Schneier on Security

Clive Robinson • January 20, 2020 11:11 AM

@ Humdee,

Lawfare goes on another rant against Tor hidden services.

It is a disingenuous article.

The authors claim to want to protect whistle blowers and others in what they see is good use of Tor via the client access (ie giving privacy to their traffic).

But the authors want to get rid of “hidden servers” because they see some of them as “bad” (some are used by criminals for criminals etc).

Well the problem with that is that user client traffic can be correlated with ordinary unhiden server site traffic, unmasking a users privacy and thus critically effecting some client users safety. Which the authors effectively admit to when talking about the types of traffic and relative quantities in use across Tor (logically you can not know this if the client traffic is private).

So the aurhors are either not telling the truth about client traffic privacy thus the lack of client user safety, or about the real traffic levels of hidden servers and they are making what are effectively claims based on unsound assumptions.

I’ll let others make their own minds up about how much or how little the types of traffic are of the type the authors are complaining about.

But I will point out that when photography reached a certain stage it began to be used for pornography of all forms. Likewise films it is said on occasion that film pornography is known to have started at least as far back as 1907 and quickly became of almost exactly the same format as we see today.

The same could be said of drugs, and the ordering of them, but when the various postal and telegraph services came into being establishing the technology to make distance purchasing, whist the technology was there and in use to commit what would these days be a crime, back then it was not a crime.

Thus the real point of the authors article has little or nothing to do with the technology but what they see and indirectly admit are crimes they wish to stop. That is they are trying to make a sociological change not a technical change. Because the crimes the authors wish to stop are now done using a particular technology, they think incorrectly that getting rid of the technology will stop the crimes…

Well they won’t stop the crimes that way. Other people have tried stopping these very same crimes by attacking earlier technology. The result they hurt all users of the earlier technologies and in no way stopped the crimes which moved to new technologies…

So as this has happened repeatedly in the past we already know fairly well what the results will be,

1, All users of Tor will be harmed.
2, The criminals will just use the next technology the meets their needs.

As Einstein observed, repeating the same thing and expecting different results is madness.

If the authors and others want to stop these and other crimes, it’s not the technology they should be attacking. No it should be the parts of society that indulge in crime via sociological means.

However I must urge caution, what a human mind sees as good or bad is it’s self a problem. The reason the likes of whistleblowers need the protection of Privacy Enhancing Technology (PET) is exactly the underlying problem of who sees what as good or bad.

We’ve seen this with journalists in recent times but a look back over the past couple of centuries shows that those in power who see things they think are “bad” even though the vast majority see them as “good” are generaly because those in power are engaged in hiding what they do which the majority see as bad. They will thus use their power in any way they can to maintain a basic asymmetric use of technology and sociology to keep their activities hidden whilst exposing the activities of anyone they see as a threat to their power.

Because people are starting to wise up to this those in power manipulate the truth to suit their needs. Thus those in power look for edge and corner cases that few in the majority could or would think to defend. So we get the now trite “Think of the Children” manipulation of perception. Likewise the others of the “Four Horsemen of the…” what ever those in power are currently attacking, which in this case is the Internet and the few freedoms from those in power it gives via PET.

All these authors are realy doing is grabbing hold of the sides of that particular propaganda bandwaggon to further their aims whilst ignoring or deliberately hiding the knowledge of just how much harm they will do to everyone using PET for good, bad, or other reasons. In the case of the authors the way they try to “salami slice” the technology indicates they know what they are doing but are going down the knee jerk paternalistic power grab of “For the greater good” which has through the centuries been responsible for impossible to count due to numbers involved deaths and persecutions.

Thus I find their article biased to the point it not just damages their reputations, it will cause harm to many more than it will help. If people think this is good or bad depends on their cognative bias which the authors are attempting to manipulate.

I will finish by saying that society needs PET for more reasons than anyone could list. Privacy is an essential factor, in fact possably the very foundation stone by which the society we currently live in can function, amoungst other things it helps give freedom from oppression. But as I frequently say technology is agnostic to use, it’s the directing mind and how others perceive it which is important and that is sociological not technical, and deliberately conflating the two most often causes a “greater harm” not “greater good”, think wisely and act wisely, otherwise you might become one of those added at the bottom of the list that starts “First they came for the…”

Clive Robinson • January 20, 2020 8:00 PM

@ MarkH, Stephen Welch,

Now, the trajectory has reached its opposite arc: local amateur radio clubs are well-populated by guys of that same vintage, who have retired from the (sadly now much reduced) engineering establishments of the region.

There are at least four basic types of ham,

1, Club social members.
2, Rag chewers.
3, Contesters.
4, Technical tinkerers.

These are not exclusive groups, you can be in some or all of these groups, but it’s rare to find someone not in any of them (such as say historical equipment collectors who’s only reason to hold a licence is to have their collection without legal risk).

I for instance have never been a “contester” it’s not something that intetests me. Which might make it appear odd as to why I belong to one of the clubs I belong to which is strongly contest oriented. Well if you turn it around a bit and look at it from a different angle I’m one of the technical tinkerers, and my aim is to move the hoby along in many ways, with the result as with other tinkerers we make more oportunities for contestors to contest with each other. One such very technically difficult problem to solve is that of co-location and sharing resources. For instance some contests have a “single antenna rule” which for most means that they can only ise one band at a time. However the laws of physics don’t agree with that… As many hams know from VHF and UHF working you can share an antenna, commercial radio and broadcast technicians know that you can run several transmitters simultanioisly in the same band if you know what you are doing. Such knowledge is almost always in the province of the highly specialised technical engineers.

Thus I used to have occasion to rag chew with other technically minded hams and thus run an informal “net”. But other more modern technical methods alow other methods, some the equivalent of Email, others Twitter alow much greater range of contact. Whilst I would be hard pushed to get reliable contact with Australia except at some very specific thus awkward times modern digital modes give me the freedom to use VHF/UHF into “hotspots” and wider area systems not to disimilar to repeaters that can give me access to the equivalent of an Internet “chat room” except give real audio not typed text. Which means I can multitask, thus whilst on a piece of equipment I can also chat verbally with someone in Australia.

Thus like any social system it changes and mutates to available opertunities. The fact I rarely “key up” without calling “Test Test Test” or sending it out in morse, before running tests, thus rarely speak over the air does not make me any less of a ham. Not every one uses the “experimental” allowance in their licence conditions, I just happen to be one of the ones that does, almost but not entirely exclusively these days. This might change, it has been known to happen in the past when I’m confind to the “six foot by three foot six prison” Doctors call “bed rest”. That’s just the way life is “different strokes for different folks” be it life in general or in the specific with ham radio. To say a hobby or other aspect of life is dead or dying because it’s not the same as it was four decades ago or more (that I’ve had my call sign) is a bit silly. Four decades ago there were still folks with only black and white TV’s, AM radios and no phone in their house. The fact that it looks like every kid over eight from here to Timbuktu and beyond has a mobile phone that they watch videos on listen to music and chat to their friends does not realy change things socially that much, even though the technology is to many eyes extrodinarily different.

Clive Robinson • January 21, 2020 3:07 PM

@ Curious,

I forgot to include this link for you to read,

https://theintercept.com/2020/01/18/bolsonaro-under-fire-dismisses-his-culture-minister-for-giving-a-nazi-speech-but-it-is-still-representative-of-brazils-governing-ethos/

Even though it’s only a couple of days old, it should give you some “background” on what is going on in Brazil, which may well be heading our way in the very near future…

Clive Robinson • January 22, 2020 2:28 AM

@ SpaceLifeForm,

If people go to the link you gave and scroll to the bottom, it has a warning that suggests you save the page as a PDF.

When you see the two entities mentioned on the warning, you’ll know why I said,

… it should give you some “background” on what is going on in Brazil, which may well be heading our way in the very near future…

In the UK it is now abundantly clear that the Editor of “The Guardian” has somehow become compromised by the UK security services, and that they and some of the “staff writers” there are on a mission to discredit by various means including direct lying of both Glenn Greenwald and Julian Assange.

Oh the latest on JA makes grim reading. In what has been made by the UK Authorities in cahoots with US Executive driven lawyers an impossibly complex legal case, those in charge of the “high security prison” where JA is being kept in the equivalent of “Special Measures” he has been consistantly denied access to his legal team before the latest case.

It is plain and simple a clear case of “Rights Stripping” by the UK authorities presumably with the full knowledge of our current Prime Minister “US born” Boris Johnson, who appears hell bent on turning England into just another “US State” but will probably end up like eight hundred or so other places around the world. As this year is the centenary of one such event,

https://www.culturalsurvival.org/publications/cultural-survival-quarterly/struggle-hawaiian-sovereignty-introduction

Oh and as normall “the ignoring of the legal will of the international community”, issue is causing problems for a proto-vasal state,

https://www.dailymail.co.uk/news/article-6745057/Future-army-base-Diego-Garcia-hangs-balance-rules-illegally-seized.html

So “it’s” already got to the mid Pacific and Indian Oceans, and is digging in deeply on this side of the Alantic…

Oh note the basis of the original lease, Polaris nukes for a supposadly “independent” UK nuclear deterent that is most definitely neither these days. It’s been said by others that one of the reasons for the significant political interference in the UK recently was in part based on the fact that a more than significant number of people in the UK want to “do a South Africa” and get rid of them.

Clive Robinson • January 22, 2020 7:05 AM

@ Bruce, ALL,

People realy should read this article from Bert Hubert,

https://berthub.eu/articles/posts/5g-elephant-in-the-room/

Even though he is primarily talking about 5G and the Telecommunications industry, the actual meat of the article is appropriate across all manufacturing and quite a few other industries.

And yes whilst I do mention the dangers of “outsourcing” here from the security asspect and the stupidity of the “short term thinking” that causes it from time to time, I think other views should also be seen on it’s long term destructive effects.

With thanks to @Fazal Majid for supplying the link.

Clive Robinson • January 23, 2020 9:42 AM

@ vas pup, Sherman Jay, ALL,

There is now a second Chinese city in lockdown and it looks like Hong Kong is going to go that way as well due to a couple of infections there.

Thr BBC has another update,

https://www.bbc.com/news/world-asia-china-51217455

The UN’s World Health Organisation (WHO) is looking at it as a potential “Global Emergancy” which means it is a significant security concern but no need to panic yet. Basically it’s new to humans and is thus an unknown that scientists are urgently trying to characterise in a way they can model on previous knowns like SARS etc.

On the science side there is not yet much to say but anyone who says “Totally under control” as a politician is a blithering idiot. However currently provided people prepare sensibly there is no reason to panick.

Whilst WHO is at the point of considering it a “global emergancy” which is the highest warning they have (medical DefCon 1 effectively). Even though there are only 500 deaths so far, models at the MRC Centre for Global Infectious Disease Analysis at Imperial College London estimate 4,000 people sick with the virus in just one of the Chinese cities (Wuhan) where the out break started. Which would incorrectly suggest a 12.5% mortality rate (unknowns kill more at first, and China’s aging population is more susceptable especially as many have chronic affluence diseases like diabetes high blood preasure and also due to smog etc have much higher respiratory system diseases).

What we can say so far is that like the common cold it appears to be fairly easily transmissible from person to person thus can spread easily by inhilation or injestion. It effects the respetory system quite hard and that those that have died have been over 45 with existing chronic illness including diabities asthma etc.

So if you fall into that catagory it’s important to make sure you are upto-date on any medicines and that you have atleast a four week supply of them, and that you keep taking them as prescribed. I’ve not heard anything said about anti-virals with regards to this outbreak yet, but some nations do have significant stocks of them. However the usuall protocol is to wait as they have a short active period and are eye wateringly expensive (other drugs such as metformin hydrochloride have been shown to have some benifits, but why is a bit of an unknown, current thinking is impart the way the drug works, but also oscilating blood glucose levels are particularly bad for the respitory and cardiovascular systems, more so than high blood glucose levels at the mean of the oscilating blood glucose given by HbA1c readings).

Whilst some are talking about wearing face masks, sorry guys but unless you get the right ones then as it’s a virus it’s going to be to small to stop with the masks in DIY centers. That’s because most masks that are on sale are the one size fits all “dust masks” not those that stop chemical molecules or virus. Masks are a complex subject because even the cheap disposable masks for biological/chemical filtering “have to be ‘fitted’ to be effective” thus getting the wrong size or shape could be worse than not wearing one at all as it might engender over confidence etc.

If people are worried then looking for the right masks might be an expensive distraction. Cutting back on being “out and about” making contact with lots of people would be sensible. Thus starting to stock up on a few basics of “tinned food” would not go amiss as it means less trips to the shops. But remember go for “protein not carbs” and don’t get anything you would not eat at any other time.

As for the “prepper staples” of “beans grains and pasta” they need both a lot of water and heat to make them safe to eat and they realy do not taste very nice (some beans are poisonous if not soaked for 24h then rapidly boiled for atleast ten minutes). So unless it looks like we will have “lockdown” in the west –unlikely if you think back to this centuries SARS and Ebola outbreaks you don’t need much more than to top up a sensible family pantry, so it will keep you going for a week or two. Most people living in places that get “snowed in” know what that means as do those old enough to have had parents who were children during the first half of the twentieth century.

Put simply you need 1kg of “staples” food and a minimum of 2kg of water per adult per day for an active or cold weather 3000kcal diet if you are housebound then the “sixty percent of your diet should be carbs” idea goes straight out the window as your energy (carb) requirments drop significantly whilst protein and fats required for body maintainance remain near the same. Thus the makeup and wieght of a daily food ration changes… So rather than “prepper hard tack” that’s got a longer sheld life than you have, you are looking at stuff that’s readily available and will last a few weeks or months at most.

So if you know how to store them root veg such as carrots and potatoes will last you quite a long time on the carb front and being high in water and soluble fiber help on the digestive front which the hard tack does not. Both carrots and potatoes be eaten raw though it’s inadvisable for potatoes, because if not stored properly they can develop “green potato toxin” and other problems. Other things to stock up on are onions, garlic, ginger and various bulions/stocks, because the first thing to drive you nuts with “Pantry living” is the lack of variation in taste (trust me if you try living on packets of rayman noddles and tins of baked beans because you have a bust leg and nothing else in the pantry your sanity won’t last a week).

Which brings up one of the exceptions in canned goods being protien, which is tomatoes, especially passata if you avoid the ones with herbs in like bassil you can use the tinned or tetra packed versions to make not just sauces for pasta, but for all meat dishes including the likes of curry, oh and if diluted with water and a dash of Worcestershire sauce make a breakfast fruit juice, or soup base etc. You’ld be supprised how tomatoes onions and a tin of corned beef can make a base to so many dishes that with a few herbs and spices will keep your taste buds from rebeling.

As for herbs and spices unless you are up on the cheffy side of cooking go for mixed italian herbs, mild curry mix, cayenne / paprika with some “smoked” Worcestershire sauce, chilly powder, mixed spice or all spice. And don’t forget the bulion / stock powders/cubes, they might be high in salt, but they are also high in flavour. If you get it right, even a bowl of vegtable stew can be made to taste “meaty” (fry half the onions on a low heat untill starting to caramalise, fry about a third the carrots till soft, and all the potato cubes untill golden on the out side, use a beef or lamb stock cube).

Fats are the most important food group you have to consume in a long term “Pantry living” life style (they are essential especially when it comes to mental health and cognative ability). Various oils keep well and can have high temprature cooking advantages, I have coconut around because I like some Far Eastern dishes. But as for fats butter is the best way to go as most meat fats we consume these days go rancid in just a few days (it’s a down side of fast grow factory farming, omega 3 for instance is now around 1/25th of what it was in chickens of the 1950’s). The problem with butter is it has both milk solids/sugars and water in it, the more it has the faster it goes rancid it’s why salt used to be added. Especially with cheap butter as this also alows for more of the “waste product” water and milk solids/sugars to be left in adding weight without value thus increasing profit. Also worth noting is many people with “dairy allergies” it’s to the milk solids and in some cases the sugars not the fats they have problems with.

Which brings us to clarified butters, a normal good butter –which need not be expensive– will keep for weeks in a cool pantry and months in a working fridge and almost indefinately in a freezer. But if the power goes out or it’s hot weather you want butter that keeps for a long time. In warmer places “clarified butter” that is “canned” is the way to go, what it is is butter with the water and milk solids/sugars removed, it’s easy to do you just need a sauce pan and a little patience, but “canning” is not something most people do. So you can buy clarified butter in Indian and other Asian food shops as the more refined “Ghee”. If you must have the “full butter” taste then you need to replace the “milk solids” you can do this by warming a small amount of water and adding “powdered milk” –not non-dairy creamer or coffee whitner– to make a skimed milk, you then warm the ghee in a microwave add a little of the milk liquid and whisk it in as it cools[1]. You can take this method all the way to an acceptable cream if you have an old fashioned “cream maker” that turned butter and milk to cream. But if you are baking just add the milk powder to the dry ingredients and use the ghee in the same quantity the recipe calls for butter or other fat.

As for other dairy products, milk just does not keep and even modern technology cannot help much because it can not be realistically frozen just have the fat renoved and be freeze dried into powder, it’s why historically we have yogurts and cheese they can both be made with both fresh and powdered milk. The classic yogurt recipie is “warm milk, add spoon of yogurt, wait, then cool to set and you have more yogurt. Because the secret ingredient like that of bread is a biological agent politely called a “culture”, which eats the milk sugars etc and helps the proteins to change. Cheese can be made with yogurt, but it’s more normal to use a mild acid to open out the milk proteins such as lemon juice or vinegar[2]. We’ve all made jokes about certain “plastic” processed cheeses, well all cheses from cottage upwards are in fact a natural plastic look up casein. The fact that cheese has most of the water and milk sugars removed and has a high fat content is why it can be stored for years in the right conditions (and you can also “can it”). Part of the waste from cheese making is whey, if the fats and protiens are high then it’s called “butter milk”, which can be usefull in cooking meat and baking (you can make your own butter milk by just adding a small quantity of lemon juice or white vinegar to milk before making the likes of soda bread or jerk chicken marinade).

Which brings us to flour, unless you are making risen bread where you want a lot of rise, ordinary flour will cover a lot of bases from thickening soups and sauces through pancakes all the way through pastry biscuits and cakes. The rules are some combination of Flour, Fat, protien/liquid. With the latter being the likes of eggs or milk. The exception is risen bread that like beer is wheat, water, yeast and time. Yeast is a “live agent” and not something that keeps unless you feed it (ie sourdough). However unrisen bread is easy to make as “soda bread” and fairly quick to make basically “mix and bake” for fourty to fifty minutes. Also flat breads can be made with just flour and water, or a more liquid soda bread mix.

Oh one last thing, wheat flour is a pain to make and people hsve allergies to it (around 2% of the population). Much to many peoples supprise you can replace the flour in cake and other recipes with potato… So you can make a quite acceptable carrot cake or even fruit cake with potato, even some soft biscuits or brownies.

If people are wondering how I know this, both my parents fought in WWII they were taught this stuff by their parents when children and my parents in turn taught me most of the above before I was ten. It’s stuff we should all be taught if we ever hope to be self reliant, which is the basis of all security. As for pickles I have to thank a Korean girlfriend from a quater of a century or so ago who due to visa and employment issues had to go back home 🙁

[1] You might see “powdered butter” for sale at eye wateringly expensive prices. All this realy is is clarified butter fats that have been atomized into tiny drops and mixed with an anti-caking agent not unlike chalk and powdered milk. High in calcium and one or two other minerals, but for the price realy low on flavour.

[2] Apple vinegar is easy to make, it’s a basic fermentation process you can do in the kitchen. A similar process is used for making pickles that preserve vegtables the most notable of which is Korean Kimchee, which can and is made at home and will preserve vegtables for six months to a year easily and longer if you know how to “bottle” properly.