Friday Squid Blogging: More on the Giant Squid's DNA

Following on from last week's post, here's more information on sequencing the DNA of the giant squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on January 24, 2020 at 4:18 PM • 76 Comments

Comments

Sherman JayJanuary 24, 2020 4:30 PM

I help people at community computer clinics and I'm always amazed that people in general are so foolish that they load tons of crap on their computers and wonder why it is slow and all messed up. So few seem to look at reviews of software programs or even read the programs system requirements or feature, they just say "that sounds cool, I'll buy it and install it" And, even though many of them have had their identities stolen and lost tons of money, they don't seem to even consider privacy or security.

Sometimes it feels about as rewarding as shoveling sand into the sea.

Year in Review 2019 Everybody’s Watching You: The Intercept’s 2019 Technology Coverage
h t tps://theintercept.com/2019/12/27/the-intercept-2019-technology/

Ring Ukraine News Suppressed at Amazon’s Request, Journalists Say
h t tps://theintercept.com/2020/01/24/amazon-ring-ukraine/
Oh, great, now employees in ukraine can interact with your kids through Amaz0n Ring. /sarcasm much!

The other flight guestJanuary 24, 2020 10:02 PM

@clive: When boarding one of my last flights the woman controlling the tickets and passports was surprised that according to the computer that controls the ticket barcodes we are already inside the plane. But they let is board. Seems like one can effectivy link one ticket bsrcodes to two passports, instead.

name.withheld.for.obvious.reasonsJanuary 24, 2020 11:05 PM

Mosul; Proximity to U.S. Hubris can be Deadly.

24 January 2020: (sourced from independent journalists and Germany documentary film makers in 2020, written by submitter)


Bodies are still among the rubble, an aftermath that is unthinkable. Blocks and blocks of neighborhoods, homes, families, reduced to nothing more than rock and dust. Survivors express the wish to join those that were killed. Corpses remain strewn across the remains of what was a city of over one hundred thousand. The entire town was razed. Plans for twenty five thousand new homes, health facilities, bridges, and some other ten infrastructure elements are in the works.

Shia are again not making room for the Sunni elements within Mosul. A unipolar sectarian hegemony forces people to position themselves in a very contentious struggle for ephemeral boundaries. No rational solution seems to be possible, either by design or by incompetence. The United States is clearly the instrument of their destruction. Prior to the U.S. invasion and occupation, the region had never know such destruction. World War II did not affect the area in any way similar to the effects of the so called "War on Terrorism". The U.S. has successfully delivered the "fire and fury" that it often promises others.

The population is struggling to get basic services; water, housing, electrical power, and honest support. The cultural of lying is eating the lunch of their efforts to rebuild and survive. Maybe they need to build some walls. Cultural buildings of over eight hundred years are turned back to stone. People make imaginary plans to put a door here, a room there, but the ground continues to be covered in rubble. Worse, while clearing the area you find a love one that you thought had been located a year earlier. So tragic, so miserable, so criminal.

The lists of the missing remind one of the Vietnam war memorial on the DC mall. Searches continue for family and friends. Courts are still adjudicating the status of former citizens of the city. Suspended animation, the memories of your children dance in the heads of parents despondent over their losses. Fields are cleared, hectors and hectors of fresh graves and headstones litter the countryside out to the horizon, like a large farm but not for planting crops but people. The rubble of the old city must be removed, I guess this is what Trump means by winning.

Extremism is still problematic; the Sunni and Shia continue to struggle for respect and dignity, their shared misery is nearly guaranteed to continue. The emotional depth to which these people are still experiencing unknowable pain is beyond comprehension. And, the United States sits at the center of this rape and dismemberment. The crimes against those found to be in the vicinity of the U.S. worldwide war of terror is massive in scale and unimaginable in scope. As historians and anthropologists remember the ghosts of the Middle East, a clear picture paints the United States as a harbinger of doom and death, not democracy and freedom. Guess that will show them not to mess with the U.S. (oh, wait, that's right--Iraq wasn't involved in 911, they were are "man in the Middle East").

It is clear to me that the Galaxy Police, of the Milky Way, need to revoke the license to operate the planet Earth, permanently, from those that manage and occupy it.

Clive RobinsonJanuary 25, 2020 1:37 AM

@ The other flight guest,

Technology is a wonderful thing when it works, puzzling for those who make it when it does not.

For most others they see it like door handles, usefull but of no regard when it works, annoying at best when not...

CuriousJanuary 25, 2020 4:43 AM

I found a reference to this on Twitter on Wednesday.
https://twitter.com/kennwhite/status/1220064067727110144

Not sure if the Microsoft text was ever edited or not, I didn't take a copy of the webpage when I first saw it then. I wonder if there was more to the story, because someone seems to maybe think this was for a 14 year period back to 2005 and also having some other implications like customer support data collected from world wide, but the text today doesn't seem to say that. Or, maybe they meant that old data back to 2015 was made available from Dec 5.to Dec 31. 2019.

Seems there was more than one flaw here and the other one perhaps for the longest time, and that maybe only a misconfiguration flaw (exposure) is the ones that dates to Dec 5. 2019.

("Access Misconfiguration for Customer Support Database")
https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/

#1"Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking it very seriously and holding ourselves accountable."

#2"As part of Microsoft’s standard operating procedures, data stored in the support case analytics database is redacted using automated tools to remove personal information. Our investigation confirmed that the vast majority of records were cleared of personal information in accordance with our standard practices. In some scenarios, the data may have remained unredacted if it met specific conditions. An example of this occurs if the information is in a non-standard format, such as an email address separated with spaces instead of written in a standard format (for example, “XYZ @contoso com” vs “XYZ@contoso.com”). We have begun notifications to customers whose data was present in this redacted database."

I wonder what things were unredacted. Maybe not only emails? Sort of sounds like, there was maybe more stuff that could have been in a "non-standard format", maybe phone numbers I am thinking.

AndersJanuary 25, 2020 7:38 AM

bivol.bg/en/gru-hackers-attack-usa-france-ukraine-from-servers-linked-to-bulgaria.html

CuriousJanuary 25, 2020 11:22 AM

Re. my post above.
Ah, heh. I wrote "Maybe not only emails" I meant ofc "Maybe not only email addresses" :|

AmICrazyJanuary 25, 2020 4:57 PM


Some years back the bank I used decided everything would be online; There would now be a $3/month fee for printed bank statements. So I switched banks. Now my new bank is doing the same thing.

Am I crazy for thinking no-printed-statements is a really colossally bad idea?

I keep thinking a banking trojan could sit between me and my bank, as malware on my computer or even merely somewhere on the network. My web browser, or the bank's cellphone app, connects via HTTPS to the bank, but in reality my connection is rerouted to the banking trojan who is also talking over HTTPS to my bank. Classic man-in-the-middle. On the web, on the bank's app, all my money shows it's still there. The malware is editing the data stream to make it so. Meanwhile, quite trivially since the banking malware has all my userids, passwords, account numbers, routing codes, *EVERYTHING*, that malware can redirect my money overseas while making it appear to still be there right down to the interest... Without printed statements I have no way of knowing until my checks start bouncing. Most likely the one to the IRS, since that'll be large.

Everyone at the bank thinks I'm completely paranoid. This can never happen. They have crack people handling security. (Of course those same crack people also just changed my password to the letters of my name & numbers of my ssn, won't let me change it back until I agree to their new open-ended legal terms under duress, and want me to wait two weeks to change it back for logistical reasons. There is secondary security, but sim-swapping will defeat it.)

All I see is a perfect storm for some third world cracker to become an overnight millionaire.

The FDIC may insure my money. But that's only if the bank fails. Meanwhile the bank requires me to report theft within 30 days, theft I have no way of detecting...

Of course, if I can't pay my mortgage or taxes for years while this works out in court, the bank will foreclose on my home and god knows what the IRS will do.

It's all deeply disturbing...

So I ask you all: Am I paranoid? Crazy? Or just the only sane remotely clueful person in the room?

AND BRUCE: If I'm not crazy, would you consider writing & publishing an essay about such vulnerabilities in our banking system? A few years down the road, you might look quite prescient.

p.s. Nor can I take my money out and keep it under my mattress. If you've been following this whole civil asset forfeiture thing... It's almost illegal to possess cash.

FinancialCalculusJanuary 26, 2020 7:10 AM

@AmICrazy

Sounds like $36 annually would be an inexpensive way to solve the issue. You've probably already spent that much in your time researching the integrity of their online system.

ItsAllDownhillFromHereJanuary 26, 2020 10:28 AM

@ AmICrazy

One of our accounts is with Chase bank, of all things, and while they would really like us to do our banking online they allow us to maintain a savings account separate from any ATM access, send us monthly printed statements, and are not too surly when we come into the bank to conduct our business. Don't know if we're being coddled because we live in a rural community with lots of old folks (including us), but maybe you should continue to shop for something better.

@ FinancialCalculus

Please don't recommend that AmICrazy just cave in to the forces of evil. Be a nuisance! Write your Congress critter (if you're in the U.S.) and complain mightily.


myliitJanuary 26, 2020 2:44 PM

@Clive Robinson and other curious people

https://www.wsj.com/articles/pentagon-blocks-clampdown-on-huawei-sales-11579870801

WSJ headline:

“Pentagon Blocks Clampdown on Huawei Sales
Proposed rules making it harder for American firms to sell to Chinese company are withdrawn”

Updated Jan. 24, 2020 7:05 pm ET
The Commerce Department’s efforts to tighten the noose on Huawei Technologies Co. is facing a formidable obstacle: the Pentagon.

Commerce officials have withdrawn proposed regulations that would make it harder for U.S. companies to sell to Huawei from their overseas facilities following objections from the Defense Department as well as the Treasury Department, people familiar with the matter said.”

Stephen WelchJanuary 26, 2020 4:03 PM

Hi all, I have been approached by a Police Officer who is working with neurodiverse kids to educate them about Cyber Crime. She works with kids who have unfortunately been in jail or the ‘education system’ has abandoned them despite them being high functioning in computer code or maths, etc.

In the past she has hooked up mover and shakers from the Malvern Cyber Security Cluster which actually run a SOC with sponsored training for kids who make it into the scheme. Last week she contacted me to build a GCHQ Octapi for an exhibition she is attending and wants to use it for the touchy feely / look kids look what you could really be doing using your skills. It's straightway forward doing the build but what can we do to make it a functional – exciting pull. In the past they have had a Norse style attack map on a big screen and that has worked really well and generates lots of conversation.

Initial ideas are as follows:

1. Password cracking using John the ripper or similar. Leaderboard for the best passwords. Use Rpi Google AIY for OK google crack my password – they read out the password and it gets cracked.
2. An nmap / Nagios style network discovery tool for the internet. Find the nodes / scan them and graph them and the relationships using https://neo4j.com/ Here is an example of something similar.
3. The Pi’s will be mounted on a PCB style diorama and will include sense hats for some graphical representation for the activity of the cluster.

Would welcome any thoughts or ideas from the Schneierites 😊

Thanks

SpaceLifeFormJanuary 26, 2020 5:01 PM

Shut down all international flight.

We do not need a Pandemic.

Won't happen, will it?

It may be too late.


LurkerJanuary 26, 2020 5:15 PM

@AmICrazy

I keep thinking a banking trojan could sit between me and my bank, as malware on my computer or even merely somewhere on the network.[emphasis added]

1. Trojan: how did it get in there? Computer Trojans are named after the Greek legend, the bad guys get invited in by the resident/owners.
2. My computer: has malware? Are you using an unsafe OS? Is your anti-malware protection up to date? Have you recently visited any unsafe parts of the 'net?
3. The Network: there's a point near the wall of your house where the physical part of that is taken out of your control; the software part depends on co-operation between you and the other party.

Sorry if I seem to be saying it's your fault, but you seem to have the added disadvantages of being in the USA and using a US bank. They are widely believed to be the most technologically backward in the civilized world. My bank (in another hemisphere) years ago invited customers to try its online acccount access. Much later it advised that costs required it to charge $3 for each printed statement, and gave the opt-out choice. On the online account page there is an option to print our own statements. The print file is generated by the bank's machine, and a copy is kept with customer records to keep the lawyers happy.

It took a while to find an acceptable user-agent string to stop them asking me to install FireFox, IE or Safari instead of the low profile browser I use. I once got an email from the bank observing that I "appeared not to have logged in" to my account for x months. So I did, once, to keep them happy. I had been doing most of my business on the ATM set in the exterior wall of the bank buiding. God, the horror stories I read about American ATMs make me weep for those poor people.

lurkerJanuary 26, 2020 5:34 PM

@SpaceLifeForm
A few observations: Wuhan is THE crossroads in the middle of China, river, road, rail and air traffic radiate from it like spokes on a wheel. Local govt decided quarantine was too hard, and asking Beijing would be a sign of weakness.

Spring Festival [Lunar New Year] is when people move to be with their family. The rise in prosperity over the past 40 years means a lot of people work hundreds or thousands of kilometres from their hometown. An estimated 400 million people could be on the move this week, last year 1.2 billion train tickets alone were sold for the four weeks straddling the New Year.

Perfect time and place to start a pandemic. You won't stop them eating snakes, bats &c, there's too much myth, legend and traditional medicine supporting their society. Most of the deaths so far are reported to be frail elderly.

During the West African ebola outbreak China sent a germ warfare unit from the PLA. Disciplined and trained for situations like this, but invited by WHO. One can only speculate why they haven't been used here.

vas pupJanuary 26, 2020 5:42 PM

@MarkH and other interested bloggers:

Robot tanks: On patrol but not allowed to shoot:
https://www.bbc.com/news/business-50387954

Below are some extracts, but you'll enjoy reading the whole article:

"When it comes to firing a gun or anti-tank missile mounted on the chassis a human must always be in the loop to decide on the use of lethal force. "We will never give software the capability to fire a weapon," says Keith Mallon.

Team Ripsaw uses a handful of sophisticated visual and thermal sensors to see all around the UGV in day and night. These sensors live inside a gimbal on a mast that can be extended to peer far and wide. The big challenge is to pre-plan a mission and then let the UGV go and do it independently of an operator with radio control. This is where AI comes in.

Again, machine learning is the key, showing the Ripsaw's digital mind a succession of images that build up a comparative picture of the world.

Self-driving cars can be programmed to recognize everyday events from videos. But you simply cannot show a machine real images of every possible situation that might arise in war.

So synthetic training aids, familiar from flight simulators and using hyper-realistic computer-generated images have been brought to bear. These reflect combat conditions. The machine-learning software builds up a library of capabilities as it absorbs images of conflict.

The little tank can open a hatch under its angled front to disgorge a junior robot partner, a smaller tracked machine based on a bomb disposal robot. This scuttles away into confined spaces to look for enemies lurking inside buildings or to detect toxic substances such as nerve agents.

The robot family doesn't stop there. A quadcopter drone can rise from the rear of the UGV to carry out aerial reconnaissance on behalf of its terrestrial team-mates.

This is layered surveillance, keeping manned vehicles well back from danger while a trio of tech-heavy toys spy on threats. Like Titan, Team Ripsaw has an armed option which resembles a smaller version of a normal tank."

MarkHJanuary 27, 2020 4:16 AM

@vas pup:

I'm guessing you thought of me when you read that article, because of my skeptical writings about so-called AI.

It'll be interesting to learn, how training the so-called machine learning software with "hyper-realistic computer-generated images" compares with training in real-world situations. If it seems to be successful, it could be quite a cost saver.

Such systems are highly susceptible to accidental biases in training data. I suspect that computer-generated training data might greatly amplify this bias problem.

As to the product, it might well prove useful for certain applications. Field testing (and, unfortunately use in combat) will reveal the strengths and weaknesses.

As to the pious declaration that "We will never give software the capability to fire a weapon," time will tell. At the end of the day, autonomous killing would be a software upgrade :\

Perhaps we'll need Magnus, Robot Fighter a bit sooner than his scheduled 4000 AD premier ...
__________________________________

People tend to magnify the novelty of computerized stuff. Autonomous killing hardware is not new.

For decades (at least), military forces have deployed delightful gadgets like naval torpedoes which can roam until they detect a target, at which they then aim; or air-dropped cluster munitions which spin as they descend (a little like the seed pods of certain trees) until their sensor systems match on a supposed vehicle, which they then incinerate with a jet of super-hot copper.

Earlier than that, land and sea mines have been deployed in astronomical numbers, which autonomously wreak death and destruction on the basis of mechanical contact, vibration, magnetic fields and the like. The U.S. has shamefully refused to participate in international efforts to ban land mines.

In southeast Asia, punji sticks (easily deadly, especially when coated with toxins or feces) have been used for centuries, if not millennia ...

Computerized autonomous murder may prove to be even worse ... after all, the computer is the only known machine which can make millions of mistakes in one second! But killing people without a "person in the loop" is no novelty.

MarkHJanuary 27, 2020 5:03 AM

@SpaceLifeForm:

Both national and international public health organizations (like the CDC in the U.S., and the WHO) have been analyzing, planning and preparing responses for dangerous outbreaks of novel infectious diseases for at least a couple of decades now.

I haven't studied this process at all, but there is probably a fair amount of online information concerning emergency response plans. The new coronavirus outbreak (2019-nCoV) will, perhaps, serve as another operational test.

However, it's worth remembering that recent outbreaks of ebola and zika have provided opportunities to apply response plans, learn what worked and what didn't, and thereby improve the plans for greater effectiveness.

As of Sunday, not more than five cases had been detected in the U.S., with no evidence of person-to-person transmission here, but these numbers are sure to change day by day.

China has significantly improved its reporting of relevant data compared to previous outbreaks. I think there are already ballpark estimates of the number of infected persons (which of course is much greater than the number of identified infected persons), and the rate of spread.

Probably, response plans have varying levels of action depending on these parameters.

There's some good news (though all subject to revision, this being early days):

• the case mortality rate appears to be just a few percent

• sickness and mortality for people younger than middle age appears to be particularly low

• the 2019-nCoV genome has already been sequenced, which will speed the development of vaccines (though vaccines will need from a few months to more than a year to field)

• doctors are trying various medicines and combinations thereof in the search for best drug therapies for those already ill

Compared to other outbreaks combining high degrees of contagiousness and danger, 2019-nCoV may prove comparatively easy to contain.

windbourneJanuary 27, 2020 10:08 AM

Hopefully, you can answer a few questions (Which I am going to spread out over a couple of postings). Right now, CONgress is all over Social media to solve the issue of their voters being manipulated (Few have noticed that the politicians have not cared until THOSE politicians were impacted). And now, politicians are wanting to hold social media accountable.

This is due to the use of Bots, Ads, etc. Likewise, Social media has become a nightmare of personal attacks, due to bots, but also due to a real lack of personal responsibility. For example, I can use A.C on /. and attack at will. On other sites that require logons, all I have to do is put in fake names and I can create numerous logons. IOW, it is no different than having an A.C. And with ISPs not moving to static IPv6 IPs, it makes it trivial for logons to hide who they are, assuming that you know just a little bit about the net.

Sadly, Elon offered up a solution, but of the EXACT OPPOSITE that was needed, OR offered up only part of the solution. IOW, he said ID the bots, which is just like chasing computer virus. Big mistake.


Then we have absolute stupidity of businesses trusting regular e-mails, etc.
https://www.denverpost.com/2019/12/30/erie-victim-financial-fraud-parkway-bridge/

To be honest, we SHOULD be able to trust e-mails as much as we trust voices, etc. BUT, a needed security system is not fully in place nor being used. It is seen as too much of a hassle and OS/apps have not joined into this.

So, what can solve all this? Digital security certificates. I should be able to obtain a personal DSC and Social Media, along with transfer apps (i.e. emails, IM, etc) should be able to use these. Take the above example of the e-mail being used to scam Erie Colorado. Had they required a DSC from the company AND the employee, then it should have been OK (personal DSC says that this person is requesting action, while company DSC confirms that said person is currently employed and has permissions ).

Likewise, Social Media should use multiple levels of authentication/authorization of personal DSC to confirm who I am.
For example, I should be to send a DSC that says I am taylor swift (assuming I am), along with the unique ID that IDs me. OrI can send a fake name, such as ABCD, but again, using the SAME unique ID, that IDs me. This way, taylor swift can choose to submit different authentication, but still be IDed by a unique ID #. That unique ID#, allows a social media to permit/deny you. Likewise, the logon name would then be used by other logons to decide wether to allow you to read their stuff, or not.

BUT, there is a SERIOUS problem with this. If I can obtain Taylor Swift's DL, or even create a fake one, I can pick up a DSC as her because none of this was VETTED. So, yes, it is possible for a 60 y.o. obese fat man can pretend to be Taylor swift. And how easy is it for China, Russia, North Korea to do the same? TRIVIAL.

So, Yes, we need to vet all of this in person. When I go for initial DL/Passport, I AM vetted either by state DL office OR by post office for passports. In each case, there is more that goes on, but the connection of a person's face/body is vetted by somebody in 1 of those offices. How can we vet DSCs? In America, we can have the USPS offer up VETTING for say $20, or as part of obtaining a passport. USPS can vet the ID, then send in copy of the ID, along with users information, such as who they claim to be, and then turn over 10 public keys, OR have the USPS generate 10 public-private keys and turn the private keys over to the said individual. Then either USPS turns information over to 1 of several other C.A. companies, OR becomes a C.A. themselves and simply handles that.

In addition, we would then need other nations to figure out how to vet their DSCs. For many of them, their PO might actually work. In nations like China which is loaded with state offices, then Chinese office would then handle it themselves (in fact, China would likely require that they handle public-private key as well).

Note that Politicians can then require that Social Media political ads by done ONLY by citizens from that nation. So, if I am listed as US citizen, but am in UK, I can not buy a political Ad there. Likewise, if the subject is about politics, then the social media may wish to show the national flags of each poster. What is interesting is that once social media has figured out who is human (and what nation), it becomes MUCH easier for social media to also figure out bots.


I have tried talking to politicians about this, but they believe that it is easier to solve just by passing on the blame to social media.
However, somebody like YOU could push this.

Clive RobinsonJanuary 27, 2020 10:16 AM

@ SpacrLifeForm,

Shut down all international flight.We do not need a Pandemic. Won't happen, will it? It may be too late.

If you shut down international flight it cripples the world economy and causes some strange weather effects. Is what we found out after 9/11 and simillar with the Volcanoe in northern europe a decade later. Then there was by comparison the minor problem of the grounding of Boeing 737's causing major problemd air transport wise causing economic knock on effects.

Thus politicians who are aware of these problems especially as the world economy is fragile currently, do not want to do this, a world recession is not what the "sane politicians" want.

As for a pandemic, we are going to get one at some point it's not an "if" but a "when" the reasons are both many and complicated but as has been put once before "If humans keep poking sticks in hornets nests we are going to get stung". We are damaging way to many "natural ecosystems" way to quickly and their are some real nasties in those places that are still undisturbed. If you stir them up they have no place to go other than into the human domain where the nasties can jump spieces quickly and easily in the 2nd/3rd world environments where people are poor and medical fascilities at best rudimentary...

So yes it's probably to late to stop pandemics, that realy are only a century old, so mankind realy has no inbuilt defences. Almost certainly when it happens it will be human transmisable, airborne, that will be infectious by ingestion or more likely inhilation, it's why the flu and cold family of viruses make the likes of the CDC twitchy. Especialy as a common mutation or intermediary host is pigs that after fowl are one of the most common meat sources in the world both of which essentially "cohabitate" with large numbers of humans in Asia and other parts of the world.

But is the "China breakout" going to turn into a pandemic? Well the odds are actually low, and even if it does those in the West and other First world nations are considerably less likely to be infected.

The problem with a new human disease is it largely goes undetected unless it realy hurts people this can be seen from the number of pig to human flu viruses that never get serious news even though they sometimes do effectively become epidemics. That is we realy don't see the mild flu and cold viruses as anything more than a seasonal anoyance of "the sniffles" or "man flu".

The first signs are people getting refered by community doctors to hospitals and self admissions to hospitals with respiritory or similar distress. Thus the initial mortality rate is high as they have received no treatment and only the critically effected are turning up at hospital, so the size of the real infected popultaion is unknown. For the current China "cold family virus" the mortality rate was at one point up near 20% but has since dropped. One of the reasons for a rapid quarantine is actually not to stop the geographical spread of the disease as much as it is to slow the spread down to alow time for the medical community to catch up and find effective treatments for the "at risk groups"[1]. That is you stay indoors and interaction is limited to family and essential activities.

As the medical proffession get on top of the disease the nature of the disease and who it effects and how baddly gets quantified and treatments develop as vaccines are unlikely to be available or effective in the first three to six months. Although modern computer techniques are shortening this period, production still remains an issue.

Which is why most first world nations have large stocks of antibacterial and in more modern times anti-virals. However anti-virals are quite problematic, they only have a short opportunity window and gauging when that is going to be of best effect difficult. Which is why alternative drug therapies are almost always sort out as quickly as possible.

The other thing that is sort out as rapidly as possible is "first symptoms" usually by the time you feel unwell enough to go to a doctor it's to late the disease has a significant hold on you[2].

Thus the "time gap problem" if you don't know what to look for, then even unrelated infections can be mistaken for the unknown disease. Which is actually doubly dangerous, because you can miss people in the early stages or treat them inappropriately for the disease they do have.

For the purposes of stoping infected travlers you realy do have to know what the first signs are, otherwise those that have been infected without having been to an infection area can get through the cordons. Thus in thr first few hours or days, there is little or nothing that can be done other than a hard quarantine enforced by sufficiently punative measures. Which nobody want's to do unless realy necassary because amongst other things it creates panic which gives rise to desperation and the exact opposite of what you want to achieve.

Look at it this way, do you realy want soldiers and others in NBC or level 4 cloathing pointing guns at you? Nope me neither it only takes one nervous individual to make it ruin everyones day.

Which is why in the first stages you are more likely to see the "Swan effect" in action. On the surface every thing will look serene, whilst underneath the authorities are milling around like the swans feet. Then when they have something to act on they can put measures in place and activate them. Till then polite smiles and pleasantries are the order of the day, just a more rigourus noting of where you are staying details but otherwise less hassle to keep people appart is about all you will see on arivals and the like.

[1] Normally the at risk groups are not in the economically productive age range unless they have existing chromic disease or habbits. So if you smoke you are almost always going to be in an at risk group for respiritory or circulatory diseases be they viral or bacterial. Likewise other habbits like the excessive consumption of alcohol and coffee, what is not clear is if it's the substances or the stress that makes people take them to excess that causes the risk. Likewise the use of antideptessents and long term use of NSAIDs and CNS painkillers, the simple fact is stress is a known often chronic condition that weakens your immune system that on it's own will kill you at some point earlier than you should die. But stress also causes other high risk chronic dieases diabetes, high blood preasure, cloging of the arteries etc etc. In fact virtually every "affluence disease" has stress as the root cause. Most often stress is a function of the way we live in the modern world, and why increasingly health care is being devoted to it at vast expense. For instance it's becoming recognised that the likes of chronic back pain are not actually physical, but the manifestation of mental stress causing physical tension, in some cases the "grinding your teeth / jaw clenching" of human interaction, that awakens the fight or flight mechanisum in the workplace and home. That is the cure is gentle physical excercise to ease the physical tension and burn the stress hormones along with where possible changes in life style.

[2] Having suffered from sepsis (blood poisoning) which has a high mortality (25%) it shocked me as to how fast I went from mild cold/flu like symptoms to uncontroled loss of bodily functions through to back breaking spasams as my brain started to get soft boiled, then into severe sepsis (30%) and the first signs of septic shock which has a mortality rate over 50% or 10% increase per hour prior to effective antibiotic treatment, and is apparently rising in the first world. Luckily the hospital got on top of it and it did not progress to "Disseminated Intravascular Coagulation" (DIC) which I'm told is more commonly called unoficially "Death is Comming" by nurses and other medical staff. In essence DIC is where the cloting pathways of your blood become activated and blood clots form throughout the body thus oxygen flow stops and you die. Anyway eight days of quite painfull and eye wateringly expensive IV abtibiotics later, I got released on "good behaviour" with stern warnings about not ignoring what I thought were minor symptoms...

windbourneJanuary 27, 2020 10:23 AM

part 2 of the preceding.

Ok, I just ripped on Social Media, as well as E-Mail, and the use of vetted DSCs for solving issues with these. But, one of the issues that we have is a REAL LACK of security on these, esp. on our e-mail, IMs, etc. The lack of security end2end on all of this has created a nice situation for scammers, foreign nations and even our own nations to obtain anything they want. Sadly, the terrorist/foreign agents/criminals, already use major security to hide from government agents and well, each other.
Now, we could get politicians to require security, but we all know here, that will never happen. Nor should it. But there is another way to get this to happen.
Sadly, many ppl who either do not understand the situations OR work for one of the bad guys, will run around screaming that NSA/CIA/DIA/etc are trying to break into your system and push the solution that they be PREVENTED from going in. Of course, the vast majority of those cracking our systems are NOT US government. It is the scammers/terrorists/foreign/agents/criminals/gray/white/etc. So, how do we get security to happen on OS/apps?

Simple, pass a law that says that US government should treat computers in the same fashion that regular mail is treated. US goverment can look at post cards. Why? Because they are clear text part of the way. Technically, anything in a seal envelope is not to be seen without a warrant. So, lets require the same for computers.
US government can see the data without a warrant IFF any part of it is clear text OR below a certain level of security. That means that if you send it fully encrypted, then the government needs a warrant. If you use ROT13, then US government can read it without a warrant. A simple bill like this, would cause ALL OSs and Apps to run secured systems. That would stop many stolen items.

Thanks for your time.

Impossibly StupidJanuary 27, 2020 1:02 PM

@AmICrazy

Am I crazy for thinking no-printed-statements is a really colossally bad idea?

Yes. Security is a process, not a product. There's nothing magical about paper. There is nothing particularly timely about auditing monthly statements.

I keep thinking a banking trojan could sit between me and my bank, as malware on my computer or even merely somewhere on the network.

That has nothing to do with printed statements. What you really are seeking is an independent audit trail, to whatever extent you can define "independent". You could always just use a separate, more hardened device on a different network to check the account. You could probably verify the balance at any ATM, or stop in at a local branch and ask a teller. It's possible you can set up a way to get push notifications when there is account activity. To the paranoid, all those channels could also be compromised, but you really have to think about the odds of that happening compared to whatever liability you face as a consequence of that kind of grand conspiracy.

that malware can redirect my money overseas while making it appear to still be there right down to the interest

That's a pretty sophisticated spoof. Is there any evidence that such a thing has happened to anyone? What reason do you have to believe that your financial accounts are so absolutely special that you'll be one of the first targets of that kind of operation?

Meanwhile the bank requires me to report theft within 30 days, theft I have no way of detecting...

If such an extraordinary thing ever did happen, no bank that wants to survive would ever think of trying to blame their customers for it, and you'd almost certainly win if they tried and you sued them for it. It's not the kind of thing that would take years to figure out, either. Realize that the security of financial transactions are taken more seriously than the security of electronic voting. That doesn't mean it's 100% error-free, but you have not proposed any realistic flaw in the process that could result in the fantastical scenario you describe.

@Stephen Welch

It's straightway forward doing the build but what can we do to make it a functional – exciting pull.

Um, maybe stop lying to the kids. If you don't actually have a compelling use for the technology, don't pretend you do. Don't pretend you have a use for their skills if you don't. As a software developer, one of the most insulting recent movements I've seen is the "Everybody Can Code" bandwagon. It's not only dismissive of those of us who have decades of experience in the field, it harms the self-esteem of kids it targets who aren't particularly skilled in that one narrow aspect of STEM learning.

Would welcome any thoughts or ideas from the Schneierites 😊

Figure out what the kids actually are interested in. If there's a legitimate intersection with the kinds of things you are doing with technology, great. If not, hook them up with someone who can actually help with their future development. The last thing they need is yet another adult who just ends up letting them down.

Sherman JayJanuary 27, 2020 1:57 PM

As Bruce's newest headline points out:
Modern Mass Surveillance: Identify, Correlate, Discriminate
https://www.schneier.com/blog/archives/2020/01/modern_mass_sur.html

here is another article on that new attack on privacy and security:

The Rise of Smart Camera Networks, and Why We Should Ban Them
ht t ps://theintercept.com/2020/01/27/surveillance-cctv-smart-camera-networks/

" Private businesses and homes are starting to plug their cameras into police networks, and rapid advances in artificial intelligence are investing closed-circuit television, or CCTV, networks with the power for total public surveillance. In the not-so-distant future, police forces, stores, and city administrators hope to film your every move — and interpret it using video analytics. >>>> The rise of all-seeing smart camera networks is an alarming development that threatens civil rights and liberties throughout the world.

REMEMBER, if you even just walk past a house with one of those amaz0n ring spy cameras on the front door, you have had your identity stolen! And, through their 'snitch network' they can report you to the police for anything they want to make up!

George Orwell is laughing his a$$ off from his grave!

CuriousJanuary 27, 2020 3:15 PM

("Leaked Documents Expose the Secretive Market for Your Web Browsing Data")
https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation

I've been waiting for something like this to show itself. I use a lot of different browsers, including Avast's "safe browser". I am guessing that this is about the browser, or, maybe their browser is just an extension of the whole Avast anti-virus software.

"An antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world's biggest companies, a joint investigation by Motherboard and PCMag has found. Our report relies on leaked user data, contracts, and other company documents that show the sale of this data is both highly sensitive and is in many cases supposed to remain confidential between the company selling the data and the clients purchasing it."

"Instead of harvesting information through software attached to the browser, Avast is doing it through the anti-virus software itself."

&

("Senator Warner Says FTC Not Doing Enough on Sale of Browsing Data")
https://www.vice.com/en_us/article/7kzxzy/senator-mark-warner-ftc-not-doing-enough-on-browsing-data-avast-antivirus

"On Monday Motherboard and PCMag published a joint investigation which found hugely popular free antivirus Avast is harvesting and selling its users' browsing data to some of the biggest companies in the world. In response, Senator Mark Warner said the Federal Trade Commission (FTC) is not doing enough to police this sort of data selling."

"No consumer would realistically have an inkling that their antivirus software could be selling their browsing data," Warner added. "It’s increasingly clear that the FTC hasn’t kept up with how these markets for data operate, and appears to be unwilling to use its authorities to do so. Congress can’t afford to ignore these issues any longer," the statement read"

CuriousJanuary 27, 2020 3:21 PM

To add to what I wrote:

I haven't yet read all of it, but I don't understand if the story is about Avast keeping track of your all browser history on your computer, or just the Avast browser one.

Btw, the Avast browser has its own root certificate I think, which shows up when you visit Youtube.

Presumably, Avast overlooks all your email as well, because it has a "mail shield" in the package that you can turn on/off.

SpaceLifeFormJanuary 27, 2020 3:33 PM

@ Impossibly Stupid

"Yes. Security is a process, not a product. There's nothing magical about paper. There is nothing particularly timely about auditing"

So paper is not useful?

See Bush v. Gore, hanging chads.

How did that audit go?

Was it in a timely manner?

No repercussions today?

How have those paperless voting machines been working for you?

Are you sure your vote was counted?


SpaceLifeFormJanuary 27, 2020 4:02 PM

@ Clive, lurker

"If you shut down international flight it cripples the world economy "

Well, the world economy is not in great shape to start with at this point, and somehow, the markets are concerned also and basically agree with my point.

I'm not sure that stopping international flight (maybe just a week or two) would be worse on the world economy than pandemic.

Pandemic can definitely be worse.

China has already captured the virus. Whether an antivir can be formulated quickly, tis the question.

But, history tells us: Isolate those infected immediately.

Clive RobinsonJanuary 27, 2020 4:03 PM

@ myliit,

The BBC has had several news items today over this,

https://twitter.com/SecPompeo/status/1221485901525803008?s=20

So it would apear "The Commander in Chief's right hand moan" is out of touch with what is going on.

The reality is that Huawei can do as much or as little damage as any other backbone provider.

But in Europe and most other places the US included service providers nolonger have any expertise in the infrastructure, they outsourced all of that more than a decade ago, to save the costs of labour. It's why the likes of the NSA&CIA have been able to steal national networks for years and sometimes getting caught (Greek Olympics fiasco).

The solution as GCHQ knows and has in no uncertain terms told the US is to segregate certain core functionality as a "National Infrastructure of National Security importance" then the rest matters not a tinkers cuss who provides it.

In fact the best option for the non core is a single provider, because you don't get network edge effects where vulnerabilities due to slight incompatabilities end up with cludges that are as good as being vulnerabilities.

The fact the US Executive are ignoring this tells you without doubt that it is a political decision made without real reason...

Unless that is you subscribe to the theory which some do that the US want's Europe to only implement systems they know they can walk through to their hearts content, which most people don't realise is not true of Huawei equipment.

As I've pointed out before Huawei actually design and manufacture to a higher standard than their rivals. Simoly because they agreed to let the UK Spooks attached to GCHQ examin both hardware and software under an agreed protocol.

It turns out the ones breaking the protocol were not Huawei but GCHQ who abused the process to do "training" of staff a number of whom were not of UK origin, but other Five-Eye partners.

Turns out Huawei "called" them on this so the IC decided to play rough, so hear we are today with those who have actually looked into the issue realising the reality of the situation and not the political stupidity comming out of certain "kiss-A" entities...

Oh and as others have pointed out Trump and Co demand the impossible and push it. When they get told "Stupido" they back off and claim great success in public to the US population.

The trouble is we have even more stupid and timmerous politicians in the UK who say realy stupid things in public whilst stuffing their noses in the crack of other idiots to climb the greasy pole rather than think for five seconds about genuine "National Interest" and genuine "National Security" tempered by a commercial reality they realy have absolutly no control over only can make at best advisories to...

This is in part of the stuoisity of starting in on the "Free Market" mantra of the 80's and three decades of effective downward spiral. Instead of opening up market competition it's closed the market down to a tiny number of now "to big to fail" service and backbone providers who very much like the banks are now "too big to fail" because of the effect that will have to the economy...

As GCHQ identified and advised there are certain core functions that in the National Security interest have to be controled, the rest you have no chance controlling unless you compleatly re-nationalise the Telco industry and spend the next three degades slowly getting rid of foreign companies if and only if you can build up sufficient competence and manufacturing base. That is not going to happen unless you put it on "a War Time Footing". The result of course is R&D will not happen and the rest of the world will move one a technology generation or two every three years and the National Interest will lose out in less than one technology generation and fall rapidly behind from that point onwards.

Thus the game the US Executive is playing is a "lose-lose" one based on hubris and impossible promises. And it appears the US DoD is happy to make this clear to their commander in chief, if no one else is.

Not JokingJanuary 27, 2020 4:17 PM

From https://chrome.google.com/sync :

Encryption options
For added security, Chromium will encrypt your data.

(x) Encrypt synced passwords with your Google username and password
(o) Encrypt synced data with your own sync passphrase. This doesn't include payment methods and addresses from Google Pay.

Bruce, you are the original author of Password Safe.

https://www.schneier.com/academic/passsafe/
https://pwsafe.org/

How do you (and/or your readers) assess the security of Google's mechanism for "synching" passwords on the Chrome browser among multiple devices owned by the same user?

Especially considering this is not always optional in all cases, without any clear legal claim or title to a particular Google account or human intervention to restore lost or hacked accounts to their rightful users?

Impossibly StupidJanuary 27, 2020 6:45 PM

@SpaceLifeForm

So paper is not useful?

When you come out of the gate with a straw man like that, I'm not sure how much point there is in bothering to address your concerns. Regardless . . .

Are you sure your vote was counted?

Paper is not a panacea. Past elections have been rigged in so many different ways that, no, I'm not 100% sure my vote gets properly counted regardless of how it is cast. Again, it comes down to whether or not the process is relatively trustworthy. There are ways to do that electronically, just as there are ways to undermine trust even when paper is involved.

CuriousJanuary 28, 2020 3:24 AM

Found on twitter:
https://twitter.com/dcuthbert/status/1221833874977820674

("Fortinet removes SSH and database backdoors from its SIEM product"(
https://www.zdnet.com/article/fortinet-removes-ssh-and-database-backdoors-from-its-siem-product/

"SIEM stands for Security Information and Event Management (SIEM) and is a type of software used by cyber-security teams.

"SIEM software can be a cloud-based system or a locally-running server. FortiSIEM, and SIEM products as a whole, work by aggregating data points from different sources, such as operating systems, applications, antivirus, database, and server logs. The role of a SIEM product is collect and analyze these vast swaths of data points for abnormalities or known indicators of a security breach -- and then alert a company's security team."

"FortiSIEM has a hardcoded SSH public key for user 'tunneluser' which is the same between all installs," said Andrew Klaus, the security researcher who identified this issue."
&
"This patch removes a hardcoded password from the FortiSIEM database component that could allow attackers to access the device database via the use of static credentials."

"Yet, to exploit this issue, an attacker first needs access to a company's internal network."

CuriousJanuary 28, 2020 3:58 AM

Found on twitter, apparently there is a new Intel cpu vulnerability, given the name:

CacheOut (CVE-2020-0549)

https://cacheoutattack.com/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0549

From their webpage:

"Leaking Data on Intel CPUs via Cache Evictions"
"We present CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. We show that despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data."

"Moreover, unlike previous MDS issues, we show in our work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available. Finally, we empirically demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves."

There is a FAQ section on the first listed website that might be of interest.

Clive RobinsonJanuary 28, 2020 5:46 AM

@ Curious,

apparently there is a new Intel cpu vulnerability

And the hardware fault Xmass gift that keeps giving, gives yet again...

It looks on track to keep giving for atleast the next 3-4years or so.

Eventually people will realise that CISC designs with more "go faster stripe" logic than ALU and basic control circuit logic are not worth the house room they get given. Just about every modern CPU chip comes with a hardware erata list the size of a book. Which alone should tell people the complexity is way above a functional let alone secure point.

But worse, it is mostly a waste of silicon real estate, which could be used more productively, it is also as it's "go faster stripe" logic "for marketing specmanship" running at full tilt, thus power hungry creating more heat and with lower reliability over all...

But at the end of the day "cache leakage" is something that will always be exploitable in some way. But the performance improvment for cache is orders of magnitude. Thus we need to rethink the way we design computers such that what can not be fixed can be properly mitigated.

Currently the only way to mitigate these hardware insecurities is by segregating the computer securely from all communications paths (energy gapping). Then use a minimal bandwidth mandated and instrumented gap crossing method.

The down side of this is more subtle than just lost comms ability, the only real way forward for computing is "parallel computing" without high speed and efficient comms links it bexomes significantly limited.

Thus there is a very real engineering issue to solve and solve fairly quickly, and I realy don't think Intel are upto it any more, they've lost focus and are resorting to gimmicks and quick hack fixes that fail like security enclaves.

gordoJanuary 28, 2020 1:17 PM

Off topic:

Singer-songwriter Neil Young on the poor quality of digital audio, specifically on MacBook Pro as recording device:

It’s a piece of crap. Are you kidding? That’s Fisher-Price quality. That’s like Captain Kangaroo, your new engineer. A MacBook Pro? What are you talking about? You can’t get anything out of that thing. The only way you can get it out is if you put it in. And if you put it in, you can’t get it out because the DAC is no good in the MacBook Pro. So you have to use an external DAC and do a bunch of stuff to make up for the problems that the MacBook Pro has because they’re not aimed at quality. They’re aimed at consumerism.


That’s what Steve Jobs told me. He told me that exact thing: “We’re making products for consumers, not quality.” So they don’t want audio quality. They don’t want to spend a lot of time on that. Audio quality — for your reference and for anybody else that’s listening — is deeper than visual quality.

You can look at things and think you’re seeing everything with a hi-res whatever you’re looking at in a picture. But true audio dimension is so deep, and there’s so much data there if you want to capture it all — in the echo and the softness and the loudness and the difference as things are decaying and getting smaller and smaller as they go away. That’s part of the beauty of sound, and the beauty of music based on that is that you can hear all of the detail.

Now, when you talk about doing that on a MacBook Pro, it makes me barf. This is where we are.

https://www.theverge.com/2020/1/28/21091655/neil-young-podcast-vergecast-interview-phil-baker-book-pono-hi-res-audio

SpaceLifeFormJanuary 28, 2020 1:49 PM

Keep an eye out for multiple Win7 updates on 2020-02-11

Doubt this will be the only one.

hxxps://betanews.com/2020/01/27/windows-7-black-desktop-fix-2/

MS: "We are working on a resolution and will provide an update in an upcoming release, which will be released to all customers running Windows 7 and Windows Server 2008 R2 SP1."

SpaceLifeFormJanuary 28, 2020 3:07 PM

7.7

The earthquakes, the volcanism, are just starting.

I have to wonder if Homo Sapiens will have to even deal with more leap seconds.

Global warming.

Conservation of Angular Momentum.

The Planet Earth will conserve Angular Momentum.

Water is moving towards the Equator.

To Conserve Angular Momentum, rotation will have to slow. Think about the spinning ice skater.

Which would mean more leap seconds.

But, invisible things are happening under your feet.

The magnetic poles are moving.

Weight of Ice on Terra Firma is dropping.

SpaceLifeFormJanuary 28, 2020 4:41 PM

Why did this guy not ask to talk 'in camera' ?

Maybe the Judge would have dismissed.

hxxps://www.newschannel5.com/news/sheriff-says-it-was-one-of-the-craziest-things-ive-seen-after-watching-inmate-light-joint-in-court

Stephen WelchJanuary 28, 2020 6:36 PM

@Impossibly Stupid

Um, maybe stop lying to the kids. If you don't actually have a compelling use for the technology, don't pretend you do. Don't pretend you have a use for their skills if you don't. As a software developer, one of the most insulting recent movements I've seen is the "Everybody Can Code" bandwagon. It's not only dismissive of those of us who have decades of experience in the field, it harms the self-esteem of kids it targets who aren't particularly skilled in that one narrow aspect of STEM learning.


Figure out what the kids actually are interested in. If there's a legitimate intersection with the kinds of things you are doing with technology, great. If not, hook them up with someone who can actually help with their future development. The last thing they need is yet another adult who just ends up letting them down.

"Finding out what they want" - is something I hadnt thought of, Ha! Will make some calls.

I think though that something "technical" will fit well here as Regional Cyber Crime Unit works closely with children / young adults that can already code and indeed some of them are actually undergoing a 'rehab' process to show them normal computing can be as interesting as cyber crime or indeed interesting as preventing it.

Thanks

ThothJanuary 28, 2020 6:49 PM

@Clive Robinson, @EU readers, @all

While we are trying very hard to fight the Wuhan virus in Singapore, our dear government have been happily issuing censorship directives to shutdown spread of what they deem as fake news (just like China).

They have been issuing more POFMA (censorship) directives within such a short timespan during the occurance of the Wuhan virus compared to the normal issuance in the past and they are continuing to happily spam more POFMA directives at its own citizenry.

It is sad that we are highly likely to go down the same road as China.

EU and I am not sure if UK is going to adopt anti-fake news law (a.k.a new name for censorship directive) which @Clive Robinson if you have any idea of such laws in UK, it is probably a taste for our European readers to understand the impact of EU's anti-fake news by simply looking at authoritative regimes (i.e. Singapore, China, Russia et. al.).

Looking at the increased frequency of the SG Govt issuing censorship directives at Facebook and other websites.

We also have to note that SG Govt attempts to extend it's legal jurisdiction to neighbouring Malaysia by issuing Singapore POFMA directive at Malaysian owned websites and lawyer group.

Any of us would have figured out that different jurisdictions have different laws and each jurisdiction does not influence or have the ability to force another jurisdiction and as we can see the censorship directive issued to Malaysian legal group's website is highly likely to be illegal and non-applicable.

To top it off, the SG Govt issued an order for Internet Service Providers to explicitly filter out and block the website from SG access.

While TOR is not perfect and the Lawfare blog have explicitly attacked the Hidden Service feature in TOR, the ability to make information censorship resilient is highly critical for our democracy even if the information may not be true.

The better way a government can address untrue information (in their perspective) is to acknowledge the vastness of the Internet and of the freedom of expression and rights especially of contents posted and made outside of their legal jurisdiction.

Also, rather than censoring parties for their deemed untrue information, the governments should be much more open and transparent to use transparency and data to counteract effects of what is deemed untrue information rather than to use heavy handed methods of censorship.

@Clive Robinson,

Maybe an improved censorship resistant and strongly psuedo-nonymous network for file and data replication could be highly useful. I can imagine the use of the Inter-Planetary Filesystem (IPFS) as the base for data replication and redundancy and on top of it build a Fleet Broadcast communication protocol with file exchange protocols for pseudo-nonymous exchange of files and file replication on top of censorship resilient replicating protocols like IPFS to equip a Fleet Broadcasting IPFS construct as a way to enhance the current IPFS protocol.

The current IPFS protocol communication is Point-to-Point in a P2P context and thus the replication commands even if they were strongly encrypted can still be observed with network inspection and the equipping of Fleet Broadcasting capability will slow the IPFS down somewhat but will make it much more resilient to network inspection even on an ISP level.

Links:
- https://www.channelnewsasia.com/news/singapore/wuhan-virus-moh-pofma-correction-direction-facebook-12361810
- https://www.channelnewsasia.com/news/singapore/wuhan-virus-moh-gan-kim-yong-instructs-pofma-issue-correction-12352752
- https://www.scmp.com/week-asia/politics/article/3047550/malaysian-watchdog-accused-singapore-brutal-execution-methods
- https://www.scmp.com/week-asia/politics/article/3047119/singapore-uses-fake-news-law-against-malaysian-watchdog-alleged
- https://www.businesstimes.com.sg/government-economy/malaysian-rights-group-sues-singapore-minister-over-fake-news-directive
- https://www.channelnewsasia.com/news/asia/pofma-singapore-malaysia-lawyers-for-liberty-shanmugam-execution-12322456
- https://www.thestar.com.my/news/regional/2020/01/24/malaysian-rights-group-sues-singapore-minister-over-false-news-law

ZaphodJanuary 29, 2020 1:18 AM

Huawei to (continue) to supply UK 5G equipment
====================================

I'd be interested to hear Clive's thoughts on this matter. Others may chime in too!

Over to you Clive (and best wishes).

Zaphod

Clive RobinsonJanuary 29, 2020 2:31 AM

@ SpaceLifeForm,

Why did this guy not ask to talk 'in camera' ?

Well for a second charge of possession and ten days for contempt, he's sent a message out to the world... not just that but his name is as well.

As they say in marketing "Money just can't by you that sort of coverage".

But the man has a point the science is against the politicians and their "money hungry war on drugs". I'd take them more seriously if they made these three illegal,

1, Tobacco.
2, Alcohol.
3, Caffeine.

For which there is more than sufficient evidence that they are "gateway drugs" and their cost to society is immense, something like 50% of "affluence disease" is directly attributable to them or they are co-contributors. Likewise mental health disorders, premature death, increased violence, increased crime, increacex accidents, lost productivity etc etc. Oh and of course the "s word" disfunction where hopes may be up but not much else is...

But to be honest, it's not the drugs themselves that are the problem, it's the people who use them...

So it does not matter what you make an illegal substance people are just going to find new ones to abuse themselves with. If nothing else it will be food something a chunk of industry actively encorages by trying to make food addictive...

And it's not very difficult. A little experiment for you. We know that chocolate and high sugar both cause emotional changes due to hormone changes in the body that have been measured. Our brains are wired to consume calories and be emorionaly comfortable. It's why we call it "commfort eating" when you consume more than your daily need for carbs in the half hour it takes to eat a packet of choclate biscuits[1]. We also know that adding salt to caramel and similar sugar mixes makes them much more appertising... But so do mint --easy breathing-- and ginger --warm feeling-- especially when mixed with sugar as "Kendal mint cake" or similar and "preserved ginger in syrup or crystallized". Plain biscuit mix is actually not that nice to eat it's alnost the reverse of bread mix, in that adding back more of the germ and fiber from the likes of oats makes biscuit mix more desirable.

So back to the experiment. Using a rough crumbly oat digestive biscuit mix[2] and add in preserved ginger, it's syrup and a little ginger powder to give heat. When cooked and cooled add a thin layer of white soft strong mint icing/fondant to the top of the cooked biscuit, then when touch dry add a coating of dark bitter chocolate.

Make a couple or three dozen and place in an office kitchen, time how quickly they get eaten.

Experiments have found that once the test subjects are aclimatized to the tast you can increase not just the ginger content but add sweet chilli for more heat. They get eaten even though eyes may water and toungs burn. In fact over a few days the test subjects will need more "heat" to get the same buzz.

I've run the experiment on three different offices, and when the biscuits stop appearing a definate chilling of the environment occurs and people grumble etc, especially on those who got a five-a-day or more habit...

I've been tempted to seek out a grant for further testing, but I've been told that it would be unethical (no testing without test subject consent which kind of warns them thus changes the real behaviours).

[1] By "biscuit" I mean it in the British sense of what is sometimes called "cookies" in other parts of the world, and not the mix used to make what in the US are called "biscuits" eaten with gravy or other sauce as part of a meal. In England it's called "scone mix" which can be either sweet or savoury as in fruit scones or cheese scones etc.

[2] The sort sold under the brand name "Hob Nobs" in the UK.

Clive RobinsonJanuary 29, 2020 7:51 AM

@ Thoth,

While we are trying very hard to fight the Wuhan virus in Singapore, our dear government have been happily issuing censorship directives to shutdown spread of what they deem as fake news

Whilst there is some I could say on the first, it being "bat 5h1t crazy eating habits or US germwarfare being the two alledged sources. The second there is little I can say, but much I can assume. That is much of what I've had cause to listen to from the Singapore Gov has for as long as I can remember sounded as though it was "brittle plastic" that was desperatly and repeatedly wiped down to prevent staining. Renaming it does not change or stop that almost OCD like behaviour by them.

As for the attempts to impose their will extrajudicialy on another nation "How American of them"... It is a disease of the mind that appears as though it is spreading. Just remember the UK under RIPA from last century claims the right to do what it wants to your computers simply because they are in some way connected to a network connected in some way to the UK... A kind of "If the can reach it, they can breach it" dictate. As for one of your nearer Five-Eyes nations Aus, even they don't know what they think they can do in the name of "National Security" or political whim, which ever is the more farcical.

All nations appear to think these days they have an absolute right to spy on others and their LEO's on their citizens with no let or hindrance or because the poor luvies don't understand it any technical impediment of any form. Yet scream "blue bl@@dy murder" if another country spys on them or their "important" citizens be they legal or natural. It's just another form of madness much like taking the King down to the sea at low water and expecting him to stop the tide come in. The only way the king or any other mortal being can stop the tide is with strong technical measures not silly mind games and faux affront.

With regards,

Maybe an improved censorship resistant and strongly psuedo-nonymous network for file and data replication could be highly useful.

It would, and any one who did a rational analysis would realise that even for deeply paranoid tyrants the benifits of such systems outweigh by a very large margin the corner case arguments used against it.

As I pointed out the other week about the "think of the children" mantra the problem of child explotation is not technical but social. If you don't solve the issue by social means you are stuck with the exploitation. Because the exploiters care not a jot about the technology they use as long as it confers on them some advantage. Thus if you outlaw a technology they will either continue to use it in secret or move to a different technology. That is not a war that can be won by legislating against technology.

All legislating against technology does is harm everyone else including the nations economy. History tells us very clearly that by and large most people care not a jot who runs the country or how, what interests them is being comfortable. Thus the successful tyrants, despots and dictators all had one thing in common they made their citizens feel comfortable. The only way that can be done for more than a few years is with a thriving economy, thus it's in a tyrant, despot or dictators best interests to use all the technical measures they can to protect the economy and thus ensure people are comfortable. But there is a secondary effect for those in charge, it's difficult to forment a revoloution in the general population if the shops have things people want to buy and they have the money in their pockets to buy it. A society may be oppressed in many ways due to the loss of many freedoms and rights, but if the general population does not feel oppressed it cares not.

It's a point a few western and other first world "democracies" should realy pick up on.

Which brings us onto,

[T]he use of the Inter-Planetary Filesystem (IPFS) as the base for data replication and redundancy and on top of it build a Fleet Broadcast communication protocol with file exchange protocols for pseudo-nonymous exchange of files and file replication

I've been somewhat remiss in my reading recently for various reasons beyond my concious control. IPFS is one of those things I need to get solidly in my "head space". But I also need to finish work on the anonymous rendezvous protocol that makes P2P communications systems effectively anonymous. I also need to do a literature review on the current state of mix nets, likewise traffic analysis techniques :-(

Instead of "relaxing" as the Dr keeps ordering I appear to be instead watching a tidal wave of work build up =(

MarkHJanuary 29, 2020 9:31 AM

.
2019-nCoV

The number of reported cases in China is growing very rapidly. [Note well that the rate of reporting doesn't necessarily track the rate of infection.] It is very likely that there are many more infected people who will get sick but haven't yet, and others who are sick but not presently diagnosed.

China is a wonderfully abundant source of depressing news, and a depressing headline from today is that something like 3,000,000 people left Wuhan in the weeks before the quarantine was put in place ...

• Characterizing an outbreak takes time, and this outbreak may be contained before the parameters are well known. Based on present knowledge, it seems likely that spread and containment will be roughly comparable to the SARS (another coronavirus) outbreak which peaked in 2003.

SARS is estimated to have killed less than 1000 people during that outbreak, and sickened about 8000. 2019-nCoV is likely to sicken a much larger number of people, but if its mortality rate matches present estimates, then the total deaths might still be less than two thousand.

For perspective, each year the contemporary flu strains sicken about one billion people, and kill about half a million.

Many colds are caused by varieties of coronavirus. Usual precautions -- washing hands, and face masks for those coughing (or in the presence of coughing people who aren't wearing face masks) -- are expected to be substantially reduce transmission.

• Some foreign airlines are stopping or reducing China flights, based on various mixes of safety concerns and response to reduced passenger volume.

The most comprehensive travel-related reaction so far is from Kazakhstan, whose land border with China is about 1500 km in length. Bus travel across the frontier has already been stopped; in coming days passenger rail traffic and air flights will also be suspended.

• A special worry are the interment camps in northwestern China. It's hard to get any clear information: China says the camps have all been emptied; human rights analysts estimate that hundreds of thousands (at least) are still imprisoned in perhaps 1000+ camps.

One can only imagine the miserable conditions of those prisoners.

If the disease outbreak were to reach one or more of them, the total deaths might increase by a hundreds of percent.

Clive RobinsonJanuary 29, 2020 11:40 AM

@ Zaphod, All,

Over to you Clive (and best wishes).

I certainly need those wishes ;-)

As for 5G, Huawei and Britain apparently ignoring US Executive wishes. It's not ignoring threats from either the US or China as the press appear to be stiring it up as Brexit enters it's final days.

Security wise it's about rationaly managing risk in a global environment. A message that every one should realy get their heads around instead of pandering to the journalistic imagining of two mops of US born blond quiff hair fighting it out like a couple of rutting stags.

As I keep pointing out the US position is what somebody has christened iFUD, or "there be big scary monsters under the bed" rhetoric. With one heck of a thick layer of unreasoned political invective on the top.

As far as security risk is concerned it matters not who you get your 5G equipment from they are all more or less the same security risk at the end of the day. An important point that gets lost in the testosterone imaginings of journalists.

Part of the real reason for this is the very limited supply of chips. It's almost exactly the same as the PC world, where certain chips like the CPU, audio and RF chips are very limited in choices. To be blunt the cost of setting up a new Fab in the latest technology is more than many nations GDP thus the number of Fabs is realy quite small. The only profit and it's a slim one is in volume production with nearly all the value added income being set aside to build the next generation of Fab. Even a very small change in volume production will kill a Fab's profit and ability to build the next Fab which makes chip production eye wateringly high risk, high capital low profit ventures. So there are darn few Fabs capable of making 5G chip sets.

Thus the base of a low level attack is going to be almost the same regardless of who your 5G equipment supplyer is because deep down it's the same silicon they are using. Pretending otherwise is a pure nonsense, understanding this tells you why the US Executive posturing about Huawei is a nonsense. Huawei are not realy in any way worse than all the US 5G suppliers, EU 5G suppliers etc etc. Everything the US executive is saying is "blowing smoke", the only real reason is why. The kindest of the simple explanations is technology wise the US has under invested in R&D and has "dropped the ball" thus are trying to kill 5G in the hopes of capturing more control in 6G...

However the US Executive has for what ever reason killed one Chinese technology provider ZTE and they think they can do the same to Huawei, this in not realy in doubt. So look at it the other way. If China killed off say Jupiter then started going after CISCO what do you think the US Government would say and do? Then ask yourself why you would expect the Chinese Government to be more restrained?

Because of US under investment and outsourcing the US has "killed their R&D golden goose" through the nonsense of "Free market" ultra short term thinking. Other nations that have encoraged more long term thinking over short term shareholder gaib now have more and better IP. IP that is now biting hard at the traditional US large technology Corp defensive mechanisum of half baked IP portfolios to bludgen small start ups with and keep them out of the market place. Thus the formally closed encumbrant telco market has been hit rather hard and opened up, this has upset quite a few cosy arrangements between the encumbrants and US Exeutive and their entities.

Thus the question arises as to what part of the arrangements were between US Gov entities and the market encumbrants to maintain their effective cartel. The ability to assist the NSA we know something about, it would thus be safe to assume it was more extensive than that. We further know that the NSA backdoor US telecoms equipment supplied to other countries including some European ones. The Chinese government caught them at it and banned the equipment, not entirely but from key areas.

Yes remember that, US telcos can bid to supply equipment in the Chinese markets, only certain parts of critical infrastructure of National Security interest are with held from them. There are other rules, but it's not anything other US Corps don't do already anyway.

But think back to how the NSA were able to get into the US to China supply chain and poison it. How do the NSA TAO and other parts know how to target specific areas and how? Could it be that cosy arrangment being used? In all honesty probably they have either insiders or insider liason puting in the hooks etc in the designs.

Do US or EU corps alow the UK to have oversite of the design and manufacture processes? No but Huawei do... That alone should tell you a very great deal.

In effect Huawei are alowing themselves to be inspected almost under a microscope, whilst US and other corps do not. Why might be a good question, perhaps because of it Huawei have to adhere to higher quality standards than the rest of the industry. Most industry insiders who have been around the block one or two times know that the standards level in most Telco equipment manufacturers is fairly abysmal even laughable and a compleate mess.

Thus the chances of there not being usable vulnerabilities in those Telcos equipment and software is not at all high. In fact the likely hood is there are lots of not just vulnerabilities but exploitable ones in all the 5G supplyer kit, just less in Huawei kit because it's been through a more extensive set of validation tests.

Thus the UK government has a stark choice use less validated hardware and software, that almost certainly has vulnerabilities that are already known and exploited by a foreign nations SigInt agency. Or use Huawei kit that atlest you know has been more extensivily validated by your own security services...

Thus the best solution is "mitigate all of it" which means treating all equipment and services supplied as dubious at best. Thus put in place communications equipment mitigations proceadures, which at the moment the UK gov appears to have done.

But apparently that's not good enough for "Mad" Mike Pompeo of the US state deptment, who not only consorts with but takes money off of known criminal's. Apparently he is going to come over and bash his bible or what ever else come to hand in his quest to do his masters biding...

lurkerJanuary 29, 2020 12:56 PM

@MarkH,All,
The mayor of Wuhan is now reported as claiming he wanted to quarantine earlier, but Beijing wouldn't let him. Bear in mind that Wuhan is an almost impossible city to quarantine, even with tanks in the streets. In 192? the entire Chinese Communist Party escaped the clutches of Chiang Kaishek's stormtroopers who had a much smaller Wuhan in "lockdown".

Their experience with the various avian flu, and with ebola, gives me confidence they will very soon have effective treament and/or vaccine. Until then there will be losses.

SpaceLifeFormJanuary 29, 2020 1:03 PM

@ Clive

IPFS has too many dependencies that I do not trust, so I eliminated IPFS from consideration well back.

Think NNTP, E(S(E(S(payload)))).

Keys securely exchanged between Alice and Bob.

If Cloudflare has an IPFS gateway, to me that is a hint.

MarkHJanuary 29, 2020 3:32 PM

@SpaceLifeForm, who wrote:

Shut down all international flight

You might be interested in this article on Vox, which argues that the history of travel restrictions to prevent the spread of disease shows that:

A. they impose a variety of heavy costs, and

B. they're ineffective.

I don't know whether their analysis is sufficiently thorough, but they cite scientific studies which assessed previous travel bans as functioning very poorly.

For example, if you remember the H1N1 swine flu outbreak -- famous for deaths of small children -- an analysis concluded that the net effect of sweeping air travel restrictions was to delay the arrival of the virus to other countries by less than 72 hours.

As a boy scientist, I'm always alert to the possibility that what I imagine to be "common sense" consequences may be incorrect.

In theory, theory and practice are the same.

In practice, they're different.

SpaceLifeFormJanuary 29, 2020 4:09 PM

@ MarkH, all

hxxps://abcnews.go.com/US/us-chartering-evacuation-flight-wuhan-coronavirus-zone-california/story?id=68571310

"The U.S. government's chartered flight evacuating American consulate staffers and private U.S. citizens from the coronavirus epicenter of Wuhan, China, has been rerouted from its original California destination to a nearby military base."

hxxps://www.businessinsider.com/airlines-canceling-changing-flights-to-china-amid-coronavirus-fears-2020-1

"16 airlines have canceled flights to China amid coronavirus fears so far"

SpaceLifeFormJanuary 29, 2020 5:13 PM

@ MarkH

The VOX article is pure absolute junk.

It is Lies, Damned Lies, and Statistics.

I can use the exact points in the article to argue the exact opposite of what the article originally drives, which is to do nothing.

Yet, if you read the entire article until the end, it concludes with:

"The longer this virus spreads, the more people get the disease there, and the greater chance it has of spreading throughout Asia and the world."

Sorry, but, I rest my case.

SpaceLifeFormJanuary 29, 2020 5:54 PM

@ Wesley Parish

Thanks for the link.

I prefer C as much as possible, and want to keep the ASM code as minimal as possible.

The main point of ROMCC is that it does not need any cache (L1, L2, etc) on mobo to be functioning for it's purpose.

There are other non-PDF links also.

SpaceLifeFormJanuary 29, 2020 6:09 PM

@ macroWave computer

Like I noted earlier, do not assume a single patch for win7 on 2020-01-11.

Watch for more on 2020-03-10.

SpaceLifeFormJanuary 29, 2020 6:31 PM

Sorry, typo: s/-01/-02/

Like I noted earlier, do not assume a single patch for win7 on 2020-02-11.


There will be many. Not just the black-screen issue.

Clive RobinsonJanuary 29, 2020 8:45 PM

@ MarkH, SpaceLifeForm,

Traval bans do not work for a number of reasons,

1, There is always a route out of a locked down area, ALWAYS.

2, There is always a route into a protected disease free area ALWAYS.

3, There are always intermediary routes between any given two places on earth ALWAYS.

The "ALWAYS" is because of human greed, no mater what the danger or it's risk there is always someone who will have enough value be it money, or other items, and there is always someone with an open hand to supply the required service.

We know from documentation with the Black Death that this was true. But also rumours could be capitalized on, one such was that syphilis would stop you catching the plague[1]. Almost over night the price of a "consort of the hour" went up many times.

But there are other issues.

Most have heard of "Typhoid Mary" who carried the disease without sucumbing to it, thus became a disease vector. Well not everyone sucumbs to any given disease, some have a natural immunity or have only negligable symptoms.

We know this with out being medically or scientifically trained because of both flu and colds which come around every year. Some years you either don't catch it or have it very mildly, others you are genuinely laid low for three to five days with feavers etc, then two weaks or six months recovering (more than six months and you are in "Yuppie flu" territory). It is this difference in how people react differently to a disease that gave rise to the notion of "Man flu".

There is also the question of incubation time. That is thevtime between you becoming infected and showing noticable symptoms. A very rough rule of thumb is a day or two for bacterial infections and two to five days for viral infections. But for various reasons the times can be longer, even though you've become a disease vector before you notice the symptoms.

Thus with "screening quarantine" which is what was tried with both SARS abd Ebola it's possible for the disease to walk right by any tests or questionairs with a smile on it's face only for the person to become symptomatic a day or two later. By which time they have almost certainly infected others.

It's why as I noted when replying to @vas pup that quarantine is actually not to stop the spread of the disease but to slow the spread down. Thus buying time to find effective treatments and hopefully reduce the load on generally scarce medical resources.

But just to get the point about greed of people trafficking home. Desperate people do desperate things, you only have to look at "boat people" to realise this, or what those in Sangatte camps in France[2] did vertually every night. They could have settled in France or Germany, but they had set their minds on Britain and would in some cases kill themselves trying to get there. They only way you can stop such people once they have crossed a tipping point is by the use of armed force which can quickly become deadly.

Whilst economic deprevation and war are oftem the cause of illegal migrants and refuges, disease is just as bad. It's why some people have sugested quite seriously (see neo-con thinking in the late 1990's) that biowarfare used not against your chosen target country but another country that will cause refuges to flood the chosen country is more cost effective than war. Because nobody worries to much when you kill invading soldiers that's "self defence" but shooting desperate women with children that are refugees is a horrific crime against humanity...

It's been pointed out frequently in Continental Europe, that US behaviours in the Middle East are deliberately designed to flood Europe with refugees, thus destabilize the European Economy. Others are now pointing the finger at the US over African Swine Feaver[3] that is decimating food production in the Far East[4].

[1] Whilst the rumour was false a lot of money did change hands... This was not the only time syphilis and another disease have been suspected of mutual exclusion. Untill penicillin syphilis was considered 100% fatal in a very protracted and nasty way due to neuropathy (nerve death in the case of syphilis this included the central nervous system). Whilst some heavy metal poisons such as mercury showed some positive signs against syphilis, later observations suggested another dangerous disease malaria (marsh ague) and syphilis were mutually exclusive. The important difference being malaria could be controled effectively with quinine... So yes those with tertiary syphilis in insane institutions were deliberately given malaria,

http://whitecoatunderground.scientopia.org/2010/09/14/syphilis-malaria-and-other-oddities/

[2] https://www.theguardian.com/uk/2002/may/23/immigration.immigrationandpublicservices1

[3] https://www.fxstreet.com/analysis/the-mystery-of-the-african-swine-fever-in-china-and-asia-201908260134

[4] https://www.theguardian.com/world/2019/oct/13/african-swine-fever-the-deadly-virus-at-australias-doorstep

ZaphodJanuary 29, 2020 11:22 PM

@Clive. Thank you for your extensive comments re. Huawei. Really appreciate the time you spend here. Invaluable.

Zaphod

MarkHJanuary 30, 2020 12:55 AM

@Clive, SpaceLifeForm:

The only reason I've written so much here about a matter that's nominally off-topic, is that the parallels to certain security problems are compelling.

In 2001 the U.S. (and other states) made legal and policy decisions to diminish personal liberties in the hope or belief that doing so would enhance safety.

This kind of maneuver suggests two deep policy questions:

1. The premise is that liberty MUST be damaged, in order to ensure safety. But is that true?

2. To the extent that liberty and safety are in actual (rather than imagined) tension, what is the best balance?
__________________________________

The first thing to do when the bogey men come, is to keep calm and apply rational thinking.

In the U.S., in an average week, approximately

• 60 people die from coal-burning power plant air pollution1
• 100 people die from food-borne illness
• 800 people die from tobacco use by others (second-hand smoke)
• 1000 people die from flu
• 5000 people die from errors made by medical professionals

I could go on, but you get the idea. On the basis of present data, the most likely range of eventual U.S. deaths from 2019-nCoV is perhaps between 0 and 100; a death toll greater than 1000 seems quite unlikely.

What costs are appropriate in response to a hazard of such magnitude, including economic and social costs?

To what extent should individual liberty be entailed, in order to prevent some (but certainly not all) of these potential casualties?
__________________________________

Some of us in this commentariat (and Bruce himself), who pay a lot of attention to security risks, also worry about government actions which might or might not improve safety, but with certainty are corrosive to liberty.

From the perspective of safeguarding liberty, I suggest that a legitimate policy process must place the burden on those advocating travel bans: show us that they've been significantly effective.

1 That was the lowest estimate I found for coal pollution deaths; some exceed 1000 per week.

MarkHJanuary 30, 2020 6:13 AM

Correction:

Wuhan's mayor is reported to have said that five million left the city before the quarantine, not three million as I wrote above.

Clive RobinsonJanuary 30, 2020 7:35 AM

@ MarkH,

The only reason I've written so much here about a matter that's nominally off-topic, is that the parallels to certain security problems are compelling.

In rather more ways than many readers hea suspect, most security problems happen due to people not noticing or disregarding information in the form of observations (the first step of the scientific process).

To see why the first thing to note is that currently we all die of something, and often what it is, is not recorded acurately (Death by old age is not exactly a valid diagnosis to put on a death certificate, but it also alows all sorts of corner cases such as the UK's Dr Harold Shipman to remain hidden, or Nurse Beverly Allit[2]).

Thus the "expected event" and "failed audit" alow many things in security to happen and one of the reasons APT happens.

As you note, with the coal death figures, attributing a death to a specific, is difficult and the civil legal system makes it even harder.

Which is another issue with security and why you find few attempts by people who have suffered identity theft to gain compensation from those who have collected and then by negligence lost the persons data giving rise to the persons details being used by criminals.

But whilst those are valid security concern because it invalidates or weakens auditing and breaks various other security mechanisms, it's other security concerns we are talking about.

You ask two very valid questions the first of which is,

The premise is that liberty MUST be damaged, in order to ensure safety. But is that true?

No, history tells us it's never realy true.

The short answer is because of adaptability and loss of freadom to respond to changing attack techniques.

In more depth it's a problem created by our hind brain.

We have automatic responses to some threat triggers built in via the hind brain, a sudden noise causes us to turn our heads and eyes in that direction, as does movment. Unless you train it out or are expecting the trigger you respond and these days it's far mote likely to be to your disadvantage than advantage.

We have it because back when we lived on the ground effectively as prey to apex preditors shortening response time increased your chance of survival to become a parent and raise the next generation. Firstly by running up trees but later as we developed weapons by turning into the attack and killing the preditor. The result was man displaced the apex preditor which was not as adaptable thus it's only defence was to keep clear of humans. And only when they could not fight desperatly (hence the "cornered animal" sayings).

But running up a tree or hiding in a cave pins you down and limits your degrees of freedom, because you are in effect running into a trap. Which whilst it might protect from a very limited number of attacks where the attacker then loses interest and wanders off. It won't protect you from the likes of fire or an adaptable attacker, who can then use smoke or fire at their leisure to drive you to them or just kill you.

But because you have this run to a tree or cave built into your subconcious it can also be made to work against you. Humans are very adaptable killers and will use any weakness to their advantage once they find the weakness. So as an individual your movments when not hunting are predictable in that either you are carrying out an identifiable task or you are moving and thus stay close to trees and caves or other places of safety. That is a weakness that alows an attacker to predict what you will do thus they can pick a place that is better for them and will in effect lead you to them and the tree or cave they can use to your disadvantage. Hence the notion of ambush which is the supprise and your hind brain making you run into a trap which is often called a "killing ground".

This hind brain problem is such that even criminals and entertainers use it all the time. Stage magicians call it misdirection pick pockets and con men give it other names but the principle is the same. Muggers and street criminals and serial attackers/killers likewise use it. Oh and the various legal proffessions use their own variations.

Remember an attacker will almost always select your weaknesses to their advantage and "pinning you down" is a very standard millitary tactic to gain significant advantage over much greater numbers. It's why people get told "keep to the high ground, but off the ridges" as a standard tactic for small tactical groups. Likewise "use the ground for cover, not fixed small objects". The Viet cong used to put booby traps or what we now call IED's in places where you might stupidly run to for cover. The IRA used a little bomb to cause people to go to a meeting "safe point" where they had placed a much larger car bomb. These are warning signs about how dangerous "hind brain response" is

But the same is true of "hard points" or earthworks and castles, you might be able to keep a much superior force out, but they can bottle you up and wait you out at their leisure as they starve you into submission.

Hard point limitations have been refined and flipped into prisons which are a long term form of trap used as a method of controling large numbers of prisoners with small numbers of guards.

So hopefully at this point you can see that the loss of freedom or liberty to what ever degree is in effect a prison used to control you in some way.

Thus the real answer to your question is the "safety" argument is a false one no fixed measure will protect you from an adaptable attacker, in fact it will harm you by putting you either at risk or under someone elses control. Thus you should now see that it is being deliberatly used to curtail peoples freedoms and liberty for the purposes of control.

In short it is thus just another "think of the children tactic" used by those in power to gain more power at your expense.

Which brings us to your second question,

To the extent that liberty and safety are in actual (rather than imagined) tension, what is the best balance?

They are in no way in tension, the more liberty you have the greater your degrees of freedom, thus the range of actions you can take.

The real tension is between individual liberty and society.

There are advantages in groups as a rough rule they are a form of "force multiplier" when they move in a "common direction". I could go on at length about why but it's not realy relevant, even the lowest of what we call animal species do it so even nature recognises it's advantages.

The important thing to note is "common direction" this realy only happens when there is some kind of control mechanism. This can be external such as an attacker or internal such as a leader.

Implicit in any group is that there are winners and loosers, but usually even those who lose some freedom of choice gain advantages that outweigh the losses. Even loosing big such as your life, might be an easy trade if it ensures your children or the rest of the group survive.

But that trade is non equitable in a "bounded" or "closed" group. That is it's at best a zero sum game, your advantage is gained by one or more other individuals loss. But what about "entropy" well it means that all groups eventually become bounded, and move through the zero sum point to one where there are more loosers than winners and resources become insufficient to meet the groups needs. In effect the group has no choice but to shrink to stay within the diminishing resource bounds.

The results of this are never nice and they involve exceptionaly wastefull power struggles that hasten the end, whilst becoming increasingly unpleasant.

In society we use terms like "triage" where one or more individuals decide the fate of others by their set of criteria. The fundemental observation is that those deciding usually find reasons to exclude themselves from the potential pool of loosers.

It is a situation that has been building up since the end of WWII on a global scale. We are now a "resource limited" world where a very few have grabed control of the resources and now have to waste them in vast amounts to ensure they remain in control.

That is the real tension the individual liberties of a very very few versus the collective liberties of the vast majority.

History teaches us two things,

1, It's unstable.
2, When it topples it is usually extreamly wastefull in all ways.

Which brings me to your observation of,

Some of us in this commentariat (and Bruce himself), who pay a lot of attention to security risks, also worry about government actions which might or might not improve safety, but with certainty are corrosive to liberty.

From what I've noted above you will see that it's not realy possible to "improve safety" against an adaptable enemy. That should be obvious from the fact society still has crime not just traditional crime that is legislated against, but new crime that has yet to have legislation written for it.

As we are now more clearly seeing that "time window" can be abused in many ways and is realy the new battle ground of the few against the many and as I noted yesterday the price to gain that control now exceeds what is spent on what is seen as national defence...

That alone via simple economics should tell you just how highly prized control over the masses by the very very few is desired.

Thus it's safe to say that nearly all legislation passed these days is highly corrosive, no matter what politicians may promise. In power they almost always find ways to vote for the few over the many thus increasing tension.

How to change this is a legitimate security question, but on this blog, that can only be in the abstact with some normalized specifics, otherwise as has been seen the tensions surface almost uncontrollably here.

I've mentioned a couple in the past, but as has been noted the way to stop board children becoming problematic is to give them something to do. This notion gave rise to the ideas that gave us the protestant work ethic as a method of societal control. Whst we need is the same for legislators...

It's why I've suggested in the past that all laws have a "Sunset clause" and I do mean all laws including those of murder etc. If the period was say between five and six years not only would it keep legislators busy, it would alow legislation to die because it's nolonger relevant, seen as unjust or a whole manner of other ills. Whilst it won't stop the few trying to remain in control of the many, it will steadily pull any unjust gains out from under them. Which currently does not happen thus their stratagie is to win on the "salami slicing" principle they keep putting their controling policies forwards as there is no penalty to doing so and any gain no matter how small is "money in the bank" for them. Thus time is on the side of the controling minority not the majority.

[1] https://en.m.wikipedia.org/wiki/Harold_Shipman

[2] https://www.mirror.co.uk/news/uk-news/survivor-killer-nurse-beverley-allitt-7724979

JG4January 30, 2020 11:17 AM

@Clive - That is an impressive tome even by your standards and I generally agree. There is some relatively minor logical flaw in the liberty/security comment, but I like your starting point. As a former rabid libertarian of the cold dead hands tribe, I was slow to warm up to the idea of a right to not be shot. When I did, I became a milquetoast libertarian.

Allowing idiots, psychotics, criminals and psychopaths easy access to weapons produces freedom of action that is difficult to counter economically. Now that I am a compassionate fatalist, I'd like to see a safer planet. That necessarily includes managing the earth-crossing objects, as well as the nuclear weapons.

We are going to have to start managing the idiots, psychotics, criminals and psychopaths better than we have thus far, especially the ones who work for governments. I'd start by brain-scanning anyone in elected office, from the president down, then everyone who carries a gun or is involved with weapons systems.

https://www.nakedcapitalism.com/2020/01/links-1-30-2020.html
...

Big Brother Is Watching You Watch

The Rise of the Video Surveillance Industrial Complex The Intercept

Ring Doorbell App Packed with Third-Party Trackers EFF. Because of course it is.

New York Times Journalist Targeted by Saudi-linked Pegasus Spyware Operator Citizen Lab
...

SpaceLifeFormJanuary 30, 2020 1:19 PM

@ Clive

But what about "entropy" well it means that all groups eventually become bounded, and move through the zero sum point to one where there are more loosers than winners and resources become insufficient to meet the groups needs. In effect the group has no choice but to shrink to stay within the diminishing resource bounds.

---

Homo Sapiens reached that tipping point decades ago.

Population growth finally slowing.

The one percenters think they are immune.

THey are not. They will die too.

If^W When it gets so bad, and spaceships show up to 'rescue' the populace, if you are still around, do not board.

You will die no matter your decision.

Homo Sapiens is the only bipedal species that can be convinced to board a spaceship.

vas pupJanuary 30, 2020 3:56 PM

@JG4:
"Allowing idiots, psychotics, criminals and psychopaths easy access to weapons produces freedom of action that is difficult to counter economically. Now that I am a compassionate fatalist, I'd like to see a safer planet. That necessarily includes managing the earth-crossing objects, as well as the nuclear weapons.

We are going to have to start managing the idiots, psychotics, criminals and psychopaths better than we have thus far, especially the ones who work for governments. I'd start by brain-scanning anyone in elected office, from the president down, then everyone who carries a gun or is involved with weapons systems."

Wow! Very good and reasonable point in paragraph 2 above in particular. The most important is to understand that currently we just do not have objective and valid criteria to distinguish those you've stated above. I am just afraid without such criteria we could follow the path of weaponizing psychiatry as former Soviet Union and Eastern Germany did to fight dissidents.

vas pupJanuary 30, 2020 4:03 PM

Artificial intelligence-created medicine to be used on humans for first time:

https://www.bbc.com/news/technology-51315462

"A drug molecule "invented" by artificial intelligence (AI) will be used in human trials in a world first for machine learning in medicine.

It was created by British start-up Exscientia and Japanese pharmaceutical firm Sumitomo Dainippon Pharma.

The drug will be used to treat patients who have obsessive-compulsive disorder (OCD).

Typically, drug development takes about five years to get to trial, but the AI drug took just 12 months.

Exscienta chief executive Prof Andrew Hopkins described it as a "key milestone in drug discovery".

!!!!!The molecule - known as DSP-1181 - was created by using algorithms that sifted through potential compounds, checking them against a huge database of parameters.

"There are billions of decisions needed to find the right molecules and it is a huge decision to precisely engineer a drug," said Prof Hopkins.

===>"But the beauty of the algorithm is that they are agnostic, so can be applied to any disease," he added.

The firm is already working on potential drugs for the treatment of cancer and cardiovascular disease and hopes to have another molecule ready for clinical trials by the end of the year."

My take: same algorithm could used for evil as well, e.g. chemical weapon. Technology is neutral, but application is not.

SpaceLifeFormJanuary 30, 2020 5:07 PM

@ MarkH, Clive, lurker

WHO has bought a vowel.

CDC has not yet.

No surprise about this disconnect.

SpaceLifeFormJanuary 30, 2020 5:37 PM

@ MarkH, Clive, lurker

hXXps://www.cnbc.com/2020/01/30/who-declares-china-coronavirus-a-global-health-emergency.html

"WHO doesn’t enact global health emergencies lightly. The international health agency has only applied the emergency designation five times since the rules were implemented in the mid-2000s."

Clive RobinsonJanuary 31, 2020 3:22 AM

@ SpaceLifeForm,

WHO has bought a vowel.

I was not surprised when I heard the "Ohh ...." stress in the voice of the radio news reader yesterday.

And not long after somebody showed me,

https://m.youtube.com/watch?v=aXlm2fdQSoo

Not so much for the voice over but the interactive map showing all the aircraft comming out of China.

First off most countries in the Far East from India eastwards now have reported cases. The reason is in part spring festival / Chinese New Year travel and I suspect infected people trying to get out whilst they can, thinking they are not infected or trying to get to where they think healthcare will be the best they can get should the betacoronavirus become a pandemic which means that North West Europe (think Germany France, the UK and Nordics area) are going to be destinations of choice for those being "health care immigrants".

Thus the travel ban on "china" is nolonger enough basically anyone traveling from East of the Middle East should be considered an at risk person.

But the news gets worse... apparently China has 10 year old "super carrier" or "Typhoid Mary" who infected the rest of their family and others whilst remaining asymptomatic. Which although expected is realy bad news, especially if such a person were a twenty something singleton traveling in hops on their way back to the EU or North America from south east Asia on a "gap year" holiday they could easily have infection contact with a couple of thousand people in five or six tourist destination places if traveling by plane, and one heck of a lot more by coach or train.

But even if not an asymptomatic carrier the infection to symptomatic is fairly long at the assumed eight day average but infection to infectious is around six days which again is expected but more bad news.

Of the more than eight thousand recorded cases so far the number that have recovered and the number that have died is about the same at around two hundred...

Which means that the known death rate and survival rate are around
below 2% currently... Which in reality means we have no clue what the real death rate is yet.

The first recognised as new and reported case was 7 Jan so the start was probably mid Dec. The disease spread modeling by researchers at Imperial College London (ICL) estimated that Wuhan had at least 4,000 infected people by 18 Jan. But... because that was a week before they sorted out the quarantine lockdown many many people would have left Wuhan. Thus more recent figures from the ICL statistical spread model gives China national figure of upwards of 40,000 infected people by now, and potentially over 100,000...

In Italy a cruise ship with 8000 people on board is in hard quarantine because a Chinese couple have become sick... Which is vaguely reminisant of the first pandemic of the 20th century back in 1917 which was spread world wide by ships, and went on for over three years...


The only thing we can conclude from all of this is,

We don't know enough yet, however it appears to have a slow incubation rate after infection with large asymptomatic infection window. Further the symptomatic period appears to be atleast three weeks so as far as we currently know a 30day period. So if people are "stocking up" the "two weeks" of supplies is insufficient...

For the likely quarantine period, you could be looking at two to three months to ensure an area has "burned out". Which is quite problematical to put it mildly. You will need for 80-90days around three hundred pounds of canned food and four hundred pounds of water per person[1] call it a third of a ton per person[2] Which at well over a ton for a family of four is a major if not impossible logistical problem.

In effect for quarantine to work in any urban area it's going to require major logistical support from government agencies and entities. Supprising to many is that the information on this type of operation is classifed at secret and above in quite a few places. From which you can draw your own conclusions.

[1] This assumes at some point early on the power grid will go down due to insufficient personnel being available to keep it up everywhere. Thus gas for cooking and water for drinking will not be available "through the wall", so the usual prepper dry goods staples of beans, corn and noddles, bacon and jerky will not be usable by the average person as cooking in doors with camping gas type cookers is decidedly dangerous when you've sealed up to reduce potential for air bourn transmission of the disease.

[2] Weight is a major consideration in modern houses you can not just put a ton of stuff in a room without taking load spreading precautions. But... the figures above are only for food and water not "sanitation" if you want to wash rather than a light sponge down or wipe down with "baby wipes" add a gallon per person per day using a garden pump up spray. Also for one use of the toilet per person per day add two gallons... There are ways you can reduce this, from WWII and later conflicts comes info such as, seperate pee and poo[3] and collect all pee to use for a bucket flush and then a plunger to reduce the residual pee to add a pint of water (and bleach as well these days). Worse is "bucket latrines" where you just dump a full bucket into a holding tank or pit... Which makes modern "Humanure" techniques sound oh so much better not...

[3] Seperating pee and poo is a way to reduce smell and flys and importantly reduce infection paths. In the military for small short term posts in the field slit / stradle latrines are used. Basically you have seperate well spaced pits or slits for each, with the slits being about a foot across and atleast two foot deep in ground above the water table with a minimum of three feet between slits. Thus the urine "soaks away" and the feces drys in the added top soil fairly quickly and is less likely to be dug up by vermin etc. For a longer term, larger or mixed detachment the rules are a bit more complicated and vary with terrain you can read the US Army Medical field guide on preventative medicine to find out the basics,

http://armymedical.tpub.com/MD0008/Field-Waste-Disposal-Introduction-to-Military-Preventive-Medicine-110.htm

Oh for "hand washing" you need to use hard soap with about half a cup of water and remove all visable dirt including under the nails, and only then use an alcohol sanitising gel. If you don't have one you can boil vinegar (acid alcohol) and thicken with corn starch or flour that has first been lightly browned in vegtable oil, about 1/2 ounce of flour to the same weight of oil, for each pint of vinegar. When cool put in the corner of a plastic food bag and seal it. When you need to start using it just cut the very tip off of the corner a simple elbow press can be made to press on the bag so people dont touch it.

MarkHJanuary 31, 2020 3:31 AM

@SpaceLifeForm et al.

As far as I can tell, WHO has declared only four global health emergencies. Their actual terminology is "Public Health Emergency of International Concern," of which there have been five; one is classified as regional (affecting the Democratic Republic of Congo and its neighbors).

Here's a review of the four previous global PHEICs, and their effects in the U.S.:

2009, H1N1 Flu

This caused many deaths, but the total flu mortality compared to nearby years was within the range of statistical variability. In other words, the excess mortality is impractical to measure, in comparison to flu seasons in which H1N1 was not a prevalent strain. It's conceivable that the upper bound for H1N1 excess mortality could be several thousand. The lower bound might be zero. But it's really an unanswerable question.

U.S. flu death rates have shown a significant downward trend since the middle of the 20th century, and the H1N1 outbreak did not visibly alter that trend.

2014, Polio

No person has contracted polio in the U.S. since 1979.

2014, Ebola

Two cases were contracted in the U.S., with both victims recovering. Two persons who contracted Ebola in Africa died after traveling to the U.S.

2016, Zika

Thousands were sick with Zika ... but as far as I am aware, all of the Zika cases -- or at least, all but a very small number -- were contracted outside the U.S. in countries where mosquitoes are carrying this virus. A few cases might have resulted from subsequent person-to-person transmission.

Probably between 60 and 100 infants were born in the U.S. with brain defects. A comparable (or greater) number of mothers might have had their pregnancies terminated after diagnosis with Zika.
___________________________________________

Clive wrote a list of reasons why travel restrictions don't work for pandemics, but he seems to have missed one of the most important: by the time an outbreak can be identified as such, usually it has already made a dramatic geographic spread.

In most cases, then, shutting the barn door will be far too late.

With respect to Zika, little is known about its geographic spread. Presumably it has been like "leap frog," sometimes being carried by people from one region to another, and at others spread among mosquitoes and non-human primate hosts.

By the time Zika was recognized as a cause of severe birth defects (otherwise, it's not a particularly dangerous infection), it was probably far too late to control its geographic spread by travel restrictions.
___________________________________________

I can't eliminate the possibility that 2019-nCoV might turn out to be a lot worse. So far, U.S. cases have skyrocketed from 4 to 5. Exactly one person is known to have contracted the disease in the U.S.

A BBC reporter speaking about the WHO declaration said it was based on worries about the danger of the virus in poor countries with miserably inadequate medical infrastructure.

As with so many infectious diseases, the risk to affluent Western countries is likely minimal.

MarkHJanuary 31, 2020 3:44 AM

.
Champagne in the Kremlin

Today is a banner day!

Within two hours, the United Kingdom will "officially exit" the European Union (though none of the Hard Stuff has yet been resolved).

Very likely, today will also be the day the U.S. Senate declares the President to have a scope of unanswerable power comparable to that of medieval kings (with the vital exception of a fixed term of office).

Putin may not be doing well at home, but his successes abroad will long outlive him.

My condolences to all who may mourn the dismantling of a legacy bequeathed to the West at the cost of generations of toil, rivers of spilled blood, and vast economic treasure.

As Joni Mitchell perspicuously sang, "You don't know what you've got till it's gone."

SpaceLifeFormJanuary 31, 2020 12:37 PM

No nonstop to China for some:

American - Thru 2020-03-28

Delta - Thru 2020-04-30

United? Still 4 per day, but I suspect that will change later today.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.