Comments

Sherman Jay August 28, 2020 5:25 PM

@echo,
“I’m currently wallowing in depression and feel no state of love nor excitement for the country. None at all.”

I am so sorry to hear that. You are such a significant and positive contribution to this blog. However, you are far from alone. Everyone I work with that has any shred of decency and compassion is ‘bummed-out’ beyond words. And, there are so many factors on both sides of the ‘pond’ that are discouraging. Arrogant, hot-air balloons controlling countries. The t.RUMP plague still rampaging. Everywhere you turn software with built-in spyware.

For therapeutic reasond I recommend you visit hXXps://www.autoharpist.com/ . Scroll down view/listen to Lo Ann Smith playing Loretta’s Waltz. It’s truly a thing of beauty.

On the serious security side there is:
hXXps://www.eff.org/deeplinks/2020/08/proctoring-apps-subject-students-unnecessary-surveillance

hXXps://www.techdirt.com/articles/20200825/17072245182/mass-biometric-scanning-students-is-covid-19s-latest-dystopian-twist.shtml

hXXps://www.techdirt.com/articles/20200622/09304544759/privacy-questions-raised-distance-learning.shtml

hXXps://www.techdirt.com/articles/20200401/14133144215/another-coronavirus-side-effect-in-home-surveillance-remote-workers-employers.shtml

Clive Robinson August 28, 2020 9:41 PM

@ Sherman Jay, echo, ALL,

Thanks for the,

https://www.techdirt.com/articles/20200401/14133144215/another-coronavirus-side-effect-in-home-surveillance-remote-workers-employers.shtml

Link.

One of my main concerns is about exactly this sort of behaviour by “Human Resources”(HR) types trying to uselessly prove their worth to incompetent managment. As Charles Darwin observed long ago in his book The Descent of Man,

    “Ignorance more frequently begets confidence than does knowledge.”

It’s what is found behind what this century is now called the Dunning-Kruger effect[1].

Usually these HR “makework” displays are for managment who actually cannot manage and have ideas that reflect more about their abilities or lack thereof than they do of those they manage (see amoungst others the Peter Principle[2] and the notions of “internal competition” and “internal ignorance” within companies that grow beyond certain sizes).

If a manager treats an employee like a machine then the most they can hope for in that direction is an autonomous non thinking “machine response” of an “idiot savant” programed computer.

Whilst a tireless mechanical robot response might have been what Henry Ford and “time and motion man” wanted of their domains from early last century to the 1970’s, it only works for machine like activities carried out by manual labour used where a machine would be better suited anyway (which is why many such jobs have been automated when the machines are, over all less expensive than human labour).

Conversly those who can work from home are generaly those above and beyond such repetitive manual work, and it’s frequently work that can not currently be automated in any meaningful way. That is what an employer is actually paying for with this type of work is not machine like productivity but thoughtfull, insightful and creative work and we’ve yet to come up with ways to even think about measuring this other than “time distant” results (hence the likes of the Nobel and Fields medals).

We’ve seen the “HR Dunning-Kruger effect” activities fail, often badly, with a UK newspaper puting “hot crotch shot” sensors under hot desk units, and the idiocy of “Lines of Code” counting in systems going back to the last century. All such systems can be “gamed” one way or another by people who can think in non Dunning-Kruger effect like ways. Thus if you try doing this to people who are capable of “gaming the system” not only are you telling them you do not trust them you are actually setting up the “game” and “inviting them to play” and thus for you to fail in the stated objective of the system… That is they will actually spend time “playing your game” rather than the thoughtful / creative work they would otherwise have happily done when they believed they were trusted (It’s basic “Human Nature 101” folks).

[1] So what explains the psychological effect David Dunning and Justin Kruger noted in 1999? Are some people simply too “dim-bulbed” to know they are? Not necessarily, though we might like to think so for our own reasons. Dunning and Kruger suggest that the phenomenon they observed stems from what they call a “dual burden”. That is it is not just incompetence in people, but their incompetence robs them of the cognative ability to realize just how incompetent they are as others see them. But what do Dunning and Kruger mean by “incompetence” well it is not a “general” but “domain” specific lack of ability, knowledge and skill thus even the best or highest IQ’s can and do suffer from the effect from time to time.

However those that tend to suffer the Dunning-Kruger effect,

1, Overestimate their own abilities, knowledge or actual skill levels in the domain.
2, Thus also can not recognize the genuine ability, knowledge, skill and expertise of domain practitioners.
3, Mostly either fail to recognize their mistakes and lack of ability, knowledge or skill, or blaim others in some way to save face.

David Dunning has pointed out that the very ability, knowledge and skills required to be good at any given domain task, are often the exact same qualities that a person needs to understand that they are not competent at that domain task[3]. Which means that a person deficient in the required abilities, knowledge and skilks remains not just bad at that domain task but cognatively unaware of their inability, even when faced with overwhelming evidence of it[4].

[2] https://hbr.org/2018/03/research-do-people-really-get-promoted-to-their-level-of-incompetence

[3] There are a couple of flip sides to the Dunning-Kruger effect,

1, Those who have the ability, knowledge and skills required for a domain task can assume others also have similar abilities.
2, Those who have the ability, knowledge and skills required can undervalue themselves and suffer from “outsider” or “pretender” worry.

The first leads to teams falling behind time estimates or failing all together. The second can lead to the incorrect people taking the lead in a team thus also resulting in incorrect time estimates or teams failing.

[4] There are also those that know they are not domain experts but still carry out domain tasks they know they are not suited to. Dunning and Kruger have remained somewhat quiet on this issue.

One obvious example is when a domain is not yet established thus the required abilities, knowledge and skills are lacking and have to be found or developed. In essence this is what fundemental research is all about.

Another example is when a non domain expert has to carry out a domain task to facilitate tasks in a domain they are expert in. The obvious example is someone who has to “write up” or “teach others” in the domain they are expert in, in order to get assistance or provide understanding.

Another prime example many here are aware of is “talking tech to business” technical people at some point have to “sell their worth” to the “man that cuts the cheques” and he speaks not tech only business. Many highly able in tech can not talk business thus they get undervalued. Thus developing even minimal business skills is something techs should do.

Then there are people that have to do tasks that effect other domain specific tasks. Engineers run into this problem frequently, that is you have to design systems for those in other domains to carry out their tasks. This is where “transferable skills” can both help and hinder and sensible engineers try to find domain experts with whom they can “bridge” the “knowledge gap”. The trick at the end of the day is to draw process parallels as mathmatical models have a habit of being sufficiently generic to be transferable, then find where the all important limits apply (few things are entirely linear in their behaviours). One rule to doing this is ask the questions in ways you can test such as “Do the laws of physics alow this?” then work your way through the science cannon asking the same question with their rules. Then finally get to the human rules of legislation and business costs etc. Importantly always be aware of “gut feelings” they can frequently be right but in the wrong way due to mistaking assumptions for axioms. Or when moved from domain to domain the limits are different. Oh and the Darwin quote in full applies,

    “It has often and confidently been asserted, that man’s origin can never be known: but ignorance more frequently begets confidence than does knowledge: it is those who know little, and not those who know much, who so positively assert that this or that problem will never be solved by science.”

That’s why you have to stick to the rules 😉

myliit August 29, 2020 1:06 AM

@SpaceLifeForm

“… Stay tuned.”[1] **2 (or *2)

Ok, you got me curious. For example, was a reporter on tv or a speaker at the RNC who was involved with the Marcy Wheeler and FBI matter?

Regardless I skipped both the DNC and RNC events, but I found our President hasn’t changed:

https://www.huffingtonpost.ca/entry/cnn-fact-check-trump-rnc_n_5f4912ecc5b6cf66b2b7100b

[1] https://www.schneier.com/blog/archives/2020/08/friday_squid_bl_742.html#c6816421

https://www.schneier.com/blog/archives/2020/08/friday_squid_bl_742.html#c6816496

echo August 29, 2020 1:15 AM

@Freezing_in Brazil

I feel your pain. Just stay strong at heart. This can’t possibly last too long.

Nearly a decade and getting worse. This is why I’m having another stab at getting legal representation as well as trying to get the cops to pay attention and also get my passport so I can leave. I have my guesses why my comment was deleted but I’m really not sure Bruce truly gets how bad it is over here.

@Clive

I saw what you did then. Nice try and I don’t approve even if you used more words in a different arrangement to promote engineers and insinuate everyone else is stupid. I also think your over-estimate the use of management qualifications in organisations and dismiss feelings too readily. This is why I’ve been mentioning “modes of reasoning” which you whip by a little too fast.

As an example people often think in in strict heirarchy terms because this is what they are used to. The usually male mind and organisations and frameworks tend to be organised like this to give an A->B-C stucture. People don’t consider different arrangement likes horses where A->C->B and at the some time B->A->C. The point is people don’t reaon rationally and the relationships are not always in any given order.

Engineers deal with static things up to the point when they are dealing with something new or unknown facts and then they fall into the same rote learned drawn out expensive Newtonian model everyone else does. Not every problem is “reducable to the laws of physics” (<–mode of reasoning alert) because of political or legal reasons or the science simply hasn’t caught up.

Another thing people tend to place too much confidence in is the linear narrative. A linear narrative gives the illusion of unformity and order and comprehension when the narrative is actually circular. Similar mistakes are made in communication and forensics with the dominant bias tending towards strong and direct versus around and about building up which is why men and women tend not to get each other. This is also true of general argument, legal argument, and philsophical argument. The word “argument” has different meanings and different practices at different times and places. This problem is also seen in the main three domains of reasoning: politics, religion, and science; or narrative, fact, and mythology.

The example you have recently been using of airconditioning systems was built by engineers, yes? The same presumably coiled springs of rational thought were the ones who accepted the work and designed it. Nobody spotted any problems? When the problems began to manifest nobody understood the management issues? Nobody paid attention to end users “feelings”. The fact is we all work on assuptions and shortcuts. Nobody is a walking Encyclopeadia Galactica. Nobody uses pure cognition but reptile brain, middle brain, and cognition last not just seconds but sometimes weeks or months last. This is where “art” and the somewhat variable and open to interpretation “history and context” and “feelings” play a role.

Now I do agree there is no value in going off half cocked on the basis of gut feelings but then are getting into definitions of expertise. We’re getting into art and feelings and heuristics and judgment. We’re getting into “thinking hinky” territory.

Now personally I feel that the label “thinking hinky” is wrong. It contains its own framing and bias. I personally think that “natural intuition” is better and more accurate because the point of view is based on a natural evolution of skill and knowledge and experience and comes more from a well of emotional and artistic reasoning than cognition. A somewhat broader aspect of this is “natural experiment”.

While I was briefly on twitter I observed quite a few failures of reasoning even among quite well qualified and specialised professionals. One example I will pick as its a classic is the kneejerk assumption among institutions that black people had a higher risk of developing coronavirus. A PhD academic who shall not be named was challenging this view and also challenging the assumption that to say there was no higher medical risk for black people was racist. (She herself is a dark skinned ethic minority). Now aftera lot of struggle a paper justlanded in Nature which points outvery clearly that black people have no hgiher medical risk than white people. However, many black people work in “at risk” jobs which place themin harms way more often hence the higher numbers of black people who develop coronavirus. The paper didn’t go in to discussing the economics and historical lag and other factors of this (and yes there is space for a discrimination argument) but they are implied and covered by other papers. You will note that not only activists but politicians and even scientists, those bastions of reason and methodology, were caught up in assumptions.

Reading through public responses on Slashdot (okay, not “scientiic” but grab what you can get) there are still people who go “Okay, so there is no discrimination and yes it’s terrible but oh noes more black people are dying because there are more vulnerable to coronavirus” because they are clearly not reading the paper and fully grasping that black people have no greater medical risk but are doing a loop through discrimination and psychology sticking with the incorrect “black people have more medical risk”. Sigh… Well, I’m glad the science got there in the end people it is important to make a distinction between medical risk and social risk. It is also a risk, the paper notes, for none blacks which very strongly suggests a shared interest by less well off people regardless of colour to see that structural inequality in all its forms is addressed. Things have got a bit polarised lately and all subtlety has gone out the window with every side feeling put down and attacking each other which really only increases the fog of misunderstanding and perpetates things getting worse not better.

WmG August 29, 2020 2:06 AM

George Orwell, always in season, was mentioned here recently. The following news item features the fourth (on the record) richest man in the known universe, as I’m sure he would have it. This comes not from the thematic world of 1984, but from the equally appropriate Animal Farm.

The following is quoted from The Guardian:

Elon Musk unveils pig he claims has computer implant in brain.

Billionare entrepreneur presented animal during a livestream event to recruit workers for his neuroscience startup Neuralink. He described [the pig] Gertrude’s coin-sized implant as “a Fitbit in your skull with tiny wires”….

Musk … did not wear a face mask during his presentation, despite being in a room with dozens of employees, a camera crew and veterinary staff. He eventually put on a mask during a question and answer session.

https://www.theguardian.com/technology/2020/aug/28/neuralink-elon-musk-pig-computer-implant

SpaceLifeForm August 29, 2020 2:19 AM

@ echo

Hang in there. 2020 sucks everywhere.

It will get better in 148 days.

It’s always darkest before the dawn.

There are dynamics at work that the media is not covering.

OXOXOXOXO

SpaceLifeForm August 29, 2020 2:30 AM

@ Myliit

The answer to your question is: Yes 😉

I believe the sender is a lawyer.

Singular Nodals August 29, 2020 2:38 AM

All this Dunning-Kruger Kahneman-Tversky Dunkin-Donuts stuff is at base the fad of crank academics trying to avoid the responsibilities of reality and has nothing to do with the way people behave or think. James Thurber put a pin in that ballon in his 1937 essay “Let Your Mind Alone”.

Curious August 29, 2020 2:51 AM

Apparently, something was terribly wrong with wolfSSL TLS 3.1 implementation.

(“Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)”)
https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/

wolfSSL is a C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments. wolfSSL incorrectly implements the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.”

Implementation is hard? 🙂

rrd August 29, 2020 4:07 AM

Science Meets Sufism

From Scientific American :

hXXps://blogs.scientificamerican.com/beautiful-minds/the-dark-core-of-personality/

Some quotes :

“New research conducted by a team from Germany and Denmark suggests that a General Dark Factor of Personality (D-factor) exists among the human population, and that this factor conforms to the principle of indifference of the indicator.”

“Morten Moshagen and his colleagues proposed that a D-factor exists, which they define as the basic tendency to maximize one’s own utility at the expense of others, accompanied by beliefs that serve as justifications for one’s malevolent behaviors. In their definition, utility refers to goal achievement. For those scoring high on the D-factor, utility maximization is sought despite running contrary to the interests of others or even for the sake of bringing about negative outcomes in others.”

As I have stated here on past Fridays, the opposite of love is selfishness. And secular science is finally catching up with the Sufi Science of Human Behavior.

“Nevertheless, they argue that any single dark trait will be related to at least one (and typically several) of the defining aspects of the D-factor; ie, there is a substantial common core underlying individual differences on all measures of dark traits.”

That “common core” is selfishness.

“First, they found that all of the dark traits were substantially positively related to each other (what Spearman referred to as a “positive manifold”)—although some traits were more strongly correlated with each other than others. The strongest correlations were found among measures of Egoism, Machiavellianism, Moral Disengagement, Psychopathy, Sadism and Spitefulness.”

This is because we ALL have a tendency towards selfishness and that it remains a significant factor in our choices until we consciously choose to consciously self-evolve ourselves beyond selfishness with the help of the Timeless, Unfathomable Creator of all that has ever existed and all that will ever exist.

Note that when not actively working to undermine others, indifference is a key unifying factor in the “Dark Core”, where, once again, some wisdom from the great mensch Elie Wiesel bears repeating :

“The opposite of love is not hate, it’s indifference. The opposite of art is not ugliness, it’s indifference. The opposite of faith is not heresy, it’s indifference. And the opposite of life is not death, it’s indifference.”

So, now you have a scientific basis for what we Sufis explain with regards to our evil brethren.

Take careful note that the scientists have no answers WHATSOEVER as to how to cure our “Dark Core”.

And yet our Sufi knowledge and advice is despised by many, especially those with a scientific or technical bent.

I scored zero out of nine on their quiz at the end. This is not because of inherent qualities of mine — NO! — it is because I have worked for years upon years at being a better person, and, Divine Grace has granted me reprieve from much of my own “Dark Core”.

Here is a real-life example of how we live our lives and, thus, teach our children:

Just within the past few days (Tue or Wed?), I was compelled on our shopping trip (we have been bare-minimizing our trips since March) to swing by an international market. After taking a wrong turn, I saw an older woman leaning on a walking stick with a “Help” sign.

I pulled over, collected the cash my wife had ($18) and approached her. She was 64 and homeless (but luckily had a car). After listening to her speak of her misery for perhaps 10 minutes, I spoke to her about connecting with our Creator (It goes by many Names), went back to the car and asked our daughter for her $50 to give. She gave it without hesitation, without remorse. That is the result of the teaching of love.

The result was also that we made a 64yo woman cry on the street corner because we were the first people to stop and ask her if she needed help.

We were all humbled and peacefully quiet for quite a while on the trip; later we had a great, joyful day. Note that the market I thought I was going to was closed, but that was not really “why” I felt like going there.

We, ourselves, have barely enough money for our Sep rent in the govt housing we live in (three murders in three years), but we recognize that there are others worse off than us and that giving whenever possible is essential. Such giving of money without thought of recompense is the greatest magic in the universe.

Anyone who has enmity towards this message is bound for unhappiness, for this Sufi understanding of human nature and our need to self-evolve is the only way out of our collective troubles.

First, we need to understand ourselves and how to be better. And to go within and DO IT.

Second, we need to understand those who worship their “Dark Core” and how they dominate our institutions of power,

Third, we must establish “On Earth as it is in Heaven” for ALL human beings.

Technology can be used to heal the sick, house the homeless and do all kinds of good things; it can also be used to create the likes of Facebook and the surveillance state. Which direction technology takes us depends solely upon the technology implementors’ “Dark Core” score.

The Law of Karma also means that those who worship their “Dark Core” lose the ability to be happy. For all their bombast and power, the Trumps are a deeply unhappy people. They exist solely to use others for their own personal gain and therefore happiness is simply beyond their reach, for now. Should they turn around and face the light, they, too, will be forgiven, which would be evidenced by their actually changing after having renounced their previous attitudes and behaviors. The problem is that their inertia of personal choices requires more power to change than they are willing to admit or exercise.

[When a smoker goes to the doctor for their eventual maladies, they will not be happier for denying the doctor’s advice to quit smoking.]

Remember, it is one’s humility and effort that determine where one lands on the Dunning-Kruger scale.

Put another way, all the “Dark Core” desires actively interfere with one’s ability to be technically dedicated to one’s craft. I am content with my spectacular failure to embrace and be embraced by Corporate America.

How could we ever fashion a free and equal world society out of people who are unconcerned with their own morality, i.e. the replacement of their “Dark Core” with a selfless, compassionate, impassioned love for one and all, starting with the most destitute?

The reality is that the “Dark Core” traits actively result in our unhappiness individually and in our groups, but few as yet are willing to entertain the possibility that loving, selfless spirituality is an essential aspect of human existence. After all, we are all in this together and we ALL have a “Dark Core” to overcome if we are not to be as those we rightfully despise.

rrd August 29, 2020 4:21 AM

Secondary result of Dunning-Kruger :

Those who claim it is irrelevant and/or wrong have placed themselves quite clearly on its scale, ironically yet predictably unbeknownst to themselves.

Separate truth : The force with which a falsehood is uttered does not make it the truth, yet the ignorant tend to be the loudest of all.

SpaceLifeForm August 29, 2020 4:25 AM

@ rrd

Thank you. Seriously.

How you related the story of helping out someone destitute,
well, I am crying.

And it feels good.

I am literally crying, sobbing, because I know we all can pull this off.

I am crying out, and trusting my fellow human beings.

Ismar August 29, 2020 4:43 AM

@rrd
“ I pulled over, collected the cash my wife had ($18) and approached her. She was 64 and homeless (but luckily had a car). After listening to her speak of her misery for perhaps 10 minutes, I spoke to her about connecting with our Creator (It goes by many Names), went back to the car and asked our daughter for her $50 to give. She gave it without hesitation, without remorse. That is the result of the teaching of love.”

The same creator that apparently watches over human suffering for thousands of years? We don’t need the creator in order to do good as we are rewarded by inward piece and happiness after doing so – something that cannot be sold or bought and something which is the very last line of defence against the slavery of commercialism.

Lawrence August 29, 2020 4:54 AM

@rrd

Thank you for the link to the Scientific American article. Rather heavy going for me first time round but a few re-reads may make it much plainer (its those polysyllabic words that get in the way of meaning).

I wonder if our mutual acquaintance Nasruddin could have explained it more succinctly and clearly? Succinctness and clarity are sometimes lacking in the academically trained.

All the best.

rrd August 29, 2020 5:14 AM

re: Dark Core study

Here is a link to the actual study you can participate in :
http://qst.darkfactor.org/

Here is the current HackerNews discussion :
hXXps://news.ycombinator.com/item?id=24313792

Now my brain is tired (due to the extra, secondary testing that is not moral in nature, but more of a “clarity in reading and responding” test).

One thing the test cannot test, however, is honesty, without which the study is useless. I can only imagine seriously dark folks thinking “How can I answer in order to minimize my Dark Core Score?”

Wisdom is unfolding before our very eyes. A human being’s morality is scientific, after all. But it was really silly to ever think it isn’t, for aren’t we an integral part of this obviously scientific universe?

Note that the results of any scientific experiment are always fuzzy in the eyes of the perceiver both because we can each choose to ignore the truth and because the people who design, implement and interpret “scientific” studies can do so dishonestly or even just poorly.

And then, with a study such as this, there is the entire issue of the reader misinterpreting the question and accidentally mistakenly answering a question or three. Lots of tricky negatives in those questions.

rrd August 29, 2020 7:26 AM

@ Ismar

The same creator that apparently watches over human suffering for thousands of years?

Most of our suffering is the result of our selfish, amoral treatment of our fellow human beings or our ignorance of how we should live, e.g. don’t fertilize your crops with poop, don’t drink contaminated water, etc.

Other kinds of natural suffering give us the ability to show our compassion as we, e.g., selflessly pull others out of an earthquake’s rubble.

If we came together as a human race we could end suffering. Instead, we are creating more suffering not just via economic competition but by contaminating our environment where diseases such as cancer are becoming more common.

We must each, individually and in our groups, strive to overcome our ignorance of the systems’ effects on the health and well-being of our fellows.

But our Creator cares insomuch as we have the ability to choose selfless, caring compassion over selfish, callous competition; in addition to the ability to choose, we have a wonderful mind that can gather facts and gain understanding from them.

As well, we have a feeling, emotional being that can be used to move us to help others — that emotional being’s happiness or unhappiness being the result of our Karmic inertia. It’s the universe’s human feedback mechanism that informs us of when we have done wrong to others; in English, it is called our “conscience”.

Our conscience is a subtle human sense and we each either develop it to greater sensitivity or we abandon its urgings in favor of more selfish, “darker” urges.

Ismar, if we were free of the choice to be selfish, there would be no need for a reward for selflessly giving to others or caring for their well-being. Put another way, happiness (true joy, having nothing to do with pleasure) is only availble to the selfless, regardless of whether or not they are spiritual.

As well, if there wasn’t a force of negativity that acts upon each of our hearts and minds, we would have no struggle for goodness, thereby rendering goodness meaningless. (Everything in this universe is created along a +/- polarity axis.)

The scientific mind does not argue with reality, but merely asks, “Why?” and “How?” and all other good questions that lead to greater understanding. With the proper intentions, greater understanding results in better attitudes and behaviors. We can explore all those questions; it is a key part of our purpose.

We have the free will to be a part of the solution or a part of the problem; AND, whether we are conscious of it or not, we are one or the other in our every human interaction, in our every attitude, our every behavior.

Sure, the Creator of time, space and dimension could wave Its magic wand and make everything perfect, but that would step all over this greatest gift — our Free Will — and our Creator is not some white man who makes a treaty and then breaks it because it’s not to his liking after a second thought.

something that cannot be sold or bought and something which is the very last line of defence against the slavery of commercialism.

You are absolutely correct. That is why I can never ask anything for myself (or even our specific form of religion). No! This message can NEVER have a price, though being charitible is a requirement for membership, but that’s between you and our Creator, as is all religion.

We don’t need the creator in order to do good as we are rewarded by inward piece and happiness after doing so

Once again, you are absolutely correct (with one minor caveat)! In fact, it is this basic fact that is the beginning of the spiritual path. That is precisely why people such as DJT have little hope of accepting this Message of Love: they were taught to abhor being selfless or compassionate or generous or kind or humbly admitting fault. As such, people such as him have not lived their lives in recognition of the fundamental truth you state so clearly.

[The caveat is that nothing happens in this universe without our Creator’s approval. From the Big Bang onwards, Its Dark Energy of the universe keeps the electrons orbiting and the universe expanding and the moral arc of the universe progressing in fits and starts.]

So — YES! — we absolutely can decide to care for others and despise despots on our own, but in order to attain moral perfection, we need Divine help. Not because obeissance to the Unfathomableness benefits It at all, NO!, but because It is the Ultimate Loner and has designed us as being morally dependent upon It for the energy necessary to effect permanent change in our being. How we respond to that invitation is an inflection point in every human life, for good or ill. Hubris exacts a huge price in this situation.

My scoring 1% on the Dark Factor test was not because I lied (I didn’t) or because I simply knew how to answer the questions to get a good score; it was because I have been changed by the spiritual path. It is the ultimate alchemy, to change that which was sullied and unreliable (I most certainly was both!) into a person who has, through introspective spiritual work, actually become a better person.

And it is my humility (which necessarily only grows so long as one stays on the path) that says this is NOT the result of some kind of inherent goodness in myself, but merely upon the Grace of our Creator to relieve me of my faults and leave me with less darkness to yet overcome (I’m not done yet, unfortunately).

It is, however, a testament to how we can each choose to be better and how we can each actually become better, through hard graft (spiritual practices) and honest self-evaluation. We can each do this because we have the power to choose nurturing our inherent positive potential instead of our inherent negative potential.

So, yes, we are each, on our own, capable of choosing virtue over vice, but we cannot rid ourselves of the tendency to err without consulting with our Creator.

Note that one begins seeing the world differently once we have tethered ourselves to the Divine (and expands still over time). Other forms of religion become just that ~ simply another path to the same result, the same goal. People who have not yet begun are just as we, ourselves, once were, just waiting for the right word at the right time to kindle the flame of love in our hearts. Those of us who accepted the challenge do not look down upon those who have not started for the simple fact that we all have our own starting point, before which we were “not blind but still couldn’t see”, too. (But that doesn’t mean they won’t get smote if they’re harming innocents.)

But that doesn’t mean I can’t see the misery people inflict upon themselves by rejecting this invitation to go within and make contact with our Creator for help in our self-evolution. And I reckon that most of us (at least those who don’t actively promote the “Dark Factors”) intuit that this world is currently far, far away from the enjoyable playground it was designed to be. And could be, if only we’d set out a different set of design criteria — a different definition of “Done” — from those of which the powerful have constructed our current systems.

“The Way goes in.” –Rumi

Reflector August 29, 2020 11:15 AM

@ Clive Robinson

You are dunning krugering here all the time (at least since you first started, thus it really is a catch-22….)

myliit August 29, 2020 1:20 PM

@SpaceLifeForm

“… I believe the sender is a lawyer.”

Giuliani?

I read somewhere, iirc, the SDNY had the postal service arrest Steve Bannon on a yacht, because the Southern District of New York (SDNY) didn’t trust the NY FBI field office, which afaik, Giuliani once worked for, with the Bannon matter.

Singapore Noodles August 29, 2020 1:25 PM

@echo @Clive Robinson

thinking hinky … intuition

I like the take I have heard attributed to several eminent scientists that one patiently keep the subject continually before one, and wait until understanding begins to dawn.

Singapore Noodles August 29, 2020 1:35 PM

Or, as MIB III would have it

“ Agent K:
We need pie.

Agent J:
What?

Agent K:
My grand daddy always said, if you got a problem that you can’t solve, helps to get out of your head. Pie, it’s good.

Agent J:
Pie?

Sherman Jay August 29, 2020 2:13 PM

putting us back on the topic of security,

I have been trying different browsers to find one that doesn’t spy/phone home. There is one that is cross-platform and while it is text only therefore limited, it works quite well for many tasks.

It is a holdover from the days of gopher. It is called lynx and is easy to work with. I installed it on linux and a portable free version on window$ and use it often

hXXps://teknologya.com/use-lynx-to-browse-the-web-from-a-linux-terminal/

How to use Lynx to browse the web from a Linux terminal

Since the Lynx browser is command line based, web pages can only be opened by specifying a URL. For example, if you want to visit Wikipedia, you’ll need to use the command:
lynx https://www.wikipedia.org/.

Definition – What does Gopher mean?
Gopher is an application-layer protocol that provides the ability to extract and view Web documents stored on remote Web servers. Gopher was conceived in 1991 as one of the Internet’s first data/file access protocols to run on top of a TCP/IP network. It was developed at University of Minnesota and is named after the school’s mascot.

Gopher was succeeded by the HTTP protocol and now has very few implementations. Gopher-based databases, servers or websites can be accessed through two search engines: Veronica and Jughead.

gopher://gopher.floodgap.com/1/v2 an actively indexed re-implementation of Veronica. Note: This link uses the Gopher protocol so it may not work in most modern browsers.

htXXs://en.wikipedia.org/wiki/Lynx_(web_browser) LYNX still works with gopher (and a lot of http) and is crossplatform (linux,win, dos)

hXXps://lynx.invisible-island.net/

vas pup August 29, 2020 2:16 PM

Neuralink: Elon Musk unveils pig with chip in its brain
https://www.bbc.com/news/world-us-canada-53956683

“Elon Musk has unveiled a pig called Gertrude with a coin-sized computer chip in her brain to demonstrate his ambitious plans to create a working brain-to-machine interface.

“It’s kind of like a Fitbit in your skull with tiny wires,” the billionaire entrepreneur said on a webcast.

His start-up Neuralink applied to launch human trials last year.

The interface could allow people with neurological conditions to control phones or computers with their mind.

==>But the long-term ambition is to usher in an age of what Mr Musk calls “superhuman cognition”, in part to combat artificial intelligence so powerful he says it could destroy the human race.

The processor in her brain sends wireless signals, indicating neural activity in her snout when looking for food.

The device the company is developing consists of a tiny probe containing more than 3,000 electrodes attached to flexible threads thinner than a human hair, which can monitor the activity of 1,000 brain neurons.”

Good video inside as well.

See also good link on the subject:
https://www.bbc.com/news/technology-49004004

Enjoy!

vas pup August 29, 2020 2:39 PM

The batteries of the future: Sodium instead of lithium
https://www.dw.com/en/the-batteries-of-the-future-sodium-instead-of-lithium/a-54707542

“Sodium-ion rechargeable batteries could soon be a cheaper and resource-saving alternative to current lithium-ion cells. Powerful prototypes and groundbreaking findings in basic research make a breakthrough seem imminent.

Currently, however, the performance of sodium-ion batteries lags behind that of lithium-ion batteries by about 20 years. For decades, research has been concentrated solely on the more powerful lithium.

Now however, there are not only groundbreaking scientific publications, but also very promising prototypes.

A South Korean sodium-ion battery managed to handle about 500 complete charging cycles before its capacity dropped to 80%, according to a May 2020 publication.

A battery with a slightly different chemical structure devised by a US-Chinese research group achieved 450 charge cycles with a similar charging capacity. And a Chinese sodium-ion battery had a slightly lower capacity, but still retained 70% of its capacity after 1,200 cycles of quick 12-minute charging.

…nanoscale carbon could provide a remedy. This is shown in a study by a German-Russian working group led by the Helmholtz Centre Dresden-Rossendorf (HZDR). The study suggests that double layers of graphene, i.e., wafer-thin carbon, could store significantly more sodium atoms in the anode than the graphite used so far.

==>If graphene electrodes were to be incorporated into lithium batteries instead of the graphite anodes commonly used today, it might be possible to achieve significantly higher storage capacities.”

Short video inside as well. Enjoy the whole article!

Anders August 29, 2020 2:45 PM

Sorry, javascript is needed for this one.
But it’s worth it.

hackerone.com/reports/783877

Also it’s worth mentioning that they got paid only
$1,750

Ismar August 29, 2020 8:22 PM

@rrd
A couple of points here :
I don’t understand why a lot of people need to thank a Creator for something they have achieved by their own hard work. To me it stinks of some type of ass kissing for a want of a better term. Same goes for expecting some kind of reward in the hereafter for every single good deed done in this life.
Also , Creators can also be commercialised (industry around pilgrims takes in millions if not billions of dollars each year) and used to saw differences between people associated with different understanding of Creators.
Lastly, if I was that creator I would have long time ago stoped my experiments where people do such horrific things to other as massive genocides, rapes, child abuse, torture – list goes on and on.
So it simply makes no logical sense that an omnipotent and benevolent creature would act according to its own nature and allow these things to go on for such a long time.

name.withheld.for.obvious.reasons August 29, 2020 11:08 PM

@ Sherman Jay

Here’s one for you:

curl --raw --url https://www.schneier.com/blog/ | xxd | more

In essence no local copy is kept and no rendering or code is performed.

SpaceLifeForm August 29, 2020 11:12 PM

@ Myliit

Glomar.

I have reason to believe that the information is part of ongoing investigations.

Plural.

name.withheld.for.obvious.reasons August 29, 2020 11:39 PM

I understand most of you (the readers here) are open to suggestion, what do you know of the works of Thomas Paine? I have repeatedly expressed my understanding that he is the first humanist (he’s definitely pre-Calvinist) and his work, The Age of Reason, is recommended. Oddly enough, the works of Williams Shakespeare are commended and with comic irony suggest much that is useful in behavioral science kind of way. I know it is a stretch to suggest but from my experience much of what we share as people is and has been understood for quite some time.

What philosophical arguments of relevance most likely applied to security involve the socio-political underpinnings of law and regulation that drive or select the use of technological and non-technological systems to provide elements of security.

Physical security is most applicable to forms of force, coercion, detention, and corporal punishment as a response, perimeters; boarders, fences, cameras, guards, and other elements are parts of an applicable security system. Law is the use of these systems and responses that society expresses it willingness or unwillingness to tolerate.

Though an oversimplification, security in all its forms and functions ideally support the quasi unilateral implied agreed upon social morals. Beyond that, we are still far from what a sentient species might be capable of. Most of our systems are symptomatic responses and have little to do with “security”. We have what could be termed “Systems of Security” as is possibly best demonstrated by an incoming 100meter wide asteroid hitting the surface of this planet. Security is conceptual and probably illusionary. Our security 100,000 years ago had little to do with any system–more to do with organization. Collective action provided survivability were individualism was fraught with peril. “Let me go back inside and face the peril!” Language has much to contribute as a feature of human evolution and our ability to move beyond the swamp. Though I would argue we ARE moving back to the swamp.

SpaceLifeForm August 30, 2020 2:06 AM

@ Myllit, name....

Ah ha!

In the past 24 hours, there has been some weird stuff happening on the Internet. And I cannot attribute these to Russian actions.

A twitter account that I have been reading a long time, has been compromised.

How do you spell Horse? How do you spell Whisperer?

hXXps://twitter.com/HoarseWisperer/status/1299756031698845696

Another twitter account is now seeing their own emails retweeted to them.

And then you have staged events

hXXps://twitter.com/MrOlmos/status/1299879513195642882

Note the cops come up the highway in the wrong direction, with multiple cops hanging out on the outside of the van!

So, they need 15 cops to break up two persons fighting?

But watch carefully, after the ‘fight’ is broken up, mysteriously, one or two of the cops magically knows there is a sign that needs to be removed.

I could only catch the first word.

Sherman Jay August 30, 2020 10:05 AM

Who is spying on the spys who are spying on us?

dji drones are made in china (many are using china as a catch-all ‘bogeyman’ term which I don’t agree with. China is not a monolithic evil. Some chinese government and corporate entities are as corrupt as their u.s. counterparts, but not all chinese companies or people are evil) But the following is worth being aware of:

hXXps://www.azmirror.com/2020/08/28/dji-drones-used-by-arizona-cops-face-security-concerns/

One security researcher, who calls himself KF . . . “I have said openly a number of times that I was able to locate various countries’ military troops in theater, at specific forward operating bases in active war zones, based on their email addresses and subsequent log files as uploaded to DJI’s servers,” KF said

The servers in question were on Amazon Web Services and were able to be accessed due to authentication certificates being easily accessible online. Some of the authentication certificates KF used were more than 4 years old.

Within the server, KF was able to see unencrypted flight logs, passports, drivers licenses and identification cards. hXXp://www.digitalmunition.com/WhyIWalkedFrom3k.pdf

name.withheld.for.obvious.reasons August 30, 2020 10:29 AM

@ SpaceLifeForm
Moving towards the elections in November it is almost a certainty that communications and media platforms will be the targets of disinformation or suspicion to sow discord and doubt.

Most people are ill prepared to filter or discriminate source material and authenticity of information and information sources (so says the anonymous contributor ironically).

So heads up everyone, we have a cultural and political environment that is ripe for abuse. It is too bad that the opportunities afford the first world are being used to send it back to the third world. We need a new era of enlightenment and enlightened self interest.

JonKnowsNothing August 30, 2020 6:47 PM

@Ismar @echo
re:

I think that it would be helpful if you started using your real name…

I do not think that is needed or well advised.

This is a public area with no ability to alter the situation. Any resolution and/or remedies needed should be sought through legal avenues with appropriate legal counsel/advisors.

There are lots and lots of cases, globally, where such difficulties have been documented. It’s not new. Similar situations abound.

Many passport systems are completely automated with AI/ML engines. Their design failures are often worse than imagined and their AI algorithms suffer the same failures of all AI algorithms.

With BREXIT everyone in the UK now needs a passport with proof of eligibility to remain (goes by various names). 52,000,000+ new passports applications and processing and review are required.

Additionally there is the printing of the physical document. The backlog is currently around 400,000 documents (July 2020).

Hopefully @echo will get a passport as the backlog clears up.

JonKnowsNothing August 30, 2020 7:10 PM

@lurker
re:

I had a Commonwealth passport containing a “Certificate of Grand-Patriality” giving me the right to remain permanently in the UK.

It might be a very good idea to treat that certificate with great care and if you still have to hand out the passport with it, be mindful that lots of folks had their passports with such stamps confiscated and never returned or the returned version had the stamp missing or was for temporary residency.

It might be interesting to have some images notarized so if that certificate gets removed from the document you have some legal proofs that you had it.

Such residency documents, even in the USA are required now. The USA military is happy to enlist anyone but they don’t assist them with the citizenship process for when their military career is over. If they didn’t have legal rights to reside in the USA before they enlisted, they were protected only as long as the enlistment lasted.

ICE then gives them an un-welcome to detention and deportation to places they’ve never lived and languages they never spoke.

Singular Nodals August 31, 2020 12:45 AM

My ultimate and definitive reply to Dunning Kruger –

I identify with the person in this take on MITM

https://youtu.be/IsJ5x_mYbA4

I am the MITM in my own compromised communications; but in that moment it then becomes important to be the man in the middle so as to restore everything.

“Our hearts must grow resolute, our courage more valiant,
our spirits must be greater, though our strength grows less”

C U Anon August 31, 2020 5:24 AM

ALL:

What happens to those who become ‘unwanted’ by/for ‘National Security’

https://www.telegraph.co.uk/global-health/climate-and-people/investigation-african-migrants-left-die-saudi-arabias-hellish/

Remember all detention camps evolve this way, first ‘holding camps’, then ‘detention camps’, and as those around them look the other way, and the guard labour becomes normalized they become ‘camps of death’ then ‘death camps’, eventually they become industrialized killing processes, for genocide. Our parents and grandparents did not believe the first reports more than seventy years, that came out of Europe, Japan and later Russia, and much later Abu_Ghraib and those boarder guards caging children. Now we fail to teach our children of these things…

Remember those who do not learn from history…

name.withheld.for.obvious.reasons August 31, 2020 6:23 AM

@ myliit, SpaceLifeForm, ALL

You may recall that the film-maker Michael Moore predicted Trump’s win in 2016.

Indeed, and I have made repeated assertion that there is a better than zero probability that there will not be an election. I’m not suggesting such a thing but I am certain there is much under the covers that Trump, Barr, and possibly the Supreme Court (or state Governors and assemblies) have already designed.

With the depth of lawlessness that we are witness to, bounding the space to logical, rational, and contemplative actions is probably not an exercise worth entertaining. What about planning for the response to what would be outside the confines of U.S. voting history? Our institutions are falling fast, and, as I repeat neo-kleptocratic-theonomic-fascism is the source of the problem.

If anyone was surprised by the RNC’s convention this last week, you’re not paying close attention. No other convention in our history made the institutions of governance as the backdrop…let alone the venue.

myliit August 31, 2020 8:56 AM

@SpaceLifeForm, U. S. Voters, popcorn eaters, and so on

Perhaps this article covers some of SLF’s voting by mail concern(s) above (perhaps in a different thread or squid)?

State by State breakdown analysis for 50 States and D.C.

https://www.nytimes.com/interactive/2020/08/31/us/politics/vote-by-mail-deadlines.html

“Will You Have Enough Time to Vote by Mail in Your State?
Yes, but it’s risky to procrastinate.

In 35 states, voters can request ballots so close to Election Day that it may not be feasible for their ballots to be mailed to them and sent back to election officials in time to be counted. …”

Frank Wilhoit August 31, 2020 9:19 AM

@Clive, @echo

Management can add value in environments where delegation is effective. Coase’s Ceiling implies that if an organization does not grant effective autonomy to subunits down to a threshold of size (I locate that threshold at 100 persons; ymmv), then it will become nonfunctional due to internal friction. But delegation is only possible in a high-trust environment.

I cannot speak to practices in other countries, but no American who is today below retirement age (and that qualifier may not be necessary) has ever worked in a high-trust workplace. All workplaces are now zero-trust, and the result is that effective delegation is impossible — and accountability, perversely and for different reasons, is also impossible. In these environments, management adds no value — but then, neither do engineers, because no one can.

JonKnowsNothing August 31, 2020 10:09 AM

re: Ring Doorbells look both ways…

The Police and FBI have “just discovered” that their wonderful sponsored in-home surveillance systems like RING (amazon) can work Both Ways…

 Police can spy (remotely) on the folks inside
and
 People can spy (remotely) on the police as they approach door(s)

Anything in the field of view of the devices is open to viewing, so even if they are across the street wanting to borrow a cup of sugar, they are spotted.

Probably all of those interested have already looked into Trail Cameras. A camera with an infrared trigger that is used to capture and map wild game patterns as well as remote livestock. Hunters buy up a bunch pre-hunting season and distribute them in their preferred hunting areas to map where the deer are. Then when tag season opens, they already know where the Big Bucks are and don’t have to walk so far to get a trophy. They are also used in areas where there is no electricity to monitor equipment or enclosure access.

While they are generally passive devices and you have to collect the memory stick, they are small, portable, have multiple camera settings and can capture a wide view for not much money.

Police might look for the connected IDIOT devices where they can issue some (legal) block or blackout orders, but they don’t often look for the old fashioned passive ones, especially the ones aimed in their direction.

ht tps://theintercept.com/2020/08/31/blueleaks-amazon-ring-doorbell-cameras-police/

ht tps://en.wikipedia.org/wiki/Remote_camera
ht tps://en.wikipedia.org/wiki/Camera_trap
(url fractured to prevent autorun)

name.withheld.for.obvious.reasons August 31, 2020 10:44 AM

Angus King just finished giving a talk on Morning Joe about the intelligence committee not being read-in on DNI reports directly. Though King mentioned the risk to the public and the election in particular, they missed an important point. The discuss rotated around what influence or involvement say Russia, China, Iran, etc. might have on the election. He failed to mention the election tampering that the current administration is involved in. Maybe that’s why no direct briefing is being held, some smart Senator might ask how for example the changes at USPS represent election tampering.

Some awareness needs to start happening respecting the repeat claim, as for example asserted by one contributor, neo-kleptocratic-theonomic-fascism is wrestling power away from the secular state.

Oh, and on the topic of zero-trust environments, check who’s not subject to government CE (continuous evaluation). Mentioned a while back the IC has turned its sights on itself in order to prevent leakers and whistleblowers (notice I mention both, as whistleblowers are treated as leakers–ask Binney, Drake, Karikou, et al). Also suggested that it will erode the organizations from within…the suspicion and infighting that results from a environment where everyone is suspect will devolve. Sound familiar? It should, the citizenry is on that end of the cannon so to speak.

Curious August 31, 2020 11:01 AM

(“Man-in-the-Middle Attack Makes PINs Useless for VISA Cards”)
https://hotforsecurity.bitdefender.com/blog/man-in-the-middle-attack-makes-pins-useless-for-visa-cards-24024.html

“Swiss security researchers have discovered a way to bypass the PIN authentication for Visa contactless transactions. A bug in the communication protocols lets attackers mount a man-in-the-middle attack without entering the PIN code.”

“The card does not authenticate to the terminal the Application Cryptogram (AC), which is a card-produced cryptographic proof of the transaction that the terminal cannot verify (only the card issuer can),” says the researchers. “This enables criminals to trick the terminal into accepting an unauthentic offline transaction.”

lurker August 31, 2020 12:33 PM

@Curious: MITM makes pin useless for VISA

What’s this story about? It seems confused, or it’s yet again conflating US practice with the rest of the world.

Swiss security researchers have discovered a way to bypass the PIN authentication for Visa contactless transactions. A bug in the communication protocols lets attackers mount a man-in-the-middle attack without entering the PIN code.

The most important reason for the widespread adoption of the EMV protocol has to do “liability shift,” a procedure that ensures that as long as the customer approves the transaction with a PIN or signature, the financial institution is not liable.

In this part of the world contactless transactions do not require a PIN or signature, thus the banks limit their liability by imposing a maximum size of transaction: for years it was $NZ80, but Covid19 requirements have seen it lifted to $NZ200.

Criminals can use a stolen VISA card and pay for goods without access to the PIN, making the PIN completely worthless.

Yes, because the card is intended to be used without a PIN Crims can use it, and the bank then relies on the fine print requiring customers to notify them immediately if a card is stolen. Savvy customers also run the card from a seperate account kept at a low floating balance.

Of course, the attack used a virtual wallet instead of a card, as the terminal can’t distinguish between a real credit card and a smartphone.

Say What? Maybe that’s some dumb terminal, and not all the 161M worldwide need replacing. Of course those in the USA will need replacing as most are the antique magstripe swipers shown in the pic at the head of the article.

name.withheld.for.obvious.reasons August 31, 2020 1:02 PM

One of the states held by a device terminal, is determined by the card itself. If a card is inserted, i.e. contact surfaces that connect to the smart card–thank you Sun Microsystems–a flag is set for CARD PRESENT. An NFC connection does not provide for the same flag, it instead sets the CONTACTLESS state of the card data. So one way to force a customer facing transaction is to insure that the CARD PRESENT flag is set by the card.

Of the transactions described, the weakest point of over the counter fraud is when a card holder is offered a DEBIT/CREDIT choice and CREDIT is selected. Some cards provide for a challenge beyond a signature, but not all. The default behavior should be as the European card holder transactions are managed, always ask for the PIN not matter the nature of the transaction type.

vas pup August 31, 2020 3:11 PM

Evolutionary theory of economic decisions

https://www.sciencedaily.com/releases/2020/08/200811163313.htm

“When survival over generations is the end game, researchers say it makes sense to undervalue long shots that could be profitable and overestimate the likelihood of rare bad outcomes.

Understanding how humans have made high-stakes decisions over evolutionary time may help to explain our choices in the present day — including our tendency to veer from the preferences predicted by economic models, according to a new study from scholars at Stanford University and the Santa Fe Institute.

“Rather than starting with utility — the happiness or value I get out of making my decision now — let’s think about how the brain was constructed over evolutionary history,” said study co-author James Holland Jones, a biological anthropologist at Stanford’s School of Earth, Energy & Environmental Sciences (Stanford Earth). The research was published in the journal Evolutionary Human Sciences.

According to the theory of expected utility, a staple of modern economics, people should always carefully weigh the likelihood of an event along with the prizes or consequences that would accrue from our decision — and then choose the option with the highest average payoff.
==>Of course, we rarely calculate these averages in practice, as behavioral economists have long recognized.
!!!Yet an assumption that our brains will behave as if we made decisions this way — maximizing personal gain at every turn — is still baked into many public and economic policies[related to security as well – vp].

“We might expect evolutionary systems to mirror markets, with organisms that act rationally out-competing those not behaving rationally,” said Jones, an associate professor of Earth system science at Stanford Earth and a senior fellow at the Stanford Woods Institute for the Environment. “The catch is that you can’t outcompete something if you’re extinct.”

Curious August 31, 2020 3:25 PM

@Lurker

I am not quite sure what the big deal is re. Visa card flaw. The article seemed somewhat important so I linked to it.

Where I live in Europe, if you chose to use a contactless credit card to pay for something, you can do that without a pin code, for up to some maximum amount (iirc about $20), and then I think you have to use a pin code for larger amounts. I am not the best to comment on this, and I won’t claim to understand exactly why the flaw is bad, but I suspect that perhaps this flaw allows for using other people’s cards without having to input a pin code at a payment terminal. I could be wrong about that though.

weather August 31, 2020 6:22 PM

@lucker
Posted before all you need is two people, one at checkout and another near a RFD card, and just relay from the terminal to the card over longer distance rf, you don’t need to hack the protocol, but the will be something in there.

SpaceLifeForm September 1, 2020 2:47 AM

Flying Aircraft Carriers

hXXps://theaviationist.com/2020/08/27/second-successful-flight-of-x-61a-gremlin-air-vehicle-gav-for-darpas-swarming-program/

Freezing_in_Brazil September 1, 2020 12:41 PM

@ all

Just because there is Dunning-Kruger, it doesn’t follow that smart, knowledgeable people – who know and know that they know – don’t exist.

vas pup September 1, 2020 1:50 PM

IMPORTANT!!! Deepfake detection tool unveiled by Microsoft
https://www.bbc.com/news/technology-53984114

“Microsoft has developed a tool to spot deepfakes – computer-manipulated images in which one person’s likeness has been used to replace that of another.

The software analyses photos and videos to give a confidence score about whether the material is likely to have been artificially created.

The firm says it hopes the tech will help “combat disinformation”.

One expert has said it risks becoming quickly outdated because of the pace at which deepfake tech is advancing.

To address this, Microsoft has also announced a separate system to help content producers add hidden code to their footage so any subsequent changes can be easily flagged.

Deepfakes came to prominence in early 2018 after a developer adapted cutting-edge artificial intelligence techniques to create software that swapped one person’s face for another.

The process worked by feeding a computer lots of still images of one person and video footage of another. Software then used this to generate a new video featuring the former’s face in the place of the latter’s, with matching expressions, lip-synch and other movements.

Since then, the process has been simplified – opening it up to more users – and now requires fewer photos to work.

Some apps exist that require only a single selfie to substitute a film star’s face for that of the user within clips from Hollywood movies.

But there are concerns the process can also be abused to create misleading clips, in which a prominent figure is made to say or act in a way that never happened, for political or other gain.

Microsoft’s Video Authenticator tool works by trying to detect giveaway signs that an image has been artificially generated, which might be invisible to the human eye.

These include subtle fading or greyscale pixels at the boundary of where the computer-created version of the target’s face has been merged with that of the original subject’s body.

“The only really widespread use we’ve seen so far is in non-consensual pornography against women,” commented Nina Schick, author of the book Deep Fakes and the Infocalypse.

“But synthetic media is expected to become ubiquitous in about three to five years, so we need to develop these tools going forward.

Rather than release it to the public, however, it is only offering it via a third-party organisation, which in turn will provide it to news publishers and political campaigns without charge.

The reason for this is to prevent bad actors getting hold of the code and using it to teach their deepfake generators how to evade it.

Project Origin, an initiative to “mark” online content in a way that makes it possible to spot automatically any manipulation of the material.

The US tech firm will do this via a two-part process.

Firstly, it has created an internet tool to add a digital fingerprint – in the form of certificates and “hash” values – to the media’s metadata.

Secondly, it has created a reader, to check for any evidence that the fingerprints have been affected by third-party changes to the content.

Microsoft says people will then be able to use the reader in the form of a browser extension to verify a file is authentic and check who has produced it.”

Reality Bounce September 1, 2020 2:00 PM

@Reflector:

I think Singular Nodals has this in mind for you,

‘Your mind may not be much good, but it’s all you’ve got to misunderstand with.’

Thus don’t be that sure about a Unicorn in the Garden. Otherwise your life might br a bit of a mitty.

SpaceLifeForm September 2, 2020 2:13 AM

A good example of what can happen when one may not do proper basic research before asking a question.

It’s a simple question and a simple reply.

Since it is short I will put the Q+A here

Q: Can you help me understand the Portland riots. Why haven’t you stopped the violence?

A: Well, we’re a newspaper in Maine is the main reason.

hXXps://twitter.com/PressHerald/status/1300809515798081537/photo/1

hXXps://twitter.com/PressHerald/status/1300809515798081537

At first I laughed.

But then I started looking around.

SpaceLifeForm September 2, 2020 3:33 AM

@ name....

“Most people are ill prepared to filter or discriminate source material and authenticity of information and information sources (so says the anonymous contributor ironically).”

Especially the authenticity angle.

Regarding the PressHerald incident above, I see no others smelling the angle I do. None.

I’ve been digging, and the more I do, the more I smell IRA.

And checking some other replies points to other IRA agents.

Many accounts from 2011 with few tweets.

It can be difficult to troll well when you can’t access Google in Russia.

So, you may get some information about the wrong Portland, but if you lived in North America, you probably wouldn’t get confused like lesterrr did.

myliit September 2, 2020 6:02 AM

@SpaceLifeForm or popcorn eaters

“… It can be difficult to troll well when you can’t access Google [ or DuckDuckGo, https://duckduckgo.com/ , ] …”

Yeah, but it doesn’t take much to swing an election, especially in swing states.

https://www.theguardian.com/technology/2020/sep/01/facebook-russia-internet-research-agency-fake-news

“ Russian agency created fake leftwing news outlet with fictional editors, Facebook says

Internet Research Agency [(“‘IRA’”)] also hired real, unwitting freelance reporters in operation Facebook has removed […]

Much of PeaceData’s content was copied from other websites, though some was produced by unwitting freelance reporters. Advertisements on Upwork and Guru.com offered a flat rate of $75 to entry-level writers. Major topics for the site included armed conflict, human rights abuses (especially by the US and UK), corruption, and the environment, as well as WikiLeaks, the coronavirus pandemic and the baseless QAnon conspiracy theory.

[…]

PeaceData’s coverage of the US portrayed the country as “war-mongering and law-breaking abroad while being racked by racism, Covid-19, and cutthroat capitalism at home”, according to the report. The outlet was negative toward Donald Trump, but Graphika found that its treatment of his Democratic rival Joe Biden and vice-presidential nominee Kamala Harris was “noteworthy for its hostile tone”.

The US-focused content of PeaceData appeared designed to “build a leftwing audience and steer it away from Biden’s campaign”, according to the Graphika analysis. UK-focused content similarly appeared to appeal to leftwing audiences with attacks on the Labour party leader, Keir Starmer, for being too centrist.

The operation targeted supporters of Bernie Sanders and democratic socialists in the US and supporters of Jeremy Corbyn in the UK by having one of the fake accounts, the fictitious “Alex Lacusta”, post links to PeaceData articles in affiliated Facebook groups.

The IRA also used “unwitting users” to attempt to obtain authorization from Facebook to run political ads in the US, the company said. Facebook implemented the authorization process for political advertisers after the 2016 election, when the IRA was able to spend about $100,000 – some of it in rubles – on ads that targeted US voters with divisive messaging. …”

echo September 2, 2020 7:50 AM

https://www.youtube.com/watch?v=f8DQSM-b2cc

Flat Earth “Science” — Wrong, but not Stupid
In this video I explain what flat earthers believe, why they believe it, and why I think scientists should take flat earthers more seriously.

Sabine Hossenfelder presents an argument which addresses the science and engages with people sucked in by the alt-right/conspiracy-theory/right-wing/fakers.
Sabine gives a useful history of “flat earthers” and notes how Youtube is where “flat earthers” really took off. She also gives a good run down of belief systems and how “flat earthers” illogically and dogmatically reject certain types of evidence because it is “hard work”.

I find Sabines argument comes from a better position than lazy labels. I don’t personally believe throwing around “Dunning-Kruger” or “comfort ones” is especially good. Not only are they “monitized memes” but have become a handy stick for anyone to beat anyone. Their currency is so devalued they have lost any useful meaning in the context they are usually used.

I think her conclusions about viewing “flat earthers” as a warning sign and taking time to explain the methods by which scientists arrive at their conclusions is very good.

echo September 2, 2020 12:26 PM

Moderators targetting pretty much everything I’m posting on here. Anything quering UK government or complaining about the alt-right is heading straight for the bit bucket.

MarkH September 2, 2020 1:08 PM

German chancellor Angela Merkel just announced that the poison used to attack Russian dissident Alex Navalny was Novichok, the Soviet nerve agent made famous by the U.K. Skripal attack.

This identification derives from a German analytical lab.

Putin’s slobbering defenders will now say that in an attempt to discredit him, either Navalny deliberately poisoned himself, or wicked U.S. operatives bought some Novichok on Ebay and flew to Siberia to poison the victim.

vas pup September 2, 2020 4:03 PM

@echo • September 2, 2020 12:26 PM
Dear blogger,
You’re not the first one with similar problem.
The best way to avoid it to stick as close as possible to the purpose of this blog “Schneier on Security”, i.e. as soon as political issues DIRECTLY related to security, then you post will survive.
I agree with you it’ll be good practice when Moderator delete the post to provide short explanation as well ‘why?’, so you and other bloggers could better adjust their post to the policy. But that is not MY blog. Bruce world is final on that as owner of the blog.
I wish you the best.
VP

vas pup September 2, 2020 4:24 PM

Sam Harris: Internet creating balkanisation of thought

https://www.bbc.com/news/av/technology-53997747

“Conversation is the only tool we have for making intellectual and moral progress, the US philosopher and neuroscientist Sam Harris has said.
He told Hardtalk’s Stephen Sackur that the power of conversation was being threatened.

=>He said: “The internet is having this dual function of allowing us to get access to really the totality of human knowledge instantaneously but it is also allowing our sense-making to shatter and our epistemology to allow for a sort of balkanisation of thought.”

Singapore Noodles September 2, 2020 6:38 PM

@echo

Re: flat earth

I think Prof. Hossenfelder could have strengthened her analysis.

Unless flat-earthers are saying the earth is truly two dimensional (I guess some of them do), the difference between the positions is just an argument about details of curvature of the surface of a solid body, the planet.

At this point one is tempted to stop and say to the sides how uncouth to squabble about minor differences in what is the same basic position, let’s get a beer; but if not …

Except for constraints of rock mechanics, there is nothing in principle preventing the planet from being flat, a big plate-like asteroid. Gravity, the sun, the moon etc would all be happy. So local details have to be examined.

Local measurements are consistent with “flattish” or “roundish”, or almost anything. To decide which, the local measurements have to be stitched together to give a global estimate. But the stitching requires a mathematical model that provides the stitching rules.

At this point the flat-earthers, in asserting globally flat, exceed their “only what I see” brief by assuming the local measures integrate to global flatness. I.e., in terms of their own starting points they fail.

As for models, they are only acceptable to the extent they provide an nice way to capture the appearances, and the moment something new comes up, the model goes. So, we may all be flat earthers someday.

SpaceLifeForm September 3, 2020 12:21 AM

@ vas pup

I’m sure you have observed that Bruce cleans well, but sometimes leaves a posters comment reflecting a prior but now deleted comment.

He has deleted mine, and after further thought, I agreed it was all good.

You would probably be shocked as to the volume of stuff you never see.

The tons of trash Bruce takes to the bit-bucket.

So, as to your point about trying to stay semi-relevant when posting,
read this, and then read the link to see who wrote it.

I doubt many are NOT familiar with the writer that I am quoting below.

The link is not the person I am quoting. I am purposely not telling you who the writer is.

It’s a cool story. Learn.

https://twitter.com/OriginalYoni/status/1301185618194685952

“Here is my social media rule: always ask if you are adding to the conversation, or subtracting. Am I adding joy, knowledge, laughter, anything? Post! Or am I subtracting joy or knowledge? Don’t post. It’s simple.”

echo September 3, 2020 3:07 AM

@vas pup @Singapore Noodles

Well yes but Bruce doesn’t know me and I feel there’s not much compatibility between my views and his. This blog is simply a boys toys and US federal security advisories and marketing for job titles blog, basically. As someone who has been directly harmed by the US exporting its domestic policies abroad I’m already a bit “Hmmm” about things. I’m just twiddling my thumbs during lockdown until I get my passport.

echo September 3, 2020 5:39 AM

https://www.theguardian.com/money/2020/sep/03/vital-id-documents-are-in-lockdown-at-the-dvla

It seems lots of people are being unlawfully detained by the UK withholding passports because the driving licence department has been hanging on to them.

I haven’t even got as far as being able to apply for a passport because of various departments unlawfully playing pass the buck to avoid admitting breaches of human rights law (among other things). It’s a neat way of stopping a citizen escaping the country and blowing the whistle. I want to leave and I want to leave NOW. Why? That will be for my asylum claim the second I’m over the border. It will be a rather thick application made even thicker by this stupidity.

The UK does have ways of providing travel documents when a passport hasn’t been provided in theory but involves spending lots of money I don’t have up front and no refund if they decline. Oh, yes. Give me another kick why don’t you?

rrd September 3, 2020 7:01 AM

@ {Functional programming folks and those of us who despise monads}

I just found this and it made me laugh out loud, then more on each rewatch.

hXXps://www.youtube.com/watch?v=ADqLBc1vFwI

“… and BAM! Dinner’s served.”

I haven’t laughed that hard in quite a while. Peace be with y’all.

Curious September 3, 2020 8:44 AM

Something, something illegal bulk collection of call records (USA):

https://twitter.com/PatrickCToomey/status/1301211138936446977

https://www.aclu.org/legal-document/united-states-v-moalin-ninth-circuit-opinion (dated Sept. 2. afaik)

I haven’t read this, but here is what the twitter guy says:
“Breaking: In a long-awaited decision, the 9th Circuit has ruled that the NSA’s bulk collection of Americans’ call records was illegal.

The court held that the mass surveillance program violated Section 215—and very likely violated the 4th Amendment too.

I don’t know the importance of this ruling, but perhaps this is concidered a big deal in some general sense.

C U Anon September 3, 2020 12:35 PM

@ALL:

“India bans 224 Apps this year”

Indis has been fairly busy banning apps on Android and iOS this year much to the anoyance of many users.

The claims are effectively the normal catch all ‘National/Sovereign Security/Integrity’ mumbo, which usually means Politicians are rattling their sabers or shaking their impotent little fists.

Two things to remember,

1,Earlier bans were on ‘religious’ basis.
2,India and China are effectively in a ‘cold war’ situation with occasional quite serious boarder skirmishes/incursions.

Thus take what is being said with caution. That said ‘Motherships in China’ are nothing new so many IoT and Apps do it quite a large fraction of China bound Internet traffic comes from them. In some cases about the same as various well known US OS’s and apps hoover up and send back to ‘US Motherships’. The US OS and Apps Silicon Valley Corps were the ones who started it and put in place the business models we all get exploited by thus blaiming other people for trying to do the same is realy quite silly.

As we also know most if not all Western Nations will hoover up what ever user data they can that crosses their national boarders and many care not a damn about any boarders what so ever (The UK RIPA legislation regards anything that can be reached from any network that can be seen from the UK no matter how convoluted the approach as legitimate traffic to gather).

So any traffic sent to a Mothership, no matter where it is, is for Westetn Nations atleast something to be collected.

This does not mean as some claim that the companies that run motherships are in choots with National Intelligence Community Agencies, just that those agencies will steal what they can what ever way they can and they realy care not how they do it as long as they can keep it out of the public view. Thus for the agencies the prefered method where possible is ‘off the wire’ one or two routers up stream of a mothership or at a major routing node to the mothership.

So I’m fairly certain that both India and China as Governments are both ‘watching the wire’ intently to grab what they can via their SigInt and other Intelligence Community Agencies.

If Governments were actually honest about preventing such abuse of their citizens data rather than just waving flags and making noises, they could very very quickly stop it simply by ‘black-listing’ the addresses of the Motherships both in their own country and in others.

The downside of course is many IoT devices and apps and even OSs would cease to work, as they are designed specifically to gather data as part of the ‘profit model’ and thus have been deliberately designed to ‘ET phone home’ to the mothership. One vary serious offender in this is of course Amazon others are Google and Microsoft. As far as ‘National Security’ is concerned, many countries would be very much better off blacklisting motherships, as the net effect will be to boost their home industries. We might call it ‘Balkanising the Internet’ but honestly the major use for the Internet is for Corporate Global Takeover, under the ‘Winner takes all’ principle. If you ‘blacklist’ the undesirable Corporate behaviour then it will open up National markets thus local industry thus economic activity.

echo September 3, 2020 1:20 PM

https://www.theguardian.com/sport/2020/sep/03/frank-and-claire-williams-hand-over-reins-of-legendary-f1-team

Oh for Gods sake. Williams the F1 company just sold itself to a US investment company. £136 million covers a lot of guilt.

https://www.theguardian.com/law/2020/sep/03/social-media-not-removing-people-smugglers-pages-mps-told

Facebook, YouTube and other social media organisations have refused to shut down many pages understood to be used by networks for people-smuggling, despite requests from Home Office staff and police trying to crack down on human trafficking rings, MPs have heard.

I wonder if they offer a discount for anyone not trying to get into the UK but trying to leave the UK. If anyone thinks I’m paying 3000-5000 Euros they’re kidding themselves. 100 Euros if they’re lucky and I want a free hot drink and sandwich.

A Facebook spokesperson said: “People-smuggling is illegal and any ads, posts, pages or groups that co-ordinate this activity are not allowed on Facebook. We work closely with law enforcement agencies around the world, including Europol, to identify, remove and report this illegal activity.”

However, the company added that while it did not allow content that offered or assisted in smuggling of humans, it did permit requests for information or solicitation for help on how to get smuggled and the provision of information on how to leave a country illegally. A decision to allow people to share information on how to leave a country illegally – if done so without offers of smuggling services or payment – was made because staff believed that this could help people escape from life-threatening situations.

Actually, some is legal and some isn’t legal. The fact the UK state is unlawfully blocking passport applications or blocking people from having their passports returned to them due to least effort pay rise demand of the week and negligence and discrimination is a real problem. Nobody makes a stink over that.

The problem is even worse than that as refusals by the UK state to lawfully process some passport applications properly puts some UK citizens at risk of harm and in some cases death if they happen to be in the wrong country. The passport office actually know this and have put their fingers in their ears blaming other departments. Ministers have waved complaints away because of faux safety issues i.e. politics. Oh, yes. Fine. Get me killed why don’t you just to keep some sexist bigoted desk jockey in the Inland Revenue happy?

I want my passport NOW.

I want to leave NOW.

The UK state hates me. Fine. Just let me leave.

Sherman Jay September 3, 2020 2:19 PM

Security and Safety begin with having full and accurate perspective and information about any subject.

Sam Harris has some good ideas, but this one seems rather incomplete.
“Conversation is the only tool we have for making intellectual and moral progress, the US philosopher and neuroscientist Sam Harris has said.

A couple of more basic tools to make intellectual and moral progress are:
ONE gathering complete, credible perspective and information on the subject, validating that info, including comparing numerous sources

TWO using critical thinking and logical analytical tools to evaluate the info and thus gain an accurate position.

Conversation can be part of the info gathering tools, but does not, in itself, provide any qualitative evalation toward intellectual understanding of an issue.

vas pup September 3, 2020 4:02 PM

@Sherman Jay • September 3, 2020 2:19 PM
“TWO using critical thinking and logical analytical tools to evaluate the info and thus gain an accurate position.”

I agree with you on that plus small addition: just put aside your confirmation biases, illusions, other subjective/ideological factors which have nothing to do with obtaining truth, i.e. deliberation versus argument.

vas pup September 3, 2020 4:08 PM

NSA surveillance exposed by Snowden ruled unlawful
https://www.bbc.com/news/technology-54013527

“A National Security Agency (NSA) surveillance program has been ruled unlawful, seven years after it was exposed by whistleblower Edward Snowden.
The surveillance of millions of Americans’ telephone records first came to light in 2013.

Now, the US Court of Appeals has ruled intelligence leaders who publicly defended the program lied.

And Mr Snowden has said he feels vindicated by the ruling.”

“It makes plain that the NSA’s bulk collection of Americans’ phone records violated the Constitution.”

Sherman Jay September 3, 2020 4:20 PM

@vas pup,
Thanks for the addition. You are absolutely right. All our accumulated biases are stumbling blocks to getting an accurate picture of things. It’s very difficult to be objective. But, objectivity very important. When I try to analyze anything, I try to make myself aware of all the emotional biases I’ve accumulated over the years and to compensate for them (nullify them in the analysis).

When engaging in ‘conversation’ sharing opinions are one thing. But, discussing (positing) a factual matter, I always get a kick out of someone saying ‘that’s just your opinion’.

Sherman Jay September 3, 2020 4:29 PM

@vas pup • September 3, 2020 4:08 PM

“NSA surveillance exposed by Snowden ruled unlawful”

Thanks for the info. In a way, that is comforting.

However, being a security cynic (borderline paranoid?) from years of experience, when has a slap on the wrist ever stopped a secretive government agency from spying on people. It’s what they are dedicated to do for a living.

(Why is that guy in a gray van pointing a salad bowl at my house? ROFL)

echo September 3, 2020 6:11 PM

https://tech.newstatesman.com/business/hermann-hauser-nvidia-destroy-arm

SoftBank is in advanced talks with US chip company Nvidia to sell Arm – with a price in the region of £32bn reportedly being thrown around. But Nvidia’s purchase of the Cambridge-based chip designer would not only strike a blow to the UK’s technological sovereignty, but would result in the destruction of Arm itself, Arm co-founder Hermann Hauser has claimed.

Yes and a lot more besides. Welcome to the gutting of the UK. Brexit… F1 and now Williams selling out. Everyone could see this happening before it happened. Please please please can we not just cut the transatlantic cables with America now? I am so sick of them and Tories for ripping the social democtratic rug out from under the UK. The UK really really is a nasty stupid shithole of a country.

I just want to leave and they won’t let me have my passport.

SpaceLifeForm September 3, 2020 8:40 PM

@ Trudi Fenster-Klotz

The article is good at explaining Bayes Theorem.

Note that the website still supports plain http and does not redirect to https. The https works but there is no auto redirect from http.

Why would ams.org still support plain http at this point in time?

Trudi Fenster-Klotz September 3, 2020 10:05 PM

@SpaceLifeForm

Re: not secure

I don’t know.

My apologies for posting the link without checking ! A good lesson.

Who? September 4, 2020 7:53 AM

@ SpaceLifeForm

Why would ams.org still support plain http at this point in time?

Why the entire world should move to HTTPS if information provided is not private? In this case, the American Mathematical Society is providing public information, no password or some sort of authorization required to get it. HTTPS does not hide the URL, it is not DNS over HTTPS, so anyone will still have access to that information even if the content transmitted is encrypted for another user.

I know there are performance penalties and other search engine optimization issues, but they are political issues completely unrelated to technical matters.

Who? September 4, 2020 8:02 AM

@ vas pup

“It makes plain that the NSA’s bulk collection of Americans’ phone records violated the Constitution.”

What about bulk collection from other citizens, like european ones? Is mass surveillance of other citizens, even citizens living in supposedly allies countries, legal? Perhaps it is time to break relationship with the United States until this unfortunate situation is fixed.

myliit September 4, 2020 2:50 PM

popcorn eaters or non lactopopcorn eaters

For the paranoid/fearful among us, are regular sunglasses better than polarized sunglasses? Best tints? Glass, cr-39, polycarbonate, best optics, etc., …

Pros and cons of each?

myliit September 4, 2020 3:05 PM

Who? @ SpaceLifeForm Trudi Fenster-Klotz

“Why would ams.org still support plain http at this point …”

Are http connections, vs. https connections, wide open to mitm attacks?

Clive Robinson September 4, 2020 3:41 PM

@ Bruce and the usual suspects,

Once, long ago, back when…

We talked about Crypto systems, and new algorithms. Sadly such things became fitst a scarcity, then a drought, and now an almost distant memory.

Well, it appears people are still trying to build “better mouse traps”.

One idea that never goes away is that of the crypto system that takes private plaintext and converts it via a secure encryption algorithm not to a bag of bits with near flat statistics but to a human readable text indistinguishable from an innocent plaintext.

Past attempts have almost always been actually stenography and lacking in security or can be somehow distinguished from innocent plaintext.

Well I know of one way to do this using OTPs and codebooks that is certainly secure and I’ve described it here before. However it has “standard form” issues that make it neither “general purpose” nor “indistinguishable in depth”, thus whilst usable it has limits on the number of messages that can be sent (and the number of bits in each message).

Well somebody has come up with another idea to do similar, perhaps those who thirst after the fun of this blog when it was not even a blog might want to have a look at,

https://github.com/linenoise/asemica

And dissect and discuss.

I’ve only glanced at the readme as “I’m very busy being lazy” for the annual two weeks at the moment and catching up on things like reading and just saying Hi to people and even a little “Do It Yourself” larder filling with bottles and jars and gently bubling vats of preserves etc.

So hopefully it has some meat on it’s bones if not a good bit of gristle to gnaw on 🙂

MarkH September 4, 2020 5:36 PM

@Clive:

Near the top of the github page are a couple of ciphertext examples.

To my eye, they are glaringly not authentic natural language, though they do remind me of the gobbledygook blobs sometimes used as “message content” by online comment thread spammers … so perhaps they’d be inconspicuous in very specific contexts.

Not only would they catch the eye of anyone scanning for potentially suspicious messages, but I also suspect that it would be practical to flag them by algorithm.

My tuppence, anyway.

Singapore Noodles September 4, 2020 6:31 PM

@myliit

sunglasses better

As long as you wear them at night, it doesn’t matter what kind

youtube.com/watch?v=jxcZAHTyVCI

Cheap is best usually

youtube.com/watch?v=97bMX7KV8d4

Be careful not to exaggerate their worth

youtube.com/watch?v=Gx_6rXm_5LM

Clive Robinson September 4, 2020 6:34 PM

@ MarkH,

To my eye, they are glaringly not authentic natural language

I suspect they are not ment to be, if the input text used to build the markov chains is to short.

When I designed the system I’ve described on this blog before, I was conciously aware of that problem hence the use of a “Codebook of sentences” where each sentance was semanticaly compleate. Hence,

    How about a XXXX SAY next YYYY

Where XXXX was one of eight words such as beer, coffee, cupper, etc and YYYY was another three bits and the use or not of SAY would be a use/not use flag. The three bit number was if the flag was set made from the addition of the real three bit message fragment added to an octal One Time Pad.

The important thing is the entire sentence remains semantically complete thus stands alone. It’s also impossible to spot on the first usage and only becomes obvious with repeate usage in more messages. Unfortunately at some point after a single usage the “message in depth” problem arises and corelation can arise not just with messages but with actions by an actor under observation.

In essence the “asemic Markov-chained” system is building the “code book” for a system that does not use any encryption (OTP etc) which renders it weak[1] if the plaintext analysed by the Markov Chain is reused[2]. That is it is obviously “asemic” without being “pansemic”[3] which the use of an OTP encryption step adds.

That said I’ve only read the readme but I’ve read it in the light of designing a not to disimilar system from the security aspects.

[1] Whilst “codebooks” were once seen as a secure system they are not. In essence they are like foreign language dictionaries they perform a simple substitution cipher with an invarient monoalphabet. The advantage of code books is that they can be used as compression algorithms to shorten the actual message length (see the likes of the Zimmerman Telegram). But their use must then be “super encrypted” by a secure method of encryption (OTP etc).

[2] One of the disadvantages of the OTP is that “there must be as much key material as the sum of the lengths of all the messages” which is a lot. If this asemic Markov-chained system is to be as secure as an OTP then it needs as many plaintext input texts as there will be messages, howrver each plaintext input to the Markov-chain method will have to be many many times longer than any message probably more than fifty times. As this will have to be both unique plaintexts and unknown to any potential adversary the size of these input plaintexts would be atleast fifty times as much as an OTP. Also the plaintexts not having a flat frequency distribution semanticaly they may just be liable to easier analysis.

[3] Many will be unfamiliar with what the words “asemic” and “pansemic” and most dictionaries on the shelf will not have them. To slightly misquote a group of artists,

    A message without meaning is asemic but one with all meanings is pansemic.

The designer of the system was trying for the former whilst I was trying for the latter.

SpaceLifeForm September 5, 2020 3:08 AM

@ Myliit

Yes, plain http is easily MITM-ed, just like your postal mail is.

I still say, avoid vote by mail, especially in some areas.

But, if you have to do so, do it as early as possible, and take the ballot to a mailbox in a safe zip code.

There is a reason it is called ‘snail mail’.

Wear a mask. Vote.

hXXps://www.nbcnews.com/politics/congress/congresswoman-blocked-touring-mail-facility-postal-service-police-n1239359

A congressional aide told NBC News that they alerted the Postal Service at 1:30 p.m. on Thursday that they intended to make the visit. Because of the photos and the fear of what might be hidden from the congresswoman’s view, the short notice was intentional.

SpaceLifeForm September 5, 2020 3:33 AM

@ Myliit, Singapore Noodles

Been using BluBlocker for 34 years.

Time for a new pair. They actually degrade over time. Besides scratches.

The UV is blocked, but the UV slowly degrades the material.

I prefer them over others because they are usable in cloudy conditions, they are not too dark. That said, they are not perfect for direct sunlight, i.e., when you get in a position while driving where you can not avoid looking directly at the sun. But, that is what the visor is for. Rare conditions, involving a hill, and near dawn or dusk, even with using visor, it can be a pain. But overall, most of the time, they meet the goal.

hXXps://www.ncbi.nlm.nih.gov/pmc/articles/PMC6615932/

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.