Friday Squid Blogging: Restoring the Giant Squid at the Museum of Natural History

It is traveling to Paris.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on March 29, 2019 at 4:15 PM • 66 Comments

Comments

vas pupMarch 29, 2019 4:49 PM

April Fools hoax stories could offer clues to help identify 'fake news':
https://www.sciencedaily.com/releases/2019/03/190329130206.htm

"Researchers focused on specific features within the texts, such as the amount of details used, vagueness, formality of writing style and complexity of language.
They found April Fools hoaxes and fake news articles tend to contain less complex language, an easier reading difficulty, and longer sentences than genuine news.

Important details for news stories, such as names, places, dates and times, were found to be used less frequently within April Fools hoaxes and fake news.

The researchers found that April fools hoax stories, when compared to genuine news:
•Are generally shorter in length
•Use more unique words
•Use longer sentences
•Are easier to read
•Refer to vague events in the future
•Contain more references to the present
•Are less interested in past events
•Contain fewer proper nouns
•Use more first person pronouns

Fake news stories, when compared to genuine news:
•Are shorter in length
•Are easier to read
•Use simplistic language
•Contain fewer punctuation marks
•Contain more proper nouns
•Are generally less formal -- use more first names such as 'Hillary' and contain more profanity and spelling mistakes
•Contain very few dates
•Use more first person pronouns

The researchers also created a machine learning 'classifier' to identify if articles are April Fools hoaxes, fake news or genuine news stories. The classifier achieved a 75 per cent accuracy at identifying April Fools articles and 72 per cent for identifying fake news stories. When the classifier was trained on April Fools hoaxes and set the task of identifying fake news it recorded an accuracy of more than 65 per cent.

"Our findings suggest that there are certain features in common between different forms of disinformation and exploring these similarities may provide important insights for future research into deceptive news stories."

Is it possible to train AI classifier to find out degree of truthfulness during LEAs/IC interrogation and/or asylum seeking interviews?

Ned LandMarch 29, 2019 5:07 PM

Dr. Verne, Dr. Nemo, stat! Museum National d’Histoire Naturelle, taxidermy lab. Make sure hatches are closed!

AlejandroMarch 29, 2019 8:48 PM

"Emails of nearly 1 billion people leaked in massive data breach"

"The emails of nearly 1 billion people were leaked in what experts say is likely the biggest data breach of all time, according to reports.

At least 982 million users’ personal information was exposed during the tech firm Verifications.io’s massive privacy breach late last month, according to Unilad.co.uk."

https://nypost.com/2019/03/29/emails-of-nearly-1-billion-people-leaked-in-massive-data-breach/ (and many other sites)

Seems our data is hopelessly insecure. I read somewhere .io urls were notoriously corrupted and used by criminals. Guess this is somewhat of a proof.

Meanwhile, I looked myself up on a free website recently. Amazing detail is available, for free, about me who tries to keep his data off the grid.

I am pretty sure the only way to fix this is to re-invent the internet from the bottom up. Start all over. Not going to happen though, is it?

justinacolmenaMarch 29, 2019 9:30 PM

@Alejandro

What is Unilad.co.uk? God's only Son is Scottish?

free website recently. Amazing detail is available, for free,

The "girls" and the pimps have to dig up all kinds of dirt on people, police station smut and other putrefaction of law, etc.

The story is the same in every town. Too much hiring and firing, no steady work, and a powerful Establishment of gentlemen who will stop at nothing to keep it that way.

AlejandroMarch 30, 2019 3:29 AM

Cyber Tyranny!

"The EU tentatively backed a plan to fit every car starting in 2022 with a device meant to automatically stop drivers from speeding"

https://www.businessinsider.com/eu-fit-new-cars-software-stop-breaking-speed-limit-after-2022-2019-3

"The European Union has approved draft legislation that would require every new car sold in Europe starting in 2022 to include software meant to slow drivers down when they speed.
The "Intelligent Speed Assistance" software uses a combination of GPS, sign-recognition cameras, and maps to work out whether a vehicle is passing the local speed limit."

Near the bottom of the article:

"Drivers would be able to override the software by pushing hard on the accelerator."

All kinds of issues with this decree, starting with the technology that allows the government to literally minutely track AND drive your car. I have to stop here, else resort to an unpleasant rant.

1&1~=UmmMarch 30, 2019 4:59 AM

@Alejandro:

"the technology that allows the government to literally minutely track AND drive your car."

The technology already exists and has been in use in a high end Japanese sports car, and a variation is going into Fords,

https://www.carmagazine.co.uk/car-news/tech/does-it-work-fords-intelligent-speed-limiter-car-september-2015/

Whilst the driver in the car knows where it is like any other with GPS, unlike other systems in US cars it is not going to 'track' back to the government minutely or otherwise.

But a proposal to track peoples cars by GPS minutely was given consideration by the UK Government a decade or so ago with respect to setting up 'electronic tolls' to replace the 'Road Fund' vehicle tax. It was in part ditched because the tracking would not have been 'minutely' enough due to the positional error of GPS. In the UK there are numerous numbers of 'local traffic' B roads,that run right next to 'through traffic' A roads and 'long distance traffic' Motorways (see London A4/M4 Westway on a flyover above the local roads for instance). The problem although long known was highlighted by a German system for transport vehicals,

https://www.theguardian.com/technology/2005/jun/09/motoring.transportintheuk

This same problem will happen with this new EU proposal for exactly the same reason. Because generally B roads have a considerably lower speed limit than A roads, but not all the time as with motorways some A roads can have their speed limit changed several times a day based not on the time of day but on the weight of traffic*. It is possible and has happened I've seen it on more than a couple of occasions when biking that the A road speed limit gets taken down below the B road limit. With the error term in GPS this is a recipe for not just accidents but litigation as well.

It's probably the reason Ford decided to try using OCR techniques to read road signs. Such a system provided the roads are corectly marked --and few are in rural areas-- would not need to use tracking at all.

* The reason for this is the 'stopping distance' issue. Put simply stoping distance has two components 'thinking distance' and 'brakeing distance', whilst thinking distance is proportional to speed breaking distance is related to speed squared. Thus the safe density of cars on a road is related to speed squared. Slow the speed just a little and the number of vehicles in any given section of road goes up to a power law, which means total safe throuput of vehicles in any given time also goes up to the same power law.

1&1~=UmmMarch 30, 2019 6:45 AM

On the Squid article,

"'Stuffing an animal skin with a foam rubber replica—the classic method—doesn't work for squids,'"

Did make me smile.

Use of 'foam rubber' is actually 'the modern way' of the 'traditional process'. In times past, Plaster of Paris has been used as well as those good old furniture stuffing materials straw, horse hair, and cotton waste (all of which attract moths and other 'wee beasties' as kindergartens).

Plastification is very much not the traditional method and in taxidermy is concidered an entirely new ultra modern uncertain method that is not yet trusted. Because it derives from an earlier process where blood vessels were filled with a fluid that became plastic then the flesh was disolved away. There is thus the question of the 'preserving factor' of the original organic material and will it last three or four centuries or more that the 'traditional methods' can do.

I guess another example of 'journalistic licence'.

CallMeLateForSupperMarch 30, 2019 8:09 AM

@All

Brief description of the Verifications[.]io breach here:
https://haveibeenpwned.com/PwnedWebsites#VerificationsIO
Note that while sources say 900(ish)-million records were exposed, Troy Hunt reports that "only" 763M email addresses were exposed.

You might be interested to know that Mr Hunt makes it possible for anyone to interrogate his database of leaked passphrases. I just learned of it.
Hunt's 22 FEB 2018 article about it:
https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/

There are three steps to the process:
1) make an SHA1 hash of the passphrase you want to look for. In a Linux terminal:
echo -n "password" | sha1sum
and this hash is returned:
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

2) Send the LEFT-MOST 5 characters of that hash via your web browser. In the address bar: https://api.pwnedpasswords.com/range/5baa6

That returns a variable number of lines, in the form [PARTIALHASH:#] , where PARTIALHASH is characters 6-35 of a hash and # is the number of times a password having this hash has been seen in a breach. In this case, 512 records are returned.

You scroll thru the list, looking for your hash
(remembering to skip chars 1-5)
^^^^^1e4c9b93f3f0682250b6cf8331b7ee68fd8
In the case at hand, we get a hit at the 67th record:
1E4C9B93F3F0682250B6CF8331B7EE68FD8:3645804

Conclusion: the password "password" was seen 3,645,804 times, so decidedly not suitable for a passphrase. :-)

-----------------------------------------------------
You could hash your personal passphrases and store the hashes in a flatfile. Query the pwnedpasswords database
whenever Mr Hunt announces that he has
-----------------------------------------------------
If you are inclined to play with such things, jot down a few pet words. Hash them, and then query the pwnedpasswords database.

Some of my dables, with statistics:
Germersheim 30 germersheim 116
Hertie 15 hertie 76
Schoenaich 0 schoenaich 10
Grosser 85 grosser 486
Stubai 191 stubai 9
--== and my favorite ==--
(the pet name of a certain Citroen auto)
Ducky 320 ducky 7,569

ecursiverMarch 30, 2019 10:29 AM

Re Verifications

My password asserts its own non-inclusion in the database, but when I went to check if it had been compromised, something funny happened and now I’m stuck in some kind of endless loop and my machine is getting pretty hot ...

FaustusMarch 30, 2019 5:07 PM

@vas pup

"Is it possible to train AI classifier to find out degree of truthfulness during LEAs/IC interrogation and/or asylum seeking interviews?"

You realize that a 75% accuracy rate (not to mention the 65% rate) on a true/false task is a very limited improvement over the accuracy of random guessing, which is 50% (on an evenly distributed population) with no learning at all. If the test data is 80% real news, then always guessing real beats this result.

Have you considered that this article has most of the markers of fake news itself? It certainly doesn't tell us the significance of the results, which seem likely not to be significant.

THIS is the danger of AI: Applying some woo woo technology to at risk populations without considering whether it makes any sense.

Outside of trying to apply such a marginal capability to actual people, the fact that hoaxes and fake news appear to be correlated is interesting, but I guess not too surprising.

gordoMarch 30, 2019 6:09 PM

Good for Utah:

Gov. Herbert signs bill requiring police obtain search warrants to access electronic information
March 28, 2019

SALT LAKE CITY — Gov. Gary Herbert signed off on HB57 on Wednesday designating Utah as the state with the strongest data privacy laws in the country when it comes to law enforcement accessing electronic information.


[. . .]

“In particular it protects information that is passed on to a third party,” [Rep. Craig] Hall [R-Utah] said. “So, for example, if an individual decides to draft a document and they store it on their computer, then law enforcement would have to seek and obtain a warrant before that computer’s hard drive could be searched. But what happens if the individuals store their document with Dropbox or Google Drive? Well, in the past, law enforcement has not had the requirement to seek such information by warrant. This bill makes clear that the protections we have in the physical world are also given in the electronic world.”

https://www.ksl.com/article/46520524/gov-herbert-signs-bill-requiring-police-obtain-search-warrants-to-access-electronic-information

See also:

https://www.washingtonexaminer.com/opinion/op-eds/utah-steps-forward-to-protect-digital-privacy

https://www.wired.com/story/utah-digital-privacy-legislation/

David WalshMarch 30, 2019 11:29 PM

Free to stream in Australia, one of the two public broadcaster TV channels has
a 24 episode documentary series called Cyberwar. You may enjoy reading about each
episode, at least

https://www.sbs.com.au/ondemand/program/cyberwar

topics include Stuxnet, TAO, hacking infrastructure, Syria, Ashley Madison
I suppose its a bit borderline, being for public consumption, but nonethless

Rach ElMarch 30, 2019 11:52 PM

many of the security and privacy issues discussed on this blog grow from code cutters. This long form article is 10 lessons a code cutter learnt from self education.
The author has written a book about the new global tribe of code cutters remaking the world

https://tim.blog/2019/03/21/learn-to-code/

TatütataMarch 31, 2019 7:55 AM

Gov. Herbert signs bill requiring police obtain search warrants to access electronic information

Sounds good.

But...

Does this apply to federal authorities? And isn't Utah the state where a certain TLA is building a data silo visible from the moon?

OK, OK, you got to start somewhere...

JG4March 31, 2019 8:39 AM


Sorry that I haven't done a better job of keeping in touch. I forgot to relate the latest hair-raising "coincidence" with the pervasive video surveillance in retail. That is part of what lets Walmart and Target go head-to-head with Scamazon. This one is chock full.

https://www.nakedcapitalism.com/2019/03/200pm-water-cooler-3-7-2019.html
...
Retail: “One stat in Target’s earnings proves stores are still the biggest defense against Amazon” [Business Insider]. “In the company’s latest earnings report, Target says it fulfilled nearly three out of every four digital orders through its stores in some way…. ‘Digital growth at Target isn’t coming at the expense of our stores,” [CEO Brian Cornell] told investors on Tuesday in a meeting. ‘It’s making stores more relevant.'”
...

MikeAMarch 31, 2019 10:45 AM

Is it just me, or does anybody else feel that today's Squid column contains a higher than usual number of somewhat click-baity messages with somewhat dubious (long, complex "parameters") links?

Is Schneier On Security becoming a favorite watering hole/hunting ground?


Humma HummaMarch 31, 2019 12:31 PM

@vas pup
"They found April Fools hoaxes and fake news articles tend to contain less complex language, an easier reading difficulty, and longer sentences than genuine news."

Huh, that describes all philosophy journal articles from the past sixty years.

gordoMarch 31, 2019 1:39 PM

@ Tatütata,

And isn't Utah the state where a certain TLA is building a data silo visible from the moon?

If this is any indication, then not with the naked eye:

A viewer would need visual acuity 17,000 times better than normal to see the Great Wall from the Moon.

https://en.wikipedia.org/wiki/Artificial_structures_visible_from_space#The_Great_Wall_of_China

What would be even more wonderful, however, is if that 'new law' was passed in all 50 states, not to mention actually applied at the federal level. And yes, "you got to [re-]start somewhere..." :-ooo

vas pupMarch 31, 2019 2:18 PM

@Faustus and @wHumma:
Thank you for your input!
My guess that rate would gradually increase as soon as more training information is provided to AI, so rate could be sufficiently more as random guess.
AI just tool to select cases for close attention of human analyst/interrogator, not as tool for final judgment.

FaustusMarch 31, 2019 2:53 PM

@ vas pup

There is no reason to think the results would improve when the initial results are so bad. My classifiers are way beyond this accuracy in a few minutes of processing. If this happened to me I would conclude no appreciable training effect.

An analysis would go like this: Say with perfect knowledge 10% of people deserve further scrutiny. Take two hundred people. 20 deserve further scrutiny and 180 do not. Say the accuracy of the proposed process is 75%, per this study. Out of the 20 actual positives, 15 will be detected and 5 missed. Out of the actual negatives, 45 will be false positives.

So you will have 3 TIMES AS MANY FALSE POSITIVES AS ACCURATE POSITIVES. This just gets worse as the percentage of actual positives goes down in the population.

In my opinion it is massively unfair to subject someone to law enforcement attention based on such an inaccurate classifier. It really is dystopian. Everyone will fail some classifier. And being identified as a suspect to law enforcement is expensive to defend (in money, time and life impact) and often puts at-risk people on a train to being found guilty of SOMETHING, when they are no more guilty than anyone else.

The moral of the story is: There is a real danger of massive false positives in using a weak classifier to detect a relatively uncommon condition. Or: A weak classifier is worse than no classifier at all.

This is why doctors usually advise against massive preventative testing. If the decision to test is not based upon symptoms there is often a large chance of false positives leading to unnecessary procedures which statistically will be more harmful than not detecting whatever the test is for, in the small chance the condition is actually present.

Alyer Babtu March 31, 2019 5:45 PM

@Rach El

book about the new global tribe of code cutters

We also must not neglect to read the Jargon File, The Tao of Programming, and to do all the exercises in Knuth.

TatütataMarch 31, 2019 7:05 PM

A viewer would need visual acuity 17,000 times better than normal to see the Great Wall from the Moon.

Thank you! Next time I'll try not to forget to include <hyperbole></hyperbole> tags.

I had some fun today with the pwned data set mentioned above.

I wrote a silly little bash script that lets me explore various passwords.

# Execute this command in bash to turn off history substitution # before running this script if the passwords include bangs ("!"). # (Has no effect within the script; there appears to be no reasonable # way to otherwise escape bangs) set +H

# Uses mostly standard *nix utilities, excepted the following
# which might need to be installed:
# dos2unix
# cache directory must be created beforehand

urlbase="https://api.pwnedpasswords.com/range/"
cachebase="cache/"
password="$@"

chopchop=$(echo -n "$password" | sha1sum | sed 's/[^a-f,0-9]/\n/' | head -n 1)

prefix=$(echo $chopchop | cut -c 1-5)
suffix=$(echo $chopchop | cut -c 6-)

sigfile=$cachebase$prefix.txt

echo "PW : $password"
echo "Hash : $chopchop"
echo "Prefix : $prefix..................................."
echo "Suffix : .....$suffix"

if ! [ -a $sigfile ];then
curl $urlbase$prefix 2>/dev/null | tr '[:upper:]' '[:lower:]' | dos2unix > $sigfile
fi

echo $(grep . -c $sigfile) entries in signature file

result="$password : $(grep $suffix $sigfile)"
echo $result
echo $result >>logfile

The signature files are cached. I convert to lower case on the fly, and change the delimiters to *nix style, otherwise grep does strange things.

I must have checked north of 600. Most combinations I could come up with in any language gave a hit, including the most NSFW ones.

One could even invent a game: each player tries to guess a password, and gets a point (or a score proportional to the count of hits), and keeps playing as long as valid passwords are discovered. Results are stored, and duplicates are not allowed between games. A bit like a modern version of Shannon's tic-tac-toe machine...

I tried combinations including accented letters, but these are apparently very rare. Capitalization is also relatively infrequent. The attempts were made using UTF8; I did try transliterating in ISO8859-1 or Windows 1251, the most represented character sets on the web after UTF8, with about 1% each, but without any results. However, UTF8 coded Cyrillic text is relatively well represented.

The author prefers users to fetch the full file via torrent, which I did, the unpacked dataset is about 25GB. I intend to explore the dataset using various corpora, and expect to be able to fit the signatures to fit in less than 10GB of RAM or less by truncating the number of bits and building one or two indexes.

I traced the counts of the hashes against their rank, and found that the power law exponent is about -0.8 and fits over almost nine decades, which is quite remarkable.

1&1~=UmmMarch 31, 2019 9:40 PM

@Tatütata:

"I forgot to mention that -0.8 is quite close to the reciprocal (-1) relationship of Zipf's law."

Which gives straight lines on log/log paper when plotted (as do a few other 'laws'). It's almost as though those straight lines are 'natural'. Like the odd coincidence of the golden number etc, or fractal patterns.

However a couple of things that always give a crooked line no matter how you plot them is 'military spending' and 'CCTV numbers' ranked against either country or population... Which suggests in turn they are very unnatural :-(

GeoffApril 1, 2019 8:46 AM

Microsoft:
Windows 10 devices open to 'full compromise' from Huawei PC driver

The investigation led the researcher to the executable MateBookService.exe. Due to a flaw in Huawei's 'watchdog' mechanism for HwOs2Ec10x64.sys, an attacker is able to create a malicious instance of MateBookService.exe to gain elevated privileges.
The flaw can be used to make code running with low privileges read and write to other processes or to kernel space, leading to a "full machine compromise". Microsoft used 'process hollowing', a popular trick used by malware authors, to demonstrate the flaw.   
Of course Germany remains skeptical of unproven American concerns ...
https://www.zdnet.com/article/microsoft-windows-10-devices-open-to-full-compromise-from-huawei-pc-driver/

Clapper: Obama Ordered The Intelligence Assessment That Resulted In Mueller Investigation
Finally after three torturous years Former Director of National Intelligence James Clapper states on CNN:
"One point I'd like to make, Anderson, that I don't think has come up very much before, and I'm alluding now to the President's criticism of President Obama for all that he did or didn't do before he left office with respect to the Russian meddling. If it weren't for President Obama, we might not have done the intelligence community assessment that we did that set off a whole sequence of events which are still unfolding today, notably, special counsel Mueller's investigation," Clapper said Wednesday on CNN.
https://www.realclearpolitics.com/video/2018/07/24/clapper_obama_ordered_the_intelligence_assessment_that_resulted_in_mueller_investigation.html
The American press largely ignored this stunningly historical Clapper revelation.

We've Only Just Begun
Will the seedy opposition research intelligence eavesdropping scandals continue including FISA, MI6 and social media tools? Just ask Jeff Bezos

VinnyGApril 1, 2019 4:16 PM

@JG4 re: on-line ordering & ongoing relevance of retail stores - I don't shop Target; I do shop Walmart brick and mortar for groceries, and occasionally, for other items via internet purchase with store pickup. Walmart used to have an order pickup location at the rear of the store, requiring a customer to walk back, and in the process be exposed to numerous other items for sale. Walmart has converted to a locker pickup system at the very front of the store, in what is a nearly 100% isolated and customer-driven process (there is an attendant available to help customers navigate the touch-screen interface, if necessary.) All that could be accomplished in

Clive RobinsonApril 1, 2019 4:33 PM

@ Moderator,

Odd goings on with VinnyG's post above.

On the 100 comments page it appeared with the following link,

https://www.schneier.com/blog/archives/2019/03/friday_squid_bl_670.html#c6790798

But when clicking on it, whilst it opened a new window and brought the browser to this page VinnyG's comment was not yet on the page.

However a few minutes later it is. Whilst I expect that behaviour the other way around with the 100 comments page having delayed update, it's the first time I've seen it this way around.

Also reading VinnyG's comment it appears to have lost the bottom part as it ends in the incompleate sentence,

    "All that could be accomplished in"

TatütataApril 1, 2019 6:32 PM

don't know whether you've read this paper, given your last comment you might find it of interest:

Zipf’s Law in Passwords
http://wangdingg.weebly.com/uploads/2/0/3/6/20366987/ieeetifs17_final.pdf

Thanks, no I wasn't aware of it, most of my stuff on Zipf's law is from the 1980's and 1990's, I must have first heard about it when I was interested about fractal geometry, and was fascinated to see that it checked it out in so many different contexts. I wonder whether Shannon had heard about it, IIRC there are no references at all in a Mathematical Theory of Communications.

The exponent I came up with, -0.8, is comparable with those given in table IV of the paper, which range from about -0.5 to -0.9. The smaller values seem to be outliers from very small sets. Chinese datasets appear to result in higher exponents than Latin or Cyrillic dominated datasets.

What I did probably is the same as what is described at section C on p. 2781. I wonder whether some sort of weighting should be used, as the dense central section of the data probably dominates the result. However I think this would only marginally affect the slope of the line, only the offset would be changed.

gordoApril 1, 2019 11:23 PM

@ Tatütata,

I wonder whether Shannon had heard about it

It would appear so:

Zipf's Principle of Least Effort

The following thread occurred on the Pynchon List in October 1996:

[. . .]

Zipf was teaching at Harvard around the time that Slothrop was hanging out with Malcolm X and JFK; his writings were cited by no less an authority than Claude Shannon in his seminal papers on information theory, including "Prediction and Entropy of Printed English." - Alan Westrope [hyperlinks added]

https://gravitys-rainbow.pynchonwiki.com/wiki/index.php?title=Zipf%27s_Principle_of_Least_Effort

...which led to "Prediction and Entropy of Printed English" (p. 52n4):

https://www.princeton.edu/~wbialek/rome/refs/shannon_51.pdf

---
Looks like it might be time that I read Gravity's Rainbow :)

MarkHApril 2, 2019 12:38 AM

Shock!

Did Clive Robinson emerge from seclusion?

Or was it some subtle April Fools prank?

Either way, I hope that Clive's health challenges aren't dampening his spirits!

WeatherApril 2, 2019 2:21 AM

Tat
Check out xor keep moving the playing field, but its not every, its binary, its what I understand it as ,shit I don't know.

WeatherApril 2, 2019 2:41 AM

7f80 or 7fff8000 with single exe like xor,and,or you need a filter, I already told you that aes if Xbox table can be parallel, plus rotate, its just xor, you need, question able.

1&1~=UmmApril 2, 2019 7:11 AM

@Alyer Babtu:

"Suggesting once again that the only I in AI is the flat shadow of the intelligence of the human algorithm deviser"

I guess we should not realy be surprised, but then as a character in a black and white movie once observed 'We expect such things from Frankenstein's monsters godless soul'.

Deities aside, mankind appears to have changed little in 10,000 or more years physically, but what he can and has done is learn to not just live with the limitations, but learn how to use them to advance beyond the point of magic or whatever they could imagine even of those deities they could imagine.

The important point to notice though is that humans can not only feel pain, they can also know fear and death as an intrinsic part of their being. However as of yet machines are just not complex enough to get even close, so can not.

It is that intrinsic set of pain, fear, and death that is the foundation of not just our morals but our development beyond what we can do unassisted by our technology.

If you think about it an AI with physical agencie feels no pain on hard contact, feals no fear of future pain or death and has no understanding of what death might be. So what intrinsically within it is going to stop it hitting things with sufficient force to cause either repairable or even non repairable thus scrappage damage?

So we give it 'rules' but there is an old joke about those 'All rules have exceptions', they are by the logic they work on going to fail in some manner (see works of Kurt Gödel, Church, Turing and others as to why).

But rules are like laws an imposition of morals or simple dictatorship. They teach us to obay not to understand why they are needed not just for us but for others.

We have little knowledge of how humans learn, observations at best because our inate sense of pain gear and death tells us that actually opening people up and inserting probes etc is not what we would want done to us, so we should not do it to others.

There are two old sayings that pop up on most societies irrespective of contact,

1, An eye for an eye.
2, Do unto others as you would have others do unto you.

These only have validity when pain, fear and death have intrinsic meaning. As of yet we have not yet real world fielded A.I. devices with such intrinsic basis for learning.

It is not untill a child gets to around six years old does it start to realise that what it does has consequences to others, and about another ten years befor it's thought they have sufficient understanding not to behave in risky ways behind the controls of a small vehicle. In the mean time we hope that they having riden scooters, skateboards and push bikes have learnt enough via pain and fear, to 'not be stupid or atleast reckless'.

How do we get a machine to learn that way? The fact we can make a machine that can study to play chess in a day such that it can beat the best of humans, says we can get fixed rule discovery mastered but is that 'learnt' or not?

Humans supposadly have 'free will' that is on mass they appear to work by aproximate rules, but individually, no they can chose to follow rules or some interpretation of rules to a lessor greater extent. After all we still kill each other despite the rule 'Though shall not kill'.

We think that 'experience' is what makes us 'interpret rules' and more importantly spot how others are likely to 'interpret rules' before they do, it is after all a primary survival skill.

What the experiment has show is two things,

1, Rules do not cover all eventualities.
2, Humans will exploit others weaknesses for their own advantage.

So how do we make rules to cover for things that we have not seen, our 'black swans' or 'unknown instances of known behaviours' or our more importantly 'unknown instances of unknow behaviours'?

There are things that humans know, things that they can predict, but importantly things that are compleatly unknow to them. Rules can only sort of address part of the first of those and occasionaly some of the second. But what of the third, how do we deal with that? Or more importantly can we make a machine do that beter than we can?

I suspect not untill machines have learnt and understood pain, fear and death, to guide them.

Any way it's getting to that time of day when I should be doing things other than typing round a cup of coffee etc trying to 'saddle up' for thr day ahead.

CallMeLateForSupperApril 2, 2019 7:58 AM

I beat several dozen passphrases from the old RockYou breach against Troy Hunt's cache, and I found 100% overlap. Since Hunt does not list RockYou in his Hall of Shame, it seems likely that RockYou was swept into Have I Been Pwned via one of several "credential stuffing" site breaches. I say "one" because I also noted that the longer, less guessable passwords that appear just once in RockYou have a count of 1 in Hunt's cache as well. (An example is "100%poopoomachine", which I have adopted as my substitute term for "glitch" and "SNAFU".)

But I wander off the path ... I came here to mention that I found in the RockYou list an "old friend" from my Enigma message cracking time; the "cilli" is alive and thriving. Cilli was a term coined at Bletchley during WWII; in short, it meant a predictable letter sequence. German comms volk had to dream up for each message a "random", three-letter message key, and that must have been a PITA because there is ample and undeniable evidence that some operators regularly made their "random" message keys by simply "walking the keyboard" in some fashion ... horizontal or vertical or down or up.

My search in RockYou for long, less guessable passphrases paused when I hit "qaz..."/"Qaz...". There were a lot of them. And then "qazwsx...". And then "qazxsw..."/"Qazxsw..."; lots and lots of those. What accounted for so many unpronounceable yet closely related letter sequences? Silly me; the answer stared at me but I didn't recognize it until I had stared at one of the two longest "qazxsw..." sequences - "qazxswedcvfrtgbnhyujmkiolp" - and noted that no letter appeared twice.

From that point on, I found keyboard-walking almost everywhere I looked.

JG4April 2, 2019 8:00 AM

This one's for vas pup, Clive, Bruce and the other usual suspects. Human cognitive biases not only prevent them from thinking clearly about arithmetic, but also affect at a deep subconscious level how they treat others, especially ones outside their group ("strangers") or in groups seen as being enemies ("dehumanized"). It took me a long time to get this far, but a convenient starting point is the Schwarzeneggar quote in Terminator 2, "It is in your nature to destroy yourselves." The hair on the back of my neck stood up when I saw that the first time. I've posted the youtube link and I am inspired today to find it again and the companion. An equally profound quote in T2 is "became self-aware..."

Just for the record, one of the first applications of analog computing was aiming weapons systems. Aiming autonomous weapons across decades and centuries isn't fundamentally different - it's all projected intent, all along the dimensions of space, time and networks - it's just profoundly more dangerous. Claude Shannon cut his teeth on those analog systems for aiming naval guns and was inspired to consider switches as an alternative. A decade before he wrote the application of entropy maximization to communication channels. The last battle with manual aim was Jutland. I'm pretty sure that I posted Jay Forrester's dinner talk about his on the job training in the south Pacific. I am writing today almost literally in the shadow of Bell Labs.

In keeping with a theme of dystopian futures (like the one we are in) wrought by rogue government agencies and agents in movies, the military/industrial complex in T2 had a secret program to create artificial intelligence and robotics, which was accelerated by the time loop. The most powerful force on your planet is error correction feedback. Your definition of error may not maximize their entropy. I think that some of us are going to live to see robots fairly similar to the ones in the movie. Boston Dynamics's Big Dog comes pretty close and you'd be hard-pressed to stop a flock of them armed with M-249 SAWs on a "pacification" mission. That should be the theme and title of a new video game. In case you missed the previous translation, "pacification" actually means "kill anything that moves, and we'll cover it up."

The darkest part of all this is that it isn't a bug, it's a feature. By it, I mean the inability to think clearly when group identity/interests/etc are at risk. That has something to do with why the liars, thieves and murderers (aka politicians) whip up boogeymen whenever the people get restless. People need and want pychopathic leadership, because they are willing to destroy the neighboring tribe and steal their women, or whatever the modern equivalent is. Those were the groups that survived and virtually everyone is capable of doing it. That is exactly what Halliburton and Blackwater pulled off in Iraq and Afghanistan, except the money was being stolen from the US treasury, or whatever passes for a treasury now that they print fiat currency with computers. Of course, it is a short step from killing the neighboring tribe to stealing from your countrymen. Which has been done on an unprecedented scale as bin Laden predicted.

This is part of why your species are doomed.

Most Depressing Brain Finding Ever
http://www.huffingtonpost.com/marty-kaplan/most-depressing-brain-fin_b_3932273.html
...
Yale law school professor Dan Kahan's new research paper is called "Motivated Numeracy and Enlightened Self-Government," but for me a better title is the headline on science writer Chris Mooney's piece about it in Grist: "Science Confirms: Politics Wrecks Your Ability to Do Math."
Kahan conducted some ingenious experiments about the impact of political passion on people's ability to think clearly. His conclusion, in Mooney's words: partisanship "can even undermine our very basic reasoning skills.... [People] who are otherwise very good at math may totally flunk a problem that they would otherwise probably be able to solve, simply because giving the right answer goes against their political beliefs."
...

FaustusApril 2, 2019 9:51 AM

@1&1~=Umm @Alyer Babtu

"Suggesting once again that the only I in AI is the flat shadow of the intelligence of the human algorithm deviser"

A lot of people seem to have the AI perspective equivalent to the cryptographic position that "If I can't break the cipher, it must be secure." In this case: "If I can't imagine how an algorithm can have functionality not programmed by the programmer, it must be impossible."

Ultimately, this is an incorrect idea best addressed by reading an introductory technical book on AI. However, since that does not seem to be happening I'll explain.

Modern AI algorithms are generally inspired by natural processes: neurons, evolution, ant colony behavior, flocking behavior. Some are inspired by physical processes, like annealing. None of these processes incorporate the solutions the AIs create. They are general processes, say meta-solutions, that process the data and create solutions that in no way are programmed into the system and are in no way a reflection of the algorithm programmer.

I can speak most specifically about my evolutionary technology. It creates solutions starting with randomness. The only control I exert is defining the atomic operations that are available to the solver and the data types and variables that it can use if it needs them. If any of these are inapplicable the solver just doesn't use them. I also specify a maximum size for the solution so it doesn't grow without bounds.

In no way do I place any limits on the algorithms that my system evolves. I don't specify them or create them in any way and the solver will produce different solutions for each run (although they will be similar if the solution comes down to a particular equation).

Ultimately the most exciting thing about my system is that it creates solutions that I would be unlikely to ever think of. It writes solutions to problems that I have no idea how to program myself. It truly does "Think Differently".

If we changed the statement to:

"Suggesting once again that the AI is the xxxx shadow of the DATA given the algorithm"

it would be closer to true. If we are training the AI with data, the result will be a reflection of the data. If the data is garbage, the AI will be garbage. Data are the "senses" of the AI and they do constrain the results because the AI learns from them.

TatütataApril 2, 2019 10:15 AM

From that point on, I found keyboard-walking almost everywhere I looked.

But would you recognize "etaoin shdrlu if you saw it? The classic Linotype keyboard walk, operators would use this to eject an erroneous line and start over. Sometimes a line of type would make it into the newspaper. (The article mentions a Pynchon connection, that would be the third one here in the last week).

I get the following counts (last field at the end of the line) with these expressions:

etaoin : a0d8a98054323591e152fe4e4d6c4015447:137
shrdlu : c157f8ca82442e22b21fac30ce7659a6381:251
etaoin shrdlu : 1b5b647b907d16d4a4e9165f29dd44b2870:2
etaoinshrdlu : 0cbfdd14a8959bfb50bdc1cf9491d3bb80d:48
cmfwyp : [no hit]

But these pale in comparison with standard "typewriter" keyboards:

qwerty : 73a05c0ed0176787a4f1574ff0075f7521e:3810555
qwertz : ee6a1ac6ffdbcf8bc0ad72b73795fff34e8:49374
azerty : dacd226dcf43da376cdb6cbba7035218921:309531

"qwertz" is the standard Germanic (DE, AT, with variants for LU, CH-DE, CH-FR, CH-IT) arrangement, and "azerty" the wretched French one (FR, BE-FR).

I can't quite explain why there are so much more azerty than qwertz combinations. Is this a data artefact (i.e., FR is overrepresented in the dataset), or a real national habit?

The ease of forming certain combinations on a given keyboard certainly skews the distribution, but I can't quite see yet how to quantify this.

I can fit the entire table in about 5.5GB of RAM. The hashes are truncated to 76 bits. The first 27 bits are used as an index into a lookup table pointing to buckets of aligned 64 bit words. Each 64 bit word contains 49 bits of hash, and a 15 bit index to a 32 bit count table. Each bucket contains on average 4 hashes, which could be examined sequentially at a low cost.

With k=76 bits sub-hash and N=550 million entries, the probability of collisions (N^2)/(2^(k+1)) is about 1 in 500,000, which one can very well live with.

One bit of hash in the 64 bit word could be sacrificed to indicate the end of a bucket. That way I wouldn't have to determine how many items are in a given bucket, or do a lot of pointer arithmetic.

I think that this approach would essentially result in at least two paging faults for every single hash test, unless I could find a way to sort and batch lookup operations, but this would still be way faster than a disk access. I wonder how threading would interact with the caching mechanism.

I would need to find bindings to mhash(3), I have no idea what speeds I could get with the sha1 routine. I've had very good experiences lately with Google-developed non-crypto hash algorithms. Their cityhash has apparently been superseded, but with hash times measured in nanoseconds for short strings I don't see anything to complain about.

1&1~=UmmApril 2, 2019 10:24 AM

@JG4:

"Just for the record, one of the first applications of analog computing was aiming weapons systems."

Actually it was not "aiming" but "ranging" they are two very distinct processes (aiming is to do with the first part of the projectile trajectory which is sort of line of sight and might deal with the drop, ranging is to do with the second or descending part of an upward directed projectile trajectory (think the difference between a rifle bullet and a mortar round).

Ranging started to use "analogue computation" methods back in the 1600's (if not a lot earlier). Even before the mathmatics behind parabola were even consigned to writing. And long prior to gunpowder being used in Europe.

For mortars and earlier balista of Roman times one such device was very much like a "quadrant". It was set upon the weapon firing bed so that elevation could be set. It would have different scales for different projectiles and powder charge or winding tension. It was not attached to the weapon permanently because laughable as it might appear now the information was secret even from those 'manning' the weapon (in part in case they decided to rebel).

Even today artillery officers are still taught to use such devices with howitzers and larger field pieces likewise mortars, and yes even now they are often not attached to the weapon. They tend to look like slide rules or their circular equivalents though some are more complicated.

There are still arguments about the knowledge involved with the 'Antikythera Mechanism' from Rhodes, and if that might have come out of knowledge about parbola (you would need the same sort of offset moving pin gearing to calculate it and the ecentricity of the moon's orbit). What ever the connection might or might not be, one thing is clear they knew a lot more than they were previously credited with (in part because much of our pre 1900 historical belief was based on Roman writings that more recent scholars have thrown a lot of doubt upon).

1&1~=UmmApril 3, 2019 2:05 AM

@Tat:

"But would you recognize "etaoin shdrlu if you saw it?"

It's a 'sin to er', but yes I did ;-)

But then I would wouldn't I, I'm that kind of geek.

There is an argument about what order the letters actually are in etc, and it depends on your corpus and it's place in time...

I tend to remember it via 'Eat on Irish Lid" and strike duplicates and make two or three swaps (at,ni,ld) depending on the corpus nationality. I was puzzled by the,'r position' in your list though. So followed the link

Yes it's moved in around a century and a half... The sad thing is that I should have remembered Linotype... Their font rivals Monotype* had a factory in the UK built some time before WWII, in the 1980's they built a new factory next door because of asbestos risk in the old building, then they effectively went bankrupt as their market colapsed due to DTP and Adobe products. I know this because for a brief 1 month period in the 1990s I worked in their new building. Why only a month, well I got bad vibes and left, in part because the day we moved in was April the first, and London was warm and sunny 'short shirt sleeve weather' when I left home that morning, at lunchtime at the new factory we had an inch of snow... The company that I had worked for that had moved in a little while after I left also more or less went the way of the dodo... Strangely though stuff I designed and did the software for back then is still being made and sold new, even though it's a tenth the price...

One trivial thing to remember if you are looking at letter frequency in Ceaser ciphers it the 'RST hump' and the 'AE gap'. It's just one of those 'fast tells' when you are 'working it by eye', unless of course it's Rot26, that just jumps straight out of the screen at you ;-)

* The factory was in the delightfully named 'Honeycrock lane, Salfords' (not Salford which is 'Hupt Narf'). There's an aerial photo and a time line at,

http://www.eyemagazine.com/feature/article/a-monotype-timeline

1&1~=UmmApril 3, 2019 2:57 AM

@Tatütata:

My appologies, my above is for you, but for some reason I did not 'Cut-n-Paste' your name correctly.

Oh I also forgot another couple or three pieces of trivia,

1, FRED is the easiest keywalk name (unless you are the music star JK ;-)

2, The top row of the QWERTY keyboard actually has the word 'typewriter' hidden in it for salesmen to look clever...

3, The actual design of the Qwerty lay out was an enginering compromise. The original mechanical design had the problem of certain letters like 'th' together and they used to stick if typed to quickly. The solution, ensure that double letter combinations were not adjacent in the type rack, and also make the actuall layout of the keys such that it slowed you down. The give away on the last one is the middle line which appart from the S is in alphabetical order from the first half of the alphabet.

That third point of 'designed to slow you down' is one of the reasons why office workers can get RSI and Carpal Tunnel Syndrome, both of which can easily cripple you for life...

Back in the hay days of big data centers British Telecom had a massive data center in Cardif the capital of Wales. It was absolutly massive back in the 1980s with row after row of IBM main frames that appeared to go as far as the eye could see, when I had reason to visit. But I later heard about evidence given in court on industrial injury to the data entry 'girls'. Apparently they were expected to type in atleast 18,000 digits an hour by hand for eight hours a day, making 'minimal mistakes'. There are times I think that in their fourty hour week they had probably punched in more digits than I ever have on a calculator in my entire life...

Apparently it was not any better back in the 1960/70s when mechanical hand calculators were used by 'male' accounting clerks doing upto 60 hour weeks...

At least unlike in Dickensian times they did not have to provide their own coal and candles...

Walks With CrowsApril 3, 2019 6:21 AM

Looking for info on cDc communications... and the Pull...

Sincerely,
OsioniusX

VinnyGApril 3, 2019 11:27 AM

@Clive Robinson re: my post - I didn't stick around to see if my post showed up. Evidently I got tripped up by including the "less than" symbol in front of a numeral, which seems to be active html in the CMS used for this blog. It's happened before, but I sometimes forget which symbols I need to avoid... The truncated remainder of the post suggested that since the actual "brick and mortar pickup" process as done by Walwart could be accomplished on 200 sq ft "or less" :) the assertion by the Target exec about the positive implications for retail storefronts of such pickups could be very much mistaken. Apologies to readership here for my previous haste...

1&1~=UmmApril 4, 2019 4:17 AM

India repeates others idiocy.

As has been mentioned on this blog before blowing things up in space is a realy bad idea due to Kessler syndrome*. Which makes it a real threat to communications security in the general sense and also mankinds ability to advance.

But for politicians and war hawks such considerations are a long way distant from their need to waste money and resources just to polish their egos, rattle their sabers, bang the drum, wave their flags and generaly behave like petulant six year olds.

https://arstechnica.com/science/2019/03/india-shoots-down-a-weather-satellite-declares-itself-a-space-power/

Mankind needs space to be usable for nearly all our modern information needs, and that becomes problematic with near earth space polluted by man made debris.

India like the Chinese back in 2007 could have shown more skill and thus 'projected more power' if rather than blow old things up they could have demonstrated a working 'early deorbiting technology'. Thus what India has actually demonstrated is that they as a nation state are actually inferior to some commercial companies. Space X for instance has demonstrated it can not only hit a target in space automatically, but they can do it very precisely and safely certainly well enough to 'lasso and deorbit' another large object such as a decommissioned or failed satellite early such that it does not become an even bigger problem with time.

* Kessler syndrome / cascade is named after Donald J. Kessler a NASA scientist who in 1978, presented a scenario which he had realised and then did the math for to confirm it. He realised that the density of objects in low Earth orbit (LEO) was increasing and was then about high enough that collisions could and would take place between orbiting objects. Importantly that any such colision would result in rather more than the original two objects each of which had a higher probability of causing other collisions thus have a cascading effect. In a effect a run away or chain reaction could result where each collision generates nolonger functioning satellites as space debris that increases the likelihood of further satellites becoming non functioning. But worse it is effectively making the safe launch and deployment of replacment satellites increasingly less likely due to the very slow orbital decay rates --about 1000 years at 900Km up-- of the accumulating debris. Why this happens is debris spreading, after a colision most of the debris is in a very limited volume in space, but due to slightly different orbital hights and velocities they will spread out over much greater volumes with time. Making this worse not all parts of a satellite can be easily found with radar / lidar and similar longer range tracking technologies. Currently the collision rate is about one every 11months but that rate is increasing, will this end up closing space to mankind? Well it's upto us, firstly we can stop creating more debris, secondly we can clean up what is already up there whilst we can still safely launch systems to do so.

name.withheld.for.obvious.reasonsApril 5, 2019 1:05 AM

@ Clive Robinson and the usual suspects

First let me say that it is good to see that Clive is back...yeah.

Some bad news, Ecuador is kicking Julian Assange out of their embassy in London sometime in the near future. Camera crews are amassed around the building but I do not see many supporters. A hundred thousand people need to form a "mobile wall" around the embassy (all dawning grey slacks, shirts, and a Guy Faux mask) and get this person to safety.

Irrespective of your "opinion" with respect to Assange, the story that has been missed is this is not about publishing secrets, it is about publishing in the whole. We are witnessing the attack on not just what we don't know...it is an attack on what we can know.

1&1~=UmmApril 5, 2019 8:36 AM

@Taz:

"Real or snake oil?"

Journalistic licence at best, more 'click bait for the unknowing'.

The article starts with,

"'Researchers have just released hacker-proof cryptographic code — programs with the same level of invincibility as a mathematical proof.'"

Which sounds grandiose, but actually does not hold water as an argument.

I'll just outline some of the issues, others can fill in more ;-)

There are numerous supposed 'mathmatical proofs' around and they usually mean squat diddly in the real world as you will find they are based on two assumptions,

1) It's like another proof.
2) The assumption the other proof is valid.

Oh and the clasic 'ignore reality',

3) Scope of argument thus proof is constrained.

In effect 'house of cards thinking' where it's assumed no breeze, table bumps, cats jumping up or other things not covered by the very limited scope will not happen and knock the house down...

If you look further down the article you will see the library is actualy based on 'formal methods'. Which unfortunatly have more than a few assumptions behind them.

The first and most important is formal verification only veifies it's input, not it's output or what happens to that output, that is just 'assumed' to be secure as a given...

If people think about that a little bit, what formal verification is, is 'A top down process that stops only just a short way down the computing stack'.

In many cases the output is effectively just more 'source code' thus it stops above the compiler pre-processor and all it's subsequent parts to becoming running code.

As was pointed out long ago by one of the creaters of Unix, the compiler can be subverted in ways most, or even expert coders can not find.

But lets assume you are a real experts expert and can walk the assembler output --which is still just source code-- and verify that?

What happens if I put my hack in the actuall assembler or linker or other object code libraries. Are you enough of an experts expert to walk through the actuall object code for each and every one?

But lets assume you are some kind of long snowy bearded guru steeped in loading your code with switches on the front panel, can you check the microcode inside the CPU?

Very unlikely unless you work for Intel, and since the Pentium bug, they patch the microcode everytime the CPU gets dragged into life, so 'that's a movable feast' at the best of times...

But lets further assum that you are actually a hardware Guru with not just the beard, but a taste for real ale and a flat cap for the spreading bald patch the pony tail does not cover to stop the risk of sunburn if you ever go out in daylight. Can you check the translation to RTL and the underlying hardware macros used to build the chip?

Lets assume you can down to logic gate level, as you are some kind of computing diety with the abilities of thousands of others...

How about the device physics in every chip...

Security is as Einstien observed about the universe "reletive to the observer" and also bound by not just the observers scope but by the universes rules as well.

But those last bits about 'below the CPU ISA' are in no way theoretical there are practical attacks such as Rowhammer and Meltdown plus there was also all those I/O attacks due to DMA and similar on MMUs that popped up from time to time since atleast the 1980's to my knowledge.

But there is another problem worse than 'Black Swans' which atleast are attacks possible to envisage, there are without doubt attacks to be found that have no commonality with other known attack classes, thus can not be envisaged based on existing knowledge...

So is this software library secure?

Not untill all the above issues have been fixed... That's not to say the library is insecure but you can not prove it is secure in practical implementations, and that at the end of the day is why a lot of money is spent on EmSec (TEMPEST on steroids) and 'segregation' via SCIF's etc. Or as christened on this blog 'Energy Gapping'.

I hope that answers your question to your satisfaction (and others reading along).

Clive RobinsonApril 5, 2019 1:28 PM

@ name.withheld...,

First let me say that it is good to see that Clive is back...yeah.

That is kind of you but, I'm only back off and on for various reasons.

With regards Julian Assange, the radio news about an hour ago said he had not come out, nor was coming out today (how they know the future I don't know ;-)

Not that I wish Julian any harm or further incaceration, but I think it's probably best to let the UK Gov / Met Police do their thing. Because they have painted themselves into a corner, he's nolonger wanted in Europe and the US has changed very noticably in many peoples eyes now John Bolton is effectively running the show.

To make it worse the UK Gov's previous choice of judge was very clearly politicaly inspired, and the US now attacking the ICC etc to stop the investigation of war crimes by it's troops[1] has actually opened quite a few more eyes than the last time around.

The UK Gov is currently in a very precarious state, it would take very little to cause another "vote of no confidence" which could easily end up in utter chaos due to Brexit. UK journalists are only to well aware of 'journalist repression' and there is blood in the water over it.

Just to make things even worse the European Union Representative Donald Tusk is apparently looking at a 12month delay on Brexit[2]. Just to add fun the current UK PM has earned the hate of half the curent encumbrant party by having talks with the opposition party. Which are apparently going badly because the way it's being told the PM is not making any changes what so ever and spending most of the time saying the equivalent of "My way or the highway" which if true is a fairly pointless thing to do unless the PM is using it as an excuse to tred water with their party, such that the PM can try yet again to force things through at the point of a gun.

But 12months will make a lot of difference to what happens next with the Ecuadorian's. Because it means that once out of the Ecuadorian embassy Julian Assange falls under the protection of the EU and European Court of Justice oversight, who are likely to take quite a dim view if the US tried starting anything. Thus if Julian Assange has a valid passport that is acceptable in Europe his best bet might be to head off to Germany say Berlin. Where others trying to avoid the US wrath are currently hanging out.

The big problem for Julian Assange is if the UK deported him to Ecuador, which now has due to US interferance in the Ecuadorian elections a US favourable Government. As some know many of the political problems in Venezuela can be traced to the US Gov trying the same sort of manipulation to get a favourable regime in, but it kind of back fired.

All in all I have a feeling the ancient Chinese curse has come true and "we are living in interesting times"...

So your guess is as good as any other as to what happens next.

[1] https://www.theguardian.com/law/2019/apr/05/us-revokes-visa-of-international-criminal-courts-top-prosecutor

[2] https://www.bbc.co.uk/news/uk-politics-47821646

name.withheld.for.obvious.reasonsApril 5, 2019 4:42 PM

@ Clive
Just got an update from a reporter in Ecuador, Jose Rivera, that Moreno has backed off the threat which was triggered by the INA Papers leak in which Moreno is named. Intimate pictures of Moreno were released and has the citizenry (those that count) that were hacked from his own telephone. These are available at the INA Papers site. But, the VP (a member of the PSC Party) who stands to take the reins from Moreno, is vehemently opposed in supporting Assange's (PSC Party) amnesty/refugee status.

I was thinking that Germany or Russia were the only options but a physical presence will be necessary to ferry him away. The situation is very fluid.

Clive RobinsonApril 5, 2019 6:00 PM

@ VinnyG,

I didn't stick around to see if my post showed up.

Ahh, I know that feeling. When I used to wear the green "hurry up and wait" was the norm. In fact a Roman Centurion two millennia ago pened a similar refrain.

The trouble is whilst you might expect it as normal in the military life, when you are a long bearded civillian with more than a hint of "badger in the beared" hurry is a very relative term. You have plenty of time to think on it as a snail speeds by with apparent effortlessness ;-)

I am assured by some that at some point "hurry up" and "wait" become one and the same and "The game of statues" to vigours to contemplate let alone participate :-S

So enjoy "hurry up" whilst you still can.

Clive RobinsonApril 6, 2019 1:11 AM

@ Name.Withheld...,

Just got an update from a reporter in Ecuador, Jose Rivera, that Moreno has backed off the threat which was triggered by the INA Papers leak in which Moreno is named.

I'm going to have to look that up, it sounds like somebodies "large feet above" have been stomping through upseting people down below the gulf that devides them ;-)

I wonder if it can be linked to the antics of the Saudi Royal Family who threw the toys out of the pram at a certain high tech individual that also owns a newspaper... Apparently according to an insider the Saudi's got upset by the fact that a journalist they offed in their diplomatic premises then butcherd to fit in bags to be disposed of had worked at that newspaper, and the newspaper kept digging and turning up more revelations about just how sick in the head the current leader of the house of Saud is, and why the US Administration should distance themselves.

So the Saudis after failing with various acusations (such as calling the owner a 'jew' when he is not) and other serious fails decided to use software they had obtained to hack the owners phone...

What was not said by the insider was where that softwareccame from. Other stories about NSA folk being out sourced into that part of the world kind of points a fairly long finger in their strongly being a US Gov connection...

It will be interesting to find out on where the trail leads on this Ecuadorian phone hack...

The one thing that is certain is that the NSA amongst other US IC interests have people outsourced in that region of South America...

Thus the old question about what the picture is going to look like after you have finished joining the dots...

MarkHApril 6, 2019 3:06 AM

@Clive:

In the present state of US law, it has not been established that the Constitution allows journalists to withhold testimony in order to protect sources.

Many US states have laws securing such a right, though they would presumably not apply to the federal court before which Ms Manning appeared.

The relevant Constitutional interpretation, Branzburg v. Hayes (1972), specifically held that journalists have no such right when subpoenaed by a grand jury, which is precisely Ms Manning's situation.

With typical American ambiguity, the decision does suggest a higher bar than would apply to other witnesses: the court must "convincingly show a substantial relation between the information sought and a subject of overriding and compelling state interest."

Unless SCOTUS arrives at a new pro-press interpretation -- not likely in today's climate -- only a federal "shield law" would help a journalist subpoenaed as Manning has been.

Clive RobinsonApril 6, 2019 10:24 AM

@ MarkH,

Whilst it is not specifically recognised in federal legislation it was "accepted custom and practice" upto the end of the 1960's. It eas felt back then it was not healthy for the national government to have to much power over the press, even though there were earliwr issues with the "Press Barons".

However there is one thing to note federal prosecuters are trying to take a questionable if not illegal second bite at the apple.

As Miss Manning has rightly pointed out all that she can say she has already said under oath previously, and it is therefore legaly submissable to the grand jury, without her needing to repeate it.

Thus you can not help but think this is being used as a way to trap her in some fashion so that they can put her back in prison. As we have seen it's becoming an overly common practice by federal investigators as a method of exploitation.

I would suggest that part of the federal prosecuters plan is in every way possible get potential witnesses for the defence of 'wikileakes' out of the way prior to any trial by having them imprisoned or discredited as criminals. It's a very old "rights striping" tactic and judges should point blank refuse to become implicit in the process as it brings the whole judiciary into disrepute, which is highly undesirable in society as it usually ends very badly, often with spilled blood on both sides.

Judges thrown in prisons to an early "accidental" death or hanging from streat lamps is not indicative of a civil society but one under dictatorship or civil war. As has been seen many times around the globe at one point or another.

name.withheld.for.obvious.reasonsApril 6, 2019 2:48 PM

@ Clive

I believe you've hit upon something, a kind of indicator or signal, the status of judges on benches within the United States. Seeing a number of judges, literary license, ejected from their seats would be a very good indicator that something has past the point of crypto-fascism into a full blown fascist state.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.