempt 🙂

But yeah, when they start talking to me out of the total blue about specific stuff on my drive, especially when it’s NOT the porn stuff, and especially if it’s a file I just made or downloaded or edited or a word I just typed and I DID NOT TELL NOR SHOW ANYBODY… then I know for sure they are maybe tipping their own hands too much about their own exaccerbated curiosities.
My 3D Fractal Tesselation animated .gif downloads are a lot more anomalous than my porn files. I like pretty things.

A long time ago, I remember a similar experience with some people talking about my “Ouija SkateBoarders.FLAC” original music composition right after I walked into the door past the security gate into a public place. There were no skateboarders around anywhere in sight, and I had just recently added the tune to my portable media player that I had with me that day. It had a built-in FM radio, so I assume that the FM radio doubles as a bluetooth/wifi transciever type of thing. That also explains why the TOC was updating without me touching it or editing it several weeks later when somebody hacked into it to find out what FBI .MHT downloads I had saved on the FLASH NAND or stuff related to Eugenics (from wikipedia) archived also as .MHT files.
I don’t use MHT files much anymore, and I don’t use wikipedia much anymore either.
Think what you may, this is my story and I’m sticking to it.

Peace be with y’all.
P.S.-Trump is proven to be dangerous by virtue of his recent threats to downgrade the hazmat ratings of hazmat materials via an executive order or whatnot. THAT MAKES ABSOLUTELY NO SENSE. Lethal = Lethal. Toxic = Toxic. There is NO DOWNGRADING of hazmat threat levels. This is not up for debate nor to be gamed by those obsessed with messing up everyone else’s situation for financial gain of the usurper kleptocrats.

Hazmats downgraded would thus be weaponized against just about anybody living and/or working wherever they’d be moved or dumped. Killing us is NOT DESIREABLE.

So yeah, the Trump admin only gets my vote of NO CONFIDENCE.
Rather than impeaching them, they simply need to be removed from office as domestic terrorist radical extremist cult members.

Sherman Jerrold March 13, 2019 1:23 PM

@echo and everyone,
I know it is a stretch since it is about ‘personal security’ but I think this article is important in that it points out a lot of basic insecurities and abuses caused by the most primitive of human behaviors.

I’ve always worked to keep my professional and social relationships based on and focused on the intellectual avoiding the raging hormonal. That’s not to say I haven’t had some intimate partnerships with women over the years. However, they ALL had to be based on mutual respect or I would exit them.

Alyer Babtu March 13, 2019 1:37 PM

@vas pup

when process is not based on merits.

Or, when it is so based. This wouldn’t have been possible without the exams meritocracy.

Teachers in elite private middle and high schools are often known to require “special” payments from the students themselves in order to give a good grades report, no matter how good the student actually is.

gordo March 13, 2019 1:45 PM

@ Rach El,

Yes, like it or not, history does sometimes write the headlines. As visions go, Sir Tim has apparently been working on this one for quite some time, since at least 2009, if not earlier

Separating apps from data does speak to especially current issues like data ownership, data control, data valuation, data portability, privacy, the right to be forgotten and I’d guess many, many more; and yes, instant apps.

wowow March 13, 2019 2:18 PM

Thanks, ironically, for this devastating info. I am extremely disturbed and upset by this genocide against SENTIENT BEINGS who are in many ways more intellectually and biologically advanced than human people. They ought to be PROTECTED, not murdered. Please, I am not joking about this. Please think about what this means.

This is tragic in so many ways. The “NAZI algorithm” is still an existential threat to this world. ZOHAR OLAM (please, teach the world to comprehend this!)

P.S. =


vas pup March 13, 2019 4:02 PM

@Alyer Babtu
“Teachers in elite private middle and high schools are often known to require “special” payments from the students themselves in order to give a good grades report, no matter how good the student actually is.”

That is above not merit based, but pure fraud.

Merit based is like results e.g. swimming sports:
You show time, nobody cares who you are, your race, social status, nationality, where you come from, what is your religion or political views because the only thing which is matter and evaluated your ability to swim fast (just need to take your blood test to prove you don’t use drugs).

@1&1~=Umm • March 12, 2019 7:23 PM provided some good input which trigger my point to the previous comment: I want pilots, aircraft controllers selected by merits: high training and ability to do their job and provide safety to passengers regardless of all other unrelated features.

See, Chinese understood if they want to be equal in the country where they are minority, they must be substantially better on measurable merits than other folks to be equal. That is reality. They prove they are better by hard work, learn and study, but not asking for any favors unrelated to merits.

@Bob Paddock • March 12, 2019 6:05 PM posted
“A quantum experiment suggests there’s no such thing as objective reality.

Physicists have long suspected that quantum mechanics allows two observers to experience different, conflicting realities.”

In our life we do have some kind of objective reality when we agree on measurement: e.g. you feel cold and I feel warm in the same room. That is ‘two observers to experience [got subjective evaluation – VP] different, conflicting realities’, but if you measure the temperature and get value e.g. +7C in the same room, that is what objective – not dependent on our subjective feeling. You can’t argue on tastes and feelings because they are subjective and are personal preferences. Science and merits starts with measurements.

Sherman Jerrold March 13, 2019 4:49 PM

Corruption in Academia is not new. In the 1970’s in ‘southern california’ I observed many ‘scholarship athlete students’ getting massive free tutoring or even having highly accomplished students taking tests for them.

I have read many credible articles stating many ISPs are logging user’s connections, sites visited, etc. and there are reports that some of them are (are thinking about how they can) ‘monetize’ that user information. As I understand it VPN’s can prevent some of that ISP spying but most VPN’s don’t do a good job of protecting user privacy (keeping logs, etc.)

For years there have been reports of google returning their own sites at the top of results, above even more pertinent natural search results and some massive ISP’s favoring their own Internet media products.

Therefore, I see ‘Net Neutrality’ as an essential step in the effort to restore the security and control of people’s data to them as Tim Berners-Lee has been advocating for years. I found the site below that shows who in the u.s. congress supports the current push to restore ‘net neutrality’ for people.

I’d like to hear others’ comments about this issue.

Alyer Babtu March 13, 2019 4:54 PM

@vas pup

not merit based, but pure fraud

How true. But nobody would bother with the monetary expense and the burden on their soul to commit the fraud if it did not seem to provide a good merit score. The whole academic exam results system, from preschool through university, has become a proxy for recognizing real virtue or strength, good exam result -> good knower -> good to have around ( -> money !). It’s simple to hijack, so the merit system provides the basis or attack surface for fraud. Why not jettison it ? It’s not a very good proxy in any case. Instead, have something like an apprentice system where actual people, teachers, work with actual people, students. That’s how Plato and Aristotle did it, and some illustrious grad departments do it today. One who knows brings another into act as a knower through human contact. These are actual real goods, not merit, which is just some essentially arbitrary value system.

Of course who will guard the guardians will always be a concern.

Sherman Jerrold March 13, 2019 5:36 PM

@Alyer Babtu and @vas pup and probably most posters,

I agree with you. Labels, credentials and even reputation can be ‘faked’. And, who decides the criteria for merit assessment?

I’m sure others have had these experiences:

I have known many highly credentialed (doctorate degrees) people who were extremely intelligent and scholarly and deserving of respect.

I have also known many highly credentialed (doctorate degrees) people who were absolute idiots.

And, I’ve known people who had no credentials at all but who were constantly soaking up knowledge and gaining experience and wisdom and who(m?) I highly respect.

Certifications of all sorts in the world of computers can also be quite deceptive. I guess I’ve always tried to rely on the idea that ‘trust is earned’. The stories by Bruce about all of Facebook’s broken promises in the past are one case in point. I wouldn’t trust them with a stale sandwich.

1&1~=Umm March 13, 2019 8:09 PM

@Sherman Jerrold:


Ahh another ‘oxford comma’ type problem, to scratch the head over.

To many ‘Whom’ is just the posh version of ‘who’, and yes they do appear interchangeable. But technically not the usage is importantly dictated by a rule…

The rule –according to my little book,– is effectively,

“‘Who and whom are both interrogative pronouns, the difference between them is that, who denotes the subjective case, and whom denotes the objective case.'”

With two helpful examples of,

“‘Who are you looking at?’ (subjective) or ‘Whom did you give it to?’ (objective).”

Which I must admit tends to reinforce the idea of common-v-posh 😉

Now if that rule makes sufficient sense to you that you can be definitive about it, please come back and let the rest of us know, myself included… 😉

Yup I know me-v-myself… When will it ever end 🙁

Sherman Jerrold March 13, 2019 11:57 PM

Not being a master of classical linguistics, I always lamented that almost all languages were complicated by archaic and idiomatic (idiotic) structure. And, I remember an old relative remarking ‘Englisch ist ein durcheinander, unregelmäßig Sprache.’ = ‘English is a hodgepodge and mixed up language.’ But, aren’t all languages dynamic and evolving (devolving) as society evolves (devolves, I see deteriorating communication skills all around me: ‘fail’ has replaced ‘failure’, ‘the big reveal’ has replaced ‘a significant revelation’, etc.). While I never became a coder, I wished there was a simple logical programming language I could learn. Just as I wished there were a more logical and straightforward way of communicating internationally. It might reduce a lot of strife and insecurity in the world.

And, if I remember correctly ‘posh’ came from when luxury lines sailing from England would provide the best berths Port Out Starboard Home (POSH). I should probably worry more about the substance of my postings and not so much about the propriety of the grammar.

Since there are so many character formats, I don’t even know if the umlaut and eszet (above) will convey correctly.

Sherman Jerrold March 14, 2019 12:48 AM

Perhaps I shouldn’t spend a lot of time with archaic forms or trying to analyze grammatical elements and just write:

“And, I’ve known people who had no credentials at all but who were constantly soaking up knowledge and gaining experience and wisdom and that have earned by respect.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.