dredmorbius December 18, 2020 5:42 PM

Bellingcat’s account of how … it simply paid a few tens of thousand of rubles (hundreds of Euros) for extensive credential, address, telecoms, and travel data on key Russian intelligence and security (GRU, FSB), strikes me strongly.

Hunting the Hunters: How We Identified Navalny’s FSB Stalkers

Due to porous data protection measures in Russia, it only takes some creative Googling (or Yandexing) and a few hundred euros worth of cryptocurrency to be fed through an automated payment platform, not much different than Amazon or Lexis Nexis, to acquire telephone records with geolocation data, passenger manifests, and residential data. For the records contained within multi-gigabyte database files that are not already floating around the internet via torrent networks, there is a thriving black market to buy and sell data. The humans who manually fetch this data are often low-level employees at banks, telephone companies, and police departments. …

While there are obvious and terrifying privacy implications from this data market, it is clear how this environment of petty corruption and loose government enforcement can be turned against Russia’s security service officers. A few hundred euros could — and does — provide you with months of phone call data for an FSB or GRU officer, allowing investigators to trace the intelligence services’ operations, identify the colleagues of research targets, and follow the physical tracks of spies across Russia and abroad. …

The juxtaposition with the SolarWinds cyberattack, and ongoing debates on privacy, surveillance, data brokerages, privacy, and data monopoly outside Russia, and notably in the EU and US, is stark.

Another prospect is that Russian dissidents might monitor their own shadows in near-real time. I’m not generally a fan of Brin’s Transparent Society — I believe as Bruce has pointed out that information is not power but a power multiplier. But Brin’s argument somewhat fits here.

Internet Individual December 18, 2020 5:53 PM

@ xcv

Woah…buddy. You up to something you shouldn’t be? Law abiding citizens call it “monitoring”. “Defeating tracking and surveillance” sounds alot like cyber hacker talk. Name one company that doesn’t take your privacy seriously. Which begs the question, what exactly are you trying to hide? 😀

In all seriousness using TOR has serious draw backs. It’s slow, most websites can detect your on it and either deny access or make you jump through a bunch of captcha hoops. It likely puts you on the radar in some capacity. I have heard rumors that TOR isn’t as safe or anonymous as some might have you believe at least not anymore. It all depends what you are trying to do, and who you are trying evade. ISP’s? Governments? Work?

In terms of OS on a usb stick. It has its niche use cases I guess. I certainly wouldn’t use it for a daily driver.

Internet Individual December 18, 2020 6:06 PM

@ Mog Levins

It would be cool to see how well that works. As someone who has never worked for government or seen any air gapped tech before, id be curious at the range, and how easily interference from the myriad of other wireless devices might impact reception. Even then, in a real use case more questions are raised. For instance, if someone is in a sensitive air gapped environment, why they have a cellphone connected to wifi. Does the phone just record for a period of time and then later send that recording or does it constantly transmit in real time? In order to defeat something like that, wouldnt you just install some small device that generates noise on that frequency, perhaps inside the case.

xcv December 18, 2020 6:35 PM

@Internet Individual

Woah…buddy. You up to something you shouldn’t be? Law abiding citizens call it “monitoring”.

I need to say no to that, and I need Free and Open Source Software.

Do you need popular reviews?

“Defeating tracking and surveillance” sounds alot like cyber hacker talk. Name one company that doesn’t take your privacy seriously. Which begs the question, what exactly are you trying to hide? 😀

The converse of that question is more interesting. What are you looking for? What are you willing to pay for it? What are you going to do with that information once you get it?

electrolytic capacitor December 18, 2020 7:11 PM

Information Week Oct 11, 2010 by Greg Shipley: The Wrong Protection
“We’ve spent billions on security products, so why are we so ill-prepared for the attacks raining down on us?”

New York Times Dec 16, 2020 by David Sanger, Nicole Perlroth and Julian Barnes
“Over the past few years, the Unites States government has spent tens of billions of dollars on cyber defenses that failed to detect a giant Russian hack.”

Ismar December 18, 2020 7:17 PM

“ The U.S. cybersecurity team is still trying to determine exactly who is responsible for a major cyberattack in the U.S., with many signs pointing to the Russian government. Microsoft, which has built the systems for a majority of computers in the U.S., said they too have found malicious software on its systems. William Brangham spoke with Brad Smith, president of Microsoft, to learn more.”

Clive Robinson December 18, 2020 7:27 PM

@ Mog Levins,

It’s another Ben Gurian Uni “rip off” to be blunt[1].

The issue they raise has been more than adiquately covered on this blog many times over.

Search this site for “Energy Gaping” and you will find an adiquate explanation of all forns of data exfiltration impressed on energy signals that can be conducted, radiated and if you look back far ebough convected by any transmission medium from a vacuum through plasma, gas, liquid, solid.

For practical examples from more than a decade ago go look at the UK Cambridge University Computer Labs. Where radiated signals in video leads and LCD monitors brought the 1970’s van Eck upto date, the use of telescopes and image intensifier and similar cascade sensors are used to pick up images via just the time/intensity signal off of a mat painted wall etc, and how delta temp, causes delta freq changes that can be detected across the network via TCP time stamps etc. You can also find discussions on this blog that predate those academic papers. And show other attacks such as using delta freq to show up neywork “honey traps / tarpits” with “brain dead script kiddy attacks” thus keeping the investment value in zero day and similar valuable resources.

Also you will find on this blog back when BadBIOS was being laughed at, work by @RobertT and independently myself showing just how easy it was to generate an audio network using the speakers and microphones on PC’s and laptops. Also other work showing how a design choice made in the 1970’s for I/O cards in Apple ][ computers was adopted by IBM and microsoft that would enable permanent malware to be put into an OS without having anything stored on the hard drive, so nomater how often you wiped the HD the malware woukd return. A trick Lenovo used in it’s low end consumer laptops to try and make more profit.

Basically what you need to be aware of is,

1, All process are “work”.
2, By definition all work is inefficient.
3, This means that some energy will be lost to the environment.
4, This energy by a process of radiation transport will eventually become heat.
5, All energy including heat can be modulated with information.
6, Thus internal information escapes into the environment.

The other things you need to be aware of are,

1, Conducted energy drops off at K/r where K isca channle constant and r is in effect the distance.

2, Radiated energy drops off at K/(r^2).

3, Volumetric energy such as convection drops off at K/(r^3)

4, In all cases there is a “noise floor” created by natural processes and this is given as a level at a bandwidth usually at 1hz. This generaly degrades as the square of the bandwidth.

5, Information is transfered as “baud” or symbols/second thus the lower the bandwidth of a channel the less information can be transmitted in a given time period.

Using a combination of this information you can cut down both the bandwidth and effective distance an energy signal can travel untill it’s level is at or less than the noise floor, where in effect the information is nolonger available unless it is repeated in some fashion that enables the noise floor to be “averaged down” (not that this increases the real information carrying ability of the channel).

In essence you now know sufficient to combine the above with a reasonable book on Electromagnetic Compatability (EMC) to take your first steps in Pasive EmSec or TEMPEST design. Active EmSec which covers the likes of “Fault Injection” with EM and other coherent energy sources is somewhat harder to design out as it requires knowledge of the likes of “slot antennas” and parametric effects with nonlinear response devices that could be a “rusty screw” or the junctions between disimilar materials. The purpose is to “transport energy in” to a device and either distupt it’s operation, or by cross modulation carry information out. One such device you can read about is “The Great Seal Bug” or “The Thing” developed by Theremin, more noted for his strange musical instrument that gives the intro to the Beach Boys “Good Vibrations”.

[1] Effectively they take a primary or secondary idea or method developed by others, and just come up with a number of different “engineering solutions” and write then up. In essence they are “proofs of concept” from others concepts. They don’t exactly move “the art” or “knowledge domain” forward, but as “practical” rather than “theoretical” work they do have a habit of squashing “neigh sayers” and those who do not want to think about how to solve known issues before they become working attacks. Which can be quite benificial as it moves the boundry on “Best Practice”.

SpaceLifeForm December 18, 2020 11:09 PM

Allegedly, FireEye was tipped off via their internal systems.

The employee did NOT have a new phone.


FireEye’s security system sent alert to the employee and to company’s security team saying a new device had just been registered to the company’s MFA system as if it belonged to the employee. This prompted FireEye to investigate.

SpaceLifeForm December 19, 2020 12:19 AM

@ Clive

Originally, I was disappointed as to how FireEye handled this.

Now, it makes a bit more sense.

Here’s some new info on those with backdoor that apparently was active at some point (based upon DNS data):

Cisco, Deloitte, Intel, Cox, Nvidia.


- December 19, 2020 1:29 AM

@ Wannabe Techguy,

You posted a URL with tracking information in it…

You actually only needed to post


The “tt” from “https” has been replaced by XX to stop certain browsers “autoloading” the URL in the background.

As they say

“Stay safe out there, and be safe for others”

- December 19, 2020 1:46 AM

@ Spacelifeform,

“I think you really need real Tin.”

You will on looking in the 100 Comments page, find that the poster posted the same in two threads under different names.

Which is kind of against the blog rules as it technically makes them a “sock puppet”.

They also appear to lack technical knowledge in Faraday shielding. Because the only people I’m aware of putting tinfoil on their windows only have shall we say have indoor horticultural interests on a large scale and do not want their “grow lamps” etc visable from the street etc. They also tend to “test their own product” which can produce adverse effects that bring them to other peoples attention. The sort despite apperances at the time are known to be lacking in a sense of humour,

SpaceLifeForm December 19, 2020 2:12 AM

@ –

I had not noticed your observation.

My bad. Guess I got trolled. I’ll do better.

I was going to note the 37 missing protons but I concluded that would have been too technical.

Howard December 19, 2020 2:14 AM

Another interesting juxtaposition to the SolarWinds hack, is the leaked identities of a couple million Chinese spies, many found to be in the employ of the big 5 accounting firms, aerospace, auditors, defense, governments, the works.

Related? Distraction? Which story is a distraction from the other?

Clive Robinson December 19, 2020 4:04 AM

@ SpaceLifeForm,

With regards the twitter thread, I suspect that Aaron johnson is the one to make the correct call on this.

I’m not saying who ever the attackers are did not make a “rookie mistake” but the fact they did not make a similar mistake in many previous and later attacks on other quite security concious sites suggests it was probably “something particularly different about the site” than a rookie mistake.

It’s difficult to decide as “to err is human” which is why the pilot play book started “check lists” as to err in the sky tends to end in terminal swan dives. And as good ideas have a thousand fathers, check lists have spread into many domains where instinct was once the sole guide to success.

So much so we know have logical and mathmatical formalisms underpining check lists now,

Clive Robinson December 19, 2020 4:18 AM

@ Howard,

the leaked identities of a couple million Chinese spies, many found to be in the employ of the big 5 accounting firms, aerospace, auditors, defense, governments, the works.

Have you anything to back that up?

Like links/refrences, to show it’s not “faux news” “Trolling”?

Clive Robinson December 19, 2020 5:15 AM

@ ALL,

For those that do not know the “list” of under 2million Chinese citizens who are on the membership roll of the Chinese Communist Party has been fairly widely known about since before the 2016 US Election where news of it was kind of suppressed by the stupidity called the “Steel Report”.

It’s suddenly now after the Republicans have not done well in the US 2020 election that now they are reserecting it via Rupert “the bare faced lier” Murdoch’s Sky network in Australia (which he has tight control over editorially) to attack a Democrat and try to get him out of office.

It’s no secret that Rupert Murdoch has lost a lot of face over his loss of influence on behalf of the Republicans and I’m guessing this “stage managed stunt” by him is his trying to get back some of his faded glory as a political “King Maker” who can deliver elections or just some results.

Anyway make your own minds up, but the smell of “Fake News” and political hypocrisy hangs around this strongly.

Especially as the list has been known about for the full Donald Trump path from candidate to failed to be re-elected… Makes you wonder why it’s not come up before? And why if it’s so important it’s been sat upon until now?

But for those that do not know getting a passport and exit permission for Chinese Citizens, membership of the Chinese Communist Party is in effect a requirment, which does not in anyway indicate that any Chinese People you meet are spys[1]. China is not the only country that restricts freedom of movment for it’s native born citizens as the US very publicly demonstrated back in 2013 and the UK did more recently. Oh and it’s known that both the UK and US “interview” their own citizens that have returned from doing business in foreign nations. The most public blow up was Matrix-Churchill and Forge Masters in the UK (Iraq Big Gun scandal that went all the way to the top with Ministers of State including a PM getting embroiled).

So as they say with comedy,

“Timing is everything”

And the timing on this is highly suspect at best…

[1] As any one involved with running information gathering be it for journalism or espionage, there is one heck of a lot of support work required. The size of an organisation to run say 2million journalists would be atleast as large as all the news outlets in the western world… So the chance of a Nation State running a secret espionage opperation of that size is fairly improbable to put it politely.

Anders December 19, 2020 8:23 AM


“What do you think of Tails to defeat tracking and surveillance?”

It all depends on your threat model.

But in the end we allow to be tracked by ourself.
This is “voting by feet” . For example Twitter ended non-javascript version, now you have to turn on the javascript if you want to read the tweets. This also means bye-bye to nice minimalistic text-only, non-ad, non-animated version. I hate that move and also this move allows Twitter better to track us. Do i hear massive complain about it? NO. Do i see people leaving Twitter? Again NO. And yet most high level infosec people are on Twitter and silently swallow this.

I don’t get it.

We allow to track us, silently without even complaining. We silently accept all new bloatware and technology that has tracking buried deep inside (Win 10, latest Firefox etc). Even this site don’t allow http protocol so that site can be accessed from privacy-friendly old browser, instead it is forcing https.

And if you take any corporation – most certainly it’s network is built around Windows domain. You can’t run Windows DC without allowing it to connect to internet. And then we are wondering why it’s so easy to hack any modern company.

Faustus December 19, 2020 9:04 AM

What is up with the Security Industry?

I personally wonder if the security industry is the source of most insecurity.

It is an industry largely populated by the same people who, as youngsters, were the hackers that the industry is supposed to be fighting. How is that working?

What sells security gigs? Security problems, no? What is the real incentive for the security industry? Less insecurity just reduces business.

We see similar perverse incentives in governments that can’t decide whether to make things more secure to protect their information or to makes them less secure to make spying easier.

It is my impression that security becomes more insecure as it becomes more complex. These hacked authentication servers are a great example. The security industry is constantly at war with password security, but it is simple, and, if you are reasonably intelligent, works really well. But passwords make nobody any money, and so the industry needs to sell expensive buggy solutions like authentication servers. Their insecurity is the gift that keeps on giving.

If you really want to keep information secure you don’t federate it. You put it in different silos, using different technologies that need to be hacked separately.

And when @Clive wonders about the security threat posed by China, using a timeline based argument essentially congruent to one of Trump’s worse election lawsuits, I have to ask: What will it take? China is largely open about their intentions. Do they let the US penetrate their high tech development?

People are trading allegiance to their home country for an allegiance to the yuan. China will make a lot of Westerners rich, yes. About a decade before they crush us like Hong King.

A few years ago we supported rights-based democracy protestors in Hong Kong. Now we ignore them to better line our pockets. Worse still: Our betters in university and the media are telling us that our rights are not all they were cracked up to be. Religion is racist. Free speech is racist. Gun ownership is racist. But we hear less and less about China’s repression of ethnic minorities.

So yes, @xcv, load Tails and augment it with proxys and vpns and good security practices. Ignore the vampires who want to tell you privacy is a crime. Don’t rely on any one layer. Avoid a social media presence. Use multiple email accounts, multiple phones, multiple locations, multiple (human) languages. Obfuscate. Don’t rely on any one individual or company. Remember: Your privacy has no friends.

Winter December 19, 2020 9:40 AM
“TBQH: I am glad I do not have neighbours like you.”

I agree, I am glad I do not have a neighbour like you.

SpaceLifeForm December 19, 2020 9:47 AM

@ Clive, ALL

it was probably “something particularly different about the site” than a rookie mistake.

I agree. I also believe the story of the MFA device is not the complete story, even if, in fact, it is accurate.

Our gracious host was interviewed:


Clive Robinson December 19, 2020 10:02 AM

@ SpaceLifeForm,

If the US Government saw this months ago, how in the hell can they be trying to spin this as “we could not figure it out”?


As you know it is alleged that US AV vendors do not flag up US agency cyber-tools.

Likewise various other enterties turn their eye away from what they believe is the work of US agencies at work.

So you see a certain type of activity and it “looks like” US agencies at work, you turn away and you “do not figure it out” because “it’s above your pay grade” “National Security Activity” etc basically “what you don’t see won’t hurt you”.

Now… Just assume you are a foreign entity that has discovered the attack being used against them by the US or one of the US alies. They find out all about this backdoor and check out the fact it gets them into US and alies computers…

So they use it, yes they get seen but it’s “above everyones paygrade” so they just look the other way… And of course those that glimpsed assume it’s a US agency at work and don’t figure it out…

As others have noted this is looking more and more likely it’s a US agency backdoor that got repurposed by persons unknown for others unknown. And not one of the subtle ones you see from SigInt and other US IC agencies that happened to RSA or Jupiter networks but one of the “sledge hammer to crack an egg” type that LEO ones, that the DoJ want and the FBI have built and been caught out with. Ranging from a million dollar payment to a University for an attack on TOR through trying to using some wierd ass legislation from before the telephone was even immagined let alone invented, used against Apple…

I for one am going to roll around with laughter on the floor if it comes out as such before old age, dementia or the old man with a hood and scythe claim me 😉

Think of the irony, Fat Man Barr flaps his gums about “nerding harder” or similar nonsense. Then it turns out the the people who get most use for this US backdoor are one of the hundred or more sovereign states that feel no good will to the US and it’s foreign policy…

I’m sorry I know it sounds crass, but I’ve no ill will to most American Citizens, just the psychotic ones like William Barr, who ignore anything they get told because it’s not what they want to hear as it does not fit in with their plans for domination and suppression of the ordinary US citizens rights.

Goat December 19, 2020 10:14 AM

Re:”load Tails and augment it with proxys and vpns”

@Fastus,All NO!!

Tor with vpn and and proxy is mostly a very bad idea. Tails is not meant for all use cases(they also say that somewhere in their in faq), but for trumpery(pun intended) and pseudonimty(i.e. it would work quite well…

On a serious note always evaluate your threat model before choosing your tools.

Anders December 19, 2020 10:38 AM

@Clive @SpaceLifeForm @ALL

Yes, we can burn the current network down to the ground and build a new one from the scratch, but this is only temporary. Until the next incident that is just around the corner waiting.

The current corporate network/computing model is just dead wrong. Everything is connected to the internet, everything is accessible from the internet, each and every device is in the Active Directory, so after getting domain admin rights game is over. And getting the domain admin rights nowadays is a child’s play.

Anders December 19, 2020 10:49 AM

@Clive @SpaceLifeForm @ALL

BTW, i have seen network switch that with specific firmware version refused to work, if default gateway wasn’t assigned and device couldn’t call back “home” to it’s cloud environment.

Clive Robinson December 19, 2020 11:15 AM

@ SpaceLifeForm

Our gracious host was interviewed

Unfortunatly the site is one of those “we will data rape you to the last drop” sites that just slap up one of those “We don’t alow European Legislation” to stop them data raping the 600million protected by EU legislation.

Hopefully our gracious hosts words will be made available by less rapacious entities…

Anders December 19, 2020 11:23 AM


At least this is the one case where i find TOR browser very useful – i can fastly select US based exit node and read the articles that are otherwise blocked from EU.

Clive Robinson December 19, 2020 12:10 PM

@ Anders, ALL,

The current corporate network/computing model is just dead wrong. Everything is connected to the internet, everything is accessible from the internet, each and every device is in the Active Directory, so after getting domain admin rights game is over. And getting the domain admin rights nowadays is a child’s play.

Yup, I think people kind of know I’ve been saying the same for a long time now.

When I visit people it’s almost the first technical question I ask. Essentially,

“You have all computers and devices connected to a publicly accessable network. Why? and what is the business case for it?”

You then usually see either blank looks, resigned looks of “I wish you had not asked that” or you start getting examples of circular reasoning.

The actual reason which nobody mentions is that Email and SMS were seen as successes but nobody forsore it or even understands it in the business community so anything like them is just seen as “good” hence the whole web gets a pass. This has thus entered MBA teaching as one of those unreasoned but important to the ethos mantras…

“Connectivity is good”…

Only the question not asked is,

“For whom?”

And these days it’s the attacker… Hopefully the message will get through to those that have not been brain washed on Business and MBA courses. But what ever you do, do not hold your breath unless you think you look good as a shade of blue in a box.

There is a known way to “deprogram” people of their belief in mantras, they used to use it to deprogram cult members… And it aint pretty.

Clive Robinson December 19, 2020 12:15 PM

@ Anders,

At least this is the one case where i find TOR browser very useful

Only it gives them a pass on data raping your PII etc their javascript code rips out of your system etc.

There are times I wish I could do the old cartoon gag of sticking my hand down the phone and ripping the other persons heart out as vengence for their behaviours…

Anders December 19, 2020 12:22 PM


No, i was able to read that article @SpaceLifeForm pointed out without any javascript. Tor browser comes with NoScript, so i use it just for getting access to blocked sites.

MarkH December 19, 2020 12:23 PM

Only a few days ago, Clive mentioned a press report which seemed to say that a newer Covid-19 strain detected in Britain was somehow worse, but not worse, than strains prevailing until now.

Well, it seems to have a significantly greater transmission rate (i.e., it spreads quicker) … and in consequence of this finding, the U.K. government has increased the level and scope of “lockdown” orders, which are region-specific.

I didn’t see any medical details, but no doubt our energetic followers of Covid news on these comment threads will find them.

From my reading about previous Covid strains, I guess it likely that the strain which has raised the alarm in Britain produces greater rates of viable virus shedding in the average patient.

From a purely evolutionary perspective, it’s expected that when genetic groups within a type of infectious microbe have diverse reproduction rates, those with the greatest R will gradually increase their prevalence in the overall population.


The grim news in this, is that for a given set of public behaviors, this new strain is infecting more people. This means that higher levels of precautionary behavior are necessary even to return to the previous (very bad) transmission rate.


I see two hopeful perspectives.

First, Covid strains which yield more shedding are not necessarily worse for the patient (at least, based on observations from a few months ago). So the individual harm caused by this strain might not be greater, though it will take at least a few weeks of collecting clinical data to ascertain this.

Second, as behavioral protections against the pandemic grow more costly, the comparative value of vaccines grows as well, and the vaccines are coming.

I haven’t seen anything about whether the new vaccines are equally effective against the new strain: they might work poorly, or even not at all. Probably some preliminary results about this question will be available in not many days.

If the new strain resists the now-launching vaccines, it seems likely that mRNA vaccines can be tailored to it in extremely short order (i.e., days). The practical question would be how much clinical testing would be required for such an mRNA variant before it could be used for human patients.


Meanwhile — in case this wasn’t already noted on the schneier blog — Covid-19 was recently found in a wild mink in the U.S.

Obviously, this is worrying to public health experts.

Anders December 19, 2020 12:25 PM


Nice priv. escalation.


Faustus December 19, 2020 1:57 PM


Thanks for your input concerning Tails/TOR and VPN/proxys (regarding my response to @xcv).

Here is a good page from Tor concerning the issue:

In summary, the TOR folks suggest that VPNs before TOR might be useful with the right VPN, VPN setup and threat model. But, in general, I think they agree with you that adding a VPN could create greater exposure. They don’t like proxys at all.

My threat model is mostly concerned with privacy against corporate opponents so I have never had a reason for chaining VPNs with TOR. Depending on the situation I use one or the other.

JonKnowsNothing December 19, 2020 1:58 PM

@MarkH @All

re: new strain in UK N501Y VUI-202012-01

You can find some info on N501Y VUI-202012-01 in last week’s squid blogs. (see below)

re: wild mink and mink COVID-19

The USA Utah Wild Mink is not yet on the OIE portal. Not surprising though, given the sensitivity of the recent announcements in the UK, stuff is being held at a higher level than my pay-grade.

It wasn’t unexpected that wild mink would get infected from mink farms (1). There were some reports of escaped mink and wild mink in the vicinity of the infected farms in Europe, being hunted and killed, if they hadn’t already died of COVID-19. Necropsies were done to verify COVID-19 strains.

Recent reports to OIE show that for current mink-COVID-19 outbreaks they are testing for the F-spike mutations: Y453F F-spike ΔFVI-spike. None reported in other countries.

Of side interest: pelting season (this is when they kill the minks and rip the hides off the corpse for the fur trade, the fur is used for that oh-so-fashionable collar accessory) is in progress in many regions. Nearly every one of the newer reports (since Denmark) has indicated

  A) The entire herd of mink is already dead from Human-Mink COVID-19 infection.
  B) They were not were not going to cull any animals since pelting season is nearly over
  to protect the financial investment of the farms.
  C) There was no indication of the Y453F mutations.

1, Wild mink come to mink farms often: boy wants to meet girl. They don’t know about the chastity belt cages. Sometimes they get lucky anyway.

ht tps://

ht tps://
N501Y VUI-202012-01

ht tps://
(url fractured to prevent autorun)

SpaceLifeForm December 19, 2020 2:32 PM

@ Clive, ALL

Basically, what Bruce said is what I have said, which is, you can not trust the hardware anymore.

“We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left,” said Bruce Schneier, a prominent security expert and Harvard fellow.

The only way to be sure a network is clean is “to burn it down to the ground and rebuild it,” Schneier said.

Imagine a computer network as a mansion you inhabit, and you are certain a serial killer as been there. “You don’t know if he’s gone. How do you get work done? You kind of just hope for the best,” he said.

Clive Robinson December 19, 2020 2:43 PM

@ Anders,

Nice priv. escalation.

And actually neither new or lesson learned from the preceading privilege escalation Microsoft had…

*nix had a problem years ago that chron ran jobs as root. You would have thought that Microsoft long after that with their own equivalent of cron would take care not to repeate a known security fault.

Apparentlt not.

The trick was to start a command shell under “Add Scheduled task” for say four minutes time. Then kill the windows shell. When the command shell comes up it runs natively at the highest privilege level, you could then restart the windows command shell at that “God level”… It realy anoyed me that what had been a very usefull feature became public knowledge as I’d been using it on NT systems for quite some time to get around issues less than competent system administrators had forced on users.

If you step away a little bit from the details of this current privilege escalation you see the same problem some third of a century and some after the *nix community fixed the cron issue…

Which kind of suggests that Microsoft’s programmers are not learning from what is for some well known *nix history.

What they have however proved quite nicely is,

“Those that do not learn from history are condemned to relive it”…

I wonder if they will learn the lesson this time…

Not that it matters as I said this is not the first time they have made this sort of mistake 😉

Anders December 19, 2020 3:22 PM



lurker December 19, 2020 4:37 PM

@Anders, @Clive, @All, re current hack du jour: MSM (attributed AP) are reporting

Another US official, speaking on condition of anonymity … “This is looking like it’s the worst hacking case in the history of America. They got into everything.”

At least my MSM gave the story only six inches single column on a page of “other” world news.

SpaceLifeForm December 19, 2020 4:49 PM

@ Clive, Anders, ALL

There are IOCs that imply that there is another backdoor in place at Microsoft, Intel, and Facebook.

I am quite confident they exist at Twitter also.

-- December 19, 2020 4:56 PM


“the only people I’m aware of putting tinfoil on their windows only have shall we say have indoor horticultural interests on a large scale and do not want their “grow lamps” etc visable from the street etc.”

There are many reasons why some people place tinfoil on their windows. 1) cut down on the heat brought in by the sun, 2) legit privacy, 3) day sleepers who work at night, etc.

It was an interesting post for pointing out that if you have tinfoil lining the inside of your windows for any great length of time, it will eventually begin to have “lines and dots” appear. This has been reported around the globe. What the explanation for this is, I don’t know. But I am betting it was the real reason for the post removal.

Anders December 19, 2020 4:59 PM

@Clive @SpaceLifeForm @ALL

Since they got Microsoft too, we can’t trust any past automatic update either… who knows how many backdoored organizations are there already…

SpaceLifeForm December 19, 2020 5:03 PM

@ Anders

You likely almost went thru a bad tor node.


Anders December 19, 2020 5:42 PM

@Clive @SpaceLifeForm @ALL

I think we can add here also VMWare…


@SpaceLifeForm : no, no TOR

glen or glenda December 19, 2020 5:46 PM

The Bellingcat article shows yet again why we need “Tor for the phone network”—i.e., ensuring the network cannot track handsets or people. Tor was initially developed for the US government, because when an American rents a house and just exchanges encrypted traffic with, it’s not hard for the local spies to guess what’s happening. One might expect the article to worry some US government officials, though as Faustus says, they’ve got that Janus-like internal conflict.

Anders, how are you selecting an exit node by country? I thought Tor Browser removed that feature years ago. (Before we had Sci-Hub and LibGen, selecting a university exit node was a good way to bypass paywalls.)

Joseph Fitsanakis has released a book called “Redesigning Wiretapping: The Digitization of Communications Interception”. If anyone’s read it, would it be of interest to this group?

Anders December 19, 2020 6:45 PM

@glen or glenda

This is easy. On TOR browser click on padlock, you see the tor circuit / all the nodes and their country/IP. Down there is big button – New Circuit for this Site. I just cycle until i get the country i need, usually it takes less than 10 clicks.

SpaceLifeForm December 19, 2020 8:57 PM


NSA should not be part of DOD.

FBI should not be part of DOJ.

DHS should be eliminated.

Convince me I am wrong.

SpaceLifeForm December 19, 2020 9:24 PM

@ Anders

You likely almost went thru a bad tor node.

Re-parse, and substitute terms.

You do not need to be using Tor browser to run into this problem.

I have lots of tabs open, and I need to put some aluminum foil up. For testing purposes of course.

xcv December 19, 2020 9:28 PM

@ SpaceLifeForm

NSA should not be part of DOD.

Arguable NSA should become even more integrated with DOD, shut down the fusion centers and quit talking smack and slandering suspects at small-town police departments across the USA.

FBI should not be part of DOJ.

Probably not. FBI investigates crime. Sometimes FBI does refer cases to local prosecutors. DOJ should be broken up, sub-units like ATF dissolved, and the whole department just generally reduced to the least common denominator of a U.S. attorney’s office for prosecuting cases in each district. Too many attorneys are shouting from the rooftops in court with nothing to say pertinent to the cases they were hired to represent or prosecute.

DHS should be eliminated.

Sure. As part of “defunding” police departments that hae gotten oversize and overbudget far out of proportion to non-law-enforcement-involved crime since 9/11/2001. Aren’t there enough U.S. Marshals, Border Patrol, ICE, whatnot without turning the whole country into a Nazi police state?

Convince me I am wrong.


- December 19, 2020 10:40 PM

“but do you know how to check and is there any point checking when we already know NSA/KGB, etc etc have the globe encircled with satellites?”

Try lining your windows with tinfoil and check it after a few months. You’ll discover straight LINES and DOTS (tiny peep holes). This is with the tinfoil on the inside of the windows’ surface, in-house/apartment. What causes this?

I believe most, if not all consumer computers and devices are, if not monitored, swept and mirrored by big bro using satellite technology.

One anonymous poster to pastebin, claiming to be representitive of Mossad, fired a shot across the bow of Anonymous and other hackers by saying, paraphrased, “All of your hard drives are mirrored in (locations A,B,C as I forget which countries were mentioned) certain places on Earth anyway.

I find this to be true, I’ve used Microsoft’s SysInternals programs to monitor processes and discovered my drives being swept, a chat program running I never installed and could find no trace of, files where they had the most interest were mp3 and graphics files, but they scraped the whole drive, and an iso creator/mirroring utility was running.

You only make it easier for them if you willingly install video streaming programs (VLC) with command line counterparts, music programs with command line counterparts, Office programs, which I noticed PDF files were being made in the background, and all of this activity was happening when I was monitoring a computer isolated from any wired/wireless/LAN network(s).

Clive Robinson December 20, 2020 1:44 AM

@ SpaceLifeForm,

I have lots of tabs open, and I need to put some aluminum foil up. For testing purposes of course.

Mentioning Aluminium / Aluminum appears to have petsipitated a cut-n-past response yet again…

But to answer the implicit question, aluminium is funny stuff, and highly reactive, and ordinary aluminium foil (cooking foil) is not exactly made to exacting standards.

About the only reason aluminium exists as a metal in block or sheet/foil form is “alumina” a very hard and highly electrically insulative material that stops the aluminium reacting with the atmosphere and oxidizing into a dust with very high surface to volume ratios (hence it’s use in electrolytic capacitors). I’ve actually had made aluminium washers with specialized alumina coating to use in getting heat out of high power electrical circuits (think RF power amps).

However alumina strong as it is has it’s problems[1] one of which is elemental mercury in liquid, gas, or plasma form. In essence if mercury gets into contact with aluminium metal it forms an amalgam, the surface in air rapidly draws the aluminium out to form aluminium oxide like whiskers, the process continues rather rapidly and It’s why you get told mercury thermometers are not alowed on aircraft[2].

Alumina also has issues with chlorine as well… Which is why you do not want to throw-up onto brushed aluminium and similar finishings. The problem is chlorine appears in all sorts of chemicals in the average house (you can even make a form of bleach to sterilize drinking water by electrolysis of brine).

The result is in the likes of aluminium foil used for cooking etc the alumina layer protecting it is nowhere near as strong as it could be thus the metal gets to corrode in interesting ways[3].

Throw in a little photo chemistry and fun things will and do happen…

And yes insurance companies have written off a couple of aircraft that had mercury contamination[4].

Hopefully that will have sufficiently answered peoples curiosity…


[2] Actually there are FAA rules for the carrying of mercury thermometers on aircraft by authorized personnel and for carrying mercury it’s self.



Winter December 20, 2020 4:24 AM

“aluminium is funny stuff”

It also dissolves readily in low PH (acid) AND high PH (base) environment.

In contact with almost any stable metal and water, it creates a battery electrochemical reaction that dissolves the aluminum. Nice to clean stained silver.

Winter December 20, 2020 4:29 AM

@new coronavirus variety.

The Netherlands have blocked all flights from the UK to contain it’s spread. However, this variety is known to already circulate in the Netherlands.

D. Prendergast December 20, 2020 4:47 AM

@SpaceLifeForm NSA/CSS is an integrated civilian/military operation under the DoD.
Its folks are on a shorter leash under the DoD than they would have been under a purely civilian entity. Moreover, most Americans trust the military much more than they would ever trust a purely civilian spy operation. That distrust goes way back in U.S. history.

We should not regard the Puzzle Palace folks as anti-American. Mistakes have been made, but the threat of having their pee-pee smacked (cutting their budget) was surely enough to straighten some backs and cause dessert-removal anxiety. The self-licking ice cream cone must go on!

They have a critical job to do. Trying to drag them down does not make the world a safer place. Being under the DoD is a good thing and it should continue.

Hopefully, the president-elect will not go back to the old Obama ways of “Yes, We Scan!”

D. Prendergast December 20, 2020 4:57 AM

@Winter This is scary. What you bring up is important. There is an even worse disaster on the horizon. I follow U.K. news very closely and make bitter remarks on the Telegraph. Boris Johnson is a scary opportunist who has no business in No. 10.

Greetings from Laos! I am in one of the safest places on the planet, and it occurred to me that I might eventually get the virus because of that buffoon. He has done a lousy job, especially when he allowed flights into the U.K. from the hardest-hit areas of Italy during the peak earlier this year. It is astonishing.

Oh, will vaccines work against this mutated form of the virus? Who knows? This is some serious stuff.

Etienne December 20, 2020 6:56 AM

My pfSense router shows that 1000’s of computers are probing my IP address every day, all day.

The thought comes to me, that I wish my cable Internet provider would give each customer a pfSense firewall at the provider with a default “block all” and private NAT IPV4 address DHCP. Most home users do not need IPV6.

Then allow the user to connect and adjust this firewall to meet their local requirements. Maybe enable IPV6, etc. Also, most home users don’t want or need open ports (except for VPN or IPsec).

The advantage being, that bandwidth on the wire to thousands of home users is no longer wasted with thousands of Internet probes, every day, all day.

Think of the increase in capacity, and security this would provide. I bet millions of open port home computers would stop being spam bots, or gateways to crime.

I hereby release all royalties for this idea to the pfSense authors 🙂

Clive Robinson December 20, 2020 6:58 AM

Oh WOW again? Maybe…

Is it from a bird, a plane or a satellite? Apparently not and it’s way to soon to talk about LGM (little green men of the pulsating sort).

But somebody has beamed down to the paddock in Australia, not as close to the “water hole” as expected so worrying not the sheep as such but some of the scientists at the Parks Radio Telescope.

Apparently we are getting 980Mhz transmissions beaming in from the environs of Proxima Centauri, with frequency changes indicative of planetary motion.

At around 4.2 light years away, Proxima Centauri is in astronomical terms “just next door”. Nobody knows what the signal is yet but I’m guessing it’s not a request to borrow a cup of sugar.

I guess we will just have to wait and see, shame we’ve just lost the only dish we had capable of sending a signal back and if we do send back anything in the near future like as not it will have a sticker saying “Made in China” on it.

Maybe Arecibo might get a cash injection, stranger things have happened… But apparently not yet signs of intelligent life in the corridors of power.

CabbageControl December 20, 2020 7:43 AM

The staff of a fancy bookstore in central Bucharest has recently photographed a customer in full diving suit, complete with oxygen tanks.
Since that photo was removed from Facebook before I could save it, I could only find this old article from another part of the world:

Jon December 20, 2020 7:53 AM

@ “Aluminum is funny stuff”

Gallium is truly horrible to structural aluminum. Of course, it’s not exactly a household item, either… J.

tom bodett December 20, 2020 8:05 AM

Kind of an abstract seed of an idea but:

Does anyone know if SSL certificate hacking techniques could be categorically transplanted to hacking block chain implementations of anti-counterfeiting tools? I’d imagine the difficulty of exploit would be relatively similar.

Anders December 20, 2020 8:54 AM

@Wesley Parish @anyone in US

My OSINT skills are still good!


any moose December 20, 2020 10:54 AM

This post borders on politics, but it needs to be said.

Russia, China, and North Korea are responsible for the lion’s share of breaches in the US. Russians generally do it for money, though it’s unclear just how much involvement the Russian government has in it. China does it to further its place in the world, stealing mainly IP from corporations. Der Spiegel and other sources have noted how Chinese tend to think of China similar to how the Borg operates. And North Korea does it for all of the above, though stolen money stays with the government to satisfy the elites.

Our infatuation with unfettered outsourcing has hurt us badly. We allow corporations to import millions of IT workers via H-1B, L-1, and other visa fictions, replacing American workers in the bargain. Enrollment in related fields is down because intelligent students don’t want to enter a field where job prospects are grim. Some of these students might have become computer security experts. And our outsourcing appetite is so insatiable that we give security clearances — I used to have one — to people who travel back to the old country on a regular basis or who exhibit other obvious signs of disloyalty.

Every president for decades has contributed to the problem. Just to give one example, Bush II could have partnered with Russia to kill Islamists after the massacre at Beslan, but he and his neo-cons were determined to invade Iraq. Putin took offense and went his own way, with ordinary Russians taking up the cause. I saw Russia before the second Iraq war and it was a different place than today.

P.S. If you want to read the aforementioned Der Spiegel articles, search for “Harmony and Ambition: China’s Cut-Throat Railway Revolution” and “Product Piracy Goes High-Tech: Nabbing Know-How in China.”

Winter December 20, 2020 12:07 PM

“Our infatuation with unfettered outsourcing has hurt us badly. ”

Unbounded thirst for money is a more likely cause.

But, autarky in science is just as bad as autarky in every other area of the ecobomy. If you look at any STEM paper from a US university, the majority of co-authors is from abroad.

Without all the H1-B visa and foreign students, there would not be a Silicon Valley nor a digital US industry

SpaceLifeForm December 20, 2020 12:29 PM

Gee, what a concept!


Belgium, Austria, Italy, Netherlands halt UK flights, fearing new coronavirus variant

You need to think December 20, 2020 12:41 PM

Any Moose –

“Russia, China, and North Korea are responsible for the lion’s share of breaches in the US.”

You’ve been listening to the wrong propaganda and lost your critical reasoning skills. Thus have been suckered into the political idiocy and mantra behind it.

If you take the time to read certain books you will realise that what you see happening is the consequence not of foreign powers but domestic self interested individuals exploiting short term thinking driven by greed. Their aim is to turn the US into a ‘rent paying economy’ under a quasi-religious autocracy that actually acts as a front for those kleptocratic self interested individuals, such that they can hide behind cult leaders in relative safety should the citizens rise up.

What they want is a society where they hold all the assets and others have to pay them to have any kind of access to the assets they have aquired.

Thus they get richer by ‘unearned income’ which they use to aquire control of more assets. Whilst you get poorer by the day as the assets available shrink and simple economic factors force you into inflation based penury just trying to have a place to live and put food on the table.

Go have a look at what is happening in the likes of California where six figure saleries get you a ‘rent share’ on a closet if you are lucky. Oh and why those companies that act as employers to such luckless individuals are in the process of moving to Texas. Where the ‘smart money’ has realised the bubble needs to be moved to make even bigger profits from asset acquisition. Leaving the less smart money that entered late into the California bubble holding the hot potato and getting burned, as those employers take the demand away across state lines and simple supply and demand economics kick in and asset prices drop. Also in the process the employers cut wages and start the cycle again.

All that ‘cyber-existential-threat’ crap is a distraction, as is the build up of what are forms of cult, using quasi-religion to get brain washed followers to jump around at the behest of a puppet fronting it all so you don’t look ‘behind the curtain’ to see who is actually running the game and pulling the puppets strings.

If you thought the ‘tea baggers’ the Koch Brothers created were bad enough, keep your eye on the ‘Evangelical Christians’ who Pence / Barr and similar are aligning themselves with. They are going to bring back ‘excommunication’ / ‘casting out’, ‘heresy’ and the modern day equivalent of ‘witch finding’ to instill fear thus control into a decreasingly educated population.

SpaceLifeForm December 20, 2020 1:25 PM

@ Etienne

You are always going to see traffic going to TCP port 22. If not, that would be strange.

Curious how you have your firewall/router configured. Are you logging? Are you just dropping? Or is the firewall responding with RST or ICMP?

I would just drop (and maybe log). The downstream bandwidth is already wasted as you have no control over that.

But, you do have control over response, and whether you are wasting upstream bandwidth.

As a regular home user, I would just drop.

If you respond, you have just made it clear that there really is a computer at that ip that is up, which may just invite more traffic.

If you just drop, whomever is doing the probes will likely just move on.

You are not the only one seeing strange traffic.


xcv December 20, 2020 1:35 PM

@ Etienne

Most home users do not need IPV6.

Are you retarded?

@ SpaceLifeForm

You are always going to see traffic going to TCP port 22. If not, that would be strange.

Curious how you have your firewall/router configured. Are you logging? Are you just dropping? Or is the firewall responding with RST or ICMP?

Call a supervisor. Shut the spam botnets down.

JonKnowsNothing December 20, 2020 2:07 PM

@SpaceLifeForm @MarkH @Clive @All

re: Gee, what a concept!
Belgium, Austria, Italy, Netherlands halt UK flights, fearing new coronavirus variant

I LOLed when I read that!

Not only are they stopping the planes from UK, the smarter ones are going to block South Afrika. If they get really smart they will stop Greece too.

New COVID-19 variant in UK N501 VUI 202012-01
New COVID-19 variant in South Afrika N501V2
New Mink-COVID19 in humans found in Greece Y453F F-spike ΔFVI-spike

Ron December 20, 2020 2:44 PM


The thought comes to me, that I wish my cable Internet provider would give each customer a pfSense firewall at the provider with a default “block all” and private NAT IPV4 address DHCP.

Extra NAT and an upstream firewall would further harm the end-to-end principle, making life even harder for protocol designers. Nothing that requires manual configuration will be used in practice, except by the most tech-savvy custumers.

As for security, home systems should just not have “open ports” as a matter of course. The idea that we’ll run unauthenticated or otherwise vulnerable protocols, and then add even more software to neuter those, is ridiculous. Last time I installed Windows, it ran a hidden network share for every disk, accessible via user login passwords—but the password selection dialog never told anyone their passwords would be usable across a network (any reasonable person would think they’d be used for keyboard-based logins only, to protect e.g. against siblings). People should push back against stuff like this. Likewise, Linux systems should never be running sshd, samba, or mail servers by default—not even on localhost.

Network software should be developed on the assumption that anyone on the internet can send it a packet. Because, with people traveling between coffee shops, putting vulnerable IoT devices on their networks, running browsers that gain more network stream access every day, it’s unreasonable to assume any perimeter protection.

The “upstream firewalling” idea would be useful for DDoS protection, if done securely—e.g., using DANE in my delegated reverse-DNS space to establish ownership. We don’t need to limit it to a direct ISP either; any upstream server with heavy traffic flow toward my network might accept rules. But this wouldn’t help security against compromise—only availability. And outside of DDoS attacks, most networks (excluding some like just don’t get enough junk traffic that making one-off rules to block it is worthwhile. (If you’re paying for unsoliticited traffic, sorry, you need to get a better ISP. I know that’s not easy everywhere; but noboby would sign up for an email or physical-mail service where they pay per item received with no ability to reject.)

vas pup December 20, 2020 3:28 PM

@Bruce and interested in psychology of security

Just some extracts:
“In Lifton’s view, doubling is a process whereby a seemingly normal person
=>actively partitions his normal self and his atrocity-committing self so that
the normal self can continue without moral conflict and adapt to the difficult environment.

Lifton’s concept of doubling is clearly connected to what Stanley Milgram (1974: 133) referred to as the agentic state:
=>“the condition a person is in when he sees himself as an agent for carrying
out another person’s wishes.” In this state, the person is no longer responsible for his or her actions because he or =>she is simply a tool for carrying
out the commands of others within a hierarchical system.*

Inner conflict and guilt are reduced because the person now sees himself as
more responsible to those in command than to his own conscience.”

My nickel: never ever let anybody make out of you their papet – always remain human thinking by own head.
Let them – papet masters – to make their own hands dirty and take responsibility.

Read the whole – very interesting revelations inside. You’ll not regret time spending of reading.

Clive Robinson December 20, 2020 3:32 PM

@ Anders,

Re : Brain activity on reading code.

They picked the wrong languages to do testing with…

But something to note,

Language is sequential and does not loop or generaly branch, it’s one of the reasons we have footnotes appendices and simillar in writing but not spoken language.

Similarly for most people maths is sequential as well and functions are frequently treated in issolation. It’s one of the reasons people have trouble with the likes of the Jacobi Symbol, in essence it’s a hidden function and most people are not used to the notion.

But when push comes to shove most high level programs don’t do a lot of math, or realy a great deal of much else rather than “test and branch/call” at the level the programmer works.

So in essence many programs are actually “visual” not “littoral or mathmatical”. Thus you would expect the brain to use the parts most nearly applicable to the task.

It would be of interest to see if they had made the test subjects draw a flow chart or simple technical drawing and compare what parts of the brain light up in FMRI.

Anders December 20, 2020 3:36 PM

@xcv @Etienne

Sorry xcv, but i’m with @Etienne here.
IPV6 is braindead protocol that needs to be buried and forgot forever.

xcv December 20, 2020 4:14 PM

@ Anders

Sorry xcv, but i’m with @Etienne here.
IPV6 is braindead protocol that needs to be buried and forgot forever.

That’s a non-peer-reviewed luddite opinion piece on an academic protest site. Academics need that freedom, but let’s take it with a grain of salt.

arXiv is not the IETF.

The current status of IPv6 is well established and officially documented. Here are a couple of links to get you started in the right direction.

Anders December 20, 2020 4:43 PM


Problem is that there’s just not any good alternative too.

And regarding the full IPv6 implementation…well, there’s that date too – May 10 2148

Maybe it work out faster…who knows…but sure i wont see it. Even my current ISP doesn’t support IPv6.

Cassandra December 20, 2020 4:48 PM

@Clive Robinson

1) Thank-you for your extensive dietary advice previously. I very much appreciate the time you put in to providing it.

2) Re: NT privilege escalation. Yes, I used that method as well, and very convenient it was too. While that particular door was closed after NT, other very similar ones were available in subsequent versions of Windows. The nice thing about the NT one was that it was trivially available from the command line.

3) Re: Mercury. I don’t have a reference for this, but my understanding is that a solution of corrosive sublimate of mercury* (Mercury (II) chloride) was issued to resistance fighters in WWII. A small bottle of it could be disguised to look quite innocuous, but painted on aluminium airframes, would have devastating effects.


*used historically as a treatment for syphilis (van Swieten’s liquor, or Liquor Swietenii). Note I say treatment, not cure.

xcv December 20, 2020 5:12 PM

@ Anders.

Maybe it work out faster…who knows…but sure i wont see it. Even my current ISP doesn’t support IPv6.

It’s the Bolshevik labor union attitude.


used historically as a treatment for syphilis (van Swieten’s liquor, or Liquor Swietenii). Note I say treatment, not cure.

And there’s a lady on the block.

IPv6 is the new normal.

It needs to work like all the other basic infrastructure of the Internet.

I hate it when they sell me crippled DMCA-enforced consumer computing devices with crippled IPv6-disabled internet service.

- December 20, 2020 6:05 PM

One Microsoft Way (OMW)


OMW will eventually make all the hardware they need for consumers to continue chugging on their Windows (and/or whatever they offer in the future) machines while starving off efforts for people who are trying to make a desktop Linux. They cannot, they will not let this happen. They would love nothing better than for all Linux distros to standardize across the board and eventually become the plaything of one company – easier to buy, easier to squash.

OMW (or a front comp) will also be behind the acquisition of Canonical. Debian will eventually fall, though it won’t appear as if it happened on purpose, just like Ian Murdock’s covered up murder and bullshit suicide ruling.

OMW – they cannot allow anyone to have any fun anywhere, they want it all and they want it now.

xcv December 20, 2020 9:11 PM


former employees in all sorts of fields. It reminds me of Scientology, actually. A strange combo of a mafia and Scientology wrapped into one.

That’s M$ you’re talking about. Straight out of Redmond, Washington.

Which is odd because that is only one of at least three well-known cities by the name of Redmond: Oregon and California as well.

T e r r y * D a v i s: The Movie! December 20, 2020 11:43 PM

T e r r y * D a v i s:

His body was recovered following a brutal attack by a clandestine intelligence agency involving a train. Refitted with cyborg like electronics, his new organs grant him a new life and a new friendship. No longer pounding the streets in homelessness, Terry Davis now works with the underground vigilante group AGT (Anti Glow Team). Through it all Terry erects an electronic temple, but can he control the power he has programmed into existence?

Rated M for mature (brief nudity, alcohol, drugs, extreme violence and language)

SpaceLifeForm December 21, 2020 12:11 AM

@ JonKnowsNothing

Great planning. Not.

Denmark is going to dig up the dead mink, so they can burn them.

ResearcherZero December 21, 2020 12:47 AM

@vas pup

=>“the condition a person is in when he sees himself as an agent for carrying
out another person’s wishes.” In this state, the person is no longer responsible for his or her actions because he or =>she is simply a tool for carrying
out the commands of others within a hierarchical system.*

Inner conflict and guilt are reduced because the person now sees himself as
more responsible to those in command than to his own conscience.”

It’s a problem faced by, and within the intelligence community.
Frustration and indignation has grown worse since initial problems of government inaction in the 1980’s over espionage activities. What has repeatedly been either ignored, or sat on and quashed is simply breathtaking in it’s enormity.

The problem is widespread:

“No one wanted to test this issue with a 10ft bargepole,”

Committee members complained that when they asked for written evidence from MI5 at the start of their inquiry about possible interference in the Brexit vote, the domestic spy agency “initially provided just six lines of text”.

“This committee has been subject to unprecedented delay and dislocation. this must never happen again. the sooner normal relations are established between this government and the committee, the better for all concerned,”

  • We would prefer it not to get as bad as this:

Fake opposition parties engage in fake opposition to those who rule, a fake justice system goes through the motions of the legal process, and the fake television news shapes what Russia’s 143 million citizens are allowed to see.

“The options faced by the intelligence community during Trump’s presidency have been stark: avoid infuriating the president but compromise the agencies’ ostensible independence, or assert that independence and find yourself replaced with a more sycophantic alternative.”

“This is almost as if you had a Russian bomber flying undetected over the country, including over the nation’s capital, and not to respond in a setting like that is really stunning.”

Would anyone be interested in hearing how badly the Australian government has fared as well? Because it has also completely dropped the ball.

Mr C December 21, 2020 1:55 AM

@tom bodett:

That question is “abstract” to the point of being word salad. I’m not entirely clear on what you’re asking, but I’ll give it my best shot.

It sounds like what’s on your mind is hash collisions.

Some important background here is that cryptographic signing protocols usually work by hashing the message, then signing the hash. So, if you can find another message that hashes to the same value, you can pull a swapperoo and pass off this other message as if it had been signed.

This works* in the TLS certificate context for two reasons: First, the SHA1 hash function used to be an option for signing certificates, and SHA1 is now broken enough that it’s not too hard to find collisions for it. This has been known for awhile, and browsers no longer accept certificates signed using SHA1 by default, but there are still quite a few organizations that re-enable accepting them for backwards compatibility reasons. Second, TLS certificates have some fields that you can fill with arbitrary amounts of arbitrary crap while still parsing as a valid certificate, and that gives you space to do whatever you need to do to make the collision happen.

Presumably neither of these things obtain in the context of transaction records added to a “block chain implementation[] of [an] anti-counterfeiting tool[].” One would have to be a total idiot to use SHA1 for signatures these days, and the transaction record format is probably small and simple enough that you can’t add a bunch of arbitrary junk while keeping it valid. Additionally, this sort of swapperoo would only work if the blockchain contained only hashes of transaction records rather than the records themselves.

All that said, I do have to wonder what the f–k a “block chain implementation[] of [an] anti-counterfeiting tool[]” is in the first place. Seriously, what is that? It sounds like another example of “‘blockchain’ has a lot of hype these days, so let’s add blockchain to our product even though it doesn’t address any of the problems our product is supposed to solve.” Remember that blockchain is a single purpose tool — it allows mutually distrustful nodes to agree upon a shared transaction history, given the prerequiste that at every point in time at least 50% of the processing power is controlled by parties with mutually conflicting interests about whether or how to rewrite the transaction history. Any sort of “private/corporate/internal blockchain” thing that doesn’t involve mutually distrustful nodes is just pure stupidity. And if you’re dealing with that sort of stupidity, there are probably tons of security-sensitive shortcomings somewhere in the design…

ResearcherZero December 21, 2020 1:55 AM

They (the Australian Government) allowed a foreign actor (Unit 29155) to make it as far as police commissioner (now resigned), oversee the setup of a new state police computer system, access to hacking tools. A second actor who was a detective as a senior part of a murder investigation team.
They compromised politicians, prosecutors, a judge, imported and trafficked drugs, laundered money, extortion and bribery, for decades. There are serious ongoing problems with convictions, murders, murder inquiries, investigations, a direct influence on policy, legislation, and sensitive information.

Same kind of problem at every departmental level, failure of responsibility, failure of guilt due to just following out the orders of who ever is next in charge.

That is why spyware tools are so brilliant in their oversight. With previous spyware you needed to switch a factory default phone (because you are not a complete idiot are you) to developer mode, or use a vulnerable device to see what exploit they were targeting you with.

NSO Group is shifting towards zero-click exploits and network-based attacks that allow its government clients to break into phones without any interaction from the target, and without leaving any visible traces.


Citizen Lab said the 36 phones in question were hacked by four distinct “clusters” or NSO operators with probable ties to the Saudi and the United Arab Emirates governments.

Occasionally I have had to remotely take over someone’s system and remove the keylogger or spyware from their device, and then listen to them complain about it. Digital Natives are very comfortable in their little bubble with their Russian troll girlfriend (pimply boyfriend) on Facebook, their hacked phone, and whatever excuse they have been given about their terrible network coverage (Millennial Syndrome).

From what I’ve seen there is a too common attitude among some government workers that if ‘you get yourself raped and murdered’ it’s your fault, although they certainly are not doing anything to intervene in the meantime, so you are on your own. Don’t resign yourself to that fate, it ends only one way. As long no one has to take responsibility, they will lock up the first and easiest suspect (whoever the murderer says it was), anything that will shut up the victim’s families, ya dig? Also don’t grow up in a military family, especially if they do anything sensitive, you are going to get ‘lit up’. Makes espionage a hell of a lot easier in that kind of setting, because it’s much, much easier to dispose of the witnesses. If that sounds crazy, well I’d agree with you, and if you are crazy, the GRU is always hiring.

ResearcherZero December 21, 2020 3:30 AM

Inside the GRU’s Psychological Warfare Program

In case you want some insight, without the added enjoyment of being repeatedly kidnapped, drugged, poisoned, tortured, shot at, various other terrible things, and on one occasion bombed.

FA December 21, 2020 4:45 AM


So in essence many programs are actually “visual” not “littoral or mathmatical”. Thus you would expect the brain to use the parts most nearly applicable to the task.

True, but the ascpect you call ‘visual’ can be the subject of mathematical reasoning as well, just not ‘calculations’ but e.g logic or graph theory.

For example if you implement the basic operations (insert, delete, search, index) of a red-black tree, you end up with a lot of conditions and branching.
All that logic may look random, but it has structure and a programmer with some experience in this sort of thing will develop an eye for it.

Or “Though this be madness, yet there is method in’t.”

Clive Robinson December 21, 2020 6:10 AM

@ FA,

True, but the ascpect you call ‘visual’ can be the subject of mathematical reasoning as well, just not ‘calculations’ but e.g logic or graph theory.

Yes, but they are looking at Fast MRI to see where the brain is most lit up.

Also the assumption of evolving…

So it’s not that great a leap of imagination to thinking how parts of the brain at the edge of ‘vison handling’ getting repurpised for understanding of how water flows and divides and rejoins in the bed of a stream, a river in flood, or a waterfall then onwards to graph theory.

It’s not so easy to see how more abstract reasoning into anything other than basic counting[1] could light up other parts of the brain by borrowing from existing areas.

Now if Fast MRI studies show actual areas for abstract thoughts in the brain not just in humans but animals that associate with us in directed or work like activities like dogs, horses and similar then it would show that abstract reasoning is not just a skill in primates, and thus goes back much further in evolution. Which importabtly would show that there is a basic need for abstract thought as a survival mechanism.

Mind you we know from what you might call “documented history” that humans had real trouble with certain concepts such as a “nothing value” (zero) and that numbers would naturally progress into non physical representation such as negative numbers.

However we do know that once the conceptual bridge has been crossed within a couple of following generations the ideas are accepted as basic truths. Indicating perhaps that young minds are the most adaptable to new concepts.

Learning and cognition are two areas where we appear to have the most examples but least knowledge of the actual mechanics. Though increasing numbers are accepting some kind of quantum effect as being an underlying cause, as more examples of quantum effects in biological systems are shown.

As someone once indicated in a practical sense the only three numbers that make sense are zero, one and beyond measure. That is something does not exist, something is unique, and something is not unique. So hypothetical reasoning quantum effects gets ridiculed. Then when one practical example is found those that ridicule can back peddle a bit and argue it’s unique for some reason. But when the second or third examples come in acceptance even grudgingly by the old guard starts to happen fairly rapidly, and new generations don’t even bother questioning it.

[1] Apparently there have been experiments that show that dogs have an awarness of counting both visually with food and with training commands, and tests designed to study human development in children.

lurker December 21, 2020 4:37 PM

@Bruce, thank you for introducing me to Humble Bundle.
@ Moderator, I don’t know how to say this without it looking like spam, but HB have provided me at bargain prices a number of technical books, a few of which I already had in hardcopy. Their latest offer includes our host Bruce’s “We Have Root” and “Liars and Outliers”. I hope the link works after trimming tracking tags on a tiny phone screen:

JonKnowsNothing December 21, 2020 5:30 PM

@Clive @MarkH @SpaceLifeForm @All

Q: How bad is it in the We Ain’t Doing No F-N Lockdown part of California?

A: So bad, that in this “No Lockdown Here” part of California the local County Department of Public Health has stopped providing number updates on COVID-19.

First there’s this message on the local data page:

“This page is currently Under Construction

This dashboard is currently being updated. A new dashboard is expected to be available in early 2021.”

They put up some graphs with stale numbers just to have some visual interest while the new improved page in being constructed.

fwiw: There are some numbers that roll up in the Statewide system. Lots of data flowing and maybe no one has noticed or no one cares that the data is stale.

The last official numbers from the group responsible are:

  * Death count   * 557     * 12 15 2020
  * Recovered   * 26,742   * 12 15 2020
  * Test results   * 517,191   * 12 11 2020

As of today, the local news is still reporting these as current numbers…

Someone cares though, and it slipped out that the death count is 646 (12 21 2020).

Another of the reports issued by the same “under construction” folks consisted only of pie charts and graphs with no numbers. Lovely wedges of death by age.

  * Green for 50yo
  * Orange for 30yo
  * The BIG slice of grey for 20yo.

One might think the Big Slice should be MAGA Red, to match the voting preference of the area.

of note:
While we are the dirt end of California, a lot of folks in the State get their Sunday Chicken Dinner from the people standing shoulder to shoulder in the abattoirs here and dying regularly from inadequate PPE protections.

At some point the line stops and when the line stops, so does the Sunday Dinner.

xcv December 21, 2020 6:54 PM

@Mr C

First, the SHA1 hash function used to be an option for signing certificates, and SHA1 is now broken enough that it’s not too hard to find collisions for it.


From what I’ve seen there is a too common attitude among some government workers that if ‘you get yourself raped and murdered’ it’s your fault, although they certainly are not doing anything to intervene in the meantime, so you are on your own.

Cops with flashing lights stopping traffic everywhere. That rude question at every stop. And everywhere they see me they stop me. Over and over again.

“Hands up where I can see them! Do you have any weapons in the vehicle!”

It’s a felony but the cops can’t get clearance or authorization for the warrant, or a judge to sign off on it, so they have to let me go. And they’ve been getting desperate, circulating “armed and dangerous” posters of me, contacting third parties and soliciting any possible charges to file against me. Bupkis. Nothing.

They’ve pulled their pistols on me. Fired on me more than once. Broken my windows. Almost killed me. Bullets from cops have passed by within a foot of my head. Time and time again.

What do they want? What are they looking for? They won’t tell me. I believe they want me dead. Straight out of city hall. And they aren’t going to court for it either. There’s money in it for them. Or so they believe. Someone in power has made the offer.

Clive Robinson December 21, 2020 10:44 PM

@ JonKnowsNothing, MarkH, SpaceLifeForm, ALL,

… a lot of folks in the State get their Sunday Chicken Dinner from the people standing shoulder to shoulder in the abattoirs here and dying regularly from inadequate PPE protections.

I guess somebody has reasoned that the,”abattoirs” are an “essential retail” service and should stay open.

Now as people might have heared in the UK London and South East, they’ve just invented a new tier of lockdown especially for London and the SE of England.

Called “Tier 4 : Stay At Home”, it’s almost the same as the original National Lock down but has a few exceptions. You can see the rules at,

Have a scan down for,

“Businesses and venues which can remain open”

Where you will find,

“essential retail such as food shops, supermarkets, pharmacies, garden centres, building merchants and suppliers of building products and off-licences”

Which looks sort of reasonable enough, though I’m not sure about “garden centers” which basically sell flowers and decotations and the like or for “off-licences” you would probably call liquor stores…

However this is not the orginal list… It got reduced to the above on Monday 21st, as one item has been removed… You might wonder why they don’t mention it in their update information…

Because originally it included “Christmass tree retailers”… I kid you not.

I read the rules Sat 19th at 21:00 almost as soon as they had came out, and saw,

“essential retail such as food shops, supermarkets, pharmacies, garden centres and Christmas tree retailers, building merchants and suppliers of building products and off-licences”

Which you can check on the Web Archive / Wayback Machine,

(“Ctrl-F” or “search in page” for tree)

You can guess what I originally thought, based on my earlier comments on criminally short sighted politicians and their “on the take” behaviours from “lobbying groups” etc…

So I texted the link with a caustic comment to a few friends, they texted a few others. I’m assuming others saw the same and did likewise and eventually somebody had a word with the Government Dept responsible, so they changed it and hoped nobody would notice…

Well guess what I have so, how many others have as well 😉

So a question for you, “Should I provide a link to the 10 Downing St” page where you can make comments, hints, suggestions or complaints to the UK Prime Minister’s Office?”.

ResearcherZero December 21, 2020 10:57 PM


If a cop or detective pulls a weapon on me or someone else, and they are a foreign asset, then I’m allowed to disarm them. However if they are not, then I have to allow them to take me to a police station, and in the case if they are bent, kick the crap out of me. A great and fun part of gathering intelligence and evidence. Then we have to rely on them to make arrests, and I know their job is pretty frustrating, but there are worse jobs and generally people are far more cooperative if you don’t treat them like crap.

We infiltrated governments for decades by bribing officials, we shouldn’t be surprised they are doing it to us, and really should of hand a much better handle on things, as it is pretty deep and pretty thorough in places.

It’s pretty frustrating sitting on a mountain of evidence on individuals, but no one with the power to prosecute wants to take responsibility, no one in government and any other institution wants to take responsibility, and the crimes allowed to go unpunished, far out way any intelligence value (IMHO).
Is that new promotion and pay upgrade really worth the inevitable national security headache cluster@#$% that was left cooking on the stove, for ‘um (looking at my watch), decades?

Quasimodo’s Law states that: if you ignore an international incident, you get an international incident right up the rear end, or something along those lines.

SpaceLifeForm December 22, 2020 12:28 AM

@ Clive, JonKnowsNothing, ALL

Interesting response regarding travel.

Should have done this back in February 2020.

The lists keeps growing.


Hey Boris! How’s that Brexit working?


Lorry drivers in Kent have spent a second night sleeping in their vehicles waiting for the border with France to reopen – as politicians thrash out a plan to restart trade and travel.

France shut the border for 48 hours on Sunday, leaving at least 945 lorries stacked-up near Dover amid fears over a new coronavirus variant in the UK.

Other European countries are talking about how to coordinate their response.

More than 40 countries have now banned UK arrivals due to the mutation.

Measures agreed between Prime Minister Boris Johnson and French President Emmanuel Macron will be announced later and come into effect from Wednesday, French Europe Minister Clément Beaune said.

SpaceLifeForm December 22, 2020 2:20 AM

@ JonKnowsNothing, Clive, MarkH, ALL

Tegnell does not understand how the virus works.

It really flattened during Northern Hemisphere Summer. That is gone now. Everything points to stealthy, latent response when things get cold and dry, and people stay indoors.

There are so many silent spreaders, carriers. But when the conditions are cold and dry, and multiple people that are asymptomatic are together in the same closed environment, the total aerosol load in the air increases rapidly, especially due to lack of fresh outside air.

Yes, likely over 25% of the population has been exposed. They had remained asymptomatic, and convinced themselves that is was not that bad.

But, everyone likely has their own personal limit of exposure, before their immune system can not handle it any longer.

So, indoors, closed environment, the odds are that the aerosol level will rise, and, at some point, someone in that environment will not be able to deal with the total viral load.

I recommend opening a window or door for a bit every day, try to get some kind of cross breeze, maybe use a fan, and get some fresh air indoors. Even if is freezing outside. Lower the total aerosol viral load. Freeze your ass off for 15 minutes. It may save your life.

Winter December 22, 2020 6:25 AM

“Jacinda Ardern said there were 3 strategies about how to deal with COVID-19.
  1, Herd Immunity Policy, aka Do Nothing
  2, Suppression aka Herd Immunity Policy Slow
  3, Elimination”

3, does not work.

There is only one, and only one, example of a virus that was eliminated, i.e., the smallpox virus. And that was eliminated by vaccination. The second on the road to elimination is the polio virus. If this succeeds, it will also have been reached by vaccination.

For the rest, every virus and microbe will get everywhere, eventually. At least since 1492, there are no virus safe enclaves anymore.

Actually, both strategies 1&2 were waiting for the vaccine. Strategy 2 tries to limit the human suffering, strategy 1 tries to limit the financial suffering, but only of the rich.

Clive Robinson December 22, 2020 7:05 AM

@ Winter, JonKnowsNothing,

There is only one, and only one, example of a virus that was eliminated, i.e., the smallpox virus.

Err… How about the now assumed to be extinct[1] SARS from 2002-4 now known by some as SARS-CoV-1?

[1] There was for a time an assumed “wild animal reservoir” in Chinese Civits. However as there have been no new infections recorded in more than a decade and a half, it’s not likely there is a wild animal reservoir of SARS-CoV-1.

Winter December 22, 2020 8:37 AM

“How about the now assumed to be extinct[1] SARS from 2002-4 ”

Yes indeed, SARS1 can be considered extinct. But we do not really know how it became extinct. Maybe it was eliminated by the containment policies? Who knows?

Winter December 22, 2020 8:59 AM

“How about the now assumed to be extinct[1] SARS from 2002-4 ”

Some speculations which might be educational.

SARS1 differed in a few crucial aspects from SARS2:
1) It was much more deadly
2) It mainly spread from symptomatic carriers

1) made sure there were no “deniers” that claimed it was just a cold. People who contracted it dropped like flies. Public reactions were swift and drastic

2) made it easy to contain the spread. If you had a fever, you might be dangerous. If not, you weren’t.

In contrast, SARS2 is less deadly and public response to SARS2 was initially “it is a cold”. And as carriers can spread it without showing any symptoms, containing it is difficult.

So, SARS1 is more like Ebola, that leads to localized outbreaks as everyone treats it like the plague it is. SARS2 is more like AIDS, it kills millions, but you only see it when it is too late. AIDS is inherently more deadly, but more restricted in who it can infect.

Clive Robinson December 22, 2020 10:03 AM

@ Winter,

But we do not really know how it became extinct.

We know “how”, that’s easy, lack of human hosts, and we assume lack of animal hosts that could form a reservoir…

But thay’s not very helpfull in making one or more Corona Viruses extinct.

So, it’s the why we need to seek out. As far ad I’m aware of the several billion Corona Viruses out there, there are only just over half a dozen that effect us,

1, The four that give us the common cold.
2, Middle Eastern Respiratory Syndrom (MERS).
3, SARS-CoV-1 / SARS1.
4, SARS-CoV-2 / SARS2 / COVID19.

As far as I’m aware they are all respiratory related diseases in humans, whilst more likely to be GI related in wild animals.

The common colds and MERS have infection reservoirs in animals which is why they are still around and I’m guessing SARS1 lost for some reason.

Which brings,

Maybe it was eliminated by the containment policies?

To the fore, another name for it is quarantine be it individual, household, local area, country or larger such as State/National areas. They have very definately been shown to work.

Which is what I was going on about earlier this year when I banged on about border control, fomites and segregating those who work in international trade transport and those who are in effect quarantined.

If we can eliminate border crossing then we can contain it and the disease would with finer level containment become extinct, provided no animal reservoirs become reality.

The problem is various animals have been identified as capable of forming disease reservoirs… Which in theory means we may never get rid of SARS2, if it gets entrenched in wildlife but does not kill them (as even vaccines will not stop reinfection in subsequent generations).

MarkH December 22, 2020 10:18 AM

Some Covid News

The makers of the two mRNA vaccines which have received approvals in Western countries, Pfizer and Moderna, report that they are in the process of testing their vaccines against the strain which has recently grown so rapidly in the United Kingdom.

Clinical testing (on human patients) is a slow process, but laboratory testing can be accomplished in a few days.

The vaccines have tested well against previous SARS-Cov-2 variants, and have a good probability to do so against the new U.K. strain, which has about 99.3% commonality to the “reference strain.”

If the vaccines work against the new strain, their effectiveness (percentage of cases or severe cases prevented) might well be less. If an mRNA variant is required, it can be developed in about 6 weeks.


Another interesting thing I picked up from news reports, is that vaccination is recommended (or planned to be recommended) for people who are already sick. The vaccines act quickly enough, that they are expected to reduce the severity of Covid progression in sick patients.

JonKnowsNothing December 22, 2020 11:48 AM

@Winter Clive All

re: Elimination does not work

Actually elimination works pretty well as long as there is no reservoir or environmental contamination as Clive has pointed out.

We do elimination all the time: It’s called CULLING.

We kill everything that’s contaminated and dump it into huge trenches that are not deep enough, too close to water sources, too close to potable water systems, then we dig it all up again with or without making sure nothing escapes from the decomposing lungs and tissue which might contaminate the diggers and then haul it to incinerators and blow it into the atmosphere.

There are 2 types of culls
1, Man made
2, Nature made

Works the same way.

While you are debating the value of culling, best start thinking of H5N1,H7N1 and H7N3 (HPAI) cause they are on the rise on chicken/turkey farms Globally. Vast numbers of future Sunday Chicken Dinners have been culled.

ht tps://
  * HPAI A(H5N1) highly pathogenic avian influenza

ht tps://

Information received on 16/12/2020 from Dr Christianne Bruschke, Chief Veterinary Officer , Agriculture, Nature and Food Quality, Ministry of Agriculture, Nature and Food Quality, The Hague, Netherlands

This event pertains to the whole country

On 14th of december 2020, a 3 km protection zone and a 10 km surveillance zone have been established. In the 3 km zone there are no other premises with poultry. The subtype HPAI H5N1 is confirmed by the NRL. All susceptible animals on the infected premise have been killed.

(url fractured to prevent autorun)

xcv December 22, 2020 1:44 PM


(url fractured to prevent autorun)

Why don’t you fix your damn browser and turn off the automatic link-crawling features, then, instead of hyping up a broken link as if it’s supposed to be some kind of dark web porn or something like that?

Post a clickable link, use the preview, open in a new window to verify that the link works and is correct before you post it. It’s really irritating to follow a discussion when people post broken shit instead of a functioning link to what they are talking about.

Clive Robinson December 22, 2020 2:52 PM

@ xcv, JonKnowsNothing,

Why don’t you fix your damn browser and turn off…

As @JonKnowsNothing and others have pointed out on many occasions, they do not go to the trouble of breaking URL’s for their benifit but others benifit.

Whilst it is annoying to not be able to just click on a link, there have in fact been several postings that have used single point URL’s to porn sites and worse. So people can end up with their browsers doing pre-fetch on such sites.

The @Moderator of this site has put in a lot of effort to clear out such unwanted postings and some posters likewise mark the less obvious postings they have found all to alow others to post URL’s. If things became too problematic then not alowing clickable or pre-loadable URL’s might well become standard anyway.

So it might not be long before you have to “cut-n-paste” all URL’s…

xcv December 22, 2020 4:29 PM

@Clive Robinson

Whilst it is annoying to not be able to just click on a link, there have in fact been several postings that have used single point URL’s to porn sites and worse. So people can end up with their browsers doing pre-fetch on such sites.

If it isn’t spam or porn, and the site does not contain directly executable exploit code, then there shouldn’t be a problem with directly linking to it.

Otherwise, well, people who can’t deal with direct hyperlinks are going to have a lot of other problems in general browsing other sites on the internet with or without the comments on Schneier’s blog.

Markdown Extra syntax (help linked below) allows easy links of the form


which will render


Bruce has restricted some Markdown features for security, but basic hyperlinks still work. The old syntax of an allowed subset of HTML (carried over from Movable Type) is still available as well.

<a href="">DuckDuckGo</a>

JonKnowsNothing December 22, 2020 5:16 PM


re: If it isn’t spam or porn, and the site does not contain directly executable exploit code, then there shouldn’t be a problem with directly linking to it.

So, how would you know this? How would you know the link had not been MITM? How would you know what the prefetch collected? How would you tell a tinyURL destination? How would you know a URL given is still valid n-years from now? What would you know about code running on the link site?

There are a lot of reasons not to use full hyperlinks. I’m sure you could find many more reasons to not use them … if you thought about it.

For those who are more cautious, I endeavor to provide enough info about the link so they can do their own search on the topic. Some people have an allergy to certain sites and some folks might get more “bother” than they care about having with a direct link.

Links may appear to be straight forward, but therein lies the way to perdition.

“Never trust anything that can think for itself if you can’t see where it keeps its brain.” Mr Weasley

vas pup December 22, 2020 5:56 PM

Paul Whelan: Grim life of US ‘spy’ in Russian labour camp

Read the whole article – very interesting (pat attention to details in particular).

My nickel to Mrs Elizabeth Whelan: Your husband will be safe. Nobody will touch him. Under NO circumstances RF will let him to harm himself in anyway as well.

Based of RF President view (as former spy himself he stated that more the once openly to the press) only traitors (former RF spies who changed the flag and betray own country) deserve all sorts of negative consequences with no mercy, but not any foreign spy who just was doing his patriotic duty for his own country. Those folks just colleagues and that is their professional risk.

vas pup December 22, 2020 6:13 PM

France bans use of drones to police protests in Paris

“The Council of State ruled there was “serious doubt over the legality” of drones without a prior text authorizing and setting out their use. LQDN said the only way the government could legalize drone surveillance now was in providing “impossible proof” that it was absolutely necessary to maintain law and order.”

Wow! And that is regarding JUST surveillance drones.
Did you respected bloggers see so called peaceful protest in Paris recently?

I respect PEACEFUL protests ONLY. Violent protests close to the riots should suppressed swiftly and promptly with ALL available non-lethal technical means and such usage should be pre-authorized by Law, and not on case-by-case basis by the court.
Same is reasonable in any part of the globe. When choice is between chaos and law and order, I am for latter.
You do may support former until Your car put on fire, You or Your family member – innocent bystanders were injured or killed, Your small business was looted.

Merry Christmas!

SpaceLifeForm December 22, 2020 11:00 PM

@ JonKnowsNothing, Clive, MarkH, Anders, ALL



“The presence of COVID-19 in Antarctica also has implications for local wildlife, with the threat of humans transmitting the virus to other species.”

[I’m sure the Emperor Penguins will remain socially distant. It also may help that they are birds, not mammals.]

SpaceLifeForm December 23, 2020 12:48 AM


Some may recall that I said to not study the Schrödinger equation too much.


A team of scientists at Freie Universität Berlin has developed an artificial intelligence (AI) method for calculating the ground state of the Schrödinger equation in quantum chemistry. The goal of quantum chemistry is to predict chemical and physical properties of molecules based solely on the arrangement of their atoms in space, avoiding the need for resource-intensive and time-consuming laboratory experiments. In principle, this can be achieved by solving the Schrödinger equation, but in practice this is extremely difficult.

Clive Robinson December 23, 2020 6:44 AM

@ SpaceLifeForm, Anders, JonKnowsNothing, MarkH, ALL


Do you hear the beat of very distant hooves?

The new variant of SARS called 2020-12 by some, was first noted in Kent UK 3/3rds of the way through september. Since then it’s been found in most places that do the appropriate widescale genetic testing.

The fact it was found in Kent is important, because it contains a number of ports where traffic of all typrs goes through. Take Dover[1] normally it has nearl 10,000 lories a day go through and similar numbers of cars. With upwards of 12,000,000 pasangers a year, many of whom will stop in Kent for food, snacks, fuel, etc or mix with others on public transport before heading in towards London through the South East of the UK… Thus the variant SARS2 can be seen to have spread along this transport corridor and spread out around the M25 motorway.

Does it realy matter where the patient zero was? Because most of that traffic of people is two way thus since 20Sept atleast 1/4 of the annual human traffic has gone through Dover, to all places in Europe and beyond. Long before COVID there were jokes about Turkish, Polish and even Russian truck drivers

Oh and then there is that Beijing inspired Yiwu China to East London “Silk Road” railroad[2], the second longest in the world currently. Which also follows the kent-london route of the Channel tunnel as the last part of it’s 18day journy.

But we do not yet know much about this varient of SARS2, it appears to be rather more infectious taking R0 up by beyween 0.4-0.9 depending on who you talk to. As for it’s effects it has on people who become infected, well it’s reasond to be about the same.

However this does not mean it’s going to have the same “kill rate” as currently.

As the level of infections rise, the healthcare available diminishes. At some point healthcare becomes saturated and triage starts where only those thought to have the best chance of survival will be treated. Which means more and more will die and the case fatality rate rise from a fraction of a percent of population upto as high as five percent. But to make it worse those infected and infectious rather than face being “suicided in healthcare”[3] will stay in the community increasing infection rates.

One Dr has gone on record as saying celebrating Christmas and New Year in the US by traveling or visiting will be the equivalent of suicide. However it will also be murder.

Some have thought I was joking or being over dramatic when talking about people becoming “Granny Killers” look at the figures after Thanksgiving and tell me where the joke is there?

It’s not just you who might become sick, you might even be lucky and be asymptomatic if you are young. But remember the lethality of COVID rises not linearly with age but exponentially…



[3] In essence they put you on an “end of life coctail” which in effect is a load of opiates that suppress your breathing as well as consciousness and pain and you simply “stop breathing”.

Winter December 23, 2020 8:32 AM

“Some have thought I was joking or being over dramatic when talking about people becoming “Granny Killers””

This is exactly what Merkl told the German parliament and the Germans in general on national TV. Actually, that is what every government in Europe is telling it’s people.

Clive Robinson December 23, 2020 9:10 AM

@ Winter,

Actually, that is what every government in Europe is telling it’s people.

Well I can only hope “the people” are not just listening but taking it on board.

For various bureaucratic reasons Europe were not going to approve any vaccines untill the end of the month at the earliest. Apparently Germany, Spain and a number of EU countries put pressure on the committee and thus they met yesterday, and approved an mRNA antivirus vaccine.

So EU needles in arms is going to be a month behind other vaccine programs…

So the first signs of “immunisation herd immunity” will be Feb next year and in reality starting in May or later… But only for a lucky few as the mRNA vaccines will appatently be in effect rashioned as “production is limited” and transportation and storage problematic…

Sancho_P December 23, 2020 9:41 AM

re crippled URLs

It should be mentioned that the real problem in the Net are our browsers, the Swiss Army Knifes to access our privacy.
Crookle got that relatively late but then came out with Chrome to have their own access.
Since then their software updater informs them hourly about our system activity, nowadays even without having Chrome installed.

Visiting any link must not harm user or system, period.

A better (also crippled) way would be not to propagate URLs as clickable objects.
… Back to text only – If the root of the issue (browser) can’t be solved
(no prefetch, context menu -> Follow Link without a trace).

The fractured URL is kind a fig leave, as most will simply repair the obviously broken part and insert tt or whatever, not realizing a tricky domain change or tracking part. The referer ( …) will remain anyway if you are not careful.

Sancho_P December 23, 2020 9:44 AM

@Clive Robinson re Tier 4,
There are still more than 20 tourist planes per day from London arriving on the Canary Islands, sad you can’t enter an aircraft.

“Granny Killers”
People here (as often) say “Sorry gov, can’t hear ya”.
Why? Lost trust?

lurker December 23, 2020 12:37 PM


Well I can only hope “the people” are not just listening but taking it on board.

I’ve just heard your Minister telling “the people” that if they’ve had any truck[1] with South Africa in the past two weeks they must quarantine themselves. Good luck with that.

In our “elimination” country travellers are met at the border by people wearing uniforms and masks who escort them to government managed quarantine facilies. It’s sad that in too many countries guns would be needed to emphasise and acheive that end. It seems no country is willing to ask the Chinese for help. They have just increased the requirements for inbound travellers to have two negative antibody test within 48 hours before departure from country of origin.

1 he didn’t say “truck”, but used two sentences of Westminster circumloquation.

SpaceLifeForm December 23, 2020 10:56 PM

@ Clive, ALl

Don’t buy the SPIN.

The US NDAA (mil) bill that Trump just vetoed, was not about Section 230.

Section 230 is not broken.

This is about the ILLICIT Cash Act, an anti-money laundering provision that would have forced shell companies to disclose their beneficial ownership that was forced into the bill.

Also, many people are conflating the NDAA bill with ongoing spending budget bill that also contains Covid relief. They are separate bills. And, unfortunately, Trump will probably pocket veto the spending bill (and therefore Covid relief).

So, everyone that was even hoping for $600, do not get your hopes up.

This is about a incorrigible toddler throwing a hissy fit and forcing a government shutdown.

👺 December 24, 2020 3:16 PM

@ xcv

What do you think of Tails to defeat tracking and surveillance?

Too many programs including a full office suite, too many vectors for attack or for something unexpected to go wrong.

They need to release a smaller version of itself, trimmed down just to meat and potatoes. Get rid of all the cruft and just install a few basic utilities along with the browser to lessen the attack surface, the ISO size and the # of things which could go wrong!

But IMO they claim they don’t have the time for that, or the resources and/or enough users interested in such a project. They just won’t do it.

So someone else will have to.

xcv December 24, 2020 5:22 PM


Too many programs including a full office suite, too many vectors for attack or for something unexpected to go wrong.

It’s important to be able to do some work or publish something anonymously, if Tor or Tails, can help.

They need to release a smaller version of itself, trimmed down just to meat and potatoes. Get rid of all the cruft and just install a few basic utilities along with the browser to lessen the attack surface, the ISO size and the # of things which could go wrong!

You have to log in and accept cookies, javascript turned on and all that in order to get or post information on most modern websites.

But IMO they claim they don’t have the time for that, or the resources and/or enough users interested in such a project. They just won’t do it.

So someone else will have to.

Kali Linux by Offensive Security? Or OpenBSD

OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than most vendors are able to. We can make changes the vendors would not make. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems.

There are drug problems in Canada, and crypto export hang-ups in the U.S.

4. What should I do if I cannot obtain the Encryption Registration Number (ERN) or the Export Control Classification Number (ECCN) for the item from the producer or manufacturer?

If you are not the producer and are unable to obtain the producer’s information or if the producer has not submitted an encryption registration, self-classification report or commodity classification for his/her products to BIS, then you must register with BIS. The registration process will require you to submit a properly completed Supplement No. 5 to part 742 and subsequent Supplement No. 8 Self Classification Report for the products. You will receive an ERN for the registered products or CCATSs as appropriate. BIS recognizes that non-producers who need to submit for encryption registration may not have all of the information necessary to complete Supplement No. 5 to part 742. Therefore, special instructions have been included in Supplement No. 5 to account for this situation.

For items described in Part 740.17(b)(2) and (b)(3) or Part 742.15(b)(3) that require the classification by BIS, the non-producer is required to submit as much of the technical information required in Supplement No. 6 to part 742 – Technical Questionnaire for Encryption Items as possible.

There’s a Communist Party politburo in the U.S. government. If they are breaking encryption, it is to promote and compel vice, not to conduct drug busts or counterterrorism surveillance, as billed since 9/11/2001.

Clive Robinson December 24, 2020 5:43 PM

@ JonKnowsNothing, MarkH, SpaceLifeForm, ALL,

This news is depressing,

Apparently over 1/3rd of Americans will be travelling for Xmas. It’s almost certain that both the UK discovered and South African variants of SARS2 are in the US.

The UK variant is over half as infectious again (+56%) as the older SARS2 virus.

As the South Africa virus also has the 501 mutation it can be assumed it likewise has a similar increased rate of infection.

However the South Africa virus has other mutations and it appears it has a considerably increased virulence in younger people. To soon to say if it’s,a “Kiddy Killer” but the anecdotal evidence suggests it might be.

It’s only a few minutes now to Xmas Day in the UK, and the day after “Boxing Day” is traditionaly the day for “group walks”, which should not be happening thos year. But also it most probably is going to see further and more extream lockdown measures put in place in the UK.

Where ever people are I wish them well at this Winter Solstice celebration, I hope you and your loved ones all spend it safely and have better times next year.

Anders December 24, 2020 6:23 PM

@Clive @MarkH @SpaceLifeForm @ALL

More bad news. There’s also already Nigerian version.


👺 December 24, 2020 9:01 PM

@ xcv

Or OpenBSD

Believe it or not:

Anonym.OS [1] was a Live CD operating system based on OpenBSD 3.8 with strong encryption and anonymization tools. The goal of the project was to provide secure, anonymous web browsing access to everyday users.[1] The operating system was OpenBSD 3.8, although many packages have been added to facilitate its goal. It used Fluxbox as its window manager.

The project was discontinued after the release of Beta 4 (2006).


What a terrible shame it didn’t continue to this day. Kali is really not meant for such purposes and offensive security looks like, aside from Kali references, a site offering “classes.” I know nothing more about them, however.

OpenBSD would be a fine choice, but there may be a lot of hardware incompatibility among the users.

AFAIK it wouldn’t take much manpower to simply build a separate, slimmed down TAILS .ISO with little more than the browser and some tools as an option for power users preferring security & privacy over a full office suite, media player(s), etc.

👺 December 24, 2020 9:06 PM

@ xcv

You have to log in and accept cookies, javascript turned on and all that in order to get or post information on most modern websites.

Such is the failing of the modern web as we know it. It would depend on where the user is participating. There are a lot of clearnet mailing lists and .onion sites for communication.

JonKnowsNothing December 24, 2020 9:22 PM

@@Clive @MarkH @SpaceLifeForm @Anders @ALL

re: USA COVID-19 Shambles

Apparently over 1/3rd of Americans will be traveling for Xmas

Yeppers its an American Ideal. We gotta be First for Everything. In COVID-19 cases, infections and deaths we are MEGA!

I just finished another round of data gathering and it’s more than depressing… its off the scale. So much so that out in Sunny California they can no longer update the numbers fast enough and my patch isn’t even updating deaths anymore.

We are at 2,000,000 cases with an estimated 550,000+ active confirmed cases (based on the 14 day numbers) which likely translate into more than 1,000,000 total infected with/without confirmation.

The big Christmas Present the local hospitals are getting are: More Morgue Trucks (5 Trucks @48-60 capacity each). They asked for Staff but Santa said all the elves are sick…

Between bouts of depressing news, I’ve been hunting down info on the new strains but I haven’t found what I’m looking for yet. The info is certainly known at a state level and at the WHO, but it’s been beyond my not-so-good-google-fu so far.

I did find a tidbit about some of the connections between the spike protein and the ACE2 receptor.

note: my chemistry days, in the hazy past, consisted of Tinker Toy Atoms connected by pegs.

At at highly zoomed in view the linkages from the Spike to the ACE2 receptor have to connect at the correct angles and charges. An incomplete length or wrong charge or mismatched connection limits or prevents the Spike from connecting.

There are some known combinations where the link fails. These combinations I think are important and are what I’m tracking down for the new variants. (note: I might never find the info)

In order for the new variants to connect “better” this linkage needs to have changed. The ACE2 likely did not change so the change is on the Spike.

Additional to this, are the Antibody Escape features of 22+ known spike variants (501 is one of the known ones). The Escape mechanism is when the spike mutation alters just a bit and a particular antibody cannot make the linkage (see Tinker Toys). In at least one case, the location where one antibody would link is distorted and the antibody is prevented from connecting there.

The other item is that the Spike can torque in a way that it connects multiple times. It can connect to the same cell or an adjacent one. If the torque also has an Escape then it not only infects more cells, that particular antibody doesn’t work.

There are many antibodies, so losing a few probably doesn’t matter much, as long as the remaining ones can get hooked on.

The deletion mutation seems to part of the increased infection rate. Certainly for mink, Mink-COVID-19 was highly infectious and carried the Deletion Sequence. However, the deletion was not strongly connected to the Antibody Resistance Test. eg: Deletion Sequence = faster infection but not antibody resistance.

So there’s something more to be noticed about these new variants in how they are actually interfacing with the ACE2 and specific antibodies. Particularly what in the Deletion Sequence is affecting the ACE2 interface or perhaps a different interface.

disclaimer: I am not a geneticist and I have no information other than what’s in the public sphere. Sphere being round, things might have fallen off the edge. ymmy

ht tps://
(url fractured to prevent autorun)

SpaceLifeForm December 24, 2020 9:44 PM

@ Anders, Clive, MarkH, ALL

There should be zero surprise that the new variants are being discovered and that they are more transmissible.

It’s the nature of the beast.

Darwin would tell you that less transmissible variants will die out.

The big question is: Are the spike mutations sufficient to overcome the current mRNA vaccines?

Or, will the antibodies created from the vaccines still recognize the spike protein created by the mutated virus?

I think they will, but time will tell.

If the virus mutates too much, the spike protein may no longer function. But those will die out.

Attacking the spike is probably the best approach.


The study found that people with severe COVID-19 have low proportions of antibodies targeting the spike protein used by the virus to enter human cells compared with the number of antibodies targeting proteins of the virus’s inner shell.

[hmmm. Are people that have had a common cold frequently (nearly yearly) more likely to handle the virus?]

Goat December 25, 2020 3:06 AM

@SpaceLifeForm, I think some simple regex blocks would help the moderator quite a lot, some spammers are quite repetitive.(I am willing to help build the engine if I can, but my limited python skills may not be helpful.)

1&1~=Umm December 25, 2020 3:35 AM


“The bots are back.”

True but Ted and DeT appear to be mirroring for some reason…

Ted December 25, 2020 2:02 PM


“If before enlightenment, you chop wood and carry water, and after enlightenment, you chop wood and carry water, what have you learned from you enlightenment that is of any practical consequence to your or others daily life?”

If you have to ask you will likely never know. I sincerely wish you wellness and peace. I wish you growth and happiness.

I do not seek conflict. It actually makes me quite sad.

I won’t be here for a long while. Bruce writes a lovely blog but I will leave the Friday squids to themselves whatever name they are choosing to use.

Clive Robinson December 25, 2020 4:10 PM

@ Bruce, ALL,

Not sure if you have heard about this ransomware attack,

Hackers threaten to leak plastic surgery pictures

In essence the attackers (REvil / Sodinokibi) have obtained a large number of plastic surgery photographs of the before and after variety that they have threatened to release. In their words the “intimate photos of customers” were “not a completely pleasant sight”.

Which for obvious reasons the release of the photos could cause a lot of stress and psychological harm for some individuals, who have had plastic surgery out of need rather than want.

The organisation that has lost control of the data is the UK “Hospital Group”, which is also known as the “Transform Hospital Group”. It claims to be the UK’s leading specialist group in weight loss and cosmetic surgery. It has lost something like 900GBytes of confidential patient infornation of which the photos are part.

It would appear that having the better part of a terrabyte of data being “carried out the door” does not ring alarms with this Surgery Group even though they have an “enhanced legal duty of care” when it comes to the “Confidentiality of Patient Information”…

As usual way to little in the way of details to say what standard of data protection the Hospital Group were using or how the Ransomware group got in and exfiltrated the data.

I must admit my first question woyld be,

“Why were machines with access to confidential patient data also given access to a public network?”…

Lets hope that such a question becomes the first on all “best practice” lists, likewise on insurance registration forms that such organisations need to practice. Then maybe they would be a little better prepared for what appears to be an inevitable outcome of current “business computing practice”.

Ted December 25, 2020 5:24 PM

One more quick post and then adieu as promised.


I have been less than truthful in several of our exchanges.

  1. I actually do care if people choose to get vaccinated. Needless death and sufferings sadden me a great deal. In my reply I chose callous indifference over caring. That was wrong.
  2. It was wrong of me to say that you will never understand the wood carrying thing. IMHO it was the smartest thing you asked. With humility I suggest that you ponder it from time to time.

I hate internet flame exchanges. I am sorry that I chose to engage in this one. I wish you and the people you care about a happy healthy 2021.


PS If anything in this post comes across as a flame please know it is not my intention.

xcv December 25, 2020 8:58 PM


I actually do care if people choose to get vaccinated. Needless death and sufferings sadden me a great deal. In my reply I chose callous indifference over caring. That was wrong.

Aww shucks. Come off it with the fake sympathy and apologetics for medicalism in its modern incarnation of COVID-19 hysteria.

Good old Doc has a vial of some elixir of life or aqua vitæ, and he’s drawing it into the syringe with a fine needle, and the pretty nurse is scrubbing your inner elbow with iodine swabs. Just give it shot, live up the good life for a long time yet. Good grief. Wake up, sheeple.

JonKnowsNothing December 25, 2020 9:37 PM


re “Why were machines with access to confidential patient data also given access to a public network?”

Based on RL experience: Because the Management/Owner/MD/HMO/etc did not want to buy more than the minimum necessary machines/equipment. By batching up applications on one machine they can eliminate specialty machines.

No one wants to walk down two floors, or walk down the hall, or walk across the room, login to a different machine to do ATask, anyway.

It’s not just the Medical profession. Banks, Manufacturing, High Tech, Low Tech, Retail… pretty much all companies.

One of the primary issues with high tech is the way money is accounted for in Source-Sink Cash Flow or even the basic Income Statement. Nearly all tech is a sink. Allocation of expense is done by assignment or percentage of use. Profit is rarely assigned to any support tech because it does not directly impact profits/sales.

It’s a silent support, without which most companies cannot function. However, according to accounting rules, it’s abandoned on the wrong side of the balance sheet.

  How many sales numbers include: 10 salespersons and 20 PCs?

Having had more than a few chats with CEOs about maintaining computing systems and the need for upgrade+replacement (for all the reasons we know about), nearly none will allocate even a fraction of the funds needed.

iirc(badly) A documentary film about Steve Jobs and one of the companies he attempted to start (1), he railed about the costs of engineering.

Paraphrased thru the fog of time:

Why are we having X Y Z problems? Timetables are behind, product development is behind… And we spend $$$ on “brand-y-new” hard drives for all of the machines!!!(2)

1, The company failed badly even though it was pretty good stuff

2, Apple types systems that had been ordered with no hard drives

Clive Robinson December 26, 2020 1:21 AM

@ JonKnowsNothing,

It’s a silent support, without which most companies cannot function. However, according to accounting rules, it’s abandoned on the wrong side of the balance sheet.

True but it is just one aspect of the problem.

If you examin many organisational networks they still follow badly a design from a third of a century ago in the 1980’s Which can be boild down to,

“A star network with all user computers promiscuously connected to all other computers and resources at the center including the public neywork connection”

Over the years a few things have changed… Such as making firewalls do more and more till they are to complicated to manage. Changing bridges and hubs for switches, then managed switches that again became to complicated to manage. Adding IDS behind firewalls to try to detect intruders that again have become to complicated to manage.

The result is that if a couple of people have a need for external access then everyone gets it and similar. As the number of users grow the rules that have to be added for each user become more and more generic so accounting/finance, human resources, and business archives, none of which should ever be visable from a public network or any other part of the organisation all get made available for both extetnal and internal/insider attacks.

Managment alow this and in some cases actively encorage it, yet you don’t see many organisations doing the same with building security…

Thus as you indicate,

Having had more than a few chats with CEOs about maintaining computing systems and the need for upgrade+replacement (for all the reasons we know about), nearly none will allocate even a fraction of the funds needed.

That is they see ICT as a necessery evil at best, but outside of the balance sheet it’s invisable, like lights, heating/AC, cleaning, and much else. With one over riding feature above being invisable. That is they all become highly visable in a bad way when they stop being available for some reason… Yup it it stops or breaks the big dogs as well as the hounds bay for blood…

But managment do not grasp that the fundemental “all one star network” design has other issues such as an “all eggs in one basket” predominant failure mode.

Nor do they understand that it has other failings. Both physical and information Security is about seeing anomalous behaviour and acting on it. Anomalous behaviour is easy to see when you can see just one or two people, but make it a crowd and people could be rioting and you would not hear it above the rest.

Those who take security seriously know about segregation, compartmentalisation, choke points, access control, and role based behaviour monitoring.

They know that the “signals” that indicate “signs of trouble” become clearer when there is less noise. Thus the smaller a group and the more limited their required behaviour, the easier it is to spot aberrant behaviour, thus give sufficient early warning to stop or atleast minimize harm.

Engineers will tell you all sorts of ways to make systems more reliable, but in the main they all “reduce impact scope”. That is you reduce the number of dependencies on single points of failure. As noted that “all one star” model is single point of failure, but worse everyone is dependent on it…

I could go on but the upshot is not only is the design model wrong, it’s invisable till it does go wrong then everybody knows all at the same time as they can not work and that is very costly in oh so many ways…

JonKnowsNothing December 26, 2020 7:09 AM


re: Star Network Design and Corporate Worker Outputs

Clive: Those who take security seriously know about segregation, compartmentalisation, choke points, access control, and role based behaviour monitoring.

Not only does a network need this but also within the business structure. However, with some exceptions, many companies dump multiple duties on the same person such that they have need to access “that thing over there”.

As part of neoliberal view that “fewer employees are better” it’s not uncommon to find someone tasked with multiple areas requiring multiple connection points.

In Banking, separating duties is all important, but fraud, theft and embezzlement still happen but they happen less often when the opportunity to engage in these activities is limited.

In many other corporations, they do not separate critical tasks beyond the minimum headcount needed or legally required. Short cuts are common.

Continuity of design, purpose, structure gets lost as companies evolve and the design fails because no one remembers WHY? A common problem in Silicon Valley where turnover is like turning on the water tap.

When the design reasons are lost to view, operational errors happen or opportunity for more of them to happen.

More surveillance doesn’t help because Watching doesn’t help Doing. People have to Do whatever the job requires. They are indirectly impacted by work assignments that conflict because it is cheaper for the company to dump multiple tasks on a fewer employees and makes the Quarterly Balance Sheet look better, and that leads to Quarterly Bonus and Stock PumpNDumps.

This is not about stifling changes or structural realignments or revamping actions and activities, it’s about Corporate Amnesia that happens when they shift incompatible activities together.

In Silicon Valley and Big Dog Companies, entire divisions are vaporized regularly. These tasks are dumped onto the retained. Is is a wonder that anything vaguely secure happens at all.

RL anecdote tl;dr

After a series of massive layoffs in a major corporation, the entire Build Team for multiple critical infrastructure software development systems was reduced to one person.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.