Friday Squid Blogging: Vegan Chili Squid

The restaurant chain Wagamama is selling a vegan version of its Chilli Squid side dish made from king oyster mushrooms.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on January 22, 2021 at 4:19 PM121 Comments


D-503 January 22, 2021 7:04 PM

A gentle reminder that connecting your junk to the internet is a bad idea:
ht tps://
ht tps://
“A hacker took control of people’s internet-connected chastity cages and demanded a ransom to be paid in Bitcoin to unlock it.”
moz has already commented on this, ahem, vulnerability, but the above is the first report of an attack in the wild.
ht tps://

Continuing on a theme of “don’t expose your kit”, and attacks in the wild… I predict that fewer men will be skinny-dipping in shallow seas after reading this article:
ht tps://
Eunice aphroditois, AKA the sand-striker or trap-jaw worm, is an ambush predator with truly frightening jaws, capable of slicing a fish in half:
ht tps://
Only aquarium enthusiasts like myself, and marine biologists, had heard of this creature until some joker decided to nickname it the “Bobbit worm”, after the folk hero Lorena Bobbitt. Then it got a lot of press. A marketing master-stroke: A highly improbable attack vector (unless you’re a small fish) gets a lot of attention due to a lurid name.

(URLS fractured because someone mentioned autorun)

SpaceLifeForm January 22, 2021 10:44 PM

NCov2019, Wuhan one year later.

Check the headlines from around the world. Crazy.

Misinformation vs truth. Dancing in clubs. It’s going to become a hotspot again.

Blake January 22, 2021 11:50 PM

NCov2019, Wuhan one year later…Misinformation vs truth. Dancing in clubs. It’s going to become a hotspot again.

Meanwhile actual evidence, if it matters, has already shown that Covid-19 was present in Europe months before it was found in China.

As to misinformation? You get that from countries like Sweden and Australia as well. And the sort of “dancing-in-clubs” mentality, it’s not much better here in USA. A large amount of the population still thinks that its a hoax. At least the Chinese took it seriously as a society.

Clive Robinson January 23, 2021 1:25 AM

@ Ismar,

not so good news with COVID-19 trying to outrun the vaccine

Nature is a prestigious journal and those who write for it tend to take care to check their facts.

Thus what they are reporting is very probably factual, and to be honest what I’ve been expecting to happen. As noted by the scientists the human immune system is multi layer, so should be able to cope to some degree.

However there is another item that needs to be considered, and that is the genetic lineage of those who’s blood serum has been tested.

It is known that many in sub Saharan Africa do not show the so called Neanderthal genetics that are seen in many other populations world wide.

The other thing to remember is the mRNA shots work in a very different way to the more traditional vaccines. Thus they may be “to specific” in nature. I gather the mRNA sequance can be fairly easily rejiggered in just a couple of weeks, the question of three phase testing arises and how long that would take if it’s required to be done as I would expect, or wether it can be slid through under emergency measures exemptions.

So there is quite a bit more work to do yet, but as I noted here some time ago the clock is running… But also the more people infected the more likely mutations are going to happen and some will be detrimental.

JonKnowsNothing January 23, 2021 2:35 AM

@Ismar Clive All

re Changes in PCR testing for COVID-19 mutations

I read an interesting side note recently about some aspects of the many sub-types of N501 that are becoming dominant form of COVID. It had to do with PCR tests for the new variants.

The focus of the article was on the variants and the PCR aspect was a side bar box.

The article box described that PCR tests use 3 segments of known COVID-19 RNA sequences to match. In non-501 COVID, all 3 segments will show positive. In N501-COVID only 2 of the 3 sections capture the presence of the virus. The 2 segments are enough to get a Positive Reading.

They used the “2 of 3 results” to back track through PCR testing history logs to determine at what point did the N501 start become dominant.

The missing test is an indicator of N501 and further testing confirmed that.

From this “2 of 3”, they asked other countries to look for the presence (absence) of the missing test and surprise-or-not, it was in a lot of places that they thought had not yet been exposed.

It is perhaps one reason, there’s a big push on for FFP2/N95 Medical Grade Respirators. N501 is far more wide spread than thought.

I looked up info on the FFP2/N95 Medical Grade Respirators and it’s a complete minefield of bad, wrongly labeled and useless items promoted as being N95 grade.

I recommend that folks take some time to review whats really required because there won’t be any do-overs if you get the incorrect one thinking you got the correct one and then get exposed and the consequences are Not Good.

Here in the backwash of COVID California, it’s like last year at the beginning of the pandemic when no one had even an ear loop mask. Ear loops masks are useless but it’s all I have. A box of 100 single use N95 Medical Grade Respirators costs $300USD (this major store only sells them in 100 unit boxes).

Pick 1:
  $300 for a face covering or $300 for bills or $300 for food.

Jon January 23, 2021 5:49 AM

@ Goat :

That’s actually one of the things that really bugs me about the law. They go to such efforts to be carefully specific and define everything (or at least claim to) but when the rubber hits the courthouse, suddenly everything’s flexible again. “Oh, no, that doesn’t mean that, you silly person!”.

If one word or phrase gets redefined several times in several different places, you don’t have any definition – or meaning – at all. J.

Clive Robinson January 23, 2021 6:36 AM

@ JonKnowsNothing,

Pick 1:
  $300 for a face covering or $300 for bills or $300 for food.

It will soon be the same in the UK.

As for getting PPF2/N95 masks, if you remember back this time last year or a little later I did the math. The conclusion of which was that even the highest grade physical filters you can buy and breath through unassisted would not stop the virus just significantly reduce the viral load (similar with power assisted HEPA filters).

Which is why I was looking into a non physical solution with a friend. Basically it was the equivalent of a three litre plastic drinks bottle with baffles inside to cause turbulance you would screw on a half inch medical grade tube up to a face mask not to much different to that you find on sleep apnea machines on one end and a standard dust filter on the other. The bottle would be made of a plastic that is transparent to UV-C and surunded by a jacket of UV-C emitting light sources the same as used in water purifiers.. Whilst some viable virus would pass through the dust filter it would get it’s RNA/DNA disrupted by the UV-C thus become non viable.

Sadly my friend died in an accident which precipitated other events, so it never got beyond very early design prototypes…

Oh, I know I should not say this but that “one use” is not exactly true for various reasons it has a hugh margin in it much like the Best Before Date on food it’s kind of designed for “worst case” not on the filter material but on the seals to the face. In fact the US Government was looking at buying Hydrogen Peroxide misting systems[1] to biologicaly clean the filters in masks over night. If you search this blog for Hydrogen Peroxide you will probably fond the discussions on it.

[1] I use a home made Hydrogen Peroxide spray on my cloth based face masks when I get in likewise on my cloves and shoes. WhilstvHydrogen Peroxide has very strong bleaching effects it breaks down to oxygen and water fairly quickly as it dries out, thus should not leave harmful residue.

Goat January 23, 2021 8:42 AM


Re:”If one word or phrase gets redefined several times in several different places, you don’t have any definition – or meaning – at all. J.”

Well, it doesn’t work that way. Mostly the Act has a set of definitions for terms used in the act and clearly mentions the acts whose definitions apply in case the term isn’t defined there.(People here Know about Dependecy management so they know it quite well what the issue can be)

The most important thing is that a law is designed to be flexible, A too rigid law may break on changes in circumstances(also envisioning every case is impossible), while make it to flexible and it will be(and is) misused.

That Said a lot of it is about archaic conventions and the way legalese has been.

Goat January 23, 2021 9:19 AM

@Jon, the future seems better businesses are pushing for clearer plain english contracts, Law is also progressing into a direction. If we keep going at this pace a thousand years later legalese may dry up 🙂

The Stakes are very high for most law so in all practical sense legalese won’t go away. Even If it does the volume won’t.( The GPLv3 Weighs quite a lot)

External Links


Winter January 23, 2021 9:57 AM

” Law is also progressing into a direction. If we keep going at this pace a thousand years later legalese may dry up 🙂”

There is also a large difference between common law and civil law. Case law has much less weight in civil law jurisdictions.

I am not sure whether this distinction is the whole cause, but here in the Netherlands, any contract involving a consumer is very short. Even the sale of a house involves only a dozen pages or so (if it is that much). Most conditions that are covered by contracts in the USA, are already covered by (consumer protection) laws here.

A very nice part are product warranties. Anything you buy must perform for a reasonable time, years if it is expensive. If it doesn’t, the seller has to repair, replace or repay it. Nothing in writing is needed, just proof of sale. No way to get around it.

JonKnowsNothing January 23, 2021 9:57 AM


re: Jan 6 Coup in USA, participants meet AI/ML Tech

ARS reporting that a specialty site popped up, that posted 6,000 images of faces extracted from videos from the Parler site taken the day of the Coup Attempt.

AI/ML was used to extract the faces and remove most duplicates and then the images were stitched together into a big mug-book style collage.

The site creators make a distinction between: Face Detection and Face Recognition(ID). The first is to find faces, the second is to assign names to the extracted faces. The site does not ID anyone.

The report touches on privacy issues but misses the bigger point:

  • If an art project can extract 6,000 faces using publicly available tools, what can Law Enforcement Agencies extract using dedicated surveillance programs?

There are going to be some surprised individuals and certainly some dropped jaws in Law Enforcement, mostly from those that think no one would notice them in the fracas.

ht tps://
(url fractured to prevent autorun)

Goat January 23, 2021 10:18 AM

@Winter, I was talking about acts specifically, while contracts may move to plain english acts are unlikely to, though improvements are being seen but basic laws are unlikely to amended for a change in language(i.e. clarity)

Also, dozen pages isn’t less given that such transactions are fairly common place, unlike terms of software agreements which mostly experienced lawyers take up.

Eg. In netherlands they would probably have a bulky contract act and multiple other acts dealing with such transactions

PS: I am not pursuing a degree in law but studying law(taxation and corporate mainly) as part of my course.

This is no substitute for legal advise 😉

Clive Robinson January 23, 2021 10:57 AM

@ JonKnowsNothing, ALL,

ARS reporting that a specialty site popped up, that posted 6,000 images of faces extracted from videos from the Parler site taken the day of the Coup Attempt.

Well now they have a list of 6000 images they still need not ID folks to enrich the data.

For instance find all the duplicates and where they were and when, then “join the dots” together on a time line for each individual.

Then build up crowd speed direction information and give “deltas” on all thoses time lines, which would reveal “crowd following/joining” against more purposeful movments that would indicate alternate activities.

You can also “crowd thin” that is remove from a crowd those you have identified by face and other biometrics then whittle down via cloathong things carried etc others to get better time lines and also raise question marks over those that managed to keep their faces unseen, which may be an indicator of “intent”.

Having got all that with another database say mobile phone work out ID’s by where the biometric traced out time line paths tie up with cell phone time line paths. And again pull people out reduce the potential match size thus whittle further down.

Thay way you maybe able to work out who those who kept their faces out of images are…

And that as they say is just the start of what can be done, and maywell being done.

Just think what happens when phone numbers get cross linked and mapped out. We already know that software to do that exists and has done for quite some time.

You might also map smart phones to not just Parler accounts but facebook, twitter etc oh and physical locations these people have been and crossed paths with.

Thus even old school Fieldcraft / Tradrcraft activities such as deadletter boxes etc may be revealed where Comms OpSec was not properly used, thus other supposadly hiden links revealed.

Sometimes it can be amazing to see just how many dots there are, how they map out, how they link up, and the stories and secrets they spotlight with sun light…

For instance any one remember one of those crazy lawyers doing the drunken mistake filed court documents for the Trump challenges? Who amongst other things had changed her name for reasons she had not stated. Well with from what was said, simple OSInt and just results on first pages of DuckDuck searches gave rise to U-Tube video not just of the outside of her house but the inside as well confirmed by other pictures with her and other loony lawyers slurping veno. Oh and who her brother was and the power plays he was upto and how it appears they are hoping to be future “GOP Players” at the more senior levels (hopefully now scotched…

Clive Robinson January 23, 2021 11:31 AM

@ Nick Levinson,

A Peloton bike seems to be a security risk

They are, like other excercise equipment, sports health, sports performance, etc tech. Where Internet connectivity alegedly gives the user benifit, even if it is just showing off or watching scenic videos to take the mind off of the numbing tedium.

So just like many other items of home / household tech from diminutive MP3 players up to the largest of flat screen TV’s. Much tech that goes in kitchens such as menu driven microwaves, and even some clothes irons have System on a Chip (SoC) devices on them that do WiF amongst other connectivity protocols.

Which means all those poorly implemented IoT network stacks and the apps behind them can be attacked by even “script kiddies”.

So first Obama and his “Crackberry” now Biden with his “Pelt them” Democrat Presidents appear to hold the field 2:0 against the only Republican in the last decade, who had a major “Twit her” addiction, bit little was said about the security of his Smart “er than himself” device.

Nick Levinson January 23, 2021 11:47 AM

@name.withheld.for.obvious.reasons, @Goat, @MarkH, @Jon, & @Clive Robinson:

In U.S. law on statutory construction, the plain words determine the meaning when the statute is applied to a set of facts, unless the plain words are not clear for that set of facts. An interpretation judicially applied and that is necessary to the final decision in the case where applied (thus not an obiter dictum) tends to become a precedent, binding in the court so interpreting (including all of its judges) and any courts below for future similar cases with different parties and advisory for other courts. While courts and judges can differ with each other and even rule in opposite directions, those differences can be resolved and a division among the circuit courts of appeal in the Federal system is a common reason for the Supreme Court to take a case. Thus, there is relatively little chaos in determining meanings. Even if a statute is new and some lawyers say no one knows exactly what it means (often to solicit client business), we usually have a very good idea of what it means because it probably does not have newly-invented words (and if it does they’re likely defined in that statute).

Knowing the interpretations is possible but can take a lot of research. Here’s a starting point for the Constitution as interpreted only by the Supreme Court: If you need to know Constitutional law on a point, you’d also need to know circuit and district case law or state case law.

It has been pointed out that unclear writing tends to push clear writing aside, because unclear writing has been disputed in court and courts have interpreted it, so that subsequently everyone can know what clear meaning has been assigned to the unclear writing, whereas that benefit does not accrue to clear writing, and lawyers prefer to use settled meanings. The concept of plain English is good but often difficult to implement.

I don’t know whether the President’s power to pardon being limited by impeachment means that the limit is against the impeached potential pardoner or against the impeached potential pardonee or both. The plain words aren’t telling me. The Constitution, however, was not drafted in a legal vacuum and it is possible that the Federalist Papers (Yale has a copy) or English common law as the latter stood when the Constitution was drafted and ratified had a relevant meaning. There also have been U.S. impeachments and convictions of other than Presidents and any of those may have been followed by interpretations of the clause that may apply to any new case.

Winter January 23, 2021 12:23 PM

“Thay way you maybe able to work out who those who kept their faces out of images are…”

They are still looking for the one who laid the bombs.

He (most likely, he) had his face covered. I assume he was not stupid enough to keep his phone on or even carry a phone. But with pictures from inside, they can try find pictures of him outside, in the crowd and trace him back.

xcv January 23, 2021 1:33 PM

@Nick Levinson

An interpretation judicially applied and that is necessary to the final decision in the case where applied (thus not an obiter dictum) tends to become a precedent, binding in the court so interpreting (including all of its judges) and any courts below for future similar cases with different parties and advisory for other courts

Be better for those damned judges if they hadn’t pretended they were so blindfolded, handcuffed deaf and dumb to the established precedent of their brother judges like that. Fuckers get drunk on the bench, and beat the shit out of sober people in a court of law, deny bail and torture defendants in jail before trial, etc.


“Thay way you maybe able to work out who those who kept their faces out of images are…”

Damn cop calls up the D.A. on a scrambled line, “Is there any way we can frame a sus on a child pornography charge?”

They are still looking for the one who laid the bombs.

Cops failed in their first attempt to murder the “person of interest” — and you know how working cops on the beat are so find of “second chances.”

He (most likely, he) had his face covered. I assume he was not stupid enough to keep his phone on or even carry a phone. But with pictures from inside, they can try find pictures of him outside, in the crowd and trace him back.

We’re done. Christopher hookers are pulling that Muslim schtick on homeless folks, and requiring “homeless” men to wear a fist length beard under Islamic Shari`a Law.

Clive Robinson January 23, 2021 1:34 PM

@ Winter,

But with pictures from inside, they can try find pictures of him outside, in the crowd and trace him back.

Assuming “they” want to…

One of the things Law Enforcment is finding out the hard way, is that technology is agnostic not just to use but ownership…

As many have noted, there are a lot of things Law Enforcment do not investigate, not because it can not be investigated, nor because it would be to expensive to investigate in terms of finance, manpower or time. Simply for what ever reason they do not want to investigate it[1].

Now Law Enforcment have a problem “crowd OSInt”… If Law Enforcment do not want to investigate, and citizen investigators do, and then deliver the suspect up on a plater neatly tied up in that pink ribbon the legal profession hold their briefs together with… What are Law Enforcment going to do?

Almost certainly they will make claims the evidence has been tainted, or the suspect has gone to ground etc, etc, etc as they do when there is a “Blue on Black” incident. But their opportunities are getting less and less.

After all there are already question marks hanging over law enforcment for aiding the rioters. Thus one has to wonder about law enforcment “motives” be they of individual officers, “canteen cliques” or covert “high level action”. After all we know the FBI ran “make a terrorist get a promotion” type schemes in the past, where they would take some hapless idiot of low ability and hold his hand, provide him with money and weapons, then build the bomb for him etc to come in at the eleventh hour grab him and all those that “helped him” are never to be found as they slip away in the light of day to go prep another hapless idiot for a life in solitary.

As has been observed from time to time “Old habits die hard”. The pump has been primed for Patriot-2 which as Presedent Biden has claimed he was responsible for the first Patriot Act, as it was based on legislation he had drawn up back in 1995… I’am assuming probably not incorrectly that some in high positions think he’d be more than happy to draw up Patriot-2 or the VP would, and it would slide by both houses as easily as did the Patriot Act…

The old “Shake them up, then shake them down” routine, known and loved by those seeking money, power, fame and above all status as first amongst equals.

[1] I’ve mentioned this before, and why they apparently did not want to investigate. Since then the UK Met Police “under cover fathers” scandal has happened so you can see it’s a bit of a larger problem than most previously realised, when they are happy to cover up what some insider called a “DNA pump and dump”.

Clive Robinson January 23, 2021 3:23 PM

@ JonKnowsNothing, MarkH, SpaceLifeForm, Winter, ALL,

The UK Government thinks it has sufficient cause to say[1] that the SARS-CoV-2 B.1.1.7 variant is,

1, Significantly more infectious.
2, Measurably more virulant.

That is in in the mean age range of the new varient in hospitalised cases (60year olds), looking at groups of a thousand patients the mortality rate (CFR) for the new varient was 1.3% or 1.4% and only 1% for the old predominant varient. So an increase of 30-40% in the “CSR” (case fatality rate). There is no figures yet on the “IFR” (Infection Fatality Rate) though there is a chance it may be lower if non hospitalised cases are significantly higher (ie lower age range forms infection mean or asymptomatic infection has increased upto around 30%). This is possible because the new varient is between 30-70% more infectious, with some older data indicating it’s around 55%.

Denmark that 100% genotypes all COVID cases say it’s a new pandemic and will be dominant within a month and four times the current number of cases within a month of that even with the hard lockdown…

The US even after the recent increase in genotyping is still only testing around 0.3%… Thus have no real indication of which of the 501 mutations is becoming the dominant strain. But if their cases go up by a factor of four, especially if more virulent, then it does not take an Einstein to work out what is likely to happen to the already failing US Health Care system, and the knock on effects of that. One of which would be 5% or higher mortality rates in those who would have otherwise been hospitalized… Like it or not the European example is hard lockdowns are essential. The Australian example is that it has caught 8 of the new varient infections ingressing in hard quarantine thus safely. So in effect is that not just National but State or even smaller regional quarantining is a must as well. It looks fairly certain that thr UK is considering tougher border restrictions, and may switch to hard mandatory observed quarantine as well as limiting numbers alowed entry possibly to only UK citizens and also limit exit for UK citizens. There will be ministerial discussions on thid next week with the big concern being stopping the Brazilian and South Africa varients that the mRNA jabs are only about half as effective against[1].

The other European lesson is Xmas easing of restrictions was a very fatal mistake, and now hard lockdowns are required as an absolute minimum, and may not be enough (it appears to be “run away” in Portugal currently, Éire has managed to get it back under control after having the highest per capita infection rate, but it’s still way up on what it was a couple of months ago and the “baked in” mortality is yet to actualise probably starting next week… Oh and apparently European politicians are jumping on the “English disease” band waggon to demand hard restrictions against the UK, even though evidence indicates it was first seen in Europe in Italy, and is now spread all across continental Europe with worse per capita figures in several European Nations…

As for getting a jab… Apparently both of the mRNA ones from Pfizer and Moderna have significant production problems including Pfizer taking their European production off line, which was supposed to be supplying Canada, and now is not…

As for the Oxford Astra Zenica vaccine, from what can be worked out the approvals bodies are just sitting on it and twiddling their thumbs or playing silly buggers and nobody is realy talking. The EMA is sort of saying “maybe mid feb” and then “though maybe not”…

If we are going to have to wait on the two mRNA jabs from Pfizer and Moderna we will be in it up beyond our nostrils and the chances are SARS2 will have outmutated them and human immune systems that have already been infected and survived the older predominant SARS-2 virus strains. There is already a build up of test results indicating that the effecacy of the mRNA jabs is well down with the Brazil and South Africa varients so transport restrictions should be an essential consideration / requirment.

As for the California varient I’ve heard very little indeed but with at best 0.3% of hospitalised cases being genotyped the old rule of science that “You can not document what you cannot measure” applies.

So all considered this “new pandemic” has taken us back not to square one but maybe square -10 and we have to throw a couple of double sixes just to get back on the board…


Clive Robinson January 23, 2021 3:36 PM

@ SpaceLifeForm,

Silicon Turtles.

Yes it was the point I was trying to get across to @serg the other day about secure enclaves…

They don’t start out with secrets in them, so the secret has to get in there from somewhere else, that is you are just moving the problem not solving it. Which means eventually that’s where your root of trust explodes in your face because eventually you don’t have one, and you don’t have any security just vulnerability…

Oh and if you think about it TPM does not solve it either because the secret still has to get into there…

@ Wael,

If you are reading along, I vaguely remember you had played in this area, any advise other than “duck and cover”?

Nick Levinson January 23, 2021 3:57 PM


Relying on precedent is helpful. U.S. Federal courts and some lower courts are inherently not democratic in that judges are not elected but are appointed and generally serve have long terms without renewals being required. Precedents provide predictability. You generally can rely on them to know the boundaries of what is lawful and what is not. You know how you can behave. That’s why legal stability helps. You don’t need a daily subscription to court opinions and big-dollar contracts can be drafted to not expire for decades.

When a precedent is believed to be wrong, elected people can change the law on which it stands, somewhat often they say they will, and sometimes they actually do. Being elected reflects democracy.

Tõnis January 23, 2021 4:10 PM

Any law that cannot be understood by a person of average intelligence is void for vagueness. Otherwise, how can a person be expected to follow the law?

Judges don’t “interpret” a law — in the United States laws are written in English, not some foreign language requiring interpretation — judges apply the law. There is no such thing as “case law,” only case history.

JonKnowsNothing January 23, 2021 4:51 PM

@Clive Winter All

re: Mut COVID rising and Bank of Mom & Dad falling

In this interview by De Spigel with German Chancellery Chief of Staff Helge Braun the featured discussion topic was Germany’s planned attempt at Herd Immunity Policy for the upcoming rounds in Europe.

recap definitions:
* Herd Immunity is a medical intervention by vaccine to control disease.
* Herd Immunity Policy is an economic policy aimed at maintaining the status quo for financial markets. This policy has 2 points:
  a, Allowing many people to die as possible
  b, Extracting the maximum value of those deaths to benefit the controlling economic factors: government, banks etc.
* Herd Immunity Policy requires a number of “less than truth” statements to reassure the population that the government will “protect the weak and elderly” while everyone “carries on working”.
(see archives for early discussions on Herd Immunity Policy and the economic calculations)

Tidbits from the interview:

DS: 90 percent of the people dying from the coronavirus are older than 70 years old. In Berlin, more than half of the victims live in retirement homes.

Braun: Perfectly protecting all these people from a high incidence of infection simply isn’t realistic.

Braun: … we sent FFP2 masks to homes… we clearly cannot prevent the virus from being carried into the homes.

Braun: … In October [2020], though, it became clear that no plan is sufficient [to protect the vulnerable] if infection numbers in the overall population grow too large.

DS: What does that say about our care system when we need 10,000 soldiers to keep care homes functioning?

Braun: We have done a lot in the current legislature period to address it [care and staff shortages]. But many things don’t take effect overnight. The coronavirus has resulted in an additional workload at extremely short notice.

DS: Two-thirds of those in need of care are provided with home care … How can this group be protected?

Braun: I think there were misguided expectations [about vaccines]…. It was foreseeable from the beginning that there were be shortages [of vaccines].

DS: … was not foreseeable that Pfizer would suspend deliveries.

DSEditor: (Ed’s: Pfizer announced earlier this month that it would temporarily suspend operations at its European factory in Belgium in order to expand its production capacity.)

Plus More of What We Didn’t, Can’t, Aren’t Doing.

What is clear, is that the German government has consigned their older population to die. There’s not enough vaccines. They cannot protect the care homes because of economic needs to keep people in circulation, which hauls in COVID to the care homes. The N501-Muts are so much more infectious they have decided to not implement well known hard practices that would prevent massive infections.

They have certainly balanced the value of the dead: no more pensions to pay, no more monthly care fees to pay, no more health care services to pay, no more food to allocate, no more economic-sinks to deal with, the increase in monies that can be allocated elsewhere, the re-drawing and re-churning of real estate, death taxes and related inheritance claw-backs against the funeral and burial costs of 90% of their care homes.

The same policies are at work in California. There are 2700+ bodies awaiting for burial in Los Angeles. They are not all old people, but the majority are. The N501-Muts are rampant in the care homes and it’s much harder to track.

In my section of the dry dirt:
  55 deaths June 2020
  557 deaths December 14, 2020 (last day the count was provided)
  1020 deaths January 22, 2020 (death counts resumed; partial and backlog)

This numbers aren’t so horrid compared to Los Angeles. They are horrid for us, just the same. They are mothers, fathers, sons, daughters, grandparents, aunts and uncles. They belonged to someone.

They are not disposable FFP2 Face Coverings.

ht tps://

(url fractured to prevent autorun)

vas pup January 23, 2021 5:08 PM


I just want to remind the name of this blog: “On Security”.

That is why I always add to my post how and why is related to blog’s subject if Moderator may have doubts.

All posts on political and legal issues not DIRECTLY related to this blog could be subject of arbitrary removal by Moderator, and I will in this particular case 100% support such decision.
There are many other spots for those subjects to be discussed, so that will not be banned altogether, but rather suggested to be out of the blog’s primary subject matter. Nothing personal.

‘Deepfakes’ rattle South Korea’s tech culture:

“South Korea did pass new laws attempting to outlaw deepfake videos, with legislation that went into effect in June of last year, setting punishments of up to five years in prison or a fine of up to 50 million won (€47,420).

If the crime was committed for commercial gain, the prison term can be increased to seven years. The new regulations do not, however, appear to have put an end to the problem.”

That is the example of what I was saying above. Enjoy the whole article and short videos inside as usually.

Nick Levinson January 23, 2021 5:16 PM

Search engines have free speech rights in the U.S. But Australia and France limiting linking and Australia limiting changes to Google’s search algorithm by requiring advance disclosure to some website owners and telling Google to link to all sites of a type or none because otherwise it would be discriminating would make that search engine, and maybe others, less good at what they do. I rely on searching. I see problems in accessing security-related news, especially for people in Australia needing to stay up to date.

Doubtless many more; I didn’t try to find all the best ones.

Users of course can go to even if the latency would slow them a bit. But if Google has a nexus in any of those nations and thus can be legally forced to conform what they have on their U.S. servers to the foreign law, that’s a problem for us in the U.S. The same legal principle applies to handing over user data, for example, to foreign governments.

vas pup January 23, 2021 5:19 PM

2021: What awaits us in space this year?

“It’s not very likely that the Orion spacecraft from NASA and ESA will start its maiden voyage to the Moon before the end of 2021. As part of the Artemis-1 mission, it will remain in space for four weeks and will orbit the Moon for a few days. There will be no crew on board for the first flight,
===>but two dummies from the German Aerospace Center, which use thousands of sensors to measure the conditions that human beings would be exposed to.
The Orion capsule comes from NASA, while the ESA supplies the service module. The service module, which is being built by Airbus in Bremen, provides propulsion, navigation, altitude control and the supply of air, water and fuel. After problems with an engine test in mid-January, the new NASA large rocket Space Launch System (SLS), with which Orion is supposed to be launched, is unlikely to be operational until early 2022.”

Godel January 23, 2021 5:25 PM

@ Clive “In fact the US Government was looking at buying Hydrogen Peroxide misting systems[1] to biologicaly clean the filters in masks over night.”

The Covid virus is fairly fragile so it’s recommended that 30 minutes in an oven at 70C is enough to kill it. I can’t find the original reference but one hospital tested using an ordinary rice cooker with a rolled up wash cloth at the bottom to insulate direct heat from the elements, to disinfect a batch of N95 masks 10 at a time. The researchers said that the masks were still effective after 10 cycles through the rice cooker.

A kitchen slow cooker could probably be used in a similar way.

Nick Levinson January 23, 2021 5:46 PM


Vagueness is an issue, but I don’t think understandability by people of average intelligence is required. More likely is that the legal language in question has to be understandable by lawyers, and even then specialized lawyers can understand it better without the law being judged too vague for nonspecialist lawyers. (In one case or line of cases, quoting statutory language as the entire reason for denying an individual’s claim was held to violate the individual’s right when the law had grown much more complicated than the statutory language alone conveyed.) The Supreme Court has already been reported by Reuters as preferring to accept cases when the lawyers representing the parties are exceptionally well qualified, such as lawyers who formerly clerked for Supreme Court justices, who themselves tend to have outstanding educations. The way a person can be expected to follow the law is by getting legal advice from a lawyer. That has problems, like financial affordability, but that doesn’t make a law too vague.

Judges apply a law and, at times, discover its meaning. We often call what judges do with a law to be interpretation; I don’t know if judges formally call it that. English definitely requires interpretation even in the U.S. and England. Applying law to facts is not always straightforward. Because it’s not, we have plenty of case law, not just case history. At the Federal level, we may have more case law than statute law. The reason the Supreme Court is so prominent is that it publishes its opinions on law and people know various people will have to follow the law as opined on by that Court. See, e.g.,

SpaceLifeForm January 23, 2021 6:07 PM

@ Clive, ALL

Malarkey. Misdirection.

If you buy this story, you have not been paying attention. It was a ‘configuration change’, no doubt. Connect the dots.

Facebook says ‘configuration change’ caused some users to be logged out unexpectedly

Most were able to log back in, but the authentication codes needed were taking a long time to reach users.

Goat January 23, 2021 6:57 PM

@Nick L..

Re:”limiting changes to Google’s search algorithm by requiring advance disclosure to some website”

Transparency by big search engines isn’t that bad, think of it.. They have so much control over what info you get, this power comes with many problems. It is already being exploited for survilliance and hooking people up, How can you trust the resilts when the design is to get more clicks(google is a ppm ad company).

You can try DuckDuckGo if you are concerned about algorithmic censorship.

Ps: Why dont you get a ssl certificate for your website? Its free.

Goat January 23, 2021 7:25 PM


Re: “You dont have much privacy”

Truthful policies are good but they are no excuse for doing bad things, You are the one adding google analytics and ads on your website, just writing it clearly in your privacy policy doesn’t make it any good.

Clive Robinson January 23, 2021 8:08 PM

@ Godel,

The Covid virus is fairly fragile so it’s recommended that 30 minutes in an oven at 70C is enough to kill it.

One incy weenie little problem…

Disposable N95 masks “rest on” your face thus they have a leakage issue.

Disposable PPF2 masks “stick to” your face thus they should not have a leakage issue.

This “stick to” is achieved by a glue that is kind of a cross between what you find on Post-it notes, and that sort of rubbery glue that used to be used to stick CD/DVDs on the front of glossy computer mags (because sticky tape pulled the gloss off and people got upset).

The problem is the glue starts to get quite soft and more sticky around body temprature so that it has an optimal stick / adhesion effect… By the time it gets to about 45-50C –portable tumble dryer temp– you have a real very very sticky problem (or at least the ones I experimented with did). Mind you even though the glue was very very soft it was not liquid so did not run.

I guess it’s time to run another test maybe a misting of H2O2 followed by thirty seconds in the microwave.

@ JonKnowsNothing,

At $3/mask wearing them only once realy is not on, you can buy reusable washable cloth masks that The WHO said were suitable in the first pandemic for around $1 in quantity add 50¢ if you wanted a outward breath relief valve (which if you wear glasses was kind of essential).

So if puting it in a slow cooker or a misting with H2O2 means you can wear it ten or more times, it’s probably worth the experiment.

The trouble is few scientists would be willing to do the experiments because of the liability…

@ ALL,

I won’t mention the name of the UK Company that makes them, but military Nuclear / Biological / Chemical (NBC) “respirators” are the equivalrnt of an N95 filter to keep dust and larger nasties out, followed by an activated charcoal filter to get the bigger chemicals and smaller pathogens. But they say on their paper work that they do not stop everything.

Although I don’t recomend people try doing it you can make activated charcoal at home[1] which means with care you can refresh a Hundred hour NBC canister that costs around $66… And yes there are tutorials on how to do it.

Oh don’t look up “activated charcoal masks” unless you are after beauty tips 😉

[1] I used to make activated charcoal at home to make water filters with, for watering the garden young seedlings realy do not like tap water. Basically you make ordinary charcoal –or by a sack of it– by heating an appropriate wood in an oxygen free environment, take care though as the gas that comes off is quite flamable and can be used as a fuel to drive a generator (see gasification). You then take the charcoal and enlarge the pores in it, you can use lemon juice, various chemicals such as calcium chloride or calcium hyperchlorate, or high temprarure steam. You should end up with a fine powder that will filter all sorts of crap out of water or air including pathogens.

Goat January 23, 2021 8:33 PM

Re:”you wanted a outward breath relief valve”

Well these aren’t recommended since they act as a one way protection.

Eg.(imaginary values and oversimplification)

Valve mask 50% blocking(only in)
Other mask 50% blocking(both ways)

Case 1

A and B both valve mask

A has covid 19

Now A coughs and releases 100% pathogens and B gets 50% in.

Case 2

A and B are wearing other mask

A has covid 19

Now A releases 50% pathigens and B gets 25%

See the difference?

Clive Robinson January 23, 2021 9:34 PM

@ Goat,

imaginary values and over simplification

You could look back about a year ago on this blog where I actually worked out the figures to a reasonable degree. The important thing to remember is that you are dealing with a parabolic arc where initial velocity is the key variable. With the cloth the fibers are more important as velocity moderators, they realy do not stop the viarl particals which are less than one thousandth the size of the holes. A side facing valve has a similar velocity disrupting ability.

But the thing is it’s not the breathing out that is the problem if you are sheading, because it’s relatively low velocity. It’s the talking, singing, shouting, coughing and sneezing, that project droplets vith sufficient velocity to travel upto 8m 26ft away.

When you breath out normally the bulk of the virus you shed drops within two to three feet if you are wheezy it may go up to four to five feet.

With a side relief valve it basically ends up with low velocity and drops all over you.

In fact breathing out in an ear loop mask can actually cause the virus to travel further because of the jetting that happens with the leaks around the sides of the nose. Worse that same gap causes air to bypass any filtering effect the mask may have.

There’s a paper that you can look up that has some rather nice photos of droplets exploding out from not just peoples mouths but their noses as well. More than enough to put the average person off of their lunch.

The dynamics of light weight masks is a bit complicated and not well understood (due to using the wrong dropplet model).

You can also get some strange effects such as with fitted paper/cloth masks bellowing away as you breath out and lifting away from your face at the sides as you might expect. Then springing back as you exhale drops off, but at the last moment on some faces the edge kind of slaps forcing a jet out at much higher velocity.

It’s why ridged masks with side mounting filters and valves with four individually adjustable fixing straps to a spider at the back of the head are prefered especially with Volatile organics, vapours and similar, which includes small size pathogens such as viruses.

Nick Levinson January 23, 2021 10:44 PM


Thank you. I’m impressed that anyone read my privacy policy.

On your points, in order:

My experience with search usually favors Google. It has a big drawback; I think there’s a better way to identify expertise in some sites than a popular organic trust model alone, and I developed a technology to let search engine human staff identify leading experts on important subjects and auto-uprank the latter’s recommended sites (, but I haven’t gotten feedback about it and I doubt anyone has adopted it. Nonetheless, I think Google search gives better results than other engines do. DuckDuckGo offers privacy but not better results, I think. I have not done rigorous, wide-ranging, and systematic comparisons.

We can use other search engines. I’ve used Bing, DuckDuckGo, Yandex, Yahoo, Cuil, metasearch engines, and probably others. If a black box helps improve quality, let them make one. I can read the domain in the result and decide if I trust it. I can type the domain alone into the browser and then decide if I trust it. Many people don’t, but I don’t think we should weaken search because some people don’t develop a skill they can develop. They don’t need a $100 class in how-to; the knowledge is free. If we treat Google as a utility, quality has to go down. Some services should be utilities; we don’t want ten electricity suppliers running cables under one street and closing traffic ten times instead of once for upkeep, so we grant a monopoly and then regulate it closely. But search engines are not in that situation. If Google is bad, compete.

Google doesn’t have that much control over us that we don’t give them all over again with each search. You get into an exclusive expensive 10-year contract, probably that’s control. We don’t have that with Google.

I’m not clear how their search algorithm adversely supports surveillance or hookups. I can imagine a scenario, but other algorithms are bigger concerns for surveiling and I don’t know why I should worry about some guy’s problems with unhappy hookups.

Maybe Australians will want to use DuckDuckGo for news and that’s fine, but it shouldn’t be by hobbling Google. I like favoring small businesses but Google serves really well. If someone can do better, please do.

SSL: I forgot why I turned the idea down before. I just looked sketchily into it and I’ll look into it more. I think old browsers are still in use worldwide and this might discourage access. I don’t remember if a static site can use one and that would be a cost issue. I didn’t find the terms that my hosting service says I have to agree to for Let’s Encrypt (not my hoster’s terms).

I don’t object to ads, even seeing them. Some specific ones, yes, but not the principle. I did set policies to refuse certain kinds of ads. I don’t object to relevance. I haven’t had ads on my sites in about 2-3 years only because I don’t have a provider, since Google put AdSense under European Union law and that’s far too burdensome for me, so I guess I’ll never reach the threshold and collect the estimated 7 cents I previously earned, due to my small visitor pools; and I haven’t found another suitable provider. The point of ads for me is to pay the low costs that I now pay out of pocket, the main reason I haven’t opened two more sites I’ve had in mind.

What I’ve seen in Google Analytics data does not seem invasive of privacy. It aggregates larger numbers of people into a single summary. I saw a non-GA situation in which aggregating was of only two people and disaggregating for personal age was too easy, but I don’t see anything that close in GA reports. I have almost no PII from anyone that’s from my sites.

Wael January 23, 2021 11:33 PM

@Clive Robinson, CC: @SpaceLifeForm,

If you are reading along


any advise

More specific?

Goat January 24, 2021 12:59 AM

@Nick Levinson,

Re:”If a black box helps improve quality, let them make one”
Well everything comes at a cost, These Black Boxes come at a cost of biases(and user freedom, but let’s leave that for now). Biases are a big problem and they are not easy to weed out as Feyman Said “The first principle is that you must not fool yourself and you are the easiest person to fool”

Re:”DuckDuckGo offers privacy but not better results”

Well, my experience says it’s mostly not as good as google for technichal stuff but otherwise it shines well.

Re:”If Google is bad, compete.”
Google has an unfair advantage in many fronts, but well people are trying. That Said you can acheive a lot of privacy with @name.withheld…’s tips for using google.

Re:”The point of ads for me is to pay the low costs that I now pay out of pocket, the main reason I haven’t opened two more sites I’ve had in mind.”
I would rather ask my readers for donations then sell them for money, but it’s upto you, consider the fact that ads come at a cost of your reader’s time.

Re:”What I’ve seen in Google Analytics data does not seem invasive of privacy.”
Anonymising data is a very difficult problem(Bruce has explained repeatedly why), Consider what you gain by using any kind of analytics.

Re:”SSL: I forgot why I turned the idea down before”
I have a pure HTML Static Site and got SSL for Let’s Encrypt easily, If you run your server then use certbot else just click a checkbox(netlify and github pages both make it super easy, none of which are very privacy respecting). SSL serves purpose of ensuring authenticity to some extent.

PS: Even I operate a website out of my pocket so I am probably in a good position to comment on this. Most of these things are your personal choice and I respect that.

Also If you want to run a free(as in freedom) website without your domain, use codeberg pages.

Internet Individual January 24, 2021 1:44 AM

I just had a crazy idea or correlation that popped into my head while reading about all of the secrets. FYI this is simply a thought experiment and im not suggesting this idea has any facts to support it. However, the thought crossed my mind about the security of a country relative to the amount of secrets kept, possibly in some ratio of the population / secrets. Consider this, Most of the countries in the past many decades, lets say from WW2 until today. The countries that ended up collecting/keeping the most secrets relative to its population ended up collapsing/losing. Some might say the Nazi’s had a large volume of secrets/population relative to other countries at the time. They lost the war. Eastern Germany again were masters of secrets and again went under. Hungary, Soviet union, Iraq. This is obviously showing a pattern of oppressive regimes. Moving forward the US might be considered the master of secrets compared to others currently. Look what happened Jan 9th. However, the attempt failed. What else happened around that time? Presumably many of the secrets of the US were lost or ceased to become a secret after certain countries hacked the government and many businesses. In which case the ratio of secrets per person fell below a certain threshold just at the nick of time. It would be interesting to know if there is a ratio or threshold that could be identified historically at the teetering point before other countries throughout history went down. Perhaps first determine the value of a secret against some weighted metric. Or perhaps this might not be needed if secrets created in an official state capacity, by agents trained in assessing if an event is relevant enough to process it into a secret, some professional standard if you will.

The numbers may be significantly different in todays “secrets” because of computer data or collecting everything all the time from the internet and other communications. Im not sure what that means or how someone might calculate the worth of that. Maybe just calculate classified secrets + top secret documents / population. Or perhaps total secrets / knowers of those secrets and take that number and again divide that among the total population.

This is a hairball idea, but id be curious to know if there is something here, I have my spider sense going off. If there is anything to this theory, it has some strange implications. Imagine a country trying to keep the secrets it holds inside of a certain threshold or balancing act. Which secrets is it going to disclose on purpose in order to keep stability. For instance, If the country gets too greedy and tries to release fake secrets in attempt to defeat the ratio. The US has millions of people that have access to secrets as well. And obviously the value of a secret is subjective. We know data can be a secret, Facts can be secrets, can an idea be classified as a secret? Words are ideas after all. This thought is an idea that might be a secret. Anyways, thats my interesting thought for the night.

Etienne January 24, 2021 3:47 AM


Don’t try to be a Constitutional Lawyer on here, unless you can show us your Ivy League law degree.

There is more case law than any citizen will ever be able to wade through with grade school diploma logic.

Valentines day is coming. Buy your kid a Popsicle and tell them you love their mother.

Clive Robinson January 24, 2021 4:50 AM

@ Wael, SpaceLifeForm,

More specific?

The problem is what to do woth the secret that forms the root of trust.

Intel provide their security enclave with a proof via PK certs back to some master signiture so that active enclaves can in theory trust each other with secrets. But for obvious reasons that’s not a whole lot of use getting a root of trust into a security enclave unless you create the secret in an already running enclave. But if you use Intel’s signed certs to move a root of trust secret it also represents a security risk (impersonation if the signing PK gets misused as happens all to often with CA’s).

So where to generate and store a root of trust secret so that,

1, It’s secure at power down.
2, It’s secure after power up.
3, It can be securely moved during the power up and boot phase into a secure enclave.

In theory you can just keep the root of trust in some permanently powered up computer or built for the purpose HSM including some secure smart cards. However such things do not come as standard on a PC motherboard thus issues arise.

How ever what does come as standard these days is the TPM… In theory the root of trust could be put into one of those cute little TPM modules but…

My knowledge of the TPMs is not that good, in fact I’ve avoided looking into them for various reasons. However I do remember they implement a hierarchy of trust with the upper levels efectively having control of the lower levels and their being a couple of “OMG the Chinese” stories about the chips poyentialy having a hidden higher level.

Whilst any higher level is not a concern at this point the ability to,

1, Hold one or more roots of trust.
2, Move them securely into an enclave.

Is, in particular the protection of the communication of the root of trust across the CPU busses etc.

I remember you saying you’ld had some experience of working with these chips, and if you were aware of any mechanism and what it’s root of trust is?

Clive Robinson January 24, 2021 4:57 AM

@ Wael,

You know I occasionaly say the weather in London is “damp and grey” well this morning it’s “damp and white” we have the gentle flutter of bog soggy snow flakes… Unfortunately the traffic fumes are turning it from white to yuck, via of course “grey”

Hence confirming,

The more things change, the more they stay the same…

Wael January 24, 2021 5:44 AM

@Clive Robinson,

I’ll do the short one first. Whatever’s left in the brain is rattling in my skull and needing some sleep.

Unfortunately the traffic fumes

No traffic here! No comments about lunes.

white to yuck, via of course “grey”

White → grey → yuck!
Snow → exhaust fumes → sludge

Winter January 24, 2021 5:52 AM

“We’re done. Christopher hookers are pulling that Muslim schtick on homeless folks, ”

And more like this.

The final disillusion of Trump’s fall and Qanon’s prophecy not even stirring a tea cup seems to have hit you hard. Your writings have become incomprehensible.

What is it that you want to say to us?

question January 24, 2021 11:16 AM


Does anyone care to theorize Facebook’s mass forced reset? Reddit and Twitter alight with complaints of:

  1. Forced password reset
  2. Inability to reset. Endless loop
  3. Requests ID upload and even after uploaded, no reset possible
  4. 2FA not working
  5. Many complaints of permanently banned though they claim to be passive accounts
  6. Those who got back online now are inundated with banned adult content
  7. In order to regain access a phone number is required

Breached by foreign state? Or is this just more mass deplatforming? Most of the commenters claim they weren’t active on the site. I wonder what party they are registered with if so?

Nick Levinson January 24, 2021 11:29 AM


The issue of black boxes including at Google has been more about AI and facial recognition, such as identifying someone Black in a photo as, I think, a gorilla, and that’s not a search problem at that stage. Search being through a black box has been complained about mostly for websites that want to rank higher, sometimes legitimately but mostly by sites that probably don’t deserve higher position even with transparency. Google downranks my sites; by the criteria I know about, they’re right. I wish otherwise, but I agree with Google on what I should do to get upranked.

On building a search service, Google has an advantage, but I’m not sure an unfair one. Cuil had a bigger database; they claimed one and it wasn’t disputed. It also had some staff from Google. But it was lousy and is now dead. Google has a better-known name, but in any industry someone has that and that alone is not something we should take away and no one says we should. Google makes a lot of money from search and that makes it a target, but I don’t agree that that’s a good reason for targeting it. And suppose Google used awful criteria for ranking. I think and do that now; we don’t ban them and they have small numbers of users.

Protecting privacy while using Google is a different issue than search itself but closely tied in and I’ve seen advice on how to protect.

Soliciting donations from users is a bit interesting but would require a more expensive (dynamic) website. Running ads was technically easier.

I agree anonymizing is hard. I only looked at the resulting data Google provided to me and I don’t know enough to de-anonymize it. Google might be able to, since they got it before aggregation. That’s an issue, but I’m not sure it changes because I have GA. The data comes through hosters and backbones without in-site analytics and likely can be bought from them, and likely is. Premium domain sellers buy data on failed domain visits, for example.

I use a hosting service.

Codeberg being in the EU requires that I comply with the GDPR and nonviolation (not counting mere allegations requiring answers) of the laws of 27 nations, I think mostly civil law nations (the U.S. is a common law nation), and that’s too much for me to learn. Codeberg seems also to be for content that’s more limited than I have.


@Internet Individual: Add these considerations: Number and kind of secrets held by a given nation relative to the numbers and kinds held by other nations at the same time, because collection and storage abilities increase over time. What they do with them; e.g., use for national security only or also share with favored domestic businesses for what should be private-sector business purposes. Also, I argue that during the Cold War the U.S.S.R. was more secrecy-oriented about national security than was the U.S. and yet the U.S. won the Cold War, I think partly because the U.S. could have more robust debate that reached decision-makers.

Etienne January 24, 2021 4:03 PM

Re: Facebook, Twitter, Parle

Social media web sites have lost all their social trimmings. They are now just a bunch of shouting chronic complainers, trading memes instead of Baseball cards.

My wife says if she catches me on social media she will divorce me, take the house and pensions, and I’ll find myself homeless in Portland trying to get soup from a bombed-out Salvation Army barracks.

I can’t believe the wonderful Internet I knew in the 90’s could be destroyed so quickly by capitalists and their free-ranging lunatics. All sucking people in to argue about whether the sky is really blue.

I think I’m going back to dialup UUCP and BSD 2.11 Unix.

Clive Robinson January 24, 2021 4:13 PM

@ Wael, SpaceLifeForm,

My enquiry originated in part from @SpaceLifeForm’s post,

And the issues of “root of trust” with working out a distributed yet non federated system for mobile devices that would retain anonymity yet also provide a rendezvous protocol so that they can make a P2P connection and have effective E2E encryption without having to use the significant security weakness of a “Man In The Middle” service provider who can be lent on by Governments.

name.withheld.for.obvious.reasons January 24, 2021 5:01 PM

The Power to Pardon and Corrupt Influences
Thank all of you who contributed to my postulate, and no thanks to those that found ad hominem and vapid responses necessary.

As prefaced by my simple question, my concern is that given the criminal nature of the pardon candidates, most aligned with corrupt political charges and sentences, it seems illogical (thanks MarkH) that the framers intended anything close to what has happened in the last 14 months respecting pardons. Also, reviving the death penalty (pun intended) and moving to execute over a dozen federal death row inmates seems quite unusual (I’d say sick and twisted).

With stories about selling pardons surfacing, with for example John Karioko (former CIA whistleblower), the abuse and danger that these pardons represent seems understated. Along with the other abuses of power, there appears to be little push back to the outright use of cronyism, nepotism, and bribery making Richard Nixon look like mother Teresa.

How does letting this type of behavior (ignoring the criminal elephant in the room) make the public any safer from similar abuses in the future. There was a two minute window between losing the first branch, Article I, of the government this month and tyranny.

vas pup January 24, 2021 5:17 PM

@Tõnis • January 23, 2021 4:10 PM
I agree with you but not absolutely.
All laws are not created equal. They are differ by targeted segment of population.
(1)Targeted population – average Joe/Jane.
Those laws I absolutely agree with you should be written in English not legalize and exclude vagueness as much as possible.
For our bloggers commented on your who can argue that you are not to resolve your health problems without help of professional – doctor, so by this logical fallacy you need ALWAYS lawyer to interpret text of the law. NO. You are right criminal laws should be absolutely clear from the text itself. All laws you may ask? No. E.g. corporate crimes, election fraud, treason, etc. having as a target not average Joe/Jane, but rather high level mostly white collar crimes.
Meaning, that level of understanding of the laws, and not only laws, but so called pro-forma agreements which are binding legal documents, and created by legal departments of big corporation(e.g. personal banking account agreement, personal loans, utility agreements, insurance agreements, other, and last but not least PRIVACY agreements by our monopolists: FB, Google, Amazon, Twitter, you name it)and targeted average Joe/Jane, but required huge time and efforts even by Law School graduate to understand those bleeping legalize.
Yes, you’ll need lawyer to represent you in a court to follow the procedural requirements, but at least you need to understand clear and square BEFORE just by reading those laws what was required and what you were not followed. Trial should not be kind of legal casino – roulette.
(2)Laws/regulations which targeted special issues, e.g. stock market, drilling oil, merge and acquisition, IPO, you name it.
Those laws need to bi interpreted by big corporate legal departments, and have nothing to do with everyday needs and life of average Joe/Jane.
I’d say for (1) you may take ‘over the counter medication’ for most of the cases, but for (2) you 100% need professional help: diagnostic (interpretation of the law) and prescription (representation in the court).

Now some words for Moderator: in order that people follows laws with minimum enforcement, those laws should be not only clear, but considered by fair by general population. That is key to prevent as much violence as possible, and as result more security for all.

Wael January 24, 2021 10:46 PM

@Clive Robinson, @SpaceLifeForm,

My enquiry originated in part from @SpaceLifeForm’s post

I saw the Twitter thread, but didn’t feel like reading it. I don’t use Twitter, and I didn’t have the patience to go through a thread there.

And the issues of “root of trust”

Root of Trust: Several definitions…

TCG: a Root of Trust (RoT) is a component that performs one or more security-specific functions, such as measurement, storage, reporting, verification, and/or update. A RoT is trusted always to behave in the expected manner, because its misbehavior cannot be detected (such as by measurement) by attestation or observation.

NIST: Roots of trust are highly reliable hardware, firmware, and software components that perform specific, critical security functions. Because roots of trust are inherently trusted, they must be secure by design. As such, many roots of trust are implemented in hardware so that malware cannot tamper with the functions they provide. Roots of trust provide a firm foundation from which to build security and trust.

Global Platform: feel free to read the paper, as I don’t wish to comment on this.

non federated system for mobile devices that would retain anonymity yet also provide a rendezvous protocol so that they can make…

Too long to discuss. Feels like work 🙂

who can be lent on by Governments…

Can’t do anything about it, I believe[1]. See the emphasized section of the first definition.

Fun note: before TCG 2.0 (1.2b, I think) there was no “seed” in the TPM. TCG 2.0 introduced seeds (optimization of time, mainly — I think). So: Seed → Root → … leaf. What if we need something that goes before the “Seed”, would “Earth” or “soil” work? 🙂

[1] Aside from mitigating it by reducing the chances of a single device manufacturer’s ability to fully control the “RoT”! TPM, SOC / CPU, Firmware (BIOS, for example) should not come from a single device manufacturer.

name.withheld.for.obvious.reasons January 24, 2021 11:02 PM

Securing Democracy, Unlikely
Yes, I can hear it already, “What do you mean by that?” Also, “How can Democracy be secured?”

Two legitimate questions, neither of which are entertained in this rant. Instead, a rough pass at describing the underlying failures that make such a thing nearly impossible to address let alone resolve to a degree deemed reasonable. Just sayin…

The United States of American, having endured multiple infractions to both institutional and philosophical components of governance is beyond “on the verge of becoming a failed state”. It is failed; without addressing two elements that have literally grabbed the state by the throat, we will see how failure is manifested on the shores of these United States in stark terms. We’ve seen the failures abroad; Vietnam, Central and South America, Cuba, Porto Rico, and much of the global south knows what it looks like. The true flavor and taste of these failures are now inhabiting the United States domestically, for all its citizens to enjoy. Eat up, Merica!

The two issues; a state level arrogant hubris, and the corrupt individuals that occupy positions of power and responsibility. Again, with any systems level security there is an element of control and accountability that allows people to ascertain the degree or level of security, how it is applied, and whether or not it works (subjective as that might be). It is also recognized that security policies, practices, and procedures exist on a continuum; security is a process not a result.

To understand the international and domestic failures the United States has belched up, a description of the most pronounced element which is central and thematic–exceptionalism–in all its flavors, must be clearly stated. There is for example Empirical Exceptionalism, Domestic Exceptionalism, Christian Exceptionalism, and Political Exceptionalism…oh don’t forget, there is Corporate Exceptionalism. I am certain there are more to add to the descriptors but I will summarize them all under the heading of “State Level Hubris”.

To explain how the systems developed under the governance models of the United States have failed, a account must also be made as to the employment of Criminal Politicians and their aides. Summarily, this comes under the heading of “Corrupt Individuals”. This lawless (I think of it as soulless) class of individuals concerned not with their charge, given by the people that elected them, have repeatedly and increasing amped up their level of greed and corrupt practices beyond any natural institutional or philosophical limit. When the act of destroying your Mother is to deny your birth, blame your Mother, and request renumeration–you in fact are denying your own life and its validity. Seems most fitting for a Shakespearian play, a comic tragedy at best.

name.withheld.for.obvious.reasons January 24, 2021 11:25 PM

@ Wael,
Thank you for your contribution and glad to see you back in the game so to speak. Seems we circle these same wagons over and over again thinking somehow a solution exists. People and the organizations they habit have repeatedly and consistently proven that “WE” are the security. From inception, supply chain, assembly, installation, shipment, delivery, and power on–WE–form a Conga line in the ascribed RoT dance.

Remember when BIOS’s were immutable, for the most part, given you did not have a UV light and a PROM burner. The number of steps removed from the individual bits to some form of veracity is quite long. Just consider boot up, probably on the order of more than a quadrillion state changes in a state machine model before you hit a login prompt. Add that back to the RoT along with all the intermediaries and you have a large scale problem that probably suffers from any ability to be addressed at scale (pun-based sentence for your enjoyment).

Goat January 24, 2021 11:54 PM

@Nick, Google personalises your results that is my problem with it. And yes they sometimes say they dont but I have tested it myself and they do tailor results

SpaceLifeForm January 25, 2021 1:38 AM

@ Clive

When one does not see snow every year…


The Weather Channel asked for permission to broadcast the video.

Amazing though, that the drivers could see the problems the cars in front of them were having, yet, like lemmings, did the same thing. Too fast, then lock brakes.

I can see that it was a slick wet snow. Hopefully, all melted by now.

Wael January 25, 2021 1:39 AM


Thank you for your contribution

An application of “unproven theories” three and four

glad to see you back in the game

Thank you, although I won’t have the time to contribute as frequently as before.

for your enjoyment

My enjoyment or my bewilderment? 🙂

Winter January 25, 2021 1:39 AM

“Google personalises your results that is my problem with it. ”

Yes it is annoying. I do not use Google search unless I cannot avoid it.

I think looking for “metasearch” engines is one solution, with its own caveats. I now use Qwant search, but YMMV. One plus of these meta search sites is that they generally can be used in Tor (Google does not). If you can use Tor and clean out your browser regularly, e.g., using privacy mode, you can prevent personalizing.

Here are some tips that might help a little:

Clive Robinson January 25, 2021 2:41 AM

@ Ismar, ALL,

Some common sense suggestions how to try to speed up distribution of the COVID-19 vaccines

Sadly the desired “exponential growth” in response can not happen…

The reason is the difference between extant and expectant.

Rapid exponential growth requires it’s sustanance source to be in existence. So a virus can only have rapid exponential growth in an “existing and available” source of hosts[1].

To meet such a rapid exponential growth requires that either the response facilitating systems be in existance in sufficient quantity, or that they can be brought into existance at a faster rate.

As a general rule all production systems are rate limited.

Which means that you have to be able to respond very rapidly in the very early stages where you stay within the part of the exponential growth of the virus that is less than the effective linear increase of your rate limited systems.

Which means you have a short window of opportunity.

China managed to stay within the capacity of their rate limited systems early on thus by what many concidered Herculean effort and draconian policies managed to rob the virus of hosts in their region.

The West just bickered over “costs and profit” and the window of opportunity was frittered away.

The result is,

1, The latest virus mutations of the “501’s” growth rate is to double every seven days.

2, Other virus mutations are now known to be bidirectionaly zoonotic (human-mink-human).

3, The zoonotic spiecies has a wide spread wildlife range, and multiple members in the genus (mustelidaes) which can also be expected to become bidirectional zoonotic hosts thus be “reservoir species”.

4, The number of infections currently is outpacing vaccination.

5, The current vaccines have significant supply chain issues that for what appear to be political reasons are not being resolved.

6, At least one politician (in Wales) has publicly stated that the available vaccine should be held back / rationed because it’s being used too quickly and the trained staff will soon have nothing to do, so holding it back will keep them occupied in the future…

7, The producer of the only approved vaccine in the west in major production and distribution has taken a significant proportion of that production off line for an unknown period of time.

8, Both the US FDA and European EDA are giving all the signs and symptoms of being totally inept or corrupt. The German Government has accused the latter claiming the French are blocking the progress of other vaccine approvals out of “national pride”[2] as the French vaccine (Sanofi/GSK) has apparently failed in phase III testing to meet efficacy and thus they are hoping to “re-jig it” and run new phase III trials.

9, Germany has apparently outraged much of continental Europe, because sick of the Euro-crats bickering and slothfulness[3] they have done a “parallel deal” with Pfizer.

10, So far Continental Europe has given jabs to less people than the UK has.

11, Like all Federal systems both the EU and US Governments, can not govern when it’s realy required. That is “consensus” is required and there is too much political mileage in “you scratch my back and I’ll scratch yours” for things to happen quickly or efficiently.

12, Lobbying by “industry groups” acting entirely in a self interested way for the very very few has caused way to many wrong decisions. As was once observed by Upton Sinclair “It is difficult to get a man to understand something when his salary depends upon his not understanding it”.

13, People are stealing vaccination from the more needy. We are not talking the usuall political excuse of “to be seen leading the way” but deliberate stealing from the more needy by intercepting letters and filling out online booking.

Does any of that sound hopefull? Nope, “Nero is a fiddlin'”

Does any of that sound capable of exponential growth in the required time frame? Not at all, a snowball has more chance in a firey furnace in Hell.

The only solution we have, is very hard lockdown with very hard regional borders, and getting that at this late stage is very likely to require bullets.

[1] The reason why quarantine works as well as it does is that a virus has a very short life cycle. Rob it of hosts and it ceases to exist because it becomes extinct. Herd immunity rarely achieves extiction of a virus as it can evolve by mutation in a comparably short time, unlike hosts, thus what were immune hosts become available again, or other species become hosts (zoonotic) and can easily for a reservoir.


[3] One dictionary gives a definition of,

Slothfulness : complacency and mediocrity are the hallmarks of a life that has signed on for the parasitic existence.

Sounds about right with Brussels Eurocrats.

Winter January 25, 2021 3:23 AM

“Like all Federal systems both the EU and US Governments, can not govern when it’s realy required.”

Merkle put on the screws by threatening to close the German borders unless there is a common policy. That seems to work.

Goat January 25, 2021 3:36 AM

@Winter, Yes meta-search engines are expected to solve such issues but in my opinion they won’t work perfectly. Google would personalise the result based on the profile of the group using the instance(eg. based on Searx) and some bias would creep in(depending on diversity of users), Also the dependence on someone like google makes us vulnerable to Censorship.

I tried using google from tor(safest mode) and it worked for two searches.. Meta Search engines with google support are actually much problametic i.e. Either don’t support Tor(means block Tor: Startpage) or they throw a captcha error due to google’s asking captcha from them.

I like DDG over Qwant and Google also due to it’s Design but it all boils down to personal choice.

Clive Robinson January 25, 2021 5:02 AM

@ SpaceLifeForm, ALL,

When one does not see snow every year…

We get maybe 1/2inch of light quickly melting snow every other year, and the amount you see there about once every decade now in London… And as you can see it was fast turning to grey from the vehicle exhausts.

It’s a while since I’ve been up that far north of Heathrow Airport[1] but it looks like the “Sweetheart Lane – Ryefield Ave” / “Long Lane” junction in Hilligdon looking north.

The houses in Sweetheart Lane will set you back about £1,000,000 say 1.4million dollars. Just goes to prove that for some,

Money/sense is greater than one.

[1] Back in the VHF pirate radio MusBiz days when I could still get up a tree, over an 8ft wall or abseil down tower blocks with little difficulty. Before I became a respectable Consultant in Communications / Broadcast Design/Engineering and security with a not so secret past. But swapping trees and walls for climbing offshore instalations all over the world kind of doing the same putting in transmitters, and putting up antennas etc just “Professionally” 😉

Winter January 25, 2021 5:36 AM

@SpaceLifeForm, ALL,
“When one does not see snow every year…”

We just ended the first recorded two snowless years in recorded history. We used to have snow every single year since at least the middle ages. Not the last two years.

Oh, and my country is famous for skating (winning almost all speed skating events), again from the middle ages. Look up Dutch Art.

Clive Robinson January 25, 2021 9:23 AM

@ Wael,

What if we need something that goes before the “Seed”, would “Earth” or “soil” work?

There is at the very least the constraints of a “stochastic process” and all that entails

But it raise the question “Do quantum deities play dice?” and if so be who’s rules.

As for the other stuff it’s quite a website for the Global Platform stuff. Mind you it reads like a “Too many chefs” problem. So a long pole with a sharpened point might be a handy tool to carry 😉

JonKnowsNothing January 25, 2021 11:03 AM

@Clive @Ismar, @ALL

re:People are stealing vaccination from the more needy

In California, USA they are “stealing” vaccinations by lining up in the “drop dead standby” queues. Most areas have set up massive vaccination sites where people with appointments come for jabs. These Queuers form up a standby queue to get any left overs. Once the bottle of vax is uncorked it has n-hours of viability. At the end of that period there are often a few jabs left due to no-shows.

It’s a regular Mardi Gras, with folks from fancy upscale neighborhoods, driving their Mercedes, Porches to these sites, set up their hot spots and camping gear and wait 6-8 hours.

Sometimes security personnel go down these standby queues and pull out the elderly, infirm and disabled and put them in the front of the queue. Often as not though, some wealthy person who can work from a laptop, under 50 gets the jab.

“Better it should go to someone, and if that someone is 20yo why not me?”, is their motto.

re:taken a significant proportion of that production off line for an unknown period of time

This is an old trick used in California by the Utility Companies. During the hottest part of the year, when demand for A/C will be highest and the regulated KW charges the greatest, they pull one or more facilities off line for “maintenance”. In effect, they Max Profit by Queuing Demand into fewer facilities (less overhead costs), Max Billing Hours per Capita (high demand+fee), and for a double bonus they get to present 2+ arguments to the regulatory system:
  They need a rate increase due to extensive wear and tear
  They need a rate increase because they are guaranteed a percentage profit and since they had facilities off line (due to maintenance) they did not reach their Targeted System Wide profits.

Unfortunately, Pfizer either has a crappy vaccination production facility that implies their vaccines batch processes are unsanitary or they are building up an increased demand for auction style priced delivery system.

re:existing and available source of hosts

From a number of reports about quarantine failures the N501/B and L452R/CAL.C20 variants are outliving the current quarantine periods.

In NZ they had a first case of someone that left quarantine with negative tests and the requisite number of days and several days later got sick with the B1351/So Afrika variant. The person was negative on travel and negative during quarantine and negative on exit. It is supposed they got B1351 while in quarantine just before they were released from another resident (on the same floor) in the quarantine hotel.

There have been several reports indicating that these variants last in the environment longer than the D614G variant did. Some countries are increasing their quarantine days requirement.

The counter narrative is some people think if they get 1 or 2 jabs they should be able to travel quarantine free.

re:Spreading N501/CAL.C20
A group of NoMaskers here closed down another grocery store that had a Wear A Mask requirement. They enter the store, were told nicely to put a mask on, and then they start their protest shouting.

The store manager closed the store and called the police. The police in town Do Not Enforce ANY COVID-19 Protocols directed by the State or Local Ordinances.(1) So the Police escorted the folks outside since the store was closed.(2)

They were able to continue shouting and spraying spittle on everyone around them in the public parking lot. (This is actually an OKish place to protest)

The good news is, a good number of people shopping started to berate the NoMaskers for making things worse and for impeding people’s grocery purchases.

1, Yes, the police department here has decided to do No Enforcement on their own. Other departments in other cities are doing No Enforcement too.

2, The only defense the store has is to close the shop, since the police do not enforce COVID-19 restrictions. Once the store is closed, the people are trespassing and this is what they can be charged with.

Nick Fisher January 25, 2021 11:15 AM

The trouble with masks as protection for the wearer is that they need to:

x Perform to the published specification (and there are plenty of shoddy ones out there which don’t

x Be fitted by someone who knows what they’re doing

x In areas of high viral load, also protect the eyes, which most do not

I venture into Covid “hot zones” a couple of times a week and it takes 10 minutes to get the PPE on and not much less to get it off properly. Much like walking along a cliff path, it’s all fine until that one time you stumble…

Clive Robinson January 25, 2021 3:37 PM

@ Australians, Scots, ALL,

Today is Australia day, and tommorow is Rabbi Burns day, which means this evening is Burn’s night.

I wish all of you a happy one of your choice, or even it you are looking for an excuse to lift a glass in these times of lockdown.

P.S. When are you Aussies going to ditch your national anthem in favour of “I am Australian”?

Clive Robinson January 25, 2021 6:56 PM

@ Anonymous Mouse, ALL,

From the article,

“that [Moderna] was going to start investigating a booster specifically designed against B.1.351.”

In other words “an entirely new mRNA sequence” or jab. But by calling it a “booster” they can get around the normal extensive testing that a “new” jab would require not just for efficacy but safety as well[1].

What the article does not mention is that Scientists have been claiming the mRNA jabs are “to specific” or more politly “to highly targeted” which is why as the article notes,

“scientists found that there was a sixfold reduction in the vaccine’s neutralizing power against the variant, called B.1.351, than against earlier forms of the coronavirus”

Similar significantly reduced efficacy (ie more than two fold) can be expected of other varients / mutations[2].

These issues are less likely in more traditional vaccines that use either non viable or reduced viability viruses. Which also have a long track record thus judgments about both efficacy and safety in both the short and long term can be more readily made and thus reduced.

Oh what the article does not say is that we now know that some of the variants are,

1, Between 30-70% more infectious.
2, Between 30-40% more virulant.

Which is not good in the slightest.

Worse as @JonKnowsNothing notes there is increasing evidence that the variants are lasting longer out side of hosts thus,

3, Increasingly becoming more robust.

Which leaves open for now,

4, Varience in zoonotic ability

Although some varients are known to have bidirectional ability “human-mustelidaes-human” which are at significant risk of getting into the general wildlife population thus forming a “disease reservoir”.

All the while the clock is ticking and for some variants the “doubling time” for infecting hosts is a week or less. So taking a vaccine plant off-line or bickering over politics for a month means you have ~22 or more times the size of problem at the end of the month…

At some point we will not be able to jab people in the arm even close to the rate of infections increasing… Some would argue we are past that point now.

The other question people want to ask is which will have the lower death rate,

1, Injecting the vulnerable?
2, Injecting the spreaders?

It’s an interesting question with many variables and my first order modeling shows it’s two sensitive to tell thus higher order analysis is required.

[1] A pertinent question I do not know the answer to is “Can one human cell work with both mRNA sequences together?” which is probably doubtfull thus requiring another actuall jab time spaced from a previous jab. But on the assumption that maybe it can “Is this going to cause the same issues being infected with two simultanious virus can cause?” which includes increased risk of mutations, increased cell death, issues with the immune system, and potentially higher risk of aquired auto-immune diseases that could take a considerable time to become evident (think diabetes, cancer, etc).

[2] A reduction in efficacy in blood samples does not translate directly to immune effects. This is because both infection spread in the body and immune system response are exponential. Whilst the curves are the same shape you have to remember there is a different constant multiplier in the “dependent y axis” and a diferent time scale constant in the “independent x axis” of the plots.

name.withheld.for.obvious.reasons January 25, 2021 11:28 PM

@ SpaceLifeForm
Sorry for not getting back to you earlier, and about “Eh, Say, err…” thing, Key size is important, 8192 is good, 4096 okay, and everything else is…

Encapsulation helps, take the raw binary source, encrypt, and covert to appropriate transfer format, and encrypt again–a bit redundant but it slows others down. Stenographic methods that can be applied are good and can be obfuscated or forged to beat filter detection. Also, try embedding base-64 sources within a PDF as an opaque object. Most filters are looking for .asc, .pgp, .gpg, .zip, and such or just drop any extensions leaving the source format unknown. Using a pre-formatted header from a PNG, GIF, or JPEG with accurate metadata values (size, date, etc.) can work as well to help disguise an encrypted source document.

SpaceLifeForm January 25, 2021 11:57 PM

Stop the planes!


MarkH January 26, 2021 4:03 AM

@name.withheld, SpaceLifeForm:

More than a year ago, SpaceLifeForm and I had some dialog which left me with the impression that SpaceLifeForm had concluded that because the RSA cryptosystem can fail when misused, it is not secure.

For my part, I haven’t yet thought of a tool that isn’t liable to misbehavior when used improperly.

I’ve paid fairly close attention to RSA and the progress of integer factorization. To my knowledge, when

• RSA is used in accordance with well-publicized recommendations, and

• attackers can’t measure decryption timings and have no other access to the decryption process (i.e., no side channels),

then integer factorization is the best approach to cryptanalysis that has been discovered.

I offer two observations:

First, to avoid well-known mistakes in the use of RSA, follow established standards such as PKCS.

Second, although recommended key lengths have long exceeded 1024 bits, progress in factoring has moved considerably more slowly than was projected when recommendations emerged for longer keys.

The current factorization record for semiprimes was set last year, for a number about 830 bits in length.

Because of the way required factoring resources increase with problem size, the cost of factoring even a 1024-bit semiprime would be very prodigious, and many years might still elapse before this can be accomplished … expanding the record by 50 bits took a decade.

Even NSA would probably find factorization of 1024 bit keys very expensive, and longer keys infeasible.

I haven’t seen evidence that RSA is insecure.

Curious January 26, 2021 4:32 AM

I dislike the supposed replacement for cookies. Reading this article linked blow, it sounds like data is to be collected anyway from a computer user. I do not think that is much better than promising not to share the data outside your computer.

(“Google says it may have found a privacy-friendly substitute to cookies”)

I don’t know how this works, is encryption even invovled? I think the word ‘algorithm’ was mentioned, so maybe no encryption but analysis work being don on YOUR own computer?

I also wonder, is any of this effectively sidestepping European cookie privacy laws?

I wonder if Google, like I think some other people, thinks that “society” has a right to do research on personal data as long as they anonymize it. What bullshit.

What is the world coming to? Would people and organizations/businesses not afford running websites if they just make a website without tracking and recording of user data?

I just want websites to serve me their information. I would generally speaking NEVER agree to it working the other way around, unless they ask for it specifically then at least I can consider allowing such.

Ofc, then, even with privacy laws and such, I do not feel safe using a computer at all. Really nobody I can trust. Like living inside a zoo with free ranging animals of all kinds, and somehow I am to just trust most animals.

Clive Robinson January 26, 2021 4:34 AM

@ SpaceLifeForm, ALL,

Stop the planes!

How many times have you said that over the past year?

Did they listen?

Well New Year, New Pandemic with the three possibly four more devastating strains, hopefully they will start listening and as urgently as possible.

This time it realy is a “Second Pandemic” not a second wave, with three strains which all appear to be,

1, Atleast 50% more infectious.
2, Atleast 30% more leathal.

Out in the world and something strange in California…

And that’s from publicly available information…

Apparently in the US the new administration guy
Michael Osterholm, has been chatting to the UK and has other sources as well that make things look even bleaker, and he’s said,

“The data is mounting, and some of it I can’t share, that clearly supports that B.1.1.7 is causing more severe illness and increased death”

In Canada disease modlers have realy bad news from their models and say in,


“The punch line is that failure to prevent or contain this now spells disaster in March. While we don’t see much impact for ~6 weeks, when it comes it comes steeply, with a doubling time of 1-2 weeks, compared to doubling times like 30-40 days recently in provinces like Ontario.”

Just below a graph that is as applicable to the US only the red shaded plot for the effect of the variants will be more likely 4weeks to a month out than the six to eight weeks for Canada.

Which is why the Canadians are looking at changes to vaccination priorities.

That is not those most likely to die first being the highest priority, but those most likely to spread it. So they are talking about vaccinating “truckers” and the like as a priority. Which if the UK had had a more stringent border policy would have kept the B.1.1.7 varient out of the UK and in Continental Europe rather than crossing at Dover ferry port.

The Canadians are also looking at stopping anyone crossing US/Canadian land or sea border unless they have actual proof of vaccination and when it was done. Similar with air boarders but for much greater range of countries. Also as with the UK has indicated compulsory quarantine in hotels under guard for fourteen days at the travelers expense as a reasonable measure, with potentially a “Nationals Only” policy.

As you know my concern about border crossings and trade especially food has been going almost as long as yours for planes.

To see why this should be done people only need to look at the rise time in Éire that they did get under control with draconian measures, or the still out of control rise in Portugal and other Continental Eurapean nations… To see why hard quarantine at regional levels is advisable as Australia has done. With the early failure in one region with a couple of people slipping out highlights why the measures need to be draconianly enforced and at travelers expense[1].

Yet rather than have significant lockdowns and control movment with very hard regional quarantines, 27 European states politicians are bickering away the critical time left over their political objectives of a borderless Europe being infringed… I kid you not, reality does not appear to have got through their thick skulls…

Nice to have political aspirations, but only if you have a non disease decimated population to enjoy them…

Oh and the same politicians are also still arguing vehemently over vaccines and will be untill atleast the middle of next month… By which time it will probably be to late for them to “vaccinate their way out” hospitals will be totally swamped, and frontline medical personnel will be falling like flies from physical and mental exhaustion. Devolved or Federated political power is not capable of responding in an effective way to pandemics.

Which means the 13-15 deaths per thousand in UK hospitalised cases –with a mean age of 60years– caused by a new varient with just coping health care will rise to 65-75 deaths per thousand without from a linear scaling. In the US with a 330million population and assuming the same demographic as the UK, that will mean 5million deaths with functioning health care upto 25million without a functioning healthcare system on a linear scaling. With Europe having about half as many again.

Thankfully though, the death rate against age is logrithmic, so the figures will not be quite as bad in the economically productive and in education age ranges.

But… another thing to note is that the mutations are steadily changing the average mortality age downwards… This is not just as older hosts have been wiped out, but because they are also sheltering so the demographics of available hosts has shifted downwards towards those in education where large classes and “playing” in recreation time in high density areas has made “asymptomatic super spreading” normal thus evolutionarily the best way for the virus to survive…

Sorry to be apparently so grim about it but the situation has gone from bad to dire, and the only reason most do not see it is the effective time lag caused by exponential growth via community spread of infectious but non symptomatic people. Both the US and Europe have a couple of weeks left to be proactive, if instead they are reactive it will be carnage, of that there is little doubt.

[1] It appears that the new varients are more robust as well as there has been a case of a person who was not infected befor travel, ariving and during quarantine got infected by somebody coming into quarantine thus they became symptomatic and tested positive in the community… Suggesting that segregation in quarantine hotels needs to be stepped up with smaller numbers in each hotel.

Clive Robinson January 26, 2021 6:22 AM

@ MarkH, name.witheld…, SpaceLifeForm, ALL,

I haven’t seen evidence that RSA is insecure.

Is the wrong thing to say.

RSA, AES and a number of other “algorithms” are “theoreticaly secure”. However with all these algorithms in real world “implementations” many in are not “practically secure”.

So to most intents and purposes RSA, AES and most other security algorithms are not secure in practice.

Several years ago now I made it fairly clear on this blog that AES should only ever be used in “Off-Line” operation, never “On-Line” operation for exactly the problems to do with “side channels” leaking information.

Few understand “time based” side channels, even less “power based” side channels, and these are the only ones I’ve seen discussed either academically or publicly. I can assure you there are other side channels, not least of which are energy based ones such as “sound based” and “heat based” and mechanicaly based ones as well. Also remember energy moves in two directions, that is from a system and to a system.

It’s why I talk of “energy gapping” not “air gapping”.

But also people need to get out of “left to right” thinking. That is you might have taken lots of precautions wirh “data flow” but have you concidered the opposit direction that is “errors and exceptions” go from “right to left” on the diagrams and usually no precautions are taken with them “because xxx” (fill in your own favourite reasons there are maby to pick from).

But people need to remember the more efficient a system is generally it is both,

1, More transparent.
2, Has more running in it.

Which via the general principle of “Cross Talk” means other processes can open new side channels.

Such is the fun of designing real world secure systems.

JR January 26, 2021 1:42 PM

Re: East Coast Verizon et al

When you design an enterprise class data center, you build in enough redundancy so that you aren’t relying on a single carrier. Some data centers also straddle multiple power grids. But everyone is migrating to the cloud thinking that backups are no longer required because the cloud provider has failover. That’s a fallacy. If you aren’t in direct control over your backup and failover, then it’s not considered backup.

But now that everyone is WFH – Business Continuity and Disaster Recovery need to move
beyond planning for office and data center disruption. They have to consider staff WFH and single sourced to one carrier. Critical staff working from home potential BCM best practices could include some or all of the following:

  1. Buy your WFH staff a dedicated ethernet account managed by the office, that disallows Wifi. IT Dept should manage that account’s security and account creation. Corporations are saving money on office space, but should increase spending on securing employees at home.
  2. Critical staff should have a backup Satellite hotspot device with a different carrier.
  3. Never was a fan of BYOD. No authentication over BYOD devices. When Teams/VoIP is down, employees are now using their own devices for phone calls. That is disallowed in certain roles/industries.
  4. Very critical staff should have a copper landline. Not VoIP. With a dialup account for use as 3rd level backup.
  5. Headsets should be required for video conferences. It shouldn’t work without a headset. This disables the ability for eavesdropping by other devices in the vicinity. Families have all sorts of devices and apps that eavesdrop.

name.withheld.for.obvious.reasons January 26, 2021 2:21 PM

MLK Homage; InJustice Anywhere is a Threat to Justice Everywhere
A communications director for American Express has conveyed their intention that it will never donate to any of the 147 congressional members that stood in the well of their respective chambers to disenfranchise nearly eleven million votes from the election process.

This is the type of action that individuals need to make, we still have not resolved the issue of “reconstruction” or bring and end to slavery. Our trajectory appears to be pointed in the other direction. We have not made whole the many native nations that were “cleansed” from the shores of this continent. There needs to be a real effort to rid this country of the bitter and ugly sin that has been so ruinous to so many. Cloaked hatred and contempt for follow human beings has no future, hate of this type is a unreflected ego in crisis.

A threat tree, ala Schneier, plotted or directed to a historic perspective of social tranquility or a sense of a populations perception of security, could make for an informative exercise. Tracking just the Civil war and the conflicted idealogical positions is one place to start an analysis.

name.withheld.for.obvious.reasons January 26, 2021 2:42 PM

@ Clive, MarkH, SpaceLifeForm
The primary suggestion about key size is not the primary argument, shading the source document from overt discovery is. Where know cleartext is available in document and file formats that allow for potential key derivation is more to the point.

My apologizes for the ellipse at the end of the sentence, did not want to infer anything suspicious or nefarious respecting RSA. I recognize the value of implementation and validation of a process wherein trust and integrity have some level of assurance. But I know I am speaking to the choir, I have a copy or two of the hymn book myself. Forgive the sectarian-based analogy, its so culturally pervasive. Maybe a more Trekian type of wording is appropriate: To seek out robust solutions to communications and data integrity, to boldly encrypt where no-one has before.

Clive Robinson January 26, 2021 3:51 PM

@ JR,

But everyone is migrating to the cloud thinking that backups are no longer required because the cloud provider has failover.

Many forget that most cloud providers actively discorage backups.

As we saw with Snowmobile, they make it easy to get even the largest of data sets into the cloud. But when it comes to getting it out again it’s oh you can use these boxes we send you via UPS and you arr responsible for and as I understand it they feel no need to keep the data set on their servers if you do take your data away…

So they kind of push you into doing a backup over the wire, at what ever data rate they charge and again take no responsability for the data integrity or availability…

Why people use the cloud I’m realy not sure, I think all cloud business plans I’ve seen always fail to consider some aspect or another and later pay the price one way or the other…

P.S. On a stylistic note you tend to use a lot of three letter acronyms that can be hard on many readers where English INTFL. Thus traditionaly on first use in a document you would say the full phrase with words approprately capitalised all in quote marks,then put the acronym in brackets after it. So my above should be,

“Is Not Their First Language”(INTFL).

I know it can be a pain but it does aid communications especially where there can be ambiguity as with RTL which can mean,

Register Transfer Language

Real Time Logic

Resistor Transistor logic

Amoungst others, all of the above can actually appear in the same context much to some peoples anoyance who might not be sufficiently “tuned in” to know which is which… So,

“You can use a RTL to design RTL, based on RTL.”

Yes I’ve written such a sentence in a technical note in the past though it had a couple or three extra words in it. And yes it actually makes sense (if you use them in the order I’ve given). But it would be baffaling to those not sufficiently knowledgable to select them in the correct order.

MarkH January 26, 2021 4:53 PM

@Clive, name.withheld, SpaceLifeForm:

What Clive wrote above is correct, but in my judgment omits too much of the picture.

I offer a statement on which I think most of us can agree: the more access an adversary has to your secrets, the weaker your information security.

If an attacker has intimate access to the computer containing your secrets, your security is big trouble … and no choice of algorithm can fully protect you. Period.

For a homely metaphor, imagine an office in the days before automatic computers, staffed by cipher clerks laboring with pencil and paper. If any person in that room is an adversary, then the secrets are at grave risk. Period.

If you don’t have an effective system to prevent adversaries from snooping in that room, then who knows how many people can read your supposedly confidential communications?

There are practical ways to mitigate remote timing attacks against RSA (and other systems which use modular exponentiation).

There are also practical ways to greatly reduce the external signature of modular exponentiation computations where computers are subject to surveillance of radiated energy, conducted energy, or computational timing.

Clive properly warns that efficiency can be purchased at the price of security.

As with any security problem, designers must consider the application and threat models. Suitable protocols and protections for one situation may well be completely wrong for another.


I think a good case can be made that computers “make people stupid” in many ways.

One form of computer-induced stupidity is the notion that “I don’t need to follow common-sense security precautions because my secrets are in a computer.”

A physical system containing the secrets must be protected against attacks which are feasible for expected adversaries. If not, no choice of algorithm will save you.

MarkH January 26, 2021 5:03 PM


I hereby second Clive’s thoughtful message about careful use of acronyms and initialisms.

If you wish to be understood when writing comments, please don’t use such abbreviations unless either (a) they are in nearly universal use, or (b) you follow Clive’s guidance of explaining the abbreviation where it first appears in your comment.

Often I’ve been baffled by abbreviations commenters write here. For me, a mysterious expression of that sort usually is a deterrent to my reading any further. Just because you and your friends/colleagues use an abbreviation every day, doesn’t mean that most readers here will know it.

JonKnowsNothing January 26, 2021 5:18 PM


re: Shamans at Coups

There were many photos uploaded during the Jan 6, 2021 Putche in the USA. One of them was a very distinctive person wearing a horned helmet, with what appeared to be fox tails or coyote tails, face paint, extensive tattoos complete with spear. It was very cold that day and there was snow on the ground but this person was not wearing any coat or heavy clothing. The person was later arrested.

It was a curious getup.

His costume was distinctive and suggested some link to a shamanic practice, which one I don’t know, and I doubt that any Shaman I have met would have even consider participating in such a group.

One of the things that was interesting in the various photo spreads is the sizable number of tattoos. They also varied by photograph.

Circa Jan 24, 2021 there was a photo published in MSM of a protest in Russia over the arrest of Alexei Navaly. In one photo a person is very similar costume was front and center of the photo.

Horned head helmet, fox tail or fox legs as ear locks from the helmet, face paint, extensive tattoos of similar design, wandering around Moscow in January with only gloves for warmth. Napoleon should have been so lucky.

What can be seen from this Russian shaman is how the tattoos are applied. They appear to be on a skin-colored tight fitting garment similar to the type that ice skaters use for their competition routines. Skin toned garments are used in movies when filming sensitive scenes; skin toned Speedos. The use of skin toned costumes in ice skating competition allows for a trompe-l’œil illusion that the skater has on much less clothing and a more revealing anatomy.

So the two images of the shamanic costumes can now be see as “theater” body costumes. Once you take them off, the identifying tattoos are gone, the face paint washes off and you might be able to return to an invisible presence.

With so many photos, even without a direct ID by tattoo, the cross references from those around them would likely identify them but perhaps they are hoping to confuse face recognition programs.

One thing is clear, there was no shamanic practice involved in walking around in the snow with a bare chest and arms.

ht tps://
  Trompe-l’œil French for ‘deceive the eye’) is an art technique that uses realistic imagery to create the optical illusion t

ht tps://

Explained: How Tibetan Monks Use Meditation to Raise Their Body Temperature

n a remote Buddhist monastery in Northern India, a group of monks sit calmly, lightly dressed and unaffected by the shockingly low temperatures of their surroundings (40 degrees Fahrenheit / 4 degrees Celcius). They are then draped with ice-cold, wet sheets of fabric. In conditions that would not only cause the average person to shiver uncontrollably, but could even result in death, the monks remain unperturbed.

If that’s not amazing enough, the wet sheets soon begin to steam and after approximately 1 hour are even completely dry.

How is this possible? The monks were using a yoga technique known as g Tum-mo, which allowed them to enter a state of deep meditation and significantly raise their body heat, some as much as 17 degrees (Fahrenheit) in their fingers and toes.

(url fractured to prevent autorun)

SpaceLifeForm January 26, 2021 5:47 PM

@ name, Clive, MarkH

“Maybe a more Trekian type of wording is appropriate: To seek out robust solutions to communications and data integrity, to boldly encrypt where no-one has before.”

Set Phasers To Stun

JG4 January 27, 2021 12:01 AM

I may have accidentally left the Name field blank last time that I stopped by to wish everyone a Very Happy, Healthy and Productive New Year. Now a month late and a dollar short. You can file it under Starfish Prime.

I was happy to see I preserved the hilarious mashup produced by a chatbot two or three years ago. In light of the entertaining prose from the latest chatbot. “Empire is a machine … with eyes about a foot across.” Not surprisingly, the linked material was gone.

This had a few interesting points in it. The preamble was at least entertaining. It dismisses the real problem of endpoint security and fails to note that after booting, .gov toggle that stolen code in management engine off. This doesn’t happen easily, because altering masks is hard work.

Tech solutions to the tech problem
“The insurrection was foolish indeed to place its hopes in the old myths of the Republic.”

It also lets you trust that your server is running on an honest chip—or at least, on a chip that someone with Intel’s secret key helped make. Maybe someday the government will make Intel make a bunch of backdoored chips—but this doesn’t happen easily.

This pales in comparison to the Brazil hack.

Big Brother is Watching You Watch

Hacker Leaks Data of 2.28 Million Dating Site Users ZDNet

@Petre – bored employees also look at famous actors and actresses

SEC workers spent hours at work watching online porn | Reuters
Apr 23, 2010 — Several senior SEC staffers spent hours daily watching porn on their work computers even as the massive financial crisis was unfolding in 2008 …

Goat January 27, 2021 6:59 AM

Re:”Why people use the cloud I’m realy not sure?”

Convinience, Knowledge Gap, and Checklists

Convinience because you don’t need to mantain a server for backup and sync.

Knowledge Gap because you can use Syncthing for syncing.

It’s Easy to check off off-site backup when you put data on a cloud(though it may not be)

Nick Bryson January 27, 2021 8:15 AM

@xcv, How did you get into Right Wing Extremism?

My friend was pulled into it by Luke Smith(please stay away from this person) and though he regained his senses, before exiting society and regrets his ecofascist views.

Though he didn’t believe in conspiracies, you seem to have crossed that boundary as well, Now when are you planning to plant bombs.

Goat January 27, 2021 10:21 AM

@Nick Bryson, it seems that gnu/linux people are getting onto conspiracies, it is mostly because they are spending more time online and get into these stupid theories, I feel sad for your friends loss. Hope he has recovered.

Also tell him to spread the message around, maybe even start a blog about his experience. And if you deem safe, then also try to spread the message in extrimist havens(eg 4chan)

Winter January 27, 2021 5:00 PM

” Rich and powerful adults are having sex with children, and they are writing fiction and trying to hide what they do.”

Qanon is not about criminal powerful people. Qa.on is about Trump the saviour who will cleanse the world from satanic Democrats. Qanon cultists have wet dreams of a public mass murdering of Democrats.

They were devastated Pelosi, the Bidens and Clintons walked away alive after the inauvuration.

What is the Difference between IS and Qanon?
You tell me. Incompetence?

Clive Robinson January 27, 2021 5:02 PM

@ xcv,

Rich and powerful adults are having sex with children

Is not realy anything to do with politics, power or money, and everything to do with those individuals and how society sees them.

We know for certain that a very small petcentage of the population have abused children for over two centuries, and other sources of information show it has been going on in some form or another for several thousand years.

For instance untill fairly recent times in some parts of the world parents used to marry their daughters off when they were ten to much older men who had in all probability killed off their earlier wives. Whilst it appears truely horrific to us, it was and still apparently is concidered normal and socially acceptable… In one form or another these behaviours occure in areas that hold about 3/8ths of the worlds population.

I won’t go into the why it’s considered societaly acceptable any further as I find it utterly distasteful.

However there is a known relationship to the behaviour of preying on the weak and vulnerable and certain mental traits that exhibit themselves in other ways, such as a significant diminished or compleatly absecent ability to empathize.

Such traits are also known to be more prevelant in certain types of people who are superficially charming or attractive in some way. Much of which correlate with traits found in certain types of business leaders and politicians who consider themselves exceptional etc. Such people are in effect born to harm society one way or another and whilst they care not how many they hurt and damage, many others in society in effect hold them in reverance exactly because of the harms they do…

Thus in a way, we willingly make the evil that then preys upon us and those least able to defend themselves…

name.withheld.for.obvious.reasons January 27, 2021 5:24 PM

@ xcv
I suggest that you prioritize the conspiratorial thinking and embrace a more rational approach to real threats.

Real_Threats + Conspiratorial_Threats != All_Threats;

Real_Threats + Conspiratorial_Threats == Diminished_Visibility_of_All_Threats;

How long have Catholic priests used the church as both the scene of the crime (abusing young alter boys for example) and a way to cover up their misdeeds? Has this problem been solved, has the church openly engaged in a resolution and a reciprocity campaign? Or is there a continuation of “more of the same”.

If your tentative grasp of facts does not allow you to address the same problem that is already well documented, how effective is your effort when the fanciful conspiracy dejour displaces any action in the cause of solving a real problem?

This type of post-truth nihilism is harming the United States and the world. When disinformation can displace legitimate causes to action then the spiral path of our collective demise is made tangible.

name.withheld.for.obvious.reasons January 27, 2021 5:39 PM

@ SpaceLifeForm, Clive,
Seems the poignancy versus temperament battle continues. If you have noticed any irregularities of late I can say it is both disturbing and enlightening at the same time. I don’t lose any sleep over it but the frustration is tempered by the audacity and disregard. I do, however, make stiff my upper lip; there are more important issues and fish to fry then might be addressed here.

@ Bruce,
I am concerned that we (collectively) are not the best of house guests and I wish to personally apologize for any role or contribution I may have engaged in that brings shame or ill repute upon this house, your house. Deep respect and gratitude to you my good sir.

Nick Bryson January 27, 2021 7:01 PM

@xcv I dont use my friends, I rescued him out of this mess.

My first experience with this blog seems to be quite discouraging.

Goat January 27, 2021 8:42 PM

@Nick, your first impression is’nt great either and remeber labelling extremists just adds to the problem.

“Dont rub them” -JonKnowsNothing

Winter January 28, 2021 12:32 AM

“Real_Threats + Conspiratorial_Threats == Diminished_Visibility_of_All_Threats;”

No children have been saved from abuse by Qanon. On the contrary, Qanon has distracted attention from real children been really abused.

But the aim of Qanon is not to save children from abuse. The aim is to murder Democrats (and a few other groups). The accusations of child abuse are just a fabrication to “justify” the blood bath. Just like they were in the other child-eating conspiracy theories that appeared over history since Roman times.

One hand on the Bible, One hand on the gun. January 28, 2021 3:56 AM


Guess which furry pest is trying the “Only Following Orders” defence?

Combined with the mercenary behaviour of “Oi where’s my pardon?”

Apparently bail has not been granted and the 33year old is facing the same length of time in jail as the original “Great Awakening” took,


I don’t know where the lawyer was dug up, but I think you might have seen a kitchen where they might have imbibed large quantities of cheap Californian plonk. Such “birds of a feather” realy do tend “to fly together” and I suspect their results to be about the same.

Winter January 28, 2021 6:23 AM

“Guess which furry pest is trying the “Only Following Orders” defence?”

With less compassion one could describe him as one of the “deplorables”. But I would rather describe him as a person who is singularly unqualified to cope with life in the USA.

As for his defense, I do see the point that those who incite others to commit criminal actions should be held accountable for the consequences.

Nick Bryson January 28, 2021 8:47 AM

Morning folks!!

@Goat, Re:”Don’t rub them”

Indeed this is a quite difficult advise to follow, if I would have treated my friend as I commented now he would probably not have got out of this.

@xcv, I would just like to say:

1) Without any bias consider, the facts against these conspiracies
2) Ask yourself – “Is Trump some god?”
3) Read don’t skim

Aplogies @xcv ,@Bruce and others for my tone

@xcv, I would like to wish you all the best for the journey.

“A Journey of a thousand miles starts with a single step”

JonKnowsNothing January 28, 2021 9:31 AM

@Clive @All

re:Mink COVID Y453F in Greece Update 01 12 2021

This is a follow up on the outbreak in Greek Mink Farms 12 04 2020.

OIE Veterinary updated reports on the status of Mink COVID strain Y453F indicate that the mutation was tracked to 6 humans and confirmed in 3 mink farms.

Previous reports in December 2020 had found the mutations in 5 humans.

Genome comparisons are ongoing.

re: Netherlands Mink COVID outbreak Update 01 06 2021

The Dutch Ministry has confirmed that all mink have been killed/pelted and no mink farms now permitted in the Netherlands. No additional reports will be filed.

re:Mink Ferrets N501

Generally, the mink family is very susceptible to COVID-19. I have not yet seen any references to how the new deadlier 501 mutations affect ferrets/minks.

As ferrets are often used in lab experiments and are particularly useful to infect with COVID-19 for animal testing, such tests are likely to be in progress. Common D614G COVID-19 infects them easily. The N501s (Bs/Cs) are still part of the D614G lineage. Some of the N501s sub-mutations were first seen in the Y453F F-Spike variations in Mink which has both the increased infectious mutation and the antibody escape mutations.

There are scattered reports of infected wild mink.

Previous indications are that older mink get very sick and die, while mink under 2yo have mild symptoms. Some reporting may have been shaded to protect the mink fur trade until full pelting completed.

Pelts are expected to be traded to China and other countries for the fur trade in coats, collars, hats and other fashion accessories. No details on what sort of decontamination processes will be used. Implied process is an external cleansing of the fur itself. Nothing indicated about any cell-based viral residue or if such residue could be picked up later in the environment after the item has been discarded.

ht tps://
(url fractured to prevent autorun)

lurker January 28, 2021 1:55 PM

@SpaceLifeForm: Stop The Planes!
An “isolation/elimination” country can have the luxury of such low case loads that significant effort can go to chasing the few outliers. @JonKnowsNothing quoted above a case of the B.1.351 variant escaped isolation in New Zealand. Incoming pax are deemed suspect and go to 14 days “managed isolation” with tests at day 3 and 12. Those testing positive go into “managed quarantine” which is supposed to be stricter.

Genome checking has now shown that while patient zero was in only isolation, 353 other persons passed through that particular hotel. There are now 3 known positive tests from these, and more by good luck than good management, all close contacts of these have returned negative tests.

Of greater concern is that at 1800Z Jan. 28, 48 of the 353 had not been contacted for testing. Worse, 12 are known to have travelled to Sydney, Australia’s current hotspot. 3 of these are now said to be in Hongkong…

SpaceLifeForm January 28, 2021 4:41 PM

@ name.withheld.for.obvious.reasons

It is the discourse here that makes it all worthwhile.

The bots have no wit.

Clive Robinson January 28, 2021 5:52 PM

@ lurker, ALL,

You might first want to not be eating or drinking before proceading…

With regards,

New Zealand. Incoming pax are deemed suspect and go to 14 days “managed isolation” with tests at day 3 and 12.

It turns out that “testing” at the nose and throat are not the right place to do so acording to Chinese Research…

Some may remember that the majority of beta corona viruses do not effect humans, but animals. And the normal way it presents in animals is as gastro-intestinal disease. Which the animals tend to survive, hence the concerns about zoonotic transfer and disease reservoirs.

Well what I suspect many of you don’t know is that those ACE2 receptors that SARS-CoV-2 hooks into appear all down not just your respiratory tract but all down your alimentary tract as well…

Thus whilst COVID might be seen as a respiratory disease in the west, it’s actually way broader than that, it goes where ever mucus membranes with ACE2 receptors go.

So when you bring up muck from your chest or down from your nasal passeges it goes into the alumentary tract, where it can pass through the acid bath that is the stomach and take the infection down to your bowels. It’s entirely possible that some do not get respiratory infection but GI tract infection thus show up negative with the current swab tests even though they are positive.

So to check you are clear three swabs need to be taken each time,

1, Nose.
2, Throat.
3, Rectum.

So yes, that last swab needs to be taken about 3-5cm inside of your anus…

Obviously this third test is not just rather more unpleasent, it’s also a lot more personal than the other two, and not something most would care to undergo.

However due to the way China works if the authorities say it will be done, the Chinese citizens are generaly rather more compliant than western nation citizens are.

Hence Chinese research results show that disease that otherwise does not show up is beong caught with the third swab from the bottom of the alimentary tract…

Clive Robinson January 28, 2021 6:13 PM

@ name.withheld…, SpaceLifeForm,

I do, however, make stiff my upper lip; there are more important issues and fish to fry

As I get older, I find I can see further into the barrel, thus the more fish I see… However a bullet only travels a short distance in water, so no matter how much you shot you fail to nail them.

@ SpaceLifeForm, All,

Curently Marcus is under LA Lockdown, but that is going to be eased “real soon now” if some people have there way…

SpaceLifeForm January 28, 2021 6:21 PM

@ Clive, lurker, ALL

Recall that I noted that NCoV2019 was spotted in SUMMER of 2019 in Wuhan via OSINT.

It was actually SATINT.

Some may be shaking their heads, WTF? How can it be SATINT?

One must think.

Clive Robinson January 28, 2021 7:31 PM

@ SpaceLifeForm, lurker, ALL,

It was actually SATINT.

Yes, anything measuring the chemical spectrum of smog would have noticed unseasonal changes, that would not correlate with visable industrial expansion or change.

It takes a lot of fuel to burn things at 1200 or above and generally that sort of incineration is “dirty”.

Also the IR signitures would have bloomed at unexpeted times or even places.

SpaceLifeForm January 28, 2021 9:52 PM

@ name.withheld.for.obvious.reasons

I see no other option than nuke of filibuster.

Time’s a wasting.

JonKnowsNothing January 28, 2021 10:04 PM

@Clive @lurker @ALL

re:The Sewer inside and out

COVID-19 does pass all the way through the digestive tract and the more observant countries with centralized sewer systems have been testing the effluent regularly.

Several escapees from quarantine have been found by tracing the virus residue through the sewers. Also, they gave some advanced notice that something was wrong
before the 501s had been sequenced.

Sewer tracing is often the first alert because people are asymptomatic physically but shedding the virus through eliminations.

The new anal swab collection seems to be part and parcel of the failing PCR tests for the 501Bs/Cs. This is pretty much a complete Do Over from The Beginning, only this time the results are likely to be worse.

More reports indicating that vaxes Pfizer, BioNTech, Moderna may not be effective against B.1.351 501Y.V2 So Afrika Variant.
(Pfizer, BioNTech were listed as separate vaxes.)

It maybe MSM reporting styles, but the VaxWars are heating up. People are getting desperate. Oligarchs are queue jumping to save their bank accounts from The Ferryman. Some folks have lost all instinct for survival (1).

One interesting note is that while millions of people are sheltering and the difficulties legion, barely a word is mentioned for the incarcerated in densely packed facilities, with limited or no access anything more than their bed racks, if they even have beds. Some countries provide open barred steel pens, wall to wall occupants and a concrete floor.

1, A Search and Rescue Team member, told me that when a person is lost in the mountains, they often lose their instinct for survival. They start to run blindly in any direction, and remove their clothing as they go. The trail is marked with jackets, shirts, shoes etc. Often the person is found without clothing and expired from exposure.

markky January 29, 2021 8:03 AM


Well what I suspect many of you don’t know is that those ACE2 receptors that SARS-CoV-2 hooks into appear all down not just your respiratory tract but all down your alimentary tract as well…

Interesting. I remember reading last year that there appeared to be a link between google trend searches on diarrhea in areas that a couple of weeks later became covid-19 hotspots. I think ths is probably the paper that article was based on.

Some interesting follow on reading material at

In particular this one,

  • Mark

markky January 29, 2021 8:59 AM


In particular this one,

I should have said why I thought this was interesting. The letter is titled “Diarrhoea may be underestimated: a missing link in 2019 novel coronavirus”, two sections caught my attention

we examined the expression profiles of ACE2 in various human tissues and found that ACE2 was highly expressed in the human small intestine. Intriguingly, the RNA level of ACE2 was quite low in lung tissues from healthy donors.


Based on the postulation from the epidemiological features of SARS, which is transmitted through fecal-oral, 2019-nCoV might use the same path for transmission.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.