Comments
SpaceLifeForm • August 20, 2021 4:36 PM
Rain Fell On The Peak Of Greenland’s Ice Sheet For The First Time In Recorded History
hxtps://www.npr.org/2021/08/20/1029633740/rain-fall-peak-of-greenland-ice-sheet-first-climate-change
[This may be tied to the lack of expected Leap Seconds. The Water mass that I expected to move towards Equator is actually in the air, and moving towards the poles. The global warming is keeping more water vapour suspended]
i care • August 20, 2021 6:48 PM
@ Tõnis
Luckily others care and maybe we can even save this planet.
However, why wait for 100 years, you can help the mother
nature and leave this world right now.
echo • August 20, 2021 6:55 PM
SOC/671
Strategy to strengthen the application of the Charter of Fundamental Rights in the EUOPINION
European Economic and Social Committee
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions
Strategy to strengthen the application of the Charter of Fundamental Rights in the EU
[COM(2020)711 final]Rapporteur: Cristian PÎRVULESCU
Co-rapporteur: Christian BÄUMLERConclusions and recommendations
1.1 The Committee welcomes the new strategy devised by the Commission. The proposal contains clear commitments and places a firm emphasis on application and implementation issues. This is a direction that the Committee has consistently advocated, including in its opinion on the first strategy adopted in 20111.
1.2 Since then, major social, economic and political developments have complicated fundamental rights protection and brought new challenges for the current frameworks, including for the application of the Charter of Fundamental Rights. The current pandemic significantly increases risks to the health, safety and welfare of millions of people across the continent. At global level, where the EU has a major responsibility to act, the situation is even worse.
1.3 In this context, the EU institutions and Member States must act with a clear vision and greater drive in support of fundamental rights. Even though application of the Charter is limited to accompanying EU law, the growing body of regulations and cross-cutting integration of policy domains create ever-larger scope for action. This development is likely to have multiple implications for civil society, local communities, social partners and companies.
1.4 Unfortunately, after ten years of implementation of the Charter, there is still a limited knowledge among Europeans of its existence or role. It has also had limited use by civil society organisations, national human rights institutions and human rights defenders. We cannot wait for another decade to make the rights in the charter a reality for the general public, civil society and public institutions. We hope that the European Commission will be more active in informing citizens, the media, civil society, social partners and various other bodies about the Charter, its relevance, its effects and its related instruments.
1.5 All EU institutions have to stand firm and give strong support to all those civil society organisations, human rights activists and journalists who face physical and verbal attacks, intimidation and harassment, including abusive lawsuits, violence and online and offline hate speech. The smear campaigns that are affecting the credibility and legitimacy of civil society must stop and action should be taken against those Member States’ governments which engage in it. Enforcement of current rules should be a priority.
Additional content in report:
General comments: Background to the opinion, Ensuring effective application of the Charter by the Member States, Fostering the use of the Charter as a compass for EU institutions, Strengthening people’s awareness of their rights under the Charter.
Additional Links to Supplementary Material:
Timeline.
Related Opinion: Gender equality strategy,Further strengthening the Rule of Law within the Union. State of play and possible next steps (Communication, Resilient Democracy through a strong and diverse civil society (own-initiative opinion), European control mechanism on the rule of law and fundamental rights (own-initiative opinion), Fighting poverty (exploratory opinion requested by the Dutch presidency).
Related Links: European Commission, European Parliament, European Union Fundamental Rights Agency, Other useful links.
This sounds like quite the job and I’m glad people are taking it seriously. I will leave it to others to give opinions on law and history from prior to the Roman empire through to today. There’s not a lot to it but it’s a bit tedious writing it up. But the serious issue really is how hierarchy and society fit together and recent troubles from the financial crash onwards have highlighted weaknesses in implementations.
The US cannot get smug either as recent events have highlighted constitutional weaknesses including various human rights vacuums and in hindsight reckless governance arrangements. Not that the Russians and Chinese aren’t bricking it before anyone points fingers.
echo • August 20, 2021 8:08 PM
https://www.independent.co.uk/climate-change/news/cfcs-ozone-layer-montreal-protocol-b1904714.html
Landmark ban on CFCs in 1980s prevented deadly ‘scorched Earth’ scenario, research reveals
Some good news for a change which also reveals how sound leadership, cooperation, and expertise can win the day.
On 16 May 1985, three scientists from the British Antarctic Survey published shocking findings in the respected journal Nature: They had detected abnormally low levels of ozone in the stratosphere over the South Pole.
Having watched too many Stewart Granger movies when I was growing up alongside assorted yarns of faraway places, and Jacques Cousteau among other things I find stories involving drama and adventure like this quite thrilling. The current never ending run of Marvel movies is exhaustingly vacuuous in comparison.
“Fossil fuels, on the other hand, are a far more complex issue, whose use permeates our lives more deeply and whose reduction will not just be a straight swap with another chemical.”
“Of course, that is not to say that we shouldn’t rise to the challenge – we must! Perhaps the hope from the Montreal Protocol is that it has been a tremendous success story: science identified a threat and the world agreed and acted on that threat.”
Necessity is the mother of invention, or so they say.
Tõnis • August 20, 2021 8:15 PM
@i care, I don’t even care if someone blows up this planet. I won’t leave it till I’ve increase my alleged carbon footprint; my windows wide open, and I’m setting the t-stat to cooler right now.
name.withheld.for.obvious.reasons • August 20, 2021 11:15 PM
4 Aug 2021 — NIST Releases New Draft Cybersecurity White Paper
Planning for a Zero Trust Architecture: Draft Cybersecurity White Paper RFC
NIST has announced a request for comments on the aforementioned white paper. The deadline for submissions is September 3, 2021. For publication details see:
hps t://csrc.nist.gov/publications/detail/white-paper/2021/08/04/planning-for-zero-trust-architecture-starting-guide-for-admins/draft
Apologizes for the late date, just hadn’t caught up with my e-mails.
name.withheld.for.obvious.reasons • August 20, 2021 11:26 PM
20 Aug 2021 — NIST Release of Draft Updates to Cryptographic Model Verification
NIST has updated drafts for comment on SP 800-140C, SP 800-140D, and SP 800-140F respectfully, the drafts are open for comment until 20 Sept 2021. The documents can be found at:
hpt st://csrc.nist.gov/publications/detail/sp/800-140c/rev-1/draft
hpt st://csrc.nist.gov/publications/detail/sp/800-140d/rev-1/draft
hpt st://csrc.nist.gov/publications/detail/sp/800-140f/rev-1/draft
lurker • August 21, 2021 12:59 AM
@SLF, JKN: 51 and counting.
Patient A (so-called becaue he was he first to become symptomatic and seek testing; no upstream links yet, he may not be the actual patient 0) described as a 58 yr. old male. On the second day a positive test returned from Patient B, his 20 yr. old workmate. At that point it was Game Over.
Map of Locations of Interest shows Auckland city as carpet-bombed. Waste-water testing has detected a positive 50 km north of the city, nobody is yet owning up to this. Wild guess: a comfort stop from one of the flock of startled sparrows that flew up as soon as lockdown was announced. Obvious lack of knowledge of Delta’s behaviour turned supermarket panic buying into super-spreader events…
Full genome sequence comparison with NSW variant shows earliest probable date of entry 07 August.
covid19.govt.nz
[www.rnz.co.nz/news/national/449676/covid-19-update-21-new-community-cases-in-new-zealand-today]
JonKnowsNothing • August 21, 2021 2:49 AM
@lurker, SpaceLifeForm, Clive
There was some stuff (here) but Road Rash happened.
Hagrid: If you want to know some stuff just follow the spiders.
Clive Robinson • August 21, 2021 5:28 AM
@ JonKnowsNothing, lurker, SpaceLifeForm,
If you want to know some stuff just follow the spiders.
But what of their bite?
What magic is there,
Clive Robinson • August 21, 2021 5:42 AM
@ SpaceLifeForm, ALL,
Not sure what has and has not made it through all that current Apple bobbing…
But this dot might be worth adding to trail,
https://blog.malwarebytes.com/mac/2021/08/macos-11s-hidden-security-improvements/
Clive Robinson • August 21, 2021 6:22 AM
@ Bruce,
Another “Op Ed” style article on cryptocoins to add to your collection,
Clive Robinson • August 21, 2021 7:01 AM
@ ALL with an intrest in Quantum Computing.
One of the problems with qiantum computing is impression of time adds quite a large noise component to the signals involved.
Thus a hunt for a better clock that has equispaced ticks,
Ergo Sum • August 21, 2021 8:34 AM
@Clive Robinson
But this dot might be worth adding to trail
Evaluating a year old security update might be just an exercise in futility. The update may had been rolled back, modified, or just different hardware (M1) hit the market since then.
Clive Robinson • August 21, 2021 11:10 AM
@ Ergo Sum,
Evaluating a year old security update might be just an exercise in futility.
In what way?
But then I’m guessing you’ve not read it right (read the bits about where there and then they were not).
It’s why I said,
“But this dot might be worth adding to trail,”
History shows that trail breakers have little comfort in life it’s all hack hack hack at near virgin forest/jungle and the going is both hard and slow.
It’s this that appears to interest you.
Others however know about “the second mouse principle” as they are the ones that not only get the cheese, they also have the trail broken for them.
Thus they make their plans and do their thing in relative comfort a year or more behind the trail breakers.
Many find examining what the second mice are upto more constructive in predicting the future intentions than watching the hackety hack hack of explorers without any real direction.
Some find predicting the future direction way more usefull and profitable than watching people aimlessly hacking away at virgin teritory.
I know I’m not the only one in this group on this blog, and we find prediction to be rather more usefull that “gee that’s neat” of undirected effectively random topiary.
JonKnowsNothing • August 21, 2021 12:07 PM
@Clive, SpaceLifeForm, All
China is channeling Thomas Piketty.
China does have a way of making things happen they way they want. TechSector-TechBros are all on the line.
(road rash y or n?)
Clive Robinson • August 21, 2021 2:53 PM
@ JonKnowsNothing,
China is channeling Thomas Piketty.
Which appears rather odd at first comment.
Admittedly I’m a little more familiar with the work of his wife Julia Cagé on universal basic income.
That said Piketty is right that over the last hundred years, the rich have got richer, and the poor have been made poorer.
However the reasons are in some cases decidedly odd.
But as I’ve explained before if you split assets into “real wealth” and “fiscal wealth” it is fairly easy to see that “inflation” and “rent seeking” rapidly decrease / destroy any residual value in fiscall wealth, whilst promoting increasing value of any real wealth assets.
Thus a policy of denying real wealth assets to the lower middle classes and down through the working classes is effectively a policy, not to “enslave” them, but worse “enserf” them such that they are totally vulnerable to those with “real wealth” or Baronial assets such as land and property etc where they attract artificially inflated rent values.
If you look at inheritance and similar legislation again there is frequently tax protection for those with large estates that is not available even to those at the top of the middle classes.
Thus as has been indicated anything that causes the demise of retired middle class people in effect frees up “real assets” to a small part of society, whilst effectively forcing the “real assets” the deceased owned –which held value– into “money held in the bank”, held by law often for quite a while such that it rapidly devalues below the purchase price of the equivalent real assets.
Thus the economy and a wealthy few get benifit from the loosing inheritors.
SpaceLifeForm • August 21, 2021 5:39 PM
@ CISAgov, CISAJen
It would help your credibility if you could properly geolocate Kansas City on a map. Hint: It is at the border of Missouri and Kansas, not 100 miles east. If you are still confused, you can follow the Missouri River south from Omaha, Nebraska, and when it turns to the east, then you are there.
HTH. HAND.
hxtps://www.twitter.com/CISAJen/status/1429134968484245505
The map
hxtps://www.twitter.com/CISAJen/status/1429134968484245505/photo/1
[P.S. You should also alot relocation expense reimbursement for these job openings]
Anders • August 21, 2021 6:08 PM
@ ALL
You all probably remember form my post that our
Health Board cold storage failed during the midsummer
heath wave and we lost vaccines worth of 3 million Euros.
hxxps://news.err.ee/1608312452/prime-minister-health-board-cold-store-incident-an-unbelievable-mess
It turned out that all that time the floor heating was turned on.
Yes, you read this right, was ON. Even during the massive heat wave.
And even after that. They finally, indeed, FINALLY managed to turn it OFF, just recently.
hxxps://www.baltictimes.com/estonia__cooling_gear_at_health_board_s_cold_store_was_not_compliant_with_requirements/
There’s saying – can happen only in Russia. Well, we are no far from it 😉
Anders • August 21, 2021 6:28 PM
@ALL
In addition, DNS servers were wrongly configured and therefore alerts didn’t went through.
hxxps://news.err.ee/1608310589/health-board-s-cold-storage-malfunction-due-to-construction-error
(and at the same time our politicians present our country as a world leading IT country)
raranorar • August 21, 2021 9:01 PM
@JonKnowsNothing
RSS is fairly easy to make anonymous, automatable and allows a user to in theory create an offline db of articles to read at will. Without trackers, metadata or ads.
Want to sell ads, disallow automation, spidering.
I’d call that incentive for dropping rss, as Google did ages ago. Dropping rss so hard I was surprised to see google groups still offered rss in 2021. Mozilla is in effect owned by google, no sane company lead fires engineers unless ordered to. I’d say rss will weather this storm as well, until the standards committees decide to deprecate and nix rss out of desperation.
Clive Robinson • August 22, 2021 1:47 AM
@ Anders,
It turned out that all that time the floor heating was turned on.
Actually that does not surprise me at all, and something similar is probably happening within a few meters of you right now[0].
If you take a 20,000ft view of a cold storage unit you’ve two things to consider that conflict with “nature”,
1, Temprature gradient by hight in the store.
2, Health and safety measures to minimize accidents.
In nature over a local bounded –closed– volume colder air is “more dense” than “warm air” so cold air sinks compared to warm air[1]. However you also have to consider the effects of water vapour in any given volume and the so called “dew/condensation point”.
The result is that in the design of a “cold store” you “chill from above” to try to get as close as you can to a uniform temprature with hight through out the store.
But as water vapour is considerably denser and goes through a rather unpredictable “phase change” effect at ~0C you do not want ice forming on the floor as not only is it dangerous, it makes temprature control rather more fraught. Because phase change involves one heck of a movment of energy with effectively little change in temprature which whilst it is desirable if you are making “thermal batteries”[2] it’s not if you are making a “cold store”… Likewise staff or equipment sliding around on a thin layer of water on ice on the floor makes life way more interesting than most would like, so not just difficult but more dangerous than insurance and H&S inspectors will accept.
So yes having under floor heating on in a cold store does make sense for a number of reasons, especially when you have the “chiller” on maximum.
[0] If your home fridge/freezer is a “no frost”, “auto-defreeze” or A-star rated type you will find there is actually a “heating coil” wrapped around the chiller pipes from the compressor. This is the “auto-defrost” and the “circuit” is one as long as the freezer is powered up. What happens is around every 6-24hours depending on a timer and various sensors the compressor stops and the heating coil will come on untill the temprature of the chiller pipe is just above the freezing phase change temprature of water. It then turns off the heater and resumes the freezing cycle. Whilst this might sound mad, it is actually a way more efficient way to keep your food frozen.
[1] This is only a “local” effect, in a bounded / closed environment. As a rough rule of thumb you get the opposite effect in the first 16kM of the atmosphere above the Earths surface. That is supprisingly temprature drops aproximately exponentially. Which means at hights humans can survive at unaided the temprature drops about 9.8C/kM for “dry air” ranging to 4.2C/km for “humid air”. This difference between the local effect and the low atmosphere effect is obviously unstable, hence just one of the drivers in weather turbulance. It is also why annoyingly a “Temprature invertion” as called in weather forcasts is actually what you would expect from physics…
[2] Or making “ice cream” or “fog” using ice and water and adding salt to it.
Clive Robinson • August 22, 2021 2:46 AM
@ Anders,
The “report” kind of makes it clear what realy happened and the massive “snow job” being carried out to save “political blushes”.
Basically the “prime contractor” who should have not just specified the work to be carried out, but co-ordinate it and ensure compliance, failed total to do it’s job.
The “committee” read like a bunch of “political yes-men” desperately looking to find a scape goat for their “political brothers”.
The rancid smell of the neo-con idea of “thin-government” is present at every level from the top down, and basically has in this case long long ago defaulted to typical “incompetent toadying” such “thin-governance” systems always do.
Basically incompetents pick up a fat salary for nodding through grandiouse ill thought out schemes.
The actual contractors that do the jobs probably wrote their own specifications documents and handed it to the political toads on a nod and a wink.
The real hard job now is to cover up this festering mess and kick it all into the very very long grass such that,
“That there’s some corner of a foreign field That is for ever covering the corrupt body politic.”
To far to smell, to far to see, and hopefully soonest out of minds eye and forgoton so the “good times can keep rolling” in for the toadies and their chums.
This is exactly what any sensible person would expect of,
1, Thin Government (no oversight or auditing processes).
2, Outsourced Services (cronies write their own contracts as financial vehicles to transfer tax money to their pockets).
It all works “wonderfully well” at “nest feathering” and the like, but when things are needed the most the fail the hardest, and by then the money and guilty parties are long long gone or busy on other “government work” “feathering the nest of those still in “thin Government”… So they “must not be embarrassed” otherwise the sinecure jobs those toadies are counting on for a fat retirment will vanish.
Basically what you have with this “crisis” is a very large lump of political corruption at the highest levels of Government down, and the politicians are desperately running around trying to cover it up… So some “unknown” culprit will have to be found… be it an illegitimate child of a North Korean Mother, Iranian Father, that is Half Chinese and Half Russian “Uber Hacker”, or some now dementia riddled “Mrs Mop” cleaner who may have accidently pulled the plug out the wall five years ago…
The one thing you can guarentee is it will not be anybody of “importance” who is to blaim in any way what so ever…
Contraception • August 22, 2021 4:34 AM
Within the last few weeks I’ve noticed a dramatic shift on social media and amongst friends and family toward “the unvaccinated.”
For awhile the collective opinion was that people who refused the shot were conspiracy theorist, stupid or misinformed. Now however, the common sentiment has changed to outright hatred. Less of a “good luck dieing dumb dumb” and more of a “fu-ck you unvaccinated peace of shit. I want you erased from this fuc-king planet!”
Contraception • August 22, 2021 4:34 AM
I’m honestly scared of where this is heading. If people can be manipulated to hate their friends and neighbors this easily, how far could the government and the media take it?
We’ve already seen conservatives become likened to Nazis. Today people would feel more embarrassed to say they voted for Trump than to say that they have a drug problem. I honestly don’t feel comfortable sharing my beliefs around people I’m close with anymore for fear of getting ganged up on and dismissed as an idiot.
This us vs. them mentality is on the fast track to becoming a dangerous situation. It feels like this is starting to accelerate and I don’t like where it’s heading.
@Winter:
I wondered if there was a connection between the current ‘Tõnis’ incarnation and the Troll-Tools, so I said (not unreasonably),
“Don’t feed the troll even if it is chewing it’s toe his nails.”
And we hear nothing until Russian Slave Labour time down at the P’burg patty flipping McThrow Ups. When we get the above stupid nonsense about Diesel engines from someone who obviously knows next to nothing about the care, feeding and use of such beasts.
You’ld almost think the idiot had been getting high on dried mushrooms…
But it’s probably just so dirty and lives in such insanitary conditions it’s got a nasty nasty flesh flaking, rotting slime inducing fungal infection off of it’s fetid podia. So by chewing those nails it is getting a dose of something realy quite unpleasant beating away at it’s brain blood barrier…
Mind you some urchins actually feed through their feet anyway. I’m told nobody is realy certain if such urchins have a nural nexus that could be considered a brain so I guess it fits.
Clive Robinson • August 22, 2021 11:23 AM
@ ALL,
“Timing Attack on SQL Queries Through Lobste.rs Password Reset”
This is an interesting 10 minute read on why people should “think a little” more when doing security on even what should be simple…
https://soatok.blog/2021/08/20/lobste-rs-password-reset-vulnerability/
Yup the timing attack should be “obvious” we all know that… but even “though we know it” our brain often “does not connect it” when it comes to seting up enquiries/requests that can be seen by an attacker. So where there is a relationship to time, such as “walking an ordered list” we create a potential vulneravility.
Clive Robinson • August 22, 2021 12:33 PM
@ ALL,
Speaking of What we should know about and the issues of Security Vulnerabilities we are starting to see a lot more of articles like,
https://blog.kellybrazil.com/2019/11/26/bringing-the-unix-philosophy-to-the-21st-century/
I need to stress I’m not picking on this one exanple but it’s just a good one to think eaaily about.
As the article notes back last century *nix utilities put out in the main unformatted text. More specifically unformatted 7bit ASCII, which over the years has changed in many many ways,
Firstly you are unlikely to see 7bit ASCII these days, character sets have got beyond wierd and change faster than a big bag of snakes sheds skins.
Obviously this can be a security vulnerabiliry or give rise to security vulnerabilities. In fact oh so many in oh so many different ways there are several “books worth” of information on the subject. Importantly whilst there are “many mitigations talked about” most only work in certain ways in certain places and more than a few if used in the wrong place can often make things worse… So no “one size fits all” solutions out there.
Secondly many years ago we tried to bring out “standard formats” anyone else remember the original “comma seperated” format? Yup you need a beared both whiter and larger than an inverted Swiss Alp…
It “Comma-Seperated Values”(CSV) as it became called twisted and changed with time for various reasons firstly due to “inband signalling” and later “increased functionality”, oh and of course some people trying to “lock-in” or “lock-out” for business reasons. Amazingly to most people when you tell them it spent atleast four decades before it got standardized as RFC 4180 back in late 2005…
It was supposed to be a “text only” way of transfering “flat file” style Data Base files. Which should in most cases be fully human readable, and if you need to either be typed up manually or generated by a simple text output script or executable…
Well you know what they say about weeds… Even though “standardized” there is no agreement on how to use the comma or even if it should be a comma… The result is many say CSV means “Character-Seperated values” some even use more than one seperator in non obvious hierarchical formats.
So RFC 4180 is “a standard that is not a standard” might be a description that springs to mind. But it gets worse a lot worse. By 2015 the W3C got involved and started their own set of CSV standards…
But there is a “hidden issue” that is built on a “false assumption” which is,
CSV streams/files cannot “naturally” represent hierarchical or object-oriented data. This is because every CSV record is expected to have the same structure.
The fact is whilst you are only supposed to have a fixed number of fields in a record and that the fields be of the same type in the same place, that only applies to the topmost layer, because all the standards avoid the “fields within fields” issue in part because of “text fields”. So “Objects” are more than possible. But… It also means that we come up against the “Data is Code” issue. You can if you wish fairly easily structure the BASIC programing language so you can put it in acceptable CSV formatting…
Well I could go on about CSV for ages, but it’s nothing in comparison to more structured formatting like JSON as mentione a week back you can do all sorts of faux security tricks with JSON that is you can “sign code” whilst other people think you are have “signed data”. Opps that means that an attacker can make the code output what they want, and you think it’s OK because it was “signed”.
So from a “security perspective” the likes of JSON and other file serialisation formats is decidedly fraught with difficulties and major gotchars…
Zaphod • August 22, 2021 2:08 PM
@Clive (ut eiusdem semper),
Any thoughts on real world applications of ‘time crystals’, assuming recent developments are confirmed?
Wishing you the best,
Zaphod.
Clive Robinson • August 22, 2021 5:22 PM
@ Zaphod,
Any thoughts on real world applications of ‘time crystals’
I guess you might be thinking about this little notion that entropy or atleast the second law of thermodynamics can be avoided in a quantum computer,
https://www.quantamagazine.org/first-time-crystal-built-using-googles-quantum-computer-20210730/
Well “semper memoria tenendum” might be one answer 😉
But in all honesty I have trouble getting my head around the notion of movment without kinetic energy, thus the potential for it to be in “perpetual” motion…
But the implication on the avoiding the second law of thermodynamics has some interesting fall out if shown to be true, some of which would land with quite a squelch on information security at a quite fundemental level…
JonKnowsNothing • August 22, 2021 8:22 PM
@Clive, SpaceLifeForm, All
A very interesting article dated 12/2020 on research happening in 2021.
ht tps://doi.org/10.1080/19420862.2020.1860476
Unfortunately, it’s no longer possible to have much exchange on any topic. The road rash is a waste of all efforts and I really am not as good as SpaceLifeForm at cryptic messages and bread crumbs.
(road rash y or n)
Anders • August 22, 2021 8:35 PM
@Clive
Your post on pure ASCII is right. But don’t
concentrate and limit this only to CVS.
Everything should be in open format and human readable.
I think this link suits here well.
hxxps://www.theregister.com/2021/08/11/column_cyberbanana_windows/
We have traveled a long road. Most of us here have
used computers for ages and remember the times when
there wasn’t even such a thing as a “web”.
Looking back – is all this we have created or use today
really better than years ago? I say it again – we create
those security problems to ourselves by ourself.
We throw away tried and tested systems and constantly
upgrade. Is all this better now?
How many people nowadays use MUTT email client?
Simple things that just works – we had them (and still
have). But we don’t use them. People thinks Exchange and
OWA is better. You can’t even look at mail source and headers
before really reading the mail with them. We are our own
worse enemy.
Anders • August 22, 2021 9:44 PM
Staying on email topic.
hxxps://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell
Anders • August 22, 2021 11:16 PM
and…while we talk about web history…
hxxps://portswigger.net/research/http2
lurker • August 23, 2021 12:35 AM
@Epidemiologists: STOP THE PLANES
107 and counting. It was only a matter of when not if, the AU bubble burst. And of course too many got caught on the wrong side of the ditch. Red Zone Flight makes a good line on TV news. But our boffins have known for some time that this virus is airborne. So should I wait for an explanation of why they thought a few sheets of vertical perspex, not going right up to the ceiling[1], would make a good barrier between assumed infectious inbound to quarantine, and assumed healthy inbound to vaccination?
ScoMo[2] is saying he thinks Delta cannot be eliminated. Our people think it can because we do lockdown better than AU. But then our people insist on continuing to import the pestilence. For more dismay put vaccine passport forged into your favorite search engine.
@Clive, @echo note this from a local paper:
Residents of the upmarket Auckland suburb of Devonport are coming to terms with the news that the first identified New Zealand case of the Covid-19 Delta variant in the community, a local resident, is a tradesman.
Experts say the man has done nothing wrong…but Devonport residents are still shocked that a tradesman is in the community…
[2] https://www.abc.net.au/news/2021-08-23/covid-prime-minister-vaccination-lockdowns-must-end/100398686
Winter • August 23, 2021 1:01 AM
@Lurker
“It was only a matter of when not if, the AU bubble burst.”
It was clear from the very start that the disease would reach any human on earth eventually. It was just a matter of time. Those who were able to delay its arrival should have used the time to get a jab. But they didn’t, because reasons and stupidity. But mainly stupidity.
So, all those island (continent)s that were able to keep the disease in check, wasted their advantage by not doing the sensible thing and get a jab. Then it arrives anyway in Japan, Australia, or New Zealand, and everything developes as it did in the worst places.
Lesson to remember: If you “trust no one”, you will trust the wrong ones and suffer dearly.
Winter • August 23, 2021 1:04 AM
@Clive
“But there is a “hidden issue” that is built on a “false assumption” which is,
CSV streams/files cannot “naturally” represent hierarchical or object-oriented data. This is because every CSV record is expected to have the same structure.
”
XML was supposed to correct these problems. Somehow, this did not work out as intended. Meanwhile, JSON has taken up this role.
Clive Robinson • August 23, 2021 4:30 AM
@ Anders, ALL,
But don’t
concentrate and limit this only to CVS
I’m not, my use of CVS was as a “historic example” that is unfortunately still evolving…
Whilst CVS does not cover all the later horrors of SGML, XML, HTML, JSON etc it makes an easy to follow introduction for those who want to venture down “The Serialization Security Rabbit Hole”.
With regards,
Everything should be in open format and human readable.
Whilst some will argue that it is not possible for “efficiency” or other reasons they are generally arguing for “being lazy” in the bad way at best and often a lot lot worse.
But the other thing to watch out for is the “It’s all safe behind a crypto wall” argument some have put out (Google being just one of many).
Crypto is never a wall as some portray it, at best it’s a locked room with many hidden doors in from secret passages. But perhaps worst of all security wise, rarely do people ever want to work in locked rooms, so they have a habit of unlocking and opening a door and leaving it wide open that way for many others to just stroll through unhindered (FDE on a communications connected computer being just one example of this).
So not only should “open format and human readable” be two primary aims we also need to reduce or remove “complexity”, as well stopping the specification alowing “data to be used as code”, with a healthy dose of “least trust” thrown in as well.
Because if people are daft enough to want to use “data as code” with all the security problems that brings to the battle field, then they should do so explicitly themselves in their own code. And most definitely not have it hidden away in the interface and libraries of standards, protocols, and implementations, where everybody gets harmed by it.
It’s the sort of dirty trick various SigInt personnel on standards bodies call “finessing” and you can be sure they have a “high five” party every time they slip one in to a standard as that gives them a back door for a quater to half century if not more.
But we have a problem worse than the SigInt agencies who atleast try to remain somewhat “covert” about their activities… These days we have “Mega Corps” from Silicon Valley and other parts of the world. Their aims can be said to be,
1, Steal private information
2, Steal private resources
3, Abuse all for profit
They pretend it’s for “marketing/advertising” but the actuality is way way worse.
Basically they want full unfettered access to all of a private individuals, data and all of their computer and peripherals, mains power, communications bandwidth, etc, as a right you as a private individual can not argue with.
If these Corps actually stood up and said this honestly and openly most people who could think about it would horrified by the idea.
So what have Google amoungst others done? They have in effect “bought the standards bodies and system implementers” one way or another.
The most obvious being the World Wide Web Consortium (W3C) and the developers of web browsers. HTML5 can best be described as “A serious security threat” and should be treated as such, similar applies to other supposadly “Open Standards”, “Open Protocols”, and “Open Implementations”.
And so we run down “the road to hell”.
Clive Robinson • August 23, 2021 5:02 AM
@ JonKnowsNothing,
Are you talking about?,
https://www.researchgate.net/publication/348567466_Antibodies_to_watch_in_2021
If so the “growth curve” is somewhat shocking, and I for one wonder where the money has come from (and just how much these products will cost a patient, if they can even earn that much in a life time).
Winter • August 23, 2021 5:26 AM
@Jon, @Clive
“Are you talking about?,”
Anything ending in “map” (monoclonal anti-bodies) will be expensive. These are therapeutic drugs intended to get you through the crisis in case of infection.
They are important for those who cannot get a jab, or when the jab was ineffective. It is a waste of money compared to getting jabs. Prevention trumps curing almost always.
Clive Robinson • August 23, 2021 5:41 AM
@ lurker, Winter, ALL,
ScoMo[2] is saying he thinks Delta cannot be eliminated. Our people think it can because we do lockdown better than AU.
Well “Scott from Marketing” has a very clear record of wanting to do just about everything he could to favour the “Trump Industry Lobbyists” and open up everything to pestilence as fast as possible.
So you could say he’s “trying to put in an early defence” for the genocide he wants to create…
Because not only has ScumMuck flavourd the “travel industry lobbyists” where ever he can, he appears to have put the breaks on vaccination where ever he can.
Maybe he thinks he’s going to get voted out despite the little favours to Rupurt “The bear faced liar” Murdoch and US Corp News International, thus he wants to get revenge on the average Australian citizen and kill them off with a plague.
NZ on the other hand have been of the view they can keep it out or kill it off sufficiently by lockdown. What I’m not sure of is how their vaccination plans are comming along.
The two points political twits need to grasp is,
1, Due to their stupidity our only hope of getting rid of SARS-2 is now vaccination, provided it can get ahead of prevelence relatd mutation(2).
2, If vaccination is even remotely going to stand a chance of getting ahead of SARS-2 community infection prevelence has to be severely curtailed or stopped and that can only be done by area quarantine or lockdown.
If we don’t then something like 2-15% of the worlds population will succumbe to SARS-2 within just a few years at most.
Also we have the issue of “long covid” nobody has a clue, just how long that could run for, but people who get it and live could be effectively invalids / disabled for years if not decades or life times.
Oh and if you hear “but children are safe / not effected” just do the world a favour and “kick them to the curb” as forecefully as required.
It appears that two things happen with each successful SARS-2 mutant that appears,
1, It attacks younger age ranges.
2, The number of people that develop long covide appears inversely related to age.
Or put another way, the successful mutants are after the children who are increasingly more likely to get long covid from a serious infection than their parents…
Clive Robinson • August 23, 2021 5:50 AM
@ Winter, ALL,
XML was supposed to correct these problems. Somehow, this did not work out as intended. Meanwhile, JSON has taken up this role.
Hmmm what is that quote about “repeating” and “madness”…
Lets put it this way, from the security asspect, would you even bet the price of “glass of water” on it happening with JSON?
Winter • August 23, 2021 6:37 AM
@Clive
“Hmmm what is that quote about “repeating” and “madness”…”
You are too harsh:
- XML was NOT designed for security. That is orthogonal to it’s use case
- XML implements a tree structure, and can therefore, implement most datamodels used in ICT
- XML specifies the character encoding explicitly
As far as I can see, it achieved it’s design goals. What is going wrong is the definition stage, the X, of the ML. Defining and standardizing XML instances is a pain. Then, nobody bothers to write validators for whatever definitions they chose to use making parsers choke.
XML is human readable, but humans are very bad at reading tree structures in an XML document. This is especially true for XML from Microsoft, which might even be worse than Microsoft generated HTML (Office Open XML, anyone?).
There are many people howling about the wordiness of XML. But XML is very, very easy to compress, It is just text. And it is pretty easy to parse.
JonKnowsNothing • August 23, 2021 7:43 AM
@Clive, Winter, All
There are 3 approved for use in the USA. There are infusion centers being created in many areas and developed countries. mAbs are in use daily. Of the 3 currently in use in the USA, 2 are losing effectiveness and 1 is still fully effective.
The breadcrumbs are there, follow the spiders to AY.3.
fwiw attempts to follow up on topics end up with road rash or removed. One never knows why except it’s not my problem to sort out but until it does there’s not much more that can be said.
(road rash y or n)
echo • August 23, 2021 8:51 AM
As well as compromising our attention spans, Lembke says our obsession with instant gratification means we’re constantly living in our limbic brain, which processes emotions, rather than in our pre-frontal cortex, which deals with future planning and problem-solving and is important for personality development. When we’re confronted with a complex or unsettling issue in our work or social lives, our digital companions are always there to help us escape the stickiness of life with an easy distraction. (And the version of life presented on screens removes all rough edges: faces are filtered and beautiful, there are no awkward silences, and if we don’t like what we see we can simply click on another tab.)
“It’s very different from how life used to be, when we had to tolerate a lot more distress,” says Lembke. “We’re losing our capacity to delay gratification, solve problems and deal with frustration and pain in its many different forms.”
[…]
Many of these ideas are familiar: we’ve all heard about digital detoxes and mindfulness practices, but unlike many spiritual gurus, Lembke is straight-shooting. She is not promising sunshine and rainbows. Yes, it’s natural and healthy to pursue enjoyment, but our consumer culture has created an expectation “that life is supposed to be so fun!” she says. “And really, it’s not. Life is a slog and I think if we could admit that and take comfort in knowing we’re not alone in the day-to-day struggle, paradoxically, we would be happier.”
It’s a sobering thought. Because the bounty of high-octane stimuli enables us to instantly boost our mood – something previous generations couldn’t do to the same degree – we’re under the impression we can fully control when we feel joy. In reality, our drip-fed, tech-fuelled bliss is fleeting, and often less than blissful. The main message is to stop hunting for pleasure all the time.It’s too much of a good thing, and all that.
Lembke is sanguine that we can beat our digital dependencies by embracing a more monastic mindset. She advocates replacing some pleasure-seeking vices with“painful” pursuits. When we do things that are challenging – going for a run, having an ice bath, talking to a stranger, reading a book on philosophy – instead of receiving a dopamine boost beforehand we experience it afterwards. “Doing things that are hard is one of the best ways to pursue a life worth living, because the pleasure we get afterwards is more enduring,” she says.We tend to forget that earned highs are that much sweeter.
Even if the idea of swapping an episode of Mare of Easttown for a jog sounds cruel, just opening yourself up to the realisation that you shouldn’t expect to be dazzled 24/7 seems like a feasible shift in thinking. As does letting your mind wander, uninterrupted, with increased frequency. Just remember: it all starts with a phone in a drawer.
I’ve experienced a pesistent run of coincidences and synchronicity over the past week or two to an aching degree which is a curious thing. But this is something I was pondering late last week. My general feeling is peoples minds are taken up with too many short term thrills and information overload. The paper I mentioned a week or two ago discusses the rise in general anxiety over the past decade or two. My sense is all of this makes less room for considered rational thoughts and decisions and is contributing in aggregate to problems with democracy and the rise of the far right and compassion fatigue and so on.
I also think this blog as well as the tech industry in general suffers from this on top of change and legacy attitudes which is one reason why I haven’t posted much recently.
Before even discussing technology you must realise it can be a solution but also an expression of intent. An expression of intent comes at the end of a process not the beginning. It can be a solution but a solution to what?
I’ve also noticed a rise in officials coming out with the view they don’t know whether terrorism is increasing or whether they are simply discovering more. Aside from the noddying dog bikeshedding and copycat low hanging fruit with job titles or not are guilty of I find this to be a dodge much like and probably coming from the same place as “bothsideism”. Myself I believe it is a small truth covering a big lie. The problems alluded to by this article and the fact small groups of extremists and dedicated people pack out and multually amplify their own signal to present themselves as a larger group than they actually are is something which has been happening a lot lately. This strategy has been used within politics at all levels in the past and is nothing new. It’s just the vicarious ease of use and lack of filters encouraged by social media has given it a platform it never had direct access to before.
Clive Robinson • August 23, 2021 8:55 AM
@ Winter,
You are too harsh:
By what standard?
If you look back on this blog you will find I’ve basically said,
1, Security is a Quality Process.
2, Like QA it should be fully in place before day zero of any project.
3, Like QA,if should have full managment buy in from the very top down without exception.
I’ve said it in many diferent ways some more verbose and even polite, some shorter and rather mote curt.
I’ve actually done this over as long as this blog records go back… You will also find I said it on other publicly available blogs going back this entire current century and a bit longer (since 95 atleast whe Blog was not a word as such).
The idea about Security needing to be a fundemental part of all ICT design over the entire product life cycle is not only not new, it’s actuallt all grown up and should by now be treated with the respect it deserves…
As I said CSV’s failings go back over four decades and yet we still suffer with them every day.
Even before Gossling’s Oak –on green– got renamed as “Java” and started geting talked about, and likewise before another Marketing droid switched names for the compleatly unrelated scripting language for an early browser and called it “JavaScript” we knew certain things were going to be security nightmares.
Well here we are a whole “working lifetime” later and guess what… Not only is serialization for communications still a compleate SNAFU it’s also without any doubt a compleate Security Nightmare, which we could have easily prevented.
But worse, a lot worse, the people in the driving seat want it to get more insecure, more complex and well neigh impossible to use safely…
So what have we actually learnt in the two to four decades?
Well that the “madness” saying has a whole load of truth in it. So maybe we should get off of that merry go round from hell we got on at the Halloween horror theme park all those years ago. Especially as it’s long since crossed the car-park and is running amok in every computer where the user connects via insecure communications to about the largest empire of crooks mankind has ever put together…
Am I still being a little harsh?
I suspect a few more every day will think not.
Winter • August 23, 2021 9:30 AM
@Clive
“1, Security is a Quality Process.
2, Like QA it should be fully in place before day zero of any project.
3, Like QA,if should have full managment buy in from the very top down without exception.”
XML is a text data format. It is not more than describing bits for data interchange. If information (data) cannot be exchanged between computers, there is no point in using computers.
XML, when not defined by MS, does not carry any executable code. It is defined to be static and non-executable. It is entirely possible to give it a binary payload (as MS did in OOXML), but that requires to go outside of the specifications of XML. No level of security consciousness will protect you from fools adding binary programs to your data.
So, XML defines static data with explicitly defined encoding. Parsers for XML are relatively simple and well understood. Any code will have bugs, but that is not something XML could prevent.
So, what else? No data exchange? That is about as secure as a computer locked in a safe, encased in concrete, and dropped in the Mariana Trog.
So, why not use XML if you exchange data?
lurker • August 23, 2021 11:40 AM
@Winter
Those who were able to delay its arrival should have used the time to get a jab. But they didn’t, because reasons and stupidity.
NZ was in the early scramble, pre-ordering a total of 10M doses from 3 different suppliers. At the time we were accused of being greedy, wanting 2 shots for every citizen. History proves us not greedy enough now that 3 jabs are recommended. What followed is obscured by the fog of war, but includes:
- Commercial haggling over price,
- Governments who supplied research funds leaning on manufacturers to supply their own people first,
- Disinformation campaigns from all corners on the efficacy of the different brands,
- Supply chain deficiencies, and demand for booster shots resulting in uneven global distribution.
Of course Covid isn’t the only game in town, it has to take its place alongside climate change, and insecure computer systems.
echo • August 23, 2021 1:14 PM
Reporter’s fiery interview with Taliban leader after Afghanistan devastation | 60 Minutes Australia
https://www.youtube.com/watch?v=szhmN51eqdU
Contains testimony from local Afghan women and an international human rights crime investigator. Some of the material discussed is pretty rough.
“Forseeable and forseen”.
My comment: You DO NOT treat people like this and I’m not just talking about Taliban. I’ve giving a very hard Paddington Bear stare at the UK government.
Weather • August 23, 2021 1:21 PM
@echo all
I predict in 1-2 years a war, it will start as civil wars then spill international.
name.withheld.for.obvious.reasons • August 23, 2021 1:22 PM
23 AUG 2021 — Comment on the 9th Circuit Court Appeal in Jewel v NSA
In reading the opinion from the court, it is clear that there is both a disdain or contempt in the response by judge White and that arguments are not necessary (at least rational in nature) to answer the appeal.
First, in making the statement, judge J. S. White, dismissed the case by stating, “That prediction has come to pass.” thus making clear that the court has a prejudice to its own proceedings. Instead of say for example, “The facts in the appeal did not reach the necessary…blah, blah, blah.” would have at least had the appearance of professionalism.
Second, the dismissal by the Court, as stated by J.S. White, included a non-sequitur to the response to the appeal:
“The district court did not abuse its discretion in excluding evidence at summary judgement. See Orr, 285 F.3d at 773. But even assuming it did so, any such error was not prejudicial, because even considering the excluded evidence, the Jewel Plaintiffs have failed to set forth sufficient evidence of standing[1]. The district court also did not abuse its discretion in denying the Jewel Plaintiffs’ counsel secure access to the classified evidence in this case. See 50 USC Section 1806(f) (“[T]he court may disclose…materials related to the surveillance only where such disclosure is necessary to make an accurate determination of the legality of the surveillance.“)[2]
[1] The basis of the case was a challenge to the government’s dismissal due to standing, where the state is the sole party to ANY evidentiary sources concerning legal or ILLEGAL surveillance.
[2] See footnote 1…
Winter • August 23, 2021 1:24 PM
@Lurker
“NZ was in the early scramble, pre-ordering a total of 10M doses from 3 different suppliers. ”
Results (2 jabs/full):
NZ 23%
AU 30%
JP 40%
USA 51%
UK 62%
Japan has moved fast in the last month or so, cf Olympics. But NZ and AU are seriously lagging.
Clive Robinson • August 23, 2021 2:55 PM
@ Winter,
So, why not use XML if you exchange data?
As you say yourself,
1, “It is entirely possible to give it a binary payload (as MS did in OOXML), but that requires to go outside of the specifications of XML.”
Microsoft “embraced and extended” and put their crap in all their libraries and OS’s, so OOXML turned up in various forms all over the place.
With the result as I noted,
2, “Because if people are daft enough to want to use “data as code” with all the security problems that brings to the battle field, then they should do so explicitly themselves in their own code. And most definitely not have it hidden away in the interface and libraries of standards, protocols, and implementations, where everybody gets harmed by it.”
Microsoft decided to screw everyone over by their actions now XML is not trusted as secure…
Google have decided to screw everyone in similar ways, so modern HTML5 browsers can not be trusted as secure.
For data transfer / communications protocols, BOTH ends have to be secure. Otherwise an attacker will get in to first one then the other or other targets down stream.
Both Google and Microsoft as well as other Silicon Valley Corps have weakened or removed security from standards, protocols and implementations to do just that especially with serialization.
So do you realy think that JSON is going to fare any better?
Don’t be daft, if they cannot get at the standard, then they will go after the protocols, if they can not get at those then they will get at the implementation one way or another, or come up with a compeating standard and saturation bomb with it.
Aside from a few people like me saying “Don’t do this foolish thing” Google and Microsoft will put it into there implementations in such a way as to make their insecure way “the de facto standard” and all those code cutting developers that realy realy should know better by now will crawl over each other just to get be the first with insecure libraries from Google or Microsoft or any other big name corp.
To pretend otherwise is to deny four decades of history, without learning a thing from it…
As I enquired would you realy bet the price of a glass of water that it won’t happen?
I know where history tells me to put down my money and it’s not on the side of security…
echo • August 23, 2021 3:07 PM
@Freezing In Brazil
Taliban fighters are not ‘incels’. Reducing them to this simplistic category will hamper any rational discussion on their nature and motives. It will only lead to error [and when it comes to this subject, the West has had its fair share of errors already].
I’m not being simplistic. Read my previous to posts on human rights and neuro-psycho-sociology. Calling them a rote learning walking talking example of Duning-Kruger criminal and criminally insane fragile and toxic masculinity is a bit of a mouthful. Their type are all over the place in one form or another usually disguised by established cultures and complacency and wealth.
Personally I find calling the Taliban incels is very helpful. Darkside, or Laserface as I called them while stiffling giggles, disappeared fast! If there’s one thing men cannot stand is mocking laughter off women. Nor can they stand the trivilisation of their masculine self image. The Taliban cruise about wearing scary black and waving guns. I’m supposed to be impressed? Much like the Alt Right they have have a love of their own intellectual conceits no matter what easily provably nonsensical idiocy they are based on.
As per the documentary a large number of these Taliban incels are rapists and child abusers, wife beaters, and murderers.
I never thought I’d see the Paras cut and run from a battle but hey ho.
https://www.independent.co.uk/asia/south-asia/afghanistan-evacuation-kabul-uk-refugees-b1907279.html
“I lived by myself, which made things even more difficult,” she said. “The Taliban had been coming to our area and asking questions about people. One of my neighbours said I was putting everyone at risk by being there, that I should go and live with my family,” she recalled.
And there you go… Everyone knows who they are but wimped out. All the Taliban lacked was being given cream cakes and a red carpet. Somebody please explain to me in detail how this was not so.
@Moderator:
@ALL:
I could be wrong but the recent posts appearing to be from @echo are using language not seen from that handle in the past.
Makes me wonder if some one is “channeling” as part of other activities…
lurker • August 23, 2021 3:29 PM
@Winter
No level of security consciousness will protect you from fools adding binary programs to your data.
… Parsers for XML are relatively simple and well understood.
Shouldn’t a relatively simple and well understood XML parser protect me from fools adding binary programs to my data? I don’t care about about fools who add binary programs to their data, when it comes my way it’s untrusted.
SpaceLifeForm • August 23, 2021 4:42 PM
@ name.withheld.for.obvious.reasons
Thank you for parsing. Your compiler found the Catch-22 loop.
SpaceLifeForm • August 23, 2021 4:58 PM
No rock salt required
hxtps://hackaday.com/2021/08/22/electromagnetic-interference-for-fun-and-profit/
Freezing_in_Brazil • August 23, 2021 5:01 PM
@ echo
Personally I find calling the Taliban incels is very helpful.
No I don’t think it is helpful at all. Both groups have about nothing in common beyond vague appearances. They [won’t write down their name] are voluntary celibates to start with.
I see the post you replied to has been deleted. I’m a very civil man, so it is incomprehensible to me. I’m not politicizing my posts. It’s all about security.
SpaceLifeForm • August 23, 2021 6:15 PM
@ Clive, Winter
Complexity is the enemy.
XML, JSON, HTML are complex. If there is a parser involved, that has to deal with the complexity, the odds are good that there is an exploitable bug in the parser.
I can write a tool that can dump an entire Relational Database (multiple tables, etc) into a flat file, and it will be both human readable AND machine readable. And then, recreate the entire Database from the flat file.
This tool is not complex. The parsing is clear.
Of course, the separator character wIll not be a comma. It will be a very, very unlikely 2 byte sequence that can never be expected in a database. Bonus points if the application never allows that 2 byte sequence to ever be INSERTed or UPDATEd into a row in any table.
Also, note: You CAN do tree structure inside Relational.
echo • August 23, 2021 6:30 PM
A group of Apple workers has announced a campaign to improve working conditions within the company.
On Monday, company employees launched a Twitter account called Apple Workers to gather stories from colleagues about workplace issues such as “persistent patterns of racism, sexism, inequity, discrimination, intimidation, suppression, coercion, abuse, unfair punishment, and unchecked privilege.”
[…]
The campaign is the latest development that shows a rising interest in labor organizing within the company. Earlier this month, current Apple employee Ashley Gjøvik said she was put on leave after she complained about sexism inside the company on Twitter. In May, Apple fired Antonio Garcia Martinez, an employee who was accused of expressing misogynistic views in a book he wrote about Silicon Valley after colleagues called for an investigation in a petition.
I guess it’s no surprise Afghanistan has been thrown under the bus when attitudes like this article reports are circling among America’s elite. The same cowardice Afghani men displayed has been seen with US and UK police turning blind eyes to their own Taliban while teargassing students and beating up women. They’ve all got soft picking on civilians and the second anyone comes along wearing a far right costume they fold like deckchairs.
https://www.youtube.com/watch?v=1x3sAX-9poo
The withdrawal of US-led forces from Afghanistan has set the stage for a return of the Taliban, 20 years after they were ousted in the aftermath of the 9/11 attacks. In this report for Arte and FRANCE 24, correspondents Margaux Benn and Solène Chalvon Fioriti offer an in-depth look at Taliban rule, with its schools and Court of Justice – and a chilling foretaste of daily life under Islamic fundamentalists.
Scum.
Poolvault • August 23, 2021 6:40 PM
Strange articles.
Maybe intense data corruption is a major problem, not really any kind of adversary. Thoughts on this?
@SpaceLifeForm:
Coincidentally, “Metabolic Complexity” (or something similar) was one of the early filenames of completely different parsing.
Is any body else getting tired of the back and forth data noise of cultural norms?
Hopefully, someday, all of the cryptohype will be as neutral and irrelevant as a dent or scratch in old crumbling cement of abandoned urban ruins.
SpaceLifeForm • August 23, 2021 6:42 PM
@ ALL
There is NO deadline.
Do NOT listen to the disinformation.
The Arrow of Time continues.
SpaceLiifeForm • August 23, 2021 7:37 PM
@ JonKnowsNothing
At this point, I do not believe any MAB will make any difference.
At this point, even if Delta would mutate to a lessor variant, it would not make any difference.
The main problem is not what the virus directly attacks, but that what it makes the immune system do.
Cytokine Storm.
Be like a Bat. You want your immune system to just ignore.
@name.withheld.for.obvious.reasons
We can’t be cherry picking excerpts. Let’s have a look at the whole decision.
https://www.eff.org/files/2021/08/17/2021-08-17_jewel_v._nsa_-_9th_cir._opinion.pdf
I see:
In an earlier appeal, we noted that the Jewel Plaintiffs might ultimately face “procedural, evidentiary and substantive barriers” to proving standing at a later stage of the litigation. Jewel I, 673 F.3d at 911. That prediction has now come to pass.
The court on appeal doesn’t ignore what has been decided in the past. And while one judge wrote the decision, the matter was heard by 3 other judges as well.
I’m not seeing anything out of whack with this decision. Plaintiffs are not entitled to endless redoes.
SpaceLifeForm • August 23, 2021 10:47 PM
FDA: Pfizer fully approved
Hours later…
DOD: You are getting vaxed!
SpaceLifeForm • August 23, 2021 11:04 PM
@ JonKnowsNothing
hxtps://www.cbc.ca/news/canada/toronto/david-fisman-resignation-covid-science-table-ontario-1.6149961
SpaceLifeForm • August 23, 2021 11:33 PM
@ AL, name.withheld.for.obvious.reasons
I suspect, by next week, we will hear from Judge Alsup.
Winter • August 24, 2021 1:11 AM
@echo
“Much like the Alt Right they have have a love of their own intellectual conceits no matter what easily provably nonsensical idiocy they are based on.”
Islamic fundamentalists, Alt-right, and Fascism are all the same ideology. The religious vinneer, Islam, Christian, Hindu, is just a fiction constructed as an excuse for young men murdering people and getting women.
White Supremacists and ISIS are basically the same movement, just using different labels for the same violent horrors.
Weather • August 24, 2021 1:14 AM
@slf all
Fda all open, I’m not getting vaccine ,1% of every country should not get it, and as Nz will likely have many vaccination I won’t.
Glad my parents did, but…
Interesting the supermarket supplies shut down for a week and…, out of 10 months we make it to 8 but it ant pretty, nz has lost the lockdown, this Friday, what we will do next I don’t know, but food supplies were more effected from the first time.
SpaceLifeForm • August 24, 2021 1:30 AM
Sudoku
Is a logic problem, not a math problem.
If you get stuck, sharpen your pencil, and think some more.
The point of the exercise is not the solution.
The point of the exercise is to grok the process. To think.
SpaceLifeForm • August 24, 2021 2:24 AM
Sudoku
Here’s a difficult non-symmetric one.
I generated it over 10 years ago via software.
Here is the initial puzzle
4…3….
…6..8..
……..1
….5..9.
.8….6..
.7.2…..
…1.27..
5.3….4.
9……..
There are 18 initial clues, which is one more than the minimum 17 for a valid single solution Sudoku.
Interestingly, each of the possible 9 symbols appear exactly twice.
Clive Robinson • August 24, 2021 3:07 AM
@ SpaceLifeForm, Winter, ALL,
XML, JSON, HTML are complex.
That’s a polite way to put it, I would have added as a minimum the word “overly” in there…. As you say “join the dots” on why.
The complexity is most definately not required “as standard” but gets put in by certain people, which only encorages other people to “not think” and then play the silly games they do with new features. So give it a little while and you hear that old “Laurel and Hardy” catch phrase of “Well, here’s another nice mess you’ve gotten me into” getting uttered…
So “Dumb ass” behaviour to “play with features” by some programmers I guess in the belief it will make them more employable happens. Saddly this nonsense is sort of driven by the “gig-market” and similar where those employing have no clue what they are doing and just think “buz-words” are the way…
There is the old joke of “To err is human… but to realy F.U. you need a computer” well it’s out of date. It realy should replace “computer” with “Marketing” / “Human Remains” “Dept running the show”.
The thing is this “needless complexity” comes out of the “re-use” nonsense that started last century and has given us “all things to all men” code libraries that even Atlas could not shrug off. But people forget that “re-use” is also a game of “hang the wallpaper”[1] and what gets hidden in libraries of re-usable code would make good horror stories, if they could only make them smaller than all the Harry Potter books…
One part of the problem is as you note,
If there is a parser involved, that has to deal with the complexity, the odds are good that there is an exploitable bug in the parser.
When code re-use comes into play, a parser is going to happen just as “ketchup” etc goes on Fast Food and “salt” on chips/fries.
Then there is the “mustard” which you’ve obviously had more than a mouthfull of in the past to say,
Of course, the separator character wIll not be a comma. It will be a very, very unlikely 2 byte sequence that can never be expected in a database. Bonus points if the application never allows that 2 byte sequence to ever be INSERTed or UPDATEd into a row in any table.
The “separator” issue falls as the C end of “string terminator” issuse does into the more general “in-band signalling” issues. Which also gave us the old favourites of “escape characters” and “string deliminator” issues. When you give backslash special meaning you know it’s going to be abused in all sorts of ways… Then of course you have to be able to “nest” or “Russian Doll” text strings and the like, so you need not just double quotes as string deliminators, but single quotes as well… Which means you drop into a set of issues that make nesting brackets look easy…
But nobody thinks about that at the outset of that “re-use” requirment, so it just gets slapped onto the parser just to ensure it’s “all things…” thus will get “re-use”.
In fact often you will find the “Somebody Elses Parser Problem” pop up… The “to save writing a new paser let’s just use the one we used last time” idea comes up on almost every “re-use” code “as a library” project. Thus all those nifty little extras like “shell escapes” and “in line editors” come along as well as a whole heap of unknown bugs/vulnerabilities.
As the old saying has it,
“Been there, done that, seen the film, read the book, bought the T-Shirt, and eaten the pie”[2]…
[1] Everyone can “hang wallpaper” it’s not difficult… or that’s what many think. The problem is there is skill involved and it’s not as easy as it looks. The first problem many realise when they try is “air bubbles”. You push them down in one place and they just pop up in another and around and round you go, stretching the paper and creating all sorts of other problems rather quickly… The other problem is buying the right number of rolls of paper, usually to little the first time and way to many the second time so you get other problems “hidden away”.
[2] For those too young to know, the “eaten the pie” got added to some T-Shirts due to the “Watership down” craze in the late 1970’s early 1980’s,
https://en.m.wikipedia.org/wiki/Watership_Down
It was a kind of “Br’er Rabbit does the Hobbit” with a bit of Peter Rabbit thrown in (if people want the pie recipe I have one and it also works with chicken 😉
Winter • August 24, 2021 3:22 AM
@Clive
“For data transfer / communications protocols, BOTH ends have to be secure. Otherwise an attacker will get in to first one then the other or other targets down stream.”
What exactly is your advice? Should er refrain from communicating using a computer until this milestone is reached?
That is, back to the 1980’s, when there were only 5.3B people in the world and the income was 1/3 of last year’s (GDP/capita $3,483 – $10,926 1990-2020 [1]).
We can complain all we want about computer in-security, but it is ICT that brought us a tripling of world per capita income in 30 years. See the uptick in growth around 1998 [2]
[1] ht tps://www.macrotrends.net/countries/WLD/world/gdp-per-capita
[2] I know, this is mainly China with over 20% of world total GDP growth.
Sut Vachz • August 24, 2021 3:39 AM
Eh … too much twisting ratiocination here. This sets things much straighter:
name.withheld.for.obvious.reasons • August 24, 2021 4:47 AM
NOTE: Wrote this in a little under 40 minutes, may be less well cooked then normal, digest at your own risk
@AL, and @ALL (if you are interested)
I respectfully disagree, what I quoted was not a small portion of the summary provided by J.S. White, and the portion was in support of a nasty habit of mine–looking deeper. You may have conflated a tertiary nitpick with might have been a more constructive critique. White in the summary, and the three appellate court judges are named in which the case was argued before without comment, takes a position that suggests a bias towards and deference to the court irrespective of the character and nature of the claimants/appellants. If any of the presiding judges had specific or material contributions to the case, it doesn’t show.
I am certainly aware of how U.S. courts operate, and so is White. Having appeared before administrative state courts and working with judges has given me a perspective that allows me to see it from the bench, jury box, and the stand side of things. That does not make me an expert, what does make me is someone with a more than passing familiarity with the subject and procedures.
In the Memorandum, the language of the summary reminds me of other court and grand jury reports that use cliches and tired euphemisms that do little to add to the content and clarity of a finding. It is beneath a court, appellate or otherwise, to use gimmicks and tirades to enumerate the character of the proceedings or in describing litigants before the court. Kind of ruins the whole lady justice and the blind fold thing, ya know. Of course one could argue that the courts in recent years have seen a steep decline in both jurisprudence and judicial efficacy. In the UK for example, the extradition hearing that was before the magistrate Venessa Barrister was a complete abdication of procedural and factual finding and lacking in judicial standards and practices–especially in consideration to the nature of the case. It was if the long lauded and historic courts of England said: “Kangaroos in the court, sure, and Unicorns and Pixies and all manner of fantasy are possible–Law Lords are really Jesters, didn’t ya know.” Now try and out fudge us when it comes to miscarriages of justice
I see what the U.S. and the U.K. courts have metastasized into, concomitant to both country’s government surveillance and privacy laws, with their broad foreign policy (war) machinations, combine to form a seamless web of chicanery, cheating, corruption, criminal collusion, and incredulous conduct–all the way to war crimes.
But enough of my thoughts on the subject, let me allow a few stalwarts to contribute:
“I am a former ambassador, not a natural radical. the old bailey with the blinded statue of justice, it no longer stands for justice of any kind. All the things I was brought up to believe in are plainly exposed as hollow and a sham no longer having meaning.”
Craig Murray, On Contact, 3 Oct 2020
And considering Craig’s comments:
“This rationalization of illegality is endless. When criminality becomes so institutionalized, it is hardly a subject for law review.” — Ralph Nader, 2012 Harvard Law School Forum Talk
But more to the point:
“This country has comprehensively reduced civil liberties in the name of the expanded security state, they form a mosaic of powers under which our country could be considered, at least in part, authoritarian.” — Johnathon Turley
Finally, the core of my argument is bourne out in the language that constitutes the bulk of White’s assertion. I find no merit to the claim that in a hypothetical argument (counterfactual to the claimant) that the plaintiffs were unable to establish that the evidentiary violation, a procedural issue, being invalid as the release of surveillance disclosures only apply when determining if surveillance by the government was in violation of the law. White literally asserts that there is no illegal surveillance thus the claims by the plaintiffs are immaterial and do not bring the plaintiffs to the merits, standing, before the court.
You have to be a pretzel artisan to achieve the number of folds and manifolds it takes to make such a summary seem even plausible–to my mind this is laughable and suggests that the courts are far from just and prudent.
DEFUND THE COURTS
Winter • August 24, 2021 5:14 AM
@Name.withheld
“DEFUND THE COURTS”
Whatever the merit of your accusations and complaints, I think this would be the worst possible approach to a solution.
The solution to “bad justice” is rarely, if ever, “no justice”.
echo • August 24, 2021 8:25 AM
https://inews.co.uk/news/world/lgbt-afghans-hide-taliban-kabul-afghanistan-killed-boyfriend-1164026
The Taliban have been hunting for gay people in Afghanistan after taking over the country
Incels with guns. That’s their level. Big tough boys aren’t they going after unarmed minority communities? Still, that fits in with the agenda of the UK government doesn’t it? Where’s Murdoch’s puppet Matthew Parris on this?
https://www.thetimes.co.uk/article/sad-truth-is-our-afghan-fallen-died-in-vain-ggwjzft90
Sad truth is our Afghan fallen died in vain
Bewailing a chaotic withdrawal avoids the uncomfortable conclusion that this was a failing mission from the outset
I watched a Youtube yesterday (can’t find the link) where a professor of politics and security basically explained that the US agreement in January was where everything went wrong. The agreement was playing for a draw while the Taliban were playing for a win hence the collapse of morale. They also said the intelligence was ignored by the politicians and this was something which agitated the intelligence community.
https://www.youtube.com/watch?v=L6S66UNqrGI
I was wrong’ to boost U.S. troops to build Afghan army: Fmr. Joint Chiefs chair | ABC News
You need emotional buy-in. It’s simply not enough to build institutions but someone who has spent their entire life and career within an institution where everyone salutes them isn’t going to get this. But then US high command had a legally very dodgy opinion driven by political convenience resulting in them not flying the Pride flag during Pride month so I doubt any of the situation unfolding in Afghanistan is going to concern them much.
Alex Lloyd speaks with Mark ‘Billy’ Billingham, veteran of the British SAS.
Life on the Line tracks down Australian military veterans and records their stories. In this special bonus podcast, we feature a veteran of the British SAS who is currently in Australia, here for the filming of ‘SAS Australia’ Season 2 as well as his live tour of talks. Mark ‘Billy’ Billingham served for nearly two decades in the British Army’s Special Air Service – the SAS, serving in countless war zones, winning the Queen’s Commendation for Bravery and being awarded the MBE by HM the Queen. Upon leaving the SAS, he became a bodyguard to Hollywood stars such as Angelina Jolie, Brad Pitt, Sir Michael Caine, Tom Cruise and Russell Crowe. He is now a DS and advisor on the hit TV shows SAS: Who Dares Wins in the UK and SAS Australia.
Comments (48:50-49:43) on natural disaster assistance and capturing war criminals are interesting.
echo • August 24, 2021 8:29 AM
Forgot the link. Life On The Line video: https://www.youtube.com/watch?v=6bN26oppvPM
Comments (48:50-49:43) on natural disaster assistance and capturing war criminals are interesting.
Freezing_in_Brazil • August 24, 2021 10:43 AM
@ echo
The incel thing, You keep using that word. You’re getting too emotional. Stick with reality. Why do you draw such parallel [I’m really curious – oh, I get but you won’t reply to an abominable white man -as you didn’t do above – will you]?
This used to be a rational forum [you need to be rational to deal with security]. The identity/gender politics is really ruining the experience here.
Winter • August 24, 2021 11:16 AM
@Freezing
“The identity/gender politics is really ruining the experience here.”
Not me. I do not believe that people have only one, or even a few, identities.
echo • August 24, 2021 12:08 PM
https://www.reuters.com/investigates/special-report/afghanistan-conflict-reuters-siddiqui/
Reuters photographer was killed after being left behind in retreat, Afghan general says.
Danish Siddiqui was with soldiers on the front line of an Afghan Special Forces clash with the Taliban. New reporting, and his last photographs, cast light on his final hours, on the collapse of the Afghan military, and on the risks faced by journalists who cover conflict.
This is a long read. Also contains some insights into Reuters security arrangments and an optography like experience when examing his last photographs and the use of satellite to identity the area where he was murdered in cold blood by the Taliban.
I have a soft spot for Reuters. They are one of the more respectable and socially responsible news organisations.
Winter • August 24, 2021 12:49 PM
@echo
“where he was murdered in cold blood by the Taliban.”
The real problem is that the Taliban have the support of a considerable fraction of the Pashtun and other Sunni groups.
Clive Robinson • August 24, 2021 4:22 PM
@ Winter,
What exactly is your advice? Should er refrain from communicating using a computer until this milestone is reached?
We have been securely transfering information for thousands of years, why should I care if you use “a computer” to do it or not?
Think about the “process” of “the method” of what you are trying to do not “the mechanics”.
As far as I’m aware just about everyone who reads this blog will have heard of the ISO OSI Seven Layer model or the US DoD / DAPRA four layer equivalent. Or for that “The Unix Philosophy” or Unix “Streams Model”.
They all answer your question quite admirably. Which is to split things into clearly defined layers or tasks within a layer. With each task / layer being designed to do just one function and do that function “in a well formed and bounded maner”.
The modern “idiots way” as formulated by certain large Corps etc is to put everything including “the kitchen sink and toilet brush” in one monolithic megalith of “do everything through one interface” that is not just opaque at best, it is entirely untestable, thus full of bugs/vulnerabilities.
Does that answer your question or do you need more?
SpaceLifeForm • August 24, 2021 5:35 PM
Galactic Dots
hxtps://www.vice.com/amp/en/article/jg84yy/data-brokers-netflow-data-team-cymru
hxtps://amp.fresnobee.com/news/politics-government/article253681318.html
lurker • August 25, 2021 1:03 AM
@n.w.f.o.r.
What we have, worldwide, is a […] cabal,
In many parts of the world said cabal has been installed through a so-called democratic process. Once more the moral high ground is held by a minority.
name.withheld.for.obvious.reasons • August 25, 2021 2:14 AM
@MarkH
I believe the pre tag <pre> does a fixed font…but don’t count on embedded tags at that point.
name.withheld.for.obvious.reasons • August 25, 2021 2:27 AM
@MarkH
Oh yeah, forgot to add the following tag to solve that problem, partially. Ask SpaceLifeForm directly, we’d be experimenting after Bruce moved to WordPress:
<code>
That might work for some things, not many though.
SpaceLifeForm • August 25, 2021 3:35 AM
@ MarkH, name.withheld.for.obvious.reasons
Pre is broken. Do not use it.
If you use the triple backtick markdown, that turns into code tag, which seems to survive the Preview then Submit route.
P.S. I have absolutely no idea as to a specific comment you both are referring to. I do not see in my view.
Winter • August 25, 2021 3:56 AM
@Clive
“They all answer your question quite admirably. Which is to split things into clearly defined layers or tasks within a layer.”
And where do CSV and XML break this model?
The fact that MS can even make plain text a security problem is not the fault of plain text, but of MS. We know that Computer+MS == Insecure in every way possible. That is not the fault of the computer.
SpaceLifeForm • August 25, 2021 3:57 AM
@ Clive
Any thoughts as to why a piece of Linux malware would fake a segfault?
The condition is that the malware is already running as detected via a file lock.
And using github?
hxtps://cybersecurity.att.com/blogs/labs-research/prism-attacks-fly-under-the-radar
MarkH • August 25, 2021 4:21 AM
@name.withheld.for.obvious.reasons, SpaceLifeForm:
The code tag seems not to be recognized at all, which is fair enough because it’s not on the new site’s list of permitted tags.
@SLF:
You didn’t see the problem post because it’s on another thread. n.w.f.o.r chose to respond to my plea for help here.
I’ll post on the other thread, how I found apparent success.
ResearcherZero • August 25, 2021 5:54 AM
Seeing as though I can’t say much about this other case involving Russian activities for now. An overview of United Front Work Department (UFWD).
“united front work targeting Australian politicians and Australia’s overseas Chinese communities, cases subsequently alluded to by the Australian Security Intelligence Organisation in a major report”
hxxps://www.smh.com.au/national/wikileaked-billionaire-australian-donors-beijing-links-detailed-in-sensitive-diplomatic-cable-20170714-gxb21c.html
This complex set of institutions and organisations act as key elements of surveillance and political influence, but also as means of consultation with and representation of those outside the Party.
hxxps://www.lowyinstitute.org/the-interpreter/long-reach-Chinas-united-front-work
Its broad aims are to win support for China’s political agenda, accumulate influence overseas and gather key information.
hxxps://www.ft.com/content/fb2b3934-b004-11e7-beba-5521c713abf4
“China is trying to access German politics, economics, and security, and a lot of people don’t realize it,”
hxxps://web.archive.org/web/20190717011931/https://www.theatlantic.com/international/archive/2019/07/chinas-influence-efforts-germany-students/593689/
“Despite diverse indications of Chinese involvement” in a high-profile case last year, the agency wrote, those involved “could only be charged under … unfair competition laws.”
hxxps://web.archive.org/web/20190717011931/https://www.verfassungsschutz.de/de/oeffentlichkeitsarbeit/publikationen/verfassungsschutzberichte
One former CIA analyst put it bluntly: Beijing’s agents in this country aim “to turn Americans against their own government’s interests and their society’s interests.”
hxxps://www.thedailybeast.com/how-china-built-an-army-of-influence-agents-in-the-us
“They put an enormous amount of effort into making sure we don’t talk about what it’s doing.”
hxxps://armedservices.house.gov/hearings/state-and-non-state-actor-influence-operations-recommendations-us-national-security
name.withheld.for.obvious.reasons • August 25, 2021 6:18 AM
@Winter
Good, it seems you are aware of what is pissing people off…
No, not projecting, if you would be so kind. Yes, globally death and methods of death are different or in some cases non-existent. In the aboriginal jungles of the Amazon, within the previous decade, very few indigenous tribal members met their death at the hands of another or a governing body. Japan, probably the exemplar of social order respecting homicide and physical violence, has a terrible problem with suicide where gun ownership is practical zero. Canada, a country with a fairly sizable population of gun owners, their incidental and deliberate rates of gun violence are a fraction of the U.S., and Australia having banned guns recently, has seen a dramatic increase in gun-based violence and homicides.
Arguably, the U.S. problem will become the worlds problem. This isn’t to say they are not those that have what I call the Encino Complex. The Encino complex is observed in the first world when someone’s cell phone gets butt dialed and they blame their carrier and then proceed to file a compliant that ends up in a court room somewhere. The Encino complex comes from an entitled first world privilege that consumes inordinate resources and uses expensive systems to remediate and can be considered the culmination of stupidity run amok. Where, for example in Haiti, people are struggle to secure housing that will prevent them from further demise. BUT.
The U.S. has outsized influence both culturally and politically, and it is only a matter of time and the aforementioned Encino complex not only affects others that surely don’t need to incumber more entropy, but that those outside the U.S. will become susceptible to the same malady. Not to draw a direct link, but analogous to and demonstrative of the Encino complex, Afghanistan.
I am of the opinion that your interest in dialog is less than your interest in discovery. Things we know are
ResearcherZero • August 25, 2021 6:18 AM
If you are ever fishing for squid I recommend:
Æsahættr: (literally “God-destroyer”) The formal name of the subtle knife; deemed the “last knife of all”
name.withheld.for.obvious.reasons • August 25, 2021 6:26 AM
@Clive
Sorry my good man, have been with you on or about the same page as you with respect to machinations surrounding governance and (my own word) no-goodary.
Your latest comment can literally be summed up with the quotes included in the post about judicial shenanigans. Between the two of us, I think we speak to the same tragedies in twin perspectives from alternative source points. It is but a handful of us carrying the water to depth necessary to see beyond our collectively polluted horizons. In other words, not banging on you Clive. Have always respected your ability to speak clearly, better than me, on such subjects. Sometimes I get lost in the expression, but I never lose sight of my goals and objectives and have not traded my sensibilities for a stupid hat.
Winter • August 25, 2021 6:30 AM
@n.w.f.o.r
“The Encino complex is observed in the first world when someone’s cell phone gets butt dialed and they blame their carrier and then proceed to file a compliant that ends up in a court room somewhere. ”
This “see you in court” mentality too is a USA specific problem. In all other countries, the loser pays the costs of the winner in civil cases (within limits). Also, in many countries, consumer rights are broad and written into law. Which means many civil cases are open and shut cases.
Therefore, that is NOT a situation I have seen around me. I literally have never ever been in court nor participated in a court case.
name.withheld.for.obvious.reasons • August 25, 2021 6:41 AM
@Winter
To reiterate, as I am seemingly unclear…I stated:
The Encino complex comes from an entitled first world privilege that consumes inordinate resources and uses expensive systems to remediate and can be considered the culmination of stupidity run amok.
Clive Robinson • August 25, 2021 8:19 AM
@ SpaceLifeForm,
Any thoughts as to why a piece of Linux malware would fake a segfault?
Well as it’s a very noisy process and not at all covert and can leave “droppings” all over the place (core files, log entries), you would think it unlikely (especially if the grsecurity patch is installed then it is rather more than noisy 😉
However “using signals” is one way to do a mininal form of interprocess communications from child to parent without specifically having to set an IPC system up, as it comes as a built-in part of a process setup (see “wait”).
Segfaulting is also another way to do a panic as a programmer… As you probably know there are a lot of things you can do or not do with signals including ignoring many of them. But kill and Seg-fault are the two that should “always work” from where ever you use them regardless of what else you might have been doing they should do the equivalent of a full “exit” tidying up everything such as closing file handles and files and returning resources to the kernel.
Freezing_in_Brazil • August 25, 2021 8:47 AM
@ Winter
Not me. I do not believe that people have only one, or even a few, identities.
It doesn’t even matter here, IMO. Lets talk about the hard stuff. Mathematics and physics subordinate other sciences in this field. The rest is diversion.
Regards.
Winter • August 25, 2021 8:55 AM
@Freezing
“Mathematics and physics”
Technological (and physics) problems are the easy ones to solve. Social problems are the difficult ones.
Sut Vachz • August 25, 2021 9:13 AM
The book [1] presents Kronecker’s divisor theory, which starts from the observation that in number theory, rather than primes it may be more enlightening to look at greatest common divisors, since primes depend on what number field they are taken in, whereas gcd can be formulated in a way that does not.
A humble example – 7 is prime in the integers (rational number field), but if one adjoins sqrt(2), 7 is no longer prime, since 7 = (3-sqrt(2))*(3+sqrt(2)).
Perhaps all the questions about primes are so hard because they are not really posed scientifically, in that the restriction to the integers is ad hoc, and so we are not looking at the whole picture.
Does this have bearing on cryptography ?
[1] Edwards, Harold M., Divisor Theory, Birkhäuser, Boston, 1990
echo • August 25, 2021 9:57 AM
In Kabul, Private Rescue Efforts Grow Desperate as Time to Evacuate Afghans Runs Out.
Defense contractor Erik Prince charges $6,500 a person, other groups’ planes leave Kabul empty.
I have already made my thoughts known on the global politics, military response, and general attiude. As for this I cannot say I am impressed by a pillar of toxic masculinity with an ethics bypass showing off his boys toys. The WSJ is a Murdoch rag so I’m not interpreting their “neutral” journalism in the best light either.
Winter • August 25, 2021 10:18 AM
@echo
“As for this I cannot say I am impressed by a pillar of toxic masculinity with an ethics bypass showing off his boys toys. ”
As despicable type of people these might be (but they are risking their life), anyone they fly out is one less to be carried by the other nation’s efforts.
The other nations all have send in military forces to transport those on their lists to the plains. What is galling here is that most nations waited until Kabul fell to start the evacuation of their Afghan personel.
ResearcherZero • August 25, 2021 11:02 AM
@echo
In the future you won’t have to see displays of toxic masculinity in news reports by special forces units, it will all be edited out.
“This moment in history has been all but erased from public discourse on mainland China but in Hong Kong, with its special status in the Chinese-speaking world, people turn out every year to remember the bloody crackdown.
This time round the crowd was particularly huge, with estimates ranging up to 180,000.
Naturally I took photos of the sea of people holding candles and singing, and posted some of these on my WeChat “moments”.
Chinese friends started asking on WeChat what the event was? Why were people gathering? Where was it?
That such questions were coming from young professionals here shows the extent to which knowledge of Tiananmen 1989 has been made to disappear in China.
I answered a few of them, rather cryptically, then suddenly I was locked out of WeChat.
“Your login has been declined due to account exceptions. Try to log in again and proceed as instructed,” came the message on the screen.
Then, when I tried to log back in, a new message appeared: “This WeChat account has been suspected of spreading malicious rumours and has been temporarily blocked…”
hxxps://www.bbc.com/news/blogs-china-blog-48552907
–
How this system works
“If a message is censored there is no notification given to the user sending or receiving the message. The screenshot below shows a conversation between two China-registered accounts. One user tries to send the keyword “法轮功” (falun gong) and is censored. No notification is given to either user that the message was blocked.”
hxxps://citizenlab.ca/2020/05/we-chat-they-watch/
Winter • August 25, 2021 12:13 PM
@ResearcherZero
“No notification is given to either user that the message was blocked.”
That is a cat and mouse play (arms race). The Chinese always come up with “sound like” characters to circumvent the censors.
ht tps://medium.com/berkman-klein-center/the-chinese-language-as-a-weapon-how-chinas-netizens-fight-censorship-8389516ed1a6
echo • August 25, 2021 2:15 PM
I bought another “new to me” phone. Of course it’s a security nightmare from one end to the other but we are where we are.
I also bought and tested some screen protectors. I was a bit suspicious of them living up to their claims as they didn’t feel like glass so attacked one first with a tap of running water then with a lighter and a hammer. I’m pleased to say the oleophobic coating worked as promised and after burning this off and singeing the backing plastic and silicone adhesive layer pleased to report the screen protector was indeed made of glass.
I also wanted spare batteries. The market is riddled with fakes and recycled batteries. Some people get lucky but by and large things don’t go too well. Because of this I decided to pay through the nose for a new clone battery by an established German manufacturer.
The super-duper protection case I wanted sold out so I had to settle for the middle of the road version which isn’t too bad. It comes with an additional built in screen protector and a rubberised interior and hard shell in a suitably lurid colour so it’s easy to see. I also bought one from another manufacturer at a lighter level protection in a none lurid colour for more occasional use when vanity is a factor. So I think I have everything covered from fast roping off the top of buildings to hiking through snow to insinuating myself among dinner guests.
I also sourced a memory card direct from a memory card manufacturer licencee.
I’m lucky enough I can install an alternative open source Android. I’m not in a hurry to do this. Security wise it has some pluses but not enough to have me frothing about it.
name.withheld.for.obvious.reasons • August 25, 2021 3:04 PM
@Sut Vachz
If I understand the numeric derivation of roots numerically, where divisor and quotient are not real, natural numbers, the method of least prime equilvalence, stated as equality, can be achieved quickly in analyzing numeric kernels. For some cryptographic efforts, where keyspace and key mat are targets of analysis, this could be used to aid in co-linear de-convolving of unknown source material, I think. My notes aren’t handy today so it has been two WAGS from the old noggin–at a diminished capacity no less.
echo • August 25, 2021 3:37 PM
<
blockquote>Kenyan judges stop president’s reforms as attempt to ‘dismember’ the constitution.
<
blockquote>
Now this is very interesting for lots of reasons. It appears the judges understand limits of authority, and system integrity, and mission/feature creep.
echo • August 25, 2021 4:11 PM
The next day, I met one of the Taliban’s leading military commanders for Kabul, who received me in the middle of the city in an unremarkable office building. When asked how far the Taliban had to walk to get to the lakeshore, he responded: “Not far at all.” He seemed perfectly calm, a clean-shaven emissary of fear. “They’re already there, after all. They are the security guards at the restaurants, the ride operators, the cleaning staff. When the time is right, the place will be full of Taliban.”
[…]
Numerous witnesses in various neighborhoods of the capital following the fall of Kabul had similar stories to tell. “It started in April,” says a longtime acquaintance from the western part of the city. “More and more outsiders were suddenly in the neighborhood. Some had beards, others didn’t. Some were well dressed, others wore rags. Completely different. That made them difficult to notice. But all of the locals realized: They aren’t from here.” They had silently infiltrated Kabul. The outsiders also appeared in the northern and eastern parts of the city, telling those who asked that they had come to Kabul for a new job or for business reasons.
Then, last Sunday morning, “they came out of the buildings holding white Taliban flags, some of them armed with pistols,” says a resident of an eastern district of the city. It was the ultimate victory over America’s high-tech military, whose air surveillance proved powerless against this army of pedestrians and motorcyclists that would overrun Kabul from within and from outside in the ensuing hours. Later that day, they would drive through the city streets in captured police cars – from the air, an image of perfect confusion.
This is pretty much Taliban tactics all over. No uniform. Hide in the hills or within communities. These tatics themselves are not new. Lie when agreements are made, and ruthlessly abuse and murder none combatants.
It’s also pretty much the same tactics used by the far right within Western organisations and communities, and Russian sponsored neo-Nazis, as well as the odd Chinese spy.
Like I keep saying – we know who they are.
This strategy also works both ways so really it boils down to whether politicians want to support United Nations Security Council Resolution 1401 or not. If they do then a lot of Taliban perhaps most or all may not wake up one morning in three months time. I guess we will find out.
echo • August 25, 2021 4:41 PM
https://www.reuters.com/world/us/two-us-lawmakers-travel-kabul-amid-evacuation-efforts-2021-08-25/
Moulton and Meijer said they left Kabul on a plane with empty seats and they sat in crew-only seats “to ensure that nobody who needed a seat would lose one because of our presence.”
This is a fortitude not seen in many politicians and not very often.
As for the other flight we have seen pictures of where the back of the cargo area was packed without an inch to spare I respect the pilot both for their professional skills in navigating the flight without incidet and not fleeing before the very last person who could be squeezed onboard was onboard.
Afghans who want to flee to Britain may be better off “trying to get to the border” than awaiting RAF evacuation, the defence secretary has said as British troops made last-ditch attempts to airlift at least 1,500 remaining interpreters and others who have supported the UK.
British nationals of Afghan origin are being overlooked in the evacuation from Kabul, lawyers and campaigners have claimed, as Dominic Raab said nearly all single-nationality UK citizens had been airlifted from the Taliban-controlled country.
I do not hold the current UK government in high regard and that’s somewhat of an understatement.
Fuming is putting it mildly.
SpaceLifeForm • August 25, 2021 6:14 PM
@ Sut Vachz
Imaginary Triangles.
Consider a Primative Pythagorean Triangle with legs of i, 1, and hypotenuse of zero.
eho • August 25, 2021 8:04 PM
Officials in London insisted that the timing of the last UK evacuation flight has not yet been decided, but defence secretary Ben Wallace made clear in a conference call with MPs on Wednesday evening that time was running very short. Under an agreement with Washington, Britain is required to end its presence on the ground at the airport ahead of the final pull-out of US troops and military equipment, which the Pentagon said would occupy the final couple of days before the departure deadline set by president Joe Biden.
Lapdog Britain. Not impressed. Is there anything else the servile flip-floppers in Downing Street want to add to the post Brexit humiliation? And do we have this agreement in writing or is it another Downing Street lie? And exactly who agreed to what and why? And exactly how is the UK “required” to kowtow to the US? What are they going to do? Shoot us?
Sut Vachz • August 25, 2021 9:52 PM
@SpaceLifeForm
(a+bi)*(a-bi) = a2+b2 != 0
QED.
Donc, Dieu existe. Répondez.
SpaceLifeForm • August 25, 2021 10:08 PM
@ Clive
But why fake the SIGSEGV?
The malware in question specifically does a printf of
“Segmentation fault (core dumped)”
and then calls exit(0);
There will not be any core dump.
Here is the problem: That error message normally would be reported by bash in the actual case of a child process actually hitting a real SIGSEGV.
But bash is not the code generating the message.
An interesting debug angle if someone was to encounter something like this, would be to redirect STDOUT to a file (but not STDERR). It would be immediately obvious something is fishy, because this malware is doing a printf to STDOUT, but bash would report a true SIGSEGV error to STDERR.
SpaceLifeForm • August 25, 2021 11:41 PM
Does your Evil Maid have a rooted Android phone with a kernel that has Configfs enabled?
hxtps://github.com/tothi/usbgadget-tool
Winter • August 26, 2021 12:23 AM
@Sut Vachz
“Donc, Dieu existe. Répondez.”
Not really the correct formula. That was:
e^(π·i) = -1
([sup] does not seem to work)
Sut Vachz • August 26, 2021 2:09 AM
@SpaceLifeForm
Touché ! 😉
But actually it wasn’t that formula either. Still, in another way you are negative half-correct.
Winter • August 26, 2021 2:56 AM
@Sut Vachz
“But actually it wasn’t that formula either. ”
You are right, I should have looked it up (e^(π·i) + 1 = 0). That reference also showed that the historical original is even weirder:
(a+b^n)/n=x
This is actually pure non-sense and does not signify anything (so, you were more right than I). I like the one with π and i much better, though.
ht tps://tylerjourneauxgraham.wordpress.com/2016/04/16/math-therefore-god/
MarkH • August 26, 2021 3:18 AM
@SpaceLifeForm, Clive:
Looking at the “biography” of the malware family linked above, I was particularly interested by the contrast (as it seems to me) between some fairly sophisticated techniques it uses, vs. other facets which are clumsy and poorly thought out.
Perhaps that reflects development processes in which software components are purchased, or freely shared among a black-hat community.
It makes sense to me that the malware tests whether an instance is already running. But I share SLF’s puzzlement … why pretend that a seg fault occurred? And why make this pretense in such an unconvincing manner?
GregW • August 26, 2021 3:58 AM
@echo I just read UN 1401. I’m not sure why one would expect politicians or even citizens to particularly care about a UN resolution from 20 years ago that specifies expectations for an “interim” Afghani government. That’s resolution was always kicking the can down the road.
Clive Robinson • August 26, 2021 5:14 AM
@ SpaceLifeForm, MarkH,
There will not be any core dump.
No, nt these days with code mainly via commercial “object/binary” rather than local conpiled “source”.
It’s an old message rather than an odd message. You kind of expected it in the 1980’s and early 1990’s but went out the window, with “commercial code” etc and working “Package Managers”. So four decades later you see a message that would raise eyebrows…
It would be interesting to see just how old some of the code is as the error message goes back to the rime of the Morris Worm…
echo • August 26, 2021 6:07 AM
https://twitter.com/OliverDowden/status/1430777797774090246
Secretary of State for @DCMS. Member of Parliament for Hertsmere.
Now that we’ve left the EU we can seize the opportunity to develop a world-leading data regime that will deliver for people across the UK.
Forging new global data partnerships and designing our own common sense data laws are all part of our plan.
UK unveils post-Brexit global data plans to boost growth, increase trade and improve healthcare
The UK is today launching a package of measures to help it seize the opportunities of data to boost growth, trade and improve its public services
The comments in this thread are a sight to behold. While a self-selecting group people very definately are aware of security issues.
Estimates suggest there is as much as £11 billion worth of trade that goes unrealised around the world due to barriers associated with data transfers*.
The man is an idiot.
Winter • August 26, 2021 6:32 AM
@echo
“Estimates suggest there is as much as £11 billion worth of trade that goes unrealised around the world due to barriers associated with data transfers*.”
Selling your own people has been a time honored practice in commerce. Many state did this over history. Famous are the Hessian soldiers used by the British during the American war of independence. But is was also good practice for Russian land gentry to sell their serfs to the army.
Sut Vachz • August 26, 2021 8:10 AM
@Winter
Apologies, confusedly thought I was replying to SpaceLifeForm in responding to your comment.
Sut Vachz • August 26, 2021 8:46 AM
But is it Turing-complete ?
https://www.nextplatform.com/2021/08/25/the-huge-payoff-of-extreme-co-design-in-molecular-dynamics/
Tony Stark lives !
MarkH • August 26, 2021 10:23 AM
@Clive:
Re old software, a friend and colleague used to say that every software package contains code copied-and-pasted from the first programs of Ada, Countess of Lovelace.
echo • August 26, 2021 10:24 AM
I’ve just watched a video of the bombing of Kabul airport. The scene looks like someone stuffed a grenade inside a barrel of raw meat and it went bang. There are lumps of meat (i.e. dead people) littering the ground like a thick carpet. I will not be linking to the video.
Still, it makes a change to the report I’ve just been reading about far right activity and political collusion for votes, and another report containing allegations of far right inside jobs within UK government.
SpaceLifeForm • August 26, 2021 2:31 PM
@ Sut Vachz
My point about Imaginary Triangles is that Kronecker view may just be a subset of the overall complexity.
Start with my root Imaginary Triangle (i^2 + 1^2 = 0^2), and then apply Price or Bergren logic.
In the same manner that one would apply either Price or Bergren tree logic to the root triangle of (3,4,5).
BTW, your example fails if both A and B are zero.
SpaceLifeForm • August 26, 2021 2:48 PM
@ Winter
Yep, exactly correct. I do not understand why they keep beating this dead horse.
The horses in Oklahoma are pissed off as there is no Ivermectin available now.
SpaceLifeForm • August 26, 2021 4:31 PM
@ MarkH
The application I described had DEADLOCK detection and prevention.
But, there was no way to prevent LIVELOCK when dealing with multiple processors. Well, it may be possible, with random backoff, but actually detecting a LIVELOCK situation is not trivial, likely impossible when dealing with multiple processors that do not share memory.
But what you may have encountered in your multicore example, using or not using threads, may have been LIVELOCK.
LIVELOCK is way worse than DEADLOCK.
hxtps://www.guru99.com/what-is-livelock-example.html
SpaceLifeForm • August 26, 2021 4:56 PM
@ MarkH
Insanity.
hxtps://patents.google.com/patent/US7818544
SpaceLifeForm • August 26, 2021 5:59 PM
@ MarkH
Disable SMT, and rerun.
I suspect it will run quite well.
Silicon Turtles
Weather • August 26, 2021 6:04 PM
@markh slf
Openmp has a instruction to wait for multiple cores to sink before writing or reading to the same bars.
I found using sections with duplicate vars there was minimal or no DUP or out of order.
unusual suspect • August 26, 2021 7:07 PM
@raranorar @JonKnowsNothing re: RSS and off-line storage
RSS is fairly easy to make anonymous, automatable and al”lows a user to in theory create an offline db of articles to read at will. Without trackers, metadata or ads.”
While crude, browser print to PDF can accomplish this. Cross-ducument indexing is a challenge, but can be done.
--- • August 26, 2021 8:17 PM
USA hit really bad?
h t t p s://newsnodes.com/us
New cases (on Aug 26): +187,090
New deaths (on Aug 26): +2,195
Weather • August 27, 2021 12:22 AM
@nz
If you live in new Zealand and received a txt from the ministry of health to go to a URL for a booking that doesn’t have a sub domain ‘govt.nz’ instead just ‘.nz’ its a scam, your gp should be ringing you.
SpaceLifeForm • August 27, 2021 12:32 AM
@ Weather, MarkH
OpenMP is creating a bottleneck by design, but will not help in this case…
likely impossible when dealing with multiple processors that do not share memory.
Sharing memory is useful, but not always available.
lurker • August 27, 2021 1:26 AM
@weather: different countries, different formats, vaccine passport is so easy to forge, might be worth avoiding it…
Winter • August 27, 2021 1:36 AM
@lurker
“vaccine passport is so easy to forge, might be worth avoiding it…”
Forging a passport does not protect you nor those near to you against disease. About 1 in 3 humans world wide has received a dose. They did not die nor ended up in hospital.
Weather • August 27, 2021 1:37 AM
@lurker
Its the negative I’m worried about, a driver’s license etc not a problem but when you need the vpassport to do something. Here in lockdown you have to wear a mask into shops, that’s OK but if you need a injection that makes you a little bit less condajust, what’s the difference, apart from the obvious less effects if you catch it.
SpaceLifeForm • August 27, 2021 2:03 AM
It’s not April 1, right?
Someone, help me out here. What day is it?
hxtps://www.msn.com/en-us/news/technology/microsoft-wins-blockchain-patent-for-implementing-cross-chain-token-service/ar-AANM5GB
SpaceLifeForm • August 27, 2021 2:25 AM
I agree with this.
hzzps://twitter.com/MingGao26/status/1430939253199015941
what i would reccommend is to bookmark this point in time and do some horizon scanning and note 360 scanning is best. take some time to understand.
[if you want to learn something about cryptic comment and thinking outside the box, then pay attention to this human. Not a dummy]
[Solar, and Batteries is where it is at]
SpaceLifeForm • August 27, 2021 3:49 AM
Silicon Turtles
This is crazy deep problem.
hxtps://twitter.com/sickcodes/status/1431029145463447556
- Linux PC/Server
- MacOS in a Docker
- Plug iPhone into Linux
- Get usbfluxd on both the host & guest
Bam, the iPhone is in the container!
Could be other side of the Earth.
Winter • August 27, 2021 4:19 AM
@SLF
“Bam, the iPhone is in the container! Could be other side of the Earth.”
But if the phone contacts the mobile network, it still knows where it is, let alone when using GPS.
What am I missing?
Sut Vachz • August 27, 2021 7:43 AM
@SpaceLifeForm
I really like the suggestion of imaginary triangles, reminiscent of Eddington’s speculation whether the space-time metric could change its signature, but I can’t make sense of it.
I have never heard of Price/Bergren logic, unless Price logic refers to things like “2 for 50 cents, 3 for a dollar, take two orders and save twice as much” 😉
Also, since they arose in a discussion, A and B both 0 is excluded as in that case there would be “nothing” to talk about.
But the real question is why Lou Reed never did a cover of Whiter Shade of Pale.
echo • August 27, 2021 10:52 AM
SpaceLifeForm
Do you think Taliban has now bought a vowel, and is learning that governance is not simple?
I do not like their pick to run central bank. No experience.
Of course, that could be a feature, and not a bug.
“Tory Taliban” is already a thing. It’s been obscured somewhat by the ERG coup and Brexit and the pandemic but it is pretty much what you think it is minus the guns. Ghastly people.
Higher up than the wannabe useful idiot level at the mentally broken public school sociopathic establishment level the British way of doing things is more through the “appearance of legal” and “economic murder” so a touch more polished than elsewhere. The ethos being if you’re going to get rid of someone you might as well do it politely because that’s the sort of thing a chap does, wot?
I jest somewhat but it’s interesting considering ethos and the lines people draw. Comparing the WWII SAS to the Taliban the strategies have their similarities but diverge wildly in lots of other ways. According to Ben Macintyre, author of “Rogue Heroes: The History of the SAS, Britain’s Secret Special Forces Unit That Sabotaged the Nazis and Changed the Nature of War” the SAS were the first into Belson. There was a moment when, in the opinion of the senior officer, it would have been understandable if the men had lynched them on the spot. But the order went out not to harm them because they should face a trial and that is exactly what happened. While nutters and the far right are attracted to the military the dogma of the military is they do not hire thugs or nutters. A whiff of funny business and you’re out pretty sharpish.
The Tory party has been hijacked by the wing of criminals and nutters and the mentally enfeebled i.e. “Tory Taliban”.
lurker • August 27, 2021 1:12 PM
@Winter, weather
I was suggesting avoiding the passport, not the vaccine. Ask anyone issuing or demanding a vppt how they tell fake from real, and you’ll likely get the glass owl stare. But surely the ease of faking must devalue the market?
and someting looks dodgy about the domain registration for bookmyvaccine.nz, I’m still digging…
Sut Vachz • August 27, 2021 2:18 PM
Now hear this
https: //www.independent.co.uk/news/world/americas/navy-microphone-disorient-human-voice-b1908166.html
SpaceLifeForm • August 27, 2021 4:41 PM
@ Winter
What am I missing?
GPS has nothing to do with this.
You have the dots. You have to think about this. It’s best for security reasons to not expound further.
Ask yourself if you really trust USB.
name.withheld.for.obvious.reasons • August 30, 2021 5:00 PM
@echo
The U.S. has a version of the Taliban, finally. I mean finally, it is the recognition of a contingent of U.S. persons actively seeking to overthrow the governance of the country in favor of a Neo-kleptocratic-theonomic-fasism. (Said Simply, Not)
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
JonKnowsNothing • August 20, 2021 4:35 PM
@All
Seems that RSS feeds and readers are being shut down by some vendors that previously included them in their apps/devices.
RSS is not anonymous, there are server type tools that allow gathering of RSS connections and feed lists. The user side has the subscription lists too.
There must be something about RSS that’s bugging someone. Why?