A ten-foot giant squid has washed ashore on the Western coast of Japan.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Nick Levinson • December 25, 2020 10:56 PM
The elections were probably not hacked by Russia because Russia at the top probably no longer cared who won. They cared in 2016 and it didn’t get them much.
Good election security is possible and can be consistent with high turnout but is expensive. Try getting public support for higher taxes, especially if the more nefarious players in local politics encourage opposition because they’re not on board with tightened security (e.g., those local officials who like to stick their hands into ballot boxes and read how you’re voting). I don’t discount the work done to tighten election technical security before the 2020 election (not about political issues like voter ID standards and ballot access), but sometimes the bank with security didn’t get robbed because robbers took the day off.
Curious4 • December 26, 2020 2:01 AM
I would love to see more discussion of the Nashville incident. Does anyone know exactly what that building held? It sounds like a fiber optics hub. Perhaps it was done in the 25th to avoid casualties. Perhaps it was a test for future actions. Perhaps it was a disgruntled employee who knew the importance of infrastructure in that building. Perhaps the target was the fiber optic hub in order to achieve some other goal while network traffic was rerouted or while cellular service was disrupted. I wonder which network failover systems came into play during and after this occurred. This probably resulted in a lot of traffic being routed elsewhere.
The leading narrative seems to be that this was intended to send a message or achieve some kind of domestic terror objective. But it does not seem to have done either. Given the general lack of education and aptitude seen from strongly politicized folks, it very well could be someone trying to “hit the 5gs” or something stupid like that. Failing to achieve meaningful objectives is the hallmark of fringe politics.
However, I am skeptical that it was that naive given the precision and lack of casualties. The recent solarwinds incident and continuing mitigations are also ongoing and the infrastructure impact that this explosion caused is significant to a large portion of the US. TLAs who have likely advanced and increased domestic spying since the Snowden leaks would probably have had traffic analysis and connection spying technology in a building like this. But, that is just speculation.
What else could have been accomplished here? Did any group or organization benefit?
@SpaceLifeForm why do you think the President being in Florida matters (genuinely curious)?
There are several free text-to-speech converter voices online. None of them sound like the voice in the clip. But, I agree, the voice in the video does seem familiar. It could be an edit, kind of reminds me of the site-alert computer voice in early half-life games.
Clive Robinson • December 26, 2020 5:41 AM
@ Nick Levinson,
… likely means that, in each organization (hacked or not), the IT security chief will have to impose more requirements on most people who just use computers…
Nope not going to work, though it will be the knee jerk reaction of many to give legal walpaper to cover their “Best Practice” claims.
The simple fact is that the basic architecture of most businesses ICT infrastructure is more than a third of a century old, and it was a bad design back in the 1980’s.
All that has happened since then is that people have overloaded the design such that it can not be made secure to anyone who has crossed the threshold in some way.
All the defense is up in the wrong place just “at the gate” which has a guard so overworked it can not see what is going by.
Then the “all roads lead to Rome” centralized resource star configuration is an “all eggs in one basket” where any failing gives you one heck of a large mess you can not even make an omelet with.
Whilst I’ve been saying this for years, the SolarWinds issue should have made it obvious to everyone now.
But businesses will not make the changes required not for security, not even for increased resilience and availability, not even for organisational survivability. Because managment do not see the network and the rest of the ICT infrastructure as anything other than an object where cost cutting has to be not to the bone but right through the bone…
ICT security is effectively none existant because the foundations are not there, and everything done in the last three decades or more has been “stage dressing” rather than actual secured foundation building. The problem is all that stage,dressing year after year just adds weight not strength so the infrastructure is actually getting weaker and weaker day by day, with new cracks opening up all the time.
Untill people are prepared to demolish what they have and start again properly then the decay and insecurity will just carry on growing and the temporary repair bills climbing untill a major failing happens things colapse and the organisation follows down the same hole to the inevitable conclusion.
JG4 • December 26, 2020 9:11 AM
@Clive, MarkH, Vas Pup, Wes, Rachel, other esteemed guests and our generous, patient and long-suffering host – Wishing you and yours a Happy, Healthy and Prosperous New Year with a whole lot less crazy in it than 2020 provided.
There is a precedent for announcing bombs in a manner intended to minimize civilian casualties while maximizing economic damage. I sent this article to Bruce in 2011.
https://www.schneier.com/blog/archives/2011/07/comparing_al_qa.html
It’s a good read. John Dolan (aka Gary Brecher) has done an excellent reporting in the years since. The darker personalities in the story preferred power tools over wrenches.
There were a few more excellent articles from the same period examining terrorist organizations and their methods. I wasn’t able to find one that showed that the Basque separatists were the most prolific in Europe for a time.
Clive Robinson • December 26, 2020 9:55 AM
George Blake: Soviet Cold War spy and former MI6 officer dies in Russia aged 98
Dutch born as George Behar on 11 November 1922 in the Dutch city of Rotterdam His father was a Spanish Jew who had acquired British citizenship during World War I when he fought with the British army.
George worked for the Dutch resistance during World War Two, before fleeing to Gibraltar just south of neutral spain, and then as now under British controll. George changed his surname to Blake as many of jewish heritage did with British help and documentation to give a degree of protection when going back to fight the Nazi’s.
Due to his war time work he was later, asked to join the British Secret Intelligence Service (SIS/MI6).
At what time Blake became enamoured with Communism is unknown but he lived to see not just it’s rise but also it’s catastrophic collapse and the demise of the Soviet Union (CCCP). Even though he became a drunken louch, he managed to retain an engimatic air and was still consulted by the KGB and others. Even after the Soviet colapse and living out his days on a small pension in Russia, he was still seen as a hero by those who had been in the KGB and it’ successors.
He only spent about nine years as a spy before being caught and sentenced to prison, but in that time he did immense damage to Western Inteligence and probably betrayed more than five hundred people, we know atleast some of which were killed (over fifty have been attributed to his betrayal).
In 1955 he escaped from prison and made his escape to Russia with the help of various people some of whom are still unknown.
What sort of funeral he will get will no doubt be dependent on Putin’s mood and machinations. As Blake is technically “A Hero of the Soviet People” it could end up being a stage set state funeral to act as a distraction from rather more important current events.
yabba dabba dont • December 26, 2020 1:14 PM
“Failing to achieve meaningful objectives is the hallmark of fringe politics.”
The meaningful objective of fringe politics is to be fringe.
Curious4 • December 26, 2020 1:37 PM
@yabba dabba, I was more referring to the likes of Michigan “militia” who planned to kidnap a governor and then go camping. It’s stupid on multiple levels – reminiscent of the folks in Jaws who became enraged when the beach was closed. Someone in that mindset with a bone to pick with 5g could be the actuality of what we saw in Nashville. But, to me at least, it seems likely that something else was going on, even if we see a scapegoat presented as such in short order publically.
Pulling the network disruption thread further. How feasible would it be to attack a fiber optic hub like this in order to force tunneled traffic to pass through a specific waypoint.
For example. If I am a nation state adversary to the US and I’ve managed to tap a fiber optic line in Ohio, but most traffic between DC and camp Williams (nsa hindquarters) goes through this hub in Nashville, could an attack like this cause some of the tunnels to reroute through a fiber line I have tapped?
If you put this in context with solarwinds remediation it becomes less far-fetched. The effort, as alluded to by Nick Levinson, seems to be largely focused on making it harder for the mouth-breathing email-clickers who have passed polygraph+ts/* clearance to inadvertently make things worse. Meanwhile spook IT is trying desperately to keep systems afloat while entirely rebuilding network infrastructure. The things going on as quick-fixes mostly involve network layering (i.e. more vmware, more vpns) and policy “enhancements” to make stupid mistakes harder (i.e. have two mouth-breathers present when clicking phishing links in the holiday joke email threads).
If any of the compromised data from solarwinds provided keymat for a datastore, the subsequent migrations could take a really long time. The network layering and all the nobus attempts at breaking vpn security may be in the midst of some comeuppance if the traffic can be passively observed when it fails over to civilian infrastructure.
Joe • December 26, 2020 4:07 PM
I just ran headlong into the Internet of Things. My remote garage door opener [GDO] died. All the new GDOs have Android/IOS Apps. They claim “You can tell whether your garage door is open or closed from anywhere in the world.” And so can everyone else in the world of marketing…
Now I read through the manual, which was a joke. (Just use the “App”.) And then through the FAQs on how to fix things when they don’t go right. Apparently I can connect via WiFi to the garage door opener [GDO], which also acts as an access point for it’s own network. And then I can visit the GDO’s private web server, where I can enter whatever data I desire. No passwords ANYWHERE. No security of any kind. And you can’t turn it off.
Things don’t get any better once the GDO is configured to use my WiFi network to talk to the internet…
Now this isn’t just a local problem, that of a burglar breaking in with WiFi from just outside the door. Apparently someone overseas can access my GDO & it’s data the same way the “App” does, from anywhere in the world. Just what I needed, some script kiddie in China making my garage door go up and down at 3am.
Nor does there seem to be any way to update the GDO’s firmware.
GDOs theoretically have a 15-20 year lifespan. Or at least that’s what the manufacturers claim. My old GDO doesn’t have a fuse. It failed from a power surge. Damn lucky I discovered it quickly & unplugged it before it burned down my house.
It’s a classic problem: Why would the GDO manufacturer put a fuse in when a catastrophic failure lets them sell me a new GDO?
This “Internet of Things” seems to translate into to the manufacturers selling me a new GDO next year, to fix all the security holes. Kinda like Microsoft’s old Windows sales model.
Seems like what we really need is someone like Bruce telling congress-critters how these manufacturers are ripping off their constituents. Either the congress-critters will get a hefty campaign donation, or the congress-critters can get some excellent reelection-grade publicity protecting their constituents. Maybe.
It’s also the case that if one GDO manufacturer adds a hardware internet on/off switch, well it’s just a few good scare stores in the newspaper and they get all the GDO business that year. And since people tend to stick with the same brand of GDO when they replace it, there’s a long-term profit to be had. Should be interesting to see how this plays out over the next decade or two.
It’s really a dog eat dog world out there…
vas pup • December 26, 2020 4:24 PM
@Clive Robinson • December 26, 2020 2:16 AM
Let assume those bomb was set up by AT&T disgruntled employee(s), so they did not want any casualty from their former coworkers, but rather statement for company itself which like man in Terminator made of liquid metal reassemble itself back after very timely and reasonable braking down by US antitrust authority many years ago.
I guess AT&T should be on the same list of antitrust actions by the same token as Google, Facebook, etc.(but that is out of the subject).
Another possible angle: each AT&T central building/hub in the big city is served as telephone surveillance center. I guess our ‘wizards’ could consider such selection of the target as well.
Anyway, current terrorists understood that blood of innocent civilians absolutely negate any idea/cause they are pursuit and exclude any understanding and hidden sympathy.
Do you recall when Bonnie and Clyde burned down banking papers on debts of regular citizens? Same story until they killed somebody. Blood absolutely change the equation.
vas pup • December 26, 2020 4:43 PM
@Clive Robinson • December 26, 2020 9:55 AM
“In 1955 he escaped from prison and made his escape to Russia with the help of various people some of whom are still unknown.” Or just still undisclosed?
By the way, Oleg Gordievsky being high ranking KGB officer who spied for UK/MI6 was successfully exfiltrated from CCCP by two British diplomats in the trunk of their car over CCCP/Finland border.
vas pup • December 26, 2020 4:48 PM
@Clive on Blake from dw:
https://www.dw.com/en/cold-war-double-agent-george-blake-dies-at-98/a-56063105
“Blake was exposed as a double agent in 1961 and was sentenced to 42 years in prison. He broke out of prison five years later
==>using a rope ladder with the help of three cellmates and fled across the Iron Curtain to the Soviet Union, where he would live out his remaining days.”
vas pup • December 26, 2020 5:10 PM
Hackers threaten to leak plastic surgery pictures
https://www.bbc.com/news/technology-55439190
“Hackers have stolen the data of a large cosmetic surgery chain and are threatening to publish patients’ before and after photos, among other details.
The Hospital Group, which has a long list of celebrity endorsements, has confirmed the ransomware attack.
The company said it had emailed all its customers about the cyber-attack and would contact individuals who might have had more personal details compromised.
It’s understood that many before and after pictures will not include the patients’ faces.”
Yeah, I guess more valuable are just pictures of celebrities WITHOUT make up. With such capacity they may participate in scary movies as is right away.
Sorry for sarcasm. Just to relax mood of respected bloggers after all negativity in the news.
vas pup • December 26, 2020 5:19 PM
Blood alcohol levels much lower than the legal limit impair hand-eye coordination, study finds
https://www.sciencedaily.com/releases/2020/12/201221121741.htm
“New research published in The Journal of Physiology however found for the first time that hand-eye coordination is dramatically more sensitive to alcohol with some measures of coordination impaired by more than 20% at BAC levels as low as 0.015%.
In particular, the ability to process visual motion, which is crucial for hand-eye coordination in driving and other activities, is compromised after consuming the equivalent of less than a half of beer, for a person around 75 kilograms in weight.
The findings from the research team based at NASA’s Ames Research Center provide new information on the potential impact of ===>even minimal alcohol consumption on high-risk human activities that rely on keen visual and visuo-motor control, like driving, piloting, or working heavy machinery.”
Read the whole article for more details.
vas pup • December 26, 2020 5:26 PM
How to be happier in 2021
https://www.sciencedaily.com/releases/2020/12/201221160413.htm
“According to Ryan, who is also a professor at the Institute for Positive Psychology and Education at Australian Catholic University, acts of willingly helping others satisfy all three of the basic psychological needs identified in SDT research:
the needs for autonomy,
competence, and
relatedness.
=Autonomy in this context means that you can engage in activities in which you feel true volition and find personal value. =Competence means feeling effective and having a sense of accomplishment. Finally, =relatedness means working with and feeling connected to others.
“If you want to make a New Year’s resolution that really makes you happy, think about the ways in which you can contribute to the world,” says Ryan. “All three of these basic needs are fulfilled. The research shows it’s not just good for the world but also really good for you.”
lurket • December 26, 2020 5:49 PM
@vas pup
Gordievsky … exfiltrated from CCCP by two British diplomats in the trunk of their car over CCCP/Finland border.
In the diplomatic bag, so to speak? I once took the Leningrad-Helsinki train in the mid-’70s, and the train sat at the border for two and a half hours for Soviet exit inspection. They looked at a few kopek coins my wife had kept, smiled, and gave them back to her. But a Yugoslav couple in the same compartment got everything tipped out on the floor, seams inspected, and a long argument over a small pamphlet. Dogs patrolling outside of course.
vas pup • December 26, 2020 6:14 PM
@Slimjim • December 26, 2020 5:24 PM
Wow! Interesting possibility for attack vector.
You know, I am not surprised anymore by anything after watching on US cable TV many episodes of “CIA declassified”.
Clive Robinson • December 26, 2020 7:09 PM
@ vas pup,
Blake was exposed … in 1961 … He broke out of prison five years later
Yep finger trouble hitting the five not the six…
But as for the escape there have been several stories over the years such as this one,
http://libcom.org/history/1966-the-blake-prison-escape
They mention,
“a movement which managed to pull off impressive actions like the Spies for Peace campaign in 1963, when peace activists invaded a secret underground bunker intended for members of the government in time of nuclear war.”
I met some of the “Spies for Peace” through my involvment with Pirate Radio and as I’ve mentioned in the past Nick Catford who has probably more photos of the under ground bunkers in Britain than anyone else. It was in the late 1970’s when I met them first and they knew about “Sean Bourke” and said a number of interesting things about not just his book but the number of people involved, and it was quite a large number surprisingly. Most of whom never got known about officially and a number are now “absent friends” and the memory fades in others.
But it was different times, and back when Blake was given what would probably have been considered a “rot in jail for” life sentance. Little was actually publicly known about just how much he had betrayed not just Britain but the US and several European nations. Thus it was easy to believe he had been harshly punished.
Knowing more as we now do, we see that the sentence was considerably less than one year for each life lost by his betrayal of people. Blake never showed any signs of remorse and in fact repeatedly denied any lives had been lost because of his actions. As far as we can tell he remained a hard line communist right up untill his death.
But he should have been caught a lot sooner than he was. The reason for this is still hard to believe even a lifetime later. But in the book about Oleg Gordievsky it gives details of another British traitor Michael Bettaney[1]. Who was tracked down by the ELMEN team who called themselves “the nadgers” led by the daughter of the Attorney General who brought the prosecution case against Blake… It makes shocking reading as do several sections of Peter Wright’s Spy Catcher. The fact that the CCCP had so many moles in SIS/MI6/MI5 was not as a result of KGB skill, or more correctly lack of it, but the total ineptness of the “Boys Club” the UK security services had become.
[1] Page 167-177 in “The Spy and the Traitor”, Ben Macintyre 2018: Viking Press ISBN 978-0-241-18665-7
Goat • December 27, 2020 7:45 AM
re:”recreational vehicles to have asymmetrical internal layouts”,
@ferritecore, I didn’t know that.. Seems reasonable
@Winter, It seems these conspiracies have indeed become a great problem,but 5G actually does somewhat hurt privacy.
Steve Bellovin a professor of computer science at Columbia University told wsj[1],
5G signals in the U.S. will have a very short range and won’t easily go through buildings. This means there need to be many more cell towers. The main way that a cellphone tells where you are–as opposed to a website or an app–is, which tower are you talking to. Today’s towers have a radius of about a mile. If the new towers cover a much smaller area, it means that they know much more precisely where you are . . . You’re going to see a lot more indoor towers–in shopping malls, big office buildings, hotels and so on. So in that sense you are going to get far more precise.
Citations:
1. WSJ: As 5G Technology Expands, So Do Concerns Over Privacy
Goat • December 27, 2020 7:54 AM
The citation from wsj is indeed behind a paywall, you may use this link to avoid the paywall
Goat • December 27, 2020 8:23 AM
re:”es, 5G is a big hit to privacy, but then so is social media”
Social media exists, 5G would. BTW I am not against 5G myself..
But I do think that the internet should not be such that we need a 5G(or even a 3G) connection to load a simple blog.
re:”So far just minor side effects typical of vaccines.”
Well if any side effect comes it would take a long time.. Wish you best of luck!!
Marv • December 27, 2020 11:58 AM
Customers of cryptocurrency wallet maker Ledger continue to suffer from a June 2020 hack that the company downplayed in scope and severity. The data dump has now been posted by hackers on Raidforums, as customers continue to be targeted with phishing e-mails, SIM swamps, and even threats of physical violence.
https://coingeek.com/hackers-publish-1-million-pieces-of-ledger-customer-data/
Winter • December 27, 2020 12:09 PM
@Goat
“Well if any side effect comes it would take a long time.. Wish you best of luck!!”
Any examples of long term side effects of vaccines? I know of only a few weird ones for weird diseases that behave in nothing like COVID. And these side effect were seen pretty early.
The whole point of using RNA in immunity and correcting genetic diseases was that it cleared pretty fast from the body. Actually, too fast curreo to be useful for curing genetic defects.
Clive Robinson • December 27, 2020 2:05 PM
@ Goat,
The citation from wsj is indeed behind a paywall…
It’s an interesting article to read and raises a couple of issues it does not go into.
The first is the now “ex” representative who was detained in Poland.
This is sort of dej a vie of what happened to a Crypto AG of Zug Switzerland employee when they were in libyia a few decades ago. We now know that Crypto AG was under hidden control by the US IC agencies. They let the guy rot in libya for a while, eventually payed of a ransom and sacked him. All the while blaiming him and setting the Swiss Authorities on him. Eventually the truth about the hidden ownership and dirty tricks with backdooring the Crypto AG equipment came out, to late for the unfortunate employee.
But the flip side of this is that the UK commercial arm of GCHQ had entered into an agreement with Huawei so that GCHQ could inspect their software, firmware and hardware FPGA etc build to show it was not backdoored.
As far as we can tell Huawei played fairly, but GCHQ did not… It turns out that GCHQ was using the relationship to train up not just GCHQ staff but other Five Eye staff and confidential information was being “dressed up” and passed on to politicians as effectively faux evidence to be used in a trade war.
But there is a third piece of information that people need to consider. As Steve Belovin briefly points out Huawei are well ahead of the game in 5G not just because they can manufacture at a lower cost, but because they are a long long way ahead on inovation.
Thus the US can not win the 5G trade war, even though they have done a number of things to try, like only licencing incompatable frequencies with the rest of the world.
Quite a number of “industry insiders” suspect that the US will try to kill 5G and push new standards that will put the US back in the monetary driving seat via patents and licencing as it once was back in the 1980’s.
That is the US 5G frequencies have been picked to make 5G a poor performer and thus very expensive to implement in the US. Something the “lamp post” and “light fitting” unit response is aimed to get around. Thus some belive that 4G LTE and VoLTE will carry the US forward untill “US owned G” becomes available. They further believe that the “US owned G” system will very definately be backdoored as is US and Five Eye policy with exported Network Equipment currently (remember the photos of NSA staff intercepting and implanting US manufactured equipment? And the strange story of Jupiter Networks software random number generator?).
For those with short memories the US is responsible for the fact you have not just GPS hardware in your phone, but also that it is so easily accessible via the “Over The Air”(OTA) interface that you the phone owner have effectively no control over (other than voiding the warrenty so you can remove the phone battery).
In essence the US used the old much beloved by the “Spooks Standards committee” implants “Health and Safety” argument[1]. They concocted a senario of an injured person unable to use their phone and in critical condition beong rescued in time by the use of easy to access GPS by an operator… This they then sold to US legislators who put a legal requirment in that mobile phones sold in the US should have GPS built in and easily available viat the OTA. The US IC did this gambling that as the US was a major market, all high end phone manufacturers would just include GPS rather than carry the cost of duplicate product lines and potentialy heavy non compliance fines. And mostly it paid off, and it’s why getting hold of very cheap mobile phones in the US is hard because the cost saving of removing GPS etc is offset by the compliance fines.
But further because WiFi, Bluetooth and GPS work in more or less the same frequency spectrum at and below 2.5GHz it all gets bundeled together in the same chip. So to loose GPS usually means no WiFi or Bluetooth, both of which have significant security faults of their own that effectively make them on par with GPS for tracking people… A point that only realy came home to a few people with the COVID-Tracker apps ideas[2]. Which is now effrctively a “built in function” thanks to Apple and Google that the owner can not disable…
Yes some will take refuge in ignorance, others in the old “If you’ve done nothing wrong…” excuse, others in calling people paranoid etc etc rather than face upto the reality that little by little people are being forced into not just carrying tracking devices that are now thanks to “Digital assistants”, “Technical Suppory” and “health and safety” full blown surveillance devices not just of what you type but say, all payed for by you the owner…
The canary cage might be guilded and have a nice view, but it’s still a cage in which the canary is imprisoned. The canary might not realise this having been in a cage since birth, but it makes it’s imprisonment no less for that. Worse in a short number of generations the canaries become incapable of surviving outside the cage… A thought that should be brought into everyones minds.
[1] I’ve seen this in action as I’ve mentioned before. What they do is frame the argument for a backdoor as a “Health and Safety” issue. If you point out it’s a “security risk” the various Five Eye representatives go into “tag team” mode where they try the old knee jerk “Think of the Children” dog whistle technique to over rule you and if that does not work beat up on you and others sympathetic to your view point. They got so blasé about it with a NIST standards committee that they alienated way to many ofvthe non NSA involved members, that eventually they pushed back and NIST was forced into a humiliating backdown and standard withdrawal.
[2] The argumrnts used to say that you can not be “tracked” by the COVID-Trackers is basically flawed. Think about “fixed known point beacons” your phone has no way of knowing if another unit is just a privately owned mobile phone or a beacon unit tying you to a place and time. With not very many beacons they can “join the dots” like lines on a graph to track your speed, direction and thus intermediate point location. In almost exactly the same way sailors navigate boats. They don’t know where they are untill they take a “fix” or even where they are untill they take two or more “running fixes” but it enables them to plot a reasonably accurate and above all safe course around the world even with shifting tides and winds and multiple tacks / changes of course. $20 will get you a book that tells you all you need to know about off shore navigation, how to take fixes using the sun, stars and a clock, and make the required “running course” position estimations to account for wind, tides and direction changes. Then a little high school math and geometry knowledge and common sense will enable you to flip the information to get “tracking information” “position estimates” from a beacon system. If you want to spend a little more then there are technical books on how aeronavication beaconing systems work and more recently papers on self navigating systems. Or if you want to grab software have a look at those open source ADSB aircraft real time track plotting applications. Then add a little common sense about roads and public highways etc to get even finer approximation tracking.
Clive Robinson • December 27, 2020 2:23 PM
@ metaschima,
Even though it is an experimental vaccine, considering the big picture, it is better (lower risk) to get it than not to get it.
I think your analysis is rather incomplete, which makes your conclusions dubious at best, and more like “marketing” than “science” and thus short sighted.
Have a better think about the implication of “time” in your calculations of risk calculations.
Oh and don’t use picomorts when micromorts and millimorts give different pictures, it’s a sure indicator your analysis is wrong.
Oh there are already stories indicating issues with the “chill chain” giving rise to “bad batches”, of your named vaccine have you figured that into your risk calculation?
How about the lack of peer reviewed papers for your named vaccine, just “marketing blurb”?
I’m guessing not, though others have…
JonKnowsNothing • December 27, 2020 3:31 PM
@ Clive @ metaschima @all
re: A Hot Chill Chain
A while back, folks explained to me about the Chill Chain indicator in the shipments of mRNA vaccines (Pfizer). The indicator would show if the shipment as OK or not.
A local report here (Dec 24, 2020), indicated that a Moderna box arrived with Red Light indicating the chain was broken somewhere between There and Here. Since we are desperate for vaccines, hospital officials are waiting for Moderna to trace the break point in hopes there the batch is salvageable.
There is also a logistics issue with counting. We got our allocated amount of vaccines but we had already received a portion of the allocation. It must of been tough to do, but we returned the overage. (5,000+ doses)
re: “Health and Safety” argument for Smartphones
As these almost always fail in rural areas there’s not much safety there. Try and get a signal in someplace like Yosemite Valley…
An important OH? on the safety factor is that the phone has to be within proximity reach for you to use it (under whatever scenario you are modeling).
A road cycling enthusiast pointed out to me that putting my phone in the small carry bag on the bike frame wouldn’t do a lot of good if there was crash. Most folks go over the handlebars and break a collarbone. The bike rolls far out of reach.
The same works for putting the phone in or on your saddle while riding. There are some very nice leather holders for phones that clip to the saddle. If you come off, the horse may not hang around for you to dial. FindMyPhone will either be back at the barn or a nice green grass patch not anywhere near you.
If you carry a phone for safety, be sure it is attached to the “mostly-safe” part of your person. If it gets crushed when the horse stomps on it or you do a back flip on it, or it gets used as a road rash boogie board, you are still On Your Own.
In a way, it’s a false security and people may not THINK because they are relying on the device to work.
Having it securely attached to your person is also the great desire of the NSA’s Warheads On Foreheads Targeting Programs.
Cassandra • December 27, 2020 3:33 PM
@Clive Robinson
Re: Basic Security Architecture.
I share your misgivings about current practice.
About three decades ago I was ‘bleating on’ about ‘application-level’ security being necessary as ‘network-level’ security was a game of Whac-A-Mole (TM) you could never win. Even then, firewall vendors were going on about deep packet inspection and heuristics, with the strong implication that the methods they used were sufficient to assure security. It was piffle then, and it is piffle now. But while there is money to be made selling snake-oil, the correct, expensive, and hard way of doing things will lose out to the smooth talkers.
Your mantra of securing the encryption end points is as ever, valid: and I would add the necessity of authenticating transactions and having immutable trusted logs.
My view is that the key (pun intended) problem is how to make the management of strong-enough keys, without the need for so-called ‘trusted’ third parties, easy for the technically ignorant/incompetent. Public key cryptosystems are a way of avoiding the need to manage a growing collection of strong symmetric keys: but the years of experience of implementations have exposed the numerous problems with the use of Certificate Authorities. No-one, as far as I know, has come up with a viable solution for key management that allows for independence of security.
If I put my shiny conspiracy theory hat on, then I would be unsurprised to find that advances towards independence of security are quietly quashed by TPTB, as forcing people to rely upon compromiseable/compromised methods is very convenient for intelligence gathering. I wonder if relevant methods, discovered by people like Ellis, Cocks & Williamson are being kept out of public view. I shall remove my metallic headgear now, as it does not suit me.
Compliments of the Season to one and all, and especially to our gracious host, and I wish happiness and peace of mind to all in the New Year.
Cassandra
lurker • December 27, 2020 7:23 PM
@Clive, @All: re 4G, 5G tracking.
if I pull the sim from my “smart” phone, and plug it in a dumb phone, I can still use GPS, Blutooth, and WiFi that I know, trust, or control, and who else knows what I am doing? If I fall off my bike the dumb phone can still call 911. Or are they going to create an underclass not entitled to call 911 because they are not being tracked?
Nick Levinson • December 27, 2020 8:47 PM
@Clive Robinson, while you responded to a post that was deleted, yours wasn’t, so here’s my question: What would be a substantially better, nonincremental, security design that also wouldn’t block (or critically slow) vast amounts of legitimate work? Do new organizations, that aren’t invested in old tech and have the money to buy something, tend to buy it? If a design is not bought, it’s likely new, not well understood, or not very good.
quantry • December 27, 2020 8:51 PM
@Cassandra perhaps the “viable solution for key management that allows for independence of security” with respect to being rid of “so-called ‘trusted’ third parties” can come from mining any of the miriad sources of publicly available number lists and making them “random enough” by a preshared method?
Example: Take codeloints of this blog xor them with codepoints of… the local METAR or practically any other agreed source. Voilà key for your SMS.
The tin hat looks fine from here.
Clive Robinson • December 27, 2020 10:31 PM
@ Cassandra,
First off,
I shall remove my metallic headgear now, as it does not suit me.
You need to see a medieval style “armourer” and have them knock you something stylish into shape, as they have done forvthose Joan of Arc films. Then get a fetching flower or two made of fine linen to add a little colour.
Now that every one has a smile on their face “to business”,
No-one, as far as I know, has come up with a viable solution for key management that allows for independence of security.
Back in the time of the NIST AES competition our host @Bruce made a comment to the effect that maybe it was time cryptographers got down to the serious issue of Key Managment systems.
As you’ve noted nothing much has fundementaly changed since about 1995 when Netscape did it’s asymmetric crypto HTTPS on top of SSL 2.0 for it’s browser, based on RSA’s PKCS #1 which with minor variations are still more or less the same although quite a few things have been added. Though TLS did try and fix a number of issues it’s still more or less the same.
The only other Key Distribution System that got traction back in the mists of time was Phil Zimmerman’s “web of trust” in Pretty Good Privacy which is now long obsoleted. Some of us still have fond memories of “Key Signing Parties”. But the reality was it was not realy scalable for various reasons even with PGP directory servers.
The problem with all non hierarchical systems is the problematic issue of “rendezvous protocols” that almost always end up with a hierarchical structure of “meet in the middle” servers.
So you almost always end up with a hierarchy any way which is in turn almost always a security if not privacy issue. This is because all the power in a hierarchy is vested at the top of the pyramid which becomes a single point of failure for the entire system.
If you instead consider webs or messhes a similar problem applies because of the need for an authorative control node to stop the authority dead-lock problem and oscillatory behaviour with update protocols due to untesolvable “speed of light” issues.
The person who successfully solves the hierarchy problem is more likely to be lynched by vested inyerests than lauded as a genius who has made so many things possible including sensible and usable key managment.
Even knowing this I’m still scratching away at finding a rendezvous protocol that has good privacy properties. That is because you can seperate security and privacy in a mainly read only database. Thus you still have a hierarchy for Creating, Updating, and Deleating records, but you can have a widely distributed thus degree of privacy preserving properties for Reading records.
Believe it or not but I’ve been thinking about this problem since the early 1990’s and wanted to use it for a PhD thesis in 1995, but I could not find back then a reader or supervisor that actually understood the problem enough to want to get involved with it, most I spoke to could not even realy grock the details for a basic distributed database in terms of temporal issues… And whilst that has changed a little the “rendezvous protocol” issues still remain as very much of an open problem.
With regards,
I would add the necessity of authenticating transactions and having immutable trusted logs.
As far as I can tell, I am the person to blaim for the use of mobile phones for a “security side channel” back in the 1990s when the likes of online banking got going.
As part of that I made the point that it was not the communications channel you should authenticate but the transaction. It’s obvious today but back then nobody wanted to believe it… If you search this blog you will find me describing how I tried to exploit the information processing imbalance issue between computers and humans using captcha’s as part of transaction authentication and failing miserably because I’d not known that humans in China and other places were solving capatchas for just a few cents each…
You end up with a compromise where the human gets removed from the authentication chain, thus it opens up all sorts of covert side channel issues that mean you can not establish a reliable “root of trust” to do the authentication. It’s another security and privacy issue that I still think about from time to time, but like the “Rendezvous Protocol” –which also needs strong trusted root authentication– it still remains an open problem.
As for “immutable trusted logs” I get the “StarWars voice over” out for that with a “Luke feel the force”… The reason is one of physics. Information is not composed of either matter or energy, it is simply impressed or modulated on them. Most people do not get this or the consequences of it[1]. Thus immutability comes at the expense of “destructive force”. Anything that’s not permanently and irrevocably changed will not be “immutable”. Such destructive forces require energy proportional to the volume of the changed object and the time it’s applied for[2]. Generally this is all highly undesirable these days so we try to get partial immutability through other means. Which generally means “using information to protect informarion” which boils down to hashes and other crypto and redundant storage.
[1] There are three things you can do with information,
1, Store it.
2, Communicate it.
3, Process it.
All three require work to be done –thus energy expended– on either matter or energy. The consequences of that is a minimum amount of energy or matter required to hold a bit of information, and you actuall need a minimum of two objects to hold a bit, the object that holds the bit in some form of state and a refrence object so you can determin that state of the holding object relative to it. From a security aspect you need to do work to change the state of the bit holding object and the work can not be 100% efficient, therefore energy will be lost and this in all probability will have either the old state, the new state or the type of state change modulated upon it, therefore you will always have side channels leaking information. But importantly in most cases the state will be changed by a force as a consequence of expending energy and the energy to make a second change will be the same or similar in magnitude in practical high density storage technology. So immutability is dependent on somehow preventing the second or subsequent changes, which generaly implies some form of destruction via chemical or physical change. In early PROMS for instance that ment dumping excessive current through a semiconductor diode or fuse blowing it permanently open circuit.
[2] calculating the energy can be dificult. For instance to burn out a resistance it requires it to be brought to a given temprature to melt or undergo other physical change. The temprature is proportional to R.I^2 but R is proportional to the cross sectional area (CSA) and length of a given conductive object which is a volumetric measure which is an r^3 or lwh so we get l.w.h.I^2 but fuses do not come instantly to melting temprature , therefor the current has to be held for a period of time t. Which means that you end up with a complex power plane in several dimentions…
MarkH • December 28, 2020 1:38 AM
@Clive:
Not many days ago, I tried to clarify the action of Covid mRNA vaccines to the best of my understanding.
It seems that you have a persistent misconception of their nature and action.
They are not and cannot be pathogens!
They are not organisms of any kind — alive or dead.
They don’t trigger the manufacture of copies of themselves, nor replicate or reproduce in any other way.
They trigger the manufacture of spike proteins.
As I explained before, soon after injection both the synthetic mRNA, and the induced spike proteins, vanish from the patient’s body.
I can’t prove the negative that they won’t have mysterious long-term side effects. In general, whether any particular person trusts them or not is no concern of mine.
However, there is a good factual/logical case — well stated by others previously — that they are drastically simpler than traditional vaccines, and have a proportionally smaller number of ways to surprise their makers and users.
Christmas Joke • December 28, 2020 3:31 AM
There’s little doubt the environmental cost of creating an iPhone, as well as those wind turbines, hybrid engines, and the bevy of other technical wonders that use rare-earth minerals, has been immense.
Thorium is typically found in the same ore as rare-earth minerals and separated out during processing. Exposure to high levels of thorium can cause lung and pancreatic cancer.
“Oh No! My iphone and my wind turbine and my 5G are giving me the cancer”, I hear you scream? Mining techniques are improving, probably, so I wouldn’t worry about it unless you live next to a rare earth mine with really cheap and shoddy standards. They separate out the thorium and sadly 5G won’t kill you or give you cancer.
You follow up with, “but I read it on the syndicated Rupert Murdoch news like thingy!”
I can’t help you with that, but Ring security devices can be used to terrorize people in their own homes.
Now you are supposed to laugh.
Goat • December 28, 2020 3:53 AM
@All, on a very careful analysis of the vaccine problem I came to conclusion to stop thinking about it, since in my country getting an rna vaccine is beyond hope.. And it seems reasonable to get vaccinated by the oxford vaccine and the like rather than not.
Jefery • December 28, 2020 5:08 AM
Please gather round the warm glow of the monitor or television device on the 2021-06-01* and read the following (in quotes for your convenience), while pulsed with certain frequencies near ½ Hz or 2.4 Hz, such as to excite a sensory resonance:
“The greatest truth that has emerged this century is that we must continue to mine our resources, cut down our forests, and privatize our water, so that we can maintain our fossil fuel powered weapons platforms, in order to sustain further conflict over resources, to assure mutually assured destruction, albeit in comfort until the very end.”
*For certain monitors, pulsed electromagnetic fields capable of exciting sensory resonances in nearby subjects may be generated even as the displayed images are pulsed with subliminal intensity.
https://patents.google.com/patent/US6506148B2/en
JonKnowsNothing • December 28, 2020 8:02 AM
@ MarkH @Clive @Winter @All
re: They don’t trigger the manufacture of copies of themselves, nor replicate or reproduce in any other way.
They trigger the manufacture of spike proteins
And where does this “manufacture of spike proteins” occur?
Because your body, sans this injection, cannot manufacture a spike protein. It is by the injection of the coding sequence for the spike protein, that gets your body to manufacture an antibody for it.
But I’ve missed the part where the injected spike protein blueprint fades away. The mRNA delivery encapsulation fades out, but not the injected blueprint.
The spike protein is a foreign protein to the human body. That’s one reason things are messy. No Human has ever come in contact previously with this protein configuration (hence Novel as in New-Unknown).
So you get the body to produce faux-spikes so that another part of the body can build antibodies to it. Somehow, I’ve totally missed this part, the cells now making the faux spikes, stop making faux spikes.
Since the faux spike is a foreign protein, there’s a long term issue for those who might last long enough to find out.
As others have mentioned, if you are already towards the end of your life table, it may not matter. However, if you are 10-20-40 years from the end of your life table it might very well matter.
Science is lauded for it successes built on the pyre of failures.
quantry • December 28, 2020 8:09 AM
assymetic key ‘authorties’ are precisely “that hierarchical single point of failure for the entire system” So how is that not presently the biggest joke on business security, and my privacy?
Have a good smile but I am presently content to press for continued use of preshared OTP, modified after couriering by readily available number sources, as the only layer I trust, added before the endpoint, AND given that I don’t protect a nuclear missile, just my patsy six from “the fifth column”.
Winter • December 28, 2020 8:23 AM
@JonKnowsNothingAboutProteineSynthesis
“And where does this “manufacture of spike proteins” occur?”
In the ribosomes, which are not involved in any way in RNA or DNA duplication.
https://en.m.wikipedia.org/wiki/Ribosome
Before starting a scare, you might inform yourself about the underlying biology.
Cassandra • December 28, 2020 8:48 AM
@All
Re: underlying biology of SARS-CoV-2 vaccine
I can strongly recommend this web-page:
Reverse Engineering the source code of the BioNTech/Pfizer SARS-CoV-2 Vaccine
hxxps://berthub.eu/articles/posts/reverse-engineering-source-code-of-the-biontech-pfizer-vaccine/
and having read it, you will get to the author’s Further Reading/Viewing section which has excellent links to:
DNA for programmers
Introduction to our amazing immune system
Cassandra
Clive Robinson • December 28, 2020 8:52 AM
@ lurker,
Or are they going to create an underclass not entitled to call 911 because they are not being tracked?
First off in the GSM specifications is a “Health snd Safety” feature that has caused quite a few emergency services troubles on Xmas day / Boxing Day. Which is any GSM phone without a SIM in it can call the emergancy services.
To be able to do this a phone still needs a unique ID number, which is a serial number issued in a similar way to the old IEEE MAC Address in a Network Card. So it tells people the Make / Model of the phone, and with other information where and to who it was originally sold to and other information that is legaly required to be held in many jurisdictions.
Obviously this serial number is transmitted when ever the phone is powered up and opperating.
Also in many jurisdictions records of that Phone Serial number and any SIM it has paired with is also kept.
So whilst it’s not “perfect” tracking in most cases it’s sufficient to go and put the thumb screws on somebody to get the rest.
Winter • December 28, 2020 8:55 AM
@JonKnowsNothingAboutVaccind
“The spike protein is a foreign protein to the human body. That’s one reason things are messy. No Human has ever come in contact previously with this protein configuration (hence Novel as in New-Unknown).”
Around 81 million humans have experience with the spike protein as it is produced by mRNA in their cells. That is what happens when you get infected with SARS-2. Then your immune system learns how to recognize the spike protein, if all goes well, and are you immune to SARS-2.
The RNA vaccine works just like the real thing, except it lacks the disease and replication part of the infection.
Winter • December 28, 2020 9:07 AM
@JonShouldReadUpOnElementaryBiology
” Somehow, I’ve totally missed this part, the cells now making the faux spikes, stop making faux spikes.”
Messenger RNA has a short half life in cells. Proteins are also continuously reprocessed. Unless specifically protected, both mRNA and the spike proteins will be cleared in days/weeks.
The process is: Introduce mRNA, make spike protein, protein in cut up into pieces and presented to immune system, RNA is cleared, protein is cleared.
The problem with development of this system was finding a way to delay the clearing of the RNA until it had produced enough spike protein.
MarkH • December 28, 2020 9:15 AM
@JonKnowsNothing:
The “injected blueprints” are the mRNA molecules themselves.
A patient’s cells will produce SARS-CoV-2 spike proteins while those molecules persist inside them.
mRNA is fragile, and breaks down in time frames on the order of minutes or hours. Soon after vaccination, not a single molecule of the synthetic mRNA remains. The stimulated production of the spike proteins has necessarily ceased — the blueprints are gone, and the patient’s cells have not “learned” how to make these proteins.
Goat • December 28, 2020 9:52 AM
Re:”them versus your backwoods youtube conspiracy theorist”
@metaschima, not all arguments judging the vaccine are conspiracies.. Though I never try to get into the complex science, All I can say is that the rna vaccine is a new tech and has been approved for emergency use, I would rather remember it as emergency use.
That said, taking a vaccine shot seems reasonable to me.
Winter • December 28, 2020 10:23 AM
@goat
“All I can say is that the rna vaccine is a new tech and has been approved for emergency use, I would rather remember it as emergency use.”
In Europe the vaccine has cleared the normal route and is approved sec. Nothing about “emergency”.
rrd • December 28, 2020 11:30 AM
@ Hey nony mouse
Good catch!
Yeah, I should have said “nucleus” instead of “cell”.
Thanks.
The best kind of correct truly is technically correct.
Cassandra • December 28, 2020 11:58 AM
@lurker
It is true that you cannot make Thorium nuclear bombs, but it can be used to make fissile isotopes of other elements, rather too easily.
hxxps://phys.org/news/2012-12-thorium-proliferation-nuclear-wonder-fuel.html
Winter • December 28, 2020 12:15 PM
@mouse
“That is what happens to the cells after they have had their protein manufacturing process subverted by the mRNA and so produced the protien spikes on their external surfaces so they now look like the surface of a Corona Virus?”
The same as what happens to cells infected by SARS-2. Except that they will not produce viral particles and will not fall apart.
@lab mouse
“But also I guess now the immune system has been activated, how do you stop it becoming an autoimmune disease?”
I suggest you have some fun with Wikipedia.
Tl;dr: Half the immune system stimulates an immune response, the other half suppresses it. If COVID-19 does not induce an autoimmune response, this vaccine will neither do so.
Oh, and your immune system behaves like your brain, it is supposed to always be active.
MarkH • December 28, 2020 12:41 PM
@Hey nony mouse:
I presume that once the immune response to SARS-CoV-2 spike proteins is activated, the patient’s cells presenting those proteins on their surfaces are destroyed.
I’d appreciate it if somebody with expertise can shed light on this, but I suspect that some of the more traditional vaccines also kill host cells.
If the CDC page is correct, and I understood it correctly, the mRNA vaccines would seem to primarily target immune system cells (how ironic!) in the lymph node nearest the injection.
My understanding is that such cells are in continuous production, so the destruction of some of them in the vaccine process does not seem especially troublesome.
================================
The origins of autoimmune diseases are the focus of ongoing research, and as yet poorly understood.
Probably the clearest finding is that certain genes predispose people to autoimmune illness, but don’t by themselves ensure its development.
One hypothesis (as yet unproven) is that circumstances activating strong immune response (like infectious illness) may trigger autoimmune diseases.
To the extent that this is true, it’s possible that any infection (or even environmental irritants and other toxins) might activate such a trigger.
As I’ve written here before, autoimmune action is strongly suspected as a cause for patients who experience protracted suffering months after SARS-CoV-2 has apparently left their bodies.
Correlations have been reported between vaccines and autoimmune illnesses; this is an area of ongoing research.
I see no a priori basis on which mRNA vaccines (or any Covid vaccine, for that matter) might be expected to be different from other vaccines in this respect.
Clive Robinson • December 28, 2020 3:20 PM
@ MarkH,
They are not and cannot be pathogens!
It would appear you are using a constrained definition of pathogen. The one that I am using is,
“A pathogen is something that causes disease”
It is derived from the definition of pathogenesis as given in a dictionary,
“Pathogenesis definition: the origin, development, and resultant effects of a disease ”
There is no argument that mRNA uses the same biological method as viruses do to produce protiens thus matches the “development” requirment.
Nor is there any argument that these protiens behave in the way a viral infection would in producing spike protiens on the external surface of the encompasing capsid. So meets the “resulting effects” requirment.
Nor is there any argument that the bodies immune system responds in exactly the same way to these spike protiens as it does to those of a viral infection. Again meeting the “resulting effects” requirment.
And I am assuming that you are not saying the mRNA does not meet the “origin” requirment.
Therefore it meets all the common base requirments of pathogenesis and as the “origin” is thus a pathogen by definition…
As a point to note there are several diseases where the pathogenic root is ordinary chemicals that have gained entry to the body cancers being one notable group.
If you object to a term being used at it’s common base level then you should have stated that you are using it to some further constrained meaning, otherwise your point is moot.
This issue is not uncommon, it’s why in Security engineering you have to ensure that the meaning of for instance “trust” is the same as the person you are talking to, especially as has been noted the common base meaning of “trust” is almost the opposit of that used in Security Engineering. Prof Ross J. Anderson had a good explanation of this usage issue in his teaching notes, book etc.
JonKnowsNothing • December 28, 2020 6:29 PM
@Clive @MarkH @Winter @Hey nony mouse
re: it’s why in Security engineering you have to ensure that the meaning of for instance “trust” is the same as the person you are talking to
RL anecdote tl;dr
During the design of a high end telecom product, the enterprise was chockablock with experts from the bottom to the top. From the time you plugged in the device and thru the time of configuration, deployment and monitoring and full life-cycle.
There is an “IN” and an “OUT” to such systems. Documentation abounds with “Do X for IN and Do Y for OUT”.
Seems straight forward. Except (there’s always one), it depends are which end of the system (or middle) you are working on.
Like economics:
Someone’s In is Someone Else’s OUT.A simple meeting drafted after much confusion over direction, turned into weeks of meetings just to agree on Which Way IN and OUT Goes.
Something @Winter might which to ponder…
Clive Robinson • December 28, 2020 6:33 PM
@ Nick Levinson,
Firstly my apologies for not answering you sooner, as you might have noticed I’ve been a little busy.
But to answer your questions, it might be easiest to start with the last,
If a design is not bought, it’s likely new, not well understood, or not very good.
Or does not fit in with existing systems or managment ideas.
One of the mantras modern MBA’s get taught is “The Internet is good”, where as for most computers connecting them to the Internet ditectly or indirectly is bad in so many ways it can be difficult to even get to grips with a fraction of them.
It’s why almost the first question I ask is,
“What’s the business case for this computer having access to the Internet?”
The answers you usually get boil down to “there is not one” or a circular argument that involves some undefined possible benifit, which id in reality a long winded way of saying “there is not one”.
If they do come up with what sounds like a business case, the ask them,
“What is the benifit in pounds shillings and pence?”
At which point arm waving generaly follows. If it does not then ask,
“What is the comparative advantage against non Internet connected solutions?”
The point is that whilst there are genuine reasons to have computers connected to the Internet in the main there actually is not.
Thus the first security mitigation is,
“Disconnect all systems from the Internet by default”.
The second is,
“For those systems that have a good business case for being connected to the Internet, segregate them from those that do not”
Following these rules makes “outsider attacks” either very difficult or impossible.
The other thing to consider is how to make Internet connected systems less vulnerable. The first rule for that is,
“Have only that which is strictly necessary on the system”
That is strip it not just to the bone but remove many of the bones as well. This is not just applications/servers but data and OS services. For instance most “of CD standard installs” put hundreds of megabytes of code you are never going to need on a server that code is in effect either “attack surface” or “attack enabling/assisting tools” which you obviously do not want.
Unfortunatly most commercial OS’s are not designed to be “stripped” which makes things not just harder but more time consuming.
Another thing to consider is “hardware is cheap cleanup expensive” I have lost count of the number of servers that are overloaded with infrastructure services. One set of hardware for each service saves more time and money than most realise.
These are all basic things, but they also alow you to use diferent more secure network architectures than the traditional “servers at the center of a single level star connected user computers. Look at it this way, it means all users computers irrespective of use are effectively identically configured and direct peers of each other. It could not be any simpler for an attacker…
If you go in most office buildings desks are usually located by the role the user has and walls go up in between such that accounts / Human resources / legal / etc more or less are fully segregated from each other by walls and locked doors.
We do this for physical security, so why not do the same for ICTsec? If nothing else applying a little constructive thought this way gives increased reliability thus availability and stops some error or failure becoming a “snow day” for most of the company…
As you are probably thinking “none of this is rocket science” and it isn’t. The problem is it means an initial increase in costs which managment won’t support.
And that’s a fundemental issue, change has to come from the top and commitment to change has to be at every level, other wide change will not happen or get sabotaged one way or another.
As I tell people “Security is a Quality Process, treat it as such”. Back teo degades or more ago when I first started sayingvit loud and clear it was received like it was a radical idea, it’s not and it never has been it’s just most don’t think that way.
Goat • December 28, 2020 6:53 PM
@Winter I remember reading it in the paper a week ago, I cant find the same article but here is one from forbes.
MarkH • December 28, 2020 7:47 PM
@Clive:
For the maximally inclusive definition of “pathogen,” and a comparably elastic definition of “disease,” I haven’t yet been able to think of any material or structure in our Earthly environment that could not qualify as a pathogen.
To my limited intellect, a term which applies to everything specifies nothing.
The perceptible symptoms of typical vaccines — mRNA included — are transient low-grade fever and injection site soreness.
I wonder, is it conventional in medicine to classify such reactions as disease?
Almost every definition I found limits “pathogen” to organisms, but you have presented an exception to that. I’m sure it won’t be productive to go further down a rabbit hole of insufficiently standardized terminology.
quantry • December 28, 2020 9:01 PM
@Cassandra @all re: your comment regarding Ellis, Cocks, and Williamson: Wired offered this link: dead on my often censored network: http://www.cesg.gov.uk/about/nsecret.htm
as you said “forcing people to rely upon compromiseable… methods is very convenient for intelligence gathering” and thus a multi-edged crime against humanity.
Regardless, perhaps it’s a blessing in disguise since computing these keys is in the hands of seemingly unscrupulous, moldable sorts?
Any ideas how the recipient can introduce sufficient noise without huge computational overhead?
Put a heavy tax on bandwidth and use nonce modified otp?
Dang. We have all these extremely smart people, and Bruce basically begging for public interest technologists, why? When it finally bites you between the legs it will be YOUR entrails hanging gang.
cheers. I’m working on it: a secondary school “almost flunked you”.
xcv • December 28, 2020 10:56 PM
I tried out Kali Linux.
The desktop is nice and snappy with a lot of features, but then again I have a fairly fast dual-pipelined four-core processor with eight pipelines total.
The default shell zsh is a little bit too “hackerish” — as seen on TV, perhaps — you really don’t want a video of you using it shown for a jury when they’re out to lynch-mob you straight out of the local police station which is usually the case.
The “pen test” tools are “the usual” array of networking utilities if you do any IT work yourself in a corporate environment or DIY for home or small business.
If I do end up installing it over Fedora desktop, I will investigate SELinux for better defensive security in addition to the usual array of offensive security-oriented tools.
https://forums.kali.org/showthread.php?21184-Selinux — no answer.
https://installlion.com/kali/kali/main/s/selinux-policy-mls/install/index.html — possibly.
lurker • December 29, 2020 2:00 AM
@Cassandra
[thorium] can be used to make fissile isotopes of other elements, rather too easily.
It couldn’t have been easy, or sufficiently productive in 1969 when Oak Ridge switched off their thorium ractor after 5 years uneventful power production. The US decided uranium/plutonium breeders were quicker and more efficient at making weapons grade fuel. The protactinium extraction process from thorium also looks like a paper exercise so far, at lab scale of a few grams.
Winter • December 29, 2020 2:12 AM
@Clive
“Therefore it meets all the common base requirments of pathogenesis and as the “origin” is thus a pathogen by definition…”
Your definition includes common poisons and X rays. That is not helpful.
As RNA vaccines cannot reproduce itself, it is at best a poison.
And all tests and research showed the vaccine induced immunity against SARS-2 in most subjects and nothing else.
Clive Robinson • December 29, 2020 4:52 AM
@ Goat, Winter, ALL
I remember reading it in the paper a week ago, I cant find the same article but here is one from forbes.
There is quite a bit more behind the story than many realise.
Firstly the Europran Medicines Authority (EMA) which strictly via legal penalties controls what drugs may or may not be used in Continental Europe (the UK won an exception some time ago). The EMA were not supposed to even meet for preliminary discusions to set a provisional timetable for EU wide discussions[1] on COVID vaccines untill today the 29th Dec.
It was only Germany and Spain threatening and blackmailing them that got their fat bureaucratic arsses into gear weeks behind many other countries…
So it’s not even “emergancy approval” in the EU but “Bums rush approval”.
The story circulating about the cause of the delay is it’s all the UK’s fault due to Brexit and having to move offices or some such nonsense…
Which has apparently right royally pi55ed off more than one Southern EU nation as they know it’s a lie and have decided not to be diplomatic about it. I suspect in part because they know it will be used in the future to keep “EU Institutions” in certain Northern EU nations, thus the Southern Nations will not be given a sniff let alone taste of pork even though they feed the beasts proportionately more than Norther Industrialized nations…
To see the earlier political posturing,
Oh and remember if the EMA had not been given the bums rush by Germany and Spain, then the EMA would have stuck to it’s usual 7 Month time scale from the begining of October so there would have been no approved vaccine in continental Europe untill some time in May 2021 well after the usual respiratory disease season (colds / flu / pneumonia / COVID / etc).
[1] It’s a little bit difficult to explain to people who have not come across the EU’s “death by discussion” rules. Put overly simply every member of the 27 EU states has a say and any state can veto so the process is ripe for “political manovering” which means the usuall political we’ll agree to this proposal A only if Nation Z will agree to our proposal for special pet passports for Manx cats, bendy bannanas, or similar unrelated policy X etc.
Shaun • December 29, 2020 5:13 AM
My employer uses Solarwinds Orion. We have taken it off line and patched it but it will stay off line pending further analysis. ‘Further analysis’ will determine if we ought to ‘burn down the network’ but what that means in practical terms is replacing most of our hardware…
However I must say that the ‘solarwinds123′ disclosure will lead many customers to simply walk away from Solarwinds.
Why?
Because it’s an egregious admission of zero security culture at that firm. It also raises suspicion that the Orion product is not the only product that could have been compromised.
Using another firms’ products may or may not improve our risk but it sends a unique message to companies like Solarwinds:
‘anyone but you’
The simply must bear a financial cost – it’s the only cost they understand.
And on a second point I don’t know that I buy the narrative that only select victims were more thoroughly compromised among the 18,000. If I were driving the bus I would have pushed my ‘persistence’ tools to all victims and developed an understanding of the targets I would develop further and quickly while knowing I can go back to the others as time permits.
Winter • December 29, 2020 5:14 AM
@Clive
“It was only Germany and Spain threatening and blackmailing them that got their fat bureaucratic arsses into gear weeks behind many other countries…”
Doing the same work in less time == More people == more money
The resistance might also be caused by lack of funds and people. I am pretty sure other medical drugs now were delayed.
Btw, the EMA has moved from London to Amsterdam exactly a year ago. Nice start of a new home.
Also, the nice pork is distributed according to contributions. As the UK has demonstrated so beautifully during it’s membership time, if you pay, you must have a say. Also, the Dutch had to lay down quite a lot of money to get the EMA to Amsterdam.
fa • December 29, 2020 6:56 AM
@clive
Therefore it meets all the common base requirments of pathogenesis and as the “origin” is thus a pathogen by definition…
Only if you call immunity a ‘disease’.
rrd • December 29, 2020 7:25 AM
@ fa
Only if you call immunity a ‘disease’.
Immunity is the effect, not the cause.
That is always the case with acquired immunity.
MarkH • December 29, 2020 11:26 AM
@Winter, fa:
All of the definitions I found by a brief web search specified organisms, excepting a broader definition including prions which emphasized that pathogens are infectious (able to spread in populations by transmission between individuals).
An agent can only be infectious if it makes copies of itself.
Prions can do that.
Among vaccines, only “live” vaccines have such capacity … “killed” and mRNA vaccines don’t.
Clive Robinson • December 29, 2020 2:08 PM
@ ALL
Is BREXIT fourty years in the making?
Maybe not but parts of the BREXIT agreement document talk of technology that was EOL’d in the 1990’s so a quater century at least…
Clive Robinson • December 29, 2020 2:57 PM
@ Winter, MarkH, ALL,
Your definition includes common poisons and X rays. That is not helpful.
Sorry as I said “common or base definition” not mine, I’m just using it as found in a dictionary, so I realy do not think your search that did not find that was any good…
Typing [definition pathogenesis] into duckduckgo pulls up both conventional and medical dictionary definitions on the first page that say what I am saying.
So rather than quoting a common dictionary as I did last time I’ll quote a medical site that from the first page that says
“Pathogenesis: The development of a disease and the chain of events leading to that disease.”
https://www.medicinenet.com/pathogenesis/definition.htm
Thus pathogenesis is the development process of the pathogen as originator or cause and the disease the outcome or effect (which is what you would expect even constrained by the “Scientific Method”).
But looking down the page I see no indication as you guys claim of it “being required” to be both “organic and capable of replication”…
So untill you show a standard dictionary (not a very domain specific dictionary) that agrees with you and very explicitly says,
1, It must be organic.
2, If must be capable of replication.
Not just given as an example, then sorry guys you are realy shouting from the bottom of a dry well.
I offered you an honourable way out, but you did not take it.
As you have both said you do not think I’m qualifed to comment perhaps you should trot out your “bona fides”
Because to be honest I’m tired of people trying to point score by raking over minutia that are frequently irrelevant to try to appear to win arguments they have started.
It obviously annoys others including @Moderator who comes along and just deletes them anyway, so what is the point?
P.S. And yes I know “bona fides” is latin and means “good faith” but common usage / parlance these days is to mean “Credentials” before you get side tracked down that irrelevant minutiae.
MarkH • December 29, 2020 5:00 PM
I think I may be able to shed a little light.
Although “pathogenesis” and “pathogen” obviously share etymology, and by appeal to common sense might be expected to have very closely related definitions … in fact, they don’t.
“Pathogenesis” is very broad, and “pathogen” far more specific. This can be seen in their respective Wikipedia articles, which offer definitions similar to those I found elsewhere.
So it’s a mistake to suppose that any agent which might be implicated in pathogenesis is, per se, a pathogen.
Such is the massive illogic typical of natural languages … among which English is a fine (or depending on one’s perspective, wretched) exemplar.
And such is the cognitive weakness of technologists, that we so readily imagine a world more self-consistent and logical than that which we inhabit.
Apples? Oranges? Fruit salad? Smoothie?
vas pup • December 29, 2020 5:53 PM
Health to be on cyber-security’s front line in 2021
https://www.bbc.com/news/technology-55411830
“The emergence of “vaccine nationalism” led intelligence and security officials to raise questions about whether countries could try and undermine the efforts of others going forward.
“It could be trying to steal the intellectual property for financial purposes,” Tonya Ugoretz of the FBI told a recent Aspen Institute Cyber Summit.
“It could be to undermine confidence… or to advantage another country’s own development.
“We see our most determined nation-state adversaries not just relying on one method to target the supply chain, but combining cyber with using more traditional espionage and human sources.”
==>One much discussed tactic is the deliberate spread of misinformation online about vaccinations, or questioning a country’s safety and testing record.
The UK Army’s 77th Brigade has supported a Cabinet Office investigation into whether foreign states are driving anti-vaccine fears within the UK.”
Read the whole article.
SpaceLifeForm • December 29, 2020 6:05 PM
@ Clive, Anders
Interesting numbers.
N is Prime, and 2N-1 is Prime.
Should it be Inter-resting?
Or Intra-resting?
I vote for Inter-resting.
Clive Robinson • December 29, 2020 7:09 PM
@ MarkH,
The first words on the wikipedia page for pathogen are,
“In biology, a pathogen”
A very clear indicator that it is a “Domain Specific” not common usage.
But on reading it you also find it is in effect self contradictory and over and under generalizes.
But when it comes to a list of example biological pathogens you find,
1, Prions
2, viroids
Both of which fail the two stipulations you made.
Prions are as I’ve noted before, proteins that have folded incorrectly and cause other protiens to fold incorrectly. How this happens is effectively unknown. However what we do know is that they can have longterm devistating effects on the brain. The most notable of which is “Mad Cow Disease”. Thus a longterm disease that is caused by something that has no DNA or RNA and is compleatly incapable of replication in the ways you are assuming without stating.
As for viroids thay are a single strand of RNA little different to mRNA. Except with one difference, the strand of RNA in a viroid is joined at both ends forming a circle. The mRNA is considered to be linear and not joined at the ends.
Importantly though, whilst the biological function of most circular RNA is unclear or unknown, they do not code for protein construction. Though some types of circular RNA have recently shown potential as gene regulators, which can cause longterm disease to occur.
Why not do as I originally asked, simply define which subset of pathogens you are taking a “domain specific view” with, and stating that domain useage to set a “constrained context”.
Anyway it’s well past Rack-Ops time so we can discuss this further tomorrow.
MarkH • December 29, 2020 11:55 PM
@Clive:
I hope you had a sound sleep!
The main discussion (as I see it) was an inquiry into the riskiness of a new type of vaccine … a “deep dive” into terminology won’t illuminate that.
My layperson understanding is that in recent decades, there have been innumerable refinements of surgical technique with the general intent of accomplishing the goals of surgery with as little disturbance to tissues as possible, resulting in less trauma, and healing both faster and more complete.
One example is “blunt dissection,” in which the surgeon’s gloved fingertip peels tissues apart along natural “seams” (familiar to those who prepare meat for cooking) in favor of cutting through tissue fibers.
========================
I see the mRNA Covid vaccines as the conceptual equivalent: they make the required intervention — evoking the temporary production of SARS-CoV-2 antigens — with the simplest imaginable structures, accompanied by an argument that they do nothing else, which is securely founded on decades of inquiry into cell biology.
It’s something like replacing a 1200 line function with 15 lines of code.
For the record, direct injection of either antigens or antibodies might seem more direct (though they’d likely be more complex structures), but for reasons I don’t pretend to understand, mass production of spike proteins which will then present at the surface of host cells is expected to yield a far better and more durable immune response.
Another tidbit I learned in my reading, is that conventional virus-based vaccines are hampered to some degree by immune system attack (they’re virus particles, after all). The degradation of vaccine particles before they’ve had enough time to “train” specific immune response is a disadvantage, because the magnitude of such degradation depends on the patient’s infection history and perhaps population genetics, resulting in significant dose/effectiveness variability among patients — not clinically helpful!
mRNA vaccines are not expected to provoke such reactions, and therefore to function more consistently.
If my worry is “unknown unknowns,” then I must prefer the simplest implementation.
xcv • December 30, 2020 12:07 AM
@ Clive Robinson, MarkH
Prions are as I’ve noted before, proteins that have folded incorrectly and cause other protiens to fold incorrectly. How this happens is effectively unknown. However what we do know is that they can have longterm devistating effects on the brain. The most notable of which is “Mad Cow Disease”.
There’s a husband outside on the porch cooking beef ribs on the barbeque, and the wife is inside folding clothes contemplating divorce. Scientists usually change the subject and talk about climate change when asked.
Winter • December 30, 2020 4:25 AM
@Clive
“So rather than quoting a common dictionary as I did last time I’ll quote a medical site that from the first page that says”
When I wrote your definition was “unhelpful”, this was not an American euphemism. I meant this literally. Words and definitions should match expected use.
The problem under discussion, understanding possible long term deleterious effects of RNA vaccines, is not helped by a very broad definition of disease causation that includes poisons and X-rays.
The suspected “pathogenic features” of the RNA vaccines were concentrated on self-reproduction of the RNA, integration in the cellular DNA, and auto-immune diseases. All three have been heavily researched and for all three there are very good reasons and evidence that they do not happen with this vaccine, or the risks are very, very small (well below 1 in 20,000 = unobserved). There is no useful involvement of the definition of pathogen in this discussion.
PS: Viroids are defective viruses that parasitize on other viruses. Just as prions, they reproduce in the sense that one infective particle gives rise to many new infective particles.
PS2: The UK this morning approved the Oxford vaccine. So you can forego the RNA vaccine if you do not trust it.
https://www.bbc.co.uk/news/health-55280671
Anders • December 30, 2020 4:18 PM
@SpaceLifeForm @Clive @ALL
There’s interesting little scandal in Estonia.
hxxps://news.err.ee/1215910/health-board-comms-chief-asked-to-resign-after-critic
He blow a whistle in one our TV show. Voice was altered by voice scrambler.
However very soon he was ID’d, by his voice.
Here’s the catch – new health board boss is ex boss of Estonian EKEI,
Estonian Forensics Science Institute (www.ekei.ee/en) and they have forensic voice analyzing
capability. Seems like he used his old connection to order forensic
voice analysis to ID the whistle blower.
Anders • December 30, 2020 4:33 PM
@SpaceLifeForm @Clive @ALL
Now correct url
hxxps://news.err.ee/1215910/health-board-comms-chief-asked-to-resign-after-criticizing-vaccine-plan
vas pup • December 30, 2020 5:24 PM
MarkH • December 30, 2020 4:46 PM
“It came to light today that 16 months prior to this bombing, a friend of the now-dead bomber alerted local police to her belief that he was building a bomb in the RV which, apparently, became the Christmas Day WMD.
Local law enforcement contacted two federal agencies, which apparently responded to the effect “we don’t know this guy”.
Lacking what they regarded as evidence of crime, police let the matter stop there.”
https://www.bbc.com/news/world-us-canada-55490031
“The MNPD said it did send officers to Warner’s home – about 2.4km (1.5 miles) from Ms Perry’s – on 21 August 2019. They knocked several times and saw the RV at the back of Warner’s home.
But Warner did not answer, so the officers left because “they saw no evidence of a crime and had no authority to enter”.
===>The police department’s hazardous devices unit was given a copy of the report.
A day later, Nashville police asked the FBI to run a background check on Warner.
The FBI later reported that it had “no records of Warner at all” and checks for any military connections “were all negative”.
“At no time was there any evidence of a crime detected and no additional action was taken,” Nashville police said.”
I just curious do they have bomb sniffing dog in Police Department or any Federal Agency in the area which could just walk around of RV without any search warrant as in airport?
Clive Robinson • December 30, 2020 5:29 PM
@ Anders,
Morally the journalists association has called it correctly.
As for the boss, he appears to be being evasive at best.
I suspect that the boss’s position is essentially one where politics not morality is the guiding force.
I know Estonia is not a big place and the national average income is markedly less than other parts of Europe. But ordering vaccine in units less than ten thousand is a bit odd to put it politely.
But there is good news the UK medicines agency has approved the Oxford Astra-Zenica modified Chimp Adeno virus vaccine, and in the UK it will start roll out on the 4th Jan, and hopefully will ranp up to a million a week very quickly. It appears, just a single shot will within a week give you sufficient immunity to keep you out of hospital if you are unfortunate enough to get infected, and your inmunity up over the 50% mark shortly there after. Apparently the second does can be given later than originally indicated thus hopefully bodies injected will rise in step with vaccine availability in Jan.
Hopefully the European Medicines Agency (EMA) has sorted out it’s Brexit blaimed office issues (though as @Winter pointed out they had left London and fully taken up residence in Amsterdam a year ago).
The Germans are quite upset about the 1000 or so deaths and thus are likely to be somewhat more strident with the EMA than they were over the mRNA
The advantages of the Oxford vaccine over the mRNA are three fold,
1, It’s only €3/dose.
2, It can be shipped at 4C not -70 thus is as easy as unfrozen food to ship and store, no crazy ass cryostats and specialized training.
3, There are over 30 manufacturers world wide so Supply Chain issues should be the least of all the vaccines.
Now the question is what is the US going to do… President elect Biden wants to inject a million arms a day for his first 100days in office. That’s 1/6th of what the US needs to do. There is no way that both let alone either of the mRNA vaccines will be manufacturable in that quantity and I’m told there is not enough distribution vehicles or regional storage to meet the ship-n-store requirments either…
So how fast is the FDA going to move on the Oxford vaccinr, they have had the basic adeno virus safety information for more than two years now so the clock is definitely ticking with kick of in just three weeks, it’s going to prove tight at best.
Personally now the new varient has been found in the US I hope as many arms get jabbed as is humanly possible.
In the UK even with increased lockdown measures it’s about 54% more infectious as the older sttain. God alone knows what it will be in an non lockdown nation. The South African varient appears to be running through like wild fire.
Clive Robinson • December 30, 2020 5:51 PM
@ Vas Pup, MarkH, All,
Local law enforcement
According to a BBC report the police turned up at her house where they found her on the poarch with two empty hand guns saying she did not want them in her house. During the discussion she made comment about experiments in the RV and the police asked her to have a psychological assessment.
Apparently the whole meeting was set up by her lawyer after she had spoken to him.
Which kind of suggests that they thought they were dealing more with a “Domestic” / “Breakup” than a potential “Terrorist”.
The fact they made further checks I suspect was more a case of wallpapering rather than actual suspicion so with a green light from the Feds they had no reason to continue investigating.
The $64,000 qurstion is did the RV owner even know of the incident. There’s no information to indicate the guns were his, and no information the police ever spoke to him. So as he was not particularly pally with his neighbours so even if they saw the police they may not have said anything either.
So there is a very real possibility he was totally unaware of the report or visit to the girlfriend or even to his home.
Obviously this has implications depending on your view point of patsy-v-suicide bomber.
All we realy can say is for a man in his sixties he appeard to have a lot of interest in women less than half his age rather than the more normal over fourty.
Winter • December 31, 2020 6:58 AM
@Clive
“So how fast is the FDA going to move on the Oxford vaccinr, they have had the basic adeno virus safety information for more than two years now so the clock is definitely ticking with kick of in just three weeks, it’s going to prove tight at best.”
This is a cheap, non-American vaccine. I am curious to see if they will want to spend money on such a foreign, unamerican vaccine.
Clive Robinson • December 31, 2020 8:01 AM
@ Winter,
This is a cheap, non-American vaccine. I am curious to see if they will want to spend money on such a foreign, unamerican vaccine.
They already have an order in for a hundred million units. And they also know it’s effecacy is better in one way and abiut the same in another as thr mRNA ones.
It’s why the Astra Zenic boss was legaly alowed to talk about “having the winning fornular” because it is actually better.
The only thing stopping the wheels rolling on it is the FDA, in the US and the EDA in Europe I am waiting on news that India has approved it…
Hence my point.
JonKnowsNothing • December 31, 2020 10:05 AM
@Clive @Winter
re: cheapo vaccinations
MSM reports that the UK has decided to give 1 jab not 2 as needed by the protocols.
I don’t recall much about the effectiveness of 1 jab other than it’s not as good as two jabs, except for a few vaccines in development that are 1 jab jobs.
It maybe that the neoliberals have started toting up the costs of vaccinating the planet 7.8B people and are balking at the costs. One country has already announced “Jabs for Citizens Only”. Of course that isn’t a winning-ready-baked idea.
The other aspect is part of the cost calculations: The Bank of Mom and Dad is still in play. There are many more dollars (or whatever currency) to extract in the next 2-5 years. In the USA, people who have been working from home, may get an April Surprise (tax time) because their salaries maybe taxable by multiple states. These are tax laws that applied to Professional Sports where the teams travel to different state venues to play. They owe state taxes for the money they earn on those games while in that particular state. The law is flexible enough to cover someone who works from home but “travels electronically” to other locations for work purposes (main office and business phone calls to out of state locations). Don’t spend that US COVID-19 $600USD yet, you might needed it to pay the taxman.
Winter • December 31, 2020 11:09 AM
@Clive
“The only thing stopping the wheels rolling on it is the FDA, in the US and the EDA in Europe”
A lot of the propaganda against the new vaccines by the “Movement for a Natural Death”, aka the anti-vaxxers, is based on the supposed danger of speeded safety test procedures. Propaganda points are won by “emergency approval” as evidence of corrupted safety tests.
The EMA was continuously stressing the point that all the normal procedures were followed. I assume the EMA will continue this policy.
Clive Robinson • December 31, 2020 1:41 PM
@ JonKnowsNothing,
MSM reports that the UK has decided to give 1 jab not 2 as needed by the protocols.
That is true for a limited time period In the case of the Oxford vaccine, the trials show that whilst 1 jab gives about 60% of people immunity, importantly within a week of 1 jab if you do get infected you will not go to hospital just feel less than mid way between a cold and the flu.
Thus from a “keep as many alive as possible” in what may become a serious flu season it makes logical sense as twice the number of people are kept out of hospital which in turn keeps the case fatality rate down below ~0.5% as opposed to 5% or above if earlier figures are still correct.
It will also help cut R0 down which is quite important as the new varient appears to be 54% again as infectious.
So the intention is to get as many people 1 jab as quickly as possible then go back later to give the second jab.
In this respect it appears the Oxford vaccine is better than the mRNA jabs, that do definately require the second jab at the appropriate time to be effective.
@ Winter,
The EMA was continuously stressing the point that all the normal procedures were followed. I assume the EMA will continue this policy.
They have not done so on the vaccine they have approved…
As I mentioned the EMA “normal procedures” are seven months from start if there is no rrason to hold. They did not start untill 6th Oct this year even after being pushed. So the earliest anyone in Continental Europe would have got a jab if thr EMA had had it’s way would be the middle of May which with the COVID figures running wild in the South and North East of Europe would have been political suicide for the EU Council of Ministers amongst others and probably part of Amsterdam a smoking hole in the ground. So both Germany and Spain very publicaly gave the EMA a kick up the arse and the council of ministers a shot across the bows. By in effect saying FU well go our own way and you can get any fines if you are stupid enough to try when hell freezes over. One story suggests that “Article 50” got a serious mention as a resolution method, because that is supposadly how the UK got it’s Opt-Out… Which might account for the EMA blaiming office issues due to BTEXIT.
There’s so many stories floating around that you’ve no chance of working out what’s true, what’s a convenient excuse and what’s on effect black propaganda.
But from thr order sizes it looks like Europe wants the Oxford vaccine made in Europe, not the mRNA stuff on a risky journy from the US etc.
But that is true of other countries Japan has ordered enough Oxford for their whole population the US for 1/6th their population unless they go down the “1 jab road” which will get 1/3rd the population India has already made enough to keep them going for atleast two months of intensive vaccination both China and Russia have placed large orders and if you believe what has been said that is after cyber espionage to get all the test results. Both want to make it as well and so on.
Thus I suspect the mRNA might well be short lived and on a fairly rapid count down to only US usage. I guess we will have to wait and see.
The UK approvals agency has a quite high reputation so if they have OKed it and make their paperwork available to inyerested parties, it might just turn into a rubber stamping excercise.
Oh apparently 45% of all the worlds actual genotyping of SARS2 varients is done in the UK. The reason is kind of chance but it’s alowed us to be reasonably certain the vaccines are going to work across the current varients.
The down side of this is it alows BlowJob to avoid responsability for his stupidity just under a year ago that got us into the mess we are currently in.
The upside is the strain has made him look so haggard the chances are he’s not going to look good to women so maybe he’ll be faithful for a while…
Anonymous • December 31, 2020 2:09 PM
@ Clive, Anders
Misdirection.
SolarWinds hackers accessed Microsoft source code, the company says
hXXps://www.reuters.com/article/us-global-cyber-microsoft-idUSKBN2951M9
How is that Office366 working?
Clive Robinson • December 31, 2020 4:58 PM
@ Anonymous, Anders,
How is that Office366 working?
Just like it was crafted as Office 666 😉
But more seriously how many other “Software as a Service” or other cloud services have not been got at in one way or another is anybodies guess…
Clive Robinson • December 31, 2020 6:18 PM
@ ALL,
It is now the first New Year of 2021 in London so a happy New year to all of Bruces readers.
May 2021 be a better year than 2020, and a return to normalcy be as fast as possible for all.
P.S. For those who don’t know the Chinese / Lunar New Year / Spring festival falls a couple of days before Valentines day this year on the 12th Feb, remember to wear red and get new money from the bank 😉
MarkH • December 31, 2020 6:30 PM
@Clive:
I much appreciate your new year’s greeting, and wish a better year to all the readers — but most especially to you with all of your health worries.
Many thanks to Bruce and assistant moderator(s) for making this community possible.
Anders • December 31, 2020 6:57 PM
@Clive @SpaceLifeForm @MarkH @ALL
Happy New Year from this side (UTC+2)
Traditionally we can see here two firework sets.
Local Russians starts their firework at Moscow time (UTC+3),
this lasts around one hour. After that right new year
firework starts. So in the nutshell – two hours in a row :/
Poor pets.
Hopefully this year will be the Covid-slayer.
Nick Levinson • December 31, 2020 9:55 PM
@Clive Robinson:
“Or does not fit in with existing systems or managment ideas.” Yes; that’s why I wondered about nonincremental design.
In general:
We depend so much on the Internet we consider it like a utility, a danger facing Google Search. We may as well ask for the business case for using electricity. Requiring a business case to connect to the net would fail, because the slightest attempt at a justification will pass a business manager’s glance, unless ICT is the sole approving authority; and ICT would have to hire business-oriented people with different backgrounds who could intelligently explain why the case was not made. Then someone has to audit out in the field so a sneakernet is not built up with nearly universal under-the-table agreement and ICT in the dark.
Management won’t get everyone on board with inconvenience until it’s normal and one reason is that departments, including ICT, protect their turfs so outsiders won’t mangle them (that’s the good reason) and therefore people believe they shouldn’t question or challenge what ICT does. Sales reps don’t question product design. Therefore, ICT has to minimize inconvenience and system hostility to users. That’s a challenge. A classic hack was when a small business hired a whiz kid, maybe an owner’s teen cousin, to set things up, it became secure, hackers flooded the place with DDoS garbage, the owner blamed the changes and put everything back the way it was, and hackers went back to hacking for what they wanted in the first place. ICT will have to deal with that. Upper management has to supply the resources. Popular acceptance among employees will be slow. They store hundreds of thousands of dollars in their bank accounts behind PINs that may have just 4 digits. Only a nerd would say that’s not secure and they don’t like nerds.
Mindset aside, a study of nuclear power plant computer systems isolated from the Internet found many of them connected anyway. Operators were often intelligent people with not much to do (the plants don’t blow up very often); one was writing a play.
Long ago I installed a Linux distro without games and had to put all the games back in because erroneous design meant that without the games some dependencies were missing. (I don’t remember the distro and don’t know if this still happens with good ones.) But someone ought to be able to design OSS to support stripping (the NSA stripped for President-Elect Obama’s BlackBerry). If no one has for public availability, that’s surprising. Maybe the kernels are too complicated for stripping. Deleting apps is almost trivial and must have been done for a whole bunch of spins. It doesn’t matter whether Windows can’t be stripped, because it shouldn’t be used where security matters, although it is.
Goat • January 1, 2021 12:16 AM
@All Happy new year, good time to test feature updates on core software(like vim, firefox whatever) if you have only been getting security ones on your software.
Anders • January 1, 2021 9:38 AM
@Anonymous @SpaceLifeForm @Clive
“How is that Office366 working?”
I’m more worried about windows updates.
I’m sure Microsoft don’t tell the whole truth.
Accessing the update system is goldmine for the
attacker. From there you can reach literally
ANYWHERE. Setec Astronomy.
So – how many are there already backdoored
windows systems in the world?
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Goat • December 25, 2020 7:01 PM
Let’s gift the moderator a bunch of tools to work with this season, What do you think?