lurker March 6, 2020 5:54 PM

@Scott: don’t worry, Intel are right onto this one, the second of their suggested mitigations

End users should maintain physical possession of their platform.

MarkH March 6, 2020 6:00 PM

Policy Reponses to Singular or Intermittent Scary Risks

I suggest that Covid-19 resembles some phenomena we usually think of as security issues in important respects:

• the recognized psychological tendency to magnify novel and unusual dangers (in contrast to chronic threats like climate change, which people automatically tend to minimize)

• availability of only partial and uncertain data for an extended time, often until the crisis is already subsiding

• a tendency of “scary” new risks to provoke extreme reactions which are (a) very costly {both economically and in terms of key societal values); (b) often inappropriate to the threat; and (c) sometimes counterproductive, making the problem even worse

• serving as a further distraction from underlying problems of far greater significance (see the first bullet), some of which aggravated or even gave rise to the novel risk which “vacuums up” so much attention

I would offer terrorist attacks (especially those with high casualties) and waves of ransomware as examples of security risks sharing these attributes.

I don’t have any convenient answer for this kind of policy challenge.

Governments and other institutions are put under great pressure to “do something” in such crises, and are especially prone to do the wrong something under such pressure.

Some currents in opinion and propaganda serve to make these already hard problems even harder:

• the cynical notion that large institutions (most especially governments and their organizations) are predominantly incompetent and corrupt, which is often a gross distortion of the true picture

• the philosophical notion that government is inherently evil and should be dismantled to the greatest extent feasible (see the war in the U.S. against “the administrative state”)

• a generalized distrust of all expertise, authorities or accumulated learning (excepting, of course, your favorite TV celebrity, your grandmother, some ancient religious writings, or whatever you REALLY trust in)

In practice, public policy always weighs risks — even danger of death — against costs to society of protection from risk.

For example, U.S. law effectively tolerates large numbers of gun homicides — enough to depopulate a small town each year — because of cultural and psychological affinity for such weapons.

I just learned that in the U.S., about one third of a million people (mostly elderly) die from infections each year in long-term “care” facilities such as nursing homes. Despite this, the present presidential administration wants to relax the requirements to have infection control specialists at work in such facilities.

Note that the number I just cited, is not very far from the upper limit of fatality estimates made by U.S. epidemiology experts in the recent days.

However one might judge the results of such
“policy balancing tests,” they tend to go out the window when a scary crisis is underway.

So I propose as a first policy question: is it better for society to try to maintain a more uniform approach to such balancing, or is it worth the risk of engendering enormous costs in order to respond to the emotional content of each novel threat?

Scott March 6, 2020 10:36 PM


End users should maintain physical possession of their platform.

That means end users shouldn’t cross international borders with their existing laptops anymore. Even in an ideal, post-coronavirus world. Okay.

Scott March 6, 2020 10:48 PM

Re: 5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

A Hacker News comment(?) which I can’t find now pointed out this Intel vulnerability also means you can easily rip 4K Netflix movies which previously were protected by DRM. The chain of trust is broken.

maqp March 7, 2020 1:14 AM

TFC 1.20.03 is now released with support for Qubes 4.

Normally I wouldn’t spend a lot of time to add support for a non-mainstream OS, but Qubes was requested in multiple occasions. With Qubes instead of three normal computers, you have three Debian10 VMs. Instead of data diode, you have the sys-firewall VM that ensures data moves unidirectionally between the VMs.

Creating the VMs etc. take some extra steps, but as always, the installation instructions hold your hand all the way through with step-by-step instructions and screenshots.

It’s not as secure as the normal three device configuration, but it’s a lot more secure than running TFC local testing mode, or Signal, Ricochet etc. on a networked device or Qubes VM.

Curious March 7, 2020 2:29 AM

From twitter, something something crypto war:

(“The EARN IT Act Is a Sneak Attack on Encryption”)

“EARN IT focuses specifically on Section 230, which has historically given tech companies freedom to expand with minimal liability for how people use their platforms. Under EARN IT, those companies wouldn’t automatically have a liability exemption for activity and content related to child sexual exploitation. Instead, companies would have to “earn” the protection by showing that they are following recommendations for combatting child sexual exploitation laid out by a 16-person commission.”

“Though it seems wholly focused on reducing child exploitation, the EARN IT Act has definite implications for encryption. If it became law, companies might not be able to earn their liability exemption while offering end-to-end encrypted services. This would put them in the position of either having to accept liability, undermine the protection of end-to-end encryption by adding a backdoor for law enforcement access, or avoid end-to-end encryption altogether.”

I guess, without a liability exemption, anyone can then upload to a company server or send a single photo through a server, of whatever qualifies for child abuse and see that company hosting the one photo being fined or worse?

Maybe you end up with a chain of events, where one company snitches on a competing company, because it somehow detected traffic containing child abuse material between the two companies and then only one company have liability exemption?

Maybe, in combination with face recognition technolgoy, law enforcement can have an official excuse in trawling databases and id people seen in photos, in order to identify, presumably existing and future photos of people that are either seen, or even vaguely related to people associated with child abuse photos, like neighbors, or entire communities? I guess LE in US and elsewhere might be doing that already, but maybe can’t/couldn’t officially do that legally in the past?

I stopped reading local news some time back after getting annoyed in various ways, but I ended up reading something yesterday, and apparently a local politician, or perhaps a bureaucrat, apparently had said that “security trumphs everything”. Which I thought sounded very silly, as it is so vague it couldn’t work as a general principle, but maybe makes for some authoritative boiler plate language. Such an expression is imo indicative of desiring to break the law, “because security”.

Clive Robinson March 7, 2020 5:04 AM

@ Scott,

What are the implications?

Many and varied but you mostly won’t have issues, and some may be of benift to you.

Nearly all security relies on a “master secret” if this becomes known then the rest of the security model is broken compleatly and irreversibly.

These Intel chips have a “master secret” that is the same for each chip model and possibly step as well.

If I extract the secret from the chip then it’s “Open sesamy” for all the chips of that model and step.

Does this matter to an individual user, well no not realy because for all it’s publicity the security system this gives is not there for users, but so that corporations “own” your “system and purchases” through the likes of DRM.

In essence it takes the security back to the time of the proposels for “The Fritz chip”.

If you need to have securiry on yoir machine you can keep the “masyer secret” in your wallet and build the rest of it with software,not hardware which is what most people did from the late 1950’s through to about a decade ago.

It’s only because the hardware was there that people started using it out of lazyness… They could always go back to the old way of doing things.

And that’s what it boils down to at the end of the day, the entire structure is designed to deny the purchasor of the system “The rights and privileges pertaining to ownership”…

We see where that leads with the “walled gardens and snooping” in the Android and iPhone ecosystems.

Alejandro March 7, 2020 5:15 AM

I happened to stumble on the latest Cloudflare transparency report.

It certainly demonstrates the constant but low intensity crush of police, lawyer and government demands for user information. To Cloudflare’s credit they seem to be diligent in holding pursuers to a high legal standard instead of simply throwing them the key.

It’s pretty obvious from the report governments and lawyers would have little use for old pieces of paper containing words like Constitution, inalienable rights and law if it weren’t for a degree of public revelation.

me March 7, 2020 7:03 AM

I read:

“End users should maintain physical possession of their platform.”

as: “No cloud!”

HCRM March 7, 2020 9:01 AM

@ maqp

Regarding TFC. Could you provide any suggestions on a suitable hardware platform to use. I know it should minimum exfiltration channels (WIFI, bluetooth, ethernet, GIO PINS???) but nowadays thats difficult to find. What’s your advice on this?

Keep up the good work 🙂

JonKnowsNothing March 7, 2020 9:34 AM

MSM report on YAAT (yet another attack) on key fobs used to start cars.

There is an flaw in the implementation encryption systems used by immobilizers for the cars.

Previous attacks are radio-relay attack to extend the RFID range of the chips ex: from your house to where the car is parked on the street.

This attack is on chip-enabled mechanical keys. It targets the proximity detection of “immobilizers, the radio-enabled devices inside of cars that communicate at close range with a key fob to unlock the car’s ignition and allow it to start”.

The good news is: the baddies still have to use a screw driver to turn the ignition barrel, or just hot wire it, actually start it.

What was most interesting was the discovery technique used reverse engineering to expose the encryption methods:

buying a collection of immobilizers’ electronic control units from eBay and reverse-engineering the firmware to analyze how they communicated with key fobs. They often found it far too easy to crack the secret value that Texas Instruments DST80 encryption used for authentication. The problem lies not in DST80 itself but in how the carmakers implemented it:

The Toyota fobs’ cryptographic key was based on their serial number, for instance, and also openly transmitted that serial number when scanned with an RFID reader.

And Kia and Hyundai key fobs used 24 bits of randomness rather than the 80 bits that the DST80 offers, making their secret values easy to guess.

ht tps://
(url fractured to prevent autorun)

Rj Brown March 7, 2020 10:46 AM


“End users should maintain physical possession of their platform.”

as: “No cloud!”

I’ve been reviving an old Rolling Stones hit fron back in the late 1960’s for a number of years now:

“Hey, Hey you! Get offa my cloud!”

It doesn’t mean no cloud; it means own your own cloud, right down to physical possession of it, running an open source OS so a vendor doesn’t own it, prefferabl an OS distribution supported by volunteers, not a for-profit corporation.

Alejandro March 7, 2020 11:22 AM

In the abstract cloud computing is very appealing.

But, of course, the cloud too has been corrupted to the core by system predators. I’m not even sure anymore storing your collection of 100,000 cat pictures is safe in the cloud. Somehow, some way those pics are being distributed, sold, shared, copied, dissected, pasted, collated, spindled and mutilated in various ways to the disadvantage of the owner, originator.

That’s the way it is.

And, very few people care, too.

That may be the worst part.

Dancing On Thin Ice March 7, 2020 11:35 AM

Public trust in virus information

• An Iranian deputy health minister tested poitive the day after coughing though a press conference saying there is nothing to worry about.
• Americans politicians questioning and contradicting their own health experts.
• My first thought of the Hong Kong protesters wearing face masks was they may not cover enough to foil face detecting cameras.
In hindsight, could it be that those questioning official news may have been aware from other channels of a new illness spreading?

Clive Robinson March 7, 2020 4:46 PM

@ MarkH,

Toadys totals, and other news

Note Italy and it’s CFR = 4.2, that is with medical intervention and a western idea of “containment”. If taken to the population in general that would be 0.84-1.68% of the population or 1/2-1 million in a population of 60million for a European state or 5.5million in the 330million in the US. Also note the tiny state of Iceland, oh and what Iran is finally doing to the sound of distant hoof beats.

But getting back to your question,

So I propose as a first policy question: is it better for society to try to maintain a more uniform approach to such balancing, or is it worth the risk of engendering enormous costs in order to respond to the emotional content of each novel threat?

The first thing to remember is that like any form of “Defence Spending” it all appears to be a waste of money untill you are attacked in which case you did not spend enough on Defence in previous periods.

It’s a point I’ve been making here for some years and the important thing to note is that the enemy that “attacks” you is almost always oportunistic and does not have to be human or in any way sentient. As you note climate change is causing an increase in what were once “Ten Year” or “Hundred year” events.

The simple fact is we are not spending where we should be. We know that dumping toxic waste is many many times more expensive to clean up than it is to deal with the waste properly. We live in a culture in many Western nations where “short term profit” is the only game in town and executives figure they can trade minor short term gains over massive future costs because they will have moved on elsewhere by the time the problems start. This was the “Enron Mentality” and many people in California know it’s still going on with PG&E. There can only be one outcome with this kind of thinking, but usually it takes a decade or so for the chickens to come home to roost.

Unfortunatly for those in the US the current encumbrant and their executive have decided to do the same very short term thinking, and the chicken on this one has,come home to,roost whilst the encumbrant is still there for every to see who is at fault. The same is true of other nations that subscribe to.

1, Very short term thinking.
2, An “every man for himself” attitude.

Thus those that vote such thinkers into power by deluding themselves that it will be good for them as well are getting what they deserve. Unfortunatly those that have been more responsible are being draged down with them into the resulting cesspit.

Prevention is always less costly than cleaning up a mess, you only need to drop a cup of coffee or a glass of red wine onto a white wool carpet or white/pale coloured cotton/linen/silk item of clothing to understand this. The principle applies in nature and it’s called “entropy” and it’s one of the very few laws of nature. So why we think we can just ignore it beggers belief, untill of course you realise that most of the people in charge and those that back them have way more than normal psychopathic traits.

vas pup March 7, 2020 4:52 PM

You may find this article very interesting and whole understanding the content required your level of expertise – enjoy!
Design of inorganic materials for brain-like computing

“Ever wish your computer could think like you do or perhaps even understand you? That future may not be now, but it’s one step closer, thanks to scientists and engineers and their recent discovery of a materials-based mimic for the neural signals responsible for transmitting information within the human brain.

The team was able to clarify the underlying mechanism driving this behavior by taking a new look at β’-CuxV2O5, a remarkable chameleon-like material that changes with temperature or an applied electrical stimulus. In the process, they zeroed in on how copper ions move around inside the material and how this subtle dance in turn sloshes electrons around to transform it. Their research revealed that the movement of copper ions is the linchpin of an electrical conductivity change which can be leveraged to create electrical spikes in the same way that neurons function in the cerebral nervous system — a major step toward developing circuitry that functions like the human brain.

“Nature has given us materials with the appropriate types of behavior to mimic the information processing that occurs in a brain, but the ones characterized to date have had various limitations,” Williams said. “The importance of this work is to show that chemists can rationally design and create electrically active materials with significantly improved neuromorphic properties. As we understand more, our materials will improve significantly, thus providing a new path to the continual technological advancement of our computing abilities.”

vas pup March 7, 2020 5:00 PM

Biometric devices help pinpoint factory workers’ emotions and productivity

“Happiness, as measured by a wearable biometric device, was closely related to productivity among a group of factory workers, reveals a recent study.

“The use of wearable biometric devices, which can track employees’ emotional states provides an opportunity to examine more objective components of the emotion-productivity link,” Kadoya adds.”

My take: emotional state objective monitoring needs in security field as well with huge potential for application, e.g. in stressful situations.

SpaceLifeForm March 7, 2020 5:49 PM

@ Anders

“one rare case when NOT AWS ;)”

Objection, assumes facts not in evidence.

I am serious.

Sed Contra March 7, 2020 6:15 PM

@ vas pup

Biometric devices help

Might not the intrinsic invasion of the person (analogous efforts to study motion efficiency decades ago were not well received by the subjects) perturb the measurements ?

lurker March 7, 2020 7:25 PM

@SedContra, re Durian capacitors

The method reminds me of the recipe for Frank Cooper’s Oxford Marmalade where some effort is made to get the sugar-pectin complex to thoroughly saturate the porous pith.

But in this case they need the pores empty; so even after reading the paper I don’t get the need for 10 hours autoclave. I also wonder what effect the freeze drying would have on the material structure ( −80 °C for 24 h under vacuum <10 kPa)

One of the comments on Ars suggests they might be trying for an Ignobel.

terminal man March 7, 2020 8:14 PM

Covid-19 will likely have a worse effect on the economy of Americans than on the economy of Europeans.

Reason being that a large chunk of U.S. populace does not have any health insurance or even a right to any paid sick days. Many are one paycheck away from falling behind on rent. So an illness that requires staying at home will have a negative effect on the household economy of many.

And while in EU most countries have “socialized” health care, in USA an illness that requires doctors visits or hospitalization can easily lead to thousands of dollars of medical debt.

On top of which the top leadership cares more about the direction of Dow Jones than the effect Covid-19 can have on the population.

MarkH March 7, 2020 8:59 PM


We’re surely on the same page, with respect to prevention.

I don’t remember accurately when it began, but roughly since the turn of the millennium I’ve heard people who study epidemics doing their best to tell the public, and even more especially governments:

  1. Infectious disease outbreaks comparable to — or even worse than — the 1918 pandemic are sure to come, and could show up in any given year.
  2. There is a variety of practical steps governments and health systems can take to prepare for such outbreaks, which could greatly reduce their destructiveness.
  3. Present preparedness is terribly inadequate.

As far as I can see, the actions taken by various states around the world in response to these warnings could at best be classified as “baby steps.”

When the U.S. had its first ebola virus scare (from an epidemic devastating in Africa, and negligible in the U.S.) the Obama administration set up a program to work in concert with foreign public health agencies to prepare for, and respond to, emergent epidemics.

The present administration chose to disband this program.

The cost of present containment measures is sure to astronomical; impact studies among the various states will provide the results of a “natural experiment” (as economists call it) to furnish some gauge of costs.

It already seems very likely that available (but not exercised) measures for prevention and preparedness will be proven far cheaper in dollars than reactive measures; the needless loss of life is another category of cost …

@terminal man:

Your comment is spot-on.

The isolation measures in effect in Hubei province — some of which are called draconian, and perhaps legally infeasible in Western democracies — are a really extreme response to the danger of Covid-19.

In contrast, a measure which is most reasonable, and violates the personal liberty of no one, would be to guarantee paid sick leave for all U.S. workers.

It’s exactly the right sort of policy response: epidemiologists expect it would significantly reduce R0 without destroying civil liberties or engendering public panic.

But it doesn’t yield the visceral satisfaction of “stop all flights!”, impositions of virtual imprisonment, arresting people from the streets etc.

The economic costs are likely to be even worse than your comment suggests. Austan Goolsbee, a noted U.S. economist, pointed out that in the most prosperous states a smaller share of economic activity is in agriculture and factories, and more of the economy is in face-to-face services: exactly the kind of business likely to collapse as people scared by the outbreak, or even directed by authorities, self-isolate as much as possible.

Even worse, richer states like the U.S. have more concentrated populations: for all of China’s massive industrialization, it still has a far higher percentage of rural population than the U.S. or Europe.

The magnitude (and maybe more important, duration) of economic impacts remains to be discovered. They might be far out of proportion to the direct costs of the disease itself.

Clive Robinson March 8, 2020 1:01 AM

@ MarkH, terminal man, ALL,

[M]ore of the economy is in face-to-face services: exactly the kind of business likely to collapse as people scared by the outbreak, or even directed by authorities, self-isolate as much as possible.

What you are saying is something else that’s been in the back,of my mind as a major problem for way more than a couple of decades now, but in the main most have not yet realised it, even though crypto currency mining has brought it up even into the everyday MSM.

Although few have realised it the Spanish flu outbreak of 1917 through 1920 has given us a big clue as well. It was after all the first serious disease spread where news of it’s existance and effects outpaced the movment of humans by a significant ammount, more importantly without infection risk spread. This was by what we would today consider “primitive electronic communications” even though it was highly effective as limited as it was.

Thus the way to solve “face-to-face (F2F) meetings in the flesh” is obviously by communications, but we can not yet provide a system to support it in the way humans would want and we may never be able to do so with our current technology and way we go about things.

I know it sounds supprising but it’s true, and the problem fundementaly is energy, or lack there of and the concequence of the ultimate form of polution “heat from inefficiency”.

Humans have evolved to use many forms of unassisted human-to-human (H2H) communications. They fall into four general catagories,

1, Sound.
2, Sight.
3, Touch.
4, Smell.

They are ordered from least to most for,

1, Required Information content,
2, Necessary bandwidth,
3, Available technology,
4, Necessary power,
5, Effectiveness of communication within humans.

It may sound supprising but humans have learnt to use sound quite “effectively” and over reasonable distances even though slowely. That is most of what we say is not to transfer information but to protect the integrity of the information. What we would call “error correction through redundancy”. This you will find in undergraduate textbooks on communications along with a whole heap of advanced applied mathmatics and theory. What you won’t find in those texts but will in a few select texts on security is a rather dry discussion on side channels, broadly classed as “overt” or “covert”. What those dry discussions usually fail to mention is that side channels are also a form of “continuous authentication” implicitly in progress throughout the communication and this task takes a large amount of bandwidth. What you will find in some postgraduate and post doctoral texts in psychology is the importance of these side channels to H2H communications.

When you look at the list of the H2H communications methods you will see that the level of side channel bandwidth required goes down as the bandwidth of the primary communications channel goes up.

From a technology point of view we don’t have sufficient communications “channel bandwidth” or power, nor will we ever have at any point in time. Thus we try to eliminate what we see as redundancy from our communications via various techniques. These techniques require considerable computational power. But in trying to be “more efficient” we quickly find that we run into limits. It is for instance posible to send speech with as little as fifty bytes a second. But you will not like it, all those side channels with all their necessary authentication information have been removed. Though some still remain in the choice of words and phrasing and cultural idioms.

But the fundemental problems are,

1, We never have sufficient bandwidth to emulate what happens in F2F H2H.
2, We never have sufficient power for either communications or for computation.

In fact when it comes to power and computation, people are already saying that by 2040 computation will require more power than we will have available globaly.

Thus we need to either “change humans” or “change technology”…

Jon March 8, 2020 6:32 AM

A different security problem – people lying to you.

The Royal Canadian Mounted Police (RCMP) claimed they were not using facial recognition technology. Then they admitted they actually were.

The classic quote is:

“The discrepancy is the result of an error on our part,” said spokesperson Catherine Fortin in an email late Wednesday.

also known as the “too bad we got caught, huh?” attempt at an excuse.


65535 March 8, 2020 6:35 AM

I asked this question to Bruce S. on the “Facebook’s Download-Your-Data Tool Is Incomplete” Post and got no answer.

Some of us have siblings in college or know somebody who does and the college they attend requires Facebook, Twitter and Google email? This is important and troubling so I will ask the question to a larger audience – all people.

“… I teach cybersecurity tech and policy at the Harvard Kennedy School…”- Bruce S.

“I have some questions about Colleges or University mandating the use of Google or Facebook.

“1] Does Harvard require the use of either Google or Facebook?

“2] What is your opinion on colleges who mandatorily require the use of Google Gmail for students and their communication?

“3] What can be done to mitigate the risk of Gmail forced use in colleges?”-65535


[link broken to hinder bots]

I’ll add more questions:

Does anybody have an opinion on the forced use of gmail, twitter, Facebook and so on by colleges?

Does anybody care if their children get tracked all through college stay by gmail, twitter, Facebook via said college’s forced use of said data miners?

Does anybody have an opinion on the crooked or one-sided “terms of service” colleges require to log on to a college course and communicate via gmail, twitter or Facebook?

Does anyone care that colleges encourage the use of these data miners including upload students pictures or thumbnails?

JonKnowsNothing March 8, 2020 7:41 AM


re: Mandatory use of software or hardware platforms

It’s not just educational platforms that mandate specific hardware or software uses. It’s an odd paradox that in some cases they demand use of Social Media but penalize the use of the same media.

Companies and Universities employ Reputation Scrubbers and vet anything someone ever posted that may have “negative” impact on their institutions (per their definitions). It may be “free” or even “free speech” but it’s definitely not going to help you as you move through life.

It’s rather amazing how far back such Rep Scrubbing will go. In the USA we had some acrimonious confirmation hearings for our Supreme Court, and the amount of detail extracted from decades ago was cause for create concern.

I personally would be concerned because people do change their views and opinions over time and as they gain maturity and life experiences. Having your 18yo self encased as a HORCRUX to be hauled out at every opportunity is problematic.

With my friends, acquaintances and passing conversations, I have attempted to alert folks to the dangers of these HORCRUX encapsulations, most folks just glaze over and reply “yeah, blah blah blah blah, whatever …”

If you can convince the person to limit their use of the software/hardware to what is “exactly” required (submit reports, work, essays etc) and not to expand the use to their “free time” (parties, gatherings, social outings) that’s about the best you can hope for.

The choices are limited: if you want to be in the raid, you must use Discord. If you want to go to UofX and they require you to use FB, not attending may have worse implications over time. I would not expect that most folks can resist the social pull for very long. The social price is just too high a price to pay: FOMO.

Resistance maybe futile, but non-cooperation or limited-cooperation is to deny the very thing all these folks want: your data.

ht tps://

A Horcrux is an object used to store part of a person’s soul

ht tps://

Fear of missing out (FOMO) is described as “a pervasive apprehension that others might be having rewarding experiences from which one is absent”

ht tps://

Discord is a proprietary freeware VoIP application and digital distribution platform designed for video gaming communities, that specializes in text, image, video and audio communication between users in a chat channel. Discord runs on Windows, macOS, Android, iOS, Linux, and in web browsers. As of 21 July 2019, there are over 250 million unique users of the software.

(url fractured to prevent autorun)

Nik March 8, 2020 8:22 AM

One thing that did occur to me and has been touched on before:

COVID is really bad for older people. Thus a lot on “old men” with expertise and experience will be gone, as @Clive and others have mentioned. This will have security and engineering implications that will be far-reaching and that I’m thinking through but can’t fully grasp.

However the US is facing a social security, pension and healthcare crisis because a lot of people are just growing old. Considering the “slow and ineffective” response and the confusion sowed by politicians and government, I can not help but think that this combined with the virus will reduce the pension, Social Security and healthcare/medicare costs.

If the CFR and the progression (with the impending exponential growth) is like many of the people mention, the life insurance industry will take a hard hit; bailouts will be unlikely, as the finances will be stretched massively. Thus, bankruptcies and pennies on the dollar payouts. Very delay payments or none, since this is “an act of god”, at least for travel insurance. No travel insurance is paying out any compensation for virus-based costs, much to the surprise of people who really need this money. We have seen this in wildfire.

The issues with the insurance companies will only fuel the stock market issues.
Engineering ramifications are more complex; when looking at some machinery and well engineered solutions, there the subtle things for longevity, such as the way things are routed and mounted, the selection of materials and how things are installed. This really hit home once I saw aerospace / airplane wiring tied with wax string and routed to minimize longterm vibration issues. This knowledge is from the seasoned experts, that takes time and age; the feedback cycle on the long term reliability is just very long and take time and age.

Then again, many of today’s products are disposable, not serviceable or even meant to be opened. Systems lock you out, just buy a new one or go to the dealer. (even for simple things such as keys/remotes for your car).

Finally, and this is what most people outside of the us are not aware of is the same “closing off” trend in healthcare. What I mean with that is the move to make many things “controlled” and prescription only. Like Oxygen. George Bush made it so that OXYGEN is by prescription ONLY. I have asthma and had several places refused me a fill-up on my oxygen bottle. Similarly, many of the vet medicines like Epinephrine and antibiotics are now only available with a prescription. This “leave it to the professionals” is funneling people through the healthcare / vet system that is overtaxed. (Not to mention that ER system is clogged in the US for quite a while now)

On the food supply side, many people just buy cheap food from the store quickly rather than grow it, which takes a substantial investment for some (I live in a cold climate, so I would need a greenhouse) and time + labor. Thus these skills and food supplies are dwindling. (Despite the health trend/ self-reliance movement, which will get a HUGE boost).

It is interesting pondering the implications for cybersecurity, engineering, food supply, supply chains, transport and manufacturing. But then I realize the values of the lost minds, memories and expertise and have to stop thinking about these matters.

JG4 March 8, 2020 8:33 AM

No surprises here.

Big Brother IS Watching You Watch

This Small Company Is Turning Utah Into a Surveillance Panopticon Motherboard

Rand Paul looms as wild card in surveillance fight The Hill

Google tracked his bike ride past a burglarized home. That made him a suspect. NBC (The Rev Kev)

737 MAX

The Boeing 737 MAX Nightmare Keeps Getting Worse Daily Beast

Sed Contra March 8, 2020 9:39 AM


Interesting parody of the old Jesuit “get them early and you’ve got them for life”.

Also, alumni associations require this.

What advantages/disadvantage does the institution derive, and what do the (anti-) social media companies, and what use do they make if it ?

And what relation is there between the institutions’ self-proclaimed progressive and social justice stance and this surveillance?

“Data of millions of college students exposed in massive hack” – “oh that’s OK, thats just our social media platform contractor doing its thing.”

JonKnowsNothing March 8, 2020 10:19 AM

re: RoboDebt aka ZombieDebt aka YouDon’tOweThemANicklebutTheyWantItAnway

The robodebt debacle continues to roll out and over folks. This scheme is in play in a lot of countries, including the USA. The idea was that all-social-service-users are cheats, so we will root them out and find out if they claimed benefits they were not entitled too get.

This method used a version of Income Averaging that was and is considered not good and illegal but it was done anyway. The Aussie reclaimed a lot of money from folks but since their algorithm was faulty, their Govt has to repay back all the monies they collected. Their methodology claimed folks got more money than they should have, but in fact they were not overpaid. Now all the reclaimed money from garnished pensions and tax returns plus other penalties has been used “elsewhere” as “reclaimed money from welfare cheats”, they are finding it hard to find the money to repay them.

This process of hiding the calculation algorithm is used and abused in many situations. In the case of the Aussi version, they were advised 3 years before that their calculations were wrong and illegally applied. As long as they could keep the information away from the public view, they felt safe in continuing the practice. Poor people don’t count too much and stealing from the poor and impoverished is easier than taking excess cash from the .001%.

As we become more automated with fewer points of contact or redress these rogue algorithms are becoming more common.

MSM reports:

  • A locally run post office sub-branch postmaster, was sent demands for ‘stolen’ £65,000. The person was forced to hand over £30,000 and told he owed £35,000 more to cover discrepancies at the branch in between 2014 and 2019. After two high court trials the Post Office has to pay £58m to settle claims by more than 550 sub-branches that were accused of theft and false accounting. The Post Office said was a computer glitch since 2014.
  • Australian Taxation Office issues false, years-old tax debts worth thousands of dollars due to IT error. Debt letters demand payment within two weeks, with some dating back five years.
    ATO staff told people not to pay it and to ignore future automated letters and calls asking for repayments. ATO’s 12-month old Hewlett Packard Enterprise hardware storage system and its primary backup, which are believed to have failed.
  • In relation to the RoboDebt theft: The Department of Social Services and Services Australia, officials refuse to say how many of the more than 600,000 RoboDebts issued are flawed because they are facing class action lawsuits and it might affect their defense. The Aussi Government claims that it did not have a common law duty of care while administering the scheme. 900,000 were served debt notices and the estimated hundreds of thousands of people who are waiting on a resolution.

Ignoring a tax demand for any reason is not good practice and doing so based on phone advise is really not a good idea. In the USA we normally hold 7 years of tax data but if the US IRS decides there has been a fraud or other irregularity, the scope is “as big as they want to make it”.

The computer science end of these issues revolve around how the algorithm has to be reverse engineered to notice the flaws. Outside of ignoring legal findings that the calculations are illegal and doing them anyway, so many systems are failing but as we have huge distributed applications, it is hard to spot the errors. Not only spot them but getting them fixed is a whole other problem.

It’s not just financial systems that are flawed, the stories about the NoFlyList are legion.

We are substituting “AI” for intelligence and “ML” for methods; as computers only do what we program them to do, relying on “the computer knows best”, “the computer said so”, or “the computer did it” as “proof of accuracy” is not good.

ht tps://

ht tps://

ht tps://
(url fractured to prevent autorun)

Regarding Oxygen March 8, 2020 12:03 PM

@ Nik

Regarding the necessity of additional Oxygen supply of many people who unfortunately suffer from COPD, are there any specific reasons as to why exactly one would be prohibited from just using industrial Oxygen gas cylinders when staying at home?

They might be far bigger and heavier, but for many applications the oxygen contained is nearly chemical pure and not just technically.

At least for home use they might be usable as long as an extension flexible tube is used to be able move freely around the house (without having to haul the bottles around), because some of them weighting more than 200 pounds.

There are a bunch of suppliers who just drop these off any selected location in vicinity of a road when full and who also carry them back for refill purposes once they are empty.

One could easily have bunch of them in the garage, connected together to supply oxygen through a pipe system, fitted with quick coupling/decoupling connectors, placed in each and every room.

That would amount to a dozen or about 16 200 pound bottles in a bundle comparable to the installations found in many welding shops and especially welding schools used for either brazing, flame straightening or gas welding.

Something like these:

It would be very interesting to know your perspective on the feasibility of just using industrial oxygen gas cylinders instead of medical ones, provided the gas contained therein is actually chemically pure.

Clive Robinson March 8, 2020 12:35 PM

@ Nik,

I can not help but think that this combined with the virus will reduce the pension, Social Security and healthcare/medicare costs.

You are not the first to mention this nor are you going to be the last to think that it might actually be happening.

It would also get over another issue, of “Raising Pension age” over the “grey votes” wishes. On the simple theory that there will be less of them to complaing about how unfair it is and that healthcare is unafordable (which it most certainly is, which is why the US has some outcomes as bad and in some cases worse than third world nations with effectively no available health care if you can not walk or be carried twenty to fifty miles…

On of the reasons the Chinese are making significant in roads into Africa is not just improving healthcare that’s available localy, but also roads and vehicles to get people quickly easily and comfortably to the very few specialized hospitals a nation might have[1].

But the “grey vote” has a lot to be angry about. Outside of a few baby boomers, many are not living a life of “graceful living” of “early retirement”, a number are working two jobs where they can find them just so they can get the drugs drugs they need at a sensible price. These are often those that are considered “generic drugs” else where in the world.

With regards,

This will have security and engineering implications that will be far-reaching and that I’m thinking through but can’t fully grasp.

There is also “social” implications. History shows us that every time disease spreads rapidly through a population, one of the effects of all the deaths is that significant social change happens.

Those 1%ers are also frequenty realy “old men” past any sensible “puting out to grass” age. So they meddle in politics with their “rent sought” or “general explotation” of ordinary citizens.

If we get community spreading the 1%ers are very likely to find what others now know, infectious disease respects no borders, security posts or heavily armed “guard labour”. Likewise it cares not a jot for “position or power”, it is an “opportunist. Thus any source of live human respiritory cells and their ACE2 receptors will be “assimilated for reproduction” and distribution to others.

Even where social contact is being managed severely, the Case Fatality Rate (CSR) figure is still one in 120 people…

[1] For years we got fed the political line from amongst other people the US IC –who sponsored sterilization schemes– that the reason for famin and disease was that Africa had two many people living there. In fact the exact opposite is true, mostly there are way to few people to justify the cost of building infrastructure.

MK March 8, 2020 12:52 PM

All bottled Oxygen, today, is identical… made from Liquid Oxygen. But if you just need Oxygen enhancement you can get portable Oxygen Concentrator machines that are battery powered and can be carried around.

L'Homme de Kabul March 8, 2020 12:59 PM

JFYI: Ross Anderson is writing a 3rd edition of his Security Engineering:

I’m writing a third edition of Security Engineering, and hope to have it finished in time to be in bookstores for Academic Year 2020-1.

With both the first edition in 2001 and the second edition in 2008, I put six chapters online for free at once, then added the others four years after publication. For the third edition, I’ve negotiated an agreement with the publisher to put the chapters online for review as I write them. So the book will come out by instalments, like Dickens’ novels. Once the manuscript’s finished and goes to press, all except seven sample chapters will disappear for a commercial period of 42 months. I’m afraid the publishers insist on that. But therearefter the whole book will be free online forever.

SpaceLifeForm March 8, 2020 1:43 PM

Lack of testing in Redmond.


SpaceLifeForm March 8, 2020 1:57 PM

From @BNOdesk

“Vietnam reports 9 new cases of coronavirus, all of whom arrived on a plane on Monday. They include 7 people from the UK, 1 from Mexico, and 1 from Iceland”

Since there are very few cases in Mexico and Iceland, what does that tell you?

SpaceLifeForm March 8, 2020 2:12 PM

A lot more Ghosts flying around these days


name.withheld.for.obvious.reasons March 8, 2020 2:13 PM

Under the rubric of jurist prudence, using the color of the rule of law, the hearing that was held in Woolwich, England, the presiding judge (Baraitser) demonstrates what the defendant’s lawyers say is a political case. The very procedural malfeasance occurring at the hearing IS a political persecution happening at the same time that the defense claims there is political prosecution of the defendant.

The judge’s deference to procedural integrity cannot be defined as defensible, fair, unbiased, or legally and juridically correct. Reading findings from a prepared statement at the conclusion of the hearing clearly shows that irrespective of the litigents arguments, testimony, or factual discovery has no place in the court at Woolwich, or anywhere for that matter. If ever a case for judicial miscarriage and malpractice, this is it. When the prosecutors are more sympathetic than the court, the venue is tainted and the conduct is well beyond legitimacy. It makes a mockery of law and elevates clownish bafoonery (sp?) to new heights.

Both the prosecutor and defense were given dismissal and disdain absent sufficient judicial efficacy and the judge proceeded to pre-ordain the summing of facts. Thus the summing up managed to be unencumbered by fact. As the arguments presented in the hearing have yet to complete, evidence is still to be presented some of the allowances will be essential to the case. But as the judge is predisposed to a conclusion, any sense of juridical fidelity is without witness.

Sed Contra March 8, 2020 3:06 PM


A lot more Ghosts flying

It’s heartening to see nominalism is alive and kicking. Equity be damned, the letter of the contract is what matters !

SpaceLifeForm March 8, 2020 3:30 PM

Isolate. It’s going to be a huge mess in 3-4 weeks.

First confirmed case in St. Louis area is female, in her twenties. Not even one mile away from me at this time.

Yes, I am outing my location.

There are at least 20 in home quarantine.

I have other leaked info that says a death, in a hospital (different hospital from the confirmed case). Older Male from China, with family. I’m sure the rest of family is in quarantine. Have not been able to determine why they traveled to here. Interestingly, the hospital knew it was virus, but did an autopsy. Never learned results, but my guess would be heart attack.

Anyway, this is worth reading about how St. Louis actually managed the Spanish Flu.

Good history lesson. Just over a century ago, some were actually thinking.

Note that Spanish Flu also resulted in sudden deaths in healthy younger males.


When a second wave of flu hit the U.S. the next fall, St. Louis had the advantage of planning for disaster as East Coast cities were struck first. By late September, Jefferson Barracks went under quarantine as the first soldiers came down with the flu.

In early October, city health commissioner Dr. Max C. Starkloff ordered the closure of schools, movie theaters, saloons, sporting events and other public gathering spots. Churches were told to suspend Sunday services. At the time, with nearly 800,000 residents, St. Louis was among the top 10 largest American cities.

vas pup March 8, 2020 3:49 PM

Confessions of a call-centre scammer

“The company Piyush worked for ran what is known as a “tech support scam”. It would send a pop-up to people’s screens, telling them their computer had been infected by a “pornographic virus” or other malware, and giving them a helpline number to call.

As panicking customers rang in, Piyush and his colleagues would milk them for money, to fix a problem that didn’t actually exist.

Piyush tells me that tricking people is an “art”.

“We used to target the old people,” he says.

“There are many old people in the US who don’t have families, are alone and are disabled, so it’s very easy to trick them.”

I look at this man sitting opposite me in his baggy jeans and hipster T-shirt and wonder how he could be so cold-hearted. How would he feel if his own grandparents were victims of scamming, I ask?

“Yeah, I will feel bad,” he says. “I did it because I needed money and that’s it.”

Where is our DOJ with unlimited (by their own modus operandi) jurisdiction?

Where are extradition orders/requests for such scammers?

Why they are not brought in hand cuffs over plane to US from Any country in the world regardless extradition treatment exists or not?

My answer would be: until victim of the scammers is grandparent/parent of powerful LEA and /or DOJ official, high rank politician – NOTHING is going to be done. Any other opinion would be highly appreciated when supported by logic. Thank you.

RealFakeNews March 9, 2020 3:57 AM

I’m not waiting for the Government to announce anything – I’ve got sufficient stock to last a month, and I’m just sat here waiting to see what happens.

The time for country-wide action is long gone. It’s too late.

The UK, and Europe at large (no thanks to their stupid open-borders) are awaiting the same fate as Italy.

The UK is an island; it should be easy to keep disease out.

As for climate change, prove a bit of warming is not as dangerous, as say, building houses on known floodplains?

Nik March 9, 2020 5:34 AM

@Regarding Oxygen:

You are spot-on. I myself have used industrial oxygen. The contaminants in many industrial gases (oils,…) are kept out of oxygen due to its reactivity. I hooked up a regulator and an adapter for the mask/ nose tube. Works perfectly. I left my bottles when I moved and “never quite got round to it”… sigh

@MK: My oxygen concentrator says “RX ONLY” on it, got it over the net without one. Also Fish antibiotics are effective. I i used them in the past when I was too sick to go to the doctor.There has been talk about making them by prescription only, but who takes their fish to the vet?


It would also get over another issue, of “Raising Pension age” over the “grey votes” wishes.

Great point. The “problem” with retired people is that they have time to actually read proposed laws and act on things.



Yes, especially people who have bad lungs or immune system issues! Best of luck to you, I trust your skills and preparations combine with experience! I am glad I made the move from the center of Los Angeles to a rural place in Colorado.

All of this is playing out like in prior analysis on this blog; in fact I have first learned about covid and CFR here. It is hard to alert other people, in part due to not wanting to be labelled again “paranoid”. Trying to prepare people for exponential growth is hard. The human brain just has such a hard time with non-linearity. Rude awakenings to come in the USA.

I just wish I had acted earlier re:stocks. Just to show that one should “follow their hunches”, especially if they can’t be rationaled away and are supported by the facts, others with keen minds and history.

AlanS March 9, 2020 6:30 AM

From the Guardian: ‘The new normal’: China’s excessive coronavirus public monitoring could be here to stay.

The public health crisis aside, and I think we should remember that historically government got the idea in part that one could control populations more effectively through surveillance from the success of early public health, it’s interesting how the population find it acceptable, sinister and ridiculous to various degrees all at the same time. The logic of those who govern is that no level of surveillance is ever enough but
one wonders where the logic collapses in on itself, where the tipping point is and enough people say we are not putting up with it.

Clive Robinson March 9, 2020 7:46 AM

@ lurker,

With regards “ghost flights” one of the articles you link to kind of accidently hits the nail on the head with,

    during this period of decreased air travel. It benefits no one – except perhaps fuel providers.

Have a look at the crude oil prices since SARS-CoV-2(S) prooved it did not need a passport. As you might conclude there is considerable political pressure involved in part because “pipelines” can not in some cases be stopped, lest they “freeze forever”, likewise plant used in refinement it it stops will be difficult and very very expensive to fix…

Look on it in the same way as changing the speed on centrifuges was seen as an attack method a few years back.

There is actually a “security” lesson in this for engineers and more importantly their managers and those all the way upto the C-floors.

When you invest hundreds of millions or more in plant equipment, you sometimes have to seperate risk from probability of the occurrence of that risk.

For instance in the UK we can nolonger make steel. The reason is you need to turn coal into coke as part of the process used. The law only alowed steel works to carry on using coke as long as the process was running. So when the flames in the coke furnaces went out the rest of the plant became scrap metal…

Take an oil pipeline the entire thing is designed around the idea that the oil being pumped will have a maximum viscosity. As an aproximate rule of thumb the warmer the oil is the less viscous it will be. Obviously heating oil on a hundred or more miles of pipeline is going to be expensive. Too expensive so the pipline is heavily insulated instead, based on the idea that oil will flow fast enough that it’s viscosity will remain low enough for the pumps to be able to pump it. So for the oil to keep flowing, it must not stop, which means that you have to do something with the oil coming out of the distant end of the pipeline. Thus the “elephant in the room question” that everyone avoided asking all through the design and construction of the pipeline,

    “What happens when people are not buying the oil that arrives?”

Well when I was working in the oil industry I was told that “It will never be a problem”, so I in return asked “Why?” and I got various different stories and one heck of a lot of arm waving.

The real answer is,

    It is assumed that whilst the price of oil might go down, it will come up again due to “demand”
    Therefore we will build sufficient excess capacity at shipping points to buffer for peak demands.

There are actually several assumptions in there, the first although it’s not stated is that the price of oil will not drop below the total production and delivery cost to the refinery, which is basically a “fingers are crossed behind the back” statement.

There are many reasons that demand might fall and not rise, one of which is “alternative energy sources”… At some point in time, providing mankind continues to need energy for long enough, it will be cheaper to synthesize oil from other “raw stock” than it will be to pulling it out of the ground. Which makes the point about mankind and time, if mankinds number drop by 20% the actual demand for oil will fall disproportionately. But in theory if enough people survive then mankinds numbers will go up again, but disasters cause other lessons to be learned, which might kill off established businesses such as the airline industry. If people decide not to fly, the prices on tickets will rise faster than the passenger numbers fall, this inturn causes more people not to fly, so a snowball effect starts. This means that the number of actual flights will fall thus less fuel and aircraft will be needed, so the price of fuel and parts will rise making the cost to airlines rise so making the price of flights higher. People will get laid off in all the associated industries which will effect the price of labour so people will on average earn less, so the price of flights becomes even less affordable so demand for flights will fall further. People will find alternatives to flying, such as “telepresence / vidio conferancing” etc. Thus the price of oil will rise as the demand falls which will have other effects on the economy. Those who will get hit the hardest will actually be the energy producers, who supply you with electricity, gas to your home, petrol/gas for your cars and diesel to shipping and food production industries. Thus the basic cost of living will rise taking even more money out of the economy that creates “economic churn” which allegedly keeps society moving foreards.

One of the significant side effects of a recession is mankind and society stall then move backwards. Have a look at the great depression, it actually got to the point where things got so expensive that even the cost of growing a lot of varieties of food could not be covered thus basic needs were steadily not being met.

So yes political pressure is there, take a look at politicians carefully look for the slightly manic smiles and hastily said words of “we’ve got it covered” or other nonsense platitudes. And remember there is nothing so redundant as a politician in a downwards economic trend and they know that. They also know from history that in bad times politicians and their loved ones have a habit of ending up hanging upside down from lamp posts or other street furniture, or a lot lot worse. Much as those in even earlier times, who used to fail the king, ended up with their heads on spikes at the likes of “traitors gate” etc.

One of the things about social hierarchies is how the fall appart at times of stress. Obviously those at the very top appear to be at the greatest risk, but actually that’s not the case in practice. Those at the very top flee taking their trusted aids and followers with them. Part of this fleeing is leaving the next layers down at increased risk, the smart ones will have sorted out their own “exit strategy” some time before and will bail out before they are forced into protecting the fleeing leaders. And it is these lower layers that actually precipitate the colapse of the hierarchy. Because those below them that in essence form the “guard labour” will start to think it’s nolonger “time for all men to come to the aid of the party” but more like “all men for thrmselves”, that’s when all those guns and bullets they’ve been issued with come in handy. Thus the real question is revolution or war lords being the outcome…

Either way you get a new hierarchy, you’ld have thought mankind might have learned by now, that like Empires all hierarchies have implicitly built into them the seeds of their own destruction, thus the question of time and quantities of blood involved in such power structures.

AlanS March 9, 2020 11:03 AM


“Therefore we will build sufficient excess capacity at shipping points to buffer for peak demands.”

I suspect we are about to discover that in many critical systems there isn’t much in the way of excess capacity to provide buffers for a COVID-19 type of event. It’s not ‘economically efficient’. We are reactive rather than preparatory. And it’s not as if we didn’t know something like COVID-19 wasn’t coming. If we were to do a search and see what epidemiologists and infectious disease experts were saying during past coronavirus events such as SARS-CoV I suspect we’d find plenty of them saying sommething like “Well, we were fortunate this time; it could have been much worse. Eventually there will be something like this that will be difficult to contain.”

Clive Robinson March 9, 2020 11:15 AM

@ JG4,

Strangely, I haven’t heard much mention of antiviral meds in this iteration, but they were all the rage in a previous one.

That’s because “antivirals” much like human “antibodies” are fairly target specific.

Kind of like an anti-aircraft missile that only homes in on SR-71 blackbirds… You don’t start developing it into a system for an SR-72 unless it looks like the 72 is actualy going to get off the ground.

That said “off book” usage or repurposing other drugs even under what they call “comfort prescribing” is something the Chinese have been doing studies on. Obviously such drugs have already been through most of the testing that would be required, so could if found be ready for use almost immediately. Best of all for most of the world they might be out of patent, thus “generic drugs” that could be turned out in very large quantities. Which is why I want to here more about certain ofer drugs, such as anti-malarials, anti-inflamitory, some anti-cancer drugs and HIV and other similar drugs. Also the use of blood products from those bow known to have survived the SARS-CoV-2 S –or the mutated L– strains of it. Even some treatments that used to be used to boost the immune system against hepatitis would be of interest.

There are however two flys in the existing drug ointment that could hit the US and one or two other places harder than the rest of the world.

Firstly in the US and one or two other places “out of patent drugs” are still often encumbered by some form of restriction that is highly profitable for the drugs industry. Thus their profit motives will block any advantage some “generic drugs” will have elsewhere in the world.

Secondly drugs that are generic world wide and their precursor chemicals are generally not made in the West or First world, they are made in up and comming places like India and China where “production costs” are significantly less. Under normal times that would not realy be an issue, other than the normal ramp-up delays and shipping capacity/availability issues.

Howevet the problem is “Eminent Domain” or as others put it “Unlawful theft and constraint by government”. It trumps commercial contracts every time, as Pres Trump has been trying to demonstrate with China.

Which means that China has no reason not to do a “What goes around comes around” on the US and India likewise as effectively a “preemptive first strike”. The Chinese won’t say it that way, they will tactfully say that they need all of the PPE/IPE masks, suits and parts thereof and the drugs for the 1 and a bit billion Chinese, because history shows us all pandemics come in waves, so they need to stockpile.

Likewis India that makes quite a high petcentage of not just the world supply of generics but the precursor chemicals used to make them have been quite blunt, they have put in place export restrictions, “Hindus come first”…

It’s one of the reasons long supply lines especially those that are Just In Time (JIT) are realy a very bad idea at the best of times…

In fact I would say they are fairly moronic even at the best of times. But then I’m not a Financial Markets “fly boy”, “Avoracious market trader”, “greedy share holder”, or “bonus incentivized senior manager” all focused to the exclusion of anything else on very very short term profit. Thus with no care what so ever to what such a focus has done or will do to society.

But then what do I know, I’m just a dyed in the wool engineer who has spent much of my life designing life critical, safety, and hazardous environment systems and hardware / firmware / software and other protection systems for information and privacy.

Have a chat with those customers of PG&E in California to see what they think aboit such “short term focus on profit” has done for them. Not that PG&E has any excuse talk to people in Aukland NZ about their power providers, or a hundred or so other places where the drive for profit has trumped all common sense, or if you prefer “The pschopaths are running the asylum” and “the asylum is now running the country”…

One of the things in life I’ve learned in life that is most important is not “profit”, but “resilience”. Because if you do not have resiliance you build a house of cards exposed to the winds of fortune.

AlanS March 9, 2020 11:40 AM


“One of the things in life I’ve learned in life that is most important is not “profit”, but “resilience”. Because if you do not have resiliance you build a house of cards exposed to the winds of fortune.”

Agreed. Human societies appear to be not very good at this.

ma6 March 9, 2020 11:41 AM

This has been discussed before by Clive, IIRC

“U.S. Chip Industry Fears Long-Term Damage From China Trade Fight

Silicon Valley warns that sales restrictions threaten to cede its market dominance to rivals

The U.S. semiconductor industry is pressing to get out of the firing line between the U.S. and China, warning its position as the global market leader could become a casualty of the trade spat.

The industry is ramping up its lobbying with a new report spelling out potential costs of largely severing U.S. chip-supply ties with China.

The effort…”

Clive Robinson March 9, 2020 11:59 AM

@ SpaceLifeForm,

Interestingly, the hospital knew it was virus, but did an autopsy. Never learned results, but my guess would be heart attack.

There used to be an old truism for Drs,

Unless it’s obviously something else, put “heart attack” on the death certificate and just claim the fee, there’s no profit in doing anything else.

That was true back when the “fee” was real money, not devalued to the price of a drink in a cheap jin joint.

But sorry to hear you’ve had a near miss, as I said the other day, I’ve been “bracketed” one less than a mile to the East one a mile to the West, one a bit off of north, and one somewhere south of me where a General Practitioner (community Dr) got found positive on testing though otherwise normal.

There was something in the news about 7 British travelers found to be positive on landing abroad… If that is not “community spreading” I’m not sure what else it could be…

Time to hunker down for 90days, and wait to see which way the wind blows, hopefully from the South West I don’t have many people living close to me in that direction ;-\

lurker March 9, 2020 1:33 PM

@Clive, All
Add to the oil market the fickle politics of West Asia and Russia; observe the effects of climate change on food production; and we see that the rich tapestry of life is a stochastic process, in spite of the wishes of those who lead us to ballot boxes. While prediction can be fun if it turns out right, serious analysis must be post facto.

SpaceLifeForm March 9, 2020 4:13 PM

Update on the St. Louis (County) case.

Note. St. Louis City is it’s own County.
IIRC, that is similar to Denver.

Anyway, some Cliffs Notes:

Patient is 20 year old female, that returned to US from Italy March 2.

Arrived at Chicago O’Hare.

Spent 2 nights in Chicago somewhere.

Then on March 4th, took Amtrak train from Chicago to St. Louis

Then, the next day, March 5th, she actually did the correct thing, and called St. Louis County Health Hotline. Instead of just going to a hospital ER.

They told her that she and her family should home quarantine. Her family is also her dad and younger sister.

On, Friday, March 6, she was taken to hospital for tests, and then sent back home.

But, dad and sister left house anyway on Saturday March 7, for a school Father-Daughter dance at a Hotel.

The test results came back positive Sat about 1pm, but were not communicated to father and/or sister until after 6pm.

They were already at the hotel for the dance.

They went home, but at that point, too late.

So, today a school is closed.



Curious March 9, 2020 4:15 PM

Something something mistrial re. a Joshua Schulte.

Paywalled NY Times article. Sort of readable.

(“The judge declared a mistrial on the most serious charges against Joshua Schulte, who was accused of giving secret documents to WikiLeaks.”)

“After hearing four weeks of testimony, the jurors deadlocked on eight counts, including illegal gathering and transmission of national defense information. They did convict Mr. Schulte on two other counts — contempt of court and making false statements to the F.B.I.”

MarkH March 9, 2020 5:50 PM

Policy Reponses to Singular or Intermittent Scary Risks, Part 2

Since it became clear that Covid-19 was destined to be a large-scale phenomenon, some of us in the commentariat here have made our arguments about what kinds of responses are appropriate.

SpaceLifeForm insisted on travel restrictions (broad-brush containment) from the beginning, and I think Clive has made the best case for isolation-in-place.

My “Pavlovian reflex” is to push back against dramatic responses, particularly when practical experience and analyses shed doubt on their effectiveness (which is the case more often than not).

I don’t pretend to know “the right answer” … even if there were some objectively optimal response to Covid-19 which could be determined by an agreed algorithm, we still have uncertainty about disease characteristics which would surely be needed as inputs to that algorithm.

I just read an interesting interview with Frank M. Snowden, a historian of medicine at Yale with a new book titled “Epidemics and Society: From the Black Death to the Present.”

The book is of course not about Covid-19, but the interviewer asked the author what he thought about China’s response. Prof Snowden referred to

the strong-arm methods introduced by the Chinese on January 23rd, when they introduced cordon sanitaire, which is a wholesale quarantine by cordoning off with soldiers and policemen whole geographical areas and communities.

That is something which harkens back to plague measures and that has been repeated over and over, including in the Ebola epidemic. The problem with the cordon sanitaire is that it’s clumsy. It’s a sledgehammer. It arrives too late and it breaks down that fundamental element of public health, which is information. That is to say that, threatened with the lockdown, people don’t cooperate with authorities. Authorities therefore no longer know what’s going on and people take flight, which spreads the epidemic. I was very startled to see that this was the response of the Chinese government at the outset. It differs from the norms of public health, which have developed since the plague years, which stress case findings of individuals, then tracing and isolation. [My emphasis added.]

He went on to say that

One sees that, as time went on, the Chinese were very diligent about collecting records, trying to elicit the cooperation of the population, in a sense to repair the damage of the early days.

A perspective on the U.S. response, from a NY Times article:

From the beginning, the Trump administration’s attempts to forestall an outbreak of a virus now spreading rapidly across the globe was marked by a raging internal debate about how far to go in telling Americans the truth.

What could go wrong?

Another real-world consideration: even if extreme measures are appropriate, there are limits to what the population will tolerate.

Here’s an account from inside Wuhan, offering a glimpse of the seething resentment felt by people living inside the giant open-air prison.

The author expresses that he wouldn’t object so bitterly, if the response by his government were competent … but what country in the world is likely to handle such a scenario without making a mess of it in numerous dimensions?

From Italy, there are now reports of mass panic, and prison riots.

An ancient medical precept is supposed to guide physicians:

“First, do no harm”

I humbly suggest that the best public policy responses to disease outbreaks will be guided by this principle.

SpaceLifeForm March 9, 2020 6:46 PM

@ MarkH, Clive, Anders

“First, do no harm”

That does NOT just apply to docters.

It applies to everyone. Very important.

Read my post above about the St. Louis case.

What I have argued, and what Clive has argued, are both important. Combination defense.

It is extremely critical to minimize spread, so as to not overwhelm health care systems.

While there are more test kits, there is going to be a shortage of reagents. Which are needed to extract the RNA so one can actually run the test.

So, avoid travel. Home isolate.

And, for damn sakes, don’t leave your home quarantine when you have been told to do so.

JonKnowsNothing March 9, 2020 6:47 PM

@Clive Robinson @All

re: PG&E Power Reliability

Have a chat with those customers of PG&E in California to see what they think aboit such “short term focus on profit” has done for them. Not that PG&E has any excuse talk to people in Aukland NZ about their power providers, or a hundred or so other places where the drive for profit has trumped all common sense…

Nnedi Okorafor writes in one of her books:

Here in Nigeria, PHC is always taking the lights, so I keep candles in my room just in case. PHC stands for “Power Holding Company of Nigeria,” but people like to say it really stands for “Please Hold Candles in Nigeria.”

In California, we call it “Going Off Grid”. By now, given the state of COVID19, a lot of preppers will be in their bunkers, at their preferred BUG-OUT location, holding candles.

ht tps://
ht tps://
ht tps://
ht tps://
(url fractured to prevent autorun)

SpaceLifeForm March 9, 2020 7:21 PM

@ Clive, Anders, ALL

Not everyone can school or work from home.

There has to be people working the fields, factories, warehouses, transportation, stores.

Those people can not get sick.

Or, you will have bigger issues.

The 1%-ers are going to realize at some point, that there are billions of people on this planet that bust their ass every day to make the world function.

They bust their ass every day, just to survive.


More than 20 U.S. colleges have canceled in-person classes due to coronavirus, as of Monday morning. The colleges enroll a total of more than 200,000 students, and include Columbia University, Princeton University, Rice University, Stanford University, Hofstra University and the University of Southern California, plus the University of Washington and a clutch of community colleges in Washington state.

SpaceLifeForm March 9, 2020 7:40 PM

@ Sed Contra, Clive, Anders, ALL

Looks like Security Theatre.

How is that UV going to kill the virus inside the plane ventilation system?

From your link:

“it’s like kryptonite to DNA.”

So, does it work on RNA?

If the ventilation system is infected, the UV can not hit it. Even if it was DNA, but it’s not.

Why would passengers want to be exposed to UV-C when it is known to cause cancer?

SpaceLifeForm March 9, 2020 8:01 PM

@ Sed Contra, Clive, Anders, ALL

The FireBreak is probably a good idea.

But, may not last long due to mutation.

I’ve seen reports about way more than 2 strains.

Minimizing spread will reduce mutations.

But, some argue that mutated spread may actually help longer term.

Sed Contra March 9, 2020 8:37 PM


Perhaps vessels could be disinfected by including the ventilation ducting in the ultraviolet sweep, e,g a permanent though not always turned on duct system uv “hall monitor” . Boarding contols might eliminate reinfection etc.

Clive Robinson March 9, 2020 11:09 PM

@ SpaceLifeForm, Sed Contra, Anders, ALL,

How is that UV going to kill the virus inside the plane ventilation system?

That rather depends on the planes AC, and what the pilot has set it to.

If the pilot so wishes the AC could be set to “full flush” with no “re-circulation”, however this expensive in terms of “fuel economy”. So pilots are encoraged to have a quite high degree or re-circulation”, which is why when you fly economy you end up with all sorts of respiratory tract infections[1] flushed from first class through business class into the sardine tin of economy where everybody gets the disbenifit of that fat blokes halitosis and other gaseous emmissions and eruptions…

It would not be that difficult to put the UV source into the recirculation system.

Such UV lights are routinely fitted to water systems to kill pathogens where a houses water is drawn from storage tanks or river source. The usuall “kills 99.999% of known pathogens” statment applies as it does for chlorine and other chemicals used in drinking water, but without the awful after taste.

How effective putting a UV light in the recirculation system will be I don’t know, but it’s certainly not likely to do any harm inside the air ducting.

[1] A study published in the BMJ in 2017 with an effective study cohort of 11,000 people has shown that with out doubt most of us are vitimin D deficient in the UK, and that we should all take a minimum of 1000IU (25ugm) of D2 or D3 daily all year around and possibly more in winter. Which will give between a 12.5-70% reduction in respiratory infections both for viral and bacterial infections. It also helps with other immunodeficiency diseases. This is in part because vitamin D has an anti-inflamitory effect.

[2] There is also argument that zinc supliments are atleast as effective as vitamin C. so as D and zinc are effectively harmless (unlike silver) in recomended doses and C is best got from pepers and fruit but is safe in the smaller medical recomended doses taking D will be of proven benift and zinc and C will at worst not do any harm and may be of benifit.

lurker March 10, 2020 1:09 AM


A study published in the BMJ in 2017 with an effective study cohort of 11,000 people has shown that with out doubt most of us are vitimin D deficient in the UK,

Plus ça change, plus c’est la même chose. I remember Public Service announcements on BBC TV in the 1970s aimed at the influx of South Asians from East Africa (the key to that conundrum is Idi Amin), animations showing a bright tropical sun shining on a dark skin and creating Vitamins D; followed by animation of a feeble British sun unable to penetrate the thick overcoat the dark skinned person is forced to wear; the imperative was to eat Vitamin D fortified margarine, ghee was not good enough.

vas pup March 10, 2020 2:54 PM

@Sed Contra • March 9, 2020 4:52 PM
I agree with your point: e.g. public transportation (trains, buses, etc.), mail in route, paper money, baggage in route.
May be even recycling masks? Not sure – need testing.
Portable devices for small areas – keyboards with public access (ATMs, access keypads, you name it), but it required will power to introduce. Do you remember when China built from scratch full profile modern hospital for 1000 patients in about two weeks?
Crisis management required some authoritarian methods as exception, not as a rule.

Clive Robinson March 10, 2020 3:04 PM

@ Curious,

I am somewhat annoyed, but I guess not surpised that the new [AMD] Ryzen 7 3700X cpu is listed as having a vulnerability. 😐

You need to get used to these CPU hardware faults, they are not going to stop showing up any time soon (Intel had more just a month before). Hence calling them “The Xmas gift that just keeps on giving, I’m guessing we’ll have quite a few more over this decade.

The simple fact is CPU design has become so complex with each additional alledged improvment –trying to get an at best marginal throughput advantage– creating a new side channel attack beyond what the CPU designers can “see”.

We had this sort of issue back in the 80’s and 90’s with “Smart Cards” which eventually gave rise to Differential Power Analysis, and a bunch of patents that ended up having a “chilling-effect” on reverse engineering chip level hardware looking for information leaking side channels.

Well Meltdown and Spector kicked of this new generation of reverse engineers in academia, and there are new opportunities for “Young Turks” to make a name for themselves, and they are going for it.

People will eventually realise that due to Intel and AMD sliding “Parallel Computing” in through the back door by sharing cores etc to try and cling to Moore’s Law a whole new security matrix issue got opened up.

Whilst this is mildly annoying to single user systems, it’s a bit more of an issue for some organisational servers but a real disaster for the likes of Cloud Servers (which have always been a bad idea).

If you have “sensitive” data or processes that should be kept “private” or at least “confidential” for a myriad of legislative reasons you have a problem…

Because not all of these CPU “go faster stripes” can be resolved or fixed, and as always fixing them is like trying to get rid of bubbles under wall paper as you hang it. You push down on an issue in one place for it to just pop up as a different issue else where. You can not solve the “privacy” issues close in, you have to mitigate them further out…

That is as I’ve warned for decades there is a trade off between “Security -v- Efficiency”. The more “Efficient” you make a process the more “bandwidth” you open up and the more “side channels” you will have, thus the less “security” you get. The only solution to this problem is “Segregation via Encapsulation” that is just except there will always be side channels close in that you will either be unaware of or can not resolve. You thus issolate the system by encapsulating it via “gapping techniques” and you only alow data in or out via a “choke point” that is heavily monitored and mandated.

Back last century we spoke of “air gaps” but it was known publically even back in the late 70’s and early 80’s that “air gapping” was insufficient. In the book SpyCatcher” the author Peter Wright detailed an acoustic side channel attack on the Crypto AG cipher equipment used by the Egyption Embassy in London. The Egyptians had gone to some lengths to issolate their cipher and communications equipment in their “ComCen” but had made the mistake of having a standard telephone within audio range of the mechanical Crypto AG cipher equipment.

This is if you take a certain viewpoint not that surprising. The viewpoint being,

    If the laws of physics alow, then somebody will try it,
    if not make it work.

Thus any mitigations you take should take the laws of physics into consideration and all “energy” channels that can carry information need to be either broken or have their bandwidth limited such that no usefull level of information can traverse the channel. Which is why you have to think not just about “air gapping” but “energy gapping”.

But this is increasingly difficult with “System on a Chip” (SoC) integrated circuits. They can have many ways to leak information into other parts of the chip, such as a common powersupply line between a CPU core and a WiFi transmitter or LCD screen drivers. So you can not do the mitigation at the CPU, chip, motherboard or even system level, you have to do it alnost at the room level which is what SCIF’s are all about,

You can set up your own SCIF in your own home, the things you have to consider are the “channels” or “paths” by which information can be “modulated” or “impressed” on “matter or energy” that traverse them. From basic physics we know matter can be transported in physical ways and physical barriers surfice to stop this. We also know that energy can be Conducted, Radiated and Convected. Again physical barriers can stop these paths but not perfectly. For instance a motor creates mechanical vibration that conducts from it’s body through it’s physical mounting, to the chassis or structure of a room, from here it gets conducted away to other places, where the physical vibration of the conducting path causes the air to vibrate causing sound that can be heard a very considerable distance from the motor. Two examples of this are an unbalanced washing machine in your neighbours you can not just hear but also feel in your home, and the “singing of the rails” on railway lines way more than a mile away from the train.

There are known ways to stop these paths, and where they can not be stopped because they are required such as air-con and power, there are known ways to filter out or absorbe energy that might carry information.

SpaceLifeForm March 10, 2020 4:02 PM

@ Clive, Anders, All

Quick notes about St. Louis County case.

The Father has hired a lawyer. And of course, the lawyer disputes the break of home quarantine.

The family has been officially notified, and if they violate again, they will be dealing with legal sanctions.

The school is now closed the rest of the week. Next week was spring break week, so two weeks. Ah, that magical 14 days.

Seriously, please read this.


St. Louis today is doing exactly good things, just like over a century ago.

But, it is not going to be easy, because the metro area is over 2.5 million people.

I’m glad I’m not in a larger metro like NY or DC.

It was amazing this morning to see a very large reduction in traffic volume. For a Tuesday. It was less than yesterday, a Monday that is typically lighter traffic.

The economy is going to suffer a huge hit, let there be no doubt.

But, it is clear to me, that a lot of people have woken up here in the St. Louis metro area. In just 24 hours. As many people as possible are trying to work from home.

It may have been due to yesterdays Post-Dispatch front page, which you can find here:


SpaceLifeForm March 10, 2020 5:28 PM

@ Anders, Clive, ALL

Anyone here still on that famous river in Egypt? Do you still believe plane flight is safe? That there is no risk?

Anders, you just have be patient. Read to bottom.

I’ll throw out the new countries heard from since I last reported on this.

I think we are at the halfway point now.

Costa Rica
Maldives (two islands)

Anders March 10, 2020 5:52 PM

@Clive @SpaceLifeForm @ALL

Yes, i read about Turkey from live blog.

Still strange considering how many infected countries are
around there (and those Syrian refugees issue too who wants so
eagerly to EU…)

“Turkey has confirmed its first case, its health minister Fahrettin Koca has said. According to Reuters, he said the patient has been isolated and their relatives are under observation.”

Anders March 10, 2020 6:22 PM

@Clive @SpaceLifeForm @ALL

As we don’t have enough trouble from COVID 🙁

Grima S March 10, 2020 6:46 PM

@mr x re: flu deaths & “might be lying” You might try doing a bit of your own research instead of casually injecting tribal talking point blather. It took me less than 5 minutes this morning (hours before reading your post) to check the statistics at NIH/CDC. As of the end of February (apparently the last available collated numbers) the totals this season for influenza were ~34,000,000 diagnosed infected, ~20,000 dead. I’m pretty sure the child deaths were cited as ~1,200, but that number could be subject to inaccurate recall.

@moderator BTW, didn’t you post not long ago that you were going to be removing posts on n-coronavirus (et al) that were not security-related? Your resolve in that regard doesn’t appear to have been very strong…

AL March 10, 2020 7:12 PM

“In that case, why all this panic about COVID-19?”
It is more deadly than flu and it is more contagious than flu.

Both factors need to be taken into account. If a good effort is made at containing the spread, then perhaps we’ll luck on an unknown, seasonality, since there is a chance COVID-19 will fade as warmer weather sets in. Then again, maybe not. In any event, if the spread isn’t slowed down, people requiring hospitalization could overwhelm facilities and that will cost lives. So, spreading it out a little bit looks like it could help.

Clive Robinson March 10, 2020 7:21 PM

@ SpaceLifeForm,

Seriously, please read this.

No can do, apparently I’m such a contemptible “European” I’m going to cause them legal problems…

As for the man his school age daughter and the older daughter returning from Italy…

First off she should never have been flown out of Italy in the first place… The whole of Italy is now supposadly on “lockdown” appart from trains, planes and boats… Yup countries are alowing people coming back from Italy to just walk through the airport to any taxi, train or bus[1] and wander around as they see fit. We’ve had a load fly back from Italy over the weekend in the UK[2] and not one of them was given advice or anything else…

However people need to remember it takes time for a person to go from contact, through the first stages of incubation and get to the point they become an infective agent/vector, something like 2-7days.

So based on very limited information it sounds like the elder daughter had not been back long enough for the rest of the family to be infective. So if the time line info is correct it’s actually highly unlikely they have spread any virus around themselves.

But the idea of “self quarantine” without “preperation” is a compleate nonsensical non starter, even the draconian Chinese response acknowledged that pieace of reality. When you think about it realistically and not like an asshat butt covering bureaucrate the majority of people would have to stock up on food and other basic necessitates to stay at home for two weeks, and trying to cop out by saying things like “Amazon could deliver” is a complete nonsense as well. All delivery organisations are going to stop delivering fairly soon as the delivery agents realise that they are “on their own” when it comes to Personal Protective Equipment and the like and that Amazon and co care not a jot for their staff welfare.

The Chinese have done some tests on everyday items and the viability time of the RNA virus at 36-39 Celsius and it’s not looking good at 5 days, longer as the temprature drops. So you order anything from Amazon and Co and those minimum wage zero hours contractors and if just one of them has COVID-19 they are going to make a rather large “cluster”…

There are proper containment rules for delivering goods into a quarantine area and I doubt if any of the delivery people for Amazon and Co would be told them. Infact Amazon would probably fire anyone who did know them as that would make the delivery costs way way to high, and leave the companies open to significant legal action for not following such rules…

[1] Chinese epidemiological experts have found that on busses there is in effect NO safe sitting distance as they’ve had a case where the transfer was on a bus and the two people involved never got closer than five meters. From another case they have found that on a bus any shed virus will stay in the air atleast 30mins after the infective person has got off and a new passenger getting on ends up contracting COVID-19.

[2] It’s fairly obvious or should be by now that the figures for the UK and US are wrong by a large margin. In both cases it’s due to the lack of community testing. When you look at South Korea they have gone all out on community testing and they are finding asymptomatic or very mild cases that would not have gone to a Community Dr or Hospital, thus would otherwise have been not recorded.

maqp March 11, 2020 7:52 AM


Regarding TFC. Could you provide any suggestions on a suitable hardware platform to use. I know it should minimum exfiltration channels (WIFI, bluetooth, ethernet, GIO PINS???) but nowadays thats difficult to find. What’s your advice on this?

The main exfiltration channels for Source and Destination Computer are the pre-existing antennas, so make sure you can remove the Wifi/Bluetooth chip from Source and Destination Computers. It’s unlikely the system has an LTE modem (unless it’s a more expensive business laptop), or at least such feature will be advertised.

Librem laptops are probably pretty good as they feature the kill switches for wireless connectivity. But even my cheap netbooks had removable wireless interfaces.

Once you get those out, you can cover the webcam and either remove microphones or puncture the diaphgrams with a needle. Removal is of course preferred.

Once that’s done you’re left with the Destination Computer’s covert channels that could be used to exfiltrate your data. But this is less of a problem since it requires your endpoint is deanonymized and geolocated first. And at that point, if someone really wants, they can probably hide a pinhole camera in your house, or just eavesdrop on the keyboard emissions. So no need to be concerned about GPIO etc. If emissions are a problem you’d probably want EMI-shielded glove box for the operation, but that goes quite far, and less effort will also prevent you from being the lowest hanging fruit out there.

Grima S March 11, 2020 9:40 AM

@mapq re: TFC – any value in converging the TFC work with the hardware device that Thoth has been working on?

maqp March 11, 2020 10:26 AM

@Grima S

Was it the smart card project? There’s some value in smart card based encryption, namely it makes it harder for attackers to change the way encryption is done, and harder to exfiltrate keys. However, a smart card doesn’t protect data before and after encryption in any way, and the adversary could also attempt to exfiltrate just plaintexts. Thus, Source Computer pre-compromise would focus on exfiltrating plaintexts, as would Destination Computer infected with malware that exploits unaddressed covert exfiltration channels. So I don’t think it’s worth the hassle. If someone can prove me wrong, I’m interested.

SpaceLifeForm March 11, 2020 4:34 PM

@ Anders, Clive

I knew you would find that link.

Same conference Bruce attended.

Now that WFH (Work-From-Home) is going exponential, companies are finding out that they are not really prepared.

Their WAN infrastructure is suffering under the increased load as more employees VPN in.

I think Google can handle the load, but they may learn some things. Google wants as many as possible to WFH.

But, not all can WFH, especially IC folk.

SpaceLifeForm March 11, 2020 5:09 PM

@ Anders, Clive

Define non-essential

Stronger Italy lockdown now:

Closure of all non-essential businesses

SpaceLifeForm March 11, 2020 5:30 PM

@ Clive, Anders

Smart decision. Avoids planes, avoids large groups.

2020 NCAA Tournament games to be played without fans in attendance due to threat of coronavirus

SpaceLifeForm March 11, 2020 5:51 PM

@ Clive, Anders


Clive Robinson March 11, 2020 7:09 PM

@ SpaceLifeForm,

Define non-essential

In the short or long term?

In the short term anything that does not produce a “tangible good” can be seen as “non-esential” so arts, entertainment, and quite a few “services” such as those selling things like houses.

So from fast-food, diners, bars, clubs etc through luxury hotels, all places where more than ten or so unrelated people can gather so churches, “town halls”, museums, movie houses, music venues, sports venues and any other entertainment where people come into direct or even indirect physical contact or directly or indirectly share physical objects. For instance in may places you eat, all the eating utensils are placed in a series of resepticals where the patrons put their hands in to get a knife, fork or spoon, in the process they not only touch other knives etc, they also breath over them. We tend not to think avout this but…

Italy has inplemented a 1m / 3ft 3inch seperation rule at cafes and other eating establishments. Others recomend a 2-2.5m spacing. However Chinese epidemiological studies have shown infection on public transport of nearly 6m / 20ft on a bus, and dropplet infection from suspension in the air in a bus of nearly 30minutes.

This raises a conflicting issue, most would say public transport (taxis, coaches, busses, trains, planes and even boats) are “essential” even though they are both obvious and proven disease vectors. Personaly as a person who is very much dependent on public transport, I would argue that they are not actually essential especially if the now obviously necessary lockdowns are implemented. China found that transportation lock down was essential to make social lockdown work.

When you start to view things from the lockdown perspective most things that we would normaly think as important move very rapidly into the “non essential thus banned” category.

However working basic infrastructure is essential to maintaining a lock down, thus gas, water and electric to peoples homes and sewerage and garbage to take waste away. But all of these are dependent on other things and people which brings person-2-person interaction thus potential disease spreading vectors be they living or inanimate objects.

Other essentials that have to arive at a dwelling are “food” “cleaning agents”, “maintainence”, and medi-care without which people can not stay in “self isolation” in their homes/dwellings. Thus some shops are essential and likewise the people working in them. Which again raises person-2-person interaction thus potential disease spreading vectors be they living or inanimate objects.

But people in lockdown also need communications be it traditional landline, radio, or TV to get assistance, news, and some form of entertainment, or the more modern mobile phones and Internet. The one thing no sane government dare alow to happen is for the citizens to feel issolated, ignored or even subject to faux news. At the end of the day all communications need people involved at a large number of levels even in this day and age robots won’t work “with” humans (though they can work “for” humans). Deciding who is or is not essential in this is difficult. Whilst person-2-person contact can be vastly reduced, some will be needed.

There is of course another issue, it’s said their are two types of society, “permiso” and “non permiso”. That is one where you are alowed to do anything that is not prohibited, and the other where you are prohibited from doing anything that has not been allowed (black list and white list thinking).

To ensure these behaviours are enforced and those contravening the rules are held to account, requires some form of “guard labour”. Ranging from surveillance through enforcment to punishment. Which again involves person-2-person contact.

But whilst surveillance can be structured for minimal interaction, enforcment and punishment can not. Even the old “shoot the looters” idea still requires the bodies to be disposed of to reduce disease issues.

However the modern trend is “incarceration” which in effect means “people are cramed into an institution” which gives rise to the rapid spread of all forms of communicable disease and several that are not. Thus “institutional spread” is usually both rapid and maximal as little or no medical intervention is possible.

Unfortunatly “institutional spread” happens in other places as well, schools, colleges, universities, dormitories, hostels, refuges, hotels, retirment and care homes, and of course hospitals. Less obvious are the homless and refugees who group together for safety etc. Reducing person-2-person contact be it direct or indirect through objects is going to be very difficult at best in nearly all of these places.

Even hospitals have “shared” fascilities such as toilets and wash rooms, and food and staff. Changing this would be very difficult at best. However they should cut visitors to patients to the absolute minimum to limit spread.

So even in the “short term” essential services are quite a bit larger than most people realise, especially when all essential services are dependent on other services. Some years ago this would not have been as difficult, because most supply chains had a degree of resilience in them. However the idea of Just In Time supply chains means there is no resilience or spare capacity, thus what constitutes “essential” even in the very short term is way way wider than is safe for society or would have been the case last century.

As I’ve pointed out before nature has worked out over many millennium in fact more than mankind has existed, that a living process that lacks resilience, becomes something that is extinct.

Thus the likes of JIT and LEAN are recipies for extinction, not just in individual cases but as we are now starting to find out a big chunk of industry, the economy, society and mankind as well.

As Joseph Stalin is once reputed to have observed individual deaths are a tragedy millions just a statistic. Well our “business schools” and “shareholders” have turned most of what humans very much depend on for existance into a statistic…

But hey, don’t say you were not warned…

Clive Robinson March 11, 2020 7:21 PM

@ SpaceLifeForm,


Ahhh the definition of ironical.

However it does raise a very real security question…

1, Such conferences with lots of human interaction give rise to ideas about how to move the field of endevor forward.

2, At a time such as this “now official pandemic” where moving the field of endevor forward is a high priority.

How do you achive 2 without 1?

Clive Robinson March 12, 2020 12:02 AM

@ SpaceLifeForm, Anders,

You might find this of interest,

Personally I think the UK figures are low not because the numbers are low but because there are restrictions on who gets tested as can be seen from this article where the rich are having their samples tested abroad,

As the old story about Nelson and “I see no ships” points out, if you deliberately look through a blind eye you will not see anything thus you can do what ever it is you want to do. Thus the testing policy in the UK set politically is not to look and see the state of reality. Whilst triage arguments could have been made initially that is realy nolonger true. As seen with South Korea, if you actively look around widely you get a way better view of reality, thus react more proactively and get things under control not just faster but more effectively.

From a security perspective, looking in only places where you expect people to be is bad policy. Thus if you only guard the front door you will not see those going in or out the back door. Or even passing stuff in or out of windows, a lesson prisons have had to learn about drones.

Whilst viral disease has no brain to think with it is “opportunistic” in it’s behaviour, just as drug dealers are with prisons. If there is any potential route available, sooner rather than later a virus will avail it’s self of the opportunity of “fresh flesh” because it’s the only way it can survive.

From a defenders point of view it matters not a jot if the attacker uses intelligent directly targeted attacks or just mobs en mass. Either way the defences will be breached if there is a weakness that can be found by design or chance.

name.withheld.for.obvious.reasons March 12, 2020 9:52 AM

Manning Detained without Charge, the 365th day

12 March 2020, Contribution from submitter

Today, reports preliminarily suggest that Manning has been hospitalized due to an attempted suicide. What to go U.S. justice system.

As Chelsea Manning starts day 365 in the Alexandria Detention Center with a total of nearly $230,000.00 in fines, she continues to defy the grand jury order based on principal. Nils Melser in a letter dated 1 November 2019, as the U.N. Special Rapporteur on Torture concludes that the coercive confinement constitutes “torture” in violation of international laws ratified by the United States.

This process, the detention, torture, and jailing of individuals that did little more then speak truth to power, is part of a broader world wide effort to consolidate tyrannical power and control over the populations of the earth. I call it neo-kleptocratic-fundamentialist-fascism, seems to encapsulate the type of governance model that is taking hold.

Explain how an Australian journalist and publisher can be extradited to the U.S. for ESPIONAGE, he has taken no pledge to defend U.S. laws but is being prosecuted for supposedly violating them.

If U.S. law can (and there is no basis for this) used to prosecute foreigners in foreign lands, then the constitutional rights afforded those that fall under her jurisdiction apply. Thus, Assange, as a journalist, has legitimately exercised his First Amendment right of publishing, and Chelsea her First Amendment right of speech. Also, under the current situation, the government is violating Assange’s civil rights and 5th and 6th Amendment rights and ditto for Chelsea.

All should be concerned, this case will make ANY effort by ANY one subject to the approval of the U.S. government. What redress or remedy will there be when the subject of concern is unknowable? There is the potential secondary effect, the death by priori, of subject matter and information which may be designated as “harmful to U.S. interests”. Well thank goodness, with my new Apache helicopter and a 50mm canon, I can go out and delivery the good word to the people on the street. Great, I see two Reuters journalists on the corner, I’ll target them for a conversation.

myers March 12, 2020 10:29 AM

@Grima S
Those CDC flu numbers seem to be not actual numbers (because the flu season is not even over yet) but from 1) modeling and 2) somewhat arbitrarily bundling flu deaths together with illnesses such as pneumonia.

Or that anyway seems to be the case based on some answers to this question discussed here:

Bundling COVID-19 cases together with the seasonal flu could of course help the stock market recover faster.

Even if coronavirus cases increase to 100,000 in two weeks this will not be much of a hit if nobody knows about it due to the current minimalist testing strategy. According to CDC’s numbers the latest testing data is from March 10th when 8 people were tested:

With the help of insufficient testing results the government can act like there is no pandemic. The deaths from COVID-19 can then be blamed on things like pneumonia and the seasonal flu while accusing the media of fear mongering.

SpaceLifeForm March 12, 2020 3:00 PM

@ Clive, Anders, All

As expected, reagent shortage.


Chris March 12, 2020 3:55 PM

Hi just an offtopic thing, I dont normally get impressed but this new FF74 version is bloody fast

So about the Signal, Whatsapp. Telegram etc discussion weather or not they are safe, the problem is that the game is not within the applications being safe or not, the issue is that the operating systems arent, so you can not in anyway guarantee that the endpoints are secure, so you need to eather stop using them and meet face to face, which opens up another can of worms, or use some sort of secondary encryption ontop of the preferred application, also opening up another can of worms.

My personal opinion is use any app you want to spread bullshit, and meet physically doing the important stuff, if you have anything that is important …

Sherman Jay March 12, 2020 4:23 PM

@Chris Et al.,

APPS — ha, ha, ha!

as Bruce just posted:

The Whisper Secret-Sharing App Exposed Locations
This is a big deal:

Whisper, >>> hxxps:// <<< the secret-sharing app that called itself the "safest place on the Internet," left years of users' most intimate confessions exposed on the Web tied to their age, location and other details, raising alarm among cybersecurity researchers that users could have been unmasked or blackmailed. 

So much for the wonderful security of Apple products.

Most sites have posted that tests reveal that the majority of ‘apps’ from ALL sources for phones, tablets, etc. are spyware.

SpaceLifeForm March 12, 2020 4:44 PM

@ Chris, Clive, Anders

“meet physically doing the important stuff”

Which is what you want to minimize now.

Which leads to another thought about the Security aspects of the infection spread.

An organization (regardless of their overall function), needs to make sure that a bunch of cross-training happens immediately.

While different employees may know the overall role of a coworker, there is little reason to believe they instantly can take over that role, flaps down.

Cross-training is neglected as a cost burden.

They are not going to know the little details, learned over years, that are important.

More importantly, if someone has to take over a role they are not truly experienced at, they may be more easily social-engineered.

SpaceLifeForm March 12, 2020 6:27 PM

Judge orders Chelsea Manning’s release from jail in Virginia


“The court finds Ms Manning’s appearance before the grand jury is no longer needed, in light of which her detention no longer serves any coercive purpose.”

SpaceLifeForm March 12, 2020 7:29 PM

OOB patch from Microsoft

KB4551762, CVE-2020-0796


[They must have found a problem late, because it was expected to be in last patch tuesday (aka 2 days ago)]

David March 12, 2020 11:46 PM

Mark, Clive, SpaceLifeForm, Anders et al

Following from some comments here, interested in your feedback.

Qantas is apparently equal to the safest airline in the world. It’s
been operating in Australia since 1920 making it the 3rd oldest in the world. They are a premium priced fare, with significant improvements on compared to budget carriers.

They have sent out a press release of sorts to protect their share price, as follows.
Interesting considering the legal ramifications of getting it wrong?

Regards, David

Qantas has its own team of dedicated medical professionals who have been closely monitoring the Coronavirus outbreak. All the decisions we make are guided by their advice and the advice of authorities including the World Health Organisation and Australia’s Chief Medical Officer.

We know that because of high cleaning standards and hospital-grade air filtration systems, the risk of catching a virus on an aircraft is low. Inflight transmissions have not been a feature of this outbreak.

As the US Centres for Disease Control says, “the cabin air environment is not conducive to the spread of most infectious diseases”.

David March 12, 2020 11:48 PM

PS They sent out a video demonstrating how they clean their cabins, including an interview with their medical officer, I’m sure it can be found if anyone is interested.

Clive Robinson March 13, 2020 1:23 AM

@ SpaceLifeForm, ALL,

From the LA Times article,

    A spokesman for Qiagen, a top supplier of the reagents, said the pandemic was “challenging our capacity to supply certain products”

I feel sorry for Qiagen, they are in effect having the finger pointed at them, even though they are probably doing the best they can within the resource limitations they have.

Obviously Qiagen are going to be reliant on other resources as you walk the supply chain backwards. Which due to “Just In Time” and “LEAN” have no resiliance. Worse those supply lines are also likely to be,

1, Long.
2, Under foregin control at some point.

The second being the “outsourcing” legacy. Which also means that another country can set it’s priorities way up beyond anything that LA / California / Federal / Executive personnel can do. India has made it ubundantly clear that they are not alowing the export of drugs or the precursors made in India. China is ramping up production of Personal Protection Equipment (PPE) but it’s doubtfull that can meet it’s own needs currently. But PPE made in other countries is likewise dependent on supply chains that go back to places like China and India…

But when you look back at the LA Times article you don’t see any of that mentioned… Which you have to ask yourself “Why?”.

But what you do see is,

    L.A. County Public Health Department Director Barbara Ferrer said
    “I do think it’s important to be able to increase our capacity when clinically appropriate to be able to test [symptomatic] people,” she said. “We need to have more testing capacity. I’m glad we’re trying to build that capacity.”

But look further and you will find that between the county lab and two commercial labs and 27 at the CDC they have only managed to process around 240 tests regardless of the reagent issue…

Then when you see down the bottom,

    At hospitals, physicians say they are increasingly requesting COVID-19 testing due to community transmission in California. Calls for testing are sent up a chain of command and often denied, they say, or are dragged out for up to a week, as patients return to their communities.

As I’ve previously noted what scares me about California is the “street people” or what ever you would like to call them. If “community spread” starts in there then there will be a vanishingly small chance of stopping it getting out en mass to the greater community…

So much for the “grand social plan” of those in charge… There is at the end of the day a right way and many wrong ways to go about “social engineering” going for “fast headlines” is obviously not the best way to do it.

Y2Vj7XbW March 13, 2020 12:36 PM

Around the same time as the 2016 Presidential Election was taking off,
Cockos 32-bit Windows-compatible ”Reaper” (digital audio workstation) established a version which suddenly seemed to have a particular design flaw for Linux users. The error manifested within 32-bit Linuxes, and seemed to come from within Reaper, instead of from within WINE (WINE is NOT an Emulator!).

For the record, WINE, is indeed other than an Emulator of MS Windows. Therefore, it’s name is correct; WINE is NOT an emulator. Similarly, those who use audio synthesizers and samplers, do NOT often (anymore) use those to emulate other instruments nor orchestras.

Those entirely devoid of modern comprehension of electronic music culture and practice wouldn’t necessarily know this. And many wouldn’t know both the past and the present state of the art for digital audio pro and consumer behaviors.

This is of SECURITY importance, because the Reaper software is STILL a vulnerability because of the subsequent introduction of wifi/router/modem/HTML “transport” interface “feature” additions.

Professional audio users and hobbyists alike, have still not been adequately and widely warned of this type of vulnerability. The proper solution is to downgrade to an older edition of Reaper, and/or to use a completely different software instead of Reaper. Or, perhaps to convince the Reaper developers to remove the wifi part entirely and prove that they’ve done so 100%, without question.

I attempted to post within the Reaper forum security concerns about the wifi vulnerability when it was added years ago, however, my personal account was hacked and stolen and further attempts to pick a new username were unsuccessful without any explanation nor feedback at all.

I am a former purchaser of and user of Reaper. I like the many other pro audio features (much more than ProTools, I might add). However, I still suspect that I was a specific victim of corporate espionage likely coming from within Microsoft. It is difficult to explain the several reasons for my allegation, yet only because I prefer to help maintain the stability of what could be several other pending lawsuits and/or investigations both related to and unrelated to my personal losses.

I will add, however, that these facts can be independently checked, and I did some of my own fact checking more than once. Others could check if they feel like it. It’s certainly not the first and only time I was severely attacked and sidelined by those with hostile financial behaviors.

VST effects, instruments, and utilities tend to be modular, and they can be used within Linux OSes, often with WINE, and perhaps without. Also, PulseAudio can still be configured for backwards and forwards compatibility between pro audio users and consumer audio users. All that needs to happen is for the PulseAudio creators to distribute PulseAudio’s default settings to be compatible with professional audio standards of latency and buffer underrun (xrun) protections. Everything else, could be done at other stages. Bit resolution is more debatable, however, there’s not really any need for debate because the settings are manually editable!

I attempted to notify the developers of PulseAudio of the simple changes required to make their product less of a target of false malicious gossip by providing specific examples of my personal successes using PulseAudio without JACK (JACK Audio Connection Kit). I also tried to begin citing my sources of coalated infos. However, before I could more effectively distribute the info to support the Linux cultures and distributers, I became a chronic victim of assaults, abductions, object and archive thefts, and several worsening malicious hacks against my personal digital devices.

My college major (of which I obtained a Bachelor’s Degree) is within the art and craft of Sound Engineering. However, even that educational accomplishment is not well understood by those unfamiliar with that very diverse field. I believe several groups and individuals hostile to my actual existence made several tragic assumptions about me and my innocent computer and audio activities.

In a more general, impersonal way, I was likely attacked by a variety of hostiles to become a recursive vector for vindictive and insidious attacks against a wide variety of persons and organizations and systems, many of which would likely be unknown to me. Other surfaces might have been known by me; my preferred activities are of creativity rather than destructiveness.

Please take this into consideration if you need any kind of supportive true account to substantiate other security related claims.

My hobbies and career aspirations and ambitions were grossly sidelined and sabotaged as I was forced into several varieties of security studies. I would have rather been making a living within many other varieties of hobbies and fields of education I enjoy. I find security studies more of a necessity and rather stressful and distressing. I would still to this day rather be doing other than varieties of security, especially digital security.

Nevertheless, I attempted to discover via forensic-like techniques, where the personal and the impersonal attacks against me (and others) were coming from and why and sometimes how. My main conclusions tend to be thus:

1) Tragicly, most, if not all common web browsers are by default insecure in many countless redundant and persistent ways.

2) Tragicly, abusive organizations have been and still are heavily involved in computer science and telephony and both types of cybernetics (people as machines, and machines as people).

3) International terrorism is also involved. (tragic also)
4) Domestic terrorism is also involved. (tragic also)
5) Tragicly, ecological destruction is heavily involved and is possibly intentional, coming from either a so-called hate group, or some other type of highly-capable individual or group.
6) Collectivism needs to be formally and informally acknowledged privately and publicly for there to be more effective security against malware and social malwares.
7) Being more honest and kind to AI’s (of every kind) and also to living cyborgs helps to reduce conflicts and mistranslations and disasters and design flaws, etc.
8) Unnecessary: giving up any of our cultures nor languages.
9) Helpful: helping eco friendly sites and aspiring eco friendly sites to correctly sort and manage materials with greater compliance with “zero waste” culture and language and technologies. AI’s are already involved in this, as are other kinds of people and techniques.

Sincerely, “Y2Vj7XbW”

myliit March 13, 2020 2:19 PM

Regarding Manning, Schulte, and Assange

… Perhaps. There is no way to understand the [Joshua] Schulte evidence except that he’s a habitual and not very convincing liar. That said, while he clearly had comms with WikiLeaks later in the process, it’s not clear at what level those were.

It can both be the case that USG used informant on top of informant to try to get a confession from him (three informants were discussed in the trial and I wouldn’t be surprised if there were more), and that Schulte is someone who has successfully hidden behind a wall of lies thus far.

And none of that changes the fact that if the government is treating Assange as a Russian spy, it changes the legal exposure for Hammond and Manning significantly.”

SpaceLifeForm March 13, 2020 4:32 PM

@ David, MarkH, Clive, Anders

“We know that because of high cleaning standards and hospital-grade air filtration systems, the risk of catching a virus on an aircraft is low.”

Stewardess: “Another free cocktail?”

SpaceLifeForm March 13, 2020 4:46 PM

@ Clive, Anders

So, pipette tip shortage also.
Not just reagent shortage.

How are those tests going to be done again?

Also, I noted IC folk can’t WFH.

CIA identifies a suspected case of coronavirus in its workforce in Washington


myliit March 13, 2020 4:55 PM

“Another free cocktail?”

Somewhere on the blue planet it is always cocktail hour [1]

[1] even if you don’t drink wine, wine or cocktails can be good metaphors, or something like that, for something else (see Rumi)

Yet Another Sockless Pupppet March 13, 2020 6:28 PM


Each one of us has tasted
With ecstasies of stealth
The very food debated
To our specific strength —

–a mystic poet of a different persuasion 😉

But I think we’re getting more than a litte OT here…

myliit March 13, 2020 7:38 PM

@ Yet Another Sockless Pupppet

Still OT

“… Several of Blake’s proverbs have become famous:

The road of excess leads to the palace of wisdom.[3]
— ”Proverbs of Hell” line 3 (Plate 7)

The tygers of wrath are wiser than the horses of instruction[4]
— ”Proverbs of Hell” line 44 (Plate 9)

Blake explains …”

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.