Friday Squid Blogging: Detecting Illegal Squid Fishing with Satellite Imagery

Interesting.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on April 12, 2019 at 4:19 PM • 72 Comments

Comments

ChrisApril 12, 2019 5:33 PM

I'm a sucker for this sort of remote sensing story, but there is nothing necessarily illegal about a fishing boat failing to broadcast via AIS. The International Maritime Organization requires only that vessels with a gross tonnage of greater than 300 use an AIS transceiver. I would be not at all surprised to learn that the vast majority of these fishing boats are relatively small. So unless there's tight regulation specifying only operators with big boats can fish for squid, this is definitely a potentially useful capability, but I'm not sure we can say it has anything to do with illegal fishing.

ChrisApril 12, 2019 6:27 PM

Undeniably true. I would just like to state for the record that no squid were harmed in the writing of the previously submitted comment.

Anon E MooseApril 12, 2019 6:32 PM

Kerberos Unconstrained Delegation is broken if you install KB4493472. This is probably a good thing if it shows you where you are permitting Kerberos Unconstrained Delegation in your organization. You should avoid it as it only takes one system where it is configured to pwn an entire domain. Think replay attacks of domain admin credentials. Fun!

https://adsecurity.org/?p=1667

MarkHApril 12, 2019 7:06 PM

Panic Button?

No details or confirmation available (as far as I've yet seen), but here's the gist:

Reportedly, Julian Assange threatened his long-time hosts in the UK, claiming that in the event of his arrest, he would use a mysterious "panic button" to trigger dire consequences for Ecuador (or at least, its government).

This has made the news in the context that his arrest by UK police (by invitation of the Ecuadorian embassy) was supposedly arranged so as to minimize the risks of Assange activating his "red button."

Apparently, a countermeasure (though not necessarily the only one) was to prevent Assange's return to his room after the moment he could become aware that arrest was imminent.

The source for this was Ecuador's foreign minister. Note well that now, the Ecuadorian government has only harsh things to say about Assange.

One press story:

https://www.businessinsider.com/assange-arrest-ecuador-prevent-alleged-panic-button-2019-4

Probably considerable time, journalilsm, and some luck will be needed in order to ferret out the truth of the situation.

In times past, precautions against arrest have been a topic here, and I suppose this matter will interest some of the blog's readers.

ALApril 12, 2019 9:37 PM

@MarkH
I don't know anything about the Ecuador panic button, but back in 2010, Assange distributed a encrypted file termed the "thermonuclear" option. The password to the file was to be distributed in the event of an Assange arrest, although I don't see that happening unless Assange reaches American soil.
https://www.csmonitor.com/World/Europe/2010/1207/Will-WikiLeaks-Julian-Assange-now-arrested-take-the-nuclear-option

According to the article, a certain Bruce Schneier opined "It's either 1.4 Gig of embarrassing secret documents, or 1.4 Gig of random data bluffing. There's no way to know." Well, we might be a bit closer to knowing now. 😉

Clive RobinsonApril 12, 2019 10:54 PM

@ MarkH,

Reportedly, Julian Assange threatened his long-time hosts in the UK

There are a couple of side notes to this. First of remember he tried to sue the host nation because in effect he believed he was being spyed upon.

Whilst his case failed evidence came out that indeed some one was spting on him and anyone who went to see him. Also they were monitoring all his communications including those with his legal team.

What was not established was who gave the orders, why, under who's authority and where the surveillance data ended up.

So if he sounds like he is acting paranoid then he appears to have reason to be so.

More interestingly apparently as confirmed by President Lenin Julian was taking active measures to stop the surveillance such as finding hidden cameras and blacking out the lenses...

So if he has become mentally unbalanced in the Panoptican the current Ecuadorian regim has put him, and I think many people would become mentally ill in a Paboptican, then this,

claiming that in the event of his arrest, he would use a mysterious "panic button" to trigger dire consequences for Ecuador (or at least, its government).

Could well be true.

The thing is is even if he has become mentally ill, he is far from stupid thus he almost certainly would have put in place not just a "Panic switch" but a "Deadman's switch" as a failsafe" as well.

That is if he does not reset the deadmans switch say every 24hours for argument's sake then the process starts...

Now the question is just how much information could Julian have under his control?

Whilst President Lenin was supposadly democraticaly elected the US Government apparently spent well upwards of 50millionUSD doing to the Ecuadorian's, exactly what they claim the Russians might but then again might not have done.

Thus there are quite a few people in various positions of power in Equador that might be very unhappy with President Lenin, lets be honest there are more than a few rumours floating around about not just his past but finances as well. So there are some whi know where President Lenin has skeletons that can be easily brought back to life in a "Dance Macabre".

Thus they along with Juilan have had more than enough time to prepare for various eventualities. In some cases the might well have intersecting interests...

We may never know what Julian has set up if he has done anything at all. Unless it is fully automatic and known only to him there would be others involved. And lets be honest humans can play both sides etc, so can have made promises but just walk away from them.

So we don't know enough to know ;-)

But one thing is clear, both the UK and Ecuador are jumping along to the US tune and have been for quite some time, and legal niceties that have been in place for a very long time to protect people have been broken yet again on US whim.

It's going to be interesting to see how the UK Government and the Met Police Chief Cressada Dick are going to talk away the extra judicial arrest by Met Police officers in Equadorian Territory, where they do not have powers of arrest and rightfully so...

It's the same reason why Swedish Police officers could not just have grabbed Juilan Assange off of the London streets and bundeled him out of the UK when he was out on bail.

I know the US thinks it's legal writ applies where ever it choses but it does not, even Russia that has laws that says it can carry out executions where ever it feels the need, --as Israel also has done-- know that the only place the executioners and others involved will be safe is back inside their own territory.

It's the reason behind why the US have not tried Juilan Assange in his absence (which they have done for other people when it suits them). Because if they do they then loose the power to extradite him for trial. They would have to go through a different procedure which would be rather more difficult and involve rather more safe guards than extradition for trial alows.

The whole thing is extreamly messy and apart from brushing up a few egos on the hill, it will actually cause more harm to US National Security thus US citizens than just accepting that it's a world where playing the "Might is right, so I can do what ever I want" card is not consequence free and sometimes you have to face up to those consequences and clean up your act. The claim has been that Julian Assange has endagered US citizens lives, by revealing the truth of US actions, what they either have failed to realise or won't admit is that the people most likely to harm US citizens already know of those actions, long prior to Wikileaks revealing them. Thus any harm that befalls US citizens will be as a result of the original actions, not what happened subsequently with regards the US Government trying to hide the facts of the actions carried out.

There is a saying of "Don't try and put out a fire by pouring petrol(gas) on it" I guess the folks on the hill have not realised why it exists yet...

name.withheld.for.obvious.reasonsApril 13, 2019 2:21 AM

@ Clive, et al

There is a sundry amount of state/media propaganda aimed (and has been) at Assange. I have wondered if there was criminal complaint that calls out Assange, why didn't the Obama administration move on them. Believe me, Obama was no fan and everyone inside the administration had a big woody for him.

Where is all the outrage that belongs to the actions of an administration that cares nothing for law or order. The fact that intel fabricated for the purpose of executing an illegal war (we attack, unprovoked) against another country. Given what Donald Rumsfeld said prior to and during the run up to war, it was obvious how stupid, oblivious to history and reality, the neocons demonstrate again and again. We've recovered were Bush left off, the evolution of the Imperious State is nearly complete. So don't F'with US.

The US administration has been reconstituted with the architects of death and destruction, their inept and unqualified designs do more damage than even the most deliberate leaks of information. No one has called Wikileaks, Wikiblowers. Their charter is to expose what is the mountain of crimes that are carried out under the color of law. Who is providing cover for this is becoming more clear...

ALApril 13, 2019 12:04 PM

When we talk about Assange, remember, it is the terrorist Assange. Why? Because the U.S. needs the "terrorist" designation to get around the 5 year statute of limitations. The alleged crime was committed in 2010, but the indictment wasn't returned until 2018.

https://lawandcrime.com/high-profile/u-s-govt-dodges-statute-of-limitations-issue-by-treating-assange-like-a-terrorist/

Apparently, computer hacking from foreign soil can be considered "terrorism". So, some lawyer will need to drill down on Congressional "intent" and find out if this means hacking to steal data, or was it the kind of hacking that brings down a power plant that they were concerned with.

A90210April 13, 2019 12:29 PM

https://www.democracynow.org/2019/4/12/chomsky_nuclear_weapons_climate_change_the

"NOAM CHOMSKY: I want to make a couple of remarks below about the severe difficulty of maintaining and instituting democracy, the powerful forces that have always opposed it, the achievements of somehow salvaging and enhancing it, and the significance of that for the future. But first, a couple of words about the challenges that we face, which you heard enough about already and you all know about. I don’t have to go into them in detail. To describe these challenges as “extremely severe” would be an error. The phrase does not capture the enormity of the kinds of challenges that lie ahead. And any serious discussion of the future of humanity must begin by recognizing a critical fact, that the human species is now facing a question that has never before arisen in human history, question that has to be answered quickly: Will human society survive for long?

Well, as you all know, for 70 years we’ve been living under the shadow of nuclear war. Those who have looked at the record can only be amazed that we’ve survived this far. Time after time it’s come extremely close to terminal disaster, even minutes away. It’s kind of a miracle that we’ve survived. Miracles don’t go on forever. This has to be terminated, and quickly. The recent Nuclear Posture Review of the Trump administration dramatically increases the threat of conflagration, which would in fact be terminal for the species. We may remember that this Nuclear Posture Review was sponsored by Jim Mattis, who was regarded as too civilized to be retained in the administration—gives you a sense of what can be tolerated in the Trump-Pompeo-Bolton world.

[...]

Well, meanwhile, global warming proceeds on its inexorable course. During this millennium, every single year, with one exception, has been hotter than the last one. There are recent scientific papers, James Hansen and others, which indicate that the pace of global warming, which has been increasing since about 1980, may be sharply escalating and may be moving from linear growth to exponential growth, which means doubling every couple of decades. We’re already approaching the conditions of 125,000 years ago, when the sea level was about roughly 25 feet higher than it is today, with the melting, the rapid melting, of the Antarctic, huge ice fields. We might—that point might be reached. The consequences of that are almost unimaginable. I mean, I won’t even try to depict them, but you can figure out quickly what that means.

[...]

Meanwhile, the Doomsday Clock of the Bulletin of Atomic Scientists last January was set at two minutes to midnight [ https://thebulletin.org/doomsday-clock/ ]. That’s the closest it’s been to terminal disaster since 1947. The announcement of the settlement—of the setting mentioned the two major familiar threats: the threat of nuclear war, which is increasing, threat of global warming, which is increasing further. And it added a third for the first time: the undermining of democracy. That’s the third threat, along with global warming and nuclear war. And that was quite appropriate, because functioning democracy offers the only hope of overcoming these threats. They are not going to be dealt with by major institutions, state or private, acting without massive public pressure, which means that the means of democratic functioning have to be kept alive, used the way the Sunshine Movement [ https://www.sunrisemovement.org/ ?] did it, the way the great mass demonstration in the early ’80s did it, and the way we continue today."


Winston SmithApril 13, 2019 2:47 PM

More slippery slope for the US's 4th amendment. Google is there...


"Technology companies have for years responded to court orders for specific users’ information. The new warrants go further, suggesting possible suspects and witnesses in the absence of other clues. Often, Google employees said, the company responds to a single warrant with location information on dozens or hundreds of devices."


https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html

Sed Contra April 13, 2019 3:10 PM

Now that the technical capabilities of surveillance are reaching the level of universal practicality, the question arises naturally as to how to eliminate the middlemen, which FacelessBok, Gouggel etc are.

JG4April 13, 2019 6:26 PM


https://www.nakedcapitalism.com/2019/04/links-4-13-19.html

...
Big Brother IS Watching You Watch

The opt-out illusion Times Literary Supplement

Big Brother in the Mall WSJ

Is Your Smart Speaker Listening In on You? Truthdig
...

Assange Arrest

The Legal Narrative Funnel That’s Being Used To Extradite Assange Caitlin Johnstone
...

737 Max

737 MAX crisis prompts Southwest pilots to question its all-Boeing fleet Seattle Times

FAA meets with U.S. airlines, pilot unions on Boeing 737 MAX Reuters
...

gordoApril 13, 2019 10:16 PM

A reasonable view of at least one implication of the U.S. charge against Julian Assange:

> Last year, James Goodale, former general counsel to the New York Times, commented on the (now confirmed) idea that a “conspiracy” charge would be brought against Assange by the US government:

As a matter of fact, a charge against Assange for “conspiring” with a source is the most dangerous charge that I can think of with respect to the First Amendment in almost all my years representing media organizations.


The reason is that one who is gathering/writing/distributing the news, as the law stands now, is free and clear under the First Amendment. If the government is able to say a person who is exempt under the First Amendment then loses that exemption because that person has “conspired” with a source who is subject to the Espionage Act or other law, then the government has succeeded in applying the standard to all news-gathering.

https://fair.org/home/assanges-conspiracy-to-expose-war-crimes-has-already-been-punished/

...and, Mr. Goodale, writing yesterday, in The Hill:

If Assange is found guilty of conspiring with Manning under this indictment, which incorporates the Espionage Act, this will be a blow to the First Amendment. It will criminalize the news-gathering process and will be a precedent for future cases concerning leaks. This will be particularly so since substantially all leaks in the future will be computer-generated.

https://thehill.com/opinion/criminal-justice/438709-pentagon-papers-lawyer-indictment-of-assange-snare-and-delusion

Given the problems with attribution as a general, information-security principle, to say nothing of the standard journalistic processes outlined in the U.S. government's indictment of Assange, I think that it's safe to say that public interest technologists, among others, will be following developments in this case rather closely.

Given the supercharged emotive opinions regarding Mr. Assange as a person that one sees bandied about, I think it's best, as always, to keep one's eye on the ball.

ALApril 13, 2019 11:02 PM

@gordo
I've decided that I don't support the U.K. permitting the extradition for a few reasons. First, we know that these charges aren't the "real" charges because Manning was locked up within the last month for refusing to testify before a grand jury. The indictment against Assange is dated 2018. The "real" charges could involve something that the U.K. would conclude is a political prosecution.

Second, with Trump enticing a law violation by promising a pardon if the offense was committed, the U.S. is not committed to the "rule of law".
https://thehill.com/latino/438683-trump-told-border-official-hed-pardon-him-if-he-went-to-jail-over-immigration-moves
Other examples is "too big to jail", and the recent visa revocation towards an ICC prosecutor pursuing American war crimes. Trump ran as a war criminal wannabee "I'll bring back waterboarding and a whole lot worse".
https://www.npr.org/2019/04/05/710324238/u-s-strips-visa-from-intl-criminal-court-prosecutor-pursuing-war-crime-inquiry
The U.S. exempts itself from any compliance with international war crime tribunals.

And lastly, I think the U.K. should only render Assange if, knowing what they know now, they would render Assange to Germany in 1937. Maybe the U.S. is Germany 1937 and maybe not. But I think the situation requires the assumption that the U.S. is indeed Germany in 1937.

gordoApril 13, 2019 11:38 PM

@AL,

There is a timeline of events that can be characterized in terms of political if not institutional expedience. I doubt, as yet, that an event horizon on this issue has necessarily been crossed. How the rule of law fares in all of this will be determined by the courts. IMO, the longer this take to play out, the better the outcome for everyone concerned.

ALApril 14, 2019 1:22 AM

@gordo
What is that jargon "event horizon"? Or "political if not institutional expedience"? I'm marketing, with training in political speech. For example, being a US citizen, I believe "in a justice system that is fair, but firm. To believe otherwise goes against the foundations that this country was founded on".

What does that mean? It's absolute BS. And that is what my professor trained me on. So, I don't want to hear about "event horizons" or "expedience".

The problem is, in the U.S. the 4th Reich might very well be emerging, and I think the U.K. needs to take that possibility into consideration in deciding whether to render Assange to U.S. soil.

The problem for the U.K. is, they're as mixed up in it as much as the U.S., particularly with Iraq, Libya, and Yemen. Talk about peas in a pod.

name.withheld.for.obvious.reasonsApril 14, 2019 1:48 AM

I am afraid that the UK will quickly move to handover Assange, knowing they are handing a person in their custody over to a state that has expressed how they will man the booth "do worse than waterboarding" at the Gitmo festival. Where a director of an intel agency destroyed evidence of torture, and as a participant, carried out such actions at a black site suggests that a few mouths--rapacious and hungered--feeds on a primal diet with simple means and will not be satisfied by more reasoned action. Put on a Guy Faux mask with a shirt saying "-- I will f(x) you up --" and put some more coals on the barbie.

Rendition, extraordinary in nature, is probably being entertained at a fervent level in preparation for the festival. The feckless and cavalier attitude is probably a description that has validity regarding the efficatious application of justice as metered out by persons may be better served exercising some reflexive navel pondering/gazing. One can appeal to a greater glory or good, a better angel, or a unique moment in history to make what has been a horrific legacy into something else...we have choices.

But, considering the lessons of the past, I offer...

The stew that this event will brew is monumental, a locus between the hegemony (bounded region) and the extent to which "Lying to all of the people, all of the time" (the neighborhood) and the contours of governance (a zero of order) appears as an isolated essential singularity. Or so they say...

@ AL

Your timeline, or possible your time machine, may not be calibrated. We, after instrumentation adjustments, read out August of 1939 given our current lat/longs. Springtime for who?

ALApril 14, 2019 2:05 AM

@name.withheld.for.obvious.reasons
I see this.
https://www.independent.co.uk/news/uk/home-news/terrorist-propaganda-law-thought-crime-click-link-online-prison-a8866061.html
A raft of new measures mean people can be jailed for viewing terrorist propaganda online, entering “designated areas” abroad and making “reckless expressions” of support for proscribed groups.
The thought control ramps up. But curtailing Assange was also a "thought control" initiative, because Assange was causing people to think "incorrectly".

The broadcast media used to control thought, because if you can control what people see and hear, you can control what they think and say. The internet has thrown a monkey wrench into that, and the governments are trying to get the genie back into the bottle.

yaaawnApril 14, 2019 10:07 AM

Regarding Assange and a "panic button": the worst damage Wikileaks could have done is to blackmail the current Ecuadorian government.

Considering the negligible effects that blackmail has had on other governments in the last 50 years, it would likely have been forgotten in some weeks or months anyway.

But I think the embassy kicked him out because they got tired of that sort of unprofessional high school tactics.

TatütataApril 14, 2019 11:16 AM

OK, so there *might* be spying going on at the FBI...

Zack Whittaker, TechCrunch, 12 April 2019: Hackers publish personal data on thousands of US police officers and federal agents

A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.

The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exploited flaws on at least three of the organization’s chapter websites — which we’re not naming — and downloaded the contents of each web server.

The doxxing is not the result of compromised federal servers, but of private ones.

name.withheld.for.obvious.reasonsApril 14, 2019 11:31 AM

Finally, the person responsible for disclosing the "weapons of mass destruction" under Saddam Hussien's control, who said that there was 45 minutes to doomsday.

It was Wikileaks that dropped the memo declaring that Sadam was supporting al Quada and bin Laden. it was that award winner publisher again, was it not.

It's great when a publication or journalist includes (fake pictures) to the UN Assembly that shows how roach coaches were used as mobile chemical weapon kitchens, and now we want to prosecute the food critics? I thought the US had better taste then that.

Also, that abhorrent journalistic criminal that decried "Iraqi oil will pay for the $250 billion dollar war. Six months is all it will take to train-up security forces in Iraq, and the Iraqi people will give the US. flowers."

Where's my flowers, bitches!

The stellar, top notch, strategic planning that decided on a light, 150,000 troop invasion (I mean freedom) force to hold down a population that has only known arcane and brutal dicatoral control. This behavior can only come from the mind of a non-state terrorist organization, right?

A mere 25 million Iraqi's would come to their senses and understand that we were there to give them back their country (that is if you put the right President and parlimentary assembly together).

Who does that Maliki guy think he is anyway, theirs is just a provisional government and our rules must be followed. Don't make me invade your country, again. Cuz I will. I'm that bat-shit crazy.

TatütataApril 14, 2019 11:43 AM

It was Wikileaks that dropped the memo declaring that Sadam was supporting al Quada and bin Laden. it was that award winner publisher again, was it not.

David Frum is still at large and masquerading as a journalist.

I wonder what happened to the recluse's personal electronic devices after he was pushed out of his cupboard.

vas pupApril 14, 2019 11:49 AM

On China domination:

https://www.bbc.co.uk/iplayer/episode/m0004cgm/panorama-can-we-trust-huawei

Regarding Assange:
I guess there are two type of secrets:
(1)legitimate secrets of national security, proprietary information of corporations, private information of ordinary Jane/John. and
(2)cover ups by government and/or private business, political institutions (e.g. national committee) of disgusting behavior or even illegal/criminal activity which were made secret to avoid public awareness and fair evaluation by population.

When Assange or Snowden (or other similar folks) leaking information on (1), I am NOT with them.
When they are leaking information on (2) - they really do very good service for all and deserve credit.

But as usually, that is just my humble personal opinion.

TatütataApril 14, 2019 12:19 PM

I guess there are two type of secrets:

(1)legitimate secrets of national security, proprietary information of corporations, private information of ordinary Jane/John. and

(2)cover ups by government and/or private business, political institutions (e.g. national committee) of disgusting behavior or even illegal/criminal activity which were made secret to avoid public awareness and fair evaluation by population.

Pray tell, how do you distinguish between the two? Take a purely random and hypothetical example: tax returns...

vas pupApril 14, 2019 12:47 PM

@Tatütata • April 14, 2019 12:19 PM
Unfortunately, Tax Code is so huge and complicated you may find something there for both (1) and (2).

I'll suggest that all those who request publicize tax returns of others, do the same for their returns first, as fair game.

AlejandroApril 14, 2019 2:54 PM

Illinois bill banning eavesdropping by IoT devices defanged

"On April 10, the Illinois State Senate passed the "Keep Internet Devices Safe Act," a bill that would ban Internet device manufacturers from collecting audio from Internet-connected devices without disclosing it to consumers. But the bill was substantially neutered after a fierce lobbying effort by an industry association backed by Amazon and Google."

https://arstechnica.com/tech-policy/2019/04/illinois-bill-banning-eavesdropping-by-iot-devices-defanged-by-tech-lobby/

From what I can gather the 'industry' argued, successfully, that the law would hold the companies liable if they 'accidentally' turned on a microphone. And, thus, there is no specific penalty for breaking the law. ...Huh? (...bank robbers should have it so lucky, in case they accidentally rob a bank...) (or)

In other words the right pockets were lined.

The boys at AWS are total wizards in moving big data, fast and accurately. But, it seems even the wizards can be been corrupted like so many others.

I find myself, (only somewhat successfully), trying to eliminate contacts with AWS as so many sketchy foreign and otherwise questionable actors have accounts with them now. All hidden by corporate registrations.

Clive RobinsonApril 14, 2019 3:10 PM

Is Google GDPR bat shit crazy?

Odd things are qoing on with Google's search engine in the UK.

The old easy to use minimal traffic text interface got phased out so that you had to put up with an uncomfortable to use on a mobile or if you have eye sight issues interface that was not just higher bandwidth it was slower and actually a lot less uesful.

But today if you try using it with javascript and cookies turned off it claims "Suspicious behaviour from your network" which it will not give you any information on if you have javascript off. If you turn javascript on it then gives the totally usless "I am not a robot" capatcher that renders badly on low res screens asking you to look for "busses" or some such, apparently totally oblivious to the fact that "US School Buses" like like storm trouper / SWAT / occupation force millitary troup transport to most others outside the US... A hint for "Google derps", the US represents less than 5% of the worlds population, many of the other 95% care not a jot for "US street idioms and furniture" especially the difference between stop signs and pedestrian crossings...

Oh and guess what unless you turn on "Google tracking" by cookie you can't actually progress beyond thr system designed by those with less inteligence than our four pawed friends that cock a leg at such street furniture"...

Well I can not be bothered wasting my mobile bandwidth or treacle like speed on Google with javascript enabled, nor am I having their "track my but cookies" turned on either.

So bad as Duck Duck Go is... Yup it's now better than "bat guano for brains Google derps veritable efflusions of noxious detritus".

AlejandroApril 14, 2019 3:23 PM

@Clive Robinson

Crazy like a fox?

Google et al are fighting back by making it really annoying to use their stuff unless you submit to them.

I too have become an expert in recognizing captcha bicycles, fire hydrants, crosswalks and buses. At first it was fun, now it's, as planned, incredibly annoying.

The USA in particular needs an intelligent, knowledgeable, honest political hero to lead us unto battle against the IT Axis of Evil.

Don't see it happening any time soon. Likely things will get worse.

Clive RobinsonApril 14, 2019 4:52 PM

@ ;

Don't see it happening any time soon. Likely things will get worse.

How much worse?

There was a "topical interest" item on the radio the other day about the members of the bulletin of the Atomic Scientists "Science and Security Board". Who they you ask? Well it's they who set the "Doomsday Clock" to what is their best guess as to how soon it will be before "we get blown back to the stonage" by the loonies with their fingers on various switches and buttons[1].

Apparently it's not just the ordinary "time clocks" that have "sprung forward for summer time"...

Although it stayed where it was last year at two minutes to anhialation for mankind as the US and West know it, the way it works is that things actually have to be worse this year than last for it to stay at the same time... That is as something stays at the same perceived threat level it ages that actually makes it less of a threat... Yes I know, but it does reflect the human condition that you are less likely to punch someone in the face for grinning at you the longer you don't punch them, because it becomes "the new normal"...

But basicaly when you look behind the reasons for the clock not moving back you will probably mutter "bl@@dy politicos" or similar, for yes it is they playing the fiddle baddly whilst all around them burns...

https://www.ecowatch.com/doomsday-clock-2019-2626972129.html

[1] More correctly it originaly represented an analogy for the threat of global nuclear war. However in 2007, they broadend the scope, and it now also reflectes climate change and other new developments in the life sciences and technology domains that could inflict irrevocable harm to humanity...

AKA turn us into "zombie droid/slaves of the 1% of the 1%" kept in line by those Bob Altymier defind as "authoritarian followers", who are increasingly populating not just the "guard labour" but judiciary etc. But that it's self is unstable due to technological developments.

So every supposed "AI advance" that is in reality more repressive surveillance ticks the old clock onwards. Similarly anything involving the price imbalance on essential drugs, and any medical advancment that prelongs life but at a greater cost to other citizens (transfusing teenage blood into Silicon valley billionairs and similar) ticks it on as well... So strange as it might appear the decreasing life expectancy of US citizens is also in the figure, or more correctly the increasing differential between the 1% and the rest of the citizens.

vas pupApril 14, 2019 6:01 PM

@Alejandro • April 14, 2019 2:54 PM
Good move on Illinois side, but as usually, those exceptions you posted:
"From what I can gather the 'industry' argued, successfully, that the law would hold the companies liable if they 'accidentally' turned on a microphone. And, thus, there is no specific penalty for breaking the law."

Without penalty law becomes just pure declaration.

If consumer has an option to shut off (to be in full control on his/her discretion)collecting audio from Internet-connected devices by kill switch, and kill switch is mandatory BY LAW on such devices, then such law will serve you, not IoT manufacturers and their stakeholders. In such way prevention going first.
That is why expert opinion on technology is required when legislators are working on technology/science related laws for better outcome.

justinacolmenaApril 14, 2019 7:59 PM

@vas pup • April 14, 2019 6:01 PM

@Alejandro • April 14, 2019 2:54 PM
Good move on Illinois side

Internet-connected devices by kill switch, and kill switch is mandatory BY LAW

There is no law in Illinois. That is a mafia state. I was firmly disabused of any illusions of the rule of law by the sound of large caliber gunfire from a hostile party who had located my cell phone southside Chicago.

With full complicity & cooperation of local police everywhere, the offending party pursued me into Detroit, Michigan, and continued firing on me. Personnel from the Army, Air Force, and Marine Corps showed up, and several were arrested and imprisoned along with me on absurdly fabricated charges by a marijuana-dealing profiteering local sheriff.

gordoApril 14, 2019 8:12 PM

Asymmetric price haggling...(I know, a contradiction in terms)...this article covers a lot of ground:

Big Tech Is Spying on Your Wallet
How data is letting corporations wring every penny from your purchases.
by Phillip Longman

[T]his kind of market discrimination is the defining mega-trend of our ever more digitized commercial life. Attempts to expand its use and effectiveness are the overwhelming reason why corporations are so eager to scoop up our personal data in the first place. As Andrew Odlyzko, the former head of the University of Minnesota’s Digital Technology Center, has written, “The powerful movement to reduce privacy that is coming from the private sector is motivated by the incentives to price discriminate, to charge different prices to various customers for the same goods or services.”


Corporations have no intrinsic interest in invading your privacy. They really don’t care who your Facebook friends are or even how many of them you’ve slept with. No, the real reason corporations want more and more of your personal data is because they are after something that businesses have coveted for millennia but could only imperfectly pull off. Think of the haggling rug merchant in the bazaar, or the car salesman on the showroom floor. What they most want to know is the maximum you’ll pay today for whatever they have on offer.

https://washingtonmonthly.com/magazine/april-may-june-2019/big-tech-is-spying-on-your-wallet/

name.withheld.for.obvious.reasonsApril 15, 2019 1:21 AM

From the Democracy Now Youtube channel, 11 Apr 2019, the comment section is filled with references to U.S. domestic internet systems unable to access their channel, specifically the Democracy Now https://www.youtube.com/watch?v=WrTcMwE7bzM Headline video where Assange's arrest is first reported.

Additionally, comments suggested that "Secular Talk", "TYT The Young Turks", "The Jimmy Dore Show", and "Thom Hartmann" had been reported inaccessible by other Youtube channel surfers (watchers).

name.withheld.for.obvious.reasonsApril 15, 2019 2:02 AM

@ gordo

Yes, in 2012 when I noticed this phenomenon, I found that the facebook API's such as fb_connect acted as a server-side client tracking mutex. What I realized is all the sites that had posted the infamous facebook "Thumbs Up/Like" button on their pages were acting as a vertex to a mappable context-based dataset using specific meta tag or embedded web beacon components.

At the time, September of 2012, a rather suspicious page rendering error lead to the discovery that commercial services companies, like wholesalers and direct purchasing companies, were tied into "third-party" data aggregation proxies that act as intermediaries to commercial and retail outlets for the purposes of "directed advertising".

What I understood was the locus created using any of a number of methods (XML data tagging, GUID graphics tags/bugs, and other obfuscation technics) to tie host data (to what degree I had not determined) and the intersections to my online activity was mined and processed for a reason. At the time I considered it a malicious hack of client browsers, this triggered my internal breach/compromise mitigation and notification process and e-mails went out to clients, customers, and suppliers informing them of my potential compromise. What I later realized was that a commercial entity had just practiced a sort of finite-discrimination-label application based on my purchasing activities.

As an independent research and development firm, the event made me realize that traditional methods of acquisition (materials, devices, books, components, software, etc.) represented a risk to my own company in a manner typically reserved for large or nation state-based enterprises. The calculus I had used to determine start-up and operational costs for my business plan was incorrect. I had underestimated the operational security requirements to prevent or mitigate the loss of core research and development materials and intellectual property by multiples of integers greater than two, but less than an order of magnitude...but not much less.

DennisApril 15, 2019 3:23 AM

@Clive Robinson wrote, "The thing is is even if he has become mentally ill, he is far from stupid thus he almost certainly would have put in place not just a "Panic switch" but a "Deadman's switch" as a failsafe" as well."

The move appears purely political at this junction. WL played a pretty important role in 2016. Since then Assange had been a thorn on the side waiting to be removed. This move kills two birds with one stone.

name.withheld.for.obvious.reasonsApril 15, 2019 4:02 AM

A best guess:

What I can gather from the inditment against Assange, the claim of hacking is completely fraudalent. Manning was using a Linux boot CD to obtain the SAM database is my best conjecture. As the ACL's for the database would not allow direct, and many indirect, attempts to read the contents of the file for hashes.

Using a seperate boot source which can mount the system's boot volume read/write or read-only and is of no use in aquiring network level credentials/auth tokens. Nor does it seem necessary that a local priveleged account (whether system or application level privilege) to access local data. It sounds as if operational data is stored locally, that doesn't seem plausible.

So the whole password thing smells a bit fishy (like a herring).

What it may suggest is that the event or database logs would be the objective, Manning would understand that tracking activity would be stored locally. I cannot think of a scenario where Manning would not be able to perform the necessary log scrubbing or have any need for Assange's technical assistance. Assange possibly provided encouragement, encouragement consisting of appeals for additional information.

I can see if he'd already reviewed information leaked by Manning, Assange now a witness to capital crimes, might feel duty bound to request that his source dig further.

wowowApril 15, 2019 10:49 AM

As to anyone trying to assess or access my id or current status; i deliberately relinquished ALL of my remaining digital archives to a complete stranger. There are now guaranteed to be data doppelgangers of my materials.

The MPAA (motion picture association of america(s)) still has a conflict of interests which flows upwards (unfortunately) to the previously known Mr. John Ashcroft and the legislation which allegedly made it legal to do ACTIVE and MALEVOLENT hacking (or worse) towards SUSPECTS of digital piracy, even at risk of harming INNOCENT targeted individuals and groups.

I am such a previous victim. I am NOT a digital pirate. However, simply being a resident of a controversial neighborhood made it difficult for me to be differentiated from others. Thus I was attacked, my files sabotaged, my appartments invaded several times, and thusly, eventually I was poisoned several times and became VIGILANT(e) against the incursions.

I still believe the honorable Edward Snowden ought to be exhonorated because he (and others) advocated for the cessation of digital hostilities and cyberwar. As a healthy replacement, he (and others) advocated for stabilization of critical infrastructes instead. In other words, it is preferred to be PEACEFUL rather than hostile. STABILITY and SAFETY are a high priority than invasive competitiveness. I tend to agree.

Peace be with y'all.

Sincerely,
wowow

-=*=-

P.S.- I an thankfully still NOT a terrorist, nor am I a vigilante. I am however, a victim of a criminal.

wubber_duckyApril 15, 2019 10:53 AM

SPELLCHECKER BACK OFF:

corrections:

"high" was supposed to be "higher"

"I an thankfully" was supposed to be "I am thankfully"

Nevertheless, this is a Google form

Thinkaboutit Thinkaboutit Thinkaboutit

Charlie needs relief!

VRKApril 15, 2019 1:04 PM

DOH use == Criminal?

For those NOT in control of their network dns,
in Firefox, under the url about:config, (search for TRR),
mozilla has now provided an option to use
alterate DNS services via DOH, or DNS OVER HTTPS,
without begging your network admin for cooperation.

Here's a list of some alternate name servers
https ... github.com/curl/curl/wiki/DNS-over-HTTPS

Granted, any resolver you choose
can be black listed by your access provider
like BCNETs dns provider blocking
https ... cloudflare-dns.com/dns-query,
(despite the U of British Columbia IT chief seemingly against it),
under the apparent pro-surveillance "thought police" inference that

security/anonymity/privacy/free speech = dark web = criminal activity.

If you think one is blocked,
a test provision may be available, in this case Quad9:
https ... 9.9.9.9/dns-query?name=schneier.com

(not sure if thats Quad9s filtered service)

Curtains at home? Door on your bathroom?! No camera above your hot tub? Beware of the 'exceptional access' nuke inbound.

WhiskersInMenloApril 15, 2019 5:07 PM

Just saw an online quiz (twitter) that purports to guess 
what state you are from.  With location services, reverse
IP address lookup and more how is this not a scam?
Good or bad data gathering tools and what other
risks are at the URL?

Clive RobinsonApril 15, 2019 7:09 PM

@ ,

Manning was using a Linux boot CD to obtain the SAM database is my best conjecture.

Yes and which journalist conspired with Pte Manning, told him how to carry out the hack and then grassed Pte Manning out?

Strange that person is not being sort out on conspiracy charges...

But oh wait a minute "they were a US citizen masquerading as a proper journalist"...

I would not mind betting there are certain people who don't want that embarrassing information dragged back out into the light of day...

gordoApril 15, 2019 7:53 PM

@ name.withheld.for.obvious.reasons,

Yes, in 2012 when I noticed this phenomenon,

...sounds like you were sucked up in 'tracking systems gone wild'; even the advertisers, back in 2007 (see below), were looking for a way out. Maybe the FTC should put their new Technology Task Force to work on this kind of stuff.

What can we advertisers do to stop this? How can we thwart price discrimination? For starters, we can reduce the amount of information the ad systems get. Don’t use their tracking systems. Both YSM and Google offer website tracking systems. You have to be a YSM advertiser to use their system while anyone can sign up for Google Analytics. Google further offers “Google Checkout,” a shopping cart and payment system for the small business. These systems allow the platforms to collect information, which can be used to estimate the value of a click to the advertiser. Yahoo says they use the information to determine which affiliates are good and which should be subject to Quality Pricing discounts. Maybe that’s true, but if the ad platforms have conversion data, it opens up the possibility for them to adjust prices so each advertiser pays what a click is worth to him or her.

https://moz.com/ugc/price-discrimination-in-pay-per-click-advertising

---

FWIW, unless it can't be avoided, I buy everything from local brick-and-mortars.

MarkHApril 16, 2019 8:47 AM

Thanks, David, for the tweet link. I appreciated this from one of the replies:

"[Self-driving cars] are absolutely good enough! If the weather is perfect, the road is well painted, there are no unforeseen obstacles or construction work, or emergency vehicles running around the corner that a human driver can hear but not yet see, signage looks like it does in California ..."

Clive RobinsonApril 16, 2019 9:06 AM

@ Name.Withheld..., Gordo,

lead to the discovery that commercial services companies, like wholesalers and direct purchasing companies, were tied into "third-party" data aggregation proxies that act as intermediaries to commercial and retail outlets for the purposes of "directed advertising".

The way to stop it in a "capatilist system" is to take the profit out of it, or make marketing people realise there is no profit in it thus employment for them (if their Dunning-Kruger and other psychotic etc issues will alow them to actualy see it).

The problem with "Ditected advertising" is plain and simple it's price discrimination... It's like the problem of loyalty cards, it's an expensive system to run even when automated as much as possible, and often does not realy show any profit...

One aspect is "loyalty of convenience" by consumers. I don't shop at big out of town "shopping centers" and "super stores" because unlike others I calculate in the cost of travel and the few pennies difference would only be covered if I purchased a considerable amount that I neither want nor need of what I usually buy which is fresh food, thus two or three trips a week. So my loyalty is based on where I start my shop from, and where it finishes. So as will be seen by many their loyalty such as it is, is to the stores they use from home and loyalty to the stores they use in their lunch hour at work etc (any one who thinks a "working lunch" is a good idea is realy deluding themselves[1]). It's not loyalty to "the brand" it's just "convenience" of minimal time, shoe leather, or what ever you want to call it. It's only vaguely "Brqnd loyalty" when there are two shops close together, or there was some other benifit.

For instance a while ago in the UK M&S tried a "free coffee per shop" a friend who drinks coffee like it's going out of fashion, switched getting their workday lunch from Greegs the Baker to M&S sarnies because of the free "real coffee" saving then about the equivalent of two bucks for not crossing over the road... But when the free coffee stoped they switched back to crossing the road...

Marketing people see such behaviour as that which should be punished... Or at the very least not rewarded, even though those customers are bringing in profit... Thus the marketers lump many into the "barnical catagory". It's this mythical chase for the "ABC1's" or even "big whales" that they claim means more profit than the ordinary joe saving a buck on a promotion.

But does it mean more profit? The answer is probably no. The number of people that can be enticed to spend more on things they don't actually need in these economic times and the supposed discount required to get them to do so plus the cost of running such loyalty schemes is apparently very marginal at best. Because the people they want to attract are not taking the bait, because even they can see sense in "shopping around" for not just big dollar items but everyday almost essentials as well.

Part of the reason for loyalty cards was to stop the "barnicals" who use the vouchers that get handed out or printed in local press etc. Apparently "these low lifes" have the temerity to set up coupon collecting / swapping clubs, "to abuse the system" according to quite a few marketers. Hence the now "personalised" locked to the loyalty card incentives. Guess what that fails as well, some "coupon clubs" go around together and buy for each other just to get the better discounts given on these "locked vouchers". This indicates that these voucher people see value in what they do, which is more than they see in "Brand loyalty"...

For what is the largest industry in the world supposedly even bigger than religion these days, the marketers and sales droids actually offer little or nothing for their immense cost, which we all pay, irrespective of if we are ABC1's or not. Thus they are in effect "eating profit" from their employers...

Thus I see such "closed systems" as "deliberate discrimination" which at the very least should not be part of "The American Way" and may well be technically illegal in other countries.

Oh and if we could "recession" marketers and sales leeches out of existance, maybe, just maybe we all would pay a little less. Oh and be a little nicer to the environment in the process, thus could be a win-win for jo/joe Average.

If the "employers" of such leeches actually asked for "scientific proof" that the methods work as claimed, before they pay the leeches anything they might learn a lesson or two.

On-line shopping for non-perishables gave consumers way more choice and considerable discounts. Especially if they stay out of the Amazon trap. Whilst "home shopping" by those who have retail outlets for perishables are not seen as "steming the online tide".

As was once noted by a chancer trader at a city bank that decided to move jobs, to his exit interviewer, "If you want loyalty buy a lap dog"... Those ABC1's are not realy any more loyal than any other mildly inteligent person thus any claims about them made by marketing droids are likely just as unfounded as those that discriminatly claim those that actually use their vouchers are "cheating / stealing". Oh and for those of the US Libitarian mind set, obviously marketers are very anti "free market"...

The employers of the leeches should draw up a cost benifit set of figures, based on hard reality not marketing hype. They don't sell stock at a loss that is it costs money to put goods on shelves, if it realy was not shifting to the point they had to sell below cost, then they would in effect dump it and take a tax loss against any profit. Thus every item purchased is earning the employer not just money but some meaaure of profit. Yes even the Barnicals are "paying their way" and marketing adverts against then are in these economic times at best questionable.

I could go on but the point is after any "non-self interested" research you can only come to the same point of view that Douglas Adams did many years ago... You need to "export the marketers and sales droids" and make them "Somebody Elses Problem" (SEP) before they drive the economy into a state where the only thing left is "shoe shops" and total economic colapse ;-)

Thus appart from making their activities both illegal and punishable by the most sever if not worst of punishments, we will somehow have to "Starve the feaver to kill the disease" and the easy way to do that is stop giving the leeches money, either directly as an employer or indirectly as a customer thus forcing the employers hand.

Personaly if it stopped the massive deforestation of trees that then get pulped to be pushed through my door giving me an unwanted disposal problem, it would make my environment a happier place to be ;-)

Last year as an experiment I collected all the paper and cardboard etc etc that got pushed through my door and wizzed it up to "re-pulp" and then turned into long thin brickets to use in the "rocket stove" I have in the shed[2] they lasted all through winter not just to heat it whilst I was in it, but to make many kettles of boiling water to make thermoses of tea with. I have no idea if it saved me money over all, but it did give me the warm feeling of re-cycling thus reducing my carbon foot print[3] ;-)

[1] Most studies into "productivity" of individuals --that is people-- not of organisations --which is actually a business efficiency measure and mostly unrelated to individuals abilities-- have found that the more cerebral the work the less likely you are to be productive after just an hour or two. Thus a work pattern of an hour of investigation (test thinking) followed by an hour or two of fixing/augmenting (creative thinking) followed by an hour of unrelated activity is the way that produces best benifit. So the old "9 to 5" of an hour to settle in from traveling and basic contact/updating --short coffee machine / water cooler meetings-- for the team to integrate followed by the first three hour work cycle, followed by an hour of stand down time we often call lunch, followed by the second three hour work cycle is actually the most productive way to work after your mid twenties and into your nineties. Even manual labour with apparently no thinking involved --according to some managment types-- realy works on two or three daily work cycles, becsuse even manual labour actually requires thinking to avoid mistakes. Which is something drivers forget to their cost... But also muscles have "repetative fatigue memory" where by you need to stop and do other motions with arms and hands etc to avoid actual injury which get lumped under "Repetative strain injuries". Which judges and the like have ignored, but as any anthropologist knows actually leaves traces on the human skeleton, which can be read hundreds if not thousands of years later when we dig them up. So the argument "soft tissues are not effected by work" is kind of stupid. So breaking these natural work cycles is not productive at best, but actually reckless to the point of deaths and injuries. So if your boss or the big boss think that way, it's actually a good idea, go find another job so that you might live long enough to enjoy retirment. Yes you can get away with it in your teens and upto your mid twenties but after that you are killing yourself for absolutly no gain (just like regularly drinking coffee only works the once if you don't abstain for three days or so to let your body and more importantly your brain reset). Apparently the average life expectancy is dropping but the differential between the ultra rich and the average of the rest of society is growing faster... Which tends to suggest the ulra-rich are killing of those at or below average.

[2] There is a custom and practice "law" that every man who is married should have a shed or other "man cave" as a place of respite, away from the wife in her domain of the domicile. If for no other reason his self protection (yes a judge in SW London did find for a husband who was divorcing his wife for what was in effect unnecessary behaviour tantamount to cruelty / domestic abuse for her incessant sharp tounged behaviour. Had he a shed to take refuge in, the expense of the court etc might well have been saved ;-)

But the reality is most men have hobbies that often involve the odd four letter word when tool inadvertantly meets flesh or has some other anti-social aspect like noise or other dirt/smell/friends. Such as Tessler coils making massive sparks, or some of Doug Coulter's experiments into particle physics, or mine of designing and prototyping high power transmiters, antennas and similar.

[3] Yes even though it looks like I am sending the carbon in the paper up into the sky to become a "green house gas" polutant, unlike conventional fires, rocket stoves and gassifiers like up/down draft stoves actually burn down to both water and CO2, which means none of the tar and other real nasty emmisions (creosotes etc) that you get from more traditional fires, stoves or petrol/diesel engines. Also outside of city centers CO2 generally gets reabsorbed by local plants even in winter. So yes proper burning is more carbon neutral than putting it out for the wasteman to take away where it might eventually just get burnt anyway but with much less efficient high tempratute flue gasses that don't get reabsored locally if at all...

David WalshApril 16, 2019 4:33 PM

Clive

This indicates that these voucher people see value in what they do, which is more than they see in "Brand loyalty"...


'gaming the system'; reading a little about the 'Woolworths' loyalty program in Australia, the way to suceeed is to understand its a 'Disloyalty' program. It needs to hook back disloyal customers- the loyal ones just get the standard points sans perks.
But game the algos by refusing to use the card for a period of time. One suddenly gets emails with promotional offers - 10, 20, 50 times as many loyalty points if one please, please just buys something, please! It's completely worthwhile [if one finds merit in the whole twisted setup, which is arguable]

gordoApril 16, 2019 9:45 PM

Hey, remember that California privacy law? Big Tech is trying to ram a massive hole in it
Amendment would exempt, um, Google and Facebook
By Kieren McCarthy in San Francisco 16 Apr 2019

Under this proposal, so long as they use a form of online bidding for placing ads, they would be exempt from the law.


[. . .]

Allowing the exemption would allow for "the most massive leakage of sensitive personal information ever recorded," Brave [the browser maker] notes. And yet the leakage – and the companies behind it – would be exempted from a law that was written specifically to prevent such sharing.

https://www.theregister.co.uk/2019/04/16/ca_privacy_law/

Related link from above article:
https://brave.com/brave-ccpa-april-2019/

---

Also linked to at The Register page above, a long article on newly leaked Facebook documents:

"The documents appear to be the same ones obtained by Parliament in late 2018 as part of an investigation into Facebook. Facebook did not question the authenticity of the documents NBC News obtained."

https://www.nbcnews.com/tech/social-media/mark-zuckerberg-leveraged-facebook-user-data-fight-rivals-help-friends-n994706

Rach El April 16, 2019 11:03 PM

Clive Robinson


https://www.windytan.com/2016/10/ctcss-fingerprinting-method-for.html


Identifying unknown radio transmitters by their signals is called radio fingerprinting. It is usually based on rise-time signatures, i.e. characteristic differences in how the transmitter frequency fluctuates at carrier power-up. Here, instead, I investigate the fingerprintability of another feature in hand-held FM transceivers, known as CTCSS or Continuous Tone-Coded Squelch System.

Kisses your way, Mr Pink Ears

name.withheld.for.obvious.reasonsApril 17, 2019 12:06 AM

Does anyone known if in the recent past any actions the United States has taken to pursue an individual, group, or any other styled “hostile non-state intelligence service?”

Curiously, while the hair on the back of my neck stood up (no, the Telsa coil and the Marx generator in the lab is powered down), it occurred to me that executive authorities (which I understand to be completely unconstitutional and in affect gives government primacy over the citizenry), by way of directive, may provide insight to the current environment.

Firstly, it is the evisceration of the relationship between the citizen and her government as authorities enumerated require the submission of the citizen—ex-parte. Wherein the state’s power is derived from decree, not consent, and; that the state is superior respecting no citizen-sovereign.

What authority you might ask? Before answering that, how about an additional gift of power by way of secret executive directive, the devolution of executive authority reserved exclusively by and to the executive, annotates cabinet and sub-cabinet level appointees the awesome, most final, and most dangerous power—the power to wage war.

You can go ahead and burn your copy of the Declaration of Independence now, it has been rendered impotent. Additionally, might as well strikeout Articles 1 and 3 of the U.S. Constitution--there seems to be no point.

Under Presidential Policy Directive 20, sans any legal analysis and a thorough reading of the policy, suggests that this policy is a hybrid—statue authority derived from memorandum level effort. The Executive cannot in any manner prescribe authorities wherein all are subject, and, leaves narrow not one.

The invitation here is to anyone that can suggest or identify the completely subversive clauses and describe the retreat this document represents…

It only came to me after the third reading of this "text".

name.withheld.for.obvious.reasonsApril 17, 2019 12:28 AM

@ Clive

Your tome is appreciated, I hate to diminish your effort in response only in that I have not the words, at this time, to craft a more complete response...so let me summarize.

It is in the practice of psychology, behavioral or analytical, I will claim, stands as art. Imperious clinical analysis, less a more complete model in which a physicist might construct a demonstration worthy of examination, represents the terminus of our current knowledge base. Surveys and trails provide some insights but fail to make formal the mechanisms of human experiences and the kernel(s) which might be of most use. That said, there is some danger in the "complete" external stimulation of cogent and cognitive beings. I see this being wielded by persons with intent to do harm, much like a cult leader.

Returning to the subject, at this moment, is not a priority I can abide. There are frogs in the pan right now.

lurkerApril 17, 2019 3:16 AM

@ Clive Robinson
Odd things are qoing on with Google...

In my dotage I sometimes/often use MacOS. 'bout thrice a year Goggle flashes me a msg, Check your acct security: You have an unsafe app accessing your account: MacOS can access your Mail, Calendar Contacts &c &c

Well, hrrmph, I choose to let my operating system do what I want, not you Goggle.

Also when you liven up a new Android device, do try and remember to find where they hide the controls that let you kill Contacts and Calendars -before- going on line, else the thing will be awful slow while Goggle makes a new Contact list and Calendar for you dredging up addresses, phone nrs, dates, from anything you ever touched on the intarwebs....

Rach ElApril 17, 2019 3:51 AM

Moderator

In the most recent Triton Malware thread

The following is the same familiar troll with no life


Somme gui • April 17, 2019 1:17 AM

In before Clive claims personal credit for Stuxnet code again.

Clive RobinsonApril 17, 2019 6:26 AM

@ David Walsh,

"the 'Woolworths' loyalty program in Australia"

Now gaming that actually sounds like a fun challenge, to work out how to get the maximum score in the minimum time.

It might actually make the druge of shopping more fun.

I guess the first trick would be to set up multiple ID's to use the system such that you can use one ID whilst "resting" the others to get more points...

Makes you wonder if they would fall for the "Google mail dotted names" trick just to make your life easier ;-)

Clive RobinsonApril 17, 2019 6:42 AM

@ David Walsh, Alyer Babtu,

Those camera sensors have come on a bit in the past few years.

Do you remember back to when a UK Defence Company built hundreds of the much older 100K type sensors into a large compound eye ball to hang of helicoptors or airship drones with a resolution that could cover a small town and see every one on the streets or in their cars.

Just imagine what you could do with a similar compound eyeball made of 400 or so of these new sensors...

For some reason I've just had a chill feeling...

Clive RobinsonApril 17, 2019 7:03 AM

@ Rach El,

I'm reminded of our dear Nick P for some reason

Dear, but not dearly departed, you can find him posting on the "lobste.rs" blog.

Whilst anyone can read it, it's an "invite only" to be able to post. If I remember rightly, Nick P moved because of a certain blight that was on this blog.

Any way, I'm being told to sort myself out as I have to see the cardiac technician team... Sounds scary, but I think it's another lets get the data out session.

Clive RobinsonApril 17, 2019 2:13 PM

@ Rach El,

Identifying unknown radio transmitters by their signals is called radio fingerprinting.

Amongst many names over the years :-/

One of the latest and more encompassing is "Source Enumeration" and it's just one tiny part of EmSec.

I've mentioned before about transducers being bi-directional, well the same is true of transmitters that basically turn DC into some AC signal at a frequency not far from that of your heart beat and mains frequency to well not quite "infinity and beyond" but more than enough to make your molecules individual atoms and nuclei get "disco-fever" (but without the white suite and phony accent ;-)

But as with dancing we all have shall we say "a style" whilst mine is more grumpy-granddad than Tony Manero (but never as greasy as Danny Zuko) all transducers including big hairy mothers of AM and TV broadcast transmitters all have the equivalent of a style that can be measured. As transmitters --contrary to what engineers will tell you[1]-- do not have free will their style is realy quite repetitive even though potentially unique.

But unlike the old CW / Morse days where you keyed the transmitter and most ears could give a real RST responce with T being the one that said how good or bad your rise / fall and ringing as well as frequency shift on keying, modern transmitters tend to not get keyed very often if at all. That is either they send very occasional bursts or stay on for extended periods.

Which is why "Delta F" is important not just to radio transmitters but computer networking as well. And in this case the --supposadly-- subaudio CTCSS tones[2]. I won't say "been there done that for CTCSS, but the digital version CDCSS yup played around with identifing mobile handset manufactures by their defects in their software implementations.

Oh CTCSS had a problem, which was back in the day it used mechanical "reed resonators" or "tunning forks" as the tone resonators in both the transmitter or receiver these were often called "copper bananas". However as any one who has ever struck a tunning fork knows they carry on ringing for ages after the driving impulse has gone, that is seconds not milliseconds. This caused all sorts of problems and Motorola came up with a solution that they patented. In essence they took the electronic signal from the resonator and using a simple circuit changed the transmitters CTCSS tone phase by 180degrees. In effect this transmitted antiphase signal quenched the receiver resonator rather rapidly. So just about anyone with functioning ears would know by the very short squelch time and no static burst that the transmitter was a Motorola...

Oh and those with "eagle eyes" will notice several tones are effectively missing. Some are because they are related to 50/60 Hz mains frequency and it's harmonics. Some for other reasons, amongst which is 150Hz or "the NATO buzz". For some reason lost to time NATO decided it needed a tone squelch system and thus all NATO compatible radio systems use 150Hz otherwise they can not interoperate...

Oh and of course there is now DMR with a supposadly unique but user changable ID number. Yup you can tell the software implementations with just a good quality oscilloscope. Likewise with other much more specialized equipment you can enumerate GSM handsets even if the electronic serial numbers are changed.

The thing with DMR is that for less than 100USD you can by handsets that for compatability reasons alow access to "over the air encryption" and by this I don't mean the likes of "frequency inversion" even if it is sub-banded. On of the things on my "todo list" is to dig into the secirity of DMR encryption. It's used by amongst others Law Enforcment and some Millitary Security activities. It will be interesting to see just what encryption and keying system you have available as Jo/Joe Public... You never know @Bruce might even end up with a blog page on it.


But speaking of the "enumeration" in a more general sense it's usually tied not just to "poor man's authentication" but also to "atribution", that is "evidence". This brings up the qiestion of,

    Is this sort of enumeration "evidence safe" or "reliable"?

Well the honest answer is "No not if you know what you are doing" but the number who do are so few many people mistakenly or wantonly think they are safe / reliable... Which is a problem. The reality is criminals etc will wise up fast --hey they are readers as well-- the legislature not so fast, in fact slower than your average glacier melts. Thus like the --supposadly-- unchanging fingerprints, prosecutors will "try it on" and almost certainly get away with the equivalent of perjury. Thus miscarriages of justice will almost certainly happen...

As for my "pink ears" they are a little more red currently, and there might even be signs of steam... Because the medical profession are probing away again... Personally I wish they would stop just so I can have some quite minor surgery so I can stay up on my feet a bit more. But no at the moment I'm more of a "sitting target" than "fleet of foot" :-( The moral for those still enjoying your tender age apparent invincability, is "Your body remembers" and unfortunatly "pays you back ten or more fold" if you are lucky... So give any high impact sport including street running a wide birth less you end up not being as mobile as you would like even befor you get to middle age.

But all that aside, I hope this finds you well and enjoying lifes pleasures as we run into the Easter Bank Holiday. In the UK we get both Good Friday and Easter Monday as "days off", and the weather men have said it's going to be barbeque weather, not Sunday roast weather. So more "chilly sauce on Kebab" than "Mint sauce on the leg" time to make a shopping list B-)

Hopefully all the readers here will get the chance to likewise do a bit of R&R though I've yet to find either particularly appealing hence wanting to be back on my feet 0:)

[1] Thus the old truism of just a few years ago of "Oscillators that don't, and amplifiers that do" giving rise to "If you wanted to design an amplifer you should have designing an oscillator..." Back in the 1970's when I first started designing RF circuits above HF life was tough, because transistors had ft's down in the low UHF spectrum which ment even VHF gain was marginal if you sensibly used negative feedback for stability. Thus many an engineer gripped firmly onto what the held most dear, and with trepidation entered the world of K is greater than 1... Now you can get devices with ft's well up in the Ghz ranges it takes the fun out of RF design, unless you are going for efficiency up in the 90% and beyond, or squeasing 5KW with PSUs in a 1U rack ;-) LDMOS can be your friend for a price :-(

[2] There is a site with quite a good write up on "Tone Squelch" of which CTCSS (originally "private line" or just "PL") over at,

http://www.repeater-builder.com/tech-info/ctcss/ctcss-overview.html

Which also gives you an idea of all the measurable dimensions and their issues such as spectral purity, frequency stability, residual modulation, deviation and the probs they can cause in normal operation. All of which you can also use to enumerate a transmitter with. Simillar applies to the digital version CDCSS / CDS as well...

Clive RobinsonApril 18, 2019 5:43 AM

@ Alejandro,

Crazy like a fox?

In the case of "FireFox" crazy like a stalking serial killer,

https://www.zdnet.com/article/former-mozilla-exec-google-has-sabotaged-firefox-for-years/

So Google Chrome is becoming the new "In the net Exhorer" being pimped in ways that are probably illegal in places like the EU.

So Micro$haft becomes like Giigle and Giigle becomes like Micro$haft...

Why don't they just produce an illegitimate lustchild or five that can name themselves "We are the Borg" or some such...

MarkHApril 18, 2019 3:44 PM

@Rach El:

Thanks for the link to your article on distinguishing the several transmitters, really cool :)

not another backhanded 2s complementApril 19, 2019 2:55 PM

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::: Security Recommendations :::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: consider interoperability complexity :::::::::::::::::::::::::::::::::::::::::::::
:: always check the copyright dates :::::::::::::::::::::::::::::::::::::::::::::::::
:: avoid those who avoid the manuals :::::::::::::::::::::::::::::::::::::::::::::::::
:: manually proofread yours ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: if you create manuals, USE PRAGMATISM ::::::::::::::::::::::::::::::::::::::::::::::
:: if you create manuals, USE SEMANTICS or QUIT & HALT PERMANENTLY:::::::::::::::::::::
:: if you create manuals, PREVENT SYNTAX ERRORS :::::::::::::::::::::::::::::::::::::::
:: if you publish anything, please attempt to prevent and reduce publication warfare ::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.