Friday Squid Blogging: Bobtail Squid and Vibrio Bacteria

Research on the Vibrio bacteria and its co-evolution with its bobtail squid hosts.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on November 26, 2021 at 4:05 PM176 Comments


Anders November 26, 2021 4:20 PM


Repost. Learn from it. It is important. Supply chain security
IS hard, VERY hard. Our host knows.

And don’t hide things.


SpaceLifeForm November 26, 2021 5:14 PM

@ Anders

Timing was off

Ultimately, the only way forward for security is that everyone should have a HSM, where one rolls their own keypair of 256 bits, using good random.

Signon/Login/Verification should require signing a challenge via the HSM.

This is not an easy solution because people are lazy and want convenience.

But, as you note, you can not trust outside parties that are in the Supply Chain.

Clive Robinson November 26, 2021 5:35 PM

@ Anders,

Supply chain security
IS hard, VERY hard. Our host knows.

Err no “supply chain security” is impossible against a suitably motivated and resourced adversary.

It’s been known since before the “Rainbow Books” and it will continue to remain so unless we have a few very fundemental changes.

In fact at a certain point security of the supply chain be it tangible or intangible goods becomes “probabilistic” in nature.

Or if you prefere as you approach one end of the line your only hope is “security by obscurity” which is practiced in the tangible physical world as standard. But in the intangible information world various Western Governments are seeking to make even that illegal…

Anders November 26, 2021 5:39 PM


Things are actually a much worse.

Our ID card has actually two key pairs and accordingly two
PIN’s – one for the authentication (PIN1) and second one
for the signature (PIN2).

Documents signed with ID card (using PIN2) are legally equal
with handwritten signature.

Considering that our govt hided that information can cause a
lot of problems – any digitally signed document from that time
frame can now be disputed – i didn’t sign that loan or another
agreement, someone accessed my ID card and use it, there was a
vulnerability etc.

Quite a mess.

SpaceLifeForm November 26, 2021 6:17 PM

@ Anders

This makes no sense

Which is obviously your point.

Two key pairs (and two allegedly corresponding PINs), does not compute. Unless it does. Magic.

If authentication (PIN1) and second one
for the signature (PIN2) are supposedly different functions, then what is the purpose?

Authentication and signing are equivalent. At least in this use case.

The only reason to have two different keypairs is to use one for signing, and the other for encryption.

Something is fishy in Dodge.

ResearcherZero November 27, 2021 4:09 AM


If you read many of the government department audits, they don’t even know who has access to some systems. Improper auditing, people retain access after no longer being employed, in some departments they can not tell who accessed the system.
So of course they censor large parts of audits, and never investigate properly, or it would be a huge scandal, and no one wants to take responsibility…

It’s like day and night.

At 8am a warning siren sounded, telling people to head to the water. By 9.30am, the sky was “pitch black”.
“Like it should have been daylight and it was black like midnight. And we could hear the fire roaring.”

‘Yeah bra’ – “Eat your vegetables!” says PM

“But, Hardin,” reminded Fara, “we can’t!”
“But you haven’t tried. You haven’t tried once. First, you refused to admit there was a menace at all! Then you reposed an absolute blind faith in the Emperor! Now you’ve shifted it to Hari Seldon. Throughout you have invariably relied on authority or on the past – never on yourselves.”
“It amounts to a diseased attitude – a conditional reflex that shunts aside the independence of your minds whenever it is a question of opposing authority. There seems no doubt ever in your minds that the Emperor is more powerful, or Hari Seldon wiser. And that’s wrong, don’t you see?”
For some reason, no one cared to answer him.
Hardin continued: “It isn’t just you. It’s the whole Galaxy.”

If you want to predict the future accurately, you should be an incrementalist and accept that human nature doesn’t change along most axes.

ResearcherZero November 27, 2021 4:34 AM

There is a lot less graft to be had when things work properly, and a lot more responsibility.

Odebrecht for example.

In the countries where it operated — especially in Brazil and the Dominican Republic — the revelation that Odebrecht’s corruption reached the highest levels of government has destroyed storied careers and crippled political parties.

“This paperwork, if you want to submit it, it needs to specifically corroborate what you are going to tell us, and whatever you tell us, it has to agree with the prosecution’s line.”

Most of its bribes were paid to get contracts from governments to build roads, bridges, dams and highways.

Cerveró and other Petrobras directors had been deliberately overpaying on contracts with various companies for office construction, drilling rigs, refineries and exploration vessels…

Clive Robinson November 27, 2021 9:48 AM

@ Ismar,

This is significant

Yes FECC’s with Higher Dimension “wormholes” as short cuts to rejecting bad forms of codes, not just errors.

I don’t know if you’ve actually tried reading the pre-print, but it’s almost like stepping into a rabbit hole after a couple of paragraphs after the intro…

I think it’s the first paper I’ve read on what could be a major advancment in the art, where all the refrence papers are less than half my age old… I was a working stiff when ECC’s of the more interesting forms were being put into use… Yup I’m now offically “An old creaky” on my way to “grey-beard” status 😉

For those who do not know anything about “Forward Error Correction –
Codes”(FEC / FECC) beyond having heard maybe of “Hamming Codes”, or “Reed-Solomon Codes” Wikipedia has an OK over view of “Error Correction Codes”(ECC),

Ted November 27, 2021 11:57 AM


If you are trying to understand web3, you might like the following thread.

“web3″ is an outright fraud to justify cryptocurrencies. […]

And if understanding web3 is still a little fuzzy in your mind, don’t be scared my friends. Wikipedia now has a page on ‘web3.’ It looks like all the reference links were retrieved on or after November 9. So the beast is just beginning to be named.

In a nutshell it looks like web3 “is an idea for a version of the Internet that is decentralized and based on public blockchains.”

Before you pack off for the woods, just know that the Discord platform recently recanted its interest in web3 after some users cancelled their paid subscriptions. Some may have already had traumatic injuries from crypto-currencies/blockchain pyres.

Is web3 trying to compete with AWS? small lol

6449-225 November 27, 2021 12:03 PM

@Ismar @Clive Robinson

ideal code

Just speculating wildly, could these methods be applied to give a better proof (or some would say, a proof) of the 4-color theorem ?

SpaceLifeForm November 27, 2021 4:59 PM

@ JonKnowsNothing, Clive, MarkH, ALL

Omicron (B.1.1.529)

It may become a ‘Feature’. Possibly in a good way.

If, as early info indicates, that while more transmisable due to spike mutations, it is less severe due to other mutations.

And, most cases reported so far are those that have not been vaxed, or it was over 6 months ago (breakthough cases).

So, if Omicron becomes dominate, and crowds out Delta, it may help.

Maybe it will further mutate and eventually become just another common cold.

Time will tell.

They do not descend from previously identified “variant” viruses and instead their closest evolutionary connection is to mid-2020 viruses. 3/16

This extremely long branch (>1 year) indicates an extended period of circulation in a geography with poor genomic surveillance (certainly not South Africa) or continual evolution in a chronically infected individual before spilling back into the population. 4/16

Clive Robinson November 27, 2021 6:11 PM

@ Ted, Nicholas Weaver,

With regards,


He used to be a regular poster and we butted heads once or twice due to seeing some details from a different angle.

However we broadly agreed on most things he commented on.

I think he would put his hand up to disliking crypto coins[1] for many reasons just on the technical side, and when you dig in a little you can understand why.

But on another note, and my viewpoint about the blockchain as implemented with “work factor”, no matter what you use it for, it is in the main,

1, A solution looking for a problem,
2, To solve in about the worst way,
3, In the least efficient manner.

I realy care not a jot about what people think about “global warming” when it comes to the last point.

How on earth can using hundreds of killowatts over many thousand CPU hours just to generate a few hundred bits to fill a “Bag of Bits”(BoB) “Abstract Data Type”(ADT) be justified in real physical world terms?

Or ask it another way “What is the lost opportinity cost of that power burn?”

[1] And to quote…

“And remember: “Crypto, it means cryptosporidia”, because those infected by crypto spew an amazing amount of shit.”

What he did not mention is,

“Crypto is a parasite that can make you cough up everything you’ve got”

Clive Robinson November 27, 2021 6:23 PM

@ SpaceLifeForm,

I’m sure we are related.

You did read,

“Size about 1.5+ inches”

Mind you it does vaguely remind me of an “alien in the Whitehouse”…

I Can’t remember the name of the film I guess it was not important 😉

wondering November 27, 2021 6:49 PM

I have been looking at how Encryption is accomplished in Linux (Qubes for instance) for the Luks hard drive encryption.

And then afterward, as in creating a Key Pair. Other Encryption tasks.

Specifically, I am referring to random factor, Entropy. Seems Entropy is created in the firmware. I read that Windows 11 requires TPM 2.0, because (in part) has some better means to do Encryption.

So I wonder how Linux Distros now create Randomization that is needed for creating Encryption Keys.

I find it difficult to think I should trust Intel, and then the influence that M$ has on creating Entropy-Randomizaton.

What am I missing – not knowledgeable about.

SpaceLifeForm November 27, 2021 6:50 PM

@ Ted

Is web3 trying to compete with AWS?

I suspect that AWS is embracing web3.

AWS just reduced bandwidth egress charges.

They will make it up on the backend (cpu charges).

Spot the Silicon Turtles.

A limitation is that EC2 (Elastic Compute Cloud) instances launched into IP-v6 only subnets must be built on Nitro, a custom hypervisor and network card which has both performance and security advantages.

[429 – retry]

SpaceLifeForm November 27, 2021 7:41 PM

@ wondering

Seems Entropy is created in the firmware.

So it seems. It is not trustable.

Use a HSM, and roll dice.

Ted November 27, 2021 11:17 PM


Or ask it another way “What is the lost opportinity cost of that power burn?”

Are you saying that the energy used to mine cryptocurrency could be better used elsewhere? Or perhaps that the energy intensive proof-of-work mining method should be abandoned?

No right or wrong answers, I am just curious what your thoughts are.

Do you think it’s pie-in-the-sky for Sweden to ask the EU to ban cryptocurrency mining so that their renewable energy resources can be used for climate change initiatives?

The spirit of their argument seems to have merit. But I don’t know where the EU stands on this or how tall an order it would be.–energy-intensive-mining-should-be-banned/

JonKnowsNothing November 28, 2021 1:49 AM

@ SpaceLifeForm, @Clive, @MarkH, @ALL

re: Omicron (B.1.1.529) (2)

I have not yet investigated many details of 30+ mutations on the spike and 20+ more mutations in virus. My initial readings on the Botswana variant was just after the first alarms went off. It was noticed Nov 11 2021 and 20ish days later the barn door closed.

It’s very early for some information to fall into the public sphere but in the background you can hear the whining of servos as the global supercomputers run scenarios. [Bitcoin miners may suffer from brown outs.]

An initial observation is:

  • Someone read the History of COVID19 and “STOPPED THE PLANES” (SpaceLifeForm)

Unfortunately it wasn’t soon enough. With an R~2 rate of infection it had already escaped into the wild blue yonder.

There are 3 probable outcomes

  1. It’s a meh. It transmits fast but does nothing much else.
  2. It’s an ouch. It transmits fast and makes more folks sick.
  3. It’s a Rule Breaker. All bets are off and all outcomes are possible.


Per several estimates of the DELTA-Mut Holiday Delivery.

  • There are 500,000 expected deaths in EU by March 2022.
  • There is a similar number of deaths expected in the USA by March 2022.
  • Given the time frames there are 500,000 people already sick with DELTA-Muts (AY1-130/AY4.2 is especially juicy).
  • These 500,000 are walking about not thinking “They are The One”.
  • The infected ones who are Not Vaccinated will be dying soon.
  • It takes longer to die because the medical folks have more toys and options to try, taking about 60days now.

If Omicron causes even a small number of sicknesses or complications, the TRIAGE rules are going to get seriously tightened.

In the USA, a good number of states already have CRISIS CARE in place (a euphemism for TRIAGE). In my section of California, we have not exited TRIAGE rules from the last hump (1). We have more people sick, more people in hospital than we did at this same point last year Nov 2020 (W2).

Any increases from Omicron will have a significant impact on the health care system here, ’cause we are already Full Up.


1) One reason this area is not recovering is that unless the Hospital Regional Statistic hits a certain level, transferring our overload to other regions depends 100% on the other hospital accepting the transfer. These other hospital regions are rejecting our transfers.

We hover near the breaking point but remain statistically just above the threshold that would require the other hospitals with capacity to take the transfer.

  11-13% available ICU beds = 8-16 beds for 1 million population area

2) There was another VoI reported in UK this month which clocked @25% increase in the UK. It was identified as:

  • South Africa B.1.351 / 501Y.V2

This may or may not be Omicron. If it isn’t Omicron, things could get potentially problematic.

“Potentially problematic? When’s the last time you held your breath for an hour…

JonKnowsNothing November 28, 2021 2:00 AM

@ SpaceLifeForm, @ Anders

re: Ultimately, the only way forward for security is that everyone should have a HSM, where one rolls their own keypair of 256 bits, using good random.

Signon/Login/Verification should require signing a challenge via the HSM.

If we have to have challenge mode I make dibs on Seraph “L’ange sans ses ailes”.

Clive Robinson November 28, 2021 2:47 AM

@ Ted,

Are you saying that the energy used to mine cryptocurrency could be better used elsewhere? Or perhaps that the energy intensive proof-of-work mining method should be abandoned?

In short “Yes” to the first, so “Yes” to the second follows by default.

It may not be obvious to all at the moment, but @SpaceLifeform has seen one or two of the indicators as have others here, but we are just about to run into another energy crisis which is due largely to global mismanagement[1] but will probably be blaimed on something else such as COVID.

Luckily the unseasonably good weather has so far held off the sorts of behaviour we saw in Texas not so long back. But what are the consequences of this?

Look at it this way, if we don’t have “global warming” then to maintain the average temprature over a seasonal cycle or longer then we are going to have to “pay back”[2] the excess. The basic questions then are “how?” and “how fast?” with secondary questions about plants and insects. Remember you can not eat numbers etc, and generating crypto-coins is in the real world non-productive work that generates only heat, a lot of it and for what?

The estimates for the electricity burned up in crypto-coin mining rigs is about that of a small to medium sized European country… Ask how much real economic production there is in such a country because that is the real “direct” lost cost of crypto-coins.

But there is another side as I’ve mentioned before the “finance industry” can be viewed in a number of ways. But like any industry it has an “ouput” of some form. The rosey picture they industry wants to present is one of investment and growth… The reality is it creates inflation in large measures, crypto-coins are just another form of crazy mad inflation scheme, to the point that the implementations are steadily becoming clasified as “scams” at best.

Have a look at the history of what are sometimes called “Black Tulip Markets” because that is another way to view crypto-coins.

[1] You could view this energy industry mismanagment as a “Supply Chain” failure, but that is only a small part of the problem. The reality is the mismanagement has caused the entire energy industry to become overly fragile and it lacks any real measure of resiliance. It is in effect living in the “la la land” fantasy of “Rainbows and Unicorns of an endless perfect summer”, whilst in reality it’s autumn has arived without any preparation for winter and those times when you need the resilience of stored resources to get you through… It’s a lack of the old “put by half of what you grow” that sensible grain farmers in times past used to do.

[2] There are various ways you can look at things but we do know that the weather “averages out” across the globe due to the movment of air and water in global spanning “streams”. Simplistically as a first approximation you could say the weather behaves like a rubber band, if you stretch it too far in one direction it will “snap back” in the other. In effect this is in both the seasonal short term and longer term that has given us iceages in the past. The world has in effect “memory” due to “thermal energy” in air water and soil. Look on it acting like a battery it has both charge and discharge cycles and they have to stay in some kind of equilibrium. The only way it can’t is to move the global average temprature in some way. From a survival prospect we don’t want to be living in either type of desert (ie “no rain fall” due to to high or two low temprature). Nor do we want to live through a transition as historic information stored in various places such as tree rings, ice cores, and sedimentary rocks indicate it could be rough to put it politely.

ResearcherZero November 28, 2021 3:59 AM

MELBOURNE, Nov 28 Australia will introduce legislation to make social media giants provide details of users who post defamatory comments, Prime Minister Scott Morrison said on Sunday.

‘It will remain the mystery of the ages.’

It’s not much of a mystery. Crapped himself when caught by police while transporting a large amount of cash, after forgetting to put enough fuel in the car. Though he can be forgiven for being less than a little straight with the detail, he is a politician after all.

Ted November 28, 2021 6:15 AM


I suspect that AWS is embracing web3.

Alright, I got stopped on this first point. I seemed to find a product on AWS Marketplace that supports web3?

The Epirus Blockchain Explorer is the most complete solution for providing insight into your blockchain deployments on AWS.

It works seamlessly with Hyperledger Besu, Quorum and Ethereum blockchain deployments.

The cost is ~$0.85/hr

So now I don’t know what we’re doing here.

Ted November 28, 2021 7:17 AM


In short “Yes” to the first, so “Yes” to the second follows by default.

I like it when you do that – providing the simplified answer to start your response.

Remember you can not eat numbers etc, and generating crypto-coins is in the real world non-productive work that generates only heat, a lot of it and for what?

Good point. It’s interesting that Sweden seems to enthusiastically agree with that.

And by Sweden, I mean the director generals of both the Swedish Financial Supervisory Authority and the Swedish Environmental Protection Agency.

Looks like they don’t want crypto producers sucking up their renewable energy.

Due to the increased focus on CO2 emissions and in light of China’s recent Bitcoin prohibition, a greater number of crypto-producers are exploring the possibility of using renewable energy for mining. Crypto-producers are therefore turning their attention to the Nordic region, where prices are low, taxes for mining-related activities are favourable, and there is good access to renewable energy.

Also, I looked up the tulip markets and saw that the prosperity of the Dutch economy could have allowed people to play in the luxury goods market.

If it was just the rich folks playing with their money and occasionally losing it, that’s one thing. But besides the Elon Musk tier, the crypto market does appear to be accessible to any fool who has two dollars to rub together.

Winter November 28, 2021 8:00 AM

“In short “Yes” to the first, so “Yes” to the second follows by default. ”

Note that the full story should include the energy and resources used by traditional banking. The computer and telecom use of traditional international banking business is quite substantial.

Someone seems to have actually calculated the comparison but I cannot find it now.

Ted November 28, 2021 8:13 AM


It is difficult to keep up with these conspiracies. I had to look up some.

But of all the millions of “believers” only one actually did that. The others just went there to order pizza.

Lol. I did too. Yeah, it only takes a couple of people to miss the ‘joke’ before it gets strange. I remember hearing about the reptile people but also had to look it up.

The very fact that they did attack them with only pitchforks is proof they did not believe their own theories.

The beliefs that people have that let them do outrageous things is scary.

Clive Robinson November 28, 2021 8:21 AM

@ ResearcherZero, ALL,

With regards Australia and “troll legislation” anounced by “Scotty from Morrisons” there are a couple of important points to note,

Firstly and most importabtly §230 is US legislation and much though the US thinks it’s legislation is premier where ever an American places their foot (much as some Muslims believe about Shia law). The rest of the world does not think that way. Up untill recently most of these large Silicon Valley Corps have been getting away with preyending they are “telecoms or posta” delivery services, not publishers. It’s a view I’ve mainly disagreed with because the web is mainly NOT push but pull, which is the publisher model, where as the telephone and postal services are very much “Push not pull”. This differentiation might appear odd till you realise that the end user pull model in most cases requires the platform to have knowledge of the contents of any potential communications prior to the communications, where as a postal or phone network has no knowledge about the communication untill after it has started. Thus “publishers” have time to review prior to communications thus are either complicit or negligent. I suspect the Australian court took this view, as will most other courts in non US juresdictions that are based on English jurisprudence… So all of a sudden the chances are the US is now facing self inflicted “lock out” from all but US territories. I suspect from the number of US News sites that are nolonger available in the UK, that their lawyers have thought for some time that this was likely the case so when GDPR came along they probably “dog piled” all those differences onto the table, and with the “4% on global income” fines of the GDPR decided the risk was not worth it (that “4% of global” has unsurprisingly poped up in other places now Governments have lost corporate taxation, they are going to move to the “fines revenue raising model” I predicted quite a few years ago which you can find on this blog).

Secondly this change falls into the “Know your Customer” legislation that has been foisted onto the Finance industry. In the usual FUD lies of Government anouncments this has been portrayed as to stop major criminals and tax evaders, it won’t we know that, it’s all aimed at “revenue raising from the little guy” by destroying anonymity, the politicians get control of “the message” back from the citizens via the use of guard labour and punitive criminal and civil legislation.

We’ve seen this latter “war on journalists” played out in the UK recently with judges who are clearly politically influenced in England and Scottland saying who they think is or is not a journalist thus alowed any legal protection or to get “Death will us part” style jail sentencing.

6449-225 November 28, 2021 10:57 AM

@ Ismar @ Clive Robinson @ all

ideal code

Re connexions of LCTs to colouring, there is a lot of literature out there that studies this, although I didn’t find anything that seems to be talking about simplifying or unifying the complicated multi-case proof of the 4-colour result.

Also, the page below links to a video (and pdf of the slides) of Irit Dinur, lead author of the paper, giving a talk on the result.

JonKnowsNothing November 28, 2021 11:16 AM


re: Foe Mirror wanted

Got an interesting email, it was so interesting I scanned the headers to see what’s what.

  1. It was an email from a known acquaintance
  2. The display header used a form of “address” they would not have used
  3. The sending address looked OK

But deeper in…

  1. It appeared that the person had their contacts address book scraped.
  2. The scrape (or pillage) included their legitimate email addy and mine.
  3. The legit email was recreated on a server in Brazil
  4. The legit email was rerouted through the server in Brazil using a tiny alteration in the addy
  5. The point was to deliver 2 Short URLs in the body of the email.
  6. The body was signed with the name of person

I would guess that not only is it a phishing mail but also a delivery mechanism. Some email programs can hook and display URL content and may do a pre-fetch of the Short URLs which would have delivered something I do not want…


header: goodname.goodmail
sent from: bad.bad.bad.bad.bad.BR
reply to: goodnameA.goodmail (don’t miss the A)
authenticated: badmailserver auth bad.bad.bad.bad.BR
return path: goodnameA.bad.bad.bad.bad.BR (don’t miss the A)
downloading: internet fonts
Subject: 1 shortened URL
Body: 2 shortened URLs

Winter November 28, 2021 11:29 AM

“Another troublesome aspect would be when there actually is supportive evidence, but an affected party works vigorously to suppress it.”

A Theory without evidence is a Hypothesis.

What characterizes conspiracy theories is the supporting un-evidence. Like the misunderstood physics behind the moon landing conspiracy. There are never eye witnesses that could report actual conspiracies.

Winter November 28, 2021 11:33 AM

“Conclusion: just talk about theories, leave the ad hominem out of it. Definitely avoid fact checkers. ”

Your examples were all supported by actual science at the time. The cry about conspiracy theories came from the site of religion. The religions have fought the cell and germ theories tooth and nail.

As I wrote above: A theory without evidence is a Hypothesis.

Anders November 28, 2021 12:00 PM

@Clive @SpaceLifeForm @ALL

Putin gave an order to phase out from non-domestic (read = Western) software in
government sector, this includes military industry, energy sector, fuel sector,
nuclear industry, transport, banks and finance sector, critical information infrastructure etc.

In Russian:


What they have, small overview with screenshots, in Russian.


Use Google translate

Clive Robinson November 28, 2021 12:34 PM

80% of Ships AIS Disapears around China

As some of you know I keep an eye on what China is upto and their warlike behaviours in the South China Seas.

Although this story appears in multiple places and formats it all appears to have originated from a single non technical source.

One copy is,


I suspect that a number of you have heard of Aircraft and the legal requirment for them to use ADS-B, well AIS is the equivalent for ships.

Apparently China has passed a law claiming various nonsense and made it illegal for most AIS info to be forwarded…

Make of it what you will but some have noted that this alows China to cobtinue it’s piratanical and warlike behaviours against other nations around the South China Seas that have in the past involved machine gunning fishing vessels and similar.

Ted November 28, 2021 1:06 PM

“Sophisticated ‘Zero Click’ Exploit, Violated U.S. Export Control and Computer Fraud and Abuse Laws”

I don’t know if this has already been discussed here, but three former US IC and Military personnel entered a deferred prosecution agreement on Sept 7, and have agreed to pay $1.7 million to resolve the charges.

They worked for a UAE company that carried out computer hacking operations without a license from the State Department’s Directorate of Defense Trade Controls (DDTC).

One of the services they provided included the creation of a “zero-click” exploit, which was then used “to illegally obtain and use access credentials for online accounts issued by U.S. companies, and to obtain unauthorized access to computers, like mobile phones, around the world, including in the United States.”

Acting Assistant AG Mark J. Lesko had this to say: “Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct.”

The press release says this is a first-of-its-kind resolution for two distinct types of criminal activity: providing unlicensed “hacking” services and a commercial company allowing unauthorized access to computers worldwide, including in the United States.

Ted November 28, 2021 1:35 PM


Re: Drop in China AIS signals

It’s strange that “only China seems to have an issue with the collection and dissemination of AIS data” at the moment. I hope this is temporary.

The article says state tv “raised concerns that foreign organisations could be plundering “valuable military and economic intelligence” via maritime tracking systems.” Sorry, not sorry?

They didn’t say what happened to the radio ham operator who had been picking up local signals. They didn’t imply anything bad happened to him.

vas pup November 28, 2021 5:45 PM

Israel Unveils Multi-Beam ‘Scorpius’ Electronic Warfare System

“Defense firm Israel Aerospace Industries (IAI) has unveiled its “Scorpius” suite of electronic warfare (EW) systems, which the company claims is the world’s first EW system “capable of simultaneously targeting multiple threats, across frequencies and in different directions.”

Based on Active Electronically Scanned Array (AESA) technology, Scorpius presents a “breakthrough” next-generation platform able to combat a full range of threats.

These threats include missiles, communication links, drones, ships, and low probability of interception radars.

According to IAI, Scorpius’ AESA’s multi-beam capability allows the system to “simultaneously scan the entire surrounding region for targets, and deploy narrowly focused beams to interfere with multiple threats across the electromagnetic spectrum.” Scorpius can effectively disrupt radar and electronic sensors, navigation, and data communications, the company said.”

Read the whole articles for more details!

I hope when such technology IAI will pass to US, it would be clearly specified for US usage only, not like Iron Dome which was developed together by Rafael (Israel) and Raytheon (USA) which US is about to transfer to third parties without Israel preapproval.
Not all NATO and other US partners (e.g. Turkey) are really friends of Israel based on their votes in UN and actions or rather inactions. So, I’ll regret if China steal such technology, but China is not threat to Israel national security at least for now.

Ted November 28, 2021 6:35 PM

@SpaceLifeForm, Clive, ALL

Re: Stolen NFT

Brilliant! That deserves every retweet and then some! I love how they made it accessible and fun. Good advice… pass it on👍🙂

MarkH November 28, 2021 8:07 PM


Much misunderstanding flows from difference between the popular and academic meanings of “theory”.

A theory is a system of ideas and relations proposed to explain observations, or to provide a methodical framework for established practice.

Typically, an hypothesis is a prediction or explanation without sufficient evidence to ascertain its validity, and is much narrower and more specific than a theory.

A famous example is the theory of General Relativity (highly successful, but still controversial) and the hypothesis flowing from it that light in vacuo is deflected by nearby mass (amply confirmed by observation).

MarkH November 28, 2021 8:12 PM

@Winter, pt. 2:

The actual theory shared by many of the most widely accepted conspiracy theories at present is roughly that many highly consequential developments are controlled by a cabal (typically global in scope) of persons who

• seem to operate in great secrecy,
• are never exposed or penalized,
• have nearly perfect knowledge and unlimited capabilities, and
• can predict outcomes with microscopic precision: unintended consequences are negligible.

The particular conspiracy theories which have been accepted by so many people are diverse hypotheses which apparently seem plausible, if one accepts the preceding theory as descriptive of the world.

Ted November 28, 2021 10:11 PM

@SpaceLifeForm, Clive, ALL

Re: AIS data and new China privacy laws

That near real-time marine traffic viewer is really neat. Like really, really neat.

As Clive noted, it looks like this loss of AIS signal around China’s coasts has to do with two new Chinese privacy laws that were recently put in place: the Data Security Law (DSL) and the Personal Information Protection Law (PIPL).

The laws restrict foreign access to any potentially ‘important’ national security data. Companies that don’t comply could face significant monetary penalties. Because AIS data vendors don’t exactly know how the laws will be enforced they are cutting down on transmissions, the article says.

I bet unpacking the new Chinese privacy laws would be quite fun 🤢

MrC November 28, 2021 10:51 PM

@ wondering:

This is the sort of question you could have answered with a search engine, or even just wikipedia.

Anyway, here is your answer: It’s ChaCha20 seeded with bits gathered from hardware/timing noise.

6449-225 November 28, 2021 11:51 PM

@ Ismar @ Clive Robinson @ all

ideal code

More …

For anyone wanting to dig into the background of the paper on LTCs referenced in the Quanta article, this survey looks like it might be interesting:

Shlomo Hoory, Nathan Linial and Avi Wigderson, Expander graphs and their applications

“A major consideration we had in writing this survey was to make it accessible to mathematicians as well as to computer scientists, since expander graphs, the protagonists of our story, come up in numerous and often surprising contexts in both fields.

But, perhaps, we should start with a few words about graphs in general. They are, of course, one of the prime objects of study in Discrete Mathematics. However, graphs are among the most ubiquitous models of both natural and human-made structures. In the natural and social sciences they model relations among species, societies, companies, etc. In computer science, they represent networks of commu- nication, data organization, computational devices as well as the flow of computa- tion, and more. In mathematics, Cayley graphs are useful in Group Theory. Graphs carry a natural metric and are therefore useful in Geometry, and though they are “just” one-dimensional complexes, they are useful in certain parts of Topology, e.g. Knot Theory. In statistical physics, graphs can represent local connections between interacting parts of a system, as well as the dynamics of a physical process on such systems.

The study of these models calls, then, for the comprehension of the significant structural properties of the relevant graphs.”

Winter November 29, 2021 12:32 AM

“The actual theory shared by many of the most widely accepted conspiracy theories at present is roughly that many highly consequential developments are controlled by a cabal (typically global in scope) of persons who”

In your list you should add that the cabal is ahistorical, it has no “history”. The “believers” never suggest a starting date for the founding or rise to power of the cabal. If such a “history” is given, it includes the Templar knights as a stadium. The anti-Semitic branch starts “history” with the arrival of Judaism in Europe (~11th) or even earlier. Which is far enough back in time to be meaningless.

So, the cabal is not only “perfect”, but has also been this perfect for centuries, if not a millennium.

Which points us to the root of the cabal: It seems to replace the Devil in people who lost their believe in the Devil (or gods in general) as an organizing force of history. However, an organizing force is apparently needed to give meaning to life.

Note, that the behavior of the believers betrays that they do not believe their own theories. Which is no different from other believe systems.

Winter November 29, 2021 1:39 AM

How plausible is it that this plane would succeed?

Warning: China planning to swipe a bunch of data soon, so quantum computers can decrypt it later
Meanwhile, the Middle Kingdom’s military plans an AI offensive – in the labs and on the field of combat

“Encrypted data with intelligence longevity, like biometric markers, covert intelligence officer and source identities, Social Security numbers, and weapons designs, may be increasingly stolen under the expectation that they can eventually be decrypted,” the report states.

The analysts prognosticate that China will also go after industrial data. “Especially likely targets will tend to align with Chinese economic and national security priorities, such as those developing pharmaceuticals, fertilizers, and high-performance materials,” according to the report. China wants that data so that it can be used in quantum computing simulators, to understand how best to put actual quantum computers to work.

Clive Robinson November 29, 2021 3:05 AM

@ SpaceLifeForm, Ted, ALL,

It may be that Nanobots got into the Quarkcoin servers

Hidden in the ROM no doubt…

I’ve actually been thinking about “NFT” recently. Not as some technology but as an alternate TLA quest…

For instance simple ones that are “suitable for work”[1],

1, Not For Twits
2, Nice For Taking
3, Numpties Fortune Takers
4, Nothing For Treasure

I won’t say the list is endless but so far it’s a lot longer than I expected.

Oh on a related note a “Fun fact of the moment” on Wikipedia’s ConstitutionDAO page,

The total comment on the “rolling con” is,

“Apart from Ethereum fees”

So that tells you the number of Crypto-Con shills there are editing there… The truth as they say is “a matter of perspective” which could be entierly different[3].

[1] I was kind of surprised when I sat down and realised just how many “Not Suitable For Work”(NSFW) pejoratives[2] there are begining with N or T, to say I was “Shocked, yes shocked, that such copious perfidious calumny existed” 😉

[2] Oh the spell checker on this phone did not know “perjoratives”, it suggested “purgatives” instead which has a whole different meaning, but could be an apt description for the fealing some will get when they realise that NFT’s and Crypto-Coin are,

“California Yachts : “A hole in the water into which you pour money for less than nothing return.”

[3] A recent “California Yacht” and “purgative fealing”[2] event must be the epic –fail– story of ConstitutionDAO. I suspect that the “purgative” feeling may have been felt by those who put real fiat-money into such a hair-brained scheme to find that to get their money back they would have to pay more in fees to the exchanges than the alledged value of the Ethereum Crypto-Cons,

But… the story goes on, oh yes it does, as a consolation prize it was rumored that the core team were talking about buying a no hope sports team to throw yet more money after… But are now claiming a lack of a “unifying mission”, so the core team are basically telling people to either fend for themselves with the GAS exchange losses, or… Buy into a new Crypto-Con “long con” of “$PEOPLE tokens”. I think either way you could call that a major win for the exchanges on their “rolling con”…

Winter November 29, 2021 3:15 AM

Here is a nice report on how to trace back the origin of a disease to a wet market using real science and epidemiology:

Cassandra November 29, 2021 3:37 AM


How plausible is it that this plane[sic] would succeed?

Warning: China planning to swipe a bunch of data soon, so quantum computers can decrypt it later

Very plausible. Any SigInt/Intelligence Agency worth its salt will be collecting and storing encrypted traffic pending a future ability to decrypt it.

40 years later is not too long. See the VENONA project (misuse of one-time pads), so encrypted data is worth storing even if you see no immediate prospect of being able to decrypt it.

You never know if misused* one-time pads or key schedules will fall into your lap, even years later: and you cannot predict if advances in mathematics or computing will render currently difficult problems easier to solve.

The best you can do is generate large volumes of chaff, so the interceptor finds it difficult to store it all. They are then forced to choose what to store, and if you are lucky, discard the important stuff.


*Never, ever, save one-time pads for reuse.

MarkH November 29, 2021 3:40 AM


Depends on the criteria for success.

Simply, if your boffins estimate 10% probability that you’ll have quantum computers within 10 years able to run Shor’s algorithm on really big numbers …

and collection costs you one billion dollars per year …

and you expect to extract at least one hundred billion of value if the QCs work …

then it’s a plausible investment.

Winter November 29, 2021 3:50 AM

“Simply, if your boffins estimate 10% probability that you’ll have quantum computers within 10 years ”

But the question is, is 10% probability in 10 years plausible?

What I expect is that everybody is starting to harden the really important stuff to QC. And those who do not, are also those who have not hardened their secrets against normal attacks. Btw, that was probably the whole point of the article.

Clive Robinson November 29, 2021 4:37 AM

@ Winter, ALL,

Warning: China planning to swipe a bunch of data soon, so quantum computers can decrypt it later

Err the NSA, GCHQ and others have been swiping encrypted information ever since they were created to do exactly that.

As part of that the rules they opperate under alow them to store encrypted information “for ever”, or at least “indefinitely”, it’s only if it’s “plaintext” do they have to get rid of it after a few years (spot the loop hole for a billion camels in that?).

Both the NSA and GCHQ know that even “unbreakable encryption” such as the “One Time Pad” can in fact be broken if just one mistake is made in the difficult to get right “Operational Security”(OpSec). Look up the long running “Project VENONA” that was planed some time before 1943 when Russia was one of the Allies in WWII, long prior to either the NSA or GCHQ[1] being formed.

So as a plan, it’s more than reasonable it is known to work. So why would we think that China would not or has not been doing the same for three quater of a century?

The addition of “Quantum Computing” to do cryptanalysis is in reality just a potential no more than “a new tool in the box”. Think of it as a “power drill” compared to a “Brace and bit” or “hand drill”.

As for stealing economic and industry data, well whilst the US might deny it as propaganda for it’s citizens to feel they have some kind of “Good Guy” status, we know they like all inteligence agencies are at it all the time. From a nation state perspective, knowing what other nations economy and industry are doing is part of “National Security” years ago the French said so openly, and that it was less expensive than R&D. The South Korean’s who are rather more on the ball with regards such things have very strong laws which they have used against the Israelis who were “caught at it” rather ham fistedly.

The real question is when is “industrial espionage” carried out by corporate rivales actually Nation State spying?

Think back to the claims under the previous US Administration over a device used to test mobile phone key pads,

What is not widely known but well known in the industry is that the reason T-Mobile was so protective of “Tappy” was that it gave T-Mobile a near monopoly on phones that came onto the US mobile phone market through network providers. T-Mobile kind of gave the game away by demanding half a billion dollars in damages… The only reason that they got awarded less than 1% of that was the massive anti-Chinese telecoms rhetoric comming out of the US Executive, was clearly prejudicial against all Chinese Communications companies.

The fact that the UK government had done worse, by breaking it’s agreements with the company and just handing over as much as they could to the US Executive via the commercial side of GCHQ apparently is not worthy of mention…

Sometimes you have to look under the dung heap that is “The Hill” to get a rather different perspective on the “good guy” nonsense spouted from the top.

[1] It is unknown who originally thought spying on Russian communications was worth while. It is however known the Great Britons war time leader Winston Churchill had an absolute distrust of Joseph Stallin, and at that time the UK was well ahead of the US in the intercept and machine cryptanalysis endevors. However the UK lacked the resources so whilst they did interception of traffic and some of the analysis of traffic flows the cryptanalysis fell to the American’s who had certain concerns about the security of what had started as the “Tube Alloys” project back in 1940.

Winter November 29, 2021 5:07 AM

“As for stealing economic and industry data, well whilst the US might deny it as propaganda for it’s citizens to feel they have some kind of “Good Guy” status, we know they like all inteligence agencies are at it all the time.”

It is obvious all TLA’s who can afford it, are storing all communication they can, encrypted or not [1]. Just as every country that can afford it is constructing a global registry of all humans and their contacts.

I am an advocate for FLOSS and Open Science where such dangers do not apply. As for privacy, the Chinese do not seem to be the most immediate dangers to our privacy&freedom. But maybe in 10 years?

[1] There are a few smaller countries where the rule of law is actually upheld. There, storing such data might be illegal under privacy laws and it is possible that intelligence services in those countries might in fact refrain from collecting it. Although this might sound implausible, it is not entirely impossible.

Clive Robinson November 29, 2021 6:40 AM

@ Winter, ALL,

Here is a nice report on how to trace back the origin of a disease to a wet market using real science and epidemiology

The article is kind of written backwards. If you do not read all of it you will still be locked into the,

“Wet Market -v- Lab”

Argument which is easily provably as the wrong viewpoint to take (something I’ve discussed here before).

For instance consider this snipit,

“Several restaurants nearby were famous for serving yewei (“wild taste”) from animals that weren’t just freshly killed, but wild.”

That is a clue to what the journalist has tucked away at the bottom where many won’t read to…

These restaurants are way more likely by several orders of magnitude than the lab to be an originator of what became “local community spread”. Something that hardly ever gets mentioned in the invective rhetoric.

But the real question is not where is the “jumping off point” into the community was, but how it arived at the jumping off point.

There are three possibilities, that is via,

1, An ordinary traveler/tourist.
2, A person working at the lab.
3, A person in the bushmeat trade.

The first might appear to be insignificant untill you remember that Wuhan was a very very busy hub for industry, trade and all forms of travel in a very large region. Thus all sorts of people came through from far and wide every day by the millions. If they stopped over as quite a few would, then the area around the wet market would have been of interest to quite a few for those restaurants that give “a little taste of home” etc.

Much has been said about the lab and very very little of it is probative and not even reasonable conjecture. The workers there would have bern more aware than almost anyone else in the entire region of the risks involved with their work. Thus whilst an accident can not be ruled out personal negligence is unlikely. Some will nodoubt talk of bio-terrorism but to date the evidence is not there for China but there are other nations at whom a finger has been pointed, with the US being next on such arguers “list of suspects”. Personally I doubt bio-terrorism especially the ones that say “XXX did it to kill a million Americans” or similar. Sorry but such arguments are not science or epidemiology but conspiracy theories or lunacy, especially as they argue backwards from effect to their chosen cause…

Which leaves the bushmeat traders.

Something people need to realise avout ciral diseases and humans, which is clearly demonstrated all over the world by swine/pig farming. That if most influenza viruses originate where “swine are raised in captivity closely adjacent to humans”. That is right next to homes in rural farms and with workers on “ranch” style closed in sheds where the floors are such that the waste from the swine and from feeding overspill drop through the floors and effectively ferment etc providing conditions conducive to the growth and mutation of pathogens of all sorts. Testing on those who work with swine shows they have very high levels of antibodies to many types of flu, most that have never made it into humans.

So the lesson from that is, if you work with animals you develop immunity to the abimals diseases, and as a concequence less likely to suffer complications or even significant symptoms from any zoonotic transfer.

It’s, been noted that people with domestic cats are very much less likely to become even symptomatic to COVID though they can act as infection vectors.

So running through that it is quite likely that bushmeat traders could be asynptomatic “super spreaders”. The argument against is “on route infections” or more correctly the lack of them.

Well you have to ask the obvious question “do criminals take care to be unobserved?” To which the obvious answer is “yes”, so if you are facing “15 to life” in some of the harshest prisons in the world you would be very circumspect in your journey. Which means the most likely place to cause a human to human transfer is at the point of sale. That is the restaurants and wet market in that area of Wuhan.

Non of what I am saying is new, nor is it in any way controversial, and it is reasonable under both epidemiological and scientific reasoning.

The problem is that the “wet market -v- lab” is just to nice for journalists and more importantly their editors to let go of.

As I’ve indicated on this blog long before bad news sells, deliberate bad news “runs around the world befor the truth has it’s boots on”. As explained to me by a journalist and confirmed by another journalist and later very successful author,

Mrs Jones wins the village fair cake competition is of interest to a few in the village. However if Mrs Jones cake gives food poisoning to the judges, it becomes news to a whole load more people in the region. But… If Mrs Jones had poisoned the cake and thus the judges, then that is prime time national news.

I would these days add, If Mrs Jones poisoned the cake and then her web browser history showed she had visited ISIS or similar sites then it would be intetnational news within oh about ten minutes of the police press conference…

The MSM therefore want the origins of COVID to be the worst they can be because that brings profit rolling through the door…

The problem with that MIT article is the journalist has “bought into the game” hence the reason the article is written the way it is and I say “start at the bottom” not the top otherwise confirmation bias will occure.

Winter November 29, 2021 7:25 AM

@Clive, All
“So the lesson from that is, if you work with animals you develop immunity to the abimals diseases, and as a concequence less likely to suffer complications or even significant symptoms from any zoonotic transfer.”

Note that in the piece there are references to a whole lot of studies showing that people working with or near bats/wildlife show high levels of anti-bodies to deadly viruses.

Also, many of the first badge of positive people actually worked in the life mammals section of the market (is in the article).

But what convinces me most is that the current case is a carbon copy of the two other cases, the one in Guangdong and the one in the Middle East (MERS).

“If Mrs Jones had poisoned the cake and thus the judges, then that is prime time national news.”

If Mrs Jones’ cake had been poisoned by a disgruntled neighbor or competitor and killed half the neighborhood, it would be a “Midsummer Murders” plot. 😉

Clive Robinson November 29, 2021 8:31 AM

@ Winter,

it would be a “Midsummer Murders” plot

That last “S” always worried me as it implied a blood bath or serial killer…

At least with Castle you just get the incorrect,

“”There are two kinds of folks who sit around thinking about how to kill people: psychopaths and mystery writers. I’m the kind that pays better.”

It’s four as he left off,

3, Investigators / Detectives.
4, Close protection operatives.

Oh and the “odd scientist” working for a Government agency, but I guess they realy come under the first catagory 😉

6449-225 November 29, 2021 8:42 AM

@Winter @Clive Robinson

Urgent note from the Department of Pedantic Insistence

That should be “Midsomer”, not “Midsummer”.

Add to the list 5 (or 6). those that go berserk over trivial details.

Winter November 29, 2021 8:54 AM

“That last “S” always worried me as it implied a blood bath or serial killer…”

The series is indeed called “Midsomer murders” as 6449-225 writes (language interference, zomer/sommer means summer in Dutch/German).

If you have ever seen episodes of that series, you would understand that “murders” is actually an understatement. The average episode would seriously affect the English Midlands homicide statistics if they were real.

Clive Robinson November 29, 2021 9:00 AM

@ Cassandra,

It looks like you and I have similar long memories…

The funny thing is I just happened to have the book “GCHQ” to hand having got it out of the dead tree cave to check something that got posted the other day about events that will be 40years old in just a few weeks.

It feels strange to have someting from so long ago so fresh in my mind…

As I said the other day, I don’t look in the mirror very much, because I look out with the eyes of a twenty something, but in the mirror a sixty something looks back.

It’s a big gap, yet for somethings they are, despite all that has happened in between with near misses in various ways, still very fresh in my mind.

As some say as they raise a glass,

“To absent friends, that stay forever young in our hearts and memories.”

I guess a variation of the excerpt from, “For the Fallen” by Laurence Binyon,

“They shall grow not old, as we that are left grow old.
Age shall not weary them, nor the years condemn.
At the going down of the sun and in the morning, we will remember them.”

It was written more than a century ago, and it’s still worth reading the whole poem,

Clive Robinson November 29, 2021 9:14 AM

@ Ted, SpaceLifeForm, ALL,

it looks like this loss of AIS signal around China’s coasts has to do with two new Chinese privacy laws that were recently put in place: the Data Security Law (DSL) and the Personal Information Protection Law (PIPL).

OK that legislation carries the “Made in China” stamp, and it breaks international agreements put in place for very good safety reasons. Not least as it discorages piracy on the high seas.

So two questions arise,

1, Why did they do it?
2, Who will so it next?

The “military” reasoning is a compleat load unless the Chinese are boarding / gunning down / or sinking merchant vessels as they have done to numerous small vessels such as fishing boats in the international waters south of China, one of the busiest areas of international waters of it’s size in the world.

Ted November 29, 2021 9:34 AM

@Clive, Cassandra

still very fresh in my mind.

Memories are so interesting. One of the books I mentioned previously referenced a researcher at University College London, Chris Brewin. In this particular reference they discussed his research on autobiographical memories vs flashback memories.

If only people didn’t need their brains, these things would be so much easier to study.

I really liked the poem, especially the line “To the innermost heart of their own land they are known”

Ted November 29, 2021 9:46 AM

@Clive, SpaceLifeForm, ALL

breaks international agreements put in place for very good safety reasons. Not least as it discorages piracy on the high seas.

It’s funny bc this Wired article says some of the language in China’s PIPL is almost identical to the GDPR. Is this intellectual property theft??

However, as far as I know, Europe hasn’t restricted AIS signals data.

Why would they gun down small vessels?

Mr Peed Off November 29, 2021 10:40 AM

Numerous far-right groups have suffered catastrophic data breaches this year, in perhaps a reflection of a lack of technical expertise among such activists. Jim Salter, a systems administrator and tech journalist, said: “Extremists, and extremist-friendly entities, have a noticeable shortage of even-tempered, thoughtful people doing even-tempered, thoughtful work at securing sites and managing personnel.”

I am starting to believe that most security is just a theory waiting to be disproved.

Clive Robinson November 29, 2021 10:43 AM

@ Ted,

It’s called “Territorial Domination”, as far as the United Nations and the rest of the world are concerned the South China seas are “intetnational waters” governed by quite a few international treaties etc.

What China want’s to do is “Own the South China seas in toto” so that they can claim all rights to fish, minerals, oil/gas, control, and much more.

Obviously Vietnamese fishing boats are a challenge to Chinese authority, so some have apparantly just disapeared. Others have been subjected to low flybys by Chinese military aircraft and strafing, harisment by military surface vessels etc.

The whole thing has been a compleate mess for quite a few years now, with China making it abundantly clear the various US Aircraft carrier groups are “not welcome”…’s-artificial-south-china-sea-islands-have-problem-185295

The ecological damage China has done to what are sites of scientific interest is horrific and will have a significant knock on effect to other marine life especially “fish stocks”.

For various reasons this stuff is not appearing in the MSM but it’s building towards a flash point.

If China wanted to escalate to larger ships the first thing it would want is “deniability” a ship actually being boarded or sunk, would if the data were alowed to get outside of China be at the very least a “smoking gun”. Not alowing the data out gives China “deniability” and if “all hands are lost” and the location of the hull is unknown what evidence is there to say China took illegal action against a ship in International Waters. It would only take the real disapearance of one or two high value vessels to make the South China Seas a “no go area” for international shipping.

Many would then say “China is shooting it’s self in the foot” as they are dependent on shipping for National Prosperity…

But whilst that might be true, they have their own ships etc. In effect blockading, Japan, South Korea, Taiwan to prvent or limit their manufacturing output would be benificial from China’s point of view.

We don’t know for certain but this might be one of the reasons America has been trying to force the Worlds largest semi-conductor manufacturets (TSCM) to open plants in the US…

As it would give the US an increased degree of protection from China if a war were to start, Taiwanese advanced manufacturing would be high up on any Chinese target list as would Japan and South Korea.

The world is not just economically dependent on what goes on in countries around the South China Seas it is dependent in many other ways including displays and touch screens that the world can apparently not do without these days. For just about everything, including getting a kitchen sink…

Clive Robinson November 29, 2021 11:13 AM

@ Mr Peed…, ALL,

I am starting to believe that most security is just a theory waiting to be disproved.

It depends on what you mean by “security” and “theory”…

There is more than a fairly large grain of truth to,

“It’s secure in theory, but in practice, not a chance”

For instance take AES in theory and on paper the algorithm is good. In practice however on modern hardware unless special care is taken it leaks data to the network, such that keys can be recovered several router hops upstream.

It’s why I repeatedly say that AES should only be used in “off-line” mode to do encryption or decryption, preferably with a near fully isolated or “Energy Gapped” computer with encrypted files moved through a “mandated choke point” to the computer connected to any communications.

It’s the reason “Secure Messaging Apps” are anything but secure, as I keep pointing out.

As noted,

“Extremists, and extremist-friendly entities, have a noticeable shortage of even-tempered, thoughtful people doing even-tempered, thoughtful work at securing sites and managing personnel.”

Security is without doubt a very thoughtful process requiring high intelligence with a 150+ IQ to be good at “thinking hinky”. But they also need a calm demeanor and ability to focus on immense details for hours at a time. People joke about it “Not being work for Neuro-Typicals” and they may not be wrong.

But it’s not just “far-right groups” with an above normal quotient of knuckle draggers, where this problem exists. Less than one in ten executives understand the basics of ICT, and I gues less than a fifth of those understand even the basics of ICTsec. Many appear to be congenitally incapable of understanding basic OpSec or even risk evaluation.

There is a reason why those alledged US “protestors” are being rounded up one by one, and will end up either pleading guilty or being found guilty. They neither understand technology or basic field craft let alone OpSec. If they are sensible they will “rat out” their leaders who in turn will rat out their leaders untill the actual politically involved behind it are dragged into the light.

So the real question is will the other politicians who again know next to nothing about ICT etc will alow the draging into the light?

Probably not, based on the notion that they might set a president that will turn around and bite them in future times.

Cassandra November 29, 2021 11:21 AM

@Clive Robinson

It seems so. One of the great things about being young is that one is unemcumbered with the baggage of history, and I regard it as my duty as having experienced a fair amount of history, especially around ‘computing’, to inform youngsters of things they might not have appreciated*. As a greater mind than mine said: “Those that do not learn from history are condemned to repeat it”; and some things are worth not repeating. If I can’t be a good example, I can at least be a warning to others.

Regarding the unusual occurrences, I assume you are referring to the apparent lack of fingerprints. An odd case, in many ways.

As for AIS, China is conducting a low intensity war/irregular warfare with the aim of dominating the South China Sea. Turning off AIS helps that.


*This is not a bad thing. The xkcd cartoon ( hxxps:// ) shows how truthfully delightful it can be. I’m not always cantankerous.

Clive Robinson November 29, 2021 12:16 PM

@ Winter,

The average episode would seriously affect the English Midlands homicide statistics if they were real.


In the US they used to have a set of stores called,

“Bed, Bath and Beyond”

That I once visited in down town Readmond shortly before Xmas one year[1]. It was dull, dull, dull to put it mildly.

That said I often thought that,

“B’edibg, Blood bath and Beyond the Grave”

Could make a nice title for one of those “history channel” programs aimed and pre teens. Kind of a “Horrible Histories” but with bite 😉

[1] A project with “Cingular”(AT&T Wireless) got put forward by surprise, thus I was not going to get time back in the UK to do my planned Xmas shopping for the all important family presents. I was told BBBY did luxury stuff, but I was not impressed, I’d seen better tat in the UK. My son who was young back then however got a bit of a surprise a toy shop was doing an own brand wooden railway which was as far as I could see directly compatable with an expensive UK/European brand… The result he got about 30meters of track, bridges, junctions, and quite a bit of rolling stock very much to his delight which before the end of Xmas day had been built into both the lounge/sitting room and the dining room. All of which we still have in a couple of crates in the loft (he upgraded to Hornby OH). How I got it through UK customs is still a bit of surprise to me but the officer who looked like he could be a dad himself smiled with a twinkle in his eye and said it would need a big xmass tree to go under.

name.withheld.for.obvious.reasons November 29, 2021 1:37 PM

@ Clive
Last week’s squid, the entire thread scrubbed, and the scrubbing of the scrubbed identification.

Again, your argument in the thread, the most important security issue of our time.

I would further add, “and of our lives.”, unless of course you are a devote Christian.

Clive Robinson November 29, 2021 2:31 PM

@ 6449-225, winter,

Urgent note from the Department of Pedantic Insistence

It depends…

The original UK “MidSomer Murders” goes back to 1997,

However, in 2007 there was Most Haunted sub series “Midsummer Murders”,

So yup confusing or what, enough to get a certain young lady stamping her foot and thretannning to “Scream and scream untill I’m sick” 😉

Clive Robinson November 29, 2021 2:53 PM

@ Cassandra,

The xkcd cartoon shows how truthfully delightful it can be. I’m not always cantankerous.

I was one of those that had not heard about that sort of “lucky day” when there was a cartoon of the TSA stopping someone with mentos and cola, that Bruce had linked to.

Whilst I knew abut nucleation the only practical demo I had seen was a raisin in a glass of Champaign. All very civilized and grown up…

But there are times in life where the “inner child” borrows the car keys of adulthood, and goes for a fun drive, or in this case a very knew definition of a “sugar rush”.

Between you and me when it comes to a choice between cantankerous or letting the inner eight year old out, trust me when I say the innocence of youth wins out 😉

In truth some of my best ideas have come from asking what seem like childish, sometimes silly questions. I’ve come to respect childish questions because though they sound silly to adults, almost always when you get past the language barrier they are not. It’s not usually a childs fault they don’t have the adult language to ask the question in a way adults expect, therefore give them credit for trying to do two difficult things. Firstly think up what it is they would like to know the answer to, secondly try and communicate it to someone who almost speaks a different language.

Oh and a piece of sage advice,

“Smile be nice to children, because one day they will decide what old folks home you go into…”

SpaceLifeForm November 29, 2021 4:43 PM

@ name.withheld.for.obvious.reasons, Clive, ALL

Sometimes, when ‘stuff’ is disappeared, it may be because the content may have touched upon an ongoing investigation.

Sometimes, it may be better to be cryptic.

SpaceLifeForm November 29, 2021 6:56 PM

@ Intel, ALL

I will give you a volume discount.

An original shrink-wrapped 10-pack of 3.5 inch floppies for only 7 Bitcoin.

It’s fair. There is probably one in the set that has issues.

MarkH November 29, 2021 10:23 PM

@Clive, Ted, et al:

China’s suppression of ship position broadcasts under the pretext of “data protection” is a rather extreme development of a very disturbing trend.

Bruce — and I suppose almost all of us — are deeply concerned about the protection of privacy. Unfortunately in recent years privacy laws, practices, and reference to the ethos are often exploited by the Powerful to obscure their (sometimes grave) moral and even legal misconduct.

For years now, I’ve noticed that when large corporations and some government agencies are asked to account for evidence of abuses of power, their mouthpieces piously declare that “privacy rules forbid us to discuss this matter.”

Unintended consequences running riot … and probably, difficult to repair even if the will exists to do so.

lurker November 29, 2021 11:38 PM


the targets of the exercise are Northeast Pacific species where the First Amdt is flown as a flag of freedom. In many other parts that flag is seen as buccaneering. But Scottie might have just wanted a distraction from his performance at Glasgow.

Clive Robinson November 30, 2021 4:52 AM

@ SpaceLifeForm, lurker, MarkH, ALL,

Seems fishy down under

Not so much fishy, more the sharks are circling…

As some are slowly begining to realise, behind every barrel of “Chum Downunder” you will find a Murdoch wallowing.

In short this is more “News International” protectionism from “scotty in marketing”. As a “formally recognised” publisher Rupert “the bear faced lier” Murdoch will gain significant protection for all his various organs not just the ones down under.

Whilst those “not formally recognised” as a publisher or journalist will like Graig Murray and Juilian Assange be legaly persecuted into silence, prison, or both. And as some hope bankruptcy and an early death in captivity just to keep things tidy.

This is the way the politicians are trying to get back to the cosy pre internet days where “Press Barrons” were “King Makers” and also “polished the turd” that most politicos are by making them look “moral, upstanding men of probity” by simply not publishing about the disgusting, imoral, illegal, and worse things politicians get upto in their “power crazed” not so private lives.

Clive Robinson November 30, 2021 5:24 AM

@ SpaceLifeForm, JonKnowsNothing, ALL,

How Omicron spreads faster

And people said “Turkey’s cann’t fly”…

Looks like even “Pigs can fly” these days,

At this rate we will “have had our bacon”, as nobody will be able “to save our bacon”.

On the serious security note, fowl and swine flesh are the two biggest sources of fat and protien essential to human existence in the world.

Ted November 30, 2021 5:26 AM

@MarkH, Clive, ALL

China’s suppression of ship position broadcasts under the pretext of “data protection” is a rather extreme development of a very disturbing trend.

Yes, many say that these data privacy (or rather data national security) laws still offer no protection to the people of China from their government.

A good place to watch for news and analysis on China tech policy is Stanford’s DigiChina Project.

One of the most interesting developments I have seen discussed are the national security reviews that will be required for company’s who want to send data out of China.

From the Wired article:

As part of the security reviews, companies must submit the contract between themselves and the foreign partner receiving the data and complete a self-assessment. This includes laying out why data is being transferred out of China, the types of information being sent, and the risks of doing so.

Not all of me thinks this is a bad idea.

Overseas companies that don’t fall into line with PIPL or harm the national security of China may be placed on a blacklist, which could effectively ban them from processing Chinese personal data.

Yahoo and LinkedIn recently pulled out of China. Apple is one of the few international tech companies still doing business there.

Do you think it would be bad for other countries to limit the data they share with foreign parties?

JonKnowsNothing November 30, 2021 8:55 AM


re:Doors and Ladders

The internet is a great idea but there isn’t any way to stop BadActors regardless of their location, profession and government affiliation.

There is a curious aspect to having “global” aspect: Some of us really do not need such access.

  • There are places, like this blog, where people come from all over to share information. As such, the blog needs to have secured global access.
  • There are people, like our host Bruce Schneier, who have international, corporate and academic interactions and have international correspondence and need global reach security.
  • There are people who have important regional connections, family, work etc. but they do not have or need international access.
  • There are some folks who need very limited direct access. Limited to local organizations, work, family, friends.

We treat all of these at the same level. They get the same high level state settings same as an international organization.

Is this a good set up?

Personally, the only international links I use are those from visiting international news and academic sources. I do not have any direct interaction.

Yet, some spammer in Brazil can send me a spoofed message… Why?

I don’t know anyone in Brazil. I have no personal connections there. I read about Brazil in the news.

I don’t know anyone in the Republic of Kazakhstan, anyone in China, the Kingdom of Tonga or even anyone in New York State or New York City USA.

Yet all of these areas can interact with my connection.

There are a tonnage of certificates from places I never visit, places I don’t travel to and places I have no generalized interest in.

These certificates are an open ended Pass It Along system and maybe concept of who gets to pass it along needs a rethink. The concept of who is authenticated is another aspect but in this case we might presume it’s an authenticated server shoveling stuff in my direction from a global location that isn’t within my personal sphere.

Like a set of Venn diagrams. Except I am in the smallest circle and I do not want things outside of my circle to cross into my circle without direct Opt-In or limited Opt-In.

Time to close the door on some locations getting Full Access by Default and maybe time to pull up the ladder while we are at it.


The mail server will deliver items to junk or auto delete them by rule. Having it bounced before it gets routed or delivered to the server might be a better option.

Freezing_in_Brazil November 30, 2021 11:41 AM

@ JohnKnowsNothing

I don’t know anyone in Brazil. I have no personal connections there. I read about Brazil in the news.

Ouch, that hurt! All these years… I thought I was making friends here…

*Just kidding [wink]

JonKnowsNothing November 30, 2021 1:39 PM

@ Freezing_in_Brazil

J: I don’t know anyone in Brazil.

F: Ouch, that hurt! All these years… I thought I was making friends here…

Good point!

It’s very hard to be sure where anyone is unless they have a FindMe tag attached to their wrist ($CoreWatch).

I know of or have connected with many people internationally either through direct visit to the country (rear view mirror) or via MMORPG games. It’s a dead giveaway when the text chat is in Portuguese or Russian (Cyrillic) or if you have voice chat, they are talking in their local lingo.

The difficulty gets compounded because while I may be able recognize Cyrillic letters or discern spoken Russian, that doesn’t mean the player typing or speaking is located in any particular geographic location.

They can be next door or next continent.

JonKnowsNothing November 30, 2021 2:00 PM


re: Restricting Doors and Ladders

To clarify a bit.

There are a number of methods used to move information. They can be deployed solo, grouped or selected. Some apps/programs define the method and sometimes the user gets to define the method.

  • Push
  • Pull
  • Push – Pull
  • Pull – Push
  • Push – Pull – Push
  • Pull – Push – Pull


  • Automatic software upgrade: Push
  • Manual email check: Pull
  • Notifications: Push – Pull – Push
  • RSS Apps: Pull – Push – Pull
  • Spam mail, Spam calls, Unknown Text Senders: Push
  • Contacts, Friends, Whitelist: Push

The mechanism used by spammers is the same mechanism used by your friends and contacts. They use the same technique as unsolicited mail lists.

End User blocking (whitelisting) helps but isn’t that effective.

Perhaps there is a better method of separating these deliveries.


A sampling of a blacklist. The possibilities are endless….


ResearcherZero November 30, 2021 3:38 PM

China certainly knows a thing or two about security!

“those who should be seized should be seized, and those who should be sentenced should be sentenced.” – General Secretary Xi Jinping

Operating Manuals for Mass Internment and Arrest by Algorithm

How to deal with students and detainees who ask, “Where is my family?”

The material provides substantial evidence linking numerous aspects of Beijing’s crackdown in Xinjiang to explicit statements and demands made by central government figures, including Xi Jinping.

General Secretary Xi Jinping’s Speeches While Inspecting Xinjiang
April 28-30, 2014

Speeches by Comrades Xi Jinping, Li Keqiang and Yu Zhengsheng at the Second Central Xinjiang Work Forum May 28-30, 2014

Secretary Chen Quanguo’s speech at the Video Conference – Required Knowledge and Skills
August 30, 2017

Clive Robinson November 30, 2021 4:50 PM

@ Ted,

Professor Henry Gao makes,the same point I’ve suspected thus suggested ie “military” reasons.

Whilst he leaves the potential reason behind “military” unstated, I’ve made part of my reasoning clear, based on fairly recent Chinrse behaviours.

What worries me is how far China is going to push it’s intentions to turn the International Waters of the South China Seas into it’s own private domain or fiefdom.

Fourty years ago Argentina went to war to grab the Faulklands and South Georgia Islands. It’s always been portraied as an “Orwellian” 1984 play, that is to distract the citizens from the failures of the leadership.

Whilst in part that was true, you have to understand why initially the US wanted the UK to give way to Argentinas demands.

The simple answer “energy” South America and the South Pole and much of the sub sea area around the East of South America is rich in energy reserves. There was at the time an International treaty protecting the South Pole however not up to the East of South America, it was just the lack of technology.

As many have noted the CIA and NSA can not keep their noses out of South America and they are actively weakening elected governments and stealing then using economic data to US advantage rather blatantly (see oil/gas drilling bids scandle).

Those in the US State Dept knew that all those energy reserves by international agrement would on the main fall to those with Sovereignty of thr Falklands and South Georgia Islands. They also knew that trying to push the UK around would be far harder and way way more expensive than pushing a very corupt South American Government around. Thus they could use Argrntinia as a cheap proxy to get at the energy resources, but not so the UK. This was known by the UK Government becsuse the Chilian leaders knew full well from experience what the US uas upto as well as Atgentina, and they figured it was in their interests to keep the UK well informed rather than let it play out the US wanted. Part of this was the inteligence gathering that was mentioned the other day. It’s in the public domain now so can be mentioned, the UK had reasonable intel on the Argentinian home forces and aircraft and shipping, becsuse just inside the Chilian boarder guarded by Chilian forces was a UK SigInt and ElInt specialist teams.

What changed things in the US was Maggie Thatcher went to Washington and either “charmed” Ronney or “boxed his ears” depending on who is telling it. The practical upshot is that the US Executive put it’s foot down hard on the machinations of the State Department trolls.

Now consider what is under the South China Seas and is becomming accessable under improving technology. Under International Treaty as it’s inyernational waters China would only get a very small fraction of the energy reserves it despetately needs to move more than a fraction of it’s population into the 21st Century.

Now consider if China successfully anexes the South China Seas and establishes Sovereignty over them it gets not a thin slice of the pork pie but all the pie and effectively the rest of the pig so “the whole hog” as well.

It then also causes problems for other sovereign nations that it regards as it’s own territory. Take Taiwan they are absolutly scared of what would happen, they’ve seen what has happened to Hong Kong, they know what would be comming their way.

It’s no secret that China despetately wants US Forces out of South Korea so that what China has called a normalisation process can occure. That is for North Korean Leadership under Chinese “guidence/assistance” to take sovereignty of the whole peninsula.

Then there is Japan, with it’s lack of young population, and even less military forces. It’s no secret that China would quite happily push young loyal Chinese into Japan as they have in Africa and other places to in effect take them over by stealth.

We in the West realy do not look very far into the future a couple of quaters to a couple of years at the most in both business and politics. The Chinese howrver think in terms of decades and centuries. As far as the Chinese State Party are concerned they are not going any where any time soon thus they know they can just ride rough shod over issues that would bring a Western Government down or bankrupt a Western nations economy.

Then there is the issue of China preparing for global war. Untill this Century China was inwards facing and like Russia nearly a century ago, was looking at controlling a ring of buffer states around it in which proxie wars and similar could be fought and resources plundered. It’s military planing and spending reflected this. But all that has changed China’s military spending has become outward focused and they are gearing up to be a serious contender against not just Russia and India combined, but either Europe or the US. In many ways they are turning their attention to taking over Australia and all the West Pacific Islands right upto the top of the East Coast of China. Thus closing off the West side of the Pacific and having it firmly under their control.

Now I can understand people in the West and Northern Hemisphere not beleving it. But Russia very obviously does from it’s frendship overtures to Northern Europe and it’s rapid modernisation of it’s tactical and stratigic nuclear and other weapons. Turkey certainly believes it as does Pakistan their behaviours tell you this.

What are we in Europe doing? Well we are about to enter a moronic phase where the relationship between Germany and France becomes redefined by stupid political infighting. Which, along with continuing nonsense over the UK boarder and Eire that the US State Dept as well as the US Executive are actively “stirring the pot” over, means we are “sleepwalking” into quite a dangerous situation. The US are also actively stiring up the Middle East again knowing full well what effect that is going to have on Europe.

Oh and study your history over those Asian Proxie wars. China once pointed out a lifetime ago that the US could not win. In one of those wars they pointed out it was a numbers game and China outnumbers the US several times over. In another war they pointed out the very old military truism,

“You can not easily win, even against a very inferior force, if you have a long supply line and they do not”.

The Russians proved that with Napolian and Hitler, as for Korea and Vietnam…

That is why China wants full military control over both the South China Seas and all those West Pacific islands as it will turn the Pacific into an easy killing ground of any military forces coming in from the Pacific.

As the Ancient Chinese Curse has it,

“May you live in interesting times”.

SpaceLifeForm November 30, 2021 5:01 PM

@ Ted, Clive, ResearcherZero

Re: China Data Laws and AIS

Xi never met Sun Tzu.

IMO, the two new laws have nothing to do with the on-shore AIS firewall. That is all cover story.

Lack of Signal, is Signal.

Reparse what I said above about networking and satellite.

Don’t forget mouseover.

Think outside the box. Connect dots.

Clive Robinson November 30, 2021 9:17 PM

@ SpaceLifeForm, Ted,

Sadly Neil Arundale[1] is “silent key”, but his work still remains,

His website,


Appears to be nolonger responding.

[1] He was a licenced UK Amateur Radio Operator, Callsign : M1CHS

[2] He also designed a 162Mhz high gain omnidirectional colinear array antenna for VHF AIS receivers and software you could use with an AIS receiver that has NEMA (serial port) output so you could find the place the antenna gave the best signals.

Ted November 30, 2021 10:51 PM

@Clive, SpaceLifeForm

Wow. Neal Arundale was talented and capable. It’s funny you say amateur radio operator, because his software development seems anything but amateur.

Oh how interesting on the services that sell AIS data. The VesselFinder site says:

Satellite AIS is the only source of up-to-date ship positions data in the most remote areas of the world, especially in the open oceans and beyond the reach of terrestrial AIS systems.

I wonder if satellites can still capture the AIS signals without needing authorization?

It looks like dealing with cross-border data transfers with China could be seriously burdensome.

MarkH November 30, 2021 11:26 PM

@Winter, re your comment 395170:

I see binary thinking there which doesn’t accord with my experience of how things work. How many systems presently use only post-quantum PKC?

Sure, highly classified data are also highly protected. In fact, the most critical secrets are never entrusted to computers at all!

There may be very carefully safeguarded servers using (for example) RSA-4096, which might in turn be post-quantum for practical purposes: even if big-scale QCs are someday constructed, getting 8K qubits to cohere for a good part of an hour might remain out of reach.

Those “normal attacks” which might be practical for some narrowly focused target might also be far too expensive for a broad-scale dragnet.

Another mistaken binary is “secret vs. non-secret.” For example, data sources and methods for an intelligence operation might be safeguarded with extreme care. But there will be associated payroll, personnel records, biometrics, immigration border crossing records, travel records, and financial transfers processed by systems with lesser security standards. At some future date, synthesizing the harvest from these just might yield results of great value.

MarkH November 30, 2021 11:30 PM

@Winter, continued:

Another mistaken binary is “secret vs. non-secret.” For example, data sources and methods for an intelligence operation might be safeguarded with extreme care. But there will be associated payroll, personnel records, biometrics, immigration border crossing records, travel records, and financial transfers processed by systems with lesser security standards. At some future date, synthesizing the harvest from these just might yield results of great value.

In this light, “vacuum cleaner” collection might seem more feasible.

Winter December 1, 2021 12:09 AM

” But there will be associated payroll, personnel records, biometrics, immigration border crossing records, travel records, and financial transfers processed by systems with lesser security standards. ”

The metadata never lie. But experience has taught the TLA’s to protect agents, informants, and moles against such metadata.

The CIA has shown time and again why this is important.

SpaceLifeForm December 1, 2021 3:16 AM

@ Ted

I wonder if satellites can still capture the AIS signals without needing authorization?

It is Radio EMF. Cleartext. No authorization required.

You just Listen. You catch the Signals.

If there are two ships over the horizon, out of visual range, does that mean they did not meet?

I have witnessed a tree falling in the forest. It does make a sound.

The only reason I know this is because I was in the right place, at the right time, looking in the right direction, and caught the Signals.

Clive Robinson December 1, 2021 4:59 AM

@ Ted,

… you say amateur radio operator…

In the UK “Amateur Radio”[1] is the officially approved and frequently used term, the same is true for many other places. The use of “Amateur” back many moons ago ment what it still does in sport, that is “You are not paid for your endevours” unlike a “professional” where “you are paid for your endevours”. It had no connotation about your ability to do constructive work in the field of endevor.

Unfortunately as we have seen with the terms “Hacker” and “Crypto” certain people change the original meaning of the words for their own benifit.

As I’ve previously pointed out English is a lazy language, as such it has a single word for any given meaning or definition, though a single word can have two or more context related meanings (minute being but one). So if you have two words that appear to have the same meaning by definition then very probably you have the definition wrong or incompleate.

You can see that with “Hacker” which had connotations of both skill and the fact that the endevor was “Helpful”. Whilst “Cracker” had no conotation as to skill level, but did to the fact the endevor was seen as “Criminal”. So a “script kiddy” who was just acting as an automata runing other peoples scripts was not in the slightest bit a helpful “Hacker” but is now almost definately a criminal “Cracker”. The “script” would have been produced by a “programmer” and the kiddy was just a “user” (a term that also has negative conitations in another context).

So “crypto” is derived from a non English word that means to “hide”. So does it’s use in crypto-coin mean there is something “hidden”, I think you know my view on that 😉

Finally a little bit of history worth knowing which tells you about peoples intentions and pretentions. Meat in the farm yard or on the table have diferent names, pig = pork, cow = beef etc. Why the English word used in the farm yard, and the French derived word on the table? Simple it goes back to the Normans who wanted to differentiate themselves from others for establishing “status” in all parts of life, in short they went to a lot of trouble to be pointlessly superior something they failed to do by interbreading thus bringing genetic disease to their descendents, hemophilia and pyforia being just two “Royal diseases” the latter causing madness and paranoia, which when you consider it explains quite a lot.

So English was the language “of the people”, whilst French the language of the Norman’s thus “of the court” and latin “of the cloister”. All of which derives from “The King Game” that gave rise to “the estates of man”. And also why we have so many abused latin expressions in the practice of law and medicine, both of which were once was carried out by the church. Which is the probable reason for the word “Profession” ie to “Profess to God” etc. It’s certainly true that in Medieval times there were only three Professions, devinity, law, and medicine, all of which were along with their teaching strictly the province of the church untill well into the Victorian era, when “Natural Philosopy” became “science” with the implication that “Men of Science” were atleast of the rank of Esquire or higher in Court Ranking.

[1] In the US the official term is still “Amateur Radio”, but the frequently used term is “Ham Radio”. The word “Ham” has had negative connotations for a long time as in “Ham Actor”. It is thought that it originated in the mid 1800’s with the term “Hamfatter” refering to the use of pork grease as a lubricant to remove certain types of cheap stage makeup. However the term “hamfat” was also used with regards people who had been involuntarily brought from Africa or their American born descendents. As such either way it was used in a derogatory sense.

Clive Robinson December 1, 2021 5:03 AM

@ Winter, MarkH,

The CIA has shown time and again why this is important.

You could have usefully left “by their failings” in that statment.

Clive Robinson December 1, 2021 5:16 AM

@ SpaceLifeForm, Ted, ALL,

The only reason I know this is because I was in the right place, at the right time, looking in the right direction, and caught the Signals

Demonstrating the three most important factors of what is required with “intelligence gathering”,

1, Time
2, Location
3, Observation

It’s why “boots on the ground” are more discriminating than “birds in the air”, something that many get confused about.

In part because of the military maxim about “high ground” it can enable you to see further, thus earlier. But it has a down side it makes you more visable in a very predictable way.

Back in the early days of recognizance satellites the Russias used to send out “orbit pass” information to commanders such that they could time their activities to be “out of sight” to US “birds in the air”.

Winter December 1, 2021 5:54 AM

“You could have usefully left “by their failings” in that statment.”

You are right. It does tell you how I think about the CIA.

lurker December 1, 2021 11:35 AM


If you try calling the RNG HAL function when it doesn’t have any random numbers to give you, it will fail and return an error code.

(my bold) Does the spec say it must fail and return an error code? It comes back to the matter of trust. What can or should you trust a lightbulb to do? properly?

JonKnowsNothing December 1, 2021 12:06 PM


re: Fencing off Doors and Ladders

The entire area of whitelisting/blocking/blacklisting is not new and many organizations struggle to respond to differing viewpoints.

  Some like it Hot
  Some like it Cold
  Some like it in the Pot 9 Days Old

Effectively, the end user has to manage their own fencing system(s) and some systems are more porous than others (Google: MineROK-NotYours).

There is a side effect of end user fencing: The fence is only at the end point.

Huge swaths of computing and routing messages, bandwidth, equipment are used to process Excluded Data. As the exclusion only happens at the terminal-end, all the data flows roll around the internet structure soaking up bandwidth that could be allocated to “something else”.


If the block is moved forward in processing, some bandwidth could be saved, repurposed with costs-benefits (inclusive of all that entails).

Governments have access to blocks AT WILL and use them. We can see the entire blockage. This is a wholesale amputation of the system.

An end user block-fence is a selective block, that has no effect on anyone else, except if they share the same block (eg: NoEvils)

Currently the end user blocks are stored in end user devices. Where the block is actually applied depends on the application, the application vendor, ISP.

If we consider moving the end user block, a form of personal Geo-fencing, forwards in the process, this might have merit from a variety of views.

The difficulty is in where to place the personal Geo-fence within the system and how to manage it. It could be managed similar to telephony numbers, or an ACH system. These methods are already in use but restricted in scope.

Forward Personal Fencing

  • PUSH – ROUTER – NET – BLOCK (recovered bandwidth NET – NET – NET – ROUTER – END POINT)

Open Access remains unchanged

  • PUSH – ROUTER – NET – NET – NET – NET – ROUTER – END POINT (clear-open)


ht tp s://e n.wikiped

ht tps:/ / en.w ikipe dia. org/wiki/Pease_Porridge_Hot


Pease porridge hot, pease porridge cold,
Pease porridge in the pot, nine days old;
Some like it hot, some like it cold,
Some like it in the pot, nine days old.[

Clive Robinson December 1, 2021 12:37 PM

@ Ted, lurker, ALL,

The RNG on billions of IoT devices sucks.

This is not exactly new…

I’ve mentioned it regularly hear over the past couple of decades, even describing how the NSA etc could easly exploit it.

I’ve even given indications of some ways you could in part fix the issue.

Our host has written books and papers on the subject.

I wrote papers back in the 1980’s and 1990’s about the issues and how to resolve them in “Fast Moving Consumer Electronics”(FMCE) which is what IoT is still a quite small subset of.

@Bruce and myself are not the only ones to have rung this bell loudly, yet people are still getting significantly burned by it…

As I keep saying,

For some inexplicable reason the ICTsec industry is about the only one that does not learn from it’s living history.”

If you have a suggestion as to how to change this, a lot of people would be interested in atleast talking about it.

lurker December 1, 2021 1:54 PM

@JonKnowsNothing re data rolling round the net using up bandwidth that could be used for something else

Something else like “lost” packets? While testing those geo-locator-checker sites posted by SLF a couple of weeks back, they were reporting an average packet loss of 25%. I knew packet loss was a significant number, but hadn’t expected that significant.

SpaceLifeForm December 1, 2021 2:34 PM

@ Clive, Ted, ALL

Another TLO (Time, Location, Observation)

Approximately 52.5 years ago, I happened to be out in the boonies, camping under the stars. Crystal Clear, moonless night.

And there it was, a satellite in polar orbit, traveling from north to south.

For some reason, it had a flashing red light, guessing once per second. Which is how I caught it. Surprising me, was that I could track it even when the red light was off. It was high enough to reflect some sunlight at that time, maybe two or three hours after sunset.

Needless to say, it did not stay in my field of view very long. Maybe 6 to 8 seconds.

In part because of the military maxim about “high ground” it can enable you to see further, thus earlier. But it has a down side it makes you more visable in a very predictable way.

Back in the early days of recognizance satellites the Russias used to send out “orbit pass” information to commanders such that they could time their activities to be “out of sight” to US “birds in the air”.

Starlink works around that problem.

Ted December 1, 2021 2:39 PM

@lurker, Clive, ALL

Does the spec say it must fail and return an error code?

Good question. Since I am only seeing this for the first time, I will just try to pull some thoughts from the research.

First of all, they say a high number of calls for random numbers from the hardware can overwhelm it and cause it to fail and generate error codes.

Many programmers will ignore the error codes bc the alternatives aren’t great. (Either aborting the process, or spin looping on the HAL function and using 100% of the CPU.)

If they do ignore the error codes the following can result:

  • Partial entropy
  • The number 0
  • Uninitialized memory

None of these are great either.

I still have to try to figure out what a CSPRNG subsystem is, and if this is really a viable solution. Do you know anything about this?

@Clive, I will add more in another post.

Ted December 1, 2021 2:54 PM

@Clive, lurker, ALL

Re: IoT RNGs, etc.

So do you think that the forthcoming UK IoT legislation will have a profound impact on IoT security?

I know ‘profound’ sounds almost childishly optimistic, but in all honesty, it seems to have real promise.

For example, one of the three primary tenets of the legislation will “Require products to have a vulnerability disclosure policy.” So any failure in cryptographic security will be a vulnerability, right?

I am wondering if these types of vulnerabilities would have to be reported in a compliance report? Also, surely the UK regulator will be able to start to piece together best practices and share this info across industry.

SpaceLifeForm December 1, 2021 3:44 PM

@ JonKnowsNothing

Chutes and Ladders

Your Forward Personal Fencing model will not work.

It will just become another attack target.

Which will increase the wasted bandwidth problem.

The wasted bandwidth of attacks upon your endpoint is not your nickle. DROP.

SpaceLifeForm December 1, 2021 4:22 PM

@ Ted, lurker, Clive, ALL

Software Contracts and RFCs R Us

Does the spec say it must fail and return an error code?

Who really cares? A spec means nothing.

The calling code can ignore. The called code can lie.

You MAY want to parse closely.

You SHOULD never trust an external input.

You SHALL never trust an external input.

You MUST never trust an external input.

While this is not REQUIRED, as it is OPTIONAL, it is RECOMMENDED that you learn from Humpty Dumpty.

lurker December 1, 2021 4:55 PM

@SpaceLifeForm: must fail?

Rhetorical question, sniffing around why the boffins said will fail, when plainly real world examples do not …

SpaceLifeForm December 1, 2021 5:10 PM

@ Ted, lurker, Clive, ALL

re data rolling round the net

This will sound crazy, and you really have to think outside the box on this.

I came up with this concept many years ago.

Consider a cloud of data that is NEVER AT REST.

Clive Robinson December 1, 2021 5:27 PM

@ Ted, lurker, ALL,

I still have to try to figure out what a CSPRNG subsystem is, and if this is really a viable solution. Do you know anything about this?

I have no clue as to who first thought the idea for a “Cryptographically Secure Pseudo Random Number Generator”(CS-PRNG) up was but many many people including myself have thought it up independently.

In essence it is a “stream generator” where you omit the mixer function with plain text and just output the stream instead.

As you might or might not know any base cryptographic algorithm thsy is not a stream cipher already, is trivially converted into a stream cipher.

So take a block cipher like AES, you drive it’s plaintext input from a determanistic system such as a counter snd you use the ciphertext output as your PRNG value. You have two secret values, the block cipher “Encryption Key”(Ek) and the “Initialisation Vector”(IV) you load into the counter as the start value.

You just “clock the counter” and you get a new value out of the block cipher every time. Officialy you have used the block cipher AES in counter(CRT) mode so it gets called AES-CRT. You can use AES in other modes such as by using a latch to provide a “feed-back mode” such as “Cipher FeedBack”(CFB) Mode. The possibilities are large. But at the end of the day they all can be modeled as a counter followed by a mapping function.

Now I won’t go through them all but there is a big long list of things “NOT TO DO” with stream ciphers. Perhaps the biggest “No No” is,

1, “Key Material”(KeyMat) reuse.

The big problem with “embedded systems” is that KeyMat reuse is guarenteed unless you take specific precautions to stop it.

Worse the precautions have to be such that not only must the KeyMat and IV be unique to each device there are further constraints one of which is,

2, The selection has to be non predictable.

That is you can not use the device serial number either as it is or encrypted in some way.

But there is a further constraint,

3, The stream has to evolve during use.

That is the stream output has to become entirely unpredictable both in the forwards and backwards direction. This requires a source of “True Random Number Generation”(TRNG) that also,

4, Evolves over a long time period.

This is so the internal state can not be forced or guessed. Generally this is done by the use of an “entropy pool” into which the TRNG output is mixed. But there is a problem, which is what happens when somebody kicks the power lead out of the wall, or there is a “brown out” or worse “black out”? Unless precautions are taken then an embedded system will simply drop back to a previous state and just give the same output again ie Stream Reuse happens. So to stop this,

5, Internal state should be preserved across reset and powerup.

The list goes on but by now you should realise that this means very fundemental design issues in the hardware, firmware, and other software etc.

But other problem are,

6, What do you do when the TRNG stops working correctly?

But more importantly,

7, How do you know the TRNG is working correctly?

So lots of things to consider and in away the above are the easy ones.

There are fun issues such as “short cycles”. When you use the likes of Cipher FeedBack modes you can get a state where the output goes into an “endless loop” of just a few values, so you get stream reuse… The question is,

8, How do you know when the output is in a short cycle loop?

When you think about it you quickly realise that beyond very very very short cycles you can not easily check…

lurker December 1, 2021 5:39 PM

@Clive Robinson, re BMJ article deemed unfit for tender eyes:

I asked someone in UK whether said journal was still reputable. Reply “on the basis of that article, maybe the reputable editors have died of covid and been replaced by neolib trolls”.

Ted December 1, 2021 5:56 PM


My goodness, thank you for your response. I am going to read through it more carefully when I get some quiet time in a few hours. I had this next post pending, so I will go ahead and post it before I circle back.

@SpaceLifeForm, lurker, Clive, ALL

The IoT RNG researchers said that the STM32 microcontroller (MCU) comes with really good documentation where many others do not.

I went to check out the documentation and found one titled: “STM32 microcontroller random number generation validation using the NIST statistical test suite.”

I just have to ask, is this backdoored?

The researchers recommended this for device manufacturers:

Deprecate and/or disable any direct use of the RNG HAL function in your SDK. Instead, include a CSPRNG API that is seeded using robust and diverse entropy sources with proper hardware RNG handling. The Linux kernel’s implementation of dev/urandom can serve as an excellent reference.

Ted December 1, 2021 9:29 PM

@Clive, lurker, SpaceLifeForm, ALL

Now I won’t go through them all but there is a big long list of things “NOT TO DO” with stream ciphers.

First of all Clive. You are so generous with your time and knowledge. I love every word of it.

To continue, I think it’s great that you included a “NOT TO DO” list, bc the researchers said that it was too dangerous to write RNG code on one’s own, just like crypto code. I think you even went a few steps further in expanding on potential problems.

I am dragging a few words and concepts out of your post to seed my understanding. I also watched a video on youtube about pseudorandom number generators.

I think I will have to put all this on repeat a few times. If I ever say something off, you are more than welcome to point me in the right direction.

I mean I even had to look up why this xkcd comic on random numbers was funny. And I’m still not sure if I get it. 🙂

SpaceLifeForm December 1, 2021 11:14 PM

@ 6449-225

re data rolling round the net

Keep in mind, when I said NEVER AT REST, I meant never committed to a non-volatile storage medium.

So, this means bits in flight, and bits in router ram.

Storage capacity certainly could be in the terabyte range when you consider all of the upstream routers and how much ram they each have.

Clive Robinson December 1, 2021 11:14 PM

@ Ted,

I mean I even had to look up why this xkcd comic on random numbers was funny. And I’m still not sure if I get it. 🙂

Like many XKCD quips it is funny on so many levels it’s almost as though you can read anything into them.

For instance 221 is when you look on it a sad commentary on life. That is the comment shows that,

1, The specification has been read.
2, The programmer has gone and looked the requirment up.
3, The programmer has forefilled the requirment as they have read it.
4, The programer is satisfied they have done what the specification asks for.

And in all that intellectual processing of gathering of information working through it carrying out a requirment analysis by both thought and deed, has in fact totally failed to grasp the point…

So in just one line of code and a comment, has encapsulated one of the biggest failings of the entire software industry.

In the second volume of his epic work Donald Knuth says,

‘People who think about this topic almost invariably get into philosophical discussions about what the word “random” means. In a sense, there is no such thing as a random number; for example, is 2 a random number? Rather, we speak of a sequence of independent random numbers with a specified distribution, and this means loosely that each number was obtained merely by chance, having nothing to do with other numbers of the sequence, and that each number has a specified probability of falling in any given range of values.’

What ever you do, do not try and read the third sentance out loud, unless you have athletic prowess you will probably turn blue 😉

He then goes on to say that with a long string of digits you would expext say 9 to occure 1/10th of the time etc. In effect concluding this with,

‘Any specified sequence of a million digits is equally as probable as the sequence consisting of a million zeros. Thus, if we are choosing a million digits at random and if the first 999,999 of them happen to come out to be zero, the chance that the final digit is zero is still exactly 1/10, in a truely random situation. These statements seem paradoxical to many people, but there is realy no contradiction involved.’

Now having upped your “Zen level” a little by reading that consider that program code again from the “Chinese Room” perspective of being the person outside the door observing those million pieces of paper all with a zero drawn on them.

As an observer outside the door, and not privy to what is going on in the room, what would you conclude, –long long before you got to the millionth piece of paper– was going on inside the room?

The fact that you can not know, but only draw a conclusion based on what you have seen is the essence of the subject.

So our unknown programmer concluding what they did thus, wrote the code they did, is in a sense understandable. The fact it is totaly the wrong conclusion to come to is neither here nor there, because “It passes the test”…

Remember this when you start looking at Die Hard / Die Harder and the various standards organisations tests for randomness. They are in fact not tests for randomness at all, they are actually tests for statistical correlations, that is “a beat in the chaos of cacophony” that is the sound track to every thing. The tests only tell you they have failed to detect correlations, not that your generator is “truely random”. In all probability it is nothing of the sort.

Ironically what we usually want as “good randomness” can only be produced by a “fully deterministic process” of high complexity in it’s output.

In fact if we take two of the purest signals we can have –that is two non harnonically related sinewaves with no harmonic content– and mix them together we end up with two more pure sinewaves. These waves when added together make a complex pattern, if you digitize it what you end up with looks to most people to be totaly random. And will for a short run of output pass those statistical tests…

There is nothing random or chaotic in that output, in fact if you integrate it in a lossy integrator or low pass filter you get a very pure sinewave at the difference frequency of the two original sinewaves. Which is exactly what the maths you were taught in high school will tell you to expect. It’s also what any RF Engineer would tell you to expect.

Yet many “on chip” alledgedly “True Random Generators” are in fact exactly that. That is they are “ring oscillators” that are effectively mixed in a D-Type latch.

Because the the output has such low entropy the chip designers hide this by putting a cryptographic function such as a “hash function” after it.

So… The reason those tests can not detect correlations in the output of those On Chip TRNG circuits is not because there are no correlations. There very assuredly are, but because they have been “encrypted” by a strong cryptographic algorithm they are hiden beyond what the tests can see.

That is such On Chip TRNGs are not realy any different to AES in CTR mode. Only the counter rather than producing a sawtooth waveform when graphed out, instead produces a very pure sinewave…

As they say “Food for thought”.

SpaceLifeForm December 2, 2021 12:04 AM

@ Ted, Clive, ALL

Let’s reparse what Clive wrote

1, The specification has been read.

The specification said to create a function called getRandomNumber that returns a Random integer.

2, The programmer has gone and looked the requirment up.

The programmer did some research, and found that he could roll dice to fulfill the Random requirement.

3, The programmer has forefilled the requirment as they have read it.

So, the programmer rolled a die, and it came up 4. It was a fair roll.

4, The programer is satisfied they have done what the specification asks for.

The code met the specification.

Here is the problem. The specification was garbage.

If you want to learn more, make sure you do not study Waterfall methodology.

Clive Robinson December 2, 2021 12:44 AM

@ SpaceLifeForm,

Consider a cloud of data that is NEVER AT REST.

To some it is a strange notion but to others who work close to the wire it’s just a consequence of the way things work, like the loose change you carry around in your pocket.

Which is what got me thinking in the early 90’s, “information has value” so “What is the value of information in transit?”

To understand this you need to understand the notion of “Seigniorage” from the French “right of the lord”. Wikipedia says of it,

“Seigniorage can be a convenient source of revenue for a government. By providing the government with increased purchasing power at the expense of public purchasing power, it imposes what is metaphorically known as an inflation tax on the public.”

Another way to look at it is that,

“The money in your pocket has to earn interest, but it accrues to the issuer of the currancy not the holder.”

So if information has value, when it is in transit it is like your pocket change[1], it is earning interest but not for you.

But who is it earning value for?

Well take a look at Google when you analyze it it earns value only on information in transit, not on stored information. More importabtly the more Google keeps information in transit the more value it earns.

The same is true for all the big Silicon Valley Information Corporations. Their “income” is as a direct result of “devaluing your information”.

It’s the question that sparked my thinking on truly decentralized databases that are highly parallel, but importantly incomplete as individual entities or nodes.

Therefore the database exists in the network by data in transit. As Alphabet/Google and others have proved such data can have imense value.

Interestingly though, whilst,

“What is the value of information in transit?”

Was going to be “the question” underlying the PhD I wanted to do, but academia was not ready to get to grips with it in the 1990’s. Nor were they even remotely close to wanting to get to grips with the whole notion of databases that were not just distributed but by definition incompleate at any node. The idea of having to apply special relativity to information that only existed if the fields defined by Maxwell’s equations and Poynting vectors around the wire “was beyond their comfort zone”.

But guess what getting on for a third of a century later, academia is still showing next to no signs of wanting to get to grips with just the notion that information can exist as a shadow on the wire and not anywhere else… let alone the idea it can have real value, as Google and Co have demonstrated.

[1] The thing is pocket change, is mostly “never at rest” and actualky has “real” not “fiscal” value. For instance in the UK, though now rare there are still “decimal pennies” in circulation and use, that were issued in the 1970s. Their “real” scrap metal value is around six times their “fiscal” face value because of the copper content etc… Obviously the English Royal Mint –not the bank of England– situated in Wales wants these pennies back so they can extract the real value.

6449-225 December 2, 2021 1:05 AM

@SpaceLifeForm @Clive Robinson

data that is NEVER AT REST

This eventually rang a bell …

Such flying storage is discussed by Michal Zalewski in his book “Silence on the Wire”, Chapter 16, Parasitic Computing, He estimates the internet capacity (in year 2005) as 2500 TB.

Winter December 2, 2021 5:38 AM

Please find information about what data the FBI can legally access in various messaging apps:
Jan. 2021 FBI Infographic re Lawful Access to Secure Messaging Apps Data

A discussion in German can be found here:
(Google Translate does a good job in converting it to English)

Tl;Dr : Signal does a good job here compared to the rest.
(I know, if you use a phone or computer to encrypt, it is not secure)

JonKnowsNothing December 2, 2021 5:57 AM

@Clive, @All

‘Any specified sequence of a million digits is equally as probable as the sequence consisting of a million zeros. Thus, if we are choosing a million digits at random and if the first 999,999 of them happen to come out to be zero, the chance that the final digit is zero is still exactly 1/10, in a truely random situation. These statements seem paradoxical to many people, but there is realy no contradiction involved.’

One common place to see this in play is in MMORPG games. A good many (all?) are based on PRNG outcomes that simulate dice rolls (1).

In a particular sequence of repeated actions that are equal, the outcome is determined by the PRNG for each action.

Players commonly confuse the PRNG outcome for a single event with the average outcome over a series of events.

ex: A critical improved outcome enhancement is applied to a single event. The outcome result may not gain the improvement offered by the enhancement. Unless the enhancement is a guaranteed improvement.

An improved outcome requires 80 points on dice roll (100). The enhancement offers at 30 point increase + the dice roll (100). If the roll is 45 + 30 the improved outcome fails.

Players may repeat the action n-times and still fail to get the enhancement. Open chat will confirm: It happens to everyone at some point.

The players are not necessarily incorrect about the application of enhancement value because the PRNG isn’t Random and the event is not determined by a physical dice throw.

Pen&Paper games don’t have this problem if they use dice.

The same thing happens with “high tech overlords”. They seem to think that lightning luck will strike every day and in every business they attempt. Some have better business sense while others learn harder lessons.


1) See the statement about Random Generated Numbers

Winter December 2, 2021 6:20 AM

@Ted, Clive, ALL
“Any specified sequence of a million digits is equally as probable as the sequence consisting of a million zeros. ”

However, this only holds when the sequence is generated by a uniform process. Which it never is. Anyhow, probability is a very fragile concept and in general not very useful when you have only a single, or a few, examples.

A better way to look at n=1 sequences is to use Kolmogorov complexity (Wikipedia is your friend). This is much closer to our common understanding of “random sequence” than probability theory.

The Kolmogorov complexity of a string of N truly randomly generated bits in O(N), i.e., aN + Constant. The Kolmogoroc complexity of a million zeros is the same as the decimal expansion of Pi, and equal to O(log(N)), i.e., a alog(N)+constant. N is used here only to indicate of how long the string should be.

Kolmogorov complexity would be ideal to evaluate the performance of a RNG. However, Kolmogorov complexity happens to be incomputable. But all tests of randomness try to estimate the KC.

JonKnowsNothing December 2, 2021 6:31 AM


re: More mRNA vaccines On The Way

There are some new mRNA vaccines in the pipeline, including some for other virus. There will be competition between mRNA and T-Cell versions. mRNA stimulate antibodies. T-Cells do search and destroy.

Some of these maybe in the pipeline for Q2 2022.

One of the oral drugs has not done too well in extended trials. It’s approved but does not have the expected benefits of earlier trial reports. A second drug is still looking promising based on their early trials.

An observation about mRNA vaccines both old and new:

A big aspect of the mRNA vaccines was “how easy they are to tweak”. A mfg for one of the new mRNA in the pipe says “they can tweak it in 100 days”.


This same statement was made a while back about the existing mRNAs. Yet, there have been zero tweaks to their vaccines and some governments are signing booking orders for millions more doses of the un-tweaked versions.

One reported explanation by one manufacturer amounted to:

  • Well, actually, it’s not that easy to tweak
  • It’s good enough as is
  • Breakthrough cases (vaccine failure), at least most people won’t die

This is not going to cut the mustard with Omicron.

It is not wise to expect a kinder, gentler, nicer SARS-CoV-2 in the future.


ht tp s://ww w.t heguar dian.c om/world/2021/dec/01/israeli-doctor-believes-he-caught-omicron-variant-of-covid-in-london

A doctor who was one of the first people in the world to become infected with the Omicron variant says he believes he caught the virus when he was in London for a major medical conference attended by more than 1,200 health professionals. [11 19 2021 – 11 23 2021]

[The MD] had received three doses of the Pfizer/BioNTech vaccine.

h ttp s://ww eguard

Covid-19 variants may not evolve to be less dangerous Neil Ferguson
head of the disease outbreak analysis and modelling group at Imperial College London

Ted December 2, 2021 7:43 AM

I seriously enjoyed reading the comments on generating random numbers. Thanks for everyone who helped explain the xkcd comic and for adding a few more great thoughts and comics on top 🙂

I’m sure you all already heard about Cloudflare’s entropy generator LavaRand, based on the wall of lava lamps in one of their offices. It looks like there is a time for every purpose, under heaven.

6449-225 December 2, 2021 8:14 AM

@ Ted

… a time for every purpose …

But is there a purpose for every time ?

I envisage a mechanical wristwatch where everything that in a normal watch is done based on the circle is done with Reuleaux triangles.

Ted December 2, 2021 8:53 AM

@Winter, Clive, ALL

Re: Kolmogorov complexity and Andrey Kolmogorov

He is supposedly quoted as saying:

“Every mathematician believes that he is ahead of the others. The reason none state this belief in public is because they are intelligent people.”

But I think he was ahead of some 😉


Re: Wankel engines

Mesmerizing 👍

6449-225 December 2, 2021 8:59 AM

@ Ted @ Winter

Dept. of Everything Old is New Again, more –

Check out Tom Apostol (yes, the Tom Apostol) and Mamikon Mnatsakanian “New Horizons in Geometry”, where all the “classical calculus problems are generalized and solved by innovative elementary geometric methods.”

Also, if anyone knows of a good deal on a Ro-80 or a Mazda 787B …

Freezing_in_Brazil December 2, 2021 9:03 AM

@ All

Regarding mRNA vaccines [not meant to derail any ongoing discussions]

In early Covid-19 discussions last year, Clive Robinson raised some questions regarding the safety of mRNA-based vaccines. He cited the history of failure [almost a tradition] in the pursuit of this technique as opposed its surprising [and perhaps inexplicable] success rate. I agree with all the points he raised then and am relieved that I have been immunized with Astra-Zeneca, a vaccine made with traditional, proven, techniques.

The emergency use of mRNA-based vaccines was justified in the first moment of panic. However, now that we have some breathing room, I ask if it would not be more prudent to invest in the distribution of traditional vaccines while carrying out a complete review of all data regarding mRNA vaccines. And @Clive, have you changed your point of view in any way?

Winter December 2, 2021 9:23 AM

“However, now that we have some breathing room, I ask if it would not be more prudent to invest in the distribution of traditional vaccines while carrying out a complete review of all data regarding mRNA vaccines.”

I understand that people had doubts at the start, but now?

There are data on hundreds of millions (billions?) of recipients. The data show they are safe and effective. They are the best when given, with stronger responses upon application. Their effectiveness seems to weaken faster than those of the other options. But they are still more effective than the others.

I have yet to see publications, or reports, that the AZjab is in any sensible way “better”.

And if we want a new formulation for a variant, nothing beats editing RNA in speed and precision.

Clive Robinson December 2, 2021 9:32 AM

@ Winter,

Please find information about what data the FBI can legally access in various messaging apps

It rather depends on what you mean by “legally”.

As a simple rule of thumb, “Anything any one freely gives them, or that they can see when in some place, they are alowed to be”

There used to be a rule about what constituted a search and ehat did not, and whilst it still knind of holds for a few things, the argument has been pushed and in some places accepted that if a computer is in plain sight, then so is the entite contents of all memory on it and likrwise removable media even if it is encrypted.

Hence building computers in safes is something that has yet to be legally tested. But I would not hold my breath on it. It’s just another reason why I say “Paper Paper NEVER data”.

As far as I can tell all mobile phones are considered in plain sight by US and dependency judges these days thus searchable and worse abusable etc.

Arguably the FBI, Microsoft and I suspect other Corps consider computers anywhere in the world they can reach or be reached from in the US to be subject to US Jurisdiction and some judges have in effect agreed as they have issued paperwork etc.

But “legally” is a movable feast, everyone in the world is as far as the US legislature is concerned subject to certain “secret” legislation where ever they are at any time even if it has nothing what so ever to do with the US Government Federal or State and US citizens.

For instance I can legally buy Chinese or Taiwanese manufactured parts and have them built into working systems in China or Taiwan and have software that I don’tsigned based on my own IP and have them shipped from China to some other nation lets say Iran. I would not be breaking any laws in the country I’m in or China / Taiwan or the destination country. But as far as the US is concerned if they decide secretly that my IP should be on their secret baned technology list, guess what…

Then of course it’s well known the FBI is happy committing perjury both directly and indirectly… The FBI are also happy to tamper with evidence to get prosecutions directly or indirectly. They have been caught beyond any kind of reasonable doubt, yet the walk away from it. You say you are unsure of anything to a pair of FBI agents and you are suprise suprise guilty of various crimes that could get you a hundred years or worse.

Then there is parallel construction, what little we know about it is quite alarming.

Then there are those “helpful citizens” the FBI employ / use or abuse to enable the FBI as the dictionary definition has it commit “entrapment”…

The thing is for obvious reasons, all of these “failings” occure in other juresdictions from time to time. Yet we either don’t or hardly get to hear about them, and obviously even less happens in the way of punishment to these other law enforcment offenders than happens to the FBI. As that is usually nothing with the FBI, it imples that these other law enforcment offenders get promotion etc. Those who remember what the UK Met Police have been upto can confirm that many did get their careers enhancer. In fact “Exhibit A” would be Cresida Dick…

When a public statment made on National Media says of her,

<blockquote“all found that the leadership of the Metropolitan Police is breathtakingly corrupt”[1]

Even the more skeptical should take both note and future caution.

But you only have to look at Operation ORE[2] based almost entirely on deliberately adulterated evidence by the FBI supplied to the Met Police who then knowingly used it in court… Oh and also behaved in such a way that some of those accused on this evidence committed suicide, others lost their families, their homes, their jobs and much more besides. All because FBI and Met Police Officers wanted “promotional brownie points”. Guess what even though the lid did get blown off it, many got their promorotions and more besides.


[2] The UK Operarion Ore was an unmitigated disaster in oh so many ways it’s hard to know where to start on the malfeasance in public office. What was found was that much of the supposed evidence via credit cards, was actually not evidence of guilt or involvment. In the case of the UK it was demonstrated that in fact a well known Supermarket had alowed peoples credit card details to be stolen. These details were then used by criminals outside of the UK to obtain money illegaly on a questionable web “portal” service based in the US. The FBI and the Met however claimed without evidence that everyone on the list was obtaining illegal media, which was also not the case (much on the portal was of an adult nature and though questionable was not illegal).

6449-225 December 2, 2021 9:47 AM

@ Ted @SpaceLifeForm @Winter

The more I reflect on it, the more the Reuleaux triangle seems to be a better metaphor than the circle for the passage of time and time. Time seems to roll on, hours days years go by in a cycle, but that doesn’t mean time is necessarily fittingly represented by the homogeneity of a circle. The times can have contrasting flatter and sharper local character yet, like the triangle, cycle on smoothly. The world is actually like that.

Clive Robinson December 2, 2021 10:31 AM

@ Freezing_in_Brazil, Winter,

And @Clive, have you changed your point of view in any way?

As you know @Winter and I disagreed over much of it at the time.

But long answer short “No”.

My concern was about both short term and long term effrcts of mRNA.

We know that there are short term effrcts, these have been found, though there is argument about the way vaccines are given.

What is conspicuous by it’s abscence is any rational investigation or observational studies…

And yes we know thst there is auto immune disease arising in people who have had COVID and who have had vaccines.

Again what is conspicuous by it’s abscence is any rational investigation and observational studies.

As I said at the time I had my first injection I had the choice of which vaccine I went with and I went with AZ.

It’s also known that shortly after my second jab I noticed I was suffering certain symptoms that got progressively worse and I ended up in hospital three weeks after the jab with serious heart complication that included only about 5% functional output under test, and a blood clot in the right atrium the dimensions of which are similar to an average adult males thumb nail area.

Do I know if that second jab and the subsequent heart problems which still have me more or less house bound currently are a case of cause or coincidence? Personally I have no idea. The hospital “think” it may have been down to blood cloting control medication “Riveroxaban” I was on, but there is no way to actually clinically test, only statistically on observational analysis.

I’m being pushed to get the third “booster shot” which I am currently resisting. Not because of the heart issue, but due to actual science. The effectiveness of most COVID vaccinations are time sensitive that is if you take them too close together in time you do not get the same long term benifit as if you took them further appart in time.

However there is also the short term benifit to consider and the new “O-heck how many mutations” varient to consider. It takes around three to five weeks for your immunity to build up to a maximum. So I’ve got to make a decision based on my petception of my life style risk factors and comming into contact with this new VoC. But… there is a hidden asspect to this.

In South Africa two Doctors are giving different reports. They both say it’s way more infectious. But one says it’s more mild than other varients she has seen and in some cases so mild it’s only symptom is mild headache (why not indicated). The other says it is significantly effecting male patients that are young adults to middle aged.

The question is why the difference? Well the clue is where they practice. One sees middle and upper economic level patients the other poor probably with more indigenous descent more than Europran descent patients. They are also mainly unvacinated or only had one jab at best, unlike the patients of the docter who sees mild symptoms.

So what would be my risk if I was a “breakthrough” infection?

On the face of very very little information so far, likely minimal.

Then the question arises of would there be any benifit to being a breakthrough infection…

The answer to that is more complicated and is likely to be yes, in that those who have had COVID have better immunity profiles over all. Also this O varient, is interesting in that it is a pot-pouri of many of the other variants, thus it’s potentially going to give a broader range of immunity than a new jab.

Which without further consideration begs the question as to if it actually would be better over all to get the O variebt infection rather than a booster dose…

Which is where that further consideration comes in. I suspect most here know the basics of what Long-Covid is. It is way way to soon and way way to few known O-varient infections to draw any kind of conclusion.

All we can say is the O-varient though apparently mild, dies share mutations with other varieties that have been pointed at with respect to Long-Covid.

So too little science, to few infections, in to short a time, for me to make as an informed choice as I would like…

Ted December 2, 2021 10:59 AM


Hmm are you slipping lines from songs in your posts 😉

Lol! You got me. My plausible deniability is weak 😁

Clive Robinson December 2, 2021 10:59 AM

@ Ted, Winter, 6449-225, ALL,

Re: Wankel engines

I hear they are good for round trips 0:)

On a more serious note, you can not just drop them into existing vehicular “power trains” as they have different characteristics to the conventional “Infernal Combustion” engine.

Winter December 2, 2021 11:04 AM

“Again what is conspicuous by it’s abscence is any rational investigation and observational studies.”

I do not know what makes you reach this conclusion. These jabs are probably the best and most thoroughly researched in human history. They routinely discover one-in-a-million side effects.

The long term, whole population monitoring has revealed that mRNA jabs has been as effective as in the phase 3 tests (>90% for hospitalizations).

About long term effects. These are elusive. There have not ever been delayed long term effects found. All side effects arise early. Every vac is new, just as every sunrise.

lurker December 2, 2021 11:16 AM

@Freezing in Brazil, All

Have a word to the Lady Jacinda. I’ve just managed to get my first jab of AZ. Interesting interrogation by the operator to be sure I knew what I was doing. Minister in charge gloated after 3 days that uptake was “low, as expected.”

J&J although approved, may never be seen here: for international transport it must be frozen, and there’s no local agreement on how to do that on commercial planes. The temperature required is the same as frozen fish, which our planes already cart all ove the globe. Yet they have no problem with Pfiz at -80C

lurker December 2, 2021 11:36 AM


“Again what is conspicuous by it’s abscence is any rational investigation and observational studies.”

I covered this in my third degree with the AZ applicator (see above). We both agreed there was a lot of anecdotal evidence, snippets of non-blinded comparisons, sales blurbing by the makers, but a distinct lack of proper controlled comparison.

There’s probaby a rationalisation here that the immediate imperative is to get jabs into people, any jabs so long as somebody has approved them. Seeing how well they worked compared to each other, can come later, which may be too late if we are overtaken by later generations of vaccines.

Winter December 2, 2021 11:54 AM

“Seeing how well they worked compared to each other, ”

They all worked, and they were all effective. They are all more effective that your common flu jab with no more side effects.

The polio jabs cause more problems (sometimes inducing polio outbreaks). Therefore, in the larger scheme of things, the current crop of vaccines is a resounding success.

But there is no vaccine against stupidity, and if there was, the anti-vaxxers would refuse it.

Freezing_in_Brazil December 2, 2021 2:32 PM

@ Winter, Clive, lurker

Thanks for replying.

Just to clarify, I am referring to the potential long term side effects of the mRNA vaccines, like @Clive arguments. No doubt about the efficacy against the virus [which happens to be even higher than the ‘traditional’ ones, according to sources].

@Clive, thank you for taking the time. I appreciate.

SpaceLifeForm December 2, 2021 3:10 PM

@ lurker

Seeing how well they worked compared to each other, can come later, which may be too late if we are overtaken by later generations of vaccines.

Did you mean later generations of variants?

6449-225 December 2, 2021 4:06 PM

@ Ted @ SpaceLifeForm @Winter @ Clive Robinson

Re: Reuleaux triangles

The Wiki article points out that certain points in the triangle trace piecewise elliptical curves as the triangle rolls inside a square. Gives one to wonder if there is some kind of Reuleaux version of Ptolemaic epicycles.

I’ll go quietly …

lurker December 2, 2021 4:13 PM

@Winter: They all worked, and they were all effective.

Indeed they did, but some are appearing to work better[1] than others. In a free market economy doesn’t the customer have a right to choose what he believes is best? And then there’s the aspect that threatened to get me labelled “vaccine hesistant”:

@Freezing in Brazil: I am referring to the potential long term side effects of the mRNA vaccines,

So am I, although those effects may not be seen until much further in the future, when the argument tends towards, if I die aged 95 or 96, what is the value of that extra year?

@SLF: both.

[1] Working better includes not only efficacy or effectiveness (and the means of measuring and presenting those has become laced with snakeoil), but also the obvious factor of price; and a single dose vs. two must be a logistical advantage in remote rural areas.

SpaceLifeForm December 2, 2021 4:23 PM

@ Ted, Clive

re and software contracts

The specfication was garbage.

The programmer wrote the code to meet the spec, but there is another issue.

As defined in the code, it is an integer function that ALWAYS returns a Random number.

It is an IMPLIED Software contract.

Some programmer, reading the DOCUMENTATION, and the SPECIFICATION, could conclude that they can call this function from their code, and that it WILL NEVER FAIL.

But, in this instant case of getRandomNumber, reading both the DOCUMENTATION and the SPECIFICATION will not help because both are a lie.

The programmer, writing some code that repeatedly calls getRandomNumber, will always get a 4 returned.

So, the only way to find the problem is to read the Source Code for getRandomNumber.

In this case, we have the Source Code.

But when you do not have the Source Code, and you rely upon DOCUMENTATION, you may be making a major security blunder.

FLOSS is safer for security. You can not trust proprietary software.

There is way more to the story, where we could look at Toolchains, Reverse Engineering, Microcode, and Silicon Turtles.

Ultimately, it all gets down to I/O and Boolean in Silicon, moving Electrons around on various Clouds.

Paper is safer.

ResearcherZero December 2, 2021 4:35 PM

ASAT missiles could obliterate NATO satellites and “blind all their missiles, planes and ships, not to mention the ground forces,” said Russian Channel One TV host Dmitry Kiselyov, rendering the West’s GPS-guided missiles useless. “It means that if NATO crosses our red line, it risks losing all 32 of its GPS satellites at once.”

PL-19 Nudol

“Countless devices around the world use GPS for wayfinding. It’s possible because atomic clocks, which are known for extremely accurate timekeeping, hold the network of satellites perfectly in sync.”

“…future vehicles might keep track of their own position. They could do that with on-board devices as accurate as atomic clocks, but that measure acceleration and rotation by shining lasers into small clouds of rubidium gas like the one Sandia has contained.”

“To further keep out contaminants, Schwindt partnered with Sandia materials scientists to build the chamber out of titanium and sapphire. These materials are especially good at blocking out gasses like helium, which can squeeze through stainless steel and Pyrex glass.”

“The Sandia team is continuing to monitor the device. Their goal is to keep it sealed and operational for five years, an important milestone toward showing the technology is ready to be fielded.”

“It is the first device that is small, energy-efficient and reliable enough to potentially move quantum sensors from the lab into commercial use.”

JonKnowsNothing December 2, 2021 5:05 PM

@ Winter, @Clive, @All


W: Please find information about what data the FBI can legally access in various messaging apps

C: It rather depends on what you mean by “legally”.

As a simple rule of thumb, “Anything any one freely gives them, or that they can see when in some place, they are alowed to be”

To expand a bit on what is externally viewable. People do not look “far enough” to learn what can be legally seen. They often presume it’s just the few feet around themselves.

  • An open or partially open door
  • A window with the drapes or curtains open or skewed
  • A garage interior as the door opens/closes
  • Any window that isn’t covered like those above showers or clerestory windows

Then there is a longer distance.

  • A camera (video or still) placed on a utility pole in the public easement (aka street area) that is pointing at the property
  • The camera(s) can point into the yards, side yards, at the front door, garage door, driveway, sidewalks surrounding the house
  • The camera(s) can be aimed to view interiors via the windows that have no coverings or the drapes are skewed
  • There is a particular covering made of slats. These slats turn up and down. The camera can take views of whatever can be seen between the slats.
  • They can take pictures of the interior of cars parked outside as the windows are not obscured (unless you have blackout windows)

Don’t forget the zoom.

These are stationary cameras. There are moving ones too.

  P: How do you know I did that?
  C: I watched you do it …

Ted December 2, 2021 5:36 PM

@SpaceLifeForm, Clive

Re: Paper is safer.

From your mouth god’s ears. Plus there is so much regulation around some industries, like ‘regular’ finance, where others are practically in a state of undress.

I’m still thinking about MonoX here.

The firm that audited MonoX, Halbourne Security, was co-founded by a guy who actually teaches Blockchain And Smart Contract Security at SANS. I hope his company releases a further analysis of what happened with MonoX, but I don’t know if that’s something they can do.

It sounds like smart contracts are just an additional application-like layer of software over the blockchain that can be as ridiculously vulnerable as any software. Plus some of these services are so new that they are flying in the dark as far as security.

Hope I’m saying this right, but I was just trying to catch up on it. But I would definitely agree that the opportunity for security blunders is tremendous.

ResearcherZero December 2, 2021 5:39 PM

Once a lot of stuff couldn’t be used in court, but that has been improved upon quite a bit. You could collect evidence of planning serious crimes, but then be forced to wait for the crooks to commit the physical act. When it came to abductions and other acts of violent or malicious behavior, that was quite a problem, especially crimes against minors as often the details are then suppressed by the court which would leave the victims still vulnerable.

ResearcherZero December 2, 2021 5:49 PM

Victims of abduction and child abuse have one of the highest death and disappearance rates, often before anyone is successfully prosecuted. Even with the entire recording of the planning of the crime, it may not have been admissible evidence.

lurker December 2, 2021 11:08 PM

@SpaceLifeForm: My Faraday Bag broke

That’s what you get if you insist on 7G and HyperSpace frequencies. I was once involved in construction of a Faraday Cage, a real cage of insect screen inside and out on a 7 foot cube made of 4×2″ timber. There was a fancy multistage filter where the mains went thru. The purpose of the cage was for testing HF receivers (below 30Mhz.) to spec in an environment full of industrial noise and random transmitters.

Winter December 3, 2021 12:09 AM


Someone posting the same thing twice under different handles. Cryptic content, but names point to anti-vaxxer talking points. All in all this looks like the troll tool active earlier this year.

Clive Robinson December 3, 2021 3:40 PM

@ JonKnowsNothing,

Some more O-heck news out of SA.

There has been a paper published based on observation of about 36000 people who have so far got a replay with O-heck…

In SA they have found if you had a primary infection and you are unjabbed your risk of getting Delta was 0.71 but with O-heck it appears to be 2.4… Yup that is high.

No figures yet on those that have been jabbed and their risk.

Some think that O-heck is going to become dominant around the globe which might actually be good news in some senses. Apparently those who are fully jabed and get it as a break through are not seriously effected.

That said I hear the O-heck has been discovered down in your neck of the woods.

JonKnowsNothing December 3, 2021 9:34 PM

@Clive @All

re: O-heck Deja Vu

Yes, California has the distinction of the 1st US case of O-H. Although I am pretty sure we will find there are some going back into October 2021 or earlier.

One comparison I saw had D as R-5 and O has R-6.3.

It has been clear that 3-Jabs won’t stop you from getting sick with O-H. I’ve not seen anything specific on severity across the bigger population of 1Jab, 2Jab, 3Jab, and NoJabs beyond the current problems with D.

Nearly all the current cases are Ds. The expected outcomes for those hasn’t changed.

I am not all that sure that O-H will supplant D completely. We know you can have multiple infections of the same and/or different variants (Brazil P1 P2) and so I wouldn’t be surprised if a fair few will have both D and O-H come Dec-Jan. Previous exposure does not seem to stop re-infection with O-H, currently the severity of illness is reported as low or mild. (1)

I see only slight praise for the Scientists in SA. Once again they saved our roast. Once again it was over-reliance on PCR testing. Once again, the selected sequences for D did not flag the sequences for O-H. Only a missing “S gene” on the current test was an indicator and the prevailing view of “It’s all D” blinded us to the presence of something Other.

They are now revising the PCR test, but no doubt the problem will repeat, since only full genome mapping really shows what’s new. There are 130+ versions of D, so I’m not sure anyone would have paid attention anyway.

With 130-DMuts and the inevitable process for O-H. There’s not much to HO HO HO for the holidays.

The WHO has at least poked the mRNA folks to start tweaking. (2)


1) Severity low or mild. I don’t care what they call it, it would still likely be lethal to many with compromised medical conditions. TRIAGE will be lethal regardless of status.

2) Some mRNA vaccines that didn’t make it to market found they could not tweak their mRNA candidate enough.

Clive Robinson December 3, 2021 11:49 PM

@ JonKnowsNothing, SpaceLifeForm,

The WHO has at least poked the mRNA folks to start tweaking.

I’m far from sure that will help with O-Heck. The mRNA stuff is way way to specific to certain features that are becoming less important especially in O-Heck’s case.

We need something with broader reach otherwise the next VoC might be not just a fully fledged escapee but running silent untill it all lights up the sky.

I dread to think what effect the past few days “travel to press the flesh and break bread” in the US has had, with another round due to be via Santa’s slay in four weeks.

You might have heard in the UK we have contact notifications and self issolation being now enforced with massive fines (£10,000) for non compliance. With some predicting not just new “ping storms” but those of a definite ICTsec concern of those deliberately and falsely created for anti-reasons. So in effect causing a DoS attack etc and all that follows as people think “Oh the lights are fritzed again” and just ignore the stop lights…

JonKnowsNothing December 4, 2021 12:50 AM

@Clive, @All

re: Pipeline Incoming

ATM our near term choice is between: mRNA or T-cell vaccines. (1)

There are more things in the pipeline but they are all geared for pre-Delta or D614G virus genomes.

The newer stuff has abandoned the F-Spike because it mutates too quickly and has more antibody escapes mechanisms now. The previous ideas of jamming the F-Spike with antibodies to prevent it from entering the cell may still work but some of the newer stuff starts out with the presumption that the virus has already penetrated the cell and employ various mechanisms to purge the cell and destroy the virus.

Few of these new pipeline treatments are geared for the global population. Disaster Capitalism is in play.

It’s all very experimental too.

Deaths are still from Cytokine Storms. The inflammatory response from sending T-Cell Death Squads around the body, attacking any and all cells that have a viral signature, with the resulting dead cell collection and clean outs is not well described.


1) Our choices are limited by our Geo-political alignments. There are dozens of vaccines globally but some countries limit their population to only a few. Which ones are offered depend on the Geo-economic models of those governments.

  • Can you imagine a Cuban vaccine being provide inside the USA? Both sides of the Congressional aisle would pass out from “a case of the vapours”. Pass the smelling salts…

Winter December 4, 2021 2:26 AM

“There are more things in the pipeline but they are all geared for pre-Delta or D614G virus genomes.”

There is more:
COVID super-immunity: one of the pandemic’s great puzzles

Clive Robinson December 4, 2021 6:46 AM

@ JonKnowsNothing, ALL,

Can you imagine a Cuban vaccine being provide inside the USA?

How about a British one?

It’s clear that the FDA was not going to aprove it for shall we say “political” reasons. The FDA “revolving door” with Big Phama kind of got highlighted, then there was the Pig Phama attacks via Rupert Murdoch’s news organs…

But how about a Chinese vaccine?

One of the issues with mRNA that is comming out is just how very specific it is, and that’s dangerous.

Old fashioned vaccones were made by brewing up the pathogen in large chemical kettles not unlike those used by the Whisky manufacturers. Then the virus would be inactivated and the result injected into people.

The thing is that old way alows the bodies immune system to see the whole of the virus not just one highly specific part of it.

The result is a vaccine that has broad applicability to many varients even though it is not as effective against a specific varient.

So mRNA is great against one or two specific varients, but rapidly drops off in the face of others, as we are seeing. So as long as a virus does not mutate mRNA would be your choice.

But we knew that viruses mutate at quite a high rate as it’s proportional to the number of people infected.

The older style brewed up and inactivated virus vaccines will keep working as the virus mutates, thus alowing the job of catchup to work.

With mRNA there is the very real probability catchup will never work, because the virus will “mutate on”.

If you were a suspicious person, you would think that political behaviour rather than political words is based on turning South America and much of Africa into a human disease reservoir for SARS-CoV-2 and regular vaccine avoidant mutations.

The fact that Big Phama and one or two other very wealthy organisations are going to get not just wealthier but more politically powerfull is one thing that keeps comming up which is claimed as being paranoid conspiracy theories…

But the Chinese have Sinovac,

Which is very “old school” using a well known and well understood system. Where the process is well known and has a well known well established safety profile and does not have much in the way of supply chain issues.

It will be interesting to see how it fairs against O-Hec and other VoC’s that are getting out from under the mRNA “pencil skirt”.

Not that you or I will be alowed anywhere near it…

ResearcherZero December 9, 2021 1:47 AM


It’s not like they aren’t working hard to solve these problems of failures of governance. Some MPs are doing all-nighters. Cocaine traces in 11 out of 12 parliamentary bathrooms proves it, according to The Sun and their anonymous sources.
Inebriation may be required to hang out with some of the political ‘fixers’, and it could explain the odd crazy post on Twitter.

“Some are household names, some are ambitious young MPs and officials, but all of them risk throwing away their careers. They think they are untouchable, protected by their friends in the bubble.”

Allegations include a claim that a former MP put his drug dealer on the parliamentary payroll, claiming he was a member of staff, as a way of paying him for drugs.

[SNORT] “Tax cuts for everyone!”

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.