Friday Squid Blogging: When the Octopus and Squid Lost Their Shells

Cephalopod ancestors once had shells. When did they lose them?

With the molecular clock technique, which allowed him to use DNA to map out the evolutionary history of the cephalopods, he found that today’s cuttlefish, squids and octopuses began to appear 160 to 100 million years ago, during the so-called Mesozoic Marine Revolution.

During the revolution, underwater life underwent a rapid change, including a burst in fish diversity. Some predators became better suited for crushing shellfish, while some smaller fish became faster and more agile.

“There’s a continual arms race between the prey and the predators,” said Mr. Tanner. “The shells are getting smaller, and the squids are getting faster.”

The evolutionary pressures favored being nimble over being armored, and cephalopods started to lose their shells, according to Mr. Tanner. The adaptation allowed them to outcompete their shelled relatives for fast food, and they were able to better evade predators. They were also able to keep up with competitors seeking the same prey.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on July 12, 2019 at 4:32 PM63 Comments


Anders July 12, 2019 4:43 PM

Mandatory first joke:

Professor: “So the American government went to IBM to come up with an encryption standard, and they came up with—”

Student: “EBCDIC!”

MarkH July 12, 2019 6:07 PM

A true spy story from The Atlantic …

For those interested in espionage, this modern-day account of an agent (now imprisoned) for the Russian Federation includes a variety of traditional elements, including enticement, blackmail, and exploitation of family relations in the attacking state.

A fascinating aspect for me, is that not only was this spy publicly acclaimed (until his exposure!) as an exemplary patriot; he also claims — with evident sincerity — that from his childhood through his present incarceration, he has loved his country and opposed Russia’s menace against it.

Such paradoxical ambiguity goes to the heart of human intelligence, which is in part a branch of applied psychology focused on human weakness.

@Anders: The Estonian connection is purely coincidental. I’d be delighted to one day visit Estonia, which is the homeland of one of my intellectual heroes. I hope people who don’t speak English wouldn’t be offended by my use of the Russian language …

MarkH July 13, 2019 6:24 AM


Bernhard Schmidt, ingenious optical inventor and extraordinarily accomplished maker of optical instruments … with only one arm!

I learned from the wikipedia article that his most famous achievement, the Schmidt camera, appears to have been independently invented by a Finnish astronomer just a few years prior, though the other fellow neither published his idea nor (as far as I know) solved the tricky challenge of fabrication.

Interesting, that both of these guys were from the world’s small population Finno-Ugric language speakers 🙂

cryptic politics July 13, 2019 8:05 AM

Interesting and informative podcast, including transcript, for the weekend: From Nation State to Empire State: A Radical History of How We Got to Trump (speech by NYU history professor Nikhil Pal Singh, already Oct. ’18). This finally explained to me what I could not understand for the longest time: that obsession with “race” in the US (a term/concept which evokes such repugnance in most intellectuals in Europe that it is mostly not even used on the strictly biological level where it might apply) and else what the heck is going on in that strange country over the Atlantic ocean and how it came to this…

VinnyG July 13, 2019 11:49 AM

@AL re: Twitter & politicians – As I understand it, both Trump and AOC were using Twitter accounts to conduct the official business of their respective elected offices, but at the same time attempting to restrict responses from the public to that business to those who supported their opinions, as if the accounts were private and personal. The court ruled, correctly in my opinion, that the public officials in question could not have it both ways. Public comment to official announcements, discussions, and other official communications must be open to all viewpoints, not just those of favored partisans. Personally, I think that anyone who would use Twitter for such purposes is a complete cretin.

VinnyG July 13, 2019 11:57 AM

@sil re: Palantir manual – I’m a bit confused. If the document was available via public record request, how can it be considered “Top Secret?” Also, I’d be very much interested in reading the complete and unexpurgated original document, and if Vice truly wanted to render a public service here, imo they would upload same and provide a link. I see no indication that they have done so. As a result, I must regard what they did publish with some degree of skepticism regarding how accurately it represents the entire guide, and whether they have intentionally omitted any important details.

justinacolmena July 13, 2019 1:45 PM

How are we supposed to “opt out” effectively from these ingratiating advertisers and content providers on the internet who have already collected, commercialized, bought and sold too much information on us in the first place?

And how on earth can we punish them adequately to deter them from further violating our privacy?

vas pup July 13, 2019 1:53 PM


Thank you for the article. Honey trap is as old as the spy craft itself.
I just curious how in the era of metoo US IC could recruit agents to perform honey trap action on foreign persons?

The part of the article caught my attention:
“EKRE has naturally seized on the Metsavas affair for political advantage. Ruuben Kaalep, the chairman of the party’s youth movement, addressed it directly last September in an interview with the Baltic News Service. “The only logical explanation for his actions is that blood is thicker than water,” Kaalep said.

“Loyalty is not guaranteed by Estonian citizenship or even a soldier’s oath given to the Estonian state. Loyalty is based on a feeling of ethnic belonging and a bond with one’s ancestors.”

He made a point, i.e. as I stated on this blog more than once, management of loyalty is important and is dynamic. MICE still work, but the better option as was proved is indoctrination kind of internalization by ‘puppet’ the ideas (real or implanted) of handler, meaning that Interest become implementation of internalized handler ideas/goals, but anyway as the first step honey trap is working. Do you remember when marines let Russian females/KGB agents let into secret room of US Embassy in Moscow? Those females were looking like as cover girls from US magazines and such type of girls could be pipe dream for marines.

AL July 13, 2019 1:54 PM

While I agree with your sentiments, as it applies to the President and AOC, the misgivings I have with this case deals with the court’s ruling, as it applies to Twitter, since the court is regulating speech on Twitter, a private corporation, and is curtailing Twitter’s ability to regulate the speech on their platform as Twitter sees fit.

65535 July 13, 2019 4:24 PM

@ sil

“Motherboard obtained a Palantir user manual through a public records request, and it gives unprecedented insight into how the company logs and tracks individuals.”

Yes, this is good example of a bad example.

I you notice Palantir gets data not only from Law Enforcement, it gets data from cell phone copanies, apps, emails, Google, Facebook, Linkedin.Amozon, twitter, Day Care Centers, Preschools, Colleges/Universities, Tech Shools, Mental Health, Phisician Patient data, Info from Local Hospital, Private Emergency Services… and so on.

How does ICE get the Day Care Centers and Mental Health information? Good question.

If you read more articals you will see Microsoft and Palantir are partners. Windows 10 [and with microsofts ups which include hidden metadata transfers for Windows 8 and 7]progably feeds huge amounts of metadata via encrypted streams to microsoft => ICE [Google and Apple, Amizon ect., are probably just as bad].

I would guess that data goes to Palantir and ICE via encrypted Metadata from Microsoft – or out-right sale of customer’s raw data. It’s aided by confusing EULAs and multiple other documents.

Microsoft Windows 10 systems are in hospitals and doctors offices and many of sentive organiztions. Microsoft and probably may other “Silicon Valley” companies are progably feeding ICE all sorts of data under the gusie of “Metadata ” and advertising data.

If you carefully read the Palantir/ICE users manual it’s clear that most examples of how to use the Palantir machine are in California and its Silicon Valley. The number of California cities used in the Manual is high. California Silicon-Valley are dirty players with Palantir.

This is how good technology turns into bad technology which harms human rights.

Microsoft has turned to darkside by providing unproven “push button law enforcement” techniques with no restraint [the same goes for Google, Apple, Facebook, cellphone companies and so on].

It is profitable but an undesireable game. It is hideous use of private data. It must be stopped.

[Excuse all mistakes I had to bang this out]

Clive Robinson July 13, 2019 4:35 PM

@ AL, VinnyG,

While I agree with your sentiments, as it applies to the President and AOC, the misgivings I have with this case deals with the court’s ruling, as it applies to Twitter

This should have little or no impact on twitter as a comercial entity.

Look at it this way,

Firstly the US Government is not supposed to indulge in propaganda against US citizens.

Secondly if any US official makes statments as a “public official” they have to be mindfull of “Malfeasance in Public Office”.

So if a US official made comment on twitter they only have two options,

1, Alow no comment.
2, Alow all comment.

Because only alowing favourable comment is a form of lying which contravenes both the propaganda and malfeasance rules.

The only comments they could reasonably get away with blocking are those that “Offend the Public Morals” or “are likely to result in a breach of the peace” or other criminal act. I know this can be stretched a bit, but not enough such you can get away with propaganda, thus malfeasance.

The court realy does not have much choice and as I said it has little or nothing to do with twitter. Who could now quite legitimately close the accounts / access the current US administration officials the court has found against have.

Put simply the court should have regarded Twitter as a “common carrier service provider” as it reduces complications. Thus regarding Twitter as not being a “publisher” who would be held accountable for “published content” others chose to publish over their network. Just as telephone services are not held responsible for bad language etc that goes across their telephone networks.

The fact that Twitter provided a “mechanism by which a user” could block comments is not at issue. After all users can “hang up” on or “divert to VM” an unpleasant “phone call” is most definately a “user issue” not a “servive provider issue”.

MarkH July 13, 2019 5:30 PM


I concur with the essence of what Clive wrote above.

To boil it down, the court made a ruling prohibiting certain conduct by public officials, who when exercising their authorities of office are NOT acting as private citizens.

The ruling only constrains the liberty of public officers. It does not harm the liberty of any private citizen or organization.

I think it’s a fundamental error to imagine that Twitter’s free speech rights are implicated in any case. Twitter’s conceit is that it is a neutral conduit for its users and readers … Twitter doesn’t claim to contribute any ideas, speech, or other content (apart from whatever burden of ads).

If there were an infringement of Constitutionally protected speech related to Twitter, the injured parties with legal standing to bring a case would be the users, NOT the company.

Prof. Noah Feldman’s argument, as presented in the linked article, makes no sense to me. It seems to focus on some (potential) interactions between laws regulating government communications, and rules of the communication carrier. Totally irrelevant, as far as I can see.

gordo July 13, 2019 6:17 PM

@ 65535,

I you notice Palantir gets data not only from Law Enforcement, it gets data from cell phone copanies, apps, emails, Google, Facebook, Linkedin.Amozon, twitter, Day Care Centers, Preschools, Colleges/Universities, Tech Shools, Mental Health, Phisician Patient data, Info from Local Hospital, Private Emergency Services… and so on.

It would seem, in a manner of speaking, that the third-party doctrine has been weaponized.

VinnyG July 13, 2019 7:27 PM

Fernando Corbató, who is credited, among other pioneering IT developments, with the invention of the password, died Friday, July 12, at the age of 93, at a nursing home in Newburyport, Massachusetts. Corbató led the development of CTSS, which was one of the first, if not the first, multi-use OS (hence the need for password-restricted accounts) and was also instrumental in the development of Multics. In addition to the password, his work resulted in many of the elements of IT and computing that we take for granted today, including text editors for writing code (QED.) Mr. Corbató received the 1990 Turing Award in recognition of his accomplishments.

train July 13, 2019 11:21 PM

License Plate Readers Are Creeping Into Neighborhoods Across the Country

Cheap surveillance software is changing how landlords manage their tenants and what laws police can enforce.

Clayton Burnett seems like an unlikely candidate to run a cutting-edge surveillance system. He is not an FBI agent, nor does he investigate homicides for the NYPD. Burnett is the director of innovation and new technology at Watchtower Security, a private company that contracts with property managers—hundreds of them—in low-income communities across the U.S. About three years ago, his company started contracting with OpenALPR, a startup whose software lets users track people by their license plates. “The price point was very reasonable for us,” Burnett says, so now Watchtower has more than 475 cameras scattered across its properties—he says they sometimes scan more than 1.5 million license plates in a week. With just a quick search, now Watchtower can see every time someone passed by one of its apartment complexes in the past two months…

train July 13, 2019 11:25 PM

Florida DMV sells your personal information to private companies, marketing firms

LAKELAND, Fla. — A Florida woman is blaming the state government for an onslaught of robocalls and direct mail offers –- accusations that come as the Scripps station WFTS in Tampa uncovered that the DMV makes millions by selling Florida drivers’ personal information to outside companies, including marketing firms.

Clive Robinson July 14, 2019 1:16 AM

@ 65535, sil, gordo,

I you notice Palantir gets data not only from Law Enforcement, it gets data from…

The list is also missing other sources of information.

I’ve been warning about Peter Theil and Palantir off and on for a while. Information is hard to find out, but what there is does not bode well for society.

If you want creepy data sources heading that way you could start with education establishments world wide switching over to Google for handing out and getting back assignments and teachers comments etc. Worse is the so called “anti-cheat” software that looks for supposed plagiarism / copying / collaboration etc. The results end up getting churned into Palantir as well and become part of your Western “Social Credit Score”.

The problem is that cheating software is notorious for false positives in oh so many ways… Say you make a direct quote in a piece of work which is something that is an absolute requirment when making argument etc. Back when I was a student you would use quote marks around the text and a refrence indicator such as square brackets with a number or similar in it to a refrence at either the end of the document or if a larger work at the end of each chapter. Or you would just italicize the text and place a couple of dashes then the persons name.

But apparently this is nolonger sufficient, you have to do things the softwares way, which can be very convoluted and error prone.

Oh and watch out for reusing your own work some education establishment put students work into the system thus making the same statment twice or including previous work as an appendix etc gets you marked as a plagiarist or cheat…

Apparently it’s got to the point where some are “lawyering up” and thus a new specialism has oppened up…

But Palantir has no obligation of “honest reporting” so false accusations of any kind stay in your cradle-grave docket, forming part of your Western “Social Credit Score”

And as the UK Met-Police found those that can get access can be very creepy as well, such as Cambridge Analytica, which had access to Palantir data in a similar way to Facebook user data.

Oh and then there is the medical and related insurance company data that can be bought or obtained for “research” deanonymising that is lucrative business. Oh and don’t forget the data from those “Test your DNA” and “Find your Family History” firms. That’s all destined to head into your Western “Social Credit Score”.

The point behind Peter Thiel’s Palantir is to be a bigger and better “social database” than any other in the world, thus the get to database for any IC or LE or other interested entity world wide. And as long as Peter and friends data is kept out he is happy to sell to anyone at a price.

As our host has mentioned in the past there are issues with such aggregating data bases. Not the least of which is they become the “single history” of an individual that the individual has no control over.

Thus innocent lives can be blighted and fake individuals can be created. Control the data of the worlds individuals and you in effect control the world.

A few years ago in the UK “construction workers” were having their ability to work constrained. It turned out that somebody had a private data base of union, health and safety and other records. The big construction firms would also put data into this DB thus you do anything an employer did not like and you had a black mark for life, thus little or no work. We know other such prejudicial databases exist and in the EU they are illegal, but in other parts of the world they are not.

Palantir’s DB is set to be worse than any of those databases, because they want to bring in AI to find people who are different in various ways and “red flag” them. Because they can make money a lot of money as various organisations get their budgets cut Palantir will step in to “fill the gap” and as with drug dealers once they have you on the hook the price will go up and those saving from budget cuts will become haemorrhages to Palantir…

As they say,

    “Welcome to the brave new world”

Ergo Sum July 14, 2019 7:08 AM


“As they say,

Welcome to the brave new world”

Rather, “welcome to the brave new world of surveillance capitalism”, where your life history is the product “from cradle to grave”.

Monetizing the collected data is easy-peasy, started out with the purpose of advertisements and deemed as “beneficial for you”. Selling the private companies generated profile for LEOs and other companies for background check purposes where the real money is. Of course, video surveillance augments the profile with historical review of the profile in question. It won’t be long before drones will be connected to this data and make decision of the action to take.

The next market is probably selling these profiles directly to individuals, if companies can do it freely, why not? For a nominal fee, you can see the “social profile” of the person you’ll meet with, be that for business and/or personal relation purpose. Subscribe to our service and you can review anyone’s “social profile”.

It is a world, where people will become increasingly isolated, by associating themselves with alike “social profile” people and lock out anyone else whom they deem undesirable. Just like people do now on Twitter…

Yeah, “Beam me up Scotty”…

VinnyG July 14, 2019 7:11 AM

@Clive Robinson re: Social Credit Score & Palantir – Couldn’t the promiscuous and unvetted data collection of such tools be their true vulnerability? What would be the result if the database was salted with a tremendous number of obviously bogus false positives? Particularly if a great many of those points of negative data were for individuals that were inconveniently powerful (especially individuals associated with this sort of “fusion” effort?)

14 July 2019 00:00:00 July 14, 2019 10:03 AM

“Facebook Embeds ‘Hidden Codes’ To Track Who Sees And Shares Your Photos, Report

Facebook has become synonymous with privacy violations in the year since Cambridge Analytica came to light. Now in the same week that details of the record $5 billion FTC fine emerged, an Australian cyber researcher has reopened a years-old debate as to whether the social media giant is embedding “hidden codes” in photos uploaded by users onto the site.

“Facebook is embedding tracking data inside photos you download,” Edin Jusupovic claimed on Twitter, explaining he had “noticed a structural abnormality when looking at a hex dump of an image file from an unknown origin only to discover it contained what I now understand is an IPTC special instruction.”

Jusupovic described this as a “shocking level of tracking,” adding that “the take from this is that they can potentially track photos outside of their own platform with a disturbing level of precision about who originally uploaded the photo (and much more).”

The “IPTC special instructions” that Jusupovic viewed are essentially metadata watermarks that Facebook adds to tag the image with its own coding—those tags can be read later, enabling the “tracking” to take place. …”

“‘This wasn’t just a briefing’: Pompeo grilled CIA analysts on Russia findings”

Mueller’s congressional testimony now scheduled for 24 July. You might want to watch it.
“An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts.”
“Ivana Bentes, a communications professor at the Federal University of Rio de Janeiro, said the Bolsonaro camp is zeroing in on Greenwald, trying to put him into “the gallery of public enemies of Bolsonaro. They’re treating him as a political enemy when he is a journalist, which is very serious. They want to criminalize a journalistic investigation.”

Greenwald says he’s not sure when he’ll feel safe to go out in public in Brazil without security guards, if ever.”

Clive Robinson July 14, 2019 1:10 PM

@ VinnyG,

Couldn’t the promiscuous and unvetted data collection of such tools be their true vulnerability?

Most would like to think that… But we kbow it does not work that way.

Take the “No Fly List” we know that much of it is substantially wrong, and it critically effects your abiliry to travel, thus earn a living and live as “A free individual without prejudicial constraint”.

But if you are on the list you try challenging it… If I remember correctly only the politician.Ted Kennedy managed to make headway. Others who have tried are told they can not “show standing” thus have no legal basis to bring action…

Do you realy think that when Palantir has wormed it’s way into US agencies and entities, you would get “standing” of course not. Whilst a synopsis of your docket would be available to some “Comercial Confidence” would stop you or in fact anyone else seeing the actual data the synopsis is made on by the A.I. Thus the algorithms will be not just proprietary but unexplainable and you will not get any head way because of it.

Mean while as @Ergo Sum notes new markets based not on the raw data vut the A.I. Proceced output will become available to any one who thinks they have an interest and will sign up to Palantir’s rates and conditions.

In order to protect their market Palabtir will almost certainly “watermark” or put a “Canary Trap” in every single piece of data they hand out so they can track back leaks of their propriatary processed data and take swinging civil action, not just against the person who leaked a data synopsis to a data subject but to the entire organisation. Once Palantir have their hooks into an entity/agency and they are dependent Palantir will just pull the plug on them untill Palantir is happy not only have they been punished but their funders and any orher related entity/agency.

The power Palantir will get is such that they won’t care if much of their raw data is contaminated neirher you nor any other entity/agency will get to see it. At best you will be told it’s your fault that you had some quirk that the A.I. software associated with high risk individuals. In essence it’s your fault for not being a “norm” but we can not tell you why you are not a “norm” so your problem not theirs. Because their algorithms not them have associated you with “TerroMakers” therefor you must be guilty of something…

In essence you won’t have the money, the power, or the influance to get things changed. And if you are stupid enough to try then Palantir will find some excuse to use civil law to drive you into bankruptcy as loudly as possible so everyone knows what their fate will be if they try to challenge Palantir…

It’s the new way of doing business, justice is irrelevant when there is more profit to be made by locking people up without reason.

Think of it as the modern “water trial” where if you sink and drown you are either innocent or cheating, if you float you are guilty thus should become public example/entertainment at the gallows or stake. Being hung, drawn and quatered or burnt alive. Or more creatively boiled alive or some other delight like death by a thousand cuts etc. The fact you are innocent of the charges is irrelevant, you’ve been named by the new god[1] and that is sufficient to become both a “new-age” lesson and grizzly entertainment…

[1] Listen to Zager and Evens “In the year 2525” to see how long that’s been envisaged… Rick Even’s wrote the song in 64, befor most people even knew what a computer was, and shortly after our host @Bruce was born. There could be a new “Bruce Fact” in there 😉

gordo July 14, 2019 1:53 PM

@ 65535, sil, Clive Robinson, Vinny G, Ergo Sum,

Nothing new here, but I can see consumer phone apps fed with Palantir or Palantir-like data sources tethered to one’s personal heads-up display. In addition to providing standard background checks, other options might include threat as well as vulnerability matrices of different sorts. For marketing purposes, call it “SAFE (Situational [or Social] Awareness For Everyone)” because, of course, it’s not.

Clive Robinson July 14, 2019 4:23 PM

@ gordo, 65535, Ergo Sum, sil, VinnyG,

For marketing purposes, call it “SAFE” because, of course, it’s not.

Yup, that’s the nub of it.

Alex Security July 14, 2019 9:27 PM

@VinnyG wrote, “What would be the result if the database was salted with a tremendous number of obviously bogus false positives?”

This is why any type of censorship or taboo system can be hijacked to arbitrarily execute rules as its enforcers deem fit. These systems are only “open” in the sense that they show see an sortment of selected “end results” that were deemed in the public’s favor but cover up those otherwise.

The same problem persists in Democracies where the people’s will often end up in a distorted fashion as the real perpetrators hide behind curtains pulling the strings while the public watches on. The people’s will can be distinguished to a certain extent while we vote to handover our consent to the true enforcers of the realm.

Maxwell's Daemon July 14, 2019 11:02 PM

@Alex Security

One need only witness the selective editing on Wikipedia to see a real world example of hijacking to protect, say, corporate interests.

Frederic July 15, 2019 10:15 AM

Yes, a frenetic evolutionary period, attended by (and perhaps caused by) a hyper-greenhouse environment. Ain’t climate great.

@Maxwell’s Daemon One need only witness the selective editing on Wikipedia to see a real world example of hijacking to protect, say, corporate interests.

Perhaps one only sees the propaganda (“selective editing”) that one dislikes. I actually ceased donating to Wikipedia because of the outrageous level of Progressive propaganda. For instance, what do you make of the article entitled “minority influence,” which claims (without attribution) that “Without influential minorities challenging the majority view, there would be no new ideas or positive change in society” ?

I think perhaps someone has a beam in his eye.

Tatütata July 15, 2019 12:10 PM


Even when I put myself in the context of 1964 I couldn’t get the point of EBCDIC. IBM goes out and invents the universal 8-bit octet machine, but saddles it with the sorriest excuse of an alphabet ever. And then there was their USASCII. Not counting the the weirdos, like the late-60s IBM 2741 Selectric-based terminal, available in a 6-bit BCDIC version, or a “Correspondence code” one, which was just the arbitrary bit pattern of the magnet for tilting the golf ball. The code conversion was achieved not by electronics, but with the typeball. The BCDIC ones were incompatible with typewriters. The logon sequence on IBM mainframes alternated between codes.

Mind you, other codes and manufacturers were scarcely better, and 6 bit punchcard-oriented codes were pretty much the standard among the BUNCH. Add to that the baroque steps you needed to process with whatever word length you were provided with (something like 20, 36, 48 or 60 bits, but hardly ever 32 bits)…

I remember hearing swearing near the self-service line printer in a Control Data shop, with users realising that they had selected the wrong code set for their job. You could represent text with 87 bit characters in a 60 bit words, 78 bit characters, or some strange escape sequence involving bangs (“!”) and CDC own weird 6-bit take on ASCII. (And punch cards had their own oddities, with NOS/BE using overlaid 7-8-9 and 6-7-8-9 punches as deck delimiters, where IBM’s OS/MFT had human-readable “//”).

For the security subject, I saw a review for a 130€ Bluetooth-activated bike lock. The batteries are supposed to last 9 months. What do you do at 1 AM and you want to go home but the lock won’t open, because either the lock or your phone’s battery are empty? There’s a manual opening mode that sees every bit as ridiculous as the GE bulb reset procedure.

All that because of the alleged inconvenience of reaching for your keys, as opposed to reaching for your phone?

I use two different locks on my own bikes, spoke and “U”. Some would call this paranoia. I call this experience.

The article mentions that the lock doesn’t include a GPS tracker. Trackers hidden in rear lights appeared on the market.

A90210 July 15, 2019 5:08 PM

@Clive Robinson

“[1] Listen to Zager and Evens “In the year 2525” to see how long that’s been envisaged… Rick Even’s wrote the song in 64, befor most people even knew what a computer was, and shortly after our host @Bruce was born. There could be a new “Bruce Fact” [[2?]] in there ;-)”
In the year 2525 by Zager & Evans, lyrics included
Zager & Evans – In the Year 2525, with scenes from the film Metropolis

[[2?]] ?

Rachel July 15, 2019 11:40 PM


Thank you!

On the bluetooth bike lock. I noticed Aldi was selling a bluetooth lock operated via a smart phone. Intended use? Front door of a home

vas pup July 17, 2019 1:13 PM

Elon Musk reveals brain-hacking plans:

“Merging with AI

The device the firm has developed consists of a tiny probe containing more than 3,000 electrodes attached to flexible threads – thinner than a human hair – which can then monitor the activity of 1,000 neurons.

The advantage of this system, according to the firm, is that it would be able to target very specific areas of the brain, which would make it surgically safer. It would also be able to analyze recordings using machine learning, which would then work out what type of stimulation to give a patient.

NeuraLink did not explain how the system translated brain activity or how the device was able to stimulate brain cells.

“It’s not like suddenly we will have this incredible neural lace and will take over people’s brains,” Mr Musk said during his presentation. “It will take a long time.”

But he said, for those who choose it, the system would ultimately allow for “symbiosis with artificial intelligence”.


Rachel July 17, 2019 3:10 PM

Facebooks Nacho Libre currency and Swiss privacy regulators

Despite Facebook’s repeated claims it will work with regulators, the Swiss group tasked with privacy oversight of Libra said it has not yet been contacted by the company, according to a report on Tuesday from CNBC. A spokesman from the Swiss Federal Data Protection and Information Commissioner (FDPIC) said the group has been following the project in the public debate

Dirk Praet July 17, 2019 4:39 PM

@ Clive

Everything OK with you, Clive ? We haven’t spoken in a while. I’ve been kinda busy with other things.

Wael July 17, 2019 5:26 PM

&Dirk Praet,

Funny you should be asking about @Clive Robinson! I was wondering the same about you, and @Ratio as well. Glad to see you’re back 🙂

Clive Robinson July 17, 2019 6:45 PM

@ Dirk Praet,

We haven’t spoken in a while.

Yes, you disappeared off to the land of Sun and Sangria, on a new job that sounded quite hectic. I can’t remember if it was a fixed term contract or something more traditional, So I guess I should at the very least ask how it’s going?

As for me, life is fairly quiet for the same old reasons… Oh and the medical proffession has decided I can be improved with implanted “bugging” devices… Apparently having your heart stop for 5-10secs when it feels like it is not conducive to much, other than ending up resting on the ground. So as normall with me they fix one problem only to create another with the heart screaming up to 180-200BPM when it feels like it… After twenty years of this unless you like meeting doctors and nurses oh and hospital food then it tends to get quite dull.

Not sure if you’ve been lurking or not, but it’s a little quieter on this site compared to a few years back. @Nick P has moved over to the –invitation only– site, @Wael is still reading along as is @Thoth others are still poping up from time to time but not as much as in the past.

The big trouble / “Elephant in the room” is tech has been noticed by politicos, their minions and wannabes. Who like the proverbial camel and it’s nose are pushing in under the tent flap and leaving unwanted piles of output all over the place. Thus technology news is likewise polluted by the piles of political stuff you would not want on the sole of your shoe or worse trod in the carpet. Thus trying to find tech news that is politically agnostic is difficult. Likewise with the wider security field, so topics for discussion are not as meaty as they once were.

But back to you, are you back to your old haunts etc?

Rachel July 18, 2019 1:08 AM

Dirk Praet

I have personally missed both of you. I know I am not alone. Dawg!
Sending kindness and the warmest of human potential and heart your way

1&1~=Umm July 18, 2019 8:16 AM

@ All,

If you want to know how to make a combination lock similar to the one at the top of this blogs pages…

Then have a look at,

It’s a little confusing as the machinist does not say what they are doing at each stage but stick with it it all becomes quite clear.

Dirk Praet July 18, 2019 10:50 AM

@ Clive

Yes, you disappeared off to the land of Sun and Sangria …

I kinda did, just to come to the conclusion that sun, beaches and real estate from a security vantage just don’t represent enough of a challenge to remain interesting for an extended period of time. So we called it quits after about a year and half, also because there was little left to do.

Then last week I signed a new contract joining a really cool outfit in my home town as a GRC advisor and security architect. With the EU NIS Directive just having been translated into Belgian law, there’s a lot of work for both private and public companies running critical infrastructure, as in mandatory adoption of risk management ISO-27001 frameworks. And for which they need expert advice from friendly consultants who more or less know what they are talking about 😎

Glad to hear all is well with you.

@ Gerard, @ Rachel

Nice to hear you guys are still around too.

With my (professional) focus back on security (and legal affairs), I hope I’ll once again find the time to make some regular contributions. Providing, of course, both signal-to-noise ratio and courtesy levels on the forum remain well within acceptable parameters. And which is one of the main reasons I left in the first place.

Wael July 18, 2019 11:29 AM

@Dirk Praet,

[…] I signed a new contract joining a really cool outfit […] as a GRC advisor and security architect.

Not surprising! You’re likely the best fit: security expertise par excellence, multi-lingual, multi-cultural exposure, and an amazing legal expertise skill set[1], and…

Congratulations, my friend. To them, that is 😉

[1] Your reply was here, on a different thread. Yeah, right. Coincidence my foot. Once or twice may be “coincidence”; more than that, is anything but.

Dirk Praet July 18, 2019 2:07 PM

@ Wael

Thank you for your kind words, my friend. I hardly ever blush, but this would seem to be one of these rare occasions.

Clive Robinson July 18, 2019 3:57 PM

@ Dirk Praet,

With the EU NIS Directive

Hmm it got turned into a directive in Aug 2016 with a 21 month max implementation into national law limit… However in the UK due to Brexit little or nothing of “social good” has been achieved by the UK Parliment (other than imitating “cats in a sack).

Whilst some UK politicos think they can ignore the “Network and Information Security” Directive, they are living in a fantasy land.

The big problem for many is working out if they are “Digital Service Providers” (DSPs) or “Operators of Essential Services” (OESs), both or neither. For many they are working out how to fit themselves into the “neither” camp thus bury their heads in the sand on the simple notion that little if anything is ever going to happen with regards NIS. They might have a short term point as there is unlikely to be political will for the next year or two in the UK.

But the problem is few UK companies are digitaly “UK Only” that is they end up being used in the EU if they like it or not. They could try what many US services are doing over the GDPR which is blocking EU traffic or likr Google –illegaly– forcing all who use any kind of Google service to force their users to accept Google’s terms globaly.

Niether idea is likely to last long as at the end of the day the EU has the authority to “turn the tap off” to rather more than 600 million potential customers due to the way traffic is currently routed. Which might account for why Google has been making what would otherwise look like strange investments to own foreign communications…

It’s going to get very much more nasty before it even remotely improves. Google has made it clear it will break or buy legislation in what ever way it can. Thus it’s gone from the faux “Do no Evil” to “Evil Personified”, unlike Facebook and it’s sociopathic managment team headed up by Suck-a-Burge or what ever he is being called today, Alphabet / Google managment try to not be “lightning rods”. Apparently the Suck has been getting a little roasting today and being told some “home truths” up on the Hill. Whilst he might have run out of good will from those on the Hill the other Silicon Valley giants are still buying favour there. What might have surprised many people is Peter Theil accusing Alphabet/Google of what is in effect “Treason” in the dictionary sense. Especially as his Palantir organisation is possibly the most evil of all the big silicon valley corporates as people are finally begining to realise on this blog and I hope in the broader community.

The thing is US legislation is by European standards weak, very weak and has been for a long time. Which has emboldened the big Silicon Valley Corporates, who have in various ways tried to influance legislation and regulation not just in the US but EU as well. The big difference appears to be that they are not getting their way in the EU as much as they would like (Max Schrems can be thanked in part for that).

As regards US legislation and regulation as our host @Bruce observed of the US legislation such as HIPAA, Gramm-Leach-Bliley Act, FISMA etc around 2002-3, the vague language of that and similar regulations leaves much room for interpretation and should be formulated differently… However here we are nearly two decades later and the US laws are still weak to the point of uslessness and @Bruce is still saying the legislation and regulation should be formulated differently…

Which is why I guess a few people on this blog have expressed the hope that EU legislation moves outwards and influences US legislation. Something I don’t think will happen any time soon if at all is those big Silicon Valley Corporates including Apple oh Microsoft and Cisco as well don’t get serious US judicial system attention with the aim of not just lifting the carpet on their activities but also breaking them up so they are not just less disruptive, but also stop them invading peoples privacy and aggregating their PII and thus critically endangering every individuals security and destroying society as we remember it in the process.

MarkH July 19, 2019 4:37 PM


Thinking of your information about the Metsavas family history, reminded me of another interesting family!

Kim Philby is probably the most notorious traitor in the history of the European cultural realm (though he might soon be demoted to second place).

Although Kim’s father, Harry St John Philby, didn’t go so far as spying for an enemy state, he did work strenuously to undermine and oppose British interests in the Middle East. Whether his conduct amounts to treason is debated; his disloyalty to his country seems beyond dispute.

Clive Robinson July 19, 2019 9:11 PM

@ MarkH,

Harry St John Philby, didn’t go so far as spying for an enemy state, he did work strenuously to undermine and oppose British interests in the Middle East.

Be carefull when treading in this area, much of the anti-zionist / anti-semitism comments made are based on supposed research by “John Loftus and Mark Aarons” who try and fail to launch a conspiracy theory in their book “The Secret War Against the Jews”. They formed an odd couple of an ex US State Dept “anti-Nazi” lawyer and an Australian communist journalist.

Whilst a number of things they report in the book are based in some measure of fact the interpretation is at best well off of the mark and the conclusions pure conspiracy theory. In some cases having gone straight through consipracy theory and out the other side bordering on what might be called “comically insane” to anyone who actually does some independent research on primary sources.

So before you shell out money for the book you might want to first read a couple of reviews from shortly after the books publication (not the current nonsense that proliferates on the Internet due to echo chamber issues),

Unfortunatley the likes of Wikipedia have fallen into the trap of believing the book to be a “reliable secondary source” which it is most certainly not. As a result it has poisoned a number of Wikipedia’s articles. Worse because of Wikipedia being the goto “lazy research” tool the nonsense gets endlessly repeated on the Internet, often as just “cut-n-paste” faux journalism.

Checking with a primary source like the UK National Archive in Kew South West London throws much of “Loftus and Aarons” work into significant doubt. No doubt similar searches in other national archives that cover the same time period will throw up other things.

However you are wrong when you say that St John “Jack” Philby “didn’t go so far as spying for an enemy state” he did for both India and the USA and most likely for Russia as well. Just one result being Russia threatening both Great Britain and France with “nuclear missiles”.

The question that gets asked in Jack Philby’s case when he was working for the British Secret Inteligence Service is “Was Jack a double or triple agent?”. It’s of intetest to note that Jack was the person who was not just responsible for recruiting his son “Kim” (Harold) by his first wife into SiS but actually had sufficient influence to aid his career there for quite some time. There is still a lot yet to come out about both the Philby’s, that I suspect that some of those from around that time would not have liked revealed to their grand or great grand children.

Both Philby’s were at the very least “Old School Socialists” and there is debate about who converted Kim to Communism. Usually it’s put down to being others in the “Cambridge Ring” or Kim’s first wife of Hungarian-Jewish ancestry. What is actually more likely is that it was the elder Philby’s old school socialist sentiments that were in all but name allied with the socialist thinking of both Karl Marx and later George Orwell. Back when Philby senior was first recruited into SiS during WWI Russia was where “The Great Game” of espionage was being played at it’s most intense and the notion of “Communism” as a threat to the then “British way of life” was first seriously pushed. Thus Philby senior would have been well “indoctrinated” about communism and it’s supposed “Jewish” origins and violent progrom anti-semitism (that has been claimed arose from anti-semitism in France a century or more befor, that was pushed out of France and spread across Europe to the east with the rise of Napoleon and his civic codes). However violent attacks against Jews happend scant years befor in Ireland (1904 Limerick) and against Jewish shops in Wales (1911 Tredegar) thus would have been in the general public mind still, especially with the increasing numbers of refugees from eastern Europe and Russia.

MarkH July 19, 2019 9:55 PM


Thanks for the historical summary, with a few interesting things I wasn’t aware of. Before today, I also wasn’t aware of his reputation as an anti-Zionist, and those claims had nothing to do with the mental connection I made from the Estonian scandal.

I learned about Philby senior from a history of Saudi Arabia, at least a dozen years before the Loftus/Aarons book was published. That Philby worked against British interests in the Kingdom is (as far as I know) neither controversial nor speculative.

That betrayal might be dismissed as mere sabotage of a crass commercial interest, but in light of dependence on Middle Eastern petroleum in those days — particularly for the Royal Navy — it’s understandable that on that basis alone, some might call him “traitor.”

The book I read wryly observed that Harry’s career might have warranted some caution about putting his son in the hub of UK counterintelligence.

In any case, two families hardly make a scientific sample for testing whether treason runs in families … but then there’s the Walkers in the U.S. …

gordo July 24, 2019 5:20 AM

I almost put this on the “Science Fiction Writers Helping Imagine Future Threats” thread . . .

‘The Great Hack’: Netflix doc unpacks Cambridge Analytica, Trump, Brexit and democracy’s death
By Mike Butcher, TechCrunch, July 24, 2019

It’s perhaps not for nothing that The Great Hack – the new Netflix documentary about the connections between Cambridge Analytica, the US election and Brexit, out on July 23 – opens with a scene from Burning Man. There, Brittany Kaiser, a former employee of Cambridge Analytica, scrawls the name of the company onto a strut of ‘the temple’ that will eventually get burned in that fiery annual ritual. It’s an apt opening.

gordo July 24, 2019 8:33 AM

@ Clive Robinson,

I suppose common knowledge ain’t what it used to be; then again, it never was.

gordo July 24, 2019 6:50 PM

Oh, and they have to delete the data . . . “Copy that.”

FTC claims Trump consultant Cambridge Analytica misled Facebook users
by Melissa Quinn, Washington Examiner, July 24, 2019

On the heels of a historic $5 billion fine against Facebook for privacy missteps, the Federal Trade Commission is suing data consulting firm Cambridge Analytica over the tactics it employed to harvest personal data from the social media giant’s users.

[. . .]

The panel accused Cambridge Analytica, Nix and Kogan of falsely claiming the app didn’t collect identifiable information from Facebook users. Under the proposed settlement with the FTC, Kogan and Nix are required to destroy any personal information gathered through the GSRApp and any related work that came from the data. They’re also barred from making false or deceptive statements about personal information.

Clive Robinson July 25, 2019 3:21 AM

@ gordo,

The most important paragraph was the last,

Cambridge Analytica filed for bankruptcy in May 2018 and has not settled the FTC’s allegations.

It’s known in some circles as a “walk away”. Effectively what happens is the board takes out what financial assets it can[1], then resigns or sells the company to a cut out, thus have no further interest in the company[2][3]. What is left then becomes the property of the “receivers” not of the now ceased trading company or it’s former directors. The receivers sole duty is to raise the best value possible on the remaining assets to meet the creditors claims. The receivers take first dip to cover their fees then the various preferential credirors in a defined order.

This means two things. Firstly anyone who has purchased the assets from the receivers does so “free of lien” just as you do via any normal auction.

Secondly the company as was has no control of it’s remaining assets, so any legal judgment after the receivers are appointed has no meaning, it’s like sending a corpse to do jail time.

Which effectively means the FTC action is just a paper pushing excercise. Unless the old company officers are daft enough to go on holiday to the US or any place it has sufficient swing to get some kind of extradition going.

It’s one of the reasons holiday homes in Panama, Turks and Cacos islands etc used to be so attractive.

[1] One way of doing this is not to have assets held in the operating company in the first place, but rent them via a Limited Liability Partnership etc. Another is through an “Offshore back to back” loan arangment where profit goes into one account, which then provides fully tax deductable loans from the other account. The company is thus apparently heavily in debt to one or more banks who are preferential lenders, as well as legaly not paying tax. Thus the directors could take loans on the assets they can not quickly sell to “keep the company viable” and make that money disapear in golden handshakes and the like. Plus a hundred more tricks which are just on the right side of the line.

[2] If they are sensible they leave enough assets to avoid criminal charges or disbarment as a director. As long as things are kept out of criminal enquiries there is little that can be done.

[3] You might want to look up who was the original founder / owner of the company it might raise an eyebrow or two. Oh and likewise look at some of their activities through criminal enterprises in what was eastern europe but is nolonger and then follow the connections back to certain organisations that have been buying up online adds a few years back.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.