Comments
ibm pc • August 6, 2021 5:18 PM
Next week will be enormously important day – 12 august.
This is IBM PC 40th anniversary.
All computers we use today are descendants of the original PC.
Celebrate!
But remember – next day will be Friday the 13th so i wish you all the gentle hangover 🙂
SpaceLifeForm • August 6, 2021 5:51 PM
hxtps://www.vice.com/amp/en/article/qj8m85/ftc-slams-facebook-for-lying-about-why-it-shut-down-misinformation-research
Teve • August 6, 2021 6:09 PM
Apple saying it will scan iPhones for child porn
https://www.pbs.org/newshour/economy/apple-to-scan-u-s-iphones-for-images-of-child-abuse
SpaceLifeForm • August 6, 2021 6:10 PM
@ Bruce, Clive
This will not happen. 5G is garbage. This is a National Security issue.
This will not happen.
Apple has provided a web page on their new scanning initiatives, currently confined to the U.S. effective with the rollout of IOS 15.
https://www.apple.com/child-safety/
1.) There will be a check of the hashes of photos that go between the device and Icloud photos to make sure that they don’t match known child porn. This check occurs on the device, not the server. If Icloud photos isn’t used, this check won’t occur.
2.) There will be tweaks in Siri and search to discourage interacting with child porn.
3.) A scanner will be added to Imessage to scan images for sexually explicit content. There will be a scanner before the content is accepted and transmitted, and a scanner at the receiving end before the content is released to the recipient. This 2nd scanner doesn’t use hashes.
The EFF has released an analysis.
https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life
I was hoping to see a piece by Bruce on the situation.
R-Squared • August 6, 2021 11:09 PM
@ AL
1.) There will be a check of the hashes of photos that go between the device and Icloud photos to make sure that they don’t match known child porn. This check occurs on the device, not the server. If Icloud photos isn’t used, this check won’t occur.
Let’s not write too many checks while we’re that high on weed. “Known child porn” obviously cannot be hashed precisely without the ability to reconstruct the original image, because of shifts, rotations and other image transformations that defeat one-way hashing schemes.
Those are precisely the images feds have access to for dumping on suspects and targeted individuals as a holding charge while they execute a search warrant to turn the rest of their lives upside down with any additional federal felony charges desired at the D.A.’s office.
2.) There will be tweaks in Siri and search to discourage interacting with child porn.
So older men are pushing the envelope here, robbing the cradle for legal 18-year-old girls, 21 if you want to get them drunk or high on weed. You can’t fight that with an algorithm, or an Establishment legal system.
3.) A scanner will be added to Imessage to scan images for sexually explicit content. There will be a scanner before the content is accepted and transmitted, and a scanner at the receiving end before the content is released to the recipient. This 2nd scanner doesn’t use hashes.
There have got to be cases like a dude with cancer of the penis or a gal who got bitten in the crotch by a bear or a dog.
Some people are obviously going to get excited over such images even if it isn’t their business to be looking at somebody else’s pictures but the images themselves have got to be legal regardless of movie scene rating.
People wear clothes or look away while someone else is dressing but that doesn’t their private parts don’t exist.
In any case, the whole iPhone thing is getting too creepy with the dating apps and boyfriend girlfriend junk going on.
@ circular
That sounds like a Native American, Sioux Indian Tribe and Ashkenazi Jewish public-private partnership mafia hospital going on, with a heavy-handed emphasis on involuntary mental health care, from the sound of the name. My guess is that it’s mostly white mob bosses with a token drop of pure Sicilian blood who would actually be charge of a place like that.
JonKnowsNothing • August 6, 2021 11:19 PM
@All
re: Apples Cop Core
What is understated is Why Now? What Changed? Who’s Bought It?
None of the items have anything to do with “customer bloatware”; it’s all LEA and LEA USA specifically.
So, who leaned on them and why did they cave?
Someone must be buying a staircase to heaven…
I predict a quick return to stand alone cameras with removable media.
I surely don’t wish to have some LEA watching my neeked horse romping in the fields…
Clive Robinson • August 6, 2021 11:26 PM
@ JonKnowsNothing, MarkH, SpaceLifeForm, Thoth, Wael, Winter, and all the other usial suspects,
Speaking of “broken by design” this has just come to my attention,
https://joonas.fi/2021/08/saml-is-insecure-by-design/
I guess I’m going to have to read it and think about it carefully. So I thought I would share the fun as it were…
Put simply it appears to be a specific example of the more general “Know what you are signing and not signing” issue.
Something that was just one of many issues @Nick P, myself and others discused about the “code signing” issue back what feels like a decade and a half ago on this blog…
That is in even a moderately complex systems that has an interpreter etc built in,
1, You sometimes sign what you think is “immutable data” but you actually sign “code” that produces “mutable data” as output[1].
2, That is you sign just the Code which can, execute in different ways under an attackers control to produce different thus “mutable/maluable” “output data”.
3, You then use the mutable/maluable “output data” from the signed “code” as input for a security function as though it has been signed “immutable data” when in fact it is not.
[1] In essence you are not signing anything security wise. Because,
Output = Code + Input
You sign “Code” but not “Input” and assume “output” is secure when it is nothing of the sort…
That is,
Fred = signed(code) + Bill
John = signed(code) + Dave
So clearly,
Fred != John
Yet also,
True == signed(code)
That is in both cases “signed(code) == True”, but as the inputs are neither checked nor signed, they can be anything the attacker choses. Thus the outputs can be anything the attacker choses, whilst the coder thinks they are signed…
Clive Robinson • August 6, 2021 11:56 PM
@ SpaceLifeForm,
This will not happen. 5G is garbage. This is a National Security issue.
Please do not drag me into this, especially when history shows the opposit is likely to be true…
In the same article you link to you will find,
“Interestingly, T-Mobile has no plans to turn off its own 2G network.”
If you remember back, I’ve said this before and why 2G was not going to get turned off any time soon by certain operators.
I then got “dog piled” by those who thought differently, and I realy do not think they have any intention of apologizing.
There is too much “Political Noise” over 5G but consider the technology is,
1, Sound / Proven (not garbage).
2, Inexpensive.
3, Already heavily invested in.
4, Without alternatives available.
I won’t say the writing is on the wall, but when you actually consider the real reasons for the “5G Political Noise” you will see what is realy going on and it’s basically the US has lost hold of control of the consumer communications market thus lost,
1, Power.
2, Fiscal opportunity.
And some psychos think they can get it back (see what is currently happening with the Taiwanese Semiconductor Manufacturing and USG Political threats).
However nobody in their right mind outside of the US want’s to go back to the lunacy of the last century and US politicaly directed judicial decisions.
And when you think about it neither do US consumers that are sufficiently informed. The reason your mobile phone can track you like a bug under a microscope is US “safety legislation” requiring GPS etc…
Ruby Slippers • August 7, 2021 12:05 AM
Lo is the curse of dual use technology.
I won’t correct the typoes as they’re both cute and timely.
But let’s scare the heebies out of the ones that think they can beat this for a second.
If it’s client side, you can root your phone and turn it off.
Apple controls the ecosystem, Clive just referenced Holy Reference Code.
Apples code is signed likely obfuscated and probably also includes a OTP for ‘proof of execution’.
There’s no smart in being a suck fick.
Enjoy gaming this in and out of the ecosystem I have an email to write.
Clive Robinson • August 7, 2021 3:59 AM
@ Ruby Slippers,
Apple must be storing terabytes of kiddie porn
No there is no requirment that they do so, or even “see the file contents” by human eye or machine image recognition.
Basically all they need is a source of “cop-tags” that are similar but not the same[1] as a hash results of a file used for digital signing.
I bet you they [Apple] caught a bunch of guys with locked and wiped iphones who undeleted it all when they bought a new phone.
The contents of many iPhone users personal data areas do indeed get copied from their iPhone into the iCloud as a “feature”. But it applies to gals and guys almost equally and it’s a lot lot more than just a few photos, it’s effectively everything including any geo-location tracks that might exist within “personal data”, including that the user themselves can not see or even knows exists.
Under US law such personal data once moved in the way it is, becomes a “third party business record” that the user has no control over, and the Federal agencies and even local law enforcment can gain legal access too without a warrant or any other authorisation with “oversight” or the legal requirment to “log access” for…
[1] I can not remember where the term originated in the UK but it was back last century. The UK Met Police were seeking funding to set up a database of child exploitation to make other Police Forces Forensic Examiners lives easier. The idea was to scan a hard drive and each file would have a “computed tag” that enabled the likes of “standard files” for the OS, Applications etc easy to recognise and thus not need checking. More importantly media “types” would have tags based on the apparent “file format” to help with checking. However if the “file format” type and DOS 8.3 filename three letter extention type did not match it got logged as suspicious (kind of dumb considering how some backup utilities worked even back then). However the law got changed and “indecent images” became a problem in various ways. Most image file formats have “redundancy” in them such that a known image, could be trivially changed in some small almost impetceptable way and thus any Crypto-hash or even simple CRC could be changed dramatically but the image in effect remain the same, thus classifing files had to be done by eye thus fell foul of the legal changes. One early solution was to look for the percentage of “skin tones” in an image and use that as a very crude hash to classify an image. Other techniques that were broadly similar were also developed these became “Cop-Tags”. The problem is unlike crypto hashes etc a lot of files would produce the same “cop-tag” so in the case of flesh tones, an indecent image, a holiday crowded beach image, and a photo of a crowded spectator stand at a sporting event could all produce similar percentages of flesh tones as could quite unrelated images of the likes of birthday cakes… Thus a file matching a cop-tag implying indecent image might be nothing of the sort, but nobody would look at the file because that would be illegal. Thus there was the very real possibility you could end up in court charged with having an indecent image, yet nobody had actually verified that the image was actually indecent… Yet the prosecution would say it was based on a quite bad, very crude and unreliable computer algorithm (guess what with ML and AI we appear to have driven the wheel round a few times and not learned squat on each revolution…). Thus the question arises about “trusted cop-tags” that is “At what point can an authority issue a tag and have more than 50% of the population believe without question or checking that the tag is genuine, when it actually is not?”. The answer is worrying, with significant criminal penalties existing if an “indecent image is viewed” very few to no people would check the image if the cop-tags said it was “indecent”… Thus the ability to abuse the process to hide other information that might be “politically embarrassing” thus rightfully in the “public domain” is significant.
Wael • August 7, 2021 6:56 AM
@Clive Robinson, …
Speaking of “broken by design”…
Interesting! I’ll queue it for the next available time slot 🙂
Ruby Slippers • August 7, 2021 8:15 AM
This thread is the first question you had?
I see two others.
May the future bring health wealth and happiness to the well meaning members of our family here.
JonKnowsNothing • August 7, 2021 9:03 AM
@ Clive Robinson, MarkH, SpaceLifeForm, Thoth, Wael, Winter, and all
re: “Know what you are signing and not signing” issue.
I am not that familiar with this particular application protocol so read up a bit about it. I have seen other similar “lock, unlock”, “block, commit, rollback” systems.
They all presume that what’s in between the bookends is valid and correct. The block, commit, rollback model only provides a way to “undo” something but the correctness of the transaction is presumed inside the block. The undo portion is a point-of-failure recovery, like for an unreachable destination.
By the time something hits the bookends the correctness is supposed to be validated. The time spent in lock-unlock is the minimal time frame for processing the transaction. Some systems allow for the queuing of blocks waiting for final transaction.
Probably every programmer has found one or more instances where the bookends were set in the wrong place, and the “immutable data” was really “mutable data” and the lock did nothing at all. Well it did block the transaction area for a nano-second like a NOP.
Freezing_in_Brazil • August 7, 2021 9:07 AM
Re apple image scan
A series of easy transformations will produce very different hashes from the same base image without altering the image beyond recognition [as it should].
flip horizontally > add 5 px horizontally > change saturation, contrast, hue, gamma…
echo • August 7, 2021 9:32 AM
It is far better to concoct passwords made up of three random words than to use more complex variations involving streams of letters, numbers and symbols, UK government experts have said.
The National Cyber Security Centre (NCSC), part of Government Communications Headquarters, highlighted its “three random words” recommendation in a new blogpost.
It said a key reason for using the system is it creates passwords that are easy to remember, yet strong enough to keep online accounts secure from cybercriminals, owing to their unusual combination of letters.
By contrast, more complex passwords can be ineffective because sometimes they are more guessable for criminals and the software they build to detect them, according to the advice.
The agency says cybercriminals target predictable means that are supposed to make passwords more complex – such as substituting the letter O with a zero, or the number one with an exclamation mark.
Criminals allow for these kinds of patterns in their hacking software, which negates any added security from such passwords.
“Counter-intuitively, the enforcement of these complexity requirements results in the creation of more predictable passwords,” the agency said.
The entropy for this scheme is a lot lower than the theoretical maximum for a given number of characters using every available character. The entropy will be reduced more because people are habitual and may only recall a limited number of words relative to their total personal vocabulary size. Anyone trying to be clever may limit their effective entropy even further. Metadata and other data may be used to narrow down the probability space even further. Then throw in specialised hardware which can reduce the search time in comparison to off the shelf general purpose hardware. If you count each word as an individual character which specialised hardware would have an advantage with entropy drops off a cliff to worse than DES levels and the time to disovery shrinks quite markedly.
I’ve always suspected dictionary password schemes are bogus even the much advertised diceware scheme. But three words? Thought of off the top of someone’s head? Really?
Time delays between password attempts can throw a spanner in the works but this assumes the backend isn’t compromised or your entire data hasn’t been copied for decryption at leisure.
Then there are badly written “keysafes” and “password generators” yaddah yaddah which can be exploited.
OS which can be exploited.
“Ceci n’est pas une mot de passe”. Do I win a prize?
Robin • August 7, 2021 9:51 AM
@Echo : I was very surprised to see this. Like very surprised. Here is @Bruce in 2014:
ht tps://www.schneier.com/essays/archives/2014/02/choosing_a_secure_pa.html
TLDR: “This is why the oft-cited XKCD scheme for generating passwords—string together individual words like “correcthorsebatterystaple”—is no longer good advice. The password crackers are on to this trick.”
echo • August 7, 2021 10:32 AM
@Robin
There’s also this which I re-read before posting and mentioned an earlier essay of Bruce’s.
https://kodespace.com/to-entropy-or-not-to/
https://www.schneier.com/essays/archives/2008/11/passwords_are_not_br.html
I’ve been somewhat doubtful of UK security services for a while based on their public statements and reports. Management doesn’t seem to be the best, there are some black holes and weaknesses in their areas of concern especially around the far right threat, half-admitting politics was overriding actual real assessed threat levels, and the national security threat notice I read this week wasn’t very impressive and a touch too politically motivated for my liking. Then there’s this, as you say.
I don’t know who it was supposed to appeal to. I’m guessing they are trying to get the attention of lowest common denominators with something catchy they will remember and more secure than the name of their pet cat. If not that GCHQ wants to reduce its electricity bill.
JonKnowsNothing • August 7, 2021 10:52 AM
@Freezing_in_Brazil
re: Image manipulation to alter hashing
iirc(badly) Lots of images and documents hold an audit-undo list. Some include group approvals and commentary lists. These are internally saved with the file.
There have been some doozies where redacted information was simply unwound by clicking “undo” or using a graphic layer program that auto-separates editing layers: Untick: show layer N.
It maybe they are looking at a simple hash or maybe they are looking for Cop-Tag areas of an image.
Since Google/NSA et al. have been scrapping vast quantities of images and analyzing them for any identifiable object in the image (trees, pots, stairs, building shapes etc), they may have multiple tags for areas that pass the AI/ML image area selection bot.
Per items I’ve read, there is some awareness of “location identification” and attempts at blocking it but afaik that’s not really successful given all the metadata and EXIF data in images.
Not too many people actually look at the advanced properties when writing documents and drill down into all the fields and options and user defined fields that are available inside the document itself, some of this is auto-populated. This is not the right click properties box but inside the document.
There is also information stored in the object files (png, jpeg, doc/docx). Interesting stuff to be found in a hex-editor.
R-Squared • August 7, 2021 11:19 AM
@ JonKnowsNothing
group approvals and commentary lists. These are internally saved with the file.
There have been some doozies
There were at one time “usenet” groups that got flooded with binary images in base64.
Obviously the text, captions, and related discussion are evidence of an agenda of committing violent sex crimes, and stuffing up local court systems with service of process so innocent ones take the fall while the “regulars” who are actually guilty are allowed to continue doing their cyberstalking and image-hunting “thing” in the interest with total impunity.
Clive Robinson • August 7, 2021 12:03 PM
@ echo, Robin,
With regards the article,
“It said a key reason for using the system is it creates passwords that are easy to remember, yet strong enough to keep online accounts secure from cybercriminals, owing to their unusual combination of letters.”
There is a very very large fly in the ointment of “passwords that are easy to remember” and the way the human mind works or more correctly does not work.
Humans do not actually remember how to spell words. That is they do not remember “cat” as “C”+”A”+”T” they are more likely to remember the phonems of “Ka”+”~t” from remembering the whole word as spoken, then convert the phonems back to letters by secondary helper rules like “I before E except after C” etc.
This most of us kind of realise at some level. However we do not remember words in sentances either we remember the meaning in a sentance by word linkaging of meaning “The wheels on the bus go round and round” could be “The bus has wheels that go round and round” feels more awkward thus we prefere the first form even though both are valid.
Thus we get a problem…
If I give you three random words, unless I also give very specific guidence, potentially backed up by punishment most humans will re-order the words to make them easier to remember…
So “Sat”, “Mat”, “Cat” will get reordered to Cat-Sat-Mat…
Most people will think “So what” when asked not to re-order words, but they would kind of get very upset if we re-order the digits in their monthly pay to least significant digits first most significant last.
The simple fact is re-ordering significantly reduces the number of permutations, thus in the case of words significantly reducee the size of the password set.
Humans also have a habit of not having duplicate words in a sentance, the “round and round” of the childrens song “very very” rarely happens normally. Thus reducing the password set further.
The list goes on but very few realise this and it is this lack of knowledge of human failings that makes the XKCD “HorseBattery…” system way weaker than it should be.
A series of points I’ve made before, yet you rarely if ever see them mentioned by people when talking about the XKCD or similar systems.
Yet when it comes to supppsed random keyboard characters, the number of loops, hoops, rules, and strictures we are required to learn and navigate is just mind warping for the average individual.
So yes I’m not surprised to see you question the “advice” it is at best “incomplete” at worst “deliberately negligent” and most definitely not what you would expect from aledged security experts.
But I’m starting to believe that “security expert” is a truely oxymoronic title chosen by those who forefill the Biblical “For They Know Not What They Do Lord”.
R-Squared • August 7, 2021 12:39 PM
@ Informed Citizen
Currently you appear to wear no clothes as your previous comment has shown.
We will see if that remains the case.
—> https://nakedsecurity.sophos.com/
Is this what you are referring to by any chance?
Personal computers are hacked, keys, cell phones and bank cards are stolen, bank accounts are compromised, abusive conservatorships are set up, guns are confiscated, rights are revoked, real estate records are lost, forged, or altered over the years, and only the lucky few, the 1% if even that, have so much as the clothes on their back to get away with, if there’s any way out of those damned corporate intellectual property and mental health handcuffs.
Informed Citizen • August 7, 2021 1:16 PM
Tho following post has been directed at @-:
https://www.schneier.com/blog/archives/2021/08/squid-dog-toy.html/#comment-385756
@R-Squared:
“Is there a separation of church and state, or is the CIA mixed up in this as well?”
From memory, there is a primary requirment in the US for a ‘separation of church and state’ which the previous administration very much ignored especially the VP and the attorney general who both paraded their ignorance and illogical religious primacy beliefs in equal measure.
As for the CIA, again from memory it’s in their founding charter that they are not supposed to operate on “home soil” inside US boarders. Something several administrations appear to have turned a blind eye to over the years.
So the answers to your two questions appear to be “No” and “Yes” respectively.
lurker • August 7, 2021 2:28 PM
@Clive, All
Under US law such personal data once moved in the way it is, becomes a “third party business record” that the user has no control over…
What is iniquitous about this process is that the user, by choosing to use a particular system, is constrained to move their personal data in such ways. Google Docs is provided “free” on my Chinese made, non-US carrier phone. The app allegedly permits off-line working. I must be online to create a document, so that the doc’s existence can be registered in California, even if I manage to keep its future contents out of G’s hands.
I must be online to commence editing any existing document not already registered in California. These are the reasons I moved away from Apple…
JonKnowsNothing • August 7, 2021 3:01 PM
@Clive, echo, Robin, All
re: re-ordering mnemonics
RL anecdote tl;dr
Eons ago, in a group meeting, the group was tasked with remembering a list of items. After a bit, individually, we were asked to repeat the list.
While, the list was being given out, I build a mnemonic for the list and when I repeated the list, in a different order… all heck broke out and the remainder of the group was unable to repeat the list in the original order.
It was the Memory Game from Kipling’s novel Kim, except I borked all the other players.
===
ht tps://en.wikipedia.org/wiki/Mnemonic
ht tps://en.wikipedia.org/wiki/Kim_(novel)
- As part of his training, Kim looks at a tray full of mixed objects and notes which have been added or taken away, a pastime still called Kim’s Game, also called the Jewel Game.
ht tps://en.wikipedia.org/wiki/Kim%27s_Game
- Kim’s Game is a game or exercise played by Boy Scouts,[1] Girl Scouts and Girl Guides, the military, and other groups, in which a selection of objects must be memorised. The game develops a person’s capacity to observe and remember details.
(url fractured to prevent autorun)
Neon Green • August 7, 2021 5:31 PM
@ JonKnowsNothing
RE: //www.schneier.com/blog/archives/2021/08/squid-dog-toy.html/#comment-385680
That may be the point, what’s the long game here?
Apple being a bulk facilitator?
But how successful have they been with tracking burner phones and mules?
Disposable cameras may be on the watch list think about how hard it is to get polaroid stuff these days plus you have to have somebody develop the film.
Chemical watch list too maybe.
Last week we had the article about google images having an lkm available for android to pre-encrypt and now?
Now we have the whole ‘thanks for all the fish’ stuff,
@ Freezing, that’s not a reference to you but to the 3 things I mentioned earlier.
I’m glad I never bought into Apple’s bullshit, I’ve been told I’m O.D.D.. Who knows.
I’ve been watching this stuff since the day allvirustotal came out.
[ ] Upload your samples?
The same kind of concept worked with Kaspersky? when the CIA leak was identified.
I don’t upload shit, if data wants to be free it had better be sneaking out a window at night because if I find out it’s back to the firmware with you and I’m not one of those “40 years of ibm compatibles” mentioned above.
I am NOT a fan of homogenization but things are getting very deep it looks like, makes me wonder how much actual damage was done in 2016 and whether it’s related or not.
Keep your ears moving and mental in focus.
SpaceLifeForm • August 7, 2021 5:34 PM
@ Clive
It may work good on your side of the pond, especially if not in a rural area.
There is too much “Political Noise” over 5G but consider the technology is,
1, Sound / Proven (not garbage).
2, Inexpensive.
3, Already heavily invested in.
4, Without alternatives available.
- Yes, it works. Distance vs bandwidth considerations? Maybe not so hot. How are your window blinds working today? In a cellar surrounded by concrete? How’s that bandwidth working for you today? Like paying for premium bandwidth that you never can get?
- Maybe inexpensive to the cellco, but maybe not to the end-user. Battery usage is bad. Phone costs more. Cellco is not going to roll out in rural areas. It just will not happen.
- Objection! In the US, it is a scam. The cellcos are only rolling out in large metro areas where they already have fibre and plenty of marks. It’s the same scam as the DSL rollout in the US. They would market DSL in your area, but it never happened because there was not enough marks on your block to make it profitable.
- The alternative is to stick to 4G. Most people do not need the faster speed. If you are in a rural area, you will never ever get high-speed 5G. But, you can buy a more expensive phone that will drain your battery faster. Not a choice I would like. 4G will get thru your blinds and concrete.
Neon Green • August 7, 2021 5:35 PM
@ Clive,
RE: JohnKnownsNothing
Actually, that could be the point to make those idiots quit involving companies and start making themselves exploitable via some sort of natanz style worm.
Where is the offramp ?
Neon Green • August 7, 2021 5:39 PM
okay, by “watching this stuff”
i meant making sure if i download music or warez or exploits or source code i dont upload it again
man the english language sucks.
@ SpaceLifeForm,
probably 03/04 ish
SpaceLifeForm • August 7, 2021 6:13 PM
@ Neon Green
Missing dot. Are you referring to GMT offset or Y2K offset?
SpaceLifeForm • August 7, 2021 6:54 PM
@ Clive, JonKnowsNothing, MarkH, Thoth, Wael, Winter, ALL
Broken by Design
Combine the link Clive noted:
hxtps://joonas.fi/2021/08/saml-is-insecure-by-design/
with
hxtps://portswigger.net/research/http2
And you might get
hxtps://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html
At least, that’s how it’s supposed to work and keep us (and our data) safe.
SpaceLifeForm • August 7, 2021 7:12 PM
@ ALL
Has anyone figured out why telcos/cellcos do NOT use NTP?
echo • August 7, 2021 7:18 PM
@SpaceLifeForm
I’ve taken the time to read articles ad watch videos explaining how 5G works and satisfied it is a useful improvement. Now with that out of the way I think the politics, policies, and performance need to be seperated out.
My feeling is that a large drive for switching off “2G and 3G is coming from accountants and aggressive business types. A huge amount of the noise and politics of this and other things is spilling over from the US. Government especially the current government and regulators is so hands off it teeters on the line between negligence and wait and see.
https://www.theguardian.com/business/2021/aug/06/fortress-offer-morrisons-bidder
The US-backed bidder for Morrisons has increased its offer for the supermarket group by £400m to £6.7bn in an attempt to fend off a rival suitor and win over reluctant shareholders.
[…]
Fortress’s bid is backed by the Canada Pension Plan Investment Board and the Koch family – the billionaire US industrialists who are known for their libertarian and conservative activism. Singapore’s sovereign wealth fund, GIC, also joined the consortium late last month, giving it extra firepower.
[…]
Another investor, Legal & General Investment Management, warned in July that Morrisons should not be bought for the “wrong reasons”, such as taking advantage of a possibly undervalued property portfolio, to load it up with debt, or to cut its tax bill.
https://www.theguardian.com/business/2021/jul/05/morrisons-takeover-apollo-bid-fortress
The Labour party wants the government to step in to make sure a takeover does not threaten Britain’s food security, damage farming, or lead to job losses. However, a spokesman for Boris Johnson on Monday said it was a “commercial matter for individual businesses”.
Pretty much every American led takeover has led to changes in business priority, job losses, leveraged debt pushing prices up or hollowing out the company. It effects people on a psychological level and a social level. It has knock on effects economically. The UK government knows this and doesn’t care. It is driven by fantasy.
The Koch’s should be in jail for what they have done and are doing. They and the Mercer family and other US billionaires are funding far right activity in the UK. Then there are the Murdoch’s stirring it. It’s interesting the US accused Roman Abramovich of espionage and attempting to obtain ifluence for buying Chelsea Football club yet US billionaires and the US are up to their necks in political interference and espionage in the UK and Europe. Nor does anyone say anything about right wing Tories “white van man” marketing and importing wedge politics from the US or aligning themselves with the old BNP vote and far right football hooligans.
The US and UK have governance and regulation issues. They have business practice and finance and legal issues. They have cultural issues. I think more than a decade of neo-Thatcherite dogma and austerity as well as the current coup with a reckless far right government at the helm is doing immense damage.
Back to 5G… Switching off 2G and 3G is a choice. It is the end result of a long list of bikeshedding and biases. Most business and most employees I guess actually do care but the governance and regulatory environment to create a level playing field just isn’t there. You can see this sickness to an extreme degree with right wing politicians especially who rail against how the world is because it’s not what they think it should be. Years and years of pro American media and anti European media led by billionare tax dodging and social climbing cowards. To them everything is fungible. Everything is about what will add another penny to their bank account. The over-leveraged. The con artist. That is who is to blame not 5G.
Life expectancy in the US and UK is dropping. It’s the cultural dogma – the religion of the right wing which is killing people not 5G.
People are not rational beings. Information overload and too many stresses are having an impact. People don’t know how to manage this as all their choice is taken off them and they are lashing out. They are projecting and 5G is a lightning rod for this.
I do agree questions need to be asked about switching off 2G and 3G. What are the practical effects going to be? Why gains and who loses? What are the outcomes for this? Do we want to facilitate corner cutting and putting significant numbers of people at a disadvantage? The poor? Who is going to buy them new phones? They are an essential today. I think it is unfair and wrong to leave this kind of stuctural decision to business. That is an abdication of government.
SpaceLifeForm • August 7, 2021 7:37 PM
htxps://en.wikipedia.org/wiki/Calendar_era
lurker • August 7, 2021 7:41 PM
@SpaceLifeForm: from the splunk blog, the first diagram attributed to Signia:
My simple mind sees a problem with the link labelled “2”. Forget all the complications of SAML, which like its parent XML, shows that a language intended to be both machine and human readable can easily end up misread by both.
It’s that second link: why is the Service Provider trusting me, a dumb customer, to go get authentication from a third party? I want authenticated access to the service, and how the provider does this might be invisible to me, even involving the same third party. But I trust the provider to do it right, otherwise I wouldn’t be doing business there. So throwing the ball back to me just shows as @Clive said, it’s “broken by design”. That is the mechanism is broken before we start looking for gotchas in SAML…
Sloth • August 7, 2021 9:42 PM
PGP Signing(using gpg) is such an easy solution to the identity stealing problem I dont understand why its not implemented?
@Bruce this can make this comment section alive again.
Every comment can easily be signed and keys whitelisted(The moderator can invest energy in the new commentors more then, since they are more likely to be spammers.)
If signing a msg using pgp is too difficult even a simple passphrase linked to every handle can be great(no email, ofcourse). The core issue of handles being used by impostors is easy to solve, people/moderators develop trust for a handle and that is often misused.
Thankyou for providing this place we can call home, but why not keep it sacred.
Jon • August 7, 2021 10:55 PM
@JonKnowsNothing:
That sort of thing is also the basis for an interest ‘mind reading’ card trick.
You deal the mark five random cards, and tell them to not indicate in any way which one they’ve chosen. But, in order to read their mind, they must concentrate very hard on the card they’ve chosen. Reading minds is hard!
Then you take back the five cards, do your little ‘mind-reading’ dance while they’re concentrating very hard on their chosen card, shuffle them around, then dramatically pull one aside, face down, and slide it away. You then take one more card from the top of the deck, add it to the four, and hand it back.
Sure enough, the card they were thinking about is gone.
There is, of course, a trick to it… J.
SpaceLifeForm • August 7, 2021 11:43 PM
@ JonKnowsNothing
The undo portion is a point-of-failure recovery, like for an unreachable destination.
Or an undesired destination.
Scenario:
Payload broadcast.
Payload received.
Payload interpreted.
Payload collects ‘stuff’, and builds a hash.
Payload compares hash to expected hash.
Payload disappears if expected hash does not match computed hash. Exit.
Payload continues, and installs further tooling.
Payload calls home, with message ‘Target found, awaiting instructions’.
Sloth • August 8, 2021 1:35 AM
@SpaceLifeForm
“””
So, if every user has a passphrase, then which end decides upon what it is, and how is it then securely transmitted to the other end?
“””
Good old databases and user creates one, I had once setup a similar system for a local network deployed web application.(Ofcourse salt and hash it). Not most secure but enough to beat some russian trolls.
I understand I am naive to say pgp signing is easy, Regarding md since md is plain text it can be acheived but requires effort and some technichal knowledge.
Making this pgp commenting accessible is a good project to pursue, which has the problem of where to store the private key… as the first roadblock. (protonmail kind of has a solution but thats too centralised)
@Winter:
@ALL:
“The Troll-tool is admitting it reposted all deceptively under various handles. Also admits it is waging a war against the owner of this blog and his assigned moderator.”
Hardly surprising since it’s been worked out by more than one individual from the Troll-Tools incessant banging on, coupled with the Troll-Tools limited inteligence.
Leading to the Troll-Tools identification even through multiple sock puppet handles due to their inability to learn, thus failure to change or adapt and a complete failure to evolve.
Just live up to the image of a Trumpian 400lb incel making a terible impression effectively squatting in the bed and just bashing it out impotently.
Thus whilst the Troll-Tools admition to storing and re-posting was established weeks ago. The Troll-Tools still trying foolishly to pretend some moral high ground they just do not have.
Put simply it’s their breaking of the blog rules that has been getting them deleated all the time so far, but they are not yet ready to admit how foolish they are so they carry on and no doubt will be apparently suprised and outraged when they get deleted for breaking the posting rules. Untill they work out a way to somehow make their rule breaking look like moral high ground, which it’s not nor ever will be.
But one thing is true the Troll-Tools are investing a lot of time to attack this blog, the question is “Why?”
Looking back through the blog one or two people have been baned in the past for good reason. Thus the potential for narcissistic revenge rage does arise, but is this the case… Well one or two have fixated on regular commentators who have since gone which is a shame.
But this attack has different hallmarks the Troll-Tools apparant activity is to cause changes in the blog that would also stop them participating in future times. So not even “bragging rights” to give “ego food” would appear a very high investment for very little or no return.
Is somebody being payed to attack this blog?
Well it might account for the Troll-Tool behavioirs, but that leaves the question of “Why?” what is the profit if any…
Well as has been seen “right wing nuts” have plenty of money to burn for “political reasons” and currently they appear to have no inability to find what Joseph Stalin called “Usefull idiots”.
Is that what the Troll-Tools are? Just “usefull idiots”… To be used, abused, and thrown under the bus by someone with more money than sense?
If they are they won’t be the first, but then they probably won’t be around to talk about how foolish they have been. Historically few of Jo Stalin’s usefull idiots survived to realise what they had been let alone talk about it. It generally turns out that way for usefull idiots.
Winter • August 8, 2021 4:10 AM
@-
“Well as has been seen “right wing nuts” have plenty of money to burn for “political reasons” and currently they appear to have no inability to find what Joseph Stalin called “Usefull idiots”.”
Online AstroTurfing has been proven quite conclusively. I have seen reports that show paid for trolling in India. Not sure how good the evidence was.
Here are some US blogs about it:
ht tps://other.skepticproject.com/forum/1980/are-right-wing-libertarian-internet-trolls-getting-paid-to-troll/
ht tps://therealslog.com/2014/09/14/professional-trolls-who-pays-them-where-do-they-come-from/#comment-479876
(read the comments)
Winter • August 8, 2021 7:30 AM
@-
“The Trolll-Tools use is not covered by exemption legislation.”
The blog must respond to notifications of unlawful material. It is clear that the blog does this aggressively.
The Troll-tool feels safe from USA copyright holders and USA law enforcement, even if his identity would be outed.
Winter • August 8, 2021 8:13 AM
@-
“I guess if other modifications to discredit have been slipped in they would be very dificult to find, but easy to point out by the person making them…”
Cannot easily find any changes, except for attributing them to different handles.
See this example.
Repost:
https://www.schneier.com/blog/archives/2021/08/squid-dog-toy.html/#comment-386179
Original:
https://www.schneier.com/blog/archives/2017/01/friday_squid_bl_562.html/#comment-293184
The Real JG4 • August 8, 2021 8:25 AM
That wasn’t me reposting 2017 content, but I definitely remember writing part of that. It appears to be more of the troll attack or attacks. When I saw the right angle text this time, I realized that a simple filter could fix the display side of that. The filter could have a button per post to classify posts in a crowd-sourced voting pattern. Which itself would become an attack channel.
@Clive – Sorry to hear about your health challenges. I am happy that they can do basic repair work, but the nuances of the human body will take a long time to unravel. My friends have been getting Stage 4 diagnoses in droves.
Have been unpleasantly busy, but still doing well by doing good. I had suspected that this is possible. They glossed over the part where various other liars, thieves and murderers have amassed vast repositories of information on all of us:
Chinese Regime Has Stolen Enough Data To Compile “Dossier” On All Americans: Former Official
https://www.zerohedge.com/geopolitical/chinese-regime-has-stolen-enough-data-compile-dossier-all-americans-former-official
misquote: “They make a desert and call it peace.” -Tacitus Ironically, the New Empire calls it pacification. I call it the Peasant Extermination Programs. I am properly skeptical that any of them will produce a lasting peace. I repent of having been a screeching voice of the minority.
https://www.nakedcapitalism.com/2021/08/links-8-8-2021.html
…
America needs to listen to the anguished operators of our flying death robots | Will Bunch Philadelphia Inquirer
…
Nadim Kobeissi@kaepora
Apple distributed an internal memo today which referred to pushback against its new content surveillance measures as “the screeching voices of the minority.” I have nothing to add.
4:12 PM · Aug 6, 2021
https://twitter.com/kaepora/status/1423738825369604106
7.4K Likes | 331 Comments | Share this Tweet
…
Winter • August 8, 2021 9:20 AM
@The Real JG4
“Chinese Regime Has Stolen Enough Data To Compile “Dossier” On All Americans: Former Official”
I think that all major countries are compiling dossiers of every human with an online presence.
Every journalist, lawyer, judge, politician, criminal, LEO, Telco or ISP provider employee in every country and all their relatives and neighbors are a potential future target of interest. Who is left NOT to target?
Anders • August 8, 2021 9:45 AM
(temporary visit)
Interesting reply attack.
And they chose some of my old postings too.
Maybe i pissed off some Russians here before? 🙂
@Clive : everything OK?
@SpaceLifeForm : everything OK?
@MarkH : everything OK?
Winter • August 8, 2021 10:19 AM
@B_E_L_A_R_U_S_S_I_A
Postscript: Do you want us to post a textual analysis encompassing the differences and similarities between the comments of @ “-” and @ “Clive Robinson”, that could become quite interesting, don’t you think?
Please do post this analysis.
@ 411
Thanks for reposting the zine from yesterday, I kept a window open for you and a couple others so at least from my standpoint it was moot.
Something funny, very little of what you posted is “unreadable”.
Fight the good fight.
@ SpaceLifeForm,
You’re right, the imposter IS Fake.
See the difference?
Looking at the calander list, I don’t see how GMT could result in such an expression of offsets.
As I’ve said, I always use the same email. So my threat model allows for *USGov.
What other shenanigans you might see from my “type” ?
They help with infrastructure enumeration.
And lastly, where are you going with the NTP question?
Controlling NTP controls the network, even in the inverted scenario I would think.
That’s where your curiosity is driving me.
Anders • August 8, 2021 10:42 AM
@Winter
There’s currently another twist that includes Belorussia + traveling.
Massive illegal human trafficking to Lithuania.
They are flied from Baghdad to Minsk, passports are thrown away, they are transported to Lithuanian border and Belorussian border guard even helps them to cross the border.
hxxps://news.err.ee/1608297663/ak-on-lithuania-border-deliberate-psychological-strategy-from-lukashenko
They are no war refugees. They are all young healthy men under 30, lot of have the latest iPhone models etc.
This is human version of DDoS.
Now they switched also to Latvian border.
Some of these guys really don’t see the advantage of basically having their own personal back channel. I knew what was going on weeks ago, I was just certain there was someone else involved, not a big deal good to see you’re doing okay after all this time too.
I laughed hard at the Vice Lord and Keto remarks from various others.
Colorful community no?
The textual analysis isn’t what I want to see, everybody ‘reads’ different. I would like to know how to formulate/express that.
Sut Vachz • August 8, 2021 11:52 AM
The Apple case illustrates the root danger with computer technology, namely it’s in itself a-teleological, so it’s end has to be specified by something external to it, that is, it is intrinsically bendable to different purposes.
Aristotle said the “soul” of a knife, another artifact, if it had a soul, would be “cutting”. The material form is determined to that end.
Likewise the “soul” of a computer is “computing”.
Cutting is very specific but computing is very non-specific. The full non-specificity is easily achievable as Turing showed.
It’s not generally controllable by the person it’s supposed to benefit. The select few who do understand and control it are in the nature of things able to do whatever they want with it.
So computers and like technology intrinsically have a totalitarian potential.
The Greeks therefore sought to avoid inappropriate technology, however tempting the possibilities it offered.
Lately I have been remembering how in the 70’s I had no computing technology and how refreshingly free I was compared to today.
Is there some way to have the goods technology can bring without the handcuffs?
Anders • August 8, 2021 12:04 PM
‘Amazon hit with $886m fine for alleged data law breach’
hxxps://www.bbc.com/news/business-58024116
@ Unidentified,
RE: Pre-2000s tone,
This may be a response to a comment on new hampton, could be here. Definitely relevant possibly by a small stretch.
Is Corporate ‘age discrimination’ a disease or a symptom?
Could ‘age discrimination’ be a symptom of avoiding strict morals?
Younger employees may have more flexible values.
What impression does that leave?
Anders • August 8, 2021 12:43 PM
Mirai.
hxxps://www.bleepingcomputer.com/news/security/actively-exploited-bug-bypasses-authentication-on-millions-of-routers/
Clive Robinson • August 8, 2021 12:48 PM
@ Winter,
I think that all major countries are compiling dossiers of every human with an online presence.
In the UK it is a “requirment” for teachers to report not just on their pupils but their parents and how the teacher sees the “homelife”.
It’s claimed by the UK Gov representatives not to be a “requirment”. But what the UK Gov don’t talk about, and is a fact that most teachers are well aware of, is that if they fail to report, they get scapegoated by those “up-the-chain”. The teachers have seen it happen one or two times to many not to realise exactly what is going on…
Then there is the use of Google… It’s almost impossible from the age of eleven in the UK not to end up having your education establishment putting you on Google in one way or another and for you not only to have to submit work but get “administrative” communications sent in plain text back to you including all your marks and assesment results. Google of course stores this away for future times, as a usefull way to assess job aplicants from cradle to grave and well beyond.
Obviously Microsoft want to get in on this very lucrative business… So “Teams” has been an excellent way for them to get in on the act during the pandemic.
Then there is patient / healthcare information, the UK Government gives it all to both Google and that ultra shady organisation Palantir. Supposedly the data is “anonymous” but it takes next to no effort and very little other data to basically strip off any anonymization in next to no time (reportedly Google did it for the whole UK health database in just a few minutes).
But… If you have a certain “status” neither you nor your family are put in these databases. The problem is of course the likes of Google know who you and your family are from other databases, so if you are “missing” you get flagged up. You will get found and you will be entered with the equivalent of VIP status that makes your data many more times valuable.
Is there any way to avoid this, well yes some but the pushback you get from the schools and Drs etc is enormous and sometimes extreamly threatening, with hints being droped that you do it there way or your childs work will be marked at the lowest level due to it being late or some other nonsense…
And at the end of the day the UK Gov know they can “co-opt” enough people in sufficient levels of schools and Drs/Hospitals so that the need for “regulation” to enforce what they want is in no way required.
Simply because there are always sufficiently stupid people to be used as “usefull idiots” by the notion that promotion is predicated on targets etc…
SpaceLifeForm • August 8, 2021 2:52 PM
@ r
Ever catch a Cert problem due to clock?
What if you do not notice because it created a downgrade attack that was invisibly handled?
Also, Clock Skew == MetaData
You can experiment with this. Set your clock ahead one year. See which websites fail and which do not. Or set the clock way back, and then check the Cert that was used.
hxtps://arstechnica.com/information-technology/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/
I don’t have to, that’s exactly where I thought you were going with this and exactly why I’m getting my butt back off of Sprint.
Recently used an old Kindle?
Older Android has similar issues from the cert package and ‘network’ time.
What’s funny about your post is it made me ask myself when exactly did I stop unchecking ‘don’t use network time’ in Android.
Definitely something else to investigate thanks for the agitation. 😉
JonKnowsNothing • August 8, 2021 3:15 PM
@Clive, Winter,
re: In the UK it is a “requirement” for teachers to report not just on their pupils but their parents and how the teacher sees the “homelife”.
In a fairly recent MSM report a UK teacher reported a young child and the parents to the required Security Services Registrar for Terrorist Registration because when asked what would the child like to do they answered
to give ALMS to the poor
In the USA we are not supposed to have language accent discrimination but it happens sub rosa. Here, “UK English” accents are both comedic and affected. The main aspect being they are unintelligible in American English dialog.
It appears that the same issue happened with the UK teacher who did not hear “ALMS” but something entirely different and thus the Terrorist Referral was made.
iirc(badly) When the Harry Potter movies were being made, much ado was made about the accents of the young actors and how they would be understood in the USA. When the time came to cast Cho Chang, her accent was a winner.
===
ht tps://www.theguardian.com/uk-news/2021/jun/27/boy-11-referred-to-prevent-for-wanting-to-give-alms-to-the-oppressed
ht tps://en.wikipedia.org/wiki/Sub_rosa
- Sub rosa (New Latin for “under the rose”) denotes secrecy or confidentiality. The rose has an ancient history as a symbol of secrecy.
ht tps://en.wikipedia.org/wiki/Tudor_rose
- The Tudor rose (sometimes called the Union rose) is the traditional floral heraldic emblem of England and takes its name and origins from the House of Tudor, which united the House of Lancaster and the House of York. The Tudor rose consists of five white inner petals, representing the House of York, and five red outer petals to represent the House of Lancaster.
- The borough and county of Queens in New York City uses a Tudor rose on its flag and seal.[11] The flag and seal of Annapolis, Maryland, features a Tudor rose and a thistle surmounted with a crown. The city of York, South Carolina is nicknamed “The White Rose City”, and the nearby city of Lancaster, South Carolina is nicknamed “The Red Rose City”. York, Pennsylvania and Lancaster, Pennsylvania are similarly nicknamed, using stylized white and red roses in their emblems, respectively.
ht tps://en.wikipedia.org/wiki/Katie_Leung
- Katie Liu Leung is a Scottish actress.
(url fractured to prevent autorun)
SpaceLifeForm • August 8, 2021 4:21 PM
@ Sloth
Glad you caught my comment before it was accidently taken to the dumpster with over 350 troll-tool posts.
It was about that time that I saw the storm arriving.
It’s clockwork.
echo • August 8, 2021 4:31 PM
@Clive
Then there is patient / healthcare information, the UK Government gives it all to both Google and that ultra shady organisation Palantir. Supposedly the data is “anonymous” but it takes next to no effort and very little other data to basically strip off any anonymization in next to no time (reportedly Google did it for the whole UK health database in just a few minutes).
But… If you have a certain “status” neither you nor your family are put in these databases. The problem is of course the likes of Google know who you and your family are from other databases, so if you are “missing” you get flagged up. You will get found and you will be entered with the equivalent of VIP status that makes your data many more times valuable.
The “needle in a haystack” paper uncovered some time ago was quite interesting. I’m not a data scientist but I have a general clue what can and cannot be done with data in terms of extracting signal from data. We all know what can be done with this for good or ill and we know it is both used and abused.
Strategic legal cases are rarely done in the UK in comparison to Ireland and mainland Europe and the US. The basic approach in the UK is consolodation, maximising “quality of earings”, and various other failings the last two lawyers I spoke with know are problems. It’s yet another stuctural failure on top of existing failures. The lack of a strategic approach being the default for general access to law means many cases with a compelling public interest merit may be stamped on at the first hurdle.
I think it was the other month where it was noted by someone in the media somewhere that the current government especially pays no regard to the law.Even in the days of Thatcher they may not have liked judgments but they accepted them and moved on. This regime power away as if law doesn’t exist.
@JonKnowsNothing
In a fairly recent MSM report a UK teacher reported a young child and the parents to the required Security Services Registrar for Terrorist Registration because when asked what would the child like to do they answered
to give ALMS to the poor
In the USA we are not supposed to have language accent discrimination but it happens sub rosa. Here, “UK English” accents are both comedic and affected. The main aspect being they are unintelligible in American English dialog.
It appears that the same issue happened with the UK teacher who did not hear “ALMS” but something entirely different and thus the Terrorist Referral was made.
Repeating the legal things gets a bit onerous but “Prevent” legislation is generally fine. It’s not just schools but other institutions who have obligations under prevent legislation. The basic issue is to detect extremism before it becomes a bigger problem and take investigatory and rehabilitation measures before things become worse. I’m not in touch with every preventative style initiative but from alchoholism to hate incidents I’d like to think it’s a useful approach.
@All
https://www.youtube.com/watch?v=ryGIMum4d6k
Sir Robin Day chairs the topical debate from September 24, 1987. On the panel are Sir John Harvey-Jones, Linda Bellos, journalist John Lloyd and Spectator editor Charles Moore.
I was going to write a standalone comment about this within the context of some recent policy history and various failings and attitudes. Instead I will just assume the reader has a reasonable grasp of the modern climate and enough expertise and sense of history to forman opinion. The first ten minutes of this are worth watching for a lot of reasons. The fact this was first broadcast 24 years ago and the state of rapidly deteriorating affairs today in general is quite shocking.
SpaceLifeForm • August 8, 2021 5:15 PM
@ r, Sloth
Speaking of Clockwork
Trust our Cryptotool, it’s good because we say so.
hxtps://fedoramagazine.org/secure-ntp-with-nts/
NTS includes a Key Establishment (NTS-KE) protocol that automatically creates the encryption keys used between the server and its clients. It uses Transport Layer Security (TLS) on TCP port 4460. It is designed to scale to very large numbers of clients with a minimal impact on accuracy. The server does not need to keep any client-specific state. It provides clients with cookies, which are encrypted and contain the keys needed to authenticate the NTP packets. Privacy is one of the goals of NTS. The client gets a new cookie with each server response, so it doesn’t have to reuse cookies. This prevents passive observers from tracking clients migrating between networks.
Let’s parse.
NTS includes a Key Establishment (NTS-KE) protocol that automatically creates the encryption keys used between the server and its clients.
So?
It uses Transport Layer Security (TLS) on TCP port 4460.
So?
It is designed to scale to very large numbers of clients with a minimal impact on accuracy.
So?
The server does not need to keep any client-specific state.
But, it can.
It provides clients with cookies, which are encrypted and contain the keys needed to authenticate the NTP packets.
Allegedy, you can TRUST the NTP packet.
Privacy is one of the goals of NTS.
Yeah, sure. I cleaned the bridge yesterday.
The client gets a new cookie with each server response, so it doesn’t have to reuse cookies.
Oh, it’s a Feature? Yeah, sure.
This prevents passive observers from tracking clients migrating between networks.
Sure, as long as you say so. How about those active observers? You know, the ones running the servers? That are really networked together?
Anders • August 8, 2021 5:47 PM
@ALL enjoy!
hxxps://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/
Anders • August 8, 2021 6:51 PM
Now it starts make sense why and how Akamai had DNS problems earlier.
hxxps://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain
hxxps://www.theregister.com/2021/08/06/aws_google_dns/
R-Squared • August 8, 2021 7:02 PM
@ Sut Vachz • August 8, 2021 11:52 AM
The Apple case illustrates the root danger with computer technology, namely it’s in itself a-teleological, so it’s end has to be specified by something external to it, that is, it is intrinsically bendable to different purposes.
Aristotle said the “soul” of a knife, another artifact, if it had a soul, would be “cutting”. The material form is determined to that end.
Interesting observation. The philosopher “thinks” but refrains from “doing” — once he takes up arms or weapons or instruments or tools — it is no longer philosophy that he is practicing.
Are we going to grant a philosopher the pen and paper to write down his thoughts or even a cell phone to communicate from his prison cell?
Likewise the “soul” of a computer is “computing”.
Cutting is very specific but computing is very non-specific. The full non-specificity is easily achievable as Turing showed.
The average human being of whatever gender browsing the internet or surfing the web has a soul? Sure, but the truth is that SARS+COVID flush, Delta, Lambda, Delta Plus, common colds and flus, are way down the list of major medical concerns of the day.
The six foot social distancing is perhaps polite and appropriate around strangers in any case, but the face diapers, needle jabs, and handcuffs are really getting in the way of any honest discourse on such “public” health matters.
lurket • August 8, 2021 8:31 PM
@The Real JG4
“Chinese Regime Has Stolen Enough Data …”
It must take a special literary skill to assemble a single meaningful sentence containing “Vladimir Lenin” and “5G”…
Winter • August 9, 2021 1:14 AM
@All
What did we (I) learn from the latest Troll-tool (Tt) campaign.
Tt posted in a 9 hour shift on Sunday from 8:36 – 17:44 St Petersburg time (which includes Moscow, Minsk, and Kiev).
Tt postings consisted of separate types:
1 Personal messages bragging about its power, e.g., predicting 1000+ comments in this posting and about secret codes embedded in this blog site. This includes insults and threats.
2 The customary pandemic disinformation
3 Zilog text to hide unwanted comments about its behavior.
- Space filling comments to make reading comments burdensome.
- Reposting old comments from this blog as space filling that is difficult to detect.
Comment types 2, 4, and 5 are done at a high rate, up to 3-4 comments per minute which indicates automation. The texts of 2-5 are copied from other sites or other posts.
More info:
Tt is proud to be Russian, and has problems with impulse control. It feels very superior and displays a lack of understanding and competence to match.
Tt spend a lot of time on personal messages and switching strategies during 9 hours on a Sunday. All of which was wiped out during the night. This leaves the question of the motivation and strategy behind this campaign.
Winter • August 9, 2021 1:55 AM
Correction:
4 Space filling comments to make reading comments burdensome.
5 Reposting old comments from this blog as space filling that is difficult to detect.
Ardent Orange • August 9, 2021 2:36 AM
Correction,
bandgap tunneling.
I figured out which /em/device had e/some of the pages open.
Ardent Orange • August 9, 2021 2:42 AM
What’s the new word?
Teleological.
Information without it’s context as just as malleable sometimes, maybe it’s more than just touring complete tangerines that fit the criteria.
What do you think?
Winter • August 9, 2021 2:53 AM
@Ardent Orange
“Information without it’s context as just as malleable sometimes”
Information without context is meaningless.
@Ardent Orange
“I’m still not convinced there’s only 1 known unknown.”
The Troll-tool is identified as an entity using post timing, post coherence, post content, and writing style when responding personally. Whether there is only a single natural person behind the Troll-tool or an organization is something I have not yet commented about. But the personal responses and time course suggest a single person is participating over several weeks. There are no observations that rule out this is a one person operation, not even observations that make this unlikely.
@Ardent Orange
“This one I’m cool whip, he’s as much a place here as any body.”
Personally, I am not cool with anyone who tries to spread disinformation while pretending it to be genuine information from a genuine discussion while reposting stuff from other sites. Nor am I cool with someone who tries to make this blog unreadable.
But I am a different person than you are, obviously.
Ardent Orange • August 9, 2021 2:56 AM
@ Winter,
Oh yeah,
And 400 is what we saw.
Looks at the comment counter some time as a counter comment. Unless your last statement was an under the counter comment?
I’ll comment myself out now thanks.
//
Ardent Orange • August 9, 2021 3:40 AM
Well, I guess had I enough time in my life to hover over every comment I would’ve realized that was an incorrect statement.
Either way nobody likes to be referred to in the third person or in code.
Basic manners even I break sometimes, speaking for others. But those are 2 separate issues.
At least they don’t bring their work home with them huh Winter?
I think we should include people where we can, your friend seems upset about something bro if he is just getting to work… How do you think he will feel about your longing for his triumphant rebuttal?
Z.Lozinski • August 9, 2021 8:18 AM
@SpaceLifeForm,
Has anyone figured out why telcos/cellcos do NOT use NTP?
The simple answer is that telcos developed time synchronization protocols 20 years before NTP. See Chapter 11 Synchronization in the Bellcore “Notes on the Network” (SR-TSV-002275, Issue 2, April 1994 is the version in front of me but there are earlier editions). Like much in telecoms, it is its own world.
The North American Network originally had a hierarchy of clocks, with the Stratum 1 clocks being supplied by a primary reference source, with Caesium clock, LORAN-C or GPS all being acceptable. When governments owned the telco most national networks had access to an atomic clock. One area to be careful when reading documentation, the Bell System Stratum definitions don’t match the NTP Stratum definitions.
The parallel development has continued and mobile networks typically use PTP (IEEE 1588) because you want adjacent cell sites to be frequency synchronised, and you want to avoid over-the-air time signals.
While GPS is attractive as a source of time, you probably want to avoid failure modes where the loss of GPS also takes out your communications network. (Think about how you would recover). There have been a number of hostile attacks on GPS availability which worry people who care about network integrity.
Jon • August 9, 2021 12:24 PM
Furthermore, “The wheels on the bus go round and round” scans. It has a consistent rhythm of emphasized and de-emphasized syllables. And given that it’s set to music that also has a consistent rhythm, it’s no wonder that formulation is preferred.
It’s preferred even without music: See Shakespeare. J.
Clive Robinson • August 9, 2021 12:59 PM
Z.Losinski, ALL,
While GPS is attractive as a source of time, you probably want to avoid failure modes where the loss of GPS also takes out your communications network.
Actually it’s a very bad source of time but a good method to discipline other clocks by…
I won’t go into the details because they are mind numbingly tedious even when you have a significant interest in them.
But if people want to go digging there are two very very important things you need to get very clear in your mind,
1, GNSS are designed to measure distance with time from a centrum.
2, Humans assume time is relative to them where ever they are and however they are moving.
Thus the first case assumes no relative time other than spherical/conic time from the center of the earth.
Whilst the second is possible to some extent between two points that move equally with respect to each other. However it is effectively imposible to resolve with three points even when they are equidistant and not moving.
Multi-drop communications systems using high clocking rates tend to be designed to have the bad habit of all being in “lock-step” in some way as it makes the first order design relatively easy. Which is problematic in reality depending on clock speed and distance appart the nodes are, and worse if any move with respect to each other which they all tend to do.
One solution that is not a real solition but has been tried is to generate an artificial centrum “as a refrence” and then calculate an offset based on knowing the relative positions of two nodes that wish to communicate…
I’ll let the interested try to work out some maths for it before you start moving things… Then the maths required to resolve wide band distortion due to doplar on eliptic curves (all low mass objects move in eliptic curves with respect to high mass objects unless you fritz with the gravatational constant which implies one object has a very high density)…
echo • August 9, 2021 1:21 PM
https://threadreaderapp.com/thread/1424741096006029320.html
Please help us identify the individuals masquerading as veteran Paratroopers in this ill-informed and ill-judged disorder?
They are not welcome in or represent the serving @TheParachuteReg
or @PRA_Airborne
.
#NotInOurName
Police battle to defend broadcaster’s west London studios as mob of dozens of activists protesting vaccine passports and jabs for children try to storm building
The parachute regiment are not happy with people at this riot masquerading as veterans.
For Americans and other foreign readers please note the Daily Mail (also commonly called the Daily Heil for its politics) is a gutter rag.
Cassandra • August 9, 2021 1:25 PM
@Z.Lozinski
@SpaceLifeForm
As Z.Lozinski alludes, telcos are in the business of synchronisation, whereas NTP is about distributing ‘absolute’ time sufficiently accurately and to a known degree of precision.
A transmitter and receiver on a synchronous network (or a plesiochronous network) don’t care about absolute time, but do care about synchronisation of clocks (i.e that they ‘tick’ at the same rate (and in phase) as close as reasonably practical).
hxxps://en.wikipedia.org/wiki/Plesiochronous_digital_hierarchy
hxxps://en.wikipedia.org/wiki/Synchronization_in_telecommunications
It was, in fact, a headache for data engineers as ‘clock slips’ mean a frame of data can be intentionally lost or duplicated so the network regains synchronisation. Such clock slips are barely noticeable in digitalised voice calls, but can have untoward effects on protocols that do not employ sufficient ECC, Forward Error Correction, or packet-loss detection and retransmission.
hxxps://www.oreilly.com/library/view/t1-a-survival/0596001274/ch05s03.html
hxxps://en.wikipedia.org/wiki/Bit_slip
Cassandra
Cassandra • August 9, 2021 1:30 PM
@Z.Lozinski
@SpaceLifeForm
(This might be a duplicated post – if so, my apologies to the moderator who is cleaning up. The original was accepted, but hasn’t appeared in the blog.)
As Z.Lozinski alludes, telcos are in the business of synchronisation, whereas NTP is about distributing ‘absolute’ time sufficiently accurately and to a known degree of precision.
A transmitter and receiver on a synchronous network (or a plesiochronous network) don’t care about absolute time, but do care about synchronisation of clocks (i.e that they ‘tick’ at the same rate (and in phase) as close as reasonably practical).
hxxps://en.wikipedia.org/wiki/Plesiochronous_digital_hierarchy
hxxps://en.wikipedia.org/wiki/Synchronization_in_telecommunications
It was, in fact, a headache for data engineers as ‘clock slips’ mean a frame of data can be intentionally lost or duplicated so the network regains synchronisation. Such clock slips are barely noticeable in digitalised voice calls, but can have untoward effects on protocols that do not employ sufficient ECC, Forward Error Correction, or packet-loss detection and retransmission.
hxxps://www.oreilly.com/library/view/t1-a-survival/0596001274/ch05s03.html
hxxps://en.wikipedia.org/wiki/Bit_slip
Cassandra
Rumpled Silk Skin • August 9, 2021 1:34 PM
Hmm… A rework?
The sound of the singer has gone to ground, gone to ground, gone to ground.
The sound of the singer has gone to ground rather quick!
Why has the singer gone to ground gone to ground gone to ground?
The sound of the singer has gone to ground, because they’ve seen the dirty big stick.
So the sound of the singer has gone to ground, gone to ground, gone to ground.
The sound of the singer has gone to ground because they don’t want to be pounded down…
With apologies to the original writer of the song for a version many parants might nod along to after a few hours of the original :-S
echo • August 9, 2021 1:50 PM
@Clive
Humans assume time is relative to them where ever they are and however they are moving.
https://www.youtube.com/watch?v=mTf4eqdQXpA
How Faster than Light Speed Breaks CAUSALITY and creates Paradoxes
8:29 – What if we could send instantaneous subspace signals?
https://www.youtube.com/watch?v=mTf4eqdQXpA&t=509s
The same tricks used by con artists and scriptwriters are the same. Your perception and understanding is hijacked so that something “relative” is presented as an “absolute”. The unattentive mind does not perceive this and in regular life has no need to.
Light is really quite slow on the scale of things. It would take light a week to travel the distance of the diameter of the largest black hole.
Clive Robinson • August 9, 2021 2:32 PM
@ ALL,
@echo has given the warning,
For Americans and other foreign readers please note the Daily Mail (also commonly called the Daily Heil for its politics) is a gutter rag.
It’s also calked the “Daily Fail” and “The blue rinse rag” due to it’s normal “scare stories” and “political position” being a little right of “rabid dog” at times.
Which is why I’ve been hunting for a “second source” as the Dail Mail suggests inaccuracies (the site is shared with multiple broadcasters and is not owned by the BBC and is most definately not it’s HQ in any way).
So far all I’ve been able to find is the Daily Mail article and re-hashes of it on Daily Mail affiliates like the Metro.
This suggests something “odd” may be going on…
The most likely is the Daily Mail has gone back to a past habit of “creating news” either indirectly or directly.
The other option is other news outlets have chosen not to cover it currently, due to lack of primary sourcing or a need to more carefully fact check before publication.
Thus whilst it looks certain something happened others don’t yet know enough…
echo • August 9, 2021 2:43 PM
https://www.theregister.com/2021/08/08/in_brief_ai/
Neural networks can correctly guess a person’s race just by looking at their bodily x-rays and researchers have no idea how it can tell.
There are biological features that can give clues to a person’s ethnicity, like the colour of their eyes or skin. But beneath all that, it’s difficult for humans to tell. That’s not the case for AI algorithms, according to a study that’s not yet been peer reviewed.
A team of researchers trained five different models on x-rays of different parts of the body, including chest and hands and then labelled each image according to the patient’s race. The machine learning systems were then tested on how well they could predict someone’s race given just their medical scans.
They were surprisingly accurate. The worst performing was able to predict the right answer 80 per cent of the time, and the best was able to do this 99 per cent, according to the paper.
“We demonstrate that medical AI systems can easily learn to recognise racial identity in medical images, and that this capability is extremely difficult to isolate or mitigate,” the team warns.
This makes sense and shouldn’t come as much of a surprise.
SpaceLifeForm • August 9, 2021 2:54 PM
@ Cassandra
Thanks for the links.
As to the duplicate post, you almost made it. After SUBMIT, wait at least 5 minutes, then force a refresh. The batcache can potentially give you an older page for up to 5 minutes. That is the default for batcache timeout. The behaviour will vary depending upon the current existence or non-existence of active readers besides yourself.
lurker • August 9, 2021 3:14 PM
@Clive
The most likely is the Daily Mail has gone back to a past habit of “creating news” either indirectly or directly.
An excuse offered by one of my informants was that the Mail has no paywall, which may well suck in a certain class of reader, but shouldn’t affect news aggregators. Which begs the question, Who is paying them to create news?
echo • August 9, 2021 3:17 PM
The Institute of Economic Affairs has lost a two-year battle with LBC radio presenter James O’Brien over claims the registered charity is a politically motivated lobbying organisation funded by “dark money”.
The IEA complained to media regulator Ofcom that the radio station had made a series of inaccurate and unfair suggestions that the organisation is a professional lobby group of “questionable provenance, with dubious ideas and validity” staffed by people who are not proper experts on their topic.
The free market thinktank particularly objected to O’Brien’s dismissive description of an IEA representative as “some Herbert”, as well as guest Peter Geoghegan’s suggestion that the IEA was “politically biased” during a discussion on the funding of thinktanks.
O’Brien also described the organisation as a “hard-right lobby group for vested interests of big business, fossil fuels, tobacco, junk food” and urged newspapers to stop quoting from an organisation that is registered as “as an educational charity because they don’t reveal who funds them”.
Hah!
The IEA complained that it had not been offered a right to respond to the allegations. However, Ofcom said this was not necessary given the programmes were not unfair to the IEA.
It also noted that O’Brien had indeed invited the organisation on air when he said: “I will be happy to offer a full right of reply to anybody who has just been mentioned. As long as they tell me who funds them.”
Ofcom concluded that no reasonable listener could consider the final line to be serious, so it constituted a serious offer.
I’m sure it’s serious in the strict meaning of the word but nobody expects the IEA to give a straight answer if they answer at all!
Clive Robinson • August 9, 2021 3:48 PM
@ echo,
Thank you for giving,
“However, Ofcom said this was not necessary given the programmes were not unfair to the IEA.”
It made me smile as the IEA is shall we say “shown to be not as it claims” by a long way.
The thought however does occure to me that the OfCom decision as an official “regulator” with legal powers, may just have dropped the IEA right in it…
In effect OfCom has said they are dishonest and not fit to be a charity. Which means the charity commissioners would have to give it significant standing if some one chalenged the IEA status as a charity.
These things tend to unravel like a loose thread in a knitted sock/stocking… Thus the IEA could be forced to expose it’s funders who would in effect be guilty of setting up an illegal tax avoidence scheme… Or hold it’s hand up and pay the owed back tax plus fines and then shut it’s self down.
Or worse could happen…
However finding the “funders” is probably not dificult and if any of them were shown to have say strong links to a foreign nations political system… The question arises about “Undisclosed Economic Agent of a Foreign Power” and if links are shown to UK political parties that have had or hold national office at the time funding was on gowing then there is the question of malfeasance in public office to address…
So all gopd clean fun as a major round of mud slinging would start…
SpaceLifeForm • August 9, 2021 3:50 PM
@ echo
It would take light a week to travel the distance of the diameter of the largest black hole.
I’m curious. Maybe I have forgotten some physics, i.e., relativity.
How do you measure the diameter of a black hole?
What are you measuring it against?
Where is your space ruler located?
Cassandra • August 9, 2021 4:00 PM
@SpaceLifeForm
Thank you for the explanation. I will exercise patience and wait for 5 minutes in future. In the past, postings have appeared almost immediately, but I understand from your explanation that the speed of the posting appearing will depend on how many (other) active readers there are, so I was probably lucky. I had done a page reload, overriding the cache in my web-browser with no (apparent) update.
Cassandra
echo • August 9, 2021 4:14 PM
@SpaceLifeForm
<
blockquote>How do you measure the diameter of a black hole?
<
blockquote>
Very carefully! That or you could be an armchair explorer and calculate the Schwarzschild radius.
Actually, I’m way out over the distance light needs to travel the width of the biggest known black hole at 24 billion miles. It’s somewhat over a day and a half not a week. Have you seen those videos on youtube charting the path of a light travelling from the sun to the outer planets in real time? The pace is glacial. Watching paint dry is more interesting.
echo • August 9, 2021 4:24 PM
@SpaceLifeForm
I’m making a real hash of today. 78 billion miles. I was more right the first time! About four days or so, without working the maths out.
For days to cross the diameter of the largest black hole.
Travelling at the speed of light.
That is big. Four days???
If anyone thinks that is big imagine you were the size of a plank length. There are more plank lengths in a square meter than there are square metres in the observable universe.
SpaceLifeForm • August 9, 2021 4:57 PM
T-Mobile is a Stalking Horse.
DOJ is paying attention.
hxtps://www.competitionpolicyinternational.com/doj-weighs-in-on-dish-dispute-with-t-mobile/
Antitrust officials at the U.S. Justice Department said they have “grave concerns” about plans by T-Mobile US Inc. to shut down the wireless network used by millions of Boost Mobile customers.
SpaceLifeForm • August 9, 2021 5:42 PM
@ echo
You changed your Space Ruler from Distance to Mass when it comes to Schwarzschild radius.
Same question: What are you measuring against?
How sure can one measure Mass?
Oh, yeah, observed rotation. Sure. Did you take the missing dark matter into account?
Are we really sure what Mass is?
How about Gravity?
Maybe there are way deeper things going on, and that which we can Observe is not actually reality.
Newtonian physics works pretty well for most. Eienstein Relativity may still be an approximation.
When you study Space, my recommendation is to take what you think you Observe with a huge grain of salt.
hxtps://www.amnh.org/exhibitions/einstein/legacy/quantum-theory
SpaceLifeForm • August 9, 2021 6:32 PM
Stalking Horse
hxtps://telecoms.com/510831/closure-of-sprint-4g-network-probably-not-a-big-deal-to-t-mobile-us/
A fortnight ago Dish revealed it has signed an MVNO deal with AT&T worth $5 billion over 10 years that will see it move many of its customers – from Boost Mobile and other sub-brands – onto the AT&T network, as well as roaming on the latter’s 5G infrastructure in areas where it does not have its own coverage, when the time comes.
[When the time comes]
lurker • August 9, 2021 7:33 PM
@echo
Travelling at the speed of light.
That is big. Four days???
Einstein relatively big. For those who believe c is immutable, the distance is distorted by the large gravitation field. As a non-cosmologist I have the liberty of believing the distance is what I observe from an orthogonal distance, and c is slowed by the gravity.
Winter • August 9, 2021 8:55 PM
@SLF
“How do you measure the diameter of a black hole?”
Actually, a black hole only has an outside surface area. Neither the inside diameter nor the volume have physical sense.
ht tps://arxiv.org/abs/0801.1734
What is generally done is that the volume and radius of a sphere with the same surface area as the black hole horizon are used. That is, the volume and radius as seen by an observer far away.
As nothing can cross a black hole, the idea of “Four days to cross the diameter of the largest black hole” is just a figure of speech.
@SLF
“Are we really sure what Mass is?”
The mass of a black hole is “easy” to measure. It follows directly from the strength of the gravity at a distance. As this can be measured quite far from the horizon, this is not affected by all the weird effects of general relativity. It is one of the only three physical, measurable, features a black hole has. The others are electrical charge and angular momentum (rotation).
Freezing_in_Brazil • August 9, 2021 9:42 PM
@ echo
Re anti vax assault
This episode is very similar to the famous Vaccine Revolt, which took place in the city of Rio de Janeiro in 1904[1].
If the attitude of Londoners towards vaccines in 2021 is identical to that of Cariocas at the beginning of the 20th century, there is not much to look forward to. A sad state of affairs.
[1] htps://pt.wikipedia.org/wiki/Revolta_da_Vacina
ResearcherZero • August 9, 2021 10:44 PM
Encryption backdoors courtesy of Australia
These expectations will apply to service providers including social media; “relevant electronic service of any kind”, such as messaging apps and games; and other designated internet services, such as websites.
hxxps://www.zdnet.com/article/canberra-asks-big-tech-to-introduce-detection-capabilities-in-encrypted-communication/
Failure to comply with reporting requirements could see the provider slapped with a AU$555,000 fine, the draft rules also build in encryption-busting expectations.
hxxps://www.communications.gov.au/file/52396/download?token=g5mtd5WJ
the government has prepared a consultation paper and is accepting submissions until 15 October 2021
hxxps://www.communications.gov.au/file/52336/download?token=S0nlJI7G
The CLOUD Act created a pathway for Australian authorities to serve US service providers directly with requests for user data, bypassing the mutual legal assistance mechanism which is considered slow.
The bill establishes a framework that allows “reciprocal cross-border access to communications data” with foreign governments for law enforcement and national security purposes.
US authorities – and potentially other countries in the future – will also be able to access data directly from Australian service providers, granted international agreements are in place.
There are 46 pages of amendments, 502 in total.
hxxps://www.itnews.com.au/news/cross-border-data-access-bill-waved-through-parliament-566493
An agency may disclose personal information to an overseas recipient without complying with APP 8.1 where the disclosure is ‘required or authorised by or under an international agreement relating to information sharing to which Australia is a party’
hxxps://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines/chapter-8-app-8-cross-border-disclosure-of-personal-information/
ResearcherZero • August 9, 2021 10:59 PM
“It took between two and 161 days to deactivate or withdraw access to information systems after staff left the entity,” (Department of Finance)
“This increases the risk of unauthorised access and can compromise the confidentiality, integrity and availability of the entities’ information.”
“System logs showing the dates of when this occurred were not recorded,”
“did not routinely record specific dates when IT access [was] cancelled”.
“For 10 of our sample, there was no information to determine when access was cancelled,”
“In some cases, this may mean people continue to have access while clearing their remaining leave when they should have no need to access systems,”
“This increases the risk of unauthorised access and weakens controls over inappropriate use.”
“19 of 26 staff in [the] selected sample returned their IT equipment”,
15 people – or more than half the 27 staff sampled from the departments of Planning, Lands and Heritage “left with no evidence of laptop return or what was issued”,
hxxps://audit.wa.gov.au/wp-content/uploads/2021/07/Report_3_Staff-Exit-Controls.pdf
ResearcherZero • August 9, 2021 11:09 PM
@R-Squared
Out in the Karakum Desert, the sand dunes lead to a glow so bright it lights up the night sky. The ground gives way to a fiery crater so deep and angry, locals swear someone punched through the ground and let hell shine through.
The crater has been burning continuously for 50 years.
hxxps://www.businessinsider.com.au/photos-of-gates-of-hell-fire-crater-turkmenistan-2020-1
ResearcherZero • August 10, 2021 12:22 AM
On the subject of Hell, you can’t actually leave the place until the flight restrictions are removed.
Prime Minister Scott Morrison has again refused to commit to a target of net zero emissions by 2050, after an international “code red” warning on climate change was issued by global leaders.
hxxps://www.abc.net.au/news/2021-08-10/ipcc-scott-morrison-climate-change-net-zero-2050/100364476
Winter • August 10, 2021 1:13 AM
About the precision of climate change predictions by the oil industry:
echo • August 10, 2021 1:24 AM
@Freezing in Brazil
@Re anti vax assault
This episode is very similar to the famous Vaccine Revolt, which took place in the city of Rio de Janeiro in 1904
Fundamentally the anti-vaxxer assault and other related recent far right public rallies are all linked. The root problem is cognitive dissonance caused by years of deliberate far right campaigning by media and enabling by a hardcore of nutjob politicians. The people who are the victims have been radicalised to prop up the very far right people abusing them.
You can trace the roots of the radical right (also known as the far right or alt right) back to 1980’s Euroscepticism and in the US a lurch towards wedge issues. Bill Cash, and in the US Newt Gingrich and more lately Mitch McConnel. There are others who had a hand in things including moee lately those benefiting from partisan appointments or “clean skins” whose ego has taken over. It also includes “think tanks” like those located at Tufton Street. There is also the monitised hate by social media and flying under the radar for most people within Europe “dark money” funded lobbying and astroturfing ad legal action. Google are currently as bad as Russia’s GRU or the religious far right. (This was reported this week but I lost the link and am too lazy to look for it.) The web of nastiness fueled by the religious right ranges from bad actors located in the US to Russia to Latin America. I have provided links to reports proving this in Squid topics over the past month or so.
If the attitude of Londoners towards vaccines in 2021 is identical to that of Cariocas at the beginning of the 20th century, there is not much to look forward to. A sad state of affairs.
It’s not great. But the science is known and we have experience of these kinds of bad actors in the past. We know who they are and what loopholes they exploit. More and more voices are calling for these people to be put on trial and serve serious jail time as well as losing titles and estates. And, yes, their families too as some very definately collude or benefit from this corruption and it goes right to the top of the alledged “top tiers” of society.
Face both ways asleep at the wheel careerists in UK security services and the police and regulators among others have questions to answer too.
Winter • August 10, 2021 1:42 AM
@echo
“It’s not great. But the science is known and we have experience of these kinds of bad actors in the past.”
It is not that simple. These protests are not the result of evil master minds misdirecting sheep-like “commoners”. Anti vaccination protests go back to the start of vaccinations:
Vaccines — lessons from three centuries of protest
ht tps://www.nature.com/articles/d41586-020-02671-0
Vaccination has always been a lightning rod for storms brewing over other problems, as physiologist and science writer Jonathan Berman shows. The people who protested against mandatory smallpox vaccination in nineteenth-century England had previously led opposition to the 1834 Poor Law Amendment Act, which proposed that unemployed people must labour in workhouses for food, often under conditions of exploitation, child labour and family separation. The protesters saw mandatory vaccination as a similar assault on poor people’s autonomy. After examining the rise of such opposition in England, Berman turns to the US experience in the twentieth and early twenty-first centuries.
I knew there was a theme, it’s the air.
What are we playing?
2/10 HORSE?
echo is the second person I’ve seen advocating terrorism about ‘establishment’ families in less than 12 hours.
What gives?
https://news.ycombinator.com/item?id=28123807
CC: moderator
Clive Robinson • August 10, 2021 2:41 AM
@ echo,
You raised a smile with,
If anyone thinks that is big imagine you were the size of a plank length.
There are several standard “plank lengths” but only one “Planck length” the former most builders could tell you off of the top of their heads, the latter is a little under dispute and you’ld need a physicist who’s also a meterologist to give you the low down.
Sounds like your day has been a little hectic, thus in need of a feet up in the comfy chair moment or something more.
My day unfortunatly ended in “flooding” and the effective stopping / disruption of Public Transport and thus having to trudge on the sticks in the rain of biblical proportions… Thus it got in through the coat… At least there was milk in the fridge, and tea bags in the cupboard… So a cupper or four got consumed by which time my mood was shall we say “A little less foul weather” 😉
[1] https://en.wikipedia.org/wiki/Planck_length
[2] https://www.collinsdictionary.com/dictionary/english/plank
echo • August 10, 2021 2:50 AM
https://en.wikipedia.org/wiki/Sea_Power_(band)
Sea Power, previously known as British Sea Power, are an English alternative rock band. Their original lineup consisted of Scott Wilkinson, known as Yan (vocals, guitar), Neil Hamilton Wilkinson, known as Hamilton (bass guitar, vocals, guitar), Martin Noble, known as Noble (guitar) and Matthew Wood, known as Wood (drums).
Linking to wiki because I don’t want to give the usual suspects oxygen.
For anyone interested in watching a masterclass of a movie and an education in power and legitimacy I recommend watching the movie “Master and Commander: The Far Side of the World.” (Commentary on power begins at 6:56. Commentary on tyranny begins at 18:45.) On the subject of “pressing” it is notable that the director instructed his casting director, who did a fabulous job, of sourcing actors from around the world who would provide the same eclectic mix as was true at the time. This is one detail many watching the movie may have missed.
https://www.youtube.com/watch?v=dMv_LOGMZN0
Master and Commander | The Most UNDERRATED Cinematic Masterpiece | Film Summary & Analysis
While originally there was a plan to create a franchise, no sequels were made.
I’m not a fan of the Lord of the Rings movies. (I preferred the earlier animated adaptation.) I actually fell asleep while watching the third one and cannot remember watching it all the way through. Don’t get me started on Marvel and DC movies!
I feel robbed.
https://www.youtube.com/watch?v=sUgoBb8m1eE
Daniel Barenboim with the Chicago Symphony Orchestra, opening the 1997 season at Carnegie Hall in this gorgeously performed dedication to the recently deceased Sir Georg Solti. Solti was the previous music director of the CSO for many years.
Many Americans were first introduced to Elgar’s Nimrod during the last presidential election by a Bloomberg campaign video. I know a few americans on social media including at least one former US Navy senior officer I consider a friend whose jaws dropped like they had seen the face of God when they first heard this. He certainly went off on one for the rest of the week when I sowed him a documntary of Churchill’s funeral. I couldn’t tear him away for it for love nor money. While co-opted by the state Nimrod is at heart an anti war piece but if American’s want to have half a clue how the British empire ruled most of the world or indeed has invaded more countries than the rest of the world put together the stirring passions of Nimrod are a piece of the puzzle. Not that I’m recommnding this as we have somewhat moved on from the days of empire and nationalism and that more agreeable ways of conducting world affairs have evolved.
“This ship is England”. Indeed and I am captain of my own ship. The atrocious Prime Minister Johnson does not represent me or my country. No matter his reported very literal chest thumping while proclaiming he was England he is not England. He is a coward and a thief. A liar. A cheat.
I am also a European and an unrepentant “remainer”. As a parting comment on this subject for Americans I think one of the better tricks President Biden stole off the EU is to make politics boring again.
The fight goes on.
https://www.youtube.com/watch?v=hKgUxqXoc9M
This baroque vocal version of Nimrod by VOCES8 is quite magical.
As others have said if Nimrod is not played at my funeral I’m not going!
echo • August 10, 2021 3:37 AM
@Clive
Sounds like your day has been a little hectic, thus in need of a feet up in the comfy chair moment or something more.
Just a bit. Repelling an ants nest which got in somewhere of all things which was a nice rapid introduction to neurotoxins and baiting strategies and the logistics of it all.
I’ve also been buying up airtight storage boxes so tools and materials with moisture and rust sensitivity can be packed away in the shed. I also discovered an airtight and waterproof toolbox so that’s on the list too.
My day unfortunatly ended in “flooding” and the effective stopping / disruption of Public Transport and thus having to trudge on the sticks in the rain of biblical proportions… Thus it got in through the coat… At least there was milk in the fridge, and tea bags in the cupboard… So a cupper or four got consumed by which time my mood was shall we say “A little less foul weather”
I have varying grades of umbrella and waterproof coat I select from to keep in my handbag. I know the day I leave them at home is the day after a sly sunny start is the day the heavens open. I also have flat pack galoshes too for more dubious expeditions at awkward locations.
Spreaking of bags I have a tote bag which folds and zips to the size of a small and slim jiffy bag. I’d like to find one with a shoulder strap too as I hate carrying things. The soft bag which rolls up into a small container does have straps but doesn’t cut the mustard presentationally. The best cheap tote bag with carry handle and shoulder strap without absurd branding is from Wilko of all places.
I usually have tinned condensed milk in the cupboard for when I’m too lazy to get fresh milk.
https://www.youtube.com/watch?v=kQ3_o7F7mqY
RMR Merseyside funny video about ration packs in the field.
This video is an old joke but from time to time I like spontaneous meals and drinks a cut above the average in unexpected places and it’s quite nice surprising people like this for real. Not that the absurdity in this video is possible but you know what I mean. It’s rare and you have to plan ahead but it can be fun. Mind you I’m happy with a hot pie on a park bench or a flask of tea sitting under a tree in the rain too.
@Lurker
C is determined by F. Arvin Ash did a video on it explorign what would happen if the speed of light was zero or infinite. It can be anything between. If it wasn’t the maths would be utterly broken and we’d be living in a different universe completely. And yes I know there is an ongoing discussion as to whether maths is real and merely just an annoyingly accurate descriptor of what we know as the physical world. You can go potty discussing any of this.
Cassandra • August 10, 2021 4:20 AM
@echo
If you are packing away iron/steel tools for a long time that are susceptible to rusting, I suggest you look into getting some anti-rust paper/anti-corrosion paper:
As random examples:
hxxps://springpack.co.uk/product-category/protective-packaging/special-papers/
hxxps://www.armorvci.com/rust-resources/vci-faqs/
Volatile Corrosion Inhibitors: hxxps://en.wikipedia.org/wiki/Volatile_corrosion_inhibitor
It would not do any harm to get some silica gel capsules as well (the packets labelled ‘Do Not Eat’ found in the packaging of moisture susceptible items).
Cassandra
echo • August 10, 2021 5:45 AM
@Cassandra
Colour changing rechargeable silica gel packets are on the todo list!
Thanks! I ddn’t know about VCI stuff. It’s a bit expensive for one item I need to store so may use oil or wax instead.
echo • August 10, 2021 7:36 AM
Institute for Economic Affairs loses battle over ‘hard-right lobby group’ comments
‘Dark money’ think tank complained after openDemocracy journalist’s LBC interview with James O’Brien
More coverage of the James O’Brien versus IEA issue with lots of very juicy details.
Clive Robinson • August 10, 2021 1:51 PM
@ lurker,
Sorry for bot responding earlier, but it’s been a long day without the mobile.
After a sizable journey I’ve been injected with radio active Technecium to emit gama particles for a gama camera… I’ve recently got hom and I’m still way to hot to go anywhere of interest, even some of my lab equipment screemed at me a little while ago… So I wonder what some of those not so secret detectors in various parts of “London Transport” have been reporting…
Probably a “klingon like image” that smells of “dirty bomb” 😉
Actually the system is supposedd to be able to tell the difference by the “dahghter isotope” characteristics, and a mainly gama emitter is not realy what you want any way.
The upside is I’m not supposed to hug babies, little children or pregnant women, so I can be in W.C. Fields mode legitimately for a few days at least 😀
As my dad used to say, if you look hard enough there is always an upside you can use to raise a few laughs.
Unfortunately not so with this Daily Mail nonsense from yesterday…
It appears to be getting more and more bizarre and underhanded, with the Daily Mail having a larger slice of the action than they are owning up to… No great suprise there, but it is very dubious to put it mildly.
Back in the 1980’s they used to create fake news, one such was “Attempted kidnapping of Princess Margaret” they actually paid someone to dress up, aranged passes for them to be in a restricted area etc, and got numerous people to tell the poor stooge it was all aranged, and showed him “palace paperwork” (assumed fake) to verify it…
Needless to say the stooge got serverly treated by authoraties, untill the Dail Mail angle got shown… Then it all got swept under the carpet, almost never to have happened…
Which brings us to your point,
Who is paying them to create news?
Just remember “payment” may not be in coin of the realm, or fourty pieces of silver, some times it can be in favours…
As @echo has observed treat everytging to do with the Daily Fail and the “aristocracy” that runs it with more than a little caution, some of them are “so high up the tree” they realy do smell like rotten game.
Speaking of which… Does anyone in the UK want some Parakeets? There are hundreds of the blighters making life very annoying around here. I’d quite happily trap some of the little invading varmints and arange for people to take them away by the half dozen or so…
Clive Robinson • August 10, 2021 2:11 PM
@ SpaceLifeForm,
T-Mobile is a Stalking Horse.
May be may be not, it’s hard to tell… Just one reason I don’t want to get dragged into it…
However if you don’t mind that potentially unpleasent kick back…
I will note that you have teased loose a single thread, and you need to keep pulling at it to reveal the fetid corpse underneath, that ceetain IS Government agencies are not going to be able to find unless already in the public spotlight.
As I indicated it’s a very severe “cartel” in progress of whixh AT&T is most definately part of. And the initial targets to be exploited needlessly for maybe threee or four times what the flat rate costs in other parts of the world are, are those at the bottom of the socio-econonic ladder or who have been put in a position where they have no choice (prisons / remand centers)…
Various people are “coining it in” and a “free market” it is most definately not…
SpaceLifeForm • August 10, 2021 4:07 PM
@ Clive
I will note that you have teased loose a single thread, and you need to keep pulling at it to reveal the fetid corpse underneath
I am quite aware of the corpse, which is really a zombie.
All one can do is point out the problems, and hope that enough people in the IC and DOJ wake up and do their job.
There are many that are failing in their role. At best, they are slow-walking. Some are intentionally sabotaging.
Just kicking the (5G) can down the street in the hope that people wake up.
ResearcherZero • August 10, 2021 10:42 PM
Perhaps the NYPD audits access to these systems with more competency than our police force does? Knows who still has access to the system, and has proper access controls and oversight? At least there may be a better chance that foreign spies, from multiple nation states, can’t also gain access to those information and surveillance systems.
“Armed with stingrays, law enforcement can—without any assistance or consent from cell phone carriers—pinpoint a person’s location in the home, a place of worship, or a doctor’s office, or conduct mass surveillance on people gathered in an area, whether for a protest, lecture, or a party,”
hxxps://www.wired.com/story/nypd-secret-fund-surveillance-tools/
“The specifics are redacted, but the company came under fire in 2019 after it was revealed that the NYPD enters children under 18 into facial-recognition databases maintained by the company.”
hxxps://www.nytimes.com/2019/08/01/nyregion/nypd-facial-recognition-children-teenagers.html
“Health officials have warned that the devices may be a cancer risk because they can expose passersby to unhealthy amounts of radiation.”
hxxps://www.theatlantic.com/politics/archive/2015/10/the-nypd-is-using-mobile-x-rays-to-spy-on-unknown-targets/411181/
(Like microwaves, it’s the proximity and length of exposure that is a problem.)
–
This blog post details the post-compromise tradecraft and operational tactics, techniques, and procedures (TTPs) of a Chinese espionage group we track as UNC215. While UNC215’s targets are located throughout the Middle East, Europe, Asia, and North America, this report focuses on intrusion activity primarily observed at Israeli entities.
hxxps://www.fireeye.com/blog/threat-research/2021/08/unc215-chinese-espionage-campaign-in-israel.html
“There are some indications that the attacker behind this campaign is based in China,” based on “certain artifacts found on the victim machines,”
“with the current information available, Symantec cannot attribute the activity to a known actor.”
While we cannot definitively say what the end goal of the attacker was in these attacks, espionage seems like the likeliest motive. This is indicated by the activity we did see – credential stealing, lateral movement, keyloggers being deployed – and the types of machines targeted in some of the organizations – those involved in design and engineering.
The ability of the attacker to maintain a stealthy presence on the targeted networks for a number of months indicates they were skilled.
Credential theft and lateral movement across victim networks seemed to be a key aim of the attacker, who made extensive use of living-off-the-land tools in this campaign. Among the living-off-the-land or dual-use tools used were:
• Windows Management Instrumentation (WMI)
• ProcDump
• PsExec
• PAExec
• Mimikatz
The attacker was also seen exploiting a legitimate multimedia player to load a malicious DLL via search order hijacking, as well as exploiting another legitimate tool to load suspicious files onto victim machines.
hxxps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-south-east-asia-espionage
The Sygnia Incident Response team identified an advanced and persistent threat actor, operating almost completely in-memory. Sygnia refers to this threat actor as “Praying Mantis” or TG2021.
hxxps://www.sygnia.co/praying-mantis-targeted-apt
“The malware used by TG1021 shows a significant effort to avoid detection, both by actively interfering with logging mechanisms, successfully evading commercial EDRs and by silently awaiting incoming connections, rather than connecting back to a C2 channel and continuously generating traffic. Furthermore, the threat actor actively removed all disk-resident tools after using them, effectively giving up on persistency in exchange for stealth.”
“SharpHound” was used to scan and map targets by loading it directly to infected
machines memory without writing the binary on the disk. Quickly after the execution, the threat actor retrieved the
output files and deleted them. In addition, “PowerSploit” was loaded and executed using the same technique.
Credential harvesting
The threat actor modified login webpages to record credentials and save them to a file in clear text format.
Lateral Movement
After establishing foothold on an external IIS server, the threat actor access shared folders on internal web servers
over SMB using compromised domain credentials. On several occasions the threat actor dropped the NodeIISWeb
web shell loader via SMB to compromise additional servers.
Additionally, the threat actor utilized the exploits mentioned above to move laterally between IIS servers.
The Tactics, Techniques and Procedures (TTPs) used by TG1021, bare various similarities to those of “Copy-Paste Compromises” nation-sponsored actor described by the Australian Cyber Security Centre (ACSC).
hxxps://f.hubspotusercontent30.net/hubfs/8776530/TG1021%20-%20Praying%20Mantis%20Threat%20Actor.pdf
VSTATE deserialization exploits
hxxps://www.graa.nl/articles/2010.html
June 2020 ACSC Advisory
“The Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor. This activity represents the most significant, coordinated cyber-targeting against Australian institutions the Australian Government has ever observed.”
It is important to note the activity described in the advisory is wider and consists of additional tactics, techniques and
procedures that were not observed in the activities analyzed by Sygnia.
hxxps://www.cyber.gov.au/sites/default/files/2020-06/ACSC-Advisory-2020-008-Copy-Paste-Compromises.pdf
A number of Russian agents were booted out earlier in 2019…
ResearcherZero • August 10, 2021 10:55 PM
from 2017, an earlier report on the HyperBro watering hole campigns
“A national data center is a valuable source of data that can also be abused to compromise official websites. Another interesting point is the Mikrotik router, which we believe was hacked specifically for the campaign. The reasons for this are not very clear: typically, Chinese-speaking actors don’t bother disguising their campaigns. Maybe these are the first steps in a new stealthier approach.”
“The TTPs for this campaign are quite common for Chinese-speaking actors, where they typically provide new solid wrappers (launcher and decompressor protected with shikata_ga_nai in this case) around their RATs (HyperBro).”
“The websites were compromised to redirect visitors to instances of both ScanBox and BEeF. These redirects were implemented by adding two malicious scripts obfuscated by a tool similar to the Dean Edwards packer.”
hxxps://securelist.com/luckymouse-hits-national-data-center/86083/
SpaceLifeForm • August 10, 2021 11:13 PM
Maybe Apple decided that discovery would be an own-goal.
Interesting timing wrt to the CSAM news.
hxtps://www.washingtonpost.com/technology/2021/08/10/apple-drops-corellium-lawsuit/
ResearcherZero • August 10, 2021 11:17 PM
Mind you, I don’t suppose the NYPD would let a Russian spy oversee the build of their IT system. That may remain a unique Western Australian quality.
SpaceLifeForm • August 10, 2021 11:37 PM
A 5G Shortcut Leaves Phones Exposed to Stingray Surveillance
hxtps://www.wired.com/story/5g-network-stingray-surveillance-non-standalone/
The security benefits you miss while on a non-standalone 5G network extend beyond stingrays. You’re potentially susceptible to tracking, eavesdropping, and so-called “downgrade attacks” that push target devices onto older, more vulnerable data networks like 3G. And none of this gets communicated to mobile data users, despite enhanced security features being a key 5G selling point.
Clive Robinson • August 10, 2021 11:46 PM
@ echo,
Repelling an ants nest which got in somewhere of all things which was a nice rapid introduction to neurotoxins and baiting strategies and the logistics of it all.
You don’t have to use neurotoxins –like [1][2] to control ants…
Experiments have shown that artificial pheromones can be used instead.
One source is black marker pen ink, and ants have been found to follow it just like they do “foraging trails” even to their doom[3].
[1] Pyrethrins mixtures also called pyrethum or similar are “Sodium channel modulator, contact acting neurotoxins” that kill insects like bees, fish, some mammals including pets like cats, with very small quantaties, with repellent properties and nerve-agent poisoning effects in other creatures including humans.
Orignially derived from the dried powdered flower of the plant genus Chrysanthemum but optained more likely obtained from the genus Tanacetum, often from Tanacetum cineriaefolium. It is seen and advertised as a “natural pesticide”[2] but like all neurotoxins it’s a very dangerous compound to have around in the environment due to “toxilogical disadvantages” (meaning it kills things inxluding humans and can cause significant harm in early stages of life).
It’s main uses are domestic and agriculture for crop protection. It Targets pests such as a wide range of insects and mites, and A wide range of small mammal vermin as well as those further up the food chain which naturally predate them.
https://sitem.herts.ac.uk/aeru/bpdb/Reports/3035.htm
So not nice stuff to have around despite the cuddly “Monsanto Advertising”.
[2] Many plants produce what may be called “natural” Neurotoxins, one of the most noticible is the rhododendron which contaons significant quantities of the nrurotoxin “grayanotoxin” which bees can concentrate it into “Mad Honey”,
https://www.theapiarist.org/mad-honey/
[3] https://www.sciencenewsforstudents.org/blog/eureka-lab/ink-leads-way-terminating-termites
ResearcherZero • August 10, 2021 11:57 PM
Infiltration, how it’s done.
Keene proved an easy mark. A career lobbyist who advised presidential candidates from Ronald Reagan to Mitt Romney, he was a longtime chair of the American Conservative Union, which organizes the annual CPAC convention. NRA board member Grover Norquist has praised Keene as “a conservative Forrest Gump” who’s been at “the center of all things conservative for decades.”
hxxps://www.rollingstone.com/politics/politics-features/inside-the-decade-long-russian-campaign-to-infiltrate-the-nra-and-help-elect-trump-630054/
Ms. Butina, supported by Russian intelligence, managed to infiltrate conservative groups and advance Moscow’s interests in the United States
hxxps://www.nytimes.com/2018/09/02/us/politics/maria-butina-russian-spy.html
The FBI said she plotted to use political groups, including the NRA, to establish “back channel” communication with official figures with the ultimate aim of influencing US foreign policy in favour of Russia.
hxxps://www.bbc.com/news/world-us-canada-44885633
Butina’s main pipeline to the GOP was through her then-boyfriend Paul Erickson, a Republican operative
hxxps://nypost.com/2021/03/27/russian-spy-maria-butina-says-smart-men-were-her-weakness/
ResearcherZero • August 11, 2021 12:02 AM
I guess Maria Butina, and others, were effective at their jobs.
“This is obviously very high level and sensitive information but is part of Russia and its government’s support for Mr. Trump.”
hxxps://www.nytimes.com/2017/07/11/us/politics/trump-russia-email-clinton.html
echo • August 11, 2021 2:23 AM
@Clive
You don’t have to use neurotoxins –like [1][2] to control ants…
I had a situation which is the tail end of a lot of “but fors” caused by people not doing their job properly the first time. So I panicked.
Yes you are correct about neurotoxins. The active ingredients in most ant control products can do damage if they spread into the ecosystem. There’s also the general issue of pesticides and areas sanitised of vegetation which is havign an impact on wildlife as well as bees.
In this instance what I had to hand was applied locally in covered locations so like asbestos a ticking time bomb.
Another things is ants are fussy eaters as well as being a bit on the careful side. Ants also have their habits. They tend to be attracted by certain certain kinds of environments like damp wood and small holes and crevices, and tend to follow edges. They are very opportunistic and will eat any detrius which fulfills their dietry profile.
To some degree “user error” is responsible for an ant problem. It’s this kind of thing which historically made Feng Shui and similar schemes have utility in semi-tropical environments. “User error” may also contribute to not solving the problem.
For future use I bought a tub of borax. This can be mixed in with protein or fat or sugar or a blend. It won’t kill ants immediately but will be carried back to the nest and kill them at source. This is where a lot of people become frustrated. Incorrect bait which doesn’t suit ants needs of the moment and being impatient tend not to work.
Oh, great. I just discovered borax can be toxic for humans.
I think the ants are confined to one crack. This was either because the previous cowboys didn’t do their job properly or ground changes or both. I have some “making good” to do elsewhere because of this and have the tools and materials to rectify it so this is the next big job.
Boris • August 11, 2021 3:14 AM
Quite a hack if true: https://twtext.com/article/1424734523519025152
Clive Robinson • August 11, 2021 5:22 AM
@ ALL,
With regards Apple and the “Child Sex Photo Checking” via cop-tag database on yoir phone.
As far as I’m aware there is little or nothing you can do about these plans, except stop using “Cloud Services”. Many of which come from various people who actually use it as an excuse to “own any creative work/content” you may have come up with, by turning ALL of your data into third party business records they own and from then on control[1].
One idea behind this cop-tag excercise is to stop the powers that be like the State or National legislators from changing US law these corps find so usefull and profitable, is to give the legislators the feeling they are getting something for free. We’ve seen it with corps getting protection for turning over daya collected to “intelligence” and federal agencies. I suspect that this cop-tag business is a forst step on outsourcing Police functions to the likes of Palantir etc.
So how to get your daya out of the cloud? Well this article turned up and has a fun set of quotes from Mat Green at the end about his atleast decade old 6/day photo habit,
https://www.techtelegraph.co.uk/the-lesson-to-learn-from-apples-tool-to-flag-child-sex-abuse/
[1] From time to time, one or two of us warn about this theft of your creativity and originality but few listen “Convenience trumps Common Sense”. The three big points to not about any and all cloud services are,
1.1, Contractual terms about your data mean nothing, and you usually can not enforce them.
1.2, Once your data is off of your device onto some other persons device you have lost control of it for ever.
1.3, Anyone who can sign their name and works in some kind of agency gets access to all your data without oversight, or control or a requirment to even report they have had access. In the US this includes the Campas Cops at Universities etc and any one who has set up theor own transport network and alowable transport cops.
1.4, That’s access not just to read, but modify, write, and delete as well to your effective account or objects within it.
There is a lot more to add to the list but by this point you should recognize that the lowest forms of Guard Labour have access as they please, so assume the same applies upwards through all agencies be they private, state or federal. Oh and companies who treat them as third party business records have absolitly no legal or regulatory duty of care to confidentiality.
Clive Robinson • August 11, 2021 5:31 AM
@ SpaceLifeForm,
A 5G Shortcut Leaves Phones Exposed to Stingray Surveillance
You might want to consider who was responsible for the downgrade “shortcut”?
As I’ve mentioned in the past I’ve seen the 5-Eyes and similar SigInt agencies stuff the committees with their “technical members” via national telecommunications providers and argue things from a “think of the children” or similar “Health and safety” FUD angle, just so they can “tag team” them through and make you look evil if you try objecting… They call it “finessing” I call it a different more base F-Word.
Winter • August 11, 2021 6:26 AM
@Boris
“Quite a hack if true”
Indeed, that is a very significant hack, if true. We will see whether it is true from the fall-out, if there is any.
Winter • August 11, 2021 6:39 AM
@Boris, All
To give people an impression of the hack:
First they’ve downloaded the entire “АИС Паспорт” database which contains all personal details of every Belarusian citizen including passport photos, home address, place of work (including those with restricted access who work in KGB and other special services) 2/6
They’ve also downloaded the last 10 years of emergency calls history which contains all personal details of regime supporters who reported their coworkers and neighbours for wearing white-red-white colours and similar “crimes”. 3/6
echo • August 11, 2021 6:52 AM
@Clive
I’ve already identified a potential bypass of Apple’s new scheme even if scanning is mandatory. Camera apps can simply write a capured frame in a none standard or even encrypted format, or record decoy images while embedding unlawful images in private image format fields. Apple will have to shift from file scanning to scanning the buffer or buffered to filesystem content before it’s released for end user access within the general purpose file system. That’s going to create a whole lot of other problems.
There’s knock on effects from hardware to software to third party ecosystems. Even if every communications app developer took up Apple’s offer and implemented their app level scheme which may be used across multiple platforms not just Apple’s it may be creating A.) A hightened awareness among criminals and B.) False assurance. The other smartphone platform vendors may join in and that leads to all manner of fun and games at the smartphone platform level as everyone tries to outdo each other with their own implementations.
Assuming a criminal uses a smartphone with this technology what if they only use it in offline mode i.e. without a sim or on a phone plan without data access?
Where and in what format is the indicator data cached for reconnect? Can it be accessed or modified?
I expect someone has created memory cards with extra surprises buried in their microcontrollers to squirrel stuff away too.
As for committees you don’t even need “the fix to be in” from on high. A few raging gammons and careerist pilchards can do a lot of damage without encouragement. If people took the time to actually read policy they’d wake up to how many byzantine paths and loopholes exist where iffy things can happen from recklessness to ass covering. This can of course be exploited for nefarious reasons too as we know.
Winter • August 11, 2021 6:59 AM
@echo
“If people took the time to actually read policy they’d wake up to how many byzantine paths and loopholes exist where iffy things can happen from recklessness to ass covering. ”
There is a very instructive South Park episode about Apple’s EULA:
ht tps://www.southparkstudios.com/episodes/j6a6zs/south-park-humancentipad-season-15-ep-1
Please, be aware this episode is not for people with a weak stomach.
Clive Robinson • August 11, 2021 7:55 AM
@ echo,
In this instance what I had to hand was applied locally in covered locations so like asbestos a ticking time bomb.
No not like asbestos that realy is a “forever problem” most of the “natural neurotoxins” break down in humdity or sunlight in a few weeks.
As for problems with ants in homes, there is a very real security lesson in it…
I used to have a ground floor maisonette which should have been built on a 300mm thick reinforced concrete slab… Tthat is what the plans/drawings showed. However unbeknown to me when building they “forgot to” run an “essential service” in (water…) before putting the slab in, but they also put a big hole in the slab where the gas central heating fire/back boiler was to be located… So what they did was cut a channel through to that hole under where an internal “structural” brick wall was going to go and laid the water pipe in and back filed with small rubble and concrete… Which is an appaling thing to do, especially when you hode it by putting a structural wall ontop of the weakness…
Worse rather than use the same mix to close the hole under the fire / back boiler they just filled it with rubble and dropped some slabs on it.
Thus the “security moral/warning” is don’t trust the building plans unless you actually are their for the full build… This applies not just to “physical security” but all parts that fall under ICTsec.
Now ants are interesting creatures, most of the time you do not see them, and as you’ve found out they can build up their numbers quite covertly untill you are well out numbered…
The time you do see them is for the “mating flight” when large winged ant in their hundreds if not thousands just appear one afternoon and swarm…
It is unfortunate if it happens in your home when you are away for a couple of weeks holiday because it’s a major vacuum cleaner job at the very least, then as you’ve probably found a fairly carefull hunt for their paths.
If you have friends that do “bugs” as the brother of a work colleague did at the UK Natural History Museum a half hour chat on the phone can tell you all sorts of things you do not want to know, such as the nests can be forty foot underground and very hard to deal with…
Back then I had access to some interesting knowledge and “household chemicals” so I dealt with my ant problem by the “First World War” method. I injected dilute ferric chloride solution into the nest over several days and let the ants move it around and down through the nest… Then a few days after that when the weather was nice I opened all the windows and set up a folding chair table, large supply of refreshments several good books and a parasol on the upwind side of the maisonette and poured a bottle of household bleach into the nest openings under the boiler…
The smell of chlorine gas was soon apparent and I spent most of the day quietly under the parasol outside… Later I shut the windows and put the fold up furniture back in the shed and got washed and changed and spent the rest of the weekend with a friend. Mid monday I returned opened all the windows again and let the last of the gas out. Of the ants there was never any sign again. Oh and the maisonette smelt strangely clean for several weeks after.
This is not something I would recomend people do, but it did work for me and obviously did kill the Queen which was the important tging to do.
Winter • August 11, 2021 8:24 AM
Some information about disinformation campaigns like that of our local Troll-tool. The current wave of Trool-tool spamming does deviate from the the two waves described in the report, but there are also similarities, like the focus and spam-like nature. But maybe the Troll-tool was employed in that campaign and uses the same tactics for a new task?
Facebook July 2021 Coordinated Inauthentic Behavior Report
ht tps://about.fb.com/wp-content/uploads/2021/08/July-2021-CIB-Report.pdf
We removed 65 Facebook accounts and 243 Instagram accounts for violating our policy against foreign interference , which is coordinated inauthentic behavior on behalf of a foreign entity. This network operated across over a dozen platforms and forums but failed to build an audience. It originated in Russia and targeted audiences primarily in India, Latin America and, to a much lesser extent, the United States. Our investigation found links between this campaign and Fazze, a subsidiary of a UK-registered marketing firm, whose operations were primarily conducted from Russia. Fazze is now banned from our platform.
This campaign came in two distinct waves, separated by five months of inactivity. First, in November and December 2020, the network posted memes and comments claiming that the AstraZeneca COVID-19 vaccine would turn people into chimpanzees. Five months later, in May 2021, it questioned the safety of the Pfizer vaccine by posting an allegedly hacked and leaked AstraZeneca document. It is noteworthy that both phases coincided with periods when a number of governments, including in Latin America, India and the United States, were reportedly discussing the emergency authorizations for these respective vaccines.
This campaign functioned as a disinformation laundromat. It created misleading articles and petitions on multiple forums including Reddit, Medium, Change[.]org, and Medapply[.]co[.]uk. It then used fake accounts on social media, including Facebook and Instagram, to seed and amplify this off-platform content, using crude spammy tactics. The crux of the campaign, though, appeared to be engaging influencers with pre-existing audiences on Instagram, YouTube and TikTok to post content and use particular hashtags without disclosing the origin of the posts. This use of influencers appeared to be in line with the firm’s advertised services, which included access to “a large list of bloggers from Youtube, Instagram, and Facebook… [where] Accounts are ready to post your ads for reasonable pricing. Work with bloggers directly without any 3rd party.”
Clive Robinson • August 11, 2021 9:17 AM
@ Winter,
The current wave of Trool-tool spamming does deviate from the the two waves described in the report, but there are also similarities, like the focus and spam-like nature.
The deviation is not as high as some might think, and well within “marketing plan” parameters.
A few months back I mentioned that an EU report had picked up on the fact significant anti-vaxx advertising funding had been found. Also I’d traced back and found that many of the anti-AZ stories had been pushed out by “Sky News” nominally under the direction of Rupert “the bear faced liar” Murdoch and his family of idiots some of whom are technically “criminals” in the UK.
It appears there is 2.5k/USD sums on the table just waiting to be picked up…
Which might be what the report you quote is driving at with,
“This use of influencers appeared to be in line with the firm’s [Fazze] advertised services, which included access to “a large list of bloggers from Youtube, Instagram, and Facebook… [where] Accounts are ready to post your ads for reasonable pricing. Work with bloggers directly without any 3rd party.”
As noted “Fazze”, “is a subsidiary of a UK-registered marketing firm” which appears financed from East Europe / Russia. But where does that money actually originate? It’s douvtfull those collecting it either know or care, it’s just “easy money” when there is little or no kick back (something that appears to have surprised the Troll-Tools who have blustered).
We have however seen this sort of setup before with Cambridge Analytica where the money actually came from the Mercer family who were one of three families wrestling for power over the US GOP, and were illegaly funneling money into Boris Johnson and Brexit etc.
As some readers here may remember the Metropolitan Police London under the control of Cressidea Dick then allied to the then previous Home Office Minister and then British Prime Minister Theresa May rather rapidly “pulled the plug” on further investigations that might open up the US side of things.
Whilst “Old Man Mercer” may be out of the far right republican politics it is very clear his daughter is in it upto her eyebrows and beyond…
Thus it could be the USD is hedge fund money just routed around through Russia and Eastern Europe and simillar places to provide “cut outs” and “plausable deniability” it is something the Big Phama and similar are well used to doing.
Winter • August 11, 2021 9:47 AM
@Clive
“allied to the then previous Home Office Minister and then British Prime Minister Theresa May rather rapidly “pulled the plug” on further investigations that might open up the US side of things.”
Quite a number of EU politicians do have considerable troubles due to Anti-vaxxers, eg, Macron. There is also very little love lost between them and the GOP or UK conservatives. They might decide an example should be set.
Pandemic disinformation campaigns are now confounded by Climate Change disinformation campaigns and the damage of both the pandemic and the latest weather disasters are piling up this summer. Anti-vaxxers and Climate Change deniers are more and more addressed as dangers to the safety of the population.
I would not be surprised if some politicians might feel they have to be seen to do something about it. Putin et al, Trump et al, and Johnson et al all have very low popularity scores in the EU. It is entirely possible one of their financial backers will get into the cross-hairs.
SpaceLifeForm • August 11, 2021 6:09 PM
@ Winter, Clive
On the surface, it appears small.
hxtps://www.reuters.com/world/europe/germany-arrests-british-diplomat-suspected-spying-russia-2021-08-11/
ResearcherZero • August 12, 2021 12:52 AM
“Locally hired staff – ranging from drivers to security guards to cleaners – can also be targeted with cash or other inducements because they can provide access to rooms to plant listening devices or gather information themselves.”
hxxps://www.bbc.com/news/world-europe-58170872
Even the head of the Department of Communities might be working for spies.
hxxps://www.watoday.com.au/national/western-australia/barely-recognisable-wa-senior-bureaucrat-remains-in-custody-20200203-p53xcf.html
It takes decades of work, it’s often hard to prove, and there is pretty heavy use of suppression laws for anything that might embarrass the Australian Government.
I mean, if it was to get out this guy (Paul Whyte) and his wife had been abducting children, ripping of the hospital system, stealing medical files, ripping of public housing, money laundering, and working for a couple of spies since the 1980’s, it could understandably look a little odd why something wasn’t done earlier. He is being sentenced this month, but sometimes cases like this do run 30 years or longer. Sometimes there are further charges added later, and further arrests.
ResearcherZero • August 12, 2021 1:45 AM
This is well worth a watch and a good presentation on the recent development and capabilities of eBPF (Extended Berkley Packet Filter)
def con 29 eBPF, Linux Rootkit creation and defense
hxxps://www.youtube.com/watch?v=g6SKWT7sROQ
hxxps://blog.tofile.dev/categories/#ebpf
hxxps://github.com/pathtofile/bad-bpf
hxxps://ebpf.io
hxxps://docs.cilium.io/en/v1.9/bpf/#bpf-guide
hxxps://github.com/iovisor/bpf-docs/blob/master/eBPF.md
Clive Robinson • August 12, 2021 2:45 AM
@ SpaceLifeForm,
On the surface, it appears small.
The article is not clear, first they claim he’s a Diplomat then he’s a local who’s employed on staff.
If he’s the latter he’s very very unlikely to come into contact with documents or other clasified items at “confidential” which used to include the canteen menu…
Diplomatic missions do employ locals for various reasons, cleaning and maintainance being just a couple catering etc another. Think a 1970’s school which had teachers in class rooms and other staff doing things around them, diplomatic missions used to be kind of like that. You in effect had a core and buffer zone around it then the host nation outside the windows and doors.
There are photos of the US diplomatic mission to Russia in the 1970’s up on the Internet[1]. It was in an office block with Rusian “business” above and below and in adjacent buildings and Russian maintainance staff turning the services on and off as they saw fit including the lift
So we are going to have to wait and see what “David.S” gets charged with if anything and if it’s genuine or just more games.
[1] In general most photographs are found with write ups on the NSA 1980’s “GUNMAN” Project to find sophisticated bugs in IBM Selectric typewriters.
[1] The existence of sophisticated Soviet bugs was brought to the attention of the NSA by the French Signals Intelligence Service. Which was a bit of an embarasment to put it mildly. Because the French were often considered not just “communist” but “efféminées” by certain US agencies such as the State Dept, CIA, FBI (something that did not die out and has came back to the fore with the idiotic “Freedom Fries” and similar).
The bugs were very sophisticated for the time way more sophisticated than anything the Five-Eyes had or had ever seen and came fairly quickly after the technical shock of “The Thing”. It’s always been assumed the French found it “by accident” but actually they tended to be ahead of the game rather more than the CIA/FBI who’s technical resources were rather naff at the time. Apparently the French found a similar one inside one of the teleprinters at their Moscow embassy in January 1983.
The Director of the NSA (DIRNSA)
LtG. Lincoln Faurer, After learning about the bug, apparently got upset with other US agencies and decided they could in no way be trusted (probably very wise at the time and now). So he sent analysts to examine the implant.
Unsuprisingly the analysts found that the bug represented a major technological improvement over the Soviet’s previous efforts. Due to their professional nature and the choice of components, and very “manufactured” appearence it was thought very likely that there would be one heck of a lot more of them around…
As the NSA quite rightly trusted neither the State Department nor the CIA (nor should they today) to handle the matter even close to appropriately, The General and his staff developed a very detailed plan of action over the next few months to impound and examin all equipment in Russia quite thoroughly.
This became known as the GUNMAN project and it was designed to examine and remove and replace and all information processing and telecommunications equipment at the US embassy in Moscow. Which records show as some 26,000lbs of equipment.
Such was the projects nature it required not just Presidential approval but decree which was optained in “record time” from Ronald Reagan in February 1984.
Did it find all the bugs? we assume so as it effectively destroyed much of the equipment. did it stop the Russians? no certainly not they had other techniques to microwave embassy staff in their homes and offices. But it did act as a bit of a wake up call that the US and Five-Eyes really needed to “up their game” a lot especially the CIA and FBI who had repeatedly “dropped the ball”[2]. The State Dept just carried on as normal like a bunch of nasty old spinsters organising the parish behind the parsons back… But it was something the UK Prime Minister Margaret Thatcher went all “Nazi Storm Trooper” over, as those having the misfortune of living through it remember.
[2] Leon Theremin’s “The Thing” / “Great Seal Bug” device that compleatly stumped both the CIA and FBI technical rrsources but was solved by the UK MI5 where Tony Sale of Bletchley fame worked during the more interesting times. Has been continuously re-invented in many ways not least by myself and thus still remains an active threat, thus keeps pipping up from time to time,
Winter • August 12, 2021 3:34 AM
@Clive
“Because the French were often considered not just “communist” but “efféminées” by certain US agencies such as the State Dept, CIA, FBI (something that did not die out and has came back to the fore with the idiotic “Freedom Fries” and similar).”
This attitude was common in UK media too, e.g., the famous insulting Frenchman in Monty Python and the hole grail [1].
For me, this has always illustrated the narrow mindedness and self importance of the Anglo-Saxon world. The French diplomatic service was and is probably the best in the world. They single-handedly blunted the USA “Coalition of the Willing” in the invasion of Iraq and everything the French predicted before the invasion became true. I am pretty sure the French knew very well what to expect from the Russians and how to check their own stuff.
As (continental) Europeans we have long learned (as in, for centuries) never ever to underestimate French foreign policy. Btw, their foreign legion seems to be pretty good too.
[1] ht tps://www.youtube.com/watch?v=QSo0duY7-9s
echo • August 12, 2021 4:34 AM
@Clive
This last statement is of course utter non-sense. Snowden revelations include a very much ignored information regarding an Audio-based RF retro-reflector — codenamed LOUDAUTO — which provides room audio from targeted space using radar and basic post-processing.
I’ve caught some dodgy edits of law on wikipedia around the topic of data protection including who or who doesn’t have the right to record secretly or otherwise. The law is very plain to understand as is the Police and Criminal Evidence Act. It’s either idiots who heard the wrong interpretation off one of their colleagues or another state sector worker (this happened quite frequently with matters of law concerning photographers and taking photos in public spaces) or it is deliberate.
It is not lawful for the state to record something without authorisation in law such as a warrant or ministerial sign-on or explicit power granted by law. It is lawful for a citizen to record or even covertly record meetings. There’s lots of surrounding case law on this. For example you cannot just dump material on the internet – that is a good way to get a judge to throw your case out or attract a harassment charge. A citizen may also conduct an investigation within the framework of PACE and this is explicitly laid out in PACE legislation. This is something BBC licence snoopers like to throw in peoples faces when it suits them.
Additional resources worth reading is law on “effective remedy” on the interms of political resolution but also adminstrative resolution, as well as the usual inadequacy and negligence law and constitutional law on the balance between the people and state.
Clive Robinson • August 12, 2021 8:31 AM
@ Winter,
This attitude was common in UK media too, e.g., the famous insulting Frenchman in Monty Python and the hole grail
Actually long before the “UK media” existed and even long before King Henry VIII built his Navy…
Importantly though it has more or less been reciprocal, that is they call us “Roast Beef” and we call them “frogs legs” over what we see as each others “national dishes”. Likewise the English/French disease we blaim each other needlessly for likewise the prophylaxis. Down through the centuries a to and fro, matched in some ways with advantages and disadvantages almost balancing. In many ways we are now almost both one people of Norman blood making fresh inroards into each new race that settles in our respective borders.
As for the Anglos and Saxons there are very few left, sad to say, there are more distinctly celt than them.
The thing is yes we have bigots and we have xenaphobes on both sides but what we realy have in common (grumbling) tends to out weigh the differences. Yes we are enemies of old for over a thousand years but every one has a favourite itch they scrath. In some ways we are like “fighting brothers / sisters” we knock seven bells out of each other from time to time but will take on the world together, and have.
So just grumble and shrug, it’s what you are supposed to do, then find the bottle opener, some bread and cheese and let the stories be vastly exaggerated 😉
Anders • August 12, 2021 9:56 AM
@Winter (+ Clive & SpaceLifeForm & MarkH)
hxxps://www.delfi.lt/en/politics/classified-info-leaked-during-cyber-attack-against-foreign-ministry.d?id=87937063
Everything is connected today.
JonKnowsNothing • August 12, 2021 10:20 AM
@Clive, SpaceLifeForm, MarkH, Winter All
I put up a long post that seems to have hit the tarmac. It was rather lengthy with genome stuff.
Summary: AY.3
Get to know it. It is going to get to know you very well.
Winter • August 12, 2021 10:31 AM
@JonKnowsNothing
“AY.3”
You mean like this?
Cryptic Transmission of the Delta Variant AY.3 Sublineage of SARS-CoV-2 among Fully Vaccinated Patients on an Inpatient Ward
ht tps://www.medrxiv.org/content/10.1101/2021.08.05.21261562v1
Background Recent reports indicate that vaccination is effective in reducing symptomatic infection with the Delta variant of SARS-CoV-2 (DV) but is less protective against asymptomatic transmission of DV in outpatients than for earlier variants.
Here we report cryptic transmission associated with high DV viral load among vaccinated patients on an inpatient medical-surgical ward.
Anders • August 12, 2021 10:45 AM
@Winter (+ Clive & SpaceLifeForm & MarkH)
hxxps://www.lrt.lt/en/news-in-english/19/1467832/hackers-steal-classified-documents-lithuanian-official-say-riots-may-be-connected
Winter • August 12, 2021 10:52 AM
@Anders
That hack nicely latches wit the hack of the hack of the Belarus Passport database posted above:
https://www.schneier.com/blog/archives/2021/08/squid-dog-toy.html/#comment-386523
JonKnowsNothing • August 12, 2021 10:54 AM
@Winter
Yes. Delta-D Variant AY.3. Doesn’t have a Greek Letter yet.
Not sure how much can be said on the topic. Moderation is great. Filters are working.
Winter • August 12, 2021 2:35 PM
@Jon
“Not sure how much can be said on the topic. Moderation is great. Filters are working.”
Indeed. But there is little to say. This was all expected. No serious consequences yet, and more opportunities for competing for “The Herman Cain Freedom Award”.
JonKnowsNothing • August 12, 2021 3:20 PM
@Winter
re: But there is little to say…
Actually there was a lot to say. I probably broke the max-post-length value, along with some moderation rule.
Unless the moderator decides to put back the post, I won’t follow up. I already did days worth of research and cross checking. I already know. Some others might not know so they will have to follow the breadcrumbs to AY.3 on their own.
SpaceLifeForm • August 12, 2021 6:15 PM
@ Winter, JonKnowsNothing
It may not be that which you suspect.
Clive Robinson • August 12, 2021 7:04 PM
@ SpaceLifeForm, JonKnowsNothing, Winter,
It may not be that which you suspect.
The Delta-D Variant AY.3 appears to be rising rather rapidly.
Based on various sources including the CDC it won’t be very long before it’s got more than half the US current infections to it’s name…
It’s other characteristics are not good especially for the un or partially vaccinated…
Due to political reasoning of “the war is over” when infact it’s only just starting, quite a few of the more critical variants are nolonger being traced or recorded thus trying to track them is now nearing impossible in the US…
Winter • August 12, 2021 9:18 PM
@Clive, Jon, SLF
“It’s other characteristics are not good especially for the un or partially….”
The message is bad for most of the poorer countries. In the end, it is either we are all safe, or none of us are. But that is a lesson many will simply refuse to learn.
It seems clear that the loony right is going for herd immunity, and their electoral base really wants to follow. But any breakthrough variants will also tank herd immunity.
JonKnowsNothing • August 12, 2021 11:22 PM
@Clive, Winter, SpaceLifeForm, All
re: any breakthrough variants will also tank herd immunity.
AY.3 and the rest of the DeltaA-DeltaE + AYs is rather worse than the above in several aspects.
Sorry to remain SLF-Elusive, but dig deeper; there are more breadcrumbs…
SpaceLifeForm • August 13, 2021 2:26 AM
@ JonKnowsNothing, Clive, Winter, MarkH
IIRC, it was about a year ago that I wondered:
How long do Memory-T cells remember?
It may be that they either remember too accurately, or they forget after about 6 months.
Or both. Delta has basically squeezed out the other variants, it is dominate now. Probably over 90 percent of new cases world wide.
Clive Robinson • August 13, 2021 2:34 AM
@ Winter, JonKnowsNothing, SpaceLifeForm,
It seems clear that the loony right is going for herd immunity, and their electoral base really wants to follow.
I think I’ve been clear in the past I’m very much opposed to both types of “Herd Immunity” that is “Natural Herd Immunity”(NHI) that is basically “do nothing” and forced “Herd Immunity Policy”(HIP) that I regard as little more than politically inspired genocide in a new set of clothes.
I’ve also indicated that carefull area quarantine is the only way to stop the spread of SARS-2 and it’s “Variants of Concern”(VoC). Thus get on top of it and limit the number infected as much as possible, as there is no other way that will work for us currently.
As for vaccination it may help in the long term, I’m now thinking maybe decades, not years, or months. And that will be if and only if we get the right sort of vaccine, which clearly we have not yet, nor may we ever get (as with flu etc).
Which brings us to your point of,
But any breakthrough variants will also tank herd immunity.
Yes that should be obvious to all but for some reason it’s not.
Nor is the thought that there will be just as with the “common cold” and “flu” viruses a new varient twice a year. Nor are they thinking that again like the “common cold” and “flu” viruses there will be a new breakthrough varient at least once every four years.
But then what of lethality?… As noted early on, SARS-2 mutants have a habit of getting worse in this regard as well as much more transmissible, which is not a good combination at all.
What we all should now know is that new VoCs appear at a rate aproximately related to the number of people currently infected.
We now know that some of the vaccines we have whilst they currenrly save lives are not stopping reinfection with new VoCs. Thus those reinfections will become the breeding grounds for new mutant variations that some will become worse than existing VoCs.
So it’s not a question of “maybe” but just “When?” and “how often?” and that is down to the number of active infections… That as I’ve said can only be controled by “area quarantine” currently…
We also know that whilst the politicians talk up vaccines for the second and third world, the reality is very different. What is going out is a tiny fraction of what is needed and is mainly the more useless vaccines with low efficacy, so that the “Man Power” and all the other resources required for mass vaccination are effectively being squandered quite deliberately.
I could go on but what should be clear is,
1, Only area quarantines will get infection numbers down.
2, If we do not get infection numbers down all vaccines will become ineffective give time.
I’ll let others work out what sort of world that means for humanity.
But one thing to consider, is “People that behave in stupid ways usually do not stop behaving in stupid ways”. Often when they do not get their stupid way they turn to the “authority of violence” through “Guard Labour” and weapons of war. We’ve already seen outbreaks of violence over such stupidity, history tends to show such things will get worse before they get better.
One prediction I did make was that we would see things tip or ballance over “Personal Rights -v- Social Responsibility”. If people want the world as we know it to survive they need to remember that more than 99% of it is “society”. That is the notion of “one man standing alone” that libertarians promote is a nonsense, every man stands on the shoulders of society irregardless of what they may want to think. Society is in reality the tide that floats all boats, so put simply you have two choices you can float with the boats or you can sink like a rock. Oh and only the stupid kick the bottom out of boats because they have the idea they would be better off if everyone else sank before them…
SpaceLifeForm • August 13, 2021 2:53 AM
Tricky CAPTCHA
hxtps://twitter.com/RAF_Luton/status/1425731931275202563/photo/1
Winter • August 13, 2021 2:58 AM
@SLF
“How long do Memory-T cells remember?”
Latest results are that the memory T cells do not disappear. They return to a low level, but keep around.
Cannot access the study at the moment.
Clive Robinson • August 13, 2021 6:04 AM
@ Winter, JonKnowsNothing, SpaceLifeForm,
And at a certain moment, if people definitely refuse to take precautions, they cannot be helped and will have to bear the consequences.
That’s not entirely accurate.
It’s not “they” but “us” who will have to bear the consequences.
It’s a point people do not appear to understand even though it’s already happened in places like Brazil.
The important points are,
1, VoCs occure in infected people.
2, VoCs are moving away from vaccines and earlier infections.
If WE limit the ability of a VoC to spread then infections come down thus the number of new VoCs comes down as well. Which reduces the VoC spread away from the varients where the vaccines are effective. Which in turn makes the vaccines effective for longer, which buys more time to vaccinate those who are unvaccinated.
It’s the only way we can win with vaccination is to stop VoCs by limiting the numbers infected and the ability of VoCs to spread.
If we don’t then we all end up chasing our tails via endless rounds of very resource intensive vaccination cycles that not even the First World can readily support.
Oh and eventually by probability of infected cases we will get another VoC with “zoonotic disease reservoir” capability…
So those “they” who chosen to not be responsible are in fact bringing down their irresponsible behaviour on every ones heads not just their own but the “we” who have behaved responsibly.
Those “they” being the ones who believe in the “Free Market” object to being treated by “Free Market” rules where the market uses “risk” as a method of doing business or charging. So yes “they” being many more times dangerous should be excluded by businesse that do not want the risk “they” bring, and for those that will take the risk they should be free to charge ten or twenty times as much for the risk, it is what a Free Market is all about after all. This should perhaps be the method used in “health care” after all in the US you have to prove you have “Health Care Insurance” or equivalent, the same should apply to vaccination etc status at the point of health care.
echo • August 13, 2021 6:50 AM
https://www.youtube.com/channel/UCqqwC56XTP8F9zeEUCOttPQ
Independent SAGE Covid briefing 13/08/2021 1.30pm UK time.
echo • August 13, 2021 7:16 AM
FYI:
https://www.youtube.com/watch?v=f9jhFI5Wm7k
Independent SAGE – ‘Zero COVID UK’
13,827 views
Streamed live on 7 Jul 2020
A public discussion convened by The BMJ, featuring independent Sage and supported by others.
14:00 to 15:15 BST.
JonKnowsNothing • August 13, 2021 11:42 AM
@Clive, Winter, SpaceLifeForm, All
@Winter: re breadcrumbs
I am not going to push my luck at providing more details because the original document which laid out all the items in glorious detail was blocked. If you are unable to follow up more, I totally understand because the pool is rather deeper than you might expect.
@Clive: Superior Breadcrumber
Thank you for connecting more of the trail for others. The serious end of the business is in the Time Frame. It’s not future based.
yCMMI • August 13, 2021 1:21 PM
Is there any kind of locksmith or physical lock scene in the DVD movie entitled “2067” ?
I’m curious about depictions of vaults and locks in cinema.
The imaginary ones give me ideas in support of physical security techniques.
Sincerely,
You Complete Me, Myself, and I
Clive Robinson • August 13, 2021 4:11 PM
@ JonKnowsNothing, SpaceLifeForm, Winter, ALL,
Thank you for connecting more of the trail for others.
The problem I see is the very large quantity of bread crumbs, so things are begining to have a degree of a “join the dots picture”.
Or as others might prefer a “spider trail of routes” each starting or finishing at different points, but most crossing at but one point that may be a nexus.
What I see is not good, in fact some of it we have talked of before is very dark. But in it’s turn appears positively bright and white to that I’m currenrly piecing together from little hints and glints of “Super Power” and other First World nations.
It is so dark and dire in nature, I can only hope to be wrong, but I think not. As each day/week goes by the opportunity to stear of the path I can see diminishes greatly. Suggesting if it were needed to be that it is caused by a very deliberate plan or policy thay has been put in place.
Nearly a century ago we saw a similar series of political high grounds being taken to demonize and reduce entire races to sub or non human. It was not just one nation doing this as is often taught to school children, but most of the Americas and Europe, where those with money, power or status openly discussed “solutions” by force to social issues they had created. Many of these solutions were “medical” in name only and I see parallels today not just in attitudes but in new legislation.
Some may agree with what I see, others not, all I can urge is people look for themselves with an open but cautious mind and test what they are told. Especially as many who claim to be one thing show themselves to be something entirely different, when they are observed for even a short time.
The real summer • August 14, 2021 2:26 PM
@Winter
So you censor me thus removing all context from the discussion then respond to a fragment of my text.
You stridently assert that the people you disagree with are “looneys” again.
No explanation.
No arguments.
No links.
The only data I can extract from your post is a political bias.
@The real summer:
“So you censor me”
No @Winter does not “censor” you, only point out the truth to counteract your nonsense.
The truth is simply stated by @Winter and others but you do not want to except the reality of the truth of it, perhaps more people should ask why?.
But “The truth will out” as they say and your comment says much about your mental state.
So your nonsense is all about your mental failings and your sad parochial political views that others think are quite rightly loony / genocide for what are good humanitarian reasons.
So why don’t you take your genocidal nonsense and shove it where it will not cause others to point out your increasingly obvious mental failings.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Neon Green • August 6, 2021 4:29 PM
Was “4/20/2008” the historical date when (…)
NIN
Lives
Matter
(…) got hacked ?
It’s of interest because of a very similar date when a known upload turned up missing also.
benefi9ally,
Neon Gr(eee)n =/= govinda
P.S. – “It’s not that difficult to just write upon the surface of the maxi pad with your mascara utensil. And you don’t need a compact for that either, unless you are unsheathed enough of a lovefool to gaze upon Lady Luck like a voyeur in spite of her chewbacca crossbow’s are cool caution.”