Comments
Anders • January 21, 2022 5:33 PM
@Clive @SpaceLifeForm @ALL
hxxps://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
SpaceLifeForm • January 21, 2022 5:49 PM
This may explain the short Twitter outage yesterday evening
https://www.yahoo.com/now/twitter-says-two-security-team-163217670.html
Peiter Zatko, a famed hacker more widely known as “Mudge,” was appointed head of security in 2020 after Twitter suffered a security breach that allowed hackers to tweet from verified accounts for public figures including billionaire Bill Gates and Tesla CEO Elon Musk.
hxtps://www.nytimes.com/2022/01/21/technology/twitter-security-team.html
Anders • January 21, 2022 6:08 PM
@Clive @SpaceLifeForm @ALL
“Israel police uses NSO’s Pegasus to spy on citizens”
hxxps://www.calcalistech.com/ctech/articles/0,7340,L-3927410,00.html
Anders • January 21, 2022 6:19 PM
@Clive @SpaceLifeForm @ALL
Wouldn’t be easier!
hxxps://srcincite.io/advisories/src-2022-0001/
Anders • January 21, 2022 6:21 PM
@Clive @SpaceLifeForm @ALL
hxxps://zetter.substack.com/p/hackers-were-in-ukraine-systems-months
ResearcherZero • January 21, 2022 8:47 PM
@Mark
Small government at work. When a service is privatized and moved online there is a good chance someone is making money from it. It’s why the internet sucks, a commercialized information economy has some serious repercussions.
The algorithms rank via populism. It is an almost perfect confirming-evidence trap. Logic bombing oneself for profit, existential nihilism at it’s finest.
Friedrich Nietzsche argued that nihilism’s corrosive effects would eventually destroy all moral, religious, and metaphysical convictions and precipitate the greatest crisis in human history. If we survived the process of destroying all interpretations of the world, we could then perhaps discover the correct course for humankind, but at a terrible cost.
According to The Bulletin of Atomic Scientists:
intelligence, agency
to think and impose
the new operation of
intelligence,
agency
to enter the nation,
to alter the nation,
to trust in the intrusion
Ted • January 21, 2022 9:04 PM
@SpaceLifeForm
Re: Twitter shake-up
I wonder if people at Twitter are feeling unnerved by the changes. Your NYT article says that the new CEO Parag Agrawal, who took over in November, also dismissed the chief design officer and the head of engineering in December.
You probably saw Lea Kissner, Twitter’s current head of privacy engineering, is slated to become the interim CISO. These seem like really big changes. I hope we hear more about the direction of the company. Mudge and Sethi seem like they’ll be pretty big pick-ups.
cont.
Ted • January 21, 2022 9:07 PM
@SpaceLifeForm
Re: Twitter shake-up cont.
It looks like Lea Kissner “earned a Ph.D. in computer science (with a focus on cryptography) at Carnegie Mellon University and a BS in electrical engineering and computer science from UC Berkeley.”
So hopefully crypto as cryptography will be getting a boost.
SpaceLifeForm • January 21, 2022 11:07 PM
@ Ted
Re: Twitter shakeup
I recommend that Lea Kissner Prepare Three Envelopes
Clive Robinson • January 22, 2022 12:11 AM
@ Anders,
Re “Moonbounce”
Over all it’s a nasty bit of work, that hides the malware in,
“ROM that is not ROM”
That holds Firmware in FlashROM, in this case on the motherboard. The article claims two other privious examples.
However that is actually not true. I suspect some here will remember BadBIOS back in 2013.
There was also Lenovo using the tricks identified on this blog via a hole in security by which I/O drivers get loaded during boot. A trick that goes back atleast as far as the Apple ][ in the 1970’s.
And if people look back on this blog even further they will find discussions between primarily @Nick P, myself and one or two others about this exact problem of “ROM not being ROM” and why I used mid 1990’s and earlier PC kit and @Nick P thought upto 2005 was probably safe to make “Internet PCs” that had no Hard drives or other semi-mutable memory and used lots of RAM to run a “Diskless OS” from a “Boot CD/DVD” of Linux or similar.
There has been a brief exchange on Moonbounce[1] already,
One of which has links to relevant articles and events such as GCHQ’s visit to The Guardian Newspapers London offices to “make safe” laptops on which the Ed Snowden trove had been used.
I guess the only thing new is that it uses UEFI ROM rather than BIOS ROM that Lenovo’s manufacturer installed malware used.
[1] I’ve given the links this time because anoyingly “Moonbounce” is actually a technical term[2] used in Radio Engineering and Security since the 1960’s if not earlier by the likes of the NSA on their SigInt ships. I’ve mentioned it several times previously on this blog so searching for the term is now confused.
[2] In radio work “Moonbounce” is a term of art specific to the domain. It is a way to use a planetary body as a “Space Reflector” or mirror to get VHF and above signals around the curvature of the Earth. To envision how it works think of a spotlight on a “Disco Mirror Ball” you hit it with a lot of light and it reflects back all around the room and is visable in places the spotlight can not illuminate. If you look at pictures of NSA SigInt ships from the 1960’s you will see parabolic antennas used to do this. People when they see what’s involved with doing Moonbounce ask “Why?” well a couple of reasons firstly it started before MilCom satellites were put up. Secondly as more recent news indicates the US, Russia, China and India have all demonstrated they can attack satellites with missiles, as has been wryly observed “we cann’t shoot the moon down… Yet.”.
JonKnowsNothing • January 22, 2022 1:07 AM
@Clive, @SpaceLifeForm, @Winter, @ALL
re: USA guidelines on mABs update Jan 19 2022
A short paragraph with a whopping effect:
January 19, 2022
The COVID-19 Treatment Guidelines Panel’s Statement on Therapies for High-Risk, Nonhospitalized Patients With Mild to Moderate COVID-19
The Panel has updated this statement to address the fact that the B.1.1.529 (Omicron) variant of concern (VOC) is now the dominant SARS-CoV-2 variant in the United States. Because the anti-SARS-CoV-2 monoclonal antibodies (mAbs) bamlanivimab plus etesevimab and casirivimab plus imdevimab are predicted to have markedly reduced activities against this VOC, and because real-time testing to identify rare, non-Omicron variants is not routinely available, the Panel recommends against the use of these anti-SARS-CoV-2 mAbs (AIII)
- “casirivimab plus imdevimab” aka REGENERON, REGEN-COV, Ronapreve plus other regional labels.
- “bamlanivimab plus etesevimab” only worked for some variants pre-Omicron.
- “sotrovimab” still remains effective against Omicron.
There have been local media reports about blood donation drives that are primarily for antibody harvesting. The reports indicated there is a short shelf life for antibodies that are used for testing/research; so there is a need for a constant supply of new stuff. The only place to get it is from donors who have had COVID19. They are also looking for new immune system responses.
===
Coronavirus Disease 2019 (COVID-19) Treatment Guidelines Jan 19 2022 update
ht tps:/ /ww w.covid19treatmentguidelines. nih.gov/
SpaceLifeForm • January 22, 2022 4:55 AM
@ JonKnowsNothing, Clive, Winter, ALL
re: USA guidelines on mABs update Jan 19 2022
I agree with NIH. The mABs will not be effective enough or in supply enough to make any difference overall.
https://twitter.com/trvrb/status/1483996723458445319
This would suggest 36-46% of the US infected by Omicron by mid-Feb. 7/9
I think his estimate is pretty good, but my gut feel, based upon reports, is that Omicron is probably near 60% in Goodvaxfield already, and maybe only 10% in Novaxland. The downslope of the curve may take some time.
Check out yesterdays (2022-01-21) BNOdesk numbers. While the Average New Cases per day keeps declining, note that In Hospital and In ICU also declined. Maybe a statistical anomaly, but hopefully will stay on that trend. The Health Care Workers need a break.
Of course, also note that the decline in those numbers is easily covered by the death count, so dying is one way the Hosp/ICU counts will decline as long as New Cases keeps declining.
Death is a trailing indicator.
- New cases: 815,831
- Average: 729,564 (-15,837)
- In hospital: 156,774 (-1,212)
- In ICU: 26,443 (-115)
- New deaths: 3,707
- Average: 2,124 (+132)
Curious • January 22, 2022 5:42 AM
I am reading in local news today that fast charging stations for electrical cars allegedly use an option for this type of payment system involving RFID tokens with mere serial numbers, which that was deemed “should be illegal” by “an RFID expert”. The crux of the matter seems to be that, by relying on merely a serial number for identification, individual tokens are apparently subject to cloning/copying.
One brand owner for such power stations apparently explained to the journalist that this RFID solution was industry standard. Article points out that the suggested method of payment, would be using “an app” so, paying with your mobile phone I guess.
Apparently, for copying RFID signals of this kind, it was pointed out that a good antenna hidden on your arm could pick up and copy the signal from merely 50 cm away. It was pointed out that the serial numbers were typically four and seven byte ID numbers, which was deemed equally trivial to clone.
As per the article, there seem to be a clear indication that the added cost involving securing the payment system, is “not worth it” effectively dumping the cost onto individual car owners.
Curious • January 22, 2022 5:47 AM
To add to what I wrote:
As per the article, there seem to be a clear indication that the added cost involving securing the payment system, is “not worth it” effectively dumping the cost onto individual car owners.
I meant that: In the case of anyone else having abused your account with a cloned token at a car re-charging station, you would be expected to pay for that small cost, in the absence of a system that was secure to use.
ResearcherZero • January 22, 2022 6:09 AM
@Clive Robinson
Thankfully Gamma Group had fantastic security. Their sales team, demonstrating great responsibility, provided only the most respectable authoritarian regimes with their wares.
It’s a haunting world we live in,
full of despair
I ponder on man’s great questions
as I whittle away my chair
https://www.youtube.com/watch?v=N1zar_AedZM
Such tools in the hands of sociopaths is proof of the democratisation of technology, as the files from commercial surveillance companies will attest. Business has probably been great due to the increase in remote working and a pool of disposable labor in lockdown.
Clive Robinson • January 22, 2022 6:54 AM
@ SpaceLifeForm, JonKnowsNothing, Winter, ALL,
Of course, also note that the decline in those numbers is easily covered by the death count,
Oh and another cover…
You see graphs of death rates, where you see the past couple of years over the five years prior to Covid-19.
They then quote the “excess deaths” based on the average of those five years…
What they always fail to mention is that in that five year average were significant “influenza deaths” bringing the average up quite a bit. However since Covid-18 “influenza” and quite a few other deaths have plumeted or are close enough to zero to not be realistically measurable (it’s why two flu strains are believed to have died back to nearly nothing or entirely died out).
So, when you see those “excess death” figures for Covid remember they are actually lower than they should be… So don’t forget to actually add on the five year average influenza deaths to what you are told to bring them closer to reality…
But a thought occurs, with all those “fake testing” stations ripping of Tax dollars, by falsely sending out “negative” results, how much have they skewed the real figures?
After all figures based on GIGO are not even of use as fertilizer.
Clive Robinson • January 22, 2022 7:55 AM
@ Currious,
It was pointed out that the serial numbers were typically four and seven byte ID numbers, which was deemed equally trivial to clone.
I suspect the journalist got a “lost in translation” moment.
You can get RFIDs with various numbers of bits, with the smallest, years ago if memory serves correctly being 24bits from Dallas Semiconductor all wrapped up in a tiny glass pill. They went through 32bits to 64bits fairly quickly and some will be more than that but to what point?
RFID’s are less secure than metal plate “serial numbers”. They are not now nor ever will be even remotely close to being “authentication tokens”, that is what Smart Cards and later were designed to do (and fail miserably even today).
What the industry spokesman was doing is what the banking industry does,
Externalise the risk onto the party least capable of defending themselves.
That is they fully well know their system is not in anyway secure but they figure you can never get the money together to go to court and win so why should they go to the expense of cutting their profits.
At some point there will be an “ID clash” when the legitimate user and the fraudster both plug into the charging network together… So how do you think the network will keep it quiet without swallowing losses?
The system designers should have known better at “design time” but why should they care, they have “profits to consider”. Plus they know that should anything push the charging network to upgrade, they will get a nice “fat fee” job supplying the upgrades…
I can go through virtually every step of the process showing how all involved are complicit in the very weak security. Yet for “profit” reasons none of them will do anything better than the barest minimum required (and frequently not even close to that).
It’s why we need legislation and regulation of the right sort.
What is the “right sort” I’ll leave as a subject for another day, but lets just say few systems are even remotely close.
Winter • January 22, 2022 8:09 AM
@Clive, All
“What they always fail to mention is that in that five year average were significant “influenza deaths” bringing the average up quite a bit. ”
Excess deaths are just one piece of the puzzle. The other pieces also consist of the hospital deaths of those entering with COVID symptoms, which were counted quite well, death certificates, etc.. It will be impossible to find every single last death-by-COVID, but with some statistical modelling, backed by sampling of anti-bodies in the population, will get a reasonable picture of how many people got infected, how many got severely ill, and how many died from it.
But just as we do not know how many people die of influenza every year, we will never know for sure how many people died from COVID.
richard • January 22, 2022 11:05 AM
One brand owner for such power stations apparently explained to the journalist that this RFID solution was industry standard. Article points out that the suggested method of payment, would be using “an app” so, paying with your mobile phone I guess.
The “industry standard” for payment terminals is EMV. It’s not clear why people or governments are tolerating every electric vehicle charging company having their own payment card or app that one must sign up for, with separate terms of service etc. The owner of a fuel-powered vehicle, by contrast, can buy fuel anywhere, using their normal card (or often cash) and without signing up for each organization or dealing with any legalese.
(The card companies do take a few percent of the money, and might object to certain forms of data collection by vendors. But if I can buy a 1-dollar bag of candy from a vending machine by tapping a card, I don’t think it’s cost standing in the way.)
pup vas • January 22, 2022 12:52 PM
@ Mark • January 21, 2022 5:20 PM
That is just next step to ‘1984’ of 21st century when your rights are gradually taking out quietly, like that frog which boiled to death when temperature of the water is gradually moved up.
Government is subject of FOIA, but private companies are not.
pup vas • January 22, 2022 12:54 PM
Director James Cameron on the dangers of deepfake
https://www.bbc.com/news/av/technology-60083090
Video of about 5 minutes.
null clam • January 22, 2022 12:58 PM
Make your own chips, for a fraction [1] of the cost of big commercial houses:
Wired Magazine story
xyzzy :// wired.com/story/22-year-old-builds-chips-parents-garage/
The person’s blog (not https)
xyzzy :// sam.zeloof.xyz/second-ic/
- Cost is relative thing, and fractions can be greater than unity than they appear in the mirror.
JonKnowsNothing • January 22, 2022 1:18 PM
@Winter, @Clive, @All
The Bank of Mom and Dad: Death Taxes
re: W: we will never know for sure how many people died from COVID
Locally/USA we are now making 3 distinctions in deaths:
1, Deaths from people being admitted to Hospital with COVID Positive Test
2, Deaths from people being admitted to Hospital with COVID Negative Test on admission but have COVID Positive Test after admission
3, Deaths of people who have COVID Positive Test but are not admitted to hospital but to other facility (care homes, etc) or who die at home.
These are reported in different ways and by different agencies where the reporting rules and thresholds vary. Some reports require COVID to be on the Death Certificate to be counted, while other regions do not place COVID on the Death Certificate if there are any other possible reasons for death even if the person had a COVID Positive Test. There is a mix of both methods.
The source of the testing for COVID survivors is important because a good number of USA Health Insurances are barring addition treatments (Long COVID) if you do not have a registered, verified PCR test; a home test will not count.
Some companies also want genome proof which is impossible to get as only a small percentage of tests are ever sequenced. Life Insurance policies may refuse to pay on a policy, if the death falls into any of their endless Catch22 categories.
While the true extent of the human catastrophe is not likely to be known, in countries with highly automated taxation systems, they will have a better guess of the extent of deaths because of Non-Payment of Taxes/Non-Payment of Death Tax.
There are 2 parts for this in the USA IRS & State taxation systems
A, Survivors are required to file a Tax Return on the behalf of the deceased. It must be filed in the same year as the person dies.
B, If there are no survivors and no return is filed, the process flows to Escheatment. Escheat is a common law doctrine that transfers the real property of a person who has died without heirs to the crown or state. It serves to ensure that property is not left in “limbo” without recognized ownership.
The IRS will have a very good handle on the loss of tax revenue and the negative count of expected filings. In the USA 864,934 minimum Death Filings are expected.
A gap between them, will trigger the escheatment process a part of which will verify if the person is dead or just ignoring incoming communications.
HistoricalFilings – DeathFilings = Escheatment Process
It won’t be precise but it will be a better count, especially for those State that do not report any COVID statistics: Florida, Iowa, Nebraska.
Anders • January 22, 2022 4:39 PM
@Clive
Respect to Brits how you help Ukraine.
This is just awesome. (read – NLAW).
My Ukrainian friend was so glad. They
need all the help they can get currently.
vas pup • January 22, 2022 5:20 PM
@all
“Anyone who has ever looked into the glazed eyes of a soldier dying on the battlefield will think hard before starting a war.”
Otto von Bismarck
“The best way to win the war is not to participate in the war.” Unknown
CES 2022: Part 2
https://www.youtube.com/watch?v=Hqis8GHVtTY
A lot of interesting things related to car safety.
JonKnowsNothing • January 22, 2022 6:18 PM
@vas pup, @All
re: “Anyone who has ever looked into the glazed eyes of a soldier dying on the battlefield will think hard before starting a war.”
There have been lots written about this subject and the results or impacts vary with society and times.
One aspect is “Soldiers lie to others about being a soldier”.
This covers a gamut from recruiting agents to veterans, parents to children. A number of books and documentaries have been made exploring this aspect.
iirc(badly)
In a documentary interview with a British survivor of WW1’s infamous Trench Warfare and Over the Top into the Machine Gun Fire commands.
When asked how he was able to do that over and over, he said, he didn’t think about anything except going the next few feet towards the commanded destination. He mentally blanked out everything and everyone around him, and focused all his attention on the next foot step.
He had never told anyone how it really was, it was too horrible to consider and even at a very old age, he was overcome by the recollections.
There have been lots written about propaganda movies, posters, news reports. They all share a similar pattern, regardless of the era in which they are produced and they use the same memes.
Those same memes are used when discussing security, end to end encryption, privacy v surveillance. We know them well and many are crafted with care to distract from the logic faults of the statements.
Some statements do not require too much deconstruction:
Smartphones are Warheads on Foreheads
Air Tags are Specific Targeting Devices
Ted • January 22, 2022 7:02 PM
@Anders, vas pup, JKN, Clive, RZ, SLF, ALL
I was reading the book “Sandworm” and have had a hard time mentally getting through some of the atrocities that occurred in the Ukrainian region.
The mass killings around the time of WWI and the Holodomor (or Red Famine) that followed were particularly brutal.
From the book:
To understand how Ukraine would come to serve as the battleground for the world’s first full-blown cyberwar, it helps to look back at a millennium of conflict and domination, with Ukraine as the point where the bloodiest edges of two continents meet.
I’ve put down this book and picked up another for the time being. But I think it’s really valuable to know that history, especially in the context of what’s currently going on.
SpaceLifeForm • January 22, 2022 7:38 PM
@ lurker, JonKnowsNothing, ALL
Two years ago today
Wuhan goes into lockdown.
“We have it totally under control … It’s going to be just fine”
Today:
New Zealand: Thousands of cases expected
Something about airplanes, but what do I know?
I have a theory that I am still researching, about how this virus actually works, and the connection to airplanes.
It is stealthy.
I am hoping my theory can be experimentally verified on ground without requiring an actual plane flight.
Based upon the past two years, my theory fits. I still have not found a hole in my theory. I am still researching.
lurker • January 22, 2022 9:24 PM
@SpaceLifeForm, All
A family flies 600km to a wedding, then flies home again. This is permissible under the orange setting of the “traffic light” system that has replaced lockdowns. When they get home a family member is unwell. Tests show 9 family members +ve for O; also several at the wedding and the aircraft cabin attendant. The nation now moves to a red light. Red does not mean stop. While at red people can still fly 600km to a wedding. Publicans are puzzled why, when their punters must be seated, 1 metre apart, and have drinks brought to them.
Because of historic associatons with STDs people snigger when you remind them Covid is a social disease…
SpaceLifeForm • January 22, 2022 9:26 PM
@ lurker, JonKnowsNothing, ALL
Gee, I wonder how this happened
hxtps://www.facebook.com/samoagovt/posts/294412672721890
As a result of the 15 positive COVID19 cases from the 73 passengers who arrived in the country on Wednesday from Brisbane Australia Samoa has moved to Alert Level 3 (RED) for the next 48 hours from January 22, 2022, 6pm until Monday 24, 2022, 6pm, observing the following measures: …
[The pre-flight tests are futile]
lurker • January 22, 2022 9:38 PM
@SpaceLifeForm, All
The 9 wedding guests also attended a funeral [common thread?], a casino and an amusement park. Mask wearing is compulsory on airplanes, but actual mask status is not publicly stated: mask exemptions are easy to obtain or fake. Unmasking (sic) fakes is not a popular task.
SpaceLifeForm • January 22, 2022 10:34 PM
@ popehat, ALL
What is this dumbass, fascist, corrupt judge going to do when the Health Care Workers start their new job Monday?
I have popcorn. These Health Care Workers may not.
It comes as staff shortages strain health systems nationwide — nearly one in five health care workers have quit their jobs since the beginning of the COVID-19 pandemic.
JonKnowsNothing • January 22, 2022 10:35 PM
@lurker, @SpaceLifeForm, @All
re: It is stealthy.
There are now 4 sub-lineages to Omicron: BA.1, BA1.1, BA.2, BA.3
A sub-lineage shares a common root with the parent, and each has unique mutations.
- BA.1 is global in scope
- BA.2 is in EU and India
- BA.3 is in Poland and South Afrika
BA.2 is known as “The Stealthy Omicron” because its mutations evades test detection.
BA.2 is spreading fast, as Tests return Negative and illness is passed off as the flu or cold.
The loss of 2 monoclonal antibody treatments is not a good harbinger of things to come. Granted one of them was already of limited use after the rise of Delta.
BA.2 may get it’s own Greek Letter soon. Pi or Cake?
SpaceLifeForm • January 23, 2022 12:20 AM
@ popehat, ALL
The Thedacare argument can not hold water.
They argue that the 7 Health Care people moving to Ascension would cripple the Health Care Response for the area.
The buildings are about one mile apart.
https://www.google.com/search?q=map+thedacare+ascension+outagamie+wisc
This guy should just resign in the next 24 hours:
[OK, give him 26 hours. That is double the 13th Amendment]
Clive Robinson • January 23, 2022 1:14 AM
@ JonKnowsNothing,
One aspect is “Soldiers lie to others about being a soldier”.
We mostly don’t tell as we only want to remember the good not the bad.
Each year we raise a glass to those who will remain forever young in our eyes.
They say combat changes you, it does, it also teaches you to be different.
Remember what it is you have to do… From the earliest we can remember we are taught that violence, and killing especially are wrong. Yet a soldier sights their gun on the enemy and knowingly pulls the trigger to kill. Mostly you miss but you know in the back of your head that some shots count.
There are three basic types of shooting,
1, Shoot to scare.
2, Shoot to wound.
3, Shoot to kill.
Mostly a soldier does the first, it’s known as “covering fire” if you put enough lead in the air the sensible place for the enemy to be is where they can not shoot back.
With the second type of shooting the question is where to aim? Often you are encoraged with the “aim low” mantra. In the west our targets are generally drawn on “center body mass” others such as some Russian ones are drawn on the groin. The reason is under stress we mostly tend to “shoot high”.
But why wound rather than kill? Well there are several reasons one of which is the psychological one of pretending to yourself you have not killed. But there is another reason which is part of the cold logic of war. If someone is wounded they need care, which means a medic is required, then two others to carry the stretcher, yet others to get them to trauma centers the faster you do it the better chance they will survive. In the UK we’ve got so good at it, that people come back and they realy wish they had not in the months and years that follow…
But that cold logic is simple, a wounded soldier holds down maybe ten other soldiers and significant resources in the moment of battle. The dead need no assistance[1] they are nolonger a part of the battle they do not slow down the pace, the battle continues without them. It was the First World War, the first “industrial war” where the horror of wound not kill became clear to all, the use of gas to blind and choke to win a battle without having to engage the enemy…
Then there is the job of the specialist in killing, the sniper, who aims for “one shot on kill” their job is to bring death to order and instill fear in the enemy.
One sniper and their spotter can have a hugely disproportionate effect. They can cause not just fear but “long gun fever” where peoples every actions change so much they become not just mentally but physically ill. You realy can die of fear if the stress hormones stay elevated long enough.
The view painted of a sniper is that the take out important people thus destroy the enemy chai of command. Whilst this may happen it’s not the job that most do.
Even though it is obvious guns have ranges few rarely think how it effects warfare on the ground. Hand guns are of not much use beyond a hundred feet, rifles whilst good to 1500-2000 feet are more accurate than the soldier pulling the trigger who is good to maybe 1000 feet quite offten not even 500. A light machine gun is good to 3000 feet, so they can kill beyond the range they can be killed at by a squad of infantrymen. A sniper can kill reliably at 3000 feet and out to beyond 6000 feet. So the job of the infantry sniper is to kill those who operate machine guns. They are quite good at this in unconventional warfare, because the enemy is often not trained. A machine gun makes you feel powerfull if not invincable as people can not get close to you. So unless trained otherwise they do stupid things like stand in the open with the machine gun up on a post or tripod mount in the back of a vehicle or just on an oil drum. Yes they get a wide field of fire, but they are all the more vulnerable because of it, so they get popped for their stupidity. A wiser commander picks his fields of fire with more care as their life expectancy is related to the life expectancy of the men behind the machine gun…
For some in the UK it is fourty years early this year of the battle of the South Atlantic, and Falklands. A stupid war started by politicians hoping to hide their failings behind patriotism, drum banging and flag waving.
However the real reason behind it is only now becoming more apparant to the world at large, and it is the fight for mineral rights, mainly for energy such as oil and the very temporary wealth[2] they bring a nation both directly and indirectly.
On such things the fate of a few people rest. Right now there is a war of words going on in the UN over the Falklands and the right of the people there for self determination. It is not just sad that this is happening, it is sickening. The UN C24 committee is for “Decolonisation” and the Falklands is on their list. Each year the Falkland islanders have to send representatives to fend of false Argentina’s claims that the Falklands are theirs, that is to plead for the right of self determination,
But dispite repeated requests by the Falklanders that the UN send a fact finding mission there to see what the people want, for “political reasons” they won’t send one. Why because the Falklanders are 99.8% happy to stay the way they are as an “Overseas Territory of the United Kingdom” and that is the opposite of what the C24 ideology is about.
So each year Argentinian politicians get to beat up a frenzy of patriotism at home in their press to scream for blood and vengence against people that have done them no harm, in fact the opposite. But worse those politicians trample on the memories of friends and loved ones who helped fight the Argentinian dictatorship that killed and disapeared so many Argentinians that nobody knows how many it was… Is that dictatorship gone, yes with the help of the Battle of the South Atlantic. But is what caused the dictatorship to arise gone, no very apparently not, and this rightly concerns people. This is what the UN C24 wants to inflict on the Falklanders out of “ideology” and the Falklanders very clearly do not want anything to do with it, they do not want to be traded like a commodity of political ideology into the hands of political despots driven by greed, desperation and inadequacy.
But as soldiers we are required to bide, to watch on, and hope we are the last who have to remember those for whos life journy was so short.
[1] A dead soldier can wait, they are not going anywhere, they need no comfort or aid, eventually a couple of soldiers after the battle is over will spend maybe twenty minutes with a couple of shovels putting the body in a shallow grave and mark it on a map… Or these days even less putting the pieces in a body bag and stacking it on a truck like so much cordwood. We take the fallen to the rear, they go from our minds untill we do something normal like eat, or take a smoke and they are not there. But as the fallen retreat they become others responsability to get them home one last time. The quiet repatriation ceremonies where the names do not matter, they are one of us and they are leaving, going home, to journies end, they feel no pain as those that remain feal their loss, we hope in our hearts that there is a reason why it was them not us. We leave the nonsense of glorious deaths, heroic actions to other fools, what we remember is the little things like the laugh the joke the silly stunt, what they drank, how they liked their hot brew or banjo even what hand they used to hold a mug or smoke. We also remember those photos from home how they made them feel proud and us as well. In short soldiers remember the life of their comrades not their deaths and we take them with us always.
[2] History shows that such wealth is usually squandered by stupidity and status. Why bother creating when you can just buy it… Such wealth makes a people not just poor but bankrupt. Because that real wealth that carries a nation forward is knowledge and it’s application through industry, to make trade goods, and it is through trade you stop wars starting. But politicians do not care for this as it does not keep them in power…
SpaceLifeForm • January 23, 2022 1:41 AM
Tonga relief
Japan dropped off 3 tons of drinking water in past 24 hours, but I do not see that spelled out in the link below.
Inter-island operations are still a problem.
Also, pumice is rough.
Inter-island communication remains an acute challenge. Limited telephone connections are now reestablished with Niuafo’ou and Niuatoputapu; Satellite and High Frequency (HF) Radio communication have been re-established with Vava’u, Niuafo’ou and Ha’apai; and plans are underway to set up a HF radio Station on Niuatoputapu. Limited international phone calls are now possible and communication operators are working with Government to urgently restore full services. A New Zealand relief flight arrived with much needed telecommunications equipment to re-establish limited internet connection. A vessel is expected to reach Tonga in the next few days to repair the fibre-optic cable that was severed by the tsunami.
Robin • January 23, 2022 2:26 AM
@Clive, @Winter, All:
“Excess deaths” is an attempt to capture overall deaths due to Covid, and includes, for example, increases in deaths due to illnesses (such as cancer and heart disease) not being treated because hospitals are too busy; the “opportunity costs” as it were. It seems reasonable that it works in both directions: if deaths due to ‘flu or other seasonal maladies are reduced due to covid measures, that should also be reflected in the figures.
SpaceLifeForm • January 23, 2022 3:35 AM
@ Clive, ALL
re: Remember what it is you have to do…
It’s not kinetic warfare we have to do. We (collective we) have to stop the evil that is tied to money. The love of money is the root of all evil.
These people that get addicted to money are the problem.
Don’t worry, Mother Nature is going to solve this problem eventually if we do not.
It’s a zero-sum game, and those that are addicted to money have always thought they controlled the game.
Cryptocurrencies down again. Aw, that’s a shame.
SpaceLifeForm • January 23, 2022 4:01 AM
Table: No more! I can’t take it anymore!
Head: Just stay where you are, I’ll be back.
someone • January 23, 2022 6:39 AM
@Mark re: id.me – Yeah, I just went to the IRS id.me sign-up site. My return this year will likely be pretty complex, since I’m retired and my RMD (mandatory disbursements from tax deferred pension investments) kicked in last year. Coupled with the anticipated delays from financial institution and USPS screw-ups, along with imprecations to file ASAP because of issues at the IRS itself, I was persuaded that some of the benefits to signing up were plausible, mainly on-line access to tax information from financial institutions that are transmitted to the IRS at the same time that the paper form should be mailed to me. However, I didn’t get past the “Terms of Service” page, which contains this wonderful caveat:
“If we decide to change these Terms of Service, we will post those changes to this page so that you are aware of them. We reserve the right to modify these Terms of Service at any time, so please review it frequently. If we make material changes to these Terms of Service, we will notify you here, by email, or by means of notice on our home page. Unless otherwise noted by us, your continuing use of ID.me’s services after we have notified you of any changes to these Terms of Service will indicate your agreement to all changes. If, at any time, you do not agree to any terms of ID.me’s applicable Terms of Service you may close your account.”
So, in theory they could decide to start selling my information to anyone willing to pay for it, or allowing another party to directly access my account; all they need to is publish the notice simultaneously with making the change effective. Even if I was aware in real time of a change justifying account termination (highly unlikely) how could I guarantee termination before any other party took advantage? That TOS document is pretty much tantamount to having no terms at all incumbent on the provider. Needless to say, I won’t be signing up for this. I suspect that there are many other reasons to decline, but a TOS written in jello is more than sufficient for me.
Clive Robinson • January 23, 2022 7:57 AM
@ SpaceLifeForm,
Just stay where you are, I’ll be back.
Might have been what the White Rabbit said to Alice…
So MS issues a patch some time ago that causes a need for a more recent patch which when installed starts taking some servers out…
So MS issue an “out of band”, “Install it yourself at your own risk” patch…
So when is the next patch going to come rumbling down the rabbit hole… And does Alice need the bottle or the cake first?..
Winter • January 23, 2022 8:50 AM
@flat
“He added that all President Putin wanted was respect.”
Putin has shown in Belarus, Kazachstan, the Crimea, Georgia, Chechnya and also in Russia (Navalny, Nemtzov, etc.) that he does not want people to have a choice.
He rather murders them than that he lets the people have what they want.
He will try to destroy Ukraine, rather than let them have a say in their own fate.
JonKnowsNothing • January 23, 2022 9:19 AM
@Clive, @Winter, @All
re: soldiers remember the life of their comrades not their deaths and we take them with us always
RL anecdote tl;dr
In eons past, while living in France, I got rather tired of the French saying “We remember the Americans who came to fight the Germans” line which was followed up with “dead air”.
France is for the French and if you don’t have pedigree for 400 years there, you are not French. Even if you do have pedigree, you still might not be considered French.
So the line about “American Saviors” got tiring.
So, I decided I would swap the story some, and it raised a few French eyebrows. Whenever I encountered the “required statement of acknowledgement” my response was:
I don’t think it was very nice, that my family(1) had to come here to kill other people for you.
It shut down that line of BS fast.
When you point a gun at someone, and pull the trigger, more people are affected than just the one with the gun.
It was much more refreshing to run into the Brit that stated in no soft tones:
Are you a Yank? You’re a Yank! I CANNOT STAND YANKS!!!
===
1) WW2 Soldiers All. And going back through the entire history of the USA and even to when we were still English but not Englishmen.
Freezing_in_Brazil • January 23, 2022 9:37 AM
@ Clive Robinson
Re tales of war
Sublime reading. I can’t believe I’m reading this for free. Thank you.
(*) Prior to the pandemics, the Falkland Islands were having an economic boom. With a territory bigger than Jamaica’s, it certainly qualifies for a country status. I’m gonna treat myself with a visit there, as soon as this Sarskov guy permits.
Winter • January 23, 2022 9:41 AM
@JonKnowsNothing
“France is for the French and if you don’t have pedigree for 400 years there, you are not French.”
I doubt that. Charles Aznavour, Josephine Baker, and Zinedine Zidane have achieved French national Sainthood. None of these could show a French pedigree.
Jon • January 23, 2022 10:31 AM
@ someone
Indeed, there’s a security risk. That a contract can be freely modified by one party, and finding out about it is your problem?
Ummm… IANACL (Contract Lawyer) but wouldn’t that be just colossally unreasonable? Or, if you prefer, if one party to the agreement says they can do that, why can’t the other?
E.g. “Yes, you may share my information, but you must remit to me US$1, payable monthly, for every time you do (and you grant permission for me to audit you)”.
What? “Material” changes (who says what’s “material” and what isn’t, hmm?) changes require email? Okay. Off goes the email – oh, sorry, your spam filter ate it? Not my problem! The modifications still apply, because I sent the email, right?
That TOS writers write that sort of horse”pucky” into what is arguably legally-binding contracts shows mostly that they think they can get away with it – and they’re probably right.
J.
null clam • January 23, 2022 10:33 AM
Re: how to behave in other countries
Maxim in its most compact recursive form –
When in Rome do as the Romans do; and when not in Rome, as the Romans do when not in Rome.
someone • January 23, 2022 11:00 AM
@Jon re: id.me TOS – then there was the section that stipulates that a user is limited to submitting any disputes to an “independent” arbitrator of their choosing, and is also required to waive any participation in class action litigation. Just a leeetle bit one-sided there, eh? Now, I’m accustomed to seeing some pretty draconian “we win, you lose” provisions in boiler-plate agreements with private internet businesses, but this is the freaking governent, that I am obliged to support with my taxes, and which allegedly works for me. “Equity” for the taxpayer? What’s that?
Jon • January 23, 2022 11:08 AM
@ someone
Wanna bet that their contract with the IRS has no such clauses? Heh. J.
Anders • January 23, 2022 12:44 PM
@Clive @SpaceLifeForm @ALL
hxxps://news.yahoo.com/poland-raises-cybersecurity-terror-threat-181538768.html
Who? • January 23, 2022 2:12 PM
Requesting advice on Coreboot
One of the computers I use has a broken BIOS implementation. Its ACPI 2.7 implementation is so buggy that it cannot even boot OpenBSD these days, so I am considering replacing its firmware to Coreboot.
It does not seem too difficult; it is a ThinkCentre M55 (non-AMT), has a Core2 processor and seems supported by Coreboot. I plan to configure a Raspberry Pi as a device to backup and, in case of failure, flash its original BIOS to it. I have a few questions about this process:
- will changing its firmware from Lenovo’s BIOS with ACPI 2.7 to Coreboot + SeaBIOS update its APCI implementation to ACPI 6.0, just like the PC Engines APU series support right now?
- can this BIOS be tested on qemu before flashing it or will qemu not provide a platform comparable to the ThinkCentre M55 desktops? Building a Coreboot release with either coreinfo or SeaBIOS payloads for qemu is really simple, but qemu is a supported platform so this task should not be difficult at all.
- Can SMM be disabled on a desktop computer? As noted a week ago, the PC Engines APU series now have SMM disabled.
- Does someone knows the size of the SPI flash chip on the ThinkCentre M55 (not the AMT-enabled M55p)? Is it large enough to support Coreboot + Tianocore payload in case I want UEFI support? Right now my goal is using SeaBIOS as Coreboot payload, and it will fit on a 256 Mbit SPI flash.
- Anything to consider when hardening the new firmware?
I am sorry for asking these questions here, but I understand that a forum like this one is the perfect place to find people that knows Coreboot and will provide some useful advice. Coreboot is an important step hardening a computer, in my humble opinion, and non-AMT Core2 desktops should be easy to support as there is no need to worry about disabling Intel ME.
Thank you!
Anders • January 23, 2022 3:14 PM
@Who?
Instead of PI use this for the safeguard/recovery.
hxxps://www.downtowndougbrown.com/2021/12/upgrading-a-motherboards-bios-uefi-the-hard-way/
vas pup • January 23, 2022 3:29 PM
@JonKnowsNothing
Thank you for Your thoughts on the subject.
@Winter • January 23, 2022 8:50 AM
Unfortunately, most of the folks in former ussr republics have the only choice to be exploited and used by either own or foreign oligarchs. Poor choice.
vas pup • January 23, 2022 3:31 PM
Can this app help to keep women safe on the streets?
https://www.bbc.com/news/av/uk-60074025
Two different views provided in a short video.
Ted • January 23, 2022 5:18 PM
@vas pup
I think the devil is unfortunately in the details with the Path Community app. The security of the app matters – and I’m imagining this app could be used in both good and nefarious ways.
Also, attackers don’t have one universal approach. So there’s not necessarily any safety guarantee even if you search for a different route – though it’s a reasonable thought.
More importantly, the app can’t undo a physical assault if everything doesn’t work out just perfectly. So if it really matters, I think other strategies are paramount to consider.
cont.
Ted • January 23, 2022 5:22 PM
cont.
For example, some situations seem more dangerous than others, such as: being in an area with higher crime, being alone, being out at certain times of day, being intoxicated, etc. Doing a good risk assessment and mitigation of your general activities seems wise, as does avoiding situations that raise the hair on the back of your neck.
And for goodness sakes don’t just rely on an app to contact your designated guardian when you remember to name one. Be prepared to call 911 or your local emergency number if you feel scared!
Also it can certainly not hurt to ask your loved ones what they think about your plans, and listen to the ones who prioritize your safety.
I think these suites of apps could have some benefits, but I’d be cautious not to let them lull people into a false sense of safety. There is no undo button.
Plumber • January 23, 2022 5:51 PM
Has anyone been experiencing difficulties contacting routers descriptors from TOR directory authorities (https://consensus-health.torproject.org/) ???
noselfie • January 23, 2022 7:35 PM
@mark / id.me : I find this required service appalling. Does anyone doubt that the 3 letter agencies are siphoning up all the data in the back-end? Building a nice face recognition database for virtually all US citizens? They couldn’t do it openly, like this it’s a “commercial 3rd party” and they just need to collect the data “secretly”.
flat • January 23, 2022 8:21 PM
@Winter
Regarding that dispute, yours seems to be a one sided perspective.
The fact is one side is moving huge bellic means (as well as ideologic) to another country.
Both sides don’t really care about ukrainians, and both have a barbaric recent history of destruction.
NotMe • January 23, 2022 9:44 PM
@SpaceLifeForm
“Number Stations” are a myth, similar to “Climate Change”.
“Climate change will fundamentally reshape life on Earth in the coming decades, even if humans can tame planet-warming greenhouse gas emissions, according to a landmark draft report from the UN’s climate science advisors obtained by AFP.”
https://phys.org/pdf543639966.pdf
ResearcherZero • January 23, 2022 10:47 PM
“We believe that initially stolen data is used by threat operators primarily to spread the attack inside the local network of the attacked organization (via phishing emails) and to attack other organizations in order to collect more credentials.”
Amongst attacks of this kind, we’ve noticed a large set of campaigns that spread from one industrial enterprise to another via hard-to-detect phishing emails disguised as the victim organizations’ correspondence and abusing their corporate email systems to attack through the contact lists of compromised mailboxes.
https://securelist.com/hunt-for-corporate-credentials-on-ics-networks/105545/
“It is expected that malicious parties will continue to search for vulnerable systems and carry out targeted attacks in the coming period”
https://www.digitaltrustcenter.nl/nieuws/kritieke-kwetsbaarheid-in-apache-log4j-2
–
Cisco Talos has traced “attacker access to government networks with the wiper malware as far back as late summer 2021,”
https://blog.talosintelligence.com/2022/01/ukraine-campaign-delivers-defacement.html
Implement robust log collection and retention.
Look for behavioral evidence or network and host-based artifacts from known Russian state-sponsored TTPs.
https://www.cisa.gov/uscert/ncas/alerts/aa22-011a
Ted • January 23, 2022 11:38 PM
@ResearcherZero
Wow. The CISA link says there is up to a $10 million reward for info on state-sponsored Russian cyber operations targeting U.S. critical infrastructure. Seems like someone’s going to want a piece of that. I’ve got to think other countries are taking a similar posture. Messing with critical infrastructure is a few shades darker than hacking John Podesta’s emails.
Also “How the Russia/NATO dialogue is going”
https://www.economist.com/the-world-this-week/2022/01/22/kals-cartoon
lurker • January 24, 2022 12:48 AM
@NotMe, @SpaceLifeForm
Climate change is bad news, so the phys.org report is saying the messenger doesn’t want to be killed for it?
Winter • January 24, 2022 1:55 AM
@flat
“The fact is one side is moving huge bellic means (as well as ideologic) to another country.”
There are two parties, Putin et all invaded Ukraine (KCrimea and Donbas) and moved massive troops to its boundary. The NATO has neither troops nor material in Ukraine. There are NATO troops and material Poland, but it is a free country and can join any club it wants.
@flat
“Both sides don’t really care about ukrainians, and both have a barbaric recent history of destruction.”
So let the Ukrainians decide whom they like most, Russia or the EU/NATO.
But that is not the point, is it? The point is that Putin denies everyone else the right to choose.
As for the level of destruction, Donbas, Chechnya, Georgia, Syria would seem to tell us a different story.
Winter • January 24, 2022 2:02 AM
@NotMe
““Number Stations” are a myth, similar to “Climate Change”.”
It is always funny when someone denies what I have seen and heard myself.
I have heard stations reciting endless strings of numbers myself many times while playing with an old tube radio.
As for “Climate Change”, that is the same realm “Evolution/Old Earth” and “Globe World”. There are people who reject science and claim the earth is flat, and was created in 7 days, and that changing the atmosphere cannot change the climate.
What all these people have in common is that these people want to abolish science because it does not suit their plans, which might be installing a theocracy, fascist dictatorship, or destroying nation states, or just making as much money as is possible from fossil fuels.
Clive Robinson • January 24, 2022 2:57 AM
@ Ted,
Messing with critical infrastructure is a few shades darker than hacking John Podesta’s emails.
But to some it is not war, although it is political.
Whilst it is probably true Putin does not want to invade the whole of the Ukrain he does for his own political survival need two things,
1, Unite those who feel Russian
2, Have an Orwellian enemy to blaim.
There are 11m Ukrainians who see themselves as Russian in the East of Ukrain, and by faux fables of unitedness they create the tension that Putin needs to demonize the Western Ukrainians.
Unfortunately for Putin the Western Ukrainians especially the young appear determined not to suffer the fate of those to the north of them in Belarus (White Russia).
So whilst Putin’s forces on the boarder could invade the Ukrain the resulting civil conflict means they could not hold it. Russia and Putin especially knows only to well the cost of trying to hold an empire by force, and how that would not sit with the Russian people.
For Putin is caught in the cleft of a stick, to stay in power he has to project a Strong Russian State to the people, but in reality Putin has to give up all notions of “empire” if Russia is to survive economically.
The only way this can resolve is by the Russia people changing, they have to ditch that sentamentalist streak for the “good old days” that never actually existed, and face the harsh reality that whilst they maybe mineral rich they are economically bankrupt and can not move past it as they are.
Obviously to move forward Russia has to ditch what they think is “Russianess” and that means getting rid of the man that not just creates the faux history but wraps himself in it to stay in power…
The problem Russia has is a treaty between the Ukraine, UK and US to ensure Ukrainian democratic freedoms, and oddly perhaps that the EU wants the Ukraine or atleast the Western part to be part of Europe, but does not want Russia as it currently is as part of Europe.
Economically the Ukraine although full of corrupt oligarchs is economically in the best position something that Russians are slowly realising they want themselves.
Well the peoblem is there can not be a Strong Russian State and a working Russian economy the two do not go hand in hand.
Perhaps the best thing that could happen for there to be peace in the region is for Putin to fall of his horse and break his neck. As the political infighting that would probably result is going to cause internal civil unrest that will keep Russia otherwise occupied. The Russian people will then have a choice, go the Belarus way or the Ukranian way. Belarus is clearly a “basket case” whilst The Ukraine still has a chance.
The reality for Putin is he needs the Ukraine to be two seperate things another Belarus that is a dependency Russia can not aford and a bad example to the Russian people or an economic success that Russians want desperatly but is bad for Putin as it will only happen via strong democracy thus from his point of view another bad example to the Russian people.
So Putin’s only option is to forment trouble and invent enemies in an Orwellian fashion to blaim for his inability to deliver on his promises that can not be delivered.
By offering a money bounty and sanctions etc the US is actually playing into Putin’s game of “The big bad West” thus strengthening his position.
Clive Robinson • January 24, 2022 3:40 AM
@ NotMe,
From memory @SpaceLifeForm was being sarcastic to make a point.
As for “Climate Change” the last two paragraphs quoted from the draft report are the important ones,
“We need transformational change operating on processes and behaviours at all levels: individual, communities, business, institutions, and governments.”
“We must redefine our way of life and consumption.”
Part of moving into an “information economy” should be the realisation that communications displaces transportation.
Two of the things the pandemic has shown is,
1, Teleworking works as well as office working.
2, Software is not upto anywhere even close to the minimum security standards needed for Teleworking.
Thus the software industry needs to improve a very great deal if we are to stand even a small chance on,
“Redefining our way of life and consumption”.
Oh and a third thing the pandemic should have made clear to all is “Bio-Sec” is of vital importance. So,
“International transportation of people and goods is not a safe thing for the longevity of mankind.”
Who? • January 24, 2022 6:17 AM
@ Anders
Thank you! The reference to the SPI programmer in your post is very useful; I have one of these cheap programmers, but was thinking on using a Raspberry Pi instead.
I was considering buying a few male-female cables to adapt the Pomona clip I own (it has eight soldered cables, but hopefully a female connector on its end too), as described here:
https://github.com/bibanon/Coreboot-ThinkPads/wiki/Hardware-Flashing-with-Raspberry-Pi
I have some soldering skills on surface mounting devices, and some heatshrink tubes, but the modification suggested in the page you are referring is different, as it includes a resistor to protect the one-time programmable memory we sometimes found in our hardware devices against a non-reversible modification on some of its bits.
It is a great reference and will carefully study it over the next weeks. Even if I follow the Raspberry Pi route I will consider soldering a few resistors to the homemade cable. I am surprised to see these Pomona clips need those modifications when its only goal is backing up and flashing the content of SPI flash chips. Shouldn’t the SPI programmers include the required changes on its design? Not talking about a general purpose Raspberry Pi computer, whose GPIO pins have multiple uses, but at least the SPI programmers should not require these modifications.
Thanks for the link to the detailed use of a SPI programmer!
Who? • January 24, 2022 7:32 AM
I am sorry, I missed changing “https” to “hxxps” in my last post.
Quantry • January 24, 2022 10:10 AM
@Plumber, re: Your query.
Im getting the Tor Health page fine. Perhaps last years layoffs due to poor donations is at the seat of some disruption, or a busy day on the network.
Lots of people relying on Onion Routing, not just a ton of journalists and whistleblowers: Anyone running Tails. Bleak in Russia maybe…
ht tps://www.zdnet.com/article/tor-project-battles-russian-censorship-through-the-courts/
someone • January 24, 2022 11:42 AM
@Clive re: teleworking – it appears to me that your #1 & #2 astatements re in (at least implied) conflict. Frankly the premise in statement #1, even though you write as if it was obviously and universally true, is imo far from conclusively demonstrated, unless you intended it to apply exclusively to “knowledge workers” and other highly technical staff. Certainly telework has been shown to work well in a number of cases and situations – we knew that long before COVID forced these changes upon us. However, I’m convinced that there are some office work situations that require close supervision that remains most effectively accomplished by another human present at the same physical site at the same time. Perhaps that, too, can be resolved by software improvements, or changes in work structure, but that has not yet been shown conclusively for either option. And, as you mention, there are significant (might be too weak a word) security deficiencies, that will be difficult to fix, short of businesses adopting a basket protocols specifically targeted to home work, a solution that will cost money that many of those businesses will be unwilling to spend. There are quite a number of near, mid, and long term costs to businesses that may be affected positively or negatively by a permanent transition from on-premise office work to that same work performed remotely, and I believe the jury remains out on the bottom line for that change.
Plumber • January 24, 2022 12:12 PM
@Quantry
Sorry, what I meant was not the page itself but downloading the TOR routers descriptors from different directory authorities. “http://[DIRECTORY_AUTHORITIY_IP:PORT/tor/server/all” (those links labeled “descriptors”. At the time of writing this I could only access moria1 descriptors.
John • January 24, 2022 2:40 PM
@Clive,
Good analysis about working from home!
In my opinion, there is one part missing in what you wrote.
Connected remote groups.
I was part of DEC when this was the rage. Worked very well from what I could see.
There was a program VAXNotes that seemed to glue the whole thing together. I have not been able to find that program or better yet the ‘vision’ documents for that program.
From what I see, connected remote groups makes the most sense.
John
flat • January 24, 2022 4:20 PM
@Winter
“There are two parties” (btw, it is Russia and US) and you are clearly looking sharp to one of the sides only. It calls for a nervous “hey, the other side is just as unrighteous…”, look at what they did to the right to choose of “their own Ukraines”:
https://revista.drclas.harvard.edu/united-states-interventions/
In a time well before Crimea annexation or any Russia doorstep intervention, US was already making its moves, naturally ignoring any genuine free choice:
“Ukraine’s bid to secure a MAP, the first stage in the long process of joining NATO, faces low public support at home.
(…)
For many Ukrainians, joining NATO is not a priority — only 30 percent of respondents in the ex-Soviet state support it.”
https://www.reuters.com/article/us-nato-ukraine-bush-idUSL0141706220080401
But unfortunately what is being prepared is not just another “football match”. The real thing is tragic, both bullies are ostensively preparing fresh suffering and destruction.
vas pup • January 24, 2022 4:47 PM
Flying car wins airworthiness certification
https://www.bbc.com/news/technology-60072194
“A flying car capable of hitting speeds over 100mph (160kmh) and altitudes above 8,000ft (2,500m) has been issued with a certificate of airworthiness by the Slovak Transport Authority.
The hybrid car-aircraft, AirCar, is equipped with a BMW engine and runs on regular petrol-pump fuel.
It takes two minutes and 15 seconds to transform from car into aircraft.
The certification followed 70 hours of flight testing and more than 200 take-offs and landings, the company said.
“AirCar certification opens the door for mass production of very efficient flying cars,” its creator, Prof Stefan Klein, said.
“It is official and the final confirmation of our ability to change mid-distance travel forever.”
Short video inside as well.
SpaceLifeForm • January 24, 2022 4:58 PM
@ ReasearcherZero, Clive, ALL
No sarcasm here
While Putin is distracting, you better be watching your logs for China traffic.
Clive Robinson • January 24, 2022 6:41 PM
@ JonKnowsNothing,
WW2 Soldiers All. And going back through the entire history of the USA
Both my parents and uncles and aunts were in uniform during WWII, my grandparents were likewise in “The Great War” though not all in uniform[1]. There has always been a member of the family in the Royal Corp Signals in each generation since before it became “The Corps” in 1920.
What many do not know is that the Royal Sigs are “First in and last out” and often “the awkward squad” would go in well before the likes of the SAS to set up communications, and accompany them during their operations as operators. They would also “go in solo” to support diplomatic missions and some units were trained not to come back. That is they would become “stay behind” forces alowing the enemy to pass them by and provide intelligence back from behind enemy lines, whilst others were trained to “drop in” behind enemy lines.
I’m not sure just how far back the family tree can be traced, but for those we know back as far as Cromwell many did military service in some way.
The exception is my son, I’ve pointed out that what was “good” has been stolen by politicians and the covenent irrevocably broken by them.
I’ve tried to be honest with him about how the military in the UK has changed in the last fourty years for very much the worse and how in reality there is no real benifit in it for an individual any more.
Needless to say because of politicians behaviours the number of those becoming recruits has declined so much that at one point it was less than one a day…
UK politicians became so desperate to fill vacancies in the existing ranks and find experts to fill new roles rather than train up existing personnel, at one point they took off the age restrictions on pepole “re-joining” especially in Signals-Intelligence. But honestly, think about it, how many 50year olds do you know that could run 500m in full NBC kit in the desert carrying a combat load out plus technical equipment?
To say the politicians plan smacked of desperation was an understatment. Unfortunately since UK commitments have dropped, and being cannon fodder became less likely, the number of “young, desperate, and not fit” joining up has increased. I suspect it will only be a matter of months before the politicians throw them into some new combat zone, under trained and ill prepared for what they will face. There is no honour in politicians these days and they care not a jot as long as those doing the dirty work are not their sons or daughters.
[1] Little known fact, for various reasons there were a number of people of Scottish ancestry living in Normandy and Brittany at that time. Come the “Great War” whilst they did not join the fight as soldiers, some became what you would call auxiliary medics, stretcher bearers and the like with their wives and other family members becoming “bandage boilers and makers”. What some did was beyond heroic and they saved many lives, few ever got any recognition which is a shame, in part because it was considered incorrectly they were “Conscientious objectors”. Something the millitary hierarchy did nothing to change, as the view carried forward from the Boar-War was that all men including wounded should fight not be encoraged into malingering or do “womens work” (remember the same commanders such as Lord Gort had over three thousand people sentanced to death of which over three hundred and fifty were carried out, all who had shell shock and similar. This was apparently justifed as being to stiffen “Moral Fibre” in other soldiers…).
null clam • January 24, 2022 7:11 PM
@ vas pup
Re: flying car
This will demand AI flying, as it’s hard to believe most people could ever safely manage 3D traffic awareness. But AI can’t really manage 2D traffic awareness yet. Who will be flying these things ? Even restricted 3D flight, such as 2D + “stacking” is not likely to go well.
SpaceLifeForm • January 24, 2022 7:48 PM
@ ResearcherZero, Clive, ALL
Rat in Pickle Bucket does not understand BGP. Does not understand routing loop.
Does not understand routing around damage. Rat should not have jumped into the Pickle Bucket, creating its own damage.
The results may not be SWIFT. But slow, circling, until energy depleted and apoptosis kicks in.
JonKnowsNothing • January 24, 2022 9:56 PM
@ Clive, @All
re:
The History of the World
C: Both my parents and uncles and aunts were in uniform during WWII, my grandparents were likewise in “The Great War” though not all in uniform[1]. There has always been a member of the family in the Royal Corp Signals in each generation
Thank you for sharing. It is rather amazing that everyone alive today has something similar in their family history, even if they are not aware of it.
We didn’t get here by osmosis. We got here because our ancestors did something that allowed them to keep going through famine, disease, social changes, wars, climate alterations, droughts, volcanic eruptions and ice ages.
We form imperfect barriers against such challenges and gain insight when things turn out well.
Thank you again, for all your kind words, thoughts, excellent memory and profound knowledge.
Sharing is the ultimate gift.
SpaceLifeForm • January 24, 2022 10:54 PM
Legally Blind Roach
Judge sees a bit of light
But not enough to scurry away.
Apparently not even a 13 watt bulb in tne chambers.
The broader case, in which ThedaCare argues that Ascension inappropriately group-recruited these employees, will go forward in court, but the employees are free to begin their new jobs on Tuesday.
[What is this group recruiting that you speak of your honour?]
SpaceLifeForm • January 25, 2022 1:46 AM
@ name.withheld.for.obvious.reasons, Bruce
CopyLEFT trolls
htx ps://doctorow.medium.com[/]a-bug-in-early-creative-commons-licenses-has-enabled-a-new-breed-of-superpredator-5f6360713299
[Fascists do not respect any license]
[Might makes right. They are insane, but must be right in their mind]
Winter • January 25, 2022 2:33 AM
@flat
“For many Ukrainians, joining NATO is not a priority — only 30 percent of respondents in the ex-Soviet state support it.””
That is because you artificially make it a USA/Russia match. But the Ukrainians do want to approach the EU. And the NATO would be nice as it protects them again Russian aggression which has already took part of their country and killed a lot of Ukrainians. The people of the Baltic states are convinced that they are only independent states still because they became members of NATO. Without NATO, they know they would have been conquered and occupied.
The EU do listen to the people. Without a Democratic government, there is no joining. Russia has shown in Belarus and everywhere else that they really, really only silence the people. If needed using chemical warfare.
null clam • January 25, 2022 3:15 AM
Could the spirit animating this book be pursued analogously in software development, and result in better, more economical design and implementation ? It’s only a one l-E-tter step from DV to DEV.
The DV Rebel’s Guide: An All-Digital Approach to Making Killer Action Movies on the Cheap, Peachpit Press, 2006, ISBN 978-0321413642
Clive Robinson • January 25, 2022 6:09 AM
@ SpaceLifeForm, ALL,
Regards “Russia cutting cables”
As you know it’s something I bang on about from time to time, more in respect of the “landing zone” “choke points” and ease of surveillance to out the likes of Tor and other MixNets. But few others apparently have ever been interested…
However Marcie Wheeler of “EmptyWheel” lives in Ireland these days (for her own safety). But her audience is still mainly US based, so I guess she is rather more sensitive to it than others.
But she is getting things a little wrong and missing a very significant point.
Mostly she is using logical diagrams that show the cables conveniently on a drawing, but not the actual geo-position of the cables. So it gives a false impression of where the problem actually is…
However look at the topological map she givez where the area the Russian Excercise is due to take place is marked.
You will see the Bristol channel that comes between Wales at it’s north and Cornwall at it’s south. This channel goes well out to the west under the sea. You will see on the map the edge of the continental shelf and mostly it’s a very step drop, thus not suitable for laying cables over.
Now project from the Bristol Channel between West and West-Sou-West you will see a darker patch immediately north and partially inside the Russian Excercise Area.
Well this is a much more gentle drop into the deep Atlantic, and it is there that many of the cables have been laid. In fact it’s known that some are actually ontop of each other in this area.
Thus the northern part of the Russian Excercise Area, is well within two man mini-sub range of all the cables in that sub-sea valley.
If you want to know more about the cables locations, you might want to look at the UK Admiralty “notice to mariners” information marked up on the relevant charts for those areas. They show areas where ancoring is prohibited, because “dragging anchors” badly damage sub-sea cables.
Oh by the way the “dragging anchor” excuse has been used to cut four cables around Africa a few years back… What is known is that they all happened within a very short time of each other, therefore under the,
Once is hapanstance,
Twice is coincidence,
Thrice is enemy action.
Rule you can guess what was going on.
Thus any “accidents” that happen almost certainly will not be “accidents”.
But the real question is “what of the future? It raises an important point.
Russia is known to have developed some quite sophisticated mines that can be controled remotely. It would take only a minor change in the way they work to be put within “damage range” of the cables without actually touching them…
So accidents can be arranged well in advance…
Now imagine having to go down and look in a 300ft wide swathe down the length of every cable looking for “concealed mines” or similar devices… The resources required would be immense.
So importantly look on it as yet another form of “Asymetric Warfare”…
But I also expect there to be more than a couple of “Signals Intelligence” submarines and similary surface vessels and aircraft “just passing by”…
Winter • January 25, 2022 6:38 AM
@Clive
Here is an article discussing NATA worries about the cables:
ht-tps://www.euractiv.com/section/defence-and-security/news/nato-seeks-ways-of-protecting-undersea-cables-from-russian-attacks/
A possible approach would be to add “detectors” to the cables that would signal when submarines approach. In a tense situation, any submarine detected would be a sitting duck for air-to sea attacks. Given these are undersea cables, communication would not be the main problem.
Technologically not simple, but neither are detecting gravity waves or designing and flying a telescope to a Lagrange point.
I assume something with such capacities has already been designed, if not employed.
Clive Robinson • January 25, 2022 7:04 AM
@ SpaceLifeForm,
What is this group recruiting that you speak of your honour?
It’s a nasty “tort” notion that has been around for a long time.
It’s to do with the quaint US notion that the skills of employees belong to their employers… It’s an extention of the idea about patents and similar.
Historically it goes back to serfdom and the “thiething of freemen” by land owners, and Guild employment of freemen as what we might call apprentices and endentured servitude.
The modern argument is something like this,
Person X has skills that employer A facilitated in some way. These skills give person X “value added” where the increased “value” is “claimed” to be due to their employment.
Therefore employer A claims that it has invested in person X and increased their market value, and thus are entitled to enjoy a return on that investment (think endentured / apprentice labour where the emoloyee is “tied” for a period of time).
Now in the past employers rather than pay to train their own emoloyees have “poached” those with the skills they need from other emoloyers who have trained those who work for them. Not so long ago the big Silicon Valley Corps got smacked over the wrist for operating a cartel with a “no employ” from others in the cartel policy to quite deliberatly keep skilled labour wages down on the pretense of a “no poach” policy.
So now individuals are free to seek the best wages/conditions they can, but employers are still not alowed to poach.
It’s hard to argue legally that an individual has been “poached” but there was a case of this over “self driving vehicles” not so long ago as part of a bigger case (technology theft).
But what about when an employer sees two or more employees leave at the same time to a competitor?
Is this just “free market” opportunities or is the new employer practicing “industrial-warfare” against the old?
Or is the old actually practicing not just “industrial-warfare” but also trying to illegaly operate a cartel or monopoly over labour to suppress wages and opportunities?
It’s a matter of circumstances and which way the wind blows on a given day.
However there is sofar clear evidence that the old employer was very deliberately holding down wages and forcing worse working conditions on the employees. As they are the ones bringing the case, to try and enforce Medieval userous tutelage Rights that are iniquitous in modern society, through a legal backdoor that should have been slamed shut a century or more ago, I’ll let you guess what I think.
There is actually a real danger in this court case, because if the court finds for the old employer it gives rise to “case law” that sets workers rights back a few centuries.
So I would be very tempted as the defendent in the case to ask for the plaintiff to under go full financial disclosure and search, because certain political and other corporate interests outside of this actual dispute may be financing it for their own ends.
Clive Robinson • January 25, 2022 9:05 AM
@ SpaceLifeForm, ALL,
Who remembers the RIAA and MPAA hounding of people without evidence?
Well it appears the brains behind it,
“Steven B. Fabrizio, 58, of Chevy Chase, Maryland”
Is at best a pervert, and almost certainly a psychopath with violent and sadistic tendencies. So I very much doubt his “snow job” testimony to get reduced sentencing,
Anders • January 25, 2022 10:44 AM
@Clive @SpaceLifeForm @ALL
hxxps://taltech.ee/en/news/threat-hardware-trojan-horses-bigger-we-have-thought-new-academic-research-claims
null clam • January 25, 2022 11:24 AM
@ Clive Robinson
enforce Medieval userous
I think you mischaracterize the Medieval period.
If there was one thing that was offensive in the Medieval era, it was usury. In general, institutions in the medieval period were much more equitable than those that came later, in the Renaissance and through to the modern period. This was because, taught by the Church, the medievals took seriously the quaint notion that stealing was a sin, and every aspect of economic and social activity was examined thoroughly in this light and codified in canon law and then civil law, lest one wind up going to the Hot Place. Many modern economic abuses (in employment, ownership, trade and commerce, debt, taxation etc.) essentially boil down to theft. These abuses are supported by modern economic and business theories so as to be presented as reaonable and fair practices. But a lot of insight into the causes of and remedies for modern problems can be had by applying the medieval principles.
Henri Pirenne and Marc Bloch have a lot to answer for in view of the distorted impression they give in their writings on the period 😉
MarkH • January 25, 2022 12:20 PM
@Winter:
I don’t know what “flat” is trying to sell, but that 30% figure is from 2008.
Current polling (in unoccupied territory at least) shows a solid majority of Ukrainians in favor of NATO membership.
The whole “NATO bogeyman” whining is anyway a lie: if Ukraine were ever to qualify for membership, the process would likely take 20 years, and NATO will never invade Russia.
Russia is the only military aggressor in this situation. Russia is the only invader and occupier in Ukraine. The only foreign active-duty soldiers in Ukraine with roles other than training are Russian. Only Russian nuclear weapons will be (or perhaps already are) on Ukrainian soil.
Whoever distorts these facts is on a political rant.
AL • January 25, 2022 12:56 PM
“The whole “NATO bogeyman” whining is anyway a lie: if Ukraine were ever to qualify for membership, the process would likely take 20 years,”
If that is the case, why not give assurances that Ukraine won’t enter NATO? Then, what does Putin have to complain about? Nothing, and the U.S. and Europe can return their focus on the hyper-inflation being generated by Federal Reserve and ECB money printing. 😉
From the U.S. perspective, we’re flushing way too much money down the toilet on the military while China builds infrastructure, like Belt and Road. Last thing the U.S. needs is to become obligated to yet another country for its defense.
JonKnowsNothing • January 25, 2022 1:53 PM
@Clive, @Ted, @All
re: Messing with critical infrastructure …
A MSM report (reliability tbd) that “hactivists” have installed ransomware on Belarusian train system.
Hacktivists in Belarus said on Monday [01 24 2022] they had infected the network of the country’s state-run railroad system with ransomware and would provide the decryption key only if Belarus President Alexander Lukashenko stopped aiding Russian troops ahead of a possible invasion of Ukraine.
…
Our conditions:
* Release of the 50 political prisoners who are most in need of medical assistance.
* Preventing the presence of Russian troops on the territory of Belarus
Zho, if true there are a couple of interesting rat-holes:
1, Cyber attack on business or Cyber warfare attack?
2, Attribution Fun Time. I’d put a nickle (5P) on NotRussia.
3, State Sponsor, Paid MOB, or Lone-Wolf-Spidey
4, Inquiring minds want to know: Did they post the messages in Belarusian language?
===
h ttp s://ars technica.com/info rmation-technology/2022/01/hactivists-say-they-hacked-belarus-rail-system-to-stop-russian-military-buildup/
Winter • January 25, 2022 2:16 PM
@AL
“If that is the case, why not give assurances that Ukraine won’t enter NATO?”
Ever heard of Danegeld?
ht-tps://en.m.wikipedia.org/wiki/Danegeld
Did not work then, does not work now. Putin has never ever felt bound by treaties or promises. His word has been shown time and again to be worth absolutely nothing.
MarkH • January 25, 2022 4:11 PM
@AL:
Is it your practice to allow adversaries to dictate your security policies?
If so, how’s that workin’ out for ya?
Clive Robinson • January 25, 2022 4:14 PM
@ AL, ALL,
Last thing the U.S. needs is to become obligated to yet another country for its defense.
Err voth the UK and the US are obligated to the Ukraine already. Something the MSM is keeping quite about for some reason.
The UK has already started in on it’s promise, how far it will go I’ve no idea, but the last time Britain got involved in Europe that way it ended up being quite a mess that is still not settled today.
Ted • January 25, 2022 5:50 PM
@JohnKnowsNothing, Clive, ALL
The Belarusian railway hack is a very interesting development. I am still trying to figure out if the Belarusian Cyber-Partisans are English-speaking.
The tweet I saw from them about the railway hack is in English. Actually, now that I look, all their tweets – starting from August 2021 – are in English too. Mystery.
SpaceLifeForm • January 25, 2022 5:59 PM
@ Anders
Good article. Unbreaking link.
As the article notes, the concept is not new. But, I think the primary point of any attack is not at the FAB, but upstream.
When one is designing chips using software running on an OS running on existing chips, well the obvious point of attack is going to be the chip designers environment. Or an insider that is doing the chip design.
Clive Robinson • January 25, 2022 7:01 PM
@ SpaceLifeForm, Anders,
Re Hardware Trojans.
Quite a few years ago @NickP and @RobertT discussed this in quite some depth.
@RobertT suggested that the test framework the Fab added to the chips might be a place ro start as this is propriatory to the Fab. He also suggested routing out via a blind via trick a bit such as carry from an ALU output register.
The conclusion was that there was no way to “scan the chip” for a blind via.
@Nick P also pointed out that there had been a request for techniques to find what we now call supply chain poisoning and that some of the groups that submitted ideas “went dark” suggesting they might have been taken into the fold.
I surmised via my “castle-v-prison” research that there was actually no reliable way to test a chip for a trojan. For instance it could need a 256bit number to get written to a register to enable it and there is no way that would come out in testing except by blind luck.
So I assumed three different CPU units from different manufacturers. Any attempt to turn on malicious behaviour could not be done in parallel only serialy. Thus via a voting circuit if any CPU went rouge it would trigger the voting mechanism that would flip the state machine based hardware hypervisor to freeze the “prison” and the hardware hypervisor would trigger the next layer of hypervisor up that would inspect the prison memory, registers etc looking for differences.
So yeah this blog has been several years ahead in this area…
It’s a shame neither @Nick P or @RobertT are still dropping by they contributed quite a lot, as well as making good sounding boards for quirky ideas. Likewise we appear to have lost @Wael and @Dirk Praet, @Thoth and a few others.
The last I saw of @NickP was over on Lobste.rs but he appears to have fadded there as well. @Wael was occasionally poping up but as was @Thoth but both appear to have faded.
Hopefully they are all well.
lurker • January 25, 2022 8:55 PM
@SpaceLifeForm
Now 26 +ve from Brisbane-Apia flight, including 5 ground-side carers. Total lockdown in Samoa…
13 on board relief ship HMAS Adelaide heading to Tonga; everyone confident of contactless delivery…
On this their National Day it’s worth remembering their own nickname: The Lucky Country
JonKnowsNothing • January 25, 2022 9:18 PM
@Ted, @Clive, @ALL
re: The Belarusian railway hack is a very interesting development. I am still trying to figure out if the Belarusian Cyber-Partisans are English-speaking.
Just a query: What would that tell you?
Lots of people speak English, or English derivatives like American English.
iirc(badly)
- People in the cities of Belarus speak Russian.
- People in the countryside speak Belarusian.
Belarusian is taught is schools (or was). No one in the cities is interested in their native language, since business is done in Russian.
English won’t tell you much, Belarusian can tell you more, provided it wasn’t passed through G$$$X.
If the encryption source code is recovered, study of that might lead to some interesting place but False-Flag is common. Somethings can be noted: American English doesn’t have a lot of diacritical marks, and American English speakers have a heck of time using them. American English has a ton of metaphors about baseball (which is not cricket (1)) and finding some of those might point to someone familiar enough with American English to use them. However with excellent language study, people can learn many idioms.
What is much harder to learn is “pronunciation”. There are some sounds that if you do not learn them early in life you may never be able to replicate them on the same level as someone who did. It’s the difference between a “native speaker” and a “learned speaker”.
Mary Poppins for example, passes what the USA thinks is the sound of an English Cockney Accent but produces an emetic response in English Cockney Native Speakers.
So, source code can give you a hint, voice print is much more indicative of source.
The new caveat is: Deep Fake. It’s all Memorex.
===
Hercule Poirot:
Cricket. The English enigma. I know not of any other game where even the players are unsure of the rules.
….
[Hedley] Verity does 14 “wickets” for 70 turns, in a day in what England two times removed the Australia, to gain the second play international.
Six “wickets” in the last hour! And after the weekend rain is it surprised, mon ami? The Australians are got used to difficult lands.
The “wickets” of Lord’s they would be certainly wet.
It is not one day to mark points, no, it is one day for the art of launching and the Hedley Verity it is the biggest lively exponent.
It bends the left arm, the leg is moved for the right wing.
He would take them to a Long Room in an instant.
It has variation of launch, the “Chinese”, and a very quick ball what becomes a ball of salience.
Yes, in a day so, Monsieur Verity it would find a good result 14-70.
null clam • January 25, 2022 9:31 PM
@ All
Re: Hardware Trojans
There is also this gem
xyzzy :// vvv.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/
“Detecting this with current techniques would be very, very challenging if not impossible,” says Todd Austin, one of the computer science professors at the University of Michigan who led the research. “It’s a needle in a mountain-sized haystack.” Or as Google engineer Yonatan Zunger wrote after reading the paper: “This is the most demonically clever computer security attack I’ve seen in years.”
JonKnowsNothing • January 26, 2022 3:39 AM
@All
re: update The Bank of Mom and Dad: Death Taxes 2
Right on time for the topic:
UK and Wales will be increasing the cost of filing for Probate Certificates in order to fund a “state of the art” computer central controlled system.
Fees will go up 76% to £273.
Survivors (1) need a probate certificate to handle the financial and real estate of the deceased person, without it you cannot pay bills, close bank accounts, sell property or dispose of valuable items.
So the value of the UK and Wales dead with the fee hike is enough purchase a grander sized computer system and the software to run it.
“These fees will fully fund our investment in a first-class digital probate service”
Per some of the UK.gov sites the estimated probate filings are 180,000 per year.
180,000 * £273 = £49,140,000 per year.
So the current level of COVID-Dead in the UK is worth at least £50 Million.
===
1) Escheatment process will begin when the Banks file notices of No Account Activity for those that died without survivors.
For those survivors that do not have access to computers and the internet and so are unable to fill in the on-line check boxes, or the ability to pay someone to do it for them, the residue estates will fall into escheatment and the government will take ownership of the property/items.
This latter issue, is the same problem for all centralized canned-system sorting, allocation, qualification and validation systems, regardless of country.
Clive Robinson • January 26, 2022 5:37 AM
@ null clam, Anders, SpaceLifeForm, ALL,
Re: Hardware Trojans
And the supppsadly,
“… most demonically clever computer security attack I’ve seen…”
It’s known as “charge pump circuit” and they’ve been around a lot longer than digital logic (which is actuall nonlinear analog amplifiers run open loop so the outputs “smack into the rails”[1]).
A “charge pump circuit is technically a “leaky integrator” that has different time constants for charging and discharging. And in some respects can be made to look just like one bit of “Dynanic RAM” storage (that works in a very very similar way).
Each pulse via a resistance into the capacitor transfers energy as charge (in columbs) this lifts the voltage on the capacitor. As it’s a percentage of a difference by time the charge curve is exponential, which makes the first few pumps have an almost linear rise. Due to the way a CMOS inverter is biased, when the charge on the capacitor gets around 50% of the way up it causes the anplifier output to go from close to the +Vcc positive supply rail to close to the Dgnd 0V rail.
Depending on how much above 50%Vcc you charge the capacitor to and the effective value of the discharge resistance determins how long it is before the inverter output goes back to near Vcc. The designer has to be carefull though, because a slow change of voltage around half Vcc at the input will cause the inverter to come out of saturation.and become a high gain analog amplifier which will be overly sensitive to power supply line noise, thus will have a very very unpredictable behaviour as the voltage transitions throug the analog range (most likely acting as a “chaotic” circuit such as an oscillator). Therefore the designer should include a little inverted positive feedback from output to input to cause the amplifier to transition as quickly as possible. This is often done by having to inverters in series and having a form of potential divider on the output of the second inverter with the tap going back to the input of the first inverter[2].
Why the guy at described it as “… the most demonically clever computer security attack I’ve seen…” I don’t realy know. It’s been discussed on this blog some years ago and @RobertT described the benifts of using analog tricks as the young chip designers just don’t have a clue, as they mainly use precompiled macro libraries and more or less just “route them in” then run it through Fab lab propriatary software to see if there are likely to be issues before they commit to the very expensive mask making process.
[1] See the 1973 Motorola McMos book that has several chapters on the analog performance of CMOS inverters used not just as amplifiers but as RC oscillators, Xtal oscillators and much else besides.
[2] Sometimes you will see a circuit with two inverters in series with a capacitor on the input to the first inverter, and a resistor from the first invertor output to it’s input. This is actually an RC oscillator and the second inverter is used as not just a buffer but to “tidy the signal” up a bit.
Clive Robinson • January 26, 2022 6:11 AM
@ JonKnowsNothing,
Survivors (1) need a probate certificate to handle the financial and real estate of the deceased person, without it you cannot pay bills, close bank accounts, sell property or dispose of valuable items.
Actually you can with a bit of fore thought.
The old way was to put everything in a trust and have appropriate conditions specified.
The UK Government stamped down on this because of people using it to avoid all kinds of taxes.
The second more recent way was to use a “limited liability company” with A and B shares (voting and dividend). I won’t go into the details because people started to use companies to avoid paying ruinus “Stamp Duty” on more expensive property sales.
So the UK Government brought in legislation for that.
But this still leaves the use of foreign companies and “Limited Liability Partnerships” and “back to back loans” via tax havens.
The UK Government left this alone untill the embarasment of the “Panama Papers” and what quite a number of UK politicians of the current encumbrants had their dirty laundry aired.
The thing is there is still gaping holes in the system that dictators, tyrants, crooked politicians, crooked financiers, crooked banks like HSBC, and many others “launder the proceeds” of their various questionable activities and those of their clients through.
Many see death duties as an iniquitous tax on what a person has already payed tax on multiple times already. Thus robbing their descendants of a start in life.
Oh for those looking for an easy way to avoid death duties in the UK, buy a working farm and live on it. It’s one of the reasons farm land is currently so eye wateringly expensive. However a legal friend pointed out that the definition of a working farm is a bit broad so other properties can become farms (fought realy hard by local authorities). Also the definition of “crop” is also very wide…
Winter • January 26, 2022 7:16 AM
@Clive
“For Russia to develop the economy it needs for the Rus to have the quality of life they want they have to drop the faux historic romanticism of “Strong Russia”.”
For Russia to develop its economy, it would rely on an educated workforce that runs an industry. As an educated workforce demands political power, that is out of the question for the current Oligarchs sum Putin.
It is extractive wealth without representation or death.
Strong Russia is just a diversion.
Anders • January 26, 2022 7:58 AM
@Clive @SpaceLifeForm @ALL
Nice writeup!
hxxps://www.openwall.com/lists/oss-security/2022/01/25/14
Clive Robinson • January 26, 2022 10:28 AM
@ Anders, SpaceLifeForm, ALL,
Such a simple bug…
Based on a very old issue (pointer underflow). In a way it’s nice to see it out and avout again 😉
AL • January 26, 2022 10:49 AM
No sooner then when I said I’d like to see Germany handling the response then I read this:
https://www.nbcnews.com/news/world/russia-ukraine-putin-invasion-germany-nato-biden-rcna13251
With Ukraine under growing threat from Russia, the United States and its NATO allies across Europe are stepping up their response.
But there is one notable country that appears to be holding back: Germany.
How ’bout that?
JonKnowsNothing • January 26, 2022 12:05 PM
@Clive, @All
re: buy a working farm and live on it. It’s one of the reasons farm land is currently so eye wateringly expensive.
In the USA, there are number of considerations to this.
An economically profitable farm, depends on what is being farmed. Raising livestock like cattle uses a range of land sizes depending on the number of cattle and the stage of life: birth to slaughter house.
If you run a cow-calf operation, normally beef cattle are on large tracts of forage lands, including government leased lands. Thousands of acres (@2acres per hectare) are needed. Running a feeding operation for the last 3-4 months before slaughter needs less space per animal but a lot more animals.
A famous California slaughter house and feeding operation with side business in high end thoroughbred race horses, has tens of thousands of cattle on site every day.
The stink perfumes the country side for miles in every direction. You always know where you are on the road between LA and SF by the stink.
If you want to run a field operation, growing vegetables, you have either to invest in thousands of acres of land or a big warehouse system.
Think of those glorious pictures of the wheat harvests with never ending wheat to the horizon and 50 huge combine harvesters with their own bank-out trucks following in lines behind them.
A warehouse operation can have a smaller foot print, even garage size(1), and often uses hydroponic techniques and a stacking system automated system. It can be gravity fed.
You load up a butter lettuce plug into a specialty plastic container and set it on a conveyor belt roller system. At various points it gets fed and watered and grows under 24hr sun-light-lamps. If the warehouse is “closed” you don’t have to worry about a “flesh eating slug repellent”.
30 days or so after “planting” you take the now fully grown lettuce in its protective shield to market. Less damage to the lettuce, easier to transport, customers can see but not pinch the lettuce and it fits inside a grocery bag.
The plastic shield may not be environmentally sensitive but no one buys bruised and torn-leaf lettuce. Maybe they should but they don’t. So it’s a choice between less food waste v less plastic.
But the IRS here has a fine print definition.
Profit Making vs Hobby
The taxation rules between them are significantly different.
- A profit making or potentially profitable endeavor gets normal corporation account GAAP rules applied.
- A hobby does not. This rule is simple: Hobby gains vs Hobby losses. Hobbies have more losses than gains and the losses are not deductible.
Race horses cause no end of anguish to the IRS because while the vast majority are loss makers, an occasional Big Time Winner owned by 5-10 Bar Buddies makes it a business.
So, in the USA you need to think carefully about what you are planning and which side of the IRS equation you will fall under.
You can make a small fortune in horses.
First you have to start with a large fortune…
===
1) Garage size: Growing crickets for fishing bait and critter food. A few large bins 3×3 or 4×4 and some cardboard in the bottom and screen over the top with a brick on it. Toss in a few crickets and population explosion. Package the crickets and sell them to stores and fish bait houses. The poop is excellent in the garden although a wheel barrow of the stuff, which is about a year’s worth of cricket poop, will clear your sinuses.
If you don’t like the sound of cricket chirping, you can go for earthworms. You only need a footlocker size box and some left over bruised and torn lettuce leaves.
Clive Robinson • January 26, 2022 12:58 PM
@ AL,
How ’bout that?
No surprise at all.
Look at the –illegal under EU legislation– Nordstream II pipeline and similar. Due to various policies under Mummy Merkles leadership, Germany has developed an energy need for the likes of Gas that has made it dependant on Russian Energy Exports with more than 1/2 Germans Energy Needs at low low prices currebtly comming from Russia.
And I suspect many Germans are now scared Putin will turn the tap off and they will either freeze ib their homes or pay the huge price hikes other parts of Europe are having to edure due to China…
After all it’s not as though Putin has not used energy dependency as a political tool in the past… Oh and US President Biden went soft on Russia…
As they say in training for team sports,
“Come on keep up and stay on pace”
So have a read of,
https://www.theguardian.com/world/2021/dec/23/nord-stream-2-how-putins-pipeline-paralysed-the-west
It ourlines some of the issues. Put simoly Putin is “the pusher” of a couple of “drugs” Germans are addicted to thanks to now departed Mummy Merkle.
pup vas • January 26, 2022 2:13 PM
AI: Why chefs are turning to artificial intelligence
https://www.bbc.com/news/business-59651077
=In humans the sense of taste stems from multiple receptors that are primed to alert our brains to the nature of any possible food we encounter.
Sam lacks this sense of taste, but it has been trained on a database of ingredients gathered over 60 years at the company.
Using a technique called machine learning, it has raced through examples of flavor combinations and has learnt its own definitions, maturing over 18 months into today’s AI robot.
Eric Saracchi runs the digital side of Firmenich: “Flavors are more complex than perfumes,” he says, and Sam had to understand what a strawberry is, or how grilled beef hits the tongue, before finding matches between tastes and plant foodstuffs.
The robot is primed with so many ingredients it is known internally as “a piano with 5,000 keys”. That piano is played by the company’s team of human flavorists.
==>One big advantage of an AI robot is that it has no cognitive bias. This lack of human prejudices helps Firmenich to get past any unconscious leanings of the flavorists.
==>The objectivity of Sam, devoid of influences that can sway even the most professional of flavorists, allows it to work at speed. “It adds value by combining the knowledge of all the other flavorists here,” says Mr Salord.
The machine rapidly gives an indication of how a flavor can be created and how much of an ingredient should be included. And Sam can hold the line between Mr Salord’s team of flavorists and public tastes, refereeing decisions when the flavorists’ view differs from that of a consumer panel.”
pup vas • January 26, 2022 2:26 PM
Why Japan has the world’s most effective Lost and Found
https://www.bbc.com/reel/video/p0bk8s7q/why-japan-has-the-world-s-most-effective-lost-and-found
Good short video taking into consideration that phones and wallet are on the top of lost items.
Important how culture is working not less stronger than Law. Many countries should learn out of this example.
Perkins • January 26, 2022 3:26 PM
Google: not an IT company but an advertising company that just happens to also produce software to help its own business. The only way you can increase profits in their line of business is to gather more data.
Google slammed over ad-cookie replacement flip-flop
https://www.bbc.com/news/technology-60138876
Users would be able to remove ones they did not like – or disable the feature entirely.
But one advertising-technology company questioned how Topics would help advertisers better target users.
“Google’s latest proposal on Topics is limited to one channel – its Chrome browser – and can’t be applied to the multiple devices the majority of consumers use to access the open internet,” The Trade Desk UK vice-president Phil Duffield said.
“This means that advertisers are restricted to basic targeting approaches.”
JonKnowsNothing • January 26, 2022 4:09 PM
@pup vas, @All
re: AI: Why chefs are turning to artificial intelligence
In humans the sense of taste stems from multiple receptors that are primed to alert our brains to the nature of any possible food we encounter.
Well I certainly wish they would program the AI/BOT to recognize my “new acquired allergic reaction” to foods that previously had no concerns.
While I normally (or previously) have no food allergies, I do now.
Unfortunately I do not know exactly what the trigger is or what the item(s) might be as the ingredient list looks pretty much the same as always.
I have contacted companies to ask:
WHAT’S in the MIX OF SPICES?
It’s a trade secret, but you are not the first to have a reaction.
Ted • January 26, 2022 4:58 PM
Is this a good sign or a limited take?
“BREAKING: Political advisers from Russia, Ukraine, Germany and France have agreed to an “unconditional observance of the cease fire” in eastern Ukraine.
Another meeting between the four countries will be held in Berlin in two weeks.”
https://m.dw.com/en/russia-ukraine-agree-to-uphold-ceasefire-in-normandy-talks/a-60556387
Clive Robinson • January 26, 2022 5:08 PM
@ JonKnowsNothing,
While I normally (or previously) have no food allergies, I do now.
It’s a form of failing autoimmune response.
You’ve in effect had the allergies for some time but the body has been able to deal with it via hormones etc (think histamine and insulin responses).
As you get older and or you overload the system, the response becomes less and less and thats when the symptoms become prevelant and you call it an allergy. Often one of the first signs you are heading into trouble is in effect cravings that make you want more of what makes you ill…
Due to poor “medical advice” I started eating rather more bread than I should have done. The reason I was told it had to be X% of diet, but they had not realised because I was burning upwards of 4000 cals a day due to cycling and the like I was eating too much wheat based grains… The result was first I became addicted to it with two or three slices or rolls with every meal. Calorificaly not an issue but wheat is not something you should eat a lot of, especially the full wheatgerm stuff…
I started developing what looked like coeliacs but was not… However after years of being told I was imagining it or similar a chat with a research professor in animal nutrition who is a relative of a friend, suggested the way to go was “evidenced based” rather than “medical based” so various forms of “elimination diet” pointed out a strong causal relationship…
Further testing shows that one reason I got addicted to bread is that to my blood glucose levels it’s like nitros in motors… It sent it rocketing followed shortly there after by the crash… Part of this was I ended up with diabetes. To which the medical profession just loads you up with insuline and you put on lots and lots of weight which you can not shift as dieting and diabetes control are apparently alien with respect to each other as far as the medical profession is concerned.
The solution eliminate foods that made my BG soar or jump then crash, and have only one meal a day or every other day. 20kg of shifted weight and no food cravings and mostly no IBS and similar was great.
Then last summer things went horribly wrong… I had been put on a relatively new drug called riveroxiban a couple of years previously as they wanted me off of “rat poison” (not that I had issues with rat poison it was the idiots who ran the INR clinics political infighting and general incompetence that was the problem). The prob with riveroxiban to be honest was I had no idea it was failing to work. Thus I ended up at the begining of august in hospital with serious heart failure and nearly in ITU due to blood clots through out my lungs and other places, one of which was a clot the size of the end of your thumb in the right atrium of the heart… Not good for longevity. Any way I’m back on the rat poison, which suits me… But the “General Practicioners”(GPs) and INR clinics are still “politically in fighting” which makes me want to pick some of them up by their ankles and bounce them on their heads untill they start seeing sense or swing them around like the proverbial cat in a small room.
Anyway asume your food alergies are probably an indicator of underlying harm, and act accordingly. Even if they are not acting that way is going to be a lot less harmful to you than doing the opposit. Oh one piece of advice, I don’t know what medical nutricionists actualy are, they are not scientists or doctors and they follow a Government supplied set of mantras like it was a religion… Best avoided in the UK especially when they cannot answer basic guestions like “I need minerals found in brasicas for my heart failure, unfortunatly the have a significant adverse effect on my INR thus I get DVTs, PEs and CEs/TIAs, what other foods will give me the minerals but not VitK?”… A basic simple question that lookup tables or even a braindead computer program could do with ease… But not hospital nutritionists…
vas pup • January 26, 2022 6:13 PM
@Ted • January 26, 2022 4:58 PM
I hope it is.
But interests of major continental European countries France and Germany which understood that military conflict, illegal spill of arms, refugees will directly affect their own security are not the same as of those countries where leaders think that channels and oceans guarantee their own security in any scenario and basically put gasoline in the fire rather than prevent fire itself.
SpaceLifeForm • January 26, 2022 6:16 PM
@ Anders, Clive, ALL
re: CVE-2022-0185
Interesting. I will have to research as to when the bug showed up. So I can exploit older stuff. I doubt it will exist for my use case (rooting older Android).
But, in todays news…
CVE-2021-4034
It only took a few hours for people to create an exploit in the wild. It is LPE to root, and probably only bad in certain environments. Probably has not been exploited previously, but you never know. Exploits created work fine. Patches now available for major distros because of responsible disclosure.
https://marc.info/?l=oss-security&m=164313339424946&w=2
https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/
SpaceLifeForm • January 26, 2022 6:55 PM
@ JonKnowsNothing
Have you tried an LFT/Rapid lately?
I am still researching.
SpaceLifeForm • January 26, 2022 7:15 PM
Re; IRS and ID.me
SpaceLifeForm • January 26, 2022 7:38 PM
@ Anders, Clive, ALL
It’s just another Friday
Here, CVE-2022-0330 is not surprising.
If you combine different bugs, well, magic can happen.
https://www.openwall.com/lists/oss-security/2022/01/25/12
All Intel integrated and discrete GPUs starting from Gen8 (Broadwell) are affected.
Clive Robinson • January 26, 2022 9:24 PM
@ SpaceLifeForm, ALL,
Re : CVE-2021-4034
Interesting to note why OpenBSD is NOT effected…
Wael • January 26, 2022 9:42 PM
@Clive Robinson,
I’m well, and I believe so is @Dirk Praet. Just busy and staying up late finally got to me. I read here once on a while… if I become less busy, then I’ll be back 🙂
I trust you remain healthy and wise.
JonKnowsNothing • January 27, 2022 12:17 AM
@ SpaceLifeForm
re: Have you tried an LFT/Rapid lately?
Hmmm Noooo… locally there’s nary a one to be had and we are in Triage Mode Day 1.
I continue to hide inside, I venture out to the porch to drag in groceries and haul the garbage cans to the street but only when No One Is Visible. I live in a somewhat secluded area with low traffic car+pedestrian so I can time things but the numbers are pretty scary so it maybe just a matter of time.
When it happens I have pretty much zero chance of anything good happening at the hospital. The old immunocompromised trick…
The raise of Omicron BA.2 means most LFT/Rapids aren’t worth a nickle, only full genome sequencing will tell you what you have or don’t have and you won’t be getting any of that locally.
Even if you got a good test hit on a LFT, there’s not much you can do here with the result. With the 2 monoclonal antibodies being yanked by the FDA/CDC because they don’t work against Omicron; the only working one isn’t available locally. Same for the antiviral pills. Short supply or none.
Local Positivity Rate: 30.9
Local Cases per 100k: 203.9
SpaceLifeForm • January 27, 2022 1:49 AM
NSO FVEY
“It’s a bold strategy, Cotton. Let’s see if it pays off for them”
hxtps://www.haaretz.com/israel-news/business/.premium-u-s-venture-capital-firm-in-talks-to-buy-israel-s-infamous-spyware-maker-nso-1.10565909
hxtps://californianewstimes.com/israels-nso-group-in-sale-talks-with-company-run-by-ex-us-soldiers/666661/
Clive Robinson • January 27, 2022 3:47 AM
@ SpaceLifeForm, ALL,
CVE-2022-0330 is not surprising.
May I draw peoples attention to,
“Flawed assumption was that flushing the TLB at the start of every userspace GPU execution is sufficient, “
Hmm not flushing memory… I seem to remember thst free() / malloc() had this “data retained” issue so they came up with the wrong solution security wise and called it calloc().
So from a security perspective,
clearing the memory became the job of the wrong person.
So there was a vulnerability you could drive a full prison bus through for a sunday picnic…
If memory serves correctly one of the first incidents back in the mists of time was where people were alerted to this major issue was with an archive system on SunOS where the last block written to tape contained parts of one of the system security files…
The real reason for these issues with memory containing sensitive information is marketing specmanship “go faster stripes”.
Clearing memory takes CPU cycles and time for what ordinarily would not be an issue. So not clearing memory is an easy performance gain. But in some cases it’s also an easy “covert channel” to communicate sensitive information through…
In the words of the song,
“When will we ever learn,
When will we ever learn.”
Clive Robinson • January 27, 2022 3:52 AM
@ name.withheld…
This is a reinterpretation of the Preamble to the U.S. Constitution
Which history shows is never good, but highly desired by all forms of “guard labour” and the tyrants / despots / dictators and similar that setup “Police States”.
Clive Robinson • January 27, 2022 4:27 AM
@ Wael,
I’m well, and I believe so is @Dirk Praet.
That is nice to hear. If you are still in contact with Dirk, tell him I wish him well.
Speaking of which, do you still have contact with @Nick P?
He kind of faded off of lobste.rs as the stuff he was posting was to advanced in time by far for the majority of posters there “short term cognition” issues…
As for,
I trust you remain healthy and wise.
Not sure on either ={
I was at the hospital yesterday morning because the Heart Failure had suddenly gone nasty. Tests showed that for some reason the meds were not working… The practitioner was quite shocked when I told her that despite changing Drs they were still not issuing perscriptions correctly after what is six months… Oh and blaiming “the crown cough” as the reason…
As for the wise, let’s just say whilst I can remember minutia from years ago, these days some mornings “I can’t remember my name”… If you remember the Harsh Mistress, she still has her wicked way with me. Two hours a day most days then a whole day or two when finally it catches up is not good…
But as they’ve said for over three quaters of a century “nil carborundum” or equivalent…
John • January 27, 2022 5:00 AM
@Clive,
Food allergy. Two short books: Dr. Coca – The pulse test, and ‘We Eat Clay’. I am doing what both suggest. Also eating fewer meals less often.
Sounds like what you are describing in me!
So thanks for that.
John
Clive Robinson • January 27, 2022 8:10 AM
@ ALL,
Because it’s getting towards the anniversary of Terry Pratchett’s death, and I’m currently laid up sick, at the moment I’m reading his book “Thud” written back in 2004.
In the early pages you will find,
“And then, just when you thought it was as bad as it could be, up popped Grag Hamcrusher and his chums.”
And
“He preached the superiority of Dwarf over Troll, and that the duty of every Dwarf was to follow in the footsteps of their forefathers and remove trollkind from the face of the world. It was written in some holy book, apparently, so that made it okay, and probably compulsory.
Young Dwarfs listened to him, because he talked about history and destiny and all the other words that always got trotted out to put a gloss on slaughter. It was heady stuff, except that brains weren’t involved. Malign idiots like him were the reason you saw Dwarfs walking around now with not just the ‘cultural’ battle-axe but heavy mail, chains, morningstars, broadswords… all the dumb, in-your-face swagering that was known as ‘clang’.”
And the thought occured that if you change,
1, Garag to opportunistic politition
2, Hamcrusher to Putin
3, chums to crooks
4, Dwarf to Rus
5, Troll to West Ukranian / Anglo-Saxon
6, Make the weapons more contempory
Then it would accurately describe the political position we find ourselves in currently.
Written nearly a decade ago the words look now quite prophetic.
But sadly, the reality is where we find ourselves currently, history teaches us, was all to probably going to happen anyway. As the wheel keeps turning down a well rutted path to macho stupidity and slaughter, that happens almost every few years somewhere on the face of this planet.
Wael • January 27, 2022 8:36 AM
@Clive Robinson,
If you are still in contact with Dirk, tell him I wish him well.
Done. Message relayed.
Speaking of which, do you still have contact with @Nick P?
I don’t!
I was at the hospital yesterday morning because the Heart Failure had suddenly gone nasty.
Get well soon.
Dirk Praet • January 27, 2022 8:44 AM
@ Clive Robinson,
Just got a ping from @Wael that you were enquiring about me. I’m fine, and it’s heartwarming to hear that you are too, despite your usual health issues. Anything exciting going on here lately ?
If you need an acknowledgement it’s really me, I can git-sign my posts the way we discussed in 2016 and for which I still have an old repo athttps://github.com/dpramone/bruceschneierforumsig_DP 😉
Anyone has any news on the whereabouts of @Mike the goat, by the way ?
Cheers,
Dirk
JonKnowsNothing • January 27, 2022 10:26 AM
@Clive
re: Reading the Oldies but Goodies
Often when re-reading books, I find entire sections I don’t remember reading before. It’s like getting a present in the Present.
I’ve also ditched ebooks for a couple of reasons.
- Library is closed
- Limited catalog
- Library card expired
- Claw backs or Grab backs
- Telemetry
- Tie-Ins
So, I save my coins to buy paper books, some with “new to me” authors and some old favorite writers. I can read (and re-read) one line at a time and no one is timing how fast or slow my eyeballs are scanning the page. I do try for big print versions.
Currently on the list:
- The Three-Body Problem Series (English translation); author: Liu Cixin
- The Old Kingdom Abhorsen series; author: Garth Nix
- Erast Fandorin series (English translation); author: Boris Akunin
You might want to check James Branch Cabell series, but much of his works are out of print.
Hope you recover quickly!
Ted • January 27, 2022 10:37 AM
Brian Krebs also wrote an article about ID.me – the company that now handles online identity verification for IRS.gov.
I have to wonder how the IRS will respond to any security issues with this arrangement, seeing that they cancelled their identity verification contract with Equifax in 2017 following the disclosure of a massive data breach.
Brian said he interviewed ID.me’s CEO Blake Hall last year about a different story and asked how the company protected user data. The article provides details about their defense-in-depth approach.
Ted • January 27, 2022 10:39 AM
continued
They don’t sound like amateurs. But still, I don’t know about this. Nothing is secure. It seems like the government is trying to protect its financial resources in an age of online possibilities and perils. I wonder what the plan is if or when this goes sideways.
https://krebsonsecurity.com/2022/01/irs-will-soon-require-selfies-for-online-access/
Clive Robinson • January 27, 2022 11:03 AM
@ Dirk Praet, Wael,
Nice to hear you are still pushing the world around, last I heard you were giving the south of the EU a try for a different type of local beer 😉
Yes I’m still knocking about much to many others expectations, and yes I’m still bumping into too many Drs and Nurses, for some reason they keep getting younger to my eye ={
With regards,
Anyone has any news on the whereabouts of @Mike the goat, by the way ?
I popped a message up on his WordPress site, about four years ago as did @figureitout, but he did not reply.
Nor did he make any further posts after that 1st Sept 2016 post with the title,
“I’m Not Dead; Just Vacationing”
https://mikethegoat.wordpress.com/2016/09/01/im-not-dead-just-vacationing/#comments
So I’m guessing things changed.
But his pen name of “Mike the Crypto Goat” kind of got stolen by the faux crypto-coin called “goat coin”… So my occasional OSInt methods have way to much noise and either next to no, or no signal.
Ted • January 27, 2022 12:56 PM
The chip-maker Intel plans to invest $20 billion to develop new chip factories in Columbus, Ohio. Construction is set to start this year, with chip production scheduled for 2025.
The initial factories are predicted to employ 3,000 people, and could potentially grab up engineering graduates from nearby Ohio State University.
Legislation to provide additional funding to chip-makers is currently caught up in Congress, but Intel is hopeful it could pass in the coming months. Intel CEO Patrick Gelsinger has also lobbied for similar subsidies in Europe.
https://www.nytimes.com/2022/01/21/technology/intel-chip-factories-ohio.html
Dirk Praet • January 27, 2022 1:27 PM
@ Clive, @ Wael
The south of Europe lost its charm rather fast, and I’ve been working for a small IT Security & GRC outfit in my hometown for the last couple of years. The addresses I had on file for @Nick P and @Figureitout still worked and I’ve pinged both asking what they’ve been up to lately. @Thoth’s unfortunately bounced.
I haven’t been active on any security blogs or other public fora for quite a while, just the occasional post, share or comment on – horresco referens – Linkedin. I know. And during the COVID-19 lockdowns and restrictions that kept me away from my gym and favourite pubs, I spent most of my time studying and doing all sorts of certification exams like ISO27001 LI, CISA, CISM, CDPSE, CDPO, Azure/M365/Google/AWS/Oracle cloud stacks and the like. Was kinda fun to do. In parallel, I’m still totally hooked on constitutional law, which at some point I really hope to do something with.
vas pup • January 27, 2022 3:09 PM
F35-C fighter jet: Race is on to reach sunken US plane… before China
https://www.bbc.com/news/world-us-canada-60148482
“A bizarre race against time is under way for the US Navy to reach one of its downed fighter jets – before the Chinese get there first.
The $100m (£74m) F35-C plane came down in the South China Sea after what the Navy describes as a “mishap” during take-off from the USS Carl Vinson.
The jet is the Navy’s newest, and crammed with classified equipment. As it is in international waters, it is technically fair game.
Whoever gets there first, wins.
The prize? All the secrets behind this very expensive, leading-edge fighting force.
There is precedent for these winner-takes-all military cat and mouse games.
In 1974, at the height of the Cold War, the CIA secretly pulled a Russian submarine from the sea floor off the coast of Hawaii using a giant mechanical claw.
Two years earlier, the Chinese military secretly salvaged the UK submarine HMS Poseidon which sank off China’s east coast.
And it is widely believed that China got its hands on the wreckage of a secret US “stealth” helicopter that crash-landed in the raid on Osama bin Laden’s compound in 2011.”
Read the whole articles for more details.
vas pup • January 27, 2022 3:20 PM
What is the quantum apocalypse and should we be scared?
https://www.bbc.com/news/technology-60144498
“Imagine a world where encrypted, secret files are suddenly cracked open – something known as “the quantum apocalypse”.
Put very simply, quantum computers work completely differently from the computers developed over the past century. In theory, they could eventually become many, many times faster than today’s machines.
That means that faced with an incredibly complex and time-consuming problem – like trying to decrypt data – where there are multiple permutations running into the billions, a normal computer would take many years to break those encryptions, if ever.
But a future quantum computer, in theory, could do this in just seconds.
A number of countries, including the US, China, Russia and the UK, are working hard and investing huge sums of money to develop these super-fast quantum computers with a view to gaining strategic advantage in the cyber-sphere.
Every day vast quantities of encrypted data – including yours and mine – are being harvested without our permission and stored in data banks, ready for the day when the data thieves’ quantum computers are powerful enough to decrypt it.
“But once a functioning quantum computer appears that will be able to break that encryption… it can almost instantly create the ability for whoever’s developed it to clear bank accounts, to completely shut down government defense systems – Bitcoin wallets will be drained.”
In practice, mitigation efforts are already in train and have been for some years. In the UK, all government data classified as “top secret” is already “post-quantum” – that is, using new ==>forms of encryption which researchers hope will be quantum-proof.Most importantly, there is currently something of a post-quantum cryptography “beauty parade” taking place at the US National Institute for Science and Technology (NIST) just outside Washington DC. The aim is to establish a standardized defense strategy that will protect industry, government, academia and critical national infrastructure against the perils of the quantum apocalypse.
Developing quantum-safe algorithms is one of the major security challenges of our time. “
vas pup • January 27, 2022 3:54 PM
Opinion: Online anonymity matters
https://www.dw.com/en/opinion-online-anonymity-matters/a-60579814
“Germany’s top judges were right to decide that users should be able to post under pseudonyms on Facebook. The ruling’s legal impact might be limited — but it sends out a strong signal, writes DW’s Janosch Delcker.
No, Facebook should not get to decide if people post under their real names.
That was the key message judges at Germany’s Federal Court of Justice had for the social media giant: On Thursday, it ruled that Facebook had been wrong to suspend the accounts of two German users back in 2018, because they did not use their legal names.
It was a wise decision and it sends out a strong signal: The !!!!!!!!problem of hate circulating online is real — but forcing people to use their full names will not solve it.
What’s worse, such obligations can end up harming some of the most vulnerable members of society.
In authoritarian [and pseudo-democratic as well -vp]
regimes, researchers, activists and writers often rely on pseudonyms to protect their work, themselves or their relatives.
People need to understand that everything they say online can have the same consequences as in the analog world.
Law enforcement, therefore, needs to get better at monitoring online platforms — not just social media giants like Facebook, but also smaller platforms like Telegram: Just like police cars patrol neighborhoods, there need to be skilled officers patrolling relevant groups online. This week’s announcement by Germany’s federal police to set up a task force to investigate illegal content on Telegram seems like a step in that direction.
And authorities have to make sure that illegal and incendiary posts are investigated and brought to justice. That is how you enforce the rule of law online — not by forcing people to disclose their full names.
…the signal they (judges)are sending out is clear, and it is a strong one: !!!!Online anonymity matters.”
null clam • January 27, 2022 4:28 PM
Your mission, should you decide to accept it, is to take the essential ideas of the result linked below and create an computing system that always rights itself when under attack, except if it is in an infinitesimal exceptional state from which any further disturbance will move it instantly to the self stabilizing states.
xyzzy://vvvv.ams.org/publicoutreach/mathmoments/mm133-gomboc-podcast
xyzzy://mit.bme.hu/~vpeter/pubs/2006-intelligencer.pdf
There will be a prize of “$1,000,000,000,000” for the first correct submission [1].
- Note: Please refer to your preferred treatise on logic (Russell, Quine, Church, Kleene, Schoenfield, Smullyan, etc.) to refresh your understanding of use, mention, and naming, in order to be certain of the value of the prize.
SpaceLifeForm • January 27, 2022 5:49 PM
Denmark throws in the towel
Adopts RIP and HIP strategy.
Starting 2022-02-01, Tuesday, February 1, 2022, all Covid restrictions dropped.
Today, new record for new cases in Denmark.
Clive Robinson • January 27, 2022 5:50 PM
@ Ted, JonKnowsNothing, name.wihheld…, SpaceLifeForm, ALL,
The chip-maker Intel plans to invest $20 billion to develop new chip factories in Columbus, Ohio. Construction is set to start this year, with chip production scheduled for 2025.
It’s not just Intel, the US is preasuring Taiwanese companies
“To get the heck out of dodge”
Or put another way the simplest way for China to cripple US Millitary Forces is invade Taiwan, Japan or both and grab the Fab plants.
Over twenty years ago I warned about “out sourcing” and the dangers it could represent. I pointed out why in Europe we stopped making TV tubes as did the US and we ceaded our manufacturing capabilities to,
1, Japan
2, Taiwan
3, South Korea
Then,
4, China.
With,
5, India
6, Brazil
Coming in to other areas.
As far as “high tech” and “consumer electronics” Europe, the UK and US have lost their ability to manufacture as the jobs got out-sourced in the 1990’s and earlier and with it went the skills base.
Need I say were this stupidity arose?
The effectcs of ultra short term grab profit and run thinking, ultra long high fragility supply lines and worse much worse the deskilling of two or three generations.
The thing is that to manufacture technology the processes change so fast that you can be two or more technology generations behind within three years. What was valuable IP becomes not just stale but worthless and the workforce not just disapated but effectively out of date, untrained, and unskilled.
It’s actually going to be harder for Europe, the UK and US to “re-skill” than for most “second world nations” due in part to the high costs involved, but also because those that might have gone into engineering did not and the Western First World has passed a tipping point.
I suspect the US State Dept has finaly woken up to the fact that the probability is high that China is going to invade one or more of the South China Sea and West Pacific nations within half a decade and the reality is the US can not stop China or even North Korea if they do decide to invade.
So the only sensible thing to do is “bring the hens back home” so all those eggs do not end up in the same hostile basket…
If the politicians wake up to this or not is an interesting question, because there may not be enough time. And lets be honest when have either of the US houses actually acted in the US Citizens interests in the last 40 years or so?
The same can be said of Europe and the UK…
Behind this of course is a small group of people that apparently can buy the legislation they wont…
Clive Robinson • January 27, 2022 6:04 PM
@ Dirk Praet, Wael,
I’m still totally hooked on constitutional law, which at some point I really hope to do something with.
When I was young I cheated the law, as I started proffessional studies I hated the legislation / red tape / etc. But as I’ve aged I find it to be of increasing interest. However I know that with the best will in the world, I would not get sufficiently on top of it to feel I had a command of it. Mind you many of those I bump into who have made it their profession, leave me feeling they have even less command than I would consider a minimum…
I know constitutional law is seen by some as a “small subset” but I view it more as the foundation stone of a civil society from which all else develops, so it has to be right for the rest to function.
So good luck in that endevor.
ResearcherZero • January 27, 2022 6:53 PM
Throughout 2020, an operation attributed to the Foreign Intelligence Service of the Russian Federation (SVR) by the U.S. government was conducted to gain access to the update mechanism of the SolarWinds IT management software and use it to broaden their intelligence collection capabilities.
Even though the victims required MFA to access cloud resources from all locations, including on premises, the threat actor managed to bypass MFA through the theft of Chrome browser cookies.
Once the threat actor had a Chrome cookies file from a user that had already passed an MFA challenge recently (for example, a timeout was 24 hours), they decrypted the cookies file using the user’s DPAPI key. The cookies were then added to a new session using a “Cookie Editor” Chrome extension that the threat actor installed on victim systems and removed after using.
CrowdStrike identified forensic evidence that showed the entire attack path: browsing to a target user’s Chrome and DPAPI directories via administrative share, installing the Cookie Editor extension, and using Chrome to impersonate the targeted user in the victim’s cloud tenants. The decryption of the cookies is believed to have taken place offline after exfiltrating the data via the clipboard in the threat actor’s RDP session.
CrowdStrike also identified a connection between StellarParticle-related campaigns and the abuse of Microsoft Cloud Solution Partners’ O365 tenants. This threat actor abused access to accounts in the Cloud Solution Partner’s environment with legitimate delegated administrative privileges to then gain access to several customers’ O365 environments.
By analyzing Azure AD sign-ins, CrowdStrike was able to use known indicators of compromise (IOCs) to identify several threat actor logins to customer environments.
Throughout StellarParticle-related investigations, CrowdStrike has identified two sophisticated malware families that were placed on victim systems in the mid-2019 timeframe: a Linux variant of GoldMax and a completely new family CrowdStrike refers to as TrailBlazer.
TrailBlazer is a completely new malware family, while GoldMax for Linux backdoor “is almost identical in functionality and implementation to the previously identified May 2020 Windows variant.”
GoldMax was first observed during post-exploitation activity in the campaign leveraging the SolarWinds supply chain attacks. Previously identified samples of GoldMax were built for the Windows platform, with the earliest identified timestamp indicating a compilation in May 2020, but a recent CrowdStrike investigation discovered a GoldMax variant built for the Linux platform that the threat actor deployed in mid-2019.
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
SpaceLifeForm • January 27, 2022 7:18 PM
Wire Wrap
Knowledge is being lost over time.
There are no Silicon Turtles there.
https://twitter.com/mediarchaeology/status/1486402180064026628
SpaceLifeForm • January 27, 2022 8:11 PM
@ ResearcherZero
SS7. Attribution is hard.
While the report may be semi-accurate, there is no reason to discount it as misdirection.
Think outside the box.
null clam • January 27, 2022 8:28 PM
@ SpaceLifeForm
Re: No Silicon Turtles But What We Make
For a while, we dwelt under the AEGIS [1], even though it was not Athena’s. All too soon it was gone.
- xyzzy://en.wikipedia.org/wiki/Domain/OS
JonKnowsNothing • January 27, 2022 9:38 PM
@Clive, @All
re: It’s not just Intel, the US is pressuring Taiwanese companies
“To get the heck out of dodge”
One of many, not-new problems is the Short Term Profit Think of Western Bankers and Money Funds (of all sizes, shapes and country of origin).
Not long ago a company was severely chastised by such thinking, so much so that the CEO nearly got booted (and still may), because the Money Hedge Funds decried that the company was focusing too much on Sustainability and not enough of Profit (short term).
Another company that specializes in OnePrice items, some months back announced they would be raising the price to OnePrice+.25, not because of any supply chain issues but because during year 1 of the pandemic their profit had dropped from 350Mill to 250Mill. The CEO firmly intends to make up that “lost 100Mill” and then some.
The old problem of having money on the table for the future uses or making “enough profit but not max profit” hasn’t changed.
Should any of the saber rattling get serious down in the frozen trenches during the Russian Winter, it will be way more than a small supply chain shock for most of the world.
China is far better protected than most other countries due to their geographic location and their style of government that can and does change on a windy day.
The US does not have any ability to navigate even in a mild breeze. We cashier Captains that take initiative to save their sailors lives when not in combat. Saving a company with tens of thousands of employees is beyond our ken.
Taiwan will get the same support that Hong Kong got – none at all. It would not surprise me if there was a poison pill somewhere waiting on a trip-wire.
Ted • January 27, 2022 9:40 PM
@Clive, ALL
Great thoughts on the vulnerabilities of the supply chain. It looks like some nations are definitely being compelled to take action to avoid some very crippling pinches. It’s hard for me to even imagine what the world will look like 100 years from now.
lurker • January 27, 2022 10:28 PM
@ResearcherZero
from CrowdStrike
…administrative users had “reset” their own password to the same password they previously used, essentially nullifying the impact of the enterprise-wide reset.
I believe this is called an “own goal” in some environments. But seriously, when “administrative users” behave like this, what use are technical measures against threat actors? And how handy to have an Export Passwords tool built into the system you’re invading…
JonKnowsNothing • January 28, 2022 2:39 AM
@All
re: Report that a US Stealth Fighter F-35C flopped into the South China Sea
US naval patrols in the South China Sea, intended to provoke China and raise blood pressure with close-to-the-line navy exercises (1), had one of the top of the line, ultra sophisticated US fighter jets, an F-35C, bounce the landing on the aircraft carrier (2) and flop overboard.(3)
The problem isn’t that the plane cost $100M to make but that it flopped into Chinese claimed waters and there is some serious concerns that a Chinese sub will get to the crash site first and claim the wreckage.
China indicated that they aren’t interested but… there’s some juicy high tech stuff on board, so whoever gets there first might find something useful.
A US Salvage ship will take 10+ days to get there.
===
1) a la Gulf of Tonkin incident.
2) Lots of pilots crash during touch-n-go practice on land, doing it on an moving-swaying aircraft carrier is not a trivial exercise.
3) The pilot ejected; there were others injured in the accident.
Clive Robinson • January 28, 2022 4:38 AM
@ null clam,
Your mission, should you decide to accept it…
The last time I even came close to doing that was decades ago, back in the early 1980’s when trying to write a program to automate ship stability calculations.
What ever you try, you end up with what we would now call a “chaotic component” kind of equivalent to balancing an object on a point that is on it’s center line of it’s center of gravity, and whilst you can make it small it just won’t go away. For example consider the corner of a cube you can come up with a formular you can encode on a computer that indicates there is a position it will “balance”… But it’s wrong[1].
But don’t use intuition unless you reason it out…
We intuatively assume that a tossed coin can not land and balance on it’s rim. Well it can, and I’ve seen it happen twice in my life, maybe one day I’ll see it again “for the charm”.
But if you think about it, all a coin is, is a thin slice of a rod. Now our intuition tells us rods don’t balance on their ends, which conflicts with coins where the faces they mostly land on are the ends of a very very short rod.
After some tgought you realise that the change in probability comes about somewhere close to when the rod diameter and length are the same.
Which brings us back to the cube and it’s six corners… A slice of rod has edges but no corners… We find that the near cubical slice of rod won’t balance on it’s edges unless… We spin it along the diagonal from one edge to the opposite edge on what would be the other face of the coin.
In other words the coin is also when spining in effect a thin slice from a sphere…
We know that spheres have no corners or edges to balance upon… Yet a spinning cube is a good aproximation of a sphere and will balance…
Which begs the question of “What happens when you spin a sphere?”
Well don’t bother trying to model it on a digital computer… Look at the sphere as not having “no corners” but as having “an infinate number of corners” to realise why.
You will realise from the cube approximates a sphere when spining that a corner has a “maximum diameter” property which defines the spining sphere diameter. Thus anything aproximating a sphere with a maxima on the rotational axis through the center of gravity has a “corner” on which it can spin. So remember those Victorian “spining top” toys?
But… Now consider balancing a rod on the end of your finger, like a pencil. You can do it but only briefly.
Counter intuatively it gets easier the longer the rod is. From this a little experiment with sticking it in “the teachers apple” then balancing it, you will find it’s not the length as such but the mass moving the center of gravity away from the balance point.
It’s why you can with very little practice balance a broom with the end of the handle in the palm of your hand and the brush end up in the air.
If you go back to looking at the Victorian toy “spinning top”, you will realise that it is infact shaped like an upside down rain drop.
So the real answer to Columbus’ balancing an egg on it’s little end puzzle[2], is not to damage it by flattening the end. That’s the “search by Digital Computer for a solution” answer, the real world answer is to spin it, and several mechanical “adult” toys have been made for after dinner entertainment[3].
But think back to the “cube aproximates a sphere when spining” argument above what is it about the faces of the cube that give it the stability a sphere or egg does not have?
Well the story of how Columbus did it gives you the answer. You need an area of zero curvature “normal” to the axis of the center of gravity as a starting point. It’s easy to do with a sphere you just “grind a flat” but mathematically you are doing something else, your balance point is now at what you might call the shortest or least diameter.
You can if you follow further reasoning come up with a near egg shaped object that will stand on it’s end. It’s called the supper egg[4].
Whilst this might appear as impractical musings, I was once asked a “trick question” in a job interview related to this. I was “the weakest candidate” based on qualifications and previous work experience, but a friend that worked there thought I would enjoy working there. So I just stuck the C.V. In more to get interview experience more than anything else. To my surprise I did get called to interview, where the question was asked. Whilst they were looking for the “zero curvature” answer, the fact I could explain my own reasoning of how you get there got me the job offer.
Sometimes it’s not “Who you know” or even “What you know” that is important but showing you “know how to look beyond” what others assume is obvious.
[1] When you get down to it you find it is an artifact of the fact digital computers only work with a limited subset of natural numbers(N). So whilst they can fake working with integers (Z) issues arise like having two zeros or imbalance. Digital computers can even be made to work with a limited subset of rational numbers, but with more issues arising. Effectively that’s it for digital computers, everything else has to be “faked up”, with the unfortunate result there are all sorts of issues hiding in there for the unwary. Which is what drove me to very carefully read some of Donald Knuth’s publications.
[2] https://en.m.wikipedia.org/wiki/Egg_of_Columbus
[3] https://en.m.wikipedia.org/wiki/Egg_of_Columbus_(mechanical_puzzle)
[4] When you look at a “superegg” you will see an elongated cube morphing into a sphere 😉
https://en.m.wikipedia.org/wiki/Superegg
Oh the maths behind it also has relevance to orbital calculations. The basic math behind elipses can be easily reasoned from Pythagoras and by slowley rotating a hoop and seeing it normal to the rotational axis and from along the rotational axis.
Clive Robinson • January 28, 2022 7:26 AM
@ ResearcherZero, SpaceLifeForm, ALL,
… they decrypted the cookies file using the user’s DPAPI key…
Showing once again that ciphertext and KeyMat, should be correctly issolated, which is impossible on a standard architecture computer.
You need to add “segregation” by “gapping” and strongly mandated “gap crossing” mechanisms.
In short the equivalent of a “correctly designed and built” “Hardware Security Module”(HSM).
The real problem with HSM’s as has been repeatedly shown, is that “correctly designed and built” is hard, very hard to get right.
Further monitoring of the gap crossing mechanism is usually not deployed.
Back in the late 1990’s I was pushing for a strong authentication method for individual financial transactions in “On Line Banking and Finance”.
Within a few years I had come to the conclusion that you “Must put the Human in the authentication Chain” to check the traffic was not harmfull.
My position on this has not realy changed and one reason for saying “Paper Paper Never Data” for moving sensitive information around.
Printing out reading and then scanning in might appear tedious but atleast you know that there is not malware etc at the lower protocol levels[1].
The movment of information into and out of “secure enclaves” of all types is a fairly vexed one. Especially when it comes to covert side channels. However as far as I’m concerned, there is sufficient evidence to say it is impossible to stop covert channels, just limit sometimes severely their utility to an attacker.
I’m by no means providing an excuse to people. The rule behind my “First Question still applies which is,
“If an attacker can not reach the system, they can not attack it.”
So the question arises as to how best to leverage that rule, in moving information. Something to little attention is paid to due to,
“The (in)security rule of (ab)user (in)convenience”
[1] Higher level protocols are much harder to deal with. To communicate information you must have redundancy, and where redundancy exists so does the availability of various types of side channel. Most side channels can be fairly easily made not just covert but imposible to prove they exist by just observing the channel. By strongly mandating protocols you in effect push the redundancy up the protocol stack. If you think about “scripting languages” that are interpreted, it would not be hard to write an interpreter that can treat what would like ordinary if very slightly odd natural language as a program.
Clive Robinson • January 28, 2022 8:24 AM
@ SpaceLifeForm,
Wire Wrap
Ahh “Oh happy days”[1] back when I used to pull junk appart. Yes my first direct contact with computer programing was memorable[2] and at school. Even though I’d been programing my calculator for a while before that. But to me the smell of a warm soldering iron as I desoldered components such as transistors from the earliest of computer scrap, still has a fond place in my heart.
[1] To mis-quote the Gospel hymn,
“Oh happy days, (oh happy days) Oh god He taught me (he taught me) how To Watch Fight and pray (Watch Fight and pray). Oh god he taught me (he taught me) How to wipe their attacks away (wipe their attacks away)”
[2] I was seen as “bright and curious” at school, which is as I know, a very dangerous combination. So they had to do something to keep me out of trouble some of the teachers could barely comprehend. Looking after the rats in the biology lab did not keep me out of trouble, just made the trouble way way more interesting curiosity being what it is, I found I could train the rats to do things and slipping them the odd walnut usually caused random loud noises in the middle of classes 😉 So they decided “computing” might be the way afyer all what harm could I do… So one day the physics teacher (Paul Muggleton) who I was already doing “satellite tracking” with suggested I might try “BASIC programing”. He briefly explained the control structures but suggested I printed out factorials… What got lost somewhere was the fact that the computer had a factorial function you could use. He explained in depth how you generate factorials manually so you could check the program output. I misunderstood and thought he wanted me to write the program that way… Which back then was a whole lot harder than you might think as the control structure in BASIC back then were not what they are now (thanks to algol68). Anyway I diligently put my program on to punched paper tape, but when uploaded it produced error messages I did not understand, so I asked for help… One glance later I was told “This is not what I told you to do, don’t you listen to what people tell you?” and he was very clearly annoyed… What can you say… Lets just say things went down hill a long way for quite some time, and it almost caused me to give up on studying physics and electronics… Luckly my dad pulled me back as did friends in the Pirate Radio world, but it was a close thing.
I guess however the teachers got the “what harm can he do with computers” factor rather wrong… Well not that long after I apparently did enough harm to have then UK Prime Minister “Mad Margaret” Thatcher want me setup to be a judged a criminal and incarcerated or similar… By luck my sixth sense stopped that happening to me but not Robert Schifreen and Steven Gold, even though I warned them… In the 1980’s they got set up by “Micronet 800” and the Met Police for “fraud” by impersonation and tried, convicted, cleared on appeal and finally the House of Lords ruled against Mad Maggies personal machinations and said that the legislators (House of Commoners) to make appropriate legislation which they finaly did in 1990.
Clive Robinson • January 28, 2022 8:31 AM
@ null clam, SpaceLifeForm,
For a while, we dwelt under the AEGIS
Did you ever look at the Andrew File System? And Plan9?
Clive Robinson • January 28, 2022 8:47 AM
@ JonKnowsNothing, ALL,
We cashier Captains that take initiative to save their sailors lives when not in combat.
That still disgusts me to my very core every time I think about it.
It’s not realy any different in the UK, just less publicly blatant.
There used to be a form of covernent between the Government, and Armed Forces, at the very least a form of respect…
But now, because that has costs, some who are self entitled view it as rightfully theirs thus being in their very warped view “stolen out of their pocket”. The fact these self entitled buy politicians and their views, not just individually but by a whole political party or two they get their way…
So people that have decided to do the honourable thing for their country are being not just disrespected but having their lives thrown away…
What should that tell the average voting citizen about not just about the priorities of politicians, but the views of those who own them, especially how the self entitled might view the voting citizen and the sickening plans they have for them…
null clam • January 28, 2022 5:20 PM
@ Clive Robinson
Re: making one’s head spin
Thanks for the helpful discussion leading from simple cases of balance and stability, through more complicated ones, by repeated analogies. A great lesson as you say “know how to look beyond”. A professor long ago tried to instill in us students this habit of creative stretching, which he had had inculcated by his teacher, Paul Halmos.
I think perhaps if you took it further you might well find a more conceptually unified and simple account of the behavior of the Gömböcs figure and why it has its special characteristic of a single stable equilibrium and a single unstable equilibrium and no others.
Especially your remark Look at the sphere as not having “no corners” but as having “an infinate number of corners”
One could say it has an infinite number of unstable corners (unstable equilibrium points), since it will move (roll) from any of them with the least perturbation, in the frictionless case forever. Similarly the Gömböcs figure could be considered that way, with all points unstable corners, except for two of them. Unlike the sphere rolling homogeneously, as the Gömböcs figure moves, transitions from point to point, something is changing which in brief causes it to converge and stop in these two locations.
One might wonder if this is somehow related to the “can’t comb the hair on a billiard ball” theorem (ie every vector field that tries to remain tangent to the sphere has to have singularities).
And in terms of self-stabilizing compute systems, perhaps the biological immune systems, with their self maintenance and self-notself discrimination, could be considered examples.
null clam • January 28, 2022 5:28 PM
@ Clive Robinson @ SpaceLifeForm
the Andrew File System? And Plan9?
Alas, I never worked with these. It seems they remain somewhat of specialist interest, and never caught on generally. Is that because they are solving a different problem than general computing has ? Similarly, Frank Soltis’s “Fortress Rochester”, which seems to live only in a restricted context.
Clive Robinson • January 28, 2022 6:47 PM
@ null clam,
And in terms of self-stabilizing compute systems, perhaps the biological immune systems, with their self maintenance and self-notself discrimination, could be considered examples.
The immune system gave me some of my ideas for “Castles-v-Prisons”.
Not in the crass way of most AV systems that are static thus can be avoided but in a “Is this us?” way.
When code executes it generates signitures of it’s operation that mainly stay within “average ranges”. When those ranges are exceeded something is abnormal. So the question arises is it due to abnormal data, or something that should not be there.
Basic physics tells us that if work is being done, resources are used. This implies two things,
1, Resources move from ordered to disordered.
2, That the process has to generate waste resources that are signals.
Processes that are generating “our-signals” are distinquishable from processes generating “not-our-signals” thus just as macrophages are sensitized to not host protien sequences we can do similar inside a computer.
One way is looking at “code distance”. When we compile a program the compiler tries to make execution as local to the point of execution as possible to mininise slow memory cache etc issues.
Malware is almost never local to compiled code execution. This can be detected by the significant rise in energy, time, etc.
Slightly oddly perhaps this has come up on a recent thread about using EM signals to detect malware.
What we now need is a way to progress to the “editing out” of malware in a running system without it having to be stopped etc.
That is in the immune system a phage consumes the “not-our-protiens” thus limiting and stopping the infection before too much harm is done.
However there is the next stage which is not realy part of the immune system which is the restoration. That is infected cells die by various mechanisms –interia / exteria pathways– and are consumed for reuse. However there is a genesis process that replaces the cells. In toto restoration is a significantly regulated process hopefully not causing either cancer or apoptosis in living creatures, but we still know little about it.
Hopefully any in silico system will be as finaly tuned as required by one or more mechanisms, but that leaves the issue of drivers for these mechanisms and the gathering of signals and signitures, something that is barely researched currently.
Clive Robinson • January 28, 2022 8:01 PM
@ null clam,
Re : Gömböcs figure
I admit I’ve never heard of them, so I looked them up,
https://plus.maths.org/content/story-goumlmboumlc
But one thing is apparent, if you look at the image of one given there, it is what I was describing in parts…
Consider the base of it as “rod like” that changes into a “cube with one coner upper most” and the edges alined with the rod maxima and minima. Then take the pair of opposit edges of the cube that are aligned with the rod maxima and form them into a near circle you would get that would just hold the cube and with an “egg like” curve for the pair alined with the rod minima.
The problem is that the “rod like” part can not have flat ends, as this would create two points on which the shape could just like with the face of a cube balance at rest. That is they must have curviture that is not zero unlike the base of the rod like part.
Now whilst I can see all this in just a single glance, that does not mean I could have come up with it in a blink of an eye, or even at all.
So could I have found it on my own?
It’s an interesting question, I certainly already knew the information that was required. But I never realy had reason to think specifically for something with those required properties (I was dealing with self righting on a fluid not solid surface).
That said though, could you change the four edges of the cube for a different number?
Gut reaction / intuition says the answer is very probably yes if there are an even number of edges, with the base a little more like a squashed sphere than an aproximation to a rod…
But how about an odd number say the minimum of three edges?
Now that is going to take some real thinking :-S
null clam • January 28, 2022 9:44 PM
@ Clive Robinson
the next stage which is not realy part of the immune system which is the restoration … a genesis process that replaces the cells
Perhaps growth mechanism and immune response are parts or expressions of a single thing. They are analogous in some ways, e.g, they both “know” what should be there or come next, and the action they both take “knows” when to to stop.
name.withheld.for.obvious.reasons • January 29, 2022 4:21 AM
@ null clam, Clive Robinson
AFS was initially part of Decorum, the consortium that along with CMU developing Mach, Mach AD, later incorporated into Open Systems. Of note, as Open Systems reached market entropy, Microsoft subsumed the project. AFS has several attributes for distributed computing. The AFS dynamic namespace management allowing traversal to initiate context based mounts. Additionally AFS supported a robust replication model that had several features for highly clustered server environments and restoring or warm site operations. The number of base technology sets coming out of Open Systems was amazing. Today’s architectures share much with this work and remains relevant but not in any incarnations surrounding the original work.
SpaceLifeForm • January 29, 2022 4:24 AM
@ null clam, Clive
Never dealt with AEGIS.
Andrew File System? Researched but eliminated from consideration.
And Plan9? Same.
Reading thru the comments on current BOFH, I came across a comment by Adelio which rang some bells.
https://forums.theregister.com/forum/all/2022/01/28/bofh_2022_episode_2/
Used one one at Dehaviland College Borhamwood in 1980 doing my computer operator course.
It was an NCRCentury 201
Has a card reader as well as 5gb swappable hard drive as well as the Wonderfull barrel printer.
we had to use a paper tape to define the “top of Form”
I think Adelio mis-remembers the hard drive size. I’m sure it was 50mb.
The console was interesting. The card reader (Hollerith) was used to boot the machine. Took 4 cards to boot. Had a bunch of lights, switches, and buttons. The console used thermal paper for output. Do not spill coffee into the integrated keyboard as a hardware tech did to me once. He was lucky that he had spare hardware for that back at his office.
IIRC, you had to load in a couple of instructions to specific addresses then change the program counter to point there, press LOAD, which then would chainload the 4 punchcards into memory, and continue. The operator was the BIOS. Core memory. You could partition the memory at boot time. Could run up to 4 jobs at once.
I had forgotten about the printer control tape. Now, I recall having to change the printer control tape (a loop of mylar plastic with holes), depending upon what size of paper form needed to be printed. There was an adjustment knob on the printer to make sure after changing the printer control tape, and the paper, that you had the form paper properly aligned by performing test prints. When printing checks, I would have to waste 2 or 3 during the alignment. The software would then ask what the starting check number would be, and away it went. It then knew which checks went to whom. I would then hand void the wasted checks from the alignment procedure.
Dealt with decollating machines for 3 ply reports. If they were small, I would do by hand while waiting for some other job to finish. Carbon paper. Messy. Most of the printouts were standard green-bar.
When I left there, the system was running on a whopping 256kb of memory.
All in all, pretty cool stuff at the time. 16 bit.
I will never forget the addresses 0x1AD0 thru 0x1AD4. Crash.
https://www.pc-freak.net/files/NCR_ATM_terminals/www.thecorememory.com/html/ncr_century_201.html
SpaceLifeForm • January 29, 2022 5:30 AM
@ lurker, ResearcherZero
The problem with the CS report is that attempts to deflect from a core issue in the Windows environment in this case. The users were able to re-use old passwords which should be discouraged of course. But, even if they re-used old passwords, the password hash should have been salted, so the hash should change even if the plaintext password did not.
I really do not trust this report to be fully informative.
Clive Robinson • January 29, 2022 6:12 AM
@ SpaceLifeForm,
I think Adelio mis-remembers the hard drive size. I’m sure it was 50mb.
Probabbly less than that back in 1980, 10Mbyte and some 20Mbyte were what were appearing for the Apple ][ and other system. Even “large pizza” sized removable disks used with “Business” mini-computers were in the 10Mbyte and less range.
Just a few years later I was working in the design of a very high end comouter for body scanners, which used 100 4bit “Bit-sliced” chips to make it’s ALU. As I’vementioned before we were very privaledged to have 1Gbyte 8″ hard drives hot off the development line. We used them in parallel to get 16bits at a time, to feed the computer fast enough. Due to issues I developed a parity and voting protocol mirroring system that became a couple of lines in a UK Patent, that also mentioned more complex “Error Correction Codes”(ECC) could be used (like Hamming which is what we used).
This was years before the SIGMOD conference in 1988 where University of California Berkeley researchers Patterson, Gibson, and Katz, gave their paper “A Case for Redundant Arrays of Inexpensive Disks (RAID)”.
Where they argued “Single Large Expensive Drives”(SLED) of the likes of what we now call “Big Iron” manufactures and cost fractionale sizes of millions of dollars could be replaced by arrays of smaller hard drives that were emerging for the Personal Computer market and which by then were upto a few thousand dollars each.
Whilst they invented the term “RAID” and we managed to get a pattent on the ideas of mirroring, parity, voting circuits and error correcting. The reality is others had gained pattents elsewhere as early as the 1960’s. Those pattents were in effect “primary pattents” that were never expected to earn money directly, but could be used by major companies such as IBM as “Keep off our Grass” markers, and a source of royalty checks from independent developers.
There is a story told by Sun, that in the early days, IBM sent them some patents, which is the first step in a turf war or legal action for infringement. Sun engineers put together a presentation to show they did not infringe a single one of then and invited some IBM execs to be shown the presentation and then the door. Well the story says the execs sat there and said nothing untill the presentation was over. When the most senior basically said the presentation had been a waste of their time, and Sun should just pay up… Because even if they could beat these patents IBM had plenty more they could get them with…
So basically a nasty little protection racket and shake down in which IBM were not alone as it was a foundation stone of the highly profitable “tied in markets” that were operating in those days…
Clive Robinson • January 29, 2022 6:59 AM
@ name.withheld…, null clam, SpaceLifeForm, ALL,
Of note, as Open Systems reached market entropy, Microsoft subsumed the project.
Yes, it was not the only thing to be subsumed. Depending on who you talk to “Active Director” was a re-hash of the “Lightweight Directory Architectur Protocol”(LDAP) and “Kerberos” ticketing system, that was given the “Embrace, Extend, Add Propriatory to Own and Capture Market”(EEAPOCM) preditory behaviour.
The classic being FAT systems. FAT12 was a clear outgrowth of other Didk Allocation systems, and FAT16 an upgrade to that, as is FAT32, however Microsoft added the extended name system and thunk down mechanism to 8.3 naming, which the claim is proprietary to them. So the FAT part of FAT32 should be non proprietary and constraint free. However what MS calls FAT32 is effectivrly a registered name of their standard that uses the filename extension/thunking, so MS claim you cannot call it FAT32 or even compatable without including their proprietory features which requires a licence fee etc, so MS used to get a big chunk of change out of the embedded and RTOS market.
It’s a game few honest engineers can abide as it goes against the primary engineering ethos which is much like that of doctors,
“Improve the lot of man but first do no harm”.
Sadly the “harm” factor is so broad these days that arguably making anything harms something, like the environment indirectly or directly. Even software now falls under that thanks to BitCoin and Co showing up just how much energy use of software contributes to Global Warming, and the ruination of states that have an “inexpensive energy” policy to encorage useful economic growth.
Clive Robinson • January 29, 2022 8:36 AM
@ SpaceLifeForm,
With regards,
“Used one one at Dehaviland College Borhamwood in 1980 doing my computer operator course.”
And the thread it comes from…
I worked at a College as a technician trainer whilst finishing qualifications on the dred “Day Release”…
Well one job was to move an old computer system that had been given to the college as it was probably easier than getting a scrap man to take it away.
Another technician there Iain Lenox got it up and running and not only did it suck electricity “like a drunk under a Whisky still tap” it made more noise than a light aircraft of the time. The control console looked like those you see in the “1970’s” TV series “UFO”. And had a speaker for “debugging”.
It had a drum printer, in the bottom of which was a 110V capacitor bank made of around eighty 10,000uF capacitors. You could charge it from a car battery, and it would run a car radio for about a minute and,a half at reasonable volume. It was also realy impressive as showing six inch nails as “fuses that explode”.
Our “summer job” was to break it down for “scrap” which was a real shame. I still have one of it’s half switched mode half linear regulator power supplies that gives over 30amps at 24volts (yup a horse power) that was used in a “tape drive” for a DC driven “capstan motor”.
Buy the time we had finished stripping and sorting we got over three tons of very high quality aluminium fram the “face plates” of the tape,drives that were rack sized and three quaters of an inch thick on which the motors etc had been bolted.
But the real prize and the one that caused all the trouble, was the five ounces of gold that came off of the edge connectors and wire wrap backplanes. I had a friend who had an “in” in a slightly shady world of precious metal recovery and we did a deal… Which was a lot lot more lucrative than the “50 quid for the lot” offer that the college had been made. Even back at the end of the 1970’s refined gold had quite some value. It rose from just over $400 to over $550 per Troy ounce –not Imperial ounce- as the GBP dropped against the USD it was around 2.25 dollars to the pound so it was a little under £800 or about 2months salary back then. So you can see why there was a “bit of bother” with the hierarchy, who suddenly decided that letting us use the “scrap money” for the technichans “Christmas do” was “NOT appropriate” any longer.
But things change over the years… if you want it in modern value which has gold closing yesterday at $57,643.40/kg. With ~32.151 Troy ounces in 1kg and ~35.274 Imperial ounces it’s approximately $262,699 which is a lot more than a couple of months average salary even in Silicon Valley…
null clam • January 29, 2022 11:11 AM
@ name.withheld.for.obvious.reasons @ SpaceLifeForm @ Clive Robinson All
remains relevant but not in any incarnations surrounding the original work
It seems this happens repeatedly, insightful ideas and implementations that have broad applicability only survive and pass into general use in special sub-pieces, or if as complete wholes only in limited contexts. I have seen even within a single controlled computing environment well thought out important subsystems cease to be used as systems, but their key parts pass on into general use and survive as the total compute environment evolved over decades.
Why does this happen, and what characterizes things that receive general adoption ?
lurker • January 29, 2022 11:37 AM
@SpaceLifeForm
“a core issue in the Windows environment …
the password hash should have been salted…”
simple errors
spectacular failures
no learnings
null clam • January 29, 2022 1:06 PM
@ SpaceLifeForm @ name.withheld.for.obvious.reasons
CopyLEFT trolls
It’s obviously impossible to create a perfect legal document or contract, there will always be “bugs”. The remedy is ancient, at least Roman: “de minimis non curat lex”. Why has this notion, and the generally equity and prudence [1] ceased to be a part of law ?
- Wegemer, G. B. and Smith, S. W editors (2020). The Essential Works of Thomas More. New Haven and London: Yale University Press. ISBN 978-0300223378
Clive Robinson • January 29, 2022 3:22 PM
@ Ted,
Sorry I missed your,
It’s hard for me to even imagine what the world will look like 100 years from now.
I’m in the strange habit of looking at things and seeing how to use/improve them in ways that hapen a half decade to a decade and a half later. Don’t ask me how I do it I don’t know but my “gut feelings” appear to run on some “fitness function”, and arguing with others who have similar gut feelings.
But there is no way I would try and argue out to a hundred years let alone more.
But history does teach us some things,
1, Broadly humans don’t change physically or suprisingly to many socially.
2, Society moves over all from conservative to liberal, except where there are increasingly recognised harms.
3, Conservatives desperatly try to move backwards in time socially, not for profit or actually security, but for status (they have a strong narcissistic element to their make up).
4, Where there are those seeking status, behind them are those seeking power, though they appear to want profit, that is mainly to be used as a tool to aquire power or status or both (they have a strong socio/psychopathic mental disorder).
5, Physically those that are conservative and seek status or power are actually moraly cowards. So they seek to protect themselves with “guard labour” but not any guard labour, they tend to pick certain types (that are also cowards but have a strong sadistic element in their behaviours and wants).
6, The conservative types naturally form hierarchies thus history gave us the “King Game” and “the estates of man” where less than 20% of the population controled the more traditional resources for their own benifit and subsumed the rest of the population by guard labour, fear, and indoctrination via religion.
7, History teaches us that such hierarchies become increasingly fragile for various reasons and fail every thirty to hundred or so years. In part this is due to life expectancy and is three to four generations (we are getting close to being overdew).
8, But traditional resources such as land, do not give a great deal of power, thus we develop technology, that most of conservative outlook can not understand, and look at in the wrong way. But seek out nether the less due to desires of status and power.
9, Technology follows two types of “S-Curve” the first has exponential growth, then exponential decay due to resources and efficiency. The second type is “interlocking” and due to cost/profit, initially the cost is high and profit is low, cost starts to drop and profit starts to rise then the curve turns back and the technology is replaced by another technology on the rise. These second types of S-Curve sit on a tangent line that changes slowly enough it can be aproximated as linear for near future projections.
10, Smarter people spot when technology gets close to a tangent and know when to jump from one technology to the next, thus create their own tangent ahead of others.
Knowing this helps you see historic successes and why things worked the way they did, but do not make very good predictive tools for the future. As they say about financial investments,
“Past performance is no indicator of future performance”
And the reason is humans see rules and use them, other people likewise know those rules so know what the majority are going to do, so they “get ahead of the curve”.
It is also the reason I’m very wary of “Machine Learning”(ML). ML is all about finding “Past Performance” and using it to predict “Future Performance”… Unless it finds a new fundemental rule that remains secret, it’s future behaviour is going to be effectively known, thus predictable, so gameable.
Now it takes no great intuition that there are certain basic types of people that will take advantage of ML in much the same way as they do society. Which means the future is going to be “chaotic” in the mathmatical sense, of a function being extreamly sensitive to it’s inputs.
So every time you or I make a prediction, right or wrong we change the future a small degree. By how much, depends on a number of things, but one is by how many people listen to what we say and use it in their own forward actions.
If you look back over this blog you can see I and others have made predictions that are about eight years ahead. Mostly because nobody listened to what we said 😉
Or more importantly could be bothered with the “history” we used to make our predictions. As I keep pointing out the ICTsec industry does not learn from it’s history, even it’s very recent living history. So the same fundemental mistakes keep happening over and over with almost relentless predictability. The only unknown being the actual new context the old trick gets reused in…
Therefore those prediction tangents tend to be a lot more linear in ICTsec than most would expect…
So that hardware “Xmas Gift that keeps giving” of “meltdown” etc due to Intel’s abomination of a design is as I indicated “still giving”… and I would expect another in the near future (within the year). But whilst it will be serious, I suspect nolonger realy news worthy such is the nature of these things.
SpaceLifeForm • January 29, 2022 4:19 PM
@ null clam, name.withheld.for.obvious.reasons
re: CopyLEFT trolls
It’s obviously impossible to create a perfect legal document or contract, there will always be “bugs”. The remedy is ancient, at least Roman: “de minimis non curat lex”. Why has this notion, and the generally equity and prudence ceased to be a part of law ?
No one listened to Dick The Butcher.
Clive Robinson • January 29, 2022 5:22 PM
@ null clam, JonKnowsNothing, name.withheld…, SpaceLifeForm, ALL,
Why does this happen, and what characterizes things that receive general adoption ?
A simple but enigmatically usless answer would be,
“Four ounce claw hammers are of more utility than 50ton steam hammers.”
But to take you a little further,
“Tools are designed to be used to make things, but the things they make are generally not tools.”
In a more general sense bridges are made of many parts including “nuts and bolts” but also nuts and bolts are used to build many other things.
So take a “systems” view. As a general rule a system is designed for a singular purpose. However a system is made of subsystems that generally have more than one purpose or can be used in more than one system. In turn the subsystems are made of other parts be they other subsystems or finally individual components. Each layer you descend the more generalised in use, or the more systems it can be used in increases to some power law. When you get down to the component level like nuts, bolts, washers or lines of code, the number of systems they can be used in is unimaginable, as is the number of uses they can be put to.
Tools and subsystems are effectively interchangable. They both have a wide use and are made of component parts. What marks them appart from components is they have a level of complexity where their utility has reached a certain desirable sweet spot.
Hammers have a near universal function which is to convert kinetic energy to what is perceived as usefull work. However “usefull work” is very very broad, so it has near logrithmicaly placed sweet spots based on a percentage increase of usually 5%, 10%, 20%, 30% or 100% increase. So you have 1 ounce pin hammer ranging to a 50 ton or more steam hammer.
Bolts likewise go up logrithmicaly in size based on a percentage rule. So, so do nuts, washers and all maner of other things like holes and the drills and reamers that make them.
As a rule nature hates linear, and loves ratios so growth is by percentage thus to a power or logrithmic when there are no limits or exponential when there are. It’s kind of built into our outlook on life though we mostly do not realise it.
In software we have a real issue, that most software writers never ever think about. Computers only use “countable numbers” from zero to some hard limit like 2^16-1 (65535). Kind of OK if you are just adding or subtracting in that range. But it takes no great skill to work out some of those numbers are effectively usless. You can look at your “times table” to see that of the hundred numbers in it most appear more than once and of the numbers 0…99 over half not at all. Also they have a crude but recognisable distribution curve Which is why we have Benford’s or the first digit law[1].
Percentage changes are scalings of multiplication by a constant or it’s inverse so we tend not to notice just how deficient computers realy are (something Intel crossed it’s fingers over with the Pentium Math bug).
But we like algorithms that “average to the middle” there is an “XXX’s Law” for it but I can not remember their name.
So we intuitively look for “middle of the road sweet spots”, which with functions generally only happens below a certain complexity.
So we end up favouring not systems that are mostly now so complex they are way beyond any single persons cognative abilities, but functions that are made of a ten to a hundred instructions in the language used (which gives us surprise surprise the “two page/screen rule”).
So the higher level language you use generally the more productive you will be and the less bugs your system will have[2]. The ultimate form of this is *nix Shell Scripting, where experts write applets and more general software developers just “bolt them together” almost like plumbing to build entire systems. It was this notion that figured strongly in my “Castles-v-Prisons” thinking. Where applets have “strong signitures” and Systems have “weak/diffuse signitures”. Also “shell scripting” embodies strong reuse of usually well designed and written applets, is very fast to put systems together with, which generally have few low level vulnerabilities, and it’s generally much easier to change “The business logic”.
I could go on but hopefully you can see why things are as they are and that it is human implicit perceptions and limited abilities that got us where we are…
[1] https://en.wikipedia.org/wiki/Benford%27s_law
[2] Unfortunately people make the mistake of assuming that functions are equivalent to instructions, they are not. Which is why code libraries not developed as an intrinsic part of a language are generally very bad news, as people who get into “code reuse ruin” and “dll hell” find out. The problem is too many people think they can write “all things to all men” code that can be reused endlessly. I call it “kitchen sink code” for two reasons, it looks like the mess you get in a house of lazy students or worse, and secondly they throw in everything including the kitchen sink. The result is horrendous code full of needless complexity thus has a large attack surface… As log4j has recently shown, and sufficient to even wake up the US “Securities and Exchange Commission”(SEC) and “Federal Trade Commision”(FTC),
https://securityboulevard.com/2022/01/sec-ftc-issue-warning-on-log4j-vulnerabilities/
So there is a small chance the software industry might just change a little.
Ted • January 29, 2022 6:25 PM
@Clive
I was kind of tickled at your observations of liberals v. conservatives. I had been reading a book called “Surveillance Valley” a weekend or so ago. I’m only at the beginning. The book includes the author’s accounting of the history of ARPANET and some of its early machinations in the Vietnam War. I’d highly recommend the book so far.
Books about history can be really eye-opening. There is a podcast I used to listen to where the host would commonly read from military history chronicles. They were not light readings. I think his humanity transcended him taking a hard-line stance on any one viewpoint. He read from many different perspectives.
Ted • January 29, 2022 6:27 PM
continued
I’m down a few other rabbit holes at the moment, but I thought there was a good social work article on interactions with Vets. It was noteworthy to me because it cautioned practitioners not to over-simplify a person’s often very complex and confusing set of experiences.
Conflict and violence are still realities inside and outside of military theaters. They are still traumatizing. And every day there is still a bird singing somewhere. I don’t know what to say.
SpaceLifeForm • January 29, 2022 7:19 PM
@ Clive, ALL
Planetary Tools
“Tools are designed to be used to make things, but the things they make are generally not tools.”
I have been to the Galaxy named Silicon, and in the Star System named Software, where I have met the inhabitants of the Planet Complexity, who may have a semantic argurment with you.
Complexity has a moon called Microcode.
And another moon called Firmware.
And another moon called Toolchain.
May the Forth be with us.
Clive Robinson • January 29, 2022 7:44 PM
@ SpaceLifeForm,
May the Forth be with us.
At the end of the day when you get down to it, everything is a matter of interpretation.
After all microcode is just a simple state machine, controling a very large ROM the output of which toggles lines to MUX and latches.
null clam • January 29, 2022 9:20 PM
@ Clive Robinson @ Ted all
Conservatives desperatly try
This may be true of some that are called or call themselves conservative, but I don’t think it is intrinsic to the core notion of conservatism.
The ideas of left and right, conservative and liberal are examined in thoughtful depth in the writings of Aurel Kolnai [1]. The following snapshots are from the essay “Conservative and Revolutionary Ethos” in that collection.
“Conservatism means, above all else, a resolve to see what is good in the status quo, and to keep, protect, cherish and reinforce this stock of value. …
“A person exists not only for himself and for others, all alike or selectively, but also for the common good, including its specific forms and the “regulations” that issue from them; for things, goods and values, therefore, which cannot without remainder be derived from the interests or inclinations of “the individual,” nor indeed these interests fused or conglomerated into a single, massive value of the Whole; for the conservative attitude respects, without absolutizing, private interests, private spheres, personal freedom and preferences. …
“… a conservative system ought always to be introducing careful reforms not only to meet the various demands of justice but also to attain the goal of “conservation” itself. For reality involves continual spontaneous changes … ”
Kolnai is well worth reading. He had direct experience of real fascist rule. He while living in Austria wrote one of the first major critical analyses of the Nazi movement “War Against the West” (1937). He barely escaped from Nazi occupied Europe to Canada; after the war he lived in England and then the USA.
- Kolnai, A. Privilege and Liberty and Other Essays in Political Philosophy
JonKnowsNothing • January 29, 2022 10:07 PM
@ Clive, @null clam, @name.withheld…, @SpaceLifeForm, 2ALL
re: Tools at the 100 year mark
First concept: Times Arrow and Times Cycle
Western thought focuses on Times Arrow. Things go from A to Z but not backwards.
Other systems focus on Times Cycle. Things go in phase and repeat.
Both views include some of the other.
Day, Time, Season, Years are Times Cycle. The Carousel of Time…
Birth, Childhood, Adult, Aged and Death are Times Arrow. Kisses Sweeter Than Wine…
So, it may not be a straight up shift as a good number of events are likely to occur within 100 years that even if we think we are prepared for them, we won’t be. Loma Prieta…
So to be considered:
Tools have a specific and current use. The claw hammer maybe more useful than a 50ton sledge hammer but a 150lb hydraulic fence post pounder beats out a claw hammer for putting in posts.
You can still put them in the old fashioned way but humans abhor intense labor and can spend hours figuring out a way to “Do it easier” when the hard labor method would have sufficed, BUT only if it’s a one time deal. Putting in 1 post or putting in 1,000 posts makes a difference to modern thinking.
But if we roll back 50 years, 100 years, fences have been setup for eons and none of them had specialty hammers or hydraulic post pounders.
The main problem is: Humans Forget.
If we no longer “have a need” the item is forgotten, the information lost, knowledge gets perforated.
@Clive and Co, can remember exactly how they built motherboards, layouts and hand wrapped components. Much of this information is being lost as we move along the industrial automation system.
Programmers may still Roll Their Own, but lots of systems need “tool kits” of all sorts to Plug, Pray and Plunder. Few write in direct machine code, we become reliant on whatever level of tools are available at any one moment.
So, when you want to consider 100 years ahead, look back 100 years or more and ask yourself:
- Do you know what breeching day is?
- Could you even do up your breeches if you did?
- Could you make an “elastic” shirt cuff or collar without elastic cord?
There are folks that attempt to remember or recall what’s been lost. Keeping even that for another 100 years, will not be easy.
I learned how to flint knap. I can make a flint tool. Similar to what was made 80,000 years ago.
===
h ttps ://en. wikipedia.org/wiki/Breeching_(boys)
lurker • January 29, 2022 11:49 PM
@Clive, “After all microcode is just a simple state machine, controling a very large /what we believe to be/ ROM”
If something, somehow is Writing to what be believe to be Read Only, this diminishes the value of our microcode. Do you trust your microcode to know the difference between ROM and RAM’?
SpaceLifeForm • January 31, 2022 2:48 AM
@ lurker, Clive
Do you trust your microcode to know the difference between ROM and RAM’?
The Silicon is a Honey Badger.
The Electrons will move regardless. That is their role in life.
Protons? That is another story. Ask SARS-COV-2.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Mark • January 21, 2022 5:20 PM
I’ve been seeing info this week that certain US government agencies (such as IRS and SSA) are moving to require ID verification via private company id.me in order to use online accounts. This evidently includes uploading a video selfie which will be compared to uploaded official government id such as driver license. Doing a cursory search reveals lots of information suggesting this is a total train wreck of an idea, including an abysmal BBB rating for the company’s customer support. And it can’t be good that the company also partners with many commercial entities to provide shopping discounts when using id.me credentials.
It sounds like this has been in the works for a while, although this week is the first I’ve heard of it. I’m curious what information other people have about it, and if it really is the terrible idea it seems to be!