name.withheld.for.obvious.reasons November 12, 2021 5:01 PM

12 NOV 2021 — A Book Talk and Town Hall, Timothy Snyder, Historian

Los Angeles World Affairs Council & Town Hall

Timothy Snyder along with Nora Krug, an artist providing powerful illustrations in Timothy’s latest book, “On Tyranny Graphic Edition: Twenty Lessons from the Twentieth Century”. The town hall held virtually in October of 2021 is on the heals of the release of the book. They both sit down with the town hall moderator and discuss the elements of the this updated advisory to all.

The proceedings available on the Tubes of U’s, (URL mangled for your pleasure)
hp xxs://

One interesting chapter in the book is titled “Being kind to the language”, a sentiment I am sure is reflective of what has happened on Bruce’s blog. Timothy speaks briefly to the issue of centralization. Facebook is an entity that he suggests shouldn’t exist and that anti-trust is a unexercised tool to insure this behavior is not permitted in a fair and just society.

Also of note, along with the recent demagogic rhetoric around book burning, the former president recently suggested boycotting companies that do not support the MAGA movement. This is straight out of the tagging of Jewish business and warning “Good Germans” not to buy, this was Germany in the mid to late 1930’s, until a night in November 1938. Is that the sound of glass breaking…

If as though we are on the verge of the night of not short knifes too.

lurker November 12, 2021 5:55 PM

The Waikato District Health Board was warned its IT security was inadequate and severely compromised just months before a massive ransomware attack that brought Waikato Hospital to its knees.

Then in CYA the Board

said the strategy was only a draft that was part of a wider digital strategy about to be heard by the DHB’s commissioners when hackers struck on May 18.

Local MSM listed the services put out of action at the time. I wouldn’t expect them to listen to me, nor @Clive, but what can you do [bold added]?

The strategy gave an example of clinical devices connectable to the internet that were running Windows XP.

SpaceLifeForm November 12, 2021 6:51 PM

@ lurker

Interesting as XP can not support modern ciphers.

Must have been downgrade attack, or it was just plain HTTP all along.

You gets what you do not pay for.

SpaceLifeForm November 12, 2021 7:36 PM

@ name.withheld.for.obvious.reasons


I think that a glazier has been located.

Name is not Bannon.

lurker November 12, 2021 8:03 PM

XP is not the problem: the problem is allowing XP to see the big bad world. Entry is believed (but not yet verified) to be by phishing – social engineering that defies network engineering.

The article also lists another of my bugbears, bosses buying hardware off vendor demos with no thought to compatability with existing systems…

Ted November 12, 2021 9:07 PM

@ name.withheld.for.obvious.reasons

Re: the book “On Tyranny Graphic Edition”

That book looks pretty thoughtful. A few of the 20 lessons that looked interesting to me were:

7) Be reflective if you must be armed.
11) Investigate.
14) Establish a private life.

There is a short little video (from a bookshop) that gives a glimpse into how the artist makes her illustrations. ”Plus cat cameos!”

They Glow November 12, 2021 11:40 PM

Nuclear radiation used to transmit digital data wirelessly

“Engineers have successfully transferred digitally encoded information wirelessly using nuclear radiation instead of conventional technology.

Radio waves and mobile phone signals relies on electromagnetic radiation for communication but in a new development, engineers from Lancaster University in the UK, working with the Jožef Stefan Institute in Slovenia, transferred digitally encoded information using “fast neutrons” instead.

The researchers measured the spontaneous emission of fast neutrons from californium-252, a radioactive isotope produced in nuclear reactors.

Modulated emissions were measured using a detector and recorded on a laptop.

Several examples of information, i.e., a word, the alphabet and a random number selected blindly, were encoded serially into the modulation of the neutron field and the output decoded on a laptop which recovered the encoded information on screen.

A double-blind test was performed in which a number derived from a random number generator was encoded without prior knowledge of those uploading it, and then transmitted and decoded.

All transmission tests attempted proved to be 100% successful.

Professor Malcolm Joyce of Lancaster University said: “We demonstrate the potential of fast neutron radiation as a medium for wireless communications for applications where conventional electromagnetic transmission is either not feasible or is inherently limited.”

He said fast neutrons have an advantage over conventional electromagnetic waves, which are significantly weakened by transmission through materials including metals.

“In some safety-critical scenarios, such as concerning the integrity of reactor containments, and metal vaults and bulkheads in maritime structures, it can be important to minimise the number of penetrations made through such metal structures for communications cabling. The use of neutrons for information transmission through such structures could negate the need for such penetrations and is perhaps also relevant to scenarios where limited transmissions are desirable in difficult circumstances, such as for emergency rescue operations.”

Fast neutrons could also be incorporated into a mixed-signal, electronic systems to achieve signal mixing being between electrons and neutrons. This could contribute to the requirement to ensure the integrity of information transfer.”

  • Discussion:

MarkH November 13, 2021 3:08 AM

@They Glow:

Combining this exotic method of signal transmission with a mechanical modulator seems the pinnacle of “Steampunk!”

To perfect the concept, it should have a hand-etched brass faceplate, and present its output via a telegraph “clacker” instead of a laptop.

My general guidance would be, “don’t try this at home.”


When performing any operation on a quantum encabulator, I prefer to stand well back from the apparatus.

echo November 13, 2021 5:57 AM

The lack of a fuel injection system in early British aero-engines is often criticised as giving pilots a disadvantage in the air against German Bf 109 fighters. But why did Britain not have a fuel injection engine, when it had developed this technology?

This is an interesting examination of ego and rote learned qualifications bikeshedding their way to disaster. Of course if it had been a man who solved the problem it would be called a Schilling valve or similar not the somewhat suggestive label it has been given. And this is not the only example!

Interestingly another person who doesn’t get full credit for their work is the natural philosopher John Michell who was first person to propose the existence of black holes as well as inventing the inverse square law. Funnily enough Maxwell who is credited with Maxwell’s theory never invented Maxwell’s theory and was long dead at the time.

Then there is NASA refusing to rename the James Webb space telescope in spite of their breaking the traditional naming convention and naming it after a pen pusher instead as well as putting their head in the sand over the evidence pointing to James Webb being a critical factor in historical institutional discrimination at NASA which is compounding discrimination.

Originally the UK was supposed to have a tripartite education system covering university, vocational, and apprenticeships. There’s lots of reasons and advantages and disadvantages well covered by policy discussion and studies over the years which I won’t repeat here. They were supposed to be equivalent but the system crumbled under snobbery and cost cutting and decades of failed macro policy. Now I read the UK government is trying to axe BTechs and replace them with its own hobby horse – so called T levels, whatever they are, as if the damage caused by years of reckless and negligent government with Brexit on top wasn’t bad enough.

Where is the next Schilling or Michell going to come from? Good question.

Clive Robinson November 13, 2021 8:17 AM

@ echo,

Re the YouTube you link to, and your conclusion of,

This is an interesting examination of ego and rote learned qualifications bikeshedding their way to disaster.

Err wrong. The answer is sadly quite simple as any engineering historian can tell you.

Fuel injection does not give any reak advantage with low octain fuel, in fact it can have the opposite effect and be a disadvantage (more things to go wrong, more parts to replace, etc, etc).

The fuel that was used in Britain internal combustion engines from before World War I was low octain in the range 80-90 averaging 87.

It’s a similar argument that led to the famed “story” of quite a bust up between Churchill and The Lords of the Admiralty. He wanted British Navy ships to run on diesel fuel, they wanted to stick with tradition of coal and stokers, and forever to bunker when in port. According to the story –and that’s all it is– when the Admirals claimed it was traditional, Churchill supposadly commented that the only traditions in the Navy were “Rum, Sodomy and the Lash”[1]…

When high octain fuel became available the engines became more powerful, you can actually see the result of this with the number of propeller blades on Spitfires going up with time.

The information has been around for a long time as even minimal research will show, in the 1943 book[2] “The Amazing Petroleum Industry”, by V A Kalichevsky of the Socony-Vacuum Oil Company explained what high-octane gasoline meant to the fighter aircraft Britain had at the time,

“It is an established fact that a difference of only 13 points in octane number made possible the defeat of the Luftwaffe by the RAF in the fall of 1940. This difference, slight as its seems, is sufficient to give a plane the vital edge in altitude, rate of climb and manoeuvrability that spells the difference between defeat and victory.”

That is the change from 87 to 100 octain made for an increase of speed of the Spitfire of 25 mph at sea level and 34 mph at 10,000 feet.

Speaking of manuvarability, which if you want something to argue your “bikesheding” over, how about “the story” that the early Spitfires lost power in certain aerial manovers used in dog fights because of the way fuel left the tanks, or more correctly did not (the bottom of a tank only stays the bottom in level flight).



John November 13, 2021 9:20 AM

Hmmm….. Interesting.

Now apply that logic to “food”….

Grow your own nutrient dense food, milk and meat….

No Judges, Policemen, Hospitals, drug companies, dentists, medicines.

People and other animals happy and content.

Check out history before to WWI. and
Weston Price, DMD “Soil Fertility and Animal Health” especially Chapter 19.



Bloated Cow November 13, 2021 11:52 AM


Crumbs for those with no interest in searching…

Weston A. Price Foundation hxxps://

Help producing nutrient dense vegetables hxxps://

An interesting look at Animal Source Foods and human health hxxps://

Clive Robinson November 13, 2021 12:37 PM

@ They Glow, ALL,

Nuclear radiation used to transmit digital data wirelessly

Not surprising in of it’s self, after all modulation is simply impressing information onto energy/matter, and communications involves sending the result in the right direction.

OK the modulation was of the simplest kind that of “amplitude” or “quantitative” modulation in about the oldest form known to many as “CW” modulation. It is actually quite inefficient when compared to other modulation schemes like “bi-phase” or “reverse phase keying”

That said it’s an experiment that proves a point but of limited utility, and not one I’d wish to be even remotely close to,

… transferred digitally encoded information using “fast neutrons”…

Whilst they do go through the likes of solid metal rather easily, if you get unlucky they are going to ruin your day with a 50 million electron volts or more average “kinetic energy” punch[1]. Which is possibly why they have medical uses for cancer treatment[2].

Any way, the further away I am from nuclear decay in all it’s forms the less woried I feel. ONLY… 🙁

[1] From memory 1 electron volt is a tads over 1.6 e^-19 Jouls, which sounds tiny, but… Each fast Neutron is also very tiny so at 50 million eV it’s actually quite a punch per… That is 1 rad of X-Rays has about 1/4 the effect that 1 rad of fast neutrons[2].

[2] “No cancer therapy is without the risk of side effects. Neutron therapy is a very powerful nuclear scalpel that has to be utilized with exquisite care.”,

John November 13, 2021 1:33 PM

@Bloated Cow,

There is quite a lot of mis-information that is sold to the unwary.

The refs you give are OK…. I would recommend the books in the farm_library below:

Direct link to Price book: Nutrition and Physical Degeneration


Direct link to Price Chapter19: Physical, mental and moral deterioration



SpaceLifeForm November 13, 2021 3:53 PM

Add a HSM and now you are cooking

It’s Now Possible To Sign Arbitrary Data With Your SSH Keys


SpaceLifeForm November 13, 2021 8:16 PM

@ Clive, ALL

So, how did FBI get hacked?

I may know.


Ted November 13, 2021 9:13 PM

@SpaceLifeForm, Clive, ALL

Squirrels really like Bird baths and Bird feeders.

lol. true

So, how did FBI get hacked?

Leaked one-time passcode?

SpaceLifeForm November 13, 2021 9:31 PM

@ Ted

F12, Right Click

It appears you are paying attention.

There are more dots.


But according to Pompompurin, the FBI’s own website leaked that one-time passcode in the HTML code of the web page.

[Gov Parson has some splaining to do]

Ted November 13, 2021 9:56 PM


Yes, these things are a little dramatic, but inevitable to some degree, yes?

So glad you posted about it. Right now this issue seems to be getting buckets of water from all around.

The FBI had this to add “This is an ongoing situation, and we are not able to provide any additional information at this time.”

So it will probably all get worked out.

lurker November 13, 2021 11:42 PM

@SpaceLifeForm, All

But according to Pompompurin, the FBI’s own website leaked that one-time passcode in the HTML code of the web page.

Good grief, don’t tell me hiding the “View Page Source” menu item is supposed to be the fix for this…

SpaceLifeForm November 14, 2021 4:33 AM

If one does not periodically reboot their Quantum Encabulator, typos may occur.


[Parse closely and you will learn some stuff]

Ted November 14, 2021 4:57 AM

@lurker, SpaceLifeForm, ALL

Re: FBI fake email

Good grief, don’t tell me hiding the “View Page Source” menu item is supposed to be the fix for this…

I’ve seen this floated around, but I honestly don’t know how accurate it is?

Sometimes these “Forms Building” applications are used by non-developers, who lack that background, and by extension departments often lack common industry best-practices, because they don’t consider it “development” but rather content creation (see WordPress for another popular example). They may not even be trained or qualified to understand how the technology works under the hood. But content creators are much cheaper than legitimate developers.

Clive Robinson November 14, 2021 6:23 AM

@ SpaceLifeForm, ALL,

It’s Now Possible To Sign Arbitrary Data With Your SSH Keys

Just because you can now do something easily does not mean that you should do so without a lot of caution.

For those old enough to remember the arguments about the UK “Regulation of Investigatory Powers Act”(RIPA) there were some nasty little details that came out…

One of which was,

“What is the difference between a signing key and an encryprion key?”

Technically the actuall keys are just a string of numbers or some form of “Bag of Bits” primative data object. So they are interchangable or identical at that level.

But a signing key is about “authentication” of a message, where as an encryption key is about “confidentiality”. Two very distinct and entirely seperate functions so the keys should be different.

Look at it this way, RIPA alowed a person to come upto you with a piece of paper and demand all your keys on pain of six years prison (or worse, a lot worse these days).

The not invalid question about “impersonation” came up[1]. In a round about way it was decided that from a legal stand point the keys were different, and as signing keys were not for communications concealment they did not, and in fact should not, be handed over as long as they had only ever been used for signing.

So to avoid the “impersonation” issue use seperate keys for signing and encryption.

My advice have lots of both types of key, change you encryption PubKey very frequently and correctly destroy it. Have as a minimum a signing key for each individual relationship and think about having seperate encryption PubKeys for those that are likely to be on going and have financial or legal implications.

Oh and turn off the “include message in reply” option when sending a reply… Sending all parts of a conversation over and over and over breaks nearly every security rule there is and it’s a real waste of bandwidth and CPU cycles as well…

[1] It’s not unknown for the likes of the FBI to generate fake evidence where they can (look up Operation Ore where they knowingly sent evidence they had falsified to UK law enforcment).

lurker November 14, 2021 5:02 PM

Be thou as chaste as ice, as pure as the driven snow, thou shalt not escape calumny.
Hamlet Act 3 s.i

And I thought BMJ knew Caesar’s wife; but it seems in troubled times speaking truth to power may not be a wise choice…

Clive Robinson November 14, 2021 7:01 PM

@ lurker,

And I thought BMJ knew Caesar’s wife

Yes he appears to be the “biblical” sort in such things. As they say in other places “If you can’t keep it in the holster be mindfull of what targets you pick”.

Be thou as chaste as ice, as pure as the driven snow, thou shalt not escape calumny.

Ahh “The H play, who’s name shall not be mentioned” lest “you break a leg” for “realsis” or what ever it is the kids say these days.

But there is so much to be found in Act III scene 1,

“To be, or not to be: that is the question:
Whether ’tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles, And by opposing end them?
To die: to sleep;
No more; and by a sleep to say we end
The heart ache and the thousand natural shocks
That flesh is heir to, ’tis a consummation
Devoutly to be wish’d.
To die, to sleep;
To sleep: perchance to dream: ay, there’s the rub;
For in that sleep of death what dreams may come
When we have shuffled off this mortal coil,
Must give us pause: there’s the respect
That makes calamity of so long life;
For who would bear the whips and scorns of time,
The oppressor’s wrong, the proud man’s contumely,
The pangs of despised love, the law’s delay,
The insolence of office and the spurns
That patient merit of the unworthy takes,
When he himself might his quietus make With a bare bodkin? who would fardels bear,
To grunt and sweat under a weary life,
But that the dread of something after death,
The undiscover’d country from whose bourn
No traveller returns, puzzles the will
And makes us rather bear those ills we have
Than fly to others that we know not of?
Thus conscience does make cowards of us all;
And thus the native hue of resolution
Is sicklied o’er with the pale cast of thought,
And enterprises of great pith and moment
With this regard their currents turn awry,
And lose the name of action.
Soft you now!
The fair Ophelia!
Nymph, in thy orisons
Be all my sins remember’d.”

I’ve been told, but never checked, that more phrases in common usage have come from this one passage of Shakespeare than any other work in the English canon.

Clive Robinson November 14, 2021 7:43 PM

@ SpaceLifeForm,

Matt Blaze testing Faraday bags

The cautionary opening statment raised a wry smile…

But notice,

“A Faraday cage is simple in principle: solid conducive container that completely enclosed the signal source.”

What do you see, that informs you of Matt’s posting behaviours?

A hint,

It’s not conducive to conductive discussion to drop your tee.

Thus the question, a meer slip twixt lip and cup, or a wrong click in an auto-speller?

But onto an issue, “the cookie tin” did quite badly, way worse than you would expect from other cookie tins…

Then you look at the tin and see “paint” not bare metal. Like as not there may be a plastic vapour seal in the lid as well (often looks like white blumbers caulking spread expertly). So no conductive path between the lid and the base of the tin.

Which brings us onto something Matt did not mention and it’s “mucho importante”,

Slots are antennas with gain

Likewise access plates bolted to a box with a sealing gasket are “patch antennas that even with the electrical safety wire have quite some gain…

The problem as with all antennas, is you don’t actually know where they will resonate, especially on what are not traditional harmonics.

It’s why idealy your signal generator would sweep, and you would use a spectrum analyser with a slow time base, but wide video bandwidth.

Ted November 14, 2021 7:56 PM

@Clive, SpaceLifeForm

“the cookie tin” did quite badly

Lookie, a cookie! no, no it’s a ERASynth Micro!

Clive Robinson November 15, 2021 7:50 AM

@ MarkH,

Does your caveat about gaskets apply to EMI gaskets? Or just the traditional kind?

Actually it’s both, but mostly those for environment sealing.

EMI gaskets are “fickle” in quite a number of respects corrosion and tarnishing are just the obvious ones. Designing them in can be hard to get right, and some people don’t even bother trying, they just put one in, and it works on “FAT Day” but fails very quickly in the field.

For instance all gaskets are supposed to be flexible in some way, particularly under compression. Which realy means “don’t squish more than X%” otherwise they get taken outside of their “plastic” or other limits such that they become “deformed”. So when you take the access plate off the gasket does not return to it’s dimensions so putting the plate back you can end up with gaps etc.

But also how you secure the plate causes problems as well. Unless you are working with ExD type equipment the chances are the access plate is flexible thus can bend due to the force of the gasket, so you have to take care in how many bolts you design in, where they are located, in what order they should be tightend up and by what amount of torque.

It’s a complex subject, and unfortunately all the required information is not available in one place. Though the technical sales reps of some of the gasket manufacturers can give you guidence.

When I worked in the Petro-Chem industry I had to make a system that needed a combined radio “repeater” and telemetry unit. That is both a receiver and transmitter working in the same frequency band at the same time. The problem, it had to work in a “Hazardous Zone” and at sea and back then nobody made “off the shelf” systems that came even close.

Without going into all the design choices I ended up deciding to use two hand held radios that were ExI and mount them in their own individual custom faraday boxes…

Well the over all design of the box was simple folded up brass silver soldered at all the joints with a flat broad lip at the top on which the lid would be bolted down and the whole thing silver plated inside and out to get good RF conductivity.

The fun was designing the lip which was actually machined to hold the gasket and bolts, with the lid having a ring of “fingers” going down inside the box.

Needless to say those little boxes cost more than the very expensive radios, and the main equipment cabinate that was “dry nitrogen” purged etc to Mil Requirments[1]

All because someone above my pay grade insisted that the boxes contents should be “servicable in the field”. Where as my original choice was build them and silver solder the lids on and make the result a replacable sub assembly with no “user servicable parts”…

[1] That was back in the 80’s and I still have the aluminium screw top containers that the special desicant units came in. They are just the right size to hold a large packet of Chocolate digestive biscuits in and one of them did the round trip to the Falklands Islands… For obvious reasons it has memories attached and in just a few months begining in April it will be the start of the 40th anniversary events, in my mind I feel no older, but the mirror tells a different story.

MarkH November 15, 2021 12:49 PM


Also in the early 80s, I did software (mainly) for a military project with the extravagant level of specs which were usual in those days.

The enclosure was a seamless (welded) box with about 5.2 sides, in that the aperture was just a couple of inches smaller than the overall height and width, with a fairly tall “lip” running all the way round the aperture.

The enclosure door was itself a very shallow seamless box, the dimensions of the two constructions allowing for the thick EMI gasket which lived between them.

I don’t recall details after all these years, but I picture screw-type clamps with giant wingnut-style handles to compress the gasket when closing it up.

It looked unlike anything I’ve seen before or since.

The enclosure was drilled for the electrical connections, with each penetration having an extremely expensive-looking feed-through filter (broad-spectrum low-pass).

Clive Robinson November 15, 2021 1:04 PM

@ ALL,

As some of you are aware, I occasionaly comment on how your TV and other traditional non IoT household goods could be spying on you because it “boosts profits” (Amazon amongst others does this).

Well “By how much?” is a good question, we get given the wrong impression it’s the likes of Google/Facebook which takes the lions share…

But is it? Cory Doctro goes some way to explaining,

SPOILER : Vizio is a “scumbag corporation” that steals what it can where it can, then steals over the top of it again as well in multiple step thefts…

Vizio technology is by and large “Stolen Intellectual Property” they then package up this theft and sell it to you for a profit (Theft Step 1)

But… In that package they have very very deliberately added “Surveillance-ware” that spys on you 24/365.25 unless you pull the plugs from the wall. They do this illegaly in even the US with the worlds most corporate friendly laws (Theft Step 2).

Why? because they earn twice as much selling you, as they do from selling you their package. What the increase in profit is, is not clear. But more than twice that which they do from making the package very probably…

SpaceLifeForm November 15, 2021 3:30 PM

@ Clive

I think Matt actually meant conducive in this case, versus conductive.

He usually does not make typos.

Here, he was using conducive in a semi nagative sense, kind of.

He was saying that the test chamber (Ramsey STE3000B) was conducive to his testing.

He certainly did want it to be conductive from outside emf that could disrupt the testing.

He was not immediately clear at start of thread that he was performing tests on Faraday bags inside a Faraday cage.

SpaceLifeForm November 15, 2021 4:29 PM

@ Clive, ALL

Typo (of course)

He certainly did NOT want it to be conductive from outside emf that could disrupt the testing.

Ted November 15, 2021 4:33 PM

@Clive, ALL


Great article and summary Clive! I guess VIZIO’s my-business-is-your-business model didn’t do anything for the FTC.

I really hope the $2.2 million monetary judgement against the company gives them a moment of pause (and just doesn’t make them trickier). That was a heck of a lot of profit to make off ads, subscriptions, and data!

Clive Robinson November 15, 2021 6:41 PM

@ SpaceLifeForm,

I think Matt actually meant conducive in this case, versus conductive.

Err I disagree, read it again,

“A Faraday cage is simple in principle: solid conducive container that completely enclosed the signal source.”

It actually does not make sense.

Normally you would say,

“conducive to XXX”

There is no “to” or “XXX” in the statement.

I guess we could ask, or just wait a little Matt is known to have read this blog in the past, he may well still do so.

SpaceLifeForm November 15, 2021 11:49 PM

@ Clive, MattBlaze

Yes, the more I read it, the less clear it becomes as to what he was actually trying to convey in that sentence.

English. Such a precise language.

Reminds me of an old dilemma. You write down a word, but then you think to yourself, I think the spelling is incorrect. And the more you stare at it, the more you think the spelling is wrong. But, it is actually correct.

SpaceLifeForm November 16, 2021 12:38 AM

@ Clive, ALL

Yes, your SIM is a computer


SpaceLifeForm November 16, 2021 3:11 AM


Just over a half of a foot of Greenbar

Apollo 12 Source Code: Looking the original flown code printout and the 1202 error fix


okmarts2 November 16, 2021 3:30 AM

As the development of digital circuit technology and computer technology, the functional gradation of future HMI products will be less and less necessary, and the functions of HMI will be more and more abundant. The screen of HMI products which is more than 5.7 inches will be all color display, whose service life will be longer.ABB HMI CP620

SpaceLifeForm November 17, 2021 12:12 AM

@ Clive, Freezing_in_Brazil

A quick report on the Spammers

As we have all noticed, the spam problem has greatly decreased in recent months, though some still persist.

Based upon a back of the napkin calculation, it appears that approximately 20 percent of comments are being flagged as spam and disappeared each week.

Some are false positives of course, but overall, the spam filter seems to be working better these days.

In other words, what you end up seeing is about 80 percent of the attempted comments.

Clive Robinson November 17, 2021 4:28 AM

@ SpaceLifeForm, Freezing_in_Brazil, ALL,

Based upon a back of the napkin calculation, it appears that approximately 20 percent of comments are being flagged as spam and disappeared each week.

I’m not seeing anything close to 20% of my comments not posting, though some may take a while.

Usually when I get “moderated” it’s not dificult to work out why, even though it can be frustrating.

I suspect that people are getting hit one way or the other because they have not worked out some of the ground rules…

A thought that crossed my mind again today when I saw the upsurge in comment numbers on the current “Why I Hate Password Rules” page…

That said I expect to see between 2 and 5 “unsolicited advertising” as @- calls them appear in the 100 Comments page around this time of day. That have got through from Pakistan, India and occasionaly Australia. I’ve no idea what the actual “hit the site” numbers are though.

It’s the usual problematic “Defence Spending” quandary. You never know when you are spending to much on defence, but you often find out to late when you’ve not spent enough[1].

[1] The example of this defence spending quandary that sticks in my mind is 40years ago when a very small detachment of UK soldiers on the South Georgia islands had to defend against a bunch of Argentinian forces pretending to be scrap metal workers on the 19th of March 1982, and quite illegaly raised the Argentine Flag to try to claim sovereignty. Buoyed up by this success, the Argentinians illegaly invaded the Falklands Islands on the 2nd of April by helicoptering in military personnel early in the morning to secure a “beach head” to bring in over a thousand other mainly poorly trained and equiped conscript troops. Who then terrorised and stole from the defenceless islanders.

This led to a brief, but bitter conflict on the Falkland Islands that claimed many lives, that many claim started a month later with the sinking of the old US light cruiser “USS Phoenix”, renamed as the “ARA General Belgrano” on 2nd of may. They neglect to mention that UK forces took back South Georgia on 25th of Aprill which is probably what caused the Argantinian Government to look for any kind of success. Then on 1st May to the shock ot the Argentinians and the world, UK Vulcan Bombers flown from the UK, bomed the airstrip. Which caused the further “political orders” to the Belgrano to get a success of any kind…

The Belgrano was playing “cat and mouse games” around the Burwood bank on the edge of the exclusion zone, under we now know direct orders from the Argentine government to try and draw out and destroy UK Navy vessels patroling the exclusion zone as the main body of ships were on their way to the Falklands. The Belgrano basically “approached and ran” repeatedly trying to draw out UK vessels under the cover of the Argantine Air Force that had moved to the Comodoro Rivadavia and Rio Gallegos air bases. The Belgrano was using the shallow water around the South side of the bank to try and flush out any UK nuclear submarines of which it was well known there were three in the area so they could be attacked by aircraft from the close by Argentinian air bases. When the Belgrano was reported to be heading into the exclusion zone waters for the third time the UK Government decided based on Chilean interception of the Argentinan Government orders to the Belgrano’s Capitan, that it was a clear and present danger that was not going to stop it’s games. So the “take it off the board” order was given some hours later. Two torpedos from a UK nuclear submarine struck the bows of the Belgrano.

Contrary to what was claimed at the time by the Argentina’s, their supporting destroyers and other ships fled to the nearest port rather than lend assistance, and the losses claimed of a 1000 sailors was false. Yes 323 young inexperienced Argentine men lost their lives, mainly because they were not rescued by the support vessels. In effect killed by their own side running. What is still ignored by many is that despite the attack on HMS Shefield the UK offered what other governments considered and had proposed fair cease fire terms for over 4 weeks even going to the UN with peace proposals and holding the ceasefire offer open untill the 1st of June. All of which the Argantinian Government rather arrogantly turned down repeatedly (despite the advice of their own military). On 21st May UK troops land in San Carlos water, and the war realy starts to get going and the death and destruction rises. There were later reports of “take no prisoner” orders and elite Argentine forces holding guns on poorly equiped and trained Argentine conscripts to stop them surrendering and make them fight. What the truth is on this we don’t know. Suffice it to say despite considerable odds against them UK forces marched into Port Stanly to raise the Union Flag on the 14th of June. The other event of note was on the 11th July in Southanpton in Southern england when the converted cruise liner Canberra arrives home in port. The BBC show film footage of hundreds of people waiting on the dockside waving what were said to be handkerchiefs… In many cases they were actually wives and girlfriends waving their underware as photos taken at the time reveal…

Freezing_in_Brazil November 17, 2021 11:19 AM

@ SpaceLifeForm, Clive

Yes, I noticed a big decrease in the amount of spam. I should note that I have had a few unpublished posts that perfectly adhered to the rules of decorum and civility. This led me to think that there were problems with the preview page. These posts might then be counted as one of the false positives that @ SLF cites.

SpaceLifeForm November 17, 2021 3:38 PM

@ Freezing_in_Brazil, Clive

I gave up on Preview some time ago because the order of the server filters is not consistent, and, sometimes what you see in Preview gets mangled after Submit.

So, I ‘Eyeball Parse’ very closely, especially if I am using HTML.

That said, while avoiding Preview may help, it is not a fix.

In the last two weeks I had two comments ‘Held for Moderation’ that were clean, and totally on-topic. Never showed up.

I have the text saved for both. One had zero links, the other comment had two obfuscated links.

As to the 20 percent figure, that applies to overall comment volume over one week. There are quite a few spam comments being posted to years old articles that are still making it thru the spam filter.

SpaceLifeForm November 17, 2021 5:12 PM

@ Bruce, Clive, ALL

::1 is not the same as 127/8

It is extremely important to understand.

This proposal must die

I intentionally use multiple 127/8 addresses on a given device. It is a feature, not a bug. It is a Security Tool.


NEVER. You can have my IPv4 addresses when you pry them from my cold, dead, non-routable hands.

Clive Robinson November 17, 2021 11:19 PM

@ ALL,

Blacksmith : New RowHammer Attack

Remember all those little fixes the Silicon manufactures said would stop the security destroying reach-around attack of RowHammer… Thus stop your private and personal information being easily stolen?

Well to quote someone else,

“They are so busted…”

From ArsTechnica,

“Rowhammer exploits that allow unprivileged attackers to change or corrupt data stored in vulnerable memory chips are now possible on virtually all DDR4 modules due to a new approach that neuters defenses chip manufacturers added to make their wares more resistant to such attacks.”

Or as noted by Kaveh Razavi and Patrick Jattke, two of the research authors,

“We found that by creating special memory access patterns we can bypass all mitigations that are deployed inside DRAM,”

You can read the “Blacksmith” paper from,

(link is down in Demo section).

But… the important thing to note is,

We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort. This result has a significant impact on the system’s security as DRAM devices in the wild cannot easily be fixed, and previous work showed real-world Rowhammer attacks are practical, for example, in the browser using JavaScript, on smartphones, across VMs in the cloud, and even over the network.

The paper is 19pages and appears not to have been writen by native english speakers. So you may prefer the easier on the eye ArsTechnica report on it,

Without going into all the hairy details, previous RowHammer attacks used simple “uniform” energy attacks. So the chip manufacturers came up with a defence that relied on the “uniformity”. The new attack is “non-uniform” thus slips by the defence.

Can the manufacturers defend against this, in theory yes, but you start getting fairly rapidly into diminishing returns not just for the manufacturer but the end user. So the practical upshot is “it’s here to stay” as are those CPU hardware bugs of Meltdown and successors.

So the practical upshot for everyone is that unless the computer you use is “Allways issolated” by suitable “gapping” you can not have “Privacy” with regards your information.

Clive Robinson November 17, 2021 11:57 PM

@ SpaceLifeForm, ALL

This proposal must die

Yes it is lunacy of the highest order to make and above routable.

As far as I can remember every OS I’ve used that has networking boots up with the whole class A as “loop back”, it will be a security nightmare.

It’s mad enough to ask the question,

“Is this revenge for nobody in their right mind wanting IPv6 and it’s attendant nonsense?”

Or is it, a plot to make everyone switch to “SurveillanceWare” ridden latest OS’s?

But the cost of alowing this stupidity is going to be billions in man hours alone.

Clive Robinson November 18, 2021 12:14 AM

@ SpaceLifeForm,

When a Cosmic Ray hits your SIM in the right spot, that’s a Feature, not a Bug.

Have you any idea how many “cosmic rays” will hit a 1cm square bit of silicon in geo-stationary orbit in a 25year mission time?

Then how you design a payload so it won’t get “banjaxed” by bit flips in RAM or ROM in that time…

SpaceLifeForm November 18, 2021 1:11 AM

@ Clive, ALL

Have you any idea how many “cosmic rays” will hit a 1cm square bit of silicon in geo-stationary orbit in a 25year mission time?

Can not count that high. Perhaps this is where core memory is useful?

Ted November 18, 2021 5:21 AM

Have you ever signed up for a subscription online, but then had to call to cancel? The FTC is putting companies on notice that this may be illegal.

If I am not mistaken, the bulk retailer Sam’s Club is like this. You can sign up for a membership online but then have to call or visit the store to cancel. Personally, I feel like this is a self-centered strategy that has every potential to backfire.

Clive Robinson November 18, 2021 5:39 AM

@ Ted, SpaceLifeForm, ALL,

The Staples Center in LA will be renamed Arena

Did you know that “” used to be Matt Blaze’s registerd domain for his occasional use blog.

He said he was made an offer to big to refuse…

I don’t know how much was paid to get the stadium renamed for a quater of a century…

But maybe Matt did not refuse for enough 😉

Ted November 18, 2021 6:07 AM

@Clive, SpaceLifeForm, ALL

Re: LA’s Arena

Wow! I didn’t know about Matt’s site name and the clamoring interest for it. You are truly priceless Clive. I mean that. 🙂

Apparently there is another stadium that will be named for a cryptocurrency brand: FTX Arena in Miami, named for a cryptocurrency exchange based in Hong Kong.

Looks like that deal, which was signed this year, is worth $135 million over 19 years. Of course, this was for the arena name, not just the website.

I really wonder how Matt feels about this! There were some funny observations that Delta Airline’s CEO was doing everything he could not to actually mention the Delta Covid variant by name, instead calling it B.1.617.2 or “the variant.” What’s in a name, right?!

Winter November 18, 2021 6:09 AM

“A $1.5 grant to explore online voting in San Francisco is a yummy slice of devil’s food cake.”

Online voting is bad, no contention here. But is it worse than the current US practice of making voting almost impossible in Republican states for someone with a low paid job (6 hour lines, no water), a Native American (driving 163 miles to vote? ht-tps:// ), or just not white ( ht-tps:// )?

We can complain all we want about how bad online voting is. But current voting restrictions in the US (South) are making it very difficult for many non-Republicans to cast a vote at all.

So what is worse?

Clive Robinson November 18, 2021 6:42 AM

@ ALL,

Intel CPU : Another Silicon Fault

Intel just keeps giving and giving on the security vulnarability front with their CPU silicon… They appear to have more bugs, that a flea infested mangy mut.

This one alows access to the CPU on Chip “Master Key”…

ARS-Trchnica reports,

“The vulnerability—present in Pentium, Celeron, and Atom CPUs on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms—allows skilled hackers with possession of an affected chip to run it in debug and testing modes used by firmware developers. Intel and other chipmakers go to great lengths to prevent such access by unauthorized people.”

Because such access alows,

“an attacker can extract the key used to encrypt data stored in the TPM enclave and, in the event TPM is being used to store a Bitlocker key, defeat that latter protection as well. An adversary could also bypass code-signing restrictions that prevent unauthorized firmware from running in the Intel Management Engine, a subsystem inside vulnerable CPUs, and from there permanently backdoor the chip.”

Yup that “all powerful” Intel ME “Managment Engine” that runs at Ring -3 or what ever is claimed of it… Just as well any updates that get injected disapear on a power off cycle.

Yes we’ve seen similar before out of Intel, which makes you wonder why it’s happened yet again…

Google and others certainly have which is why they have apparantly gone into Intel ME avoidence mode for their systems,

Security researcher Kenn White is quoted as having written in an email

“In my view, Intel’s record on delivering a worthy Trusted Compute Base, particularly around the ME is disappointing, and that’s being charitable. This work further validates Google and other large tech companies’ decision 5+ years ago to jettison Intel’s built-in management stack for bespoke, dramatically skimmed down TCBs. When you don’t have bloated complex tertiary systems to maintain and harden, you get the added benefit of no debugging paths for an attacker to exploit that complexity.””

Read more at,

Ted November 18, 2021 6:54 AM


Re: Voting (mal)practices. What is worse?

Hmm. My initial thoughts after looking at those articles:

  • online voting: bad
  • lack of voting access for native americans: bad
  • reduction of polling places in the US south: bad

Is online voting worse? With minimal facts, I am going to say yes. Here’s why. (Remember these are opinions, not facts.) Online voting is subject to a total change of electoral outcome in a way that is larger and more targeted in scale than badly designed voting access.

One evil is about removing voting access, especially for marginalized groups, and the other is about implementing voting access that is tamperable.

Voting access can be restored, but online voting can -forseeably – not be secured. So I say online voting is a bigger slice of devil’s food cake. What are your thoughts?

Winter November 18, 2021 7:09 AM

“Voting access can be restored, but online voting can -forseeably – not be secured. So I say online voting is a bigger slice of devil’s food cake. What are your thoughts?”

Voter suppression is at least more visible. And given the length to which you previous president was going to get re-elected, unsecured online voting might make a much easier target.

Most likely, online voting would be implemented in places where it would not help voter suppression anyway.

Ted November 18, 2021 7:33 AM

@Clive, ALL

Re: Intel CPU vulnerability

One of the researchers who discovered the vulnerability said it could by used against Amazon e-books – by degrading EPID-based protections for digital rights management – whereby someone could then download e-materials and distribute them.

This makes me think of the comment @lurker made the other day about the Magna Carta. Get the baron’s riled (Amazon, content creators, etc), even more so than common man, and the monarch has a whole different set of problems. This probably isn’t even the worst problem.

Luckily it looks like this exploit requires physical access to the machine, and patching isn’t as urgent as a ‘drop-the-baby-and-run’ type deal – they say. Hopefully the high-value targets know who they are.

Clive Robinson November 18, 2021 8:19 AM

@ Ted, Winter,

Online voting has an issue not much talked about which is a lack of “cooling off period”.

In normal voting you have to “plan your vote” because you have to go to the location stand in the que do the admin stuff etc. This alows you to get into a less riled up state of mind.

With online voting you can go from reading intensely vitriolic and possibly fake news in social media and the like straight into caating your online vote…

Thus the potential to “feed” voters “fake news” etc on not just an individual basis –ala Cambridge Analytica– but at a critical time…

With the now very small margins in First Past The Post voting using this to shift even just a few percentage points is a very realistic possability.

One that I am sure will cause more than a few “Hedge Fund” managers and their ilk to invest heavily in.

Winter November 18, 2021 8:33 AM

“With online voting you can go from reading intensely vitriolic and possibly fake news in social media and the like straight into caating your online vote…”

Online voting procedure allow voters to change their votes until closing time. Also, like with mail-in voting, a voter can also cast their votes in person which invalidates the online/mail vote.

I do not see that as a real problem.

Ted November 18, 2021 8:55 AM

@Clive, Winter

Re: Online voting and influence scenarios

That hadn’t even crossed my mind this morning. Great thought.

You think that should at least be presented to San Francisco’s Dept. of Technology, when they get their $1.5 million of federal grant money to “explore” online voting.

I mean really. Come on.

There is some hubbub that the Dept. had not been transparent about pursuing the project. And there’s been some legit backlash to this. I hope the idea gets pulled out root and all for what it’s worth.

In meantime the influence peddlers are jazzing up to the Rocky song “Gonna Fly Now” … you know the song when Rocky runs through the city throwing a few air punches and triumphantly runs up the stairs and all.

Ted November 18, 2021 9:11 AM

@Winter: I do not see that as a real problem…

Granted, I’ve been out of the game a bit, but hasn’t their been disinformation floods of biblical proportions, especially around elections? Is it better now?

Freezing_in_Brazil November 18, 2021 9:41 AM

@ All


Matt Damon monologuing in the commercial[1]. He goes like this:

[successful people] as they peer into the edge, they calm their minds and steel their nerves. The four simple words that have been whispered by the intrepid since the times of the Romans: Fortune Favors the Brave.

Just like a con man luring the innocent into a trap, manipulating proples most basic instincts [on cable TV]. The message: if youre afraid of crrypto ]currencies] you are one of those almosts; one of those losers.

I got a feeling that this is not gonna end well.


Ted November 18, 2021 9:53 AM


Matt Damon monologuing in the commercial: […] Fortune Favors the Brave.

Help! Is this nonsense?!


Wow oh wow. Great find.

Winter November 18, 2021 10:23 AM

“Granted, I’ve been out of the game a bit, but hasn’t their been disinformation floods of biblical proportions, especially around elections? Is it better now?”

Not really worse. Except that the Great Closing Of The Minds has happened and many people, the MAGA crowd comes to mind, have entered the Flat Earther mindstate of rejecting literally every kind of non-conforming information.

See these street interviews by Jordan Klepper:

Ted November 18, 2021 11:45 AM


Re: Jordan Klepper’s light-hearted interviews with anti-vaxxers

Case in point. Oh my god. That is unbelievably funny!

It’s going to wipe out our DNA! Like wipe it out! Ahhh!

People are amazing. Loved that you shared that. An influence campaign might not work on some people I see.

I was listening to this book yesterday, and it was talking about how people make memories and associations that go under the radar of the neo-cortex, or whatever it is. When I feel like this, I think the best thing for people to do is just to smile and step away and go about their regular business. Logic need not apply. Haha

Winter November 18, 2021 12:54 PM

“People are amazing. Loved that you shared that. An influence campaign might not work on some people I see.”

If you think that is amazing. Did you see the part of the documentary “Behind the curve” where the Flat Earthers do a real, sensitive scientific experiment using a $20,000 laser gyroscope:


Here is a written account in case the video does not work:

The reaction of the Flat Earther is typical.

Ted November 18, 2021 2:43 PM


Just amazing! I love what astrophysicist Neil deGrasse Tyson says in the article. He’s a classic.

I can’t believe the level of scientific testing this group did if they were actual flat earthers. To use a $20k gyroscope almost seems incongruous with such a far out belief.

It was funny to see the guy in the video holding a globe. It’s like who’s side are you on anyway??

No matter what, there are definitely things to learn about people as well as about science in these videos! Fantastic!! 😄

Clive Robinson November 18, 2021 3:04 PM

@ Winter, Ted,

The reaction of the Flat Earther is typical.

And… Often tripped over in science[1].

Science contrary to many peoples expectations is not “radical” but “conservative” so can be very behind the curve and moving slowly.

A friend sometimes jokes,

“The last time science was rad was when Fleischmann and Pons were cool. Now it’s just shutup and calculate, and clean the dust bunnies out of your pocket protector.”

Whilst not realy that bad, science appears to fall into two camps, those that are seen as doing trivial science and getting very very rich, by those doing serious science eking out an existence from grant application to grant application.

The sad truth is that industry is only looking for a return on what they put in, in the very short term where as what is seen as fundemental research gets paid for out of Government funds and appeared to fund the big toys of the physics boys.

Things are changing, but not realy for the better, if some in politics have the way we will be back in the dark ages before you know it. They don’t believe in science, yet they are happy to use the weapons of oppression it produces..

[1] Hence Arthur C. Clarke’s comment about those who had bit, spat and scratched their way to the top of the hierarchy,

“When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.”

In short “ultra-conservative” cognative bias.

Ted November 18, 2021 3:17 PM

@Clive, Winter

The sad truth is that industry is only looking for a return on what they put in,

I heard a personal anecdote that supports that. Someone at my work told me that he had a relative suffering from covid. His niece called and told that person to lay on their stomach so they could breath better. And this helped them.

However, when they asked another doctor why a medical professional hadn’t suggested this, they said that nobody had done enough research in this area and they couldn’t make those recommendations without clinical data.

I guess he was thinking there was no money in this type of simple solution. But I really don’t know if or how much of this is true.

to fund the big toys of the physics boys

That’s just rather funny. I don’t have anything to add 😆

6449-225 November 18, 2021 5:00 PM

flat earth

So what does “flat” mean ? Does it mean 2D ? Otherwise, the difference between “flat” and “round” is just a matter of degree.

laser gyroscope

“Quote”: “Don’t be too proud of this technological terror you’ve constructed. The ability to measure the curvature of the a planet is nothing compared to the power of the Levi-Cività Tensor.”

vas pup November 18, 2021 5:40 PM

Researchers train computers to predict the next designer drugs
Global law enforcement agencies are already using the new method

“Researchers have trained computers to predict the next designer drugs before they are even on the market, technology that could save lives. Identifying these so-called ‘legal highs’ within seized pills or powders can take months, during which time thousands of people may have already used a new designer drug. But new research is already helping law enforcement agencies around the world to cut identification time down from months to days, crucial in the race to identify and regulate new versions of dangerous psychoactive drugs.

Dr. Skinnider and his colleagues used a database of known psychoactive substances contributed by forensic laboratories around the world to train an artificial intelligence algorithm on the structures of these drugs. The algorithm they used, known as a deep neural network, is inspired by the structure and function of the human brain.

Based on this training, the model then generated about 8.9 million potential designer drugs.

These molecules were then tested against 196 new designer drugs that emerged on the illicit market after the model was trained. The researchers found more than 90 per cent were present in the generated set.

In other words, the model was able to predict nearly all of the new drugs discovered since it was trained.”

Read the whole article for more details.

lurker November 18, 2021 5:58 PM

@Clive, All
after reading the Ars article on Intel cpu Master key, I now eagerly await the next episode, where it is revealed the key is less than unique to each cpu…

6449-225 November 18, 2021 9:32 PM

AI algorithmically generates designer drugs

Advertiser: I know 50% of my ad budget is wasted, but I don’t know which 50%.

AI algorithm: I know 99.998018% of my designs are wasted, but I don’t know which 99.998018% 😉

Winter November 19, 2021 1:12 AM

Something for the weekend:

Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure

Baojun Liu, a postdoctoral researcher from Tsinghua University, offered an example of the risks posed by fake root CAs. “We discovered that a Windows Trojan implanted root certificates disguised as SecureTrust CA 2 into infected hosts, which was confirmed by the threat intelligence of Cisco [PDF],” he said in an email to The Register. “Cases of malware employing fake root certificates have also been reported in previous works.”

The largest of these groups consisted of 254,412 root certificates from “Certum Trusted NetWork CA 2” – an entity posing as Certum CA, which uses a lowercase “w” in its certs with the word “Network”. Another lookalike CA identified was “Verislgn trust Network” – not to be confused with the legitimate “Verisign”.

SpaceLifeForm November 19, 2021 1:15 AM

@ Clive


If you don’t give AWS any data, they can not leak it.

Each danger was assigned three scores: One for how badly it could affect the company, one for how likely it was to happen, and one for what power Amazon had to control it. Then those three numbers were multiplied together for a total risk score.

Atop the security team’s list was the danger that breaches would “go unnoticed” due to “limited detections, alert fatigue, and manual effort.” The impact of such a scenario, the managers determined, could be “critical” (5 out of 5), its probability was “very likely” (5 out of 5), and the team had “no controls” against the company’s exposure to it (5 out of 5). Total risk score: 125 out of 125.

Next up, the managers evaluated the danger that “lack of visibility into systems and networks” would create an “inability to detect security incidents.” Risk score: 125 out of 125. Then there was Amazon’s “inability” to protect secret credentials and keys that could unlock sensitive data: 125 out of 125. Then came Amazon’s “inability to identify the location of data.” 125 out of 125 again.

Amazon says these risks were “overstated.” But around that same time, yet another dire-sounding message issued from a unit inside the security division called the Security Operations Center, which was responsible for detecting and responding to attacks. A memo from the team warned that, because the group relied on humans to report problems when they came upon them instead of having an effective automated system to proactively search for evidence of a breach, an attacker could conceivably hide out in Amazon’s network for years without being noticed.

Clive Robinson November 19, 2021 7:32 AM

@ lurker,

I now eagerly await the next episode, where it is revealed the key is less than unique to each cpu…

Many many moons ago I discussed this very problem for generating seeds for randomn number generators in embedded systems like network equipment. Where almost the first action on initial power up was to generate Pub/Priv Key pairs, with little or no source of entropy to move from the original seed value.

I’d first faced the issue on a major production line when designing cordless phones in the early 1990’s, where programing an ID / serial number / seed on a production line was not something you wanted to do as it could halve the throuput rate.

Worse if you used an internal random generator say using fast counters and button pushes the individual line operators quickly fell into their own narrow band of numbers…

Something that was not to bad when the total number range was just 2^16 but was a real noticable problem when you were trying for 2^20 or 2^24.

The correct solution for security is to use a stream cipher to generate the unique seeds. You simply have a counter that you encrypt against a secret key. Where you use a TRNG to generate the crypto key, and importantly the “Initialization Vector”(IV) start count of the counter. If you are wise you actually do not increment the counter by one, but at the simplest by some number that is prime to the maximum counter value of the counter, and preferably around half the maximum counter value.

Clive Robinson November 19, 2021 10:56 AM

@ Ted, ALL,

Is this going to be a commercially available, low-brow tracking technology?

Long answer short “Yes”

Longer answer if there is a “connected” Apple device like an iPhone within range of an AirTag then it phones the MotherShip with the devices –not the tags– location.

Some people have already shown after having a laugh and joke about it in the pub after a Radio Club meeting you can indeed use it as a tracking device,

(Note the North Korea and Apple HQ connection 😉

P.S. If you look down the bottom of the page you will note it’s a TARG club night… It’s held at the “Jubilee Hall, Canvey Island, SS8 9RA“ as you can see a fairly bleak place at this time of year, it’s on the North of the Thames Estuary, a little south of Benfleet (railway Stn),

You might be supprised at who you might meet there…

Ted November 19, 2021 12:57 PM

@Clive, ALL

Some people have already shown after having a laugh and joke about it in the pub after a Radio Club meeting you can indeed use it as a tracking device,

That is really fun Clive. I honestly wasn’t quite sure how it worked, but I think I’m getting a better idea.

There were features they demonstrated that I kind of want to play with too. I see the tag uses bluetooth to connect with the owner’s phone in a local range.

I want to see how they got it to do all that pinging as they sent it to themselves through the mail (all the pinging at the post office from worker’s iphones!). I am wondering if I have to set it on lost mode?

Since I really try not to lose my keys, I’ve never had a chance to explore all that. Better to play with it when it’s fun then when I’m all panicky. Doing it with friends and a local pub would make it twice as enjoyable!

It looks like Apple has some info too:

AirTag is designed to discourage unwanted tracking. If someone else’s AirTag finds its way into your stuff, your iPhone will notice it’s traveling with you and send you an alert. After a while, if you still haven’t found it, the AirTag will start playing a sound to let you know it’s there.

Of course, if you happen to be with a friend who has an AirTag, or on a train with a whole bunch of people with AirTag, don’t worry. These alerts are triggered only when an AirTag is separated from its owner.

The lady in the original article said this:

“On my way to work and I went to hook my phone up to listen to music and then it popped up I have an AirTag following and I’m like, no,” said the woman.

Lol. no. This criminal was very much not one of the brightest🙂

Cassandra November 19, 2021 3:13 PM

@Moderator, @Bruce Schneier

Suggestion for a future Friday Squid Blogging



SpaceLifeForm November 19, 2021 3:29 PM

@ Ted, Clive

These alerts are triggered only when an AirTag is separated from its owner.


These alerts are not triggered when an AirTag is near an owners iPhone.

But, other devices can detect the BLE signal and capture the data for tracking purposes.

Got your AirTag on keychain?

Got your iPhone on you?

You can be easily tracked location wise but most users will be none the wiser.

Stoplight? Subway Station? Store? Airport? You do not know where the silent BLE monitors are.

Ted November 19, 2021 5:53 PM

@SpaceLifeForm, Clive, ALL

But, other devices can detect the BLE signal and capture the data for tracking purposes.

You have some marvelous questions and are making me think. It looks like Apple says this whole process is “anonymous and encrypted.” Can Bluetooth signal be encrypted very well?

Apple also says:

Devices that relay the location of your AirTag also stay anonymous, and that location data is encrypted every step of the way. So not even Apple knows the location of your AirTag or the identity of the device that helps find it.

This seems to be a little unbelievable to me. Do you think this is secure?

Also “Find My” is the app that coordinates with this. Some of the options I see are Play Sound, Find, Notifications, and Lost Mode.

SpaceLifeForm November 19, 2021 6:19 PM

@ Ted, Clive, ALL

They are not questions. Ok, they are rhetorical questions. It is physics.

Of course a Bluetooth transmission can be encrypted. Just like WIFI. Both on 2.4 GHz. Do you have the key?

Apple is being disingenuous at best. I am trying to be nice.

Ted November 19, 2021 6:46 PM

@SLF, Clive, ALL


To tell you the truth, I don’t care if it is 100% secure. I’d just like to be able to find my keys or my wallet or whatever. I tend to lose my keys within 3 feet of myself and it’s painful.

Also, maybe i do care if it’s secure, but I’d really, really care if something bad happened.

So apple says their encryption for Bluetooth Classic and Bluetooth Low Energy (BLE) is:
– AES-CCM cryptography, performed in the Controller.

Does this level of encryption mean anything to you?

Clive Robinson November 19, 2021 7:56 PM

@ Ted,

Does this level of encryption mean anything to you?

Encryption is just one thin layer in a very large stack that goes into making a system.

It’s very easy to use it,

1, Inappropriately
2, Ineffectively
3, Insecurely

And as a way to quite deliberately hide other activities.

One of the things you hear me mention a lot are “side channels” especially time and energy based ones and “end run” attacks. There is a reason for this in that the side channels are very easy to turn into covert channels to perform all soets of end run attacks around what looks like security features.

Most of the page you point too is irrelevant to the use of AirTags. Because the AirTags like the COVID-Tracking do not use Bluetooth “pairing” and all the security that follows on after it, but “broadcast beconing” which can not be secure to work at the base layers. Further as traffic gets routed from the AirTag to the registered owners iDevice unless some quite extrodinary measures are taken the flow of traffic would be susceptable to traffic analysis of various forms.

Ted November 19, 2021 8:23 PM


Thank you so much!!! That really puts it in perspective!

the flow of traffic would be susceptable to traffic analysis of various forms

That makes sense.

Also, about the Bluetooth, I am getting confused here. Apple has a short video on how AirTag works. (I am just reaching around here.)

And the video says it using the following technology: coin cell battery, speaker, bluetooth, and apple’s U1 chip. I was getting the impression the AirTag sends out a Bluetooth signal to communicate with an iDevice.

Are you saying that no matter what, the Bluetooth signal is vulnerable? (I am going to eat a taco now, so please pardon any delay in responding🙂)

JonKnowsNothing November 19, 2021 8:57 PM

@Ted, @All

re: bluetooth, beacon, pairing

While you are digging away at the bluetooth specs, do some checking on how modern stores use smartphones, bluetooth and other systems like RFID, to track your movements around the store.

An advanced version of these are the new AmzJustWalkOutStores, available in the USA and now in the UK.

In these stores you just walk in, pick up the items you want and walk out the door. No staff, no checker, no cashier, no register, no swipe pads, no punch keys. No worries, the bill(s) will arrive after you leave.

There are similar systems used in large malls (1) and in cities they place them at intersections, in street lights, parking area lights, and along side walks.

Look up. Spot the little black domes hanging over head….


  1. Not been out or about since P-C19 arrived. Not going out or about anytime soon either. 130+ regional variants of Delta2Plus. AY.1-AY.117 (with sub sub lineages). AY.4.2 on target to make a not merry holiday for some. A gift that keeps on giving.

Ted November 19, 2021 9:38 PM

@JohnKnowsNothing, ALL

Re: Amazon’s ‘Just Walk Out’ cashierless checkout

Wow! Have you all talked about this before! That is news to me. And it’s either a dream come true, or a dystopian nightmare, or perhaps both.

From an article:

If you ask for a chicken breast, for example, they’ll wrap it up, stick a label on it and hand it to you. Overhead cameras capture the price on the label and it’s automatically added to your virtual shopping cart.

You’d really want to check your e-bill! I wonder about all the technology that’s going on there! Great share! 😄

SpaceLifeForm November 19, 2021 11:34 PM

@ Ted

I tend to lose my keys within 3 feet of myself and it’s painful.


Just wait for the day when you can’t find your keys that you are holding in your hand.

JonKnowsNothing November 20, 2021 12:38 AM

@Ted, @All

re: you’d really want to check your e-bill!

You have tumbled onto the BIG problem that has no solution. It’s not technical per se but affects all aspects of technology and society as a whole.

The use case question is:

  Who is going to use this store?

There are lots of reasons why someone might want to use a JustWalkOut store, it’s similar to buying prepaid coffee-shop cards, a system called Grab N Go.

Except they rather omit the part of “who gets to grab” because the “go” implies ability to pay for whatever the goods are.

With a prepaid card, the payment is guaranteed to the vendor but there is a huge amount of “unclaimed” cash value in these cards. There are on-line exchanges to bundle up the full or partially used value of them. It’s pure profit to the company that issued the prepaid card and almost nil chance of having to refund the value.

In the “you don’t know the price, but have to pay” system, the idea is to keep the price(s) secret and have the billing setup for PullPayment (vs PushPayment) so the company can scoop up whatever the charges they make up.

If you have ever had the experience of ordering an item for delivery, you might have discovered that the item you bought that was “on sale” turned out not to be “on sale” anymore when you get it.

This version in the fine print where the sale price strike is on the day of shipping not on the day of order. So you might order some nice furniture at 25% discount during the stated days of the sale and provided your CC for full payment only to find your payment was not processed until the items shipped. The shipping date was after the sale period so the item was no longer offered at a discount and you get hit with the full price.

This shift in On Sale vs Not On Sale time-day-period is done by many companies.

There is another type of JustWalkOutStore system that is not often acknowledged. It’s the corner mini-mart and last vestige of commerce in some neighborhoods. The process is also called shoplifting, shrinkage and other acronyms. People walk in and take things but in this case do not pay for them.

It’s not just poor people or disadvantaged persons, wealthy and famous people do it too. The personal cost is much higher than any of the other use cases.

There is a JustWalkOut Store system in Nordic Europe. A company renovates cargo containers to be fully self contained. They stock it with groceries and canned goods common to that area. They setup the container in more distant villages and towns that do not have large grocery stores. As the store is fully self contained they do not need to setup any infrastructure other than a place to set the container. If the container-store doesn’t earn enough money in one location they move it to another until they find a “sweet spot”. They have a few local persons that constantly restock the units.

That country has a more integrated social support system where as the AzBStores are only about the Bs.

Ted November 20, 2021 7:10 AM

@JohnKnowsNothing, ALL

similar to buying prepaid coffee-shop cards, a system called Grab N Go.

I don’t know if I should be embarrassed to say this, but I signed up for a Sip N Save program at a local gas station. You get one free beverage a day for $5.99 per month.

You have to enter your phone number on a touchscreen at checkout. But once you do that you can pretty much walk out. I tried to get a coffee machine for home, but my coffee gives me a headache.

This shift in On Sale vs Not On Sale time-day-period is done by many companies.

Do you have an example of this? It seems like this would be a much frowned upon practice, if not illegal.

I think when you are investing, different products have different purchasing parameters. Like when you buy a mutual fund you buy it at the end-of-day price. But when you buy an ETF you get the at-the-moment price. I don’t know how explicit they are about communicating this.

That country has a more integrated social support system where as the AzBStores are only about the Bs.

Regarding the “JustWalkOut Store system in Nordic Europe,” – interesting. I didn’t know that about Nordic European countries. I will have to keep my eyes open for that. Thanks so much for the super great info!

lurker November 20, 2021 10:33 AM

@Ted: You have to enter your phone number on a touchscreen at checkout.

It’s not your phone nr anymore: now you belong to them.

Ted November 20, 2021 11:13 AM


It’s not your phone nr anymore: now you belong to them.

Dang it. A lot of rewards programs, and other programs, use a phone number as an identifier though.

I did learn how to report text spam to my carrier. I used it to report/block a lot of political ads.

What do you think about using services like Google Voice to get a non-primary phone number?

The one place that contacts me non-stop though is a blood donation center where I gave blood. They call and they text it seems like once a week. They give you free treats and drinks when you give blood, but it supposedly takes four to eight weeks for your body to completely replace the red blood cells. If they were at my work or in my community, this would be better for me.

JonKnowsNothing November 20, 2021 11:25 AM

@Ted, @All

@J: This shift in On Sale vs Not On Sale time-day-period is done by many companies.

@T: Do you have an example of this? It seems like this would be a much frowned upon practice, if not illegal.

In USA, we have the weekly delivery of “On Sale This Week” grocery offers. They arrive on Tuesdays for the most part. The items “on sale” are available from W-M and sometimes Tues-Tues. You have to check the starting & ending dates. Some markets will have a cross over day, often Tues-Wed, where both sets of weekly offers are in effect.

If you physically go to the market that has a cross over day, you get both the last week and current week sales offerings on that one day.

If you order on-line for delivery on a 2 day delivery program (cheapest delivery rate), and you order on Mon or Tues, the shipping date being 2 days later is Wed-Thurs. You order what’s on sale but when it arrives, it’s full price.

If you purchase anything from one of the Big Warehouse Big Box Stores, their sales are generally 3 weeks duration (not a full month). You are sales-price-safe if you order within that period and get delivery in the same time frame. Buying on the edge, may have a price change. Policies vary by company.

Sometimes, a company will put a “funding hold” on your bank account that is $X+%$X value of the purchase. This covers the base cost of the item, plus taxes, delivery and driver tip (GigDayWork). These values are not known as you fill the cart until you punch check out, so they fudge the value some. It covers the fees and they refund any out-of-stock items.

This funding hold may also be used to lock in the discount-sale price for items that need longer shipping time. Again, the fine print defines if you get the lock on the price if you have to wait 3 months for delivery.

fwiw: This will be a bigger issue as the supply chains wobble during the annual big run up of consumer debit. If your selected high tech item is held up in manufacturing, on a container ship across an ocean, waiting to be unloaded near a regional port, waiting for a semi to haul it to the mega distribution warehouse, waiting to be dispatched to a local warehouse, waiting to be stocked in the store.

The discount sales system is part of business, marketing, geographic, demographic analysis. AI/ML is used a lot to predict which sectors will bring in the highest profits (RoR rate of return). Not all consumers are equal. Some are more equal than others. The ones with the biggest cash wads get the goods. The items might have the same price tags, but VIPs out rank everyone else.

AI/ML gives only a biased direction and is a self-reinforcing system. It cannot and does not accurately predict anything really. It makes the CEOs feel better but it’s a self defeating system.

There is however a bigger system: NUDGE. Nudge does a lot more to make the AI/ML systems appear to be correct. Nudge is a psychological tool deployed by corporations and advertising agencies and governments to influence behavior along with choice and selection decisions.

  • Which chips do you want? Onion, BBQ, Plain or Computer?

Ted November 20, 2021 2:20 PM


If you order on-line for delivery on a 2 day delivery program (cheapest delivery rate), and you order on Mon or Tues, the shipping date being 2 days later is Wed-Thurs. You order what’s on sale but when it arrives, it’s full price.

This practice seems like bullocks to me. They’d better be absolutely explicit about the price before you submit the order. Businesses would be foolish to play bait and switch with customers’ money. I’d be a little peeved too.

Once something I’d ordered came really late. So late in fact, that the retailer had cancelled the order and refunded my money. When it unexpectedly arrived, I went up to the store to return it, and someone there told me just to keep it. Otherwise they said the store will throw it away. It was just a metal shelf. I kept it. I really hope this was okay. I still shop at that store and I wouldn’t want to be on bad terms with them.

SpaceLifeForm November 20, 2021 3:04 PM

@ Ted

The reason the retailer told you to just keep it was twofold. It was not your nickle, nor the retailers. And, the retailer did not want to mess with the logistics of correcting someone elses problem.

Either the manufacturer/wholesaler ate the loss, or the shipper did. I would bet the former took the loss. Because the shipper had proof of delivery, even if late.

Did I mention there is a shortage of warehouse workers and truck drivers?

Did you know that drivers catch a lot of flak if there are still goods on the truck at the end of the day?

When mis-deliveries happen, no one wants to deal with the hassle of phone calls and paperwork.

It may be cheaper to write it off as lossage.

Ted November 20, 2021 3:14 PM


Either the manufacturer/wholesaler ate the loss, or the shipper did. I would bet the former took the loss.

That seems pretty logical and I would probably agree.

It may be cheaper to write it off as lossage.

Again, that seems pretty right on.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.