Friday Squid Blogging: Vegan "Squid" Made from Chickpeas

It’s beyond Beyond Meat. A Singapore company wants to make vegan “squid” — and shrimp and crab — from chickpeas.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on May 15, 2020 at 4:19 PM113 Comments

Comments

Scott May 15, 2020 4:47 PM

Simple tech question: Is it possible to ban cryptocurrencies in general and bitcoin in particular by the US globally in the current international climate and going into the 2020s?

I’m probably more bullish on the US dollar from the other side of the pond as many of you Americans here, as I don’t suffer from gloom and doom American exceptionalism. 😉 But when there is a crisis, whether it’s 2008 or 2020, the US dollar is regularly the stable reserve “escape” currency to the rest of the world.

See more on the bullish US worldview in this recent, excellent interview with geopolitical strategist Peter Zeihan by Anthony “Pomp” Pompliano on youTube. Or in Peter’s books.

Congressman Brad Sherman is quite hawkish in his rhetoric and his willingness to ban bitcoin. But is he able to do so?

Alejandro May 15, 2020 5:09 PM

Apple and Google are building a virus-tracking system/ Health officials say it will be practically useless

Because: the app “won’t share any data with health officials or reveal where those meetings took place.”

So that’s good, but it could be bad. What if the government (aka health dept.) really does want gobs of personal data for their public data bases? And, their whining is more like opening gambit posturing?

If they make a big enough stink about it, maybe Congress will pass a law requiring the app to disclose plenty of personal and location data. Which then of course can be accessed by state, local and federal police and governments for the common good. Because: Security.

Anyway, let’s hope this app FAILS some more.

Canon May 15, 2020 6:01 PM

Hi guys so what are we going to talk about today

First of all i have had communications and IPSEC, X25 and ISDN security as a background, i have also worked alot with stuff like Netware and OS/2 to name a few things from the past, and lot got myselfe into securing those things back then there were a mish mash between DEC/3270 world that got transformed into what we today see as a PC world. So in the PC world we got new challenges such as email, i worked some for building somekind of email solution using OS/2 and DEC VAX stuff for a governement so to speak, if you have followed me you could see what country that might be.

Bach then email traffic was like a container file with a keyfile that had the encryption key. so if you could break the password for that particular key that would give you access to that persons whole email conversation obviously.

Since allready back then i was into what today would be called hacking, i realised this and i cracked the algorithm for this particular email providers email system.
Nothing to write home about, i guess except that this particular email provider was used for a governement where i also happened to be an sysadmin for, so i had the keyfiles and the container files, and i could access the email without nobody knowing.. i realized that it was a problem, and i let them know…

This was i would say 1003 and that have let me to where i am now…
hahha so what i am today is as before, i am older ofcourse. I dont just do email, but i have the same white hat mentality, this i think is important.

Anyhow. I go brew some coffee, and think what i could learn you today… if not anything i have found some dude that thinks like me and is quite good securing android phones. check him out, i dont have any affiliations with him though… brax.me

Be right back need some coffee

Canon May 15, 2020 6:30 PM

Ok so before i start looking about intresting things there is actually something allready to mention regarding IPSEC…

Short answer: dont use it
Long answer: dont use it

IPSEC became popular around 1999 and there was lot of money to make if you didnt know how to make IPSEC interop point top point links, somewhere after 2001 probably due to 9/11 Cisco and others started to have the IOS and Juniper as well to make the IPSEC buggy not working well etc. my personal retrospect view after snowden would be that it might have been as designed..
PFS solutions never workedm DF Group 5 only never anything abouve that group was pushed forward except in the Linux/Opensource world
could give a hint of a possible “lets make sure IPSEC isnt secure” feeling

Canon May 15, 2020 6:44 PM

ISDN heh
well for one thing that let to another i might be the person that have installed most ISDN routers and debugged ISDN networks in the country of Greta, i have been to many places, some so secret that not even the secret service did remember they existed 🙂

So ISDN is very intresting and actually cool, however the ISP wanted too much money from it. But it was almost as an extension for an ATM network so ISDN was allready built in the backbones, just as a scaled down version

Ok I dont remember any details but i do remember that having ISDN home and having an Cisco router and putting that in Debug mode made you King, this was long before normal personse knew about ANI numbers or such, and even after that came, an Debug window could tell the international numbers as an example

I never tried to hack that but I can imagine it was very intresting if done properly

Canon May 15, 2020 6:54 PM

X25
Then we come this secret
Thank god the people that designed the protocol knew what they were doing…

Its build for realtime comms for low bandwidth and its not possible to hijack
Today its used as things like Packet Radio in Amateur Radios but also most implementations towards a 5250/3270 terminal using serial comms are using X25, as examples of this would be an ATM as an Automatic Teller Machine among other banking stuff… stuff

They are totally unforgiving, one minor parameter wrong in the setup, and it wont work, and debugging the whole thing is more or less a trial and error thing…
I guess Northkorean technician today are the best X25 technician on the planet however

Canon May 15, 2020 7:05 PM

OS/2 and Netware
Yes so badabadabing badabong
Netware was actually and in my opinion still is a very intresting concept

I cant think of a more secure operating system today even.

So and then we have the lovely and sexy OS2 that IBM destroyed in my opionion behind that banking curtain

Anyhow i got involved with what I am mostly working with today via OS2 since Citrix what i work with today was first introduced via serial line comm links to a multiuser OS/2 backend that was used in banks and governements etc… winview 2.0 was infact used at a castle near greta to get a perspective to where Citrix comes from also 199x btw so Citrix has been in the game for far longer than people realize

Canon May 15, 2020 7:20 PM

Mistakes,
so I am tired now from working this week and tonight too much guinness…
I realized last week i made a mistake so i thought ok i can go via my real IP since its allready known.. so Enjoy when you can 🙂

I do learn from my mistakes and this it the last time i do that mistake again…
So for you that dont know the mistake was
that my stupid router forgot to do a torsocks for a particular thing so 2 points could be meta challenged and made to one point.
Aka a match, aka zucking busted 🙂

So when you do a semi or “full anonymoys” thing document what you do, do it right and dont do it when you have drunk too much guinness

Have a good evening
//C.L//

Canon May 15, 2020 7:36 PM

U3 security in USB
Oh then i forgot some thing that also was the king thing i would say around 2006-2007 ish

Was that there was something called U3 for USBs i think that what ive read about Stuxnet it was infact based on this flaw…
i could be wrong though, but this U3 flaw
i have hardly every heard anyone talk about and it was “motherfuckin awesome”

I used it all the time, it was infact brilliant, since you couldnt stop it, if your USB stick was prepared for the “Trojan” it was run period and it was very powerfull

Such a pity that U3 thing dissapeared 🙂

myliit May 15, 2020 11:10 PM

@V

More problems with evoting or voting apps. [1]

Of course, if you can pull it off, postponing or cancelling an election might be preferable. For example, avoid pesky audits altogether vs.things being found not to be auditable. Alternatively, claim the election was rigged, don’t concede, and hope that the Marines(?) don’t drag you from office. Who exactly might physically remove a rogue president, who refuses to concede an election, from power?

[1] https://www.schneier.com/blog/archives/2020/03/internet_voting.html

https://www.verifiedvoting.org/verified-voting-puerto-rico-veto-letter-p-s-1314/

MarkH May 16, 2020 7:25 AM

@Scott:

I suggest that the question you asked (about the banning of cryptocurrency) is neither simple, nor technical.

It’s a legal question, and probably a rather involved one. Entities such as BitCoin consist, if I understand correctly, as ledger entries in binary files maintained in a large international distributed database.

To ban such data files would be both silly, and unenforceable.

What could be banned, are various types of transactions. How this might work would probably depend on existing structures and laws.

Some countries have laws in effect requiring that their businesses conduct domestic transactions only in the national currency, which would seem to exclude cryptocurrency.

In Canada, business use of cryptocurrency is subject to a variety of regulations, and some banks forbid use of bank cards to make cryptocurrency purchases.

I believe that some countries have even outlawed “mining” of BitCoin.

What might be enacted would depend in part on the extent to which legislators first ask, “is it practical to enforce such a provision?”

Grima S May 16, 2020 8:10 AM

@Canon re: 5250/3270 – You do realize that those device families were merely “dumb” (relatively speaking, they were somewhat “smarter” than a teletype 🙂 terminals fronting IBM 370 (et al) and IBM System/3X (including AS/400) processors, do you not?

@Mark H & @Scott re: cybercurrency – I agree, and the likely choke points are at the financial institutions processing the transactions, since those institutions require government licences to operate. The OP would be well-advised to take his research in that direction. He would also be wise to research what happens to a “stable reserve currency” when you pump out 5 trillion or so addtional certificates without adding to (actually, arguably, subtracting from) the value represented by those certificates. The Weimar Republic and Zimbabwe would be good reference points to begin that effort.

Scott May 16, 2020 8:30 AM

@MarkH,

I appreciate your answer. Here’s the Peter Zeihan podcast I referred to in my first post: http://www.youtube.com/watch?v=ygrurjeTfTU

It’s a little long one but it will entice your curiosity. Hopefully it gets through the filter.

Peter argues to imagine a new world emerging in this decade where the US is even much more like a world hegemon than currently it is. Brief history: After the fall of the Soviet Union in the last 30 years the US unilaterally provided worldwide security. But it found providing such security is no longer in its interest, the US retracts to North America and the rest of the world will have to figure out how to provide for their own security, to each his own. (Peter argues the more than 100 Democratic presidential hopefuls, or whoever the next president is going to be, are even more economically nationalistic and isolationist than Trump is.)

A world like this, much like as my favorite funny map describes, nothing against Americans, but this is how the map looks: interculturalmeanderings.files.wordpress.com/2011/07/the-world-according-to-america-2.png

Peter Zeihan’s books are titled: The Accidental Superpower, The Absent Superpower, and Disunited Nations. You see a pattern here.

So in this new world the US dollar become even more a reserve currency and a safe haven for the rest of the world (As described on the map, “Here Be Dragons”). If you let your imagination run wild, in this new world, what possible technological or legal means does the United States have to outlaw bitcoin and crypto? Really, get your imagination run wild, whatever dark sci-fi scenario you can come up with. I mean Peter’s vision is almost like that. As I said in the first post, congressman Brad Sherman is already very strong on at least the rhetoric to “ban” crypocurrencies in general or bitcoin in particular and these kind of voices may intensify and get more traction in the future.

Bitcoin is regarded by some as either a safe haven or a transaction tool, used for example if you want to get money out of a closed regime like China. As discussed in the last 20 minutes of the podcast.

On the flip side for some positive bitcoin evangelism you guys may be interested in checking out the work of Andreas Antonopoulos (YouTube and books, both highly technical and educational). But he has so much to say about the topic I don’t even know where to start with him.

Scott May 16, 2020 8:40 AM

@Grima S:

He would also be wise to research what happens to a “stable reserve currency” when you pump out 5 trillion or so addtional certificates without adding to (actually, arguably, subtracting from) the value represented by those certificates. The Weimar Republic and Zimbabwe would be good reference points to begin that effort.

Me previously:

I’m probably more bullish on the US dollar from the other side of the pond as many of you Americans here, as I don’t suffer from gloom and doom American exceptionalism. 😉 But when there is a crisis, whether it’s 2008 or 2020, the US dollar is regularly the stable reserve “escape” currency to the rest of the world.

You should just check out how the exchange rates changed in the last few months, the US dollar vs. every other currency out there.

Yes, Ive read about the American psyche that it’s either catastrophe or glory and nothing in between, but no, as someone from the rest of the world I can’t share your pessimistic outlook on how American can handle this crisis vs. the rest of the world. I mean, sure, the US could handle this crisis better but for god’s sake, for reference, Europe hasn’t even solved its 2008 crisis yet. So in this regard America must do better, right? You may find Peter’s interview interesting to challenge your views. 😉

Scott May 16, 2020 10:31 AM

@MarkH,

My answer to you seem to have been deleted. I don’t know why, it’s me with the same tone as I used in my answer to Grima S. ¯_(ツ)_/¯

Anders May 16, 2020 7:00 PM

Supercomputers in Europe hacked.

mobile.twitter.com/PatrickBeuth/status/1261265952202788866

Jon May 16, 2020 9:59 PM

It’s worth noting that while hyperinflation wipes out savings, it also wipes out debt1.

E.g.: If you borrowed a billion dollars to build a ‘bread factory’2, and hyperinflation causes the price of a loaf of bread to rise to a billion dollars each, you just sell one loaf3, haul the results down to the bank, and lo – you now own your giant factory free and clear for a loaf of bread.

So if you are massively in debt, yet have spent that money on useful assets – then hyperinflation is a very good thing for you. Given the current debt-funded U.S. economy, I suspect there might be quite a few people who would welcome a lot of inflation.

Yeah, I know, “It’s Not That Simple”. But the fundamentals remain.
J.

^1 To a certain degree.
^2 “bakery” doesn’t really apply, at this scale
^2a And presumably a long-term loan at a fixed rate
^3 Of course, the cost of your ingredients has gone up too – unless you’re vertically integrated. But that doesn’t really matter.

SpaceLifeForm May 16, 2020 11:21 PM

@ Paul

I believe Zoom acquired Keybase to placate.

Folks at Keybase (per reports) know of nothing new. No development plans, no integration plans.

Zoom bought lipstick for their pig.

Clive Robinson May 17, 2020 1:39 AM

@ Rachel,

Really something to behold. I salute the designer.

It is also highly inventive and takes keys into the “third dimension” for keyway profiling.

Importantly it’s one of those inventions that are instantly obvious after you’ve seen them. Such inventions are actually very rare indeed, most inventions and their coresponding patents are tiny increments on existing ideas.

And yes as per that I’ve already thought of an inventive upgrade[1], and no I’ve not done a patent search to see if it’s already been thought of, so if it’s not been then there is an opportunity for someone.

One thing this lock and key definitely solves is the other little idea I came up with decades ago which is the “key cutting by telephoto lense”[2] due to the required injection track hiding the key profile.

I won’t say the lock is unpickable because it’s design would require more mechanical “slop” to get over the potential mechanical “bind” issues, and where there is “slop” there is “wriggle room” and that is what makes locks pickable.

Oh and the idea of using a chain with a keyable profile is not original, and has been pattented over a hundred years ago back before the first world war. Whilst not for door or other locks it was for a security application, that is it was a “keying chain” in a mechanical cipher machine. Thus this lock brings the analogy between physical locks and encryption systems one step closer.

Oh it is Sunday morning and I’ve not yet had my morning cup of tea, so I might have a couple of more ideas later…

[1] The current key appears to use “hinges” in the links, much like watch straps. Which means the serpentine efect only works in one dimension with respect to the injection track, that is it bends either to the left or the right. If you were instead of hinges to use ball joints or other universal joint then not only could you make it so left-right but up-down and twisting like a well pulled out corkscrew.

[2] I used to “cut keys by memory” from just having seen them briefly. Whilst I don’t have what people call a “photographic memory” when I was showing a school friend how I did cut from memory he did say “photographic memory” and that’s when I realised many people carry their keys in plain sight on their belt etc and you could thus photograph them to get the key profile. I remember mentioning it on this blog one day and our host @Bruce being supprised by how obvious it was with hindsight. Like many ideas I’ve come up with over the years I can not say if I was the first, simply because such ideas become “guild secrets”. Sadly my friend died in an accident just a few weeks back after more than four decades of quite profitable friendship for both of us.

Rachel May 17, 2020 2:41 AM

Good Morning Captain Clive

Very sorry to hear about your friend. That must be very sad. Wishing harmony and wellness to you, and yours.

Thanks for the stimulating comments.
With the lock in question, the encrpyption analogy did occur to me also.
One possible issue with the lock to my observation is complexity.

And one question – what makes it rare? Just simply the fact of IP?
And no doubt the graudal, and unfortunate, onward mach away from mechanical locks in general.

Have you cast your brain net out over the multifarious fruit of the sea swimming on that site?

As always, sending love.
And also to the one – out of all the people whose name starts with W, ends in L and rhymes with dawg, I have a particular favourite – that one.

MarkH May 17, 2020 2:48 AM

@Rachel, Clive:

A fascinating lock, with a design I hadn’t seen before.

My knowledge of lockpicking is very slight, but my intuition was that while unconventional, this wouldn’t be such an obstacle to an accomplished lock hacker.

Here’s a reddit post by someone who says he picked one in 2018 March using what seem to be fairly conventional picks.

Lock pickers are like IT hackers: whoever says “this can’t be picked” is waving a red rag in front of a bull 🙂

I imagine that some users would be uncomfortable, with the manner in which the chain tunnel juts backwards from the handle when the key is inserted.

Whoever first invented chain keys had far more imagination than I!

My condolences, Mr. Robinson. My few old friends are irreplaceable treasures.

Rachel May 17, 2020 3:03 AM

MarkH

great response thank you.
I’m not sure the author said it couldn’t be picked, just that he was unable.
At any rate, perusing that site will indicate the calibre and proficiency of the author. He already sets the bar very high indeed

myliit May 17, 2020 3:41 AM

@Rachel

“Did not follow your comment about telephoto means knowing if someone breaks in.”

I could have made things clearer.

I liked Clive reminding us that if we wear keys dangling from our body, lying about, toss them on a table, etc., we might be asking for it.

Regarding break-ins, I was assuming someone might have to drill to enter, or something like that, to compromise, bypass, or whatever the lock in your video.

“ But I do immediately think of John le Carre and ways to detect covert entry for example the hair over the keyhole”

Recently I was looking to see if a new le Carre novel might be in the works. I didn’ find an answer, but was reminded of Cornwell’s recent speech accepting the Olaf Palme award:

https://gosint.wordpress.com/2020/02/02/2020-olof-palme-prize-ceremony-john-le-carre-and-how-would-i-like-to-be-remembered-30-january-2020/
From a Gossip Intelligence website, afaik, there used to be. Guardian link to the speech

https://en.wikipedia.org/wiki/Olof_Palme_Prize

MarkH May 17, 2020 5:29 AM

.
How Unlimited Covid-19 Spread Might Play Out

The world is gaining more information, from which to project the cost of failing to create and maintain safeguards to protect most of the population from infection with the virus. Doing so deliberately is what we’ve been calling “herd immunity policy.”

Spain — which has the second-worst pandemic death rate per unit of population0 — is undertaking a well-designed1 SARS-CoV-2 antibody study:

https://www.vox.com/2020/5/16/21259492/covid-antibodies-spain-serology-study-coronavirus-immunity

Although the study is still underway, preliminary results are available based on testing of 70,000 persons.

The bad news: only 5% test positive for antibodies. The cost of more than 27,000 dead has brought Spain nowhere near the herd immunity threshold.

The inferred infection fatality ratio is 1.15%, falling with the range of the best previous estimates. This implies that if Covid-19 does not become tightly controlled in Spain, the eventual death toll would be about 0.8% of Spain’s population (roughly one person in 130) before herd immunity equilibrium would be attained.2

Allowing for considerations which might reduce mortality moving forward, the cost would still likely be more than 0.5% of population, or at least one person in 200.

The error bands of the antibody test used in the study must be considered — the article doesn’t give data on that. The study is not complete, and further data might suggest different results.

In the U.S. with its large population, the same arithmetic would correspond to more than 1,500,000 deaths.

This is what those countries have signed up for, which have refused to do what’s needed to bring infections down to a very low level.

0 Excluding tiny countries with small case counts.

1 As distinct from the garbage Stanford study, the faults of which included recruitment via Facebook.

2 Note well that reaching herd immunity equilibrium doesn’t magically stop people from getting sick and dying. It only means that the growth rate of new cases would be expected to reach zero, and eventually become negative, without any public health intervention. In the uncontrolled spread scenario, many more would be expected to die after this threshold is reached.

Scott May 17, 2020 5:39 AM

META

Through the night observing the number of comments it appears to me that not only my answer to @MarkH, but other comments were removed, too. I’ve seen nothing outrageous in the content of the then comments, though.

So how do you communicate here usually? I’m a rare guest here on some weeks, but most of the time I stay away as this place became too much about US internal politics to me and what shall I do with that from the other side of the pond? (Just on a side note, just on a side note: http://www.youtube.com/watch?v=O7EaCVnw5n4)

I could argue that even if you are an American you probably shouldn’t care that much about party politics, and not necessarily that you should be a Buddhist saint to be above all this, but rather see the big picture through a geopolitical lens. I should probably move on to r/Geopolitics. But the question I’ve asked above, the very first question in this week’s thread is very much a technological one rather than a geopolitical one, or so I though, and I thought would be a good fit for the discussion here, at least in theory. But as the removal of my answer to @MarkH indicates, it may not be. OK, never mind my removed post, then I wrote a shorter answer to @Grima S along the same line that hasn’t been removed, but in no way I want to force you to engage with my topic, maybe I should really find another place to discuss of the topics of my interests, as this place become very different post-Trump. Thanks for reading so far, I just wrote this comment to myself.

MarkH May 17, 2020 5:50 AM

.
Americans Barely Missed Gaining Some Privacy Protection

https://www.vox.com/recode/2020/5/13/21257481/wyden-freedom-patriot-act-amendment-mcconnell

TL;DR: The grotesquely named “USA PATRIOT Act” (or actually, its slightly improved successor the “USA FREEDOM Act”) was just renewed again (provisions of the law include automatic expiration, absent such renewal). Two U.S. Senators offered an amendment which would have prohibited obtaining citizens’ internet browsing or search histories via the FISA process — in other words, the amendment would have required a traditional search warrant for such information.

The amendment failed, receiving 59 of the 60 votes necessary to pass.

At least one Senator who would have voted for the amendment was not present …

Oh, well.

Alejandro May 17, 2020 6:15 AM

Interesting chart from Statista.com: Americans Refuse Contact Tracing, by cell phone.

Half of CDC and health officials won’t do it (!), 7 of 10 federal employees won’t do it.

That’s good news of course.

Yet, I sense resistance is futile. This is too good of an opportunity for mass surveillance police state tyrants to pass up.

For example, there is discussion of mandating spitting into the cup to get on an airplane. Yes, permanent government DNA testing for the government(s) database.

Various foreigners and immigrants are already being forced to submit spit which I figure is beta testing for the rest of us.

Scott May 17, 2020 6:45 AM

@Alejandro,

One side of the coin:

Apple and Google are building a virus-tracking system. Health officials say it will be practically useless.
http://www.washingtonpost.com/technology/2020/05/15/app-apple-google-virus/

On the other hand I’d be OK using an app based on the Apple-Google API (If it had any use), but many European governments opted for their own solution, meaning battery draining apps no one use, a lack of trust in the government being another reason.

Am I too east to give up my privacy rights? We were born to different realities so we may have different expectations than if I were born American for sure. I was watching Yuval Noah Harari’s BBC HARDtalk discussing similar matters. He certainly has different expectations of privacy in Israel as well.

Clive Robinson May 17, 2020 7:01 AM

@ Rachel,

But I do immediately think of John le Carre and ways to detect covert entry for example the hair over the keyhole

As I am still convalescing after my adverse run in with clarithromycin antibiotics, I’m doing a little light reading so I thought I would tackle “The Long Earth” series by Terry Pratchett and Stephen Baxter this weekend as holding a paper back requires little muscular effort which is where the pain still arises.

Any way in the first book at the begining of chapter ten, there is a section about a confidential secretary “Hermione Dawes” to the UK Prime Minister and a little note about her security precautions about security service intruders.

    “Nobody she worked with new her, she felt. Not even the gentlemen who, periodically, when she was known to be working, broke into her flat and searched it, always very carefully, no doubt sharing a little smile as they carefully replaced the tiny sliver of wood she pushed between the front door and it’s frame every day. Very similar to her own little smile when she noted that their big flat feet had once again crushed the scrap of meringue that she always dropped on the carpet just inside the living room door, a scrap they never ever noticed.”

What is sauce for the goose can also be sauce for the gander 😉

For a carefully prepared mind such “tell tales” can be myriad especially if the are happy to be thought of as either “not houseproud” or a “messy liver”. Whilst most are wise to the “James Bond” hair and talcum powder tricks and the placing of pens and other objects on computer keyboards and the like there are other things, like cloths apparently casually thrown in a laundry basket with say a sock leaning against it and the floor with the basket just in the way of a wardrobe door etc. Whilst they might put the basket back and put the sock back, will they get the folds in the crumpled blouse/shirt right or the angle it hangs?

Then there are “piano key books” on a shelf. That is if you have books on a shelf, you don’t push them all the way back, you then build a binary pattern or music cords in which books are a little further back than others. You know the tune or number sequence, will they not just not understand it but also not get it right? Probably not, will they photograph it correctly again probably not, their time is limited.

Then there are less visable tricks, a small piece of egg shell from a hard boild egg under a rug, will not get seen or photographed untill the rug is moved. Often rugs will not get moved because of the tassles or fringing could be set up in a pattern. Thus experienced intruders will also tend to avoid walking on rugs unless they have to. Obviously there are ways you can make them do so just by aranging other furniture and an “interesting object” that can not be reached except by crossing the rug.

Such games can be endless for those who have secrets to protect or find…

wiredog May 17, 2020 9:46 AM

If people don’t use apps which can do contact tracing over the previous 2 weeks then it will just have to be done the old fashioned way, with people hired by the health department. And since very few people can remember where they were even 5 days ago with any accuracy there will need to be a lot more mandatory testing.

At least in the US, the courts have held that it’s legal to put people who are, or are suspected to be, in isolation while a disease runs its course. Much harder on privacy than apps, much more expensive than apps, and likely to generate as much useful data for the government .

Clive Robinson May 17, 2020 11:54 AM

@ MarkH,

This implies that if Covid-19 does not become tightly controlled in Spain, the eventual death toll would be about 0.8% of Spain’s population

Please remember that the 0.8% figure is a little high because as we now know at one point the demand for ventilators in Spain led to triage and thus those to old or with too many comorbidities did not get ventilators.

That is the Spanish Health Care system became saturated for a while, thus those that might have survived infact died.

Thus this brings up two questions,

1, What is the unsaturated healthcare fatality rate?

2, What is the “no healthcare” fatality rate?

I suspect based on what little information we have the answer to the first is about 0.7% and the answer to the second is still effectively unknown but could be in excess of 5%. One way to “guestimate” would be to assume that any one who became a recorded hospital case would have died, then effectively multiply by 1/5% or 20. So from WoldOmeter,

Spanish recorded cases currently

RC : 277,719

Scaled : 20 x 277719 = 5,554,380

Population = 46,752,605

So IFR % = 46752605/5554380 = 11.9%

So we might see a 12% of population deathrate in countries with little or no advanced healthcare service.

If we assume that is 2/3rds of the worlds population then,

7700M x 0.12 x 2/3 ~= 600M

Thus the question is over what period of time it would take.

As we know with a novel pathogen the initial rise is exponetial, then it becomes a linear rise for quite a while. Eventually according to first order models it starts to tail off exponentially over a period of atleast ten times the rise time if not longer (depending on where you set your herd immunity figure from 50-100%). The reality is however that you probably will not get even a 70% immunity, because the population of new hosts will be born every year (~100million a year).

myliit May 17, 2020 12:31 PM

https://www.nytimes.com/2020/05/16/technology/zuckerberg-facebook-coronavirus.html

“Now More Than Ever, Facebook Is a ‘Mark Zuckerberg Production’
[tl;dr, skip to last paragraph]
Days later, during a White House news conference, Mr. Trump wondered aloud about an “injection inside” of disinfectant. As poison control centers were flooded with questions and the makers of Clorox and Lysol issued statements imploring Americans not to ingest their caustic cleaners, Facebook wilted, and across the platform, video of the comments went swiftly viral.”[1]

[1] https://www.nytimes.com/2020/04/30/technology/trump-coronavirus-social-media.html

“Trump’s Disinfectant Talk Trips Up Sites’ Vows Against Misinformation

Facebook, Twitter and YouTube have declined to remove the president’s statements about unproven coronavirus treatments.”

Clive Robinson May 17, 2020 1:08 PM

@ Bruce, ALL,

It’s beyond Beyond Meat.

For over a hundred years vegitarians in America have been making “Thanksgiving Turkey” out of “beyond meat” products such as “nut meat” in something called “Mock Turkey”…

http://www.theoldfoodie.com/2009/11/thanksgiving-food-mock-turkey.html

During WWII due to meat shortages a similar moulding style was used but as pasta was even harder to get than meat parsnips were used to fake the legs and wings of a “Christmas bird” with the body made with sausage meat adulterated with other things. This two was called Mock Turkey,

http://calmlycreative.blogspot.com/2012/10/mock-turkey.html

Of the two recipies I would very definitely give the over a century old vegitarian recipe a miss, because it is realy realy not good for you.

As for the WWII recipe one of the comments mentioned using any left overs as “sandwich filling”… I’m not sure if the writer of that comment has ever eaten “National loaf” basically the flour has everything in it including the bran and probably grit from the millstones (atleast that’s what it tastes like). So even burnt black bits would improve the flavour of such bread, especially as it would be unlikely that you had butter or any other kind of fat to lubricate it with. I’ve been told that the only good use anyone found for such bread was to extract the dye from “agricultural petrol” so it could be dyed a different colour and sold on the blackmarket…

Interestingly at this time of “national crisis” the “National Loaf” has reappeared, although with slightly less bran in it,

https://www.msn.com/en-us/foodanddrink/other/british-bakers-reintroduce-world-war-ii-bread-in-coronavirus-fight/ar-BB12tahp

Mind you I still make a WWII dish from time to time, it acts as a filler/warmer soup prior to serving other food that is in short supply…

You need one quite large potato, (think baking size) two large white onions, one large can of corned beef, two tins of chopped tomatoes, one to two cans of water, one or two spoons of sugar, salt, pepper and either flour or digestive biscuits to thicken if required, though you can use porridge oats (oatmeal) as well. The thicker you make it the less other food will be eaten. An important consideration if you are rationing or having to “carry food in on your back” to a distant camp site etc. Oh if you cook it over a wood fire that is not made from pine or other conifers you can “stir in the smoke” for more flavour.

In a large pan add butter or oil, finely chop onions and potato and sweat them off untill they start to take colour thus taste. Finely chop corned beef and add to pan stir it in so it melts in add sugar and stir for a while so it takes a little more colour thus flavour. Add the two tins of chopped tomatoes and stir in add one or two cans of water and bring back to a gentle simmer. Taste and add seasoning. Using a hand blender liquidize the soup untill smooth. If it’s too thin then add a thickening agent I tend to use a crushed to powder wholemeal digestive biscuit or two when out camping as this is less to carry and thickens by just stiring in without excessive heating. Serve to as many cold and hungry people as required to take the edge off of their appetite before serving other food.

MarkH May 17, 2020 1:50 PM

.
How Unlimited Covid-19 Spread Might Play Out, Pt. 2

I neglected to include, perhaps the most important number.

Above, I estimated that “herd immunity policy” might kill about one in 200. However, many of the survivors of infection will suffer long afterward, often for duration of their lives.

On the basis of medical observations so far, the survivors with significant disability might outnumber deaths by (very roughly) a factor of 5.

So, in addition to losing about 1 person in 200, countries which fail to aggressively control infection should prepare for two or three percent of their population to have pandemic-caused impairments lasting from months to decades.


@Clive:

To my mind, those projections are “a bridge too far.”

To give one example, although a lot of attention was focused on ventilators, they’re a lot less useful than was hoped. It appears that something like 80% of “intubated” Covid-19 patients die anyway. A New York doctor working in one of the hot-zone hospitals said that it’s almost a miracle when a patient comes off a ventilator …

I constantly worry about our first-world bias when we think about this pandemic.

For at least three billion of our human family,

• living past 65 is a luxury they can’t afford
• obesity, with its companions metabolic syndrome and diabetes, is a luxury they can’t afford
• surviving more than a couple of weeks with advanced cancer is a luxury they can’t afford
• living long-term with advanced heart disease is a luxury they can’t afford
• responding to crisis and affliction (which are constants for them) with whining self-pity is a luxury they can’t afford

I’ve been assuming that the affluent countries of the West will tend to fare similarly, with respect to measures like infection fatality ratio.

I just don’t see any basis to extrapolate Western experiences of Covid-19 to the poorest regions. I’ve no doubt that a great numbers will become infected, but whether infected people will do better or worse then their wealthy counterparts, is beyond my knowledge.

It may take many months, before a clear picture emerges of Covid-19 in the “global south.”

wiredog May 17, 2020 3:00 PM

@clive,
Leave out the water, tomatoes, and flour and you’ve got hash. Canned diced tomatoes, drained, are a good addition to hash.

lurker May 17, 2020 3:21 PM

For the Armchair Pandemicists:
links to brief pages with audiofiles fron New Zealand National Radio.

New Zealand vs. Sweden, a Swedish view, Professor Johan Giesecke is one of the world’s most senior epidemiologists. He believes lockdowns like the one we’ve just had in New Zealand are just a way of delaying the inevitable… https://www.rnz.co.nz/national/programmes/sunday/audio/2018746794/johan-giesecke-why-lockdowns-are-the-wrong-approach

At the coalface in Canda, Dr. Anna Dare is the Chief Resident at the Trauma Surgery service at Toronto’s Sunnybrook Hospital, but as of a few weeks ago she was redeployed to the ICU to cover shortages and help look after the hospital’s sickest Covid-19 patients, most of whom are on ventilators. https://www.rnz.co.nz/national/programmes/sunday/audio/2018746793/calling-home-anna-dare-in-toronto-ontario

Batman speaks up: Widely blamed for being a disease vector in the spread of the novel coronavirus, bats have a bit of a PR problem at the moment. Disease ecologist Jonathan Epstein has stepped up to go into bat for his creepy and cute little animal friends. https://www.rnz.co.nz/national/programmes/saturday/audio/2018746746/in-defence-of-bats-disease-ecologist-jonathan-epstein

JonKnowsNothing May 17, 2020 4:26 PM

@Rachel @Clive

re: using photographs to clone keys

In the not so distant past, pre-COVID19, the USA Transportation Security Administration (TSA) mandated that all luggage had to have an “approved lock” that could be opened by TSA Agents.

Lots of folks had to race out to buy new luggage to comply with the new regulations.

A nice photo-op of a TSA Agent holding up the master key ring was published.

3D Printing and Bob’s Your Uncle a complete set of cloned master keys were produced.

They don’t really need the key as they cut the locks off anyway. Saves time.

ht tps://en.wikipedia.org/wiki/Transportation_Security_Administration
ht tps://en.wikipedia.org/wiki/Transportation_Security_Administration#Checked_baggage

In November 2014, The Washington Post inadvertently published a photograph of all seven of the TSA master keys in an article[140] about TSA baggage handling. The photograph was later removed from the original article, but it still appears in some syndicated copies.[141] In August 2015 this gained the attention of news sites.[142] Using the photograph, security researchers and members of the public have been able to reproduce working copies of the master keys using 3D printing techniques.[143][144] The incident has prompted discussion about the security implications of using master keys.[142]

TSA agents sometimes cut these locks off instead of opening them, and TSA received over 3,500 complaints in 2011 about locks being tampered with.

vas pup May 17, 2020 4:28 PM

@all on cryptocurrency.
China is testing digital yuan based on block-chain algorithm. But it’ll kill the main idea of cryptocurrency – absence of central control authority.

Based on experience of the folks who really went though financial manipulation of money by the government in time of crisis:
1. Your money in banks could be frozen any time preventing your access to them and using them for payment. Yeah, you are going to be said that that is temporary measure, and your money safe, but that is not the case. As soon you are limited to take only small amount of money per day or not at all for period of time, your money are going to devalued substantially.
2. Paper/coin cash could be banned for usage, e.g. $100 of particular years of issue or limit on cash transactions at all above particular limit, that is like the same – see 1.
3. Power outage for particular time will not let you utilize any internet transactions including cryptocurrency.

So, gold (as soon you are in society) is the only real currency since ancient time. Even government could force you to give up gold (e.g. Germans during occupation of Europe) you still have option to hide and save its buying power sometimes for you own life and/or life of your relative.

But if you out of society, then real currency are your survival skills: to find and prepare food, fight predators, make shelters, etc. I hope you get the idea. In such circumstances other currency is just junk except using it to make camp fire 🙂

@Rachel and all other respected bloggers on amazing lock:
Qs: Where can you buy such lock?
Is it possible to have Master key on such type of lock?

JonKnowsNothing May 17, 2020 4:45 PM

re: Exploiting Twitter messages to trigger epileptic seizures

MSM report:
There is a way to coordinate tweets with flashing gifs designed to trigger seizures. Targeted are people with epilepsy.

messages included flashing strobe lighting and flickering psychedelic spirals.

Some initially concealed their triggering imagery, making it more difficult to protect people vulnerable to their effects.

Twitter defaults for Auto-Play is “on”. Requested changes are to make Auto-Play default to “off”.

Changing the default to “off” might prevent a gif or video from playing but does not prevent the booby-trapped message from being sent.

ht tps://www.theguardian.com/society/2020/may/15/malicious-tweets-targeting-epilepsy-charity-trigger-seizures
(url fractured to prevent autorun)

vas pup May 18, 2020 4:11 PM

Recent on cryptocurrency:

Europe’s supercomputers hijacked by attackers for crypto mining
https://www.bbc.com/news/technology-52709660

“They [attackers}exploited an Secure Shell (SSH) connection, which academic researchers use to log in to the system remotely.

And once inside, the attackers appear to have deployed cryptocurrency-mining malware.

The security team at the European Group Infrastructure foundation said: “A malicious group is currently targeting academic data centres for CPU [central processing unit] mining purposes.

“The attacker is hopping from one victim to another using compromised SSH credentials.”

Jamie Akhtar, chief executive of UK security company Cybersmart, said: “Universities are home to some of the most advanced research projects in the world across many disciplines – including computer science – but they are also notoriously vulnerable to attack if they are connected to the wider university network.”

vas pup May 18, 2020 4:18 PM

@JonKnowsNothing
Thank you for the link provided.
I just curious is it possible to put user (without any health problem) in a sleep mode utilizing flashing gifs matching brain waves of sleeping person?

A dubious person May 18, 2020 7:15 PM

@ V, re: the Republican convention voting problems

The mprnews article isn’t very informative, so I can’t tell whether this is an ironic repeat of the Iowa Democratic primary reporting-app meltdown. It rhymes, though.

@ vas pup

I doubt that an animation could “put someone to sleep,” at least not in the literal sense. If this were possible I for one would sure like to have such an animation; I’d probably use it every night.

I suppose it might be possible to hypnotize someone with an animation – another sense of “put someone to sleep” – but again I’m doubtful.

The idea of actively damaging a person’s mind via specially crafted images pops up in SF pretty regularly, being a major plot device in Neal Stephenson’s Snowcrash, and also manifesting as the “basilisks” of David Langford and some other modern writers (Charlie Stross, for one, regularly uses vision-based brain hacking in his “Laundry Files” stories). I suspect that the known existence of malign visual attacks against e.g. epileptics makes it easier to believe that Magick could be done thereby against anyone. It seems to work a treat on vision-based “AI”s.

@ All

Just noticed the announcement on Wikipedia of the death from COVID (on 11 May) of Ann Mitchell (nee Williamson), once of “Hut 6” at Bletchley Park, where she helped to program the Bombe, probably among other less-well documented duties. Not so many of those folk left around these days, are there?

JonKnowsNothing May 18, 2020 10:18 PM

@Clive @All

re: Future Food Insecurity (aka famine)

De Spiegel has an interview with King Abdullah II of Jordan about their response to COVID19 and future challenges. Some interesting remarks attributed to the King.

King Abdullah II:
It brings new uncertainties. Health and food security are becoming valuable commodities. Europe has fertile agricultural lands. They will be hoarding food supplies, understandably. We too have begun to invest heavily in storing our wheat and we’ve got enough for another year and a half. We’re quite comfortable. But what happens after that? In many places, the danger of people starving to death is greater than the danger from the virus itself.

It might be that some governments are doing better planning over the coming famine than they did with COVID19. Although, past MSM reports of famines in North Korea indicated that what food there was went to the military and very little went to the civilians.

note: Anything reported about N Korea must be considered carefully through the lens of a cardboard toilet roll tube.

ht tps://www.spiegel.de/international/world/jordan-s-king-abdullah-ii-the-danger-of-people-starving-to-death-is-greater-than-the-danger-from-the-virus-a-4b220928-7ff9-4219-a176-ec380ec16cf3
(url fractured to prevent autorun)

Rachel May 18, 2020 11:02 PM

Dear Vas Pup
A pleasure to correspond again.

Sourcing your lock.
Communicating with the author of the video, and from there members of his community, would be an excellent route.

http://www.locklab.com

The legendary MarkH managed to find, in record time, a Reddit thread on the conquering of the lock – that’s another opportunity.

https://amp.reddit.com/r/lockpicking/comments/82kmqn/chain_key_lock_picked_curved_keyway_hyt_style

The lock is described as rare and owned by a collector.
The fact of its rarity is intriguing to me.
It’s complexity is an issue I feel.
Also, it doesn’t have a website and a logo.
This is a particular obstacle to success.

In lieu of the aforementioned lock of your choice,

The author explains the most secure padlocks and door locks here:

http://locklab.com/home-security/which-lock-should-i-buy/

You may appreciate the authors page here – see ‘disc detainers’ at the bottom

http://locklab.com/locklab-university/types-of-locks/

See the locks nmaed under ‘Level 5’ here:

http://locklab.com/resources/lock-grading/

sending love xoxo

Clive Robinson May 19, 2020 1:08 AM

@ JonKnowsNothing,

I’m not surprised about the Jordanian view, their cultural records go back thousands of years.

They were well aware of the value of wheat to the Roman Empire and why various Roman activities were aboit controling Egypt and other wheat producing areas (likewise in the UK where we’ve still got Roman artifacts poping up all over the place even after two millennia).

Also Jordan was subject to “water wars” and locusts the like which could easily destroy an annual grain crop, so they had grain stores going back well into antiquity.

The problem the King does not mention is that “stavation” or lack of “food” can be caused in other ways. One of which is political. The North of Europe has basically been practicing economic warfare against the southvof Europe, this is not new the US has the same North-v-South issues. Put simply the industrial north politically vies the agrearian south as a “vasal” to be exploited for cheap food. I would not be in the least supprised if the agrerian south decided now would be a good time to “redress the balance”.

But politics aside many countries may not wish to import food in a raw state. That is cooked canned food can be easily steralised on arival where as raw foods not so easily (frozen foods are even more complex).

But also in the US for instance cattle and other livestock are being slaughtered not to go to market, but due to the market price being too low to be economically viable to keep the animals alive and the fact that the processing industry due to it’s manually intensive practices is to dangerous for people to work in safely. Hence comments comming out of the executive about forcing them back to work.

There are also other “worker issues” many crops are manually harvested, by cheap often foreign seasonal labour. They will probably not be available this year due to boarder control quarantine measures, thus food could end up rotting in fields etc. Other foods may not get planted for similar reasons rice being one staple that might well be not planted, similarly onions both of which along with tomatoes form basic food bases on which all else is built. Then there are other crops garlic, chilli peppers etc

I’ve mentioned previously other supply line issues that are going to cause problems. Fossil fuels for the production of energy are going to become an issue, which means electrical power for freezers etc could be quite problematic. People in some parts of California are already aware of this problem.

Which is why I suggest people stock up on canned goods and some dry goods and water (remember water is pumped by electricity as is sewerage).

I’ve no idea how bad it is going to get but I can see how bad it could get in all sorts of ways. One thing that is likely to happen is when food starts getting scarce, the price is going to go up and could due to the missuse of stimulus money and the resulting inflation could easily double or triple the price of staples in a year. Also many things will become luxuries, think jam / jelly / marmalade / penut butter / hazel nut spread chocolate sweets and what you now consider every day snacks even tinned fruit in syrup. Stocking up on a few now will be good for your mental health should shelves start to empty again.

As I’ve mentioned before you can freeze eggs in ice trays, and you can bottle/can both butter and cheese. Some vegtable oils if kept in the dark and cold will last a year or more (others won’t). Herbs and spices can be dried or frozen and many vegtables can be pickled and most fruits bottled or turned into jams if you can get the sugar. Salt, pepper and good quality tomato sauce and stock cubes make a huge difference to taste thus mood and helps fight of depression etc. I know around 1/3rd of the world have a very monotonous diet of rice beans and pickled vegtables but they generaly also have chilli powder, paste, ginger, citrus and the likes of soy or fish sauce all of which give a degree of variation and reduce appetite.

But almost as certain as the tide comes in, there will be “panic buying” likewise there will be “villification” of those who think ahead as “selfish horders”. It’s basic human nature to blaim others for any misfortune that befalls those who do not think ahead. This often leads to unrest and violence. Thus cooked tinned/canned and bottled foods do not require cooking or rehydrating both of which release very recognisable smells that will travel great distances thus attracting unwanted attention… Oh and eating out of a tin or jar significantly reduces the amount of water you use as there are no cook pots or plates to wash up[1]. UK army field rations in the 1980’s used to use tinned food, and troops quickly learnt how to heat the cans in water to not just get hot food but hot tea/coffee with the water used to heat the cans. The only real trick you had to learn was how much of a dent to knock in the tin before heating so you knew when the contents were hot, but not “spurtingly” so. But trust me when you are cold things with sugar in them taste sweeter cold thus are actually more appertising and even Spam and Corned beef are quite acceptable cold as are some stews and soups. Even those cooked sausages in fat designed to just “put in the frying pan” when you are cold and hungry even the fat tates good on biscuits etc (think bread and dripping). When you are cold and hungry even clarified butter in coffee tastes good. And yes I’ve been in places where it’s that cold you eat sticks of butter like chocolate and even with two or three a day you still loose weight.

[1] As was once pointed out to me by an army surgeon whilst out in the desert scrub, food poisoning starts with food for bacteria… Saliva contains antibiotic chemicals, if you use only a stainless steal spoon and then lick it clean before wiping on a dry bit of cloth, you’ve effectively “washed it up” if you are realy worried then a quick “burn” in a flame will definitly work, no water wasted.

SpaceLifeForm May 19, 2020 2:06 AM

@ myliit

This is from a rooted Galaxy S4 that has no SIM card and has had no SIM card for 5 years.

s4:/mnt/shell/emulated/0# date
Tue May 19 07:02:31 UTC 2020
s4:/mnt/shell/emulated/0#
s4:/mnt/shell/emulated/0# ls -ls Audible/*
956 -rwxrwx— 1 root 1028 970831 May 19 06:02 Audible/Audible.log
1032 -rwxrwx— 1 root 1028 1049628 Aug 15 2019 Audible/Audible.log0

Wesley Parish May 19, 2020 2:40 AM

@Clive, Rachel

Your discussion on OpSec reminded me of something I read when I was about ten, in a children’s fiction book called “Curlews on the Continent”, where one of the characters says that their hotel room is likely to have visitors while they are out investigating something or other, so he has made preparations. When told that merely stringing a thread at the door isn’t going to help, because the “visitors” are going to replace it anyway, he says, that’s the beauty of it. He’s already broken the thread, and the “visitors” will replace it, thus confirming their “visit”.

I suspect the author had been in service during the previous twenty years, though when I looked it up today I didn’t recognize the name.

Singapore Noodles May 19, 2020 4:36 AM

@Rachel

of Metric Time

Like esperanto, but for clocks.

Clocks are another social tool. The tools change in response to social concerns.

The Roman hours (still seen in liturgical prayer) seem nicely aligned to local human activity, dividing the day into useful chunks. Carpe diem, Dude.

But maybe local human activity has been displaced as a social priority. Maybe simplicity in a literally global context is the priority.

Hence hyper-engineered, grid-like things like metric time (and all the other metricity).

Example of this social point of view – a description of the local day (eg “morning”) coupled with the metric time tells everyone where you are. The metric time puts all parts of the world in relation.

To me this inverts the order and inculcates in the person a dehumanizing servitude to an arbitrary universality, so is a security risk.

Rachel May 19, 2020 6:06 AM

Clive

Thankyou for discourse as always
Oils. Well, many are quite industrialised, whilst giving the concept of shelf life they are also not so fit for human consumption. Oil ie fat is a dense energy source, satiates and also adds flavour. Rapeseed/Canola oil depending on which country you are in, can’t be considered food by any standard.
Coconut oil is a good one, high smoke point, and very stable generally.
Ghee brings similar rewards, whilst biochemically very different, and one of the reasons butter may be turned into ghee is
for preservation.
There are good medicinal applications for medium and long chain fatty acids.
Body builders know about MCA’s – medium chain acids as an energy source.
The problem, yet again, is chemical extraction is used to create the potentised product and it’s basically toxic – a non food. But, many don’t care about things like that. When it comes to subsistence, go for real food, not the
industrial nonsense, you can’t get away with anywhere near as long as under normal conditions when the side effects are more easily swept under the carpet.

I have been told long chain fatty acids are a great treatment for heat stroke or prolonged exposure to heat.

Seeds are quite unstable, they go rancid easily. Hemp and chia are amongst the most stable,they can last for years stored well. chia have the most dense protein profile of any plant food and extremely high omega fatty acid quotient. My limited experiments with hemp have found it very bio unavailable and requires a lot of processing for it to be anything beyond sheer fibre, even a blender doesn’t do anything but provide a crunchy nutty texture. It’s a big deal Stateside of course so I suppose guests from those parts may have more to say from a food perspective

Water is a big factor as you’ve mentioned before. The other issue is foods that require the biological organism to consume more water as a side effect of said foods. Chocolate rations being an example or any rat packs for that matter!
On the other hand, a food dehyrdator as any experience trekker will know is a marvellous investment. A ziplog bag with some wierd looking compressed stuff becomes spaghetti bolognese after a fire has boiled a litre of water

Rachel May 19, 2020 6:14 AM

Singapore Nooodles

Eloquently shared. Appreciated, and agreeable

Esparanto for clocks ROFL! Totally.

I was thinking of mitigating time based side channels.
And along the lines of mixing up types of hardware components to inhibit an attack surface a la @Nick P

A non standard time implementation may throw in some confusion
That was a couple of the things that sprang to mind

None of this, men and women as cog in the machines nonsense

I’m not one for religion at all but some of the hermetic applications of christianity refuted such a reduction of life force also, had some concepts applied practially in lifestyle applications that were quite sound, and relatable along grass roots security lines as some of the older posters here would not only appreciate but have lived, and taught their children too, most certinaly
The Carthusian Monks kept ( keep?) themselves going by making a propriety liqueur and hocking it the world they wish to shun. Not quite what I’m alluding to above yet a lovely application of hinky thinking

Rachel May 19, 2020 6:25 AM

Wesley Parish

Nicely written, nicely remembered you photographic beast, and nice to communicate again

There was a rather nasty series set in Israel about a young heiress of an arms dealer family that tries to do good instead. Maggie Gyllenhall.
It was kind of slimy, but I recall a OpSec tip – when you call a taxi don’t take the first one, refuse it and take the next one of your choosing. The first taxi is sent by the people monitoring your movements. No reasonable, intelligent person wants to be Jason Bourne but these little clues may save someones life someday

One of the more recent Le Carre books, one about a whistleblower. The advice for the Op was not to hide the flash drive, you will never succeed, no matter how hard you try with the fishing line down the shower drain etc.
label it wedding photos and put it somewhere conspicuous like a bookshelf, it will be left alone.
okay, a bit of a stretch but nice thinking. I like the term ‘cognitive jujitsu’
Magicians use this very notion as has been discussed here prior
I have known otherwise brave dogs that refuse to go anywhere near something they haven’t seen before – even something as benign as a dinner plate or a thermos bottle, it scares them

Lawrence May 19, 2020 6:35 AM

New Zealand is introducing a different sort of Covid tracking app. It is claimed to be more of a digital diary than a snoop in your pocket. Data is held by the Ministry of Health and automatically deleted after 31 days.

Early days yet but it appears that users are in control. Downloading is optional and the user has control of what is recorded as it hinges on the voluntary recording of QR codes.

More info here: https://www.rnz.co.nz/news/national/417045/covid-19-tracing-app-launched-earlier-than-expected

A dubious person May 19, 2020 12:59 PM

@ Rachel, Singapore Noodles, Wesley Parish re: “metric time”:

Do any of you remember Swatch trying to make this a thing back in the 90s, presumably when the Cool Kids weren’t buying enough of their cheap fashion watches? They called it “Swatch Internet time,” and it was just as silly an idea then as it is now – more “iTime[tm]” than “Esperanto.”

I think the “metric” time you’re talking about should really be called “decimalized time” – clock time being inherently “metric” already, in the sense of being a measure of something – but I’m not going to expend any actual effort complaining. I mostly reserve that energy for amusing things like reminding people that “digital” means “using your fingers.”

lurker May 19, 2020 1:57 PM

@Lawrence

The information will be stored for 31 days by the Ministry of Health, which uses Amazon Web Services in Sydney to store the data, before being automatically deleted.

Curious minds wonder about the wisdom of using the multi-hacked seive of AWS at an offshore location. Others wonder whether the data is adequately encrypted before sending, given a rather sad history of NZ govt entities in this respect.

Scanning a QR code might be great at DownTown outfits. Many places out of town won’t bother…

vas pup May 19, 2020 3:46 PM

@Rachel: Thank you for your input. Unfortunately, can’t open link provided by @MarkH.

vas pup May 19, 2020 3:51 PM

@Bruce and other respected blogger interested in Law and IC:

German intelligence can’t spy on foreigners outside Germany:
https://www.dw.com/en/german-intelligence-cant-spy-on-foreigners-outside-germany/a-53492342

“Germany’s Constitutional Court ruled on Tuesday that monitoring the internet traffic of foreign nationals abroad by the BND intelligence agency partly breaches the constitution.

Fair game outside Germany?

But according to a confidential document on “Signals Intelligence” leaked to Der Spiegel and Bavarian public broadcaster BR last week, the BND has been trying to self-regulate what kind of communications among German citizens it may eavesdrop on, based on the new law.

Up until now, Der Spiegel reported, the BND had considered foreign nationals living outside Germany essentially fair game, as they assumed they were not protected by Germany’s constitution.

During a hearing in January, Helge Braun, Chancellor Angela Merkel’s chief of staff, had argued that the monitoring of communication was vital to preventing attacks on the German military abroad. He added that the BND law included “comprehensive protection and control measures” that were unique.

The key legal question was whether foreign nationals in other countries were covered by Germany’s constitution, known as the Basic Law, which safeguards human rights — including Article 10, the privacy of correspondence and communications.

One of the largest internet exchange points in the world, the Deutsche Commercial Internet Exchange (DE-CIX), is situated in Frankfurt, through which pass internet exchanges to and from France, Russia, and the Middle East among others. According to Der Spiegel, the BND is able to tap into the exchange at will, giving it access up to 1.2 trillion communications per day. There are several other DE-CIX exchange points in Germany, including in Hamburg and Munich.

The Constitutional Court said the government has until the end of 2021 to amend the BND law.”

There is short video at the end of the article related to the subject.
Enjoy!

vas pup May 19, 2020 4:33 PM

Artificial pieces of brain use light to communicate with real neurons:
https://www.sciencedaily.com/releases/2020/05/200519101322.htm

“Researchers have created a way for artificial neuronal networks to communicate with biological neuronal networks. The new system converts artificial electrical spiking signals to a visual pattern than is then used to entrain the real neurons via optogenetic stimulation of the network. This advance will be important for future neuroprosthetic devices that replace damages neurons with artificial neuronal circuitry.

Optogenetics is a technology that takes advantage of several light-sensitive proteins found in algae and other animals. Inserting these proteins into neurons is a kind of hack; once they are there, shining light onto a neuron will make it active or inactive, depending on the type of protein. In this case, the researchers used proteins that were activated specifically by blue light. In their experiment, they first converted the electrical output of the spiking neuronal network into the checkered pattern of blue and black squares. Then, they shined this pattern down onto a 0.8 by 0.8 mm square of the biological neuronal network growing in the dish. Within this square, only neurons hit by the light coming from the blue squares were directly activated.

Spontaneous activity in cultured neurons produces synchronous activity that follows a certain kind of rhythm. This rhythm is defined by the way the neurons are connected together, the types of neurons, and their ability to adapt and change.”

lurker May 19, 2020 11:18 PM

@Lawrence. lurker

Scanning a QR code might be great at DownTown outfits.

Already confusion from a plethora of ad hoc QR codes from various 3rd or 4th party apps previously used by shops…

Wesley Parish May 20, 2020 1:56 AM

@Rachel, Singapore Noodles, A dubious person

You’ll find “metric time” or something very similar used in Greg Egan’s novel Diaspora. As far as I know, he’s the only SF writer to have actually used such a time frame method as part of his fiction. (It’s not actually decimal time, it’s binary expressed decimally. Anyone familiar with programming languages from Algol onwards will understand. 🙂

Lawrence May 20, 2020 2:38 AM

@lurker

Gotta tackle the covid-19 problem like the Crusaders rather than the Blues – Go hard, go early, take every opportunity, never give up.

Apologies to non-New Zealanders – an in-country rugby analogy.

MarkH May 20, 2020 4:16 AM

@Rachel:

The legendary MarkH

I should blush, were I but younger…

I’m only a tyro with locks … Clive has vastly more practical experience.

What most interests me about studying locks and picking is that they offer such clear examples of the measure/countermeasure “arms race” typical of security technologies.

I don’t follow lock tech at all closely, and am not acquainted with the state of the art.

My impression is that whenever a new super-duper lock is introduced with impressive security features, hobbyist lockpickers soon demonstrate their ability to open it!

@vas pup:

The linked reddit post clearly shows “SJCK” on the key’s handle. A quick search for “SJCK lock” showed a few hits for generic lock products.

Perhaps the manufacturer isn’t very distinguished … and maybe even doesn’t sell outside of Asia. Finding a specimen of this chain-key lock is probably a difficult project.

myliit May 20, 2020 10:28 AM

@SpaceLifeForm, Paul, Zoom popcorn eaters, and misc.

“ Zoom bought lipstick for their pig”

I assume FaceTime is better, but don’t know about others like Jitsi, etc., Anyone want to add in?

It appears for now many of us are stuck with Zoom:

1) How about phoning in, especially if you don’t need video?

2) How about using Zoom without a Zoom account, if possible. Do you need a link to do that as opposed to the meeting #?

3) How about using a dedicated, factory refreshed if possible, dedicated Zoom or teleconferencing device (not much there; not much to exfiltrate?)?

4) Nuances for what types of hardware(s) or os(s) you are using?

5) Is there anything better, or more up to date, for securing Zoom meetings than this:

See this https://www.schneier.com/blog/archives/2020/04/secure_internet.html [1]
Leading to this https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html [2]
Finally leading to
https://blog.zoom.us/wordpress/2014/09/04/complete-guide-secure-zoom-experience/ ?

6) Any Best Practices, use guides, FAQs, etc., of merit?

[2] For help securing your Zoom sessions, Zoom has a good guide. Short summary: don’t share the meeting ID more than you have to, use a password in addition to a meeting ID, use the waiting room if you can, and pay attention to who has what permissions.

[1] Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud. That’s pretty good, but the real worry is where the encryption keys are generated and stored. According to Citizen Lab, the company generates them.

JonKnowsNothing May 20, 2020 10:51 AM

re: Getting NUDGED

Opt-Out Nudges appear to be “the method of choice” for some less than popular selections. Using Opt-Out with the intention of making the alternative selection difficult is intended to drive behavior in a way that a person doesn’t want but that governments and corporations do.

In this case, the UK will now automatically declare “All adults in England to be deemed organ donors”, even if they did not want to be included.

  • [previously] fewer than 40% have signed up to the current register [to be a donor]
  • “Since Wales introduced an opt-out system, their consent rate has risen from 58% to 75%,” (in 2015)

It isn’t consent.

It works because there is inertia to making a different choice, the O-FK-IT You Can’t Fight City Hall and the making the selection of the opposing option difficult (actually going through the processes of removing your name from the database.

California recently enacted similar “no-consent needed organ donation ” rules for their Drivers Licenses. In the past, a red dot indicated a voluntary donor. Now, in 2020 all drivers who must by law update their license for REALID compliance, are automatically added to the Donor System. You can ask for the red dot to be removed from the ID, but the State does not remove your name from the list. The State will automatically put you ON the list but not take you OFF.

note: If you want to be OFF the list.. you have to find out who HAS the List and if you have ever tried to fix a credit report issue, you can pretty well determine in advance how successful you will be. Of course, in this case you are dead so you won’t really be informed if your choice was honored.

It is much easier to manufacture “consent” if “The cause be worthy”. The same process is used to drive the data acquisition feastings of the technology industry.

Another round of OPT-OUT was briefly flurried in the UK about their DNR Authorization (Do Not Resuscitate) at the start of the COVID19 deaths among aged groups there. Reports of this document being passed out for signatures and auto-filed with hospitals by the local GPs (aka PCPs in USA) essentially pre-selected No Treatment for this group if they entered hospital. DNR authorization are normally not condition specific and cover all conditions not just COVID19 related.

That was hushed up pretty fast, because for sure, you do not want to start the buffalo stampeding until they are facing the cliff.

It’s not a choice, if there is no choice.
It’s not consent, if you cannot say no.

ht tps://www.theguardian.com/society/2020/may/19/deceased-uk-adults-to-be-deemed-organ-donors-in-opt-out-system

ht tps://www.theguardian.com/commentisfree/2020/apr/26/nudge-theory-is-a-poor-substitute-for-science-in-matters-of-life-or-death-coronavirus

ht tps://en.wikipedia.org/wiki/Do_not_resuscitate

ht tps://en.wikipedia.org/wiki/Nudge_theory

A nudge, as we will use the term, is any aspect of the choice architecture that alters people’s behavior in a predictable way without forbidding any options or significantly changing their economic incentives.

To count as a mere nudge, the intervention must be easy and cheap to avoid. Nudges are not mandates. Putting fruit at eye level counts as a nudge. Banning junk food does not.

It has influenced British and American politicians. Several nudge units exist around the world at the national level (UK, Germany, Japan and others) as well as at the international level (e.g. World Bank, UN, and the European Commission).

ht tps://en.wikipedia.org/wiki/Stampede
ht tps://en.wikipedia.org/wiki/Buffalo_jump

Hunters herded the bison and drove them over the cliff, breaking their legs and rendering them immobile. Tribe members waiting below closed in with spears and bows to finish the kills.

(url fractured to prevent autorun)

myliit May 20, 2020 11:22 AM

Our president at work https://www.wsj.com/articles/trump-upbraids-michigan-for-easing-vote-by-mail-11589982180

“Trump Upbraids Michigan for Easing Vote-by-Mail

President threatens to withhold funding from politically contested state for plan to mail out absentee-ballot applications

President Trump escalated his criticism of voting by mail, threatening to withhold federal funding from Michigan after the state announced plans to send applications for absentee ballots to all registered voters ahead of primary and general elections due to the coronavirus pandemic. …”

myliit May 20, 2020 12:10 PM

re: use of either virtual private networks or Tor at this point in time

A) Is it the belief of security gurus on this blog that virtual private networks (VPNs) are a waste of time or detrimental? [1]

B) Is it the belief of security gurus on this blog that Tor is a waste of time or detrimental? [1]

[1] Use cases:

1) remote work from home user
2) stay at home person “nothing to hide” type
3) political dissident
4) self-employed
5) journalist
6) leaker
7) person of interest
8) other, please specify
9) in general
10) when using free wi-fi (like at coffee shops)
11) when using a cellular modem, either from home or on the road

Good references for further reading or products to consider would be appreciated.

Mr. Peed Off May 20, 2020 1:11 PM

A former Apple contractor who helped blow the whistle on the company’s programme to listen to users’ Siri recordings has decided to go public, in protest at the lack of action taken as a result of the disclosures.

In a letter announcing his decision, sent to all European data protection regulators, Thomas le Bonniec said: “It is worrying that Apple (and undoubtedly not just Apple) keeps ignoring and violating fundamental rights and continues their massive collection of data.

“I am extremely concerned that big tech companies are basically wiretapping entire populations despite European citizens being told the EU has one of the strongest data protection laws in the world. Passing a law is not good enough: it needs to be enforced upon privacy offenders.”

https://www.theguardian.com/technology/2020/may/20/apple-whistleblower-goes-public-over-lack-of-action

Sherman Jay May 20, 2020 4:04 PM

Remote teleconferencing proliferation is mostly just an attempt to hoover up personal data.

Of course, I do respect Bruce’s info on Zoom (with the caveat that if you use it, you MUST use the settings to make it as secure as possible. One fundamentalist church used Zoom without any knowledge of how to do that and their zoom church service was zoom-bombed with porn, LOL)

Here is another spyware candidate examined:

ht tps://theintercept.com/2020/05/20/facebook-messenger-rooms-video-call/

Chris May 20, 2020 5:14 PM

Howdy,

Not sure how this is security related but it kindof is, so i write it on the squid

I use linux only, been using unix dialects also but for whatever reason i am stuck in the linux world now, and ive had 2 small things that i have missed that i like to add to. not sure what its worth though but here goes.

I want to cron sometimes much more often that once an hour so i have crontab jobs that runs like ever
1 min
5 min
15 min
30 min
etc and I put those jobs in /etc/cron.minutes
so they would be called

01min, 05min etc

I use healer scripts that are part of an automation process strategy i have so to speak, but we can start with just those healers, i put those under
/etc/cron.automate
just to make an example of what could be there is an example of polipo

These healers are then run from within
those /etc/cron.minute scripts
Heh yeah sounds like quick and dirty fixes but its not only that

Forinstance they autodetect when i leave my home just to name a small thing those scripts do … its really only your imagination that can stop those automations

#!/bin/bash

Verified functionality 2019-11-16

Automate Process Healer for Polipo

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

Search for Isue

systemctl status polipo |grep “Too many open files” > /dev/null

If the return code from ($?) is not 0 we execute the healer

if [ $? != 1 ]
then

systemctl stop polipo > /dev/null
sleep 2
systemctl start polipo > /dev/null

fi

Ok so perhaps boring i dunno, i use these automation things ALOT! this just one small example

Maybe its an example that could be of use for someone who knows

Chris

Chris May 20, 2020 5:27 PM

Orchestration

Ok so we are still in the same category but now more moving almost towards functionality as in Active Directory GPO so to speak

How do you do this in Linux, i dont know but i know how i do it

Again I use the same backbone as I told about previously called /etc/cron.minutes

Then i call scripts that needs to be run

so if i want to push out something to all my linux servers and android phones i have scripts for it that are run every minute

Then I just update the Global Repository in one place and after 60 seconds its pushed out to every single linux machine and phone i have

I hope that makes it clear what can be done and that its very powerful and simple

Think strategically
Make a design
Do it 🙂

Chris

Chris May 20, 2020 5:40 PM

Ok i forgot to tell something that i use to make the magic happen

So i also use a synchronisation tool
and the one I use os called Syncthing

I have used over the years many different
-Dropbox
-BTSync
-Wuala
-Dont remember but probably tried it
Today I use syncthing

It covers the encryption part nicely
I dont theoretically need another layer over the online encryption such as Encfs over forinstance a thirdparty Dropbox

It also covers most operating systems
when i started to use these kindof solutions
i had to have windows and linux covered
today i dont have that problem, however i do use it as a backup to backup photos i take on my phones, and i like that

It works and i has worked since i started to use the early betas, there was one upgrade once that was major and got issues but thats years ago now. Its very stable

However it depends on you personaly
do and use what you choose is ok for you
i dont have any opinions on that

So. part of the Synch Backbone i use to push out my automation scripts uses Syncthing
I am not sure if its a must but this is the way I do it

Chris

Chris May 20, 2020 5:56 PM

@myliit
VPN or not to VPN

So you need to think who your adversary is
case example from realife scenario

  • You are borned in country-1
  • You move to country-2
  • Country-2 dont allow you to work
    its written in their VISA rules that you can not work unless you have a work permit, and for what ever reason you dont have this permit.
  • But you still have work sometimes or fully that are over the internet to countr-1

Now you would be an easy target for country-2 if you dont use vpn and they can detect that you are working online and thats not covered in the visa rule so you can now be kicked out by the immigration

Using VPN would in this case be beneficial for you since nor would the local ISP or the Local LE know that you are working toward country-1

When it comes to TOR its different, then your adversary is not a country but a more a global player, that would also meen that you are considered a global threat, the simple question you should ask youselfe is, are you a global threat ? if not go with the VPN

But.. there are other issues as well
so use TOR for certain blogging stuff etc but think of it as a global issue

Clive Robinson May 20, 2020 6:08 PM

@ myliit,

re: use of either virtual private networks or Tor at this point in time

The only honest answer is “as they have both had security flaws and no doubt still do[1] you should not trust either VPN’s or Tor” under the “precautionary principle”[2].

Which is not the answer you are looking for, because you are asking the question in the wrong way.

There is no such thing as “absolute security” thus unless you put in place lesser criteria the answer is always going to be “not secure”.

Our host @Bruce once pointed out that a simple lockable diary is probably enough to keep a kid brother from reading his sisters scribblings. Unless of course he is “curious and thoughtfull” and learned to pick simple locks before his older sister felt the need for privacy for her “Dear Diary” scribblings.

As I could pick both the front and back doors of the house before I was a teenager, “better locks” would not have helped if I’d been interested. Which as I was actually totally disinterested in what my sister did and took pains to avoid her, a spiral bound note pad would have been secure enough (if she actually wrote a diary which I’ve no idea one way or another).

Thus the important thing you did not state, is what threat it is you are trying to defend against.

[1] But the vulnerabilities in the applications are just a small part of the problem, you have to also consider the OS’s and Driver’s and even Hardware just for starters[2].

[2] Put simply security is not realistically possible for ordinary mortals when it comes to Level 3 (state and above) attackers who are belived to have the equipment producers and software developers “in their back pocket”, or alternatively have sufficient resources to find or aquire as many Zero Day etc exploits as they need.

Signal May 20, 2020 6:10 PM

I started to use Redphone and Securetext i think they were called in 2013 or 2014 then eventually they merged to Signal, i have tried to no avail to get my friends to use it and I have actually started to make some momentum, and then what happens is …

Nagscreens from Signal
-Tell me who you are
-Register your selfe
etc i meen wtf is going on here

Its allready a bloody joke that i cant use a QR code or other meens to add a user or send my ID to someone, no they need to have my phonenumber, and its not bloody useful unless the person is someone that is within your family or such

Really Signal needs to get redesgined
and stop nagging about information you will never get its just stupid
for F!”#!”#”! sake

Rachel May 20, 2020 7:54 PM

MarkH Clive, Vas Pup et al

I just tried ebay search ‘rare padlocks’. Some wonderful creatures!

No high security gems I noticed but I highly recommend a browse through those archaic selections! I am sure you’ll be gushing at those mind-forg’d manacles like I

Vas Pup you could be contacting Bosnian Bill on locklabs.com to enquire about
that padlock.

SpaceLifeForm May 21, 2020 2:39 AM

@ Chris, myliit, Clive

Always avoid VPN or TOR. You wil be attracting
attention to yourself.

Chris, you have a couple of issues.

  1. You are trying to to deal with a bug in Polipo.
  2. Your script is bad. You do not want that PATH environment variable set the way you have while you are running as root. Use minimal. Better yet, unset PATH in your script, and fully hardcode the path to the tools.

Look into dnsmasq, dnscrypt-proxy, nginx and unbound.
Just some options.

You can make it better with less headache.

SpaceLifeForm May 21, 2020 3:00 AM

https://arktimes.com/arkansas-blog/2020/05/18/governor-shooting-the-messenger-wrong-tact-in-arkansas-pua-data-breach-experts-say

Asked about his rationale for framing the programmer’s actions as illegal, the governor said, “When you go in and manipulate a system in order to gain an access that you’re not allowed to have permission to access, that is a violation of the security that we want to have in place in these systems, and it would be a violation of the law as well, I would think.”

But the programmer didn’t manipulate the security of the system. He was a PUA applicant himself, who gained access to the admin portal by simply altering the website’s URL, which suggests that basic security protocols were lacking or nonexistent. Through an API (application programming interface) the site was using to communicate with a database, he saw that personal data had been left unencrypted.

SpaceLifeForm May 21, 2020 3:29 AM

If one does not see the insanity, then one is insane.

This problem is everywhere.

hxxps://bylinetimes.com/2020/05/18/independent-sage-a-beveridge-report-for-britains-covid-19-public-health-disaster/

“There’s no such thing as ‘ the science’” which is a key lesson. If you hear a politician say we’re following the science, then what that means is they don’t really understand what science is. There isn’t such a thing as ‘the science’. Science is a mindse.” What we were left with was a form of the Emperor’s new clothes in which politicians believing their own rhetoric wrapped it up in a cloak of mumbo jumbo quasi-scientific deference.

MarkH May 21, 2020 5:06 AM

@SpaceLifeForm, re Arkansas story:

Sad … and typical. I get that a white-haired governor is liable to misunderstand IT security. What I don’t get, is how people in offices of such responsibility and authority fail to seek out those who do understand, and then respect what knowledgeable folks tell them.


Sometime in the naughts, a young friend was selling/clerking in a big national retail chain store. The “point of sale terminals” they used for ringing up purchases were in essence ordinary PCs, and he saw that the operator interface he and his colleagues were using was a web browser.

He easily enabled the browser’s address control, tried entering a local file URL (like file://), and was able to view the filesystem. He found files which he believed a thief could use to defraud or rob the store.

As I recall, he reported this to management, who disregarded the information. At least they didn’t call him a criminal …

Sherman Jay May 21, 2020 12:51 PM

This seems interesting. Wanted to share it. Seems pertinent. I haven’t read it carefully yet.

ht tps://www.emptywheel.net/2020/05/21/wyden-hints-at-how-the-intelligence-community-hides-its-web-tracking-under-section-215/

u.s. senator Ron Wyden has always been an advocate for people’s security and rights.

Mr. Peed Off May 21, 2020 12:53 PM

“What I don’t get, is how people in offices of such responsibility and authority fail to seek out those who do understand, and then respect what knowledgeable folks tell them.”

I suspect that the constant presence of lobbyists and others with an agenda has created a general feeling of distrust with anyone offering advise.

If you have no clothes, the best place to hide is in a group of nudists.

MarkH May 21, 2020 3:00 PM

@Rachel, re padlocks:

Somewhere I have close-up photos I took of padlocks in a former Soviet village.

As I recall, they were enormous (maybe 10+ cm wide), appeared to be made from a few thickish plates of cast iron, and worked with very simple old-fashioned “skeleton” keys.

Rachel May 22, 2020 1:34 AM

myliit

Since certain well publicised events of about 6 years ago currently discussed on another thread, Tor has received a great deal more attention.

Whatever it’s limitations, and whatever its use case, one would suspect the Tor of yester year is not the same Tor in use today.

What really is in the executable package being downloaded? Who else is it pinging?
Who and what are the servers in use, what else do they contain?
No one is about to provide any reliable answers to these questions. It’s more
slimy than it may have once been.

And I can only imagine the components motivating these two issues (the software, and the servers it relies on) only continue to deteriorate. There’s reason
to suspect that all traffic, all the time, is routinely deanonymised.

@grugq some years ago explained only 5% of Tor nodes need be owned, to contol the entire infrastructure.

‘Is Tor Trustworthy and Safe?’ ( pro tip: it gives No as an answer)

https://restoreprivacy.com/tor/

MarkH May 22, 2020 3:07 AM

A Hazard from Medicine Reports

Disclaimer: Got this from TV, and failed to note the speaker’s name or where his thoughts may have been published. Doing my best to convey the central idea …

Much attention is drawn by reports of studies on drugs or investigative vaccines against Covid-19.

Some of these are from private companies, and there will be many more such in the coming months.

As a rule, these “news flash” results have not been reviewed, and none of the underlying data are disclosed.

The speaker’s concerns, as I understood them:

• many of these investigative medicines will fail to prove adequately safe and effective1

• corporations reporting early results have an incentive to frame them optimistically: their stock prices will jump

• without disclosure of data, independent scientists can’t make a meaningful evaluation

It’s bad enough that these “scientific” press releases may distort the truth: even worse, a series of disappointments or even scandals would undermine public confidence in medical science, at a time when such confidence will be indispensable for public safety.

The speaker called for maximal transparency, with disclosure of data.

The anti-vax crowd is already making preemptive strikes, claiming (among other things) that the virus was engineered by Pharma in order to sell new vaccines.

1 I’ve read in more than one place, that most new vaccines which do well in early testing fail at later stages. There was some hoopla a couple of days ago about a new vaccine — of a type never yet approved for humans — which showed promising early results when administered to eight young adults in excellent health. The first few cm of a hundred meter race …

myliit May 22, 2020 12:26 PM

To update or not to update?

iOS 13.5 is out with the Google/Apple bluetooth/covid19 technology. Any reason not to install it? It appears that technology is dormant unless you approve it and install a relevant app. Fixing security bugs, including XML parser
[1], thus far have outweighed fear of compromised Apple downloads, in general, for me. https://9to5mac.com/2020/05/20/ios-13-5-released-features-exposure/

For a layman’s security, I assume it’s dumb to jailbreak iOS. Anyway, I saw this: https://www.macrumors.com/2020/05/21/jailbreak-for-all-ios-13-5-devices-coming/

Any thoughts?

[1] https://www.schneier.com/blog/archives/2020/05/ios_xml_bug.html

Clive Robinson May 22, 2020 12:32 PM

@ Trudi Fenster-Klotz,

The use of “non thermal plasma” to decrease the viability of virii, is kind of new but not new.

Obviously if a plasma exists there must be energy involved with striping the atoms to form ions. That is known science in K12 level science classes.

The real question is what happens to that energy?

That is as either the ions recombine or the striped atoms combine to form molecules energy is given up to the environment, but in what form?

We know for instance with mercury strip lights the plasma gives out various frequencies of UV including UV-C which renders many pathogens not just virii unviable, as well as causing major surface level cellular damage in amongst many other living creatures mammals of which humans are a subset. This is because UV-C in it’s own right is ionizing.

Thus the question arises “does the energy released have to be ionizing?” Well the answer to that is as we know with microwave ovens “no”. These work by making OH groups on larger molecules vibrate very rapidly, thus create highly localised thermal energy. We know from cooking eggs and meat that protein actually starts to depolarize and thus become nonviable from a little over 40C. With sous-vide –waterbath–
cooking meat becomes perfectly cooked at as little as 60C and by 80C most pathogens we find in food have ceased to be viable[1].

Thus high intensity RF energy that can be made with plasmas could easily heat aby pathogen beyond being viable. However this would be quite energy intensive.

It’s at this point we need someone who does “plasma physics” to chime in with other suggestions as to a viable method.

However as “the laws of physics” and “the laws of thermodynamics” do alow this and potentially quite efficiently, I would say it is something that would be more interesting to find out about.

[1] As always there are exceptions some are plain weird[2]. A common bacteria spore of Bacillus Cereus found in dirt and excrement is often transfered to raw food. It can be found contaminating uncooked rice. Unfortunately the spores need to be heated by steam to over 140C to kill then (which is why you should never try to make your own “cooked rice pouches” etc and perhaps avoid making “egg fried rice” unless you have rapid chillers and steam cookers.

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2130471/

The spores exist in many other foods than rice, however most foods get effectively destroyed by steam at more than 105C. So the food industry tried using a process that first gerninated the spores then killed the unprotected bacteria in an ordinary cooking process. As always there is a problem which is “superdormant spores” that don’t get easily germinated by the process but will go on to germinate after the food is cooked ans not stored correctly.

[2] Then of course there is the weird stuff, that is life around “black smokers” (one type of hydrothermal vent) that are in effect deep sub sea volcanos first discovered in the late 1970’s. Imporyantky the water preasure at 2000m 7000ft stops steam being easily formed and water tempratures can exceed 400C, but life exists in this weird lightless environment, ranging from micro pathogens such as bacteria all the way up to creatures that look like large shrimp etc. Without light the energy that supplies the food chain comes from the bacteria that generate it from the chemicals being spewed out.

https://www.thoughtco.com/what-is-a-hydrothermal-vent-2291778

myliit May 22, 2020 12:46 PM

It’s not clear to me if Boston’s Mass General Brigham, with 75,000 employees, considers infrared touchless temperature checks security theater for daily staff entry checks. It appears that they might want staff to do DIY temperature testing at home or elsewhere.

https://www.newyorker.com/science/medical-dispatch/amid-the-coronavirus-crisis-a-regimen-for-reentry

“Hence the practices begun in Asia, and adopted by my health system, to institute daily screening of all employees, patients, and visitors for symptoms of covid-19. Anytime I want to enter a hospital building, I have to go to a Web site that I’ve bookmarked on my phone, log in with my employee identification, and confirm that I have not developed a single sign of the disease—a new fever, cough, sore throat, shortness of breath, loss of taste or smell, or even just nasal congestion or a runny nose. (Administrators could also have added a formal temperature check with an infrared touchless thermometer, but, although ninety per cent of symptomatic covid-19 patients eventually develop fevers, early on, fever is present less than half the time. So it’s the mild symptoms that are most important to screen for.) A green pass on my phone indicates no symptoms and grants me access to the hospital. Otherwise, I can’t work. In that case, the Web site directs me to call our occupational-health clinic and arrange for possible testing.

[…]

This self-screening is obviously far from foolproof. Anyone could lie. …”

[ In addition, you might find this paragraph interesting or useful ]

“… These lessons point toward an approach that we might think of as a combination therapy—like a drug cocktail. Its elements are all familiar: [1] hygiene measures, [2] screening, [3] distancing, and [4] masks. Each has flaws. Skip one, and the treatment won’t work. But, when taken together, and taken seriously, they shut down the virus. We need to understand these elements properly—what their strengths and limitations are—if we’re going to make them work outside health care. …”

Joy Lawson May 22, 2020 1:30 PM

On the easiest degree, this would possibly embody a verify on the account balances to verify the provision of ample funds. However within the case of cryptocurrency, each transaction made between two events is taken into account as a novel change the place the phrases will be agreed and negotiated. If you want to learn more about this topic please visit quickex

Clive Robinson May 22, 2020 1:34 PM

@ myliit,

It’s not clear to me if Boston’s Mass General Brigham, with 75,000 employees, considers infrared touchless temperature checks security theater for daily staff entry checks.

Well unlike SARS-CoV-1 back in 2002/3 where you had a temprature before you are infectious, SARS-CoV-2 makes you infectious prior to any symptoms that might indicate you have some level of COVID-19.

Thus the major problem, you are infectious and will not show symptoms for some period of time if at all… So any symptoms based checker is at best going to tell you, you have already infected other people… Hence the reason “Test, Track, Trace and issolate” (TTTI) is so important.

We don’t have effective test systems in place in the UK, US and many other places in the world. Nor do we have effective tracking because all the proposed technical solutions have way to many faults, that just keeping a diary is many times more reliable. Likewise Tracing. As for effective issolation that would mean 21days without direct contact, no going out for food, excercise or anything else, which Western Goverbments will not implement. So in the West and many other places TTTI is not ever going to work…

However there is now well carried out research evidence that shows compulsory wearing of face masks reduces transmission by infectious entiries by over 50%…

This would be very very cheap as the masks do not need to be PPE, just simple cotton cloth etc. Because their purpose is to limit exhalation range –not to stop particles– to less than a couple of feet.

So any country with an R0 of less than 2 but without compulsory mask wearing will find their R0 dropping below 1 just by instituting compulsory mask wearing at all times people are outside of their homes.

myliit May 22, 2020 3:15 PM

@Clive Robinson

re: TTTI ( Test, Track, Trace and Isolate), track and trace

“… Nor do we have effective tracking because all the proposed technical solutions have way to many faults, that just keeping a diary is many times more reliable. Likewise Tracing. …”

https://www.washingtonpost.com/technology/2020/05/21/care19-dakota-privacy-coronavirus/

“… One of the first contact-tracing apps violates its own privacy policy

North and South Dakota’s Care19 coronavirus app sends users’ location data to more than just the government …

The review was published Thursday by privacy software maker Jumbo.

The oversight suggests that state officials and Apple, both of which were responsible for vetting the app before it became available April 7, were asleep at the wheel. Americans are especially wary of location and health data, and privacy violations of any degree will hamper efforts to use smartphones both to trace-contact and to provide exposure notifications.

The states [North and South Dakota] turned to North Dakota app maker ProudCrowd to make Care19 for free. ProudCrowd confirmed to me that some data from its iPhone app goes to Foursquare, a prominent location-data provider for marketers — but says it isn’t used for commercial purposes. (The Google Android version of Care19 also uses Foursquare, but does it in a way that obscures the data, ProudCrowd said.) …

The Care19 app is upfront that its main purpose is voluntarily collecting citizen location data. (It’s different from a new set of apps that use Bluetooth technology from Apple and Google to provide anonymous exposure alerts without collecting location data.) Care19 calls itself a “digital diary” to help people remember where they’ve been over the previous 14 days so they can retrace their steps, and the people they’ve been in contact with, should they contract covid-19. …

That’s where the privacy review by Jumbo finds the app falls short. Tracing the flow of data from the app, it found Care19 sends data to Foursquare including a citizen’s location, his advertising identifier (a unique code representing a specific phone) and the unique “citizen code” generated by the app. …”

Clive Robinson May 22, 2020 11:44 PM

@ ALL,

Speaking of “set phasors to stun” how about to “kill”, atleast for drones for now,

https://www.thedrive.com/the-war-zone/33634/the-amphibious-warship-uss-portland-has-shot-down-a-drone-with-its-new-high-power-laser

The weapon is 150kW solid state laser from Northrop Grumman’s Redondo Beach facility.

Yes I know it harks back to the 1980’s and Ronnie “Ray-gun’s” SDI from near on a life time of work back but the use of high power lasers in naval warfare is starting to heat up in the South China seas,

https://www.thedrive.com/the-war-zone/32402/navy-instagram-tells-china-you-dont-want-to-play-laser-tag-with-us-after-pacific-incident

Whilst the size of these solid state laser units are currently large, thus require a large platform such as a Sea going vessel or land base, technology has a habit of reducing fairly rapidly if you throw things into a war footing. Thus firstly air platforms such as modified Boeing air frames and land mobile vehicles such as the equivalent of tanks or APC’s may not be far off.

Potentially such lasers have the ability to shoot down or disrupt not just drones but other weapons such as “smart bombs” and “smart shells”, conventional missiles and similar. Thus the question arises about both China and Russia’s “hypersonic missile” developments and if they are too fast to be shot down in time.

We already have cause to believe that Russia was in the testing phase of a nuclear powered “ram jet” missile similar to the 1960’s idea of the US Pluto project. We also have cause to believe that the Chinese have developed a hypersonic “stand off missile” which is aircraft launched with a range considerably greater than current US carrier fighters have. The only question being what size and type of nuclear warhead can it carry. A neutron enriched device which will pass through conventional armour but disrupt organics is something that would be a cause of concern as was the unshielded reactor of a nuclear ram jet from the Pluto Project.

From a technology perspective things are “getting interesting”, however in human terms the old Chinese curse of “May you live in interesting times” has just got a new set of teeth and claws.

JonKnowsNothing May 23, 2020 12:01 PM

@Clive @All

re: high tech warfare

There was a Reality TV shown in USA, about Sea Shepard confronting Japanese whaling ships in the Southern Ocean (Antarctic Ocean). Presented as a “cops n robbers” type show with the participants slinging butyric acid stink bombs at the whaling ships.

The Japanese got serious about the stink bombs and started to deploy some serious and potentially lethal counter measures. A sonic cannon and what appeared to be modified harpoon cannons that could point at their helicopter.

LRADs are now common in LEOs and they are not there to replace loud speakers for giving instructions.

August 2017, Sea Shepherd announced that they would suspend their anti-whaling activism. They cited the fleets inability to compete against the evolution of the whaling fleet supported with high tech military resources such as ‘real time satellite’ surveillance and increased funding

ht tps://en.wikipedia.org/wiki/Sea_Shepherd_Conservation_Society
ht tps://en.wikipedia.org/wiki/Sea_Shepherd_Conservation_Society_operations#Japanese_whaling_(2003–2017)
ht tps://en.wikipedia.org/wiki/Southern_Ocean
ht tps://en.wikipedia.org/wiki/Butyric_acid
ht tps://en.wikipedia.org/wiki/Long_Range_Acoustic_Device

LRAD systems are used for long-range communications in a variety of applications including as a means of non-lethal, non-kinetic crowd control.

(url fractured to prevent autorun)

A dubious person May 24, 2020 7:36 PM

@ Clive, JonKnowsNothing, &c. re: “star wars” laser weapon announcement

I feel compelled to gaze in awe, marvelling at their space-age technology… surely, they now have the Power of the Gods…

Nah, sorry, can’t see of this as anything more than a willy-wave. I am curious about how rigorous (“rigged” might be a better word) their test was. And whether there was any trustworthy witness to give actual details, because aside from my habitual skepticism, beaming 150kW of power through the atmosphere ain’t hay, so if they really did that I’d like to know more. I can think of many uses for something with just a small fraction of that power!

But then an itch starts in my head. And I read on…

And then JonKnowsNothing happens to say something about acoustic weaponry; and because I’m already thinking about taking down a UAV with a beam, the itch flowers into “oh yeah, I was just thinking about something like that.”

I’ve noticed via repeated ITSec papers here and elsewhere that most of the MEMS devices that our modern whiz-bang consumer electronics universe relies heavily on, like accelerometers and microphones, are vulnerable to being driven out of their “sane” operating zones with ultrasound. If exploited right this ought to let you feed arbitrarily insane information to the stability processing that’s necessary to prevent (say) hobby quadcopters from evolving spontaneously into flying food processors.

I figure a circular planar array of ultrasonic transducers, like those old piezo tweeters that the speaker hacks all loved back in the day, with “good enough” phase alignment, could project a (sorta) beam of ultrasound for some distance. And at the right frequency that beam should make a quadcopter terminally sea-sick. (This should, I think, also cause big problems with Segways or those one-wheel skateboards like the caveman wheels in the old BC comic strip; anything relying on a MEMS accelerometer to keep it from falling over would be a potential target.)

I have no idea what sort of frequencies might be interesting, but the datasheets for a handful of the more-common MEMS devices ought to provide a few suggestions. IIRC those piezo tweeters had a pretty good frequency range so, with a tunable source signal varying upward from about 30kHz, it ought to be possible to find something effective for at least some of the popular ones. The papers on e.g. ultrasonic Siri exploits likely have relevant info.

I don’t know what kind of radiation pattern you’d actually get from the array, or how much power it could transmit. (Clive could probably say a lot more.) I’m guessing the beam will diverge quite a bit but should still be relatively beam-like, and dissipation would at least be better than r -2.

Do you think something like this would work (to disrupt MEMS sensors – no idea what other sorts of bother it might be capable of)?

And could something effective using this principle be portable? What kind of range/power might a person-portable version have? A car-portable version?

I’ll assume that a naval frigate could carry an arbitrarily powerful version. Maybe even a tank; MBTs are pretty big nowadays.

(And if anybody from Ben-Gurion University builds this and starts selling it through a hastily thrown-together defense contractor, I ask that you call it the “Dubious Beam” in my honor.)

Clive Robinson May 25, 2020 6:43 AM

@ A Dub,

because aside from my habitual skepticism, beaming 150kW of power through the atmosphere ain’t hay

You are both correct and incorrect, as you are a couple of bits of information missing 😉

Firstly as you heat air, it changes it’s optical properties due to it’s density change. In fact if you get a metal tube and spin it whilst heating it to near read heat, if you look down it’s “bore sight” you will find you have a lense. There was a paper on this some years ago that a snipit of ended up in New Scientist. If memory serves it was from South African researchers and they made a telescope as a practical demonstration. So remember “the transmission medium” absorbes energy thus has an attenuation coeficient that also changes with the mediums nonlinear properties (think a boiling kettle, it you look carefully you will see that at the spout where the real steam is it’s transparent, as it quickly cools the steam phase changes and condenses back to suspended water droplets, and forms a sort of white cloud most of us incorrectly call steam).

Secondly a well known problem with making holes in things is “swarf” that fouls the cutting. That is when you use a conventional drill the cut material blocks the hole and creates friction, heat and all sorts of issues. Thus most “drills” have a fluted or spiral series of lands designed to lift the swarf away from the cutting point. Lasers have the same problem as they ablate a material, the lifted material gets heated and forms an absorbing layer that significantly antenuates the power of the beam at the cutting point.

Thus using a laser as a coninuous wave (CW) at a point is realy quite self defeating. There are two solutions. Firstly move the CW beam around in a small patern which reduces the actual cut power as you are effectively spreading the beam energy over a much greater cut area. Secondly use Pulse Wave Modulation (PWM). If the laser is only on for say 10% of the time this alows much of the cut material to escape as vapour away from both the cutting surface but also out of the beam bore sight. On the face of it, this sounds like it would also reduce the beam power to 1/10th… but it actually does not. There are various “energy storage” places in a laser system one is the optical cell, so if you push 150kW into the cell the pulses coming out will be aproximately ten times the power in the pulse over one tenth the time, so the equivalent of 150kW mean or CW and 1.5MW peak at the 1/10th PWM rate.

A very similar trick can be done with thermionic valves / tubes and semiconductor devices. In essence what destroys them is heat disipation over a period of time. Thus a power transistor rated at 100W disipation, will provided you stay inside other limits give you a peak disipation of 1kW for a 1/10th PWM waveform. This has been exploited in high power RADAR systems for more than half a century. If you want to see just how much energy can be stored and released look up “water capacitors” which can store immense amounts of power before the dielectric (pure water) breaks down. More than enough time to charge ten or so in parallel to many kV then discharge them in series via a “UV triggered spark gap”.

Which brings us back to you idea about “sound”… It is known from mathmatics and physics, that if you hit a “perfect” resonator at it’s resonant frequency the energy builds up linearly to infinity. In practice the ancient Chinese with their very large “gongs / cymbals / bells” knew about this and could by carefull timing produce very intense and often destructive levels of sound.

There is also the issue of water in pipes, if you get the flow rate right and likewise the pipe mounting points, it will act as a self resonant resonator and if not damped will destroy it’s self fairly quickly.

Thus a PWM laser with an optical feedback system can be used to pump energy into a surface at it’s self resonant frequency, this turns out to be more destructive than burning little holes in things. Importantly, the beam does not have to be anywhere near as focused as it’s the “knock energy” that does the damage and a four by four timber works just as well for that as does drilling out several hundred little holes…

So if pulsed right, such that the side of a plane self resonates, you could get a good chunk of that 150kW as “sound power” conducted around the air frame and radiating into the internal spaces.

More interestingly you can “double modulate” the laser. If you can not just change the pulse repetition rate to the correct frequency you can then modulate the power in each pulse, the result being at the target the equivalent of an Amplitude Modulated signal at a much lower frequency. Humans are known to be susceptable to certain low frequency wave forms… Just imagine what would happen if you made the side of an aircraft not just resonate at some frequency in the upper audio spectrum but be amplitude modulated at those low frequencies?

For instance sound around 18Hz is known to cause people to have gut wrenching loss of bowl and bladder control as well as vomiting. Which is what you try and induce with various types of chemical warfare… Other frequencies will induce problems with your vision, whilst others have been found to cause people to colapse into a twitching pile.

Just something to think about 😉

JonKnowsNothing May 25, 2020 8:55 AM

@Clive

re:

For instance sound around 18Hz is known to cause people to have gut wrenching loss of bowl and bladder control as well as vomiting. Which is what you try and induce with various types of chemical warfare… Other frequencies will induce problems with your vision, whilst others have been found to cause people to collapse into a twitching pile.

Is this aspect of sound the reason behind the common practice of bombarding prisoners with loud sounds?

Was this part of the enhanced techniques promoted by Mitchell and Jessen for use by the CIA?

I had thought that sound bombardment as detailed by survivors of torture and survivors of GITMO was purely psychological torture with sleep depravation.

There were MSM stories of high profile kidnappings where the victim was stuffed in a box with high volume sounds playing 24/7 presented as a way to prevent cries for help being heard. Essentially the neighbors were used to loud rock and roll playing at all hours and didn’t realize there was someone in a basement cell.

Stories and reports of torture victims have indicated that certain “stress” positions and being hung from the ceiling in specific ways will cause immediate evacuation of bowels and urine. This was indicated to be a physical reaction. These reports indicate that loud music is often played at that same time.

An interesting aspect of sound. A feedback squeal will get me to rip off my headphones PDQ.

ht tps://en.wikipedia.org/wiki/Gitmo_playlist
ht tps://en.wikipedia.org/wiki/Guantanamo_Bay_detention_camp
ht tps://en.wikipedia.org/wiki/Bruce_Jessen
ht tps://en.wikipedia.org/wiki/James_Elmer_Mitchell
(url fractured to prevent autorun)

Clive Robinson May 25, 2020 12:45 PM

@ JonKnowsNothing,

Was this part of the enhanced techniques promoted by Mitchell and Jessen for use by the CIA?

I’ve little knowledge of either Mitchell or Jessen save for that which has appeared in some MSM articles. As for the CIA, what is “official” and what is “not official” interrogation techniques is far from clear, especially bearing in mind the behaviour of the current official in charge.

Whilst “infrasonics” can be used to tourture people it’s generally not that easy to generate with conventional audio equipment (think specialised bass speaker in a 27ft long pipe that’s around 30in in diameter).

The old tourture technique with sound used to be loud AGWN passed through a parametric amplifier than put into headphones at quite a high level. This could be combined with “flotation” in epsom salts at near body temprature. This used to cause the brain to become effectively “disconected with reality” in some but by no means all people subjected to it.

How effective it was I’ve no idea, but I do know that a large number of people used this form of “sensory deprivation” in a way not to disimilar to those using infected rye flour to get an Etgotim high on Claviceps purpurea poison from the “Rye Ergot Fungus” that can infest the seed head (looks like very small black catkins). Which was effectively an “LSD trip” and historically noted as causing “St Vitus Dance”.

I do know that quite recently US Diplomatic personnel at one mission started exhibiting strange symptoms and it was thought that maybe they had been subjected to infrasound. It was discussed on this blog as well.

A dubious person May 25, 2020 1:50 PM

@ Clive:

I’d heard about pulsing your cutting laser on and off to “clear the swarf,” but not about trying to do it at a resonant frequency to make the target material tear itself apart. Thanks!

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.