Friday Squid Blogging: Squid Skin "Inspires" New Thermal Sheeting

Researchers are making space blankets using technology based on squid skin. Honestly, it's hard to tell how much squid is actually involved in this invention.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on May 3, 2019 at 4:15 PM • 80 Comments

Comments

MarkHMay 3, 2019 5:53 PM

A long-time topic here has been the security (or rather, insecurity) of implantible medical devices. I understand it's a matter of particular interest to one of the commenter community.

So here is a story (in The Atlantic) with an ironic twist: there's a strong demand for a specific make and model of insulin pump, because its security is flawed.

Background: people with the worst diabetes find it extremely difficult -- and nearly all-consuming -- to keep their blood sugar in a safe range. An enormous help for them is closed-loop control, with continuous monitoring of blood sugar controlling an insulin pump.

In the US, this type of system won regulatory approval only recently, and options are very limited.

For people who started before FDA approval, or who want to use their own choices of devices and parameters, it's been a world of home-brew. A few geeks have made open software for the purpose.

To complete the circuit, it's necessary to have an insulin pump, the metering of which can be externally controlled ... hence the hackable pump with broken security.

Diabetics sometimes wait months to find one, and then must make sure it didn't get a software upgrade fixing the vulnerability. They worry about whether repair will be possible, if their treasured insecure gadget breaks.

MarkMMay 3, 2019 6:30 PM

In last month's post Excellent Analysis of the Boeing 737 Max Software Problems, there was a rebuttal added which tried to argue against most of the points of the original article.

One point of the rebuttal was that the angle-of-attack (AoA) sensors were far more reliable than what the original article represented. Today, CNN has posted an article which shows that the AoA sensors had been flagged in over two hundred incident reports. Also highlighted in the article was the problem that Boeing didn't actually test the system with a failing sensor, and instead only relied on an analysis in design and certification.

The device linked to the Boeing 737 Max software that has been scrutinized after two deadly crashes was previously flagged in more than 200 incident reports submitted to the Federal Aviation Administration, but Boeing did not flight test a scenario in which it malfunctioned, CNN has learned.

From https://www.cnn.com/2019/04/30/politics/boeing-sensor-737-max-faa/index.html

PropoundingMay 3, 2019 11:59 PM

There are absolutely real security concerns when a sitting President is credibly accused of crimes and the acting AG is actively attempting to cover them up. This is Friday Squid and that was the first comment, so I don't think you decide it's off topic.

Trump and Putin spoke on the phone today without either one mentioning the 2020 election, and with the two accused of conspiring to undermine US elections and laws giving themselves a clean bill of health.

Putin also told Trump that Russia "wasn't in Venezuela" despite, you know, photos...
and naturally as the Kremlin's spokesman, Trump duly parroted that as US policy now.

So I think most "security" minded individuals would see the inherent flaw in allowing self-validation at the highest levels, rather than the system as it was designed, checks and balances and accountability.

Given Putin's OTHER side-project in undermining the UK's government with Russia's pro-Brexit nonsense campaign, this IS the major world security question overall right now.

ALMay 4, 2019 1:32 AM

Something entirely on topic, which is Firefox/Mozilla securing the extensions that a user might install to their browser.

Well, they let a certificate expire, and now Firefox users are seeing most of their extensions disabled.

Moreover, from what I can tell, if this certificate is renewed, it won't automatically restore the extensions. They will need to be reinstalled.

There is a extensions.json in the profile directory that configures the enabled/disabled status.

I backed up my entire profiles before this hiatus started. I'll restore them when it finishes.

revoluMay 4, 2019 6:30 AM

Nope. You don't need to do that at all.

"about:config" / Firefox will warn "There Be Dragons" PRESS - I accept the risk! / In the Search: box type - "xpinstall.signatures.required" / on that line - right click the Value "true" and select Toggle to change to "false" your "unsafe" extensions will work.

As far as deciding what's "on topic" that's really not something any individual decides.
It's an averaged consensus of all the voices that decide that. Discussions evolve.

beeping thingMay 4, 2019 6:34 AM

update from Mozilla
"12:50 p.m. UTC / 03:50 a.m. PDT: We rolled-out a fix for release, beta and nightly users on Desktop. The fix will be automatically applied in the background within the next few hours, you don’t need to take active steps.

In order to be able to provide this fix on short notice, we are using the Studies system. You can check if you have studies enabled by going to Firefox Preferences -> Privacy & Security -> Allow Firefox to install and run studies.

You can disable studies again after your add-ons have been re-enabled.

We are working on a general fix that doesn’t need to rely on this and will keep you updated."

AlejandroMay 4, 2019 7:10 AM

Firefox just killed off all of my addons!!!

https://www.reddit.com/r/firefox/comments/bkfhpk/firefox_just_killed_off_all_of_my_addons_and_my/

Yup. All gone. No-Script, U-Block, all of them. Dead. Dead. Dead!

Reddit is on fire about it. Some say it's a glitch and will be fixed. Maybe so.

Or maybe the google has spoken, or the government, or someone has been bought off.

It's an F*ing disaster.

You can try some of Firefox's internal settings to block trackers, but it's just like they say, it WILL break some sites very badly.

Meanwhile, I wonder how much data was captured by trackers, google etc when they flipped the switch. Must be massive.

This is awful. Really. Apparently there are no good options for Firefox fans at the moment.

Ugh!

Seriously?May 4, 2019 8:11 AM

Again...

"about:config" / Firefox will warn "There Be Dragons" PRESS - I accept the risk! / In the Search: box type - "xpinstall.signatures.required" / on that line - right click the Value "true" and select Toggle to change to "false" your "unsafe" extensions will work.

Are people literate this morning or what's going on?

Seriously?May 4, 2019 8:12 AM

"Or maybe the google has spoken, or the government, or someone has been bought off."

A certificate used for signing expired. Granted it's embarrassing... but get a grip.

AlejandroMay 4, 2019 10:13 AM

Re: Firefox Extensions MURDERED!

Well, on Firefox Quantum beta the reported fix is not available, the about:config trick doesn't work and setting the clock back simply breaks ssl altogether.

Meanwhile, as far as I know, the Studies program is basically a key logger.

Is renewing a certificate really that hard...or slow?

11.11 am Saturday.

AlejandroMay 4, 2019 10:27 AM

Re: Firefox

THIS did work:

In Firefox go to:

Options/Privacy and Security/Firefox Data Collection and Use/check "Allow Firefox to install and run studies/close then open Firefox/extensions are reborn/ repeat all again and then un-check install and run studies.

This was really bad because it was so sudden and no doubt dumped a lot of data to the trackers that they shouldn't have got.

CallMeLateForSupperMay 4, 2019 11:43 AM

Oh c**p. Did I miss another "latest thing"?
Unable to duplicate the "murdered-Firefox-extensions" here.

Firefox 63.0.3 (64-bit)
PrivacyBadger
NoScript
HTTPS Everywhere
... all apparently happy.

Ubuntu 16.04 LTS

MarkHMay 4, 2019 12:07 PM

Not New, But Interesting

I'm indebted to Bruce (on the 737 MAX thread) for linking to a piece by Peter Ladkin responding to the article Bruce's post had cited.

I've been reading more on that site by Ladkin, who specializes in analysis of safety aspects of systems and takes a special interest in aviation safety.

This article from ten years ago is nominally about a kind of dangerous incident that sometimes happens with big jets, in which incorrect determination or data entry of aircraft weight is a precipitating factor.

But what stood out for me, was analogizing pre-flight procedures to software (which is of course composed of specified procedures) and applying formal software verification techniques to those people-executed procedures.

I know that a few readers here are interested in formal verification techniques; perhaps this different way of applying them will be of interest as well.

AlejandroMay 4, 2019 12:22 PM

@CallMeLateForSupper

Sometime this morning Mozilla issued a patch, just about the time you and I were fooling with it.

But, indeed it was M U R D E R ! Mozilla acknowledged the homicide/glitch along with fix.

All those popups, banners, flashing thingies and commercials...wow...is that what the real internet is like?

JG4May 4, 2019 12:23 PM

Run ragged or you'd hear from me sooner and more often.

https://www.nakedcapitalism.com/2019/05/200pm-water-cooler-5-2-2019.html
...

Big Brother Is Watching You Watch

Enter the Egg Man:

Jason Kint✔@jason_kint
· May 1, 2019
Replying to @jason_kint
Data point => @neemaguliani to @brianschatz "The size of the FTC office is probably smaller than the DC office of a lot of major tech companies."

Jason Kint✔@jason_kint

Great example of user expectations by @neemaguliani "If I buy eggs from store and give my address for delivery, I expect they're going to use my address to get eggs to me. What I don't expect is they're going to tell an insurance company I bought eggs to charge me higher rates."
6 likes | 12:13 PM - May 1, 2019
https://twitter.com/jason_kint/status/1123621537897226240

Big Dat: “I want them all! I’ll have the brown ones, and those great big white ones, and I’ll have those over there. And I want them for frying and for scrambling, and for hard-boiled for snacks. Oh, God!”
...

The PullMay 4, 2019 12:59 PM

two good articles, one on the upcoming election and interference from foreign powers (Russia), & the other on 8chan

https://www.vox.com/recode/2019/5/3/18527214/8chan-poway-synagogue-shooting-christchurch-john-earnest
https://www.washingtonpost.com/politics/2019/05/03/whats-russia-still-doing-interfere-with-us-politics-whats-us-doing-about-it/?noredirect=on&utm_term=.84b0d6dc7d1e

Sometimes, advocating for free speech means you need to draw the limits, and attack the abuses of it. Question is, 'what can be done about these abuses'.

No idea on 8chan, and similar venues, except that they should be exposed for what they say 'in the dark'. On the abuses of free speech, whereby key systems are hacked and information dumped, not much anyone can do. All one can advise is, 'what you say in secret may be shouted from the rooftops'.

But, in regards to mass information attacks from roving bands of propagandists and bots: the US should invest in detection of these attacks, and work with administrators shutting them down. The military has every authority to do that, as does intelligence.

Sanctions are a slap on the wrist, a joke. Running counter-attacks is useless and detrimental. People should keep their nose clean, or it would make accusations against interference appear as mere hypocrisy.

But, there is every reason to detect these bot farms and armies of influence agents. And nothing preventing reporting them to administrators of the sites where these armies are run.

This still leaves attacks against voter systems & illegal campaign contributions open. But, neither of these attacks are as important and impactful as what Russia has been doing with their influence troops.

Finally, on the likelihood of Democracy not lasting, okay, but irrelevant. I am sure everyone agrees that the rights that can be supported only under a partially operating democracy is well worth the efforts to keep it alive.

lurkerMay 4, 2019 3:39 PM

So Firefox collapsed under the weight of its own bloatware? News at 11...

I scratched around a while ago for a lightweight browser that only did: browse. HTML5, ask me to turn on javascript, store no cookies, history or bookmarks. I arrived at Midori, but now that has been picked up by an Enterprise friendly outfit and is again being "developed". Time to look around again...

uggerNautMay 4, 2019 3:44 PM

If anybody is looking for some free online checksum items,
here is something that I found. I'm not yet sure of it's precision
or accuracy. Hopefully it's accurate. The site is...

https://emn178.github.io/online-tools/crc32.html

Fore the test file listed below, I got a file SHA-512 checksum of:

SHA-512:

32230e3f762d3aa27282c2375234387efeb1271f77caae51867ced9afb8c1f728d0ca8203fc11b471ed4007acfbd7038dacd7511e555a4cceea0583cf8edab28

Input File: (a bland, PNG file, not too many specifics about it yet)
https://i.postimg.cc/K8TcbYtT/if-and-only-if.png

Can anybody tell me if the SHA-512 of the file is as above?

Thanks in advance.

1&1~=UmmMay 4, 2019 4:26 PM

@Lurker:

"I arrived at Midori, but now that has been picked up by an Enterprise friendly outfit and is again being "developed". Time to look around again..."

Maybe, maybe not, asses the risks first.

Look at it this way, what you currently have is 'sans bloat&telemetry' and does not have any known vulnerabilities currently.

The 'Enterprise friendly outfit' is in all likelyhood going to add a lot of 'bloat&telemetry', which aside from being 'needless complexity' it's also where new vulnerabilities will likely show up by the bucket load, such is the nature of adding new features.

If Midori as it currently is matches your needs and there are no vulnerabilities reported, do you need to upgrade?

Simple answer is no, not unless a vulnerability shows up in the version you are using. However with a 'new version' around especially one with lots of new fun comerciality in it, the chances are that those looking for vulnerabilities will move onto the new version fairly quickly, and stop looking at the old code.

Even though there probably are vulnerabilities in the version you are currently using wairing to be found, if nobody looks for them then they will probably remain unknown thus unexploited.

So you have to consider one set of risks you already have, with a larger set of risks for the updated 'Enterprise friendly' version...

All I can tell you is that either way there are risks with all software thus you have to make choices. One such choice might be to use extra mitigations, that is effectively 'jail' the application in some way. So that even if it does have a known exploitable vulnerability it may not matter due to the way you use it.

That was the old philosophy behind 'ROM-OS usage' all the computer had was a motherboard, network card, display card, RAM and CD/DVD read Only drive, no hard drive or any other semi-mutable memory. If nasties happened, turning the computer off and then on again cleared them out[1].

Whilst theoretically less secure you can use various VM techniques on many 64bit OSs, without to much difficulty.

[1] Whilst that worked fine and still does with hardware from the mid 1990's, the increasing use of Flash ROM this century that can potentially be electrically altered by malware has opened up a security flaw on nearly all 64bit CPU based systems.

Sherman JerroldMay 4, 2019 5:40 PM

@1&1~=Umm
@Lurker

Good info regarding browsers and O/S sandboxing. I, too, have been unhappy with the ever increasing bloat of Operating Systems and Browsers. A friend of mine just had a M$ win10 update change his default browser from firefox to M$ Edge. And, re-institute all the 'tracking/reporting' options of Win10 and Edge he had spent 5-10 minutes turning-off. Boy has he been frustrated!

I've been trying many browsers. Midori is not bad at all, but the versions available to the Linux distros I've tried are a little limited. I've used SeaMonkey, Palemoon, the Lite Browser (which is old enough that it returns SSL TDS and server config. error messages on some websites). Firefox (unupdated at 58) on Puppy Linux has now started to lock-up every 10 minutes or so. Restarting the Windows Manager clears it, but it is a pain. I've heard some people say the Brave Browser is good, but some express concerns, too. I've even used Linx and other text browsers, but they are not widely useful for today's overly complex websites.

Also, regarding the ROM operating systems, you can (I often) run many Linux distributions (Linux, MX, Puppy, etc. from a live CD/DVD or read-only USB flash drive. And, if it gets messed up, just re-boot and you will have a clean uncontaminated O/S again. Also, as 1&1~=Umm said, VM and sandboxing works to improve security. Distrowatch has reviews showing which Linux Distros run well in virtual machines. I've found Linux is now easier than Win10 to use and I teach people (mostly non-tech oriented Newbies) to use it as a secondary/rescue/dualboot at free computer clinics I give.

I'll report any progress with browsers as I find (and after I've tested) them.

Sherman JerroldMay 4, 2019 5:58 PM

My brain just uncramped and I remembered to mention that there are many good sites that have lists of web browsers:

https://en.wikipedia.org/wiki/List_of_web_browsers --- is one

I use duckduckgo search engine because it is unbiased and (other than 1-2 labelled paid ads at the top) provides 'natural results' not biased by what you've been viewing on the web.

You can search for 'most secure browser' or something like that and many tech sites will be shown that provide a lot of good info. Just be sure to check more than one source to validate the info. Also, you need to make sure that the browser is compatible with your O/S.

ALMay 4, 2019 7:55 PM

@CallMeLateForSupper

I'm hearing that the "fix" being pushed out by Mozilla is for Windows only.

Should you lose your extensions on Linux, I'm hearing that the workaround is:
• Go into about:config
• Change xpinstall.signatures.required from True to False.

Once the snafu is fixed, then toggle xpinstall.signatures.required back to True.

Also, xpinstall.signatures.required to false is the fix for Tor Browser, and perhaps all the ESR versions.

TRXMay 4, 2019 8:20 PM

Unfortunately toggling xpinstall.signatures.required didn't work for ESR 52.6.0 on Linux. And in keeping with the bizarre difference in Preferences between the Linux and Windows versions, there's no "studies" anywhere in this version.

CuriousMay 4, 2019 8:20 PM

Anyone evaluate the new service Librem One from the Puri website?

Offers a service, it appears to me, first hop is to Librem site. Like Librem mail is to their site, encourages, does "end to end" encryption, then goes to whichever email provider you prefer.

Librem Tunnel is for VPN's, any VPN you prefer.

Librem Chat would be fully encrypted chat.

Librem Social is the opposite of Face Book, no spying.

OR so I understand. I would classify this as more Privacy Software. They have a T-shirt, "We Don't Look at your Junk."
Guessing this Would relieve "Man in the Middle" attacks at public WiFI (?) It would be interesting for phones, in that some of the attack means intercept the signal.

As the Librem Software is open source, I guess one could adapt it for one's personal use, to one's own personal website rather than the Librem One site.

I read some others have tried to create these kinds of services before, and then had to close because of a lack of subscriptions, funds.

I have not enrolled in this. Please correct me where I am wrong.

name.withheld.for.obvious.reasonsMay 4, 2019 10:26 PM

The Crimes of Juliana Assange; Efficacy has no place in Law

1. Julian Assange, assumptive in understanding the nature of human behavior and our willingness to reason, had unwittingly enjoined the known criminal gang, the US DOJ, also with known links to terrorists and in doing so made new friends.

2. An unreasonable expectation of institutions, in and of authority, specifically answerable for the criminal act(s) by secret courts will reach conclusions and a summary that is just and fair. For example; the belief that "governments can be trusted with military power", is public knowledge. Ask anyone in the countries of Iraq, Afghanistan, Pakistan, Libya, Yemen, Sudan, Iran, or Syria.

3. Assange willfully participated in a terrorist organization, evidence demonstrates that the act of a protected class, "the press", the only profession enumerated in the Bill of Rights, constitues a crime that may include conspricay to speak the truth.

4. Financial fraud; using mathematics for the purpose of computing prime numbers larger then is legally allowed. In this charge, a parallel charge of other illegal mathematical methods and their possesion or use where an elipitical curve and differential analysis is involved.

ALMay 4, 2019 11:24 PM

@TRX
OK, I had read that toggling the preference would work, but didn't try it, except for Tor

So, it can be "fixed" another way, and I tested this on Manjaro, FF 66.0.3
In about:config set "devtools.chrome.enabled"
Then enter ctrl-shift-J to bring up the browser console.
Then run the script from here.
https://news.ycombinator.com/item?id=19824410
I think it's only good for 24 hours. It gets you past the check, but the check is once a day. Your extensions should return immediately.

I tucked away that script.

#CERTIFIGATEMay 5, 2019 3:09 AM

I tested any "solution" I could find on the web, yet the only *permanent* fix was this extension [note the irony] in order to reenable your disabled extensions in Firefox instantly [I tested it successfully on Win7 & Manjaro]:

https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi

*Kudos to Anonymous on May 5, 2019 at 8:08 am in the comments of

https://www.ghacks.net/2019/05/04/your-firefox-extensions-are-all-disabled-thats-a-bug/

AndersMay 5, 2019 4:41 AM

BTW, that Firefox add-on issue doesn't affect FF 56.0 with old style addons.
Yes, this browser might be outdated, have security flaws, but at least
NoScript works.

FaustusMay 5, 2019 10:16 AM

@ CallMeLateForSupper

You listed the only extensions I would install anyhow. NoScript, Privacy Badger, and HTTPS Everywhere.

It is my understanding that extensions are not well vetted and present a gaping security vulnerability. Turning off the signature checking sounds like a very insecure solution on top of a security vulnerability. Who is waiting for you to do exactly that?

I have a hard time understanding the need for extensions beyond the security ones you listed.

Firefox seems less and less privacy minded each release. Can people recommend a more private browser for Windows? For Linux Fedora? For Linux in general?

FaustusMay 5, 2019 10:19 AM

@ 5 May 2019

I am amazed how willing news sources are to parrot the press releases of serial liars.

A90210May 5, 2019 1:06 PM

@Propounding

"There are absolutely real security concerns when a sitting President is credibly accused of crimes and the acting AG is actively attempting to cover them up."

I enjoyed many of your points above. Regarding the above quote and other "lawfare" stuff, we may need to settle in for the long haul. Perhaps post 2020 election. As Bmaz at https://www.emptywheel.net implied recently, if President Trump is backstopped by Attorney General (AG) Barr and the Department of Justice (DOJ), things may take awhile.

A90210May 5, 2019 1:29 PM

https://www.democracynow.org/2019/5/3/mass_judge_refuses_to_halt_pro

"AMY GOODMAN: We begin today’s show in Western Massachusetts, where a judge ruled Thursday a panel on Palestinian rights can move forward. “Not Backing Down: Israel, Free Speech, and the Battle for Palestinian Human Rights.” That’s the title of the event set to take place Saturday at the University of Massachusetts Amherst. Three anonymous UMass students filed a lawsuit to stop the event, claiming they will, quote, “suffer irreparable harm” if it takes place. But Judge Robert Ullmann ruled Thursday the event can proceed, saying, quote, “There’s nothing that comes even close to a threat of harm or incitement to violence or lawlessness,” he said. Meanwhile, the university has backed the event despite the protests, saying it’s committed to the principles of free speech and academic freedom.

The event is co-sponsored by Jewish Voice for Peace. Group member and attorney Rachel—a group member and attorney responded to Thursday’s decision, saying, quote, “The judge ruled that to shut down this event would be to violate the First Amendment. But we also challenged the false premise that criticism of Israel is somehow inherently antisemitic. We have every right to criticize Israel’s violations of Palestinian human rights. As members of JVP, and as Jews, we stand in solidarity with the event and with the panelists,” Rachel Weber said. ..."

and https://www.democracynow.org/2019/5/3/roger_waters_on_palestine_you_have

We also recently spoke to Noam Chomsky, the world-renowned political dissident, linguist and author. He said Democrats are supporting Palestinian rights more now than in the past. He said times have changed.

NOAM CHOMSKY: The support for Israeli expansionism, repression, the whole alliance that’s developing, that support has shifted in the United States from the more liberal sectors—roughly, the Democratic Party—to the far right. Not very long ago, support for Israel was based passionately in the liberal sectors of the population. It was a Democratic issue. It isn’t anymore. In fact, if you look in the polls, people who identify themselves as Democrats by now tend to support Palestinian rights more than Israel. That’s a dramatic change. Support for Israel now is in the most reactionary parts of the population: evangelical Christians, ultranationalists. Basically, it’s a far-right issue. Among younger people, this is even more the case.

AMY GOODMAN: That was Noam Chomsky, who had just returned to Boston, to Massachusetts. I was interviewing him at the Old South Church there. About a thousand people packed into the church. Roger Waters, do you feel that kind of optimism? I mean, here, Noam Chomsky has been so critical of the Israeli state for so long, and yet he says he feels there is a different climate right now.

ROGER WATERS: Absolutely. I mean, I’ve been involved in this struggle only for the last 12 years. But over those 12 years it has changed dramatically. And Noam Chomsky is exactly right. And so is Sut. They are desperate now. That’s why they pulled this silly legal stunt about this meeting in UMass. And I’m so happy to see it. And working with people from Jewish Voice for Peace and other Jewish organizations, as well, has developed dramatically over the years, as the demographic within the Jewish community in United States has changed, and they’re coming more and more 'round to saying, “Not in my name,” and which is hugely encouraging, yeah. I feel overcome, almost, with joy even to be able to speak about it in these terms now. And I'm really looking forward to Saturday in Massachusetts and having—you know, speaking to young people and meeting also the other panelists, all of whom I admire. ..."

Sherman JerroldMay 5, 2019 3:38 PM

Thanks to all of you that posted the info on "Tribulations of using Firefox".

Those that use windows can likely find a browser to test on portablefreeware.com . They provide free and portable (as in you don't have to install it to try it) browser alternatives. Just select the 'categories' tab and peruse the offerings. I get no credit or benefit from suggesting this, it's just a resource I suggest to friends and those at the free computer clinics I hold.

Also, the portableapps site has many similar offerings.

Read the whole review of any of these offerings, while most are just 'download and run', some do require a little work and a very few do write benign 'registry' entries.

I'm writing this from the mozilla based Light browser on Linux (not great, uses a lot of computer power, but runs clean

Alyer Babtu May 5, 2019 4:41 PM

Re squid skin inspires

I’m confidently looking forward to the day that squid skin and chromatophores lead to full color, reflective, ultra high resolution displays, so we no longer have to stare into light bulbs when we use computers. Or, black/white E-ink is superseded by Squid-“ink”, so to speak ...

tens-1.7.5-public.isoMay 5, 2019 6:59 PM

"Thanks to all of you that posted the info on "Tribulations of using Firefox"."

TENS, some sort of Linux, seems to have the same, or similar problems with Firefox 60.3.0esr
Of course, there is about:config ; javascript.enabled toggled to false

Ubuntu Xenia1 (16.04?), somebody else's computer, had no extensions today. I added Privacy Badger, httpseverywhere, and NoScript without incident; https://panopticlick.eff.org yielded about 1 in 500.

tens-1.7.5-public.isoMay 5, 2019 7:48 PM

@Curious

"Anyone evaluate the new service Librem One from the Puri website?"

Don't know, but there is https://www.pureos.net/ ; perhaps affiiated

Also
https://www.reddit.com/r/BSD/comments/4p3opx/hardenedbsd_vs_openbsd/ 2 years old

https://www.reddit.com/r/freebsd/comments/7e6r69/trueos_vs_regular_freebsd_and_hardened/ 1 year old

https://ghostbsd.org/

https://www.openbsd.org

Finally, I have limited experience with the above. For example, I never could figure out how to use openbsd's signify with installXX.iso or cdXX.iso or use with DNSCrypt download stuff.

antibilious May 5, 2019 10:39 PM

@Block

"Collusion" certainly is not proven either way yet.

But since that's not a crime, by name, we might as well stop using the term entirely.
It can only confuse the issue but make no mistake - there is quid pro quo in the open.

A sitting Pres who has not been interviewed to make a determination of knowledge of guilt, however, cannot be charged under the seemingly legal policy of DOJ policy guidelines.

That certainly doesn't mean he can't be charged in the future as additional investigations continue, and in fact that's entirely likely given the facts already in public play.

What Mueller indeed reported was that "additional in-depth investigation may have yielded direct evidence" that the President had knowledge of and was in furtherance of the Russian disinformation/campaign disruption plot. Donnie's left a tonne of video in plain sight as to his motivations and pro-Russian actions in that time, but none of that is "directly" as testimony, it's all circumstantial evidence. Tonnes of it.

Culminating with his latest phone call with the Kremlin, where the accused "colluding" parties both agreed, there was no collusion! Smiles through phone lines and all.

Of course, no mention of the 2020 election was necessary, given it was all a hoax!

Just ask Vladimir Putin or his defacto subordinate - there are no Russians in Venezuela.
And Otto Warmbier, sadly he must have tripped and fell. Kim gave his good word.

Whatever the end result here, Donald Trump is not cleared of anything yet. Nothing.
His word is mud. He's associated with proven liars, over and over and over and ongoing.
He's given cover to murders of journalists and civilians alike, without batting an eye.

Whatever you believe about the Russia investigation, Trump is a traitor to American values and the foundations upon which this country and Western Democracies in general are founded. On that basis alone, if not the THOUSANDS OF OTHERS, he will be removed.

We don't need "collusion" as a nebulous football of simultaneous treason and exoneration to accomplish that. It's relegated to a term of talking point art.

The crime is conspiracy to defraud the American government. No deliberate misinterpretation of Mueller's report is going to clear him of this.

When he leaves office, it begins.

mikeMay 6, 2019 5:21 AM

@antibilious wrote, "Whatever you believe about the Russia investigation, Trump is a traitor to American values and the foundations upon which this country and Western Democracies in general are founded. On that basis alone, if not the THOUSANDS OF OTHERS, he will be removed."

These are rather harsh words for a sitting President. I believe "Russian investigation" is a complete hocus pocus based on a journalist's unproven memoire. It reeks of shooting anything that moves because a solder is too lazy and physically exhausted to carry bullets on a long march.

Most of these anti-Trump billings are an attestment to how the Clintons' maneuvered the system thru both new and old world. Politics is never a clean business.

Wesley ParishMay 6, 2019 7:23 AM

A pair of articles on the problem of attribution in relation to networking equipment and related software, from our friends at ElReg:

Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone
https://www.theregister.co.uk/2019/04/30/huawei_enterprise_router_backdoor_is_telnet/

Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again
https://www.theregister.co.uk/2019/05/02/cisco_vulnerabilities/

Hysteria makes attribution difficult, if not impossible ...

MarkHMay 6, 2019 9:00 AM

.
First Ever Kinetic Reaction to Cyber Attack

When the US government revealed that the Russian government had made cyber attacks against the 2016 election, there was much frantic hand-wringing about the fear that the US would start a war, perhaps on the basis of an incorrect identification of the cyber attacker.

Well, that never happened.

But according to Kate O'Flaherty, self-described freelance cyber security journalist writing in Forbes, such an event has just occurred, for the first time in history.

The Israel Defense Forces announced the destruction of a building in Gaza, by airstrike, in response to a cyber attack attributed by IDF to activities in that building.

Academic and institutional analysts of cyber security have given considerable attention to the question of whether, or under what circumstances, physical violence might be employed in response to cyber attacks.

The discussion is no longer theoretical.

JG4May 6, 2019 11:39 AM


https://www.nakedcapitalism.com/2019/05/links-5-6-19.html
...

An American Lab Test Abroad The Baffler

The Race to Develop the Moon New Yorker
...

A Mystery Frequency Disrupted Car Fobs in an Ohio City, and Now Residents Know Why NYT (The Rev Kev)
...

https://www.nakedcapitalism.com/2019/05/links-5-6-19.html

...
Big Brother Is Watching You Watch

None of Your Business The Nation

‘Everything Was Done To Make Julian Assange’s Life Miserable’ (interview) Der Spiegel (GlennF).

The Racist—and High Tech—Origins of America’s Modern Census Yasha Levine, OneZero. A must-read.
...

dilationMay 6, 2019 12:37 PM

as pertains to international counter-terrorism:

A word to the wise... (sure it's speculation, so sue me...)

Before and when the USA falls from it's metastate of rampant internal turmoil and instability, other nations will probably want to be prepared for that toxic multi-calamity. It's likely that there will be attempts from within USA to attack other US cities and states with weapons of mass destruction as well as several other vectors of hostility. To some covert degree, this is already happening in less potent ways.

Eventually, this will probably escallate into blaming and desperate attacks against other nations and involving attempts to drag other nations into the mess.

It's in the interests of other nations, completely independently of NATO, to pre-plan contingency responses and readinesses for when America "hit's the wall".

USA is currently in what seems like a preliminary effort to repel it's own nose-dive into total demise.

USA is being severely dismantled from within from several different organizations, cults, and pseudoinfluential powermongers.

I deliberately left out some specifics. There's no need to hand the keys to the eavesdropping destroyers.

Different topic: Mozilla isn't worth the effort; it's designed to antagonize it's own end-users. It's not broken, it's designed to cater to the dataminers, not the end-users.

Good Luck to those who choose to divest from the internet, technically and financially and socially.

"Life is what happens while you're busy making other plans"

Take care.

MeMay 6, 2019 1:04 PM

Regarding the article, I find it crazy that people would be comfortable at 70 degrees, much less 75.

That is dang hot!

vas pupMay 6, 2019 2:00 PM

Brain imaging lie detector can be beaten with simple techniques
https://www.sciencedaily.com/releases/2019/05/190503100810.htm

"Researchers have shown that a functional magnetic resonance imaging (fMRI) 'lie detector' test, which measures brain activity, can be 'deceived' by people using mental countermeasures. The study suggests that more should be done to detect mental countermeasures before using fMRI tests for forensic applications.

In the new study, participants were asked to conceal information about a 'secret' digit they saw inside an envelope.

Researchers taught 20 participants two mental countermeasures. The first was to associate meaningful memories to the control items, making them more significant. The second was to focus on the superficial aspects of the item they were trying to conceal, rather than on the experience of familiarity it evokes, in order to make it less significant.

The results showed that these countermeasures lowered the accuracy of the test by about 20% because it was more difficult for fMRI to find any differences in brain activity. Thus, participants were more likely to be able to hide their concealed information item when using the mental countermeasures.

The research team concluded that in order to improve the robustness of the test, future work needed to identify a way of detecting mental countermeasures, and potentially look at conducting whole-brain analyses, rather than just examining regions of interest."

vas pupMay 6, 2019 2:12 PM

@Clive - you high level expertise required to digest this article properly


New artificial synapse is fast, efficient and durable:
https://www.sciencedaily.com/releases/2019/05/190504130308.htm

"A battery-like device could act as an artificial synapse within computing systems intended to imitate the brain's efficiency and ability to learn.

The brain's capacity for simultaneously learning and memorizing large amounts of information while requiring little energy has inspired an entire field to pursue brain-like -- or neuromorphic -- computers. Researchers at Stanford University and Sandia National Laboratories previously developed one portion of such a computer: a device that acts as an artificial synapse, mimicking the way neurons communicate in the brain.

Looking forward, the team members want to combine their artificial synapse with traditional electronics, which they hope could be a step toward supporting artificially intelligent learning on small devices.

"If you have a memory system that can learn with the energy efficiency and speed that we've presented, then you can put that in a smartphone or laptop," said Scott Keene, co-author of the paper and a graduate student in the lab of Alberto Salleo, professor of materials science and engineering at Stanford who is co-senior author. "That would open up access to the ability to train our own networks and solve problems locally on our own devices without relying on data transfer to do so."

The team's artificial synapse is similar to a battery, modified so that the researchers can dial up or down the flow of electricity between the two terminals. That flow of electricity emulates how learning is wired in the brain. This is an especially efficient design
===>because data processing and memory storage happen in one action, rather than a more traditional computer system where the data is processed first and then later moved to storage."

pelewrinkilocoulombMay 6, 2019 2:30 PM

@vas pup: thanks for that clip

I really don't understand the lack of insight of those who actually believe we need "countermeasures" against ways to block invasive technologies that have the potential to be misused for hideously tyrannical and tortuous purposes. Is it lack of insight, or are they really just authoritarian technocrats? You decide.

On a completely unrelated topic, does this image appear greenish on anybody's monitor?

https://i.postimg.cc/cHXcZSzK/gills.png

I have been having some trouble with color casting imposed somewhere within the colour gamut chain from input to output, etc.

Any insights from anyone are helpful.

revoluMay 6, 2019 2:49 PM

"These are rather harsh words for a sitting President"

I agree, I admit it, it's harsh. And absolutely earned.

gordoMay 6, 2019 3:12 PM

Timely and topical . . . Could have dropped elements of this article in a number of threads here . . .

What Turing Told Us About the Digital Threat to a Human Future
Timothy Snyder

It is not just that we are staring at our phones as catastrophe looms. It is that by staring at our phones we are collaborating with our hydrocarbon and digital oligarchs in the catastrophe. The future disappears both because we are distracted and because our thoughtlessness summons the darkness. Without a sense of time flowing forward, analytical thought cannot occur, and there will be no technological solutions. Our digital beings—the stupefying aggregate of algorithms that prompt us, bots that herd us, doppelgangers that follow us, and categorizers that sell us—are taking us apart.

https://www.nybooks.com/daily/2019/05/06/what-turing-told-us-about-the-digital-threat-to-a-human-future/

This essay is published in partnership with the online European magazine Eurozine:

And we dream as electric sheep
On humanity, sexuality and digitality
Timothy Snyder
6 May 2019

As a bruised apple attracts flies, human thoughtlessness draws algorithms. Digital beings encourage our false beliefs, exploit our anxieties, and then use us as alibis for what they have done. Timothy Snyder examines what Turing said about the digital threat to a human future.

https://www.eurozine.com/dream-electric-sheep/

The Eurozine version includes endnotes.

Carlo Rossi Osti HoudiniMay 6, 2019 6:41 PM

about the "Numbers Station" bit...

https://vimeo.com/35938634

really, yes, really.
.SMIL --> SITX --> HQX --> TAR --> BZP --> 7ZIP --> futility --> folley --> stay off the grid --> smile (genuinely)

A90210May 7, 2019 9:53 AM

To borrow from Prince, You are not engaged in kid stuff, or something like that.

https://www.npr.org/2019/05/02/719536645/journalist-explains-john-boltons-push-for-aggressive-use-of-american-power
GROSS: This is FRESH AIR. And if you're just joining us, my guest is Dexter Filkins. He's a staff writer for The New Yorker. His new piece is called "John Bolton On The Warpath." [ https://www.newyorker.com/magazine/2019/05/06/john-bolton-on-the-warpath ] John Bolton is President Trump's national security adviser.

Let's talk about Bolton's background. In 1985, Bolton joined the Reagan Justice Department. And there, he helped shepherd in the Supreme Court nomination of Robert Bork. He did not get confirmed in the Senate. And as you say, that began the era of fiercely partisan high-court nominations. I think Bork went on to found or co-found the Federalist Society...

FILKINS: Yeah.

GROSS: ...The group of very conservative, you know, lawyers.

So what were Bolton's priorities back then? Do you know?

FILKINS: Again, he's been a conservative his whole life. If you go back - when Bolton got out of law school, he was an assistant to his Yale law professor Ralph Winter. And Ralph Winter was a very well-known figure in the conservative intellectual movement. And when Bolton got out of law school, he joined up with Winter. So he's just in his 20s. They take this - what turns out to be a landmark Supreme Court case, Buckley v. Valeo, in - which was the first big lawsuit - kind of the precursor to Citizens United - it was the first big lawsuit that challenged restrictions on campaign spending and giving. And they won.

And essentially, it was Buckley v. Valeo - landmark case - it established essentially that money and political contributions is essentially political speech. And that ultimately led to rulings like Citizens United, which have basically just unleashed, you know, as we now have the system - we now have this massive flood of private money into our campaigns.

And that was the beginning. And Bolton was involved in that when he was just in his 20s. And he was involved in the Bork nomination. And he was involved in the Iraq War. So you can just chart his career, and it takes you through the whole rise of the Republican establishment as we now know it.

GROSS: Is there anything I left out of the interview...

FILKINS: Yeah.

GROSS: ...That you reported that you think is really important and you want to share with...

FILKINS: Well...

GROSS: ...Us before we have to move on?

FILKINS: Yeah. Yeah, I would do - I think there's one. You know, Bolton has aggressively advocated attacking North Korea for years. And I had a conversation with - Larry Wilkerson was chief of staff to Colin Powell. And Bolton was essentially advocating, you know, preemptive war with North Korea in the early 2000s - like, after 9/11. He was going around saying, they've got this nuclear program. We have to act now and take them out.

And it was so disturbing to Wilkerson that - and there's a scene in the piece where he said, we arranged - we had to find a way to shut him up. And he said, we arranged for a briefing for Bolton. So we brought him into the room - he and Richard Armitage, who was the deputy secretary of state - and we gave him a briefing on what would happen if we went to war with North Korea. And as Wilkerson said to me - he said, it's, you know, tens of thousands of casualties. And they kind of laid it out. He said, we laid it out for John - like, how many South Koreans would die, how many Americans would die - there's 200,000 Americans in Seoul - how many Japanese would die, how many Chinese would die.

And he said, I'll never forget what Bolton said to me. He looked at me, and he said, are you finished now? You clearly do war. I don't do war. I do policy. And I think that for Wilkerson, you know, that really stunned him. And I think their - you know, their relationship has never been the same since. But there was - that it was - it struck him as a very cavalier attitude towards going to war and having a war like that.

And I just - one more thing about North Korea - I remember when I was on the plane of secretary - then-Secretary of Defense Jim Mattis. This is in 2017. And the subject of North Korea came up. And he said, if there was a war, a war with North Korea would be bloodier than - it would be a bloodier war than anyone alive has seen. That's how bad it would be. I mean, he got very sober very fast. And so that struck me as a pretty remarkable moment.

GROSS: And I guess a question that we're left with is, you know, there's a difference between recommending policy and being responsible for pushing us into a military conflict with devastating consequences and tens of thousands of deaths. Would Bolton go to the point where tens of thousands of deaths were kind of, you know - that he'd be responsible for the action that led to it? Is he...

FILKINS: Well, that's - yeah. That's a really good point. Look. I - it's one thing to be a highly paid commentator on Fox News and to say, we should bomb North Korea. We should bomb Iran. We - you know, we need to take action. Regardless, you know, go forward. Damn the torpedoes. That's one thing. But when you're actually, you know, in the cockpit and it's - and you're flying the plane and it - you got to drop that bomb yourself, it starts to look a little bit different.

And I think - I don't know. I mean, I think this brings us to Bolton in Vietnam, sitting next to President Trump, sitting across the table from the North Korean leaders on - and negotiating the - their nuclear weapons. It's - you never could've imagined that John Bolton, who has made fun of and mocked, you know, every American diplomat who has ever done that - he's sitting there in the same chair himself, doing exactly the same thing.

And I - he didn't say it in quite that way to me, but I think you can imagine that you can't - you can't be - you can't speak as freely and as loosely when you're the national security adviser, as opposed to when you're a commentator on Fox News. And I think he's finding that out right now.

GROSS: Well, Dexter Filkins, it's always great to talk with you. Thank you so much for coming back to FRESH AIR.

FILKINS: Thank you, Terry."

A90210May 7, 2019 10:04 AM

https://www.democracynow.org/2019/5/7/trita_parsi_john_bolton_has_wanted

"Iran is accusing the United States of “psychological warfare” after National Security Advisor John Bolton announced the U.S. is deploying a carrier strike group and a bomber task force to the region. In a statement on Sunday night, Bolton said the move was intended to “send a clear and unmistakable message to the Iranian regime that any attacks on United States interests or on those of our allies will be met with unrelenting force.” On Monday acting Defense Secretary Patrick Shanahan said the deployment was made because of a “credible threat by Iranian regime forces” but he offered no details. Axios is reporting the threat is based on information passed on from Israel [ perhaps Israeli analysis vs. Israeli intelligence, or something like that ]. The Trump administration has been ratcheting up pressure against Iran following Washington’s withdrawal from the landmark Iran nuclear deal last year. Last month, the U.S. designated Iran’s elite Revolutionary Guard as a terrorist organization. The Trump administration also said it will end a waiver program that allowed some nations to circumvent U.S. sanctions and continue buying Iranian oil without suffering penalties. We speak with Trita Parsi in Washington, D.C., author of “Losing an Enemy: Obama, Iran, and the Triumph of Diplomacy.” He is the founder and former president of the National Iranian American Council, and an adjunct associate professor in the Center for Security Studies at Georgetown University.

Please check back later for full transcript." Probably later today

https://www.axios.com/israel-warned-trump-of-possible-iran-plot-bolton-34f25563-c3f3-41ee-a653-9d96b4541984.html today

https://www.axios.com/israel-warned-trump-of-possible-iran-plot-bolton-34f25563-c3f3-41ee-a653-9d96b4541984.html yestersday

A90210May 7, 2019 10:23 AM

https://www.theguardian.com/world/2019/may/03/venezuela-protests-news-latest-maduro-uprising-that-fizzled-

"... In Washington, Bolton and Pompeo have hinted at the possibility of direct US military intervention to tip the scales to oust Maduro, but have so far been restrained by the Pentagon. The Washington Post reported a confrontation in the White House, between Bolton’s hawks and the vice-chairman of the chiefs of staff, Paul Selva.

As Selva made the case against any risky US escalation, he was repeatedly interrupted by Bolton aides demanding military options, until the normally mild-mannered air force general slammed his hand on the table, and the meeting was adjourned early.

Fulton Armstrong, a former CIA expert on Latin America now at American University said he was concerned that the generals could not hold out indefinitely against the calls for action.

Armstrong said: “These [Trump administration] guys are so desperate for a win – and with so much testosterone in their veins, I am really worried they are going to do something really stupid.”"

A90210May 7, 2019 4:15 PM

Regarding the deployment of a carrier strike group being made, AFAIK, a few weeks early to nearby Iran

https://www.democracynow.org/2019/5/7/trita_parsi_john_bolton_has_wanted


"... AMY GOODMAN: So Trita Parsi, the Defense Secretary Patrick Shanahan, former Boeing executive for decades, said that deployment was made of the military carrier strike group and bomber task force because of a credible threat by Iranian regime forces. Axios reporting the threat is based on information passed on from Israel. What is Israel’s interest in this?

TRITA PARSI: Well, the Israelis have been pushing for a military confrontation with Iran for quite some time as well, and certainly Bibi Netanyahu has prided himself as being the foremost advocate of a military confrontation with Iran. He just stated a couple of weeks ago outside of the Warsaw conference that what is bringing the Arab states—and what he’s referring to essentially is Saudi Arabia and the UAE—together with Israel is a common interest for war with Iran.

Now, of course, they don’t have the capacity of taking on Iran on their own, so the pressure is on the United States to start a war with Iran and essentially fight it for them. And as former Secretary of Defense Bob Gates said, the Saudis want to fight the Iranians to the last American.” What is also interesting about this Axios report is that it’s actually not intelligence that was being given to the United States about what the Iranians are doing, but rather an analysis of what the Iranians may be doing in the region. So we are now in a situation in which John Bolton wants to use an Israeli analysis written by some analyst in Israel about what Iran may do as the smoking gun to start his war. This is not only a repeat of the Iraq scenario, but it’s actually a farcical version of the Iraq war scenario.

[...]"

A90210May 7, 2019 4:34 PM

[ Human Rights Watch's Five minute video ] https://www.hrw.org/report/2019/05/01/chinas-algorithms-repression/reverse-engineering-xinjiang-police-mass-surveillance

https://www.democracynow.org/2019/5/7/as_countries_seek_trade_with_china

"... The New York Times reports the Trump administration has shelved proposed targeted sanctions over the mass detentions out of fear it could derail a potential trade deal. Last week, Human Rights Watch revealed new details about how China is carrying out massive surveillance in Xinjiang in part thanks to a mobile app that lets authorities monitor the Muslim population. This video, produced by Human Rights Watch, begins with a Uyghur student.

ALIM: I used to be one of those people like, “I’ve got nothing to hide. I’m just a student.” But I was very wrong. They’re targeting everyone. As long as you’re going out of your house, you’re being surveilled.

[...]

JUAN GONZÁLEZ: And you mentioned that even such an otherwise normal act as going outside the back door of your home as opposed to the front door of your house could be a trigger for the Chinese authorities to gather information on these apps?

SOPHIE RICHARDSON: Yeah. Some of the behaviors described or logged are really ludicrous. Front door versus back door. If you’re suddenly talking to your neighbor more or less. If facial recognition software logs you putting gas into a car that doesn’t belong to you. These are all behaviors that are perfectly legal under Chinese law, and yet they are now considered grounds for investigation, and in some cases, arbitrary detention.

AMY GOODMAN: I want to turn to Al Jazeera’s Mehdi Hasan, who recently interviewed the Chinese professor Charles Liu, who works as an informal adviser to the Chinese government.

MEHDI HASAN: Your country, the government you support and have advised, according to a U.N. rapporteur, according to the U.S. State Department, according to Amnesty International, according to Human Rights Watch, according to plenty of journalists and many others, are believed to have detained maybe a million people or more, mainly from the Uyghur Muslim ethnic minority, in re-education camps. A million people, Charles. A million.

CHARLES LIU: OK, OK. It’s certainly not grabbing headlines in China.

MEHDI HASAN: Is it not because you don’t have a free press in China, so you can’t have—

AUDIENCE: [laughter]

MEHDI HASAN: —headlines about the Uyghur?

CHARLES LIU: No, it’s because there are 55 national minorities in China, and Uyghurs population is in total—

MEHDI HASAN: Between 9 million and 10 million, I believe, in Xinjiang.

CHARLES LIU: Yes—0.7% of the population.

MEHDI HASAN: OK, but the world doesn’t work on percentages. If you lock up a million people in camps—

*CHARLES LIU: The world doesn’t—

MEHDI HASAN: —the world pays attention.

CHARLES LIU: 1.4 billion people need to be fed, need to be clothed, need to be educated.

MEHDI HASAN: [inaudible] locking up a million people in Xinjiang. That must concern you, to hear that a million people of your fellow Chinese countrymen and women have been locked up by your government.

CHARLES LIU: If it’s true, sure.

MEHDI HASAN: How do we establish if it’s true or not? Why don’t you let people in to check and count? Then we’ll know for sure.

CHARLES LIU: I think people have visited.

MEHDI HASAN: No. They’ve been on kind of supervised trips with Chinese monitors to select camps where they haven’t been able to see everything. In fact, Reuters went to the trip last year—they were taken around, they were allowed to meet some people, and the people sang, “If you’re happy and you know it, clap your hands.”

AMY GOODMAN: That’s Mehdi Hasan at the Oxford Union in Britain, along with the Chinese Professor Liu. Rushan Abbas, you are Uyghur. You’re a Uyghur-American activist. Your sister is still disappeared. Your response?

[...]"

Alyer Babtu May 7, 2019 4:42 PM

In case this has not been mentioned here previously, a nice use of modern math in an IoT related area:

Mathematical Approaches to Secure In-Vehicle Networks, Robert A. Bridges

https://www.ams.org/journals/notices/201905/rnoti-p744.pdf

“, we employed manifold learning techniques to learn a lower dimensional representation of CAN data and found that testing on emulated attacks shows a discontinuous jump in the lower dimensional representation providing a novel avenue for detection”

Author’s personal site https://sites.google.com/site/robertbridgeshomepage/

Alyer Babtu May 8, 2019 12:44 PM

@1&1~=Umm

Re alexa link

My new project: developing an AI that reads these sorts of utopian “your future is even more wonderful through more magic of computing” press releases and writes out the inevitable later security problem follow-up story, complete with its pseudo-apology-mea-culpa from the manufacturer. There’s tons of training data !

WhiskersInMenloMay 8, 2019 3:08 PM

On Firefox...

While it seems resolved it is worth remembering that stuff happens.
If you work on cars you need a second to go and get parts.
We all need a second or third browser installed, perhaps unused.
We should keep that last old computer updated from time to time for the same reason of getting parts.
An old phone can call 911, an un provisioned SIMM card can be provisioned.

Have a backdoor, well secured from external intruders but quick exit in a fire sort of thing. Basement egress is code for a reason.

Smoke and CO detectors are inexpensive insurance.

PassingThroughMay 9, 2019 6:07 AM

Is it time for a look at the state of Recaptcha? The new version apparently lets you in based on your willingness to be tracked. To be fair, I've long suspected that it played a major role, but v3 makes it the standard.

Clive RobinsonMay 9, 2019 1:12 PM

@ PassingThrough,

The new [Recaptcha] version apparently lets you in based on your willingness to be tracked.

Yeah, I commented about Gluegle wanting to be as sticky as a snail trail a week or so back and others mentioned the Recaptcha issue.

My view is that Gluegle offers me to little to be of interest.

I just wish that other posters would stop posting links to Gluegle, Facecrook, and the other "data rapers" on this site. The data rapers are not going to change as long as people keep posting links etc.

It's exactly the same argument as with paywalls by academic journal publishers, they won't stop their rapacious behaviour untill their business model does not work sufficently well any more.

Thus the best way to kill the beast is to starve it to death...

FaustusMay 9, 2019 1:27 PM

Did I miss people talking about Google's opinion piece?

https://www.nytimes.com/2019/05/07/opinion/google-sundar-pichai-privacy.html

What a load of baloney. This whole "log in so we can protect your privacy" canard is really insulting. If Google cared about privacy, it would be the default and you wouldn't have to log in to their tracking system to supposedly get more privacy (which is so unlikely to really happen). It would be an opt-in system.

I am libertarian, but I don't think that businesses should be free to lie about their practices. This misrepresentation should be actionable.


PassingThroughMay 9, 2019 1:59 PM

@Clive Robinson,
I don't use"glugle's" services. I find their searches to be poor, their, software to be weak, and in aggresive violation of the UN's Universal Declaration of Human Rights. In fact my problem is that I'm being increasingly forced to deal with their nonsense on other sites including ones I can't reasonably avoid.

lurkerMay 9, 2019 6:39 PM

@ gordo

Thanks for the link to the Timothy Snyder article, reassured me there are still some people in the U.S. who can read and have a clue. Those who don't and haven't wouldn't know that so long ago Simone Wiel warned that there will always be more fake news than real, because the fake is cheaper to produce.

And those of us outside the Beltway always knew there was no collusion: didn't need any. If P wanted an idiot in the White House he needed only to drop a hint, and gangs of hacker thugs would readily bust up a U.S. election just for fun.

However Snyder's analysis of Turing and Asimov assumes the classic standoff, where there is always an odd man out in any three. He emphasises the U.S. - Russia dichotomy, but even at his final hint that maybe an A+B+C solution could be best, he makes little mention of the Third Man: China. Xi Jinping has been trotting out at regular intervals a proposition he calls "A Community of Common Human Destiny". All the substance I can find to back this up is in Chinese, and already out of print...

name.withheld.for.obvious.reasonsMay 9, 2019 11:56 PM

STATEMENT, PUBLIC WITNESS:

Though the U.S. is no longer a member or observer with the United Nations Human Rights Council (UNHRC), the U.S., U.K., and Ecuador are signatories to the Universal Declaration of Human Rights (UDHR).

First, a country hosting a foreign embassy, acted to violate the sanctuary of the foreign soil wherein a refugee in asylum standing on territory of their naturalized country was dispatched from two legal stances—an Ecuadorian citizen, in sanctuary as a refugee, was extradited from a country that does not allow for their countrymen’s extradition. The second, the refugee was released from sanctuary seeking protection from prosecution possibly to face death, to a country that will not honor the Vienna convention on asylum.

Essentially if you’re an Ecuadorian citizen, your country will hand you to a foreign government without question or due process.

Or, if you have sought asylum from prosecution from a foreign government in which officials have openly called for your summary execution, you can expect the government that granted one asylum to revoke any legal claim and hand one over to tragedy. This is a clear violation of the U.N. Human Rights Council agreements, and the Universal Declaration of Human Rights. Though the U.S. is no longer a member or observer with the UNHRC, the U.S., U.K., and Ecuador are signatories to the UDHR.

There appears to be no legal constraints respecting the actions of globally visible bullies. The thuggish regimes that now hold sway on many sovereign governments is disturbing, troubling. Without the observation of common mechanisms for conflict and problem resolution, we are left with “might makes right”. This is more than a trend, it is now the preferred method used by governments around the world. Those still standing for a more moderated political and international relations are few and much marginalized.

Ironically, the prosecuted journalist was the person responsible for making public the Iraq War Logs; wherein two people working for Reuters (a videographer/photo journalist and his 40 year old driver) were killed and recorded on video by the U.S. Army. And, the date of the arresting/vanquishing/rendering/kidnapping of this person, 4/11.

MarkHMay 10, 2019 12:46 AM

@name.withheld:

I've addressed this before.

Legally, Assange has been under UK jurisdiction for every minute since he arrived in England about seven years ago.

As of this time, Assange has never been extradited.

Extradition proceedings have begun in the UK in response to a US request. These proceedings are expected to last till the latter part of this year, or even longer.

Assange will have abundant opportunity to put forth any and every legal argument he believes might help his case.

Facts Matter

NPR Lollipop GuildMay 11, 2019 4:10 PM

On the topic of 'Deep Fakes' and the odd circumstances of the 2016-2020-era White House Black Ops Extremist Shenanigans:

https://www.youtube.com/watch?v=knRGxj37AjM
https://www.youtube.com/watch?v=shzwCxwqono
https://www.youtube.com/watch?v=kvaKx3V55Pk
https://www.youtube.com/watch?v=gLoI9hAX9dw
https://www.youtube.com/watch?v=knRGxj37AjM
https://www.youtube.com/watch?v=AmUC4m6w1wo
https://www.youtube.com/watch?v=3OZEcvL2L5s

"I think you hear me knockin', and I think I'm comin' in. "

Future Punchline: Kamayla Harris is yet another Donald Trumpism waiting to happen. Don't let this be tweetable.

Clive RobinsonMay 14, 2019 6:56 PM

@ Apokrif,

See "If you feel your organization needs a "presence" in Facebook" by Richard Stallman:

Thanks for the link, I've not read it in the past, I'm kind of glad I'm not the only one who sees such organisations this way.

@ Passingthrough,

In fact my problem is that I'm being increasingly forced to deal with their nonsense on other sites including ones I can't reasonably avoid.

It's worse than you might at first think. My son is currently in "higher education" and every institution we have looked at insist on students using Glugle for everything.

As you might know Glugle has plans to extract as much information out of studebts as possible, including making claim on any of their work, including that which might be new / original / patentable.

It's not helped by the fact that nearly all cloud providers and Software as a Service providers like MicroSoft claim the same sort of rights in one way or another. In effect they are all committing "IP Theft", which is compleatly unacceptable.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.