Friday Squid Blogging: The Pterosaur Ate Squid

New research: "Pterosaurs ate soft-bodied cephalopods (Coleiodea)." News article.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on January 31, 2020 at 3:58 PM • 32 Comments

Comments

Jonathan WilsonJanuary 31, 2020 5:40 PM

Yet another attack on end-to-end encryption:
https://www.theverge.com/2020/1/31/21116788/earn-it-act-section-230-lindsey-graham-draft-bill-encryption

Personally if it comes down to a choice between weaker security for everyone or letting bad guys go free (be they someone who wants to rob the local liquor store and steal a few bucks and a bottle of Jack Daniels, someone who wants to shoot up the local church because the church doesn't believe in the right god, someone who jacks off to photos of 5 year old kids or someone who wants to fly a plane full of people into the side of a building, I will take the strong security over catching the bad guys.

Even more so in the cases where the bad guy is already in jail or dead and they have enough evidence to send them to death row and yet they still insist that they somehow need to get into the the bad guy's devices (when they have zero need to do that in order to successfully win in court on the multiple murder charges they would be able to bring against these kinds of people).

Why should a guy who shoots up a church because that church doesn't believe in the right god be treated any different to a guy who shoots up the same church because the priest slept with his wife? Its still x number of counts of murder and still going to put the guy in the electric chair or in front of the firing squad or killed via whatever method of execution applies in that particular jurisdiction.

GordonJanuary 31, 2020 6:08 PM

Please no posts re Brexit. We know that Gladhemeer is guilty. Congrats anyway, Bongs. Well done!

Clive RobinsonFebruary 1, 2020 3:03 AM

@ Jonathan Wilson,

Why should a guy who shoots up a church because that church doesn't believe in the right god be treated any different to a guy who shoots up the same church because the priest slept with his wife?

The answer if you listen closely to the Government rhetoric is about "18 U.S. Code §371" or,

    Conspiracy to XXX

It does not matter what XXX is if they can claim you were in the same room when the gunman thought / talked about / did smething related to XXX then the can argue that you are guilty of "conspiracy"...

It's not something you can defend against, people say and do things others treat as jokes or letting off steam etc and think no further of it. But admitting to hearing that joke etc makes you a conspiritor.

Even an ambiguous text message to the gunman could (and has) been argued was a coded message to do some step YYY towards XXX.

It's another one of these "lying to Federal Officers" pieces of legislation the difference is conspiracy is worse because its "past tense". That is you can not "not say" what you have said or written in the past, but you do have a choice about lying if you know before you say anything they are federal officers.

The thing you have to remember with prosecutors is it's not what people get convicted for it's the number of convictions they get, or get people to plea deal accept.

A lone loony who is dead at the scene is a waste of time as far as the investigators and prosecuters are concerned there are no "promotion points" as there are no convictions. Thus searching around to find a conspirator or two turns it into a potential "promotion points" situation especially if you can make it a "hot button" crime like "terrorism" or "computer crime" etc.

And before anyone says that investigators and prosecutors don't behave that way, go take a serious look at the way they actually behave.

It's why everybody "near" a crime in someway is on the suspect list untill they can take themselves off. Investigators don't as a rule take you off even if you have a solid alibi, only if they know it can not be challenged. Few of us in our daily lives ever have unchallengable alibis... The thing about "conspiracy to..." is that there is no alibi for it when you think about it.

[1] 18 US Code,§ 371, is the "universal catchall" of conspiracy legislation, there are many others that are specific or have different tariffs. Federal prosecuters effectively have a rubber stamp for §371 as, they tack it on every prosecution they can. The actual legislative text is quite short,

https://www.law.cornell.edu/uscode/text/18/371

Note the lack of definition of what is required to conspire, and what has been accepted in the past is very broad in interpretation.

AlejandroFebruary 1, 2020 4:33 AM

Face masks to fend off Wuhan Flu must be creating havoc with the facial ID system. Some folks in China are cutting off the bottom of a 5 gallon water jug and wearing it like a helmet. Maybe masks and helmets will become a new fashion (and personal privacy/security) statement.

IsSiteStillUpFebruary 1, 2020 7:12 AM

FYI. Comprehensive list of the dangers and defenses for public Wi-Fi networks is at https://Defensivecomputing.info

---

@Michael - are you sure the site is up?

---

When I try the URL as given I get a "This page can’t be displayed". When I try using HTTP instead of HTTPS it redirects to

https://defensivecomputingchecklist.com/ which indeed has a section

https://defensivecomputingchecklist.com/#publicwifi

Obviously I can't vouch for the safety of that page.

I can't

dbCooperFebruary 1, 2020 10:52 AM

@Clive Robinson:

As regards your valid points on conspiracy charges, current events in the USA seem to indicate it is beneficial to have your "jury" composed of your co-conspirators.

Michael February 1, 2020 12:30 PM

My apologies for the bad link. The real site name is
https://defensivecomputingchecklist.com

the other domain, defensivecomputing.info is an alias (shorter)

I did not realize that the alias only works via HTTP, not also via HTTPS. Not sure why.

Site is not a commercial thing. No ads, no tracking, no affiliate links, not even images (by default).

IsmarFebruary 1, 2020 2:39 PM

@Alejandro
These look more fashionable
Hiding in plain sight: activists don camouflage to beat Met surveillance
https://www.the guardian.com/world/2020/feb/01/privacy-campaigners-dazzle-camouflage-met-police-surveillance

Clive RobinsonFebruary 1, 2020 2:52 PM

@ dbCooper,

current events in the USA seem to indicate

For some reason the gravely voice of Joe Cocker, is going by in my head singing,

    Yes, You get by, with a little help from your friends

Clive RobinsonFebruary 1, 2020 3:14 PM

@ Scott,

    "but instead from public panic and panicked government responses"

Also certain comments such as China and the United States "are on top of things", when clearly they are not in either case...

The thing is so far there have been far less deaths from this virus than the US experiences with the flu virus most years.

However that is going to change. The reasons are firstly there are now something like 10,000 known cases in China and the disease mapping people at Imperial College London sugest it's probably between 40,000 and 100,000. That is they are either not symptomatic yet or only mildly so and have not yet got on the radar.

Secondly the known number who have recovered is about the same number as have died. So the "known outcome" in patients is around 5% therefor in 95% of medically known infections the outcome is still very much unknown.

Which also suggests that the time from initial infection through to recovery is a month or more. Most "colds" (which are cornavirus varients themselves) are dun and dusted in 6 to 10 days....

Not much more is realy known yet even though it has been genesequenced already and there are now known testing protocols from the likes of the CDC.

Clive RobinsonFebruary 1, 2020 3:21 PM

@ SpaceLifeForm,

Do not read this link.

I've actually been looking forward to seeing them in the flesh as it were (some are actually on vellum).

Yes, I have my own very very small collection of maps and charts, some of WWI sea battles. My son also has shown an interest in all sorts of maps including "railway maps".

vas pupFebruary 1, 2020 3:31 PM

Weapon-spotting tech tested by Las Vegas casino:
https://www.bbc.com/news/av/technology-51178092/weapon-spotting-tech-tested-by-las-vegas-casino


"Technology which can detect if someone is openly carrying or hiding a weapon is being tested by a Las Vegas casino.

Unlike a metal detector, the sensors can be placed discreetly into areas such a turnstile or building's entrance creating an invisible fence.

BBC Click speaks to Patriot One, who is behind the technology, to find out more."

Very good video inside as well!!!

vas pupFebruary 1, 2020 3:54 PM

@Bruce: I know subject is very interesting for you

People may lie to appear honest
Efforts to avoid appearing dishonest may actually lead to lying

https://www.sciencedaily.com/releases/2020/01/200130081618.htm

""Many people care greatly about their reputation and how they will be judged by others, and a concern about appearing honest may outweigh our desire to actually be honest, even in situations where it will cost us money to lie," said lead researcher Shoham Choshen-Hillel, PhD, a senior lecturer at the School of Business Administration and Center for the Study of Rationality at The Hebrew University of Jerusalem. "Our findings suggest that when people obtain extremely favorable outcomes, they anticipate other people's suspicious reactions and prefer lying and appearing honest over telling the truth and appearing as selfish liars."

The study found similar findings about lying to appear honest in a series of experiments conducted with lawyers and college students in Israel, as well as online participants in the United States and United Kingdom. The research was published online in the Journal of Experimental Psychology: General."

SpaceLifeFormFebruary 1, 2020 4:51 PM

#2019-nCoV

https://www.statnews.com/2020/02/01/top-who-official-says-not-too-late-to-stop-coronavirus-outbreak/

Ryan admitted he was surprised by the speed with which the outbreak has taken off. China alerted the WHO to the fact that it believed a new virus was causing pneumonia in the central Chinese city of Wuhan on Dec. 31.

[IIRC, the first report was on 2019-12-12. Which says that China did not know what they were dealing with immediately]

"For me it’s been unusual to see a new disease emerge and, on the face of it, move so quickly,” he said. If the scientists studying the genetic sequences of the viruses are right and the outbreak began sometime in late November or early December, “then this is a very rapid emergence and very rapid infection of a lot of people."

[the long incubation time (7 days) is a problem]

[And, now a France health care worker apparently has been infected from two patients]


maqpFebruary 1, 2020 9:42 PM

TFC 1.20.02 is now released.

There's two major updates in this release

1. A new PCB-based data diode. The instructions provide gerber files for ordering PCBs, plus stereolithography files that allow anyone to 3D-print a case for the data diode. Both the data diode and the case are designs by cxcorp; kudos to him. The Data diode has an optional PCB-board for LEDs that display through the case when data transmission takes place.

2. Public key diff guides that allow the Relay Program on the Networked Computer to show the user where they made typos when entering a TFC account or an X448 public key. The wiki article has a much more in-depth explanation

The TFC signing key expired in January. The SHA256 fingerprint for the file containing the new public RSA-key is 33ddcdda770e080f9a511884a3c18c138cc9b5fbb2dac1d64c6e3a36599bac69. This is the same fingerprint as the one used in the installer one-liner.

There's new screenshots and 3D-renderings, and many of the wiki articles have been expanded.

Finally, I undid the "black" code formatting as it hurt readability of code, messed up test vector arrays etc.

Wesley ParishFebruary 1, 2020 11:08 PM

@Clive

It's why everybody "near" a crime in someway is on the suspect list untill they can take themselves off. Investigators don't as a rule take you off even if you have a solid alibi, only if they know it can not be challenged. Few of us in our daily lives ever have unchallengable alibis... The thing about "conspiracy to..." is that there is no alibi for it when you think about it.

I think you can find that particular set of symptoms described in most books dealing with clinical psychosis. Paranoia is a psychological disorder that can get one committed in many a jurisdiction. That the person is paranoid due to policy and empolyment and not due to a "chemical imbalance in the brain" is no excuse - it is still enough to get one committed to a psychiatric institution - a high-security one if said official is permitted firearms in their normal duties.

ThothFebruary 2, 2020 4:42 AM

@Clive Robinson

This time its Malaysia's turn to execute its own anti-fake news laws against alternative source of information regarding the Wuhan virus.

Very convenient for dictators to exercise absolute control via national emergency provisions to silence anyone and everyone.

Doctors and health researchers are widely targetted globally if they dare to reveal more information on their work and situation than the Governments approve (a.k.a alternative news).

Links:
- https://www.freemalaysiatoday.com/category/nation/2020/01/30/sixth-person-arrested-for-spreading-fake-news-on-wuhan-virus/
- https://www.channelnewsasia.com/news/asia/wuhan-virus-malaysia-fake-news-arrests-12369880

Clive RobinsonFebruary 2, 2020 9:57 AM

@ Wesley Parish,

That the person is paranoid due to policy and empolyment and not due to a "chemical imbalance in the brain" is no excuse

Which as, you note is rather conveniant for some. It's a kind of circular argument you see out of various "authority figures". If they persecute you and you complain "you are paranoid" if you don't complain then you must have some other mental illness... Either way "The victim is blaimed".

The thing about "mental illness" is it's highly stigmatized and people imagine some danger of someone being an axe or gun wielding "psycho-killer". The reality is that more than a quater of the Western population and rising, get some form of mental illness at some point in their lives[1]. So once they have you on "Mentally ill" they can use it as an excuse to lock you up indefinitely "for your own safety", or "the safety of others".

In Russia for instance a standard tactic is to "bug the house" of a political suspect and "like Alexa" record everything that's said. They also hide CCTV cameras in the bedroom. Then, when they pull the suspect in, they make them go through every conversation every video from the bedroom over and over in out of time sequence. They scream things at some suspects claim they have said things differently and basically drive the person into a confused or deranged state. The authorities do this just because they have "the lawfull authority" to do so...

As I said earlier you don't have to believe me, just look at what goes on and examine what you find. And if not convinced there is a real issue, go and have a look at what the Chicargo PD did with their illegal detention center at Homan Square[2]. Then look into what "Special Administrative Measures" realy means, the UN lists many of the techniques as various forms of tourture.

But if you look at the dictionary discription of "paranoia" you usually find the word "unreasonable" or "delusional" in there,

Cambridge :- an extreme and unreasonable feeling that other people do not like you or are going to harm or criticize you.

Merriam-Webster :- characterized by systematized delusions of persecution or grandeur usually without hallucinations.

Thus the problem is who is to say what is "unreasonable" or "delusional". There are many reasons why someone might have trust issues, having been bullied through school and adolescence is one reason, being involved in a number of abusive or controling relationships is another. After all not everyone has a robust personality, but even so we do all have breaking points...

As a friend who works in the profession pointed out to me, in effect,

    We all have worries and fears, some come from early events in our lives or are built in such as fear of spiders or the dark, and we can learn to overcome them. However anyone who knows what they are can do the opposit, and use them to make someone much more fearfull more anxious and thus look like they are unreasonably fearfull or delusional, to the point an untrained observer will believe the person is paranoid.

More interestingly they went on to describe that we realy do not know the mechanisms of actual clinical paranoia and why some people are more susceptable. Also that it may be linked to the mechanisms that give rise to Post Traumatic Stress Disorder and certain avoidance disorders (like fobias etc).

The real point though is that humans are nearly all delusional and take an unreasonable view on life... This is because on mass we dare not face reality, we trust incorrectly, are overly optomistic and just simoly ignore inconveniant reality by victim blaiming and live more or less in the moment to get through life. Thus it does not matter how many facts and figures you present to the average person they will ignore it. In the modern era people are getting money and other things stolen via "Identity Theft" the victimes are almost always blaimed by just about every one. The organisations that gave credit where they should not or banking facilities, the organisations that just hand out things like utility bills without question, the authorities who should investigate and even the courts. They all blaim the victim and look the other way. The only reason there is not more identity theft and online financial crime is the lack of criminals.

But this sort of thing has been going on for centuries. The clasic example that most have heard and even still believe, was the faux news[3] of,

    Let them eat cake

The reason it was and still is believable though false is that it demonstrates how,

    The "commoners" incorrectly believe that the "aristocracy" are shielded from the "real life" commoners live.

But most people fail to realise it applies to all of us, we are all shielded in some way.

Just yesterday I was walking through London with my son and taking a short cut from Oxford St to Foyles book shop in the Charing Cross road. Due to Cross-Rail extentions, lots of places in that area are closed off. Thus forced into taking a detour down an alley beside a luxuary hotel, we saw a tent a group of people around it we had to walk around. I knew at a glance, at the things that were visable and the piles of vomit, that the people were not just homeless, or drunks but actual hard drug addicts and from eastern Europe. Having passed by unscathed --as is usually the case-- I asked my son what he thought. He got homeless and drunk, but did not realise drug addicts or the types of drugs or where they were from. As the little encampment was clearly visable from the hotel entrance, the thought occured to me, "What do the guests think, if they even notice?"

The simple fact is most live in "bubbles of existance" and few ever go outside of their bubble or "tribe". Thus their view of the world is almost entirely different from someone else less than a hundred feet away. So it's very easy to manipulate the view points of people who have no idea or appreciation of the world outside their bubble. But be assured of one thing, there are many who chearfully exploit those existance bubbles to their own advantage, enjoyment or both, faux news and Internet "echo chambers" are just the latest ways.

[1] Various arguments have been put forward for the rise. One is, it is related to "anonymous high density environments", that is living and working in cities where we are effectively alone is bad for us. Another is the stress of not being incontrol in our various lives. Others have suggested the trend towards 24hour living may play a part as there is no clear day/night barriers thus needed regular sleep cycles, which is backed up by medical evidence of stress related illnesses and higher incidence of addiction and suicide (it's amazing why employeers are still alowed to use shift working "rotation" the way they do).

[2] https://www.theguardian.com/us-news/2015/oct/19/homan-square-chicago-police-disappeared-thousands

[3] https://www.britannica.com/story/did-marie-antoinette-really-say-let-them-eat-cake

MarkHFebruary 2, 2020 2:28 PM

@Clive:

I've read a fair number of your soliloquies over the years; your writing above about mental illness and the status of the lowly is trenchant and heartfelt.

Victim blaming is the special hobby for Americans of a certain ideological inclination, under the rubric of "personal responsibility." Its application -- in places where this ideology dominates -- is Dickensian (or perhaps better, à la Victor Hugo) in its cruelty.

For example, when poor people have even the most minor conflicts with the law, they may accumulate snowballing fines and fees which vastly exceed their ability to pay. When they are jailed for failure to pay a fine timely, they are billed for the cost of their jail time ...

In such regions, it is now fashionable to have fire services "by subscription." If you don't pay the substantial annual fee, and your home catches fire, they will come out, check whether any person is trapped inside, and then passively watch your house burn to the ground.

I often think of a line from American crime fiction, in which a character predicts that one of the murderers will (as a preliminary) "beat my teeth out and then kick me in the stomach for mumbling."

And from Anatole France:

La majestueuse égalité des lois, qui interdit au riche comme au pauvre de coucher sous les ponts, de mendier dans les rues et de voler du pain.
In its majestic equality, the law forbids rich and poor alike to sleep under bridges, beg in the streets and steal loaves of bread.

America prides itself on "economic mobility," which is rather less than most Americans like to imagine. But it's a two-way street, and social scientists have found that a surprising fraction of America's poor were quite affluent at one time ... a fine opportunity, for the study of majestic equality.

SpaceLifeFormFebruary 2, 2020 4:11 PM

@ z, it's dead jim

Consider the roots of TOR.

Where it started.

How many TOR users disable Javascript?

GrimaFebruary 2, 2020 4:22 PM

Alejandro & Ismar, re: masks & FR - Beat me to it, darn it. Surgical masks are designed to be worn by operating theatre health care practitioners to avoid contaminating a patient on the table with water-droplet-borne disease organisms. They are almost certainly extremely ineffective it shielding the wearer from novel coronavirus. But when I saw a video of some febrile CNN panic monger wearing one the other day, it occurred to me that it might be a great way to defeat most commonly deployed facial recognition tech. Another potential advantage is that (at least currently) I believe it is not likely to be questioned. In the event that it is questioned, I'm reasonably certain that mumbling something about being highly contagious and your MD prescribing mask wear whenever you are out in public, possibly accompanied by some strategic coughing and wheezing, should probably induce the questioner to beat a hasty retreat :)

Clive RobinsonFebruary 2, 2020 7:54 PM

@ Grima, Alejandro, Ismar,

Whilst the masks people are wearing might hide some featurs that facial recognition, they don't hide all.

@ ALL,

Even the face masks senior Chinese officials are wearing are not sufficient for RNA virus infections...

The photograps shown so far sow them wearing poorly fitted N95 masks that in atleast one case is the wrong size for the persons face[1]. Most of these "dust" or "particulate" masks come in five diferent "face fittings" and you have to wear the right one otherwise leakage is going to happen.

Hospital and surgical masks are mainly designed for the protection of the patient not the doctor or nurse treating them. Further they are generally designed to stop droplets not air bourn individual virus strands (virons).

Your best bet is "issolation" that is keep away from other people as best you can. In the past it's bern argued that sealing all doors and windows on the ground floors and ventilating from "the top floor" will help, but I've not seen any supporting evidence. However the use of disinfectants and bleaches with known bacteria killing and virus destroying capabilities for most surfaces that people touch there is plenty of evidence for. Diluting bleaches down to just a few drops per quat/ltr can be safely used to wash your body[2] and clothes along with ordinary "hard soaps" and detergents. Avoid the use of skin salves/lotions or fabric softeners.

According to The Guardian news paper's rolling coverage[3], a couple of hours ago,

    With the death toll climbing to 360, it has passed the fatalities recorded in China for the Sars epidemic (349).

Whilst the R0 (R-nought) "basic reproduction rate" or average number of people infected from one infected idividual for SARS was around 2.5-10 the figure for nCov is apparently less at 1.4-2.5, but high compared to about 1.3 for most annual flu outbreaks... Which makes the rising death rate more worrying, as is the low symptomatic indicators, which for some are apparently less than an ordinary cold that is prevelant at this time of year in the Northern Hemisphere.

[1] An N95 raiting is that it will keep 95% of dry usually PM2.5 particulates out. N100 rating is 99.97% of again dry usually PM2.5 particulates out. Those rated as P95 and P100 are designed for "petroleum volatile products" as well. Those masks with a C have activated carbon for certain chemicals and those with a V have outlet valves that help prevent the build up of moisture which renders the mask difficult to breath through thus more likely to have leakage around the sides. The US EPA has three basic Particulate Matter sizes 10 microns PM10, 2.5 microns PM2.5 and 1 micron PM1. A micron (µm) is a thousand nanometers (nm), unfortunately virions --single virus particles-- are 20-250 nanometers in diameter, so you see the problem...

[2] However even though we are talking about the bleach content being the same or less than with swiming pool water, it's always advisable to avoid the eyes, nose, ears, mouth and certain other sensitive areas when such chemicals are in use.

[3] https://www.theguardian.com/world/live/2020/feb/03/coronavirus-live-updates-china-wuhan-outbreak-evacuations-flights-latest-news-death-toll-climbs-passing-sars

Neha SharmaFebruary 3, 2020 12:35 AM

KSAC is one of the most trusted multi-specialty Ayurvedic hospitals in India. For over two decades, we provides 100% Evidence based Treatments for diseases, Naturally.

Jossef A.February 3, 2020 4:52 AM

Maybe you would be interested in this news: https://www.gk8.io/bountyprogram/

The people behind it are respectable cryptographers and yet it doesn't sound right to me... but since I'me far from been an expert (of any kind...) I'me pretty much curious to hear your opinions...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.