Comments
Ismar • June 19, 2020 5:36 PM
Yesterday
Australian government decided to further escalate the tensions with its no 1 trading partner China by announcing that a range of government and non government departments and industries are experiencing cyber attacks from that country.
What they failed to mention is that this is a normal state of affairs between most of the countries today and it has been so for decades.
So instead of putting energy into making our cyber infrastructure more resilient they again opt for an easier option of scaremongering to take the focus away from their inability to provide for a safe cyber space for its citizens.
Geez, this now sounds like a piece of Chinese state propaganda , so decide for your self you must young Jedi ????
TRX • June 19, 2020 9:35 PM
Well, since it’s Friday…
I’m looking for a “phone booster” or “cellular repeater” to use with a Faraday-shielded building. The booster needs to be programmable to allow outgoing connections only from specific phone IMEIs. And it needs to work on an LTE network. (Verizon)
So far I’m coming up with nothing. Can anyone help? I expected this would be a common security product.
Clive Robinson • June 20, 2020 5:01 AM
@ Ismar, ALL,
What they failed to mention is that this is a normal state of affairs between most of the countries today and it has been so for decades.
Which is a point I’ve been making nyself slightly unpopular with by asking two questions people to think about,
1, How come the US only has one “existential cyberattack” nation at any one time?
2, How come it’s always one of, China, Iran, North Korea, or Russian?
It helps peoples thinking if they have actually read George Orwell’s book “1984”, he saw the rise of this sort of linguistic nonsense back in World War II.
The actual real situation on the ground as any Net/Sys Admin should be able to tell people is “Cyber-Attacks are every second of every day come sunshine or rain”. The only relief being when very infrequently these day bits of the Internet that effect them go belly up due to electrical storms or our small furry friends…
As you note,
So instead of putting energy into making our cyber infrastructure more resilient
They do this in part because they have not a clue how to fix it (and I’m none the wiser except by massive loss of privacy and freedom). But also in part because they know that the MIC will move in –as they already have done– but likewise without a clue, but with a price tag to make existing MIC costs look but a drop in the ocean. But mainly because some lobbying vested corporate interests and several “guard labour” Government agencies and entities want the Internet to be insecure to profit by. But if you listen to the likes of the DoJ’s William Barr you will realise it’s because he thinks no citizen should have any rights or privacy what so ever. But his views are even worse than that, he thinks US Presidents should have “Divine Right” which is something the founding fathers faught against and why the US is a “Republic”. Which is why you get the policy towards the Internet of “attack” rather than “defence”.
So to cover up these wet dream desires for power over all they see, you gat as you note,
they again opt for an easier option of scaremongering to take the focus away from their inability to provide for a safe cyber space for its citizens.
Welcome to the 21st Century where you the citizen are not people with freedoms or even the right to peruse freedom and happiness. You are justva resource of the land for the “King and his men” to live in high estate whist you rot in penury enforced debt and the mortgaging of your descendants lives for atleast the next three generations to pay for that high estate…
Clive Robinson • June 20, 2020 5:06 AM
@ Bruce,
and 450 pounds.
Sounds like a hacker squid…
But not in it’s usual location of the back bedroom 😉
Clive Robinson • June 20, 2020 5:27 AM
@ TRX,
So far I’m coming up with nothing. Can anyone help? I expected this would be a common security product.
Because in some jurisdictions that would be specifically legislated against, and in others indirectly legislated against as a form of jamming due to the way the legislation is written[1]. So the upshot is it’s illegal or could certainly get you in court as a defendent in many places.
However what you want to do is technically fairly easy from the hardware point of view look up “LimeSDR” and their application notes some of which are about “pico-cells” and similar that bring cellular service into areas where capacity might be insufficient or signals to weak.
[1] People tend to forget what the definitions of “interference” are,
- “a) The act or an instance of hindering, obstructing, or impeding.
b) Something that hinders, obstructs, or impedes.”
Thus you can cause “interference by physicaly blocking” a lawful signal or “interference by emitting a signal that blocks” a lawful signal. A faraday cage does the first, a jammer the second, either way you are intentionaly stopping a lawful signal.
@clive & @TRX:
I have to ask why the building is a Farady shield in the first place. Is it a Tempest faciloity, from hich NO emmissions is desired? Is it a TS compartmentalized facility where cell phone communication is prohibited? Or is it just a metal building that inadvertently block the local cell base station signal? I ask because of the restriction on which phones should be allowed to use the repeater…
Andy Fletcher • June 20, 2020 8:57 AM
@TRX,
it would probably be easier to use some sort of WiFi solution where you can authenticate subscribers (radius/diameter) or force them into a VPN.
VoLTE, VoWiFi and EAP-SIM are keywords to look out for.
myliit • June 20, 2020 8:59 AM
@name.withheld.for.obvious.reasons (NWFOR), SpaceLifeForm, JonKnowsNothing, etc., or other interested parties or popcorn eaters
NWFOR, from an open letter, wrote [1]: “… As states are denied purchasing opportunities by the federal government during a national emergency (as in an invasion BY a foreign power) and have deployed the guard, if the federal government takes from available sources the ammunition the guard needs to defend citizens, then most certainly there has been a criminal act. …”
ianal, but probably like other citizens, I wonder what side the military and law enforcement agencies will come down on, if our President is, or continues to be, desperate to maintain power at any cost either to the U. S., or its democracy, or both, and the crap hits the fan.
[1] https://www.schneier.com/blog/archives/2020/06/friday_squid_bl_733.html#c6812556
Alejandro • June 20, 2020 10:07 AM
The are good cell phone boosters on Amazon, Wilson is an excellent brand.
But, I doubt you’ll find any with a setting for outbound only. Seems to me cell phone signaling is inherently duplex.
Or, if you are talking allowing only outbound calls there are quite a few security apps around that would block inbound calls and thus effectively become outbound only. Wide Caller comes to mind, but I am not sure it could be set up to your specs. I am thinking you need something that would only allow outbound calls to numbers on the approved contact list.
You aren’t giving much detail, but I suspect a case of fly swatting with a cannon.
Alejandro • June 20, 2020 10:10 AM
PS: myliit’s suggestion of wifi calling (to completely circumvent cell signals) sounds pretty good to me. Actually, very good.
MikeA • June 20, 2020 10:40 AM
@Alejandro, TRX, et al.
I am very curious about a situation where a Faraday Shield is in place (presumably for a reason like security or to shield sensitive equipment from active interference) and yet WiFi (and mobile phones) are free to operate within that shield. In either case (privacy or sensitive experiment), letting any un-vetted WiFi (and probably bluetooth) capable phone inside is pretty much game over.
My first two mobile phones lacked cameras, at least partly because some vendors and customers required cameras of any sort to be left at the security desk. Imagine how they would react to hi-def video and radios capable of snooping darn near anything wandering around the place.
If you don’t want the ability to receive inbound calls, just step outside when you want to make a (outbound) call. No additional hardware required.
Lt. Col. William Kilgore • June 20, 2020 4:41 PM
A couple of days ago, I received 2 calls on my cell phone; both times the phone rang only once early in the morning. The first call appeared to come from Burundi (Africa); the second from Dushanbe (Tajikistan, Central Asia); I live in Greece and have no connection to either of those 2 countries.
Looks like a scam to me: it seems they don’t want me to answer since they rang only once; my guess is they hope people will call them back. What happens then, I don’t know; maybe these are special numbers charging you by the second. Then they can simply put you on hold and play some nice music while you’re getting charged through the nose. That’s about the simplest scam I can think of. Does anyone have a better explanation guys?
vas pup • June 20, 2020 5:01 PM
@myliit: that is reality of 21st century.
Police is required to protect PEACEFUL protest (even when somebody don’t like the agenda), because peaceful protests are protected by Constitution and are within concept of Law and Order, but with the same token police required to suppress riots, violence against LEOs (state/federal/military police),looting, vandalism, because they are all in strong violation of Law and cannot be justified by any provisions of the Law.
As validation of my statement, I want to refer you to wisdom of Martin Luther King:
That is link to interview with MLK:
https://www.cbsnews.com/news/mlk-a-riot-is-the-language-of-the-unheard/
My attention was caught by those two statements which I want to share with all respected bloggers:
“I think that we’ve got to see that a riot is the language of the unheard. [that part recently and rightfully dominated by protests, but they totally forgot the second part below]
=========>I will never change in my basic idea that non-violence is the most potent weapon available to the Negro in his struggle for freedom and justice. I think for the Negro to turn to violence would be both impractical and immoral.
I would hope that we can avoid riots because riots are self-defeating and socially destructive.”
Language as in MLK statements, including currently politically incorrect words.
As I recall many years ago I’ve conversation with riot control officer, and he told me that is was discovered by observation crowd from above you could intercept the moment when peaceful crowd is about to transfer into violent mob: it like several small vortex observed from the top. At this point chopper (no drones were at that time)operator informed riot forces on the ground and they respond asap to cut crowd in sectors in order to isolate instigators (who basically highjacked peaceful rally) in the centers of the vortex areas and prevent escalation of violence and senseless destructive behavior – see above quote from MLK. I have no idea what reconnaissance purposes the did, but they really have security sense based on my opinion.
I’ll highly appreciate civilized discussion in this blog on the subject you point to without any labeling, personal attacks, i.e. in logical, not emotional field. Thanks.
Fink Ployd • June 20, 2020 5:42 PM
Wikipedia is scrubbing BLM’s funding:
On the Wikipedia page for Black Lives Matter it used to have a section called “Funding” where it detailed it’s $100,000,000 worth of funding from Open Society Foundations (Soros), The Ford Foundation, and Borealis Philanthropy. Now it is nowhere to be seen.
https://en.wikipedia.org/wiki/Black_Lives_Matter
However, it can be found archived on Wayback machine:
https://web.archive.org/web/20200607020803/https://en.wikipedia.org/wiki/Black_Lives_Matter#Funding
Additionally, on the Wikipedia page for “List of projects supported by George Soros” BLM is no longer there.
https://en.wikipedia.org/wiki/List_of_projects_supported_by_George_Soros
Again, you can see it was there on Wayback Machine:
Fink Ployd • June 20, 2020 5:45 PM
“I’ll highly appreciate civilized discussion in this blog on the subject you point to without any labeling, personal attacks, i.e. in logical, not emotional field.”
Womp, womp.
Clive Robinson • June 20, 2020 6:37 PM
@ William Kilgore,
Does anyone have a better explanation guys?
Well as you say “cell phone” there is another reason.
When you don’t use a cell phone for a period of time or don’t move from one cell to another, the network can effectively forget where you are located.
If you have a “special relationship” with the network provider they can send the equivalent of a “silent call” to cause the phone to be located.
If you don’t have a special relationship then you can not send a silent call, thus a call that only rings once does the same job of locating your phone.
But just remember the phone number you see displayed may have nothing what so ever to do with where the call originated from. There is no connection other than in your service provider database between the number you dial and the actual electronic routing number of your phone. The reasons for this are many and varied and mostly to do with the hidden tarrifs between network providers. And how to spoof “caller ID” is a well known trick.
So you could also be a “person of interest” to someone who does not have a special relationship with any network provider. Even debt collectors and repo-men are getting in on this game of “hunt the targets phone” and as cell phone numbers change hands so often yours may once have belonged for a while to some criminal or person close to a criminal, that is now being hunted down (in much the same way people get letters adressed to former residents of a property).
As for “silent rings” whilst the phone may not actually ring, it goes through the full call connect process. Which means if you use an “envelope detector” field strength meter or bug finder you get an entirely different type of pattern of transmissions from your phone. Sufficient that you can “learn them by ear” or “teach them to a microcontroler”.
Some time ago Ed Snowden collaborated with hardware hacker Andrew “Bunnie” Huang on something they called the “Introspection Engine”[1], which was to be a security sleeve for the likes of an iPhone to do just this sort of odd/suspicious phone usage detection. I don’t know what happened to it, I suspect as they were soldering wires to the iPhones internal circuit board test points, it was not going to be anything other than the preserve of security researchers and the very geeky. Also making it in a way which would not flag you up as a “person of interest” at any boarder crossing would be fairly difficult. Where as making an audible “field strength” meter or “bug finder” out of a very cheap small transistor radio is trivial in comparison[2].
[1] This was before Ed Snowdens android phone app “Haven” which you can use as a security motion sensor. You can find more on the Introspection Engine at,
https://www.wired.com/2016/07/snowden-designs-device-warn-iphones-radio-snitches/
[2] I’ve mentioned what you need to do in the past on this blog to make an envelope detector field strength meter and get it to work with the audio amplifier in a transistor radio. And it’s very easy for any licenced Amature/Ham radio operator as the technical knowledge to be able to do it is “required knowledge” for the examinations. This YouTube video shows how to make the basic field strength meter,
https://m.youtube.com/watch?v=8Dd0oEzDepA
If you look up “AM Envelope Detector” as used in AM Radios you will see it’s basically the same but made more selective and sensitive by the use of a tuned circuit on the RF side. However the capacitive coupling to an aidio amplifier is the same. If you can find an old transistor AM/VHF pocket radio from the 1980’s or their more modern equivalent it takes only a couple of cuts of the PCB traces and the addition of a switch and a piece of wire and optionaly an inductor to make it also a servicable “Bug Finder” broadband field strength meter with audio output.
You can also see a variation on the same idea in,
https://m.youtube.com/watch?v=QUUBlmj2LoQ
From Australian Ham VK3YE where instead of an audio amplifier used to hear the RF signals enevlope, he uses the detector diode output to change the frequency of an NE555 timer chip wired as a voltage controled oscillator, thus will work with constant carrier signals that GSM is not.
Ismar • June 20, 2020 7:10 PM
@Clive
Thanks for the comments and additional explanations.
However (as I have been feeling in an increasingly philosophical mood of late), as it is increasingly looking like we are heading towards an abyss, I think it is time to start talking fundamental reasons as to why the state of the things is the way it is as well as what can be done to improve it.
To start us off, I propose, as a starting point, is to see things from other peoples perspectives. In this case, governments as well as DOJ, MIC , FiveEyes alience and such.
One way is to assume that they are not inherently bad and want to dominate the rest of the humans – or am I wrong here ? Are those who state that power corrupts always are in the right ? Is the “power of the ring” too great for humans to wield towards progress? Most of the historical episodes so far would suggest so yet there is progress being made overall which is a puzzle in itself. If this is the case what can be done to change this trait of human nature or is the inherent way the life is and the way evolution works?
With regards to security, privacy and any other human aspect of free living, I don’t think that having a technical solution (which may or may not be possible) will be sufficient to solve these problems as long as the humans themselves realize that more can be achieved by being altrusitic then being selfish (or am I wrong here as well – but then why the innate desire for justice and need to concoct all sort of myths to justify doing injustice).
More importantly, what can we do on a personal level to make things that much better – maybe in the wast complexities of the human interaction that is all that is needed to improve things substantially?
I know it is strictly not on the topic of security , but I feel that all topics boil down to topic of survival anyway.
JonKnowsNothing • June 20, 2020 10:56 PM
@Fink Ployd
re: Missing Wikipedia Content
Wikipedia has an extensive list of rules and requirements for content. It is an ENCYCLOPEDIA not a news outlet or editorial/op-ed or even current affairs provider. It does have some or all of these as part of the encyclopedia aspect.
Wikipedia also has extremely strict rules on how things are written, what can be published and how it needs to be documented.
Additionally, Wikipedia has a hierarchy of editors and topic areas, especially for Hot Topics. Anyone can edit a page, and anyone can revise the edits. There are grammar, spelling and layout rules that are often handled by a wiki-bot. Normally there is a “history log” of what went in and what came out and a reason given.
You don’t have to agree with the reason.
There are TALK pages where you can sometimes discuss problem areas, but don’t be surprised if you get Dead Air as a reply. Many topics have been abandoned by their editors. You can pick up the editing on any of those pages too.
If there is an issue with a topic or how it’s presented (there are loads of these flame wars going on), it’s possible to get an escalation to a higher authority editor, but if you are a new editor or the topic is an inflammatory one, you will get shut down pretty fast.
There is an attempt to be “neutral” but do not expect every topic to remain or have neutral entries. If you want to review how that might play out, pick any “hot topic” in the last decade and check the history and talk pages, reference the editor’s pages and notations. You cannot out-edit or expect changes to last in a Hot Topic area. Even one that is “abandoned” has a bot-notifier to an editor/group-editor/team if you touch one of those pages.
All those boxes of references or sections that say “Part of XYZ Topic” indicate there are others-bigger-than-you on the editing board and if they don’t like it, it’s not staying.
Getting into a flame war or edit war is frowned upon but sometimes you land in one without realizing you stepped on the land-mine.
You might also get a tick-box on your No Fly Ticket if you touch some topics. There are OTHERS who monitor pages and changes very-carefully and very-intently.
ymmv
rrd • June 20, 2020 11:55 PM
@ Ismar
One way is to assume that they are not inherently bad and want to dominate the rest of the humans – or am I wrong here ?
“Good” or “bad” are defined with respect to one’s morality, which is almost always directly related to one’s upbringing (as opposed to the small number of people whose physical pathology leads them to be intrinsically immoral — head trauma can do that to a person, for example).
Coming into the world we each have personal tendencies towards or away from the various virtue/vice pairs (eg: love/hate). The sum total of one’s tendencies determines a person’s “goodness” or “badness”, and those tendencies evolve over a person’s lifetime, usually subconsciously. A person’s childhood environment usually determines the behaviors we consider positive or negative, even if the vices are considered positive (eg: the world’s pervasive misogynies) and the virtues negative (eg: being humble is weak).
So, as we enter adulthood, we have personal moral predilections as well as ingrained cultural patterns, but one crucial point is that we all have the choice to evolve ourselves towards or away from any vice or virtue using our mind and perceptual abilities to gauge both our and others’ physical and emotional states. Virtuous behaviors lead to greater happiness for our fellows, and vice versa (kindof a pun, noticed, not intended).
Another crucial point is that we are all born with the same total amount of tendency to vice and virtue across their 19-fold spectrum. So, where one person is likely to oppress others while not being a gossiper, another person will be naturally unkind but not likely to hate. The important thing is that we all start of equally part-good-part-bad but with different distributions, that are then affected by the cultures we are raised within.
There are three ways a person can go from there with their free will:
- Decide to consciously work on their moral compass to perfect it, thereby lessening their negative influence on others.
- Decide to consciously make themselves more ruthless, thereby increasing their vices in order to compete more successfully against other people.
- Decide to be content with who they are and how their culture operates, rolling with the ebb and flow of their virtuous moments and their vice-ridden failings.
Only the few people in #1 are actively trying to improve the world by first improving themselves and then their impact upon it. They are the saints not because they are perfect but simply because they are honestly trying. (Note that perfection of one’s morality is possible but is a long, painful slog.)
The vast majority of the world chooses to remain as they are, but that is ultimately a failure because we have default mammalian impulses from our physical body that inform our behaviors. But, because we have higher brain functions, such people become worse than the animals because they use their abstract thought, planning, communication and tool building to form their packs and then subjugate others (or, in the least, not caring one whit about their suffering). So, while this explains the world’s rampant racisms, it also explains religious violence, as their packs are just more abstract than something as simple as ethnicity.
Now, with all that background, we come to the truly evil ones, like Trump, who were raised amorally and then consciously chose to deepen his vices until he became a malignant narcissist, now likely demented. Such people not only want all there is for themself and their group, but they may actually take pleasure in the discomfiture of others. Note that that behavior is deep into the long tail of the negative side of the human bell curve, whatever shape it takes in reality.
[I’m sorry for the length and rambling of this but distilling the nature of mankind and why this world is so fucked-up now is non-trivial, especially when winging it.]
An important thing to remember is that the amoral have an intrinsic advantage with respect to material gain in this world. Nazis are more than ok with leaving the Jewish mensch dead in a ditch if it means more money for themselves, so long as it never catches up with them. They will lie, cheat, steal, hurt, intimidate, terrorize, … whatever it takes, to meet their worldly desires for pleasure.
Earth’s primary problem is that most people remain in category #3, and they are simply not capable of understanding how evil a person can self-evolve themselves over the years. By not having sought the perfection of morality they have not learned how high or low a person can go. As well, by not connecting to the Source of goodness, they usually lack the necessary selflessness to undertake the usually risky endeavors to strip the evil of their power.
Another useful perspective on good/bad is that goodness is always selfless and that badness is always selfish. Having mammalian equipment means such selfish tendencies happen in our packs and that is where the tragedies are writ large. Establishing what this Earth can be — with universal equality, plenitude, opportunity, justice, health, science and all the other good things we human beings can enjoy — requires that those of us who despair of that 8:46 where a human being was tormented to death while crying out for his deceased mother rise up in unison to establish compassion for ONE AND ALL, starting with the worst-off, as the primary motivating principle of governments local and larger.
Right now, the vast majority of human beings are simply living in financial (or worse) competition with everyone else. For a human being to truly embrace our potential humanity, we must champion cooperation with the intent that all human beings be able to enjoy this magnificent creation.
Security in any society can only be achieved when all people are cared for compassionately and vigorously, that being the opposite of the cruelty of domination or the callousness of being left uncared-for. And while the steps towards that end are being taken, those of us that selflessly commit to that ideal will live a peace and joy that is absolutely beyond words, even in these troubled times.
The first step towards establishing “On Earth as it is in Heaven” (where security is a given) is to recognize those who would subjugate others for their selfish desires. Then, those evil ones must be stripped of their power to harm others. No matter what they call themselves or what secrets bind them to their evil clique, their diseases of the soul must be diagnosed honestly and then dealt with with the seriousness history has taught us they require.
So, in response to your quoted question (finally, right?:-) : it depends on how evil the person desires to be combined with the means they have to effect their selfish desires at the expense of others’ happiness.
There is way more to this (being as it’s the explanation of the meaning of human life), but I’ll leave it at this for now, begging Bruce’s pardon. This being a blog about security, however, there is no greater threat to our collective security than failing to understand how evil organizations form and how we can tune our personal morality to not only be immune to such selfish group doctrines, but to recognize them where they occur and have the mind heart power to thwart them utterly.
To briefly answer your other question regarding if the “power of the ring” is too great for us mere mortals (and that’s all we have here), I’ll just say that there are spiritual practices that transmute our tendencies to vice into tendencies to their corresponding virtue, self-evolution being a human-only ability tied directly to our sense of morality. There is nothing more important than choosing a truly moral leader; and as is seen today and across history, choosing otherwise tends to be disastrous.
And, remember: everyone is self-evolving themselves, consciously or unconsciously regardless of whether they are the Greatest American Yet (MLK), or among the most deplorable ever (DJT). Usually, people just spend their time reinforcing their culture’s prejudices, and here we are.
As to what you can do personally? Beg the universe (as it manifests the Will of our Creator) from your deepest heart’s desire to make you a Servant of Love, to teach you how to be free of vice and a completely positive force for everyone around you, and the universe will put you in bin #1, guaranteed. You will be guided to the knowledge you need and have the strength to do the things that need to be done, and you will be at peace, even in the face of evils and horrors, provided you continue to learn and make better choices as Love dictates, for love is the only goal and the only proof, of spirituality.
I am at your service, my friends. If you need clarification, just ask, provided our host allows us to continue this apparently oblique conversation on security.
“The Way goes in.” –Rumi
Teens launch denial of service attack on Trump rally:
https://www.sfgate.com/lifestyle/article/TikTok-Teens-and-K-Pop-Stans-Say-They-Sunk-Trump-15355108.php
Singular Nodals • June 21, 2020 8:29 AM
@rrd
Still, one must remember that the drowning doesn’t cling to themself.
rrd • June 21, 2020 8:46 AM
A couple of notes:
- Aldous Huxley’s book “The Perennial Philosophy” covers these ideas quite well, so far as I’ve heard significant chunks of it so far, if anyone is interested in a rather broad survey of the different schools of spiritual/philosophical thought and how they are all really pointing in the same direction: loving service. I can’t state categorically that all his thoughts are perfectly accurate, but Huxley really “got it” and did the work to demonstrate it across epochs and cultures.
- People who are in bin #3 can and do work to improve the world and themselves; in fact, it’s a requirement to be ready and willing to jump off and go full bin #1. People who take pleasure exerting their vices are far less likely to listen and accept this Message of Love once it comes to them (and it does, in various guises, to us all).
- The Law of Karma
Our sense of morality (the 7th, after the 6th: the sense of balance) is the essence of what places us above the rest of creation. It is so important that the universe creates feelings of unease (guilt) when we wrong others. This is the universe’s feedback mechanism to nudge us towards choosing creating happiness in others rather than its opposites. As well, this is also why it feels so amazingly good to selflessly help someone else, especially if they are a stranger. The Law is that we reap (the feelings) what we sow (from our treatment of others), and this is why Trump is so utterly miserable while the Obamas are living a sublime happiness. Of course, Trump can change course and become a bearer of light, but his moral inertia makes it very unlikely that he will care to comprehend and accept this Message of Love. What is important is that, for all of us, “there’s still time to change the road you’re on.”
- Free Will
Another important concept is that our free will is sacrosanct to the universe, so we are as free to emulate an enlightened Master as we are to Pol Pot. That said, what the universe “would like” is for us to live in peace and mutual security and comfort in order that more human beings can have more quality time to enjoy this vast but fathomable creation.
The importance of understanding this is that all our free wills are equal by default, so ten Nazis have the same basic power as ten good people. Contemplating this deeply, one realizes that those of us NOT inclined to oppress others or pollute the Earth for short-term monetary profit MUST band together to ensure that those energetic bastards don’t acquire the power to harm others with their hateful ideologies. And if they have acquired it, we must relieve them of it while doing the least possible harm.
So, yes, we must love everyone, but discernment requires that our love for the oppressed must override our love for the fascists in how each are treated. But never, ever hate, for hatred only leads to further darkness. And be careful with anger because righteous anger is required at times (those fellow officers who didn’t do anything for 8:46), but untempered anger (rage), like hatred, only leads to further darkness.
Peace be with you all, and have hope that it is truly darkest (and coldest) before the dawn. And the dawn is coming. Only those who detest goodness deny that it is happening as we speak all across the Earth. The fascists shall be excised — hopefully by turning their own face towards the light — but one way or the other. And it will not be easy, but why would the cleansing of our societal moralities be any easier than it is to accomplish on a personal level?
Always remember, it is nonsensical to think that a moral society can be created by an immoral populace, thus it all starts with each and every one of us.
myliit • June 21, 2020 9:18 AM
@vas pup
“… As I recall many years ago I’ve conversation with riot control officer, and he told me that is was discovered by observation crowd from above you could intercept the moment when peaceful crowd is about to transfer into violent mob: it like several small vortex observed from the top. …”
Of course, agent provocateurs may, or may not, be involved. In other words, the cause of violence might not be knowable in real-time, but might be known later, if and when, a credible investigation takes place.
In the meantime, imo, you raised some good points.
myliit • June 21, 2020 10:22 AM
@Lt. Col. William Kilgore, Clive Robinson
“Does anyone have a better explanation guys?”
I don’t know and I defer to Clive.
OT, iirc, WhatsApp might have been used to deliver malware. iirc, the recipient may have not needed to read the message (Khassoggi, Citizen Lab, Bezos, and so on).
Wired has a recent article about Signal. https://www.wired.com/story/how-to-switch-to-signal/
Other useful references may include:
Stuff from Barton Gellman or his book Dark Mirror
Bruce Schneier’s books, articles, or blog
https://blog.filippo.io/securing-a-travel-iphone/
Miicah Lee, for example, https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/
Jillian York https://jilliancyork.com/2017/08/03/i-dont-want-to-give-out-my-phone-number-a-gendered-security-issue/
Singular Nodals • June 21, 2020 11:20 AM
@rrd
nonsensical to think that a moral society can be created by an immoral populace
Why is it not equally nonsensical to presume an immoral person can create a moral person of themself ?
myliit • June 21, 2020 12:59 PM
@name.withheld.for.obvious.reasons
“… In all likelihood the time that this [ when law enforcement organizations and the military will have to decide what side they are on ] will take to become apparent is smaller than we’d think. Confidence in our institutions to do the right thing has not been born out by the evidence. What was once thought invulnerable to corrupt influence, some vaunted institutions of the United States, have fallen faster than a dead sparrow from a tree.“
As a practical matter, I’m trying to pace myself, eat well, drink well, have some fun, get enough sleep[1], stay healthy, exercise, etc., and do what I can to help sound an alarm in an ongoing and sustainable[2], albeit perhaps not a far-reaching, way.
I have been somewhat guardedly optimistic in the last two, or so, weeks. At the same time, I don’t want to underestimate our President, his handlers, his enablers, his brain trust, the power of the executive branch, his or its budget, etc., during a long hot summer to icy winter timeframe.
[1] I finally picked up “Why We Sleep”
[2] I hope ( I also enjoyed picking up “Dark Mirror” )
Alejandro • June 21, 2020 2:45 PM
Too much politics in this blog anymore. Blah, blah, blah….
vas pup • June 21, 2020 3:05 PM
@Alejandro.
Everything is politics now, but I’ll agree with you that blog should be concentrated more on security in relationship to politics, not pure politics as you stated.
vas pup • June 21, 2020 3:17 PM
Unusual application of AI:
https://www.bbc.com/news/av/technology-52994075/the-ai-powered-app-for-buying-clothes-online
You may ask: what is security angle? Technology comes from military related application for topography, and for privacy angle hackers could actually xref db of those body images and social media.
myliit • June 22, 2020 5:44 AM
https://gvnshtn.com/maersk-me-notpetya A long read
“Maersk, me & notPetya
Maersk is the world’s largest integrated shipping and container logistics company. And I was massively privileged (no pun intended) to be their Identity & Access Management SME, later IAM Service Owner and played a role in the recovery and cybersecurity response to the events of the well-publicised notPetya malware attack in 2017. I left Maersk in March 2019, and as is customary I wrote the obligatory thank you and goodbye note. But there was always a lot more to add. A story to tell. …”
myliit • June 22, 2020 8:19 AM
When people say Tik-Tok is a security risk, for young people or in general:
) Is the risk greater than Facebook’s risk?
) What is the risk?
) Is there a way for politically active people to mitigate the risk?
Also
https://www.businessinsider.com/donald-trump-2020-campaign-app-hoovers-user-data-2020-6
“Trump’s 2020 campaign app hoovers up way more user data than Biden’s, including contacts, location, and Bluetooth …”
Clive Robinson • June 22, 2020 9:51 AM
@ myliit,
With regards the
- “Maersk, me & notPetya”
Article. It starts of OK with,
- “Yes, it is inevitable that you will be attacked. It is inevitable that one day, one will get through. And obviously, you should have a solid contingency plan in place in case of the worst.”
But in practice this is a “motherhood statment” that states the obvious to those with no experience of the environment.
Reworded it says,
- You are going to be successfuly attacked so plan to mitigate.
Which I’ve been telling people for getting on for a third of a century one way or another, and others for probably another quarter to a third of a century longer.
Another thing that started back when I was making myself less than popular with accountants and developers and various “wet ink MBA’s”, and is still as true today as it’s always been,
- What ever the question is you can be reasonably certain that The Answer is not Microsoft.
Something the author of the article does not appear to realise is as true now as it was before he was doing the “rug rat” thing. Unfortunatly if you look at his six points you will find they revolve around Microsoft products such as “Azure AD SSO” with a spurious reason given for it’s use, which is actually inadvisable from a more indepth security point of view.
He also talks glibly of “MFA”… Sorry girls and boys, but MFA is in many ways a failure in practice and due to “cognative imparment” of various vested interests is likely to remain so long after I’m just dust blowing in the wind. Another issue is it is “an auditor’s checkbox item”, that accountants and users do not like. Which is why some auditor’s accept two passwords to be “MFA” with others even accepting “secret account names” as a “something you know”[1]…
For MFA to be of even a small use these days it must have as it’s base factor,
1, Something you know.
This should be with around 60bits of entropy as a minimum to prevent guessing attacks. Preferably it also contain some other something you know that is geo/temporal in nature.
For a whole host of reasons fixed or slow change,
2, Something you are.
Should be avoided at all times. If anyone talks to you positively about “biometrics for security” point them politely to the exit for your own safety and sanity. There’s no reason to explain it’s just like Dijkstra[2] and his infamous letter and later comment about what is effectively “cognative impairment”.
3, Something you have.
Humans have a problem, we are not designed to “remember precisely” thus nearly all authentication systems are crippled by this, with some incapable of memorising four random digits for their lugage lock…
Thus the future for authentication relies on “high entropy, high communications security tokens that are immutable and have temporal and geo locks in them” as a minimum. Further these tokens must always put the user into the communications chain between the token and any communications or security end point.
This is something I’ve been saying since the late 1990’s and here we are effectively a quarter of a century later and still people are thinking that “They can cheat the requirements” and not have failures…
In that quater century technology has advanced to the point you can “lock a token to a person” in ways other than hard biometrics and I would add this to the current specification.
If you can find such a secure token then you would be lucky as the few “pretenders” I’ve seen all have vulnarabilities at the human end of thing due to trying to make a token “user friendly”.
I could go on about others of the authors points but the point to remember is he is writing from what I would consider at best “a blinkered position”.
[1] Yes there are ways you can use “secret usernames” but I realy would not advise it. Because you effectively end up with a “Two Password” system with problems. Some years ago I built a prototype using two security tokens I’d aquired. Asside from the ID syncing problem you ended up pushing a button on one token, then typing in the string of a near unreadable screen, which takes time. Then you press the button on the second token to get the equivalent of the password. The problem is that the two button presses are not in the same time slot, and even if you pressed the two buttons together by the time you had typed things in you were in a different time slot to the server… Opening out the time slots is inadvisable as it reduces security by increasing the chance a replay attack will work. Whilst not insumountable problems you end up with a cludge that is not nice for either the user or security.
[2] Edgar Dijkstra: Go To Statement Considered Harmful 2 Aus: Communications of the ACM 11, 3 (March 1968).
myliit • June 22, 2020 10:54 AM
Oops, I meant to include K-Pop fans for the above analysis.
In other words, how can the Z generation[1] and others, worldwide, try to protect themselves, or minimize damage, for their political stance(s) from the prying eyes of corporations or governments?
Worldwide, let’s try to neither have our speech chilled, if or while possible, nor be chumps for crap.
https://www.washingtonpost.com/technology/2020/06/21/tiktok-kpop-trump-tulsa-rally/
https://www.wsj.com/articles/how-tiktok-users-targeted-trump-rally-11592795368
[1] https://www.theguardian.com/us-news/2020/jun/22/gen-z-hate-millennials-handy-guide-generation-wars and from Wikipedia on Generation Z
Generation Alpha
Generation Z
Millennials
Generation X
Baby Boomers
Silent Generation
Greatest “”
Lost “”
imo, the above naming convention, for generations,sucks, sort of sucks or at least is hard to remember. Do any other countries use it or something like it?
rrd • June 22, 2020 11:31 AM
@ S N
Why is it not equally nonsensical to presume an immoral person can create a moral person of themself ?
- We don’t create anything. Not matter, not energy (that’s just fundamental physics). We have learned, however, how to transform one thing into another. That’s what we’re doing every day, all of us, even if it’s just carbs to fat or whatever into ATP.
- We are not immoral from birth. We are “part-bad-part-good” (quoting myself from above), and we must use the part-good part to defeat the part-bad part by using our sense of morality and our minds to choose better and better attitudes and behaviors.
Humans can do evolution consciously, as you see in our BLM protests across the world. Humans can also choose willful ignorance and cling to the age-old attitudes and behaviors that have kept us in competition with each other since time immemorial, at great cost to our soceities’ harmony and the Earth’s environment.
Finally, we get everything we need from our environment by choosing to interact with it (eg: selecting and eating food), and spiritual development is just like that but at a far more subtle and human-only level. Because spirituality is purely voluntary, we must utilize our free will to begin the journey and persevere upon it.
The vice of stubbornness keeps people from wanting to change. Personally, I find that nearly all traditions of the world are just excuses for people to continue acting badly towards people that they consider “other”. I mean, look at all the evil fools trying to keep the hateful “ideals” of the American Confederacy alive and kicking, so to speak.
JonKnowsNothing • June 22, 2020 1:39 PM
@All
re: Future Famine, Perishable Supply Chains
Several interesting reports, each about COVID19 outbreaks, with some interesting side aspects for the upcoming hunger season.
The reports are straight forward details about conditions in meat packing plants with impacts in USA, Germany, China.
Basic:
A lot of folks, standing shoulder to shoulder, for hours,
working at high speed, living in over crowded conditions
had large outbreaks of COVID19.
- 30,000 meat-plant workers across the US and Europe have been infected with the virus and more than 100 have died
- [In USA] a supply chain crisis involving at least 27,000 infections and 86 deaths
- Germany’s coronavirus reproduction or R rate leapt to 2.88
- One company in Germany, accounted for a mass coronavirus outbreak that has infected more than 1,500 of its workers. 7,000 people have been sent into quarantine. 21 people in hospital, 6 in ICU, 5 from meat packing plant, 2 on ventilators
In USA, millions of farm animals have been culled and the cull continues. Slaughter houses (abattoirs) work on JIT/LEAN principles too. The business model expects a steady supply of product (cows, chickens, pigs etc.) and the farming-contract-industry is set up to provide X-number of animals each day into the pipeline. The growth-charts and timing are all pre-determined and there isn’t any flex in the system: the old stock has to go so the next group can move up.
Any disruption causes the Caterpillar Effect Traffic Jam, all down the supply chain and ripples upward into markets, restaurants, consumers. Not only is the supply chain disrupted the food source is destroyed because there isn’t anything you can do with that many animals in a short time.
One farmer built his own mobile killing unit to handle the job and takes it to neighboring farms when their corporate-contract-holder tells them to run an cull.
That food is unrecoverable. Every food type grown requires X-Time to grow to harvestable levels. Grains, fruits, meats, fish, birds all take various time frames. As urban consumers we are used to seeing apples in the stores every day, but if you have an apple tree you know there’s only one harvest period for that tree and it comes once a year. Apples in the markets outside of harvest periods are storage apples. Fresh meats, fish, vegetables have a more fragile production chain.
The millions of culled pigs, cows, sheep and chickens cause long term ripples in the food chain.
So, we have 2 perfect storms in a micro-cosmism:
Huge localized explosions of COVID19 with resulting economic damage
Huge impacts on the food production and delivery system.
In the Age of Herd Immunity Policy Death Rates, an interesting method of tracking some deaths is through the sending of funeral or condolence flowers.
[Flowers for] wedding orders had dropped by 80% since the pandemic began, the business had more than recouped its money from customers sending flowers instead of visiting older relatives, and as a condolence gift from those unable to attend smaller funerals.
A newer aspect can be seen in how countries are reacting to outbreaks affecting their supply chain. This might be pure-political-maneuvering as there are pre-exiting trade antagonisms. However, most countries really cannot “throw away” entire food supplies even to support locally grown producers. China has suspended imports from specific companies in USA (of poultry), and Germany (of pork products), both companies involved in huge COVID19 outbreaks. China is investigating every possible source of their current Market centered outbreak, including aspects of the food chain, transport system, shipping containers.
note: There is no indication that food or frozen food transmits COVID19.
ht tps://www.theguardian.com/environment/2020/jun/22/poor-conditions-in-meat-plants-fuel-covid-19-outbreaks-say-unions
ht tps://www.theguardian.com/world/2020/jun/22/meat-plant-must-be-held-to-account-covid-19-outbreak-germany
ht tps://www.theguardian.com/world/2020/jun/22/china-suspends-us-poultry-imports-from-covid-19-affected-business
ht tps://www.theguardian.com/business/2020/jun/21/smashed-from-mothers-day-flower-shortage-sweeps-australia-during-covid-crisis
ht tps://en.wikipedia.org/wiki/Just-in-time_manufacturing
ht tps://en.wikipedia.org/wiki/Lean_manufacturing
ht tps://en.wikipedia.org/wiki/Cascading_failure
It has been found that individual incidents (such as accidents or even a single car braking heavily in a previously smooth flow) may cause ripple effects (a cascading failure) which then spread out and create a sustained traffic jam
(url fractured to prevent autorun)
myliit • June 22, 2020 4:26 PM
An opinion piece about our President:
https://www.nytimes.com/2020/06/21/opinion/trump-autocrat-barr.html
“America’s Aspiring Autocrat Is in the Home Stretch. How Worried Should We Be?
Beware a despot when he’s cornered.
[…] On Thursday, a poll conducted by Fox News (Fox!) showed him trailing Biden by 12 percentage points; the Tulsa arena hosting his comeback rally on Saturday was two-thirds empty. The man is ripe for the ultimate “Downfall” video. Especially given his recent sojourn in an actual bunker.
Yet it’s precisely because Trump feels overwhelmed and outmatched that I fear we’ve reached a far scarier juncture: he seems to be attempting, however clumsily, to transition from president to autocrat, using any means necessary to mow down those who threaten his re-election.
Whether he has the competence to pull this off is anyone’s guess. As we know, Trump is surpassingly incapable of governing. But he has also shown authoritarian tendencies from the very beginning. For over three years, he’s been dismembering the body politic, institution by institution, norm by norm. What has largely spared us from total evisceration were honorable civil servants and appointees.
Trump has torn through almost all of them and replaced them with loyalists. He now has a clear runway. What we have left is an army of pliant flunkies and toadies at the agencies, combined with the always-enabling Mitch McConnell and an increasingly emboldened attorney general, William Barr. …”
vas pup • June 22, 2020 5:23 PM
Japan’s coronavirus supercomputer named fastest in world
https://www.dw.com/en/japans-coronavirus-supercomputer-named-fastest-in-world/a-53901703
“The Fugaku supercomputer topped the world rankings at once for the first time in history. It has been put to work creating models to fight the coronavirus pandemic, but its designers now have bigger plans for it.
The Fugaku supercomputer, developed by Japan’s Riken scientific research center and firm Fujitsu, is 2.8 times faster than the US-developed Summit supercomputer that is now in second place in the Top500 supercomputer rankings.
Japan’s computer also topped the HPCG, HPL-AI and Graph500 listings, “for the first time in history as a single machine simultaneously,” tweeted Riken director Satoshi Matsuoka.
All supercomputers run over 1000 times faster than a normal computer.
====>Naoki Shinjo, corporate executive officer of Fujitsu, said he hopes that: “Fugaku will show itself to be highly effective in real-world applications.” Shinjo added he hopes the supercomputer will play a role in forming Japan’s Society 5.0 project – a technology-based society pulling together AI, big data and the internet of things to develop society.”
vas pup • June 22, 2020 5:34 PM
Murderer solves ancient math problem and finds his mission:
https://www.dw.com/en/murderer-solves-ancient-math-problem-and-finds-his-mission/a-53895884
Extract to get your attention and justification on this respected blog:
“Ancient mystery solved
Using only pen and paper, Havens tinkered for a while with the problem from number theory involving so-called continued fractions, over which the ancient Greek mathematician Euclid had already racked his brains.
A continued fraction is — to put it simply — a mixed fraction in which the denominator once more has the form of a mixed fraction, with this structure continuing towards infinity. The fractions are thus linked together. However, continued fractions are not used for simple arithmetic, but to solve the approximation problems with which one approaches a result in complex calculations.
========>This number theory is used, for example, in modern cryptography, which is of decisive importance today in banking and finance and in military communications.”
Read the whole article if interested in subject.
name.withheld.for.obvious.reasons • June 22, 2020 10:15 PM
@ Alejandro,
Too much politics in this blog anymore. Blah, blah, blah….
It may well be…but I will argue that what at this moment in time is a place we have not been before in this country. Not to be hyperbolic or guilty of fearmongering; institutional systems in every corner of the U.S. are under duress. To state it simply, if you are a scientist, you stand accused of practicing witchcraft (see Dominion Theory/Theocracy).
We are on the cusp of losing the ability to speak analytically, critically, or post articles using facts and objective observations, let alone opinions.
I have been warning those here that the EARN-IT act that has been taken up in the U.S. Senate has an alarming technical component that would circumvent all secure communication in use today. What is not understood, this law will also open the door for realtime censorship and government oversight of all communications. This is the political class using technology to undermine the security of everyone. Hum, seems politics is heavily involved in technologically based security. And, no one seems to grasp the scale and scope of the outright seizure of all communications, this is prior restraint of speech at an Orwellian, if not worse, level. And this is technology used in a political context to suppress expression and subjugate human rights.
Governmental institutions and political actors are targeting communities that are similar to this one, if not this one. The direct assault on journalism stands as the most probelmetic issue for anyone interested in publishing to date irrespective of the topic or subject matter.
One word: Kleptocratic-theomonic-fascism
SpaceLifeForm • June 23, 2020 2:23 AM
@ vas pup
Interesting story. The guy should be paroled.
I never embraced Continued Fractions, because I was always running out of paper and ink. They are definitely interesting.
I used to have 25 digits of Pi memorized, but now I only can recall 15 digits (3.141592653589793), which, interestingly, is what NASA uses.
I dropped 10 digits because I took the advice of Einstein. Never memorize something you can look up.
https://www.jpl.nasa.gov/edu/news/2016/3/16/how-many-decimals-of-pi-do-we-really-need/
myliit • June 23, 2020 5:16 AM
@Alejandro, Andy Fletcher
“PS: myliit’s suggestion of wifi calling (to completely circumvent cell signals) sounds pretty good to me. Actually, very good.”
I think the credit there may belong to Andy Fletcher, although I tend to think of cell signals as a potential, or actual, adversary in my pocket and as something I spend time worrying about, like I worry about wifi, too.
It may not be below me, however, to take credit for other people’s good ideas.
Clive Robinson • June 23, 2020 5:42 AM
@ SpaceLifeForm, vas pup,
I dropped 10 digits because I took the advice of Einstein. Never memorize something you can look up.
Sometimes you can not help it…
I memorized Pi as “3.1415926 5358 9793 2384 6264 3383 2795 and 0” and quite a few aproximation fractions. Not because I particularly wanted to –other than the first group– but like a telephone number you have to keep dialing, from typing them in at a keyboard… This was not some form of Chinese water tourture, but whilst developing and testing a large integer math library[1]. The fact that you can get Pi to quite large numbers of digits[2] as well as a whole number of equations means it is useful for testing.
Oh and don’t forget “Jackson, Jackson, carried a pair of fourty fives till he was ninety” it’s a bit more useful 😉
[1] The reality of all computers be it the ALU or some Maths CoPro is that underneath they all use integer maths and “cheat tables” we more politely call “lookup tables and interpolation”. Just like some of us “older folks” did at school with “Trig and log tables” that came in a nice neat printed booklet for around one shilling and sixpence… They only thing that was not integer if you could aford one were slide-rules.
[2] You can now get a web page with the first million… But it used to be printed to fifty or more in the more expensive tables. Oh the 50th decimal place digit of Pi is also a “0”, and the first “double” is at decimal places 24 and 25 and is “33” there are a few other weird things and structures. Staring at the digits of Pi is like looking for “Secret messages from God in the Bible” or similar in the likes of Shakespeare. Like “Staring at clouds for faces” it’s more or less a pointless excercise unless you are interested in the functioning of that lump of porridge / oatmeal between our ears 😉 So if anyone has a yen to knock themselves out,
myliit • June 23, 2020 6:40 AM
Perhaps file under: “Shoot the messenger of bad news”, “Discount scientists”, “Muddy critical thinking skills”, etc., … Let’s try to hang in there.
“Amid threats and political pushback, public health officials are leaving their posts
Nichole Quick stepped down as chief health officer in Orange County, Calif., after facing threats
For Lauri Jones, the trouble began in early May. The director of a small public health department in Washington state was working with a family under quarantine because of coronavirus exposure. When she heard one family member had been out in the community, Jones decided to check in.
The routine phone call launched a nightmare.
“Someone posted on social media that we had violated their civil liberties [and] named me by name,” Jones recalled. “They said, ‘Let’s post her address. . . . Let’s start shooting.’ ”
People from across the country began calling her personal phone with similar threats.
“We’ve been doing the same thing in public health on a daily basis forever. But we are now the villains,” said Jones, 64, who called the police and set up surveillance cameras at her home.
Public health workers, already underfunded and understaffed, are confronting waves of protest at their homes and offices in addition to pressure from politicians who favor a faster reopening. Lori Tremmel Freeman, chief executive of the National Association of County and City Health Officials, said more than 20 health officials have resigned, retired or been fired in recent weeks “due to conditions related to having to enforce and stand up for strong public health tactics during this pandemic.” …”
Sherman Jay • June 23, 2020 12:50 PM
Once again we are reminded (though you already know) that Big Brothers (both corp and gov’t) are watching you everywhere you go.
ht tps://www.techdirt.com/articles/20200620/13284744749/one-worlds-largest-web-tracking-companies-leaks-tons-personal-info-unsecured-server.shtml
Also, see John Oliver’s video on ‘facial recognition’
spread the word of our concern, it is very real.
Sherman Jay • June 23, 2020 1:14 PM
I want to thank @myliit for their post. It was good:
• June 22, 2020 8:19 AM
When people say Tik-Tok is a security risk, for young people or in general:
ht tps://www.businessinsider.com/donald-trump-2020-campaign-app-hoovers-user-data-2020-6
But, as I tried to read the article, their site blocked privacy badger (which blocks spyware/tracking) on my firefox browser saying I had to either allow all their tracking/spyware ads or create a premium account.
This is frequently the type of choice offered to us:
let us abuse you
or
let us abuse you another way
or
give up and go away if you don’t want to be abused by us (businessinsider)
To quote Monty Python ‘run away, run away, run away’
myliit • June 23, 2020 2:32 PM
@Sherman Jay
re: iOS browsing with Safari, Brave and Firefox (usually Focus)
I tend to browse using Safari, javascript and cookies off. Period, pretty much. Although i still try to delete everything, history, stored stuff, etc., and reset advertising id Relatively frequently. Also reboot.
For Business Insider, YouTube, Twitter, etc., I tend to use the Brave Browser “locked down” except for scripts enabled. Occasionally with cookies. Occasionally with fingerprinting allowed (watch democracy now). Still try to delete everything periodically.
Clive Robinson • June 23, 2020 4:51 PM
@ Sherman Jay,
… saying I had to either allow all their tracking/spyware ads or create a premium account.
Most sites fall into one of two types when you see that,
1, Those that let you browse with both cookies and javascript off and an older browser identifier string[1].
2, Waste of space sites often from more traditional magazine and newspaper publishers who have resorted to an online presence by “click-bait” they expect you to pay for[2].
So mainly “worthwhile” sites and “waste of space ” sites, and the harder they try to stop you the more likely they are to be a “waste of space” site, Jeffctively little more than bad con-artists.
There are one or two worthwhile sites that do put up solid barriers, but they are very few these days.
I suspect in the very near future when the US stock exchange goes on the inevitable run[3] people will finally accept that “internet marketing” works no better than stuffing flyers in newspapers used to do last century. Also the alleged “targeting” by the collection of PPI is likewise worthless except to criminals be they traditional or cyber as private enterprise or Government agency.
Thus the chances are that there will also be a glut of web designers and the like scrabling after tiny crumbs bidding against those in second and third world economies for something to put in their “Rice Bowl”…
History has a myriad of examples as to what is likely to happen. I guess a question is what will be the “legacy words”? After all “Sabotage” comes from the French name for a clog, thrown by displaced workers into machines to break them. What will contract web designers have to “rage at the machine” I guess only malware, something tells me “malware” is not going to form the root of a new verb that trips lightly off the tongue…
[1] I don’t know if their “web developers are, useless / lazy / can’t be bothered or just plain pragmatic. But the net result is that although the “hamburger menues” don’t work you do get to see the content that interests you at a much much faster download speed… I’ve also found that using an older PC with no hard drive and a Linux or equivalent bootable CD from a few years back gets you most of the “worthwhile” sites.
[2] As a friend found spending money on a so called “Premium account” still does not stop the torrent of adds and trackers, so just don’t hand over the money. As these sites trade on a name and pay tupence a line click-bait journalists, the content has often been taken from somewhere else where you don’t need to be “subscribed” in any way.
[3] All stock markets are actually measures of debt that has to be paid by society. In essence the shares are promissory notes of no fixed or redemable value. You gamble that the shares will like black tulip bulbs go up in value for no real reason and you will be savvy enough not to get left holding worthless paper when they do not meet expectations. The US has something like 25% unemployment thus purchasing of anything other than necescities is out. The industries are not only not selling they are not manufacturing so they are not earning and are in fact loosing money due to servicing excessive borrowing. Because the Fed has just pushed the “hyper-print” button on the fiscal printing presses the US stock market is basically pumping fake money from the Fed into multi-billionairs pockets. The problem is thatvfake money is debt the US tax payer will have to cover for the next few generations of children… Obviously the Fed will have to hit the “off” button at some point, but probably not untill the billionairs have shifted the money out of the stockmarket by selling to those who are daft enough to buy their worthless script at premium prices… This has the potential to make Finacial Crisis 1 and 2 look like a broken plastic piggy bank in comparison. But the one thing you can be certain of it’s the ordinary US citizen that’s going to get hit twice. Firstly when the savings for their kids college or their retirment funds become worthless. And secondly when they and their children, grand children and great grand children work almost as slaves to pay the US deficits off…
SpaceLifeForm • June 23, 2020 4:57 PM
@ Clive
Interesting how you grouped the digits.
I do not know why I grouped by five.
JonKnowsNothing • June 23, 2020 6:34 PM
@Clive @Sherman Jay
re:
spending money on a so called “Premium account” still does not stop the torrent of adds and trackers
I am one.
In the halcyon days when the Internet was Good and companies touted “don’t be evil” as corporate mission statements, I paid M$ for a “premium no ads” version of their email.
Little did I know, that they hoovered up all the data/metadata/trackers/ID-Tags and sold them to anyone who would pay a penny.
I know a bit more now.
Wesley Parish • June 24, 2020 1:42 AM
@Clive Robinson, SpaceLifeForm, vas pup
re: pi
Stephen Baxter in his novel Xeelee Redemption points out that pi is dependent on velocity, meaning that the nearer you get to c, the speed of light, the shorter the measurement of the diameter of the circle in comparison to the circumference proves to be. It’s in ch 40, and kind-of shook me up when I got to it – but at near light-speed, pi is not 3.14 etc, but closer to 5 000 000.000 000 …
Oh, and in relation to the Squid, his Xeelee take the form of squid, with tentacles and wings, though of condensed matter – pre-expansion-phase, somewhat before the Dark Age of the Universe. I wonder if @Bruce has read him, and if so, is he a fan.
myliit • June 24, 2020 5:36 AM
LEOs’ leaks
https://www.zdnet.com/article/twitter-bans-ddosecrets-account-over-blueleaks-police-data-dump/
“… On Friday, last week, the group published 296 GB of data they claimed to have received from the Anonymous hacker collective.
The data dump, dubbed BlueLeaks, contained millions of documents that were stolen from a Texas company named Netsential that provided web hosting services for various US law enforcement entities. …”
https://www.wired.com/story/blueleaks-anonymous-law-enforcement-hack/
“… Who’s Affected, and How Serious Is This?
DDOSecrets counts the data of more than 200 state, local, and federal agencies in the leak. Some of the agencies with the most sheer quantity of information in the leak’s dataset do appear to be intelligence fusion centers, like the Missouri Information Analysis Center, the Northern California Regional Intelligence Center, the Joint Regional Intelligence Center, the Delaware Information and Analysis Center, and the Austin Regional Intelligence Center. The group also includes a handful of regional FBI Academy alumni associations and Infragard, a San Francisco–based group devoted to sharing information between the FBI and the private sector.
For those organizations and their members and employees, the effects could in some cases amount to more than mere embarrassment. The NFCA memo obtained by Krebs on Security warns that leaked files include “highly sensitive information” such as bank account routing numbers and other personally identifiable information, as well as images of criminal suspects. DDOSecrets’ Best says that the group spent a week prior to publication, however, scrubbing the files for especially sensitive data about crime victims and children, as well as information about unrelated private businesses, health care, and retired veterans’ associations. …”
also
https://www.schneier.com/blog/archives/2020/06/identifying_a_p.html#c6812752
name.withheld.for.obvious.reasons • June 24, 2020 11:07 AM
Assange Charges and Catch 22
Forty years of the sentencing totaling one hundred and seventy five years consists of charges related to the publication of the rules of engagement that was leaked to substantiate the ‘Collateral Murder’ video and how the U.S. military violated those rules.
There are ironic twists, devoid of any humor, revealing three legal issues requiring notation. The first, Rules of Engagement should not be classified or a mystery. In fact, the publication of these rules might will best be served by giving them to those that will be subject to them. Or is the reason these rules are classified is that it includes U.S. persons in the rule set (argumentative statement).
The second ironic WTF issue is that in order to establish the criminality of the classified video, it was necessary to tie the leaked ‘Rules of Engagement’ to the leaked video material. And lastly, the fatal shooting of civilians and a Reuters Journalist are at a minimum second degree manslaughter. The name of the video is deceptive, this is not ‘Collateral Murder’, as there were no identified enemy combatants. The killing of the journalist from Reuters, in the context of the recorded video, evidences a war crime.
name.withheld.for.obvious.reasons • June 24, 2020 11:33 AM
At the Federation of American Scientist, Steven Aftergood has published a brief article (hxxps://fas.org/blogs/secrecy/2020/06/credibility-crisis/ with references to a new report that is most concerning. A quote from the article:
President Trump may or may not understand such rudiments of national security classification. But by twisting classification policy into a weapon for political vendettas, the President is discrediting the classification system and accelerating its disintegration.
Seems there is a crisis in the NSC respecting classification systems and the processes surrounding the agencies.
name.withheld.for.obvious.reasons • June 24, 2020 11:14 PM
@ jonknowsnothing,
@ Clive, @ Sherman Jay
In the halcyon days when the Internet was Good and companies touted “don’t be evil” as corporate mission statements, I paid M$ for a “premium no ads” version of their email.
Back in the days of dialup, there was a company called Bluelight that provided services for K-Mart (Knows – Much About Revealed Traffic) and their dialup gateways included a server side application that allowed click-streams or data to be tunneled using port 80 from a client system. In essence, client side data of all types could be off-loaded to their gateway server for whatever purposes.
I thought I’d out smart them and pull the server side stub (the executable invoked on the server to process traffic). Pulled down the stub and emulated their process for initiating client-server connection. Low and behold, someone at Bluelight had done their homework. The server-side executable stub included a header and a custom code segment that needed to be decrypted to execute. So it was the kernel invocation of the exec using an encoded exec header. In other words, the kernel on the server needed to be duplicated or I had to have the code that was used to modify the exec system call. The most interesting feature was the communications channel across port 80 (stateless) provided a virtual network stack encapsulated in HTTP and the traffic was encrypted between hosts, E2EE, clever.
Later at a SANS conference approached the presenter with the information. Walked up, just peered at the laptop screen as it was up and on. First thing I noticed was the Bluelight connection icon on the desktop. Decided to turn around and let the professional deal with the situation. Not the place or the time to let someone know that their system was exfiltrating all kinds of data to the service provider. Also of note, the Bluelight privacy policy reflected the type of activity that was going on. Very forward looking, it was early 1998 and I’d stumbled onto ISP-based spyware.
name.withheld.for.obvious.reasons • June 24, 2020 11:26 PM
@ Sherman Jay, @ myliit
For scrapping information from websites, I download the raw page content, sans graphics and included code, using lynx, wget, or curl. If I am paranoid about the content, I dump the source file to standard out using OD to process the data. Yes, looking a websites using OD is not ideal, in fact it is possibly the furtherest thing from the process one might imagine. Sites that I know to be more benign I process the source file using less, or more. Where I need more flexibility, vim is pointed at the source file.
Here come the comments…and yes, that is my pocket protector and slide rule.
Clive Robinson • June 25, 2020 1:21 AM
@ Name.Witheld…,
Here come the comments…and yes, that is my pocket protector and slide rule.
Never had a pocket protector, but my first slide rule that I still use I inherited from my father.
Now having got that out of the way 😉
Browsing by “scraping HTML-Text only” then “sanatising by filters” is not foolproof but it goes a long way beyond what most malware can do to infect you.
The next problem is of course how you display it… More or Less are fairly safe if you use them correctly, but are you actualy using them or something emulating them in some way?
Thats why some many years ago now I wrote my own pager and other low level text tools that “do less than Less and no more than More, in fact less”.
These run on a microcontroller board that is “Dual serial headed” as “an inline unit” to which I connect a “head display and keyboard”.
Not practical for non command line users, and those not used to what were once called “intelligent terminals” that were the forerunners by a long way of “thin clients”. But it alows you to get down and dirty at the byte level to pull out things that should not be in a 7bit ASCII plain text or CSV file.
But “users will be (ab)users” it’s easy to see that a “shell script” or other “interpreted text” program will get through the process and if a user is not skilled enough to realise that and deal with things correctly then an attacker may get a toe hold…
I had a semi philosophical discussion a little while back with some one who thought that one way to solve the user = (ab)user issue was to have no text based program or control files, and user files only be some form of “rich text” based around a markup language… It took a little while for it to click with them that all such files are “interpreted” thus are program/control files.
Unfortunately there are a lot of people who do not think about security along the entire computing stack, and do not realise that what might improve security at one level may not work at another level, or worse reduce security at another level…
The result of course you end up running a continuous fire fight with those who think they have come up with some new “mouse trap” when all they’ve realy done is dug a hole in the ground, not just for themselves but any others.
Or to put it another way “A foolproof system is only as good as the fool using it.”, the practical realisation of which is,
- The more secure you make a system the less usefull work it can do.
Which sounds like like “a brick is more secure than a paperweight, and both are more useable than a secure system”. The reality is thankfully a bit more usefull and was what we had back in the old “Big Iron and Data-Proc” days where users had “constrained environments” to work in.
It’s why almost one of the first questions I ask is “How many of your users are not connected to the Intetnet?” followed by “Is the Internet needed in their job description?”
There is an interesting statistic that indicates that back in 1973 long before most had seen a computer or terminal was the time when office workers were most efficient. As others have noted the more computing power we give people generaly the less efficient they are in a whole number of different ways…
SpaceLifeForm • June 25, 2020 1:52 AM
@ name....
Timing. Secure channel. Trust. Authentication.
Or, maybe lack thereof for all of the above.
hxxps://twitter.com/alexadobrien/status/1275944888681422849
SpaceLifeForm • June 25, 2020 2:04 AM
There’s Now an Even Worse Anti-Encryption Bill Than EARN IT. That Doesn’t Make the EARN IT Bill OK.
SpaceLifeForm • June 25, 2020 2:23 AM
Zoom shots of dots in a Security theatre.
Luta Security has disengaged with Zoom
hxxps://twitter.com/k8em0/status/1275906180078919680
Zoom hires security executive from Salesforce as CISO
hxxps://www.cnbc.com/2020/06/24/zoom-names-salesforces-jason-lee-chief-information-security-officer.html
name.withheld.for.obvious.reasons • June 25, 2020 2:49 AM
@ Clive
Glad to hear I’m not the only one with “a” slide rule, confession, I have three. And a watch with a slide rule dial too. :^)
Not that it is odd, but yes three slide rules is odd, in number.
I use more practically, less has been so bastardized and with the curses and escape support for controls is a bit too “flexible”. I’m old school Clive, wrote and compiled my own versions (under DOS 3.1/3.11) of more, strings, dd, od, lp, and some other BSD utils in the mid 80’s so I could do network printing. Had a 10-2 network with 10 nodes in 1983, at home. Couple of the hosts were SLIP, UUCP, and some FIDO net gear. Cannot say much good about linux, it has moved so far from say Minix that I am thinking I should bring that back. An OS that has just the basic syscalls and not a kagillion libraries and kernel extensions. When is the last time you hand built an OS? Did a BSP for PPC about 10 years ago, including a port to dasboot.
I use what could be considered a three stage pipeline for data acquisition from web sites. First using tools that will process the network and protocol layer, irrespective of the data layer. For example, curl and lynx both support a raw mode that only performs the document load and stdout with tty sanitizing to 7bit redirection to a new file. Wget can be more problematic depending on connection and file types but there are times/sites that it is called for (used it a lot for gopher sites). After the stream is downloaded, depending on the source I will decide on the digest method. If it is unsafe, OD either from stdin or a file is then piped to stdout or a file…again based on source risk. There are six possible chains of action and there are multiple nodes from there. OD is the simple, a bit stream where the only boundaries are defined by the filesystem structure and inodes. So I treat the whole process as a bit stream.
Yes a long drawn out process but I minimize any processing that doesn’t satisfy the transport/protocol/translate/presentation at the simplest level. Makes me quite boring, but years ago I’d built tools to retrieve and filter data from search engines, data sources, and publication sites. Today, I am not that active with respect to on-line bit exchanges. My i386 40DX box is ten feet away, built in 1992 and still useful.
I have plenty of RT-boards and microcontroller sets that are tasked for various I/O purposes. Systems are designated, tagged, mapped, and logged on paper and electronically (not SNMP or syslog data though, I not writing my SNMP messages down on paper, that would be crazy). Enumeration is key–define the space and its contents.
Systems are staged in a layered approach; public, business, engineering, research, development and monitoring are logically and physically isolated by strict mappings (address space, network, VLAN, router, gateway, proxy, and WAN). Non-permissive FW rules IN/OUT irrespective of port origin. Of course very few inbound rules, intranet also router and FW with non-permissive IN/OUT rules. For a SOHO it is almost ridiculous, but I can live with it.
name.withheld.for.obvious.reasons • June 25, 2020 2:55 AM
@ SpaceLifeForm
No, say it aint so, not another piece of plutocratic/bureaucratic buffoonery.
As I have been reiterating, EARN IT is about prior restraint. Real-time censorship, so if you want to do a live feed to arsebook or ewetube it can be “controlled”. Thanks New Zealand.
Another manic morning…
Gilet Noir de Sauvetage Qui Peut • June 25, 2020 11:43 AM
@name.w…… @Clive R
Re: long arm of legacy equipment
It now becomes obligatory that each of your next posts consist of a detailed ASCII art depiction of your setup. Option to embed encrypted message in the image.
Sherman Jay • June 25, 2020 11:47 AM
@all
Another perspective on the evil new minion of “earn it”:
ht tps://www.techdirt.com/articles/20200623/17050744767/senators-launch-full-nuclear-war-against-encryption-bill-will-require-broken-encryption-putting-everyone-risk.shtml
Also, when sites block privacy badger with a big banner over what one really would like to read, the fix (with just a little work) in firefox is to use Menu > Tools > Web Developer > page source. The html code in the source tab that opens can be scanned for the text you want to read.
It is amazing how much crap this page html contains. Welcome to another tower of babel.
And, it is amazing how tech-ignorant most government officials are. (the phrase dumb as a box of rocks comes to mind) One of the few exceptions is Ron Wyden, Senator from Oregon, who tirelessly works for the benefit of the populace.
JonKnowsNothing • June 25, 2020 12:59 PM
re: Food Supply Chain and Economic Backlash
iirc(badly)
Some while back, before the economies started to re-open an economist reported that the worst economic recovery would be a “saw blade” jagged one where the economy would open/close/open/close.
It’s rather looking like this the “economic recovery” we are getting.
There are certain amplifiers within economies that reflect changes faster than others. The food chain has a mix of reactors but the problem in Germany is a good starting point for consideration of other reactors.
The reports are in scattered references:
- 06 22 2020 The owners of Europe’s largest meat-processing plant must be held to account for a mass coronavirus outbreak that has infected more than 1,500 of its workers, Germany’s labour minister has said.
…endangering not only its workers but also public health in general. Authorities in the region are considering introducing curfews in the vicinity in an effort to stop the virus from spreading further. The 17.93 million population of NRW, Germany’s most populous state, may have to be placed under a fresh lockdown
The developments have been described as a massive psychological blow for the state’s citizens who like elsewhere in Germany had been adjusting to an easing of lockdown rules in recent weeks…. [there is a] “level of fury” in the region.
- 06 23 2020 Germany put an entire district into a local lockdown for the first time since easing its restrictions in early May, after 1,553 employees at the Tönnies meat processing plant in the western city of Gütersloh tested positive for the virus.
About 360,000 people in the area will be affected by newly enforced physical distancing rules and closures of bars, museums and swimming pools. The state premier of North-Rhine Westphalia, Armin Laschet, said the second lockdown could be relaxed after 30 June “as soon as we have control over the infections”.
The Gütersloh outbreak caused Germany’s “R” number to shoot up to 2.76, but Lothar Wieler, president of the Robert Koch Institute disease control agency, said he viewed the rise as a blip rather than a sign of a second wave of infections.
Overall, the number of new cases remained low, Wieler said, adding that Germans should nonetheless “continue to be watchful. The virus is still in our country, and if we give it a chance to spread, it will take it.”
- 06 24 2020 Residents and local businesses in a community in Germany’s most populous state that has been forced back into strict lockdown following a coronavirus outbreak at a local abattoir are demanding that those responsible are held to account.
North Rhine-Westphalia’s Gütersloh district, which has over 360,000 inhabitants, on Wednesday had its first full day under a reimposed coronavirus lockdown after more than 1,700 employees at the Tönnies abattoir and meat processing plant tested positive.
Schools and kindergartens, bars, fitness studios and museums, which had gradually begun opening their doors again, were forced to close and people are once more limited to meeting up with just one other person outside their household.
… 300 police officers have been sent to Gütersloh to help in the implementation of the lockdown. The neighbouring district of Warendorf, which has a population of 278,000, has also reimposed restrictions due to the outbreak.
- 06 25 2020 Air cooling systems used at abattoirs could be an overlooked risk factor accounting for Covid-19 outbreaks, according to scientists who have studied conditions at a meat-processing plant at the heart of a cluster of infections in Germany.
the air filtration system in the slaughter area had contributed to the spread of aerosol droplets laden with the virus, describing it as a “newly recognised risk factor”.
The area of the plant where animals are slaughtered, gutted and cut to pieces is kept at a cool 6-10C degrees. To do this, the cooling system circulated the same unfiltered air, thus keeping aerosols in motion…. A filter fitted to the cooling system was not able to keep out the virus
Slaughterhouses have also been at the heart of Covid-19 outbreaks in America, France, Spain, the Netherlands, Australia, Brazil and other German regions
Item 4 should be of particular note. Especially since people are considering flying again in a closed air circulation system.
The food famine looming on the nearer horizon is getting not so far off. The list of affected countries is getting longer. Some places have reinstated goods rationing (2 toilet rolls per) again.
China is still hunting for their source of infection by looking at shipping methods and containers for frozen or cold meats coming from the USA and Germany. If the cold boxes/refrigerated containers are hosting COVID19, within the cold-box environment that’s going to put a huge spanner in the global distribution of all frozen and perishable foods.
note: Not all sources listed
ht tps://www.theguardian.com/world/2020/jun/22/meat-plant-must-be-held-to-account-covid-19-outbreak-germany
ht tps://www.theguardian.com/world/2020/jun/24/west-germany-district-re-enters-lockdown-after-new-covid-19-outbreak
ht tps://www.theguardian.com/world/2020/jun/25/abattoir-air-cooling-systems-could-pose-covid-19-risks-expert-warns
(url fractured to prevent autorun)
Clive Robinson • June 25, 2020 2:47 PM
@ JonKnowsNothing,
re: Food Supply Chain and Economic Backlash
Yes I’ve been warning about food shortages and the “special dangers” of frozen food transportation for some time[1].
The “saw tooth” effect will be accompanied by “grannies teeth” type lockdowns. Some have estimated as few as five whilst others more than fifteen…
Oh and South Korea believes it has good reason to think they have the beginings of a second COVID wave, and their R0 is less than Germany as are the numbers involved…
The thing is whilst the SARS-CoV-2 virus may not be seasonal in of it’s self, humans are. We tend to have better immune systems in summer especialy against respiritory disease.
However two things we do know is that the RNA survives being frozen and low tempratures and humidity significantly extend it’s viability times on surfaces so it’s likely to be the same in bulk air movments through “chillers” which get used in more than meat packing plants. In fact in almost all fresh food systems for fruit and vegtables.
They are also used extensively in “rapid chill” of freshly cooked food that is to be reheated later (such as hot airline food, hospital and other institution food supplies including care homes and many work place canteens etc).
[1] But on looking for my comments there appears to be a disapering act in progress.
Clive Robinson • June 25, 2020 2:57 PM
@ Sherman Jay,
And, it is amazing how tech-ignorant most government officials are.
It’s not just “tech” where the ignorance thrives, it’s in almost every subject covered by “STEM” which I might note is actually the fundemental of our economies not the idiotic inflationary finance system.
In fact some officials be they elected or not, appear to revel in their ignorance and promote it as though it is some pinical of achievement necessary for high office… Frankly I find such behaviours to be not just stupid but actually frightening…
Clive Robinson • June 25, 2020 3:10 PM
@ Black Jacket Panic, name.withheld…, Wael,
It now becomes obligatory that each of your next posts…
It is @Wael that specialises in hiding secret messages on this blog 😉
Clive Robinson • June 25, 2020 3:31 PM
@ name.withheld…,
I’m old school Clive, wrote and compiled my own versions (under DOS 3.1/3.11) of more, strings, dd, od, lp, and some other BSD utils in the mid 80’s so I could do network printing.
Yes DOS was always lacking as was most early word processors, especially Microsofts. I ported the same array of tools so I could get into the “saved files” and strip out the coruption (recover) them when MS screwed them up.
They were also usefull for converting on file format to another, something that became a right royal pain when WP decided to move to a windows version…
But in the early 90’s I was working at an engineering company, that got burgled and most of the computers got stolen. Thankfully I had a few spare “unix SysVr4 and DOS_Merge” 486 boxes at home that I could drag in to get myself and the projects I was involved with back up and running including a cheapernet network and printer.
The fact I got six or more people running off of two boxes and a serial concentrator plus terminals kind of impressed the boss.
However he did not like unix / X-Windows Motif and wanted to stick with DOS and Win 3.1… Thus I ended up having to pull tricks with Netware drivers and cards and a DOS box running Kermit to get what he wanted… (yes he was cheap at the best of times). I was whole hartedly glad when the company decided to go with an external contractor.
I remember telling him a little while later he realy should get to know Linux as it would be a better solution than either MS or Novell were offering for file and print serving along with internal web. He still did not get it when Novell bought USL but hey some people are a little slow…
Chris • June 25, 2020 5:03 PM
Hi ive been lurking for sometime, i recon you guys know lot about sec on computers.
One thing you dont touch on toomuch is that people in the know on the military side have there own Military Intelligence Services, they are very much like the CIA of sorts but they are much more muddy….
And … much more dangerous
Wael • June 25, 2020 6:25 PM
@Clive Robinson,
Re: Secret messages…
I was working on the next iteration, but I got busy with other things. I opted for the easy route recently… you know, limericks and poetry. A good vector of deniability.
Hark…
JonKnowsNothing • June 25, 2020 8:20 PM
@Clive @All
re:
I’ve been warning about food shortages and the “special dangers” of frozen food transportation for some time
two things we do know is that the RNA survives being frozen and low temperatures and humidity significantly extend it’s viability times on surfaces so it’s likely to be the same in bulk air movements through “chillers” which get used in more than meat packing plants. In fact in almost all fresh food systems for fruit and vegetables.
They are also used extensively in “rapid chill” of freshly cooked food that is to be reheated later (such as hot airline food, hospital and other institution food supplies including care homes and many work place canteens etc).
Yes indeed, for months …
Which is why I find this statement curious from the German expert:
the air filtration system in the slaughter area had contributed to the spread
of aerosol droplets laden with the virus, describing it as a “newly recognized risk factor”.
And why China is just now looking at refrigerator containers…
@Clive must be omniscient or certainly has better sources than at least two countries!
re:
officials be they elected or not, appear to revel in their ignorance and promote it as though it is some pinnacle of achievement
Alas, in the USA we have the
Myth of the Self Sufficient Self Reliant Un-Educated Cowboy who becomes a Mill/Bill/Trillionaire.
It’s the hook to Silicon Valley (or was) until some better educated folks got burned on worthless stock options or ended up owing the IRS millions in taxes based on un-realized dollars due to “conversion timing” and lost everything.
currently: A similar tax scam is RoboDebt (name varies by country).
Weather • June 25, 2020 8:49 PM
@all
40% accurate, there’s a lot of collision in at least 60%(guess) ,some are not detected, but low values up to about 50 chars, using max 929292 range. 91 max down to about 80 gets a lot of hits.
Clive Robinson • June 26, 2020 4:54 AM
@ JonKnowsNothing,
… must be omniscient or certainly has better sources than at least two countries!
Probably neither.
More likely I’ve been “insanely curious” most of my life and I have that mysterious extra grey matter functioning our host @Bruce calls “thinking hinky”.
From an early age I saw things slightly differently to others. Most would see “the time” on a clock and I would see not just the clock but an interesting collection of gears and some hidden mechanism that controled the speed they turned at inside the clock and the way they moved. Thus my curiosity would drive me to not just find out how a requlator worked but it’s foundation principles and what their limitations and problems would be.
This used to get me into trouble at school and college because I’d keep drilling down to a point well below what we were doing and then ask what appeared a totaly off the wall question.
However it came to be a usefull when it came to “testing techniques” I could find and fix every thing we got thrown at us, as well as suggesting why a particular way of doing things was not good and other ways would be better. Which is possibly the reason I got pushed in the direction of being a “design engineer” by just about everybody that employed me and later “an engineers engineer” sent in to “firefight” or trouble shoot problematic projects and systems.
The other advantage I have when thinking is I’m not usually part of a team. People go on and on about the wonders of team dynamics… But how often do you hear about the truth of the horrors of team dynamics that daily plague teams and sometimes to the point of destruction?
Teams are by definition inefficient, and frequently they work at the speed of the lowest common denominator. In part this is due to people tripping over other peoples feet and in part because those in charge feel they have to know everything that is going on, and what they think is an efficient way for them to find out is often not for them, and it’s certainly not efficient for everyone else. Then of course there are the human asspects of power plays, blaim shifting and just “politics” that also has the great scourge of “group think”…
If I remember correctly it was the owner of Bethlehem Steel that when asked about the success of the company quipped that he never had teams of more than 100 people, because more than that just did not work.
I won’t go into it but if you want to understand teams talk to a field anthropologist who has studied insects through to primates, not a managment consultant or MBA graduate. As I note from time to time nature has had a multitude of millennia to find out not just what works but what is robust in most cases of adversity.
Managment consultants and MBA’s however are not interested in “robustness” but some strange idea of “efficiency” that increases what they call “productivity”, which by the way follows the law of “diminishing returns” and usually significantly increases that form of predictable problem “Chaos”.
If you understand how certain ideas about “efficiency” not only remove “resiliance” but also increase the likelyhood of “chaos” thus render systems non robust even in relatively normal times then you will probably be able to see a lot further into the future than those around you.
As an example, the recent issues we have seen with “oil” and lack of storage and other issues based on it’s transport and processing. It’s yet to fully play out so keep your eyes on it as it is an essential “feedstock” for nearly all manufacturing, especialy for the medical and healthcare systems we are all very dependent on…
But don’t be too hard on others anyone who has ever been in a firefight will tell you nobody has a clue what is going on you just fall back on training as the best way of making it through more or less in one piece.
Which brings us around to one of the big issues with teams and the lowest common denominator effect,
- Sometimes when you are fighting alligators, it’s difficult to remember the real reason you went into the swap was to drain it, so the alligators had nowhere to hide.
Lowest common denominator thinking tends to focus on what is closest and scariest, not what is important.
The easiest way to stop your ground troops being attacked by enemy tanks, is not to try and destroy the tanks by throwing your troops at them. But to either destroy their supply lines for fuel, ammunition and spare parts, or move your troops to ground that favours them not enemy tanks. Doing both in the right way is what wins wars even though you might have to give ground or loose a few battles along the way. However there is also a well known problem of “Generals fighting the last war again” and more often than not it fails…
The problem we have with SARS-CoV-2 and Covid-19 unlike SARS-CoV-1 and SARS-02 is that it is effectively an invisable enemy because people are infectious whilst asymptomatic or presymptomatic. Thus trying to fight SARS-CoV-2 the way we did with SARS-CoV-1 was not going to work and so it has turned out. Because the difference is like that you find between fighting “symetrical warfare” where you have reliable intelligence on the enemy movements and “asymetric warfare” where you have little or no intelligence other than where you’ve taken casualties.
Thus as several on this blog have pointed out we need to be “Proactive not Reactive”. As @SpaceLifeForm has pointed out from near on day one “Just stop flying”. If we had things would have been considerably different.
But what many have forgoton is it’s not just “people on planes” it’s also “goods on planes” and other forms of transport as well as planes. It’s those goods rather than the people that have to keep flowing, importantly “food” as few Industrialized Nations can feed their own people… It should have been obvious to anybody who cared to think about it in the right way, but apparently few have.
Another thing that should be obvious but again people are not thinking about is “shoes”. In East Assia the social norm is to take your footware off at the front door, in the West we tend to leave shoes on and just use a door mat… As is getting pointed out virus laden dropplets fall under gravity, thus a large number will land where peoples foot falls do. Thus shoes are a major “fomite” or transmission vector directly into peoples homes in the West, which in cooler or humid weather the virus will remain viable on some surfaces for as much as nine days based on testing similar corona virus strains. In China and East Asia they certainly appeared to have understood this, hence the spraying of streets and pedestrian areas, something that has not been seen much in the West…
So the conversation at a personal “body” level should be not just about masks and eye protection, but gloves and footware as well… As care here will pay off rather more than any medical treatment we currently have.
Then of course we need to consider what comes into and goes out of our bodies such as air, fluid, food, etc. So far in the West we are not even realy thinking about air, let alone anything else.
But the important thing is how we protect these items in transit because sterilizing them at the individual person is not exactly reasonable, easy and above all safe. Thus sterilizing is best carried out as close to the point where the items are most concentrated and the use of chemicals etc most easily carried out safely.
Thinking along these lines is what will help move us forward in a safer manner than not. It sounds simple but there is a lot of complexity involved, and as a general rule humans are not good with complexity.
rrd • June 26, 2020 8:02 AM
@ Clive
Curiosity is a vastly underrated semi-virtue as it works in opposition to stubbornness as it forces us to question if what our society condones is really the best way (or even ok at all). It requires an intellectual openness that allows the member of society to consider ideas contrary to their current groups’ thought inertia. (Could it be said that Trump-like cultists suffer from a fatal lack of curiosity? I say yes.)
My own immense curiosity gave me a lifelong interest not only in science and computer programming, but in cultures, where — thank Deus — I learned that some people (gasp!) take their shoes off at the door and use something wet on their bottoms after they poop. I was happy to learn something my culture didn’t even consider! Happy, I tell you. I mean, I’m no neat freak, but clean is nice.
What is astounding to me, however, are the people in my family that not only deny that doing so is just scientifically way more clean, but are actively annoyed that I have jumped ship from “just don’t put your shoes on the couch or bed” to “just leave `em at the door”.
This curiosity has lead me to be a cultural sampler in that I’ll jettison any habit (or food!) in favor of a better one, but there is an even more important characteristic here, too: humility. I have no compunction admitting (to myself, at least) that I used to behave in less than optimal ways, and can certainly learn and adopt new and better ideas. Further, after more than 100 base-7 years on this Earth, I know I have even more ways to improve! Why not?!
A lot is made about Jesus’ washing his disciples’ feet at the doorway and Jesus was, for sure, humble, but it’s probably just as much him saying “You filthy animals, I’ll show you how to effing clean your dirty sandals-on-dirt-roads feet when you come into the house!”
This curiosity and its intrinsic questioning has lead my wife and I to have never had a TV in our over 20 base-7 years of marriage. The positive effects on our children are probably not believable by most people, but that lack in combination with having lots of documentaries and Lego (we’ve got the Unimog!) and books adds up to very few negative influences and very many positive ones, like our honorary Uncle David Attenborough and his wonderful BBC cohort with their excellent science and history docs.
I doubt many Americans even know about Uncle Dave’s many astounding documentary series: 10-part Life of Birds, Life of Mammals (10), Life on Earth (13), The Living Planet (12), Life in the Undergrowth (5), Trials of Life (12), Private Life of Plants (6), and Life in Cold Blood (5), plus many one-offs on, eg, Dragonflies and Praying Mantises.
Also, Clive, you might know about comedian Chris Barrie’s 8-ish episodes of “Massive Engines” where one of the episodes is just “Pumps” where he shows all the great early British pumps (one was a Watt, iirc, and is strikingly beautiful). I’m sure you’ll approve of this kind of “Yanks stealing from the Brits”, Clive 😉
But don’t fear! My kids are getting their education in Monty Python, too. Can’t have some humorless bores, now can we!
Anyway, 1000 cheers to curiosity, a necessary (to us) spice of life! And, to those of us who wear our frickin masks like the responsible citizens we’re supposed to be.
myliit • June 26, 2020 1:39 PM
https://theintercept.com/2020/06/24/fbi-surveillance-social-media-cellphone-dataminr-venntel/
[1] “The Federal Bureau of Investigation may be watching what you tweet and where people gather.
The federal law enforcement agency’s records show a growing focus on harnessing the latest private sector tools for mass surveillance, including recent contracts with companies that monitor social media posts and collect cellphone location data.
On May 26, as demonstrations around the country erupted over the police killing of George Floyd, the FBI signed an expedited agreement to extend its relationship with Dataminr, a company that monitors social media.
A few days later, the agency modified an agreement it signed in February with Venntel, Inc., a Virginia technology firm that maps and sells the movements of millions of Americans. The company purchases bulk location data and sells it largely to government agencies.
[…]
Few regulations exist to restrict the use of location-tracking data, a form of data collection that many common phone applications collect and monetize. The Supreme Court’s 2018 Carpenter v. United States ruled that government prosecutors require a warrant to obtain cellphone location data from service providers. But many experts worry that the ruling may not apply to third-party data brokers such as Venntel.
The Intercept has reported that since the recent wave of street demonstrations, FBI agents have questioned at least one individual for simply tweeting in jest that they are members of “antifa,” a reference to a style of violent activism popular among some on the activist far-left. Members of the Joint Terrorism Task Force have also questioned protest organizers at their homes — sometimes within hours of posting an event on social media.
The FBI has tapped other notable surveillance firms in recent years, including Palantir, which builds tools to visualize relationships using an array of information, from social media to license plate numbers.
But the embrace of powerful mass location data through a firm such as Venntel represents a potential new era for the agency.
The Wall Street Journal was the first to report that government agencies such as the Internal Revenue Service and U.S. Immigration and Customs Enforcement had tapped Venntel for tax and immigration enforcement, respectively. After the initial story ran, Sen. Ron Wyden, D-Ore., reportedly reached out to the company to inquire about the federal government’s use of the technology — but that the company declined to answer most questions.”
[1] Title put here since it’s in all caps:
FBI EXPANDS ABILITY TO COLLECT CELLPHONE LOCATION DATA, MONITOR SOCIAL MEDIA, RECENT CONTRACTS SHOW
vas pup • June 26, 2020 2:35 PM
@Bruce: may be good for this week squid as well – link below provided
Russian hacker group Evil Corp targets US workers at home
https://www.bbc.com/news/world-us-canada-53195749
“A Russian hacking group is launching ransomware attacks against a number of US companies, targeting employees who are working from home due to Covid-19.
The attacks used what Symantec described as a relatively new type of ransomware called WastedLocker, which has been attributed to Evil Corp. Ransomware are computer viruses that threaten to delete files unless the ransom is paid. The WastedLocker ransomware virus demands ransoms of $500,000 to $1m to unlock computer files it seizes.
===========>Symantec technical director Eric Chien told the New York Times the hackers take advantage of employees now using virtual private networks (VPNs) to access work systems.
=>They use VPNs to identify which company a user works for, and then infect the user’s computer when they visit a public or commercial site. When the user next connects to their employer’s system, the hackers can attack.”
SpaceLifeForm • June 28, 2020 3:05 PM
@ Wesley Parish, Clive, vas pup
Last I checked, pi and e are dimensionless constants. Transcendental does not mean variable. Speed of light, c, can not be a factor, unless math is not reality.
I do not believe in big bang. Illusion.
Note that c and Planck’s constant are measured. They are not derived from pure math.
Both pi and e are not measured. They are pure math.
SpaceLifeForm • June 28, 2020 3:26 PM
@ Wesley Parish, Clive, vas pup
I forgot to mention something you likely already know,
I stand on my pedestal that Big Bang is pure illusion.
Clive Robinson • June 28, 2020 4:07 PM
@ SpaceLifeForm,
I forgot to mention something you likely already know,
I’ve mentioned a similar idea before, but different. That graphic was obviously drawn by some one who is a mathematician or chose to study mathmatics professional or as a passion or both…
My original point was that there was a line on which you could judge how hard the sciences are. It starts with quantum physics and moves through physics chemistry biochemistry biology etc until you hit philosophy.
But it does not include mathmatics or economics, politics etc.
The reason in the case of mathmatics is it is not something that “is”, it is in effect like a stone axe, a creation of mankind as a tool, built on logic which is something that “is” and we see in it’s higher forms through philosophy, but it’s lower forms all the way down to quantum physics and probably further. Thus we might find that the bed rock of our physical reality is logic but not mathmatics.
But that still leaves the thorny issue of “knowledge” it has no physical actuality just as maths does not, it does however enable us to make observations and predictions thus control the physical world we live as part of. It can be shown that knowledge requires no matter, energy, or forces “to be”, but for us to use knowledge it must in some way be modulated onto matter or energy, and thus constrained, limited by forces which in turn are limited by the speed of light.
Thus many questions remain, that interestingly being physically constrained we know we will never know all the answers to. Because the physical universe is finite, thus we can not be omnipotent, nor for that matter can there be all seeing deities within our universe… A point @Wael and myself have discussed in the past on this blog along with the implications for the “Big Bang” and for that matter time as well.
MarkH • June 28, 2020 4:42 PM
@Wesley Parish, SpaceLifeForm:
I don’t know this Stephen Baxter, but I think he got way out in front of his skis.
I guess that his pi magnification is based on an interpretation of Lorentz contraction which would be rejected as invalid by most physicists.
In any case, the “natural” definition of pi is surely within the reference frame in which a circle is constructed. That being so, velocity is irrelevant.
There’s a more subtle relativistic consideration: the geometry of the universe being non-Euclidean, if it were possible to construct a perfect physical structure of circular form, its actual circumference to diameter ratio would depart microscopically from Euclidean pi, by a magnitude dependent on its size.
But really, that doesn’t alter pi’s mathematical definition.
Anyway, biblical literalists know that in truth, pi = 3
SpaceLifeForm • June 30, 2020 2:12 AM
As expected, ncov2019 aerosol is bad. Do not fly.
hxxps://wwwnc.cdc.gov/eid/article/26/9/20-1806_article
Abstract
We aerosolized severe acute respiratory syndrome coronavirus 2 and determined that its dynamic aerosol efficiency surpassed those of severe acute respiratory syndrome coronavirus and Middle East respiratory syndrome. Although we performed experiment only once across several laboratories, our findings suggest retained infectivity and virion integrity for up to 16 hours in respirable-sized aerosols.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
myliit • June 19, 2020 5:17 PM
https://www.nytimes.com/2020/06/19/us/politics/george-floyd-protests-surveillance.html
“U.S. Watched George Floyd Protests in 15 Cities Using Aerial Surveillance
From Minneapolis to Buffalo, Homeland Security officials dispatched drones, helicopters and airplanes to monitor Black Lives Matter protests.
GRAND FORKS, N.D. — The Department of Homeland Security deployed helicopters, airplanes and drones over 15 cities where demonstrators gathered to protest the death of George Floyd, logging at least 270 hours of surveillance, far more than previously revealed, according to Customs and Border Protection data.
The department’s dispatching of unmanned aircraft over protests in Minneapolis last month sparked a congressional inquiry and widespread accusations that the federal agency had infringed on the privacy rights of demonstrators.
But that was just one piece of a nationwide operation that deployed resources usually used to patrol the U.S. border for smugglers and illegal crossings. Aircraft filmed demonstrations in Dayton, Ohio; New York City; Buffalo and Philadelphia, among other cities, sending video footage in real time to control centers managed by Air and Marine Operations, a branch of Customs and Border Protection.
The footage was then fed into a digital network managed by the Homeland Security Department, called “Big Pipe,” which can be accessed by other federal agencies and local police departments for use in future investigations, according to senior officials with Air and Marine Operations.
The revelations come amid a fierce national debate over police tactics and the role that federal law enforcement should play in controlling or monitoring demonstrations. The clearing of demonstrators from Lafayette Park in Washington for a presidential photo op is still under scrutiny. The Air Force inspector general is investigating whether the military improperly used a reconnaissance plane to monitor peaceful protesters in Washington and Minneapolis this month.
And the National Guard in the District of Columbia has already reached a preliminary conclusion that a lack of clarity in commands led to one of its medical evacuation helicopters swooping low on protesters in the nation’s capital. Renewed calls to demilitarize police work have not only come from criminal justice advocates but also former Republican Homeland Security officials such as Michael Chertoff and Tom Ridge, the first two leaders of the Homeland Security Department, which was created after the Sept. 11, 2001, attacks. …”