Friday Squid Blogging: New SQUID

There’s a new SQUID:

A new device that relies on flowing clouds of ultracold atoms promises potential tests of the intersection between the weirdness of the quantum world and the familiarity of the macroscopic world we experience every day. The atomtronic Superconducting QUantum Interference Device (SQUID) is also potentially useful for ultrasensitive rotation measurements and as a component in quantum computers.

“In a conventional SQUID, the quantum interference in electron currents can be used to make one of the most sensitive magnetic field detectors,” said Changhyun Ryu, a physicist with the Material Physics and Applications Quantum group at Los Alamos National Laboratory. “We use neutral atoms rather than charged electrons. Instead of responding to magnetic fields, the atomtronic version of a SQUID is sensitive to mechanical rotation.”

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Tags:

Posted on August 7, 2020 at 4:08 PM209 Comments

Comments

Sherman Jay August 7, 2020 4:29 PM

From the Harsh but True files:
If they get ISP’s to help them accomplish this (unlikely, I hope) it is a real security and censorship concern for All – –
To protect all the ‘rill mericuns’ from ‘evil china’, t.RUMP chickenhawk Mike Pompousahole announced:
— the Great American Firewall For Everyone — (or as I typify it: GAFFE) .
How many of these t.RUMP admin. fascists will give up their Chinese made Iphones?
How many are using exclusively non-chinese hardware in their laptops/desktops, etc.?
How much more malignantly isolationist can the t.RUMP administration make the u.s.?
How many recognize this is just more petty retaliation by t.RUMP against tiktok users who devastated the number of people at his rally?

and more importantly,
given the fact that all the ‘wonderful u.s. tech giants’ already hoover up as much of our private info as china might want to, none of this will make this fragmented, disintegrating country more secure!

t.RUMP and his minions are spewing as many phony issues as they can to – –
1) appeal to and incite their knuckle-dragging, drooling base
2) distract from all the destructive effects of his murderous Plague

But, on a more positive note: on techdirt, one commenter recommends people look to security experts and he names Bruce, yea!

Also, I use EFF.org’s privacy badger on firefox. I read about and went to the new EFF site: hXXps://atlasofsurveillance.org/. It uses arcgis (which I have successfully used as embedded in other sites). But after the cute ‘loading’ message I just get a blank white frame. I sent EFF a message on this.

echo August 7, 2020 4:50 PM

https://www.theguardian.com/environment/2020/aug/07/bear-attack-advice-sacrificing-friends

In the National Park Service’s message, anyone coming face-to-face with a bear is advised to “move away closely and sideways; this allows you to keep an eye on the bear and avoid tripping. Moving sideways is also non-threatening to bears.”

People should not run – “like dogs they will chase fleeing animals” the message warns – or escape up a tree as both grizzlies and black bears are adept at climbing trees.

The warning then adds: “Do NOT push down a slower friend (even if you think the friendship has run its course).”

Instead, it is advised that people hold their ground and make noise to identify yourself as a human and not a prey animal. “We recommend using your voice. (Waving and showing off your opposable thumb means nothing to the bear),” the message reads.

To reiterate the concern over unscrupulous hikers pushing others to their doom to save themselves, the post ends by stating: “We apologize to any ‘friends’ who were brought on a hike as the ‘bait’ or were sacrificed to save the group. You will be missed.”

Apparently, even the SAS bought into “health and safety” and “equality” and it does actually make both training and operational sense. So yes an old internet joke has now been ended by various killjoys but when you stop and think about it the advertised guidance does make much more sense and I’m guessing is long overdue.

Animals do what animals do so unless the animal is a bad one I think it’s cruel and irresponsible to animals not to ensure you are properly skilled when likely to cross paths.

In the UK and mainland Europe “re-wilding” is a thing. It’s not only important for biodiversity but culture too. Most of the planned animals for re-wilding are fairly benign and from results in mainland Europe wolves aren’t much of a problem. Polls suggest public support is quite high for re-wilding and a significant percentage even support bears being reintroduced. Personally, I’d want to think about that for quite a while.

JonKnowsNothing August 7, 2020 5:27 PM

@All

re: Encryption/Decryption Laws

In Australia, the spy agencies reported they have not had to force compliance.

Neither the spy agency, Asio, nor the Australian federal police have compelled tech companies to provide assistance under the country’s controversial anti-encryption laws that have been in force for nearly two years

The Australian Federal Police (AFP) issued eight voluntary technical assistance requests to communications providers but did not have to use the 2018 laws to compel technical companies to create backdoors or decrypt the devices.

Superintendent Robert Nelson, from the AFP’s digital surveillance section
  Before the 2018 law: ”providers being “quite uncomfortable with what we had requested..”
  After the 2018 law:  ”subsequent discussions they [providers] were a lot more receptive”.

Australian Security Intelligence Organisation, [ASIO] used the industry assistance powers:
  “fewer than 20 times … the internet has not broken as a result…”

Mike Burgess head of the Australian Security Intelligence Organisation
  What is the problem you’re trying to solve? I don’t believe we have one….”

ht tps://www.theguardian.com/australia-news/2020/aug/07/anti-encrytion-laws-yet-to-be-used-by-asio-or-afp-to-compel-tech-firms-help-inquiry-told
(url fractured to prevent autorun)

Anders August 7, 2020 5:44 PM

Regarding bears :

i.imgur.com/ts8E3jh.jpg

Siberian bear hunting armor.

Comes handy in current Covid situation,
forces people to keep the distance from
you, especially in public transport!

Stuff-makes-me-nervous August 7, 2020 6:23 PM

How many different URI should be in a message
that wants your personal data?
Who the heck is govdelivery[.]com ?
A grep for http finds more than this.

Have you created your official online Medicare account
http[://]www.w3[.]org/
https[://]links[.]govdelivery[.]com/
https[://]lnks[.]gd/l/
https[://]public[.]govdelivery[.]com/accounts
https[://]www[.]mymedicare[.]gov/

While the right hand is slapping the famous big data players
the other hand is crafting a BIGGER data grab.

GoDelivery is redirected to https[://]granicus[.]com/

There is almost no way to report a potential scam or question other messages.
Massive problems are being ignored…

“25% of mail-in ballots cast in Brooklyn for June’s primary elections were declared invalid…about 30,000 were disqualified — and it wasn’t the fault of the voters.”

Newly obtained documents show the EPA illegally destroyed records, deceived the National Archives and Records Administration about that destruction, and falsely blamed the coronavirus pandemic to escape accountability

Too may rocks with wiggly bits underneath.

Anders August 7, 2020 6:43 PM

@Sherman Jay

I get 403 Forbidden from atlasofsurveillance
map via TOR.

EFF is behind TOR, don’t they test their stuff?

Mishigas August 7, 2020 7:08 PM

@The Usual Suspects / Clive

I’m looking for some examples of delightfully good code that’s security-related and comprehensible for someone at the lower bounds of intermediate programming ability. Bonus points if it’s any/multiple of the following: written in python; used in production systems; small enough code base to wrap an average-intelligence head around in a reasonable amount of time.

I’ve looked through a decent number of open source projects that used in professional settings, but haven’t yet developed the ability to discern exceptionally good code vs. “brilliant, but painfully written and (un)documented” vs. “eh, it’ll do” code, particularly when security is a factor. I’d like to have some particularly good code examples that I can sort of soak in, mentally.

Thanks for any recommendations you have!

echo August 7, 2020 7:51 PM

@JonknowsNothing

You mean freikörperkultur? Not to be confused with home made frikkadelen, or a spicy or savoury German hamburger, which I’ve developed quite the fancy for. Speaking of which I completed watching the “Colditz” television series. After having read the book years ago it was a very different experience but it turned out to be quite good drama and fairly thought provoking. A lot of the characters were composites and the conversations made up but it wasn’t bad as far as fictionalised based on a true story stuff goes. The world has changed a lot since the time of Colditz and the time the show was made in very noticable ways.

Back in the day a fair few officers used WWII as opportunities to pursue their personal hobbies. In one case this was archaeology and led to, if memory serves, decrypting texts from long forgotten languages. Ater the war many educated officers took leading positions on education as a strand of thinking dominant at the time was education was a good thing in itself and a way of helping the more donwtrodden members of society a chance in life. Because the war pulled in a lot of people from many varied educations and professions and trades it led to many inventive and capable people being able to scheme everything from making escape tools to making clothes to fake money and travel documents and everything else needed to escape. I do wonder if such a thing would be possible today.

metaschima August 7, 2020 8:27 PM

thehackernews.com/2020/08/foreshadow-processor-vulnerability.html?web_view=true&m=1

Not the best article but apparently there is a new take on why the processor hardware hacks that have appeared in the past decade work that opens up new vulnerabilities.

Mishigas August 7, 2020 8:40 PM

@Ismar

Ah, how could I forget! Typical uni student / open source fan answer – looking for code that’s freely available to read, if not to run.

Ismar August 7, 2020 8:46 PM

@Mishigas
So you’re looking for free code , yet want top notch professional code that is easy to understand. That is going to be a hard task to achieve.
What repos have you tried so far and what part of computer security are you particularly interested in?

echo August 7, 2020 9:18 PM

@Mishigas

It’s been years since I coded and I never conciously had a ruleset where I evaluated code quality. I basically just knew from training and experience.

I’ll suggest looking for a problem you are interested in and understand and could solve then look for examples. Well structured, tight code, where it’s sensibly documented and clear where any optimisations have been made are good pointers. If it’s a bit of a tricky problem read some academic papers and see how they compare with the code although you’ll probably find more examples in C/C++ than Python.

A quick search on Python and “url parsing” threw up some examples. You could take a look and work your way through it. Another option is looking through standard Python libraries. Anything more than this and you’ll likely need a licence and will need to pay for it.

You may also want to narrow down what you mean by “security”. It’s a big word.

Lastly, code doesn’t write itself and the best way to learn is to do it.

Nick Levinson August 7, 2020 10:19 PM

TikTok data will be just as available to P.R.China even if Microsoft owns it, because Microsoft has an office and I think a product development campus there, which gives P.R.C. all the legal nexus it needs to make a legally-enforceable demand to Microsoft for all of Microsoft’s data. The nexus exists even if Microsoft’s China contacts are irrelevant to what is demanded. For TikTok U.S. data to be beyond reach, it would have to be owned by a company with no presence in P.R.C., or perhaps no presence anywhere outside of the U.S., so that only U.S. law would apply. I’m not a lawyer and I don’t know if a treaty protects Microsoft for this situation. For Microsoft to threaten to withhold Windows, cloud services, etc. from Chinese customers is unrealistic.

Sherman Jay August 7, 2020 10:55 PM

@Nick Levinson,
I think you are right.

However, I am also sure this is just ‘public relations theater’. The t.RUMP administration just wants to make a big public spectacle to try to convince people that they are doing something (even when it never goes anywhere). Think how far ‘and Mexico is going to pay for the wall’ went. It’s a typical tactic of his.

Sherman Jay August 7, 2020 11:11 PM

@Stuff-makes-me-nervous
“Too may rocks with wiggly bits underneath. ”

However, most of those things have crawled out from under their rocks. Things have deteriorated to the point there is no security in the systems we use (corporate or government).

If you go to a doctor’s office you have to sign and initial a long form authorizing the doctor’s office (corporation) to release your personal data to all kinds of third parties. The protections that HIPPA was supposed to provide are DEAD (fully circumvented with your signed permission).

And that’s just the tip of the deadly iceberg. Don’t read the terms and conditions on any software or website, it will scare you to death. (Almost none of the sheople read them anyway)

name.withheld.for.obvious.reasons August 8, 2020 2:15 AM

@ Sherman Jay
Read a EULA, what crazy planet are you from? Rhetorical question to be sure…

If you are a true nihilist, go to Microsoft’s privacy policy page(s). From what I understand there are hundreds of pages of privacy policies but my favorite of course is Windows 10. Or what I refer to as Windows Occupying System, which will provide law enforcement with your data free of charge(s).

echo August 8, 2020 6:51 AM

https://www.theguardian.com/books/2020/aug/08/simon-armitage-poetry-gcse

“Poetry is language at play, and a lot of the time in a school or classroom environment, students are expected to use language in a very rational, logical and informational way. To be denied the opportunity to think of language as nuanced and playful is a pity,” he added.

[…]

“Poetry offers a view on humanity, society and the world that is playful, contemplative, mysterious, questioning, and one that is often interested in giving readers the chance to hold several different ideas in our heads at the same time.”

Editing modes of reasoning at the early eduation level shows something about the people making up the current UK government but also has implications down the road. It’s a subtle way of skewing peoples reasoning to be more linear and rote learned and reducing the number of people with more creative potential. It’s a poor follow on to my earlier comments about “Colditz”. I had a few more paragraphs which noted changes of culture since the 16th century and more recently which I found difficult explaining in a security context so deleted them but I think this article nails it.

I’d like to know what indivdiuals in the UK government thought up this wheeze but I wouldn’t be surprised if it was the likes of Gove or Cummings and his “behavorial psychologists” in whatever the Downing Street “nudge unit” is called today. Most people will go “yeah whatever” but this one is a ten ton elephant dancing in the room waving a big red flag. Why not be honest and just call the kids “Hitler Youth” and be done with the soft soaping?

See also:

https://www.theguardian.com/uk-news/2020/aug/08/alarm-fingerprinting-custody-channel-migrants-uk

and

https://www.theguardian.com/uk-news/2020/aug/07/london-police-station-blockaded-after-14-year-olds-arrest

Mishigas August 8, 2020 6:59 AM

@echo Thanks for the recommendations; this is definitely part of my acquiring training & experience phase, so I’m still working on cultivating the intuition/feeling for code that more experienced folks arrive at. I’ve generally been following what you suggest – some url parsing was actually one of the first projects I came up with and hacked away at; I’ll take a look at the urllib source today.

@Ismar Hmm, perhaps I could have framed my question differently.

One of the key personality traits for success in security that I’ve seen identified here is the ability to, as Clive puts it, “think hinky”. I’m interested in reccomendations of open source projects which capture that hinky thinking and would be approachable for a university undergrad / first year grad student. In an ideal world are well-documented and written in python (this year has certainly shown we are not in an ideal world, so I’ll take what I can get ¯_(ツ)_/¯). The sort of code that you (where “you” = anyone on here who’s interested in responding) think is admirably good.

When teaching and when learning, I find it useful to have exemplars of good work and of un-good work. I can find the latter, looking for suggestions on the former.

My interests — I’m happy to study good code that shows “thinking hinky” outside of my particular interests, but in terms of what I’d like to work with professionaly: identity, particularly the crossover between devices/individuals; gaps between how designers intended a tool to be used & how it’s actually used; the intersection of physical & digital security, especially buildings/sites, but also devices/individuals again; campaign/election security/integrity.

Some of the things I’ve poked around at
Code (mostly on github):
 • CyberChef, from GCHQ – I think this is an example one of the types of code I’m looking for; I’ve been refactoring parts of this into python as practice.
 • Spiderfoot
 • Sherlock social media account tool
 • BeautifulSoup (PyPI)
 • theHarvester
 • Some of the Netflix projects
Courses / videos:
 • Unlocking Information Security (edX)
 • Upcoming: following Ross Anderson’s Software and Security Engineering course
Etc.
 • Red Teams Journal
 • Heuer’s psych book
 • Naturally, our host’s writing + the threads here

Anders August 8, 2020 9:11 AM

@Mishigas

I suggest you to look at Python malware. That code
is often just awesome, showing how much can be achieved
with so little code and how to bypass different protection.
Malware shows attackers mindset and their ingenious so
it’s definitely something if you want to learn “outside the box”
approach.

You can start here and then move on.

http://www.cyborgsecurity.com/python-malware-on-the-rise/

myliit August 8, 2020 9:11 AM

@echo

“ … People should not run – “like dogs they will chase fleeing animals” the message warns – or escape up a tree …”

https://www.theguardian.com/world/2020/aug/07/german-nudist-chases-wild-boar-that-stole-laptop-berlin-teufelssee

This guy apparently didn’t get/read the memo. In his birthday suit, he took after a wild, or not so wild, animal, which had stolen his laptop. Pictures included.

Or

For every rule, perhaps there are, or may be, exceptions …

echo August 8, 2020 9:55 AM

In the UK there is a weather alert especially in the South East because temperatures may go above 40C and cause a risk of life for some especially elderly people. By routine I use mediterranean/passivehaus techniques to keep my place cool during hot weather. Sitting here typing this I’m quite cool and could wear a cardigan without getting hot while outside is bikini weather. How do I keep my place so cool? Double glazing and window blinds plus blackout/insulated curtains and keeping doors and windows sealed to keep the hot air out. Depending on the heat outside and how long it has been hot the cool period can last from early evening to late morning or be as short as 3-4 hours in the very early morning. Letting cool air blow through for long enough to remove as much residual heat as possible stops my place from turning into a radiator. You can also save cooking until there is a supply of cool draught to get rid of the excess heat and then fridge and reheat as necessary. My place is also much cooler since I got rid of halogen lights for LED lights and a clunky old desktop for newer laptops with a lower power and thermal footprint.

After cleaning and repairing my Trangia with a new rubber O-ring I will be cooking outside. This is partly to give everything a shakedown and partly for fun. An added benefit is cooking outside keeps the heat outside.

It’s a little know fact outside of Japan that many Japanese actually used to have their cooking stove outside. Semi-tropical climates and houses made out of wood and paper and stoves don’t go together well.

JonKnowsNothing August 8, 2020 9:55 AM

@All

re: Successful Decrypting an Encrypted Zip file holding $300,000 bitcoins

Report detailing the successful decryption of the lost key to an encrypted Zip file containing $300,000 bitcoins.

  • It was an older legacy type Zip
  • The cryptographers wrote a custom password attack program.
  • Original estimates for attempts were $100,000 for computational time and their programming services from the cryptographers.
  • The first pass ran for 10 days and failed.
  • They found a bug in their routine and ran it again.
  • The owner of the bitcoins got the $300,000 bitcoins back
  • The researchers got $7,000.

This decryption method would only work on very old zip files.

The Case was presented at Defcon Security Conference.

ht tps://arstechnica.com/information-technology/2020/08/the-quest-to-liberate-300000-of-bitcoin-from-an-old-zip-file/
(url fractured to prevent autorun)

echo August 8, 2020 10:14 AM

@mylit

For every rule, perhaps there are, or may be, exceptions …

Yes the old “bring a fat friend” joke operated in reverse this time. Doubtless this is a story to be passed down among the wild boar for generations.

There’s actually some Youtubes on the ongoing experiment to domesticate foxes. In the UK at least some foxes seem to evolving the floppy ears look of dogs so there is some speculation some form of domestication is naturally evolving. That or a cunning plan. I actually had a fox sneak into my place last month then get into a tiz because they hadn’t figured out window glass isn’t the way out. I wondered what the racket was. So began a merry game of chase the fox around the house until it discovered the way out was the way it came in. At least the fox didn’t do anything as daft as the random cat which sneaked in and somehow got itself trapped inside my sofa of all places.

Singular Nodals August 8, 2020 10:59 AM

@Mishigas @echo

I strongly second @echo’s recommendation to begin by “looking for a problem you are interested in”. Having a real problem to solve helps one’s creative thinking and relieves the often dry exercise of learning some system of syntax. And you have something useful afterwards.

An amusing and instructive book – Nisan and Schocken, Elements of Computing Systems, 2006. The 2nd edition, ISBN: 9780262539807, is to be released January 2021.

JonKnowsNothing August 8, 2020 11:51 AM

This is my latest round of research into the economic aspects of the COVID19 pandemic.

ymmv. I know nothing. Your calcs might be different.

08 07 2020

USA Deaths  160,000   50% old age or care homes 80,000 workers
Gender split    52%M  48%F  41,600 M    38,400 F
Base USA Working year in Hours 40hrs * 50 = 2,000 hrs.
Lost working years/hours 
     17ys M * 41,600 = 707,200 years * 2,000  = 1,414,400,000 working hours
     14ys F * 38,400 = 537,600 years * 2,000  = 1,075,200,000 working hours
Total Hours Lost: 2,489,600,000

of note: I won’t be posting too much because somewhere between here and there things go into a bit bucket. I expect it is my ancient computer and an overloaded internet in California that is at fault.

Stay Safe, Stay Inside, Wear A Mask and Let The Other Guy Die.

vas pup August 8, 2020 12:37 PM

@Carlton – Thank you for the link provided.
I guess government with snitching on own citizens should do this not when government can do it, but when government can’t NOT to do it.
Same applies as my understanding towards bombing other countries.

@echo – please fix my English if it is not properly worded, but anyway you could get the idea regardless. Thank you.

Clive Robinson August 8, 2020 1:00 PM

@ Mishigas,

I tend not to recomend software (not even my own) however there is planty of software I would raise caution with.

Why? Well it’s because of a few rules people have come to recognize over the years.

First of is the number of bugs per line of code metric.

This has not changed much in five decades. One conclusion you can draw from this is “The higher the level of programing language is, the less likely it is to have faults that are potentialy exploitable vulneradilities”. So give assembler / C / C++ code a miss as I write mainly in assembler and C you can see why I don’t recomend my own code… Look at the likes of Lisp where 1/2k lines of code can be as functional if not more so than 50,000 lines of C code. Oddly wierd languages like Fourth can be as good.

That’s a hundred to one advantage… But is it all down to programing language the simple answer is no. Studies on “working” programers reveal an interesting fact, star programers can turn out over twenty times the number of lines of code than average programers, who in turn push out about five times the number of lines of code that the apparently slowest programmers.

However 20 times as much garbage is still garbage so lines of code is and always has been a very poor metric to judge the quality of a programer. One of the “slowest” programers in terms of the number of lines of code they wrote, usually finished their projects way before even star programmers. The reason was a near zero defect rate under test and likewise in maintenance. Their secret if you could call it that was amongst other things they used Z [1] as an effective development tool. Something they picked up when getting a couple of firsts at the UK Cambridge University thatvwas rather keen on it back in the 1980’s.

However whilst formal methods will reduce bugs and some vulnerabilities they very much have their limitations… Whist designing zero defect code, the specification you are working to also has to be zero defect. But… zero defect does not in any way mean the code is secure code. Designing secure code needs a whole load more skills ontop of that, but like zero defect it’s in reality an “Engineering Quality Process” because coding securely is a “weakest link” reduction process not a forge a few strong links process. As I’ve mentioned in the past the early Victorian steam boiler and beam engine designers were not “engineers” but “artisans” and they used “artisanal design techniques” that many software engineers would recognize as “Paterns”. They got these paterns by the “bodge it till it does not break” process. That is if you got a crack in a beam you just rivited on a plate to make it stronger… The problem with this is not only does it make an engine less efficient it very often does not solve a problem mearly move it else where like “air bubbles under wall paper”. In effect the extra weight of the strengthening plates changes the dynamics and puts new stressess and strains into the system that were not already there. Thus other parts that would not have failed now fail and out would come the bucket of rivets agaib… And so on, a process many software developers will recognize and some call “the hamster wheel of pain” or perhaps more fittingly “The project death march”.

Eventually the nascent fields of study of mathmatics and natural philosophy came together and the process gave rise not just to “science” but the more practical application to create “Engineering”. Unfortunately way to much software development is “artisanal” not “engineering” or “Science” there are various reasons for this, but primarily “Children tend to run before they can walk”. I’m not saying that there is not available engineering methodologies that can be used to make more reliable and secure software, there are and we know it and they work and work well for both zero defect and security design. The problem is by and large people do not want to use them because they are tedious and slow, not new and exciting, nor do they enable managment to bully people (it’s this latter issue that is appearing in more and more of these new methodologies which are way to much style over way to little substance, promising gold to “true believers” but delivering crud).

Thus zero defect designs take considerable input and time, and that is but the first of many steps to secure designs.

But there is a little problem that every one tends to forget, our current consumer computing devices can not fundamentally be made secure, we’ve actually known of this problem before Alan Turing came up with his universal engine design. In fact it can be shown a number of ways that systems can never ever “be secure” only “secure to some measure”. But we don’t even have the “measurands” currently so… All we realy have is known instances of vulnarabilities, classes of vulnarabilities in which the instancez fall and the ability to see new instances in existing known classes of vulnerability. We can also see where different classes can have overlaps or where there is missing coverage by any known class when we’ve worked out where to look…

Thus even if you could design a system proof against all known vulnarabilities and even predicted classes of vulnerability you will only have covered a fraction of vulnarabilities that will come to light with time. The result is that any system that is secure to some measure today will become less and less secure with time as new vulnarabilities come to light.

If you look back quite some time ago I was warning about “bubling up attacks” these start low down in the computing stack and their effects grow larger as they rise up the stack. Any hardware engineer that has been around the design block a few times could have told you this, and it arises from the not often realised issue that individual sub components get more and more general as you move down the stack. At some point those sub components are to simple and to general to be secure. That is you need a minimum level of complexity to be able to have security, but as complexity increases so does the opportunity for vulnerabilities. Thus a “sweet spot” has to be found that of necescity will change with time and technology.

I was waving the flag about this when RowHammer came along and the message did not get through since then we have had Meltdown, Spector and many many more and still the message does not appear to be getting through… Will it ever get through? Who knows but I suspect not under current race for the bottom free market systems…

There are other issues, but I hope I’ve got the point across that you can not draw a line in the sand and say “on this side secure” or “on that side insecure” because “time and tides” will move that line every day.

Thus if you want any hope of having a secure system for any length of time one of the primary things you should look for is very strong “Design for maintainability” including the ability to dump entire parts of the computing stack as and when required, which again suggests that the programing language should be as high up the computing stack as possible, in fact higher than any current main stream programing language.

I’ve discussed this before when talking about C-v-P but in effect it is a little like the *nix shell coding philosophy which many years ago Apple locked at as part of “Pink” and others keep picking up on it. In essence those that can write secure code write tasklets which are made available via simple IPC that also has security built in. Everyday application developers effectively “plumb the tasklets together” adding the required “Security signiture limits” and thus have to not worry about all the ins and outs of secure code development at the lower levels of the stack.

[1] ISO have done their standardisation thing with Z which you can download from,

http://standards.iso.org/ittf/PubliclyAvailableStandards/c021573_ISO_IEC_13568_2002(E).zip

http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=46112

Sherman Jay August 8, 2020 2:17 PM

I am trying the HAIKU OS on an older computer. It is reported to be fast and reliable and since not Window$, Appple or Linux, it is not a target (yet). I’ll report on it when I have substantive experiential info.

@JonKnowsNothing • August 8, 2020 11:51 AM
“This is my latest round of research into the economic aspects of the COVID19 pandemic.
ymmv. I know nothing. Your calcs might be different.”

Good work. Thank you.

For our physical safety and security, we need to know where, who, how many are infected and how is it spread and what to do to protect ourselves. (mask, gloves, stay 10 ft. from the drooling unmasked and ??? )

One thing I am reading from many reliable epidemiological and trusted skeptical news sources is that since the u.s. ‘admin’ has hijacked the Covid reporting and worked to discredit all fact-based respected scientific sources, they are badly obfuscating and diminishing the numbers to support the ‘re-election’ of the orange menace. Some of that is that they are ‘re-interpreting’ some Covid caused deaths to be classified as ‘pneumonia’ not Covid, etc.

Therefore, we have no security from or trust of the statistics spewed out by the mainstream media.

I ripped the foil out of my hat lining, it is now of little use in this utterly chaotic world.

Stay safe Jon and Everyone

vas pup August 8, 2020 2:38 PM

Nudges: How little tricks influence our decisions

https://www.dw.com/en/nudges-how-little-tricks-influence-our-decisions/a-51170445

This extract is closely related to this blog because in security both types are interplay

“Intuition beats logic

In principle, psychologists distinguish between fast, instinctive or emotional thought processes (called System 1) and slow, systematic thought processes (called System 2).

This theory was coined by the psychologists Daniel Kahnemann and Amos Tversky, among others, and is often referred to as the “dual-process theory” (DPT).

“As we navigate our lives, we normally allow ourselves to be guided by impressions and feelings, and the confidence we have in our intuitive beliefs and preferences is usually justified,” Kahnemann writes in his book “Thinking, Fast and Slow.” In 2002, Kahnemann was awarded the Alfred Nobel Memorial Prize for Economics for his work on decision-making processes.

According to Krockow, “System 1 is used much more frequently than System 2, because there won’t be enough time and cognitive capacity to think about every problem systematically … Many of these automatic thinking processes work well, which is why you often get your gut feeling right.”

====>When making important decisions, however, or in situations where you might be manipulated, you shouldn’t rely on gut instinct alone.”

Other parts of the article are good reading plus short video inside as usually as well.

every.word.matters August 8, 2020 2:38 PM

Up to 750,000 UK Covid test kits recalled due to safety concerns

Up to 750,000 unused coronavirus testing kits manufactured by diagnostics company Randox have been recalled from care homes and individuals due to concerns about safety standards.

At the beginning of the coronavirus crisis, the Department of Health and Social Care (DHSC) is understood to have operated a haphazard policy for obtaining testing kits and it faced criticism for the purchase of millions of kits that turned out to be significantly less effective than originally claimed by pharmaceutical companies.

The recall ordered by the Medicines and Healthcare products Regulatory Agency (MHRA) comes after the UK government instructed care homes and members of the public to immediately stop using Randox testing kits in mid-July following fears over sterility.

Randox was awarded a £133m contract in March to produce the testing kits for England, Wales and Northern Ireland without any other firms being given the opportunity to bid for the work, the Guardian revealed.

A DHSC spokesperson said: “We have high safety standards for all coronavirus tests. Following the pausing of Randox kits on 15 July, Randox have now recalled all test kits as a precautionary measure.

“Our testing support for care homes continues as any resident or member of staff with symptoms can immediately access a free test and we are exploring ways to increase the amount of testing, making full use of available lab capacity.”

The department has commissioned an accredited laboratory to verify the sterility of a specific supplier of Randox swabs according to the formal international standard for sterility testing. The results of the investigation are expected in the coming weeks.

Randox have recalled all test kits as a precaution to ensure paused kits do not continue to be used while the safety checks are ongoing. The tests are not officially CE marked – assessed before being placed on the market in the European Economic Area – and have not received an exemption to be placed on the market during the pandemic.

Stay safe. Stay healthy. Wear a mask. Be kind. Coronahoax.

SpaceLifeForm August 8, 2020 2:58 PM

@ Clive

Sorry for the bleeping stuff.

We need a browser plugin to do the equivalent of
hXXp://www.doesitusecloudflare.com/

Here’s is another link regarding the Qualcomm issue:

hXXps://www.theregister.com/2020/08/07/qualcomm_chips_brimming_with_somewhat/

“From what we can tell, it sounds as though Qualcomm’s code-signature checks can be bypassed, allowing malicious Android apps to execute arbitrary instructions on the DSP and, from that position, gain control of the whole device.”

The NSA warning about location is likely related.

https://www.schneier.com/blog/archives/2020/08/the_nsa_on_the_.html

echo August 8, 2020 3:00 PM

@Clive

Some of us when coding actually want to get something done this side of the next ice age. The need for secure userspace applications is actually very low and in a lot of cases the application can’t actually do anything if the OS or hardware isn’t secure. So please stop dissing on coders. It’s insulting. Most engineers don’t have the first clue about materials science or radiation if you want to be funny. How would you like it if a specialist dissed on engineers for not having a clue how to mix the right materials in the right environment? And to say coders don’t use scientific method or apply science is nonsense. If you’re picking on kids who work for corporations with other agendas and trying to force on them responsibilities which have nothing to do with them I think you’re picking the wrong target.

It would be more useful to pick a starting point about mindset or approach and various red flags and gotchas than land the entire “stack” on their heads. The reason why is you can pull elitism with any topic including physics and DIY and cooking. You forget you had to start somewhere and knew nothing.

@Sherman Jay

I am trying the HAIKU OS on an older computer. It is reported to be fast and reliable and since not Window$, Appple or Linux, it is not a target (yet). I’ll report on it when I have substantive experiential info.

Interesting OS. I’ve been a fan and have been following the project since whenever including it’s genesis BeOS. There were some ding dongs along the way I won’t repeat to keep the R value of annoying memes down. It’s been a slow project but is getting there.

On a slight tangent I wish RiscOS hadn’t shot itself in the foot so many times.

Sherman Jay August 8, 2020 3:14 PM

@echo • August 8, 2020 3:00 PM

Always appreciate your insights. It reminds me that “no matter how secure a program is, if it is running on an insecure OS there is trouble waiting around each ‘corner’.” Of course, as I understand it, all OS’s are buggy and insecure. Right down to the CPU flaws.

Also, just curious, was the riscOS designed to only run on ‘Reduced Instruction Set Computers’ that had a distinctly different mode of operation? I thought that the two architectures standard and risc were not compatible. Did RISC reduce some of the security flaws?

echo August 8, 2020 3:34 PM

@every.word.matters

Potentially problematic testing kits are a worry as is the potential corruption. Both problems require more investigation. I’m not personally bugged if test kits are not perfect and contracts are thrown about although yes it could point to bigger problems.

I loath the current UK government and their lack of preparedness and cavalier behaviour and so forth but… Sometimes you have to be “quick and dirty”. The tests could be fine. They may be problematic and need a protocol tweak to be fit for purpose. They may only be fit for the incinerator. The contract could be signing a blank cheque to get something out the door asap. The contract could be a bung to their mates. Or both.

Equally as concerning in England R may be greater than one. Or not. Depending on where you live. And they’re not even sure about that.

There is “quick and dirty” done well and “quick and dirty” done badly. I am at a loss for words when thinking how badly they have done and continue to do. Personally I would support anyone who knew what they were doing simply elbowing the government out of the way and taking over. There’s enough statutory powers and court jurisdiction in place for this to happen. Pandering by weakly resigning like the head of the Equality and Human Rights Commission did today (and he’s not the first) doesn’t strike me as being adequate. Even the cops who don’t like the situation are hemming and hawing around the problem.

In my mind there is only one question. Do they want to end the pandemic or not? Yes, or no. The rest follows. I cannot understand the dithering.

echo August 8, 2020 3:52 PM

@Sherman Jay

Also, just curious, was the riscOS designed to only run on ‘Reduced Instruction Set Computers’ that had a distinctly different mode of operation? I thought that the two architectures standard and risc were not compatible. Did RISC reduce some of the security flaws?

RiscOS is Swiss cheese as far as I’m aware. I haven’t dug deeply enough into the OS to know. There are some pecularities with RiscOS which was tightly coupled with ARM CPUs. This created a few problems when porting to newer ARM architectures. I have no idea how easy a port to other CPUs will be. Critical aspects of its RiscOS architecture are stuck in the past and it hasn’t received much love partly because of ownership issues and partly because it’s so niche. It’s still behind on pre-emptive mutlitasking and memory protection so I’m assuming things aren’t going to improve fast if at all.

Risc reduced a lot of junk and during a pivotal part of IT development managed to deliver a lot of bang for the buck. There is or was or continues to be a lot of Spanish practices and politics and backhanders in the CPU business from speed boosting shortcuts to bloated instruction sets more for lock-in and marketing purposes and various direct and indirect bungs and biases in governments and the industry and international trade. Other than this I know no more than anyone else.

Mishigas August 8, 2020 3:54 PM

@anders
Thanks; the size issue the article talks about reminds me of how Ragnar Locker smuggled in a whole VM to hide its payload, so perhaps 7mb isn’t that bad, although Nuitka looks quite interesting. Will continue to digest the article. Also, cheers on the Trangia repair, I spent a few days last summer restoring a Coleman that was made before my father was born (and maybe last used around when I was born); it happily serves as my outdoor kitchen at least a couple times per week now.

@Singular Nodals
Ahh, interesting, this looks like the hairy-chested programming my graybeard secondary school programming instructor (some of the gray was, admittedly, my fault) had at his uni & that he gave us a taste of. Any idea whether there are any notable changes in the second edition or whether it’s more like a Knuthian type update to slightly hone the already polished concepts?

@Clive
Thanks for the thoughts to unpack. The “bubbling up” problem that you & others have talked about here has contributed to my interest in what lies beneath the surface of whatever level of code I find myself at — at times to the detriment of just getting on with the task at hand and using the tool I’ve got — and complements the risk management & emergency response training that I’ve had for doing excitingly-dangerous things in sometimes remote/austere places.

It seems, though, that there is a tension between preferring higher level languages and the concept of security flaws at the lower levels bubbling up – is this the sweet spot that you refer to or is there an implication that with higher level languages, intermediate levels can actively disrupt a bubble?

Had I paid less attention to history, I would say surely it’s tautological that security is relative, not absolute, but I suppose I’ll have to settle for saying that I agree with you on that.

Re: applying the *nix philosophy to security design – I’m actually watching Daniel Miessler’s Defcon presentation from today[1], where he talks about taking a similar approach to automating aspects of security testing, so there’s a happy coincidence.

  1. youtube[.]com/URBnM6gGODo

Anders August 8, 2020 3:57 PM

@Sherman Jay

You can also try on older HW OS/2 in it’s modern incarnation – ArcaOS

nononymous August 8, 2020 4:54 PM

“Squid Gene-Editing Shows New Possibilities For Treating Genetic Diseases”

Science Friday. 08/07/2020

Out on the southwest corner of Cape Cod lies the town of Woods Hole. The ocean here is flush with marine life, so it’s the perfect home for the Marine Biological Laboratory, an international center for research. Scientists here recently thrilled the genetics world by announcing they’ve successfully knocked out a gene in squid for the first time.

https://www.sciencefriday.com/segments/squid-gene-editing/

echo August 8, 2020 5:44 PM

@nononymous

Yes I read the Squid thing on Sciencedirect. They also have an interesting one on poison arrows being used 70,000 years ago. It’s interesting to speculate how they arrived at this discovery and whether they had explored medicinal uses. Theuse of tools and medicenes isn’t unique to humans so it makes me wonder how far back these things go.

https://www.sciencealert.com/humans-may-have-been-aiming-poison-arrows-for-at-least-70-000-years

What is also interesting is genetic mutations can lead to immunity to diease but coincidentally developing new functionality and contribute to branching in species and inability to interbreed.

https://www.sciencealert.com/we-evolved-a-way-to-beat-a-deadly-infection-but-it-made-us-vulnerable-to-other-diseases

Ismar August 8, 2020 7:06 PM

@Mishigas – thanks for providing a bit more context and including some of the repos you have already had a look at.
From what you have written I am assuming you’re an academic looking for some sample code to use during your teaching of undergraduate courses?

Regarding Python – I don’t think you would be able to find too many decent size projects in this area using a purely scripting language such as python.

Two projects that come to mind in the area of secure communications are
1. Jitsi – https://github.com/jitsi
2. Signal – https://github.com/signalapp

Also, Microsoft has been, in the last 10 years or so, making efforts to open source all of their .NET platform which should have a lot of security related code
3. https://github.com/dotnet

Also, as you seem to have some inclination towards the code written by security agencies (CyberChef) and scripting languages, the NSA also has got a repo on github

  1. https://github.com/NationalSecurityAgency

Finally, if you are an academic (for some reason people don’t like using their real identities even when discussing matters which have very little potential for incrimination – the fact that tells us a lot about the state of the societies we live in) you can try and participate in this network simulator project done at the University Of Western Australia
5. https://www.csse.uwa.edu.au/cnet/

Hope this might be of some help without writing 2 pages of general theory as to what might or might not constitute top security code

rrd August 8, 2020 7:37 PM

@ Clive et al (re: Z notation Zip file)

The link you provided requires the user to click “Accept” on an HTML form before it will download the correct zip file. Otherwise it defaults to just downloading the html (probably because of a MIME html header conf problem).

Anyway, thanks for the link to one of the few free ISO specs.

@ Clive et al (re: bug-free software)

Look at the likes of Lisp where 1/2k lines of code can be as functional if not more so than 50,000 lines of C code. Oddly wierd languages like Fourth can be as good.

I imagine that those kinds of developer-amplifications only benefit (a) very specialized codebases that address very specific problems, and (b) from having very, very carefully built up a mountain of Lisp/Forth underlying “libraries” that can then be drawn upon.

Being foundationally a C (and below) programmer myself, I was never attracted to Lisp/Scheme, and it seems that the benefits of Forth primarily target hardware designers, where it appears to be excellent (from my brief surveys over the years).

I would certainly be appreciative of corrections to my opinions of these long-lived, if mostly practically (as in: in use) obscure langs.

My primary intuitional question regarding their actual usefulness is, “If they are indeed an orders-of-magnitude improvement over C, why has no one used them to develop a usable OS by now?” (And I don’t mean a machine that runs Lisp code directly; it has to be “modern” in terms of consisting of assemblyish code, however it is generated.)

I mean, I fully understand that to generate OS code, one needs to precisely control the resulting assembly output; i.e. C’s natural impedance mismatch with assembly/bare-metal is minimal (yes, I aced “Operating Systems” even though it was the first class in Uni that used C instead of Pascal; cheers to Tannenbaum for Minix). A language as high-level as Lisp would certainly require a very specific mapping strategy/spec for the resulting code generation (likely including inline assembly for the really tricky bits), but if Lisp provides such a wonderful (as its fans proclaim) ability to create paradigm-shatteringly useful abstractions, that really shouldn’t be very difficult. But I can only imagine as I’ve never experienced any kind of A-Ha! moment in my explorations of Lisp/Scheme.

To my thinking, the reality is that Lisp is simply too abstract to be useful for the low-level abstractions necessary for generating processor-aware systems like an OS.

The last language I fell in love with was F#, as its designers (Cambridge’s Don Syme, et al) really did something fantastic with OCAML. Once off of Microsoft platforms (good riddance forever), I figured that it was time to re-explore OCAML, as I remember in the late-90s/early-00s seeing the St. Petersburg guys winning (or at least highly placing in) the ICFP’s programming contest year after year.

I was immediately disappointed, however, because OCAML does’t even allow me to declare a var to be a specific size/signedness of int. It was an immediate deal-breaker, not because I’m skimpy with my mem usage (tho nor am I profligate), but because I want my var values to have very specific semantics and “it can be ANYTHING you want, Disney visitors” leaves me feeling I’m dealing with ultimately unserious people, at least in terms of generating exactly precise code.

Of course, I also get that most people are really just happy to take all the convenience they can get, and they just poo-poo away the intrinsic ugliness of “my ints get to just grow and grow and grow … to INFINITY and beyond!”.

All this leads back to the problem of crap-software, which is, like all things human, usually and mostly the result of unserious people/organizations doing a bare-minimally good job, their only serious goal being to cash their paycheck.

Clive, as you are very conscious of the effects of tool use on the greater world society and our subsequent responsibility to define how a tool should and could be used as well as how it should NOT be used, I have a very serious two-part question:

“If one could create a methodology to create perfect software, (a) how could one constrain it from being used by bad actors, and (b) assuming that bad actors would eventually get and use such a methodology, should such tech even be released if developed in our current world situation?”

On the one hand, such a methodology could be used to create perfect information management machines that can contribute to uplifting humanity by spreading information that can help people’s lives, from various green tech to what the evil bastids at the top are up to.

On the other hand, such a methodology could be used to create perfect freedom-curtailing software such as nation-state firewalls, internal or external.

I think I just arrived at the answer myself, but I am very curious as to your opinion.

Clive, I haven’t finished reading your post yet, but I had to address the Lisp/Forth bit separately because language choice certainly goes to the heart of creating bulletproof software. I will likely have more comments/questions for you after I finish carefully reading the rest of your post, but I’d prefer to explore the bigger picture of my above question first before delving into the esoteric technical aspects of creating bug-free SW.

Thanks in advance and I wish you all excellent health, peace and happiness in these troubled times.

name.withheld.for.obvious.reasons August 8, 2020 9:47 PM

A post on the squid earlier today did not make it past the moderator and it was definitely related to public safety and security. I listed four states within the United States that met one of the CDC metrics for schools to open safely. I sourced the data and provided links to the data making the post informational, not political. Only 8 percent of the states had established the necessary baseline for school openings. I’m sure educators would like to understand the risk they are being exposed to.

Also mentioned an anomaly in the data set which should be a warning sign to those that are following the pubic health crisis.

Clive Robinson August 9, 2020 1:50 AM

@ Anders,

Re : the prefetch attack that is not realy a prefetch attack thus the prefetch fixes are broken…

Yes it’s not unexpected from the “fix or not realy fixed” solutions we have seen from Intel and others.

The simple fact is when you think about it, the fundemental securiry problem that pops up is,

    Any “shared resource” that also alows “one party to cause contention issues for another” will result in some kind of information leakage.

It does not matter if it causes a time delay or energy difference etc etc the information is going to modulate something somehow and cause a signal to be created that can leak data. So if that signal is detectable then it’s just a question of how do you get it to usefully tell you something.

This side channel leakage through shared resources has been known about for atleast five decades, yet the free market imperative means it continues to haunt us[1].

It’s why you should avoid sharing resources… Take system Core Memory or RAM that is shared not just by all CPU processes it’s shared by other resources such as the MMU (page tables) and any DMA I/O all of which are known to give security issues going back into atleast the late 1970’s publically.

So consider the likes of “Secure Enclaves” that use Core RAM are they secure? The answer is of course no. Thus the security of them rests on a rather silly assumption which is,

    “You can not get a usefull signal.”

That’s what all those Secure Enclaves security proofs rest on at the end of the day[2]. So if you can do,

1, Find a signal from your available monitoring points.
2, Usefully extract information from the signal.
3, Apply the information effectively.

Then it’s game over for the Secure Enclave.

OK so lets play a little game of securiry walk through…

The first protection mechanism you might think of is “Encrypted Core Store”. That is it should be clear that if the RAM is encrypted then monitoring points close to the RAM will only get you “encrypted data” which assuming the crypto algorithm and modes used are secure will not get you very far.

But… as a rule of thumb the more secure the encryption is, the slower it is, which almost always means there will be some “speed up” technique applied. The easiest thing to do for a designer is to push the encryption/decryption as far away from the ALU / CPU core as possible, that is right out with the bus interface.

This means that all the caches and registers contain unencrypted data.

Which means as an attacker, you only need find a shared point you can monitor after the decryption…

The wider bandwidth that shared monitor point has the more data you can get a signal on before it’s changed in some way. Thus the greater use of statistical methods you have available to get that signal out of background noise.

The same sort of reasoning applies to most other security mechanisms you might want to design in. The result is the same, if data in plaintext is in a shared resource then it’s vulnerable.

Which is why the processing of encrypted data is still a hot research subject.

On a lighter note, there is an old Jonny Cash song that has the chours lyric of,

    “I’d get it one piece at a time, And it wouldn’t cost me a dime, You’ll know it’s me when I come through your town

He might have been singing about a top of the line Cadillac, but the principles expressed work just as well for data, that could be worth way way more than a “hundred grand”. OK Ed Snowden used a Rubics cube not a lunch box but…

The song is worth listening to just because of the security issues it covers and the bit about the court house and title still rings true 😉

https://m.youtube.com/watch?v=18cW_yHo3PY

[1] The implications for “cloud solutions” should be obvious from this. Likewise any server with more than a single user or any machine connected to an accessable network in some manner. Side channels are just one of the reasons why I’ve talked about “energy gapping” so much in the past. It realy does not matter how the side channels exist, it’s safe to assume there is quite a few more than none in any consumer computer driven product.

[2] The same is true for that pesky “Ring -3” Intel Managment Engine (ME) as will probably be come clear in the near future, on the assumption there will be a few interesting security crumbs relating to it in that confidential data dump that happened just a few days back.

Who? August 9, 2020 6:28 AM

@ Anders and, of course, others

About the Intel leaks.

Thank you for announcing the giant Intel leak on the forum. These are very good news for all of us and, over the time, for Intel too as its code will be finally trulyu audited by a large community of security experts and programmers. Until now these experts were revealing critical bugs, but only working on a black box model.

As I see it, there are two possibilities:

  1. Bugs are accidental, a consecuence of an sloopy development model. The bugs are closed and all win; maybe Intel does not see it this way, but this leak will increase the quality of current and future developments at the company.
  2. There are bugs and backdoors, the worst scenario. Bugs will be closed, but backdoors will possibly be replaced by new ones. It may have a huge impact on Intel shares and customers confidence.

Whatever happens, what will do Intel and its OEMs about old ⸺sometimes not-so-old⸺ bugs that will be found on the source code leaks? Will those bugs be closed or just widely published?

Perhaps it is time someone in the United States opens a change.org petition asking for security problems be fixed when discovered, even on legacy products.

@ Bruce

Would it be possible talking about this important leak next week? I think this leak is one of the most important black swans on the security scene in the last years and worths a more detailed analysis.

Who? August 9, 2020 6:57 AM

Continuing the previous post… does someone has a copy of the exfiltrated files? It seems the account that announced the leak has been suspended. Hope some good security teams will get access to the leaked files. Bugs on that code should be fixed.

Mishigas August 9, 2020 7:04 AM

@Ismar
Thanks for the recommendations; I think the comments so far have convinced me that I’ll need to brush up on at least one of java/js/C sooner rather than later. The network simulator looks like a cool alternative to replaying pcaps. I am definitely no academic, more along the lines of a career-changer in the midst of another round of formal education.

Anders August 9, 2020 7:33 AM

@Who?

Follow the white rabbit.

linuxreviews.org/20_GiB_Internal_Intel_Document_Motherload_Is_Now_Available_In_Dark_Corners_Of_The_Internet

(i hope that our host @Bruce and @moderator won’t get mad about this posting.
i’m only posting public link which hints where the stove could be downloaded and it’s essential that this leak will actually be reviewed and analyzed, having all our security in mind).

a boardgamer August 9, 2020 8:02 AM

@echo:

I completed watching the “Colditz” television series. After having read the book years ago it was a very different experience but it turned out to be quite good drama and fairly thought provoking.

There’s a good game “Escape From Colditz”, first produced by Gibsons Games (in the UK) back in 1973, and later reprinted by other publishers. Here’s the BoardGameGeek page, and a note from it:
https://boardgamegeek.com/boardgame/715/escape-colditz

The game was co-designed by Major PR Reid, a British soldier who was one of the few to actually successfully escape from Colditz during the Second World War.

Who? August 9, 2020 8:32 AM

@ Anders

Thanks. It is very good to know that leaked files exist yet, after MEGA closing account used to serve this information too. One of the news sites mention a source code file including a comment about a RAS backdoor⸺I understand RAS stands for Remote Access Service, and from what I understand it looks like a function that dumps arbitrary memory areas. From the picture on the article I cannot say a lot.

Glad to see that most of my firewalls run on octeon processors!

Who? August 9, 2020 8:40 AM

@ Anders

I completely agree with you. This information needs to be carefully analyzed by security experts.

Usually I am against leaks; for example, when Snowden leaked the well-known NSA documents most journalists used that information to damage the U.S. reputation, turning U.S. relations with their allies into a nightmare. I was very happy with the technical documents, however, as I think that anyone, intelligence agency, security expert or whatever in knowledge of a vulnerability should do its best to get if fixed.

We all depend on Intel hardware; there is really no alternative in most cases and this hardware must be secure.

Two questions remain on my mind, however. What will happen to old computers, like the ten years old OptiPlex computers I am running here. These systems have Intel ME disabled during the manufacturing process, but a backdoor may exist on these computers yet according to the new leak. And, second question, what will happen when fixing these backdoors? Will Intel open new, replacement, ones in the same commit that close the old ones?

Who? August 9, 2020 9:00 AM

@ Anders

By the way, I read somewhere that this one is the first leak only. More files to come.

I cannot speak about what will happen to backdoors. If there is any, Intel is surely working on a replacement one for the intelligence community right now. But at least the code will be audited and hundred of bugs fixed.

Fixing bugs is good, I hope Intel understands it too.

echo August 9, 2020 9:39 AM

@ boardgamer

There’s a good game “Escape From Colditz”, first produced by Gibsons Games (in the UK) back in 1973, and later reprinted by other publishers. Here’s the BoardGameGeek page, and a note from it:
https://boardgamegeek.com/boardgame/715/escape-colditz

The game was co-designed by Major PR Reid, a British soldier who was one of the few to actually successfully escape from Colditz during the Second World War.

A boy at school had this game and I half played it once. I can’t say I got it at the time and it’s too long ago for me to remember enough to have an opinion. My autobiographical memory is sharper on everything else but not the game.

Reid was also a consultant on the television series too. The atrocious movie adaption had nothing to do with the real story or situation beyond the name.

While the 1970s when this boardgame was produced had its problems in a lot of ways the 1970s was a much more free time than we have today. I am now trying to leave the UK and finding the process is like being surrounded by camp guards and Gestapo trying to stop me. You will not believe the pain in the neck trying to get my passport has been.

Anders August 9, 2020 9:46 AM

@Who?

Actually i’m very sad that we have x86/x64 monoculture now.
No matter Intel or AMD, same ISA.

I long the times when there were around different ISA-s,
NT4 could be run on DEC Alpha, Itanium, MIPS or PowerPC.
So although you run the same NT4, different ISA required
different shellcode. Diversity is what saves you, being
different from the others.

I see x64 now rules the world

en.wikipedia.org/wiki/File:Processor_families_in_TOP500_supercomputers.svg

Although this is supercomputers i see this reflects desktops too.

Is there any viable/commodity alternative for desktop?
RISC-V is still in its infancy?
Raspberry-PI is not an option 🙂

echo August 9, 2020 10:23 AM

@Anders

Actually i’m very sad that we have x86/x64 monoculture now.
No matter Intel or AMD, same ISA.

I long the times when there were around different ISA-s,
NT4 could be run on DEC Alpha, Itanium, MIPS or PowerPC.
So although you run the same NT4, different ISA required
different shellcode. Diversity is what saves you, being
different from the others.

I see x64 now rules the world

It’s not just hardware but software too. There used to be a lot more diversity in OS and applications. With the inherited monopoly from IBM and more than a little assistance from the US government with favorable monopoly law and slap on the wrist settlements Microsoft leveraged everything they could to kill all the competition and take everything over. What this has done for the computer industries in other countries including but not limited to the UK is nothing short of dropping a clusterbomb.

en.wikipedia.org/wiki/File:Processor_families_in_TOP500_supercomputers.svg

Although this is supercomputers i see this reflects desktops too.

Meiko used to build supercomputers from transputers. They got hammered two ways. First there was the Intel monopoly. Intel also refused to licence transputer bus patents and held back until the patents ran out. Only when the patents ran out did you see new Intel CPU bus technology including AMDs hyper-whatever coming into production. Yes, because of an NIH spat the American driven monopoly utterly drove Inmos into the ground. The second way Meiko got hammered didn’t justhammer Meiko but also hammered European industry. Courtesy of their state backed monopoly US supercomputer manufacturers got the wavethrough from the UK government. This basically finished Meiko and put European manufacturers at a disadvantage because US manufactured supercomputers and the software which ran on them was tuned for the need sof Amrican industry.

<

blockquote>Is there any viable/commodity alternative for desktop?
RISC-V is still in its infancy?
Raspberry-PI is not an option 🙂

I’m still hissing and spitting over ARM being sold off because of people who didn’t need any more money and a UK government which hasn’t had a strategic national economic policy for decades. I have also notice not just Chinese copycats but American copycats trying to muscle in on the Raspberry PI. Yes, they are entitled to do so but I note the nationalistic biases in both countries.

Myself I think it’s time to tell various people to sling their hooks. It’s not as if Europeans can’t see the Americans and Chinese coming. We know what their dodges are but in my mind the worst of the worst is America. It’s not just the attitude towards their own monopolies and trashing and stamping on everyone else (remember TTIP?) but also the way America twists and turns to sell themselves as a solution to problems THEY caused while blaming everyone else like all this nonsense over the big tech companies this past few weeks.

And no I didn’t support the Iraq War because the evidence and science wasn’t there and no I don’t support Brexit. I am a European and want my country back!

Singular Nodals August 9, 2020 11:25 AM

@ To whom it may concern (you all and sundry know who you are), Selecta

“ … By thy long grey beard and glittering eye,

‘Hold off! unhand me, grey-beard loon!’

He holds him with his glittering eye— … “

  1. https://www.cs.huji.ac.il/~noam/

    1.1 https://www.nand2tetris.org/

  2. https://en.m.wikiquote.org/wiki/Alan_Kay

  3. https://www.junauza.com/2010/12/top-50-programming-quotes-of-all-time.html?m=1

  4. https://www.cl.cam.ac.uk/~lp15/

    4.1 https://www.cl.cam.ac.uk/~lp15/MLbook/

  5. https://www-cs-faculty.stanford.edu/~knuth/

    5.1 https://www-cs-faculty.stanford.edu/~knuth/taocp.html

  6. http://lamport.org/

    6.1 http://lamport.azurewebsites.net/pubs/pubs.html

Who? August 9, 2020 12:05 PM

@ Anders, echo

I removed the last AlphaServer from my personal network one year ago. It was a nice pedestal-style AlphaServer 1200 with a DEC DS-BA356-KF, if I remember right, SCSI-tower attached to it. After years it developed problems in one PSU and the SCSI controller connected to the internal drives.

I agree, diversity in computing is as important as in biology. This one is the reason I am not running only pf(4)-based firewalls on Intel hardware. I have some Juniper SRX devices too, and even low-end Netgear FVS336Gv3 devices on my networks. I like diversity on software and hardware.

As I said before, I am very happy most firewalls exposed to the Internet here are running on octeon processors.

Right now all machines I own are Intel (32 and 64-bit), octeon (most firewalls and routers) and ARM (two raspberry pi). I have one old Sun UltraSPARC and two Silicon Graphics Indy workstations too. Sadly, as these machines die the only replacements I get are Intel/AMD ones.

I thinkDell Precision or OptiPlex, or Lenovo ThinkCentre or ThinkPad computers based on MIPS or ARM processors would be great. I agree, Intel and AMD have powerful processors. But a workstation is more than just a powerful microprocessor, right?

I would appreciate an Intel processor lacking all these cool features that may turn it into a security nightmare (yeah, I can live without speculative execution and SMT). But if the “RAS backdoor” in the first leak is real (we have now a “drop 1.5” leak too) then we should not expect a secure processor from this manufacturer.

Sherman Jay August 9, 2020 12:18 PM

@anders,
thanks for the link to ArcaOS. I will look into that too. I’m sure you will agree with echo’s and my remarks about diversity.

@echo
“Actually i’m very sad that we have x86/x64 monoculture now. . . . but also the way America twists and turns to sell themselves as a solution to problems THEY caused while blaming everyone else like all this nonsense over the big tech companies this past few weeks.”

You are so right in your assertions!

Diversity is healthy. A monopoly is a security and safety liability. It stifles innovation. Some standardization can improve efficiency, but that should not be the highest priority.

“American exceptionalism” is just another way of saying “huge selfish bullying ego”. I find that my ongoing desire to learn about other cultures and their different approaches to technology enrich my life, broaden my perspective and facilitate creativity.

There is greater security in diversity. Making everyone use the same base hardware, 2 or 2 OS’s and software makes for one easy target for all the malware.

echo August 9, 2020 12:30 PM

I’ve been watching “Condor” a television show based on the book “Three Days of the Condor” and the movie adaptation. It’s a severe case of “hmmm…”

Now you have to watch this show from the point of view it is not reality. It is television. I think this is probably about the best thing I can say about the show because I get very negatively critical about it from this point on. I wish I had postedthe extraparagraphs to my Colditz comment on the evolution of the English language and culture since the 16th Century and some modern changes including popular media such as games and television because anything I want to say about the show really ties into this.

I’m left scratching my head about the show because so many things are all over the place. Digging around the history of the shows creators I think their backgrounds explain their handwavy “sausage factory” and “built to a price” production.

William Hurt is wasted in his role. Max Irons is a bit too “college kid” for me. Most of the key women in the show seem to be playing someones idea of their mum, evil sister, or lesbian of the week. Didn’t the shrieking “Don’t touch me” line repeated by three different women over two episodes go out of fashion in the 1970s? Pretty much every other actor is generic with the odd actor badly typecast and appearing in the wrong show.

You can write anything based on real operations (and I’m three episodes in) on the back of a postage stamp. Feeding the neighbours cat was probably the most real thing in the show so far.

Anders August 9, 2020 12:33 PM

@Who?

So far the “RAS backdoor” is not the real thing.

This seems to be ACPI code, and RAS is in this
context “Reliability, Availability, Serviceability”.
Code is doing some processing and memory error corrections
and then saves the result in I/O hub register.

What make/model boxes they are with Octeon processors
you have?

echo August 9, 2020 1:12 PM

@Who @Anders @Sherman Jay

America has done good stuff and I still have a soft spot for DEC and SGI. As for the UK the mismanagement of the IT industry and economic policy is headbanging. For a lot of historical and other reasons I’m fuzzy on the European side but I do like my Sony-Ericsson “dumb” phone which I’m clinging to and pretty much loved my classic Nokias when I had them. My laptops are Chinese made Thinkpads. The screen attached to my dock is South Korean. There’s furniture I want to buy which I need to import from Germany. There’s also other furniture I want which I could get custom made locally. I’m also not opposed to making my own things.

But yes I agree with open standards and sound regulation and diversity and all the rest of it. Nationalists and human rights abusers are polarising and toxifying pretty much every discussion and meddling everything into the ground but the principles are still sound and will last beyond them. I’m also still fuming that “The resistance” a British internet campaign to oppose Brexit was stolen by the American Democrat party for their own marketing which thoughtlessly stamped over the British effort to get marketing traction. Thanks for nothing…

I think it’s quite astute to note a workstation is more than just its processor. Architecture plays a role but so does ethos and a lot of follow-on factors.

You also get all this havoc in the design industry. If it’s not cars it’s gamesor more general products and processes. People don’t always click that design really matters and it has its own language and some of the subtle differences people don’t always notice really matter whether it’s an issue of integration or design tolerances or fitness for purpose.

Who? August 9, 2020 1:16 PM

@ Anders

Great news. Perhaps there is a chance the world can be saved after all.

I have four Dell J-SRX100SU devices (~Juniper SRX100H), two Dell J-SRX210 (~Juniper SRX210), and a Netgear FSV336Gv3⸺I think all these devices are based on the Cavium Octeon CN5020. I like the SRX devices a lot, even if Junos 12.1X46-D86 was abandoned one year ago. These devices can be hardened so they cannot be reached from the WAN area and most services disabled (e.g. web server, or SNTP client), and they are configured to only allow traffic from my networks to the Internet. I do not want these devices doing tasks like behaving as NTP clients connected to the outside world, because there is a chance a bug in NTP can be found some day in this unsupported Junos release and it will not be fixed. Unused ports are both electrically disabled (shutdown) and assigned to a non-routable VLAN, the discard VLAN on these devices where it exists.

My VPNs are all based on OpenBSD, as they are the rest of firewalls on this network.

Sherman Jay August 9, 2020 1:35 PM

@echo @Who @Anders et. al.

I was just pondering the fact that the Raspberry Pi is ‘made in UK’. But, think a little deeper and you realize that all the components that are surface mounted to it are from China, Korea, etc. We can run, but we can’t hide. So, just do your best to keep your head down and as George Carlin said, “Question everything”

I am sure that everyone here knows that if Microsoft buys tiktok it will not be ‘cleansed’ of all it’s evil spying. All the hoovered-up data will just go to a different place. But, the u.s. admin wants us to think that will cure all our ills. (Yes, all the EULA’s are scary)

Of course we are now propagandized that China is the great evil (we are just told to ignore the fact that the u.s. government and russian government are also just as deep into espionage and propagandizing and election influencing as China). “Security, we don’t need no stinkin’ security”

My first exposure to a personal computer was a dear friend of mine from the 1970’s who had a DEC pdp11 with two 8″ disk drives.

Who? August 9, 2020 1:56 PM

@ Anders

It seems the FVS336Gv3 is based on a single-core Cavium Octeon Plus CN5010. For my external links and a server I use the J-SRX210 as these have two gigabit ports (including the WAN port). The J-SRX100SU have a good performance too, I use them to connect to less demanding subnets. The FVS336G is something I am playing with, most to perform testing on VPN interoperability. The real workhorses here are the gigabit firewalls based on OpenBSD. We will see how nicely they survive the next months of “discoveries” derived from this week leak, and the leaks that will happen in the next weeks.

1&1~=Umm August 9, 2020 2:01 PM

@Anders:

That post leads to another which has some info on files…

Oh guess what Intel’s “Evil Maid” for perm-resident code?,

File: Intel (R) CSME 15.0.0.1166 Consumer UP3 B0.zip

Summary: Tiger Lake-LP Intel® Converged Security and Management Engine Firmware 15.0

Details: From February 2020. Documents a “Download and Execute (DnX)” feature. “DnX is Intel’s proprietary solution to download FW module to a target machine from a host machine by means of USB cable and execute it.”

Who? August 9, 2020 2:13 PM

@ Anders, echo, Sherman Jay, et al.

Technically we can choose between devices manufactured in China and those manufactured in the United States. At the end most of these devices have firmware, hardware and software manufactured around the world. A 100% chinese computer (e.g. a Yeeloong computer based on a Loongson processor) will possibly have backdoors developed by China; a 100% north american computer will have backdoors developed in the U.S. and, perhaps, hardware backdoors developed in China. An Apple computer (“designed in California”) will be like a chinese computer, but will have an operating system and firmware developed to meet the requirements of the intelligence community in the United States.

Seriously? How have we failed to see the consequences of globalization?

My first exposure to a computer was in 1982, when I was eight years old. It was a Univac 90/30, a mainframe manufactured by Sperry Univac. The same year we got a ZX Spectrum (16 KB) computer. Both of them were very nice, and somewhat predictable, computers.

Who? August 9, 2020 2:16 PM

@ 1&1~=Umm

Details: From February 2020. Documents a “Download and Execute (DnX)” feature. “DnX is Intel’s proprietary solution to download FW module to a target machine from a host machine by means of USB cable and execute it.”

A great feature for an emergency recovery, but I guess it can be [ab]used for other purposes.

MarkH August 9, 2020 3:09 PM

@JonKnowsNothing:

Thanks for linking the interesting story about cracking Zip encryption! It’s an example of good tech work, and also sheds light on a “zone of confusion” in discussions of security.

I often see remarks to the effect that something is “secure” or “insecure”, as though it were binary classification. Often, this is said by people who should know better.

In practice, no security measure with large exposure resists persistent and intensive attack. Security, so far from being a binary, is in fact a continuum, expressible by the cost to the attacker of defeating the security assurance.

I offer two extremes as examples:

  1. Tiny luggage locks can be broken or defeated by a variety of easy methods, but they probably deter some fraction of people who might otherwise open the luggage.

The security is low, but not zero.

  1. AES (with respect to data-at-rest, i.e. excluding side-channel attacks) is technically “broken”, in that researchers have discovered cryptanalysis methods faster than brute-force.

But they are faster only by small factors, so their successful realization is not only impossible with current technology, but even with any imaginable future technology.

The security is imperfect, but very strong.

Here’s a quote from the linked article:

“It’s one thing to say something is broken, but actually breaking it is a whole different ball of wax,” says Johns Hopkins University cryptographer Matthew Green.

Discussions of security flaws often ignore obstacles to realization of attacks, which are often very steep.

For example, we discussed here the possible use of built-in PC speakers as covert microphones. Neither my own research, nor any information offered by other commenters, revealed any schematic capable of using such a path, even though many sound chips can “run outputs backward”.

Cryptographers often warn against reliance on proprietary or “home brew” encryption, and with very good reason.

In this light, it’s impressive that the “legacy zip” encryption was, according to the article, infeasible to break only a few years ago.

Students of military history will be aware that the strong points were often much weaker than supposed, and the weak points often resisted attack far better than hoped or feared.

In theory, theory and practice are the same. In practice, they’re different.

JonKnowsNothing August 9, 2020 3:12 PM

@Who? and Others

re: Devices manufactured in China vs manufactured in the United States and National Backdoors

Devices no matter where they are manufactured can have backdoors added later by any Nation State big enough to handle a roll of packing tape.

Both physical changes, firmware and software can be added on-the-move and in-transit.
iirc(badly)

When Glen Greenwald finally got around to talking to Snowden he had to buy a brand new laptop, which he wasn’t particularly inclined to do.

The protocol was go to a store that sold laptops, grab a box from the shelf, do not let anyone else touch the box or the contents, pay and leave.

Nationally installed malware is supposed to be “acceptable” to the citizens of that country.

Australian Security Intelligence Organisation, [ASIO] used the industry assistance powers “fewer than 20 times … the internet has not broken as a result…”
[The law allows the ASIO to spy on Australian Citizens with mandated assistance of Hi-Tech Companies]

It’s when you are spied on by another Nation State that upsets some folks.

MarkH August 9, 2020 3:18 PM

@echo:

I just noticed the story of your fox adventure.

I heard the account of a U.S. police officer, of his first day on the job. It was a holiday (Christmas eve or something like that), and a woman had called the police about a squirrel in her house … small-town cops often deal with stuff like that. As I recall, she was preparing for guests (or even a party) that evening.

The squirrel was in her living room, which also had logs burning in the fireplace. The rookie cop gamely did his best to chase the squirrel, which proceeded to run under the fireplace grate, with the result that its tail caught fire.

The squirrel then ran out of the hearth and hid under a sofa, which itself was soon in flames.

He did his best, but things didn’t turn out as hoped …

JonKnowsNothing August 9, 2020 3:21 PM

@MarkH

Who needs speakers when you can have The Thing?

Actually, from some readings, a good few of the “home listening auto-ordering” systems can use just their speakers to do two way.

I don’t have schematics.

ht tps://en.wikipedia.org/wiki/The_Thing_(listening_device)

The Thing, also known as the Great Seal bug, was one of the first covert listening devices (or “bugs”) to use passive techniques to transmit an audio signal.

Anders August 9, 2020 3:49 PM

Description of the leaked files

linuxreviews.org/The_Massive_Intel_Leak:_The_Files_It_Contains_And_Their_Content

MarkH August 9, 2020 4:03 PM

@JonKnowsNothing:

Using a speaker as a microphone is technically not difficult, if the circuitry is designed for this purpose.

Otherwise, any accidental reverse path is likely to have such adverse properties as to render it practically useless.

The initial question was, can malware use PC speakers as microphones? My conclusion was that in virtually all hardware configurations, the practical answer is no.

echo August 9, 2020 4:25 PM

Presumably he won’t be daft enough to bulk order pizza?

https://www.theguardian.com/world/2020/aug/09/saudi-ex-spy-suing-crown-prince-faces-fresh-death-threat-in-canada-report

A former senior Saudi intelligence official who has accused Crown Prince Mohammed bin Salman of trying to have him assassinated in 2018 has been placed under heightened security after a new threat on his life, a Canadian newspaper has reported.

The Globe and Mail said Canadian security services had been informed of a new attempted attack on Saad Aljabri, who lives at an undisclosed location in the Toronto region.

Aljabri served as a counterespionage chief under a rival prince, Mohammed bin Nayef, who was ousted in 2017 by Prince Mohammed.
Saudi crown prince accused in lawsuit of sending hit squad to Canada
Read more

The newspaper said its source – someone “with knowledge of the situation” – would provide no further details on the more recent threat by Saudi agents.

Aljabri is now under protection by “heavily armed” officers of the Royal Canadian Mounted Police, as well as private guards, the news report said.

myliit August 9, 2020 4:26 PM

https://www.washingtonpost.com/politics/trump-struggled-summer-coronavirus/2020/08/08/e12ceace-d80a-11ea-aff6-220dd3a14741_story.html

“ The lost days of summer: How Trump fell short in containing the virus

As the White House chief of staff, Mark Meadows is responsible for coordinating the vast executive branch, including its coronavirus response. But in closed-door meetings, he has revealed his skepticism of the two physicians guiding the anti-pandemic effort, Deborah Birx and Anthony S. Fauci, routinely questioning their expertise, according to senior administration officials and other people briefed on the internal discussions.

Meadows no longer holds a daily 8 a.m. meeting that includes health professionals to discuss the raging pandemic. Instead, aides said, he huddles in the mornings with a half-dozen politically oriented aides — and when the virus comes up, their focus is more on how to convince the public that President Trump has the crisis under control, rather than on methodically planning ways to contain it. …”

Regarding the above, Rayne at emptywheel writes [1]:

“… That’s what they are doing with the economic aid, the same damned thing — head fakes to appease their base, pretending to do something constructive when they’re doing nothing but campaigning.

The White House isn’t interested in addressing the pandemic’s economic problems any more than they are interested in addressing the pandemic itself.

That’s why the pretense of doing anything with worthless executive orders — it only needs to snow the media with head games and prop up Trump until the next head fake is required.

Meanwhile, the country continues to burn out of control.“

[1] https://www.emptywheel.net/2020/08/09/trumps-latest-executive-orders-head-fakes-and-head-games/

Anders August 9, 2020 4:34 PM

Also, with great sadness i noticed that respected @Moderator
deleted one posted link (don’t remember who posted it but i thank him sincerely for posting!).

http://www.theguardian.com/world/2020/aug/07/german-nudist-chases-wild-boar-that-stole-laptop-berlin-teufelssee

Not only this link is hilarious (and we need fun too, since sometimes after days and days without sleep resolving client incident we are just exhausted) this teach us a very valuable security lesson that is lost art and mr Bejtlich teached us long ago:

web.archive.org/web/20070515125020/https://taosecurity.blogspot.com/2006/02/bears-teach-network-security.html

I have to use waybackmachine, since those images are now gone
from his blog. But this is a fundamental security principle –
prevention ultimately fails. No matter how smart you are, there’s
ALWAYS someone who is smarter than you and uses approach you didn’t even dream of.

In Berlin case man hid his laptop inside the cheap bag – taking measures that valuable laptop stay outside the human thieves radar. But his risk analysis didn’t include non-obvious – very rare risk that still materialized.

So prevention always fail. You can cover 100 ways the intruder can get in, but you miss 101’th one, you couldn’t even dream of.

So information security field is very difficult subject.

Please @Bruce and @Moderator that we can have little more relaxed
posting in at least the Squid section. Thanks.

vas pup August 9, 2020 4:57 PM

Screen-time messages designed to decrease phone use

https://www.bbc.com/news/av/uk-53680383/screen-time-messages-designed-to-decrease-phone-use

“A new project encouraging adults to communicate more with their kids and focus less on their smartphones has been launched. It includes sending them messages with parenting advice.

The guidance is part of a project to help parents communicate with young children linked to the BBC’s Tiny Happy People campaign and developed by a speech therapist for the Greater Manchester Combined Authority.”

I guess this idea can be utilized for teens to talk to their parents, etc.

Clive Robinson August 9, 2020 5:18 PM

@ JonKnowsNothing,

With regards the Wikipedia comment about The Thing / Great Seal Bug, I do wish they would not say,

    “the first covert listening devices (or “bugs”) to use passive techniques to transmit an audio signal.”

Because it’s not technically correct, it might not have had DC power connected to it but it did have AC power connected to it by the illuminating transmitter and it also had moving parts that had a similar effect to you turning a tuning dial on a transistor radio.

The man behind it Leon Thevinin was an interesting character and suffered at the hands of the old Eastern European political systems.

He also designed the circuit that alowed radio speakers to be used at microphones even when playing music etc.

The idea is in essence very simple in that it used what many would call a directional coupler though in fact it was a two stage process using a two wire to four wire hybrid and recorded both the outgoing music and incoming speech onto two seperate tracks on the taperecorder. This was because it was not possible to get the hybrid to null out the music to the level required using simple circuitry then available.

These days making the equivelent of a near perfect hybrid fully equalised to the lowd speaker charecteristics is not exactly difficult in sub $1 DSP chips.

The thing is that it does not matter how many circuit diagrams you stare at, you won’t see what’s going on. Even if you have a fairly accurate block diagram of the internals of the chip, it won’t help. Because one way to equalise a cheap and nasty sub 20cent speaker to give acceptable performance is by using an almost identical circuit… As a number of the standards for audio chips on PC’s allow either a microphone or speaker to be connected to the pair of wires running to the jack socket on the side of the laptop you will see all the rest of the audio paths in and out of the switching matrices in the chip in the block diagram and even at a lower “functional cell” level on netlists etc. It realy is “dual use technology” and all it takes is just a few very minor changes in firmware that can be easily hidden as part of the normal functionality…

Who? August 9, 2020 5:21 PM

@ JonKnowsNothing

Do not miss that attacks against supply-chain are not geographically restricted!

Re-packing Cisco routers is only one way to attack a supply-chain; modifying the firmware repositories used when building a new computer or paying someone to introduce malware is easy too, and can be done from the other edge of the world.

@ Anders

Sorry, I supposed the link to description of the leaked files was known. This one is the reason I have not provided it. This link is a good outline of these files. Now we need that security researchers look carefully into the contents of the leaked files.

I am now confident a backdoor will not be found, only bugs that ⸺hopefully⸺ should be easy to fix in most cases.

I understand staff at Intel are very upset about this leak right now. I hope that, over time, they will find it beneficial for the corporation because both (1) it will probably demonstrate that the long-suspected backdoor on Intel ME does not exist, there is no a hidden digital certificate for the intelligence community, and (2) will help cleaning the code and fixing bugs instead of supporting this never-ending drop of hardware-related vulnerabilities.

Anders August 9, 2020 5:33 PM

@Sherman Jay @echo

I also have a sweet spot for DEC, because from this
everything started for me. Of course this was Soviet
cloned DEC hardware, but still authentic and original DEC
RSX-11M and RT-11. Played original Tetris. Fun fact – Soviet
terminal has rectangular glyph at the position 127. Tetris
made figures using that glyph. However original DEC terminals
had a empty place at the code page position so when they
copied the game to original DEC, figures were not visible.
Then game was rewritten to use square brackets.

This is how Tetris looked like in the beginning on Soviet
HW

http://www.wonderspawn.com/wp-content/uploads/2018/06/tetris.png

And this is later one with square brackets.

tetris.wiki/File:Original_Tetris.png

DEC ISA was enormously popular behind “iron curtain”.
They build literally everything based on this ISA,
from home computer…

en.wikipedia.org/wiki/Electronika_BK

…to pocket BASIC programmable calculator

elektronika.su/en/calculators/elektronika-mk-85/

JonKnowsNothing August 9, 2020 6:17 PM

@Clive

I have been fascinated with Theremin devices since I first heard and read about the theremin musical device. That was way before I read anything about his second occupation.

Alas, in the USA, physics, math, and other sciences are not the top subjects offered being replaced by athletics whenever possible. Presumably on the basis you will be so physically tired and beat up that you wont do naughty things instead of being so mentally inspired that you might do something more-brilliant-than-expected.

I personally lack some of the deeper understandings of how such items work. For your deep and excellent explanations I am most grateful.

fwiw: I think there is something wrong on the backend of the blog. Posts I’ve made have definitely gone south. Posts by other are going south even faster. I cannot say there isn’t a fault on my end but there seems to be something else going on. Given the overall topic it might be that someone is interested in disrupting our exchange of information.

I no longer trust that posts will appear after more than a few minutes, even though I check several times that the post appeared in the list and got a reference URL to the comment.

I hope that it is only a technical fault and easily remedied.

ht tps://en.wikipedia.org/wiki/L%C3%A9on_Theremin

ht tps://en.wikipedia.org/wiki/Theremin

an electronic musical instrument controlled without physical contact by the thereminist (performer)

(url fractured to prevent autorun)

echo August 9, 2020 6:45 PM

@Anders

DEC ISA was enormously popular behind “iron curtain”

Thanks for the pictures. Yes and ICL was quite popular too. So much so the only surviving remnant of ICL is now owned by the Russians. The ICL “One Per Desk” was a rebadged Sinclair QL with a built in telephone and digital answering machine which I thought was quite nifty. It had Psions office suit baked in to ROM and was pretty fantastic for its day.

ICL was the end result of Wedgie Benn having a fetish for nationalisation which basically rolled up UK computing industry followed later by the Tories who went in the other direction with “managed decline” and “market forces” which destroyed what was left. Honorable mentions are British Leyland (a nationalised consolidation of the car industry) which suffered from bad management and union barons and Marconi what had various rushes of blood to the head. There’s a lot lot more I could mention but basically if it wasn’t for the efforts of the Japanese or Germans or French we wouldn’t have much left.

I feel sick just thinking about it.

Anders August 9, 2020 7:12 PM

@echo

With the same DEC LSI-11 ISA they made also this BASIC
computer.

http://www.leningrad.su/museum/show_calc.php?n=174

But this was then very expensive, out of range.

And soon Soviet Union collapsed and DEC architecture was
literally history. Intel and IBM PC took over. Glasnost.
Perestroika.

Browse around at that museum site, there’s lot of interesting
stuff.

echo August 9, 2020 7:25 PM

I have a feeling of simultaneous dismay and fury. I hope the anti-science libertarian right wing and fellow travellers of all shades of idiocy and journalists and spin doctors and and chancers and everyone else who thinks it’s a wheesze are happy with themselves and the country they created.

https://www.theguardian.com/world/2020/aug/09/only-half-of-britons-would-definitely-have-covid-19-vaccination

Only half the population of Britain definitely would accept being vaccinated against Covid-19. That is the shock conclusion of a group of scientists and pollsters who have found that only 53% of a test group of citizens said they would be certain or very likely to allow themselves to be given a vaccine against the disease if one becomes available.

[…]

The trends revealed by the study – which was based on 2,237 interviews with UK residents aged 16-75 and which was carried out online in mid-July – have triggered dismay among scientists. “Misperceptions about vaccines are among our most directly damaging beliefs, and they’re clearly influencing people’s intentions during the coronavirus crisis,” said prof Bobby Duffy, director of King’s College London’s the Policy Institute, which led the study.

“While one in six in the UK say they are unlikely to or definitely won’t get a potential vaccine against Covid-19, this rises to around a third or more among certain groups, with a clear link to belief in conspiracy theories and mistrust of government, authority and science.”

echo August 9, 2020 7:31 PM

I was a bit hard with “Condor”. The first few episodes are junk but it does get better. Not much but it’s not awful.

MarkH August 9, 2020 10:37 PM

@echo:

It may be cold comfort to you, that U.S. polling on a future pandemic vaccine is essentially the same.

A hopeful perspective is that when millions have been safely vaccinated, and are enjoying measurable protection, vast numbers of “undecideds” may well choose to join them.

The imbeciles running the government in my suffering country call their program of federal support for Covid vaccine development “Operation Warp Speed” — not a name to reassure those with doubts or anxieties about vaccination!

As part of its long-term program to weaken the countries of the West, Russia has been propagating medical disinformation — mostly anti-vax propaganda — since about 2010.

Native anti-vaxxers were already doing plentiful damage with their ignorance and paranoia; actual malevolence (and better resources) have been added to the mix.

The heaviest threats — like pandemics and climate change — can be navigated on the strength of data, research, logic and love for our brothers and sisters.

If humanity fails, it will be due to collective mental and moral weakness, not the intractability of the external challenges.

Weather August 10, 2020 12:32 AM

@markh
Based on above, I would not trust the first vaccine that came out.
Its flue, in effect its easyly multiple, these you can only Neil down these session.
HAVe you got the flue vaccine before??

SpaceLifeForm August 10, 2020 1:41 AM

@ Anders

re 403 Tor

You may have gotten unlucky.

You may have came out on a rotten side of the onion.

If you try again, it may work fine.

Mishigas August 10, 2020 4:28 AM

The Wedding-Guest he beat his breast,
Yet he cannot choose but hear

@Anders
After a little exploration, it looks like the open source RATs from the article you referenced (and some of the other n1nj4sec projects) are good examples of things that will challenge me to grow in the direction I’m fumbling.

echo August 10, 2020 7:56 AM

@MarkH

I don’t believe the Russians are a problem at all. It’s the extremists have infested the system and left reality and consequences behind them a long time ago. We are where we are mostly because of them. My view is some reality and consequences would concentrate their minds more.

All the science is there whether psychology or sociology or economics or criminology. Blaming the Russians is a distraction.

Clive Robinson August 10, 2020 8:15 AM

@ Bruce, all the usual suspects,

As you know I’ve been mentioning the security risks of “embedded devices” including smart meters and Implanted Medical Devices (IMDs)

Well whilst Smart meters and Smart grids get the occasional tickle in academic research IMD’s only appear to get researched by those who attend BlackHat and the like.

Well guess what here’s another,

https://www.zdnet.com/article/black-hat-how-your-pacemaker-becomes-an-unintended-insider-threat-in-secure-spaces/

More interestingly this time the view point is not “Personal Security” where some cracker sends your heart breakdancing on the sidewalk, but “National Security”.

That is the devices including pacemakers and hearing aids are quite well “instrumented” in various ways including microphones, GPS receivers and communications to cellular networks so the device can do an “ET Phone Home” to your “medical mothership” hospital/doctor.

Thus the question arises as to not just time/location data and some “emotional/physical” data (which has been used to help convict people already) but what more interesting data might go along with it. That is clasified information others from other Nation States might be interested in for various reasons.

The article lists a number of potential precautions, but lets be honest would you let some Government numpty play around with the software on your pacemaker? Me neither, but any protection method people think up has a significant failing not mentioned in the article,

    Any change in the IMD or how it records data fingers you as somebody working in the IC.

As we know “medical records” despite quite a bit of legislation is a “free for all” thus just being able to see data flow back to the manufacturer or health insurer or “Uncle Tom Cobbly and all” gives opportunities just as good as the OPM hack only way more current…

echo August 10, 2020 8:35 AM

A thousand torments, being tarred and feathered, and a public flogging on the people who let this opportunity go.

https://www.theguardian.com/commentisfree/2020/aug/09/this-tech-giant-up-for-sale-is-a-homegrown-miracle-it-must-be-saved-for-britain

Game, set and match to Son, except that four years later, as expected by anybody with nous, and despite the tech boom, he is now trying to sell Arm, which has languished under his ownership. It is available for no more than what he paid for it and presents a heaven-sent opportunity to reverse what never should have happened.

For what had attracted him to Arm still stands. Arm, founded in Cambridge, had become a brilliant company, creating the cleverest “architecture” in the semiconductor business. Essentially, it has invented and continues to invent highly efficient logical computational models, used in silicon chips. It licenses this intellectual property to myriad users – from Apple to Huawei – which customise the IP to their needs.

It’s an approach that mixes open innovation – in the sense that once Arm has licensed the IP the users can do what they like with it – with a retention of proprietorial rights and ever-growing royalties. By 2016, it had become as important in its world as a Google or Apple – and British.

myliit August 10, 2020 10:15 AM

https://www.wsj.com/articles/coronavirus-testing-still-not-making-the-grade-11597069076

Coronavirus Testing Still Not Making the Grade

Lack of a national testing strategy may be the government’s biggest failure

When the history of the coronavirus crisis is written, the absence of a national testing strategy to better slow the virus’s spread while speeding the reopening of the economy and schools may go down as the biggest government failure.

[…]

Yet the U.S. has a mishmash of testing efforts that vary widely from state to state. Results often are so slow to arrive that millions of those tests have been rendered nearly useless. Those who are tested could be unwitting carriers of the disease while they wait for results, which helps explain the summertime virus resurgence.

[…]

Billions more dollars would be needed to rectify these problems, yet Congress is gridlocked and has failed to pass a new coronavirus stimulus bill with such funds. The executive orders President Trump has signed in recent days to fill the gap don’t address testing, and he has said testing is a problem for the states.

“We can still get this right,” says Rajiv Shah, president of the Rockefeller Foundation, which first proposed a national testing program in April. “But it requires a paradigm shift.” As a nation, the U.S. now is doing 4.5 million tests a week; the Rockefeller Foundation plan calls for ramping that up to 30 million. Given that it likely will be four months or more before a vaccine is available, the incentive to improve testing remains high.

Yet here is a real-life story that illustrates where we are: A man was scheduled to go on a week’s family vacation at the beginning of the month, and, in an attempt to be sure it was safe to gather, all family members took coronavirus tests in advance. Because the vacation was planned for Massachusetts, which requires a test within 72 hours before visitors arrive in the state, the test was scheduled three days before the start of the vacation.

Those three days passed with no test result provided. Then the full week of vacation came and went, still with no result. Twelve days after the test was taken, and after family members had dispersed back to their homes, there still was no result. If the man actually was carrying the virus, he had no way of knowing. Not only would other family members have been at risk, they all could have carried the virus back to their own communities. This potential for unwitting spread is one reason the U.S. has seen a summertime spike in cases. …”

Anders August 10, 2020 10:44 AM

@Clive @SpaceLifeForm @ALL

theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/

echo August 10, 2020 10:52 AM

Bureaucracy can be dumb. It’s taking weeks (months really when all totalled up) simply to arrange a meeting with the police either as an in-person meeting and/or online including group chat to bring in external expertise and support. I’m having to insist on safety protocols and will end up doing their tech support for them if I don’t watch my step and that is before arranging firm lines on things requiring expertise and proper handling of the situation. I have to actively resist the police trying to jump the gun and digging into case material because not only have they not been able to sort this out without me having to tell them how but they aretrying to dive too fast into material they are not qualified to handle either professionally or standards wise. I have to keep all of this under lock and key and insist on “controlled release” because their impatience is going to cause more problems before we begin.

I shouldn’t have to be the one doing this and the cops and other state institutions wonder why they wind up in court. I’ve had experience with the cops going in boots first and mucking everything up or mangling complex cases or simply “no criming” because they’re too lazy and too impatient to clear their desks in the past.

I’ve had this problem with journalists and lawyers too.

Dealing with some people is like watching children play in asbestos “sand pits”.

myliit August 10, 2020 11:46 AM

From the author of the wsj article below:

“[ National Security Adviser [ NSA ]] O’Brien said [ apparently without confirmation ] Chinese hackers were targeting U.S. election infrastructure—something that, if true, would resemble Russia’s activity in 2016.

Multiple sources disputed this to me [Dustin Volz], however, and said there is no evidence China is gunning for election systems …”[1]

https://www.wsj.com/articles/u-s-national-security-adviser-says-china-targeting-2020-election-11597007831 9 August 2020

“… Mr. O’Brien’s comments were met with skepticism by other officials familiar with the matter. While China has an active interest in the election, the U.S. doesn’t currently have intelligence showing that Beijing is directly trying to hack election-related systems, the officials said.

What Mr. O’Brien described, if true, would resemble Russian activity during the 2016 campaign and hasn’t previously been asserted publicly by the U.S. government.

[…]

On Friday, Bill Evanina, the director of the National Counterintelligence and Security Center, released a public statement saying that the U.S. intelligence community had assessed that Russia is engaged in a broad effort to damage Democrat Joe Biden’s bid for the presidency by trying to influence public debate and perception.

The statement also said that China prefers that President Trump, a Republican, not win re-election, though it largely described public-facing activity rather than covert interference, as in Russia’s case.

Democrats have pointed to the statement to argue that foreign activity with regards to the presidential election isn’t equal, and that Russia is seeking to reprise the aggressive role it played in 2016 by using a variety of cyber-enabled means to harm the Democratic nominee. …”

[1] https://twitter.com/dnvolz/status/1292572351696183296

Clive Robinson August 10, 2020 12:20 PM

@Anders, SpaceLifeForm, ALL,

With regards the Stingray / DRTbox article from the Intercept.

Two things to take away,

Firstly, that mistake in the 4G protocol that alows the two numbers that Identify the phone and the SIM that “got carried through to 5G” tells you that it’s more likely to be a “Required Design Feature” than an “Accidental” one. A conclusion I suspect most will have realised.

Secondly, no and I realy do mean “no” encryption on a phone is secure, the ability to down load code Over The Air (OTA) to the phone comms,module / SIM or to redirect any Smartphone App to a malicious download site guarantees that,

    “No Encryption on a Smart Device is secure”.

A point I’ve been making for quite some time now, but people due to lazyness or cognative malfunction do not want to acknowledge. Thus,

    They are now on a Government watch list, that is outside of any legal protections.

Some will almost certainly come to harm at Government Hands, in fact it’s highly probable they have.

Those handheld units are also known as “Find, Fix and Finish” which is a less obvious way of saying “Detect, Direct, Dispatch” or “Disappear” after ultra right wing South American Dictators secret police proclivities of grabing tourturing and dumping bodies where they are unlikely to be found. It’s already been indicated that these Trump masked “Federalies” grabing people of the streets have a “target list” to be “intimidated”.

Thus people realy should take precautions before some become “Disapeared” permanantly.

Lets put it this way most peoples parents or grandparents grew up without “mobile phones” or even “CB Radio” and they managed to function more than successfully in society without them. It’s actually not at all hard to do, so it’s about time people woke up and started leaving home/work without their electronic “tether” / “tracking” devices…. Oh and the sooner the better before it becomes compulsory as some insurance companies have already tried to make it.

Anders August 10, 2020 1:55 PM

Things are getting interesting in Belarus

“Internet Shutdown continues in Belarus. News websites and major social networks are blocked.”

mobile.twitter.com/franakviacorka/status/1292840766369390595

“That’s what happens when you use the army against PEACEFUL protesters. Search queries for Molotov cocktail spike in Belarus tonight”

mobile.twitter.com/TadeuszGiczan/status/1292650115648360453

Clive Robinson August 10, 2020 2:04 PM

5G standards keep rolling out.

For those of you who have purchased a 5G handset, you might be surprised to find out that the standards are still comming out.

Or to put it another way your phone was “out of date” when you purchased it…

The latest spec from 3GPP is number 16 and 17 will follow shortly (COVID alowing).

Up untill 16 the standards have been realy about “core architecture” but 16 is about “crazyvile toys” such as cars independently talking to each other and transfering gigabytes of info in millisecond or considerably less time periods with 5-nines or better reliability…

As you can appreciate these crazyvile toys are going to have major security implications especialy with peer2peer direct communications, so expect a lot of security related stuff to happen because of this standard.

But what’s to come in 17, well demands for more RF spectrum in all sorts of ways so your phone is definately “out of date” no iffs buts or maybes.

You can read a little more plus get links to the actual standards and other 3GPP documentation in this IEEE piece,

https://spectrum.ieee.org/tech-talk/telecom/standards/5g-release-16

Clive Robinson August 10, 2020 2:35 PM

@ Anders, Sherman Jay, ALL,

It would appear that around 1 in 4 Tor “exit” output relays are to put it delicately “malicious”.

That is the last relay in the chain (usually the third) gets to see your traffic unencrypted (https_stripping etc) and can thus do all sorts of things you would probably rather they did not, like change the destination bitcoin wallet for transactions, thus steal the bitcoins.

https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac

This malicious end point issue by the way is a result of the way the Tor network is fundementaly designed, made a lot lot wotse by the way it is currently being managed (they appear to be almost in choots with the maliciois operators). Whilst there are ways user can correct this, it’s not exactly “user friendly”. So it’s one of those things that is now going to become an inordinately long lived security issue with Tor…

Don’t say you were not warned…

Boris August 10, 2020 2:40 PM

@echo. You obviously hate the UK. I suggest you emigrate elsewhere, for your own sanity.

Bo.

Anders August 10, 2020 3:09 PM

@Clive

Yes i read this today.

I’m not using TOR for anything that requires username/password.
I’m mainly using TOR for accessing US news sites that normally
blocks EU traffic.

But in case of TOR i’m more concerned about entry node that may
be compromised or is easily accessible for LEA. My current entry
node is in USA and stays unchanged several months. This node knows
my IP address and all the dates/times i have accessed TOR. This
can be correlated with malicious exit node/sites.

vas pup August 10, 2020 3:12 PM

@Anders • August 10, 2020 1:55 PM

Yeah, but those color revolutions never ever improve life of those who basically made them. In Ukraine after 2014 life not improved. Russian intrusion is not explanation for that. E.g. in Cyprus, Turkey occupied part of the territory many years ago. So what? Cyprus take position: until we liberate all our territory we should stuck? Nope. They just concentrated on developing economy of the rest of Cyprus territory and are good at that.

I just do not recall out of the whole history when chaos replaced dictatorship or authoritarian rule and life for most of the population become better. That is my humble understanding.

Maybe you can help with example of opposite. Thank you.

Clive Robinson August 10, 2020 3:17 PM

@ SpaceLifeForm, JonKnowsNothing, ALL,

A little more on the DSP “in the chip” issues of the Qualcomm Snapdragon that’s very probably in a phone not more than a fee meters from where you are right now.

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/

Apparently Checkpoint will be having a couple of Webinars about these 400 odd defects they have found with the “DSP Inside”.

From what I can tell it looks like Qualcomm are so far making the right noises and actions, hopefully that will flow down hill.

However outside of Apple the patching and upgrading of phones tends to have a bit of a poor reputation.

To be honest I’m not realy surprised most people underestimate just how much real horsepower is in DSP chips if you know how to leverage it correctly.

Back in the 1980’s when the Z80 was a popular chip and people were running the likes of Forth on it to squeeze that bit more performance, the man behind Forth pulled an interesting rabit out of the hat.

He basically took what was considered one of the top of the line TMS DSP chips and put the necessary twenty odd Forth primatives on it and got a blistering performance more so than quite a few RISC processors at the time.

With similar performance chips now comming in at 1-2USD pricing some even attached to 16 or 32 bit microcontrolers. You can now code up algorithms to run on the DSP and use it as a co-processor.

In a way not to disimilar to that which Intel is trying to do with FPGA’s and 64bit CPU’s for some of the big cloud providers.

vas pup August 10, 2020 3:33 PM

The coldest computers in the world
https://www.bbc.com/news/business-53413931

“Imagine the US is under attack. An enemy aircraft, loaded with warheads, is heading towards the coast, dipping in and out of radar. Fighter jets have been scrambled and there’s a frantic effort to pinpoint the target.

But the nation’s best defense is not an aircraft carrier or a missile system. It’s a box of incredibly cold atoms.

“Use the quantum computer,” yells a general. The atoms inside the computer can solve complex problems and, almost instantly, spit out an instruction for how to reconfigure a radar array so that the enemy aircraft can be tracked and targeted.

One firm already getting to grips with a scenario like this is ColdQuanta. It recently signed a contract with US defense research agency Darpa to build a quantum computer that can rapidly work out how best to reposition radar equipment in the event of a defense system partially failing.

The project relies on being able to gather together enough atoms as qubits – the building blocks of a quantum computer, which allow it to perform calculations.
To do this, the atoms have to be extremely cold, making such computers the coldest in the world.

What we’re asked to do over the next 40 months is be able to have a machine that has thousands of qubits to solve a real-world defense-related problem and the one that we’re working on is a version of this radar coverage problem,” explains Bo Ewald, chief executive of ColdQuanta, based in Colorado.

The example above is an optimization problem, a scenario to which there may be thousands or millions of possible solutions. The key is to choose the best one.

Besides military applications, quantum computers could have uses in drug design, investment strategies,
====>encryption-cracking and complex scheduling problems for large fleets of vehicles.

There are various types of quantum computer in development but the approach using ultra-cold neutral atoms as qubits is unusual – it’s different from the superconducting quantum computers being developed by big firms such as IBM and Google, or other projects that use charged atoms, also known as ions, instead.

Superconducting quantum computers don’t use individual atoms as qubits, and while those systems rely on low temperatures they are not as low as those needed for ColdQuanta’s neutral atoms.

“The superconducting folks are running at millikelvin… we’re down to microkelvin,” he explains, proudly.”

Enjoy reading the whole article – very interesting!

Clive Robinson August 10, 2020 4:25 PM

@ The usual suspects and some that think they are not 😉

This is a preprint of a paper that appeared in Nature Optics which you would otherwise have to pay good money to read.

Whilst it is going to appear esoteric to many I would stick with it, this has the potential to effect security very significantly in the future and due to mankinds apparent insatiable want for communications it is likely to happen sooner rather than later,

https://www.researchgate.net/profile/Murat_Yessenov/publication/338291900_Anomalous_refraction_of_optical_space-time_wave_packets/links/5e1272a2a6fdcc283759a098/Anomalous-refraction-of-optical-space-time-wave-packets.pdf

If you find it heavy going as well as esoteric, yes I’m sorry but such papers tend to be. However I think it’s worth getting a feeling for, if not actually getting your mind around.

DaleSec NoKAY August 10, 2020 5:16 PM

IMPORTANT:

Please notify “the input” that “opposite” behaviors are errors.
Please notify “the input” that “opposite action patterns” need to be halted immediately.

Demultiplex Immediately
Multiplex Immediatly

Thanks.
DaleSec

echo August 10, 2020 5:20 PM

Anthony H. Wilson was always good hosting “After Dark”. I miss that show… His Music33 company sold digital music years before Appleand had to struggle not only against Napster which was all the rage back then but £5 credit card minimum spending limits and MP3 protection scheme using password protected PDF files.

https://www.theguardian.com/music/2020/aug/10/youve-been-smoking-too-much-the-chaos-of-tony-wilsons-digital-music-revolution

‘You’ve been smoking too much!’: the chaos of Tony Wilson’s digital music revolution

The Factory impresario’s company Music33 sold individual songs as MP3s three years before Apple. But with a baffling interface and dial-up connections he was doomed.

Today we have hard right conspiracy theorist attention seeking libertarians like Toby Young. OKStupid is putting it mildly.

https://www.theguardian.com/world/2020/aug/10/toby-young-dating-site-wins-hearts-of-social-distancing-sceptics

Toby Young launched the dating forum Love in a Covid Climate on Sunday for people who are critical of the lockdown that has been in place since March. The forum has been described as “the antidote to social distancing”, and is part of Young’s Lockdown Sceptics site, which carries the motto “Stay sceptical. End the lockdown. Save lives.”

myliit August 10, 2020 5:46 PM

@Boris

“… I suggest you emigrate elsewhere, for your own sanity.”[0]

OT, but iirc, “when a war is over, eventually perhaps, man can mourn or honor the enemy dead in addition to his own side’s dead from that war” or something like that

https://www.youtube.com/watch?v=68cbjlLFl4U Older version
https://www.youtube.com/watch?v=n4AgZST_TG8 2009, w/Willie Nelson
Merle Haggard – Okie From Muskogee (Live)

https://www.youtube.com/watch?v=uIxBmyRQlwQ Older version
Merle Haggard – The Fightin Side Of Me (Live)

https://www.youtube.com/watch?v=2VJkypo8jcY
Merle Haggard & Toby Keith – The Fightin’ Side Of Me 2005

… [2]

https://www.youtube.com/watch?v=A6c6eUeoa9Q
Willie Nelson, Merle Haggard – It’s All Going to Pot [ Climate Catastrophe, or not ] (Digital Video) 2015

[0] On this side of the pond, they said “love it or leave it” as people spat on Vietnam War protesters. When veterans came home from Vietnam, they were spat upon. …

tl;dr if you don’t care about your country, don’t bother, or waste time, to criticize it

Or

It’s easy to criticize other countries or others, you might try to criticize your own country or yourself sometime. Perhaps, Get to know your,or its, shadow.[1]

[1] https://en.wikipedia.org/wiki/Shadow_%28psychology%29

[2] https://en.wikipedia.org/wiki/Merle_Haggard#Later_career

“… In October 2005, Haggard released his album Chicago Wind to mostly positive reviews. The album contained an anti-Iraq war song titled “America First,” in which he laments the nation’s economy and faltering infrastructure, applauds its soldiers, and sings, “Let’s get out of Iraq, and get back on track.” This follows from his 2003 release “Haggard Like Never Before” in which he includes a song, “That’s The News.” …”

MarkH August 10, 2020 7:46 PM

@Clive:

Thanks for the link. Whether I understand it or not, I will probably benefit from the attempt 🙂

It wasn’t until a friend gave me an optics textbook years ago, that I grasped that classical optical engineering (essentially, the design and analysis of imaging systems composed of smooth lenses and/or mirrors) represents a very tiny subset of the physics of light.

It’s a little like the way in which circuit theory is a “collapse” of Maxwell’s field equations under a set of restrictive conditions.

I learned as a boy that group delay is a confounding factor in measurements of the speed of light, but never formed a clear understanding of it.

If my old brain isn’t too dense, perhaps I’ll learn something!

myliit August 10, 2020 8:25 PM

OT, otoh

https://twitter.com/iam_johnw/status/1284558539634233344 found at @sarahcpr
James corden and migos singing sweet Caroline will never not be funny

https://www.youtube.com/watch?v=0l3-iufiywU
FIRST TIME HEARING Phil Collins – In the Air Tonight REACTION [1]

https://www.youtube.com/watch?v=_pEPFYiJOXU
FIRST TIME HEARING Dolly Parton – Jolene [2]

And Finally, perhaps nsfw, also found at @sarahcpr:

https://twitter.com/juliepoptart/status/1292585924455542785 edited

“It’s insane how easy he makes this look vs. how hard I know it is. You know when you watch figure skating at the Olympics and they’re so effortless you have a moment of, “I could do it” ..this is that for jokes. Olympic level sh!t

Quote Tweet
@JamesShotwell_
If we’re celebrating the life of Bernie Mac then we need to revisit one of the all-time greatest moments in stand up comedy …”

[1] https://www.dailymail.co.uk/femail/article-8605313/Twin-brothers-reaction-Phil-Collins-Air-Tonight-goes-viral.html

[2] https://www.msn.com/en-us/music/news/watch-these-teens-react-to-hearing-dolly-parton-for-the-first-time/ar-BB160z9a afaik these guys are 21

MarkH August 10, 2020 8:56 PM

@vas pup, Anders:

vas pup’s perspective on revolutions seems to dismiss national self-determination, human dignity and political freedom as having no value … please correct me, if I misunderstood.

It stands to reason that shifting from order to chaos is costly … but what does that have to do with the color revolutions? In Ukraine, neither of the peaceful revolutions in 2004 and 2014 left the country in chaos.

Both of these revolutions had a fairly specific focus: that the direction of Ukraine should be chosen by Ukraine’s people, NOT by the Moscow Kremlin.

The supposition that Russia’s invasion had little effect on Ukraine is simply wrong. For a poor country with a weak military to fight a far richer and more powerful adversary has been very expensive, and put a heavy drag on the national economy.

Except for efforts required for national defense, life in Ukraine has continued in a remarkably stable and orderly fashion. To say that it became “chaos” is the same as Fox News saying the that U.S. is in chaos because some city blocks around the country have suffered vandalism and looting: it’s an utterly distorted and alarmist falsehood.

In fact, excepting the 2008 world economic crisis — which hit Ukraine very hard — and a couple of years after the Russian invasion, Ukraine has had quite decent GDP growth.

Russian aggression isn’t Ukraine’s only challenge, or even its greatest, but it is enormously impactful — as Putin intends it to be. Putin cares little about Crimea, and even less about Donbass. He needs to prevent Ukraine’s success.

I wonder, how much time has vas pup spent in Ukraine?

As to other examples, what about Romania? They overthrew their tyrant by a remarkably peaceful revolution. Does vas pup really imagine that life there has not improved compared to the Ceausescu regime?

WmG August 11, 2020 1:12 AM

@Myliit
“ When veterans came home from Vietnam, they were spat upon. …” (by anti-war protestors).

Actually, very, very few cases that can be verified.

Reporters and historians actually live to document such events. Yet when they searched for evidence, none was found. Hearsay, yes, but that is different.

This goes far beyond the currently popular hand-waving “I wasn’t there,” that now is used to diminish any point that may be referred to.

The point is that there were plenty of other people who were there, with cameras, etc whose jobs it was to record what happened as vets stepped airports.

Look into the work of Jerry Lembcke for a careful study of the matter.

History and memory are important.

echo August 11, 2020 1:58 AM

@WmG @Myliit

Very few people experienced the 1960s “as seen on television”. Itwas mostly confiened toa few square miles in London and the odd high street. Yes, economic and social change was felt by a lot of people as things went into the 1970s and even through the 1980s but huge numbers of people took a long time while others took steps backwards.

People are governed by perceptions and emotions. They play tricks with us. Some people, especially spin doctors, even earn their living doing this.

echo August 11, 2020 3:10 AM

@MarkH

It wasn’t until a friend gave me an optics textbook years ago, that I grasped that classical optical engineering (essentially, the design and analysis of imaging systems composed of smooth lenses and/or mirrors) represents a very tiny subset of the physics of light.

It’s a little like the way in which circuit theory is a “collapse” of Maxwell’s field equations under a set of restrictive conditions.

I learned as a boy that group delay is a confounding factor in measurements of the speed of light, but never formed a clear understanding of it.

If my old brain isn’t too dense, perhaps I’ll learn something!

This week I’ve been experiencing a flood of synchronicity… Plans are underway to build a gravitational lens telescope. The theory is solid enough but building the project currently involves speculative technologies. Have fun!

https://www.youtube.com/watch?v=NQFqDKRAROI

The Solar Gravitational Lens will Map Exoplanets. Seriously, there’s a real plan to do just that. Using the Sun to gravitationally lens an exoplanet into an Einstein ring turns the Sun into the most powerful telescope in our solar system. But it’s not science fiction. Plans are underway at NASA’s Jet Propulsion Laboratory to send solar sails to the solar gravitational lens focus to make the first ever image of an exoplanet’s surface, and do it within our lifetime!

echo August 11, 2020 10:05 AM

https://www.theguardian.com/world/live/2020/aug/11/coronavirus-live-news-who-chief-says-its-never-too-late-to-turn-outbreak-around-as-cases-near-20m?page=with:block-5f329e948f0803fbf9405521#block-5f329e948f0803fbf9405521

<

blockquote>The US hopes to have a vaccine approved by December, its health secretary Alex Azar has said, as he tamped down Russia’s celebrations at choosing to approve its own vaccine after rapid development.

The point is not to be first. The point is to have a vaccine that is safe and effective for the American people and the people of the world.”

<

blockquote>

https://www.theguardian.com/world/live/2020/aug/11/coronavirus-live-news-who-chief-says-its-never-too-late-to-turn-outbreak-around-as-cases-near-20m?page=with:block-5f3262f58f08da3d1603a315#block-5f3262f58f08da3d1603a315

President Vladimir Putin said on Tuesday that Russia had become the first country in the world to grant regulatory approval to a Covid-19 vaccine after less than two months of human testing, Reuters reports.

I’m not going to side with the America good, Russia bad rhetoric. Initial discussions over putting together vaccine research and “crash programmes” and the efficacy and safety of vaccines has already been had so we know what the framework is for discussing these things.

Russia may be first for something useful. It may be good or bad. We will not know until we have examined it ourselves. Yes, I expectit would be a boost for Russian national pride. No I don’t believe this confers unearned legitimacy hen it comes to the “Russian way” whether it’s governance or human rights abuses. No I wouldn’t let the US or UK or anyone else off the hook either especially after some people decided to close access to research and monitise and/or grab everything for themselves.

Putin hoped the country would soon start mass-producing the vaccine.

Its approval by the health ministry comes before the start of a larger trial involving thousands of participants, commonly known as a Phase III trial.

Such trials, which require a certain rate of participants catching the virus to observe the vaccine’s effect, are normally considered essential precursors for a vaccine to receive regulatory approval.

On the issue of race to completion and get something “quick and dirty” out the door the Russians are doing fine. They have not abandoned stage three trials which will confirm its efficacy and safety with greater accuracy. Of course other nation states should be cautious and examine it carefully before giving their own regulatory approval. Yes, it may fail stage three but we won’t know until we get there.

So please could American government lackeys keep their electioneering and marketing noses out of the way please? I have absolutely zero interest in polarising rhetoric angling for a sale. The rest of us can make our own minds up.

Anders August 11, 2020 10:11 AM

Beltelecom announced shutdown of all telecom connections today after 18.00 in the whole Belarus!

mobile.twitter.com/BelarusHumans/status/1293193385377923072

echo August 11, 2020 12:02 PM

https://www.theverge.com/2020/8/11/21362370/android-earthquake-detection-seismometer-epicenter-shakealert-google

Google is creating a worldwide, Android phone-powered earthquake alert system. The first part of that system is rolling out today. If you opt in, the accelerometer in your Android phone will become one data point for an algorithm designed to detect earthquakes. Eventually, that system will automatically send warnings to people who could be impacted.

Google aren’t a charity so I’m wondering what else this is being used for. Why collect it and hand it over to American institutions? Has it ever crossed their mind other countries might have their own seismology instititions and not be too happy about this concentration of power? At what do you say “non” to “collect it all”?

lurker August 11, 2020 1:52 PM

The honeymoon is over: 102 days with no community transmission in New Zealand now broken. Contact tracing at full power to trace source, partial lockdowns reimposed, stupid panic queues at supermarkets…

vas pup August 11, 2020 3:09 PM

@MarkH • August 10, 2020 8:56 PM
Thank you for your input. I will not continue this discussion too far because it does not directly match this blog main purpose: security.
Just my nickel on the subject:difference between 2004 and 2014 in Ukraine is that former was within Law and Order and Constitutional procedure without violence. Letter just opposite. The President who was ousted by violence in 2014 should better listen to himself and follow his duties based on Constitution and apply all means of law and order, not listening for foreign leaders calls neither from East, nor from West. That is the difference from Belarus where President may be not the best as folks want, but he do behave as President, not bending on any foreign pressure.

Under NO circumstances I want the power in US in November is going to be transmitted by ‘Maidan’ model by angry violent mob rather than Constitutional established procedure. That is REAL national security issue.

@echo. Yeah everything coming from Russia is considered bad by default regardless. That is good position for media, but not for any IC or political analyst. In order to get real picture on CASE by CASE basis, biases should be put aside as counter-productive.

MarkH August 11, 2020 3:14 PM

Re: Russian Covid Vaccine Approval

Whilst watching an auto race on TV, after a car slid off the track — and out of the race — at a very short radius U-turn, I was amused by the words of the commentators as they replayed the incident:

A. “Wow, he carried a lot of speed into that turn.”

B. “It’s easy to come into a corner fast, if you’re not going to change direction once you get there.”

Likewise, it’s easy to make a speedy vaccine approval, if you’re not going bother with Phase 3 testing beforehand.

I suspect that no Western country’s pharma regulatory process would allow such a stunt.

Given the large number of Covid vaccine candidates under development, probably at least a couple of them would already have been approved, if the same standard (or more accurately, non-standard) were applied to approval.

Phase 3 not only verifies that the vaccine actual reduces the likelihood of infection (and/or the severity of disease when infection occurs); but also tests whether the vaccine has the horrifying disease-enhancement problem, in which its activation of immune responses makes infection more likely, and/or increases the severity of illness.

Is this Russian vaccine any good at all? Does it help? Does it kill? As of today, no one on Earth knows the answer. But it’s approved!

Ура !!! Путин супер-герой родины !!!

vas pup August 11, 2020 3:47 PM

Germany launches national cybersecurity agency to strengthen ‘digital sovereignty’
https://www.dw.com/en/germany-launches-national-cybersecurity-agency-to-strengthen-digital-sovereignty/a-54529134

“The German government has officially signed up to create an agency to protect the country’s cyber security. The defense minister described the project, initially funded with €350 million ($412 million), as a “milestone.”

The agency, whose creation was agreed upon in the 2018 coalition contract of Germany’s ruling parties, is to coordinate innovative research on cyber security and help turn it into practicable approaches to combat cybert hreats

Defense Minister Annegret Kramp-Karrenbauer called the creation of the agency a “milestone in the protection of our IT systems.”

“The development of ideas and innovative approaches particularly in the field of digital security deserves our special commitment,” she said.

Interior Minister Horst Seehofer stressed that locating the agency’s headquarters in the Halle region would create employment in an area badly affected the country’s decision to move away from the use of brown coal as an energy source. He said the agency aimed to strengthen Germany’s “digital sovereignty.”

Some 100 people will be employed at the institution, which is to be headed by Christoph Igel,
===>an expert on artificial intelligence.

In comments quoted by the Defense Ministry, Igel said
====>the most urgent task at first would be to gain the services of the best minds in Germany in the field of cyber security.

The launching of the agency, originally planned for March, has been beset by several delays, among other things because the search for a location lasted longer than expected.”

VERY good 4 minute video inside as usually about hacking job for Germany – enjoy!

MarkH August 11, 2020 3:47 PM

@vas pup:

The President … was ousted by violence

It’s a great story, but it ain’t true. The total of violence was very small for a nation of 40 millions; most of it was initiated by Yanukovich and his allies; Yanukovich was never in danger of mob violence at any time.

He was deposed by majority vote of the democratically elected national parliament, and fled Ukraine to the country of his true allegiance, before he could be arrested for murder.

Facts matter, my friend.

echo August 11, 2020 4:16 PM

@Vas Pup

Yeah everything coming from Russia is considered bad by default regardless. That is good position for media, but not for any IC or political analyst. In order to get real picture on CASE by CASE basis, biases should be put aside as counter-productive.

Western nations stripped protocols to get something out the door too. Back then some peope were also bellyaching you couldn’t get a vaccine in ten years having forgotten that today we have supercomputers and data and data from abandoned vaccine programmes for other coronavirus outbreaks. The state of the art had simply moved on.

For something which works however good or bad it gives you something. It doesn’t have to work well nor be completely safe to be useful and for some people in some scenarious it may be essential. again, this was a discussion which was being had inthe West. The Russians seem convinced they have something but they haven’t abandoned stage three trials and it’s up to other nation states regulation to approve or not and the peer review crowd to comment on so I don’t understand why people are hyperventilating.

I’m not a fan of modern media with its “hooks” and inflaming things nor politicians ill thought through posturing.

The WHO has published its position. Personally, I want to know more.

https://www.theguardian.com/world/live/2020/aug/11/coronavirus-live-news-who-chief-says-its-never-too-late-to-turn-outbreak-around-as-cases-near-20m?page=with:block-5f32c10a8f08fd092ae78148#block-5f32c10a8f08fd092ae78148

WHO – not enough information to evaluate Russian vaccine

The World Health Organization has not received enough information on the Russian vaccine to evaluate it, the assistant director of its regional branch the Pan American Health Organization has said.

Asked about plans to produce the potential vaccine in Brazil, Jarbas Barbosa said that should not be done until phase 2 and 3 trials are completed to guarantee its safety and effectiveness.

Any vaccine producer has to follow this procedure that guarantees it is safe and has the WHO’s recommendation.

JonKnowsNothing August 11, 2020 5:00 PM

@MarkH
re:

I suspect that no Western country’s pharma regulatory process would allow such a stunt.

Actually, most of BIG Pharma uses 3d world under-regulated countries to do their Big Testing. They target very poor nations and the poorest of poor people to “get informed consent”.

Targets include South America and Afrika with Open Season on their populations. They also make sure they have zero responsibility for the aftermath if things go pear shaped, which happens given the nature of their products.

Chemicals are also tested in the same manner.

“Somebody has to try it…”

Anders August 11, 2020 5:34 PM

I personally think Russian vaccine is Putin PR
act. He needs something positive badly since
things are shaking. Massive protest in Siberia,
very bad situation with Covid etc.

Also the situation in Belarus is interesting. It’s
possible it will be resolved with Russian military
intervention to “save our brother nation”. Some
Belarus police and military have already switched
sides and are with protesting people now.
With Russian military there’s no such “trouble”.
I doubt that dictator just like that gives up
the power and Putin has all the options to play
this down just for domestic PR victory.

en.wikipedia.org/wiki/2020_Belarusian_protests

(and this wiki article is still very sugarcoated)

myliit August 11, 2020 5:37 PM

@WmG, echo

I enjoyed the Ken Burns & Lynn Novick Public Television 10 part series: “The Vietnam War“.

https://en.wikipedia.org/wiki/The_Vietnam_War_(TV_series)

Anyway Kamala Harris has been chosen to be Joe Biden’s running mate. Rough seas predicted between now and 21 January 2021:

https://www.emptywheel.net/2020/08/11/semi-open-thread-bidens-vice-president-will-be/

“… [ comments section ] BobCon
August 11, 2020 at 5:01 pm

Bernie Sanders has called the Biden platform the most progressive since the New Deal. And I think Sanders is largely being sincere and not just honoring the deal he made for input.

Noam Chomsky has said he thinks Biden’s instincts are moderate, but he also thinks Biden is showing a lot of signs of engaging with the left. He thinks Biden is a realist and will accommodate the left as long as they are organized.

Biden has been telling his wealthy donors to expect a repeal of the Trump tax cuts and a more progressive tax code. If he is already signalling that to this group, I think it is a strong sign of where he is headed.

His allies in the Senate are already signalling support for ending the fillibuster if the Dems win the Senate. I see this as a sign he is prepared to skip lengthy negotiations with bad faith Republicans.

I do not expect him to go as far as I would like, but I am fairly encouraged so far by what I see.

Reply
earlofhuntingdon
August 11, 2020 at 5:31 pm

Chomsky’s take is also that the left votes for someone less than it votes against the worst candidate. It then agitates like hell to make the winner’s actions as progressive as possible.

Trump is by far the worst president in America history. He is also the avatar of the Republican Party. They are two sides of the same coin. They have rejected representative government in favor of one-party rule by the elite. They refuse compromise. In the middle of a global pandemic and economic depression, they are happy to let everyone else be damned. Let’s vote the bums out in a landslide, and put our stamp on how we rebuild. …”

JonKnowsNothing August 11, 2020 6:02 PM

@Clive @All

re: Continuation of Research into the Death of the Bank of Mom and Dad

note: Previous research is scattered in squid and other posts. Some maybe accessible via the wayback machine.

Research Based on public available documents including USA Social Security Life Tables (2017), CDC Reports and Studies (aka Mortality Review), Official Death Counts and Percentages, USA Social Security Benefit Tables, MSM reports and Other studies. Previous research included the economic saving of unpaid unemployment compensation , the inheritance values expected as life estates change generations and additional valuation of expected deaths from economic openings.

Background: USA Social Security is an old age pension insurance program. Both employees and employers pay into the insurance program. Monies deposited are Risk Managed to insure liquidity. At specific ages and conditions pension withdrawal occurs and continues until the eligible person dies. Risk Management is highly coordinated and tied to very accurate Life Tables insuring that funds remain available. If a person dies before their actuarial table expected mortality age, the unused balance of their account is added to the overall program balance. If a person lives beyond the expected age of mortality, surplus funds are used. The fund is often refered to as “an entitlement” but it is not an “entitlment” from the stand point of Government Largesse. It is an Insurance Program, like life insurance, car insurance, health insurance, renters insurance, home insurance and other Risk Based conditions. Premiums are paid by the recipient over their working career and their payout at retirement is based on their contribution and other qualifing factors.

Of note, not all occupations pay into Social Security. Some occupations have their own retirement schemes independent and multually exclsuive. People who do not earn a threshold may not be eligible to receive a stipend or amount maybe the lowest payout. Commonly, work that is considered “non-valued” by the economy falls into this category. Stay At Home Parents, Family Care Givers, Itinerant Work, Gig Economy and Self Employed are some areas often excluded. As Social Security Insurance is based on “income earnings”, people in the Gig or Self Employed group must declare taxable income and pay both the employer and employee share into the system. People in unpaid work, like Stay At Home Parents cannot participate although there are allowances to piggy back a spouse’s income with a significant funding penalty.

Also note: I know nothing. There are a lot of zeros and maybe some have been displaced. Your Calcs maybe different.

CDC Analysis of Deaths in USA
  02 12 2020 – 05 18 2020 CDC Review updated 07 17 2020 USA deaths 83,000
  08 07 2020 World Odometer USA deaths 164, 094 Critical 18,051 Population 331, 203,424

Note: The base death and values vary depending on report cut off time.   
Note: The ratio of M:F varies over time. Some of the information uses 60-40 in line with the published numbers.
Note: Nominal Scales change and ratios change based on different measuring and reporting mechanisms.
Note: CDC Report done in 2 tranches: Base and Supplimental. 

Base Deaths    52,166  Supplimental Base Deaths    10,647      
Median Age of Death Base        78  (no race recorded)
Median Age of Death Supplimental    71 Hispanic / 81 White  
                    (CDC age spread of 10 years)
Base M to F  Ratio      55.4% M 43.7% F     (rounding)
Supplimental M to F Ratio   60.6% M 39.4% F     (rounding)
Base % Deaths 65+       79.6%       (under 65 20.4% )
Supplimental % Deaths 65+   74.8%       (under 65 25.2%))
Average Age at Death of Non White under 65      31yo
Average Age at Death of White under 65          44yo

More Hispanic (non white) die across all age groups than White.
More Hispanic (non white) die at younger ages than White.

USA Social Security Forfeits

USA Social Security Benefits are dependent on the number of years of work, income and some other factors. Disabled persons get an additional bump up. The current low end is around $800/month; the higher $1500/month – $2000/month.

Using the 97% - 3% split for income levels 
  97% * 65600 = 63,632        3% * 65600 = 1,968
Lower Income    63,632 * $1000 / month  = 63,632,000
Higher Income     1,968 * $2000/month     = 3,936,000
Combined Income / month             67,568,000

Payment Forfeits

Average Age of Death    71 - 81 (varies by ethnicity)
Life Table Expectation   
  2017        M       F
 71      13.71       15.79
 81      7.76        9.09
Gender Ratio    60% M   40% F (varies by ethnicity)
   65,600 * 60%  = 39,360      65,600 * 40% = 26,240

Men lose 14 years if die at 71; Men lose 8 years if die at 81
Women lose 16 years if die at 71 ; Women lose 9 years if die at 81

Using Combined Income Value from above

Combined Income / month    67,568,000
Average per capita over 65600 elders    67,568,000 / 65600 = 1030/month

Social Security Forfeits M

39360 * 1030/mo * 12mo * 14 yrs = 6,810,854,400
39360 * 1030/mo * 12mo * 8 yrs =  3,891,916,800

Social Security Forfeits F

26240 * 1030/mo * 12mo * 16 yrs = 5,189,222,400
26240 * 1030/mo * 12mo * 9 yrs =  2,918,937,600

In Summary
For every 65,600 older dead: $6,810,854,400 to $12,000,076,800 USD will be forfeited to the Social Security Trust Fund.

Who? August 11, 2020 6:14 PM

New side-channel attacks against Intel processors

But… are these good news this time?

As outlined in the report published by The Hacker News, “the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to ‘prefetching effect,’ resulting in hardware vendors releasing incomplete mitigations and countermeasures.” In my humble opinion these are very good news. We know for real the cause behind multiple speculative execution attacks now; we know processors previously believed to be unaffected are not safe either; we know how fixing these bugs now.

As the article says the root cause was not a prefetching effect related to software prefetch instructions, or hardware prefetching due to memory accesses. We know now it is caused by speculative dereferencing of user-space registers in kernel. It seems retpoline is the way to go, as it is enabling any Spectre-BTB mitigations.

The more we know about these new vulnerabilities, the closest we are to fix them.

Clive, perhaps some day the gift will stop giving even on current processor families. At least I hope so.

echo August 11, 2020 7:07 PM

@Anders

I personally think Russian vaccine is Putin PR act. He needs something positive badly since things are shaking. Massive protest in Siberia, very bad situation with Covid etc.

I’m sure Putin is showboating but I find it useful to seperate policy, science, and politics. This way you get a clearer view. Some politicians can be so much big headed elastic whataboutery they are not worth bothering with. Publishing the data for peer review would end any questions. The Russians aren’t complete clowns so deserve an audience at least. Let’s judge them on the science.

MarkH August 11, 2020 7:07 PM

@JonKnowsNothing:

Western medical regulators are, oddly enough, not quite identical to the industries they regulate.

Using the U.S. FDA as an example, this agency does much coordination work — under international agreements — with regulators in other countries.

However, the FDA in general has no authority over conduct by pharmaceutical companies beyond U.S. borders.

The practices you described are abuses by pharma, rather than abuses by regulatory authorities of Western countries.

Perhaps some effort could be made to expand jurisdiction of those regulators, although other international mechanisms might be better suited to the problem.

JonKnowsNothing August 11, 2020 8:50 PM

@MarkH

Agreed on all points.

I have read that there are two passes for Big Pharma using under-privileged economic populations for their trials.

  1. That portion of the population in the test (successful) gets access to a drug or vaccine that would be beyond their financial ability to obtain under normal circumstances.

This is true even in the USA where the critically or chronically ill volunteer to enroll in a field trial. Trials like this are mixed placebo vs test drug, so the test group has no idea until the end of the trial if they got “the good stuff”. Groups in the USA with orphan-diseases may only get access to potentially helpful drugs via this program. Pre-COVID if you were in the unfortunate near-terminal part of disease cycle, and you had exhausted approved treatments from your medical plan (if you have one), you might be able to sign up for one of these.

  1. Depending on circumstances, most Big Pharma can sanitize their data so that it becomes acceptable to regulators. Regulations vary across the globe. In order to maximize profits they need to keep things “clean”.

There are lots of stories about how that is done and sometimes undone.

We can all hope that every vaccine works for somebody.

iirc(badly) eons ago in a University Far Far Away

An advanced degree candidate presented oral arguments on their thesis. Some very remarkable findings and outcomes of the study were exciting and novel in their application.
One of the examiners asked what was the size of the population in the study?
Three.

“Lies, damned lies, and statistics.”

ht tps://en.wikipedia.org/wiki/Lies,_damned_lies,_and_statistics
(url fractured to prevent autorun)

MarkH August 11, 2020 9:28 PM

@Anders, echo:

I hope the Russian vaccine will work.

Historically, it’s very common that vaccine candidates which show promising results in early testing are never fielded because in the end, they don’t work as hoped.

I don’t know where the number came from, but I’ve seen or heard that the historical failure rate is 94%.

If that holds true for present developments, then among all of the numerous candidates now in development and testing, we can expect that perhaps one of them to be what the world is hoping for. [My optimism is that because of vast investment and technical progress, the yield will be better than that … we’ll find out.]

Publication of Russian data would absolutely NOT “end any questions,” because (if news reports are accurate and I understood them correctly), the Russians themselves admit that there are no Phase 3 test results.

Two giant questions hang over any vaccine which has passed testing phases 1 and 2:

  1. Does it prevent and/or weaken disease?
  2. Does experience in the larger population continue to confirm its safety?

The necessary data don’t presently exist … how can they be published?

PS It’s as wrong to attribute all criticism (or skepticism) of Russia to anti-Russian bias as it is to attribute all criticism of Israel to anti-semitism. Those are strategems to avoid confronting the substance of the case, not foundations of valid reasoning.

lurker August 12, 2020 2:13 AM

@echo, All

[Ggl’s earthquake detector] Eventually, that system will automatically send warnings to people who could be impacted.

It might work in metropolitan California, but I’d like to see the algorithm that calculates network latency in a sufficiently small time to give useful quake location plus warning.

The Japanese system uses about 1500 (IIRC) fixed seismometers. Is there any published data on unit losses due to theft or vandalism? G’s system would have that advantage in places with less social responsibility than Japan.

JonKnowsNothing August 12, 2020 8:56 AM

re: MSM Report on Automated Driving: Driving as A Service

General Motors’ Super Cruise advanced hands-free driving system requires a subscription which is good for 3 years. You must also have an active On-Star satellite connection subscription.

the Super Cruise Package, which includes 3 years of OnStar to support functionality. To continue Super Cruise functionality after the 3-year Super Cruise package ends, an OnStar plan must be purchased.

There have been a few articles discussing the on-going issue of software updates and reliability for hands-free driving in any form. The security systems and shared bus with the infotainment systems and all the firmware updates needed to keep the automated driving system intact. Maps, of course, need continuous updating, as well as road work and road configuration changes.

One constant area of concern is how to pay for these updates once you have possession of the item. Subscriptions, where driving is a service, and various penalties if not subscribed.

adaptive cruise control and lane keeping would continue to work even with an inactive OnStar account. This would not be geofenced and would not use the driver-monitoring system, and it would also prompt you to put your hands on the steering wheel every 15 seconds. Otherwise, it would deactivate.

It does bring up the question: if you want a self-automated vehicle, wouldn’t you want to know when the bridge has been moved?

The other question: As leveraging software investment generally means rolling down hill last year’s released versions to lower tier buyers, if you don’t want this feature because of the economic impacts or you prefer the hands on feel of vibrating tires on asphalt, will the older versions be as safe and can you disconnect it without having a malfunction?

ht tps://arstechnica.com/cars/2020/08/always-read-the-fine-print-gm-super-cruise-only-free-for-three-years/
(url fractured to prevent autorun)

echo August 12, 2020 9:45 AM

@lurker

It might work in metropolitan California, but I’d like to see the algorithm that calculates network latency in a sufficiently small time to give useful quake location plus warning.

The Japanese system uses about 1500 (IIRC) fixed seismometers. Is there any published data on unit losses due to theft or vandalism? G’s system would have that advantage in places with less social responsibility than Japan.

I don’t live in California or Japan. It was also only a few weeks ago I was asking on this blog what tactical and intelligence gathering uses siesmology data could be put to. Then there is the issue of concentration of power by a “foreign power” (which Google is to the majority of the planet) and data grabbing. At no point do any of the articles on the subject ask these questions. It’s all “rah rah” backslapping. Some nation states for issues of sovereignity let alone national security would be within their rights to ban this.

I anyone thinks this data isn’t going in to some AI driven “collect it all” tactical system ultimately fed through to special ops teams and F-35s and drones and spysats and “business intelligence systems” (i.e. espionage) they are day dreaming.

@MarkH

PS It’s as wrong to attribute all criticism (or skepticism) of Russia to anti-Russian bias as it is to attribute all criticism of Israel to anti-semitism. Those are strategems to avoid confronting the substance of the case, not foundations of valid reasoning.

All covered in my original posts. Calm down. You’re being “hypercritical”.

echo August 12, 2020 1:09 PM

https://www.theguardian.com/uk-news/2020/aug/12/senior-met-officer-defends-police-who-stopped-dawn-butler

Sir Steve House said officers could not have known Butler and the driver of the BMW car were black before they stopped it, because the windows were tinted.

That’s a new one…

I’ve had discussions with police in the past. One was were they were trying to persuade me to identify some (very guilty) black men who had been aught after a robbery. Yes, they were as guility as sin and no matter what my attitude my view is theydeserve a fair trial. I could not positively identify them because it was dark and white and black people tend to identify each other by different facial characteristics so I could not honestly identiy them. Because of this I refused to view a line up.

The second discussion was when police tried to get me to give a description of some troublemakers at night and wanted to know the colour of their clothes. I said I couldn’t say what the colours were because they had been under sodium street lighting. The police looked at me like I was stupid which is why I had to explain the physics off it. I still got the impression they thought I was stupid. You would think police of all people would know about sodium street lighting at night…

In my experience most people who have tinted windows are either criminals or white working class “boy racers” or celebrities or black. Statistically it’s more likely anyone with tinted windows is black so, yes, the police would have a “suspicion” the people in the car were black. In law “suspicion” and “belief” are completely different thresholds. When combining “suspicion” and unofficial “profiling” I don’t think the “but they had tinted windows” excuse really works.

echo August 12, 2020 1:32 PM

https://www.theguardian.com/culture/2020/aug/12/norse-code-project-aims-to-decipher-sound-of-old-languages

The Royal Birmingham Conservatoire, part of Birmingham City University, and the composer Edmund Hunt are to lead an effort to fuse music and historic linguistics to examine the sonic footprints of Vikings and Celts.

The project, Augmented Vocality: Recomposing the Sounds of Early Irish and Old Norse, will apply new vocal processing and electronic music technology to turn surviving texts into sound.

“The question is can we bring back some of the performative power, the intimacy, of those voices? Can we bring them back to life?” Lamberto Coccioli, the project lead and associate principal of Royal Birmingham Conservatoire, said

Since mentioning on this blog last week about reconstruction of old languages this new project has got some media traction. I’m not a linguist or mathematician enough to know exactly what the overlap between language reconstruction and cryptanaysis is but this kind of project is what “Rosetta stone” projects and teasing data out of the patterns of even encrypted data are all about.

The language reconstruction is helped by knowing how certain sounds and rythmms work together so they can cull and refine the possibilities. This isn’t unlike finding word and sentence patterns behind walls of encryption.

It’s really stretching my knowledge here but this kind of process is also similar to reconstructing law from pre-history (i.e. the bit of history which isn’t explicitly written down). Celtic law is actually a thing although no written record exists fragments of Celtic law can be reconstructed from later texts and archaeology. A much more ancient example would be studying how the pyramids were made and what society and law existed at the time. It’s now theorised and likely now the most popular theory that the pyramid builders were not slaves but willing participants.

I find the new theories emerging based on DNA and artifcats about early man and Neanderthals and other now extinct branches of humanity equally interesting especially how new reasoning and a chance disovery changes everything we previously thought.

Is is whacky to wonder if pre-history humans knew about basic encryption? Somebody in this post claims 1900 BC. Onwiki theyclaim it wasn’t a serious attempt but an attempt at creating mystery or perhaps a puzzle. I’m left feeling curious what the minimal requirement or genesis of encryption or “encryption like” systems were and what this might teach us.

https://access.redhat.com/blogs/766093/posts/1976023

MarkH August 12, 2020 3:52 PM

I just checked an NYT page which seems to update according to developments, showing 135 Covid vaccine candidates in one stage or another — a much larger number than I had heard before.

This raises my hopes that even if the usual high failure rate for vaccine candidates bears out, humanity may have 5+ useful vaccines available for mass administration before the end of 2021.

What a great relief that would be!

rrd August 13, 2020 7:32 AM

@ Clive , Singular Nodals

However whilst formal methods will reduce bugs and some vulnerabilities they very much have their limitations… Whist designing zero defect code, the specification you are working to also has to be zero defect.

That is the ultimate failure of external specifications: they have to be maintained in parallel to one’s codebase. So, yeah, they’re extremely useful for designing, e.g., hardware where the spec is made immutable and then the codebase follows directly, but when your project has human users, the requirements will change and now you’re dealing with the complexity squared of having to change the code and change the model spec and make sure they still jibe.

The single most important understanding that is missed in software engineering is that:

THE CODE IS THE SPECIFICATION.

Bridge builders went from artisans to actual engineers once they started having materials that had been determined to have measurable, determinable structural characteristics. Only after the materials scientists fleshed out the characteristics of different kinds of steels and concretes could the bridge builders create models that could be measured and tested mathematically, you know: stress, strain, statics, etc.

Software has ZERO such known quantities that can be used to create complex systems. That’s why mathematical specs are useless for 99% of projects. They’re trying to overlay spaghetti with rigor and that’s why you’re talking about Z having been “rather keen on it back in the 1980s”.

So, no thanks. I mean, if I was designing a FFT algorithm suite or a sorting algorithm or even a network protocol, I’m sure TLA+ or Z would be fantastic.

No, the reason that bridges can be engineered is that ALL their models follow strict structural patterns using materials with known, measurable qualities. Their models all follow an overarching (chuckles) pattern that can then be model-checked against various kinds of loads (e.g.: traffic, wind shear). All that is the result of all bridge designs fitting into a standard template that is merely being tweaked from instance to instance. (And that is why that bridge in Florida failed so spectacularly: they didn’t use a standard model. Once again fiscal pressures lead to death. “Safety standards are written in blood.”)

What this means is that bridge designs are correct because they are generated within standard parameter limits, using known good combinations of known good elements and proven construction techniques.

So, yes, the problem is that software is artisanal, but, no, mathematics cannot be usefully applied to hand-crafted software after the fact.

Alan Turing came up with his universal engine design.

I have to nitpick your characterization of Turing machines.

They are not engines, they are non-trivial input-output mechanisms. You input the initial tape config and the state machine and then say, “Go.” The problem — as with all UTMs — is that the Halting Problem means you cannot know whether a given TM will actually return with its output (its final state).

An engine is a different beast altogether. Yes, like a TM, it has an initial configuration and rules for its mechanisms, but engines have a different lifecycle: they are started, tweaked mid-use (the old-time choke on a vehicle), and stopped, and — most importantly — they have a maintenance cycle.

And, absolutely YES! I know you know and deeply understand these things, but I have a greater point to make:

While the HP means that we cannot determine if every TM will halt, that does not preclude our creating a constraint mechanism that limits the kinds of TMs that get processed such that we KNOW that those generated TMs will absolutely halt. Provably so, even.

And this is precisely my approach with bulletproof software vis a vis formal methods: we must focus on development software that only lets us use known-good abstractions. Then, and only then, can we move on to analyzing the larger system to see if its use of those “perfect computational units” somehow weaves bugs into its top layers of functionality.

You’ll note — and be able to actually explain because you’re a top-shelf domain expert — that our digital world is the result of only using components that adhere to the standards of digital voltage constraints. All the components in digital systems are actually analog components (because electricity), but they can all work together because they adhere to standard functional constraints.

We have no such foundation in software “engineering”. All we have are ints, floats, characters, strings (depends on the language and libraries), arrays, etc. Until we have known-good building blocks at the most fundamental level, we don’t have a prayer of constructing bulletproof software on top of them. It is noted, however, that using specification languages for such low-level software components will be hugely useful to ensuring that those abstractions are actually useful by being bulletproof themselves.

@ Singlular Nodals

‘Hold off! unhand me, grey-beard loon!’

Thank you very much for gaslighting me. You have no idea (nor do you care yet) how much that hurt me for around the next two days. Luckily I am not so sensitive these days, but I will tell you that that hurt. I had pretty rough feelings of low self-worth. I have not felt that kind of despair in over 25 years.

That you said that in front of the world for all to see means you have accumulated all the negativity you spawned in the hearts of other readers. I thank you for teaching me I need be very careful how I characterize people on the net. I certainly don’t want to reap the kind of karmic backlash that is likely coming your way.

After a couple of days of getting myself together (thanks to spiritual practices), I realized that you really don’t have squat to say. You posted a bunch of links that are likely worthless coming from you because I seriously doubt you have ever model-checked a programming project.

If you were not mean-spirited and hypocritical, you would have explained how you’ve used such models to do the things those researchers discovered. We are supposed to be educating each other around here, not just taking pot-shots.

But you sent out a link to Prof. Knuth’s homepage and a wikipedia page of Alan Kay’s quotes. L-O-L

What perfect software did Alan Kay ever produce? Is anyone actually still using anything he produced? I wouldn’t be that surprised if some still was being used, but there are very few Bill Joys in the world whose code has stood the test of time.

Prof. Knuth’s work on algorithmic functions is epochal reference material but it does not inform how to KNOW your software is correct. He merely created a very, very fine piece of artisanal software that exists to this day and forms the backbone of the scientific publishing industry.

All you have shown is your ill-will and your ability to use Google.

And just because you don’t believe in Karma doesn’t mean the Universe works that way.

I would love to be wrong about you. Prove me wrong. (pun appreciated)

name.withheld.for.obvious.reasons August 13, 2020 8:18 AM

We are all Safer today == !(Science) — 13 August 2020
With an administration that has taken the science out of science and replaced it with magical and/or wishful thinking, an apparent future problem is obvious. We know that mask wearing has become highly politicized, my take is even if you believe it to be a conspiracy, wouldn’t we all be better off wearing a face mask anyway especially in uncontrolled conditions–by default?

Risky Business
Why put others and yourself at undue risk based on a hunch, a rumor, an unestablished hypothesis. Would it not be more prudent and safer to defer to the action that has the least consequences and is a communal act irrespective of the individual sense of liberty. Oh wait, liberty is my sense of self and heck with everyone else. Is that liberty, or is that freedumb. Ask Chuck Woolery if his son can exercise his liberty–oh, Chuck doesn’t have a twitter account anymore.

But it only gets better…

Monkey Business
When it comes time for a vaccination program to address the SARS-nCoV-2 virus, what trust will be left to insure wide-spread and ready adoption?

  1. Administration has made baseless claims to prior remedies/treatments
  2. Disregard for health and safety issues for the general public, claiming such things as a hoax–or magically go away
  3. Vacillates between procedural efficacy for various process and procedures (social distant/no hold a rally) masked or unmasked and masked again, maybe–and don’t miss that bleaching opportunity (white supremest on the inside too)
  4. Medical establishment stressed beyond believe, now a charge to bring an immunization program to success with a support network that has done much to prevent their work from succeeding.

Now, who thinks that even the best managed and planned immunization program stands a chance of happening and what does first contact look like?

First Contact? Likely Mice and Men
Will AR-15 rifles be used as injection devices to administer their righteousness anti-viral response to mobile medical labs and personnel roaming through cities?

name.withheld.for.obvious.reasons August 13, 2020 8:24 AM

@ echo, @ lurker, et al

Wonder how google faired on the North Carolina 5.2 earthquake this last weekend?

Bet the North Carolinians still haven’t received their alerts!

name.withheld.for.obvious.reasons August 13, 2020 8:35 AM

@ rrd
There is much on your sleeve, unable to make substantive remarks that contribute but did hear you.

MarkH August 13, 2020 8:55 AM

Mass protests in Belarus since Sunday’s presidential election, met with authoritarian violence (BBC excerpt):

The body of evidence of police brutality, both in the streets and inside remand prisons, is mounting. Detainees include not only opposition activists, but also many journalists and accidental passers-by.

One of the released journalists, Nikita Telizhenko of the Russian Znak.com news website, published a harrowing account of three days inside prison. Now back in Russia, he describes people lying on the floor of a detention centre, piled on top of each other, in a pool of blood and excrement. Not allowed to use the toilet for hours on end or even change position.

He says he saw seriously injured people, with broken limbs and severe bruising, not only left without medical help, but kicked and beaten by the guards more.

Clive Robinson August 13, 2020 9:19 AM

Billy boy does not like E2E Encryption

As the products of the company Bill Gates founded by decite lies and worlds largest fines[1], are moving further and further into destroying peoples privacy for gain both political and financial it’s perhaps not surprising.

However he has apparently chosen a different hill as his chosen ground, I’ll leave it to others to make their own judjments,

https://reclaimthenet.org/bill-gates-end-to-end-encryption/

[1] The company also made promises into court over things like embeding browsers, something they appear to think nolonger matters… I wonder what would happen fine wise if it got brought back to court in Europe again…

Anders August 13, 2020 9:27 AM

@ALL

How they treat detained protestant in Minsk.

news.tut.by/society/696444.html

Link is not always accessible due to internet outages.
This is in Russian, use Google Translate.

rrd August 13, 2020 9:34 AM

@ name.withheld….

Thanks for the kind words.

[re: Vaccines]

I was peripherally involved with an FDA study drug approval process many years ago as a simple SAS code monkey, but I was responsible for producing the actual fundamental preliminary safety study breakdown of study-drug vs. placebo across specific patient traits: gender, smoking (never, quit, how much per-day), and many more. It was perhaps 30 or more different lifestyle/history questions that had to be pretty equally separated between SD vs. placebo. The statisticians that steered each patient into the proper bin so there wouldn’t be possible cross-correlations really earned their pay. I was nowhere near those folks, but I did get to learn one important bit about the process.

So, all I can really say about any drug — but especially vaccines — is that the SAFETY studies must be done very, very carefully or nothing else will matter.

And I simply don’t trust for-profit corps to produce such a HUGE money-maker on such short notice without cutting too many corners thus resulting in an improper vetting process. (The opioid manufacturers’ MBA-driven techniques have certainly been shown to be nothing less than a disastrous pile of lies.)

I find it amusing that our American media are (rightly, IMO) calling out the Russians’ claims about their vaccine for being likely premature and perhaps quite dangerous. I can’t help but think that if it was an American company they would have a very different perspective, one that could prove dangerous if it gaslights researchers who question a rushed process for a virus that we still know very little about. (I love it when my cynicism is proven wrong but it rarely is.)

Yes, my kids are vaccinated, but I am very wary of the intersection of profit (especially in 2020 corporate America) and medicine, especially vaccine tech. There’s way too much money involved in something that the law sometimes makes mandatory for millions upon millions of paying consumers (either directly or via our taxes, that is).

I mean, the difference between requiring two doses verses three may be life or significant, perhaps-practically-impossible-to-detect harm to the individual, but to an MBA acolyte that’s merely a 50% more sales nobrainer worthy of investing in investing in goal-seeking researchers. (And, just because vaccines aren’t nearly as big a seller as anti-depressants or pain meds, that doesn’t mean their profits aren’t literally hundreds and hundreds of millions of dollars, which they are.) The last thing vax tech needs are the people who decide that ten people dying because the seat belt buckle has issues are not enough to recall the vehicles.

Besides information technology in general, I can’t think of a more important technology we human beings have ever developed than vaccination, but I can’t also find an example of anything in life that profit motives haven’t sullied if not downright ruined.

My personal perspective is that vax tech should be a public utility, designed to break even (by minimizing costs within reason) but still amply rewarding the researchers, stewards and practitioners. It should be a unified world effort with absolutely no profit motive, no patents and absolutely no secrecy. Profit motive is inherently antithetical to medical care, and herd immunity is a real thing whose benefit cannot EVER be measured in dollars and cents. At least not in a compassionate, sensible world, that is.

Clive Robinson August 13, 2020 9:38 AM

What value “verified”?

Before people accuse me of taking sides in politics, personally I could not give a damn about any of the parties involved.

What does interest me though and what has caused me to post it is that a “verified” account is still sending out tweets even though the person is a “verified stiff” that’s gone through the usual death and corpse disposal rituals.

https://www.newsweek.com/hermain-cain-tweet-posthumous-ad-joe-biden-kamala-harris-1524804

Perhaps those a “tweet central” if not still a twitter about being rudely intruded upon by a teenager would care to explain just where the dead politicos political speech came from.

Perhaps some one can correct me but I did not think the dead were covered by the first amendment for post mortum comments. Likewise is another person covered by the first amendment when their speach is actually fraudulent?

rrd August 13, 2020 9:54 AM

@ Clive re: Bill Gates

He has no idea whatsoever how much harm his company has caused and is continuing to cause. And he has no idea because he has no concern at all to learn the unassailable truth of his perfidy to humanity.

Sure, he has given a bunch of money to research malaria and that’s great, but until he changes his understanding of “profit motive above human beings”, he will always sound like the disingenuous, amoral coward he as always been, hiding behind his money’s power in our utterly corrupt societal system that shields him and his like from accountability.

A blind woman told a friend of mine once, “The voice never lies.”

One’s tone of voice is but one of the indications of our lifetime’s accumulated karma. The lines of one’s face, eye shine, treatment of children of all ethnicities and the words and the terms one chooses to use all indicate the moral character inertia of one’s lifetime.

And — WHOO-BOY! — Bill Gates and DJT sure do tell the world everything about themselves every time they open their mouths.

Until Bill Gates aims to cure the disease of money-above-human-beings he will never know peace and should never be accepted into society. He is a moral criminal, regardless of whether or not he has broken any actual laws, though he most certainly has, escaping through the clever use of lawyers.

rrd August 13, 2020 10:04 AM

@ Clive

Yeah, that posthumous tweet is horrific, but I love it in that it really, really shows their perfidy.

Before people accuse me of taking sides in politics

It is the cowards that don’t choose sides that have always been a major problem in our world.

The great survivor of the Holocaust, Elie Wiesel, said:

The opposite of love is not hate, it’s indifference. The opposite of art is not ugliness, it’s indifference. The opposite of faith is not heresy, it’s indifference. And the opposite of life is not death, it’s indifference. Because of indifference, one dies before one actually dies. To be in the window and watch people being sent to concentration camps or being attacked in the street and do nothing, that’s being dead.

Eff people who complain about people choosing sides.

And same to people who choose evil over goodness.

There is right and wrong, peace and strife, love and hate, caring compassion and indifference to suffering.

And the fact of the matter is that WE ARE ALL CHOOSING SIDES EVERY DAY OF OUR LIVES.

Be bold, Clive, I know you don’t want to see anyone suffer. I know you want people to have peace and happiness. Let that light shine!

rrd August 13, 2020 10:18 AM

One more Elie Wiesel quote:

I swore never to be silent whenever and wherever human beings endure suffering and humiliation. We must always take sides. Neutrality helps the oppressor, never the victim.

myliit August 13, 2020 11:03 AM

@Weather

“… Sorry will refrain from posting.”

You might reconsider.

On this side of the pond, because of the clusterfvck on covid-19 testing, masks, economy reopening, schools reopening, science denial, etc., our President likes to talk about vaccines or, perhaps, any topic other than his multiple, deadly, failures.

myliit August 13, 2020 11:30 AM

@JonKnowsNothing

“… I won’t be posting too much because somewhere between here and there things go into a bit bucket. I expect it is my ancient computer and an overloaded internet in California that is at fault. …”

Of course, there are opportunity costs, including how to best vote out and remove our President, who, imo, of course is a net liability for the blue planet. Stevens, an experienced Republican (GOP) strategist ( In reverse chronological order ), imo, in a fascinating interview:

https://www.npr.org/transcripts/901274491

“… DAVIES [Interviewer]: It goes without saying this is just an extremely weird year with the COVID-19 pandemic and a lot of the issues with voting, et cetera. What do you expect the Trump campaign’s strategy to be in the fall?

STEVENS: It’s – Trump is going to run as George Wallace. It’s going to be a racial grievance campaign unlike we have ever seen on the national stage. I think it is going to be the ugliest campaign we’ve ever seen by a desperate man.

So Donald Trump’s behind now, and he’s talking about suspending the elections. Think about a week out if he’s behind. I mean, if I was the Canadian minister of defense, I’d be worried he’s going to invade Ottawa. This is an unstable man who is headed to potentially a historic defeat. And I think he’s going to wage [ wave? ] a bloody shirt and try to scare white voters. And I think they’re going to do everything they can to suppress non-white votes. Legal, illegal, quasi-legal – that’s what they’re going to try to do because they think that’s the only way they can win.

[…]

DAVIES: Another principle that you say that was espoused [ by the Republican Party ] but never really believed was that of fiscal responsibility and controlling the federal deficit. What’s the party’s record there?

STEVENS: Well, look; you just look at the numbers. The deficit goes up more under Republican presidents than Democratic presidents. I think it’s one of these things that, look; if you said to Republicans, are you for massive deficit spending, they would say, absolutely not. But are you willing to make the sacrifices that getting fiscal control of the government requires, and the answer to that pretty much is no.

So you go back to 1994. Bill Clinton gets elected president in 1992. He has a tax increase. I made a lot of ads, as every Republican consultant did, predicting that these tax increases would crash the economy. I mean, people referred to it as a Kevorkian – Dr. Kevorkian, who was the assisted suicide doctor. It was a Kevorkian tax increase. OK, the tax increase passed. And guess what. We were wrong. Those are just facts. And you can’t look at that and say, well, OK, we were right, because reality didn’t line up with what we said. And I think you have to look at that and you have to ask yourself, what does that mean?

And Republicans have controlled the government under Trump, and the deficit has just skyrocketed. It’s risen faster than any other period in our history. And Trump doesn’t even talk about the deficit anymore. I mean, occasionally now, you see Republicans going out and saying, well, we have to, you know, get the deficit under control, and I think they’re just preparing to say this stuff under a President Biden. …”

myliit August 13, 2020 12:43 PM

@lurker

“ 1947, Texas City, […] I remember reading about it with warlike photos in Life magazine at the time. Ammonium nitrate is not something to just leave lying around for years…”[1]

iirc, the Texas City Disaster may have involved water firefighting, when in retrospect water was the wrong choice

https://en.wikipedia.org/wiki/Texas_City_disaster

https://www.youtube.com/watch?v=TworcINhDhQ 3:28

[1] https://www.schneier.com/blog/archives/2020/07/friday_squid_bl_739.html#c6815102

Clive Robinson August 13, 2020 1:23 PM

@ rrd,

I can’t think of a more important technology we human beings have ever developed than vaccination

And I sincerely hope we soon stop doing it the way we do, because both medically and scientifically it’s very much the wrong way to do it.

The human body has evolved to have a series of proyective layers and nearly all the defences are designed to work at the perimeter. That is the inside of our bodies are effectively sterile and the outside continuously under attack from millions of pathogens continuously.

However we also need to get air, water, and food in which can all be loaded down with pathogens. So our bodies have mainly developed it’s defences in maybe a millimeter or two of the outside.

Yes we do have internal defence systems but they are also designed on evicting pathogens by bleeding etc and as a fall back when the other defences have failed. And in all honesty the human immune system is realy not that good when compared to many other creatures not just mammals.

Thus to stick a needle into the bodies sterile interior and inject pathogens or other foreign substances into it is not realy a good idea at all. Especially wheb we know that there are other safer routes by which the immune system can be stimulated. One such known way is “first breast milk” that is colostrum by which the mother confers immunity to her baby via an oral route, whilst all through pregnancy the placenta has acted to stop pathogen related ilnesses getting to the baby.

You could say the “oral route” is natures prefered way for humans to get immunity. It’s interesting to see that science is moving over in that direction and I hope it continues. Humans whilst they can repair themselves after injury, never realy evolved to have holes punched into them no matter how small.

But lets take a quick look at vaccine injections, as far as I’m aware they all have risks, that is they are not realy “safe” but “acceptable for a majority”. Thus the question of where you set the boundry.

Where there is good healthcare it appears the risk of death from a COVID-19 infection is currently below 0.5% however without healthcare it is about 5%. These figures are expected to improve as the real infection rate is deternined, but also to get worse as sequelli and other long term health risks and early deaths become apparent with time.

Thus to be considered effective any vaccine must reduce the incidence of infection significantly. Likewise to be considered safe the risk of harm or death must be some small factor of the current death rate. Some vaccine injections are known to cause some level of harm in as little as one in twelve thousand people. Something tells me that for a mass vaccination that is way beyond what most would accept as that would be about thirty thousand people in the US alone. Even one in a hundred thousand is going to be “news worthy” in the short period of time they are talking about vaccinating the entire US in as that’s in the 9/11 death range.

JonKnowsNothing August 13, 2020 2:22 PM

@Clive @All

re: Pan-Famine: Field Mouse Population Explosion in Germany

Parts of Germany are experiencing a population explosion of field mice.

some parts of the country, a quarter of the arable land is affected … an estimated 120,000 hectares (300,000 acres) stripped bare by the rodents

Basic Biology 101 reasons why you get a population explosion

  1. Lack of predators
    Lots of small carnivores eat mice and some larger ones like wolves. Poison, trapping, hunting or culling are commonly used and cause a disruption in the biological balance.
  2. Abundant food source
    Lots of wheat, grain and edible food supply laying around. Economics of harvesting may lead to leaving “some in the field” to shore up prices. Creosote dumps in the USA are an example of supply reduction. The method used may not destroy the product completely. Poor harvesting strategies. Over planting based on Commodity Trade Pricing.
  3. Habitat Adaptability
    Mice and rats are very adaptable for habitat.

Reversal of the above strategies is often difficult because things don’t work in linear fashion. Push on one side and something pops out the other.

Cutting back on over planting only works if all the farmers in an area do the same thing. There’s always one (or more) that figures they can make more money by continuing to overplant because the 10 farmers down the road cut back their production by 10%.

Allowing more predators in the environment depends on whether it’s a cute predator or a not cute one. People only tolerate cute predators. If you are a badger in the UK, you have a problem. Wolves are barely tolerated anywhere. House cats are ubiquitous and are adapt hunters with a population explosion of their own.

Poison and traps don’t work all that well. Both are indiscriminant in what they kill. The USA uses a cyanide trap to kill coyotes, feral dogs, and foxes. It is an exploding landmine device which puffs up a cloud of cyanide. The cloud kills most of whatever is in the area around the trap.

The recent explosion in Beirut Lebanon, where the wheat grain silos were destroyed will be a biological food supply bomb. In warm climates mice can reproduce all year round. In cold climates up to 2 times per year.

ht tps://www.theguardian.com/world/2020/aug/13/plagues-of-field-mice-decimating-crops-say-german-farmers

ht tps://en.wikipedia.org/wiki/M44_(cyanide_device)
(url fractured to prevent autorun)

JonKnowsNothing August 13, 2020 2:48 PM

@Clive @All

re: Pan-Famine Locust Pheromone

[a] team of biologists based in China has now identified the chemical that calls locusts to swarm

Reported that there are about 35 small chemicals that locusts produce. Six are more prevalent in swarming locusts. Swarming locusts also undergo significant body structure changes.

  • Phenylacetonitrile, seemed to repel locusts.
  • Guaiacol, seemed to suppress behaviors associated with swarming.
  • 4VA (4-vinylanisole) was the only one produced by swarming locusts and attracts solitary locusts.

After IDing which parts of the locust sensory system responded to 4VA, the researchers used a CRISPR gene-editing system to delete that gene and the locusts were no longer attracted to it.

Using sticky boards (fly paper) testing, some with 4VA and some without, the 4VA coated boards trapped more locusts.

4VA gene deletion, decoy attractant, trap scent, population alteration with non-swarming locusts are possible future strategies.

If the 4VA and other chemical triggers work out on the large scale locust swarms, and have few or no unexpected trade-offs, it will be a big benefit to many countries with much hunger and starvation avoided.

The desert locust summer breeding period is in progress.

ht tps://arstechnica.com/science/2020/08/researchers-find-a-chemical-that-makes-locusts-swarm/

ht tp://www.fao.org/ag/locusts/en/info/info/
(url fractured to prevent autorun)

rrd August 13, 2020 2:53 PM

@ Clive

Thus to stick a needle into the bodies sterile interior and inject pathogens or other foreign substances into it is not realy a good idea at all.

Yes, like acupuncture (total quackery), there is something intrinsically non-natural about it, yet I don’t think it’s arguable that polio has nearly been eradicated. My question is, as you suggest, is “Is there a non-injection method of priming our immune systems?” As you say, oral ingestion is probably the best way to innoculate.

But lets take a quick look at vaccine injections, as far as I’m aware they all have risks, that is they are not realy “safe” but “acceptable for a majority”. Thus the question of where you set the boundry.

In the US we have a specific encephalopathy fund to pay out to children that get severe brain swelling post-vaccination. What people fail to realize is that it’s not like the infant either gets full-blown brain swelling or no adverse effect whatsoever. Vaxes are designed to promote an immune response and one would expect that some of these little bodies would overreact to whatever extent, especially if they’re getting a dozen or more per year. Unfortunately, there is neither a way to measure such adverse effects in vivo (especially when so many different ones are administered so rapidly) nor a fiscal motivation in this current system for the companies to do the necessary level of testing to determine exactly how much damage may actually be occuring beyond traumatic encephalopathy. Once again, one can’t love human beings and money, i.e. there can only be one primary motivation.

As to colostrum, I never had a drop. Between the Catholic Church’s demonizing of our bodies’ natural functions and the OB/GYNs that sold out to Enfamil/Similac, I have no doubt that my lifelong pimples are the result of never getting one drop of my mother’s acquired immunity passed into me, as my parents have no such problems. (The first 48 hours are especially important as our little bodies are designed to receive that first, special dump of mostly immune-establishing elixer.) That those companies had the temerity to suggest they could replicate something so specialized — the result of our entire mammalian evolutionary cellular heritage — is very much a part of my natural skepticism towards the medical industry.

I learned better, however, and our kids were fully breast-fed from the get-go. As well, after I was asked if we wanted our toddler daughter to get a Hepatitis B vaccine, I held up because I knew that HepB requires either IV drug use or sex to spread. I immediately smelled the money grab akin to my Mom having being hoodwinked by her doctors on the Emfamil kickback scheme (which was later reproduced to horrific effect by our opioid manufacturers).

After that episode, I realized how absurd our American vax schedule is (it is insane in a way that only an MBA could promote so as to “move more product as quickly as possible”. After that, we only got them the MMR vaxes because measles is so terrible for immunocompromised folks and so very, very transmissible. Because their diets are excellent, they barely even noticed the shots, beyond the local swelling and bruising. Any other vax they or we decide to get should now be handled much better by their more developed systems, if our medical systems ever return to some semblance of normal.

Thanks for your bravery in stating a sensible perspective that gets very many people very, very worked-up in our current world, especially people who claim to be scientifically-minded (sheeple). Still, the Mom of my next door neighbor’s kids when I was in grade school had had polio as a child and her hip was very messed up. I’d say, all in all, injecting a polio vaccine — while way sketchier than an oral administration — is still preferable to the ravages of polio.

At the same time, I am REALLY REALLY curious what percentage of the kids that develop the new polio-like Acute Flaccid Myelitis were vaxed against polio. If they were ALL vaccinated, that would, to me, be worrying. As polio “in the wild” is thankfully getting more and more difficult to find, perhaps there is an issue with the lab samples we have used as their basis for decades having degraded in some way, or, worse yet, mutated. I can imagine that aging of such source samples provides its own problems. Such problems would likely first appear in an ancient vaccination such as polio and would require a new dimension of analysis to ensure older vaxes’ safety and efficacy.

And that’s yet another reason that all vax tech should be completely non-profit and open source and worldwide in effort.

UP ON A FUTURE EPISODE OF MEDICAL FKERY: Why it’s insane to think a baby boy won’t be completely traumatized by having his foreskin cut off without any numbing agents applied whatsoever.

SPOILER ALERT: I was in the room when my nephew was wheeled into my sister’s room immediately after his ~ I sht you not, his eyes were like silver dollars. I asked the pediatric urologist on-duty when they offered my son his standard newborn circumcision what his policies were on pain. He said, “The injection is difficult and hurts as much as the surgery and the cream makes things slippery so I just don’t use any. Anyway, they don’t feel it.” I noped out and my son got the full anesthetic for the one he ended up needing at 3yo. Maybe that’s why our son is not a sadistic bastard.

Anders August 13, 2020 3:01 PM

@Clive

Have you read this before? 🙂

web.archive.org/web/20030202233907/http://www.roxio.com/en/support/cdr/historycdr.html

rrd August 13, 2020 3:15 PM

ATTN: Linux Users

Russian Drovorub apparently pwns Linux systems.

hXXps://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF

I have not read it yet.

MarkH August 13, 2020 3:41 PM

.
Drovorub

More detail, on the “exploit kit” rrd announced above, attributed to a specialist unit of Russia’s GRU.

Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a command and control (C2) server. When deployed on a victim machine, Drovorub provides the capability for direct communications with actor-controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands; port forwarding of network traffic to other hosts on the network; and implements hiding techniques to evade detection.

Drovorub represents a threat to National Security Systems, Department of Defense, and Defense Industrial Base customers that use Linux systems. Network defenders and system administrators can find detection strategies, mitigation techniques, and configuration recommendations in the advisory to reduce the risk of compromise.

My italics added.

Fact Sheet (PDF) at nsa.gov

Report including security advice (PDF) at defense.gov

To save the usual suspects the effort of writing it themselves, “attribution is hard” yada yada yada

Clive Robinson August 13, 2020 3:55 PM

@ lurker, ALL,

The honeymoon is over: 102 days with no community transmission in New Zealand now broken.

Apparently it’s four people in one family of seven that are the nexus, but they did not report in to authorities untill after four or five days of still working and going to school, meaning they were infectious and thus spreaders.

It’s unclear how many are now ill but around twenty of the families 200 close contacts has been indicated.

Of more concern though is how they became infected, the two favoured routes are,

1, Working with imported frozen food.
2, Working as frontline boarder staff.

It’s known that corona viruses can survive for two or more years at moderate levels of freezing and even longer at the -15 to -20 of ordinary domestic and shop storage freezing. Other food freezing can be at even lower tempratures for various reasons thus viral viability time is likely to be increased. The same applies by the way to “cool air chillers” and places where ice forms, something that has caused spread in other countries.

Apparently this re-outbreak has revealed that something like 2/3rds of the frontline boarder “bio-security” staff in NZ are not being checked, and this has caused some what of an outcry by members of the public.

I’ve mentioned both of these routes before on this blog, as being a significant “interface” concern for nations especially those such as islands where they do not produce sufficient food for their population size.

So whilst I’m not surprised these routes are suspected, I am sadened that it has happened. But what has surprised me is that the very front line that protects the entire nation from the ingress of COVID-19 the boarder “bio-security” staff are being treated in such a lax way.

Whilst I can appreciate that being tested is not exactly a pleasent experience, and that the need to do it is likely to be weekly for atleast the next three years unless a safe and efficatious vaccine is developed. I would have thought that “self interest” alone would have pushed frontline staff to push managment etc.

MarkH August 13, 2020 4:26 PM

@lurker, Clive:

The way Clive framed the suspected cause of outbreak in New Zealand is pretty depressing, given how well that country has done so far.

What too few in the world yet understand, is that dealing with a dangerous and efficiently spreading infection is like operating a submarine, working with electrical power lines, or polar exploration: getting it 99% right won’t save you, if you fail at one percent of what you needed to do.

Anders August 13, 2020 4:27 PM

#BREAKING Sergei Karavai head of the emergency room in 1 of Minsk hospitals claims that there are far more data listed that are being confirmed by the regime while talking to @tvrain : 9th august – 6 killed 10th august – 7 killed 11th august – 21 killed #Belarus

mobile.twitter.com/ignis_fatum/

MarkH August 13, 2020 4:54 PM

Clive wrote:

I did not think the dead were covered by the first amendment for postmortem comments. Likewise is another person covered by the first amendment when their speech is actually fraudulent?

Such interesting questions!

I have no legal education at all, but as a U.S. citizen with a lifelong interest in constitutional rights, I’ll offer my thoughts.

  1. As a practical matter, a dead person cannot bring an action against a government, and I believe that the ability of others to do so on behalf of the deceased is limited.

However, the speaker or publisher of a dead person’s ideas or expressions could be party in a legal action, and assert first amendment rights.

Such principles would of course not apply, if the words of the tweet weren’t authored by the dead guy.

  1. In U.S. law, “fraud” generally has a very specific meaning, distinct from the general case of falsehood, impersonation and the like.

Fraud as defined by law may be a matter for civil or criminal courts, depending on the facts and circumstances.

I suggest that probably, tweeting on a dead person’s account is unlikely to qualify as fraud, unless this were done as part of a scheme to improperly obtain money (or inflict some other particular injury). Further, the plaintiff or prosecutor would have to make the case that the victim believed (or was likely to believe) the impersonation. If it’s broad public knowledge that the named person is dead, a defendant could make the case that he reasonably expected that noone would be misled by his use of the name.

On the whole, I don’t think that using a false name in any way impairs first amendment protections — except that if such use does meet the standard for legal fraud, then the government is empowered to exact penalties, regardless of free speech claims.

The first amendment is not a “get out of jail free card” for criminal speech including fraud, slander, and terroristic threats, although I suppose courts may consider free speech rights in a “balancing test”.

Don’t rely on anything I say about law when deciding on courses of conduct!

Sincerely, Charlton Heston

Singular Nodals August 13, 2020 5:05 PM

@rrd

Thank you very much

I didn’t have anything you wrote in mind in making my comment (in fact had not adverted to your comments). A bit of a graybeard loon myself, I was responding ironically to what I perceived (in other comments) as a certain derogation of “graybeard” school thinking, and thought to drop links to few randomly chosen examples of computerological greybeard, or at least gray, excellence.

rrd August 13, 2020 5:31 PM

@ Singular Nodals

I’m glad to be wrong.

Perhaps, next time, you could please be more careful as to who you are addressing, because I sure as heck didn’t know who you were addressing.

That said, only the insane are not driven at least a bit crazy by the current state of this world and the bad actors that pervade it.

Clive Robinson August 13, 2020 7:24 PM

@ Anders,

No I had not read the article before.

However there are a few bits missing from the story that I am aware of…

One of which was that Data CD’s or what were later called CD-ROMS were the result of two gentlemen that started a company called SilverPlatter, for putting “Citation Databases” on so they could be distributed to researchers. At the time the only option was 12″ analog optical disks that for various reasons not the least being letter boxes was not practical. They had an engineer who came up with the whole idea of how to put data onto the Philips “Compact Disk – Digital Audio”(CD-DA) disks. Which this bit from the article,

    “Meridian Data designed and manufactured a circuit board called the LEA. LEA stood for Layered Error Correction Code Augmentor, and its job was to add the additional ECC/EDC error correction code needed for data CD-ROMs.”

Reminded me of the photos of the engineers hand built board. Basically he made additions to the “Red book” standard and this embarrassed Phillips who together with Sony came up with their own standard (Yellow book, that’s still not publically available unlike the rest of the CD standards rainbow books) Having finally got a standard (yellow book) within a standard (Red book) the problem was how did you use it?

Well there were no CD drives as such for personal computers so definately no drivers. So they developed their own as a TSR hooked into one of the unused software interupts. This eventually embarrassed MicroSoft into producing “MicroSoft Compact Disk Executable” or MSCDEX…

However having a basic data storage format that was way beyond what most PC’s or even minicomputers could work with –LBA issue– gave rise to some serious issues. However as with snowballs and mountains once you get things rolling they fairly quickly get a bit wild. Several different CD-ROM formats emerged one of which was a unix UDF another more posix compliant was Rock Ridge[1] on ISO 9660 etc. To get around one serious issue one even looked like it had a bootable floppy drive image on it. This was called “El Torito” the stories about this differ but what is known is a sketch of the idea was done on one of the restaurants napkins.

The UDF and Rock Ridge formats later came a bit of a cropper due to unix file system limits when they were moved to DVD. The largest file size unix then supported was 2Gbyte, as most know DVD’s were over twice that, thus various tricks were carried out. One was to do what Oracle did when faced with the file size issue… Which was to mount the device as a raw device and then get your software to address it directly effectively saying “stuffit” to the 32bit signed int limit.

Sadly SilverPlatter does not exist any more it got taken over by a traditional publishing company that got talked into some crazy scheme where they would have absolute control over the Medical Citation Data Base market and make billions…

Lets just say they lost a lot of money on trying to do something that was actually not possible (see MedLine as to why).

But then the Dot Com bubble dream was still alive for some people back in the early “naughties”. Some like Rupert “the bear faced lier” Murdoch still think there is a pot of gold in online newspapers behind expensive paywalls and walled gardens for comments and such like. Thus sunk the better part of a half billion dollars into a bottomless pit that did not even burp…

[1] For reasons I will not go into, this format is named after a fictional town in comedien and film director Mel Brooks film “Blazing Saddles” which these days would be considered “very non PC”. One of the films running jokes is about actress Hedy Lamarr, who some here may remember invented Spread Spectrum signalling.

JonKnowsNothing August 13, 2020 7:33 PM

@Clive @MarkH @All

re: New Zealand OpSec Covid19 barrier failure

There are actually only a few ways to get to New Zealand and overland isn’t one of them. To paraphrase Brendan Behan:

God help the poor Scotsmen they will never be free,
But we are entirely surrounded by water.

The NZ rumor mill is flowing that it is a “quarantine failure”. On the surface that sounds pretty oohhhhh! but if you think about it, it is the mostly likely pathway to infecting the country.

As Clive has noted, the shipping containers are being checked as did China when they had their outbreaks from the Wet Market. I haven’t seen any MSM reports about the outcome of their shipping container tracing.

New Zealand is doing genome sequencing to trace Escapee No 1.

17 cases tracked.
30,000 people passed through quarantine.

Zho on the fun side before the Big Reveal, where did it things go pear shaped?

Someone lied. Clearly someone fudged and told a porkie or two. But who?

  1. Quarantine Escapee. Someone got out and back in, climbing a 6ft fence or doing an Errol Flynn swing from a chandelier
  2. A guard got infected. Someone that was “free to move around” or “quit their job” and was able to travel, was infected by a 14day Guest. The guard went walkabout infecting all and sundry.
  3. Private jet transport. In other countries, private jets have been a source of re-infection in areas pretty well cleaned.

    Not long ago a high paid soccer dude decided to travel from the UK to Spain and back without bothering with the inconvenience of quarantine. He infected his team and the other team and the coaches and the staff. He is terribly sorry… How he got by the You Shall Not Pass in or out of England and Spain without running into a wall, and that no one on the teams or management knew he had left town, sort of points to Private Transport of Flying Nature.

    New Zealand has allowed high paying Hollywood Actors and Production Companies to travel into their heartland bypassing quarantine on the say-so that they will be good chaps and stay put. The Hollywood types also threw a lot of money at the government to ensure they got a pass.

  4. A flying bat or bird pooped out COVID19 and the splat hit 1 of 17+.
  5. Foreign Jealousy Operation. Neoliberal Herd Immunity Policy cannot compete with the zero cases in New Zealand. A small capsule, dumped into a beer at the local bar….
  6. Sex and/or Drugs. The holy grail for dissembling about your whereabouts.

We know that the NZ Security Services are part of 5EY and they aren’t slouches. They will have the data to geo-fence all the areas and all the cellphones in NZ. Once they had 1 person tagged, they would have everyone tagged that was anywhere near them. They don’t need a contact tracer except to make people feel guilty or vulnerable. They won’t want to divulge the extent of their abilities though.

Supposedly the Big Reveal will be in a day or two…

ht tps://arstechnica.com/science/2020/08/new-zealand-baffled-by-new-covid-19-cases-eyes-frozen-food-packaging/

ht tps://www.theguardian.com/world/2020/aug/13/auckland-new-zealand-covid-cluster-caused-by-quarantine-breach-says-deputy-pm

ht tps://www.theguardian.com/world/2020/aug/13/covid-19-may-have-been-circulating-in-new-zealand-for-weeks-as-fresh-case-emerges

ht tps://en.wikipedia.org/wiki/Brendan_Behan

ht tps://en.wikipedia.org/wiki/Poisoning_of_Alexander_Litvinenko

(url fractured to prevent autorun)

Clive Robinson August 13, 2020 8:59 PM

@ JonKnowsNothing, MarkH, lurker, ALL,

There are many possible causes but some are realy not very likely at all, such as,

    Dr Ashley Bloomfield, the director-general of health confirmed the virus may have been circulating in Auckland for several weeks as the original case started displaying symptoms as early as 31 July.

If we look at the life cycle as we know it you are infectious for two to three days as you build up to peek infectiousness it then decays away over five to seven days when you stop being infectious. The implication of this is over two weeks three people get infected as a chain. So over a hundred days the infection chain would be about twenty people long… With all of them and other people that would have been infected being asymptomatic untill it gets to this family where four not just feel symptoms they show signs as well. Whilst not impossible, and it does need checking out for safeties sake, it is the least probable based on the little we know about the virus.

I guess we are going to have to wait and see.

In other COVID-19 news it appears there is an issue with young children. Apparently research has found that infected under five year olds can exhibit a thousand times the virus sheading of an older child or young adult, which is more than frightening when you take a deep think on it.

lurker August 13, 2020 11:45 PM

@JonKnowsNothing, All: New Zealand is not free from idiots or wishful thinkers. Two cases shortly appearing before the Magistrates involve breaking IN to Managed Quarantine Premises…

Trudi Fenster-Klotz August 14, 2020 12:07 AM

Re: New Zealand

Worldometer shows most countries with a rise in daily cases as July and August wear on. Lockdown countries might be expected as imperfect lockdowns eased then, but not non-lockdown countries such as world champ Taiwan, or Japan, or even Sweden, all of which had been seeing steady declines – what changed to alter the long established trend ? Deaths seem to show very small changes though.

New Zealand perhaps with justification thought the virus had been eradicated, so the reappearance suggests entry from outside or unexpected or underestimated internal source.

Apparently New Zealand is reinstating lockdowns. Why can rhey not just trace and isolate like Taiwan? Lockdown is a sign the virus has gotten completely ahead, an extreme measure when trace and isolate has failed. That doesn’t seem to be the case here.

Weather August 14, 2020 12:29 AM

@Trudei
The first cased detected, or the first to go to hospital? There is spread in Nz its just quite, which can be a problem with people self gonvenve. Sometimes the hand needs to be slap, but please don’t do it to me.

JonKnowsNothing August 14, 2020 1:09 AM

@Trudi Fenster-Klotz

re: Why cant New Zealand just trace and isolate rather than lockdown

disclaimer: I am not a kiwi. ymmv.

I expect it is both track and trace PLUS lockdown.

Track and Trace needs time. COVID19 is contagious days before anyone notices which means it gets several days head-start on infecting people.

Also their population doesn’t have the 2% immunity the USA has bought at the cost of 165,000+ lives. So they are vulnerable to uncontained explosive spread. Which you can see how well that worked in New York, Los Angeles, California, Texas, Arizona, Florida and is now moving north again.

If their situation is caused by an asymptomatic super spreader vs a pre-symptomatic carrier, the super spreader needs to be contained until they can locate the person to stop them from infecting more folks. This would be a serious problem and one that is known about COVID19. Super spreaders don’t get sick, not even after months. Because New Zealand has invested in testing their entire population that would indicate a False Negative on a test. One False Negative can ruin the entire testing practice or cause massive reassessments, which New Zealand is doing.

Unlike Australia which really didn’t make much effort to contain their current outbreak possibly using your suggestion of “wait and see”, New Zealand is going to stomp on it fast. It takes 6 weeks on average, from first detection to final All Clear if you stomp on it. If you use the USA version it never gets cleared and you go from one peak to the next with barely a dent in between.

Contact tracing is probably pretty good in New Zealand but they have had 3 months of no need for any contact tracing at all. It maybe, that some of the systems got a bit rusty with nothing to do and no emergency fires to put out. They have something in place because they are doing genome testing and they have the ability to test for COVID19 in sewer effluent. Australia does the same but they let COVID19 get weeks of head start and now have a bigger headache provided they actually want to control it. They waffled at the start flirting with Herd Immunity Policy and then flipped but there are some attractive financial and economic benefits that flow from de-population.

So they will lockdown to prevent on-going spread. They will track trace more contacts to find all affected.

And most important for their future success is to plug the hole in the dyke and make sure it stays plugged. It only takes 1 person thinking the rules don’t apply to me to send the economy into lockdown.

As noted early early on: STOP THE PLANES. STOP THE SHIPS.

There is a global economic and ethical war between money and lives. When you see planes flying and open bars while there are still active cases, that’s money talking. When you see walled garden quarantines with rigorous rules and safety precautions for which the reward is never to have to do that again, that’s where lives are considered important. Yours, Mine, Theirs, and the Planet.

Being in lockdown for 6 weeks is not too much for that freedom; I’ve been in lockdown for 6 months and I have 2-3 years still to go. Which would you prefer?

SpaceLifeForm August 14, 2020 2:06 AM

@ JonKnowsNothing

“that would indicate a False Negative on a test”

Yep.

The tests are not good enough to catch silent spreaders.

It really is that simple.

Which is why contact tracing is a waste of time.

The silent spreader is no longer near the scene.

JonKnowsNothing August 14, 2020 2:43 AM

@SpaceLifeForm

re: covid19 contract tracers

I think of them as the clean up crew after you dumped over a big tall glass of sweet lemon iced tea with lots of ice cubes in it.

First there is the splat of 32 fluid ounces of brown sweet liquid flowing across the table.

Then you get a big blob puddle of sweet sticky drink seeking its own level.

Followed by drip lines as it pours off the table onto the floor.

Next you get the ice cubes skidding hither and yon, melting and leaving their own mini puddles with some sticky and some not.

And for extra fun measure, you break the glass with a few big shards and lots of itty bitty shards just waiting for a bare foot to trod on them.

After you pick out the shards from your, foot you discover that it also went down the front of your pants….

Clive Robinson August 14, 2020 3:23 AM

@ JonKnowsNothing,

They waffled at the start flirting with Herd Immunity Policy and then flipped but there are some attractive financial and economic benefits that flow from de-population.

Yes it saddens me to realise just what the idiots in power are doing. Over in the UK even though their “glorious quiff” got a dose and ended up getting the best medical support available in the world at the time, they still think the consequences of their actions do not apply to them.

For those that still do not get it “money and power” do not magically make you immune to opportunistic disease, especially if you encorage the disease. As London found with the “Great Stink”,

    What goes around comes around

Thus a sickness in the community preys on all the community and you have to take active measures to stop disease in it’s tracks as best you can.

Or if people prefere,

    The body “Society” of which we are all appart needs it’s own functioning immune system.

Which means the evaluation of “Personal Rights -v- Societal Responsability” shows that for the former to exist the later must take prefrence. Rights are not “inalienable” they are a legal imposition on people by society for the good of society, it is after all why murder is not just a crime.

I was talking to a friends mother on the phone last week she’s in her eighties and appears stronger in many way than most a lot younger than she is. We got around to discussing the “Herd Immunity Policy” and she reminded me that one consequence of following it was a headonistic dystopian “me first” culture of the sort that formed the core idea behind the William F. Nolan book “Logans Run” and the film of the same name. With the notion of “Carrousel Time” in the film thought up by the author of “soylant green”. Essentially it was an inward looking society where every one had abdicated responsability to a computer that had be programed years befor to run everything from birth through to euthanizing every one when they were thirty (21 in the book) on the empty promise of being renewed and any “runners” got tracked down and euthanized by authiritarian following “sandmen”…

MarkH August 14, 2020 3:43 AM

It’s about half a century since I read Coleridge Taylor. What a surprise to find him here!

I am a genuine grey-beard loon, as Clive has attested on this site.

@rrd:

I have not felt that kind of despair in over 25 years.

I hope you may receive my message, in the spirit of lovingkindness. I worked a long time to address a form of psychological trauma from my formative years, and I have excruciating familiarity with periods of acute vulnerability.

Meaning no disrespect to anyone at all, most of us commenters here are opinionated pseudonymous geeks who might perhaps be doing something else more constructive … if I have a powerful emotional reaction to the writings of such a person, whom I’m most unlikely ever to meet IRL, I take that as a sign that I’ve had a S.L.I.P. (Sudden Loss In Perspective)

What I’m trying to say in my roundabout way, is that I wish you all the kindness and compassion you may need, from wherever they may flow.

@Singular Nodals:

Is your name Douglas?

Lawrence August 14, 2020 4:11 AM

@ Trudei @ JonKnowsNothing @ all

Re: NZ

I’m in NZ and it is important to read the news from here with a critical (cynical?) eye. It may seem to folk outside NZ we are back in total lockdown but that is only because the media reports are sloppy on facts and short on the ability to explain anything other than imprecise sensational terms. Sadly we even have some journalists that would fit right in with Fox and Friends.

A starting point to note is that we have different official Covid-19 levels depending on the perceived risk of community spread. Also, there are lockdowns and lockdowns within the four Levels (from 1, pretty much do as you like as long as you aren’t coming into the country, to Level 4 which is a full lockdown).

Last week were all at Level 1 – no internal restrictions what ever. The greater Auckland area has now been moved to Level 3 which is lockdown-lite, click and collect sort of thing. The rest of us are at Level 2 which means we can still work and play as we want but must endeavour to record where we go and when, plus socially distance when in crowded places (public transport and places like supermarekts). Face masks are legally optional at all levels but can iirc still be required as a condition of entry to a business or building or to be accepted as a passenger on public transport.

The government wage subsidy is being extended (well before it was due to expire) and the government is pursuing a stated policy of “The best economic response is a strong health response.”, with reference to how some places (e.g. some states in the US) performed after the 1918/19 pandemic.

New Zealand has good testing but so far less than 20% of the total population of 5 million have been tested. so, potentially, Covid could be out there. Legally no one can be compelled to undergo a medical procedure and so a few with possible symptoms have refused to be tested. Apparently some of those working at the borders have refused to be tested. An ethical dilemma indeed.

Genome sequencing suggests that the current infections are not related to the virus circulating months ago, which in turn suggests the border has somehow been breached. Whether brought in by a person or via freight is not yet known. But, ponder this – freight from Australia can reach us in a matter of days, the rest of the world not much longer. If chilled (or just cold from the holds of cargo planes) it might be a vector. How does one isolate or decontaminate freight?

For now all but one case of infection belong to just one cluster. The one unknown is, for the moment, considered a possible connection with the cluster. This makes trace and contact easier and about 85% of the people of interest have been contacted so far. It also means that the tighter restrictions can be ring-fenced. While some have their doubts about the efficacy of contact tracing such doubts have to be specific to a location rather than universal. Contact tracing worked moderately well here first time around but has been externally reviewed and redesigned so the system is much bigger and more effective.

So, why not avoid the lockdown and just trace and isolate? As has been said the lockdown is key to slowing the spread. For example, the problem in Melbourne, Australia, came in large part from too much contact (think also Texas and Florida – and God only knows what the outcome of Sturgis will be). Reduce the contact and your slow the spread, as has been seen in an number of pro-active states in the US. In our case this allows the combination of testing and contact tracing to eliminate the spread. As for isolation, the government has decided that those who test positive will be moved to isolation centres until they are Covid-clear. With one exception all isolation centres have been hotels providing room service with security courtesey of the policy and armed forces.

Apologies for the length of the post.

rrd August 14, 2020 6:29 AM

@ MarkH

I hope you may receive my message, in the spirit of lovingkindness.

I most certainly have. We are communicating more than just words and ideas here in this mysterious creation. Perhaps it is because we are quantum, too, our being not being in any way different from the universe that envelops and pervades us.

I worked a long time to address a form of psychological trauma from my formative years, and I have excruciating familiarity with periods of acute vulnerability.

I understand and sympathize. I think that my father was abused by Catholic priests as a child. I will never forget his cold, curt response (“No.”) to my asking as a child if I could be an alter boy, as we were leaving church, of course.

I didn’t understand why people would express dismay after having met my father, a loving, sober, hardworking, but utterly intense man. I grew up with that life and for all the loving kindness he showed us, I do remember scurrying up the bed into the corner like a spider trying to escape a predator one night when he came in to comfort me after having raged at us one night. (I don’t think having a mouthful of mercury and inhaling solder vapor in the bowels of an aircraft carrier were good for his mood swings either.)

Meaning no disrespect to anyone at all, most of us commenters here are opinionated pseudonymous geeks

Disrespect? It’s a badge of honor 😉

who might perhaps be doing something else more constructive

And, yeah, childhood difficulties, environmental contaminations and youthful recklessness certainly contribute to my ADHD.

if I have a powerful emotional reaction to the writings of such a person, whom I’m most unlikely ever to meet IRL, I take that as a sign that I’ve had a S.L.I.P. (Sudden Loss In Perspective)

Most certainly. To assume someone has negative intentions is but one of our heart’s 19 vices. That certainly may have been my mistake, but one can never take the words of the belligerent as being necessarily forthright. I am forgiving and gentle at heart, but the Message of Love is not here to be fcked with and, sadly, it is often met with an animosity that makes itself very clear. I do not seek such interpretations but neither do I ignore them, especially when they are obvious (this goes back many weeks).

What I’m trying to say in my roundabout way, is that I wish you all the kindness and compassion you may need, from wherever they may flow.

And to you as well. The source of happiness is all around us, but we have to choose to make ourselves available to it, as you have done here and elsewhere on this blog. For it and all your contributions, I thank you.

Now, on to more serious matters that I am sharing with you in an open, yet semi-private context (as many people here, I imagine, auto-skip my posts):

I’ve been trying to solve a problem for over two decades. It is said that genius is not defined by answers but by questions, and I’ve been trying to answer a very thorny question for over 20 years now. Technically, I answered it a few years ago but not in a way I feel fit to tell the world about, and not in the form the question comes in, but I’ll share it with you here, and anyone else who has the desire to read this post. I’m sure Clive would enjoy ruminating on it, too, but we’ll see if he discovers it here on his own. I sincerely hope he does. Let’s see who finds this post and gets down to this point to read what I have shared with only a few people ever, and this the first time on the net. Note that my discovering this problem was a true Archimedes moment for me and it took me forever to realize that very few other people will ever care to understand, much less help. Here goes:

How does one create a piece of software in the general form of a word processor but for editing software itself, with the standard workflow of open file then select file then make changes then save changes, but with itself as the first selectable file and itself being changed as a result.

I’ll leave how to approach the problem as an exercise for the reader 😉

It is my understanding that there are three nested classes of information software, each a subset of the former: programs that manipulate simple data, programs that manipulate softare, and programs that manipulate themselves, there being subtle gradations within each, and with fuzzy, overlapping boundary areas.

For a true geek like myself, it’s a fascinating problem. As someone who has thought about this for a long, long time, I can come to no other conclusion than there is no “solution” to software engineering that does not involve totipotent autopoiesis, to borrow two beautiful terms from cell biology, as what I term my ultimate expression of Class 3 information processors.

I share this with all who read this in loving hope that we change this world into a truly free, compassionate and generous world society of equals, where we have taken Dr. King’s Dream, created a Vision for achieving it, and then put in the hard graft needed to get it done, by the best means necessary.

MarkH, thank you for your lovingkindness and the space the universe has created for us here. It is truly such apparently small gestures that move this world towards the beauty it was meant to embody. That is why they only appear small, when in reality they are unfathomably vast, for the ripples they produce spread far beyond our conscious comprehension.

Clive Robinson August 14, 2020 6:45 AM

@ Lawrence,

God only knows what the outcome of Sturgis will be

Probably a real price drop in “Hardly Ables”[1] and the company might just go “belly up”.

On a more serious note,

If chilled (or just cold from the holds of cargo planes) it might be a vector. How does one isolate or decontaminate freight?

I’ve actually answered this in part some months ago. What you do depends on if it is the outside of the shipping container or the container contents you wish to decontaminate.

The outside is actually fairly easy, flash heating the container surface with either very hot air or EM radiation be it around 13.5/45Mhz or up in the centrimetric bands through to near IR to briefly 45-50C then sit in UV-C radiation for around 15mins to an hour (you can do both at the same time but flash heating is more easily done by a moving process than the stationary process prefered for UV-C tratment). Some containers can be sprayed down by concentrated short life bleaching agents like hydrogen peroxide that break down quickly into environmentaly safe by products.

It’s the contents that are more problenatic. Non perishables can be left in a warm warehouse for enough time that the contents get up to around 27C for two hours say two to five days. It’s perishables such as food stuffs that are the real issue, and how you deal with it is very dependent on what the food is and how it is being shipped.

The big problem is bulk transportation of semi processed frozen meat and fish. Take a frozen half or whole carcus the only place that the virus will be is on the surface and there are fairly simple ways to deal with that, one being rapid surface defrosting bleaching/disinfecting with hydrogen peroxide and rapid refreezing under UV-C lights etc. Meat that has been jointed or even cut into slabs that have been packed whilst not frozen represent a very real risk as does gutted or filited whole fish, which deep frozen boxes of get “future traded” for several years before they get processed into actual food. The virus could be on any surface or in any cut or mincing abrasion folded into the inside of the joint or box block. I can virtually guarantee that there are domestic freezers in central and Eastern Europe and in many parts of the US that currently have frozen SARS-CoV-2 in them that will be viable if thawed out in the next two years[2]. Why this apparently came as a surprise to US and German meat processors / packers realy puzzles me, because it’s known that flu Viruses and Common cold Viruses some of which are CoV’s have been transmitted that way, the worst offenders being “hog meat” or pork depending on your prefered term for jointed processed porcine flesh which is one of the most common animal protiens out there.

A sensible precaution would be to stop the imoport of anything less than whole carcus and all other animal protien to be shipped “cooked in the can” which is the way it once was before bulk container freezer ships were built. Yes it will more than double the price of non native animal protien. However cutting back on consumption and increasing domestic production was what Briton did during WWII at it’s been suggested many times that was when Britons were probably the healthiest.

[1] An expression I heard from one of Bernie Ecclston’s engineering employees at Formular One HQ over in Chesington SW London several decades ago. It aludes to the fact that those who purchased Harley Davidson’s fell into two groups the first were “Horgan Donors in the making” who were destined very shortly to be a “lamp post ornament” or the second group known as “Fat, Forty and finished” with flesh “hardly able” to rise to a false sense of being youthfull, or more correctly white males in “midlife crissis” getting away from the ex/spouse… Of course I’m still twenty something in my mind and the fact my body has a habit of sounding like the special effects department in a low budget horror movie, does not change my self view one iota, mirrors however… Maybe my avoidance is what makes people think I might be a vampire 😉

[2] Do not panic and throw it in the trash that is not just a waste but will be much more likely to cause an infection out break. Take the joint or chops / fillets etc and either cook from frozen or put in a bag let it thaw compleatly and then treat it the way they recomend you do raw chicken only give the surface a quick “misting” squirt of dilute hydrogen peroxide to kill any surface virus to stop it becoming airborne, then cook beyond “pink”, preferably in an overn or other slow cooking method with a “browning” phase. Any plastic wrap it was frozen in just put it in hot water with ordinary domestic bleach for a little while then drain and put in the trash. So one kettle full of cold water in the washing up bowl first then put another full kettle on to boil, put about a small capfull (15-30ml) of “5% Sodium Hypochlorite Solution” domestic bleach in stir then add the boiling water whilst stiring it in this will sterilize all your knives etc and the plastic wrapping and if you are realy nervous your plates cups etc as long as you ensure they thoroughly air dry before you use them. Very small amounts of unscented domestic bleach will not harm you see CDC information on “Safe Water Systems” about how you sterilize water with it so it’s safe to drink etc,

https://www.cdc.gov/safewater/chlorination-faq.html

Oh and if you visit a dentist for a “root canal” you might smell bleach, as a drop or two of Sodium Hypochlorite Solution is used in some places to disinfect the tooth root canals prior to filling them,

https://www.nature.com/articles/bdj.2007.374

Lawrence August 14, 2020 7:33 AM

@Clive

Thanks for your comments.

@JonKnowsNothing

  "We know that the NZ Security Services are part of 5EY and they aren't slouches ..."

I can neither confirm nor deny that, however NZ law explicitly precludes and prohibits them from surveiling NZ citizens and so they won’t be tracking where we go or what we do during lockdown. Besides which, one would strongly suspect the technical capacity here would be insufficient for the task and the Australians would be too busy to assist, the Canadians too busy watching for a diversionary invasion from the near south, The US too busy keeping an eye on China and subversive cities within it’s own boundaries, and the UK maybe working on which way is up (too cruel?). Google and the phone companies would be a better bet however that is illegal here too.

Of course just because it is illegal doesn’t mean it couldn’t happen but our current government doesn’t hold with that sort of thing.

Clive Robinson August 14, 2020 7:36 AM

@ rrd,

The answer is an “RAM image editor”.

We used to do this a lot in the CP/M days.

You run the editor which puts it’s self at the top of memory, you then using the editor’s copy function to make an image in low memory of the high memory. You then edit this and save the result to a new file name. If you get it right you’ve just added a new feature to somebody elses editor, or fixed a bug, all of which kind of came in handy sometimes.

You could do this with some versions of the MS DOS debug.com program, however later versions left the low memory entirely alone so you could “rescue files / data” when a program had gone wild / unresponsive / crashed.

The same idea lurks behind Ken Thompson’s Turing lecture “Reflections on Trusting Trust”, and what to do about it from David Wheeler,

https://www.schneier.com/blog/archives/2006/01/countering_trus.html

Oh and it does depend on not just the compiler doing exactly the same thing each time but the whole tool chain, which as I’ve noted before, might not always be the case. The A86 shareware assembler actually digitally watermarked the ouput code it generated but other tools in the toolchain now do “random” to try to make life difficult for external hackers mostly this is by the OS linker-loader at run time but there is no reason why other tools in the chain can not “mix things up”. I used to do this when developing electronic lock code. The reason was every organisation got functionaly equivalent but entirely differently orderd ROM code with some of it getting loded into RAM in “serial number” ddependent ways, there was also a RAM based “jump stack” that was built and evolved as the code executed. It upset one or two reverse engineers and some guys from MOSAD but that story I’ve mentioned before.

As a habit I quite deliberately change the way my “library code” is built with each project I do for other people, and yes I’ve caught people out reusing my code and sent lawyers after them. It came as quite a shock to some, but they did pay up.

rrd August 14, 2020 10:50 AM

@ Clive

That is truly awesomely inspiring. Thank you very much. Nothing new under the sun and all that, but who knows?

but there is no reason why other tools in the chain can not “mix things up”

Absolutely. It’s key to my approach, but I’m not quite ready to dump everything just yet. Besides, I imagine quite a few folks reading this may enjoy exploring this ideaspaace on their own before I give my years-in-the-making perspective that does indeed allow the designer to address Wheeler’s Trusting Trust problem and solution.

But that doesn’t mean I can’t leave a teaser or two, right?

The system is isomorphic to cell biology’s evolutionary mechanism, and the user is both the mutagenic energy source and the environmental fitness function.

My latest executable version has a format command that dumps itself into an xml file that is then loaded into Gnumeric and printed to PDF. It is able to do this because it has multiple dimensions of abstract self-knowledge.

But first, I’ll probably bring up a couple of concepts I’ve accumulated over the years. I’ve read that epochal changes often accompany terminology changes that re-frame the problem space in very useful ways, and I have a coupla-few that I will likely bounce of you fine folks.

Peace be with you, Clive. Thanks again for all the knowledge you so selflessly drop on us here.

Sherman Jay August 14, 2020 12:24 PM

@All,
As many here have shown Contact Tracing is horribly flawed and often completely ineffective.

Also, like so much software crap that is rolled out these days with no consideration for security, the race for contract tracing apps has spawned danger. And the u.s. government is full of luddites who don’t even think about the lack of interoperability of systems or the likely theft of people’s private data. (with the exception of Sen. R. Wyden, and a few others, who always work to protect people from sh*t tech.) Most of these contract tracing apps likely violate what’s left of the HIPPA protections. Meaning, they can sell or give People’s private medical data to anyone.

hxxps://www.commondreams.org/news/2020/08/13/watchdog-warns-unchecked-covid-19-contact-tracing-apps-threaten-workers-dystopian

I am distraught when it comes to the insanity I see running rampant in the u.s.

HOWEVER,

I am heartened when I read how so many on this blog are showing civility and consideration for others.

Sherman Jay August 14, 2020 12:38 PM

@clive, @ Lawrence,

God only knows what the outcome of Sturgis will be

Probably a real price drop in “Hardly Ables”[1] and the company might just go “belly up”.

Hardly Able [1] An expression I heard from one of Bernie Ecclston’s engineering employees at Formular One HQ over in Chesington SW London several decades ago.

‘outcome of sturgis’ you mean in regard to ‘sharing’ covid-19, aside from the trash, noise, fights, and terminal stupidity on display?

I rode a quiet, smooth, shaft drive, Yamaha touring bike in the 70’s and 80’s. We used to refer to them as ‘Hardly Wobblesomes’. If they were in running condition, they always smoked, leaked oil, and deafened bystanders. I never rode without a helmet. And, my friend (a paramedic) used to refer to ‘Hardly Wobblesome’ riders as those most frequently able to donate organs.

Singular Nodals August 14, 2020 5:30 PM

@MarkH

name Douglas

“Douglas” is a name in fairly wide use; my name is more singularly situated.

echo August 14, 2020 10:54 PM

My mum had a thing against tattoos and motorbikes. The older I get the more I think she was right.

Given all the brouhaha today it’s interesting to speculate how things would have been codified in ancient times in law or religions of the time. I dareay there is much space for comedy too. And verily the umpteenth chief of the tribe of the house of purity did gnash his teeth as the iron faced lord of the frozen swamps smite him with a pointy finger and say “touch you’re it” and did scampereth away over the eleven hills, or somesuch. God knows what they would have made of flashing LED lights on a modem or pen testers barging in willy nilly.

Wesley Parish August 15, 2020 4:47 AM

@Clive Robinson re: frozen foods

This just popped up on Slashdot today:
You Probably Won’t Catch the Coronavirus From Frozen Food
https://www.nytimes.com/2020/08/13/health/coronavirus-frozen-food.html

Both Dr. Ogbunu and Dr. Rasmussen said that an extraordinarily unusual series of events would need to occur for the virus to be transmitted via a frozen meat product. Depending on where the virus originated, it would need to endure a potentially cross-continental journey in a frozen state — likely melting and refreezing at least once along the way — then find its way onto someone’s bare hands, en route to the nose or mouth.

Even more unlikely is the scenario that a virus could linger on food after being heated, survive being swallowed into the ultra-acidic human digestive tract, then set up shop in the airway.

As far as the recent NZ outbreak goes, it would be more helpful to know just what the (likely) provenance of its RNA is – the clusters we had during the outbreaks in March-April of this year showed the US as its immediate origin, which meant Italy before there, and only then China.

Until we get that information, we won’t have a clue as to the current cluster’s origins.

Clive Robinson August 15, 2020 8:54 AM

@ Wesley Parish, All,

    “You Probably Won’t Catch the Coronavirus From Frozen Food”

Yup there’s that weasel word “Probably”… Remember how long did the WHO effectively say it “probably won’t” be a pandemic?

Then we had one…

How long did health inspectors in Germany effectively say of cold air chillers in meat packing plants they “probably won’t” be an issue?

Then they found they were.

Remember when all the experts were saying it was being spread by contact and on fomites and it “Probably won’t” be by airborne transmission?

What do they now say is the primary transmission vector? Yup those “airborne” aerosols and micro/nano particulates.

The real reason we are in this steadily getting worse mess is two fold the,

Firstly, we know very little about SARS-CoV-2, and I realt do mean very little.

Secondly, and perhaps most tragically the false optimism that arises from “Probably won’t”[2].

Every thing that has gone wrong with this pandemic is down to those two things. Whilst the first is excusable, the second is most certainly not especially when we “know” the issues as they have all happened before one way or another (look up the mess over food poisoning and cucumbers in Europe just a few years back).

Let me put it this way, I’m more than aware of the low probability of individual events occuring[1] but when you have hundreds of millions of such potential events occuring, then the probability kind of looks different. After all I’ve never had food poisoning from food I or my family have cooked. But I’ve had food poisoning from a take away in Tooting South London as did others. The simple fact is way way to many people get food poisoning even with TV Meals, which means for various reasons many people are routienly not taking the minimum required “bio-safety” procedures in food preperation for various reasons.

If you actually read current food safety recomendations with the likes of chickens they tell you not to wash it under a tap, specifically because that can make the pathogens on it airborne and spred widly in food prep areas… So ask yourself the question if it’s a risk with chickens and food poisoning, why is it not a risk for SARS-CoV-2 then do the science and the maths so “probably won’t” is quantified correctly. You should now start to realise just how easily SARS-CoV-2 is going to be on somebodies dinner guest list…

But unlike individual food poisoning you then need to add in asymptomatic infectors and “exponential growth”…

All we can realy do is take the required precautions or just hope SARS-CoV-2 is a “no-show” because it “can’t take the heat in the kitchen”… Personly I’m an “ounce of prevention” guy not a “ton of faux cure” kind of guy (oh and I’ve not got a blond blow over or orange fake tan tint).

[1] If you look back in this blog I did the calculations early on and was as happy then to show my reasoning as I was in replying to Lawrence the other day ( https://www.schneier.com/blog/archives/2020/08/friday_squid_bl_740.html#c6815638 ). Back then I showed the individual risk of flying on an aircraft as a passenger was very low, but with so many planes flying the infection spread risk was high, which is what happened and is still happening in practice.

[2] It would not surprise me in the least if any surving historians in half a decade or so talk about this pandemic as “having lived through” the “Probably won’t pandemic”.

Clive Robinson August 15, 2020 9:14 AM

Oh in my above I forgot to add,

If people want to realy worry about something then,

https://www.nytimes.com/2020/08/14/health/covid-19-antibody-treatments.html

Put simply drug trials for treatments are not happening for various reasons, one important one is that many if not most potential trial cohort members get disbared on time grounds due to both the lack and length of time on COVID tests…

Which as most will know is more due to deliberate inertia in Govetnment than anything else.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.