Friday Squid Blogging: Tentacle Doorknob
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Intind77 • August 27, 2021 4:44 PM
Cosmos DB Azure Management exploit possibly lurking for years undiscovered that grants read/write access to every database in the service.
SpaceLifeForm • August 28, 2021 1:48 AM
The bug is fixed, but all of the users need to roll new keys.
I wonder how many will never get the memo.
Weather • August 28, 2021 1:55 AM
Blind tester of Hash’s, using sha256.
The program take the ASCII 8 bit range and breaks it up into 32 decimal blocks and outputs 12 numbers of the differential spread the hash output has from 32 decimal chars from 256 possible decimal numbers.
The second stage tries every possible 32 byte combination which is feed to sha2, with the output then compared to the first.
If a match the 32byte 4 chars a increment by one in a 256 array.
The third stage compares array[I] to array[I+1] using that to detect signals.
16 char input
SpaceLifeForm • August 28, 2021 2:39 AM
Stick to chip card transactions
The entire idea behind the attack is that the POS emulator asks the card to make a payment, modifies transaction details, and then sends the modified data via WiFi to the second smartphone that makes a large payment without needing to provide a PIN (as the attacker has modified the transaction data to say that the PIN is not needed).
“Our app does not require root privileges or any fancy hacks to Android and we have successfully used it on Pixel and Huawei devices,” researchers said.
“The cardholder verification method used in a transaction, if any, is neither authenticated nor cryptographically protected against modification,” researchers said.
Sut Vachz • August 28, 2021 4:31 AM
Does the EFF maintain an effort to review patent fillings in computing and communications to evaluate their potential readiness to be used contra the user, such as for surveillance and control, witness the recently revealed technology of Apple, and in the past technology to remotely brick or control devices being used in a manner that goes against some criterion of appropriateness ?
Clive Robinson • August 28, 2021 4:46 AM
@ SpaceLifeForm, ALL,
Stick to chip card transactions
They are not safe either, read the bit that says,
“… the researchers said the attack is possible because of what they describe as design flaws in the EMV standard …”
Now “join the dots”.
If you look back on this blog you will find that I’ve repeatedly said I don’t use cards only cash. In fact I’ve said of using cash if they mug you they can only steal what’s in your wallet, not everything in your bank account. So I consider not just credit cards but all electronic payment cards as “a risk to high”, something the annual crime figures confirm every year…
But it’s rather more than a gut fealing behind my choice. More than a couple of decades ago I investigated and wrote a paper on the EVM predecessor the “Secure Electronic Transactions”(SET) protocol. In it I identified several failings and basically said it was “not fit for use”. I later started looking into other card payment prorocols including EVM’s offerings. But getting the required info without restraint was difficult to impossible at the time. However from what I did see I saw the same “specification” defects that had given rise to SET’s failings…
So I fully expect to see more payment card vulnerabilities of this sort and similar. Because in essence they have been “built in by design” at the highest possible level, the “marketing wish list” that gave rise to the “specifications” from which the standards and protocols are derived and implementations built.
That “marketing wish list” came about only because,
1, Customer convenience trumps customer and merchant security.
2, Customer convenience losses can be externalised onto others.
As long as those two hold no electronic payment system will be secure.
As I’m now having to start adding, a disclaimer as specific commercial entities have been mentioned and some people get twitchy,
“Don’t take my word for it, clear out your assumptions and think it through for yourself”.
If you conclude differently go back and check you’ve got rid of all the assumptions.
Nick Levinson • August 28, 2021 8:56 AM
War in Afghanistan gave huge data to the Taliban on people they want to identify and their activities, making it easier to kill them, and the Taliban might share data with governments it wants as allies. Afghan institutions (unlike U.S. military and diplomatic) may not have had plans for rapid destruction or concealment of data before losing control.
SpaceLifeForm • August 28, 2021 3:06 PM
I hope PJ is around
After 18 Years, SCO’s IBM Litigation May Be Settled for $14.5 Million
Sancho_P • August 28, 2021 3:50 PM
Um, the POS emulator link is from 2020?
But until the POS sets the limit it will be problematic.
On a similar tangent, at my bank, they always ask me to sign on a small Wacom pen tablet, but I’ve no idea what my signature is used for (and how often it is reused).
Authentication is a basic problem, virtual and in person.
SpaceLifeForm • August 28, 2021 5:31 PM
@ MarkH, name.withheld.for.obvious.reasons
There is always a bottleneck. Always. It is physics.
I may be incorrect on the LIVELOCK angle, it may just be the overhead of the context switching, the devil of performance.
The kernel is key.
This is why testing is critical.
OWL • August 28, 2021 6:16 PM
NTFS has actually 8 timestamps.
SpaceLifeForm • August 28, 2021 6:45 PM
Allegedly, the Mastercard angle has been fixed. Allegedly.
Are we really sure that POS terminals have been properly updated?
Not long ago, I encountered a POS that could, and previously had, but would not that day, process card in chip mode. Bells rang. Will only use cash at that vendor now.
As Clive noted, cash is safer.
Are you sure that the TLS1.3 and 5G problems have been fixed?
Are you sure your signature has not been copied to cloud?
Any legal documents that your signature is on that you are not aware of?
Second attack discovered, also impacting Mastercard
To discover this bug, the research team said they used a modified version of a tool called Tamarin, which was previously used to discover complex vulnerabilities in the TLS 1.3 cryptographic protocol [PDF] and in the 5G authentication mechanism [PDF].
OWL • August 28, 2021 7:37 PM
More on windows timestamp behavior on different conditions.
Seems that win10 behaves differently what was before known.
The timestamp problem on Windows is even worse than that. For instance, if I store some User Private data, and then ask when it was changed, the change time may be earlier than you thought. I stored a timestamp (SysTime) record and the change time was earlier than the value I stored. Or sometimes it is much later. I think you need to allow 10 seconds plus or minus when validating any timestamp.
Weather • August 29, 2021 1:23 AM
Are you still ment to copy it to fat32 and then copy it to NTFS to remove file.txt:hidden FD data?
Might fix the timestamp issue.
name.withheld.for.obvious.reasons • August 29, 2021 1:43 AM
Have yet to see a response from EFF on the 9th circuit’s memorandum, the summary finding is fairly flawed and I understand it to follow along the line of a shadow docket procedure. As I mentioned before, no presiding judge offered an opinion. I hope this isn’t a trend, given that the Supreme Court has issued two similar procedural rulings (i.e. shadow docket) such as rent moratorium ruling.
echo • August 29, 2021 2:36 AM
Al Murray on war:
I said this about conflict and all the men got snotty! I don’t suppose any men listen unless it’s a man saying it.
Clive Robinson • August 29, 2021 4:51 AM
@ SpaceLifeForm, ALL,
After 18 Years, SCO’s IBM Litigation May Be Settled for $14.5 Million
And so more of the fun will begin again…
I can’t remember exactly how many it was but something like half a dozen other cases were staid waiting on the outcome of SCO -v- IBM.
Now the cork has been drawn, will we hear the glug glug glug of more money going down the legal drain?
If I remember correctly the Bank of Canada has 40-50million tied up and quite a few other sources of money including Hedge-Funds that had via Microsoft prompting pushed tens if not a hundred million USD in SCO’s direction. We know Microsoft certainly had an agenda and pushed something like 20million SCO’s way one way or another.
I’m not sure on US legal rules, but in some jurisdictions, if you have funded a failed litigant then you become liable for the defendants costs just as the litigant would have…
I suspect the numerous vexatious and baseless SCO -v- Linux campaigns have had a very large chunk of cash thrown into them, and some people are going to want it back “With Interest and charges”… Microsoft might be seen as having not just an agender thus significant skin in the game, but also the deepest pockets thus the best target to take aim at.
What is the betting that some SCO litigation will still be grinding or pending in the US legal system in ten years time if not other places?
Winter • August 29, 2021 9:30 AM
“NTFS has actually 8 timestamps.
NTFS has been touted as the best FS MS has ever produced and much better than FAT. But what FS is not better than FAT?
IIRC, it was designed to merge a “modern” file system with a database. The FS to rule all other FS’. But that did not work out.
Luckily, it is only deployed in serious numbers on Windows desktops.
Sut Vachz • August 29, 2021 3:05 PM
What goes up must come back
Now all they need to do is add WSJT etc
Cassandra • August 29, 2021 3:11 PM
SCO (Actually the Trustee of the businesses TSG Group Inc, and TSG Operations Inc*) have not lost. They have succeeded in negotiating a settlement with IBM’s lawyers, which is…surprising. Even more so when it is IBM paying the Trustee to go away. In pure monetary terms, it makes sense; as the amount IBM will pay to continue defending the litigation will far exceed any amount they could get once they inevitably prevailed. However, it is…unusual…for IBM’s lawyers to act in this manner. They would normally stomp the smoking corpse into ashes and pour acid on the remains before giving an inch. Usually. So I wonder what happened. I really miss PJ/Groklaw.
Details of the twisty little maze of names of The Santa Cruz Operation and subsequent companies here: hxxps://everipedia.org/SCO_Group
Note the name Xinuos. Xinuous have filed suit against IBM and Redhat in the America Virgin Islands. The litigation around SCO ‘Intellectual Property’ is not dead yet.
Clive Robinson • August 29, 2021 6:29 PM
Xinuous have filed suit against IBM and Redhat in the America Virgin Islands. The litigation around SCO ‘Intellectual Property’ is not dead yet.
No it’s not, in fact I would say the fun is just avout to start again…
As for IBM comming to some form of settlement, whilst it makes financial sense when taken in isolation, it does not make sense in terms of action by others against IBM in the future… It’s kind of saying that IBM has a point at which they will buckle, which means other litigants in future will be more likely to keep grinding away.
But… that case was the cork in the bottle for other cases, so there may be a strategic reason for IBM to in effect fold, but I’m darned if I can think of one off the top of my head.
That said the fact that the SCO corpse has been reanimated so many times, means that somebody thinks there is money or leverage still “in the assets & claims”. Even though the 300 odd original claims by SCO have been shown to be baseless, erroneous, based on false assumptions, or are just plain vexatious, somebody sees profit in them still. So the question is “Why?”
Weather • August 30, 2021 1:12 AM
NTFS you can hide data and programs in the meta stream of files, extfs is probably the same.
Sut Vachz • August 30, 2021 3:52 AM
Why is computers, networking, and the internet called “the information superhighway” and not the “information supersubway” ?
That politician was right when he talked about “tubes”.
“People who want to understand democracy should spend less time in the library with Aristotle and more time on the buses and in the subway” – Simeon Strunsky
… where they will see the people riding in the cars reading Aristotle, some from their phones …
Professor Proton • August 30, 2021 6:02 AM
Need options, contact details. This has gone on too long. I want off this merry go round.
intind77 • August 30, 2021 11:07 AM
That is a great standup piece. He is right, I hadn’t really thought of things from that perspective. And you are also right that I might not have listened to it otherwise. It makes me wonder whats with the bias of Men not listening to women, and vice versa. Or at least taking their opinions more seriously. I suppose that is how society has conditioned us since birth. I notice that when women try and make the point about the bias, most men instantly roll their eyes and say under their breath “here is another one of those radical luney’s” This is a comprehensive problem that will be a difficult issue to overcome, as it appears to me that one of the primary reasons is relgion. Doesnt matter which one. Most of the world is religious in some way or another, and they all seem to condition women to stay at home with the kids and in the kitchen. A shame. I certainly see the inequality. Your arguments are valid.
Clive Robinson • August 30, 2021 2:16 PM
@ Weather, SpaceLifeForm, Winter, ALL,
NTFS you can hide data and programs in the meta stream of files…
Yes, it can and from a security viewpoint it’s a serious concern, but few know what the meta-features are of MS’s NTFS or the layer they should be in between the actual file system hardware and the user land API’s, how they can interact and go wrong security wise.
Unfortunately there is one heck of a lot of issues in that mostly “unseen” part of the file storage stack MS put in at one point or another over the past third of a century. Worse much of it still remains as “legacy code” with all the attendant bugs / vulnarabilities, irrespective of the lower layers that distinguish say NTFS and FAT32 from earlier FAT generations. Why are they there?
Well nearly all these now legacy features were implemented to duplicate / copy features from *nix or Apple OS’s sometimes several years later.
Recently with the addition of Linux to MS OS’s the problem has got a lot lot worse. Many *nix SysAdmins will prefere ext3/4 or ZFS lower level file systems over MS’s FAT32 or NTFS. Many *nix SysAdmins for instance see ext3/4 or ZFS to be better in some way such as thay are faster, more fault tolerant, more secure, etc and certainly these days way more flexible than NTFS… Conversely for “embedded” type systems many see FAT32 as a “lingua franca” for storage cards etc used as “read only” type storage thus exchanging complex space consuming reliability features for simplicity and in some cases the easy ability to “manually hack/rebuild/change” as required. Either way MS’s NTFS is increasingly seen as “End of Life” for all but “Desktop Use” and “SoHo Users”.
To understand the many NTFS issues and how they might effect orher file systems you have to appreciate the notion of the file storage stack. It is similar in idea to the ISO OSI seven layer stack most frequently used to describe “communications” via networking. But at all but the physical layer down nearly all the layers in the seven layer stack apply equally as well to “storage” for “bag of bits” with “meta-data” that get loosely described as “files”.
The top of the stack in effect is controled by the users computer and the bottom by the file storage computer the physical hardware is attached to. These computers are increasingly not the same, and they rarely run the same OS these days. Which means you often have to think of them as two layers one for the user and one for the physical hardware, with a mess in the middle to try to get them to appear to be compatible.
At the physical layer end if more than just a handfull of users connect to it a SysAdmin is going to want both reliablity and availability to be high. From just before the 1990’s lessons learned from “databases” were brought into file systems with the likes of IBM’s Journaling File System. Later lessons learned from large storage backup gave rise to Versioning File Systems which when combined gave high reliability with increased availability.
Whilst all “Journaling File Systems” and those that take “snapshots” such as “Versioning File Systems” have security issues with the transition pool/buffers these are generally well known about and importantly at a low level in the file storage stack. Thus usually security steps for them can be reasonably taken regardless of what user system is connected. The simplest being to lock a file system to a read only copy of an old state or to just lock out the file system entirely and let the Security SysAdmin sort out the best course.
At the user end of the file storage stack you are nolonger in the “near physical layer” of the stack but at the “near presentation layer” where the likes of applications and overly fancy OS functions hang out which are in effect unpredictable at boot time so the effects they may or may not have can not easily be sorted out by even the user end OS in recovery mode or at next boot.
But there is the mess in the middle that most rarely see. Some presentation layer features are dependent on lower layer features that are in effect hidden in the middle, and often neglected or forgotton or worse work differently… This is where the most anoying problems and security issues are likely to occure.
One such “neglected and forgotton” feature is something Apple thought up and Microsoft tried to copy very badly back in NT3.5.1 way back last century with the result it’s still there but mostly unknown. It’s officially called “Alternative Data Streams”(ADS) and Apple actually came up with the idea for their server solutions as part of their “embrace, extend, lock-in” policy.
It started because Apple with it’s Macintosh computer and OS had a problem which was data files are just a “bag of bits” wrapped in a very simple set of file system meta-data. Meta-data that mostly has nothing what so ever to do with the files contents, that is how it is internally formated, what class of data object it falls in, or what programs are needed to use the data. However at the user level Apple had abstracted away the idea of files into objects. That is Apple came up with the idea that data files would have “resource tags” and as they belonged to the data file, they got put in the file system with the file. But as users did not have to know about them from their object view the resource tags were “hidden” and the Apple windows software treated the hidden resources as though they were actually part of the object with a data and resource stream. So when a user moved a data object, two streams moved, the data stream, and the hidden resource stream that had the resource tags in it got moved with it by the Macintosh OS.
This gave MS a problem as they wanted NTFS on MS Servers to be “universal servers” as part of their embrace and extend policy not just against Apple, but Novell and a whole bunch of other corps that are now effectively memories at best.
So by enabling NTFS to support multiple streams an Apple Macintosh user could copy files to a Windows server and then back to a Macintosh without losing the ‘resource’ stream. Which gave Microsoft a clear line of attack against Apple’s own server products with the advantage that it gave the illusion that Apple Macintosh PC’s in the Graphic Design dept could be integrated with the MS Windows PCs in accounts / HR etc.
So Microsoft came up with the idea of storing multiple files under one file with multiple streams… To do this they came up with using the colon ‘:’ character that was not alowed as a valid character in most file names, and certainly not in 8.3 format file names that were used in MS FAT12 and FAT16 of the time, thus also in NTFS.
So you would have,
As what the user would see, but it was also seen by the OS as,
Which was handy to download files of of MS IIS that had otherwise been blocked. But you could have other files such as,
That were linked to FRED.TXT but not visable. So FRED.TXT might be a small text file but,
could be several megabytes but not show up in DIR or the other tools most SysAdmins used.
This was because to start with these streams were virtually invisable to everyone including SysAdmins. Because NTFS streams support was limited to the Win32 API’s for file access, and only the “echo” and “more” utilities had any ‘awareness’ of the multiple streams for several years…
This invisibility to users and SysAdmins made the use of NTFS ADS by certain types of people very tempting as the common “dir” MS-DOS command and MS Win “File Explorer” ignored ADS usage. However certain file editors did give access to other ADS files which for a specialist developer was quite usefull as you could effectively open three or four files that got moved by the OS without others being aware of it…
Up till Win XP adding an executable file as an ADS and running it was very easy. Whilst MS has pluged one hole of this type it is still fairly easy to run .exe and .dll (use rundll32.exe at the command line) files that are in streams.
However this is but one of quite a number of messy “meta bugs/vulneravilities” in the middle of the file stack. Because things are largely undocumented the order you do things in can make a significant difference.
One area that can become a nightmare is multi-layer encryption, I won’t go into details for a couple of reasons but anyone thinking of implementing multi-level encryption realy needs to be aware of all the nasties that MS and others have put in the middle of the file storage stack.
 One being the vast amount of stuff you have to keep up with kind of makes it more than a full time job, and these days my time is better spent else where.
name.withheld.for.obvious.reasons • August 30, 2021 2:56 PM
May have an answer for the recent undocumented fixes to Apple’s Mac OS that brings the version number to 11.5.2. All of the applications appear to be replaced with a new version but there is no change in the binary size. My suspicions are that signed certificates for the applications are updated/replaced. I am willing of course to be wrong on this cuz, hey, I am just giving it the good old college WAG.
name.withheld.for.obvious.reasons • August 30, 2021 3:11 PM
@ Clive, Casandra
I was at IBM when the initial suit was filed, I was also working on a kernel ABI compatibility project with SCO/AIX. What many may not know how much SCO benefited from other platform inheritance or legacy pieces outside of that standard SYS V roots. There, in my the course of my duties, were components of the OS that contained or were derived from Xenix. Now I don’t know what prompted the original court action but is ironic that IBM purchased RHOLM, a telecomm switch company. I’d also worked on some RHOLM switches, part SCO and part OS/2. Two OS’s worked in tandem via physical and logical separation. SCO was the switch core servicing OS and OS/2 was the AVR component.
For a national insurance company I was asked and instructed by legal to “RED TEAM” the platform, 4 hours, and I reported back. The technicians could make a problem determination.
name.withheld.for.obvious.reasons • August 30, 2021 4:14 PM
The technicians could make a problem determination.
The technicians could NOT make a problem determination.
SpaceLifeForm • August 30, 2021 4:19 PM
All circuits are NOT busy, please try again later.
[check the after and before pics]
[Maybe the Saints will move to St. Louis. There is a facility available]
name.withheld.for.obvious.reasons • August 30, 2021 4:51 PM
It never really made sense that Microsoft included the ADS functionality, it is a hidden semaphore, that seems unlikely to serve any purpose not supported by other, not in the kernel filesystem, applications. Any sufficiently robust OS does not need to implement a “Hidden from you feature/bug” without incurring some sort of blowback. And it appears that all the major OS, less strict BSD, including Linux/Chrome, iOS and MacOS, and Winders have slowly put more curtains in front of the short little fella operating the levers of the system.
SpaceLifeForm • August 30, 2021 5:02 PM
Colpipe. I’m not buying this story.
You knew damn well that your pipelines that go thru Louisiana would lose power to the pumps.
It’s not preventative, it is an exploit to drive up profits.
lurker • August 30, 2021 5:59 PM
So by enabling NTFS to support multiple streams an Apple Macintosh user could copy files to a Windows server and then back to a Macintosh without losing the ‘resource’ stream. Which gave Microsoft a clear line of attack against Apple’s own server products …
A few paragraphs summarised for me a few fat textbooks. I always treated NTFS with a suspicion based only on knowing where it came from. Recently I bought a new “portable” disk for sneakernet (it can be faster and more secure than most normal networks) and for parking come-in-handy stuff. It came pre-formatted NTFS, and this time I thought to leave it so since I had fuse-ntfs on both my MacOS and Linux machines. One day it barfed while changing the name of a folder/directory while mounted in MacOS. After 20 minutes wheel spinning I force unmounted it. On remounting the “bad” folder had disappeared in MacOS, no trace. On linux the “bad” folder was available, all files present and correct, read-only. Figuring that the journal (or ntfs version system) had got twisted, I gave it to someone I know and trust with a selection of special under-the-hood Windows tools. No cigar. His suggestion: It’s borked, maybe a sector went bad before ntfs could map it out.
With every OS having its own favourite disk file system, Fat32 seems to be the only lingua franca. Sure, there’s NFS, but avoiding the network? and besides MS do their own version…
SpaceLifeForm • August 30, 2021 6:30 PM
@ name.withheld.for.obvious.reasons, Cassandra, Clive
It is important that you explain for readers that the SCO you reference is NOT fhe fake SCO which is TSG.
That the original SCO was Santa Cruz Operation.
If PJ had not hidden a lot of functionality post shutdown, I could provide the deep dive links.
We are elephants.
lurker • August 30, 2021 6:45 PM
SCO= Shanghai Co-operation Organisation, initially China+Russia+a handful of ‘stans. Observed as a joke by some of pj’s followers at the time.
SpaceLifeForm • August 30, 2021 7:59 PM
I barely recall that, and I was there everyday. Probably because I ignored the trolls and just was reading tbe legal or tech comments.
Posioning the acronyms on the internet.
Posioning search engines.
So future readers get confused.
_|_ • August 30, 2021 8:12 PM
This is not a NTFS fault, this is fault of flaky userspace (FUSE) driver that has reverse engineered via guessing and observing.
NTFS specs are MS trade secret, they are not public, so every third party driver is just an ugly hack. Yes, most part it may even work but when odd combinations starts, you most certainly will lose data.
The only NTFS driver I trust is MS native one. NTFS was born from HPFS, when MS and IBM roads parted. IBM kept HPFS, MS developed on its basis NTFS.
It has been so long around that all the bugs have ironed out from native drivers. Are those FUSE drivers been around so long?
And MS DO test their stuff.
FAT32 is a whole another story. FAT overall is so simple FS that anyone can fix it with hex editor. I’m sure Clive here has done this several times.
SpaceLifeForm • August 30, 2021 8:31 PM
I’ll just point out that when Linux developers started to create a NTFS driver, they found a design bug.
Microsoft fixed it.
echo • August 30, 2021 9:22 PM
A £3.3m scheme to provide schools in Wales with machines that disinfect classrooms after a Covid outbreak has prompted calls for reassurance over their safety.
I think I posted a link to a study on ozone machines and it went walkies. I don’t see anything controversial with ozone machines as long as they are used properly.
The Welsh education ministry said on Monday that all schools, universities and colleges in Wales would be supplied with ozone disinfecting machines for cleaning up Covid-hit classrooms.
Plaid Cymru has raised questions about toxic chemicals contained within the technology. And campaigners questioned why the Welsh government was turning to a harmful substance in schools when safer alternatives are available.
Ozone is produced using electricity by two main methods. I don’t know where Plaid Cymru gets the idea it’s produced by chemicals. I’m also puzzled why this contraption has a “coverter” which turns the ozone back into oxygen. If you leave it alone it turns back to oxygen on its own.
Operating an ozone machine is very simple. You place it in a sealed room and let the timer run. When it’s done you leave enough time for the ozone to clear by breaking down into harmless oxygen.
These machines are not toys. They are industrial equipment which is why somebody produced health and safety compliant guidelines to go along with their use.
But ozone is so toxic that no one will be allowed inside the room when the machine is operating, according to Dr Chedly Tizaoui, who was part of the design team.
Speaking to the Guardian, he said: “When we apply the ozone, the room has to be closed and no one is allowed to be in the room, including pets and animals.
Well, yes and you don’t want ozone anywhere near anything containing rubber either as ozone destroys rubber.
But Dr Eilir Hughes, a GP on the Llŷn peninsula and a member of the Fresh Air Wales campaign, was not convinced. He said: “If you have to put in place a lot of health and safety guidelines in rolling it out then it really needs to be worth it.
“Adding a toxic substance to the environment raises concerns about how it will react to chemicals particularly in soft furnishings. Is it sensible to be testing this in schools?”
Ozone machines are used by the car valet industry to get rid of organic junk which creates smells from dead cats in the boot to nicotine.
In an article published online on Monday in Nation Cymru he wrote: “Using ozone to disinfect does seems counterintuitive. In an attempt to lower the risk of harm to human health, we are using toxic chemicals when safer alternatives are available.
Ozone breaks down naturally and rapidly into oxygen and leaves no residue.
A Welsh government spokesman said the machines were only for disinfecting empty indoor spaces. He said: “These machines have been developed to speed-up the decontamination of classrooms following a confirmed outbreak of covid-19 only, and not as a form of air purification for occupied indoor spaces.”
Somebody read the manual before opening their mouth. It does help.
By the sound of things someone is going to have to design a large warning label and an annoying buzzer before some idiot does use one as an air conditioner.
SpaceLifeForm • August 30, 2021 9:30 PM
I was not clear. When I said Linux developers found a design problem in NTFS, and that Microsoft fixed it, it was that Microsoft acknowledged that it was their design problem. It was a not a bug in FUSE. It was not that Microsoft devs told the Linux devs that they had a bug. It was the reverse.
SpaceLifeForm • August 31, 2021 12:30 AM
Look into pinephone and debian. Phone and desktop.
I would help you and your students if I lived close by.
Could make it part of the curriculum.
Winter • August 31, 2021 1:17 AM
“It is important that you explain for readers that the SCO you reference is NOT fhe fake SCO which is TSG.”
The Santa Cruz Operation sold their Unix assets and their name to Caldera in 2001. Caldera then changed its name to SCO group.
When Linux destroyed the market for selling Unix systems, the then CEO Darl McBride looked for new revenues in shaking down IBM. That became the SCO vs Linux debacles.
I too spend way more time on PJs forum (ps the search never worked well). What I learned was that the US legal system is utterly dysfunctional. For those in doubt, the case is closing in to it’s 20th birthday. In those 20 years, absolutely NO evidence has been produces.
name.withheld.for.obvious.reasons • August 31, 2021 1:55 AM
I am very familiar with the Santa Cruz Operations folks, had several meetings with them over database applications for commercial applications and had specified SCO as the preferred vendor. Have a library dedicated to their systems, from OS and kernel development, to application support and distribution. SCO had been early to the desktop, other OS like OS/9 or GEM had not caught the fancy of many small system integrators (thought it is a pity) and of course, no one was seriously using Microsoft for anything other than a wiping boy with DOS 3.11. We’re talking Windows 2.0, pile, and pre Win 3.0.
I was with IBM when Microsoft split from the deal–I said “Good ridden.” Microsoft was really just trying to tank the work that had already been done with OS/2, preemptive and prioritized multi-tasking kernel fast even for real-time applications. But probably the saddest development prior to that period was the loss of GEM OS that was Gary Kildall’s offering from Digital Research. Definitely ahead of Microsoft, GEM OS had Framework running on their platform and was able to do book level publishing, and the Lisa from Apple was not quite there, little adoption due to the $10,000
price tag. For about the same price you could get a SPARC workstation and SunOS. For a perspective, in mid to late 1980’s dollars try tripling those prices to bring it forward. And, as Jobs was off doing NextSTEP and the Cube, not much attention was paid to it. I’d like the Lisa platform, and the Cube was certainly a clean implementation.
When the workstation finally shook out, the early 2000’s, we had Apollo with HP/UX, Cray with IRIX, Sun with Solaris, and IBM with AIX. SCO had failed to make a platform home on a hardware manufacturer’s box. SCO had a lot of penetration in the X86 realm but was not a cross-over candidate for RISC platforms. And who can forget about DEC, poor guys had Alpha and no one knew what to do with it.
I’d ported an accounting suite that was Great Plains as a new, complete rewrite (no code was carried forward, only data formats and support).
Added about 300-400 percent improvement in performance, more than half the object code size, and advanced control and data element features that were decades ahead. Source code for all the modules (AP/AR/GL/PR/RP) written using a language I’d coined ‘D’.
name.withheld.for.obvious.reasons • August 31, 2021 2:11 AM
Once again, a cogent, thought provoking, out of the norm/box/world post goes into the toilet. No curse words, no demonstrative assaults, no named individuals, but maybe, just maybe, it is the issue concerning two teams of men and their guns–or it may just be an overly misogynistic bend (not on my part). Thus when faced with colloquial condescension, via the bit bucket, voluntary membership is that, voluntary. But one must chose their friends wisely, and their enemies even more so…I hope Bruce is listening. And even if he isn’t, my respect for him is as always. Stay safe my friend.
I can only guess at this point, but this makes one question how far a reasonable and rational contribution can be made to seek /dev/zero. Peace, out. Ado my friends and colleagues, it’s been swell–and not.
Winter • August 31, 2021 4:31 AM
“Once again, a cogent, thought provoking, out of the norm/box/world post goes into the toilet.”
Speech is ephemeral. Look at all the wisdom available at Groklaw. Who reads it? Who is even able to read a decade of discussions?
Winter • August 31, 2021 4:34 AM
“Once again, a cogent, thought provoking, out of the norm/box/world post goes into the toilet.”
So, if you are read before your comment is removed, you have reached at least part of your audience.
Clive Robinson • August 31, 2021 5:00 AM
@ SpaceLifeForm, ALL,
It’s not just the huge “technical” debt the US corporate and political way of life has built up that will demand “pay-back with interest”. There are other debt tsunami building up with realy only one way to go…
Like the over stretched tower that crashed down and killed power for a million due to a lack of investment, the fiscal over stretch caused by endless “Wars on XXX” will eventually crash down on the rest of the US,
As the saying has it “Pay-back is a b1tc4” and the longer you leave it the higher the price you have to pay.
Clive Robinson • August 31, 2021 5:06 AM
It never really made sense that Microsoft included the ADS functionality…
No it never did, but worse rather than let the feature die, MS have it on life support… That is some idiot in MS has decided to use it to store what are in effect “securiry swttings” on files that come in via the Internet etc…
I won’t go through the details but I’m sure some inventive minds will see all manner of possibilities with that functionality.
Clive Robinson • August 31, 2021 5:21 AM
It came pre-formatted NTFS…
You are not the first and almost certainly will not be the last to regret not nixing it for something else. Let’s just say “It goes with the territory”…
With every OS having its own favourite disk file system, Fat32 seems to be the only lingua franca. Sure, there’s NFS, but avoiding the network?
The network adds it’s own issues on top, which whilst many have been blitzed over the years… Is not helped by “new features” comming along. Where things as apparently mundane as “character sets” can cause unexpected chaos.
Sut Vachz • August 31, 2021 7:15 AM
Could recent moves by that large manufacturer be related to what they are required to do in other countries, and grow out of the things learned in those other places ? Similarly for other manufacturers in the same field. Can we not expect more of this, and even that any manufacturer, to have a connectible device, will be similarly required to adhere to these standards ? So all little technical bastions will be submerged eventually, maybe soon, by the rising waters ?
The propaganda way way back was that this technology would enter us into a free wide wonderful unlimited world, But like every utopia we have just put our heads into a bag.
That said, what about the graphene OS attempt ?
echo • August 31, 2021 7:44 AM
I think there is something funny going on with this blog. Some stuff I can accept being deleted. Other stuff I’m a bit suspicious about. There’s biases and favoritism operating. I think that has been contributing to an editorial and editing and content problem for quite some time.
Speech is ephemeral. Look at all the wisdom available at Groklaw. Who reads it? Who is even able to read a decade of discussions?
You are correct nobody is going to read it (like no policy maker is going to read let alone dig into Clive’s stuff although he seems to think they should). This isn’t the first time I’ve had this kind of discussion nor the first time I’ve seen this kind of discussion.
Ideally you need someone in the right place to write up a one page analysis in ordinary language, or for a more weighty presentation a judge or academic to write up a synthesis. Activism is more of an art and depends on a certain amount of patience and more than one person operating towards similar goals. Failing that more duplicitous means must be used. Sometimes the way past NIH is letting someone steal your suff. That’s when things turn from arguing to them wanting to believe it or thinking they invented it. I direct people’s attention towards “Operation Mincemeat”.
A corpse, a spy, fake news and an elaborate plan to cover up the 1943 Allied invasion of Sicily. Johan Sorensen and Ben Macintyre will take us through this fantastic and risky plan code named Operation Mincemeat. Macintyre will share recently released MI5 material that involved a cast of characters including Winston Churchill and Ian Fleming, creator of James Bond.
I’ve had a fair bit of success over the years. Enough that I actually have to stop and think and make a list. The two things to watch out for are people who are ideologically opposed or frenemies. If you run into either at a pinchpoint you’re sunk. Some people will steal your stuff and others will be slow but this doesn’t matter because you’re still getting what you want. The only time people move immediately and go public is when they are covering their asses and have something to hide but you may still be getting what you want at least in the short term even if they are burying the long term problem. Something you need to watch out for is what sounds like a good idea but is actually a bad idea if the enemy uses it. Another one is you can get someone to agree to something they normally wouldn’t if it lands a blow on their enemy.
SpaceLifeForm • August 31, 2021 6:32 PM
Reminds me of porting C code that ran on 3b2 processor. That is what a 5ESS switch uses.
On a 3b2, a NULL ptr was actually compiled to address zero.
Not portable. On a 3b2, at address zero, there was a zero byte.
That was effectively a null string.
So, all of the C string functions would function even if there was a NULL argument.
Not portable, in particular, to a machine that was MMU based.
This application, of many millions of LOC, would constantly be crashing.
I realized that the deadline for port would never be reached one crash at a time.
So, I cheated. Using the magic of the C preprocesser, I wrapped all of the C string functions into SAFE versions.
For example, strcpy would turn into safe_strcpy.
As I controlled the build process, I created a library that had the safe_* functions, and the safe_* functions would catch any NULL ptrs, and fix the problem on the fly.
I also had the code log the source file and line number as the problems
were worked around.
The application would continue to function, and the log would direct the devs to where the bugs really were.
That said, ‘D’ has good design and good ideas. But porting is not simple.
Anders • August 31, 2021 7:26 PM
Interesting historic thread.
I still use OS/2, almost daily, unfortunately
its browser don’t play nice with this site so
i can’t use it here, i have to switch computers.
echo • August 31, 2021 9:34 PM
I’ve just read an account of state arrogance and incompetence with regard to how an abuse case involving somebody dying was handled. Sadly it falls into “seen it all before” territory. Ultimately the police are to blame for not making a case and this will not be the first time the police have incompetently handled a case or covered up the state being a significant factor in a death. “Lessons will be learned”? In my experience the lessons which are learned are how to get away with it. Incompetence and bad attitude goes underground.
That’s what I’m reading when I’m not reading about far right activity.
When the likes of Apple push their authoritarian surviellance with a protect the children narrative they are in effect rewarding the self same lazy cops with bad habits.
echo • August 31, 2021 11:08 PM
UK ISP Sky Broadband is monitoring the IP addresses of servers suspected of streaming pirated content to subscribers and supplying that data to an anti-piracy company working with the Premier League. That inside knowledge is then processed and used to create blocklists used by the country’s leading ISPs, to prevent subscribers from watching pirated events.
Interesting but I question the “corporate made law”. There’s been this slide from going through regulators and prosecuting authorities i.e proper channels and effectively doing things themselves without enabling law or court orders. That’s a bad habit as the same companies especially banking and payment processors use the same power to block lawful activity which doesn’t fit with somebody else’s idea (usually the puritanical right wing) of what makes good politics. While on the surface plausibly “legal” my view is this kind of mechanism is in practice a loophole by which they exert undemocratic economic and social pressure which hightens economic disparities and human rights abuses. These matters are for parliament not some unelected corporate or billionaire hiding behind tax havens to decide.
echo • August 31, 2021 11:21 PM
“While the details of our content protection technology engagements with our customers are strictly confidential, we can confirm that neither Sky nor any other ISP provides Friend MTS with any customer data, and they never have done so,” a spokesperson said.
It appears that instead of monitoring customer IP addresses, Sky is compiling data on which IP addresses subscribers are pulling most data from during (and potentially before) match or event times. Sky then uploads the highest-trafficked IP addresses along with the port the traffic is streamed on to the S3 bucket mentioned above, every five minutes. It is then accessed by the anti-piracy company which, every five minutes, extracts the IP, bandwidth rate, and the port number that bandwidth is on.
Under EU and UK law as well as case law IP addresses are the property of the customer who used them at the time. This is one reason why websites which used to publish IP addresses alongside user geerated content (i.e. comments) stopped doing so as it was an unalwful reach of privacy. It is also unalwful for data to be used for any other purpose for which consent has been given. I suspect Sky’s “aggregation” of data while not explicitly passing on customers private data is nonetheless unlawful as it is very clearly being used for a purpose for which no consent has been given. There is no operational benefit to the customer from what I can see. I daresay Sky’s lawyers will argue there is a legitimate business purpose but this is something else not related to a data carrier providing services to customers. Sky are neither a prosecuting authority nor a court and it is not within the remit of Sky as a data carrier to act as judge, jury, and executioner.
While the documents indicate that ISPs (plural) provide ‘Top Talker’ IP address lists, as far as we can see only Sky is cooperating at the moment.
Oh do they now? As data carriers move into being content producers this becomes more questionable. I think there are some market regulation aspects to this.
If they’re doing this what else are they up to? I cannnot image certain types of cyncial executive are going to ignore traffic data for politicially sensitive traffic or even financially sensitive traffic. How do we know internally obtained data isn’t going walkies for party political or industrial espionage reasons?
SpaceLifeForm • September 1, 2021 12:38 AM
There are elephants everywhere. See the comments.
Weather • September 1, 2021 1:53 AM
Thanks for the change, some nice posts to think about. Foreign population, legal side of open access Internet, and others. 😉
Mowmowfi • September 1, 2021 2:05 AM
Winter • September 1, 2021 2:50 AM
From your quote: “This is not all about race.”
Race is a red herring. Human races do not exist. It used to be religion that divided communities, e.g., Catholics vs Lutheran vs Calvinist, Sunites vs Shiites, everyone vs Jews,etc. But in reality, every biometric has been used, left handedness, red hair, blond hair, black hair (Japanese dye their hair black to fit in), skin color. Language is a great one. Everything you can name has been used to disciminate people and to justify violence.
But the underlying drive has been to split. The universal Us-versus-Themism. Go to any village of any size and it is split in two or more competing clans, Eloi vs the Morlocks everywhere.
Clive Robinson • September 1, 2021 3:50 AM
There are elephants everywhere
Yes, but some have either chosen bot to speak or are just keeping quiet for now.
SCO started as three blogs in a garage, going bankrupt, like many kick the can startups of the time.
But Microsoft at that time had a problem in that it had bitten off more than it could chew…
Many felt that Unix which had been ported onto so many platforms could be ported onto 286 based PCs and the fledgling servers it was used in at the time.
Microsoft entered into a contractual agreement with AT&T to produce Unix for 286 computers. But for various reasons could not deliver. So Microsoft did what it often did it found some non business savey individual or small group that were technically savey and basically took their work for next to nothing.
Well the deal between SCO and Microsoft gave us Xenix, and Microsoft unlike SCO got a perpetual licence right from AT&T for Unix on Intel platforms…
Few realise that with every copy of SCO Unix Microsoft got a hefty licence fee kickback, similar with all versions of AT&T Sys V sold by other companies. For those with Sys V on the PC you can find the licence headers on the delivered software in the base system floppy disks and after instalation.
So if a path from AT&T Unix code to Linux can be found after the Microsoft AT&T agreement, then one winner in the royalties game, would be Microsoft…
Intel in effect owns the computing world inside of businesses and quite a few cloud providers. In smart devices it tends to be but is not exclusiveky ARM. One reason to use Linux has been to get away from Microsofts pi55-p00r offerings that force people into MS propriety 1990’s era legacy code that is the OS and File Stack like the NT kernel and NTFS. Oh and the only reason MS network code is not realy propietary is it was taken from the same place BSD Unix originated and copied in, with a few tweeks like changing the direction of command line slashes.
Thus since NT 3.5.1 most upgrades have been to the user interface to in effect force everyone to upgrade. But not the core OS which is why bugs that are decades old still show up on a regular basis and can be quite devastating.
The thing is that Microsofts OS core is not just old and creaky, it’s diseased and has a technical debt mountain I would not like to estimate the size of. What would make Microsoft happy is switching the OS core out from faux-unix to a real unix much as Apple did, but have the world hooked and locked in via it’s user interfaces and one or two other propriety features.
Imagine what getting leagle rights over Linux would do for them… Yeah it’s one of those nightmare scenarios that we saw fought out back in the days of “Big Iron”.
Winter • September 1, 2021 4:41 AM
“Imagine what getting leagle rights over Linux would do for them…”
That ship had already sailed when SCOG started it’s scam. Too many countries and too much of the economy/internet runs on Linux for MS to be allowed to control it.
I suspect ESR, for all his madness, was on the right trail when he wrote that MS offering direct Linux kernel access with Windows System for Linux (WSL) is the first step of replacing the NT kernel (a degraded copy of a real OS, VAX VMS) with Linux. His website is not online at the moment, but if you search for “Last phase of the desktop wars?”, you will find every John, Dick, and Harry dismissing it. (Which tells us something)
The NT kernel is not used in anything in numbers except desktop computers. But the real money is not in desktop computers anymore. Even Apple make their money in phones and tablets.
MS used it’s desktop monopoly to protect it’s monopoly on business software. But even MS software has been moved to the cloud because businesses do not want to manage 10,000s of individual desktop computers with all the cybercrime problems. As this software has to be useable by phones and tablets anyway, the use of Windows as the gatekeeper of business users has already eroded.
With everything computer related moving to the cloud and Linux, and Windows being a pain for developing Linux applications, developers switched to Mac, which is alike enough to Linux to be useful. Developers that do not exclusively use MS tools or programs anymore.
So the question “Why should MS spend money on the NT kernel?” Is a valid one. So, instead of making NT ready for the cloud and fight Linux head on, they added Linux to Windows.
But with WSL, the question why to invest in the NT kernel is even more relevant. If Linux is already present, why not use it for everything NT is not optimal for?
I can see this ending in a system with a Windows system with a Linux kernel. But I think our common desktop will be dead and gone long before that, replaced by systems like Chrome OS.
JonKnowsNothing • September 1, 2021 6:13 AM
re: developers switched to Mac
Only those that do not remember what happened the previous 2 or 3 times…
In the beginning of Silicon Valley, you could walk into a very Big Store that sold computers and software to Silicon Valley. If you needed an extra packet of resistors or memory chips or an CPU or a solder iron, it was the place to go.
There were rows and rows of Apple Compatible Software.
It all went away, several times. The store is gone now too.
Winter • September 1, 2021 6:28 AM
“Only those that do not remember what happened the previous 2 or 3 times…”
My point was not that developers produced Mac applications, but that they used macs to construct and test Linux Docker etc. containers for cloud deployment. Something they do not want to do on Windows, because that implies switching between Windows and Linux.
With WSL, these developers can do everything in Windows without (re)booting or running VMs inside VMs.
Sut Vachz • September 1, 2021 6:39 AM
Andy Warhol understood getting to the fundamentals.
And perhaps the reason Lou Reed never did a cover of Whiter Shade of Pale is that he never hacked (in the computer sense).
Winter • September 1, 2021 9:12 AM
“Politics was supposed to be that which made society real, ”
I understood that politics regularizes the strive of competing interests in society. Politicians have to reach compromises on these competing interests.
This is inherently unstable, as every “interest” wants an unconditional surrender of everyone else. Two extreme outcomes are one interest wins all, another is that interests refuse to compromise and civil war breaks out.
Note that the hallmark of a prosperous nation is politics that is all about compromise. The moment one side Wins, things go downhill very fast.
The USA has experienced the No Compromise phase since 3 decades. This means that a whole generation grew up not knowing that politics is all about compromisings.
Winter • September 1, 2021 9:14 AM
The above comment was @Sut Vachz
Sut Vachz • September 1, 2021 11:25 AM
The moderator saw fit to remove the comment 😉
But humans are by nature sociable and political, ie they want to live together. They have single or private goods, but also a common good. Obviously there is a tension between these two kinds of goods, so some kind of knowledge or science is needed to see that they work in harmony. That sciences has to be politics if it’s anything. It includes ethics and justice.
elephant • September 1, 2021 3:12 PM
@ SpaceLifeForm • September 1, 2021 12:38 AM
‘There are elephants everywhere. See the comments.’
SpaceLifeForm • September 1, 2021 4:50 PM
@ some strange sightings
The seller rejected the association with the JellyFish malware saying that their method is different and does not rely on code mapping back to userspace.
Therefore, it must be an attack on the kernelspace. Which is certainly possible via the GPU driver.
But, how would it leak data?
echo • September 1, 2021 5:30 PM
A young Nazi sympathizer who downloaded bomb-making instructions has been sentenced to read classic novels including Pride and Prejudice instead.
Judge Timothy Spencer QC told Ben John, 21, he could stay out of prison as long as he steered clear of white-supremacy literature and and read books and plays by Jane Austen, William Shakespeare, Thomas Hardy and Charles Dickens.
The former De Montfort University student will have to return to court every four months to be tested on his reading by the judge after avoiding jail “by the skin of his teeth”.
Somebody is on the naughty step.
He was also given a five-year Serious Crime Prevention Order requiring him to stay in touch with the police and let them monitor his online activity and up to 30 days on a Healthy Identity Intervention programme.
No VPN or burner phones for you sunshine!
SpaceLifeForm • September 1, 2021 5:51 PM
Worthless. The data left the barn.
MarkH • September 1, 2021 6:21 PM
Ironically, by now there may be many university faculty who would classify the prescribed readings as white supremacist literature …
SpaceLifeForm • September 2, 2021 1:15 AM
@ Sut Vachz
I would never use GrapheneOS. It is still based upon AOSP. It still has the zygote process, which I despise because it starts processes for no reason. I want to be able to control which processes I start and when.
For example, I do not like that WIFI may magically be enabled.
Yes, in theory, you can build your own version from source. The effort involved is so much hassle, that most will not try.
Clive Robinson • September 2, 2021 6:58 AM
@ JonKnowsNothing, SpaceLifeForm, Winter,
It appears the thinking has changed in both the US and other places, from “beatable” –which it was– to “endemic” –which polititians made inevitable– but they are not yet ready to say it, so instead it’s now “everyone is going to get it”.
The argument is along the lines of the delta varient makes even previously infected and fully dosed people infectious at such a high rate (~40% and rising) that there can be no herd immunity… That is there will always be enough infectious but asymptomatic people in the community to ensure everyone will come into contact with an infectious person in the next few months of Autumn and into respiratory infection season of 21/22.
This is of course a result of the near unrestricted movment of infectious people, something many of us have been strongly against. The current figures in Australia, kind of prove the efficacy of our point. That is the Australian premier so desperate to get international travel going, has caused the rapidly rising infections in one Australian state, where as other States have practiced area quarantines are currently down at zero infections. New Zeland would have been infection free except for the international travel of certain persons who were “entitled” to put the lives of thousands if not millions at risk because “they are special”. Delta also makes a mockery of any special passport, because even being fully dosed or having previously been infected, you can become infectious again, probably asymptomaticaly.
The thing is as I keep noting, mutation is directly related to the number of people currently infected or as they prefer “prevalency”. The result is at the moment mutation is out pacing even the fastest jabs in arms program… There can only be one result from that statistic with this particular virus type evolution, and that is increasingly infective mutations that effect the young more and more. Back at the start the average age was above 65 now it’s down below 30 and dropping. This is due to a number of factors but one is the success in getting two doses in the arms of older generations in some regions.
It is however reasonable to assume that the next mutation of consequence will be both more infectious than delta and more lethal than delta as it was in turn compared to the “Kent/UK” varient which in it’s turn was more infective and lethal than the original pandemic strain.
Some figures suggest that there is a 30:1 difference in the effects those who have been lucky enough to be able to get a double dose than those who have recieved none. As the majority of the world falls in the latter group currently and probably will continue to do so for the next three to six years due to political wrangling so inaction, we can expect not just that it will become endemic but we will get another couple of more severe mutations or ones that are readily zoonotic. So what has been seen at the worst times in Brazil and India will potentialy be almost minor in comparison.
Some in various positions of authority are now saying on the back of this “herd immunity is a failur” acceptance, that we should return to the scant testing of hospital admissions only. In effect as it was in the early days of the pandemic when such testing regimes allowed much dishonesty in reporting thus causing the situation to get out of control and put us in the position we are in today…
Winter • September 2, 2021 10:49 AM
Let’s look at “unbiased” data, life expectancy. USA vs combined “peer countries”, the usual suspects: Austria, Belgium, Denmark, Finland, France, Israel, Netherlands, New Zealand, Norway, South Korea, Portugal, Spain, Sweden, Switzerland, Taiwan, and the United Kingdom.
I think this shows the desasterous failure of the USA “non-leadership” as no other statistics.
Results Between 2010 and 2018, the gap in life expectancy between the US and the peer country average increased from 1.88 years (78.66 v 80.54 years, respectively) to 3.05 years (78.74 v 81.78 years). Between 2018 and 2020, life expectancy in the US decreased by 1.87 years (to 76.87 years), 8.5 times the average decrease in peer countries (0.22 years), widening the gap to 4.69 years. Life expectancy in the US decreased disproportionately among racial and ethnic minority groups between 2018 and 2020, declining by 3.88, 3.25, and 1.36 years in Hispanic, non-Hispanic Black, and non-Hispanic White populations, respectively. In Hispanic and non-Hispanic Black populations, reductions in life expectancy were 18 and 15 times the average in peer countries, respectively. Progress since 2010 in reducing the gap in life expectancy in the US between Black and White people was erased in 2018-20; life expectancy in Black men reached its lowest level since 1998 (67.73 years), and the longstanding Hispanic life expectancy advantage almost disappeared.
echo • September 2, 2021 11:33 AM
I’m asking that Clive review his language. Not just what he says but how he says it. The reason is the public policy arena isn’t just the “facts” but like I keep saying people are emotional and social beings. There are more factors to consider. Nobody is a univariant walking medical condition. That dreaded word “holistic”.
I will direct people to the last section of this article “Vaccination remains our best single tool” as a model to consider. I’d read this first then go back and read the previous section “There’s no need to panic”.
If there’s one thing the neo-liberals and far right are good at it’s manipilating peoples emotions not unlike domestic abusers. This is why tone matters. You have to keep up morale.
Wellness and wellbeing are very badly defined things. They actually matter in law and I have some papers on this but they also matter in terms of basic health i.e. resiliance and also how effective our immune systems are.
A reduction in stress and depression is also good for reasoning powers.
SpaceLifeForm • September 2, 2021 5:15 PM
@ JonKnowsNothing, Clive, Winter, ALL
Beware of Cable Carrying Evil Maid
This Seemingly Normal Lightning Cable Will Leak Everything You Type
[Y RR Q]
Roman Numerals • September 2, 2021 5:25 PM
Road Runner is a great record label, but isn’t it a little bit late considering the two most recent issues with Rolling Stone?
SpaceLifeForm • September 2, 2021 6:05 PM
In the olden daze, I went to Radio Shack
[Y Rr Q]
MarkH • September 2, 2021 7:34 PM
It’s a while since I’ve written about the pandemic. Two items concerning young children:
First, an outbreak study from California traced 26 Covid cases to an elementary school teacher who was not vaccinated, despite having had the opportunity to receive vaccine by that time. Sometimes the teacher did not wear a mask in the classroom, and came to work with respiratory symptoms thinking they were allergies.
Half of the class became infected; in the front two rows (nearer the teacher’s desk) 80% were infected. The study concluded that the 12 infected children transmitted the virus to 14 of their family members.
From the time frame, I presume that this likely was not the more contagious Delta strain.
The second item reports results of a CDC-sponsored model developed by several universities, of Covid spread to and among in-person school students.
For the adverse case — without a Covid testing protocol and without mandatory masking and distancing — the upper end of the model predictions is that within 60 days of their first day of school, 80% of students who were not previously infected nor vaccinated (vaccines are not yet available for those younger than 12) will contract Covid infections.
In those places where authorities resist health precautions, the unethical experiments are already underway.
[Note: this is a re-post; the first edition went to “awaiting moderation,” which in practice seems to mean lost. I’ve removed the web link, hoping to get through this time.]
JonKnowsNothing • September 2, 2021 8:07 PM
@Clive, SpaceLifeForm, All
re: As far as we can tell although the mRNA vaccines bring your immune system up a couple or three weeks faster than other vaccines, they also drop in efficacy faster than other vaccines.
The answer to this is in the breadcrumbs … MABs
Good news is: more options are coming which is bad news for P/M/JJ.
(the road rash block is either WAI or Not WAI ; no idea which)
echo • September 2, 2021 9:20 PM
France 24 English
When’s enough? EU hits 70% of adults vaccinated, plan booster shots.
The European Union has hit the milestone of 70% of adults inoculated against Covid-19. It is quite a feat for a pandemic that is less than two years old and a vaccine that has only been available since January. Fury over the EU’s misfires at the start of the campaign may already be fading memories.However Covid is not done with us. The vaccination rates vary wildly just inside the EU and in many parts of the developing world, the inoculation rate remains below 2%.
This is a wide ranging discussing including experts across the broad public and international policy issues. It covered information of dosage levels, booster shots, triage, manufacturing, WTO agreements, safety standards, and messaging including the latest scientific position and social media misinformation. Assurance and tone are identified as important factors in increasing uptake.
JonKnowsNothing • September 2, 2021 9:36 PM
@echo, Clive, SpaceLifeForm, All
The short answer is: No
The answer is the same for 80% and 90%.
That will not stop the process in HIP Economic Countries and those about to join them.
The medium answer is classic statistics: What is the population definition?
In the dust, dry, burned, burning and Out of ICU Beds area of California (1), we get the same statistics until you break up the “big picture window view”.
The way out is through. • September 2, 2021 9:55 PM
Timing is everything as with all attacks.
Well, duration of saturation too.
Sut Vachz • September 3, 2021 5:20 AM
Yes, I’m loving me some RISC-V.
And then open source everything and get of the bloatware and bloat data.
Clive Robinson • September 3, 2021 5:51 AM
@ SpaceLifeForm, ALL,
Beware of Cable Carrying Evil Maid
Things have gone a long way since my basic pasive RX and active “illuminator experiments” back in the 1980’s when you could read the keystrokes out of any unshielded keyboard cable (see Ross j. Anderson’s book for other similar experiments).
However such cables have issues…
An ordinary cable only has I^2R losses that can be calculated and accurately measured. More importantly cables have uniform attenuation and when disconnected from computers and the like can easily withstand 1000V from the likes of an insulation tester.
Something very small embeded electronics can not do… So such cables are detectable. All you need to do is “verify not trust” before use each and every time.
As for “insulation tester” if you think back a bit the “Killer USB” dongle that can fry laptop circuitry could I’m reasonably certain with a little bit of thought be “repurposed”.
As I occasionally say the use of technology is agnostic 😉 also using technology to solve societal issues is usually going to fail when used against those who can think and modify their behaviours (see why CCTV usually fails in civic settings).
The problem is of course the majority of humans go for “convenience” and “show trust” in unreasoned ways. Which is why these technology cracks work.
My advice is assume nothing you do electronically is neither “secure” or “ephemeral” and will come back to haunt you…
Especially in these rapidly increasing faux-puritanical times, where the aim of many is to attack people on faux charges of some form of alledged moral/ethical degeneracy or because they might have hurt somebodies feelings. They make a lot of noise without proof stir up the “peanut gallery” then walk away with a smug feeling of satisfaction as to having claimed another innocents scalp or improved their own promotion prospects etc.
 Peanut gallery definition – the upper balcony of a theater : A section of “cheap seats” in a theater; or to the behaviour of spectators seated there.
 However in a faux-puritanical definition it will have added on an additional sentance, to quite deliberately change the historical definition and conotation and thus narative, with the likes of,
“refers to the seats in the Vaudeville era of the late 19th century where black people sat”
Thereby not just deliberately mistaking cause and effect. ie the cause “poor people amongst others sat in cheap seats irespective of race or colour”. not the deliberate distortion that the name had something to do with discriminating against black people thus bring it into the faux-woke cannon.
The actual reason it’s called “peanut gallery” goes back as far as can be established to Victorian London in Vaxhaul and Southwark where those in the cheap seats tended to be raucous and would throw salted peanuts –they would otherwise eat– at actors etc as a sign of disaproval. The salted peanuts were freely available because it made people thirsty so they would buy the over priced or watered down beer etc thus significantly increasing theater profits. There were some who believed that such theaters would sweep up and sift out the thrown peanuts and serve them back to others… Much as eateries did with “plate scrapings” going in the stew etc…
Clive Robinson • September 3, 2021 5:59 AM
Contrary to a common belief, people who are excessively hostile online are equally hostile offline. They are just more visible online.
Did you post your comment in response to one that has been “road rashed”?
Winter • September 3, 2021 6:15 AM
“Did you post your comment in response to one that has been “road rashed”?”
No, it was in response to the altercations in another post area about harassment. Regulars who keep harassing other will most likely be just as obnoxious offline. Which might explain some of the life history shared.
Winter • September 3, 2021 6:23 AM
“So now we have a paper to prove that the internet can be used as a sieve and that mean people are just, well, mean.”
Except, everyone was claiming the opposite. Until now.
Winter • September 3, 2021 6:59 AM
“Yes, I’m loving me some RISC-V.”
The campaign of the US to starve competitors for technology and the attempt of a US company to buy ARM will drive everyone to RISC-V. That seems inevitable.
Winter • September 3, 2021 8:05 AM
“Yes, I’m loving me some RISC-V.”
China is hedging its bets, or maybe betting heavily on RISC-V to keep independent of the West/USA.
Clive Robinson • September 3, 2021 8:56 AM
The campaign of the US to starve competitors for technology and the attempt of a US company to buy ARM will drive everyone to RISC-V.
Whilst it may not be RISC-V, the only sensible defence against “it’s my ball…” bullying is in effect to by your own “bat and ball” in preperation to ensuring “the goal posts stop being moved”.
But to be honest, I want to see other CPU architectures brought to the fore irespective of political and espionage nonsense. The simple fact is the IAx86 architecture was a bad idea back in the 1980’s and all it’s done since is pile more garbage on top over and over. The simple fact is it’s slow, ineficient and has more holes than a second hand pair of string underpants.
The basic design has long since hit a wall where even reducing the size of the active devices will not help stop the “active heat death” problem.
It must be more than a decade since I pointed out the future was “parallel at all levels” from below the CPU to above the globe spaning network. The problem, most programers myself included thing in terms of “serial not parallel processes”. Back in the 1990’s I was looking around to do a PhD based around the notion of widely data-distributed and geo-placed DBs that were in effect multiple part DB’s of the whole spaning a country or the globe. Thus doing one of the CRUD actions involved not just “time” but “relativity” and gave rise to some very interesting consequences that few at the time appreciated. The downside, I could not find a “reader / advisor” who had the requisite skill set…
Times have moved on in a quater of a century and more, and I pursue other interests these days. But it’s curious to note that even now those involved with Distributed DBs still do not think in a sufficiently parallel or distributed way. I guess they will only catch up when the pain threshold of old ways is to great to bear both in ICT and human terms.
Sut Vachz • September 3, 2021 9:12 AM
@Winter @Clive Robinson
And let us not forget Leslie Lamport
SpaceLifeForm • September 3, 2021 4:12 PM
Apple trying to put worms back into can
JonKnowsNothing • September 3, 2021 5:57 PM
@SpaceLifeForm, Clive, All
re: Wormy Apples
I’ve wondered how much of a Tech Warrant Canary this whole episode is? Such tech has been deployed for a long time now and moving it upstream was a big leap. The dearth of noise from other Big Tech was better than noise canceling headsets.
That’s enough to make me wonder, why the silence?
Like other frogs in the boiling pot, this one got a reprieve for now but surely will make another appearance, perhaps with a different name or target.
Sharing that mandatory sweet ultrasound image required for females in some locales or the 2-finger-test report that was rescinded in others.
Clive Robinson • September 3, 2021 7:38 PM
@ SpaceLifeForm, ALL,
Apple trying to put worms back into can
Whilst Apple might be able to wrangle the worms back into the can, by not implementing these Privacy Invasion Measures.
They have already made a fatal mistake. They have shown that the can has a top that is easy to open…
Thus lets say the famed dictatorship of “Tyrannopia” population of a billion or more, has a leader looking not to disimilar to a “Cabbage Patch Doll” in a favourable light. Who decides to pass legislation to force Apple to,
1, Implement the software as Apple has already described it.
2, Mandates that the two cop-tag agencies must be Tyrannopian in origin for any iDevice in Tyrannopia.
Apple has no choice but to say yes to both as the only other two options are,
A, Fail in a Tyrannopian controled court.
B, Not sell product in Tyrannopia.
The result of the first will be big fines and comply or be baned… So either way Apple will either do it or get all manner of hell from the shareholders for not selling in a market of a billion plus potential bump ups in their dividend / share value…
So I think it takes no great brains to realize who is actually in control.
MarkH • September 5, 2021 4:00 PM
And let us not forget Leslie Lamport
I hope I never forget him! Twas many years ago that I read about his Bakery Algorithm, and was deeply impressed by its economy and elegance.
I was startled to see your reference a few days ago, because only about a week before I was thinking (and studying) on the Bakery Algorithm, so Mr Lamport was very much on my mind.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment