Friday Squid Blogging: Squid Eggs

Cool photo.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

EDITED TO ADD (3/4): I just deleted a slew of comments about COVID 19. I may reinstate some of them later; right now I want some time to think about what is relevant and what is not. Surely lots of things are relevant to this blog—fear, risk management, surveillance, containment measures—but most of the talk about the virus are not. I would like to suggest that those who wish to talk about the virus do so elsewhere, and those who want to talk specifically about the security/risk implications continue to do so, politely and respectfully.

Posted on February 28, 2020 at 4:08 PM113 Comments

Comments

gordo February 28, 2020 5:31 PM

Judge: Julian Assange Must Remain In Glass Box During Extradition Proceedings
By Kevin Gosztola, Shadowproof, 27 Feb 2020

Defendants in the United States sit with their counsel. They are not held in a “secure dock” in a manner that physically removes them from proceedings.

Yet, in the United Kingdom, where WikiLeaks founder Julian Assange faces extradition to the U.S., a magistrate court judge decided he must remain isolated in a glass box at the back of the courtroom.

https://shadowproof.com/2020/02/27/judge-julian-assange-must-remain-in-glass-box-during-extradition-proceedings/

Your Man in the Public Gallery – The Assange Hearing Day 3
By Craig Murray, CraigMurray.org, 27 Feb, 2020

[Magistrate] Baraitser replied that Assange might pose a danger to the public. It was a question of health and safety. How did Fitzgerald [defence] and Lewis [prosecution] think that she had the ability to carry out the necessary risk assessment? It would have to be up to Group 4 to decide if this was possible.

Yes, she really did say that. Group 4 would have to decide.

Baraitser started to throw out jargon like a Dalek when it spins out of control. “Risk assessment” and “health and safety” featured a lot. She started to resemble something worse than a Dalek, a particularly stupid local government officer of a very low grade. “No jurisdiction” – “Up to Group 4”. Recovering slightly, she stated firmly that delivery to custody can only mean delivery to the dock of the court, nowhere else in the room. If the defence wanted him in the courtroom where he could hear proceedings better, they could only apply for bail and his release from custody in general. She then peered at both barristers in the hope this would have sat them down, but both were still on their feet.

In his diffident manner (which I confess is growing on me) Lewis said “the prosecution is neutral on this request, of course but, err, I really don’t think that’s right”. He looked at her like a kindly uncle whose favourite niece has just started drinking tequila from the bottle at a family party.

Baraitser concluded the matter by stating that the Defence should submit written arguments by 10am tomorrow on this point, and she would then hold a separate hearing into the question of Julian’s position in the court.

https://www.craigmurray.org.uk/archives/2020/02/your-man-in-the-public-gallery-the-assange-hearing-day-3/

Maybe Magistrate Baraitser hasn’t received that special, special-relationship memo – “Truth, justice, and the American way… pick two”. That, or, privatization being what it is, maybe she’s on a slow roll toward some strange kind of virtue signaling, having, that is, to first consult with Group 4 “a British multinational security services company” and “the world’s third-largest private employer.”


Reporting on the Assange extradition hearings:

Craig Murray
https://en.wikipedia.org/wiki/Craig_Murray
https://www.craigmurray.org.uk/
https://twitter.com/CraigMurrayOrg

Day 1
Posted: 25 Feb, 2020
https://www.craigmurray.org.uk/archives/2020/02/your-man-in-the-public-gallery-assange-hearing-day-1/

Day 2
Posted: 26 Feb, 2020
https://www.craigmurray.org.uk/archives/2020/02/your-man-in-the-public-gallery-assange-hearing-day-2/

Day 3
Posted: 27 Feb, 2020
https://www.craigmurray.org.uk/archives/2020/02/your-man-in-the-public-gallery-the-assange-hearing-day-3/

Day 4
Posted: 28 Feb, 2020
https://www.craigmurray.org.uk/archives/2020/02/your-man-in-the-public-gallery-assange-hearing-day-four/


Kevin Gosztola
https://en.wikipedia.org/wiki/Kevin_Gosztola
https://shadowproof.com/
https://twitter.com/kgosztola

Day 1
Posted: Feb 24th 2020, 39 tweets, 6 min read
https://threadreaderapp.com/thread/1231889705496666113.html

Day 2
Posted: Feb 25th 2020, 53 tweets, 13 min read
https://threadreaderapp.com/thread/1232250011209097216.html

Day 3
Posted: Feb 26th 2020, 62 tweets, 22 min read
https://threadreaderapp.com/thread/1232603895488225281.html

Day 4
Posted: Feb 27th 2020, 35 tweets, 8 min read
https://threadreaderapp.com/thread/1232973789325090822.html

vas pup February 28, 2020 5:33 PM

AI ethics backed by Pope and tech giants in new plan
https://www.bbc.com/news/technology-51673296

“The Roman Catholic Church has joined up with IBM and Microsoft to work on the ethics of artificial intelligence.

Leaders from the two tech giants met senior church officials in Rome, and agreed to collaborate on “human-centered” ways of designing AI.

Microsoft president Brad Smith admitted some people may “think of us as strange bedfellows” at the signing event.

“But I think the world needs people from different places to come together,” he said.

The call was supported by Pope Francis, in his first detailed remarks about the impact of artificial intelligence on humanity.

Humanizing technology

All the speakers said they were inspired by the Pope’s leadership in this area.

“I am convinced that the current Pope, Pope Francis, is God’s gift for the entire world,” said Archbishop Paglia.

“To humanize technology, this is possible only if you have a great vision,” he said.

“This is the only perspective in order to avoid conflicts, war, ecological and human disasters,” the archbishop said.

Mr Kelly says the views of the Pontifical Academy for Life and IBM match very closely in the ethical sphere.

“AI is so close to human behavior and interaction this is really important to get right, so we are really proud to team up with the Catholic Church to get this one right,” he said.’

vas pup February 28, 2020 5:50 PM

Pre-installed malware: Your Android phone may spy on you!
https://www.dw.com/en/pre-installed-malware-your-android-phone-may-spy-on-you/a-52526377

“US researchers have discovered a large number of vulnerabilities in smartphones. Malware and backdoors are often pre-installed at the root level, and there is nothing a regular user can do about it.

Most people are aware that their cellphone may have certain vulnerabilities and that they should be careful about the settings they choose, cautious when using the device to send and receive sensitive data and wary about what kind of apps to install.

But would you have imagined that a brand-new mobile phone straight from the factory comes with pre-installed spyware? The phone may have an invisible app that manages to obtain elevated admin privileges and do things that you as a user can hardly detect and cannot disable.

That app may even send out data packages to some remote server
=====>at night when you as the owner are sleeping and your cellphone is turned off.

Some of the identified vulnerabilities allow attackers to get into the phone remotely, activate keyloggers, take screenshots or simply record everything the owner sees, does, says and hears, including the typing, deleting and correcting of passwords.

“All the apps do not give any sign that they are running” Stavrou adds. “They can be running in the background, collecting all this information without your knowledge.”

My take: make hardware kill switch, then off will really mean off.

SpaceLifeForm February 28, 2020 6:25 PM

@ Clive, Anders

I do not get why people keep flying.

The planes are infected.

Monaco
Belarus
Iceland
Mexico
Azerbaijan
New Zealand
Lithuania

STOP FLYING!

I expect WHO will finally declare Pandemic Monday, 2020-03-02.

Might have something to do with T-Bills.

Bill van Eck February 28, 2020 7:46 PM

My niece just left the US for a two week tour with stops in China, Cambodia, Thailand and Laos. Didn’t want to lose the money she had already paid the tour agency. What could possibly go wrong.

And yes the timing, has a lot to do with those t-bills.

Not Joking February 28, 2020 8:25 PM

No More GitHub

MSFT owns it, and they’re all proprietary etc., and they’ve got intellectual property interests etc. That’s no good for free and open source software, or for security in general.

https://devclass.com/2020/02/28/github-ceo-apologises-as-repo-service-nods-off-again/

GitHub had a lie down yesterday, prompting an apology from CEO Nat Friedman and consternation amongst developers who rely on the Microsoft-owned code repo and even a touch of paranoia as to the possible reasons for the outage.

Yesterday’s two hour plus degradation resulted in some nasty looking dark orange bars in the vendor’s status page, with a distinct touch of rouge across Github Actions and GitHub packages.

They’re bringing public domain and GPL’ed code in-house, turning it proprietary, and playing tricks on developers and competitors to ease the time-to-market pressure on the proprietary closed-source solutions which they offer as SaaS or shrink-wrap software.

https://www.crn.com/news/cloud/-major-github-outage-briefly-halts-developers

Tatütata February 29, 2020 1:07 AM

A new WiFi hardware vulnerability called KR00K was made public.

https://www.eset.com/int/kr00k/

Affected are about 1 billion devices equipped with Broadcom or Cypress chipsets, including Apple, Samsung and Amazon products. Access points are vulnerable too.

When running WPA2 with CCMP, an unencrypted disassociation packet sent by an attacker causes the key to be reset. The leak comes from packets still present in the transmit queue being sent with this all-zero key.

Clive Robinson February 29, 2020 2:09 AM

@ Bill van Eck,

What could possibly go wrong.

Do you realy want that answered?

Something tells me you probably do not want to know but not for the reason you might think.

Part of the answer is she is considerably more at risk of having an ordinary minor accident than anything else.

What you should know though is that the facts of coronavirus are based on very little epidemiological evidence due to so few cases outside of China so any predictions are realy not even real best guesses due to the law of small numbers amongst other things. To see why compare the US population of 330,000,000 with the number of actual cases of COVID-19 in the US the last I heard was 60, so 1 to 5,500,000…

For instance her chance of meeting an infected individual is actually too small to quantify currently. Certainly way less than one in a million currently based on the figures we have. Whilst the risk of a minor accident on a two week holiday trip abroad for a fit health twebty something is about one in a thousand.

Thus even in the remote chance she does get infected her symptoms would be very probably very mild, probably less than a cold requiring no medical intervention.

So lets look at your risk as say a fifty something year old male living in the US… Well first off you have a one in ten thousand chance of being a road fatality this year… I can trot out some other general statistics but they would just depress you. So lets just say the men in their fifties are around 7% of the US population. Statistically there are around 3 million of the total population that are expected to die this year and your chance is about .5-1% depending where you are in your fifties.

So she as an individual is actually at more risk of having a minor accident whilst she is away than anything else. But that risk is less than your risk of dying this year. So whilst you might be concerned the reality is she should be more worried about you currently.

gordo February 29, 2020 5:36 AM

Good backgrounder article.

2020 ELECTIONS

Doublecheck that ballot: Controversial voting machines make their primary debut in South Carolina

Cyber researchers and election security advocates say new voting machines may be more secure than totally paperless systems — but they’re not as safe as paper ballots that voters mark by hand.

The state is among 14 that have scrambled to replace their insecure, paperless voting equipment since the 2016 election, according to a POLITICO survey. Nationwide, 47 states and the District of Columbia rely at least partially on the kinds of devices South Carolina has adopted: touchscreen machines that produce paper ballots for every vote. But Saturday’s primary in South Carolina, which spent $51 million last year to install roughly 13,500 voting machines, is the first statewide presidential election primary being run on these devices.

https://www.politico.com/news/2020/02/28/south-carolina-voting-machines-118046

lurker February 29, 2020 11:51 AM

@Gordo

…touchscreen machines that produce paper ballots…

A nice fat 2B pencil of course produces far less profit for a much reduced supply chain to dip their fingers in; and a much better visibility of the Operating System with nowhere to hide rackets.

Apokrif February 29, 2020 2:23 PM

@Gordo, @lurker: what influence of COVID 19 on:
* preference for internet voting ?
* payment with smartphone preferred to contactless card, contactless card preferred to card inserted into a machine + PIN or signature, payment card preferred to the use of cash ?

Random Commenter February 29, 2020 4:20 PM

Maybe this has been mentioned, but The Markup website is now live.

The Markup is a nonprofit newsroom that investigates how powerful institutions are using technology to change our society. We are a new kind of media organization, staffed with an unparalleled roster of quantitative journalists who pursue meaningful, data-driven investigations.

#ttps://themarkup.org/about

gordo February 29, 2020 4:44 PM

@ lurker,

2B pencil

… or not 2B, that is the question:

Ballot-Marking Devices (BMDs) Cannot Assure the Will of the Voters
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3375755

… Whether ’tis nobler in the electorate to suffer
The slings and arrows of outrageous fortune,
Or to take pencils against a sea of troubles
And by opposing end them.

profit … rackets

States and Cities Could Use Billions of Unspent DHS Grants to #Protect2020
https://www.lawfareblog.com/states-and-cities-could-use-billions-unspent-dhs-grants-protect2020

It’s all about the pencils.

myliit February 29, 2020 4:51 PM

The Coronavirus and How Political Spin has Worsened Epidemics

https://www.newyorker.com/news/daily-comment/the-coronavirus-and-how-political-spin-has-worsened-epidemics

“ The virulent germ we now call the Spanish flu happened to strike at a diabolical moment in the history of politics and propaganda. The previous spring, in April of 1917, the United States entered the First World War, and President Woodrow Wilson launched a dubious campaign to shore up popular support and suppress criticism. He established the Committee on Public Information, whose chairman, George Creel, set out to promote what he called “propaganda in the true sense of the word, meaning the ‘propagation of faith.’ ” Wilson also signed the Sedition Act, which criminalized “disloyal, profane, scurrilous, or abusive language about the form of government” or anything else that might impede the war effort. The government put up posters around the country urging citizens to report anyone “who spreads pessimistic stories.”

In early 1918, the virus—which would eventually kill more people than all the military deaths of both World Wars combined—infected a large number of men at Camp Funston, an Army base in Kansas, and spread rapidly to other bases. As it slipped into the civilian world, public-health officials “lied for the war effort, for the propaganda machine that Wilson had created,” John M. Barry writes, in his detailed history of the pandemic, “The Great Influenza.” A Navy ship carried the virus to Philadelphia, and sailors started dying, but the city’s public-health director, a political appointee named Wilmer Krusen, dismissed it as “old-fashioned influenza or grip.” As the toll grew, Krusen assured the public that the city was on track to “nip the epidemic in the bud,” and some news organizations became allies in maintaining the façade. A headline in the Inquirer declared, “Scientific Nursing Halting Epidemic,” when, in fact, local hospitals were collapsing under a crush of new cases. The week of that headline, forty-five hundred and ninety-seven people in Philadelphia died of the flu.

In New York and Los Angeles, officials gave similarly false assurances, until the reality became inescapable. Cities and towns were running out of coffins. The clergy started patrolling the streets with carts, Barry writes, calling on the public to bring out their dead. Eventually, it was named the Spanish flu not because it originated in Spain but because when the king, Alfonso XIII, fell ill, the Spanish press was not bound by restrictions against reporting it.

Throughout history, diseases have posed an unsparing test of political leaders and their fidelity to the facts. According to Howard Markel, a medical historian at the University of Michigan, …”

Clive Robinson February 29, 2020 5:38 PM

@ Sed Contra,

“Dave, hold up your phone for a selfie and say aahh.”

Back when I was a kid some half century or so ago[1] the compulsory “School Medical” exam was called “Cough and drop”.

I’m not sure Siri can do that test, without a physical extension, and I realy think that would be one mobile extention too far 😉

That said though you can now get all sorts of “Medical electronics implants” of various forms to meaure ECG, blood preasure, breathing rate, temp, oxygen level, blood sugar level and quite a few other chemical tests on a continuous / ongoing basis. Many of these are “bluetooth enabled” and will talk to an app on a mobile phone (which no doubt Google will have backdoored to add to their patient medical database they are building)…

So in theory Siri could do the “obs” of patients every few minutes looking for changes and making pre-diognostic indicators etc.

After all with fitbit knowing how often and how energeticaly you have sex, have a shower or bath, go to the loo, climb stairs, ride a bike, or carry a fresh corpse to your car, drive, then dig a shallow grave[2] etc I’m not sure I realy want to be wired up at all even if it might extend my life by a decade or two.

Once upon a time there was this notion that you could not be compelled to give evidence against yourself… Accessing your heart rate info to use against you kind of feels like being compelled to me…

[1] It feels realy weird saying it because in my head I feel and think twenty, and I can still do quite a few things those in their late thirties or fourties either can not or chose not to do.

[2] I can’t remember the case, but the prosecution subpoenaed somebodies fit bit records and used an analysis of the data to show the murder and disposal of the body (or so they claimed to the jury).

Clive Robinson February 29, 2020 6:11 PM

@ SpaceLifeForm, Anders, ALL,

The madness goes on,

This Sundy 1st March, we have,

    The London Vitality Big Half Marathon

Which,

    has been created by London Marathon Events Ltd, the world’s leading organiser of mass participation sports events.

https://www.sportstoursinternational.co.uk/events/london-vitality-big-half-marathon/

There is expected to be aroind 12,000 participent, 2000 charity assistants and god only knows how many spectators.

My son is working on a “water station” where direct physical contact with many many participents their body fluids etc is to be expected…

Part of it’s route takes it through certain areas of London where there are a number of Iranian families who have very recently returned from the celebrations and religious festivals. They are “supposadly” in “voluntary self issolation” in their homes… For the next week or two…

What do you think should have been done?

Answers on a post card to,

    The moron in charge, 10 Downing St, Westminster, London,
    UK, SW1A 2AA.

David February 29, 2020 11:36 PM

https://caitlinjohnstone.com/2020/02/28/this-assange-trial-is-a-self-contradictory-kafkaesque-nightmare/

Caitlin Johnstone, an Australian blogger some readers will like. I only include this because it’s a special post about Assange that is beyond a farce, and notably, that the Magistrate has been wiped clean off the internet. As Craig Murray says, arguably the only public figure in Western Europe whose photo does not exist on the internet.
That takes a particular set of skills.
The salient point about all this is how the prosecution seems to, most reasonably, fear a mistrial. Based on the conduct of the Magistrate! Usually its the prosecuton that misbehave somehow!

David March 1, 2020 2:26 AM

Curious

I’ve been wondering if anybody checked if the Assange trial in UK itself is actually official business re. public records, all the way.

Thankyou.

Good call. Anyone?
Reminds of me ‘local council’ having no jurisidiction in Australia.
The local governments in Australia are claiming to be a 3rd tier of government, Federal and State being the 1st and 2nd respectively. when the commonwealth constitution makes no such reference. And further, the statutes councils rely on for allegeda authority are neither gazetted or have royal assent. Off topic, enough said.

Curious March 1, 2020 8:29 AM

@David

Somebody in an unrelated matter, commented something like, that the king in Kafka’s unfinisihed novel, The Castle, doesn’t seem to even exist, even though he is believed to be at the Castle. Which would make it pertinent to question if authority around the castle is even legit if there is not meant to be any king in the novel, or, perhaps in the case no official authortiy in the case with Assange. Admittedly, it would be something of a stretch for me to think that the trial maybe isn’t official, but perhaps there is some totally abrust bureaucratic loophole for such things to happen in the UK.

Curious March 1, 2020 8:38 AM

I meant to write ‘absurd bureaucratic loophole’ in my last sentence, not “abrust bureaucratic loophole”. 😐
I should maybe consider stop using the touch method for my keyboard, or just try always finish what I started writing on before I start thinking about more stuff. Problem is, there is usually more than one thing on my mind after I start thinking about more obscure problems that have interesting nuances to it, that I may or not already be vaguely aware of.

MarkH March 1, 2020 10:50 AM

Perhaps I’m distinctive here, in being dispassionate concerning “l’affaire Assange.”

Note to those who understand English poorly:

dispassionate ≠ disinterested

Spluttering eruptions of emotion can be helpful, and sometimes quite necessary. They are no substitute for facts and logic.

If the extradition proceeding under way in the UK doesn’t comport with your concept of how a trial should be conducted, it might interest you to learn that it’s not a trial at all, but rather a hearing.

There are some distinctions between the two kinds of court proceeding, which are founded in centuries of custom and practice.

If you’re interested in how the UK extradition process is supposed to work, take a look at

https://www.gov.uk/guidance/extradition-processes-and-review#extradition-from-the-uk-category-2-territories

lurker March 1, 2020 1:03 PM

@Clive, All
Dr Chris Smith, consultant virologist at Cambridge University and one of BBC Radio 5 Live’s Naked Scientists spoke on local public radio at the weekend, suggesting current data showing Covid-19 infection rate about 10 times that of annual flu, death rate for those who become infected is difficult to quantify because: currently it is zero for children under 10 years of age; rising from there according to age and underlying cardio-pulmonary health. Annual flu shot cannot give immunity against Covid-19, but it may assist your immune system to resist infection.

SpaceLifeForm March 1, 2020 3:22 PM

@ Scott, Clive

Did your post have a funny link with a bunch of numbers after a question mark ?

Could be tracking info. Try to find original source link, or remove the question mark and the data after it from the URL.

Then test.

MarkH March 1, 2020 4:34 PM

@SpaceLifeForm:

If I understand correctly, there’s an important distinction to be made between inevitable transcription errors used in analyses (bearing in mind that there’s already been many generations), and functional mutations transforming its spread and effects on patients.

For complex organisms, most of the nucleotide sequence apparently has no effect, so mutations there leave “forensic markers” without altering characteristics. Maybe it’s a little like that with viruses too.

As far as epidemiologists have been able to determine, the virus hasn’t changed functionally (yet) in its human host population.

@lurker:

Another good reason to get vaccinated for flu: if a Covid epidemic develops in your region, the less flu patients competing for medical resources, the better.

SpaceLifeForm March 1, 2020 5:28 PM

@ Curious

“Problem is, there is usually more than one thing on my mind after I start thinking about more obscure problems that have interesting nuances to it, that I may or not already be vaguely aware of.”

Join the crowd.

It’s more stressful if you connect dots.

Sed Contra March 1, 2020 6:21 PM

New England Journal of Medicine Feb 28

https://www.nejm.org/doi/full/10.1056/NEJMe2002387

“This suggests that the overall clinical consequences of Covid-19 may ultimately be more akin to those of a severe seasonal influenza (which has a case fatality rate of approximately 0.1%) or a pandemic influenza (similar to those in 1957 and 1968) rather than a disease similar to SARS or MERS, which have had case fatality rates of 9 to 10% and 36%, respectively.”

name.withheld.for.obvious.reasons March 1, 2020 10:46 PM

From the Trails of Julian Assange (hxxps://www.youtube.com/watch?v=-Y5P820kjoc) that was to be held at Chatham House, instead found refuge at the Frontline Club in Paddington.

Nils Melzer made the point…

“Once this precidence has been allowed to be established, it can be applied to anyone. You and your children can be kidnapped, handed over and tortured and massacared and no one will be held accountable.”

Additionally Nils was quoted:

“Assange would only get 40 years for genocide, but 175 years for leaking the truth about American war crimes.”

This is what I have been arguing all along…

A Different Lurker March 2, 2020 12:48 AM

COVID-19

https://www.webmd.com/lung/news/20200124/coronavirus-2020-outbreak-latest-updates

All U.S. citizens who have visited China’s Hubei province in the past 14 days will face mandatory quarantine for 14 days. Other visitors returning from China will be screened and asked to self-quarantine for 14 days. Their movements will be monitored. [emphasis added]

The last two sentences are particularly concerning. Does anyone know what method(s) will be used to monitor the movements of the self-quarantined and under what legal authorities?

Two paragraphs later:

These are the first federal quarantine orders issued in 50 years, the last coming in the 1960s for smallpox evaluations, CDC officials said.

Certainly new laws must have come online relatively recently to cover recent technologies?

I will now remove the tinfoil from my passport and put it on my head to speculate on movement monitoring methods:

Neither passports nor hospital-style ID bracelets in an appropriate network of sensors would work (as anyone breaking self-quarantine would leave them home[1])… Nor would monitoring credit card etc transactions (not fine-tuned enough)… So perhaps via some kind of cellphone location or facial recognition-based tracking system?

Under what authority?

What sort of coverage do extant tracking systems have, and are they fine-tuned enough to backtrack further exposures, ie, at the level of (infectious) individual to (newly exposed) individual co-locations?

And would use of such systems be covered by current quarantine law?

https://www.cdc.gov/quarantine/aboutlawsregulationsquarantineisolation.html

(I didn’t dive deep enough to find answers to my law questions)

But diving deeper into the weeds of speculation on monitoring networks:

Over the past decade, I’ve watched the smart city free wifi “link” kiosks sprout like weeds all over my city and then spread to several other nearby cities. I’ve long suspected these serve as much as information sinks as they do as information sources, and not just through the usb charging ports.

In fact, on an early (p.o.c.?) model (later replaced), I observed some kind of disclamatory language along the lines of a “this premise is under video surveillance” warning, but more general, covering several types of sensors.

When the earlier model was replaced with the more permanent one that warning language disappeared. I suspect this may have had more to do with changes in law than changes in kiosk functionality.

And I suspect (tinfoil still not back to passport) these kiosks may now somehow play a role in “monitoring movement” for the “self-quarantined”…

If so, under what (federal, state, local) legal authority?

Again, speculating: might it be related to the extended border (100 mile) rules allowing warrantless searches of devices belonging to someone who has recently crossed a border and is under reasonable suspicion of a crime (quarantine evasion)?

https://constitutioncenter.org/blog/does-a-constitution-free-zone-really-exist-in-america/

Do these kiosks exist throughout the US?

Tin foil back to passport and climbing out of the weeds…

I would love to hear @Clive or some other expert speculator weigh in on the kiosks’ relevant functionality. Afterall, London had these kiosks before we did.

(Having lurked here on and off for a decade or so, I’m convinced Clive is an early adapter of AI augmention, making use of some sort Neuralink-style instant knowledge acquisition, and his orthography is just meant to throw us off the scent… Either that or it’s a form of steganography…But either way, he has super-human experiential expertise.)

[1] I failed to consider the most obvious and already extant movement monitoring method: GPS enabled house arrest ankle bracelets. But at least this gave me an opportunity to use a footnote…

Thinking about what it would take to scale up such a system brings into focus how dystopian the whole movement restriction mindset is: a large portion of the population under effective arrest and a large portion of the population enforcing it. Wouldn’t it be better to spend the same amount of money and human resources on buying/distributing masks and/or vaccine development/vaccination programs than on ankle bracelets and movement monitoring?

Anyway, I’m still curious about link kiosk sensor functionality and authorities.

JonKnowsNothing March 2, 2020 10:28 AM

re: Mandatory Organ Donation – Opt Out

Laws are being passed to force more organ donations by switching from Opt-In to an Opt-Out versions of consent. Always touted as “think of the children” law changes.

In California, we’ve had “pink dots” for years on our DMV licenses indicating an Opt-In. I don’t know when officials started amassing a database of “pink dot people” but from CA’s own new “Opt-Out” only option, they will remove the pink dot but not your previous registration in some (unknown) database .

To comply with our new USA wide REAL ID law, which requires you to provide proofs that you are who you say you are, and that you have residency rights, the small print on the information page included the update to CA laws. Since they had to issue everyone a new ID Card, the pink dots probably cost them a lot of money.

Whether you are for or against organ donation, using an OPT OUT, is plainly deceitful. We know from all the big techs how that works and the organ harvesting industry will explode with opportunities.

You and your family might not be able to deal effectively at a time of vulnerability with an unexpected result.

Oh? You didn’t want us to do that?
Sorry – all sold out.

ht tps://www.theguardian.com/society/2020/mar/01/new-law-on-organ-donation-max-and-keira
ht tps://en.wikipedia.org/wiki/Real_ID_Act
(url fractured to prevent autorun)

SpaceLifeForm March 2, 2020 1:15 PM

2019-nCoV

@ Clive, Anders, All

Note: denying entry does not make the plane safe. Blocking entry at customs does not mean the passenger was not infected en-route. Blocking entry at customs does not preclude the terminal from being infected.

hxxps://www.usnews.com/news/world/articles/2020-03-02/tajikistan-shuts-border-to-nationals-of-35-countries-sources

DUSHANBE (REUTERS) – The government of Tajikistan has instructed airlines and travel agencies to stop selling tickets to nationals of 35 countries including the United States, Britain, China, Japan and Iran, industry sources said on Monday.

Sancho_P March 2, 2020 5:07 PM

COVID-19 and our security:

  • It seems we can not stop the virus.
  • Probably we can stretch the time period to spread.
  • But nearly everyone (at least 70%) will get sick.
  • Some services are crucial (police, fire, hospital, health, utility, …) for many.
  • Such services require specialised personnel.
  • After infection and building up immunity (takes 2-3 weeks) people are safe.

¿ Isn’t it time to add 1+1 ?

Clive Robinson March 2, 2020 7:57 PM

@ SpaceLifeForm,

Probably because of the San Antonio screw-up.

As I understand it the person had two clears and a weekly positive came back after the person was releasesd.

Now as far as I can tell there are certain things we know,

1, The CDC “home brew” test kits are not reliable.
2, The quarantine period of 14 days is too short.
3, A weekly positive signal can be a sign of poor testing giving rise to cross contamination, or due to a different version of the coronavirus.

The reason for the CDC “homebrew” test kits I’ve heard is due to the significant financial cut backs pushed on the CDC by “Presidential order” to save money for tax giveaways.

As I’ve said repeatedly the longest known period from infection to becoming tested positive is 27days the mean is around 12.5 days. With an upto 2day delay on test results comming back 14 days is clearly not long enough as a quarantine period.

We will hear more about “weakly positive” test results as time goes on but there are a number of ways they can happen. All tests have defects in the way they work, that is they all have false positive and false negative results that’s just a function of our analogue world. Tests have both sensitivity and specificity issues as well as noise issues. Thus a “weakly positive” signal means you are down in the levels where things are at best “fuzzy” and you are trying to make a choice between a false positive and a positive result. Erring on the side of caution in the case of virulent disease means interpreting readings in a way that will increase the probability of false positives.

Now something you have to accept about PCR testing is it is an imperfect amplification process, which amplifies all that falls in it’s input. There are many coronaviruses most of which effect the animal kingdom not humans. However there are four coronaviruses that give humans “colds”… So the chance for cross contamination even in the best of labs is there. Cross contamination however is more likely at the dirty end of the test which is “swabbing the patient”. With the best will in the world total issolation quarantine is near to impossible even with specialised premises. It’s not just medical personnel going in and out, but air, food / fluid and the resulting waste. RNA virus molecules are small very small measured in millionth parts of a millimeter. Whilst they are quite a lot larger than the basic gas molecules you find in air, making effective filters, machine / door / bag seals etc is difficult. Thus airlock systems are difficult as are decontamination systems.

All of which means theres quite a lot of opportunity for low level cross contamination.

Which raises another issue, when you have many people in quarantine knowing there is the possability of cross contamination from an infective put presymptomatic person to a non infected person, how long should you keep people quarantined?

It’s these sorts of questions I’m glad I don’t have to make a choice on but as I’ve said before simple maths puts the quarantine period upto 37days after potential infection, if cross contamination is happening then the period goes up by a complex multiple of the number of people in quarantine and how many become symptomatic or test positive. More simply you would have three types of issolated quarantine, “incomming”, “known positive”, “final quarantine” which you would progress people through.

Clive Robinson March 2, 2020 9:03 PM

@ Sancho_P,

– It seems we can not stop the virus.

We could, but there would be consequences.

– Probably we can stretch the time period to spread.

This is the most sensible thing to do, because if we get it right scarce resources like Hospital ICU/ITU beds do not get overwhelmed.

– But nearly everyone (at least 70%) will get sick.

The prognosis is about 30% in the first year if we put measures in place, if we don’t about 60% in the first year.

What happens longterm is dependent on things we do not yet know or have yet.

Firstly is there better treatment regime other than ‘support the patient’. The Chinese are running a whole load of trials, hopefully something will come of them, even better if they are out of patent thus available to poor areas of the world that would otherwise become disease havens. One nightmare senario is that there will be an on patent drug, and as with certain natorious people in the US they hold everybody to ransom by pricing it at a thousand or more USD per treatment.

Secondly we have the question of “Is SARS-2 sufficiently temprature sensitive to be ‘seasonal'”. At the moment with the spread in Hong Kong and Singapore it suggests it is either not seasonal or at best weakly seasonal. If not seasonal there will be no respite, worse equatorial regions that are frequently poor will get hit hard. It’s why keeping an eye on Africa is so important.

Then there is the question of “If there is going to be a vaccine?” if we get lucky we will have a vaccine in 12-18months, but there is absolutly no guarentee on that SARS-CoV-1 from 2002-4 never got a vaccine, and many viruses never do get vaccines for various reasons.

Also is SARS-CoV-2 “stable”, that is as it’s an RNA strand rather than a DNA helix, it is way way more likely to mutate. We see this with certain Flu viruses which apparently never go away. Actually they do as each mutation dies as sufficient people get immunity, but it also mutates so each new mutation is usually “novel” to many peoples immune systems.

There are also other questions that arise if it does mutate, but they can be quite complex to answer.

But this gives rise to the question of “Can SARS-CoV-2 become endemic?” to which the answer may well be yes, which then gives rise to the question of “Who long before only new entrants to the pipulation become infected?”. As far as we can sofar tell pre-teens are almost uneffected by SARS-CoV-2 and thus get immunity fairly quickly. Likewise teens and adults upto their forties do not appear to get it seriously[1] it’s only older adults or those with other diseases or weaknesses at the time of infection that get it seriously or fataly. This suggests the first world with it’s higher numbers of older people will see more COVID-19 related deaths than second world nations. However third world nations due to lack of medical resources and increasing levels of untreated “first world non communicable disease” such as high blood preasure, type II diabetes, and respiritory disease from smoking and polution will see serious cases in those in early middle aged as well as older.

Thus the big problem currently is “to little valid information”…

[1] Yes there have been some deaths in those in their 30’s without having other diseases. Which suggests there may be either a genetic susceptability, or that there may have been a mutation. Information comming through suggests that a mutation is currently less likely, but the data thus evidence is currently very thin.

David March 2, 2020 9:17 PM

Clive Robinson

what we don’t have, and which looks dubious, because the absence of such fuels fear. If such data exists I’m willing to be corrected

factors for each death

was the victim of an immunosupressive lifestyle (many factors, use your imagination)

was the victim of an immunosuppresive environment
(Wuhan had a lot of 5G technology installed I’m told)

Air pollution/air quality of victim

pre existing medical conditions (including HIV, Cancer)

And we don’t have international announcements ‘Stop eating refined carbohydrates and especially white sugar and high fructose corn syrup. It’s one of the most immunosuppressive activies you are probably engaging in, and moderate or cease tobacco and other recreational drug use. Stop eating McDonalds’

Clive Robinson March 3, 2020 7:57 AM

@ David,

Your piece comes off as quasi-religious victim blaiming.

First of “victim of an immunosupressive lifestyle” was used as a euphemism for somebody who was HIV positive. Many “victims” of HIV in the world are due to medical negligence not personal lifestyle choices. For instance in certain parts of Africa it’s not uncommon but shocking to find nurses reusing needles and syringes on patients because they can not aford to buy them. But even in the first world, US Prisoners and drug addicts used to get paid for “giving blood”. For quite some time this blood was not tested for HIV because the test available was not used. This blood ended up being sold abroad and ended up all over the world, and people who had to use blood products to stay alive ended up HIV+.

Many people who are “immunosuppresed” have become so through no fault of their own, some have just got past their teenage years others have had an unfortunate reaction to some infection as a sequelei which has caused the immune system to attack it’s self. It’s not just type I diabetics, you might have heard of “cytokine storms”. In effect this is where a positive feedback system in the human immune system gets out of control and the person s immune system attacks them.

Also people with Malaria the number one killer disease in the world year on year have issues with other infections. But it’s more than that, the evoloution of a natral defence to the Malaria is the “Sickle cell” red blood cell. Unfortunately it can go wrong and there are variois “Sickle Cell Diseases” (SCD) the most widely known is “Sickle Cell Anemia”. There are something like 50million people with Sickle Cell Anemia… However one side effect is that the Sickle Cell is less efficient at transporting oxygen.

Then there are people due to surgery or physical trauma have damaged immune systems and are immunosuppresed.

But speaking of “heavy weight killers” in the western world there is cancer, those on most types of therapy are going to be vulnerable.

But there is also the likes of tuberculosis, we tend not to think about it in the first world because of our BCG jabs, but it is not just endemic in the second world, it is a pandemic in it’s own right in the third world. It is a disease of poverty, much of which is caused by first world political policy.

Thus there are well upwards of a hundreds of millions of people in the world with genetic or other factors making them immunosuppresed, and it has nothing what so ever to do with their lifestyle choices.

Likewise few people have a real choice over where they live, this “upwardly mobile” idea realy is a myth. Most have to live within easy traveling distance of where they work, industrial work one way or another be it from the actual processes or the vehicles people use to travel to work create innordinate amounts of polution that we now know micro particulates get down into the lower lungs where they lodge, making people more susceptable to respiritory or cardio-pulmonary disease including hypertension and reduced oxygen carrying capacity. We’ve known for a century or more polution creates disease, but for “socio-economic reasons” mainly of the 1%ers it carries on doing more harm than smoking does in the Western world these days. We could fairly easily clean up micro particulate polution, it’s actually not that hard it’s quite basic science and engineering, but it’s expensive in several ways. Thus the expense will cut into profits, and as we’ve seen over the term of the current Whitehouse encumberant “That can not be alowed under any circumstances”, he’s got profit to make himself as do most of the seniors in his supposed political party. The line of “What’s good for the 1%ers is good for society” is obviously false and has been known as such for generations. What COVID-19 might finally do is make it unavoidably clear to everyone that it is false to the point it murders millions each year.

As for your 5G comment, you might find it hard to come up with any science or epidemiological evidence for that supposition. I could go into the heating effects of molecular vibration from the energy in EM radiation and how the effective energy goes up with frequency such that around the ultraviolet region biological damage starts occuring becoming ionizing thus damaging DNA, but it would be irrelevant as those frequencies are many many times those used for 5G or even WiFi. Yes EM radiation has bulk heating effects but so does all radiative or conducted energy at sufficient intensity, it’s why you can boil an egg with ultrasound if you know how to go about doing it and why those using power tools can end up with “white finger”.

As for “stop eating xxx” well I’m sorry but simple –empty–
carbohydrates and transfats have been forced down our throats, with little or no choice. For sugar you can look up the lying, fakery and idiocy of Ancel Keys. His political and self aggrandizement acumen certainly exceeded his scientific acumen. His K-Rations were responsible for more malnutrition in soldiers than anything else, and was also a “god send” to the “corn syrup” industry, that upto that point had been considered a “waste product” or animal feed supliment (much the same as skimed milk was which is almost as bad for you). A number of people tried to correct his falsehoods and one such was a book called “Pure White and Deadly” the author of which was destroyed by Key’s followers. Key’s died in 2004 and since then his fakery and fraud is finally starting to be corrected, but the “corn syrup” and later industries are still fighting back with claims based on alledged scientific research that they paid for but have taken considerable energy to hide the money trail (and don’t think the researchers are not aware of this).

For most people their genetics are wired up so that sugar is effectively a drug that makes you eat more and more. The reason is evolutionary, in nature free sugar only realy becomes available in autumn when it’s sensible to build up fat reserves to see you through the winter starvation. It’s known that there is a correlation with “red hair” and an excesive sugar induced craving, along with other indicators such as a distinct lack of skin pigment that indicates evolutionary wise they have acclimated to high latitudes.

The human body runs on two basic fuels lipids (fats) and simple carbohydrates (sugars). The lipids appear to be the prefered energy source for maintaining a healthy life style. The simple carbohydrates are not realy necessary –yes you can live healthily without them– they provide “fast energy” for muscles for bursts of speed needed in the hunter-gatherer life style. However if you try living on simple carbohydrates then you will discover as did the soldiers on K-Rations you will become malnourished, tired, listless, lacking energy nomatter how many calories you ingest and die a slow and unpleasant death.

One of the big lies in so called “Dietary Science” due to Key’s and his followers is the amount of carbohydrates in your diet. Overly simplisticaly there are three types of carbohydrates the sugars, starches and fiber. Whilst soluable-fiber is an essential part of your diet insoluable-fiber and startches much less so and sugars best avoided at all times unless you have a very physical life style. We used to have the ability to digest “raw” starches, protien and some fiber, but since we learnt to cook where complex startches break down and protiens depolarize we’ve lost many of them. So much so that more than one scientist referes to the cooking pot as our third stomach.

One myth is the amount of carbohydrates based on observations of oriental diets. The first thing you should realise is the reason orientals are slighter in stature than westerners is that they lack sufficient protien in their diet. Two or three generations of eating a western diet and they grow to the same size as westerners. This should be a big red flag about what they eat thus any diets based on it.

The same is observed in other cultures where “chilli replaces protein” chilli activates receptors that like protein gives you a sense of having eaten sufficient, even though you are effectively on a starvation diet. Likewise smoking cigarettes or chewing cocoa leaves and using other drugs, is related to malnutrition as they are all “appetite suppresents” and part of the reason they are addictive.

Importantly with such diets when you are in a calorie deficiency state it does not matter if you eat fat or simple carbohydrates your body will use it as fuel. As you are deficient in calorie intake your body responds in different ways. The upshot is that if you eat an oriental diet which is sufficient or more in calories then all those “Western diseases” such as diabetes hits people hard, very hard (as we are now seeing as diagnostic medicine availability improves in the second and third world). Thus a carb high diet other than fiber is actually not good for you at all, you are healthier living off of a higher protein and thus higher lippid diet, as nature tends to present it. Eating leaves of plants gives you micro-nutrition and soluable fiber that reduces many chronic conditions that are liked to cancer.

So if you throw out the bun, the chips, and the sauces, abd,drink only water at a MuckyD’s the food is actually not that bad for you. Even though they are empty calories the chips are slightly better than the bun, which in turn is better than the corn syrup and sugar and salt laden sauces, drinks, and other processed items like shakes and flurries.

But there is a reason aside from marketing and that it’s short order cooking that make people eat MuckyD’s and similar fast food and that is poverty. When you can not aford accommodation with sufficient room for storing, preparing and cooking food and cleaning the dishes etc, it becomes a significant issue, that in turn becomes a health issue. Low cost fast food becomes the only option to eat hot food for quite a large number of people at the bottom of the socio-economic ladder, especially when they are working two or three jobs just to stay alive, which also frequently means they can not purchase healthy food because they only time they are not working is when the shops that sell healthier food tend to be closed, worse they also tend to be a very considerable distance from where people at the bottom of the socio-economic ladder live. A number of experiments have shown that providing healthy food at low cost in such areas works, however Politicians don’t like such experiments as they are bad “for their friends” businesses… After all why do you think the US President is so anti food stamps etc? Profit profit profit of conglomerates that fund political campaigns.

So those with genetic issues and those at the bottom of the socio-economic ladder, are not realy responsible for their immunosuppresed state just as people in the second and third worlds are not. Put they are the ones who will pay for the 1%ers in any disease pandemic along with the old and otherwise infirm.

MarkH March 3, 2020 9:50 AM

.
A Calmer Perspective

Early this morning, I watched an interview with Dr Paul Offit, a U.S. physician who for most of his career has specialized in the study of infectious diseases and vaccines against them.

He’s also a leading public communicator of scientific facts about vaccination, and therefore an object of venomous hatred from the Arrogantly Ignorant … to the extent that he has had screening of incoming parcels, and armed guards when attending conferences.

Dr Offit projected that during the coming year in the U.S., Covid-19 is not likely to be more lethal than seasonal flu, and might perhaps be about 1/10 as lethal as flu.

He also observed that controlling the spread of respiratory viruses which transmit via droplets is so difficult that containment is not a practical strategy (what I’ve been trying to say).

Perhaps most importantly, he reminded us of something we as technical people should understand: when a virus (a) spreads very freely, and (b) is genetically stable (as this virus appears to be), the percentage of the population with immunity rises rapidly, which tends to beat back the epidemic.

In effect, R0 drops fairly steeply as a function of time, and the epidemic tends to burn itself out. When we get out our calculators to run the exponential sequence, it’s easy to forget this effect.

Finally, he agreed with every other medical authority I’ve heard, that it will need about 12 to 18 months to get a vaccine into practical use. Conceivably Covid-19 will have finished its natural course by then, but if so the vaccine may be useful against any future eruption.


The toll of this epidemic is surely grievous.

Dr Offit offered as a comparison smallpox, with its Case Fatality Rate of 0.3 — smallpox killed about 500,000,000 people in the 100 years preceding its eradication.

In China’s Hubei Province where the present epidemic began, about 0.005% of the population is recorded as having died from Covid-19. The eventual true number will inevitably be higher, but compare this to the “Spanish” flu which in some countries killed more than one percent — or in extreme cases, more than ten percent — of the population. (In the U.S., about 0.07% died from 1918 outbreak).

It’s not the end of life as we know it, or of civilization.

Based on present data, Covid-19 is not likely to kill more people in the coming year than will die from the use of tobacco.

Clive Robinson March 3, 2020 11:24 AM

@ MarkH,

Perhaps most importantly, he reminded us of something we as technical people should understand: when a virus (a) spreads very freely, and (b) is genetically stable (as this virus appears to be), the percentage of the population with immunity rises rapidly, which tends to beat back the epidemic.

There is a fly in the ointment of that observation.

Which is what happens to the Case Fatality Rate (CFR), which gives the % of deaths. If the virus “spreads,very freely” it’s not just the “immunity rises rapidly” so does the CFR, which is why containment is so important because by slowing the rate of spread it reduces the CFR dramatically.

There are a whole number of reasons why this is so.

But first lets start with your observation about Spanish Flu,

[C]ompare this to the “Spanish” flu which in some countries killed more than one percent — or in extreme cases, more than ten percent — of the population.

Back then the Spanish Flu was constrained by the slow movment of people as ships were the only practical method of transportation, whilst electronic communications were about as fast then as they are today. What went wrong was that certain war mongering profiters persuaded politicians to keep pushing money their way rather than try to bring medical care into the prominence. It’s why the CFR in the US where Spanish Flu started was so low, they had medical capacity to deal with the issue as it arose. Which was not the case in other countries where the sick stayed in the general population spreading the disease ever wider.

So if we have a rapid rise in base infection rate or R0 the medical resources become overwhelmed rapidly and the 14-17% of severe cases will almost all die, through want of basic oxygen therapy early on in the course of the disease, which means the 5% of critical cases rises to the 14-17% mark with the 1% or slightly less fatality rate likewise rising to that 14-17% mark. There’s no arguing against this because when we run out of medical capacity we are in effect thrown back into the middle ages of “fend for yourself” with people running away spreading the disease even faster with death rates similar to the Y-Pestis Black Death and other plagues that decimated Europe and brought avout great social change including breaking feudal law of being vasals not freemen.

However even if constraibing is doomed to failure it will appreciably slow things down. The reason the Chinese death rate against population is so low, is due to two things,

1, Rapid quarantine methods.
2, Rapid increase in medical resources.

The Chinese population is in effect mostly “uninfected” currently and the numbers of those becoming symptomatic are dropping. However if the draconian restrictions are lifted then the disease will spring up again as bad if not worse than before untill the control measures are put back in place.

If this disease becomes endemic then something like 20% of the population world wide will die, most in the age range above the mid fourties. Over time those younger who have become immune will get older but that won’t be for a quater of a century or so.

Most “expertise” in any economically productive activity is vested in those over fourty. Especially when you consider the research end of things, it takes untill you are in your late thirties to not just learn theoreticaly but practically what the job of research is realy all about.

But to do research needs technology which requires a whole strater of engineers. The problem is the US due to corporate behaviour has lost it’s engineers and even the production workers and their skills and it will take nore than a couple of decades to get them back. Which is a significant problem because as it stands the US will probably be unable to feed it’s self…

Thus the world economy as we know it would be shattered, worse the economic side effects of death duties and the like will be worse than after WWI. Whilst this might give rise to the currently locked out younger generation having a future by the need for “Dead man’s shoes to be filled” that will not replace the lost expertise. Thus we can expect a world recession to follow that might last for fifty or more years. In fact as in the middle ages it might destroy the social structure as it currently is. The one thing that is certain is capitalism will take an almighty hit as the bottom cards of it’s house are kicked out. Likewise transportation, with it the shipment of what we consider essentials such as food, medicines, energy and technology.

As you and I are well within the “age expected to die” the chances are we won’t live to see the recovery or it’s end, unless a vaccine gets to us before the infection does. Thus the more draconian the containment not just the less spread, but it will slow things down such that two things will happen,

1, Medical resources will not get overloaded.
2, A vaccine might become available.

The problem is that whilst there are some guarentees with containment the arival of an efficacious vaccine is not one of them. Remember there are many viral infections out there and the number that have vacciens are incredibly small.

However there is one thing that could be done for a limited number. But simply it’s an immune system transfusion or even transplant. You can take the blood of genetically compatible people who have had the infection and take their blood serum and white cells and inject it into people who have not had the disease. You can also transplant the parts of the body that make the immune system from people who have the antibodies. How effective either of these will be I have no idea but you can be sure that just as some US Billionairs in Silicon Valley are having transfusions of blood to “rejuvinate” you can make an odds on bet they will be looking into transfusions / transplants right now.

lurker March 3, 2020 12:08 PM

5G in Wuhan created an immunosuppressive environment? Hmmm… What should be of more concern in these days of off-shoring manufacturing capacity, is that Wuhan is a major world centre for the supply of medical protective clothing, masks, gowns, coveralls, boots, &c. JIT ordering means the supply line is nearly empty in some regions. Some factories are reported to be starting up again next week.

Depositor March 3, 2020 12:31 PM

https://www.capitalone.com/facts2019/

Information on the Capital One Cyber Incident
Updated 4:15 PM ET, Mon September 23, 2019

What happened

On July 19, 2019, we determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers and individuals who had applied for our credit card products.

What we’ve done

We immediately fixed the issue and promptly began working with federal law enforcement. The outside individual who took the data was captured by the FBI. The government has stated they believe the data has been recovered and that there is no evidence the data was used for fraud or shared by this individual.

“We” are obviously innocent since “we” are very organized and “working” with federal law enforcement.

The “perpetrator” is an “outside individual” who went off completely on his own to hack the bank. There is no organized crime involved.

Disgusting.

tehflu March 3, 2020 2:13 PM

@Clive

There is at least already one promising study on treatment of critical cases with plasma of recovered ones.

@MarkH

“Based on present data, Covid-19 is not likely to kill more people in the coming year than will die from the use of tobacco.”

Maybe. Though the reason is not because the virus has such a low CFR but because of the vast amount of resources being put into confinement. In the beginning, case numbers doubled in China every few days. Just imagine they wouldn’t have done anything. You’d have hundreds of thousands of cases and tens of thousands already dead. At minimum! No country in the world would be capable to handle so many people in such a small time frame, in particular when the medical personal gets ill too.
Instead China put more or less everyone into quarantine, brought the local economy to a crawl and send thousands of doctors and nurses to Wuhan. It’s already costing them billions.
Sad thing is, the curve for cases outside of China starts to look a bit like the one from inside China in the beginning of the epidemic …
Yes it’s not ebola, but it neither is the average flu. If you’re in the risk group and live in an affected area (=soonish everywhere) stay at home if possible.

SpaceLifeForm March 3, 2020 2:41 PM

2019-nCoV

“Everything we do before a pandemic will seem alarmist. Everything we do after will seem inadequate”

(an old pinned tweet, no longer pinned, by @V2019N)

MarkH March 3, 2020 2:51 PM

My Bad 🙁

I got the U.S. 1918 pandemic death rate wrong by an order of magnitude.

The actual range of estimation is roughly 0.5 to 0.65 percent of the total population.

It may be of interest, that by my estimate (hopefully using the right numbers this time), about 60 U.S. residents fell sick for each hospital bed in the country at that time.

Of course, the incidence of illness was distributed over time … but the great majority of the deaths took place in the month of October 1918.

Therefore, the U.S. medical system was many many times beyond saturation. That might not have mattered much; I don’t know how effective hospital care was for acute flu cases at that time.

Dr Offit didn’t “show his work” on the TV by explaining how he derived his estimates. I offered his account as an expert testimony which might be interesting to those following the matter.

My guess is that he estimates the proportion of mild and very mild cases to be high. Due to causes we have much discussed, such cases have been undercounted by very large factors almost everywhere. As the availability of testing improves, a better picture of this distribution should emerge.

Remember that every mild case is an enhancement to the population’s aggregate immunity, and exerts downward pressure on R0, with no contribution to mortality and relatively low impact on medical resources.

Anders March 3, 2020 3:15 PM

@MarkH

“Based on present data, Covid-19 is not likely to kill more people in the coming year than will die from the use of tobacco.”

You are forgetting one thing – tobacco deaths won’t bring world economics
and markets down or empty supermarket shelves like in Italy. So unfortunately
side effects that comes with this virus are quite serious.

David March 3, 2020 10:13 PM

Clive, Anders, MarkH, SpaceLifeForm

i draw your attention to the memory of the early 1980’s and the news of HIV / AIDS. For example, the ‘facts’ disseminated in the media, the claims made, the TV advertisments, the curious ability of the government to know so much about HIV and the required treatment, even before studies had been conducted. Just a gentle reminder, not suggesting it’s a comparable scenario to the present.

name.withheld.for.obvious.reasons March 4, 2020 1:29 AM

Part of the U.S. charges against Julian Assange presented during the extradition hearing in England last week include harm to individuals disclosed in documents (not provided by Wikileaks but by a journalist at the Guardian, informing the state department that this breached occurred was, one, Julian Assange, and ignored). More than two dozen publishers were involved in the cable disclosures over a year period prior to release, a journalist had disclosed the password for an encrypted archive of the working source. Assange did not disclose unredacted cables, another publisher involved in receiving it did.

The above is part of the charge brought by the U.S. prosecutor during the hearing regarding the extradition. This is new to any previous indictments that have been presented to the U.K. court. The U.S. prosecution has been throwing darts at the board in the hope that somethings sticks. This is not a strong foundation to support a request to extradite Assange. It clearly demonstrates the political nature of U.S. actions; if the charges are not enough to compel, try some other charge or accusation.

“Strike one, strike two, strike three…” You’re out says the blind umpire.

This is the largest farce and a complete travesty of justice. Nils Melzer’s reporting is probably the most straight forward assertion of the issues surrounding this case. It is an exercise in tyranny and authoritarianism we have yet to witness from the U.S. justice department (notice justice is not properly capitalized)–and it portends far worse.

It is shameful how contemptuous the presiding judge in the hearing has ruled and instructed, this is beyond kangaroo court, this is the court of the Mad Hatter.

Anders March 4, 2020 5:50 AM

@David

Thank you for your feedback (and especially for the info on Fosters).

Can i ask what kind of connections do you have to Estonia? It’s
interesting.

Sorry, if coronavirus outbreak seems for you unimportant here, but i
look at it as a new malware outbreak that takes over the world,
only we, humans, are in the roles of the machines this times,
who will be infected. It kind of reminds me the outbreak of Code Red, Nimda,
SQL Slammer in the beginning of 2000’s.

Regarding analogy – countries are servers, Europa is organization, files are
people. Even if one file gets infected – server is infected (and therefore
fallen). No panic, reality.

Information security experts quite often live in sterile “cyber” world
that has somehow different physical properties than the real world,
so if similar thing happens in the real world and affects real lives/their
financial security – i think it’s important. And i think you know better
than i do how financial markets in Australia reacts to this virus outbreak?

Servers can be rebuilt, deceased person – hardly.

name.withheld.for.obvious.reasons March 4, 2020 6:41 AM

Al Mayadeen TV, an Arabian channel produced a George Galloway presser that included several people from journalism to discuss the Assange case. The following Youtube video posted 2 March 2020 is an hour long discourse on the basic story framed from the journalist’s perspective.

On YouTube, hxxps://www.youtube.com/watch?v=GOF0ZYIZxfg references the program that first aired on 11 February 2020. A well objective treatment though framed from a journalist’s eye, presents a series of complexity that surround the circumstances presently.

For those that believe that disdain for Assange is justified, this video is necessary to correct the ill perception that supports such beliefs. Truth is often hard to swallow or confront…but it is required.

Curious March 4, 2020 6:58 AM

So I am an European and I stayed up all night listening to the live coverage of US’ “super tuesday”, and did Biden just promise the entire US population (and the world I guess) including cancer patients, to produce a totally secure crypto system? He did not, but he apparently did promise to literally “cure cancer” which I thought was really weird. It sounds awefully specific. Ofc, I also recognize the phrase “I promise you, cures for cancer, altzheimers and diabetes.”, as being a ‘performative’ statement, a statement that fulfills its promise at the end of the sentence, like if you went out the door and you said “I promise I will do the dishes” regardless if you thought you would ever come around to do it.

Curious March 4, 2020 9:08 AM

The Brazilian prosecution have apparently filed an appeal against a federal judge’s ruling which apparently barred the prosecution from prosecuting Glenn Geenwald based a previous attempt to prosecute Greenwald (and maybe others, unsure) as I understand it.

https://freedom.press/news/brazilian-prosecutors-appeal-judges-order-refuse-to-drop-criminal-charges-against-journalist-glenn-greenwald/

There is also a link to a pdf of the ruling in Spanish on the webpage it seems.

A federal judge blocked the charges last month, citing a sweeping opinion by a Brazilian Supreme Court judge that barred federal prosecutors from further investigation into Greenwald for his journalism. Despite the clarity of that order, and the subsequent judicial finding that it applies in this case, prosecutors nevertheless appear to be attempting to push forward with the politically motivated charges.

Clive Robinson March 4, 2020 12:19 PM

@ Curious,

The Brazilian prosecution have apparently filed an appeal against a federal judge’s ruling…

At this point you have to start asking “Why?”, That is, is it just corrupt Brazilian politicians or are they being pushed fron the North?

Brazil’s economy is not in a good state currently for a whole heap of reasons, but one in particular stands out at the moment it’s the “Brazilian elites” backing the current politicos who appear to be corrupt. That is money is being moved away from those who earn it and towards certain “rent seeking” types, who are in effect keeping corruption in power, whilst further weakening and destabilizing the economy.

Now being in such a position as we know from other South American countries gets the interest of the exploitative elites in North America.

It’s no secret that the UK and thus the US have getting at Glenn Geenwald in their sights. The UK has in the past attacked his partner and the US others involved with the Ed Snowden trove of documents.

We know from US/UK behaviour over Julian Assange, that their MO is to wait for the target to be in custody for some reason before making a move via “formal channels”.

Thus I can not help wondering if the US are at some level behind these repeated attacks on Glenn Geenwald…

Bruce Schneier March 4, 2020 12:54 PM

I just deleted a slew of comments about COVID 19. I may reinstate some of them later; right now I want some time to think about what is relevant and what is not. Surely lots of things are relevant to this blog — fear, risk management, surveillance, containment measures — but most of the talk about the virus are not. I would like to suggest that those who wish to talk about the virus do so elsewhere, and those who want to talk specifically about the security/risk implications continue to do so, politely and respectfully.

Clive Robinson March 4, 2020 1:13 PM

@ gordo,

With regards Canadian Dr. Alywood, he’s been called “Dr elbow bump” he refuses to shake hands with people and instead does as surgeons used to do “bump elbows”.

He’s also got the reputation of being “loud” as well, he stands and sits quite away from them to talk.

It’s all part of “Social Distancing” that we should all start practicing. So no shakes, hugs or kisses and keep your distance preferably 10ft or more.

But also scrub and wipe well. That is keep your hands clean by washing well with hard soap and hand hot water. Likewise wipe things down like tables and other surfaces before you touch/use them. Also plenty of disposable paper hankies for button pushing.

But most of all above almost everything else “DONT TOUCH YOUR FACE” untill after you have thoroughly cleaned your hands.

@ SpaceLifeForm,

It looks like WHO’s Dr Alywood has been hearing similar things to what I’ve been told,

    In the U.S., that’s a barrier to speed. People think: “If I see my doctor, it’s going to cost me $100. If I end up in the I.C.U., what’s it going to cost me?” That’ll kill you. That’s what could wreak havoc. This is where universal health care coverage and security intersect. The U.S. has to think this through.

I’ve made the point about the intersection of Security and Universal Health Care on this blog before. Some understood the point but I got the feeling it was not a popular idea.

It will be interesting to see if people change their minds after COVID-19 kills upto ~3.3million US citizens based on China’s admittedly low CFR of 1% due to biting the bullet and enforcing “Social Distancing”. Or worse 18.5million which is based on the CFR of 5.6% that China had before they got serious about the health care side of things…

People in the US and other Western Countries need to have a rethink about priorities. After all saying “socialism is bad, free market good” is going to get a lot of people killed most of whom will be over 45 thus those most affluent, or if you prefere “With the money and spending power to keep the economy going”.

In the US we know there is a very large amount of “non communicable disease” which is also known as comorbidity, there are according to some statistical reports a lot more than there are in China per head of population. Some reports in the past have labled some parts of the US as worse than “third world”, these places will become disease “havens” or “hotspots”, effectively the nexus to much larger wider spread communities and “community spread”…

Anders March 4, 2020 1:47 PM

@Bruce

Sorry, but i can’t go elsewhere, since i can’t take some
people with me, like @Clive or @SpaceLifeForm, this is the only
place they are and we have common language here 🙂

And creating resilient systems in cyberworld we must learn from
what we already have – biology, human, nature.

Dynamic immune mechanism and diverse structures of human immune system
allow healthy human with the magnitude of 1014 cells carrying
virus or bacteria with the magnitude of 1015

Any computer system capable of that yet?

@Clive @SpaceLifeForm @ALL

Italy infection count has surpassed Iran – Italy has now 3089 confirmed
cases and that’s bad, very, very bad.

gordo March 4, 2020 2:13 PM

@ Clive Robinson,

With regards, yes, those are all habits that anyone from school-age children on up can be taught to practice and that’s a good thing.

SpaceLifeForm March 4, 2020 2:19 PM

@ Anders, Clive

“Regarding analogy – countries are servers, Europa is organization, files are
people. Even if one file gets infected – server is infected (and therefore
fallen). No panic, reality.”

A very good analogy.

But, lets add a network.

Call it Travel.

If the routers (planes) are infected, then potentially more files get infected.

There is a lack of Firewalls and IDS.

SpaceLifeForm March 4, 2020 5:04 PM

@ Clive

Stblr ended up using a Lightning to USB-A cable and then a USB-A-to-C adapter.

hxxps://arstechnica.com/gadgets/2020/03/you-can-now-jailbreak-an-iphone-with-an-android-phone/

Sherman Jay March 4, 2020 5:07 PM

Bruce kindly reminded me to stay on topic: >> Security <<

So, I thought I’d offer this:

I use the EFF (electronic freedom foundation) Privacy Badger with Firefox to note how many tracking cookies etc. each site is loading on my computer. At most commercial sites a few months ago, it counted 7-12 per site. Now, for the same sites, it counts 15-22. Also, when I ran bleachbit a few months ago it would delete ~100-300 files, now after visiting the same sites, it is deleting ~500-900.

This tells me that most commercial websites have even less concern for the safety and security of their visitors than they used to. (It also means they are ‘monetizing’ our info to a much greater extent)

If anyone has info confirming or debunking this, please let us know.

p.s. Of course, privacy badger reports this site (Schneier.com) having NO tracking or spyware.

Bruce Schneier March 4, 2020 5:24 PM

Okay. I reconsidered and republished some of what I deleted.

Going forward, comments about the COVID-19 will be restricted to the security and risk implications of the virus. This includes cybersecurity, security, risk management, surveillance, and containment measures. Comments that stray off those topics will be removed. By clarifying this, I hope to keep the conversation on-topic while also allowing discussion of the security implications of current events.

Thank you for your patience and forbearance on this.

SpaceLifeForm March 4, 2020 5:30 PM

@ Bruce

Sincerely sorry for bringing unwanted heat.

I want techies to stay alive.

Trying to make techies aware.

But, you and I both well know that tech folk have to travel. And this planet is going to need the tech people to recover.

YOU know that.

Clive Robinson March 4, 2020 8:30 PM

@ Bruce,

Your definitions of security depend on many things, which makes things complex.

However when one of the Senior representatives of the World Health Organisation very publicly and clearly says

This is where universal health care coverage and security intersect. The U.S. has to think this through.

He’s making not a political point but something that transcends that bucket of snakes, and reaches to what the very definition of society is all about. It’s not just a point about the US healthcare system it’s about all western healthcare systems and the way we and the second and third worlds will respond to managing this novel disease.

History shows that we have in one way or another been blessed for the past century, we’ve had no serious pandemics which is unusual. As far as we can tell the result of previous epidemics were,

1, Significant deaths, leading to,
2, Massive social changes, and,
3, The effective downfall of the previous social hierarchy and order.

I think most people would after a little thought consider that a quite real Security issue, especially when in all probability it will be in response to a fairly masive collapse of the “growth economy” that the Western nations in particular are dependent on.

When you do the figures based on the information we have about the SARS-CoV-2 virus so far you see,

1, Uncontrolled growth is exponential, China had a doubling time in 6 days.
2, Uncontroled death rate in China was 5.6%.
3, Available Medical fascilities overwhelmed with a month.
4, 17% sufficiently effected to need oxygen therapy.
5, 5% required ITU/ICU care.
6, Some required heart/lung machine support to oxygenate blood from outside their bodies.

The Chinese then took what most would consider draconian action that others claim Western Countries will not tollerate.

But the simple fact about viruses is they have a short viability time outside of a host. If the virus can not infect new hosts then after a relatively short time it will cease to exist.

When the Chinese “lockdown” started due to a peculiarity of the virus –infectious befor symptomatic– case numbers continued to rise for a while and then started to drop off.

However the world wide cases outside China are still showing uncontroled exponential growth rates.

Thus the choice appears to be strong containment or 1/6-1/5th of the people in the west becoming infected in a short period of time.

We know that no western nations healthcare system can cope with that level of patients, in the very short period of time exponential growth will give. Therefor the Case Fatality Rate will be up around the 5.6% that China initialy saw.

If we get draconian control measures in place what we saw happen in China will happen in the West. The sooner we get started two things will occur,

1, The number infected will be considerably less.
2, Any spread will be significantly slowed.

Both of those meen that the number of patients at any point in time will be less. Thus if we start early enough then the number of patients could be kept within the capabilities of the healthcare systems. Further that also means that the CFR will drop to potentialy less than 0.5% rather than 5.6% or higher if it remains unconstrained.

The thing is the virus it’s self will not kill you, it’s the lack of oxygen in your circulatory system that causes systemic issues firstly clinical shock, organ failure, clotting of the blood and death, basically “death by sepsis” if you want all the unpleasant details[1] you can look them up. However as we have no antivirals for The SARS-CoV-2 virus the earlier oxygen therapy starts the greater the chance that your bodies immune system will have time to generate the antibodies to destroy the virus. But for that to happen you have to have the fascilities to do so, which brings us to a big issue it’s not just the hospital resourcrs it’s also the “supply chain” you can only give a patient oxygen if you have it available in sufficient quantities and realistically we don’t have any easy way to ramp things up.

From a Security of Supply issue one of the worst things you can have is a Just In Time (JIT) delivery process. Put bluntly it’s made all supply chains extreamly brittle and incapable of responding to sudden change. It’s not just medicine it’s everything from basic infrastructure upwards, we can not deal with sudden change. Worse long supply lines means often that the fastest response time is going to be measured in months. As the root of most of these supply chains is China and that is shut down or has redirected manufacturing to their home needs, the supply chains are already broken…

But basic infrastructure all very much depends on electricity and as many people in California can tell you it’s not just brittle, it’s actually being turned off due to law suits PG&E are effectively bankrupt. They chose not to spend on maintainance for the sake of “shareholder value” this caused issues that resulted in highly costly court cases and significant damages orders of magnitude above the maintainance costs…

The point is the electrical power supply is so “cut to the bone” just a few members of staff being unavailable from disease will bring the network down. That is there is no Security in electricity supply. So if electricity stops then it’s not very long before communications for control and keeping pumps for gas and water etc runing fails…

This in turn means trucks and railways stop moving goods etc. Once some systems have stopped the required systems to bring them back up have also stopped so you can not bring either back up…

But there is worse to consider, the older you are the more likely you are to die. The big change starts in the fourty to fourty five year olds and increasingly gets worse. If you look into the basic socio-economics the population above 40years old are the ones with disposable incomes these days not those any younger. So if the 40+ start to die they are not going to be spending in the economy and many things will take a turn for the worse and a recession starts. Due to the way various nations economies are tied together, the recession will most probably global, how bad is not known curently but it could eaaily be worse than the two financial crises added together…

So yes a colapse in the global economy is fairly likely to end in armed conflict…

If the global economy colapses ITsec and CommSec are going to be well down on peoples lists, so the likelyhood of ICT Security being worthy of investment will be very low…

Only with the alleged lack of will for the necessary control measures in the West, it’s going to be very insecure on so many fronts and levels for quite some time.

Thus what is the most important Security Measure that needs to be considered is an interesting dilemma in it’s own right.

[1] Having had sepsis and been one of the lucky ones who survived it (because I had bacterial sepsis and the very expensive antibiotics worked in time). I can personaly tell you, you realy realy do not want to go that way, WHO estimate a 20-30% fatality rate world wide…

gordo March 4, 2020 11:00 PM

To echo what @ Clive Robinson wrote, after quoting Dr. Bruce Aylward, of the W.H.O.], to wit,

This is where universal health care coverage and security intersect. The U.S. has to think this through.

Yes, it’s all of a piece. As WHO says elsewhere: Health is a fundamental human right:

The right to health for all people means that everyone should have access to the health services they need, when and where they need them, without suffering financial hardship.

No one should get sick and die just because they are poor, or because they cannot access the health services they need.

Good health is also clearly determined by other basic human rights including access to safe drinking water and sanitation, nutritious foods, adequate housing, education and safe working conditions.

Good health of the citizenry is foundational for any fully functioning society.

As so, health discrimination is divisive, destabilizing, demeaning and debilitating to all concerned, disinterested or otherwise and at scale.

I can’t speak to other western healthcare systems with which I’m unfamiliar. The mostly privatized, profit-driven, U.S. healthcare system, however, is piecemeal, predatory and precarious for all of its citizens, including the most privileged and that, as we’re seeing, in even the supposed best of times.

JonKnowsNothing March 5, 2020 2:25 AM

@Bruce @Clive @All

@Bruce: Thank you for allowing the exchange on COVID19 to continue.

@Clive @Bruce @All

I also want to thank all the posters for their insights into what is an extremely interesting and potentially deadly application of both statistics, health modeling and computer systems.

While the circumstances are difficult, it is not often we-techie-sorts get to see full impacts on such a global scale. It’s not just a medical issue, it’s an internet one too, it’s about real-information vs controlled-information vs unchained-speculation. We can see the effects all around.

The application of statistics, computer modeling, medical modeling and climate modeling are all playing parts within this dynamic. Economic models are shaking because their underlying presumptions are no longer certain. So much of what currently happens is based on algorithms of hidden designs but we can see how they are failing because their baselines no longer are valid.

In past history, such changes could barely be correlated and sometimes not for decades after an event, some events are “restricted” for decades. With our dependence on computer systems, these correlations are being seen faster and in real time.

Even should COVID19 suddenly fade into a non-lethal condition, the effects on future systems will still expand. It might fade from the front pages but the real statistics and computer system changes will certainly not fade away. Readers may find such science oriented discussions of benefit.

@All Thank you again for all your insights.

fwiw: Toilet paper, face masks, hand sanitizer are sold out in my area of California. Something for the future inventory stocking algorithms to fix: Do not run out of Toilet Paper. 🙂

Tatütata March 5, 2020 2:43 AM

At the risk of seeing this comment disappear into the memory hole with a great woosh, there is an epidemic related news item which has IMO IT-related security implications.

The Tagespiegel (one of the more serious news outlet in Berlin) just published a short and somewhat strange piece marked as “exclusive” with the title Abgleich von Bewegungsdaten in der Debatte. (approximately: “Exploitation of mobility profiles is being debated”).

In order to determine where a patient could have been infected, and whom s/he could have contaminated, mobile phone (known in the Denglisch language as a “handy”) location and call data maintained by Google, Apple, or network operators such as the Deutsche Telekom (who are required by law to retain these data), would be used to establish a contact profile. This approach is alleged to be much more reliable than the usual way of asking the patient, and justified in view of the urgency of the situation.

The reason why I find this strange is that no specific attribution is provided. Only generic “scientists” and “tech companies” are mentioned. No suggestion is given as to who would in practice be responsible for exploiting these data. Where exactly this idea is being “debated” is also mysterious.

The whole thing sounds like some sort of trial balloon.

If implemented, this would have privacy implications. Big tech would gain a legitimacy in its data collection. Would the Public Health Authority (“Gesundheitsamt”, which are local level institutions) then be considered as an arm of law enforcement? This would also provide yet a further reduction of the already very low legal threshold for using such private data. The Gesundheitsamt does have some powers, but not those of criminal investigation, and they are staffed by health professionals bound by medical secrecy.

Clive Robinson March 5, 2020 6:11 AM

@ SpaceLifeForm,

Stblr ended up…

USB was at one point the bain of my life, to say it’s protocols are “optimistically” thought out might be an understatement.

Normally when you design a “communications protocol” especially a “low level or hardware” one you assume “unreliability is normal” thus do a rigorous state/fault analysis.

Because of USB trying to be “all things to all people” it’s not possible to be anything close to rigorous… Which in turn means there are lots of indeterminate states, which also vary from one implementation to the next.

As USB at higher speeds has to work “below the CPU level” in the computing stack, the possibility for security vulnerabilities –bubbling up attacks– is immense.

In effect that is what this jailbreak exploits.

But it’s not just the “states you think about”… Most engineers be they hardware, firmware, OS or upwards like many other people “think left to right” that is across the page on the assumption things only go “forwards not backwards”. They rarely if ever think about what happens when things move “right to left” or backwards via “errors and exceptions” and how these form independent communications and control channels that can “reach back” even through hard security measures like “data diodes”.

A partial solution but only for data delivery is “Forwards Error Correction” it’s wastefull on bandwidth so frequently does not get considered. But worse if care is not taken it does not play well with link or traffic encryption for various reasons, thus you should use encryption above it at say the message encryption level, which can cause other issues.

Nobody with any honesty and life experience said life is going to be easy, so we should not expect it or behave as though it is when doing robust design. It’s something I think the designers of USB forgot somewhere along the way.

Tatütata March 5, 2020 8:05 AM

The Tagesspiegel updated somewhat the previous item, giving it inter alia a new title, and published a follow-up one.

We now learn that this proposal is floated by the Robert Koch institute, a federal agency charged with combating infectious diseases.

The RKI president states that the location data would only be processed if submitted voluntarily by the patient, but then it is mentioned that of the European General Data Protection Regulation provides for such cases.

From the official EN text, Article 6 GDPR provides that “(1) Processing shall be lawful only if and to the extent that at least one of the following applies: […] (d) processing is necessary in order to protect the vital interests of the data subject or of another natural person”.

Which one is it? Voluntary participation, or correlation of everybody’s data?

The electronic patient record, a useless and poorly implemented techno-gimmick that is foisted by law unto the medical profession, is also mentioned. A new medical data protection act is also on its way. If patient data weren’t needlessly centralised, there wouldn’t be much of a need for such a new law.

If implemented, I doubt that such measures would be of any use beyond the earliest stages of an epidemic.

We live in interesting times…

Clive Robinson March 5, 2020 10:09 AM

@ Sherman Jay,

… now after visiting the same sites, it is deleting ~500-900.

Colour me unsurprised 🙁

I am getting the feeling the bubble is about to burst for a lot of Internet Business models. And in the process of finding this out they have killed a lot of real world business models in the process.

Take “magazines” they used to be big thick and full of adverts, which few of us even looked at let alone read (unless we were very young and wanted a pair of X-Ray Specs 😉

The business case for “online” was “cost reduction” and “faster to market” that is printing and distributing was expensive.

But many assumptions were made about monetizing for income. Back in 95 I took an indepth look at charging models for services on the internet as academic research. Needless to say none of them looked good, the only one with any potential was the “Telecoms model” but at the time there was no cheap secure nanotransaction system for it to work on… Not much has changed in that respect.

Traditional magazines are vanishing from the shelves of also diminishing numbers of bookshops and newsstands/newsagents.

Part of the problem was that “anyone could Internet publish” that is the previously very high bar to entry in the publishing business disappeared. The result was a significant drop in quality due to “dilution” more than anything else. That is if you write ten articles only one or two might be “fit to publish” the rest requiring further work to bring them upto standard or enough rejection notes to give the author a hint that either they or the subject they were writing about was not “sufficient” in some way. This encoraged higher standards and the Magazines were thus desired. Internet publishing ment that space had to be filled in online magazines as there were so many of them, thus quality dropped and people lost interest, so the problem got worse.

The other issue is “online advertising” is actually a quite deliberate scam. To see why, look at how much money someone running an add has to pay into the “chain” then see how little comes out of the chain to those who in effect publish the advert.

Even the likes of “Condon Nasty” are finding out that online advertising is not paying the bills, and in effect they have “killed the golden goose”.

So having killed their own fall back position, where do the go now their advance is taking them over a cliff?

However one thing you might want to try is turning off javascript and cookies. I’ve done some experiments on load times and other asspects, in most cases things are better off…

Anders March 5, 2020 10:21 AM

@Tatütata

You stay safe too! Germany has already 444 confirmed infection cases 🙁
I really hope that we don’t start losing contributors for this blog.

Clive Robinson March 5, 2020 10:24 AM

@ Tatüt,

In order to determine where a patient could have been infected, and whom s/he could have contaminated, mobile phone location and call data maintained by Google, Apple, or network operators such as the Deutsche Telekom, would be used to establish a contact profile.

I kind of knew this idea would come up, it’s the corner case of corner cases a kind of “thing of the childrens children” appeal.

From an epidemiological view point it would show “clusters” but not “contacts”. That is clusters are based around “infective objects or places” where as contacts are moving people who may or may not have “passing contact”. Clusters tend to show up quite quickly by other methods.

Thus epidemiologicaly I’m not convinced the phone records of “known individuals” would be of use.

That said general traffic volumes would show up where but not who people tend to bunch up and slow down which would become a potential cluster.

It’s something that needs quite a bit of thinking about especially as it’s a “trees and forests” issue.

lurker March 5, 2020 11:38 AM

@JonKnowsNothing
Toilet paper is a typical low value, high bulk volume item, loathed by transporters and warehousers, ideal for JIT. I’ve just heard an Australian grocery chain manager saying the the rush was futile, trucks arrive at all stores every 2 days with new stocks.
Hand sanitizer however is a small sized, high profit item, loved by advertisers. But the consensus of advice I have heard from various medical experts is that a bar of hard laundry soap and water, used properly, is more efficient, more economical, and has a far longer shelf life.

Faustus March 5, 2020 12:56 PM

I mostly lurk these days. I’d say the quality of the commentary on schneier.com has gone down over the last years but this blog still remains the least idiotic open forum that I know of on the web.

I am open to suggestions… No!! Not for more idiotic forums. Less idiotic!!

It seems pretty clear that the whole web has gotten more idiotic as well as worse in a lot of predatory aspects. (Sadly, the world too.) But I avoid so much of this that maybe my impressions are incorrect.

One thing this site fails at doing well is talking about itself. It makes me want to create a meta-schneier.com but it also makes me realize that this reticence may be exactly why schneier.com IS less stupid.

This serves as preface to my feeling that

The Corona Virus discussion here I found to be the most helpful non-mainstream discussion of the virus for people like myself who wish to understand all the possibilities of what is going on.

Bruce has posted his concerns how such a discussion can be weaponized by bad actors and maybe that is the root of his desire to discourage it.

I keep the Johns Hopkins outbreak map up (which seems to require a login token that I magically have but should refrain from sharing). Besides that nothing has been as useful as the commentary here which helped me shift my investments and predict the next outbreaks in time to warn friends (or I was lucky).

SpaceLifeForm March 5, 2020 7:19 PM

@ Clive

Take “magazines” they used to be big thick and full of adverts, which few of us even looked at let alone read (unless we were very young and wanted a pair of X-Ray Specs 😉

What? I never got my X-Ray Specs when buying Mad Magazine. I was ripped off! Of course, no ads, so you get what you pay for I guess.

SpaceLifeForm March 5, 2020 7:35 PM

@ Clive, Anders, ALL

“Thus what is the most important Security Measure that needs to be considered is an interesting dilemma in it’s own right.”

It’s not a dilemma at all.

The most important Security Measure to take is to NOT make the problem worse.

STOP TRAVEL!

JG4 March 5, 2020 10:02 PM

Appreciate the helpful discussion, as always. I connected a few dots this morning. Osteocalcin plays a key role in memory. The neural system in your species co-evolved with the skeletal system. A redundant system is more reliable and cut from Shannon cloth. Redundancy generally does not reduce complexity, but it generally does improve downtime.

https://www.nakedcapitalism.com/2020/03/links-3-5-2020.html

Silent earthquakes are tied to changes in fluid deep below Cascadia’s fault LiveScience (Kevin W)

Climate Change Will Turn These Common Foods Toxic Vice (resilc)

Simple Systems Have Less Downtime Greg Kogan. This is considered to be novel?!?!

Imperial Collapse Watch

Army’s new coal-powered tiltrotor gaining traction in Congress Duffle Blog (Kevin W)

Aspiring terrorists are in every Iowa school, surveillance companies warn Cedar Rapids Gazette (Chuck L)

Clive Robinson March 5, 2020 10:28 PM

@ Lurker,

Hand sanitizer however is a small sized, high profit item, loved by advertisers. But the consensus of advice I have heard from various medical experts is that a bar of hard laundry soap and water, used properly, is more efficient, more economical, and has a far longer shelf life.

The reason for “more efficient / economical and longer shelf life” is something people realy should know, not just for cleaning but why there is so much profit in the not very effective / usefull cleansing products…

There are two types of “hand sanitizer” around. One is the stuff the medical proffession uses, it’s basically alcohol held in a gel and a colourant so you are not tempted to consume it. The second type is basically a poor detergent and a colourant in a liquid which can be water or a fast evaporating solvent of which alcohol can be one (with water and thickening agent of high molecular weight esters and modified vegetable triglycerides). These second types of sanitizer often come with some kind of oil to “stop dry hands”, think of them as shower gel with added alcohol and about as useless.

The first type usually has around an 80-90% alcohol content and if used properly will render any virus stuck on your skin not viable, the down side is it strips all the protective oils from your skin as well hence the dry hands and skin cracking issues. The second type has way less alcohol in. Below about 75% alcohol it will not be upto the task of rendering all virus non viable, thus is considered insufficient to the task, worse the oils can trap viable virus to the hand.

From a practical point of view all hand sanitizers realy should be considered not upto the task of being effective because they don’t actually remove anything from your hands, so any virus that remains viable will still be stuck to your hands…

Why does the virus stick to you? Well you naturally emit an oily or waxy substance called sebum from an exocrine gland at the base of hair follicles which provides a lubricant for the hair and skin in mammals (yes it is similare to other exocrine glands in mammals).

It is called the sebaceous gland and the sebum it emits is what leaves behind fingerprints and also holds dead skin cells that can be used forensicaly (look up “Dr Edmond locard’s contact exchange principle”). But it’s not just microscopic flakes of skin and hair sebum holds stuck to your skin it’s also millions to billions of often quite lethal pathogens such as bacteria and viruses, which is why the top couple of layers of skin are both “dead and shed” as part of your bodies overall defense mechanism to disease.

What “real” soap is, is a salt of a fatty acid molecule[2] which has a hydrophilic (polar) head and a hydrophobic (nonpolar) tail. This allows the soap molecule to dissolve in both water and oil forming a colloid mixture. I won’t go into the physics of it but this molecule has a very strong force at the surface between water and most lipids, which the sticky sebum is made of.

The result is that, hand hot water and soap render any pathogens non viable and take them and the sebum away down the sink with the running water.

Which leaves the difference between “laundry soap” and other soaps[1]. Laundry soap is a hard soap, that is, it is quite pure, which whilst very good for cleaning and longevity of the bar of soap is quite harsh on the skin. Usually to use laundry soap you have to grate it down to soap flakes as it does not easily go into water thus needs a very large surface area. Soft soaps that most bars of hand soap are, are realy soap that has been pre-mixed with the likes of milk and vegtable oils[3]. Unlike soap which is a salt of a fatty acid thus chemically fairly stable, the molecules in milk and vegtable oils are not particularly stable chemically thus the “turn”, “go stale”, or “go rancid” unless further stabalising chemicals are added. All of which detract from the soaps ability to clean your hands…

[1] You can make something called “dry shampoo” by grating soap into alcohol or disolving it in ether to make a gel like substance, that if you comb it through your hair will remove the sebum from your scalp and hair thus cleaning it almost as well as washing it but without using two gallons of water. You can also make a traditional “shampoo” with liquid soap, not modern detergents that do so much environmental harm. You can also turn hard soap into hand soap by melting it and whisking in vegtable oils like palm or coconut. In years gone buy when we used to make “town gas” by turning coal into coke, one of the residues was “coaltar” that had a kind of “clean smell” but also acted as a preservative so it was often added to soap. You can still get the yellow almost orange coloured “coaltar soap” but it is quite a rareity, but I’ve never known it “go off” even when more than half a decade old, and the smell reminds me of school more than half a century ago.

[2] You can make soap by rendering down fat from meat and clean it by “boiling, setting and scraping” off any impurities such as gelatins and depolarised protiens from the animal skin and flesh etc etc. You then very carefully make up a hot solution of caustic lye and melt in the fat stiring carefully increase the temperature slightly continue to stir for a while then cool. The resulting solid is a mixture of soap and hopefully a little fat not caustic residue (if you use potassium hydroxide instead of lye you end up with “liquid soap” that can be easily be made into shampoo).

[3] Some of you might know of a chain of shops selling “all natural soaps” called “Lush” I can not go near the places because they actually make me physically sick (that is my body thinks it’s being poisoned by the smell). The reason in my case appears to be the smell of butyric acid[4] Any way if you want to make some of those types of soap,

https://www.thesprucecrafts.com/goat-milk-soap-recipe-517229

There are links to other soap recipies at the bottom… You will see from them that “chemistry started in the kitchen” as did much of the rest of physical sciences.

[4] Have you ever spilt milk on a carpet and thought you had clraned it up only to have a sickly rancid smell start after a few days. Well you would not be the first or last to suffer from that “baby puke” smell. What makes it is butyric acid (so called because it’s what gives rancid butter / cream / milk that smell that tells you it’s not safe to consume).

https://chronicleflask.com/2014/11/29/butyric-acid-a-very-smelly-molecule/

The way to get rid of it is rubber gloves a dilute lye[5] (costic soda) solution and to finish some bicarbonate of soda (two good chemicals to have in your kitchen especially if you bake). Carefully brush in a small quantity of the lye solution into the area where the milk was spilt. It will react with the butyric acid and any fatty acids to make a soap that with gental brushing will go into the water of the dilute lye solution as the lye is used up. Take up the water with your prefered absorbant method, then add a little bicarb powder and brush in to take care of any remaining lye, then remove it by vacuum cleaning.

[5] Lye for all it’s dangerousness is used in the making of some food products like bagels and pretzels.

Clive Robinson March 5, 2020 10:54 PM

@ Faustus,

I mostly lurk these days. I’d say the quality of the commentary on schneier.com has gone down over the last years but this blog still remains the least idiotic open forum that I know of on the web.

The commentry started going down as all general subject blogs got less popular around the time of the “financial crisis”, but also the frequency of good quality security papers declined making the subject quality less refined. Then about four years ago it took a very very significant turn for the worse, and did not recover when things moved on.

What this blog realy need is more high quality subject matter that is not so specialised it’s incomprehensable to many people. Unfortunatly academia and technology organisations and companies are not delivering much these days in the InfoSec and Crypto fields. I was kind of hoping the likes of “Key Managment”, “Traffic Analysis” and “TEMPEST/EmSec” which are problem domains that realy need a lot of work on then would take up the slack, but mostly academia has lost interest.

The only “spark of joy” in the past few years has been people waking up to what a SNAFU high end CPU’s with their hardware “go faster stripes” and thus the “Xmas gift that keeps giving” which started with Meltdown and Spector. But most security people appear to be “resigned to it” rather than discuss it. I guess in part because it’s something not just “beyond their control” but in a very real sense “beyond their reach” and they are realistically to far down the computing stack to be able to mitigate in ways they are used to. It might also be why the squid page has a habit of vering into other areas people can get their teeth into.

Lets hope 2020 will go both more peacfully and with more technically engaging papers etc to discuss.

Wael March 6, 2020 8:49 AM

@xxx,

I’s a rare environment here.

Oh, don’t be a grouch, Mr…

What’s up with your use of “I’s design”. I have never seen “I” used in the possessive form before.

Faustus March 6, 2020 9:00 AM

Thanks, @Clive. All good ideas.

@XXX, I agree with what you say about far ranging minds and I find that I find more like minded people here than any other site, people who use a logic that I can understand about a wide range of topics. I’d appreciate more flexibility on squid posts.

That being said: Calling Bruce “old man” is just rude. And it doesn’t credit him with the likelihood that we would have a much worse site without his moderation decisions. Your name calling is an example of something we can do without. It’s a shame it is mixed in with your good points.

Nik March 6, 2020 11:46 AM

I have been reading this blog for what seems to be a decade. I work in cybersecurity in Colorado,US and this blog has given me a lot of information, both Bruce’s post and the comments. Many things discussed here come to reality/light years later.

I am very appreciative of the dialogue, especially between the regulars who provide very insightful analysis, facts information and a great interpretation of them with a background many decades of practical experience. Any list to thank would be incomplete (but starting with Clive and continuing). Thank you all for taking the time, I wish you the best and I do read this blog daily or in times of high work load weekly. I follow your post and worry when I do not see regulars posting.

Why do I not post? I don’t have a an online presence. I don’t feel that I have much to add; many of the tings I would post or discuss are already posted with more expansive and useful detail than I could. In person/phone I talk to much about inane topics, especially when in great company, something I am working on; listening more.

in short thank you all for your insights and my great reading

Faustus March 6, 2020 12:55 PM

@Anders

My mom was Polish, my dad British. We almost had a fistfight at an extended family gathering when my English grandfather addressed my Polish uncle as “Old Man” in typically British friendly fashion.

If XXX wishes to clarify that he was addressing Bruce as “old man” as an expression of comradeship I am not going to argue with him. Barring that, the context of his use of “old man”, and the fact it was used in third person rather than as a direct salutation, seems to bear out my original understanding.

MarkH March 6, 2020 1:36 PM

In the US of A, “XXX” is a traditional marking for extra-strong homemade liquor.

Maybe somebody imbibed a heavy dose of “moonshine”?


In my judgment, moderation is exceptionally good here, and has helped to keep this alive as a forum for thoughtful discussion.

My $.02

PS In my understanding of the British usage, “old man” is a “form of address” used when speaking directly to a man. [Also, I’ve always thought of it as a mannerism of the “upper classes,” and now outmoded … but our UK friends know these things far better than I.]

But that familiar usage of “old man” is NEVER applied in the third person, as triple-x most certainly did.

Chris March 6, 2020 2:24 PM

Anyone else noticing that Oil has dropped today, quite a bit it seems, and its below 50$ now, wondering if this is going to hurt S.A or not, the rumours stated couple of years ago that if it goes below 50 its goodbye for Saudis

MarkH March 6, 2020 4:13 PM

@Chris:

In my understanding, Saudi Arabia isn’t the most vulnerable. They have the lowest production cost of any oil producing state, and significant financial reserves. They’re utterly dependent on petroleum revenue, but able to weather a temporary downturn.

Probably this is especially serious for Venezuela, which was already in a protracted crisis.

A particularly sensitive state is the Russian Federation. It depends on petroleum for a much smaller fraction of GDP, but it’s still very important to the overall economy, and provides the lion’s share of government revenue. In contrast to Saudi Arabia, Russia has an extraordinarily high cost of oil production, so profitability is disproportionately impacted by these kinds of prices.

Even worse for Russia, it has substantial production in very cold regions. It may be less of a consideration in the coming warm months, but when a crude pipeline is shut down in cold temperatures, the oil can congeal in the pipes.

So they could come to a situation in which they’re forced to keep selling oil in order to maintain pipeline flow, though the product is priced near cost … or even at a loss!

SpaceLifeForm March 6, 2020 4:30 PM

@ Nik

Very insightful post.

@ Faustus, Clive, Bruce, Anders

In some circles, OM (Old Man) is also OG (Old Guy).

Both used in respect.

Chris March 7, 2020 12:25 AM

RE: MarkH
Even worse for Russia, it has substantial production in very cold regions. It may be less of a consideration in the coming warm months, but when a crude pipeline is shut down in cold temperatures, the oil can congeal in the pipes.

Funny enough the downspiral is due to the Russians themselfe
if RT is to be believed 🙂
https://www.rt.com/business/482499-opec-russia-oil-production-cut/

But i think you are correct that Venezuela is going to have an even bigger problem to solve now, as they say time will tell …
//Chris

MarkH March 7, 2020 1:55 AM

@Chris:

Putin has a reputation for strategic genius … but this wouldn’t be the first self-defeating maneuver from his regime.

MarkH March 7, 2020 2:22 AM

@Chris (again):

I just did a little check, and West Texas Intermediate (a U.S. benchmark crude) is a little over $41/bbl after getting hammered today.

Urals crude (a Russian benchmark) is showing about $10 higher, but typically will sustain only about $5 above WTI.

By the middle of next week, Urals might be trading below $45. Tough for Russia …

In related news, as of about 24 hours ago Russia was reporting 4 confirmed cases of Covid-19, which I take to be impossible. Russia might have the most underreported case totals of any industrialized state.

Clive Robinson March 7, 2020 3:08 AM

@ MarkH,

But that familiar usage of “old man” is NEVER applied in the third person, as triple-x most certainly did.

The expression “old man” tends to have three meanings,

1, A wife would call her husband “old man” when speaking to her friends. That is a friend might ask her “How’s your old man doing?”

2, It is used by his children especially girls to talk about their fathers to their mates as in “The old man will kill me if I’m not back by ten!”

3,It is used as a mark of respect or wisdom as in “the old man will know the answer to that”.

In short it’s a term used to mark a patriarch or elder or one who has the wisdom to lead or does lead. Much as the older “man of the house” used to be used.

However as an expression it is falling into disuse or ridicule. Thus if some one ask a wife “How’s Brian?” she might answer “What the old fart? Humming along as usuall” or similar.

Part of the reason for it falling into disuse or disrespect was something that happend in the late 80’s where a group of people decided that children should call their parebts not “mum” or “dad” but by their christian names. For various reasons it did not work out.

A downside of the older systems is that things have become inverted… for various reasons my son is well known by quite a lot of people by sight (being over a foot taller than your class mates is just one reason) and they know him by sight. Because I am also tall and built like a “brick out house” I’m also known by sight by the school kids and their parents. In part because I also used to be a governor of the school so I had official duties. The result is that many people don’t know me by name, but many do say hello etc but call me “Alex’s dad”… So much so I used to joke about making it my name by deed poll…

Clive Robinson March 7, 2020 3:49 AM

@ Chris, MarkH,

the rumours stated couple of years ago that if it goes below 50 its goodbye for Saudis

No, it might pinch a little but it won’t be “goodbye”.

Moste ME oil producers know the oils is going to run out. In fact 1970’s era predictions had it running out before the turn of the century. When you know this you tend to look at what you are going to do when the resource does run out. Historically Spain is an abject example of the stupidity of not thinking ahead, and one of the reasons they have persecuted the Catalan’s who want shot of the lazy blood suckers in the south.

So the big lesson is to “invest the income,for the future”. There are two basic ways to do this, as a nation state,

1, Invest in the citizens.
2, Invest in foregin enterprise.

However you have to be very clear any investment is for the future.

Thus investing in schools, universities, hospitals, and infrastructure can be an investment in the future. However subsidising food and fuel prices tends not to be.

Investing in foreign enterprise can be a good thing in several ways, not only does it give future income, it also makes war and other hostile activities less likely it also increcess reciprocation that is it can bring foreign investment home in various ways.

Which is one of the reasons the Saudi’s have one of the largest sovereign funds in the world.

There is however a fly in the ointment, someone in political power might decide not only not to reciprocate but also to punitively cease assets from foreign investrors in various ways.

Such behaviour has been seen before and generaly the nation doing the ceasing gets punished in variois ways.

Well some are also stupid enough to think that they are “to big to fail” and thus won’t get punished. Unfortunatly life is not like that, because “even worms turn” when they can.

The fact that the Chinese and Indian governments have in effect decided not to export certain things like IPE/PPE and drugs and their precursors, during this time when there might be a pandemic might wake a few people up to the “What goes around, comes around” principle.

SpaceLifeForm March 7, 2020 4:24 PM

@ Depositor

Yet again, I did not have to research, but I did anyway.

As I expected, yet again AWS.

hxxps://threatpost.com/aws-arrest-data-breach-capital-one/146758/

Bob in OK March 8, 2020 2:03 PM

@ SpaceLifeForm

Yet again, I did not have to research, but I did anyway.

As I expected, yet again AWS.

Pardon me being somewhat lazy to track down you past posts, SLF, but is it your contention that AWS is special this way? Or are they just the biggest player in the cloud game and thus attract the most security lapses (whether due to user mistakes or criminally inclined search for ecosystems with the best prey)?

I’ve always thought relying on somebody else’s servers for critical computing capacity or sensitive data is just a really really bad idea for so very many reasons… Not that I’ve had any success in getting decision makers to think past the easy-to-see savings they can taste today vs significant costs that only pay off when something unusual happens and even then with a hard to quantify reward.

Creature March 8, 2020 2:28 PM

@JG4

Appreciate the helpful discussion, as always. I connected a few dots this morning. Osteocalcin plays a key role in memory. The neural system in your species co-evolved with the skeletal system. A redundant system is more reliable and cut from Shannon cloth. Redundancy generally does not reduce complexity, but it generally does improve downtime.

hxxps://www.nakedcapitalism.com/2020/03/links-3-5-2020.html

Welcome.

What can we learn from your species?
Do you experience time?
Do you sleep?

Correction: Redundancy can reduce complexity (at least logarithmically). Via coherence.

hxxps://en.m.wikipedia.org/wiki/Physical_and_logical_qubits

And calcium is involved in more than memory.

Reading between the dots (birdbrains of a different feather), you might also be interested in:

hxxp://jonlieffmd.com/blog/human-brain/could-the-brain-and-mind-be-a-quantum-computer-quantum-effects-in-brain-and-mind

and

hxxps://en.m.wikipedia.org/wiki/Cryptochrome

which evolutionarily goes back way further than vertebrates

EvilKiru March 8, 2020 4:48 PM

@Wael:

I’s

I think it’s meant to be a contraction if I is rather than a possessive. As in: I’s a grouch (I is a grouch vs. I am a grouch).

Creature March 8, 2020 5:39 PM

@Wael@EvilKiru

The I’s have it…

[Not having seen @xxx’s comment before it was deleted nor been a party to @Wael’s referenced 2012 convo with @Nick P and @Clive, I actually have no idea whether or not any I’s have it :)]

Wael March 8, 2020 7:09 PM

@EvilKiro, @Creature,

I think it’s meant to be a contraction if I is rather than a possessive. As in: I’s a grouch (I is a grouch vs. I am a grouch).

Look at these samples and reevaluate:

how will they protect you and I’s secrets from all of them at once throwing all their brains at hacking one target?

my secrets?

As this discussion happened on Krebs, I’ll just repost Luiz & I’s posts below:

my posts?

Anyone interested in self-destroying or high assurance crypto designs should google Clive Robinson and I’s discussions on the subject on this blog.

my discussions fits more.

See how easy it was to apply your method to lead to Bruce and I’s theory of the Sony hack?

Bruce and my theory, or Bruce and “I is” theory? Which fits better?

This is where he, Geer, and i’s* old opinions were way off.

Possessive!

This brings me back to RobertT and I’s discussion on fab security.

Ditto…

A simple version of my monstrosity comes from Clive and I’s voting schemes:

Same…

I say it’s broken-ass grammar, and only a handful of people use that form here.

Not having seen @xxx’s comment before it was deleted nor been a party

Sometimes one can find, with fair accuracy, the identity of the author by the writing style. Not always fool-proof, as styles could be mimicked.

MarkH March 9, 2020 3:31 AM

@Chris et al.

Pardon my cautiousness …

Two days ago I wrote

By the middle of next week, Urals might be trading below $45. Tough for Russia …

West Texas Intermediate (American benchmark crude) just crashed through $30/bbl, with northwest Europe’s Brent crude chasing close behind.

This is not a “natural” market response, so it might bounce back … Saudi Arabia announced both steep price cuts, and an increase in production. Did I mention that they have the world’s lowest production cost?

The Saudi action seems quite extreme, and I speculate that it’s intended to punish Russia for refusing to cooperate in a program of mutual production cuts as a response to Covid-19 depressing demand.

I further speculate that the world will soon run out of oil tanker ships, if it hasn’t already. For at least a couple of weeks now, oil traders have been leasing tankers in order to store reduced-price oil; this is necessary because land-based oil storage facilities are largely at capacity … because Covid-19 is depressing demand.

If Russia decides to “play ball” and reduce production, the Saudis might well relent, in which case crude prices could make a significant recovery. In the meantime, Urals crude could drop to $35 (or even less). This would be extremely adverse to Russia; my previous forecast of $45 would seem idyllic by comparison.

PS While I was writing this, WTI has bounced a few times almost to $32. Expect plenty of drama; U.S. markets haven’t opened yet.

Clive Robinson March 9, 2020 12:21 PM

@ Wael,

You forgot the other “I’s” not that it is spelled that way (you very rarely see it in writing).

It’s the “Ey’s to the right, Nays to the left” of old fashioned voting in the likes of the UK Parliament and such…

It always struck me as a prejudicial system, because the “left” or “left handed people” are considered “evil” or “sinister”. Worse your left hand is your “cack hand”, or if you look at the Anglacised French “meanings of “adroit” and “gauche”…

Yes I know it arises from cristian doctrine (to sit on God’s right hand) but even so, it’s still quite discriminatory to left handed people.

Oh and it’s also why in politics those with what we might call “a leaning to the common citizen” are said to be “on the left” by lets call them the more “conservitive” self apointed “elite” and their landowning “rent seeking” or “sweat shop” business profiteering and “protestent work ethic for the masses” but not for them and their “ruling class” style mentality.

Wael March 9, 2020 4:32 PM

@Clive Robinson,

You forgot the other “I’s”…

I haven’t forgotten! I tried to stay on topic 🙂

It’s the “Ey’s to the right, Nays to the left”…

I haven’t thought of this one!

It always struck me as a prejudicial system, because the “left” or “left handed people” are considered “evil” or “sinister”.

Not true, although I had the misfortune to deal with some left-handed real gits in my past!

Worse your left hand is your “cack hand”, or if you look at the Anglacised French “meanings of “adroit” and “gauche”…

Why “worse”? I think it’s better! It’s called Separation of Duties, ma man; a well-known security principle, right? (Pun not intended.)

(to sit on God’s right hand)

I have a lot to say about that, but I’ll skip.

Yes I know it arises from cristian doctrine…

Not only Christian doctrine!

it’s still quite discriminatory to left handed people.

They’re only 10% of the population. More accurately, it could be discriminatory to left hands — not to left-handed people 🙂

Oh and it’s also why in politics…

Here’re 12 Little-Known Facts About Left-Handers. Read the context of this paragraph:

Should right-handed presidential wannabes fake it? Our penchant for left-handed POTUSes is probably pure coincidence. But one recent Dutch study suggests that left-handed politicians actually have an advantage in televised debates

Wael March 9, 2020 4:45 PM

Regarding:

“left” or “left handed people”

And my reply:

Not true.

Correction: it’s an “or” construct. Left is considered evil, but left-handed people aren’t. So the answer is: True!

JonKnowsNothing March 9, 2020 7:05 PM

@Clive
re:

It always struck me as a prejudicial system, because the “left” or “left handed people” are considered “evil” or “sinister”.

The left side of the knights shield is “sinister”, the right side is “dexter”.

“Dexter” (Latin for “right”)
“Sinister” (Latin for “left”)

From the viewpoint of the bearer of the shield.

The dexter side is considered the side of greater honour.

The Great Seal of the United States features an eagle clutching an olive branch in its dexter talon and arrows in its sinister talon, indicating the nation’s intended inclination to peace. In 1945, one of the changes ordered for the similarly arranged Flag of the President of the United States by President Harry S. Truman was having the eagle face towards its right (dexter, the direction of honor) and thus towards the olive branch.

The “proper right” hand of a figure is the hand that would be regarded by that figure as its right hand. In a frontal representation, that appears on the left as the viewer sees it, creating the potential for ambiguity if the hand is just described as the “right hand”.

What do American’s know about heraldry? Not much; we just kept some of our ancestral trade marks.

ht tps://en.wikipedia.org/wiki/Dexter_and_sinister
ht tps://en.wikipedia.org/wiki/Proper_right
(url fractured to prevent autorun)

MarkH March 11, 2020 3:31 AM

Not wishing to get too far afield, I offer a last comment on Covid-19 and petroleum.

Russia’s Urals benchmark reached $31.40 on Monday (there’s a delay in getting Urals pricing).

WTI and Brent crudes have (as of Tuesday) recovered about $5/bbl, so Urals will probably also rebound to some extent.

A big part of this drama is a shoving match between Saudi Arabia and Russia. Low 30s is catastrophic for Russia, so we can expect the Kremlin to soon be licking Saudi Arabia’s hand.

But the context of this, is that Covid-19 has seriously depressed demand, especially in Asian markets which are of central importance for the Saudis and the Russians.

Even if new cases of Covid-19 peak soon (obviously, this is very hard to forecast with any confidence), the petroleum demand overhang might spread out over 4 to 6 months.

By year end, economic activity has a good chance to rebound to expected levels. There will be some balancing extra consumption from “pent-up demand,” but a demand deficit will remain for 2020 from real-time activity which failed to materialize.

Goldman Sachs was warned that Brent could reach $20/bbl before all is over.

In dollars and cents, it’s a better time to be a petroleum consumer, than a producer.


Note: Most Russian crude oil is of less desirable varieties, with high levels of density and of sulfur.

For this reason, an important market has been “bunker” crude which can be burned in the rather primitive engines found in many freight ships.

But by international agreement, most shipping is transitioning to cleaner fuels, and demand for Urals-type blends was already on its way down.

Although Urals long enjoyed a small premium over Brent (often $1 to $2 / bbl), that is likely to fade out.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.