Friday Squid Blogging: Saving the Humboldt Squid

Genetic research finds the Humboldt squid is vulnerable to overfishing.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on October 9, 2020 at 4:02 PM135 Comments

Comments

name.withheld.for.obvious.reasons October 9, 2020 4:16 PM

9 OCT 2020 — Seeding the Present Denies the Future and the Present?
A few searches on Google this last week produced some interesting results. What was surprising was a ranking decision made related to a search for the newly created Office of International Religious Freedom. Excepting the first site to be listed would to my mind be the official state department website at state.gov. No, that was not the first listed result, instead a religious news site took first place in the vaunted Google prize for placement. It also included the sub-enumerated hierarchy of links as in many promoted sites. Thus, is it possible to promote an unaffiliated site over an official site or governmental site?

This is new behavior, a mistake, or some other form or feature that has metastasized within the GooglePlex universe?

name.withheld.for.obvious.reasons October 9, 2020 4:24 PM

@ Addendum to prior post
The search included a subtopic for a report post-pended to the string and I could have activltly filtered it by including the query filter site:state.gov to insure the site was related. Still was amazed that another site not affiliated with the government (a religious organization) took top spot. Not going to spell out exactly the site name but it was a religious news site, to eliminate conjecture it was not csmonitor, I have much respect for their reporting. Sorry I didn’t include this in the original post but wanted to insure that I gave full context with some rationale for the redaction related to the result.

BiggieSmalls October 9, 2020 5:57 PM

EFF pronouncing about the Julian Assange case:

http s://www.eff.org/deeplinks/2020/10/selective-prosecution-julian-assange.

The thing I keep finding strange is the narrative that the person on the logs supposedly talking with Manning on an OTR protocol is Julian Assange. Is there any proof about this? How is this argument sustained when proof in a digital world does not stand the same rules of a physical world? Not that the answer is important since denouncing war crimes is only considered a crime by the murderers themselves.

Sherman Jay October 9, 2020 7:04 PM

@name.withheld.for.obvious.reasons and @all,
I hope you are aware that g00gle always ‘cooks’ search results in a dozen ways. It is like some politicians we’ve seen on stage recently: it never gives a straight answer. It might be that since you use it, g00gle’s database on you directed those results. I know that a dozen people using g00gle for the same search will often get wildly different results based on how g00gle has tracked and targeted them.

I use (and recommend everyone to use) duckduckgo.

name.withheld.for.obvious.reasons October 9, 2020 7:37 PM

@ Sherman Jay
I am a literal blank slate to google, all the fingerprinting (video card blanking, font rendering, XML GUID trackers, java-script bugs, tagged images, cookies, etc.) are thwarted by my use of non-rendering data acquisition. Have been on to Google for decades. Hell, I did tell Larry Page back in 97′ to take his thesis project (Large Scale IDE Array) and build a search engine. That was at lunch with his brother Carl, an Evangelist at Microsoft.

I use Google to represent to others or discovery respecting various aspects of Internet information processing and collecting. The advanced search is most useful and the filtering tokens are of great use. I take it for what it is…a dumpster fire in a land fill upon a waste land bordered by swaths of lunacy.

name.withheld.for.obvious.reasons October 9, 2020 9:39 PM

9 OCT 2020 — FILE UNDER PANOPTICON: ALL YOUR BROWSER COOKIES BELONG TO US
Scraped from slashdot and reported at TechCrunch.com at ht tp s://techcrunch.co/2020/10/09/new-chinese-browser-lets-users-get-around-great-firewall/

SOME FEATURES — OR LIABILITIES
The platform could suspend users’ accounts and share their data “with the relevant authorities” if they “actively watch or share” content that breaches the constitution, endangers national security and sovereignty, spreads rumors, disrupts social orders, or violates other local laws, according to the app’s terms of service.

Thank goodness the state sees the need to make sure citizens (subjects) don’t expose themselves to the wrong kind of information; stuff that could be evil, defamatory, maligned, fake, or more importantly…truthful.

xcv October 9, 2020 11:50 PM

@name.withheld.for.obvious.reasons

Thank goodness the state sees the need to make sure citizens (subjects) don’t expose themselves to the wrong kind of information; stuff that could be evil, defamatory, maligned, fake, or more importantly…truthful.

I’m bored. My website is down, there’s some sort of indictment or some messy affair in federal court, people are being served, and a whole gang of city slicker assholes are gumshoeing around in the back woods.

The primary goal of the federal court system to enforce gun control, and the whole surveillance infrastructure including extended background checks which that entails, at all costs, no matter what. Their attitude toward me personally, is, at best,

“Well, you had a brush with the law, your working career is over, even if it was just mental health and not criminal, and you really ought to consider yourself fortunate that anyone at all would be so charitable and loving as to allow to survive, because we’d really rather put you in prison if we even let you live, but we’ll probably let it go just this one time, whatever you did, as long as you understand your civil rights are permanently revoked no matter what.”

SpaceLifeForm October 10, 2020 12:18 AM

@ name.*.*.*.*, Clive

I tried DDG, but when really doing a deep dive, no mas.

Full Disclosure:

I am not a nut-case sheriff in Western Michigan.

SpaceLifeForm October 10, 2020 12:40 AM

@ BiggieSmalls

Not only is there no proof that it was JA, there is no proof than Manning actually wrote everything involved.

There are no digital signatures.

If you read the transcript of the convo, it is strange.

Also, there is no evidence that the hash involved was either an NT or NTLM password hash.

Could just be random garbage.

Remember, allegedly, it was never cracked.

Curious October 10, 2020 3:28 AM

Apparently a new feature to EFF’s browser anti-tracking plugin ‘Privacy Badger’, was been disabled, because it was shown to possibly track users. The feature was called ‘local learning’. I don’t know what this feature does, nor do I have any idea at how problematic such potential tracking could be.

“EFF off: Privacy Badger disables by default anti-tracking safeguard that can be abused to track you online”
https://www.theregister.com/2020/10/09/eff_privacy_badger/

“The EFF has disabled by default an anti-tracking feature in its Privacy Badger browser extension – after Googlers warned it could be abused to track people.”

“When local learning is enabled, Privacy Badger looks at each site you visit as you browse the Web and asks itself, “Does anything here look like a tracker?” If so, it logs the domain of the tracker and the domain of the website where the tracker was seen. If Privacy Badger sees the same tracker on three different sites, it starts blocking that tracker.”

“However, Googlers on the internet goliath’s security team figured out a way an advertising network could manipulate local learning into automatically blocking some tracking cookies, and leaving others alone, and thus fingerprint individual Privacy Badger users, defeating the whole purpose of the anti-tracking tech. This proof-of-concept technique is similar to the one Google used to sink Safari’s privacy mechanisms in June.”

Clive Robinson October 10, 2020 4:55 AM

@ BiggieSmalls,

The thing I keep finding strange is the narrative that the person on the logs supposedly talking with Manning on an OTR protocol is Julian Assange.

That is something you think that the US prosecuter would have to prove…

The fact that it can not be proved beyond reasonable doubt, should be a major impediment to the case, as in stop it dead in it’s tracks.

It explains the behaviour towards Ms Manning with re jailing for contempt etc. The aim was to push and push and push untill she made some slip that they could then crack into some kind of admission against JA. As far as I’m aware it failed, so things should have stopped there as it had done in previous administrations.

But it won’t, as far as the US executive and administration are concerned they have had their “absolute” authority challenged and like King’s of old they have shown to be compleatly lacking. As befitting such a degenerate psychopathic beast it want’s blood and vengence and will not stop doubling down untill it gets it.

Which is if you think about it realy quite stupid. Because at every step the beast is further advertising it’s true nature to not just US voters but the world.

Thus anyone who has followed even a little bit of the case will know, that if JA ever gets to the US he will be put in Special Administrative Measures by “Fat Man” Barr at “Little boy” Trump’s behest. Then things will effectively stop, any trial will get delayed and delayed for “further evidence gathering” or other method of indefinitely holding him in mental if not physical torture untill he either dies or accepts he is guilty in some way.

Because that is how US justice now works against you when you are not a US citizen who has never been to the US therefore can not have broken any US legislation due to international jurisdictional limits on US legislation.

Andres October 10, 2020 10:59 AM

@Clive

Have you found that link where UK regulatory
openly admits that they are no more monitoring
the ham bands? Please repost that link.

Clive Robinson October 10, 2020 1:34 PM

@ Andres,

Start at,

https://groups.io/g/UKQRM/topic/66427248#131

The PDF is a letter from OfCom’s Clive Corrie, which gives an overview of what Clive Corrie claims are OfCom’s duties…

However he quite deliberatly leaves out other statutory duties to do with ensuruing equipment compliance to EU regulations etc.

Which he was covering up for political reasons because of the VDL report that looked at the equipment BT OpenReach amongst others were going to use could not be made compliant with even the basic RT&TTE directives.

His hiding this aspect of his and OfComs duties was because he had been found out. The testing by amatures amongst others showed beyond doubt the equipment was not certifiable.

Basically Clive Corrie had kept the report hidden for purely political reasons, in that the UK executive (PM, Cabinet etc) wanted the data connectivity and such minor things as laws etc that they had no choice but to obay were “inconvenient”.

And the report Clive Corrie kept covered up would hsve shown he was in effect malfeasant in public office…

So his way out was basically to say “OfCom don’t monitor the Ham Bands” which was true because otherwise his dirty little secret would have come out…

Clive Robinson October 10, 2020 3:47 PM

@ David Leppik,

Another Internet of Things security fail.

@mos already mentioned it along with the eye watering bit about the necescity of an “angle grinder”…

I gather there is not going to be a security fix…

But to be honest I can not see the atraction of putting a bunch of electronics and machinery near any where sensitive…

Look at it this way, would you buy a pair of IoT ski boots that locked your feet in?

I suspect not… (mind you now I’ve said it, somebody is going to make it, such is fate)

JonKnowsNothng October 10, 2020 3:50 PM

@Curious

Raw guess:

There are numerous ways to finger print browsers and users. It is likely that one of these methods has been used to assign an ID to a “dark browser trail”.

UIDs were and are assigned at the ISP level so that anything going in/out from your system can carry such tags even if the destination of the packet is supposed to be not-tracked by non-ISP companies. There have been reports that these large companies can maintain their own tracking methods without having to resort to intrusive tracking methods.

With some other methods of fingerprinting browsers, the configuration and font files are enough to get a hook in, plus user behavior tracking. Like an apple that doesn’t fall far from the tree, we don’t really go that far away on the internet either. Once you can ring fence a site where more people are putting Do Not Track marks on their access, it’s not that hard to back fill.

So with a company like google they are likely able to pre-harvest from other access and tag you plus they have been known to go “who me?” when exposed as tagging people they said they would not tag.

If there’s a LEA-O in the mix, not much will block that.

ht tps://en.wikipedia.org/wiki/UID
(url fractured to prevent autorun)

vas pup October 10, 2020 4:25 PM

@no.name.needed • October 9, 2020 7:27 PM

Good suggestion for using Yandex.
I don’t give a damn if Russian or Chinese search engine or e-mail account with server based there collecting my personal information, searches, etc. because there is ZERO chance to bring me in the Russian or Chinese court for anything, and nobody twist their hands for do this against their interest, but that is not the case with some kind of absurd Federal charges for nothing in other cases.
Unfortunately, for now you become guilty until You prove that you are innocent.
Torquemada, Himmler, Beria are looking with great jealousy (probably from the Hell) for such practice when person is going before crime using recently developed technological tools together with accordion-type laws.

SpaceLifeForm October 10, 2020 4:25 PM

@ JonKnowsNothng, Clive

We don't need no steenkin cookies!

We don't need no steenkin TLS break!

We are Fascism!

We control the ISP corporations!

We can correlate your traffic!

We don't need no steenkin rules!

Full Disclosure:

I have not sold any vowels. They are free.

JonKnowsNothing October 10, 2020 4:27 PM

@Clive @All

There is an interesting kerfuffle going on in Australia over the failure of one of their quarantine sites which lead to their current difficulties containing COVID-19 while having Opened The Economy.

You need a program to tell who is who and which porkies belong to which party but there’s an on-going load of finger pointing.

afaik(not much)

  * Australia political geographical alignments are having bad COVID-hair days.
  * They set up COVID-19 quarantine hotels.
  * Some areas got police to monitor compliance
  * Some areas used rent-a-cops to monitor compliance
  * The rent-a-cops are not police and have no training or authority over anything.
  * Folks contained by the rent-a-cops figured that out
  * Folks contained by rent-a-cops went walkabout
  * Folks contained by rent-a-cops gave COVID-19 presents around
  * The rent-a-cops got COVID-19 elsewhere and handed some of that out too

Now that there is a whole lot of COVID-19 going around, people began to ask WHY?

The sticking point is “Who ordered the rent-a-cops”?

  * The government head said Not I
  * The department head said Not I
  * The health officer said Not I
  * The police head said Not I
  * The hotel said Not I
  * The government head said to the health officer: TAG! YOUR IT!
  * The health officer said I Resign; Not It
  * The government head said the Health Officer Did It
  * The former health officer said Did Not; Not My Job
  * The government said the police knew
  * The police said we didn’t know
  * The police head was the one who Announced It
  * The police head said Someone Else Told Me.

The inquiry has a time line log of when the outbreak was announced and some phone time stamps between government and department and direct calls.

There are some Zapruder minutes missing…

  * The local telephone company has not handed over their call logs.
  * The local telephone company has said they were asked nicely but no warrant no logs.

Here’s an interesting tidbit about telecom retention in Australia.

It seems that the Aussies have passed a law that requires their telcos to maintain 2 years of all incoming-outgoing communications from all sources: phone, internet, browsing history etc.

So.. how long do you think it might be before there is a catastrophic storage failure?

vas pup October 10, 2020 4:29 PM

North Korea displays new giant missile at military parade:

https://www.dw.com/en/north-korea-displays-new-giant-missile-at-military-parade/a-55225661

“North Korea held a massive military parade on Saturday to celebrate the ruling party’s 75th anniversary, showing off what appeared to be a giant new intercontinental ballistic missile (ICBM).

Edited footage from state television showed an ICBM on a transporter vehicle =>with at least 22 wheels, larger than anything previously displayed by the nuclear-armed country.

It was the first time since 2018 that North Korea has shown ICBMs at a military parade.

Leader Kim Jong Un spoke to a large crowd of unmasked soldiers in Pyongyang’s Kim II Sung Square in the pre-dawn event that appeared to breach all social distancing norms.

He warned that his country would ”fully mobilize” its nuclear force if threatened, though he avoided direct criticism of Washington during the event.

Kim said the country’s continuing efforts to develop its nuclear deterrent were necessary for its own defense, adding that his government wasn’t targeting any specific country with its military force. “

JonKnowsNothing October 10, 2020 4:53 PM

@vas pup

re:Leader Kim Jong Un spoke to a large crowd of unmasked soldiers

While NK is pretty opaque about nearly everything, I’m not sure that is of great concern. NK is not a Hot Destination for Tourism or Trade.

NK may (or may not) have a handle on COVID-19 outbreaks but they are surrounded by countries that do.

The USA Exhaler-In-Chief though, is of more concern because not only he, but pretty much anyone inhaling around him are Non-Believers in the Afterlife.

  Wha??? How is that???

Because they do not believe they are going to visit there for a very long time.

*** Waiting to inhale in California – We have smoke! Please send O2! ***

ht tps://en.wikipedia.org/wiki/COVID-19_pandemic_in_North_Korea
ht tps://en.wikipedia.org/wiki/COVID-19_pandemic_in_North_Korea#July–August_2020

Starting in January, the North Korean government took extensive measures, including quarantines and travel restrictions, to block the spread of the pandemic. In April, the US analyst website 38 North said this appeared to be successful in containing the virus.

(url fractured to prevent autorun)

Clive Robinson October 10, 2020 5:01 PM

@ JonKnowsNothing, ALL,

So.. how long do you think it might be before there is a catastrophic storage failure?

Hmm due to technology failing or political failing?

With all that finger pointing at such a high level I suspect that call records will be found to have “gone missing” or some such due to “human error”…

As for the use of the “rent-a-cops” I can make several educated guesses on that.

1, The payment to an agency to employ “zero hours, zero health insurance etc” probably unqualified even to be “club door keeps” type people would be less than for Police Overtime.

2, The police will not want to be “baby sitting the potentialy sick” for various reasons not least because they are stretched thin already and don’t need staff out sick with COVID.

3, If a police officer gets sick and goes down with Long Covid then that’s a massive bill to pick up. Likewise if they die “on the job”.

4, Police unions would play merry hell due to the known lack of PPE at these hotels.

And so on.

The fact that some of the rent a cops obtained sexual favours out of those in quarantine, kind of tells a lot about lack of oversight etc.

Thus it might be the case that the agency record keeping is such that they realy have no idea who was where or when or what they got upto.

That is they would just take time sheets from individuals and pay out and invoice the state without actually checking. Thus potentially there has been fraud going on as well…

So yeah I suspect nobody wants the truth to come out on this from the highest to the lowest person involved. So expect “salt water croc footprints to have muddied the water”.

Sancho_P October 10, 2020 5:25 PM

Re new forum, changes in time of posting:
Often I copy/paste the most recent Date/Time field in the “Last 100 Comments” into a sticky note on my Desktop, just to know what I’ve already seen when I visit next time. Of course, when doing so I avoid obvious spam postings.

The strange thing is, often that time can’t be found again, the post got a different timestamp.

I understand that some posting may take some time for approval, but changing the time of already published postings seems wrong to me, tampering with evidence, isn’t it? 😉

Btw. the requirement of JS to post is annoying.

Chris October 10, 2020 10:10 PM

Funny, that you need to encrypt the messages nowadays on the pibluc bord of
and why has it beco

befoRE there WAS not actuall facts in THat tho
beocoers and the..mn vhwn12 we all voms vvee
12
What st the mattsdötr pf hte fact tha there is no mpre
of that pe..

C October 10, 2020 10:13 PM

The facts stand out tonight that
there are very d ewu of ads aaa dia
aasd9 tha mees sts aahs oadaa comin thow thad are
veruw aiada stth

Gorda October 10, 2020 10:25 PM

Hi i like to see more of cencure so we dont have to read
to much of intresting things in the blog that makes us upset
Its so depressing when we read about things that are important
but we dont actually want to know about, So please can you
make sure that all important messages get deleted as soon as possible
thank you

name.withheld.for.obvious.reasons October 11, 2020 2:04 AM

11 OCT 2020 — From Reporters Without Borders; Assange Denied Due Process and Open Trial
Reported out 10 OCT 2020, the RSF’s Director of International Campaigns, Rebecca Vincent

“We are alarmed by what we have witnessed in the U.S. extradition case (extraordinary rendition) against Julian Assange. We firmly believe Assange has been targeted for his contributions to journalism, and the case against him is purely a political application of the Espionage Act–which should present a bar to extradition. We also have serious humanitarian concerns, which make Assange’s extradition (extraordinary rendition) a possible matter of life or death. Finally, we have concerns about extensive barriers to open justice, which made it nearly impossible for us to do our jobs as NGO observers and monitor proceedings. We call again for the charges against Assange be dropped, and for him to be immediately released – and certainly not extradited to the US.”

name.withheld.for.obvious.reasons October 11, 2020 2:13 AM

@ JonKnowsNothing

So with a company like google they are likely able to pre-harvest from other access and tag you plus they have been known to go “who me?” when exposed as tagging people they said they would not tag.

That is why using wget, lynx, or curl to pull web site data down with rendering or executing script. Here’s and example:

curl –raw –url https://www.schneier.com/blog/newcomments.html | more

This is just an example and is not meant to be a best practices method. There are network level considerations along with response strings as for example the agent string and providing your own referrer tokens.

David Rudling October 11, 2020 3:07 AM

Quite a nice explanation of Android’s Project Mainline which is how they are trying to improve the quicker rollout of security patches to Android phones.

ht tps://www.xda-developers.com/android-project-mainline-modules-explanation/

JonKnowsNothing October 11, 2020 3:42 AM

@Clive @All

re: kerfuffle going on in Australia over the failure of one of their quarantine sites

Zho… I’ve been doing a bit more looking at what’s happening and it certainly is a mess.

note: I’m not an Aussie.

Their hotel quarantine failure was a magnitude greater than what happened in NZ. NZ got on theirs fast but the Aussies missed it and it got out of control.

99% of the more than 18,000 cases of Covid-19 and 750 deaths in Victoria since late May can be traced back to outbreaks in two quarantine hotels involving several security guards from private firms.

It’s tangled mess, and they could use a Marcy Wheeler for sure to de-tangle their time lines. The sticking point is that no one wants to put their hands up that they ordered Rent-a-Cops to guard 6 hotels. Two of those hotels are the source of the 18,000 cases and 750 deaths. There is an ongoing inquiry trying to pin the tail on the kangaroo.

The key person is Graham Ashton ex Police Chief State of Victoria and the calls, text messages he made prior to the official announcement, by the Prime Minister Scott Morrison, about the Hotel Quarantine Program being monitored by Rent-A-Cops.

  * Graham Ashton former Police Chief State of Victoria
  * Reece Kershaw Australian Federal Police commissioner AFP
  * Chris Eccles Head of Victorian Department of Premier and Cabinet (DPC)
  * Daniel Andrews Premier Victoria
  * Scott Morrison Prime Minister

There are 6 minutes of missing call logs

Time Line March 27 2020
1:12pm Graham Ashton text to Reece Kershaw : why aren’t the AFP guarding hotel?
1:16pm Graham Ashton text to Chris Eccles: are the police guarding hotel?
SOMEBODY at the DPC made a decision that turned out bad
1:22pm Graham Ashton text to Reece Kershaw : confirmed private security will be used
2:15pm Morrison announces program with security guards
3:00pm Andrews announces program with security guards

There’s an OH?? tidbit.

The Aussies use Cellebrite, the Israeli phone cracker software.

The police used it to crack and extract data from Graham Ashton’s iPhone. The Victoria Police retrieved text, WhatsApp, Signal, in+out call logs from the phone.

The police gave the text messages to the inquiry; they did not give the in+out call logs.

So, why would the police need to crack the former chief’s iPhone unless he didn’t want to pass on his encryption keys or they were afraid he would delete something?

They backdoored the device anyway but then withheld the data from the inquiry.

The missing 6 minutes of Zapruder logs must contain some very interesting exchanges.

Some additional call logs will be forthcoming from the telco.

ht tps://en.wikipedia.org/wiki/Graham_Ashton
ht tps://en.wikipedia.org/wiki/Cellebrite
(url fractured to prevent autorun)

Winter October 11, 2020 4:12 AM

@vas pup
“Good suggestion for using Yandex.
I don’t give a damn if Russian or Chinese search engine or e-mail account with server based there collecting my personal information, searches, etc. because there is ZERO chance to bring me in the Russian or Chinese court for anything,”

Try startpage.com or qwant.com. Both advertise with full privacy.

Winter October 11, 2020 5:59 AM

@vas pup ao
“search privacy”

Here is a review on search sites

restoreprivacy.com/private-search-engine/

It also explains that startpage has gone to the dark site. Sorry for having given a wrong advice.

Clive Robinson October 11, 2020 6:44 AM

@ JonKnowsNothing, ALL,

Their hotel quarantine failure was a magnitude greater than what happened in NZ. NZ got on theirs fast but the Aussies missed it and it got out of control.

Like you I’m not an Aussie, nor do I live even close, so I’m looking in from afar.

What is going on realy is starting to smell like “political coruption/coverup”

So “got out of” or “let out of” control?

This is important because as I understand it by far the majoriry of infections and deaths are down to just two hotels. Thus a handfull of people.

Apparently one of the Guards who had public control experience went public some time ago over what she was seeing and it makes sober reading.

As I said the other day when you compare and contrast what has happened in both NZ and Auz there are valuable lessons visable to control not just this disease but all future outbreaks of new disease anywhere in the world at any time.

So in my mind sofar from the information available it makes two quite important points,

1, Good boarder control works.
2, Any infection requires very strong community measures fast and with strong powers of control in the hands of competent people from bottom to top.

But the important lesson for politicians is,

“DO NOT Listen to Lobbying from short term vested interests”

Because no nation on earth can afford the cost of pandering to such stupidity.

As far as we can tell, China which acted brutaly quickly when those who could act became aware of the infection, has returned to near normal. But with way way strong border control. That is picking up and issolating around 40-50 cases a day[1] and effectively neutralizing them.

In the US however the top anuall killers of citizens list out as,

1, Heart failure/attacks
2, Cancers
3, COVID
4, Unpredicted Accidents.

And COVID deaths are realy only just about 2/3rds of a year in with probably a much worse second infection wave just starting for the last third.

[1] Remember China report two figures those for symptomatic and those for asymptomatic and you have to add the two together. I actually wished all countries did this because when it gets down to the country being free of infection it tells you what is happening at the border. Symptomatic people should not be traveling and should know they should not.

Winter October 11, 2020 6:55 AM

@Clive
“4, Unpredicted Accidents”

Curiously, (or not) this number is much higher in the US than in the EU, especially for traffic accidents. That seems to result from very lax DOI testing.

JonKnowsNothing October 11, 2020 12:11 PM

@Winter @Clive
re: “4, Unpredicted Accidents” USA Traffic Accidents

One aspect of USA traffic accidents that does not often get on the front page but is generally known to people living in the local area are: Bad Road Designs.

As the road infrastructure in the USA is aging, 25% of existing roads are no longer drivable, the speed limits and car handling have increased. Cars are now much easier to control and a good number of people think they qualified race drivers by osmosis. The roadways are not designed for the speed or amount of traffic.

We have lots of “Bloody Roads” meaning red blood from all the car crashes. These are not from intoxicated driving but from cars crossing the center dividers hitting on coming cars. Or cars speeding around a turn because they are driving a high performance car but the banking is not set for that turning radius.

So why don’t we fix them?

Because roads are divided up by jurisdiction and depending on who is in charge of the road depends on their evaluation of cost and time to repair or rebuild.

There is a known road (actually a bunch but one in particular) that has been killing people every year for decades. It is about 11 miles long and connects a bedroom farm community to the bay area silicon valley. It is the most direct path to SV and is traveled every day by a lot of people, farm trucks, and tractors. It is 1 lane each way with no divider. There are no pull offs and the edges of the road are farm fields growing lettuce and veggies. People are killed on this road regularly.

You might leave for work but you aren’t coming home.

The locals have been petitioning the agency that controls that road for decades to fix it. They didn’t and won’t, because not enough people die on it to warrant the repairs. They have an algorithm they use to calculate deaths vs costs and that particular road isn’t going to get fixed.

Tragedy strikes there all the time. A entire family was killed except children visiting other relatives. Then the survivors along with the relatives were killed. It is a small town and folks know each other.

They road agency did repaint the stripes on the road and replaced some missing reflectors.

Bad roads kill a lot, they just don’t get front page press. Even if they did there’s not enough funds to pay to fix the existing 25% much less upgrade the other 75%.

Sherman Jay October 11, 2020 12:32 PM

The search engine security/privacy comments point to the fact that there is no one that can really be trusted. Our computers have too many handles that are being grabbed and tagged and logged. And, too many groups that want to track, log and hoover up all our data. And, I suspect that things will just get worse in the future. Even some ‘good guys’ like ‘startpage’ succumb to the temptation to spy and sell.

I haven’t completed reading this and don’t know if it will go anywhere productive —
ht tps://scheerpost.com/2020/10/11/james-steyer-wrestling-back-privacy-from-the-jaws-of-big-tech/

Stay Safe, everyone

NO ID2020 NO MICROCHIP NO MARK October 11, 2020 2:17 PM

WO2020060606

Here is the patent for Microsoft 1. WO2020060606 – CRYPTOCURRENCY SYSTEM
USING BODY ACTIVITY DATA

Look at the patent number, literally, “world order 2020 666.” This from the same guy who is publicly saying he wants to put microchip tracking on every human on earth to prove you have been vaccinated, to allow you to buy or sell.. Bill Gates needs to Beg God for forgiveness. Science with out Gods
standards is propelling humanity towards a calamity of biblical proportions.

Even if Bill repents, Elon Musk has made and is rolling out a 5g satellite grid around the whole earth and brain chips. This is not a joke, this is some fucked up shit..

  • Revelation 13:16:
    And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads.
  • Revelation 14:9:
    And the third angel followed them, saying with a loud voice, If any man worship the beast and his image, and receive his mark in his forehead, or in his hand, 10 The same shall drink of the wine of the wrath of God, which is poured out without mixture into the cup of his indignation; and he shall be tormented with fire and brimstone in the presence of the holy
    angels, and in the presence of the Lamb.

#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#

MAKE AMERICA LOBOTOMIZED AGAIN

The Untold Story of JFK’s Sister, Rosemary Kennedy, and Her Disastrous Lobotomy
https://people.com/politics/untold-story-of-rosemary-kennedy-and-her-disastrous-lobotomy/

The Forgotten Story Of Rosemary Kennedy, Who Was Lobotomized So That JFK Could Succeed
https://allthatsinteresting.com/rosemary-kennedy-lobotomy

The Truth About Rosemary Kennedy’s Lobotomy
A never-before-seen photo surfaces of the forgotten Kennedy, who, after a disastrous lobotomy, was rarely heard from again
https://people.com/books/rosemary-kennedy-the-truth-about-her-lobotomy/

When Rosemary was 23 years of age, doctors told her father that a form of psychosurgery
known as a lobotomy would help calm her mood swings and stop her occasional violent outbursts.
https://en.wikipedia.org/wiki/Rosemary_Kennedy#Lobotomy

$5 wrench October 11, 2020 2:18 PM

NO ID2020 NO MICROCHIP NO MARK – WO2020060606

Here is the patent for Microsoft 1. WO2020060606 – CRYPTOCURRENCY SYSTEM USING BODY ACTIVITY DATA

Look at the patent number, literally, “world order 2020 666.” This from the same guy who is publicly saying he wants to put microchip tracking on every human on earth to prove you have been vaccinated, to allow you to buy or sell.. Bill Gates needs to Beg God for forgiveness. Science with out Gods
standards is propelling humanity towards a calamity of biblical proportions.

Even if Bill repents, Elon Musk has made and is rolling out a 5g satellite grid around the whole earth and brain chips. This is not a joke, this is some fucked up shit..

  • Revelation 13:16:
    And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads.
  • Revelation 14:9:
    And the third angel followed them, saying with a loud voice, If any man worship the beast and his image, and receive his mark in his forehead, or in his hand, 10 The same shall drink of the wine of the wrath of God, which is poured out without mixture into the cup of his indignation; and he shall be tormented with fire and brimstone in the presence of the holy
    angels, and in the presence of the Lamb.

#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#

MAKE AMERICA LOBOTOMIZED AGAIN

The Untold Story of JFK’s Sister, Rosemary Kennedy, and Her Disastrous Lobotomy
https://people.com/politics/untold-story-of-rosemary-kennedy-and-her-disastrous-lobotomy/

The Forgotten Story Of Rosemary Kennedy, Who Was Lobotomized So That JFK Could Succeed
https://allthatsinteresting.com/rosemary-kennedy-lobotomy

The Truth About Rosemary Kennedy’s Lobotomy
A never-before-seen photo surfaces of the forgotten Kennedy, who, after a disastrous lobotomy, was rarely heard from again
https://people.com/books/rosemary-kennedy-the-truth-about-her-lobotomy/

When Rosemary was 23 years of age, doctors told her father that a form of psychosurgery
known as a lobotomy would help calm her mood swings and stop her occasional violent outbursts.
https://en.wikipedia.org/wiki/Rosemary_Kennedy#Lobotomy

vas pup October 11, 2020 3:46 PM

ATTENTION! NEW FINDING ON COVID – FRESH FROM BBC:

Covid virus ‘survives for 28 days’ in lab conditions:
https://www.bbc.com/news/health-54500673

“The virus responsible for Covid-19 can remain infectious on surfaces such as banknotes, phone screens and stainless steel for 28 days, researchers say.

The findings from Australia’s national science agency suggest SARS-Cov-2 can survive for far longer than thought.

However, the experiment was conducted in the dark. UV light has already been shown to kill the virus.

Some experts have also thrown doubt on the actual threat posed by surface transmission in real life.

The coronavirus is mostly transmitted when people cough, sneeze or talk.”

Read the whole article for details!

Clive Robinson October 11, 2020 5:45 PM

@ Alex,

Hidden cameras and secret trackers reveal where Amazon returns end up

There are some “nasties in the wood pile” for those dealing with “returns”. Because most people “don’t think hinky” they do not realise there is a major issue, which is “poisoning”…

There are a great number of poisons that are hard to detect and kill people quite slowly even from just a tiny drop (I won’t mention any this time as last time I did my post got deleted, so just except that there are).

Well take the fake leather backpack talked about in the article. Ask yourself how hard would it be to manipulate unopened packaging and push in a very fine point rhodium or equivalent hypodermic needle and deposit a small quantity of a chemical agent, then push another needle through the same hole to put a “scabbing material” over the top of the chemical agent, then use another needle to inject a tiny amount of some other material that then seals the hole in the packaging, or just a tiny pinpoint spot of heat to weld the packaging closed.

Someone ends up with the backpack if it gets resold. Due to the scabing agent the chemical agent takes a while to be released it might be days or months, but eventually the chemical agent comes out…

If someone gets poisoned then who gets sued by the relatives?

The answer is usually “the person who has the deepest pockets” or “is least capable of defending themselves and their assets”.

Thus Amazon is quite a target for such law suits. But providing you have a viable sounding method, you could just blackmail Amazon directly instead.

So “terrorist” or “blackmailer” Amazon has to defend against them… One way is to “externalise the risk” much as banks do. So Amazon sells the stuff on with the risks to a third party who then sells or sends to landfill.

Problem solved as far as Amazon is concerned…

Such things are just one of very many concerns for “retail security” consultants etc. We mostly get to hear about how they reduce “shop lifting” or “insider theft” but these days they realy have to think in a much broader scope.

WmG October 11, 2020 5:51 PM

@ JonKnowsNothing

The state of California, at one time, had the best roads in the country. Then, things began going downhill.

The date of that decline was the Reagan gubernatorial administration. It’s another example of how things get broken and don’t get fixed.

Saving those taxpayer dollars has been very lucrative, one imagines, for the very wealthy, whom Gov. Newsom has agreed to not increase taxes on.

SpaceLifeForm October 11, 2020 6:18 PM

@ Sancho_P

Timestamps on recent 100 match to posts from my view.

The webserver is now in Chicago, and in same timezone as I am, so I do not see an issue.

But if you are in a different timezone, maybe something else going on.

Clive Robinson October 11, 2020 7:10 PM

@ vas pup,

Some experts have also thrown doubt on the actual threat posed by surface transmission in real life.

They may be right they may be wrong, we actually do not have the evidence to say one way or another.

Part of the problem was The WHO and the likes of the US CDC. They untill very recently promoted fomite vectors as being more significant than aerosolised virus in droplets etc, thus pushed hand washing and open faceshields over fitted mask wearing. Why this was so bemuses many experts in epidemiology and disease transmission.

Previous “surface viability” tests used not SARS-CoV-2 but analogues of SARS 2003. Those tests sugested upto nine days on stainless steel surfaces at low tempratures. Unfortunately as I’ve noted before the lab lighting types, conditions, and cycle times were not published so we do not have an idea as to how much if anv UV-C[1] got to the virus samples under test.

So the previous test were at best “indicative”.

But is “in the dark” relevant?

Ordinary light inside from incandescent and certain strip lights do not produce any UV at all thus whilst “in the light” for the visable spectrum it’s effectively “in the dark” for UV…

Thus a laboratory or other room without windows but illuminated with filament lighbulbs or other non UV producing lights, would as far as rendering viruses non viable would be almost as good as a blacked out room…

There are a number of places where various manual handeling processes are applied to items where UV light is not used. Some of these are for food that is to be transported chilled or frozen via unlit steel transportation containers we see frequently on large vehicles.

Which means it’s currently a bit of an open problem as to if viruses will remain viable when transported this way as well as for how long. All we realy know untill very recently is that the virus RNA has been detected on food/packaging at a number of places including the Chinese border. Nobody has said if it was viable or not, and most tests available respond equally as well to viable and nonviable virus and with high sensitivity (“viral load” is slowly becoming recognised as a variable in infection but as far as I’m aware it can not realy be quantified due to the health and susceptability of potential hosts).

So the question of “how long” may not be as important as other factors.

[1] There is also debate over UV light and viral RNA disruption. The UV spectrum is broad and the three bands we can generate UV in are UV-A, UV-B and UV-C. They all posses sufficient energy to damage biological material but UV-C which is the hardest to generate is considered the only one to be sufficiently active against RNA and DNA viruses to quickly render them nonviable.

Importantly when you hear,

“There is currently no confirmed case of…”

Treat it more as “We haven’t a clue, as nobody has done reliable tests.”

However what we can say about The WHO and US CDC anouncments / guidence is they have a significant habit of lagging behind the curve long after others have shown they are pushing out of date thinking…

I’ve yet to see them talking about “Long Covid” in a meaningful way. The case evidence is stacking up daily but little is said.

It reminds me of the “Head in the sand behaviour” over previous viral infections which resulyed in the derogatory term “yuppie flu” where both the legal and medical fraternities chose to look the other way.

I’ve reason to believe from what we know so far, that COVID Sequelae are going to be an issue possibly in several decades time. Part of which is it’s “been found to hide” in nerves and internal organs even though the body has cleared it out else where. You might have heard of shingles… That is caused by another common virus –chickenpox– that hides away, in nerves that for some reason often becomes active moves to nerve endings in the skin and flares up again causing the host a fair degree of misery, in some it causes excruciating nerve pain that can go on for months. Then there is HepB that underlies liver cancer –second biggest killer– and several others to consider including early onset dementia and Parkinson’s…

JonKnowsNothing October 11, 2020 8:31 PM

@ Clive @ Alex

re: Ask yourself how hard would it be to manipulate unopened packaging

This has happened a number of times in the USA.

We have an upcoming holiday we call Halloween, sort of Harry Potter via Ichabod Crane theme.

Early in my life, we went “trick or treating” with paper grocery bags and knocked on peoples doors and they handed out “penny” candies. We dressed up in a costume, mostly home made, and carved a pumpkin (parents did the carving and we got to direct the locations) and a small candle was placed inside to light our way (not everywhere had street lamps or not that close together). Parents generally shadowed behind, so we could pretend we were all alone while collecting bags of candies. The days after, many of those bags quietly disappeared primarily to avoid complete tooth rot dental expenses.

Then came the time, that someone did what you describe and put it in the candy. Apples, a common collectable, were tampered with. Candied Apples or Caramel Apples had a coating on the outside that could cover over the spot.

Then the local hospitals began to offer free x-rays of Halloween loot, but they could only find the physical objects.

An incidence of tapered food jars, led to plastic wrapped sealed containers. Then came the tamper pop-up jar tops. Wrapped soft candies were injected with stuff.

We also had common household medication tapering after it was on store shelves. It nearly put the pharmaceutical company out of business. However, they did a good job being up front with the public and helping LEOs to located and trace the tampered items. Now those boxes are sealed and wrapped.

Along the more security level aspects, there’s the poisoned umbrella assassin’s weapon which is more sophisticated than coshing someone and tossing ’em out the 13th floor (150 feet) in New York, NY.

Humans are often, not a very nice species.

ht tps://en.wikipedia.org/wiki/Ichabod_Crane
ht tps://en.wikipedia.org/wiki/The_Legend_of_Sleepy_Hollow

ht tps://en.wikipedia.org/wiki/Bulgarian_umbrella
ht tps://en.wikipedia.org/wiki/Georgi_Markov

ht tps://en.wikipedia.org/wiki/Project_MKUltra
ht tps://en.wikipedia.org/wiki/Frank_Olson
ht tps://en.wikipedia.org/wiki/Hotel_Pennsylvania#Notable_events
(url fractured to prevent autorun)

lurker October 11, 2020 11:53 PM

@vas pup

The virus responsible for Covid-19 can remain infectious on surfaces such as …

How long will the virus live in peanut butter? During the first lockdown there was a run on toilet paper. During the second lockdown we have seen empty shelves where the peanut butter was. It might have something to do with a major supermarket chain switching its supplier from China to India, and with the latter’s less than stellar suppression of the pandemic…

SpaceLifeForm October 11, 2020 11:55 PM

@ Clive, name.*.*.*.*

On writing style.
I'm pretty sure I've seen this somewhere ;-)

Example 9 is interesting. Really good article.

hXXps://www.kmeme.com/2020/10/gpt-3-bot-went-undetected-askreddit-for.html

If only there was a website dedicated to this, and the bots could post and moderate each other.

Oh, wait...

hXXps://tech.slashdot.org/story/20/10/11/185220/software-engineer-catches-intelligent-bot-posting-on-reddit

SpaceLifeForm October 12, 2020 4:03 AM

@ Clive, name.*.*.*.*, Moderator

Spam bots are posting to years old articles.

Certainly based upon keyword searches.

Identical spam text to two different articles.

You all can ignore. Just pointing out that it is happening. Note the years when article first posted.

hXXps://www.schneier.com/blog/archives/2016/09/periscope_atm_s.html/#comment-356609

hXXps://www.schneier.com/blog/archives/2010/07/hacking_atms.html/#comment-356607

Clive Robinson October 12, 2020 5:41 AM

@ SpaceLifeForm,

In the allegedly human part of that GPT3 AI Bot article we get,

I suspect eventually we will drop the AI prefix from our products and services because once every product has the same prefix, it no longer means nothing.

Note the last part of the sentence above, you see a double negative… Which negates the meaning.

Make of it what you will, but…

That said various people have talked about “reverse turing tests” over the years, but as you will probably know we’ve yet to come up with an automated Turing test.

All we have currently is what we “feel”, typological semantics, and the usage of semantic primes.

For how much longer though is a question that may be reaching it’s end point.

name.withheld.for.obvious.reasons October 12, 2020 6:25 AM

@ SpaceLifeForm, Moderator, Clive
The challenge question has outlived its operational age, may need to go to a book-based or text-mapping cypher, I am certain Bruce can replace the existing word or word phrase approach to bot-blocking.

Sancho_P October 12, 2020 4:57 PM

@SpaceLifeForm
”Timestamps on recent 100 match to posts from my view.”
That’s right, recent to thread timestamps do always match.

My concern is changing the already given timestamp:

The timestamp of the latest posting of the “Last 100 Comments” list on my screen
(visible link text on the blog’s start page is “Latest 100 Comments” btw.).
may be different when I search for the same posting the other day.

Today the timestamp I’ve copied yesterday was assigned to an other posting / poster, but most of the time the copied timestamp can’t be found anymore.

It seems the system accepts + places postings onto the list, then pulls them back, reevaluates / resorts them and pushes some of them back using a new timestamp.

I wonder if that is an automated routine or manually done?
Depending on the pull back timing it may seem a posting was deleted:
Some postings may be accepted but immediately “disappear” and come back then as e.g. @Clive Robinson reported.

What I don’t like with that procedure is the new timestamp, because when I search for the original timestamp it’s often not found – But the posting is still there with a new timestamp!

AlanS October 12, 2020 5:20 PM

From Lawfare:

The Justice Department released a statement on the challenges end-to-end encryption poses to public safety. The joint statement includes the signatures of ministers from the Five Eyes Alliance and the governments of India and Japan.

Therefater follows a copy of the text and the signatories: Priti Patel, Bill Barr, …

Shining examples of the need for really strong crypto.

Clive Robinson October 12, 2020 7:36 PM

@ AlanS, ALL,

With regards,

The Justice Department released a statement on the challenges end-to-end encryption poses to public safety.

Some points to note,

1, Again they are asking for the impossible.

2, Again they are using FUD as propaganda.

3, Again they are “calling on” others to do the impossible.

4, Again they are “blaim shifting” the inevitable failure.

Whilst they could make “end to end encryption”(E2EE) illegal neither they nor any software or hardware manufacturer can stop it or provide plaintext[1] on any demand lawful or otherwise.

Yes the laws of mathmatics do indeed trump the whims of politicians. Just as Pi would not alow it’s self to be “squared away” for the convenience of man or legislation.

Today we laugh at those US politicians who tried to legislate Pi into something else. Thus we should laugh, ridicule and belittle the politicians that signed this “Statment”.

But also remember you can see the clear evil in their intentions[2]. That is some of them know that what they want can not be done. So they are setting up other people to take the fall.

The issued statment is very far from being about the FUD they claim, this is all about “making political criminals” of anyone they can, and treating every citizen as an “Enemy of the State” for even daring to make honest comment about these political ne’er-do-wells and their plans and ambitions for total power. Power that all of histories despots, dictators, and tyrannical leaders have lusted after, hence Cardinal Richelieu’s “six lines” comment[3].

When the “Founding Fathers” drew up the various documents that form the spine of US legislation, they had a fairly clear idea about the danger with kings. It was not the individual but the “divine right” the king claimed, that they did not want.

It is very clear that the US Department of Justice nolonger shares the view that an individual should not be alowed “divine right”. Thus they are working rapidly towards visiting the failings of Kings with absolute power onto US citizens and by extension the world.

I urge people to look up the history as to why England had civil war and a King had his head removed in public. It tells you the danger of the “divine right” of Kings, and in the end what had to be done to stop those crazed with power.

[1] E2EE can not be stopped nor in some cases even be recognised. This is not something that is open to debate in some politicians alternative reality, it’s a cold hard mathmatical fact. It does not matter if the politician is Australion or American the laws of mathmatics trump any legislation they can come up with. To think otherwise is not even “Pi in the sky” thinking it’s stupidity of the lowest form[2].

[2] The imposibility of stopping E2EE is probably why these politicians are “calling on industry”. That is they are passing the inevitable blaim for their stupidity when it fails –which it will do– onto others…

[3] Translations vary but effectively Cardinal Richelieu’s comment was,

“If one would give me six lines written by the hand of the most honest man, I would find in them, something to have him hanged.”

A point people should take to heart in these days of communications by data. Because data can be copied at near zero cost without it being visable it’s been copied and such copies can be stored indefinately, thus nothing is ephemeral any longer.

SpaceLifeForm October 12, 2020 7:38 PM

@ Sancho_P

I suspect what you saw was an artifact of the timing.

I believe the Last 100 html is not dynamically updated on the fly when a new comment gets posted.

It is a separate html file, that is semi-static, and periodically gets rebuilt in the background, ala a cron job.

That reduces load on the database and the server.

In fact, on the newcomments page it says:

Note: new comments may take a few minutes to appear on this page.

With the batcache and the semi-static last 100, it is always possible they will not be in sync.

I would expect they would sync up after a quiet period (say 10 minutes) when no one has recently posted.

Clive Robinson October 12, 2020 7:47 PM

@ Sancho_P, SpaceLifeForm, Moderator,

… pushes some of them back using a new timestamp.

I can not say for certain I’ve seen the timestamps change but I have after “refreshing” the 100 Comments page and searching for a time stamp not found it.

I’ve then found the comment I was looking for when searching the page manually.

I had assumed it was my addled old brain at fault in that I’d remembered the timestamp incorrectly.

I shall take more care in future to note the timestamp.

disspondent October 12, 2020 11:03 PM

https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety

The cossacks found the backdoors CIA whacked in encryption hardware, so when I personnel were dropped into somewhere to evacuate injured victims, they could have a few snipers waiting. Might as well put those backdoors everywhere, make it official. They already have spies in a lot of departments anyway, corruption and bribery are rampant, drug trafficking, extortion, murder.

They (the spies, keep up) can get you a promotion if you sell your soul to them, are willing to pay bribes and get you out of any debt (a given for any fool willing to sell their soul). Plenty of people are cowards anyway, and you would be surprised how many people are already prime targets for blackmail due to whatever personal weakness they carry in the general region where one would normally posses a spine.

The great thing about the spineless also is that rather than admit their mistakes they desperately try and get themselves out of it by committing more mistakes, hence improving the efficiency of said state actors, while their colleagues turn a blind, along with the law, because they do not want to deal with the whole ugly mess.

It’s a win-win scenario, and just want you’d expect from the fixers that brought us every other US disaster, from Iran Contra, Watergate… and every other clusterf**k to the modern day.

Congrats Robert Mercer, you are a certifiable genius.

…and William Barr, Steve Banon, the laywers, etc. Just make sure to keep the info on an unsecured server that everyone has access to, or make those backdoors very easy discoverable. After all someone is going to have to be able to access them, and we are short a few hundred thousand with the required skills we actually need.

Good day to you, and good luck.

name.withheld.for.obvious.reasons October 12, 2020 11:25 PM

@ Clive Robinson

Thus anyone who has followed even a little bit of the case will know, that if JA ever gets to the US he will be put in Special Administrative Measures by “Fat Man” Barr at “Little boy” Trump’s behest.

I’ve argued since his kidnapping at the Ecuadorian embassy, the boys in the back will want to throw a party for JA, with all the fixings. Be careful how you light the candles for the cake, we want it to be a surprise. Upon leaving England, a likely landing point will be the intermediate stop on the way to–Gitmo.

Sounds like a song title; Do you know the way to Gitmo?

SpaceLifeForm October 13, 2020 12:54 AM

@ Sancho_P, Clive, Moderator

Ok, after a bit more testing, it looks like there is no background process that rebuilds the newcomments page.

It is just handled via the batcache like any other page.

If the newcomments page is not in the cache, then you will force it to be rebuilt. But is not necessarily cached at that point. Only if another user requests the same page within 2 minutes (default), will the page be cached for 5 minutes (default).

The cache timers for an article page and the newcomments page are independent.

So, once the newcomments page is in the cache, then any new posts for up to nearly 5 minutes will not show on the newcomments page.

Conversely, an article page may be stale in the cache, even though it has a new comment posted.
The new comment may appear on the newcomments page (because the newcomments page was not in the cache), but not on the article page (stale one still in the cache).

So, you definitely can see them out of sync for up to 5 minutes.

You can check via view source in your browser.

At the very end of the html, if it came from the cache, you will see some batcache comment lines. They show the current timer value at the time the page was served to you.

If it was not in the cache, those comment lines will not be there.

SpaceLifeForm October 13, 2020 1:04 AM

@ Clive, name.*.*.*.*

I'm Charles Darwin, and I approve this animated bar chart.

hXXps://dangoodspeed.com/covid/total-cases-since-june

name.withheld.for.obvious.reasons October 13, 2020 1:57 AM

@ SpaceLifeForm

Thanks for the chart, does this have an origin species my good Charles? Are you at Cambridge or in the field?

Most of the time I give the graphics a miss, seems my stream editor doesn’t work to render graphics. Actually, graphic elements are never requested by my client, I drop all those bits to dev/null so to speak. Makes my browsing experience a lot like Mosaic version 1.0 or Netscape 0.9. I do occasionally launch a modern browser to use a very limited set of interactive (mainly form processing) sites.

lurker October 13, 2020 1:58 AM

@Clive, AlanS

Again they are asking for the impossible.

Throwaway line by a tech pundit on local public radio this morning: “In practice it’s impossible, in theory extremely difficult, but if they achieve it by legal subterfuge it will break the internet.”

Dramatic licence, yes, but intended to give the message that the pollys are out of their depth, again.

name.withheld.for.obvious.reasons October 13, 2020 2:24 AM

@ SpaceLifeForm
Most interesting, yet predictable. Though the is an interesting series of transitions between the highest cases, where North Dakota comes out of nowhere in June (not on the charts), by mid-August is entering the fray, and accelerates into October to take the top spot. I can guess something to do with schools, my supposition until any detail can be scraped from other sources.

Johns Hopkins probably proves useful, there are some charts that include news/actions along the timeline. If you want check out something I thought cool, there is a Wolfram covid model and dataset available. It is awesome, the power of Mathematica; epidemiological, genealogical, and phylogenic primitives and some interesting demos along with data that I believe is from Nextstrain (but I believe they have some other data sets too).

What I find interesting are the schemas and abstractions in their viral modeling. Not too dissimilar to other physical modeling systems but have not had an opportunity to delve into anything such as kinematics.

name.withheld.for.obvious.reasons October 13, 2020 2:40 AM

@ Clive Robinson
Respecting your comments on the DoJ, the analysis posted to the Acedia thread hits at the heart of this but there is more. My issue is the sheer audacity and a combination of asinine-ary that is almost indescribable–Shakespeare would be challenged for prose, by any name.

It is not just DoJ, it should have become clear during the RNC event. And dare I say, the scope is also different. Hair exceeding thermal quiescence and about to go entropic.

susan thomsom October 13, 2020 6:12 AM

My husband was diagnosed of Parkinsons disease 2 years ago, when he was 49. He had a stooped posture, tremors, right arm does not move and also a pulsating feeling in his body. He was placed on Senemet for 8 months and then Siferol was introduced and replaced the Senemet, during this time span he was also diagnosed with dementia. He started having hallucinations, lost touch with reality. Suspecting it was the medication I took him off the Siferol (with the doctor’s knowledge) and started him on PD natural herbal formula we ordered from AKANNI HERBAL CENTRE, his symptoms totally declined over a 3 weeks use of the AKANNI HERBAL Parkinsons disease natural herbal formula. He is now almost 51 and doing very well, the disease is totally reversed!  (Visit www. akanniherbalcentre .com)

Sancho_P October 13, 2020 8:11 AM

@SpaceLifeForm

Well, all good, all caches play together or separate, but does it explain that a certain posting can one time be seen with a timestamp of e.g. 4:35 AM and hours later with 4:41 AM, both on the 100’s list?

Btw. the
hXXps://dangoodspeed.com/covid/total-cases-since-june throws:
Forbidden
You don’t have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
(all dangoodspeed.com, at least to the EU/Spain)

AlanS October 13, 2020 1:04 PM

@Clive

We are fast entering a world run by people who think the XKCD method is measured, reasonable and appropriate no matter the supposed crime or even no crime at all.

SpaceLifeForm October 13, 2020 3:31 PM

@ Sancho*P, Cl1ve, n4me.*.*.*.*

Both of your observations point to MITM.

What I call the Catch-and-Release fishtank.

Try again tomorrow.

Been happening since y2k.

SpaceLifeForm October 13, 2020 4:07 PM

@ Anders, Weather

Can you confirm what Sancho_P has observed?

I suspect not at this time or space.

Feedback welcome.

SpaceLifeForm October 13, 2020 4:52 PM

@ Clive

Curious.

What was the timeframe and context when I noted this?

I know I wrote that, but curious on the timeframe and the context.

I just cannot recall the timestamp you reference here. It's been a long millennium.

(Perhaps because I've been saying this over and over since at least y2k)

Was it here, Groklaw, or slashdot?
Arstechnica? Techdirt?

Or, all of the above?

Maybe it was UseNet. I don't recall.

hXXps://www.schneier.com/blog/archives/2020/10/friday-squid-blogging-after-squidnight.html/#comment-356599

SpaceLifeForm October 13, 2020 5:12 PM

@ name.*.*.*.*, Clive

In the olden daze, you would ftp Mosaic over dialup so you could run it on a real Xterm to get to a decent website, Yahoo!

Then, you could get Netscape.

These days, the kids have it so easy.

You use IE/Edge so you can install FF/Chrome.

Clive Robinson October 13, 2020 5:18 PM

@ AlanS,

We are fast entering a world run by people who think the XKCD method is measured, reasonable…

Personaly I think the UK entered back before RIPA became more than a few bumps in a brail jotting book.

Even the man’s son told him it was a very dangerous and stupid bit of proto legislation, and a few changes for the better were made.

In theory all the legislation was supposed to do was take the ambiguity out of “surveillance powers” and put it one a clear legislative footing…

In practice it became an “evesdropers corridor pass” and thousands if not tens of thoudands of people discovered that they could put people under the most intrusive of surveillance (bedrooms/bathrooms) without any fear of being both prosecuted and sued beyond bankruptcy…

The results were horiffic people were in effect tortured mentally by these “jobs worths” and a quater of a century later they still have mental scars, with not just full blow PTSD but a fear of even staying in aby kind of sensible accommodation.

@ JonKnowsNothing,

I know that your comment about Australia was on another thread,

https://www.schneier.com/blog/archives/2020/10/google-responds-to-warrants-for-about-searches.html/#comment-356741

But, the comment of Mike Pezzullo AU home affairs secretary of,

state security must be ‘ubiquitous without being oppressive’

Is outrageous and he must know so from the UK experience.

This will destroy peoples minds and tear society asunder, as well as giving grotesque pleasures to what at best are “deviants with uncontroled powers”. Because as we know, there will be no effective oversight, even where rule breaking is clearly idebtified it will be excused.

As has been observed before it will be like “Giving the keys and control of the orphanage to pedophiles”, which has actually happened numerous times in the UK by both state payed, charity payed and church payed orphanages with even MP’s and those very close to them going and getting their rocks off by invitation (look up Cyril Smith MP, Jack Straw’s brother, and the lover of atleast one other Minister that we know of…).

It is intolerable, it will happen and it will be alowed to continue to happen ubder the faux excuse of “the greater good” which by the way has never ever been demonstrated as fact. It gets talked up but there is no evidence to support it, even when the likes of the FBI have tried to invent it.

There is good reasons for the assumption of “Innocent untill proved guilty” likewise why some American’s are finally realising why there should be limits on free speach to prevent “trial by media” which biases juries due to media ubiquity. Remember that the majority of police officers who kill, maim, or otherwise injure US citizens get away with it by claiming they can not get a fair trial or that imprisonment would be to dangerous for them… You don’t get to see other killers etc getting the same “consideration” so removing the “excuse” might stop the consideration, thus might limit the excesses of these officers and also their colleagues.

SpaceLifeForm October 13, 2020 6:07 PM

@ Clive, ALL

I told you all: There is no immunity.

They can lie all they want, but no one has ever found a cure for the common cold. Which is a Coronavirus.

Dutch woman dies after catching Covid-19 twice, the first reported reinfection death

hXXps://www.cnn.com/2020/10/13/europe/covid-19-dutch-woman-reinfection-death-intl/index.html

hXXps://www.cdc.gov/coronavirus/general-information.html

Clive Robinson October 13, 2020 6:09 PM

@ Moderator, SpaceLifeForm, Anders, Weather, ALL

Another thing I’ve noted about the 100 comments page is that “links have gone missing”.

On the previous software links in the “name field” were displayed on the page, now they are not.

This makes spotting “spam” etc much harder than it used to be.

I’m not sure why this change has happened but it does indicate that there are very real differences in the meta-data fields of a post in the 100 comments page abd the page where the post was actually made.

Thus the likelihood of the time meta-data getting mangled is raised unless it can be shown not to be the case.

Clive Robinson October 13, 2020 7:44 PM

@ SpaceLifeForm,

There is no immunity.

That rather depends on what you mean by “immunity” and also remember such things have “a normal distribution” thus there are both positive and negative tails in more than one dimension, two of which are “time” and “effectiveness”.

The four Corona viruses that contribute amoungst others to the “common cold” should tell you why there is of yet no vaccine for the common cold,

1, Multiple viruses.
2, Some of which are RNA not DNA.

But more importantly, where is the “profit to be made”?

The common cold does kill people but comparatively few, thus the need for a vaccine is actually lower than the flu or other more dangerous viruses.

However there is massive profit in,

3, Vitimin and mineral supplements seen as “preventatives”.
4, Cold and flu medications (most of which make things worse immune system wise[1] including the fatality risk).

Thus when you look back on Common Cold vaccine research it was payed for by governments with the aim of reducing “lost man hours” to the economy not in making drug companies profits.

Drugs companies are happy to play along with flu vaccines because usually there are multiple flu viruses each year, so your odds of getting flu are still high, thus peofitable. But stopping the more deadly versions is good business because it means they will also get you next year and several years after. Thus not killing their profit base makes sense.

But COVID-19 is different, it’s atleast 100 times more deadly than flu in a number of populations as the figures so far attest to. With just a few days death figures previously rivaling the entire anual figures for cold and flu in some places.

Worse the COVID mortality rate has very much depended on scarce medical facilities that were easily saturated. Thus access to very simple life saving oxygen therepy makes way way more of a diference than the likes of eye wateringly expensive drugs like Remdisiver etc that are of questionable efficacy.

The whole story of the COVID drug trials has not been about prevention especially with low cost non patent drugs and supliments, but expensive extensively patented drugs.

As others are now pointing out “there’s no money in out of patent cures” for the drugs companies. However there is considerable sums freed up to certain “friends of politicians” if those who are killed off are asset owning pension drawers that also clog healthcare…

That said some people have cut against the grain on testing and oddly that is where the most effective supportive medicine has made a real difference. Which is why in what many consider the start of the second wave mortality figures are down in the more vulnerable age ranges (though this could be due in part by “mask wearing” limiting the infecting viral load, thus giving your immune system a much better chance).

Only time will tell if we can get COVID under control or not, there are two hopes in this,

1, Effective and safe vaccine (active prevention).
2, Antibody injections (passive prevention).

Either of which could enable us to eradicate SARS-CoV-2 before it significantly mutates. Eradication would certainly be more desirable than having it mutate several times and causing potential reinfection.

Beyond that, currently we have to little data to say.

My major concern currently is “Long Covid” or more correctly COVID Sequelae. There is a very real possability the virus could cause cancer in several decades time or other immuno-compromise fatal diseases or expensive to address isuues. We realy do not have any data yet to say if it’s likely to happen or not, and that’s a real problem…

[1] Most such medications contain “anti-pyretics” that bring the body temprature down thus compromising your immune system function. They might make you feel better but not only do they prolong your infection they actually worsen it’s effects on you making it more likely that you will die.

bob October 14, 2020 3:19 PM

BleedingTooth: critical kernel Bluetooth vulnerability

BlueZ Advisory: Severity rating, HIGH – All Linux kernel versions before 5.9 that support BlueZ

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://web.archive.org/web/20201014200119/https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://lwn.net/Articles/834297/#Comments

The latest security information on Intel® products.
BlueZ Advisory
Intel ID: INTEL-SA-00435
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Information Disclosure
Severity rating: HIGH
Original release: 10/13/2020
Last revised: 10/13/2020
Show more Show less View all
Summary:

Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure. BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities.
Vulnerability Details:

[…]

Affected Products:

All Linux kernel versions before 5.9 that support BlueZ.

[…]

Clive Robinson October 14, 2020 3:47 PM

@ Winter,

The woman was 89 and suffering from a bone marrow cancer that compromised her immunity.

And the therpy / drugs probably did not help either.

However 89 is better than average and hopefully her long life was otherwise healthy and happy.

But the point is, whilst it might be well out on the probability curve it is still possible to get the same disease twice in fairly quick succession.

Though consider in the US and UK and other parts of Europe normally we get a cold or flu every year in the couple or three months either side of the begining/end of the year (November-March).

We treat it as normal but… it is actually avoidable as other nations have shown.

In Japan for instance which has a population of nearly double the average of European Nations, getting a “winter malady” is considered bad luck. Likeeise in Korea and some other Asian countries (but not China).

In part it is to do with their culture of,

1, Wearing masks.
2, Good ventilation.
3, Speaking quietly.
4, Maintaining a respectfull distance, not kissing/hugging etc.
5, Being less obese.
6, Eating more healthily.
7, Getting more outdoor excercise.

This appears to all have helped them keep their COVID-19 deaths well below two thousand so far, which is actually amazing when you compare to European Nations and US deaths. But it also helpes them avoid most respiratory diseases year after year…

Realistically, aside from mask wearing we should all practice the above, as it helps keep you healthy, well, and mostly long lived as the top two or three killers in Western Societies are very much less prevelent.

Personally I’d love to live on a Japanese or Korean diet, unfortunatly it is quite a bit more expensive than it should be in the West and in many places a lot harder to get even the base ingredients.

Oh and the other thing about not talking etc on public transport, I’d love to see in London, is it lets other people sleep and getting “cat naps” during the day has been repeatedly shown to reduce stress and sharpen the mind up afterwards.

When I used to sail off shore a lot 4hours on 4hours off around the clock quickly became very comfortable and relaxing.

Sherman Jay October 14, 2020 4:05 PM

@Winter,
There are articles by responsible medical entities that talk about at least a half-dozen cases of re-infection.

Another topic:
As part of an organization that has professionally repaired/refurbished computers for decades (and always considering people’s personal data as sacrosanct), this is interesting for a number of security reasons:

h t tps://www.vice.com/en/article/qj4gqv/the-ny-posts-hunter-biden-laptop-story-is-a-right-to-repair-nightmare

Clive Robinson October 14, 2020 5:43 PM

@ Sherman Jay,

Another topic:

Without seeing the original story it’s hard to pass comment.

But what can be said is “the timing is convenient” for some…

On a more general note, whilst small repair shops don’t pass on the contents of peoples computers to third parties it is quite a gray area.

As the article notes some big company places appear to have a policy of “Scan and report” to the authorities. Well they should not because technically it’s an illegal wire tap.

But, if they “backup” the drives etc using a bit copy etc then in effect the contents of the backup are a third party business record, that belongs to the company…

Thus there are plenty of loop holes and we know the FBI have “tutored” hotel maintainence and other repair staff in “how to” see stuff as part of their duties etc and report it, thus get around the law and it’s protections for private individuals.

It gets complicated especialy when AV software does the scanning. That infected file that gets sent back to the AV firm, who does it belong to?

Remember all the noise about Kaspersky?

But then, I’ve known of “hired help” in repair shops looking for videos etc for their own personal gratification just as various Law Enforcment people have been caught out.

The fact is you can not stop such people, because they see it as “A perk of the job” or an entitlement… The fact that they are “Ahh soles” in life in general should give employers due warning, but often they chose to “not see”.

At the end of the day, they can only find what was put on the computer at some point in the past.

Thus not putting personal, embarrassing, questionable or illegal content on your computer is never going to be a good idea at the best of times.

The big issue arises with “ransomware” and similar blackmail/extortion or other illegal activities. In the past people using malware to gain access to peoples computers have hidden content on peoples computers via that or other malware and done it in ways that can make the computer owner/operator look guilty of downloading such content. Then some time later comes the “Pay or be damed/jailed” notification.

Whilst there are ways of dealing with this when it happens the big problem is the better oprions require preperation and planing and some capital outlay.

As any repair shop can tell you people just don’t do the preperation or planing and don’t want to spend the money. Which often is the reason they end up in the repair shop handing over much larger sums of money…

As I’ve said I don’t connect my computers to any kind of external communications network, and some I take even more care with. I’m likewise quite carefull about the testing, handeling and secure storage of backup tapes.

So far I’ve not had problems I could not fix myself, except on one occasion when the BIOS in a brand new virtually unused netbook decided to wipe it’s self on boot up. As I’d not actually put any work on it as I was still installing software, I did not have any qualms about returning it under guarantee. I have however since getting it back never connected it to any computer communications or my other machines.

As it’s oldish I wiped it a couple of years back and reinstalled the base and stuck Ham Radio software on it for use with HF Comms experimentation and the occasional QRP expedition. Whilst it might sound exiting, generally it actually means sitting in a field on a very windy hill under a tarp whilst it rains and rains and the darn kettle never want’s to boil so no cupper let alone a “Pot Noddle”. As for getting there, remember I get around on sticks so it’s definitely gentle gradients within a relatively short distance from transportation. No running up mountains like a goat with the devil chasing it, as I used to do when younger. However provided you don’t tell 😉 I do sometimes operate from the tops of multistory car parks hotels etc but the QRM is getting realy bad these days with those goddamn awful LED advertising displays used in shops, and TV’s in peoples flats/apartments that certainly never got “CE or FCC approval”.

The building I do “want to bag” an unaproved QSO from is the Shard in London, as do a few friends, I bagged the Nat West tower a few years ago, with a little help from a frendly insider, as well as “100 Westminster Bridge Road” the old home of the UK SiS (now a residential block and still called “Century House”). I did have plans to bag every “20floors and up” in London, but they are now building them so fast…

name.withheld.for.obvious.reasons October 14, 2020 6:35 PM

@ Moderator : SUBJECT MATTER THREAD IS OF INTEREST, EDITORIAL DISCRETION IS CEEDED.
SECOND SNIPPET FROM THE BARR SPEECH AT THE NRB CONFERENCE
A Critical Analysis in Response to Official Statements by the Department of Justice; Attorney General, William Barr

BARR STATEMENT
How does religion protect against majoritarian tyranny?  In the first place, it allows us to limit the role of government by cultivating internal moral values in the people that are powerful enough to restrain individual rapacity without resort to the state’s coercive power.

Experience teaches that, to be strong enough to control willful human beings, moral values must be based on authority independent of man’s will.  In other words, they must flow from a transcendent Supreme Being.  Men are far likelier to obey rules that come from God than to abide by the abstract outcome of an ad hoc utilitarian calculus.

These fixed moral limits did not just apply to individuals, but to political majorities as well.  According to Tocqueville, in America, religion has instilled a deep sense that there are immovable moral limits on what a majority can impose on the minority.  It was due to the influence of religion in America, he explained, that no one “dared to advance the maxim that everything is permitted in the interest of society.”

Thus, as one scholar observes, Tocqueville concluded that “democracy requires citizens who believe that the rules of morality – and hence the rights of their fellow citizens – are not merely convenient fictions,” wholly dependent on the will of men, but are instead rooted in the immutable transcendent truth.

Thus, it is safe to give the people power to rule, but only if they believe there are moral limits on their power.  Tocqueville’s call to preserve this moral system is not, as scholars have explained, “a rejection of pluralism; it is an effort to preserve the moral and religious foundation on which a successful pluralism can exist.”

There is another way in which religion tends to temper the passion and intensity of political disputes.  Messianic secular movements have a natural tendency to hubris.  Their goal is to achieve paradise in the here and now.  Those who participate in these movements believe their goals are so noble, they tend to see their opponents as evil and believe that any means necessary to achieve their objectives are justified.  That is why the most militant agents for change are entirely comfortable demonizing their opponents and are all too ready to destroy those opponents in any way they can.

RESPONSE/ANSWER
Taking from Barr’s text, the bold highlighted language forms the argument to this complete trove of boloney served to us by a grotesque exercise in buffoonery while dressed up in Attorney’s General clothing and is completely void of any intellectual rigor. It is ironic that the very text to refute this quack holding a sack of dead cats was provided by the same cultural carpet bagger Barr. The last two paragraphs are non-sequiturs and requires a statement, arguing about a useful function of religion by a separate argument with no basis in fact decrying liberalism is not a supporting statement—to anything. The argument most appropriate is this is a reflexive or unconscious Freudian confession of the internal views of Barr. The final argument is the most generous and possible the most likely.

name.withheld.for.obvious.reasons October 14, 2020 6:56 PM

@ SpaceLifeForm
Thank you for the most succinct cliff notes possible, it would make a wonderful addition to the thesis. And it already has…

RUN FOR IT, MARTY! October 14, 2020 10:05 PM

WO2020060606

Here is the patent for Microsoft 1. WO2020060606 – CRYPTOCURRENCY SYSTEM
USING BODY ACTIVITY DATA

Look at the patent number, literally, “world order 2020 666.” This from the
same guy who is publicly saying he wants to put microchip tracking on every
human on earth to prove you have been vaccinated, to allow you to buy or
sell.. Bill Gates needs to Beg God for forgiveness. Science with out Gods
standards is propelling humanity towards a calamity of biblical proportions.
Even if Bill repents, Elon Musk has made and is rolling out a 5g satellite
grid around the whole earth and brain chips. This is not a joke, this is
some fucked up shit..

  • Revelation 13:16:
    And he causeth all, both small and great, rich and poor, free and bond, to
    receive a mark in their right hand, or in their foreheads.
  • Revelation 14:9:
    And the third angel followed them, saying with a loud voice, If any man
    worship the beast and his image, and receive his mark in his forehead, or
    in his hand, 10 The same shall drink of the wine of the wrath of God,
    which is poured out without mixture into the cup of his indignation; and he
    shall be tormented with fire and brimstone in the presence of the holy
    angels, and in the presence of the Lamb.

#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#

MAKE AMERICA LOBOTOMIZED AGAIN

The Untold Story of JFK’s Sister, Rosemary Kennedy, and Her Disastrous Lobotomy
https://people.com/politics/untold-story-of-rosemary-kennedy-and-her-disastrous-lobotomy/

The Forgotten Story Of Rosemary Kennedy, Who Was Lobotomized So That JFK Could Succeed
https://allthatsinteresting.com/rosemary-kennedy-lobotomy

The Truth About Rosemary Kennedy’s Lobotomy
A never-before-seen photo surfaces of the forgotten Kennedy, who, after a disastrous
lobotomy, was rarely heard from again
https://people.com/books/rosemary-kennedy-the-truth-about-her-lobotomy/

When Rosemary was 23 years of age, doctors told her father that a form of psychosurgery
known as a lobotomy would help calm her mood swings and stop her occasional violent
outbursts.
https://en.wikipedia.org/wiki/Rosemary_Kennedy#Lobotomy

Wesley Parish October 14, 2020 10:11 PM

The Fedora Project’s got the beginning of a discussion on the Web of Trust.
https://fedoramagazine.org/web-of-trust-part-1-concept/

This is where the web of Trust comes back into the picture. The Web of Trust implies that even if the vast majority of people can’t validate the workings of a device, that others can do so on their behalf. Journalists, security analysts and hobbyists, can do the work that others might be unable to do. And if they find something, they have the power to share their findings.

It has its flaws.

got pika? October 14, 2020 10:13 PM

name.withheld.for.obvious.reasons • October 14, 2020 6:35 PM

Wow, and here I thought this blog was about Security. Technical matters.

Now it’s full blown clown world politics. Disgusting.

xcv October 14, 2020 11:54 PM

@name.withheld

I wasn’t a socialist; they came for the trade unionists, I wasn’t a trade unionist” with the crescendo “…and then they came for me.

Don’t be such a commie. That is just plain too much weed. Anyone would come for you. Some of what you’re smoking in any case.

Winter October 15, 2020 12:20 AM

“There are articles by responsible medical entities that talk about at least a half-dozen cases of re-infection.”

Reinfection has been found many times. What seems to be happening is that the response of the immune system takes some time to kick in. In all other cases, where patients’ immune systems were not compromised, there were no serious symptoms. But if your immune system is not functioning, you will not become immune after infection. That is what a “compromised immune system” means.

SpaceLifeForm October 15, 2020 12:50 AM

@ name.*.*.*.*, Clive

Glad you liked my Cliffnotes. Hopefully covered the bases and not too wordy.

I hearby officially grant you use of those Cliffnotes under Creative Commons - By License
Attribution 4.0 International (CC BY 4.0) as it makes no sense to use under Fair Use as there is only 3 points, and they all really go together as a set. Logical? If you disagree, explain why. I can always change my mind, right?

(I actually figure you would do this anyway, but let's be sure we are on the same page legally. You never know what is down the road these days)

Ok, onward...

I have serious doubt that Barr wrote those words. OLC more likely.

He never seems that wordy in public, especially testifying to Congress.

I guess you have seen these.

From 2017-07-25
hXXps://www.lawfareblog.com/mueller-bound-olcs-memos-presidential-immunity

From 2020-06-18
hXXps://www.justsecurity.org/70166/recently-released-olc-opinions-from-1974-shed-light-on-current-legal-debates/

@ got pika?

You are not paying attention. You may not have *ANY* computer and network security issues to deal with, if you do not address the bigger picture regarding National Security and your own Personal Security.

Do you want to end up like a cow on Devin Nunes farm?
(it may be lonely, there is no proof that there are any cows there)

SpaceLifeForm October 15, 2020 1:06 AM

@ name.*.*.*.*

Typo, of course.

The justsecurity article was May 2020 (2020-05-18), not June 2020.

I try to always use ISO 8601 date format as it is not ambiguous.

Something I learned to do, well, over 20 years ago. (y2k remediation)

name.withheld.for.obvious.reasons October 15, 2020 2:08 AM

@ SpaceLifeForm
Appreciate and thank you for your involvement and contributions. I consider my own postings to be under the rubric of CC and you made me aware of something I was unaware of. In the past I have dealt with international contracts and I did not know about version four of the Creative Commons licensing scheme.

I want to repeat and put an emphasis on your thoughtful participation. When in the past five years, a number of contributors have left this place–and we are the poorer for it. My appreciation extends to JonKnowsNothing, MarkH, Sancho_P, Clive, and forgive me, I know I missed a few.

As GNU is the birth parents (Stallman is considered the father) of the Creative Commons schemes, I have entertained public policy as a matter under such a scheme. Consider legislation, statutes, public law, regulations, and various acts and resolutions under the context of such a scheme. Crisis Management, Open Source, Frameworks; a series of documents and templates that supports say a public response to the Covid-19 pandemic–and it scales. This supports a global approach to problem solving or solution provisioning.

I understand Barr is among a cabal of predatory evangelical imposters, their beliefs are in direct support of an authoritarian model of governance. He understands that the liberal polity can be subjugated by using the mechanism of an open society to coerce and subvert systems of trust and honor. It is truly a power struggle, and what the QaNon and world order conspiracy types don’t understand–they have had a plan and have acted on it, in and to the extent necessary to be able to assert or acquire power. It is largely a power play, taking the reins of social structures and abusing it for their own purposes.

Barr has some other scary views and postulates on governance, the human condition, and where the name tags on the table reserved for tyrants…

Understanding how to manipulate the public with very suggestive psychological nuance, melds propaganda and the methods of dispersing it with administrative policy and operations. I understand that a psychological propensity to bully and abuse others can be a coalescing force–but it does break down due to internal power struggles. Meaning, this kind of quasi shared-dictatorial fascism is fragile and cannot be long-lived.

name.withheld.for.obvious.reasons October 15, 2020 2:41 AM

@ vas pup, Sherman Jay, Anders

I have yet to recognize–not belligerently, but my memory just isn’t what it used to be–your contributions, they are noteworthy and helpful. Please continue on, stiff upper lip and all.

Clive Robinson October 15, 2020 4:02 AM

@ Wesley Parish,

… the Web of Trust.

I’m old enough to remember when the “Web of Trust” ment something altogether different with the original Pretty Good Privacy(PGP) and the resulting “Key Signing Parties”.

Whilst I can see what The Fedora Project is trying to do, humans will still be human, and “To be human is to err”…

A case in point is the articles optomistic intro that contains this “would be” ammusing little nugget[1],

“The person who has written the human-readable version of the application and then releases it as compiled code to use by others, knows all about what the code does, while the end user knows a very limited scope.”

What an over generalised assumption, it’s effectively an “Apple pie” statment…

However to some the “object code” or machine code image in menory is more readable than the high level language source. In part because at the assembler / machine code level the “instruction set” is a near constant, whilst high level languages come and go with which ways a developers interests blow in a breeze. I gave up tracking how many different new “high level languages” there were not long after the mid 1980’s.

But as Ken Thompson’s little paper “Reflections on Trusting Trust” demonstrated there are tricks you can pull that do not in any way show up in the source code, no matter how eagle eyed or how numerous those eyes are.

http://users.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

Hence the old joke of “Feal for the source Luke”, what is set in source code can and has been thwarted, by the toolchain amongst many other things.

Another way of thwarting those eyes is by a number of tricks that even many domain experts can not see.

A case in point was the NSA dual eliptic curve digital bit generator, that ended up so embarrassing NIST.

As I’ve mentioned befor many years ago I pulled a few tricks in source code to prove a point about “code review” and why it fails. I basically back doored a stream cipher in a way that it would deliberately leak a private key or encryption key in the upper bit of each bit out of the stream generator. What I actually backdoored in part was the program “specification” as well as other things like library code issues (malloc/free behaviour). Thus the source code appeared to be doing as required…

You can see all sorts of other tricks in the work of Adam Young and Moti Yung in their book.

The point being is that there are many security levels above the source code such as,

0, Specification.
1, Implementation.
2, Protocols.
3, Standards.

Which become broader in “target scope” the further down the list you go.

I was aware of this many many years ago when I first started looking at mechanical cipher machines. I became aware of “weak key issues” and realised how you could use them to your advantage if anybody who was not aware of them used or copied the equipment you fielded. Even though I and others had warned about this issue, it was not till many years later it came out. That this was exactly what the special arangment was between Boris Hagelin who owned Crypto AG and US Army Cryptography expert William Friedman before the NSA realy existed[2][3]…

Once you realise that such a trick was happening you start looking for these “light touches, with devastating consequences”, and oh boy is it a target rich environment…

For instance whilst the open crypto world fretted about DES the AES competition came along. As I’ve said before some one in the NSA “rigged the contest”… Put simply the NSA are experts in “side channels” and at that time few academic cryptographers were. Thus the NSA realised that having a “speed contest” and making the code available to download and use for free, was an ideal opportunity. The result was that there are still AES implementations out there in use that leak information via side channels like a bucket with no bottom to it.

Similar things have been discovered with overly complicated security protocols for networking, repeatedly.

And more recently the withdrawal of the NIST standard shows that the NSA are playing at all levels with the rather silly notion of NOBUS. The result two of their ciphers got kicked out of consideration in other standards. The thing is these tricjs are not NOBUS that concept is based on false axioms. Because these things become public one way or another eventually, and will probably do so faster now people are actively looking for them to grab their 15mins of Fame etc.

Oh but still be wary of “Plain Text” it does not mean what many people think it does. The lead Scientist at the NSA Bob Morris Snr when he retired told people to be wary of plain text, and many made jokes avout it, but I suspect the laugh is on them not Bob Morris Snr.

I suspect amongst other things it was a refrence to “file formats” and how they very much weaken security through “known Plain Text Attacks”.

One of the security assumptions behind “Perfect Secrecy” is that “all plaintexts are equiprobable”. Well with file formats and magic numbers that is certainly not true. The likes of MicroSoft put upto 4k of what was effectively “known plaintext” at the front of files. So for simplicities sake, if for example, you are doing the likes of a partial brut force attack as part of a time/space trade off, you have a good indicator you have the right key with little effort thus things happen way way faster. The same reasoning applies with many other more complex and effective attacks.

The “Great Game” is said to be “One of smoke and mirrors”, well that is certainly true in the little corner that is cryptographic systems. So you should “never take anything as read” you “have to look deeper” much deeper, and the number that can do that effectively is almost vanishingly small.

[1] The article does go on to slightly correct the picture and explain why the source and the executable might be different but only from the point of malicious third parties.

[2] https://nsarchive.gwu.edu/briefing-book/cyber-vault/2020-02-19/hagelin-friedman-gentlemens-understanding-behind-intelligence-coup-century

[3] The thing about “side channels” is that they can use any energy source and transmission medium that is available. Back in the early 1980’s Peter Wright wrote a book “Spy Catcher” whilst the back half of the book is not germain to this the front half is. In it you will find he talks about an audio side channel which happily crosses what we would call an “air gap” because sound radiates through not just air but solid objects reasonably well and can go around corners and down corridors. Something that quite a few electronic and embedded system designers had known from the same time having had to try and develop very low cost computer to computer communications. But was later denied by “experts” when BadBIOS was talked about, untill a couple of students wrote a paper and published it (and people still question why I talk about “energy gapping”).

1&1~=Umm October 15, 2020 7:03 AM

@Justine:

“Don’t be such a commie. That is just plain too much weed. ”

They say there are three signposts to any disaster.

1, The first is only visable with hindsight.

2, The second visable with not just the eyes but mind open to see.

3, The third is obvious to all.

The first is now visable to those that have seen the second, and they have been pointed out.

The question is ‘Will you heed the warnings, or wait untill it’s to late to defend yourself let alone those you care about?’.

The saying you quoted, has changed a few times over the years but the message is the same.

‘When the beast is roused it will like the fox not just feed on those captive in the hen house, but it will kill all that it can’

The fox is worming it’s way into the hen house of US society, it cares not what or who you are, simply that you can be fed upon or killed. Just remember those who stand and watch or turn their head, and just ignore, are put themselves undefended, unprepared, and closer to the jaws of the beast, than those who chose to either run or stand and fight.

Calling people ‘a commie’ or implying they are on drugs, only serves to dull your senses further and make you more vulnerable to the ravening of the beast that is comming upon you.

George Georgalis October 15, 2020 8:26 AM

The “Privacy Analysis of Ambient Light Sensors” reminds me of a data ex-filtration technique based on modulating cpu utilization within a secure zone (data center), to modulate hvac utilization, for remote sensing of the signal, by monitoring the utilization of hvac equipment, from outside the building.

I don’t recall if there was a specific article, but a proof of concept was demonstrated to a trusted source (sufficient bandwidth to transmit keys). When I searched this blog for hvac, I found “quite a few” related infrastructure exploits—which is probably more significant than my initial comment.

I loath the reality that has caused me to carry a cell phone now, after ditching the device ~2012. For far less than 1% of the needed utilization today, I expose my digital identity to a device I have very little control over and which provides a massive surface area for attack vectors.

My lesson learned (learning), is the more technical assets can be encapsulated within an uncontrolled environment (intermingled), the less likely that environment can be used as an attack vector. On the surface this sounds like an impossible barrier to use the assets, but the reality doesn’t have to be difficult. Much like an FM radio show, basically impossible to find, unless you know the time and carrier frequency, then it’s easy. …know what you are looking for and hide it in plain sight.

Winter October 15, 2020 11:18 AM

The final step?

White House informally endorses letting pandemic spread unchecked
(The plan is no plan — )

arstechnica.com/science/2020/10/white-house-informally-endorses-letting-pandemic-spread-unchecked/?comments=1&post=39326371

Also read the comments, with a reference to eugenics:

arstechnica.com/science/2020/10/white-house-informally-endorses-letting-pandemic-spread-unchecked/?comments=1&post=39326371

Clive Robinson October 15, 2020 12:32 PM

@ Winter,

The final step?

I think it just confirms what some of us have been saying here about “herd immunity policy” since Feb this year.

I know it should sicken and appall anyone who sees it, but then you could say I’m battle weary on it.

The initial shock and horror that gave rise to anger[1] then resignation then hope that the truth would come out and things might change but didn’t. Then sadness that people were not thinking about what was going to kill them and if not bankrupt then and rob them of any dignity, has pretty much left me numb.

The moronic “Personal Rights over Social Responsability” has destroyed hundreds of thousands of US families, and totaly wrecked the US economy, and it should bot have done. Simple measures early on and the pandemic would have been a near non event.

Look at Japan it’s population is about 2/5ths of the US, it’s econony is functioning reasonably well and so far their total COVID deaths are ~1600. South Korea likewise has a functioning economy as are several other Asian countries.

But look at the antipodies, they clearly indicate without any doubt what the correct policy should have been and what happens when even just one or two break the rules. How fast you do or do not respond makes the difference between a controlable problem and a wildfire outbreak. With an enormous difference on the economy…

Contrast Japan with the US figures on mortality they are horrid, as are the unemployment figures. The political indifference as lives are destroyed and the vast profits some are making, is giving rise to anger. At some point that beast is going to demand blood, and that is not going to be at all good for anyone for several generations.

It’s safe to say that the US executive has not yet made a right decision in time and any and all responses have been well behind the curve and effectively inadequate. Thus grossly mismanaged with no excuse.

I would say if the executive does not change, then a lot worse is yet to happen from this policy. Come november through to march expect the hospitals to become saturated and the fatality rate to rise above 5% instead of less than 0.5% that adiquate healthcare provision gives.

And that’s befor “long covid” becomes more prevelant as COVID Sequelae become more known and the effects last decades.

If this realy is US policy the best thing the rest of the world can do in it’s own self defence is to shut their borders to all US citizens and residents for a generation or so. Only relenting if it is changed and a proper vaccination and economic recovery plan is provably in place and functioning.

And yes before anyone says, I am aware the same is true of the UK politicos and the cure should be the same.

[1] Which sadly MarkH got some of the vrubt of because of a misunderstanding between “natural herd immunity” that can take more than three generations to build up and “herd immunity policy” that is at the end of the day a political plan to asset strip and remove expenditure by negligent homicide so a “favourd few” will benifit.

winter October 15, 2020 12:39 PM

@Clive
“It’s safe to say that the US executive has not yet made a right decision in time and any and all responses have been well behind the curve and effectively inadequate.”

One of the comments was fitting:
“I’m tired of America winning so much. Can we go back to losing? “

SpaceLifeForm October 15, 2020 2:04 PM

@ name.*.*.*.*, Clive

Sure looks like FBI is still handing out free vowels.
And Google got some in recent days.

From 2020-10-12 (yes, I'm making clear it is ISO 8601 format)
YouTube CEO won't say if company will ban QAnon
hXXps://www.cnn.com/2020/10/12/tech/youtube-susan-wojcicki-boss-files/index.html

Today, 2020-10-15
https://www.rollingstone.com/culture/culture-news/youtube-qanon-ban-1076158/

JonKnowsNothing October 15, 2020 3:18 PM

@Clive @Winter @All

re:
  Winter: The final step?

  Clive: I know it should sicken and appall anyone who sees it … then a lot worse is yet to happen from this policy.

The “worse” is on the fast approaching event horizon.

  * UK to build 500+ Pest Houses by November 2020

dedicated Covid-positive care homes are to be set up in an effort to keep patients discharged from hospitals from spreading the virus …

As many as 500 facilities … could be designated by the end of November [2020], the equivalent of one or two in each council area.

  * UK government issues new guidance for shielders [told not to shield]

More than 2 million people in England on the government’s shielding list, considered vulnerable to Covid because of their health, will be advised to take precautions and follow social distancing as cases surge, but most will not be told to stay home

The new TRIAGE rule will be applied very quickly. While the SOFA score is the “gold standard” for TRIAGE, when it comes to COVID-19, age will be the primary kicker. Based on other sources we may expect the beginning tier to start at 65+ and then as the hospitals swamp the tier will lower to 55+ and 45+.

In Wave 1a USA, which has never gotten out of Wave 1 and is now moving to Wave1b, the backup hospitals were rarely used because there was not enough staff to run them. These local overflow hospitals were replaced by the California Surge Hospitals. Some of these local overflow hospitals are still on-the-ground dormant with no staff.

California State setup a second set of 5 Surge Backup Hospitals which were run by a special group; at the height of the surge there were 5. These were taken off line but will be reactivated soon. There is not a lot of information about what the CA State Surge Hospitals did and what sort of health care they provided, but various reports indicated 2 or 3 may have been “TRIAGE dump sites”.

The UK is starting to reactivate some of their Nightingale Hospitals but there is a dearth of staff to work them.

Discharging COVID-19 positive patients into care facilities happened in a number of places (UK, USA, AU) and is one of the main sources of infections. This process still ongoing in the USA.

As we now have @20+ verified re-infections with different strains of COVID-19, sending a lot of COVID-19 positive into a COVID-19 virus incubator is not going to end well. There will be a huge viral load in buildings set up in just 6 weeks. It will be doubtful that such a project will have all the necessary isolation protocols in place, much less the materials and staff to keep the “appearance” that these facilities are intended to be helping people recover.

ht tps://www.theguardian.com/world/2020/oct/13/uk-government-issues-new-guidance-for-coronavirus-shielders

ht tps://www.theguardian.com/world/2020/oct/14/english-councils-told-to-set-up-hundreds-of-covid-dedicated-care-homes

ht tps://www.theguardian.com/australia-news/2020/oct/15/we-learned-the-hard-way-inside-the-war-room-to-contain-victorias-aged-care-covid-outbreak

[August 2020] there were more than 1,000 Covid-19 cases in the state’s aged care facilities and double-digit numbers of aged care deaths being announced day after day.

ht tps://en.wikipedia.org/wiki/Pest_house

A pest house, plague house, pesthouse or fever shed was a type of building used for persons afflicted with communicable diseases such as tuberculosis, cholera, smallpox or typhus. Often used for forcible quarantine, many towns and cities had one or more pesthouses accompanied by a cemetery or a waste pond nearby for disposal of the dead.

(url fractured to prevent autorun)

SpaceLifeForm October 15, 2020 3:28 PM

@ Sancho_P, Clive, Moderator, Anders, Weather, ALL

Re Timestamps changing on posts.

While I can not view the DLL for the tables in the MariaDB, I'll note that there is a 'feature' of MariaDB that may be involved.

Depending upon the table definition (the DDL), the *first* column in the table that is of the type Timestamp may be subject to automatic update when a SQL UPDATE is applied to the row.

In other words, when the row is first INSERTed, the Timestamp column gets the current machine clock applied.

But, if the row is UPDATEd, then the Timestamp column will change to current machine clock even if the SQL UPDATE statement does not reference the Timestamp column.

Sherman Jay October 15, 2020 4:20 PM

The resident of the whitest house the leader? of ameriKKKa had it right when he wheezed: ‘herd mentality’

Per the epidemiologists and medical experts I have come to trust; Herd immunity is a tactic to kill millions of people so a few privileged may survive.

I, and my organization, refuse to be their lemmings/guinea pigs!

Our security lies in ignoring and avoiding all the drooling anti-mask idiots. We will continue to wear masks at all times when out in public. We will demand distancing >6t. We will not accept any vaccine that is ~50% effective (that is a crap shoot and the side effects that have stopped at least two vaccine efforts may be deadly)

Be Cautious, Keep safe everyone.

On another note:
I was pondering the ways we are surveilled. The ISP uses their own pet DNS and records every keystroke. Almost all the sites we visit plant cookies and record a lot of info on us. Search engines record so much, especially g00gle. social media sites hoover up everything they can. All these are likely making money off the info they grab from us. It makes me quite ‘anxious’ (I use that instead of ‘paranoid’ because they really are after us). I have tried using Lynx and turning off cookies and Javascript, etc. But, it becomes too much of a burden to employ all the necessary tactics to try to avoid being tracked to death and still know that there are chinks in all that armor. It seems to me that worrying about time stamps on this blog are rather insignificant in comparison. Yes, TRUST MUST BE EARNED. Either we trust Bruce or we don’t.

xcv October 15, 2020 5:06 PM

@ Sherman Jay

Per the epidemiologists and medical experts I have come to trust;

There was a doctor, an epidemiologist by trade, who, shall we say, “strayed from his field” to become involved in IPv6 and IPsec development.

His family name is Greek, and it has disappeared from the publicly available RFCs and when I do a Google search, I find the top results are TS/SCI classified.

Doctors with illegible signatures and all that, what is this guy’s name and what did he prescribe for the next generation internet protocol?

I did notice some recent comments on this blog regarding computer security in the medical industry …

SpaceLifeForm October 15, 2020 5:46 PM

@ name.*.*.*.*

What concern are you referencing?

Please expound. It will only take 15 seconds. Unless you are workking on a list.

I mean, I know it's been yet another slow news day (YASND), but you know, one can say...

'took 15 minutes and it was over'

SpaceLifeForm October 16, 2020 12:50 AM

@ bob, Clive

The BlueZ fixes for BleedingTooth did *NOT* make it into Linux 5.9

Intel confirms. They removed reference to kernel version.

hXXps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html

But, something smells. Really smells.

Why is Intel screaming about it so much?
It's a Linux software problem. Or is there more to this story?

Seems to be crickets now.

Note the chips!

hXXps://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq

Summary

A heap-based type confusion affecting Linux kernel 4.8 and higher was discovered in net/bluetooth/l2cap_core.c.

Severity

High

A remote attacker in short distance knowing the victim's bd address can send a malicious l2cap packet and cause denial of service or possibly arbitrary code execution with kernel privileges. Malicious Bluetooth chips can trigger the vulnerability as well.

Clive Robinson October 16, 2020 5:49 AM

@ SpaceLifeForm, bob,

Why is Intel screaming about it so much?

As I’m tird up with court stuff at the moment, I’ve not had much time to look around.

Also “as policy” I do not have bluetooth hardware on my computers but also remove bluetooth software and drivers as well by default. Simply because Bluetooth is and always has been a liability you realy do not need, and by recent history is going to carry on being so.

But as far as I can see there’s nothing on bluez.org, and apparently the known developers are not responding to enquiries. In the FOSS community that is a little unusual…

But Intel is actually the power behind BlueZ and we know how they can get…

Google have said it’s a “zero click” full privilege attack, Intel are trying to pretend it’s not that bad. Of the two I’m guessing Google is probably more believable.

But Intel are apparantly muddying the waters as to where the software fault exists. They are trying to imply it’s in the kernel, but other evidence suggests it’s in the BlueZ software. I’m guessing that it’s BlueZ and the way it “hooks into the kernel”. That is the kernel has a number of entry points that are privileged and thus dangerous, but also unavoidable. Which would put the onus of making authentication and other security checks on the developers of the code that links into the kernel.

Which would make me think that it’s Intel trying to keep something out of sight.

Dan Goodin over at ARSTech[1] says,

“Like almost all Bluetooth security flaws, BleedingTooth requires proximity to a vulnerable device. It also requires highly specialized knowledge and works on only a tiny fraction of the world’s Bluetooth devices. Those limitations greatly reduce the number of people—if any—who are in a position to successfully carry out an attack.”

Which might be true of “run of the mill cyber crooks” but is certainly not true of Level III attackers. Such as certain specialized anti-security firms and a number of State Level IC agences who would find any “click free” vector as highly desirable for “directed attacks” at “persons of interest”.

Now we know Microsoft had IC Backdoors in their OS code and have done for years (certainly since aquiring Skype).

We also know that Intel have “special features” via their “Managment Engine” that has add ons for the US IC, SigInt, and other agencies.

As BlueZ works with Intel, AMD, Motorola, Sparc and ARM chipsets and a number of other embedded systems, you would assume that it would be considered a target for those that want “Golden Keys” and similar “backdoors” especially as one major use of BlueTooth is for microphones. Thus being able to turn any BlueZ device into an “Area Surveillance Device”.

Oh and the discovery of this issue, may have a lot to do with COVID as both Google and Apple have recently been developing “core capability” for tracking apps…

name.withheld.for.obvious.reasons October 16, 2020 6:11 AM

@ 1&1~=Umm
I can appreciate you identifying and answering naive attempts to besmirch or engage in ad hominem attacks when arguments and claims are unavailable (once having exhausting any substantive statements) to the persons making these slanderous prose. I’m surprised there was no mention of my wife, especially since I stopped beating her several years ago (a sarcastic sentence as an example of the types of personal attacks).

@ SpaceLifeForm
An inconsistency between data exchanges and presentation and that is in the lower part of the data presentation layer. As I’ve mentioned before I use non-browser tools to acquire data from a site so injection of java or xml CDATA formatted rewrites are meaningless. The MITM possibility cannot be ignored, FOXACID for example. In stream HTTPS interception would require certificate forging as session hijacking or duplication is unlikely.

CERT FINGERPRINT
SHA-256 : E8 27 0C FE 68 2E 9C 6B 4A 7D D9 D8 C8 CF A9 ED BB 22 8A 9C 37 7E 99 DA B8 85 6C 25 3D 36 3B BD

Curious October 16, 2020 8:11 AM

Earlier this year Danish news reported of a US/Denmark cooperation for mass surveillance with fiber optic cables in Denmark, US giving software to Denmark and USA basically having access to all Danish communications, after which Denmark is said to have had implemented a novel mass surveillance system of Danish citizens despite regulatory limitations that was supposed to ban surveillance of people inside Denmark as I understand it.

Today I see that Swedish news SVT has an article that points out that a member of the opposition party Moderate Party (M) in Sweden (government coalition is apparently S & MP) wants to have surveillance of Swedish people despite the current regulatory limitations as I understand it, of only surveilling people that are communicating with people abroad. This M politician also is chairman of the public office for civil/military affairs committee or somesuch. Supposedly, surveillance is not allowed for monitoring when two parties are both in Sweden. The article also mentions concerns about “increased” ‘terror threats’ including ‘terrorism’ and ‘espionage’ and also referring to deteriorating foreign affairs. The boilerplate phrase language “national security” is used. The last parts looks like deceptive or disingenuous boilerplate language.

The latter half of the article funnily enough seem to offer some quotations from the chairman, and the reader is given the impression that the desired surveillance is merited by not only good intentions on the categorical grounds of ‘national security’, but also good intentions that are also meant to be good; as if you can do no wrong in making moral choices if your choices must have been intended to be good. Or as if saying “We have national security in mind, so I really cannot do anything wrong”.

https://www.svt.se/nyheter/inrikes/signalspaning (article in Swedish)

Translation of a paragraph:

“Försvarets radioanstalt (FRA) have today a possibility to monitor two persons if at least one of them is located outside Sweden. Now, the Moderate Party(M) want to expand the possibility for surveillance to even apply if both persons reside in Sweden.”

Given the earlier Danish news, it seems imo sensible to think that if Swedish military is like Denmark, then people in Sweden is probably already subject to mass surveillance if it isn’t technically possible to avoid monitoring everything. I find the choice of the word ‘possibility’ odd, because it implies two different things, which can both be true, but shouldn’t in context of public discourse. One with surveillance being legally possible, the other with sureveilance being technically possible, only the former is supposed to be policy afaik; unless ofc, somehow, there is maybe never a public discussion or public debate about what the technical capability for mass surveillance actually might be, as if ignoring it and so being something ripe for abuse.

Btw, as I understand it, Sweden’s military surveillance org Försvarets radioanstalt (FRA) is already known to be surveilling traffic passing into other Nordic countries and elsewhere. Imo, this in turn makes it obvious that country A can maybe get to arrange an agreement with neighboring country B, to have either country covertly spy on their own citizens if done from outside in the neighboring country. I can at least envision such a loophole even if nobody would think that would be ok if something like that was actually happening.

I can’t help but being cynical and living in norway, I do not believe the authorities here have any limitations whatsoever. Presumably, if they can, they will monitor whatever they can. The way I think about it all is: even if they only seem to start doing preliminary research or preliminary work into the efficacy or setup of mass surveillance, I cannot know if then discussions of current or future surveillance capabilities is just a practice in pretending to following regulatory policy, or, if that monitoring is actually already implemented, wholly or partly, or soon to be fully implemented, or something that can be selectively turned on and off, or used periodically or regionally.

Curous October 16, 2020 8:32 AM

To add to what I wrote:

Apparently Swedish SVT also have an article about Swedish surveillance for combatting gang related crimes.

The article points out that the Swedish government on Friday (last friday?) “presented a plan” against gang related crimes, with a 34 point program, and will now review options against laws about secret surveillance. Type of surveillance: electronic, secret cameras, and secret room audio recordings.

Title translation: “Secret surveillance shall be used more often”
https://www.svt.se/nyheter/inrikes/regeringen-foreslar-utokade-mojligheter-att-anvanda-hemliga-tvangsmedel (in Swedish)

SpaceLifeForm October 16, 2020 4:06 PM

@ name.*.*.*.*, Clive

I'm pretty sure that MAC addresses are being leaked. One bit at a time.

Sancho_P October 16, 2020 4:59 PM

@SpaceLifeForm re timestamps

That’s an interesting point – probably there is another column called “posted”?
However, since a couple of days I haven’t seen the “jumping timestamp” again. 🙂

@Sherman Jay
It seems that posting of timestamps can be changed,
but for sure tracking can’t be avoided! 🙁

SpaceLifeForm October 16, 2020 5:11 PM

@ sancho_P, Clive, name

Just had something goto bit bucket on new squid.

Check out error 409 plus twenty.

Clive Robinson October 16, 2020 11:26 PM

@ SpaceLifeForm, name.withheld…,

I’m pretty sure that MAC addresses are being leaked. One bit at a time.

On that assumption, the question is “From what level in the computing stack?”

The lower you go the more oprions it gives you to leak information. So the NIC hardaware / Firmware would be about the best and most persistent, NIC driver code next and so on.

Remember modern OS’s especially Mi$o do not check code after it’s loaded, and not always before it’s loaded.

So any “change after load” below the CPU level in the computing stack “owns the castle”, and the Ring -3 gift to both IC and Mi$o from those who are panicing over Bt-Z, might bare investigation.

Clive Robinson October 16, 2020 11:31 PM

@SpaceLifeForm, name.withheld, Sancho_P,

Check out error 409 plus twenty.

No not seen sofar, but give it time.

SpaceLifeForm October 17, 2020 1:01 AM

@ Clive

“From what level in the computing stack?”

Chip.

Note that most WIFI/BT use same chip. Same freq.

It’s silicon turtles all the way down.

SpaceLifeForm October 17, 2020 1:17 AM

@ xcv

He had sumptin, sumptin to do with ipv6 you said.

I guess he got some protocol insights from Bluetooth.

I still can not decide which is the bigger mess.

SpaceLifeForm October 17, 2020 2:13 AM

@ Clive, name....

Yeah, I know. I’m crazy.

I wrote some things here in past minutes.

But then, after further thought, I deleted.

I decided, for National Security reasons, best left unsaid at this time.

I think you can catch my drift by connecting recent dots.

Just move your antenna a bit.

hXXps://en.wikipedia.org/wiki/Fresnel_zone

SpaceLifeForm October 17, 2020 5:43 PM

@ bob, Clive

The BleedingTooth patches were applied to Linux source this morning.
Now a 5.9.1 version. Applied to various LTS versions also.

Apparently patches were around since 2020-08-06 timeframe.

And someone at Intel sat on them.

Good luck if you have an Android 8 or 9 phone.

hXXps://www.kernel.org/

Clive Robinson October 18, 2020 2:59 AM

@ SpaceLifeForm, bob,

And someone at Intel sat on them.

Well, just colour me unsurprised 😉

The real question is “Why?”.

Has some Intel high muckity muck sold some shares recently?

Or are they claiming it’s to avoid peoblems with SEC etc?

The simple fact is Intel believe thay are big enough to throw their weight around with impunity… and the rest of us suffer because of it.

Clive Robinson October 18, 2020 3:16 AM

@ SpaceLifeForm,

Yeah, I know. I’m crazy.

Two quotes,

1, You don’t have to be crazy to work here, but it helps.

2, Being paranoid does not mean that they are not out to get you.

There is also the observation,

“There are three sign posts to disaster, the first is only visable with hindsight, the second is visable to those who have the wisdom to see, the third is visable to all except those who chose not to see…”

I’ve a bad habit of spotting things that should only be visable with hindsight. Our host @Bruce has called it “thinking hinky” in the past.

As this blog has shown, I call things and get shot at, or called crazy. But when they happen as they have the bad habit of doing, then those who took potshots are rarely around to apologize.

So ware it as a badge of honour 🙂

SpaceLifeForm October 19, 2020 2:17 AM

@ name.*.*.*.*

Just to let you know, I see the same fingerprint.

So, that means everything is fine, right? ;-)

SpaceLifeForm October 19, 2020 3:03 AM

@ Clive, bob

"Malicious Bluetooth chips can trigger the vulnerability as well."

I hear the chips are best served with Predator sauce in a hexagon shaped bowl.
Warmed to 120 degrees. And a side of Cellery.

hXXps://www.vox.com/recode/2020/5/29/21274828/drone-minneapolis-protests-predator-surveillance-police

Clive Robinson October 19, 2020 6:53 AM

@ SpaceLifeForm, bob, ALL,

I hear the chips are best served with Predator sauce in a hexagon shaped bowl.
Warmed to 120 degrees. And a side of Cellery.

The article is one of a number that are showing what is “out of sight” but not out of ADS-B reach and that of those pesky armchair analysts that reveal all sorts of IC flights, and blow cover via publically available registers in what is now called “Open Source Intelligence” or OSInt and similar.

But to start with what is in all probability a lie or at best a misdirection comment from CBP in the article,

‘… a spokesperson for CBP told Recode in an email. “The unmanned aircraft system provides live video feed to ground law enforcement, giving them situational awareness, maximizing public safety, while minimizing the threat to personnel and assets.”’

Someone is either being very economical with the truth, or they have been “Mushroomed”[1] by their work colleagues and superiors…

For anyone with a rudimentary knowledge of physics who can also thibk laterally would know that, that very hexagonal flight path is not in any way for “optical surveillance”… As the “live video feed” comment claimed, it does not align with any geographic or infrastructure or other man made structural features.

Also after a moments look at the flight path it’s also very clearly a “pre-programed” “very precise” flight path, that has been flown around more than once. Which can be seen quite clearly from the ADS-B overlay (also it appears it may be “datum aligned” by the entry and exit paths).

So the question arises is it a “holding pattern”, “seek mode” or “collect mode”? Or something else[2]… So for those new to this lets walk through the possabilities using what we factually know or can find out about.

For those that do not know even though both radio and light waves are on the same Electromagnetic(EM) spectrum they behave quite differently on the human scale of things. Most objects are transparent to radio waves or just make predictable distortion patterns in the EM field at radio frequencies usually in the horizontal radiation pattern along the ground not the vertical pattern into the sky. For people in the open the vertical pattern is thus the lowest of loss paths the “line of sight path” where one tenth of a watt is enough to reach a very simple anntena five hundred miles away on the space station with good enough intelligibility for a voice channel.

Light however just gets blocked by absorbtion or reflection at light frequencies and goes nowhere fast at ground level, thus the “high ground” gives much longer “line of sight path”.

So At 20,000ft a drone has good radio and light reception. They are also fairky free to fly where ever they like and at quite fast speeds. Which is why drones are rapidly becoming popular for all sorts of things.

But at radio frequencies you can “see” almost unobstructed signals in the nanowatt range at 20,000ft which alows not just very easy and quite precise direction finding(DF) but with appropriate IQ receivers the direction and entire “radioband” to be downconverted to “baseband” and stored in digital form for later very indepth analysis or sent via broadband satellite links to a remote ground station for near real time analysis.

Whilst not entirely necessary having a grid aligned very precise flight path would ease the analysis quite significantly, especially if in “seek mode” as part of a “Find Fix Finish” mission (standard work for drone usage by the CIA and others as the very public death of an Iranian General who was a diplomat on a peace mission shows).

Likewise it helps when in “collect mode” where you basically hover up the entire mobile phone cellular band or ISM band etc.

To reiterate whilst 20,000ft or “four miles up” sounds like a significant distance it’s effectively “line of sight” in the VHF / UHF / low microwave bands and it’s very low “path loss” unlike at ground level where multiple objects cause absorption, reflection and multipath distortion. So hoovering up every cellphone identification could be done passively in just a very few circuits of such a flight path. Faster if done actively.

But we should also think further, it is what analysts do to discover what the enemy is upto. Like it or not Government agencies now see the citizens as “the enemy” which by simple logic makes them and those who work in them “Enemies of the People”[3].

So what else could be done over and above seek and collect modes? Well most smartphones these days remain connected to the Internet, likewise especially with “COVID updates” now forced on many, Bluetooth remains wide open in “promiscuous mode”. So any malware attack that works over the Internet or Bluetooth or “drive by” for WiFi will work with Smart Phones from a drone four miles up…

And that’s before considering the extra advantages “Phased Array Antennes” would give, but these do need precise flight paths and fast processing, but these days you could fit all of that easily in a shoe box sized device using what are low cost off the shelf parts that would not draw any attention if purchased even in large quantities on the open market.

So lets pull out the old questions,

1, Do the laws of physics alow?
2, Is there technology to do it?
3, Is there any impediment to stop it?

Well the answers are Yes, Yes and Not realy. So it’s fairly safe to assume if they are not yet doing it they fairly soon will be… My vote based on other sources of open information suggests the capability is just an invoice away from the likes of Boeing’s less well known divisions and many of the “usuall suspects” in the “Stingray” and similar game.

Oh and modern SDR and FPGA technology on a PCB that is small lite not that power hungry and available to all for less than a months salary for the average person can put you in the same game. All you need is a lift platform which most small “commercial drones” for less than half a years average salary will give you that. All you need to know is how to wire it up and write the software. All you have to do for that information is look on the Internet and think laterally or only slightly “hinky”. It’s certainly well within the capabilities of a small group of undergraduates as a project, and not much beyond what some smarter kids have done for high school science projects using a Raspberry Pi and Python scripting…

[1] “Mushroomed” is another way of saying someone “has not been read in” on “information above their pay grade” as they are not on a “Need to Know” list. It comes from how you nurture/farm white mushrooms. Put simply you spread out a large amount of bovine excrement put the spoors in, water well and keep them in the dark untill you cut their heads off, rinse and repeat as many times as necessary.

[2] Funny we had a self promoted expert here the other day who appeared more than somewhat ignorant of what are now “every day” behaviours by the likes of CBP and as I pointed out only a little while ago “the border zone” being 100miles deep into the US covers by far the majority of US citizens, who as with most nations build up populations from the borders inwards, with the inland areas used mainly for sparsely populated farming and the like.

[3] No matter what these Government Agencies might claim or use to quiet their guilty minds. The excuse of “For the common good” is not even a fig leaf to hide the moral degeneracy that expression and “We are the good guys” have tried to keep hidden over the years.

name.withheld.for.obvious.reasons October 19, 2020 5:57 PM

@ SpaceLifeForm
Thanks for the ACK respecting the fingerprint. Didn’t see your response. And, yes a wink and a nod is still appropriate. If an intermediate host (between client and server connection) has a compromised CERT cache it can be forged/masked. Need to get both sides to verify CA’s for the connection. Some browsers do pinning of CA’s, and DNS masquerading will not prove useful, only compromised CA’s or a local CERT cache (trusted CA’s) can be used to subvert a session connection. And since we probably don’t share CERT caches your acknowledgement is sufficient to suggest no interception–unless…

SpaceLifeForm October 20, 2020 2:13 AM

@ Clive

I have doubts about the visual aspect from 20,000 feet at night, which is when the protests would have the most problems. At night is when the outside instigators come out after driving hundreds of miles just to create problems.

It has to be about radio.

Most modern cell-ery towers operate 3 by 120 degrees.

I’m thinking along this angle.

The drone is a fake cell tower, temporarily confusing the cell phone.
It has a real strong signal. Flying hexagonally.

The phones try to lock in on the really good signal.

As the drone moves, the signal fades.

The cell phone reconnects to nearest tower.

As the phones reconnect to real towers, they are accurately located.
The timing of the reconnects can be visualized as a radar sweep.
Which may also provide some elevation data (think multistory buildings).

The drone is a flying red herring to distract the phone temporarily.

On the ground, a cell phone does not always stick to best tower, the location is not that accurate. This may be about better location data, especially if the user was smart enough to disable GPS (which kills your battery fast, especially if indoors).

hXXps://www.techradar.com/news/phone-and-communications/mobile-phones/how-your-phone-betrays-your-location-993674

Clive Robinson October 20, 2020 5:48 AM

@ SpaceLifeForm,

It has to be about radio.

It appears to be the most likely, especially as it looks like the hexagon is aligned with some chart datum.

It would be interesting to see what the hexagon was “centered on” directly or as a geometric mean etc from a number of points like cell towers.

As with all such things we have hit the analysts wall of insufficient data…

I’m not going to rule out “pre programed flight path” because it definately looks that way. Likewise I’m not going to rule out “holding/stacking pattern” but that still begs the question “why hexagon?” and “Why the alignment?”.

SpaceLifeForm October 21, 2020 12:13 AM

@ Clive

Tiling. The cell towers normally are arranged to create hexagonal cells.
Coverage areas.

As you said, insufficient data.

But my guess is that the flight path was designed to directly fly over cell towers at each turning point.

JonKnowsNothing October 21, 2020 1:23 AM

@Clive @Space

re: Tiling. The cell towers normally are arranged to create hexagonal cells.

Is it possible that they are using multiple Drtbx/Stingrays?

Instead of bouncing all the phones on to one capture device (which can handle lots) they are capturing multiple towers and phones on multiple systems.

Using the Drtbox as a relay to the towers so they can maintain 100% connection?

iirc(badly) Normally on a fly over, they connect and drop as they go out of range, just collecting the details of the phones which they can use later for their search keys.

If they are flying in a semi-fixed path, perhaps they are holding the connection? It would be a one-time drop-connect to the drtbox and then the targets wouldn’t notice after that as they would have 5bars. This way they could capture RT talk and communications.

Not sure if they even need a warrant given the current state of affairs; they might flow under any of a dozen variations of No Warrant/National Security etc. It may or may not be admissible in court but they can always weasel in on parallel construction.

name.withheld.for.obvious.reasons October 21, 2020 3:10 AM

@ MODERATOR — ONE SQUID OUT — EDITORIAL DISCRETION ASSUMED
13 OCT 2020 — SENATE DISPROVES ADAGE;
YOU CAN LEAD A HORSE TO LIPSTICK, BUT NOT TO REASON

OR, IT IS ANOTHER TUESDAY?

Elected officials refuse to entertain the nature or effect that an individual may be under when it comes to religion, irrespective of the character and practices of a particular sect. If Jim Jones, of Jonestown infamy, were offered an associate justice position on the Supreme Court, would there be a foregone deference regarding his religious practices? Jim Jones serves punch (Kool-Aid) during the reception held celebrating his nomination to the court, do you drink it?

U.S. Senators are treating the nominee to the Supreme Court, Amy Coney Barrett, with kid gloves. If someone that practices “speaking in tongues”, believes and is dedicated to the “Kingdom of God” before all else, allegiance to political party and lastly, country. Ms. Barrett, a handmaiden in the communal church she attends, her judgement and reasoning may be in need of scrutiny or shown the exit door. Normal is not the scope of behavior found in sanctuaries given to God or in expressions of communion that include practices that cannot be rationally described in brief or detail. Is it more appropriate to relegate and prevent unquestioned religious associations and the practices enjoined by parishioners that may also be a judge to the Supreme Court, or, is it necessary to ascertain the ethical or moral basis, for example; a sect performing ritual sacrifices of travelers to their city on the last day of every month?

Women should not be fooled by her support for rights, women’s rights in particular. Her fealty is to her subordinate role in a patriarchal enclave defined by biblical text–not too dissimilar to the wife of the VP. She may wear pants at times, but her assurances mask her belief a woman’s best interests are served by being shackled and restrained—by men. The cosmetics brand she’s using, masks not just her spotty complexion on sunny days, it hides the instrument of subterfuge and deceit reflected by a compact in her purse. The most direct characterization of any juridical sensibility; Ms. Barrett is prepared to strike at the heart of jurist prudence, U.S. democracy and the republic, the Manga Carta, and anything else post-dating the Biblical text of Christianity. Less obvious is language of the self-prescribed principals and practices extrapolated from their own religious scripture or text. Additionally, her seat on the court is a hedge on the Chief Justice Roberts. He is not seen as reliable enough for the draconian opinions and decisions that might come out of this court.

And she may have four sympathetic jurists accompanying her…

Clive Robinson October 21, 2020 4:59 AM

@ SpaceLifeForm, JonKnowsNothing,

But my guess is that the flight path was designed to directly fly over cell towers at each turning point.

Unlikely, cell towers are geographical infrastructure subject to the vaguries of basic geology and land usage.

That is they do not form precisely defined hexagons even at the best of times. It’s the reason why cell sites use the equivalent of “beam forming” by segmented antenna paterns and different power levels to each antenna.

It’s why I mentioned why the center of the hexagon and the hexagons orientation / alignment was important.

@ JonKnowsNothing,

Using the Drtbox as a relay to the towers so they can maintain 100% connection?

As a hypothesis it’s reasonable, the question thus arises “How to test?” to confirm or reject it…

But one thing I don’t think needs testing is your conjecture of,

Not sure if they even need a warrant given the current state of affairs; they might flow under any of a dozen variations of No Warrant/National Security etc. It may or may not be admissible in court but they can always weasel in on parallel construction.

We’ve seen enough to know that it is all highly probable. The Stingray NDA’s tell us that much alone. And there have been more than a few unlikely coincidences to suggest that “parallel construction” is very much in play.

I think we should except that “equity in arms” nolonger applies in the US Justice system, but I guess you don’t need me to tell you that.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.