ResearcherZero April 16, 2021 6:37 PM

About a quarter of roughly 1,500 electric utilities sharing data with the North American power grid regulator said they installed the malicious SolarWinds software used by suspected Russian hackers, the regulator said on Tuesday.

“This is the same thing you can do in a wartime setting, so it’s extraordinarily dangerous, and an outrageous affront on our sovereignty and one that’s going to have to be met with a strong response,”

“The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!),” – The Donald

Your not alone though, when our Prime Minister used to be a policy advisor for a certain organization, he was giving drugs and alcohol to a girl in a building opposite to where he worked, beating her up and abusing her, as some developers wanted to knock the building down and wanted her out.
Her father had already dropped dead after a long harassment campaign, leaving her alone and vulnerable, and targeting vulnerable people is how some people make a quid. But let’s see if the new “Prime Minister for Women” makes a better minister than a spy, before jumping to any conclusions.

Shock&Awz April 16, 2021 8:54 PM

Buried in the latest Covid news, CBC has a little article today on former Canadian PM Stephen Harper having quietly joined a Toronto investment company Awz Ventures.

“Awz is a Canadian-based global hub for investment in cyber security, intelligence and physical security ​AI-based technologies from Israel, a global leader in these sectors.”

Depressing but unsurprising to see the churn of former five-eyes senior spooks, military and so on, into the commercial world. They’ve got CIA, they’ve got FBI, they’ve got MI5, they’ve got CSIS, they’ve got various police and special ops. And naturally they’ve got Mossad and IDF in spades.



SpaceLifeForm April 17, 2021 2:29 AM

@ Jonathan Wilson

The bizzare thing is the Codecov problem was found because a customer actually checked the hash on the bash script! And it did not match what was on github.

I doubt most people think about checking hashes on text files.

Codecov, which makes code coverage checking tools, said that a customer informed the company of the issue on April 1 after noticing a discrepancy between the SHA1 sum for the uploader posted publicly on GitHub and the sum calculated from the Bash Uploader they had downloaded. Codecov began investigating the incident and disclosed it on Thursday.

“The actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script,” Jerrod Engelberg, CEO of the company said in a statement.

Security April 17, 2021 5:12 AM

@ Anonymous:

How about you stop hiding behind your sources and take a stance against the fascist overtake of power?

Just posting sources won’t help you nor me nor anyone else, you rabid keyboard warrior.

Winter April 17, 2021 5:39 AM

A repost from earlier about the desinformaton war to kill as many Americans and Europeans as possible. Because that is the aim of the anti-vaxxer-propaganda posted here, to kill us.


The most deadly part of Cyber War is the way states are trying to spread disinformation about the pandemic and vaccination. Given that the pandemic has already killed more than 3 million people (300,000 Americans, for those who are not interested in other humans), a disinformation campaign is underway to double that number by letting vaccination campaigns fail.

This is really a low cost and low risk strategy to inflict a lot of death and destruction on your neighbors.

Winter April 17, 2021 7:37 AM

“Ukraine’s minister of defense, Andrii Taran, told European lawmakers on Wednesday that Russia is now garrisoning about 110,000 soldiers near the Ukrainian border.”

There were suggestions that Russia wants to open a land corridor to the Krim, and also capture a source of freshwater for the Krim.

But maybe Putin just desperately needs a diversion from his plummeting popularity and lack of trust by his own people. Russians seem have less trust in their own vaccine than even the people form Western Europe. And any leader that needs to resort to poisoning dissidents and competitors has a sever legitimacy problem.

Winter April 17, 2021 10:23 AM

“Which “official sources” would you then deem appropriate?”

I am in the happy circumstances that I can read and understand the scientific literature directly. Also, I talk to scientists in the field. When virologists and immunologists want their parents and themselves to be vaccinated as fast as possible, I know what to believe.

For those that are not able to read the primary literature and cannot talk to scientists in the field, listen to Fauci and the CDC. Their advices were the best that was available given the information available.

No one is infallible, but I trust the ability of Fauci to digest the state of the art more than any random other “mouthpiece”.

JonKnowsNothing April 17, 2021 11:06 AM

@Clive, All

re: Another COVID Quarantine Room Cross Infection

MSM Report

There have been several incidents in Hotel Quarantines where COVID-19 infected healthy persons during their quarantine stay. Most protocols require the persons to remain inside their rooms for the duration. They are not allowed to go walkabout or have their hallway doors open to chat with others à la prisoner cell2cell communication. They are only allowed a brief period when the door can be opened to bring in their meals/food, put out the trash, laundry.

iirc(badly) One case, the cross corridor contagion was initially blamed on a medical inhaler device used in one of the rooms. Later that was retracted and it was found that the COVID-Mut had jumped the corridor simply because the doors were opened to retrieve food etc at the same time or a short time later.

The recommendations changed to not delivering food simultaneously or picking up the trash at the same time for all the rooms on a corridor. As a corridor guard was infected, additional changes were made to protect the guards.

This new report has some interesting aspects:

  • 7 travelers from different countries
  • 2 different family groups
  • The 2 groups arrived on 2 different days
  • All got sick while in quarantine
  • All 7 have the same viral genome
  • All 7 stayed on the same floor (12th floor)
  • The 2 groups had adjacent rooms

Other reports that might be referring to this outbreak

  • The original source of infection was from someone who had stayed in quarantine before the current 2 groups arrived.
  • The original source had cleared quarantine and left the program


ht tps://
(url fractured to prevent autorun)

Winter April 17, 2021 11:15 AM


It seems the attack on this blog has gone in overdrive. The posts get a little more sophisticated. The easiest way for me to be certain that I am on the right track is when the insults and impersonations start. Impersonations the moderator can easily spot by checking the email address given for the comment.

Someone really wants to discredit this blog and spread anti-vaxxer and COVID conspiracies. The only reason I can think of to do so is to harm Americans (see the earlier DINS post) and other Westerners as well as stoke the anti-China fire.

Anders April 17, 2021 4:57 PM


Russia has special “internet trolls” unit.


When option shifting is needed, they are activated.

Ukraine is currently big reason why they are massively

SpaceLifeForm April 17, 2021 6:42 PM

@ Anders, Clive

Yep. Ever “follow” @bellingcat or @intelcrab ?

RU is really trying to escalate.

Broke. Desperate. No more money laundering.

Mercers, Kochs, NRA, FB, Cambridge Analytica.

I can list many more.

Boris Johnson, Arron Banks….

They are worried.

Clive Robinson April 17, 2021 8:26 PM

@ SpaceLifeForm,

They are worried.

I suspect not BoJo, he’s got away with it in the past and now he’s passing legislation to stop any further danger to himself.

As far as what he is upto goes, he’s taken a leaf out of Vlad’s book, and the result is as unfunny as a rubber banana, which he’s kind of turned the UK into. He’s just loving COVID it’s given him all sorts of excuses to slip bad legislation into law without any attempt at oversight.

As he was born in the US, would you object if we sent him back and revoked his UK Citizenship? You could also hit him for all those taxes he’s never paid… We realy don’t mind if you bankrupt him and sling him in a super max, I’m sure he will fit right in, just don’t let him out.

Weather April 18, 2021 12:13 AM

Was wondering if anyone has looked into Wpa3 ,has it actually stopped remote brute forcing?
The uptake seems to be slow with this? Does the law still clasfy Wpa2 has secure?

ResearcherZero April 18, 2021 3:15 AM

If you don’t play with bats they don’t bite you, but don’t let them near your ear. If you have to take one off a dog or handle a bat, wear a mesh glove, as they have very fine teeth like little needles, unless of course you let them climb up your shoulder and latch onto the top of your ear.
A bat earring is not cool, after the Rabies vaccine, spew can come out one end and poop out the other. You might also swell up a bit, turn a bit red in colour, and perhaps spend the night in hospital for observation. You will very likely get a good rush of nausea and hot flushes for a 30 or 40 minutes.

“Well, the administration isn’t aware of this, so I need to make sure I go over there and tell them what I know, because it involves them,”

The inspector general inquiry into the circumstances of Ellis’s selection remains open, Nakasone told Congress on Thursday.

had no formal training in the classification of national security information.

And again, don’t let “bats” near your ear.

Anders April 18, 2021 6:15 AM

@SpaceLifeForm @Clive


Ukraine got some of their arms from those dealers.

So it’s a payback, Mother Russia don’t forget such
a thing.

Winter April 18, 2021 9:27 AM

Vladimir the Poisoner of Underpants[1] does not stick to underwear. I assume Western intelligence has been busy identifying everyone in unit 29155.[2]

[1] владимир отравитель трусов
[2] hxxps://

xcv April 18, 2021 12:48 PM

@ Winter

Vladimir the Poisoner of Underpants[1] does not stick to underwear. I assume Western intelligence has been busy identifying everyone in unit 29155.[2]

[1] владимир отравитель трусов
[2] hxxps://

a Bulgarian arms manufacturer collapsed into a coma following what was identified as poisoning by an unknown neuroparalytic substance. At that same time, the entrepreneur’s son and the production manager of his factory were also poisoned. A possible second poisoning may have been attempted a month later, days after Gebrev and his son were released from hospital.

So are you saying GRU’s Unit 29155 is compised of old-guard Communists from the KGB days who are bent on a murder-and-mayhem agenda to impose gun control, disarmament, paralysis and missing limbs on the subject population or proletariat of Bulgaria and other European countries including Britain?

We have previously identified Denis Sergeev as a Maj. General from Russia’s military intelligence elite overseas clandestine-operations unit, a sub-unit of military unit 29155. He traveled to the UK to coordinate the operation of Col. Chepiga and Col. Mishkin (aka “Boshirov” and “Petrov”) in Salisbury in March 2018.

I am rather shocked. I certainly would not doubt the existence of such old-guard communist ideologies among Russian expatriates living abroad, or the reports of their vicious “spycraft” or “statecraft” activities as the case may be, but nonetheless I have very strong doubts whether their present-day activities are still being directed to this day by the Kremlin or current administration of Vladimir Putin, who I feel should be accorded the benefit of the doubt and considered innocent until proven guilty.

Nor do “the usual” mainstream media reports from Reuters and AP shed any further light on the matter.

Winter April 18, 2021 2:09 PM

“So are you saying GRU’s Unit 29155 is compised of old-guard Communists from the KGB days ”

No, they are all authoritarian nationalists now. The USSR dissolved 30 years ago.

“I have very strong doubts whether their present-day activities are still being directed to this day by the Kremlin or current administration of Vladimir Putin, who I feel should be accorded the benefit of the doubt and considered innocent until proven guilty.”

The GRU is lead by Putin’s own colleagues from the KGB and has been build and organized by him and the old guard. I am now even questioning your sincerity here.

Putin rules the intelligence services in Russia. There is no doubt about that.

Anders April 18, 2021 3:49 PM



Anders April 18, 2021 4:40 PM

Estonian Internal Security Service annual review 2020-2021


xcv April 18, 2021 4:57 PM

Winter • April 18, 2021 2:09 PM

“So are you saying GRU’s Unit 29155 is compised of old-guard Communists from the KGB days ”

No, they are all authoritarian nationalists now. The USSR dissolved 30 years ago.

Are you saying you are a Communist now and they are the Nazis? In that case, how is the GRU of today any more “authoritarian” and/or “nationalist” than the KGB of the USSR 30 years ago?

“I have very strong doubts whether their present-day activities are still being directed to this day by the Kremlin or current administration of Vladimir Putin, who I feel should be accorded the benefit of the doubt and considered innocent until proven guilty.”

The GRU is lead by Putin’s own colleagues from the KGB and has been build and organized by him and the old guard. I am now even questioning your sincerity here.

Putin rules the intelligence services in Russia. There is no doubt about that.

Vladimir Putin is President of the Russian Federation. One would naturally expect or assume that he does rule whatever intelligence services are under his command as part of the official government of the Russian Federation.

At the same time, I am skeptical of any claims that Russian expatriates who may or may not have “defected” from a one-time Communist Party or in any case left Russia, and have not been back to Russia since the days of the USSR, are still under Putin’s command after being, in effect, exiled for so many years.

JonKnowsNothing April 18, 2021 5:20 PM


re: COVID pandemic and Security

If you hunt through the archives from back at the start of the pandemic @Dec 2019 or so, you will find the discussion and answer to your question.

A good search phrase is: STOP THE PLANES by SpaceLifeForm

Of course, our host Bruce may change the topic rules at any time.

re: Civility and Discourse

The blog has been under attack for some time by a Troll-Set posting under the names of regular contributors. The hallmark of these postings is the lack of civility, lack of vocabulary and lack of coherent thoughts.

Regular contributors tend to produce a more cohesive discourse.

fwiw: I don’t have TV or Cable or use Social Media… much for the reasons you mentioned.

vas pup April 18, 2021 6:00 PM

A neuromagnetic view through the skull
First noninvasive measurements of fast brain signals

“The brain processes information using both slow and fast currents. Until now, researchers had to use electrodes placed inside the brain in order to measure the latter. For the first time, researchers from Charité — Universitätsmedizin Berlin and the Physikalisch-Technische Bundesanstalt (PTB), successfully visualized these fast brain signals from the outside — and found a surprising degree of variability. According to their article in the Proceedings of the National Academy of Sciences, the researchers used a particularly sensitive magnetoencephalography device to accomplish this feat.

The desire to observe the brain’s nerve cells operating ‘at the speed of thought’, ==>but without the need to place electrodes inside the brain, has led to the emergence of two techniques featuring high temporal resolution: electroencephalography (EEG) and magnetoencephalography (MEG). Both methods enable the visualization of brain activity from outside the skull. However, while results for slow currents are reliable, those for fast currents are not.

Slow currents — known as postsynaptic potentials — occur when signals created by one nerve cell are received by another. The subsequent firing of impulses (which transmit information to downstream neurons or muscles) produces fast currents which last for just a millisecond. These are known as action potentials. “Until now, we have only been able to observe nerve cells as they receive information, not as they transmit information in response to a single sensory stimulus,” explains Dr. Gunnar Waterstraat of Charité’s Department of Neurology with Experimental Neurology on Campus Benjamin Franklin. “One could say that we were effectively blind in one eye.”

==>The interdisciplinary research group succeeded in rendering the MEG technology so sensitive as to enable it to detect even fast brain oscillations produced in response to a single sensory stimulus.

They did this by significantly reducing the system noise produced by the MEG device itself.

[They] have now changed the design of the superinsulation in such a way as to ensure ==>this noise is no longer measurable. By doing this, we managed to increase the MEG technology’s sensitivity
!!!by a factor of ten.”

The fact that the researchers are now able to compare individual responses to stimuli opens the way for neurology researchers to ==>investigate questions which previously remained unanswered:
(1)To what extent do factors such as alertness and tiredness influence the processing of information in the brain?
(2)What about additional stimuli which are received at the same time?”

My nickel: both above are security related.

Name April 18, 2021 6:21 PM

vas pup, please use a pastebin next time when posting 2 or more link/stories. I know you probably won’t but I’ll suggest it here. This goes for others who like long posts, too.

PASTEBINS. WORK. Use them if you care more about the user and less about your ego.

Clive Robinson April 18, 2021 6:30 PM

@ vas pup, ALL,

A neuromagnetic view through the skull
First noninvasive measurements of fast brain signals

My first thought was “lie detector”, as we know conventional lie detectors do not work and you can learn how to fake them.

Then some idiot –in India if memory serves– stuck people in fast mri scanners and started seeing different parts of peoples brains light up when they were telling the truth and lying…

So this has the potential to be turned into another brain scanner and no doubt some other idiot will do the same tests as last time and say it works.

I suspect that a decice using this technology will be down in the low thousands of dollars to make, small and easily transportable, unlike an fMRI that costs hundreds of thousands of dollars to get up and running, is large and requires a specialised room thus is not easily transportable (18 wheeler tractor and long body container).

name.withheld.for.obvious.reasons April 18, 2021 6:35 PM

18 Apr 2021 — There is something in the air?
From the Federation of American Scientists; according to the U.S. Army, a trained soldier can identify whether a person is a vegatarian or meat-eater from human odors. The referenced article can be found here hxx sp://

hxx sp://
The above URL mangled for your pleasure.

1&1~=Umm April 18, 2021 6:37 PM


PASTEBINS. WORK. Use them if you care more about the user and less about your ego.

PASTEBINS. DO NOT WORK. Use them if you care not a jot about your and others privacy.

Clive Robinson April 18, 2021 7:46 PM

@ Fed.up,

I think we all prefer civility too.

Generaly when things are normal this is a civil place. It would be nice to be back there all the time, unfortunately as has been indicated a person or persons unknown has decided to attack the blog to elicit almost exactly the response you’ve given.

Thus it would not matter what the subject is they would find one or more to attack people with.

As regards COVID it’s the closest thing to a short term existential threat we have right now. Which means it effects humans and human behaviours.

I know it does not look like it currently with SolarWind and Microsoft servers, but the real reality is mostly ICTsec is about human not technical failings.

As has been seen with incorectly set up Zoom and similar meetings and people working from home on their own probably totally insecure systems, the change in human behaviours caused by SARS-CoV-2 and it’s multiplicity of mutations[1] is causing it’s own pandemic of ICTsec issues and there are not the staff with the right training to mitigate this.

COVID also threatens supply lines not just in basic supplies but also in ICT equipment. I don’t know if you have heard but there have been atleast three major ibcidents at fab plants with the result that many IC’s are either in short supply or are just not being made.

COVID also threatens the utilities and infrastructure. The switch to home working has compleatly changed the usage of the utilities and they were not in any way prepared for it. The result is that there is a fair bit of “under capacity” issues that are causing other failures or lack of resiliance. Whilst those weather issues in the southvof the US have been blaimed for the utiliry failures, actually they were the last straw. The real issue was the lack of resilience exacerbated by the change in expected behaviours caused by lock downs and home working.

As for watching the MSM for information on COVID, when even the UK’s BBC is giving out what is clearly fake news it shows just how unreliable main stream journalists are these days.

If you go through what has been said on this blog since Jan last year, the people hear “have called it right” way way more often than the MSM and the word has obviously got out.

The thing with COVID was the “it will all be over by Christmas” mentality, I can confidently predict that it is not going to go away any time soon. The reason it is not is the systemic failings in the West for the first six months of last year condemed us, to “yoyo mode” behaviour. We now know for certain and without any room for doubt that just about anything that could be done wrong was done wrong by those supposadly in charge.

It is an almost directly comparable situation to the way senior managment usually behave with regards to ICTsec. Thus there is a great deal to be lrarned by the ICT industry from COVID and what it has done.

It should also be an object leason for the “mantra,driven MBA’s” and the idiots in the Chicago School of economic thought. For it is also they, to use a phrase from Victorian melodramas “Wot h’ve dun us in”.

One thing the ICT industry is absolutly appaling at, is learning from even it’s own very recent history. Well… one of the things history teaches us is, that after nearly all plagues there is significant upheaval in society. Being effectively a zero sum game the winners are those at the bottom of society, the loosers those at the top. So we can expect societal changes, and we are already seeing some. But the real question is not what the majority will gain, but how hard those at the top will fight to stop sociatal change that they view as having a negative impact on their interests. History tells us they can be extreamly violent through “guard labour” and indeed we have seen this already. So we can expect smaller but similar versions to happen in the ICT industry and involved corporations.

Or can we? History shows the major cause for change is the decimated population significantly impacts the labour market. As has been pointed out the basic laws of supply and demand will apply, and up till now –even despite legislation and the rolling out of Gaurd Labour by those at the top, in the past– those that supply the labour have won. Now however there is a new game in town, technology that can replace labour, so how will demand be saited? That is will labour loose to technology as technology removes their bargening advantage?

I could go on, but the COVID conversation is at the end of the day a question of differing view points as to what people consider of interest / relevance or not. As the old saying has it,

“One man’s meat, is another man’s poison”

Oh and if I remember correctly didn’t P.T.Barnham have something to say on the matter 😉

[1] The newer Varients of Concern(VoC) appears to have dropped right down the age range and are currently killing hundreds if not tgousands of babies and children in Brazil.

Fed.up April 18, 2021 8:19 PM


Thanks for the explanation. I was able to infer same. But will look for that post.

I cannot help but recognize that most of the world doesn’t have access to the vaccine. So maybe that’s why the trolls appear each weekend.

Damn Covid. We have to solve that.

I apologize if this is why it is happening. People become angry when they feel helpless.

I’m listening to more music than ever before. Even music that I didn’t know I liked. It soothes.

Clive Robinson April 18, 2021 8:22 PM

@ Nane.withheld…,

according to the U.S. Army, a trained soldier can identify whether a person is a vegatarian or meat-eater from human odors.

Trust me this is neither new, or restricted to US soldiers and most do not need to be trained… When I was wearing the green I could even tell what basic type of beer thay drank, long before getting to a pub. The yeasts etc are different and you sweat them out for over three days, the same with spicy food prefrences. As a rough rule of thumb, if you can not smell them coming off someone, either the’ve been eating and drinking the same as you or you’ve got anosmia. As for cigarettes on a still night you can smell the smoke from half a kilometre away, and even toothpaste at 100meters hours after they’ve brushed their teeth (it’s just one of the ways the viet cong found US soldiers).

But how to put it delicately… you know when you literally put your foot in it, and have to scrape the brown stuff off of your shoes. Have you not noticed that horse manure smells almost sweet, as do other plant eating creatures? But the smell of meat eating mammals is enough to make you throw-up?

Well all digestive systems due to bacteria produce gas. The gas likewise has significantly different odours. Likewise even belching has different odours goat emmisions are quite fragrent, but not unpleasently so. But in mammals our sweat glands also release lipids or grease/fats the composition of which depends on what has been eaten over the previous few days (lemongrass especially comes through and makes quite a pleasent body odour).

You can test this easily by smelling the different lactates you can buy, goats milk certainly smells similar but distinctly different to sheeps milk, and both significantly different to cows milk. If you can not, it’s still highly likely you can tell the taste difference in their respective cheeses. Further whilst meat on the butchers slab can look similar you can definately smell the difference long before you start cooking it.

Whilst perfume can mask some smells it only happens when the perfume top and base notes are similar to the natural smell of the mammal. So what I used to jokingly call “Cannal Number Five” actually clearly smells different on different people due to their underlying natural odours that arise from the composition of what they ingest…

SpaceLifeForm April 18, 2021 11:28 PM

Silicon Turtles

A couple of links I found because I “Follow” hxxps://

Note the first is because someone asked Threadreader to save the short thread, because they knew Clive would want to read it 😉

Note the Windows binary in ACPI memory. This is a lovely “Windows Platform Binary Table” (WPBT) rootkit that most OEM vendors now shove in your systems.

As we can read from the API name it installs… an ACPI table, but what is it? With little bit of clean up, we can find some string literal looking values are assigned to the table variable, in particular, WPBT at the offset 0 looks interesting.

In short, this type of ACPI table lets a UEFI module instruct Windows’ Session Manager to launch a specified executable on startup. We can see the use of the table in the code.

To summarize the flow:

The driver 8B778A74-C275-49D5-93ED-4D709A129CB1 is loaded by the platform software.
The driver 8B778A74-C275-49D5-93ED-4D709A129CB1 registers the event notification.
When the system is about to start the boot loader (eg, bootmgfw.efi and grub.efi), the event is signaled.
The driver 8B778A74-C275-49D5-93ED-4D709A129CB1 starts the application 821ACA26-29EA-4993-839F-597FC021708D.
The application 821ACA26-29EA-4993-839F-597FC021708D installs the WPBT ACPI table.
If Windows is booted, smss.exe creates wpbbin.exe from the table and executes it.

This establishes the mechanism to auto start a Windows application, even if Windows is reinstalled.

ResearcherZero April 18, 2021 11:37 PM

Bash Uploader is the tool that Codecov customers use to send code coverage reports to the platform. It detects CI-specific settings, collects reports, and uploads the information.

Attackers focused on this data collection instrument starting January 31. They changed the script to deliver the details from customers’ environment to a server outside Codecov’s infrastructure, which is visible on line 525.

The weakness leveraged to gain access was an error in the process of creating Codecov’s Docker image, which allowed extracting credentials protecting the modification of the Bash Uploader script.

In the original variant, the script uploads data from the “ENV” variable to Codecov’s platform. After the attacker modified it, Bash Uploader was also sending the details to the address above (, an IP from Digital Ocean that was not managed by Codecov.

Customers using a local version of the script should check if the attacker’s code added at line 525 exists. If the code below is present, they should replace bash files with Codecov’s latest version of the script.

In Kapersky’s presentation, ‘Your Supply Chain is Bleeding’, a Russian state hacker commented in reply to the presentation, “we’ll put it where you can’t find it.”

the company is a major provider of offensive hacking tools, knowledge, and even operations to Russian spies

Winter April 19, 2021 12:42 AM

“Then some idiot –in India if memory serves– stuck people in fast mri scanners and started seeing different parts of peoples brains light up when they were telling the truth and lying…”

Such methods can show that you already know something, or not, say a crime scene. These methods can most likely also show your emotions and stress. And last, they can show whether you are “thinking on your feet” or “just remembering” to answer.

All these reactions can be “faked” if you prepare well.

ResearcherZero April 19, 2021 1:32 AM

Authoritarian governments have been using claims of fighting cybercrime and cyberterrorism as cover for Internet censorship and clampdowns for many years. But a range of recent developments has helped these efforts bear fruit.

To avoid scrutiny of New IP’s shortcomings, Huawei has circumvented international standards bodies where experts might challenge the technical shortcomings of the proposal. Huawei is looking to integrate China’s “social credit,” surveillance, and censorship regimes into the internet’s architecture.

China has held the top position in the ITU for the last seven years.
Circumventing conventional internet-governance institutions in favor of the ITU also sets a precedent for future internet governance-related proposals to go through the ITU instead of more-balanced multistakeholder institutions.

However, simply voicing principled opposition by itself is not enough to contain Chinese efforts to push ITU mission creep.

SpaceLifeForm April 19, 2021 1:40 AM

@ Winter, Clive

It’s not random at all.

Go thru it slowly. There is structure in places. There is some html. There are even different fonts.

It is not random.

Winter April 19, 2021 1:52 AM

“It’s not random at all.”

You cannot prove something is random (see proof of non-deciding Kolmogorov Complexity). The whole text could be a coded or encrypted message. But given the name of the handle, I do not care what the message is, if it exists.

Structure itself does not tell the whole story. A Markov Chain is random too, even though it has structure.

SpaceLifeForm April 19, 2021 2:03 AM

@ Winter, Clive, Weather

I suspect it was a cut-and-paste of a webpage that was from a browser not using UTF-8 as the codeset.


this is code inside code tags, which are not listed as allowed

Winter April 19, 2021 2:21 AM

“I suspect it was a cut-and-paste of a webpage that was from a browser not using UTF-8 as the codeset.”

No reason to doubt that. Do you really want to know which web page it was?

ResearcherZero April 19, 2021 3:16 AM

Small man syndrome, but that’s not all that’s short…

Shortages this year have been exacerbated by episodes that include a fire at a Renesas Electronics chip factory in Japan, a drought in Taiwan and a cold snap in Texas that temporarily shut down factories operated by Samsung Electronics, NXP Semiconductors and Infineon.

Not a single typhoon made landfall during last year’s rainy season, the first time that had happened since 1964.

Climate Chnage likely to affect chip supply

Frankly Putin shouldn’t worry too much about his height, he’s actually not that short.

Weather April 19, 2021 3:25 AM

@winter Clive slf
It has time stamps, maybe network packets, from a clipboard dump, and some bot.
Winter what’s your guess?

- April 19, 2021 5:51 AM


It would appear “suspicious thinkers, think alike” 😉 your post and mine have arived almost at the same time.

Ancient Thinker April 19, 2021 7:10 AM

@ ALL:

Diogenes of Sinope was a contemporary of Plato and Alexander the Great. He was famous for his radical philosophy that discarded status, possessions and the learning of books to get at the marrow of philosophy—the good life. Diogenes was famous for living his philosophy in all its simplicity and coarseness. He wasn’t concerned with bellyaching about truth but about living it.

Diogenes is one of those admirable ancient philosophers who strived to live out the ideal of his philosophy. There’s a few keywords for understanding what his ideal actually is⁠—virtue and freedom are two of them but the word that captures the living philosophy of Diogenes best is simplicity.

This simplicity manifests itself in two ways⁠—the philosophical and the physical. The two are inherently intertwined.

The good life was simple for Diogenes—virtue is all that is required. With that in mind he didn’t spend his time writing books and bellyaching about virtue but just lived it. In charting this straight path to wisdom he shunned all the usual benefits of society. Free from these he could live the simple life of wisdom.

He strove and worked to be free not just of society’s demands on him but to be free of his body’s demands on his soul. This is why you could find him hugging statues in the middle or winter or rolling naked in the sand in the middle of summer. It’s why he lived in an upturned wine cask and threw away his cup when he saw a boy drinking water from his hands.

The simplicity of this philosophical vision was egalitarian; it did not bow to generals or tyrants as we see in the stories about him washing vegetables or of him seeking Alexander the Great to get out of his sunlight.

The lessons of Diogenes are simple—if you free yourself from the games of status, money and power and you free yourself from comfort then the life of wisdom and philosophy is simple. This simplicity is the core of Diogenes’s living philosophy.

- April 19, 2021 7:24 AM


It would appear “didums troll” is having a hissy fit…

However closer examination shows that it’s nothing of the sort. There is a certain pathology in it,

1, 6:27
2, 6:29
3, 6:32

Cut-n-paste from a “script file” or similar. However I suspect the quote was from a seperately open tab, to aid in cutting and pasting.

Then a short break whilst it hunts for another quote and scripts, then waits untill your next comment at 6:57, then almost immediatly we have

4, 6:59
5, 7:0

It’s designed I guess to look like “rage” but comes off as “stalking”.

Now the question is does the post keep records of “reads” times/IP etc along with those for “writes” probably not. But if they are examining them beyween your 6:57 and the trols 6:59 might give further clues on how they operate in their “under the bridge dwelling”.

Winter April 19, 2021 7:35 AM

“But if they are examining them beyween your 6:57 and the trols 6:59 might give further clues on how they operate in their “under the bridge dwelling”.”

I myself suspect that the troll keeps a watch program on the comment thread (subscribe to entries) and then reacts either on my name, or on responses to their own posts.

The response comment texts could be automated, using pre-canned templates. But the responses are often too specific to be automatically generated.

It does simplify my “work”. I just have to get back a few minutes after my posting to mop up the abusive content. Also, the abusive content generally validates my original posts.

If I make errors in my warnings about troll posts, I hereby apologize. But up to now, the abusive responses have tended to justify my original classification.

Winter April 19, 2021 7:40 AM


Here is the original Huawei story in Dutch:

Here in English:

It is a genuine horror story on ICT infrastructure vulnerability. It is like the Snowden revelations : If you suspected that security was really bad, it was much, much worse than your worst nightmare.

Steven Keen April 19, 2021 8:07 AM

@ Winter:

So I’m speaking from personal experience here:

Refreshing your overview, or whatever you’re doing to check for new posts on these discussions (I’ve noticed you’ve got a couple going in different comment chains), and having strong emotional reactions based upon that, is probably not the healthiest thing to do and probably isn’t a behavior pattern that’s bringing more happiness into your life.

I haven’t looked at your profile, or anything, I’m just recognizing some patterns and (perhaps falsely) applying them to my own life experiences, so if that doesn’t really resonate with you at all, then you do you.

I have this really weird relationship with the squid threads where sometimes I really enjoy engaging in discussions and expressing myself and people will take the time to engage with me and will either challenge my world view by offering a radically different perspective, or will elucidate me upon something I’ve missed entirely, and that feels so wonderful and I love those moments, but…

There are other times when I really put in a lot of effort trying to express thoughts and ideas I have, and sometimes they’re very personal things that are really important to me (but it may not necessarily be obvious to an outside observer), and I get a negative response, and it can evoke some pretty negative emotions from me. A younger me would have wanted to engage any negative or dismissive comments and try to validate my thoughts or ideas or feelings, or whatever, or maybe try to get some kind of vindication, but an older me realized that it’s a lot of wasted effort for a very small payoff which, even if it may occasionally outweigh the cost, it couldn’t possibly if you factor in the cost of the simple fact that I’d let myself get so emotionally involved in some kind of anonymous tally system arbitrated by a bunch of people who are equally likely to have actually put a lot of thought and consideration into what I was saying as they are to have arbitrarily clicked one way or the other based on a half hearted and likely even incomplete scan through it.

Honestly, I don’t even know what I’m trying to say here and was fighting the urge to delete this from the text box before posting, but I’m going to risk looking like I’m proselytizing or trying to project my own life experiences onto internet strangers as a means of avoiding managing my own issues, or whatever, and slap the old ‘submit’ button instead. Umm… Cheers!

ResearcherZero April 19, 2021 8:54 AM

Report too bad to be released publicly of alleged eavesdropping capabilities Huawei had in Dutch telecom provider’s network.

“This also included the phones of the then Prime Minister Jan Peter Balkenende, various ministers, and Chinese dissidents. Huawei also knew which numbers were tapped by police and intelligence services.”

Winter April 19, 2021 9:03 AM

“Report too bad to be released publicly of alleged eavesdropping capabilities Huawei had in Dutch telecom provider’s network.”

Allegedly, release of the report could lead to the collapse of KPN. As KPN was the national provider who controlled more than half of the infrastructure, this could have dire consequences for the future of the Dutch communication infrastructure and security.

Anders April 19, 2021 9:17 AM

Little bit fresh info among this sea on spam.


Winter April 19, 2021 9:28 AM

“We voted yesterday here in the Netherlands and preliminary results are being shared (not all votes have been counted yet).”

The elections were on March 17. So this post is strange, probably a copy and paste from elsewhere without source. Why?


Winter April 19, 2021 9:40 AM

“Also please take some care with your assumptions if possible,”

I apologize for my rash conclusions. I was too fast with too little evidence.

Winter April 19, 2021 9:57 AM

“Good Moderator should do its work without any pointing.”

Good moderation costs time and effort. Pointing out spam and trolling should help moderation. There are less such comments, and they are smaller, than the original spam and troll posts.

Missed troll posts damage the blog (which is their intention).

Tomorrow, all these pointing comments will be gone. If the moderator does not like them, she or he can say so, or tell us what she/he prefers.

Dutchman April 19, 2021 10:51 AM


I apologize if my remarks could have been interpreted as coming from an impolite standpoint. I ought to have worded my objection in a more diplomatic way. Sorry about that. Also you are completely right to be concerned with new posters in light of what the user named “Barker” is doing here.

I tend to read the entries here form time to time to keep up with the news and because ResearcherZero mentioned the Dutch I thought I could chime in a little bit and share my “inside” perspective. Most of the politicians here are just greedy opportunists and have lost even the last bit of integrity.

Normally I do not comment because I am not that well versed and my English is not good enough to keep up with other users like Clive Robinson, you or the likes SpaceLifeFrom or JonKnowsNothing or past users like Nick P., Ross Snider, Sceptical, Anders, Andy and so on.

Sadly many people who used to do so do not post here anymore and I regard that as a net loss for this blog. However having seen and witnessed the comments of Barker #72844 and #72846 entirely directed at me, I don’t think that I will comment here gain as long as such hostilities occur. Life is too short for something like that. I wish you all the best and stay strong in the fight for your reasonable cause. Have a nice day and week!

Winter April 19, 2021 12:49 PM

There is an interesting evolution, or arms race, going on where a troll is trying different strategies to derail the moderating of this blog. Most likely in an attempt to destroy this blog as a discussion forum.

There currently are large numbers of comments posted that try to pose as being from my hand. Most like in an attempt to drive me off the site.

As always, you should only judge a comment on its own merits. If I write nonsense, you should ignore it.

JonKnowsNothing April 19, 2021 1:02 PM

@Real Winter

re: Double Irish Tax loophole

iirc(badly) This double reduction in corporate taxes is supposed to be ending or has ended in the Republic of Ireland.

It’s a common scheme used in Off-Shore Accounting and in USA States that have similar corporate taxation setups (like Nevada, Delaware, Montana, South Dakota, Wyoming and New York).

note: There are other tax avoidance schemes that have replaced some of this like the Single Malt Corporate Tax Shelter


ht tps://

ht tps://

ht tps://
ht tps://

  • Despite US knowledge about the Double Irish for a decade, it was the EU that in October 2014 forced Ireland to close the scheme, with closure to begin in January 2015. However, users of existing schemes, such as Apple, Google, Facebook and Pfizer, were given until January 2020 to close them.

ht tps://

  • With the proper setup, the Single Malt Tax Rules provides the same tax avoidance benefits at the Double Irish.

ht tps://

ht tps://

  • A corporate haven, corporate tax haven, or multinational tax haven, is a jurisdiction that multinational corporations find attractive for establishing subsidiaries or incorporation of regional or main company headquarters, mostly due to favourable tax regimes (not just the headline tax rate), and/or favourable secrecy laws (such as the avoidance of regulations or disclosure of tax schemes), and/or favourable regulatory regimes (such as weak data-protection or employment laws).

ht tps://

  • More than half of all U.S. publicly traded companies, and 63% of the Fortune 500, are incorporated in Delaware.[95] The state’s attractiveness as a corporate haven is largely because of its business-friendly corporation law. Franchise taxes on Delaware corporations supply about a fifth of the state’s revenue.[96] Although “USA (Delaware)” ranked as the world’s most opaque jurisdiction on the Tax Justice Network’s 2009 Financial Secrecy Index,[97] the same group’s 2011 Index ranks the U.S. fifth and does not specify Delaware.[98] In Delaware, there are more than a million registered corporations,[99] meaning there are more corporations than people.

ht tps://

  • Pfizer paid no US income taxes 2010–2012, despite earning $43 billion. The corporation received more than $2 billion in federal tax refunds. In 2013, Pfizer operated 128 subsidiaries in tax havens and had $69 billion offshore which could not be collected by the Internal Revenue Service (IRS)

(url fractured to prevent autorun)

Winter April 19, 2021 1:10 PM

“I have to wonder what makes someone enter into someone’s home and begin defacing and defecating on the floor, …”

There are people who take revenge when found cheating. Psychopaths and narcissists can do such things when their schemes are thwarted.

It is also possible that someone hates Bruce, or the people here for ideological reasons.

Winter April 19, 2021 1:16 PM

“I have to wonder what makes someone enter into someone’s home and begin defacing and defecating on the floor, …”

Or someone gets paid to destroy this blog? Who knows?

I remember to what lengths people went to damage Brian Krebs.

Weather April 19, 2021 2:10 PM

Trying to look at AMD inbuilt graphics processor for Sha hashing. Google searched showed 7 instruction.

More to the point, what do people make of a GPU inside a CPU?


Bennning Leicaster April 19, 2021 3:09 PM


For the love of music, why are you so heartless and condescending, my fellow earthly being, oh brother where art though…

vas pup April 19, 2021 3:15 PM

@1&1~=Umm • April 18, 2021 6:37 PM

Thank you for input. Agree 100% – privacy is key.

Regarding @name comment:

  1. That is not Your blog, but Bruce’s blog, and HE only establishes rules and moderate with help of @Moderator behavior of ALL users on this blog.
  2. As result of 1., “Par in parem non habet imperium (Latin for “equals have no sovereignty over each other”). That is why Your comment requiring something which is convenient to You from other bloggers is ill-founded due to lack of authority on this blog.

3.Regarding comment on ego, that is for blogs on liberal arts subjects, not security. Here LOGIC rules. There – emotions.

4.Regarding limiting size of comment, there is definitely reason in Your comment, but time and again, Bruce is making judgment on that. You have always option to skip any comment You don’t like. That is Your freedom.

Usually, I do not respond to emotionally charged comment, but I hope You’ll not take it personally if You want to be respectful member of this blog community.


- April 19, 2021 3:33 PM


1, Barinkov #comment-372953

Note time after my post and subject matter…

It’s also a new handle, suggest folks treat it with suspicion, it looks like a “Bear trap”.

Weather April 19, 2021 3:36 PM

Can you delete my early DUP post, thanks

Trying to look at AMD inbuilt graphics processor for Sha hashing. Google searched showed 7 instruction.

More to the point, what do people make of a GPU inside a CPU?

I’m thinking it would open a foothold like ufei or boot sector


Blog Researcher April 19, 2021 3:58 PM

@ All:

What has in essence been shown is that, like a fire extinguisher used against a small kitchen fire, any factual discussions taking place here can be successfully stifled and brought to a complete halt provided that a sufficient amount of barrage fire gets deployed. As a side-note it is truly remarkable how easily some of the more frequent posters here get themselves let astray time and time again to a journey down the rabbit hole. Happy holidays then:)

As soon as the AI has been sufficiently trained an epic amount of hellfire might rain down like a shower of molten lead emitted by thousands of hellfire missiles at the desired targets.

Winter April 20, 2021 12:34 AM

About half the @Winter pleas to the mod were imposters. To see which is which without the email field, you have to look at the comments pointed out (sometimes two hops).

I always point out the reason why I point out a comment, which can be verified. The troll tries to protect his own clearly inappropriate postings.

The Troll SOP seems to be to post a astroturfing conversation peddling a conspiracy theory by clear sock puppet accounts. When this is pointed out a barrage of insults follows. Then imposter comments follow with maximally disgusting content. If that does not help, different strategies are used to confuse everyone. Probably trying to demotivate the target. There are “reasonable” responses that try to spread FUD, nonsense and word salads are posted to make the site unreadable, etc.

A surprising observation I have made over the decades is that every long term blog I have ever followed had a house-troll. Someone who hated everything the blog ever posted and all discussions ever taking place there. But this person stayed for years, day after day, to post their deceptive and incinerating content to derail the blog.

What kind of loser must you be to spend your whole life at a place you hate, among people that despise you, spewing hate, all out of free will?

Maybe that too is part of psychopathy? These trolls know no people they like, or that like them, so they seek the company of people they hate, and that hate them.

Weather April 20, 2021 12:41 AM

After my post, I could be assuming you were directing at me, you still don’t sound like the technical person you are, but not enough Ai training.

Weather April 20, 2021 12:54 AM

Pssec tools all ways offered remote access, normal in the passed was setting a registry byte for a corporate network, the fact they are still using that is a sign of target

SpaceLifeForm April 20, 2021 1:01 AM

@ lurker, -, Clive, Winter, Weather, vas pup, name.withheld.for.obvious.reasons

Were the “@Winter” pleas to the Moderator merely bot generated as proof that Moderator is run as a daily cron job?


It was tricky. You really have to pay attention. It’s like they are trying to train an AI.

The real Winter comments were spot on. But the fake Winter would attempt to confuse the readers into not knowing what is going on. The fake Winter would try to pretend that the real Winter, at comment #X, regarding comment #Y, was fake. To confuse so as to not learn.

I think most of you by now know that I pay attention to writing style.

I am not easily confused, but there was some transitions I found suspect.

But, then I remembered the 2 minute thing, and it became clearer.

The really cool thing? All of the posts by real Winter pointing out the junk, well, there was nothing that important in the comment. And the fake Winter comments trying to discrete the real Winter comments, they can all be DELETED!

So, the real Winter did a real good thing. Just pointed out the facts.

So, this is to you Real Winter!

You have endured some stuff, but trust me on this, there are many of us around the planet that appreciate your efforts. You may never know how much you have contributed to the future of this planet.

Winter April 20, 2021 1:06 AM

“After my post, I could be assuming you were directing at me,”

Which post would that be? The one about the GPU in AMD?

I looked at the reference guide after correcting the initial link. But I do not know much about CPU architecture. On the other hand, as IC dies have to be used in parallel more and more, a GPU inside a CPU is not that outlandish. Everything is AI and blockchain nowadays anyway. GPUs help there.

Btw, I am not really a technical person.

Winter April 20, 2021 1:11 AM

“So, this is to you Real Winter!”

Thanks. I have always learned to keep the place you stay at clean. So, I try to do 😉

On the other hand, I never get upset by what bullies, trolls and psychopaths tell me. That is like becoming mad at an actor playing the bad guy in a soap.

Winter April 20, 2021 1:14 AM


Moderation has set in and the thread is clean again.

If Bruce or the Moderator have any suggestion about how we can best help to keep the place clean, they just have to ask.

Weather April 20, 2021 1:27 AM

You posted a post that was quite technical, but aside, we, Clive slf and others that haven’t said much,
The pushing of graphics cards, Asic sha2 or a nook and cranny might interest someone.

Weather April 20, 2021 1:34 AM

@following Eva
They are being the times ,which can be a problem, I’m assuming that I’ve been tout stuff that shouldn’t be posted. My bad 🙁

Winter April 20, 2021 2:21 AM

“iirc(badly) This double reduction in corporate taxes is supposed to be ending or has ended in the Republic of Ireland.”

You forgot the:
Double Irish With a Dutch Sandwich

Despicable behavior from my own government. However, this route has been closed at both ends, I believe. You could not get the Dutch minister of Finance more mad than to claim the Netherlands was a Tax Haven. The level of rage was directly correlated to the level of truth of the claim.

(url fractured to prevent autorun)

Clive Robinson April 20, 2021 3:10 AM

@ Weather, Winter,

More to the point, what do people make of a GPU inside a CPU?

It rather depends on how it’s integrated and how it effects the CPU (similar applies to the newer trend in integrating FPGA’s in CPUs).

The closer it is to the CPU ALU or register file the faster the access time, but generally that’s not the best place to put them.

GPUs can be thought of as a very wide instruction / parallel ALU vector array that has certain functions added that can make matrix calculations faster, much like DSPs brought the semi-specialized but very usefull “Multiply and Add”(MAD) instruction to computing. Thus the ultimate idea is 200K+ gate FPGAs built in where you put your more specialized algorithm parts into semimutable hardware.

The thing about the world of matrices is that you can take say ten different functions and rather than build a pipeline of them that each data block has to traverse you can in effect multiply the matrices together just the once then apply that one resulting matrix to the data blocks, which when you think about it gives a massive saving in time and resources.

When specifically designed for graphics GPUs will in effect short circuit much of the CISC hardware that wraps the core RISK processor of ALU and Register file. In effect it goes direct from core to the system memory interface giving similar advantages as the very long register or vector processing that gave the likes of the Cray Super Computers their advantages.

That’s the generic overview of what GPUs and FPGAs can add to a CPU. There are however downsides, they are not “general purpose” this often means you csn not code your algorithm directly, you first need to put it in another form that the GPU or FPGA hardware algorithums work best with. Not that many people are very good at this. But it gets worse the algorithm also has to first be amenable to working in the parallel form, which many are not because the conscious human mind in by far the majority of those who can program effectively think sequentially. Thus you first need to apply some kind of optimal transform before translating into matrix form etc.

Thus one of the biggest stumbling blocks to effective and efficient use is the “Grey wetware between the ears” of the bulk of programers.

As your question was not very specific it’s hard to give a more specific reply.

JonKnowsNothing April 20, 2021 9:51 AM


It’s possible the moderator also cleaned up my post on the latest veterinary report on COVID-19 in animals.

It’s also just as possible it got splinched in another thread or maybe didn’t make it at all.

No worries…

B117 UK Variant has been found in cats in Europe. The implications of which, needs to be considered carefully. Also Mink-COVID is still about.

Weather April 20, 2021 4:19 PM

You couldn’t supply a DNS address for that, I don’t want to connect my dainogic tools to the web. ?)

Clive Robinson April 20, 2021 4:20 PM

@ Anders,

It apears to be a load of nonsense. That is it just replaces one name service with a set of surveillance faults, to another name service with a very slightly different extra few faults plus all the original name service faults.

The problem with name services is two fold,

1, The traffic is fairly obvious even tucked under HTTPS.

2, No real anoynimity either for connction or request

Whilst there are ways to partially solve the first problem, the second problem is much much harder if not realy possible to solve currently because it involves making a data base search on a database that is under somebody elses control…

Then on diging around for more info I saw this…

“Because hsd is written in JavaScript, it can be repackaged for use in a web browser.”

Do me a favour javaScript for security, and surveillance proofing? Err No, not two decades ago and certainly not now or in the future.

vas pup April 20, 2021 5:20 PM

New study reveals brain basis of psychopathy

“According to a Finnish study, the structure and function of the brain areas ==>involved in emotions and their regulation are altered in both psychopathic criminal offenders and otherwise well-functioning individuals who ==>have personality traits associated with psychopathy.

!Psychopathy is a personality disorder characterized by persistent antisocial behavior, impaired empathy, and bold, disinhibited and egotistical traits.

However, similar antisocial traits are also common, yet less pronounced, with people who are well-off psychologically and socially.
==>It is possible that the characteristics related to psychopathy form a continuum where only the extreme characteristics lead to violent and criminal behavior.
The collaborative study of Turku PET Centre, Karolinska Institutet, and Psychiatric Hospital for Prisoners in Finland examined the brain structure and function in psychopathic prisoners and healthy volunteers. Brain structure was measured with magnetic resonance imaging. The participants also viewed violent and non-violent films while their brain activity was monitored with functional magnetic resonance imaging.

-In psychopathic criminal offenders, the [NB – vp]density of the brain areas involved in
!!!cognitive control and emotion regulation was compromised. When viewing violent films, these areas showed stronger reactions in psychopaths.
==>In a large sample of healthy control participants, psychopathy-related traits were associated in similar changes in brain structure and function:
==>The more psychopathic characteristics a person had, the more their brain resembled the brains of psychopathic criminals, explains Professor Lauri NNummenmaa from Turku PET Centre at the University of Turku, Finland.

  • Structural and functional changes in the brain were focused in the areas involved in emotions and their regulation. The changes in the activity and structure of these areas can explain the callousness and impulsiveness associated with psychopathy, says Professor Jari Tiihonen from the Karolinska Institutet.
  • The results show that the degree of psychopathic characteristics varies also in the general population. Having a little bit of psychopathy-related traits does not cause problems, but for about one percent of the population, psychopathy is so strong that it may lead to criminal and violent behaviour, notes Chief Psychiatrist and Docent Hannu Lauerma from the Psychiatric Hospital for Prisoners in Finland.
  • Studying prisoners is difficult, but provides critical information about the ==>neurobiology of violence and aggression.

The findings help to understand the ==>biological mechanisms behind violence, and enable to !!!plan new and more effective treatments to aggression and antisocial behavior.”

My nickel: that is very important research in the era of senseless (at the first glance) mass shooting epidemy in US.

Sorry for long comment, but subject is very
critical now.

vas pup April 20, 2021 5:31 PM

MI5 warns of spies using LinkedIn to trick staff into spilling secrets

“The campaign, run by the Centre for the Protection of National Infrastructure, which reports to MI5, asks government staff to focus on “the four Rs”:

•recognizing malicious profiles
•realizing the potential threat
•reporting suspicious profiles to a security manager
•removing the profiles.

“Since the start of the pandemic, many of us have been working remotely and having to spend more time at home on our personal devices,” government chief security officer Dominic Fortescue said.

“As a result, staff have become more vulnerable to malicious approaches from hostile security services and criminal organizations on social media.”

The US and other countries have launched similar campaigns.

Former CIA officer Kevin Mallory was sentenced to 20 years in prison, after being convicted of giving secrets to China following an approach on LinkedIn.

And the UK’s move is also being backed by the other members of the Five Eyes intelligence alliance, Australia, Canada and New Zealand.”

Weather April 20, 2021 6:27 PM

Maybe China should appily to 5 eyes.
Side note @clive, you don’t see a bug in a GPU inside a CPU?

ResearcherZero April 20, 2021 9:19 PM

the group of hackers suspected of working on Beijing’s behalf were particularly focused on the U.S. defense industry

In order to maintain persistence to the compromised networks, the actor utilized legitimate, but modified, Pulse Secure binaries and scripts on the VPN appliance.

Specifically, ED 21-03 directs federal departments and agencies to run the Pulse Connect Secure Integrity Tool on all instances of PCS virtual and hardware appliances to determine whether any PCS files have been maliciously modified or added.

A vulnerability was discovered under Pulse Connect Secure (PCS). This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. This vulnerability has a critical CVSS score and poses a significant risk to your deployment.

We have discovered four issues, the bulk of which involve three vulnerabilities that were patched in 2019 and 2020

We strongly recommend that customers review the advisories and follow the recommended guidance, including changing all passwords in the environment if impacted.

Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central at over 75 FireEye customers.

This Critical Patch Update contains 390 new security patches across the product families listed below.

JonKnowsNothing April 20, 2021 9:22 PM


re: Otters with COVID-19

Otters are in the same family group as minks and ferrets.

I think this is the first report of captive otters getting COVID. The recent veterinary reports did not indicate any otters, but the USA report dates were from last week. (1, 2)

There have been reports of experimental animal vaccines given to rare wild ferrets and the great apes in zoos. All the great ape cases were infected by their keepers/wardens. Perhaps the aquarium executives didn’t think their otters were subject to infection.

The aquarium suspects the otters got the infection from an asymptomatic staff member and it tested all staff that were in contact with them. These animals do not have direct contact with guests and have always been separated from them by acrylic barriers.


1, The international vet reporting system had a UI revamp for incidents, and well.. like many revamps it’s not a much of an improvement. Lots of those drop down lists to grind through.

2, Additionally, some countries are less eager to “share information” for a number of possible reasons. Those that are less happy to share, make sure their reports are less forthcoming. The USA reports are in this group.

ht tps://

ht tps://

(url fractured to prevent autorun)

Winter April 21, 2021 3:40 AM

“To see why it does not cover if the cause is Nature (inherited), Nurture (learned), or by insult (injury). ”

Nature, nurture and insult are the wrong distinctions. If a person is lactose intolerant, the root cause is the lack of an enzyme during adulthood. That is genetic. Whether this is a problem (pathology) depends on the food eaten by their community. That is culture.

Psychopathology, autism, neuroticism are all congenital spectrum disorders with a heavily biased sex distribution. Contrary to (religious) believes, these spectra are part of the big 5 and not amendable by upbringing.

Together, the evidence suggests that they are all part of evolutionary strategies to optimize fitness (offspring) in social life. The end points of the spectra, sociopaths, hf autism, and OCD are pretty damaging for a person’s fitness. But the lesser forms are helpful in specific social circumstances. That is how the genes behind these spectra keep circulating in the population.

Whether someone on one of these spectra goes over the cliff into full pathological disorder depends on social factors and (childhood) insults. For instance, serial killers, and criminals in general, tend to have histories of childhood abuse and neglect. In different situations, they might have become valued members of society.

Clive Robinson April 21, 2021 6:47 AM

@ Weather, ALL,

@clive, you don’t see a bug in a GPU inside a CPU?

Unfortunately rather more than most can enumerate, and even then that will be a very small subset of the total.

What I realised back in the early 1990’s if not before, was that what we now call the “computing stack” was vulnerable to both intentional and unintentional vulnerabilities. Ranging across the “full stack” from the very bottom of quantum physics all the way up through national legislation, international standards, treaties, and beyond. And perhaps more importantly nobody gave damn about it, because they were either to parochial or in love vith a false romanticism of technology as a solution to all mankinds ills.

The simple fact is technology has no personality, no beliefs, no inteligence, it knows not right or wrong and works in any which way “directing minds” tell it to, and above all of that it’s unreliable at best.

People should take the time to read the paragraph above, every day untill they take it on board as a fundemental tenent of reality.

The reason is it gathers together most of the failings of mankind and gives them form.

Humans are 99.9% products of the history of their environment over unimaginable generations of time. We are instinct not logic and we are reactive not proactive and most of us lack the ability to do anything other than think sequentially. To us “times arrow” or progression realy is the way we see the limited perspective we have on the universe. To use B follows A, even though we can clearly see A to Z happening all at the same time in parallel and by and large all intetacting all of the time.

We automatically seperate out things to not just simplify them, but also so we can see them along times arrow’s trajectory as ever longer chains of cause and effect.

It’s easy to analyse such chains, moderatly harder to analyse trees that are chains that branch but still head in the same direction. But what about meshes or nets where direction is in multiple directions. Even a single feed forward loop where one chain in a tree rejoins another chain it previously branched from is more dificult to analyse than most can even comprehend. Even if it is negative thus tends to stability rather than positive that tends to discontinuities or cusps where the laws of chaos rule but appears to most to be random. But what about feedback? Most think they understand the notion but try explaining that it is always non linear, due to the progression of time it has no choice but to be exponential, and how exponential even though it is just repeated percentages in turn can become a cyclic wave form in multiple dimensions (see e^ix derivatives and resultant series).

Most engineers “trip, stumble and often fall” over the implications of two simply interacting additons the interaction of which can rotate so easily around the unity circle producing an oscillator, that is also hellishly unstable in amplitude against time, and thus can only be controled by very non linear behaviour, again expressed in polynomial series of derivitives. Nature is the essences of infatesimals some call “the calculus of existance”.

So simple at the root but so complex and almost mystical within just a couple of steps and seamingly beyond control, just some how predictable on mass by probability. Thus as with Brownian motion we seak to hide the simple of the very many that becomes impossibly complex and seek refuge in the broad brush strokes of the average result.

And there by we leave open disaster. Probability is assumed to be “undirected” on an individual level and that some average will always always happen. Well it does not it’s easy to see two different cyclic functions when added together make a waveform where at one point they both add and at another they subtract. The result is more complex especially if the wave forms are not near harmonically related. That is “close in” the wave form looks either chaotic or random to the observer. But look over a time period of two or three times the reciprocol of their difference frequency and you see a near perfect sine way envelop, just as you would expect from amplitude modulation.

Now in nature there are hundreds of thousands of cyclic waveforms adding and subtracting, but at some point they will all add to some maximum and subtract to some minimum, when might not happen in the expected life time of our universe and be of such fleeting apperance that we could probably not see it if we were observing it at the time.

Now consider a “directing mind” controling two or more of those cyclic waveforms… They decide exactly when the maximum peaks and minimums appear not the observer. If they can get either a minimum or a maximum to coincide with some event then they have a vulnerability they can use.

Thus every system has a hole over which security is not applied by design. The more fundemental that hole is the harder it can be to exploit but the greater the devistation it causes…

From an attackers point of view at every layer that engineers create to reduce complexity there is between an area of apparent chaos from which they can fashion a vulnerability. The further up the computing stack the easier it is to create, but the further down the more devistating it can be. For engineers the problem at first appears to be the other way around, individual vulnerabilities at the top of the stack are easy to solve those at the bottom of the stack seemingly impossible.

The reality is that at the top of the stack individual vulnerabilities have small scope, but there are so many you can not prevent them singly[1]. Whilst at the bottom of the stack there are relatively few instances but their scope so broad as they “bubble up”[2] the only limitation on them is the difficulty of effective implementation. However there is a very nasty set of attacks, that “reach around” from the top of the stack to the bottom of the stack. RowHammer is one such as all of a conventional consumer level computers security rests on the state of bits in memory. If you can change just a single bit of your chosing then it’s game over for security thus privacy. Similar attacks use “hyper fine timing” as a method of instrumentation to read bits of data out, such as encryption keys and similar. It’s why I mentioned to you the other day about “evolving” encryption keys in memory not just into “round keys” but also changing them in memory, prefereably stored as “data shadows” (XOR of several bytes etc that only get reconstructed in a CPU register just before use in a round but also with the constituant bytes changed very regularly so that such hyperfine timing attacks can not realisticaly work[3]).

Without going into what they are, there are other sub classes of reach around attacks than just the two of “memory bashing” of Rowhammer and “hyperfine timing” of cache instrumentation. What I can say is that there are some known “halfway” attacks the most well known being I/O DMA most usually with high speed thus high bandwidth serial protocols. Unlike reach around attacks these are “local” not “remote” attacks. However it takes no great brains to work out that if a remote attacker can suborn a local hardware device then the attack becomes local. This is exactly the same as reaching sideways form one computer behind a firewall/IDS to attack all the others without the impediment of the firewall/IDS. Which brings us to the akward dirty little secret of the gaping hole in the use of IOMMU’s. If the IOMMU gives me access to the IO device, and it’s possible to implant malware on it, then it’s game over, because even though the IOMMU can deny me access when others are using it, I’ve put my attack further down the stack than the IOMMU so it offers no protection what so ever, nix, nowt, nothing. The eventual result is just the same as being able to “flip a bit in memory” with RowHammer.

So to answer your question,

“It depends”

Not just at what level in the computing stack the GPU is, but if it can be used as a local attack point to either bubble up from that point or reach down and bubble up from there.

Effectively the GPU will let you do both “hyperfine timing” to read data and bit flipping by “memory bashing” of RowHammer. Thus it will give the keys to the kingdom, and the ability to look inside securty enclaves and all sorts of other things. All before you start talking about other potential attack vectors it offers simply by the way it can bypass software security controls.

Why is this possible? Well it goes back long before Intel came up with the 4004 4bit BCD microprocrssor in 1971. Back when CPU’s were made with chips containg two NOR gates and earlier. In fact back in the times of the use of discrete transistors back befor 1962.

All “digital logic” is in fact “analog circuitry” as high gain saturable amplifiers with multiple inputs. If you so wish you can solder such gates up yourself out of transistors and diodes or use Op-Amps. It’s not difficult just requires a little lateral thinking.

Howrver when you build storage components be they two simple single transistor NOR gates or more complex clocked latches you will discover two problems,

1, Time delays not just on rise and fall times of the output circuit, but time delays through the logic circuit from input to output.

2, In those delay periods the circuit has one or more points of analog near linear operation.

Thus the faster you switch them the more time they spend being analog, with all the attendent problems. One of which is “metastability” which can and does result in “soft errors” or latchup especially in storage components with the wrong bit value getting stored. Whilst there are things you can do to reduce the probability of it happening you can not stop it entirely. When you look at using capacitors as storage components in what is called DRAM much more of the circuit acts in a linear fashion, in fact those microscopic capacitors are always analog and either charging up or discharging down towards some value. It’s why they are called DRAM with the D actually standing for “Dynamically Refreshable”. If you don’t refresh them often enough then they loose the values they are holding. Refresh them to rapidly –a simple read of a bit row is refresh– then strange analog effects such as the adding of multiple waveforms starts happening. In RowHammer the attacker thus decides where all the signals maximise or minimise thus “flip a bit”…

But there were a whole load of other issues with their roots in that time period. In effect engineers facing a probabilistic problem, chose to go for average results and fix the problem some other way (parity circuits and the like) and push the problem up the stack where it eventually became the software engineers problem to solve. They opted to likewise keep pushing the problem up the computing stack… This attitude became endemic and in effect the mantra of “Software will solve all” which it obviously can not, but it was a usefull conceite that enabled the hardware industry to rapidly move forward.

It’s now over sixty years later the chickens are comming home to roost. Attackers have realised they have to basic waus to avoid software security,

1, Go above it and get at the squishy humans who are both autherised and to trusting.

2, Go below where if you control the storage of bits then software is your slave, not your master.

Are there solutions to these problems?

Something tells me the first can never be solved, over trusting is part of the human condition that alows societies to form and prosper. So no “over trusy” no “society”. No “society” no “technology”.

Can we solve the second problem? Well no is the real answer but most certainly yes in practice against external attackers.

I’ve gone on more than long enough for one post. But I’ve discussed what needs to be done in some depth on this blog in the past (search for Castles v Prisons or C-v-P or CvP in conversations between me @Nick P and @Wael, though be warned when the blog moved a short while ago it screwed up all the text formatting of many earlier posts, which makes the much harder to read).

In essence you use probabilistic techniques and voting circuits. As well as many many simple RISC CPU’s all with their own very very local memory (think the fastest cache used as just ordinary RAM). With hardware hypervisors that stop the simple CPU’s periodically and inspect not just their memory but also the registers for signs of malware attempts. The hypervisors also look at “timing signitures” of functions and their limits and raise flags in the hypervisor system. From a programers perspective they do not right those functions, as with Unix Shell Scripting they work at a higher level plumbing them together. This reduces low level bugs where vulnerabilities tend to occure and makes the programmers time more productive.

[1] It’s why for some time now I talk about attack instancrs being in classes. It’s absolutly pointless trying to stop instances in design, you have to stop classes, and the broader the class you can cover the better. Which is why “air gaps” are a good mitigation, but “energy gaps” are considerably better (but not by any means perfect). To look at it another way thr so called “fire drill” is very very rarely an “instance mitigation” it is infact an “evacuation drill” that is a “class mitigation” that covers a larger set of both natural instances such as earthquake, tsunami, hurricanes, etc and a whole number of human originated instances such as bomb threats, air raids, and even terrorists flying planes into buildings (one of the less realised heros of 9/11 was “the pain in the ass” that held regular fire drills for his company housed in the twin towers. Though he did not survive, most of the company personnel did because they did not panic they “followed the drill”, the reason he did not survive is “fire marshalls” are like the captain of a ship, their duty is to ensure everyone else is safe and away, before they leave, if there is insufficent time… Having been not just a fire marshall but a senior health and safety rep, you kind of quickly realise you will only get thanked after a real disaster that you are lucky enough to have time to get away from. So spare a thought for all those “pain in the asses” that make you do such drills, in a grumpy sort of way they love you all.).

[2] I call them “bubbling up attacks” for a good reason. If you have ever looked in a tall Champagne flut glass, you will see that all the bubbles start imposibbly small (from nucleatin sites) usually as a stream. They get bigger as they rise pushing increasing levels of champagne (security) out of the way. Importantly you as an observer realy do not have any idea at what point on the surface of the champagne they are going to arive. All you see like Brownian motion is an “chaotic path” that becomes ever more random in your eyes, that is you quickly only get to see the average effect of a near even layer of bubbles across the entire surface, each bursting appatently randomly. The fact is that the position of each bubble can be precicely worked out as the process is actually not random but chaotic. However so sensitive is it to it’s start conditions and the effects of other bubles you can not make any measurments with the level of acuracy required to do the otherwise quite simple calculations.

[3] I call it “Probabilistic Security” and it’s obviously both a direct resource trade off and an attacker defender ratio resource usage trade off. That is as long as you change the data shadows faster than an attacker can measure even one bit with any certainty it’s game over for them and a win for you. However if they can read just fast enough to get even one bit with better than 50% probability then it’s evebtionaly game over for you, unless you take other measures. The trade off is in resources used by both parties,and in ratio with regards to each other. As the atacker you can in theory run multiple attacks in parellel thus do a resource against time trade off for an increased probability of success. As the system owner you can increase the rate at which you change the round subkeys but also how often you actually flush the keys out of system RAM thus the cache on which the attacker is doing the timing. But for you it is also a resource trade off in that the amount of system time you are shuffling the subkey bits around comes of the time available for other things to happen, and ultimately reduces resources available to the users. The upside is whilst as the system owner your time trade off is linear, the effect it has on an attacker is to some positive power (ie effectively increasing exponentialy).

Anders April 21, 2021 9:02 AM

Massive ransomware attack against Slovakia.


Anders April 21, 2021 9:14 AM

SK CERT advisory and Google translation text.


The NSA intercepted an increased number of cyber attacks. Read recommendations on how to secure your system
April 16, 2021

The National Cyber ​​Security Center SK-CERT has recorded an increased incidence of significant and successful ransomware attacks in Slovakia. In recent days, similar activities have intensified in Central Europe.

The NSA warns companies and institutions to secure and back up their systems without delay. If they neglect this step, they risk significant financial loss.

Ransomware is one of the biggest threats to data. An attacker breaks into the system, encrypts access to it, and can ask the owner or operator for a ransom to return access.

The National Security Office can confirm that this method was performed by hackers in several Slovak organizations, where they managed to encrypt critical data. They limited the functioning and work activity in these institutions.

Slovak organizations are currently blackmailing and demanding a ransom in the order of hundreds of thousands of euros for re-opening the systems and restoring their full functionality.

The National Cyber ​​Security Center SK-CERT therefore strongly recommends:

companies need to back up important information. This is the best possible data security measure
it is necessary to check the backup systems and their functionality, and in order to prevent such situations, it is necessary for companies to back up their important information
the backed up data must be physically separated from the backed up infrastructure. The hardware has the ability to spread and reproduce on the internal network and actively search for existing backups and invalidate them by encryption
we also recommend regularly checking the functionality of backups and the ability to restore critical systems
if an incident has occurred, the affected equipment and systems must be identified and isolated from the network
if multiple systems and subnets have been affected, turn off the network at the switch level. If it is not possible to disconnect the network at the level of network elements, disconnect individual devices from the network (disconnecting network cables, turning off Wi-Fi, etc.)
Only turn off affected devices if they cannot be completely isolated from the network infrastructure. Turning off the device irreversibly destroys the data stored in the operational memory, which may contain valuable data and data needed for closer analysis of malware activity and decryption of the affected files.
in case of any suspicions, do not hesitate to contact the National Security Office at and the police.

SpaceLifeForm April 21, 2021 2:23 PM

@ Clive, ALL


In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.

name.withheld.for.obvious.reasons April 21, 2021 4:42 PM

21 Apr 2021 — Change, is it only for Currency Transactions?
From an interview with the former NSA Deputy Secretary under Alexander, John Inglis, second chair, so to speak, at the agency. The transcript of the interview can be found on hsp tts:// (URL mangled for your pleasure). Questioned by Inskeep of NPR in 2014, I don’t know when this was released but cryptome tags it as 13 April 2021, the interview was conducted on the 10th of January, 2014, quite a few comments were interesting that were not part of the original discussion at the time of the “unauthorized disclosures” by Edward Snowden.

For brevity, I will summarize the original question where possible (i.e. w/o contextual meaning). Additional side note: a simple gaggle search with the term “Judge Bates order NSA violation” was a very trimmed down list of results, 8 total search page results. Good thing I’m not being bothered with the clutter of data that would normally fill my file buffers.

In hindsight do you wish the agency should have made an effort to disclose the program for public debate in a fair manner from your point of view?

In hindsight, yes. In hindsight, yes. But if you’d asked me on June 4th, say, just before all of this broke, if you’d said, are you concerned, Chris Inglis about the 215 metadata program? I would have said, not particularly because I would have said in my own mind, and I would have said to anybody who asked me, that is a properly constrained program. I would have emphasized the controls that are imposed on it. I would have described, right, not simply the noble purpose but the operational purpose that was behind it. And I would have described the participation of three branches of government in it. And I would have thought, I think naively at this point in time, that it was sufficient that those three branches of government had stood in the shoes of the American public and made that determination, and that it was executed under, right, that broad Rubrik of what we would call the whole of government.

I think that what we found in the summer of 2013 is that it was insufficient. And that what we’re going to have to do as a nation, and particularly as an agency, is to rebalance, right, the balance that we have struck between security, secrecy and transparency. I think that we have struck a good balance between security and the defense of civil liberties. And when we take an oath to the Constitution here, like anywhere else in the government, it’s to the whole of it. And so I think we would, we have always worried about, right, the defense of civil liberties and privacy, consistent with what the Constitution and the articulation of the laws that come under that. The committee itself or the presidential review group itself that recently kind of talked at length about NSA, said that, as opposed to pre-FISA, pre 1978, there’s a stark contrast today.

There’s no illegalities, no abuse of authority of power at NSA. However, there’s been a strong policy discussion taking place. We think that’s appropriate. And that policy discussion would have been better if it had been done in the thoughtful deliberative way that I think we’re now approaching, as opposed to the salacious sensational way that these initial releases hit the street.

The sections highlighted are in direct contradiction to evidence provided by the October 2011 opinion by Judge Bates of the FISC.

SpaceLifeForm April 21, 2021 5:00 PM

@ Weather, Clive

I can’t find the article right now, but there is a great write-up of an exploit that got root via abusing a GPU driver with a multi-threaded program whereby the GPU overwrote a driver data structure due to a race condition.

A lot of exploits involve at least two threads and some kind of race condition bug.

If you can trick the GPU into helping you, you may get to the race condition bug sooner than later.

Clive Robinson April 21, 2021 5:20 PM

@ Anders, ALL,

… performed by hackers in several Slovak organizations, where they managed to encrypt critical data.

The question I ask still needs to be asked,

“What was the business reason for having critical systems connected to public access networks, directly or indirectly?”

I was asking that question befor RSA and all it’s “token seeds” got stolen.

I was asking that question befor any number of CA’s had fake certificates issued.

I was …

And I’m still asking and nobody has come up with an honest answer yet…

For those thinking well we need access to XXX… Back in the late 1980’s and 1990’s there was this simple idea called “data warehousing”.

Put simply you had a centural database that had satellite databases. The users interacted not with the central database but one of the replicas. Things were improved when data diodes were put in between the central server and the satellite servers.

Such systems if properly thought about would render a ransomware attack fairly pointless as at best the ransomware operators can only do encryption on the satellite systems not the central database, which is behind data diodes and the like and it “pushes updates” through the data diodes and out to the satellite systems. If a satellite gets attacked simply scrub it, reinstall OS etc and drop on the latest OS and apps etc, and you are good to go…

There are many variations on the idea, but if attackers can not get to the central dbs for some reason they are rendered more or less impotent in their aspirations.

vas pup April 21, 2021 6:06 PM

EU artificial intelligence rules will ban ‘unacceptable’ use

“The rules would govern what AI was used for, rather than the technology itself, Ms Vestager said.

!!!!!But “AI systems or applications that manipulate human behavior to circumvent users’ free will”, including “subliminal techniques”, would fall into the banned “unacceptable risk” category.

==>And all “remote biometric identification” systems – such as the use of facial recognition by police but not using a fingerprint to unlock a phone or a face scan at passport control – would be “subject to strict requirements”.

“Their live use in publicly accessible spaces for law-enforcement purposes is prohibited in principle,” the commission said, with rare exceptions such as an “imminent terrorist threat”.

Read the whole article for details!

JonKnowsNothing April 21, 2021 8:09 PM

@Clive @All

re: Hidden Menus and Obscured Menus

Interesting MSM article about the inner workings of the ice cream machines made for McDonald’s/Franchisers.

The machine makes both soft serve for ice cream cones and shakes. The machine is a 2 in 1 unit and is very temperamental. It’s in a constant state of Non-Function.

A company/person figured out there is a hidden technical menu that is not described in the owners/maintenance manual. When the machine breaks, a technician comes and uses this menu to reset/repair the system. The owner/franchiser pays a big cost contract for this service.

The folks that figured out there was this hidden menu, also figured out how to tap into it and built a separate tool/set that could give the owners the same functionality. They sold a lot of these and subscriptions for their service which was a fraction of what McD charged.

The owners/franchisers were happy the ice cream machine worked, the customers were happy because they got their ice cream cones. McDs was not happy and the ice cream machine manufacturer was not happy because they lost all the follow on service contract fees.

There’s a big legal fight in progress over the 3d part device and some corporate skullduggery about the purpose of the hidden menu with the fix-its on it.

A good number of items have extra hidden menus, there are user menus, advanced menus, admin menus, tech menus on loads of stuff. There are hidden menus too used by lots of companies, such as the ones that control access using 3d Party Hardware by locking a “tattoo” on the official item, and devices without the official “tattoo” won’t work. You cannot get an official tattoo on a device without a service contract and after n-years the companies no longer support some devices and will not give you the tattoo code to repair an otherwise usable system.

So, some things are hidden and some things are hidden to prevent unauthorized uses, some things are hidden to prevent use of not official replacement parts.

It maybe that not only does the ice cream machine hidden menu fall into the right to repair area, but also the lock-in-no-choice use a system that is designed to fail at a high rate in order to generate extra revenues.

The hidden aspect of the menu might be less important than the lack of a user accessible button/function that can fix or monitor the machine’s temperature and product mixture viscosity. Plus the determination to prevent anyone from knowing about or accessing the hidden repair menu.

ht tps://

note: It maybe that the article has been taken down. McD would not be pleased by the topic.

(url fractured to prevent autorun)

Rachel April 21, 2021 10:26 PM

‘In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage’

Thanks for those pieces SpaceLifeForm. Really important update. It’s definitely front page news for this blog so I hope Mr Schneier picks up on it.

The way you posted the above extract about Signal gives the impression Signal is taking untrusted potentially malicious steps towards its private users. It was quite out of context. In fact, it’s a fascinating suggestion of hard coded resilience to counter Cellbrite – to be phrase it politely!

I love the thought of Cellbrite, and its public official customers being extremely pissed off right now

SpaceLifeForm April 21, 2021 11:13 PM

@ Rachel, Clive, ALL

I guess I should have mentioned to read the link to understand the context of why I said LOL. You need to watch the video. Imagine a file on your phone that caused the Cellebrite machine to display a fake BSOD that indicates a memory error.

Also, since a lot of people have not figured this out yet, it did not have to fall off a truck. You can find these on eBay.

More coverage:

Rachel April 22, 2021 5:41 PM


Appreciate,as ever, your contributions.
The contents of the post made by Signal comprises so many important elements, it will be indelibly recorded on the timeline of significant security moments.

it will be noted pen testing as Moxie claims they performed is no small or simple exercise. I suppose Moxie will need to stay clear of meetings in Embassys for a while.

I am positively itching to read Apples response

It’s rare we get to cheer against the bad actors.

The legalities of acquiring or operating a Cellbrite are interesting

The public humilation of revealing poor security of Cellbrite! Reminds me exactly of Hacking Team doxed by Phineas Fisher

The implication is, any device with Signal installed, regardless of whether its used by the owner,has the potential to brick a Cellbrite. I wonder if an app exlusively designed for such a purpose may be created

Cellbrite depends on a number of mitigating factors to provide Return on Investment. There are now increasingly more such factors.

Rachel April 22, 2021 5:54 PM

Comment by ThomasB under the line of the Ars article on Cellbrite vulns & Signal, shared by SpaceLifeForm:

To me, the remarkable part is that apparently, no Cellebrite customer performed even superficial security checks on a device built to handle crucial evidence for investigations.
What does this say about their security practices…

it may take years but I eagerly anticipate, as do fellow readers here, the court of appeals hearings re: matters reliant on evidence obtained via cellbrite

with love xo

Rachel April 22, 2021 6:15 PM

I comprehended that Moxies ‘aesthetically pleasing files’ not only don’t need to exist, but, having broadcast the concept it would be more useful if they did not exist. See the following:

Comment by MMarsh under the line of the Ars article on Cellbrite vulns & Signal, shared by SpaceLifeForm:

The special “aesthetically pleasing files” don’t actually need to exist, or to be pushed to Signal users’ phones, randomly or otherwise.

What Moxie’s done here is to create a chain of facts:
1. Cellebrite’s software is insecure, and can be made to execute arbitrary code by any device that it is examining.

  1. That arbitrary code can change Cellebrite’s outputs and reports, including historical ones, in a way that cannot be detected within the Cellebrite system.
  2. The tampering can only be detected by comparing signatures and hashes of the Cellebrite reports, generated by an independent external cryptosystem, which is not a standard part of the Cellebrite toolkit, and which few if any Cellebrite users have ever done. Even then, such computations – if performed by a system on which a known and exploted arbitrary code execution flaw exists – are not trustworthy.
  3. It is possible for an app developer to put a trivial, non-malicious, “aesthetically pleasing” file on a mobile device that is not malware, is totally harmless to everything else, but will break the Cellebrite snooperware in an arbitrary, possibly undetectable way.
  4. It is virtually impossible for any agency that might use Cellebrite to know whether any given instance of Signal, or any other app, contains a file that may affect Cellebrite in this way.

Any lawyer can then immediately jump from the chain of facts to the conclusion:

  1. Given that a phone has Signal on it, it is virtually impossible to determine whether a Cellebrite scan of that phone produced legitimate data or fake data.
  2. Given that Signal is a legitimate, useful, and widely respected standard piece of software across a range of industries, and that any given user would have no way to know if their particular copy of Signal includes an anti-Cellebrite file, it is impossible to ascribe any malicious intent to the user / owner of the phone.
  3. Even if a particular phone does not have Signal on it, the Cellebrite toolkit is so badly broken that if that particular Cellebrite system has ever scanned a phone that could potentially contain an anti-Cellebrite file deployed by any app, all testimony from that Cellebrite system is useless and inadmissible.

SpaceLifeForm April 22, 2021 7:13 PM

@ Rachel, Clive, ALL

Thanks for reading. Reading is Fundamental.

As you observed, a Cellebrite can not be considered a trustable forensic device. Besides the absolute stupidity of interpreting a ‘Bag of Bits’ on the fly, the machine is not even trying to make a secure raw copy for other forensic investigators to review.

Or, even a Defense team. So, anyone that has a phone should probably put an encrypted file there. That you have the key to decrypt with.

Then, during discovery, the Defense asks for the raw dump.

If, the encrypted file, that you know should be there, is not in the ‘evidence’, then you know the ‘evidence’ has been tampered with. I’m pretty sure your lawyer could make this point.

If prosecution argues that the raw dump is not available, then your lawyer will bring up Brady v. Maryland.

Your encrypted file on your phone is a canary. It is your defense against fascism.

SpaceLifeForm April 22, 2021 8:43 PM


As expected, RU backs off.

It was Sabre Rattling.

Remember, almost all propaganda is in almost actaully clear English.

See Faux Noise.

SpaceLifeForm April 22, 2021 9:49 PM




Very Interesting.

Has NOTHING to do with the blog.


Some of you in IC probably know what I am referring to. If you do not, you are not looking at the real ‘stuff’. I am referring to recent packets. That is your hint.

You are probably compartmented, and can not see my point.

Clive Robinson April 22, 2021 11:27 PM

@ SpaceLifeForm, Rachel, ALL,

Besides the absolute stupidity of interpreting a ‘Bag of Bits’ on the fly, the machine is not even trying to make a secure raw copy for other forensic investigators to review.

Think what is that telling you about the so called justice process?

It’s been known for quite some time that due to financial cut backs most LEO’s are nolonger using independent forensic services where ever they can. One way they do this is to have “in house” forensics[1] carried out by “Detectives”. Who if they are lucky have been on a two day death by viewfoil training course, and been given hundreds of pages of handouts to study in their spare time but at best only rudimentary hands on experience.

So it’s like taking a MS Office user and sitting them down at a CLI only *nix box and being told “you can use vi”.

Thus they “Parrot talk” their way from hand scribled notes from those voluminous training guides.

Cellebrite know this, so they just hack together “automated work flow” systems as “Hot features sell”. Which means they are little more than “push the button to see pretty pictures and flashing lights” boxes not unlike 1980’s film stage props. But importantly where the “box” does all the work, like one of those “Smoking Monkey Automatons”[3] the Victorians thought so ammusing, it runs through a fixed cycle of actions.

Such tools are less sophisticated than most AV packages for your PC. They generaly run through a connect process, then just read the memory into a checksum process with a “whitelist” to ignore system files, a “blacklist” to flash up known bad files and display tools for the rest. The display tools will use an “extension list” or “magic number list” to decide what stripped down tool to use to display the file. Why stripped down, well in part to try and hide the fact that they are shall we say “borrowed code” in disguise and in part to “integrate” in their “work flow system”, but also importantly because it’s “less” code on disk with less support required as in theory less lines of code means less bugs on the “1 in 5 Principle”. So when the user has finished gawping at what is displayed they press another button. Finally a report is generated and made available. Which of course is not backed up by a propper copy such that it can independently be tested, as that’s still on the device in the evidence locker or down the local pawn shop or where ever is most convenient, kind of like those transcripts of police interview video tapes that accidently get lost or reused…

But at ~$15,000 these Cellebrite systems are not just cheap but very fast compared to a forensic service. If pushed the company will no doubt end up saying they are “in the field investigative tools” for finding evidence, kind of like Sherlock Holmes magnifying glass, not evidentiary systems to meet the sort of standards courts once asked for.

Which for the tax payer is fine as politicians say they “expect productivity improvments thus more results for the same money”…

Thus the justice system is now “select a name from the hat and make them look guilty” and keep that sausage machine cranking them out, just add cheaper ingredients untill even chewed up newspapers will do (remember soggy toilet tissue is the next rung down, just chuck in some chlorinated chicken guts to ballance it up).

[1] Forensics should never be carried out by LEO’s as it breaks a very important barrier. Most miscarragies of justice are because of “confirmation bias” in the individual investigating LEO’s accompanied by “group think” in investigating teams, who’s promotion prospects go up with closing cases and miscarragies of justice do not for years if at all (see current head of UK Met Police). Thus the investigative impartiality of LEO’s gets thrown out of the window very very very early on in an investigation. We know this because of the number of cases where it has been found where the investigators and the prosecutors illegal withhold evidence from defence teams especially as such revelations follow the “iceberg effect” where by far the greater part is out of sight (some say less than 1 in 10,000 cases of withheld evidence ever come to light due to the way the entire system works, others indicate it’s higher where LEO’s simply chose not to follow or ignore leads etc).

[2] Parrots do not talk human languages, they just learn to “make the right noises” thus get a reward. That is whilst it looks superficially clever, even mice can be trained to drink out of a water dispenser the principle is the same “right action gives expected reward”.

[3] Victorian automatons are delightful ammusments for a few moments, then the illusion goes away as the actions cycle through the same fixed routine. You can see this with this clip,

Where even the grand music can not stop it getting dull after a few moments. They were realy designed not to impress the owners, but to impress any guests they might have. I have an incense burner that looks like a happy dragon which puffs smoke, it atleast serves a purpose other than being vaguely ammusing as a table piece.

Clive Robinson April 23, 2021 1:21 AM

@ SpaceLifeForm,

As expected, RU backs off.

Only part of the way, some forward,deployed vehicles and presumably support staff will remain close to the border in staging areas according to some reports.

However I find myself thinking was it just,

It was Sabre Rattling.

Thus I find myself asking a question of,

“I wonder just how much ‘enumeration’ Putin got out of the West over the party camping trip?”

As far back as Tsun Zu and “The Art of War”, “Know you opponent” has been identified as one of the key points to success in any endevor. In the airforce it was seen as part of “getting inside their turning circle” implying that if you did so you would always win.

USAF Col. Boyd who is “The father of the F16” made both “knowing and turning fast” primary requirments of the “OODA Loop” he developed which has moved out from just “dogfights” to most competative activities in life,

Weather April 23, 2021 1:34 AM

Supposable smb from windows is recommended to block at the firewall, like the last 15 years, but this time web access won’t allow a exploit at 3 months from now.

Isn’t in USA the minimum wage $7 ,what..

Winter April 23, 2021 3:37 AM

“I wonder just how much ‘enumeration’ Putin got out of the West over the party camping trip?”

Possibly, and maybe those heavy weapons might end up on the wrong side of the Ukrainian border. And maybe the USA will back down on their war against the Nord Stream pipe line.

But there is also the fact that Russia has seen exceptionally vocal nationwide anti-Putin demonstrations just these days. It is not that Putin can use more hardship put on his people just to fight some fellow Slave people most Russians do not see as an enemy or threat anyway. Maybe later this summer, but not exactly now.

ResearcherZero April 23, 2021 4:45 AM

If you look at a rundown of this incident…

In the two-month window between October and December 2020, DevCore researchers made considerable progress that ultimately led to the discovery of a pre-authentication proxy vulnerability on Dec. 10, 2020. #ProxyLogon (CVE-2021-26855)

Dec. 30, 2020, DevCore also discovered a second post-authentication file write bug that could be chained together with the first vulnerability to gain privileged access to Exchange Servers and write files of an attacker’s choosing to any directory. (CVE-2021-27065)

Some of the tools used in the second wave of the attack, which is believed to have begun on Feb. 28, bear similarities to “proof of concept” attack code that Microsoft distributed to antivirus companies and other security partners on Feb. 23

several entities reported widespread scanning of Microsoft Exchange servers
just prior to Microsoft’s vulnerability disclosure, from 27 to 28 February 2021.

The other most likely scenario, he added, was that the hackers “somehow obtained the information from DEVCORE or from a Microsoft partner.”

Beginning Feb. 28, ESET observed five new cyber-espionage groups using the Exchange zero-days — groups that security researchers have nicknamed “Tick,” “Lucky Mouse,” “Calypso,” “Websiic” and “Winnti.

This RCE appears to reside within the use of the Set-OabVirtualDirectory ExchangePowerShell cmdlet.

After exploiting these vulnerabilities to gain initial access, HAFNIUM operators deployed web shells on the compromised server. Web shells potentially allow attackers to steal data and perform additional malicious actions that lead to further compromise.

the majority of observed instances across multiple vendors reflect a long-lived, well-known, essentially publicly-available framework: China Chopper.

“Although we are not able to definitively connect UNC2630 to APT5, or any other existing APT group, a trusted third party has uncovered evidence connecting this activity to historic campaigns which Mandiant tracks as Chinese espionage actor APT5,”

…then specifically this bit here

LOCKPICK – The sample contains a modification to the routine bnrand_range that breaks the security of the random numbers generated.
The first case is unmodified and generates a zeroed big number, the other two cases are patched so that a constant value overwrites the generated random value and always returns success. This breaks the random number generation by replacing it with a value the attacker knows in all cases.

it shouldn’t be hard to guess where they learned the techniques from?

the targets

threat groups are exploiting organizations including local governments, academic institutions, non-governmental organizations, and business entities in a range of industries, including agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceutical

workaround here (may affect load balancing)

Yet another case why good security is so important, patching vulnerabilities in a timely manner, and don’t keep using them over and over again. Everyone learns your exploit techniques otherwise.

Winter April 23, 2021 5:11 AM

For those that can understand German (Google Translate + help):

Well, no reading tip in the true sense, but a hearing recommendation: Hakan Tannervi, together with Florian Flade, has produced a podcast for the BR about the computer beak-in of the German Bundestag. The two illuminate the process and the subsequent investigations from different perspectives. This most spectacular cyber burglary of German history is not only attributed to Russian intelligence service, but there is even a warrant against one of the perpetrators.

Above all, the many talks with people who have sought live at the time are interesting and partly involved in the illumination. The podcast proceeds in particular the question of how it is possible, that today you can even say pretty sure who broke in Merkel’s computer.

  • The man in Merkel’s computer – Hunting on Putin’s hackers at the BR and Spotify

Winter April 23, 2021 7:18 AM

“Suggest you consider the thre post mentioned in that comment and all posts down from then till this one”

Indeed, the responses to my moderator posts always confirm my suspicions, always.

That too is a symptom of psychopathy. Psychopaths cannot learn from mistakes and have only weak impulse control. So they are easily made to react out of character, blowing their covers.

SpaceLifeForm April 23, 2021 4:23 PM

@ Winter(real), Clive

Experiment: Ignore new squid. Let’s see what happens.

SpaceLifeForm April 23, 2021 5:45 PM

@ Clive, ALL


This is different from what I noticed.

I observed an UneXpected change.

I am pretty sure Twitter is pwned.


Some of you may have recently received an email to “confirm your Twitter account” that you weren’t expecting. These were sent by mistake and we’re sorry it happened.

If you received one of these emails, you don’t need to confirm your account and you can disregard the message.

Winter April 24, 2021 2:08 AM

What is it with comments with
“Your comment is awaiting moderation”

I have never seen that before?

JonKnowsNothing April 24, 2021 10:24 AM

@The Party of the People

re: Without the efforts of the Chinese Communist Party… China can never achieve … the modernization of her agriculture.

The “modernization of agriculture”?

In what format are you expecting China to “modernize” AG, much less anything else they have not already “modernized”?

Have you looked at the geography of China recently? It’s rather diverse topographically and environmentally.

China has a lot of everything but rarely in any useful location primarily because the non-useful places are where people live and the useful places have few inhabitants. Such useful places tend to be remote, have little sustainable resources and almost no ability to maintain a larger population beyond subsistence levels.

“Modernize AG”, as in what precisely do you think “modernization” means? Bigger Combines? Larger fields? Miles on miles of unbroken farm land? More pigs? Cattle? Larger than 12 story pig farms?

I suppose you could remodel all the high rises in Hong Kong to become high tech pig farms, but there is the offset of manure to dispose off and it’s a long way to the Mongolian and Tibetan plateaus to dump it. Plus, pigs have their own virus problems which the modern sky scrapper pig farm that dumps manure and pig guts on to distant areas is likely to spread even farther.

Modernize Agriculture?

If you take a look at Beijing, on a desertification map, you might find out that in the current and near future, the Chinese Communist Party is going to have to find a new home. For years, the “modern AG practices” of China has lead to the continued destruction of their own habitat and their rerouting of the rivers has been an Eco-disaster beyond even the worst projections. The sand is moving, the winds are blowing and they blow right down Main Street and into the Forbidden City. The sand has been moving for decades and the Chinese Communist Party hasn’t figured out what a 12th Century English King demonstrated about “trying to stop the tide”.

Best get a move on, the rest of us will watch the same processes that took place in Egypt among other locations:

  How did come that entire cities were buried under tons of sand?

note: No worries, the Western and European countries will be moving soon too. In the West of the USA, water is the missing component, the East of the USA has been our own dumping ground for every chemical and toxic product ever produced here and has become a poison pit. Europe might last a bit longer, but they have a more limited geography to chose from. Russia could have done better, but they are rather lax in everything with an over abundance of short-sighted solutions. Afrika may survive because once the USA and Europeans are busy shifting cities and populations, they won’t have the time to interfere. South America has already demonstrated the rise and fall of many civilizations:

When the Rains fail and the Maize crops wither, it’s Time to Move.

An old old cold war joke:

There are the 3 scourges of Russian Agriculture:

1, The terrible droughts
2, The torrential rains
3, The bountiful harvests


ht tps://

ht tps://

  • In the story, Canute demonstrates to his flattering courtiers that he has no control over the elements (the incoming tide)

ht tps://

  • Cnut the Great ( Old English: Cnut cyning; Old Norse: Knútr inn ríki;[a] died 12 November 1035), also known as Canute, was King of England, Denmark and Norway, often referred to together as the North Sea Empire during his rule.
  • As a Danish prince, Cnut won the throne of England in 1016 in the wake of centuries of Viking activity in northwestern Europe. His later accession to the Danish throne in 1018 brought the crowns of England and Denmark together.

(url fractured to prevent autorun)

Winter April 24, 2021 10:42 AM

“The “modernization of agriculture”?”

We suspect the poster to be a sock puppet of the resident bot-troll. FYI.

Winter April 24, 2021 12:01 PM

@Imposter -, All
“Can I suggest we just let the Troll-Tool play with himself”

Sounds exactly what the Troll would want. So, I suggest NOT to do that.

SpaceLifeForm April 24, 2021 6:24 PM

@ 1&1~=Umm, Martin, -, Clive, Winter, ALL

for the last of the “usual suspects” I get the feeling they think keeping a low profile is going to make @Moderators job easier.

Yep. Traffic Analysis.

Weather April 24, 2021 6:48 PM

@ 1&1~=Umm, Martin, -, Clive, Winter, ALL
Can’t Bruce fingerprint the web browser, not just Firefox or chrome, but what plugings are installed, TTL, and length before the first packet and a post.

It shouldn’t be that hard?

lurker April 25, 2021 12:56 AM

@Weather: fingerprinting curl running on a vm in the cloud? Yeah, @Clive could possibly do it, but don’t hold your breath…

Weather April 25, 2021 3:08 AM

So your saying there would be a absence of signature…then how many visiting this site would have the same absence?

Winter April 25, 2021 9:29 AM

“Can’t Bruce fingerprint the web browser, not just Firefox or chrome, but what plugings are installed, TTL, and length before the first packet and a post.”

Fingerprinting browsers is a privacy intrusion, i.e, de-anonymizing visitors. I suspect that Bruce is note willing to do that.

Beyond that, this is easily defeated. Tor browsers do much to make every user look the same. If you use a standard Tor browser in default settings, you look the same as every other Tor user.

Weather April 25, 2021 12:16 PM

I type of sore that, probably wasn’t the best idea considered the host views.

SpaceLifeForm April 25, 2021 1:57 PM

@ 1&1~=Umm, Martin, -, Clive, Winter, ALL

So far, approximately 80 comments in the new squid were zapped by Moderator.

I don’t know if you noticed, but one of the imposters tripped over his shoelaces.

Hopefully, the intel was solid, and the attackers have bought a vowel.

Clive Robinson April 25, 2021 2:32 PM

@ SpaceLifeForm, 1&1~=Umm, Martin, -, Winter, ALL,

I don’t know if you noticed, but one of the imposters tripped over his shoelaces.

There were several simillar mistakes under different handles, which gives us further info on what is now almost indelibly the “Troll-Tool”[1] which we can watch out for in the future, along with several other usefull indicators.

I’d like to say more but I suspect you can understand why I’m mainly in “Read Only Mode” currently.

As for,

So far, approximately 80 comments in the new squid were zapped by Moderator.

That’s a heck of a lot of work for anyone to work through. Hopefully any non Troll-Tool comments have not got deleated along with them, but in all honesty it’s going to be difficult for the @Moderator, even with help.

[1] In the English english vernacular that means something different to that which it does in US english…

Winter April 26, 2021 10:53 AM

“I’d like to say more but I suspect you can understand why I’m mainly in “Read Only Mode” currently.”

If the aim of the troll is to silence discussion here, it is clearly working.

Winter April 26, 2021 11:16 AM

If you have seen the comments by the troll-tool, you get an interesting insight in the intent of those most eager to spread the anti-vaxxer message.

The likes of our resident Troll want nothing short of maximal death and destruction.

Often, when I hear the more fanatic anti-vaxxers, they seem to want all to die of natural causes, rather than live by unnatural means.

Winter April 26, 2021 11:32 AM

I assume none of those from the UK are in any way surprised by the recent allegations against Boris:


The link text says it all.

Anders April 26, 2021 2:51 PM


Today is actually very sad day.
35 years from Chernobyl disaster.

This is typical example of soviet “pohuism”.

Who is not a familiar with that term – pohuism means : “If shit happens, who does give a shit?”

In the beginning nobody even knew about the radiation, nobody told them, the firefighters. Now the most dangerous place in the world is the basement of the Pripyat hospital No. 126



Whatever you do, stay away from that basement.

Anders April 26, 2021 3:00 PM


One more link.


Clive Robinson April 26, 2021 5:05 PM

@ Winter,

If the aim of the troll is to silence discussion here, it is clearly working.

The troll-tool aim is rather more than “silence discussion” as I indicated weeks ago it is an attack not just on the blog but it’s host.

Silencing comments to starve the blog is insufficient for the “directing-mind”, that is something else is going on…

One of my reasons for keeping my commenting low, is so that the actions of the troll-tool stand out more clearly. That is to not provide “cover for their actions to be hidden behind”.

To stop the directing mind you first have to figure out what the real objectives are. Because most of the nonsense we are seeing is in effect a smoke screen.

The COVID nonsense being spewed is actually a little to obvious…

That is anyone with half a brain, and who can work out the US daily expected death rate, can eaaily see why what is being said is actually bunkum being used as FUD, but way way to obviously so. Thus the question is “Why set up targets that are easy to knock down?” especially in a way that makes it look obvious that it’s being done by a troll-tool sockpupet circus with cut-n-paste arguments.

Likewise the attacks on an individual is a way to generate lots of noise and have an excuse to have sockpupets produce more noise?

The aim is I suspect to try and hide the real signal, but what would it be?

This is where you have to go a little “out field”… Some clinicians are,by the way finding mounting evidence that the Bill Gates foundation is behind things. In short he appears to be trying to buy an immortal name as a saviour of the world…

Yup I thought it “whack ball” when I heard,it the first few times, and I still am highly skeptical. However the evidence they are building up looks more and more credible as time goes on and shows there is definately a disinformation camoaign going on. It’s the more recent direction of the atribution that sounds odd.

Look up the only drugs that are known to fight COVID that are “off patent”, nearly all of which are being deliberately blocked from trials, even though there is repeated trial evidence for their efficacy…

Even Alphabet/Google are trying to paint the use of Invemectin, cortical steroids, anti-coagulents and even the use of vitamins to bring your immune system upto what it could be as “Fake News”. The people saying these things are not “conspiracy theorists” but front line clinicians and researchers and even courts, finding the likes of Big Phama spouting absolute rubbish. It’s only more recently people have been looking for reasons other than naked greed, and they have found the big phama tie backs to the B&M Gates foundation appears to be a common theme.

So it would appear to the clinicians that the anti-vax we are seeing is part of a disinformation campaign to actually increase the expensive vaccinations, by trying to make all those trying to promote anything other than vaccination as being part of the “loony anti-vaxer fringe”.

The question is yes they have good evidence for the claims against big phama and national agencies and even The WHO, but “Is the recent B&M Gates foundation hypothesis causation or correlation?”.

SpaceLifeForm April 26, 2021 9:39 PM

@ JonKnowsNothing, Bruce, Moderator, ALL


We are on the same page. Remember when I noted that it was not random?

Well, if you had done a view source, you would have seen something that should not have gotten thru the filters. I did do the view source, which is why I did a test later.

Hopefully, that long comment is still available for review even if not visible now.

Winter April 27, 2021 3:25 AM

“Some clinicians are,by the way finding mounting evidence that the Bill Gates foundation is behind things. In short he appears to be trying to buy an immortal name as a saviour of the world…”

Er tu, Clive? ;

The disinformation campaign seems to work

As they say: “Extraordinary claims need extraordinary evidence.”

winter April 27, 2021 4:29 AM

“Some clinicians are,by the way finding mounting evidence that the Bill Gates foundation is behind things. In short he appears to be trying to buy an immortal name as a saviour of the world…”

I think this post is out of character for Clive.

winter April 27, 2021 4:27 PM

“Actually they don’t know that. All they know is that the big trials run by Big Phama and the likes of The Who and National agencies have not produced any thing worth while.”

I know of no epidemic viral infectious disease cured by a therapeutic drug. We had antibiotics, but they worked only on bacteria, and vaccination, if possible, was still the better, and preferred, solution. There is nothing known for viral diseases that has the same power as antibiotics.

There is absolutely no cure known for COVID-19. Also, until the COVID-19 pandemic, vaccines were a loss making business no pharmaceutical company wanted to be involved with without external funding. With COVID-19, everything is different. But still, I do not see Roche help Pfizer’s bottom Line. BTW, this kind of conspiracy would be illegal, and if found out could cost anyone participating billions in anti trust fines. Again, every stone will be turned in the aftermath.

That pharmaceutical companies only invest in stuff they can make big bucks with is totally the result of how governments handle the costs of drug development. I agree that this is completely wrong. But until the tax payers of the world are willing to pay for that themselves, I do not see any chance things will change.

And the health care situation in the US is so twisted, it makes Kafka and Hašek look unimaginative. There is little to prove by the self defeating stupidity of US government and politics.

In short, I need more evidence than bad incentives and B&M preaching the gospel of big business before I believe the best minds in virology and epidemiology are blindly following the marketing of pharmaceutical industry.

Winter April 27, 2021 5:00 PM

“Few can name how Andrew Carnegie made his money off of the top of their heads, but they do remember his name from his apparent philanthropy ”

The Sackler family has seen it’s name wiped off most (if not all) buildings and institutions they donated to.

Philanthropy also has its rules.

Clive Robinson April 27, 2021 8:01 PM

@ Winter,

There is absolutely no cure known for COVID-19.

There is no known cure for the common cold either, but plenty of theraputics to get you through it, with not much more than a runny nose and headache.

We had antibiotics, but they worked only on bacteria

I have relatives that were alive before antibiotics became became available as “drugs” rather than folk potions / hedge medicines.

It was known by some of my relatives who lived in France of the healing power of a certain “Sheppard folk remedie” involving a green veined cheese. We know know that what makes the green veins in Rokfor cheese is a close relative of penicillin and does indeed have antibiotic effects.

Likewise “fools gold” or Iron pyrite was also known to have antinfection properties when used in wound dressings a couple of hundred years ago (technically not antibiotics). Later around a century ago, certain chemical dyes were found to have antimicrobial properties, and are still in use (see Sulfonamide antibiotics that are coming back now current antibiotics are becoming ineffective). In fact it was the “sulfa craze” that gave us the first drug legislation. Sulfonamides do not kill bacteria they disrupt their ability to reproduce (interfear with the all important folic acid production).

These folk remidies whilst having desirable properties did not work as well as modern antibiotic drugs but they did save lives and cut down on the number of amputations that wound infection necessitated. With the later dye based drugs seeming as miracles.

We are a century later in a similar state with anti-virals, only science is moving significantly more rapidly currently thus we may well see a rush of good quality anti-virals in the next decade.

The point about antimicrobials is they do not “cure disease” for that matter nor do antibiotics, nor will antivirals. They simply inhibit the pathogen or render them unviable, it’s still the body that provides the actual cure. It’s why people still die even though the pathogen has been eliminated.

As for vaccination being the only way out of this pandemic, that is known to be untrue, and we have had this conversation in the past. The sad thing is politicians are still making the wrong choices in the West and we are all sufferingly needlessly because of it.

Thus why are politicians making the wrong choices?

We know that India had atleast three new Varients that are ringing major alarm bells. Yet the US and quite a fee other Western Nations are alowing flights with passengers to arive with little or no quarantine requirments. It’s not to hard to guess what is likely to happen if any of those three varients gets a toe hold in the community of these countries with such consistantly wrong politicians. What is their excuse for not stoping passenger flights?

When you know the answer you will also have the answer to your disbelief.

Winter April 28, 2021 12:31 AM

“As for vaccination being the only way out of this pandemic, that is known to be untrue, and we have had this conversation in the past.”

We have seen this earlier with scores of humanity. SARS2 will not go away anymore.

The choice is then between isolationism waiting for everyone becoming infected and immune (plague, cholera) and the virus evolves to a harmless cold (which takes decades), waiting for a cure that can be applied after infection in every corner of the world (AIDS), or vaccinate the world (smallpox, polio, measles, mumps, chickenpox, flu).

Now tell me, which of these approached was most effective, had least death and destruction, and was in the end the cheapest?

Every epidemiologist and microbiologist I have heard gave the same answer: vaccinate.

The UK itself shows how effective vaccination against SARS2 is, with infection numbers crashing fast. Last week people working in UK hospitals told me the relief they saw around them.

Meanwhile, in the Netherlands, we are still struggling with hospitals filling up and ICUs fearing to have to send away patients. All because we could not get enough vaccines.

JonKnowsNothing April 28, 2021 12:40 AM

@Clive @Winter @All

re: Making the wrong choices

During those horrific University Entrance Tests, the ones that make no sense, reveal nothing about who you are or what you really know, the ones that you take expensive cram courses for and use statistics/averages to quick guess the answer and move on to the next stupid question until the timer expires; during trial runs, I had an uncanny knack of always picking the Stupid Answer.

In mid-drought, pre-fire California, our local papers indicate California has the lowest COVID-19 rate in the USA (don’t choke). So Disneyland is opening, as is much of the entertainment areas in the State; folks are having a grand time.

We also have all the Big Variants: UK Variant, Brazil Variant, California Variant and So Africa Variant and the Double-Mut Variant from India.

Our local airport has just opened up 3 flights daily to/from Las Vegas, NV. People can fly in and either drive/uber or catch a hopper to the other end of their destination (LA, SF, LV). Business is expected to be brisk.


They won’t be stopping the planes here anytime soon and the Exponential Rate of COVID Deaths won’t be a question on the exam.

India 04 27 2021

On Monday, India reported 352,991 new COVID-19 cases, a world record for the largest number of cases in a single day. It was the fifth straight day the country broke that record. With Tuesday’s total of 323,144 new cases, the country has reported more than 1.7 million new cases in the last five days. And that is likely an undercount due to testing constraints and mild cases that go unreported. About a month ago, the country was seeing around just 40,000 cases a day among its population of about 1.3 billion.

Daily deaths have likewise gone skyward, rising from around 200 a day a month ago to records approaching 3,000 in a single day for the past several days.

ht tps://
(url fractured to prevent autorun)

Winter April 28, 2021 12:40 AM

“We know that India had atleast three new Varients that are ringing major alarm bells. Yet the US and quite a fee other Western Nations are alowing flights with passengers to arive with little or no quarantine requirments.”

Do not fool yourself. These variant are already spreading through Europe and the Americas. Only complete isolation on an island like NZ and AU works. For continental Europe, it’s is only possible to slow the spread, not stop it. And that only makes sense if you are waiting for a “cure”, or better, vaccination.

And having to add a new SARS2 vaccine to the yearly flu vaccination is in no way a deal breaker. There are now 6 different applied vaccines, with more in the pipeline. So what is the problem?

JonKnowsNothing April 28, 2021 2:13 AM

@Winter, @Clive @All

re: And having to add a new SARS2 vaccine to the yearly flu vaccination is in no way a deal breaker. There are now 6 different applied vaccines (3), with more in the pipeline. So what is the problem?

What’s the problem????


In the EU, y’all a bit more enlightened than over here across the pond and through the woods; “We Don’t Have Universal Health Care”.

Huge swaths of people in the USA cannot get medical care or see a doctor. We run an Extreme Capitalist Economy here and No One is going to get a Future COVID-Mut Jab for Free. (1) Right now, the US Government is paying for the COVID-19 Jabs (gotta keep Big Pharma Happy) but the money will eventually come from those at the bottom of the economy, in taxes and reductions of the meager services available.

USA Health Insurance is a For Profit Business, The US Gov is not permitted to compete with Business interests. If you cannot pay for health care insurance, you won’t be getting a Flu Jab nor a Booster COVID Jab.

So, unless the EU is able to STOP the PLANES from the USA, you are going to see resurgence after resurgences of COVID-19 brought to you by Uncle Sam.

The issues of the Bank of Mom and Dad, have not changed (2). Not in the Europe nor in the USA.


1, Flu shots for uninsured cost $30-$45 USD. Hourly wage for Fast Food Workers is $8-16 USD/Hour. Full COVID-19 Test costs @$1,100+ USD (paid for by US Government). Some COVID testing fees ranging from $2,000-$6,000 USD depending on circumstances (extra tests besides PCR test). MRI test $40,000-$80,000 USD. A week in ICU $125,000 USD and up.

2, In the archives or wayback machine are posts and analysis on the value of the Bank of Mom and Dad, in relation to Herd Immunity Policy which is an economic policy promoted by Sweden’s Anders Tegnell, to allow more people to die because there are myriad economic benefits from their deaths.

3, It would be a complete Surprise if the USA ever accepted any of the other vaccines, can you imagine the roar if we accepted any of the Chinese Vax or Sputnik Vax much less at-cost vaccines like Oxford/AZ, the problem of donating the US Stockpile is compounded by the fact the FDA/CDC has not approved it’s use in the USA (see Pfizer) and so the US cannot legally “give it away” because it’s not a “legal drug”.

Winter April 28, 2021 3:19 AM

“In the EU, y’all a bit more enlightened than over here across the pond and through the woods; “We Don’t Have Universal Health Care”.”

I feel sorry for everyone in the USA. I know, your health care brought you the Opioid Crisis, a story worthy of a Lovecraft. You had Hurricane Catrina doing exactly what had been spelled out in report after report with no response. You had the Texas Freeze, which would baffle any random citizen of any third world country with “They put up with What?”.

Still, your US citizen would also not be able to pay for any other medical intervention, be it a drug or otherwise, to help him when he gets COVID-19.

I am afraid, in this every country has to do the battle for its own citizens. It is not that other countries, e.g., China, Russia, India, or EU, can (yet) send you Vaccine Relief packages.

Joe K April 29, 2021 10:52 AM


That is rather than use the handle of the person they have chosen to
attack, they use a URL to a previous comment. Presumably in an
attempt to avoid a rapid response (a thought process indicative of
o[n]e who might be using a feed rather than come to the blog

May I suggest an alternative hypothesis for comment-375205‘s use of a URL to a previous comment?

Perhaps the pointer indicates the comment to which they are replying. This explains why they prefixed the link with an ‘@’ character. It certainly reads that way to me.

Winter April 29, 2021 11:46 AM

@Joe K
“This explains why they prefixed the link with an ‘@’ character. It certainly reads that way to me.”

Sounds plausible. But that does not invalidate @-‘s argument.

A link is opaque for the reader who has no clue what it is referring. The comment numbers are used only for the benefit of the mod. Readers need a handle, quote and/or date+time.

Clive Robinson April 29, 2021 3:46 PM

@ Winter, Joe K, Moderator,

Sounds plausible. But that does not invalidate @-‘s argument.

Both are plausable, but looking at the recent attack history my thinking would be more in alinment with @- especially,

“Also an attempt to “play favourites” off against each other. Something I suspect @Clive Robinson will not fall for.”

Having just read the @anonymous post,

It did make me smile, lets just say it’s a little too obvious and on it’s own might be considered a “damming with faux praise” attack.

But it has certain “tells” within it that makes me suspect the reality is it is a setup designed to “create sides” thus division thus more opportunity to fill the space up with attacks against @Winter under a variety of different handles. But as on previous occasions I suspect the attacking entity will make more of their “tells” and give the game away.

@ Moderator,

I strongly suspect the attacks on @Winter are not realy anything to do with @Winter, but a faux excuse to launch attacks on this blog.

Likewise although the attacks appear at a surface level to be anti-vaxer, again I suspect it is a “cover” or faux excuse for the attacks.

Whilst I can not be certain I have reason to believe the attacks are actually aimed at silencing our host @Bruce as there is a history of this going back for rather more than a year.

What other long term posters/readers may think I don’t know but the attacks started quite some time ago around the time our host started moving from the technical to the more human side of attacks and their motivations but got significantly worse around starting around five years ago.

Others have mentioned that it might be “out of Russia” whilst I can not say it’s not as “attribution is hard very hard” my gut feeling is again that is being used as a smoke screen to hide behind, and the actual attacker is a lot lot closer to home than Moscow.

SpaceLifeForm April 29, 2021 6:05 PM

@ Clive, -, Winter, Joe K, Moderator

MITM. Be careful chasing links. Wait.

DNS traffic, packet timing. Just saying.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.