Friday Squid Blogging: Squid Skin–Inspired Insulating Material

Interesting:

Drawing inspiration from cephalopod skin, engineers at the University of California, Irvine invented an adaptive composite material that can insulate beverage cups, restaurant to-go bags, parcel boxes and even shipping containers.

[…]

“The metal islands in our composite material are next to one another when the material is relaxed and become separated when the material is stretched, allowing for control of the reflection and transmission of infrared light or heat dissipation,” said Gorodetsky. “The mechanism is analogous to chromatophore expansion and contraction in a squid’s skin, which alters the reflection and transmission of visible light.”

Chromatophore size changes help squids communicate and camouflage their bodies to evade predators and hide from prey. Gorodetsky said by mimicking this approach, his team has enabled “tunable thermoregulation” in their material, which can lead to improved energy efficiency and protect sensitive fingers from hot surfaces.

Research paper.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Tags: ,

Posted on April 22, 2022 at 4:04 PM130 Comments

Comments

JonKnowsNothing April 22, 2022 9:39 PM

@All

A MSM story about a company called Anomaly Six (A6).

A6 is a massive surveillance aggregator and can target anyone anywhere on the globe, including NSA, CIA, Foreign Officials, Military Personnel, Transit and Physical Surface Traffic, in real time.

Per the article, they did this as a demonstration of their reach.

  • A6 claims that its GPS dragnet yields between 30 to 60 location pings per device per day and 2.5 trillion locational data points annually worldwide, adding up to 280 terabytes of location data per year and many petabytes in total, suggesting that the company surveils roughly 230 million devices on an average day
  • A6 claimed that it has built a library of over 2 billion email addresses and other personal details that people share when signing up for smartphone apps that can be used to identify who the GPS ping belongs to.

The article indicates that A6 piggybacks on SDKs, 3d party data providers, and finding ways to by pass restrictions to snag data from other apps, systems, and interfaces.

===

Search Terms

Phone-Tracking Firm

Surveillance Powers

Spying on CIA and NSA

SpaceLifeForm April 22, 2022 11:02 PM

@ JonKnowsNothing

I assume you saw this. Note that there is no mention of SS7.

hxtps://theintercept.com/2022/04/22/anomaly-six-phone-tracking-zignal-surveillance-cia-nsa/

Winter April 23, 2022 2:11 AM

@JonKN, SLF, John, Clive
It says in the article:

would permit the U.S. government to effortlessly spy on Russian forces as they amassed along the Ukrainian border, or similarly track Chinese nuclear submarines.

So, here we see the submarines.

From the article, I guess it is SS7 combined with Twitter’s GPS tracking. We read in another link how Ukraine took action to block access to the SS7 tracking, e.g., blocking incoming connections.

I expect nations to take action. Cleaning up SS7 might be too much to ask. However, there are very nice other options for special military groups.

One would be to distribute phones with programmable SIM cards where phone and IMEI numbers are rotated over a large group and all connections are routed over VPNs that end in fixed numbers for the wider public. The Russian army used parts of such a system in Ukraine to evade tracking of their agents.

You can do this in a toy system (not exactly safe). You can set up WhatsApp in one SIM-less mobile using the SIM card in another. This disconnects your SIM position from your Social Media presence. You can then use WhatsApp anywhere with VPN over WiFi[1] connections without the other, SIM, phone even powered up.

[1] You can set up your own tunnel through your own server. No need to use commercial VPN.

Winter April 23, 2022 3:18 AM

Wireless power at scale:

NRL Conducts Successful Terrestrial Microwave Power Beaming Demonstration
ht-tps://www.nrl.navy.mil/Media/News/Article/3004608/nrl-conducts-successful-terrestrial-microwave-power-beaming-demonstration/

A team of researchers from the U.S. Naval Research Laboratory recently demonstrated the feasibility of terrestrial microwave power beaming by transmitting 1.6 kilowatts of power over 1 kilometer (km) at the U.S. Army Research Field in Blossom Point, Md., the most significant power beaming demonstration in nearly 50 years.

They say it is safe:

“We did not have to do that with SCOPE-M because the power density was sufficiently low that it was intrinsically safe,” Jaffe said.

Jack April 23, 2022 3:18 AM

CBD oil and medical marijuana are really helpful in the medical aspect but we all need advice and some orientations on how to consume them medically. We should also join hands together to fight against drug abuse. There are other cannabis buds for pain reliefs anxiety and depression, just follow the link below
https://cannabiscookiesshop.com/

Winter April 23, 2022 4:04 AM

Everything changes for Big Tech, now wait to see how much will stay the same.

EU agrees sweeping new digital rules in effort to curb big tech’s power
ht-tps://www.theguardian.com/technology/2022/mar/25/european-union-big-tech-googld-facebook-meta

The regulation would target what the act deems to be “gatekeepers” – companies with a market capitalization of at least €75bn ($82bn); at least 45 million monthly users; and a “platform” like an app or social network. That includes well-known firms like Google, Microsoft, Meta, Amazon, and Apple and smaller sites like Booking.com.

It targets concerns that apps have become walled off from one another, requiring that messaging services or social media platforms to “open up and interoperate with smaller messaging platforms”. Tech companies would also face tighter restrictions on using people’s data for targeted online ads, a primary source of revenue for the likes of Google and Facebook.

more at:
ht-tps://www.politico.eu/article/eu-landmark-rules-big-tech-anti-trust-digital-markets-act-dma/

The agreement is rather surprising as the big tech companies have done some serious lobbying with limited success to prevent it from happening:

Report reveals Big Tech’s last minute lobbying to weaken EU rules
ht-tps://vnexplorer.net/report-reveals-big-techs-last-minute-lobbying-to-weaken-eu-rules-s1065750.html

One major target for Big Tech lobbyists, per the report, has been around surveillance advertising as tech giants marshalled their millions to block off an attempt to get an outright ban on tracking-based advertising into EU legislation.

They succeeded in that goal as an earlier push by some MEPs for an outright ban did not gain full backing of the parliament so did not make it into the trilogue discussions. But the European Parliament did vote to incorporate limits on tracking ads into both the DSA and the DMA — with MEPs backing a ban on processing of minors’ data for targeting ads and a ban on use of sensitive categories of personal data.

More on the possible impact, it might set a standard like the GDPR did:

Will Europe’s ‘Gold Standard’ Clean Up Social Media?
ht-tps://www.washingtonpost.com/business/will-europes-gold-standard-clean-up-social-media/2022/04/21/aa891284-c1ee-11ec-b5df-1fba61a66c75_story.html

The DSA will still put Europe ahead of the U.S. in regulating big tech companies. The U.S. even fought the EU’s plans, arguing they unfairly target American companies. But plenty of Washington lawmakers have been pushing for tougher action and see the DSA as a possible model. The U.K. may end up being even tougher than the EU in tackling harmful content. Its planned Online Safety Bill would impose bigger fines and could even mean jail time for executives who fail to comply.

Leon Theremin April 23, 2022 8:18 AM

History time:

WHEN NEW YORK CITY WAS A WIRETAPPER’S DREAM

Eavesdropping flourished after WW II, aided by legal loopholes, clever hacks, and “private ears”

https://spectrum.ieee.org/illegal-wiretapping

Comment: only difference today is that the wires are under your skin and the remote sensors are in cell towers. The law is as useless, the victims equally unaware and the motives are just the same.

Nick Levinson April 23, 2022 9:43 AM

Pegasus, software from NSO, is the subject of a new article in The New Yorker. It’s a lay treatment that’s likely good, but I’ve only skimmed it, and sometimes the magazine’s website requires a subscription.

Ted April 23, 2022 12:39 PM

@JohnKnowsNothing, SpaceLifeForm, Winter, John, Clive, All

The article indicates that A6 piggybacks on SDKs

So A6 collects GPS location data from smartphone apps? They didn’t mention the apps, I don’t think, only to say that they have partnerships with “thousands” of them.

The 4th amendment is shedding tears.

The UI for their product is, um, good. Crazy to think how many firms like this are probably out there.

I guess unlike exploiting SS7 users wouldn’t get access to call or text message content?

Sen. Wyden calling it a national security threat is true. I wonder why it’s getting attention now, especially in light of the current conflict.

Winter April 23, 2022 1:43 PM

@Ted

So A6 collects GPS location data from smartphone apps?

I am not surprised:

Study reveals the apps that grab the most personal data
ht-tps://www.komando.com/security-privacy/data-grabbing-apps/762166/

There is more. Where to begin?
ht-tps://www.cnet.com/tech/mobile/over-1000-android-apps-were-found-to-steal-your-data-heres-what-you-can-do/

ht-tps://theconversation.com/7-in-10-smartphone-apps-share-your-data-with-third-party-services-72404

Ted April 23, 2022 2:55 PM

@Winter

Re: Apps

Dang. That infographic in the Komando article is scary awesome. Showing the itemized data that apps collect is … ur, just wow.

Based on what another article said, I was actually not aware of how third-party libraries could collect data across multiple apps.

I’m glad @JKN mentioned A6, and @SLF posted the link. Seeing how app data IS being used makes it feel so much more real.

Winter April 23, 2022 3:31 PM

@Ted All
“So A6 collects GPS location data from smartphone apps?”

We are seeing the danger of bad communications opsec demonstrated in glorious detail.

Russia has already lost 10 generals on the battlefield, and one other is in critical condition. Many due to bad communications opsec. As I understand it, this is unprecedented.

Now, if the Russian army cannot keep good opsec on their generals, what chances do we have?

Two more Russian generals killed in Ukraine
ht-tps://english.nv.ua/nation/two-more-russian-generals-killed-in-ukraine-50236377.html

For up to date info:
ht-tps://en.m.wikipedia.org/wiki/List_of_Russian_generals_killed_during_the_2022_invasion_of_Ukraine

&ers April 23, 2022 4:21 PM

@ALL

UKR activist and ATO* member databases/information reached
to russians. More than 100 people just disappeared after that.

Use Google Translate.

This is another nice example how just ANY information
can be abused. Governments create the databases for good
means but eventually they are used for evil. For example
during ww2 nazis used database of people of disabilities
to track them down.

hxxps://censor.net/ru/news/3331615/rossiyiskim_okkupantam_slili_informatsiyu_o_hersonskih_aktivistah_i_uchastnikah_ato_bolee_sta_chelovek

*ATO : Anti Terrorist Operation – so was named fighting against
so called “separatists” in Donbass
hxxps://en.wikipedia.org/wiki/Anti-Terrorist_Operation_Zone_(Ukraine)
In reality those are just war veterans.

Winter April 23, 2022 4:51 PM

@&ers

More than 100 people just disappeared after that.

Russia specifically targets journalists and politicians.

ht-tps://www.newsweek.com/journalists-targeted-148-times-russia-during-war-report-1692113

ht-tps://rsf.org/en/news/war-ukraine-list-journalists-who-are-victims-gets-longer-day

On May 9th, Russia commemorates Victory, day, the day they defeated Germany in WWII. From this year on it will be commemorated that Russia showed the world it is nothing better than WWII Germany. Modern day Russian military and leadership are as genocidal and inhuman as the Germans were back then, they are just inept and incompetent.

lurker April 23, 2022 4:58 PM

@Leon Theremin

Illegal wiretapping is a slimy activity, which directly and adversely affects our social and economic life. It cannot be condemned too strongly.

So does that mean legal wiretapping done by the gummint is OK?

vas pup April 23, 2022 5:01 PM

This algorithm has opinions about your face
https://www.sciencedaily.com/releases/2022/04/220421181212.htm

“More troublingly, the algorithm can also be used to manipulate photos to make their subject appear a particular way — perhaps making a political candidate appear more trustworthy, or making their opponent seem unintelligent or suspicious. While AI tools are already being used to create “deepfake” videos showing events that never actually happened, the new algorithm could subtly alter real images in order to manipulate the viewer’s opinion about their subjects.

“With the technology, it is possible to take a photo and create a modified version designed to give off a certain impression,” Suchow said. “For obvious reasons, we need to be careful about how this technology is used.”

JonKnowsNothing April 23, 2022 5:02 PM

@Ted, @SpaceLifeForm, @Winter, @All

re: Scope of intrusion

There are at least 2 different pathways to consider. They may use the same techniques and achieve the same ends but they hold different legal or quasi-legal status.

1) Private, non-governmental, corporate, business entities. These companies like FB/META, TwitZrUs, etc function in the civilian legal realms.

2) Governmental or government sponsored or government approved entities. These have legal overhead and protections beyond civilian companies. Groups like NSO-Pegasus, NSA, CIA, FSB, all the LEAs down to the local traffic cops now have full access to databases and information beyond anything previously available.

Both groups do the same thing but only one group has any potential oversight. So far, in the USA, the oversight is cosmetic at best.

It would be a flawed view, that no one else is doing this. Every country on the globe is doing it. The USA has oversight of only the USA. EU may have some better oversight in the EU but the French are doing exactly the same things.

A6 seems to be straddling the 2 groups. Companies like Palantir don’t need to straddle the groups, they are in group 2 funded and controlled by the CIA. Zoom and Ring both are in Group 1 but function under controls of Group 2.

China has long since understood this, and stopped any masquerading about group 1. Everything is in Group 2.

A more interesting social question is:

  • Why do people work for companies like this?

There are lots of answers and lots of reasons. The only ones that matter directly is: Would you work for such a company?</b?

It comes under the heading of questions like:

If we stop doing what we are doing and
There is another attack and
We could have prevented that attack,
Are you willing to take responsibility for all those deaths?

Hint: It’s not a question and it’s not a statement.

Grima Squeakersen April 23, 2022 5:18 PM

@winter re: EU regulation of big tech Conceptually, I don’t at all mind Big Tech getting their collective weenie sandpapered and salted. However, I think a great deal of critical attention needs to be paid by us to the details of how this is applied. There is a palpable danger that efforts to stifle “misinformation” (which very often parses to “any opinion that varies from official policy”) could create a “Ministry of Truth” reality that is directly out of Orwell’s novel. I also must wonder whether the timing of this to follow mere days after Obama’s hypocritical speech about “misinformation” and reigning in Section 230 is at all coincidental…

Winter April 23, 2022 5:18 PM

@JonKnowsNothing

They may use the same techniques and achieve the same ends but they hold different legal or quasi-legal status.

Under the GDPR, the collection, storage, or sale of PII, including location data, is explicitly illegal without prior, opt in, consent. So these companies would clearly behaving illegally if they did it in Europe.

Recently, the advertising auctions have been judged to be illegal as they involve the desimination of PII.

ht-tps://www.engadget.com/european-union-gdpr-ad-tech-unlawful-iccl-iab-europe-125735068.html
(note that the cookie consent popup of this site breaks the laws it reports about)

Winter April 23, 2022 5:23 PM

@Grima

However, I think a great deal of critical attention needs to be paid by us to the details of how this is applied.

The main EU countries have a better track record of freedom of the press than, eg, the US or Australia. And the bad guys do not need this law.

But rest assured, there are ample citizens groups watching this closely.

JonKnowsNothing April 23, 2022 5:28 PM

@Winter

re: Falling Generals

Field Generals are supposed to die. Along with Field Troops.

HQ Generals are normally not supposed to die from combat strikes but it happens.

There are ample fill ins and battlefield promotions to go around.

The strategic issue to be resolved is whether the strike can be blocked, altered or deflected.

===

Search Terms

Table of Ranks (historical)
a formal list of positions and ranks in the military, government, and court of Imperial Russia. Peter the Great introduced the system in 1722 while engaged in a struggle with the existing hereditary nobility, or boyars.

History of Russian military ranks

Grima Squeakersen April 23, 2022 5:31 PM

@Nick Levinson re: secret ballots If there is only one voter is registered Republican in a district, and a ballot in that district is cast by a Republican, it is obvious who cast the ballot. However, imo that would be a serious privacy/anonymity problem only if the ballot choices are correlated on record with the party registration of the voter casting them. I do not know whether or not that is the case. If not, you might make an educated guess about how that person voted, but voters can, and often do, cross party lines in a general election.

Grima Squeakersen April 23, 2022 5:40 PM

I’m glad to hear from you the EU is doing a better job in that regard than the US or AU. However, I think your “bad guys don’t need this” comment may be a tad short-sighted. The “bad guys” have always appeared to operate on the premise that any tool or strategy that serves to stifle dissent is “needed”.

&ers April 23, 2022 5:55 PM

@Winter

“Russia specifically targets journalists and politicians.”

Yes, but their “special anger” is towards ATO veterans,
who has combat experience in Donbass (and especially
against Cyborgs).

hxxps://en.wikipedia.org/wiki/Cyborgs_(Donetsk_airport)

But my original post was a reminder, that govt creates
databases but when bad things happens, everyone just
run saving their a$$. I’m sure that when (not IF) russia
invades my country, a lot of databases will be at their
hands. For example – Estonian Police maintains semi-secret
database named “Kairi” (a woman name), this contain info
on all citizens. For example if my neighbor breaks a law
and i call to police and report it, this will be entered to
“Kairi”. Lets now have a wild guess that my neighbor is a
russian supporter and collaborator. He can then find out
from the database who was the “snitch” and …well, you can
guess what could happened to me next. Bucha is here a nice
example.

Bottom line – those databases end up on wrong hands.

Nick Levinson April 23, 2022 10:04 PM

@SpaceLifeForm:

Oops. I think I saw Bruce’s, forgot I saw it, heard about it on radio, and thought it a lay treatment and that he’d be interested anyway. I usually search schneier.com before posting but forgot to this time. My fault; my apology.

@Grima Squeakersen:

You’re right about general elections, but probably it is a problem for primary and special elections. I haven’t personally observed the process for a primary, but I think you’re allowed to vote only within the party with which you have registered. Primaries get smaller turnouts than do same-year generals and off-year (non-Presidential-year) turnouts are even lower, and lower turnouts make exposure likelier. Special elections also have lower turnouts and are held when a vacancy occurs, but one I was part of decades ago required candidates to run with new parties (possibly single-candidate short-lived parties) even though a victorious legislator may choose to caucus with a traditional party.

This is out of date, but NYC used to have mechanical voting machines. I was told by an election worker upstate (NY but not NYC) in a one-party stronghold that a party leader from the party with more voter registrations paid $5 to a voter to vote straight down the party’s line. It was enforced by the leader working at the poll and listening to the levers being pulled for various candidates. He expected nothing but dull thuds. If there was a sharp click, he wanted his $5 back. Unlawful.

SpaceLifeForm April 23, 2022 11:50 PM

@ vas pup

re: deepfakes

About a month ago, I came to a conclusion. But I questioned myself.

But, now, I think my conclusion is pretty solid.

My conclusion: Putin has had one or more strokes before March and now clearly exhibits Parkinson syndrome.

hxtps://nitter.net/TSJPhillips/status/1517217288814055425#m

Winter April 24, 2022 12:05 AM

@SLF

My conclusion: Putin has had one or more strokes before March and now clearly exhibits Parkinson syndrome.

There is no connection between strokes and Parkinson’s disease. One is caused by a vascular condition, the other by a neuto-metabolic or neuro-immunological condition.

I also read rumors that he uses Botox. Botox can give you the “wooden face” look of Parkinson. But the Botox rumor could also be wrong.

In short, any of these could be true, strokes, Parkinson’s, and Botox.

Winter April 24, 2022 12:16 AM

@Jon

There are ample fill ins [for generals] and battlefield promotions to go around.

In the commentaries I read, this is not true in the strictly hierarchical Russian army. Also, Western defense commentators all say that generals in Western armies are not that close too the front lines.

On the whole, from what I read, it looks to me that the Russian army largely still fights like it did in WWII.

Winter April 24, 2022 12:26 AM

@Grima, Nick

If there is only one voter is registered Republican in a district, and a ballot in that district is cast by a Republican, it is obvious who cast the ballot.

Are there countries, other than the USA, where party registration has any role in the elections? I have only heard this from the USA.

As party registration and voting in primaries are public records in the USA, what does your hypothical case actually matter? Especially, as it is quite possible that people feel obligated to register for one party to protect themselves from ostracization, but still can vote for the other party’s candidate in the ballot box.

Winter April 24, 2022 12:39 AM

Continueo…
@SLF

My conclusion: Putin has had one or more strokes before March and now clearly exhibits Parkinson syndrome.

But you are far from alone to think that.

In 2015, neurologists have researched the peculiar gait of Putin and other ex-KGB agents and came to a surprising conclusion:

“Gunslinger’s gait”: a new cause of unilaterally reduced arm swing
ht-tps://www.bmj.com/content/351/bmj.h6141

We propose that this new gait pattern, which we term “gunslinger’s gait,” may result from a behavioural adaptation, possibly triggered by KGB or other forms of weapons training where trainees are taught to keep their right hand close to the chest while walking, allowing them to quickly draw a gun when faced with a foe.

Clive Robinson April 24, 2022 4:27 AM

@ Winter, Ted, ALL,

Russia has already lost 10 generals…

In the UK we have an old saying of,

“Ten a penny”

Implying something is very cheap or common[1]thus likely of very poor quality.

So yup it sounds like,

“Russian Generals are ten a penny”

In more ways than one.

It is known that under Putin the number of generals to ordinary ranks has gone up significantly. Why probably has little to do with their experience or ability and may simply be a “loyalty bonus”.

As for Russian “CommSec” and MilComm in general well to say things are “being done on the cheap” is a bit of an understatment from the captured equipment the Ukranian’s have repeatedly shown (cheap Chinese Knock-Offs of Baofeng UV5 hand helds). What may have happened is that “Generals” have exploited their position to divert money into their own pockets rather than spend it on the equipment they are supposed to have…

One of those Chinese Knock-Offs is $20 retail-delivered, so maybe as low as $10 in quantity (some as low as $8). A secure radio designed for battlefield survivability is often up around $5000, so the potential to “rake-off” substantial amounts of money into your pocket is high.

Now… When you are doing training excercises communications security is something that is of no relevance, as long as the squads and commanders can communicate any old junk will do (if they break one you just beat them and take their pay).

But on a real battleground where those you are fighting know that if they don’t fight you to your death, it is they and their families who will be slaughtered by your conscript troops… They are to put it politely incetivised to “collect brass” with a little high velocity lead.

Further also if those you attack are overall “smarter” as soldiers due to different and better training than you have given to your conscripts then all of a sudden real communications security becomes very very important…

In Western Europe we’ve known for over a hundredd years that poor communications security kills not just frontline ordinary ratings(ORs) and their non commissioned officers(NCOs) and Junior/Field officers, but also command Staff and Flag Officers with targeted artillery and the like. Often “by the droves”. Hence a lot of communications was entirely non electrical / electronic in both WWI and WWII, and done by “dispatch riders” on motorbike and jeeps etc. Even where field telephones or longer distance radios were used they were used “away” from the actual command centers.

But as I noted a couple of days ago technology has changed things a lot. We now have Unmaned Ariel Vehicles (UAV) that can be carried in a combat jacket pocket, and Radio Controld(RC) aircraft that are small and can carry a payload and stay up for a couple of hours at a time. Add to that Single Board Computers(SBC) as small as sticks of chewing gum, Software Defined Receivers(SDR) in USB thumb-drive packages and USB WiFi adaptors that are even smaller and lightweight lithium 18650 batteries that will keep that all powered up for an hour or two. You can put together a Signals inteligence drone covering VHF and UHF for less than a $1000 with everything available through EBay, Ali-Baba and similar Online retailers. You then need rugadised laptops or Smart devices that use the WiFi to communicate with the UAV and do the “heavy lift” on the signals processing down on the ground upto another 2-5km back from the UAV so with care the operators can be fairly safe from attack by forces that they are observing.

Think of such a Signals UAV as being like a very high priced Spy Satellite transponder in geo-stationary orbit of the end of last century era, but for “Home Hobbyists” at “Pocket-Change Pricing”. But with a ground station processing capability the likes of the US NRO would have killed for.

So whilst those cheap Chinese Knock-Off UV5 radios because they are line of sight might only give 0.2-5km for squad to squad / field command at ground level. A UAV at 300m hight will see them at upto 60km on the “radio horizon” and give sufficient directional information to “Find Fix and Finish” any command organisation stupid enough to emit RF communications from those knock-off UV5 hand-helds. If the field command to Staff command used the same UV5 or similar mobile radios and low cost antennas on “squid pole” or similar masts they would get 10-30km range but those UAV’s could probably see them at 100km…

Once you’ve built and mastered the use of such a Signals UAV extending it to work with Mobile Phones and even some Bluetooth beaconing devices that can be used for tracking is not after the initial hurdles are jumped that harder to master.

In fact it’s very much harder to work out how to keep the communications with the likes of the UV5 knock-offs “covert” and “secure”. Things that you have to do quite a bit of very specialised training to do. Such training can be quite expensive and requires motivated specialised troops that are of rather more than average abilities (think post-grad specialist radio engineering). Such people want real rewards to do such a job and become sufficiently proficient.

Generals “On the take” are not going to want to pay for such troops…

Senior Staff officers and above will very probably not see benifit to them in “field-training”.

Come a real fight against a motivated set of defenders using “embedded asymetric fighting” techniques backed by good SigInt because the invaders have little or no covert or secure communications… I’m surprised the “trophy bag” does not have rather more invading field command and staff command officers in it.

But one rule of war is not to decapitate an invading enemy. Because the invading troops without sufficient control become increasingly out of control criminals who become bestial and power drunk, and won’t actually stop or retreat. It’s why you can end up with “war lords” developing with some thinking about becoming kings of their own fiefdoms, which creates a very difficult mess to clean up if you can (think Afghanistan and Middle East ISIS).

[1] In English usage, “common” has two “common” meanings,

1, You see a lot of it like “windfall apples on the ground are common after an autumn storm”.

2, Of a person who is of low virtue, inteligence, or ability, or of crude / rude language and looks nasty in some way. Said too often by middle class parents of their daughters “You can not go out dressed like that you look so common”. Also implies “cheap”, “easy”, “trashy”, “tarty”, or even “slapper”.

Winter April 24, 2022 5:23 AM

@Clive

I’m surprised the “trophy bag” does not have rather more invading field command and staff command officers in it.

There are. Besides the 10 generals killed and one critically injured (out of 20 deployed) there are more commanding officers killed. According to Wikipedia:
ht-tps://en.wikipedia.org/wiki/List_of_Russian_generals_killed_during_the_2022_invasion_of_Ukraine

In addition to Russian generals killed in action, over thirty Russian colonels have been reported killed in Ukraine.[35] One captain 1st rank has also been killed: Andrei Paliy, the deputy commander of the Black Sea Fleet.

In early April this was still only 18 commanders
ht-tps://www.infobae.com/en/2022/04/02/who-are-the-18-russian-generals-and-commanders-killed-in-combat-since-the-beginning-of-the-invasion-of-ukraine/

Winter April 24, 2022 5:30 AM

@Clive
Russian officers killed in Ukraine, Continued…

Here, the tally from a few days ago including lower ranks was 373 killed
ht-tps://mobile.twitter.com/KilledInUkraine/status/1517392228305547265

Nick Levinson April 24, 2022 7:56 AM

@Winter:

For the U.S., from what I know:

For a general election, registering in a party does nothing. The general election decides who finally gets into the office.

For a primary election, you can’t vote for a candidate who’s not in the party for which you are registered. The primary is for each party to pick their candidate for the general election.

There’s more social mileage in telling your friends that you support one party or the other without registering in it than there is in registering in it but not mentioning that you did.

If you’re a financial donor (donating may legally depend on your being a U.S. national), you don’t have to register in a party unless you’d like something back from partisans, because they tend to value lifelong loyalty and registering is easy and doesn’t require money. So, if you wish to be an ambassador to a minor country, you’d pick a party before you donate.

For other nations, whether party registration matters in an election may depend on how parties pick their candidates.

Commenting on Parkinson's April 24, 2022 8:27 AM

@Winter @SLF

Neurodegenerative Parkinson’s disease is the most common cause of Parkinsonian physical symptoms, but vascular Parkinsonism (i. e. Strokes of the same structures which degenerate in the alpha-syncucleinopathy) is the second most common cause. Drug induced Parkinsonism is also relatively common, and while I can’t think of a reason for Putin to be exposed to antidopaminergic agents I also don’t have any real familiarity with Russian medical practice.

The behavioral adaptation paper for the reduced arm swing is quite interesting, though.

Winter April 24, 2022 9:02 AM

@Commenting

The behavioral adaptation paper for the reduced arm swing is quite interesting, though.

Thanks for the info on PD.

I understand this issue of BMJ had a humorous, I hesitate to say lighter tone, subject selection.

Clive Robinson April 24, 2022 9:05 AM

@ Commenting on Parkinson’s, SpaceLifeForm, Winter, ALL,

Re : Gunslinger’s gait

Peoples physical movments have in the past (1980’s) been argued against T-Cell feedback. That is the cells send signals back to the brain in the form of stress signals.

But nobody had an explanation for the existance of the T-Cells

The implication was they somehow arose as a response to physical damage although interesting, as an argument has more holes than a second hand pair of string underpants.

So the old standby of “nature-v-nurture” was brought in as it so often does.

Thus the argument is you can “habituate yourself” from the environment you live in and the actions you take within it.

Some may remember all the jokes about why George W Bush walked with his hands looking like “wingnut ears at his hips” as it kind of gave a “Gunslinger” “big man” image. With many arguing he had some kind of mental aberation due to feeling inadiquate.

It’s why quite a few in the West have in the past hinted that Putin is a “closet Gay”, because in their eyes all his “bare chest” posturing etc is “Homo Erotic” in origin…

The thing is different cultures in part because of their environment and their history have very different view on what a “successful leader” looks, sounds and behaves like.

Only a few weeks ago on this blog it was noted that Russian Law and petceptions on “wife beating” and other relationship abuse was from Religious Indoctrination of the Russian Orthodox Church. Which as we now know actually had an ascedancy over the last century rather than the opression we thought we saw.

In short the Russian Orthodox Church subsumed it’s messianic traits and “slip streamed” behind the Marxist/Leninist and Stalinist god-head behaviours, and in return actually gained significant political power, and respite to build it’s self anew…

Impressions can be deceptive, especially when a leader fails to realise that they have become a “usefull idiot” front for one of those ever present visor king makers who appear humble but actually hold the real power behind the throne.

The fact that two super powers Russia and the US had the same “usefull idiot” type personality up-front at the same time, should strike people as “odd”…

As for other of their behaviours best to regard them as engrained stage dressing, like a “poker face” on a card player.

Frank Wilhoit April 24, 2022 9:08 AM

@Clive,

Your second definition of “common” (as in “dead common”) is nearly unknown in American English. The use of “common” to mean frequent, or ubiquitous, or (wait for it) commonplace, is indeed a solecism, but a very common (not meaning frequent, but widely shared) one.

Winter April 24, 2022 9:12 AM

@Nick

For a primary election, you can’t vote for a candidate who’s not in the party for which you are registered. The primary is for each party to pick their candidate for the general election.

From the outside the USA primaries look a lot like a broken version of the two round elections common in many presidential election, eg, the French elections of today.

Winter April 24, 2022 9:35 AM

@Clive

The thing is different cultures in part because of their environment and their history have very different view on what a “successful leader” looks, sounds and behaves like.

The USA and Russia share some common stereotypes here, with bare chested bear riding bullies being popular in both countries.

However, there is a clear difference where Russians would never accept functionally illiterate presidents who cannot formulate two coherent sentences in a row (3 of such in the last 4 decades of USA) while Americans would not accept sleazy schemers like Putin (which is why Cheney was only VP and GH Bush lost his relection).
[the above is uninformed opinion /]

Winter April 24, 2022 9:55 AM

The most damning description of the Russian army I have seen by an actually experienced military commander

Is the Russian Military a Paper Tiger?
ht-tps://www.newyorker.com/news/q-and-a/is-the-russian-military-a-paper-tiger

What we’ve seen in action is a military machine on the Russian side that could not pull off a confrontation with any NATO power. So escalating into a confrontation with NATO would be suicidal for them. And I have to believe that they’re not suicidal. Imagine if that invasion force had stumbled into Poland instead. The casualties that we’re seeing now are high enough, but the entire invasion force would’ve been wiped out.

Nick Levinson April 24, 2022 9:55 AM

@Winter:

A few U.S. jurisdictions are trying out ranked-choice voting (RCV) that includes a runoff between the top finishers regardless of party.

I think RCV presents serious, likely fatal, problems around counting, but we’ll see. Meanwhile, some advocates note that some candidates are being publicly more cooperative during their campaigns when their success may depend partly on the success of a competitor, when one asks voters to vote for, or rank, their competitor as the second choice.

Winter April 24, 2022 10:10 AM

@Winter (myself)

The most damning description of the Russian army

Just an illustration

ht-tps://istories.media/en/opinions/2022/04/18/what-weaknesses-has-the-russian-army-shown-in-ukraine/

Another example is the campaign of the Kuzbass OMON riot police against Kyiv. We understand that they were simply given an order to advance to Kyiv on a certain day at a certain time and establish a “constitutional order” there.

[story of failed attempt to capture airfield near Kiev]

Meanwhile, the OMON set off and was burned on the bridge over the Irpen. Apparently, no one told the riot police that Kyiv had not been cleared, they were just following the order they had been given. Either they were forgotten about, or they could not be contacted. The fact is that they were carrying out the order given to them earlier, even though it had already lost all meaning and became suicidal.

Grima Squeakersen April 24, 2022 10:12 AM

@Nick Levinson re:voter registration In my state of residence, one cannot register as Independent, one must pick a party. In my municipality, only Republicans ever win office, in fact, in nearly four decades, only one Democrat has ever appeared on the ballot (same candidate on several occasions, and he recently died). So, registering Republican was the only way to have any potential influence over local office holders. Of course, that assumes that the Republicans actually hold primary elections, which itself almost never happens (ironically, that might be a result of lack of competition from the other party). I typically either refrain from voting, or I write-in a candidate (actual person or facetious choice such as Alfred E. Neuman, depending…)

Winter April 24, 2022 10:16 AM

@Nick Levinson

RCV counting problems

Why Americans always refuse to take a simple tried and tested scheme (e.g., two round open voting) is a mystery to me. But maybe such a scheme would promote more parties and anything that would empower choice in politics is not considered The American Way?

Grima Squeakersen April 24, 2022 10:23 AM

@Nick Levinson re: ranked choice voting Don’t RCV protocols also often have minimum vote thresholds to prevent a candidate from a large field being elected with a very small number of votes? I seem to recall seeing reports of elections that were repeated several times over what seemed to me to be a ridiculously long period of time because no candidate had met the threshold. If that is the case, to me it represents an additional downside to the RCV process. Caveat – I’m a lifelong US citizen, and I know that in many other nations, elected officers do not serve a fixed length term (elections are triggered by no-confidence measures and other criteria) and that many or most of those jurisdictions also utilize RCV, so I could easily be confounding the effects of one attribute with another.

Nick Levinson April 24, 2022 12:06 PM

@Grima Squeakersen:

That you can’t be an independent voter is interesting. One effect is that the parties have unenthusiastic members.

I don’t know if some have legal minima. I’d be surprised if any minima were set high enough to be a real risk anytime soon.

In parliamentary systems, an election can also be called by the officeholder who is ahead in popularity and wants to renew their tenure, although that can lead to a surprise when voters reconsider the possibilities and change their minds.

@Winter:

Any major change is refused if neither people in general nor inside political leaders think the existing system is failing. And people aren’t much interested in what other countries do.

MarkH April 24, 2022 12:27 PM

@Winter, Clive:

I learned in the mid 1980s that a particular weakness of the Soviet military was its strict insistence on centralized control. Only officers were allowed see maps …

Those who remember the KAL 007 shootdown will recall from the audio recording that the fighter pilot was begging for permission to fire, for a rather extended interval.

According to a military analyst I read a week or two ago, the Russian army adheres to this tradition: decisions which could be made by lieutenants — or even sergeants — in Western armies can only be taken by General officers, which requires them to be far forward, and likely explains the high toll of top-rank officers.

MarkH April 24, 2022 1:53 PM

Re: Russian Military

@Winter, thanks for linking fascinating articles. I especially appreciated, “a bad army was ordered to do something stupid.”

A broader hypothesis is offered by U.S. analyst Max Boot (who was born in Moscow, by the way):

https://www.washingtonpost.com/opinions/2022/04/12/ukraine-military-culture-advantage-over-russia

Simply, Boot suggests that Russia’s military culture has always been rotten. He links to an article from The Economist critiquing Russia’s mediocrity in the Crimean War; it’s eerie how much of this analysis from 1854 (!) seems to apply today.

Winter April 24, 2022 2:42 PM

@MarkH

Что мы можем сделать?

I have been in Russia only twice for a few days at a time, so all I know is from second and third hand accounts.

What I read once was an analysis that linked the different trajectory of Russia and the rest of Europe to the occupation by the Golden Horde. That sounds a little too deterministic to me. But it is well known that Marx considered Russia the least like place for Communism to take hold. Simple too much of a peasant state of serfs.

But we now see such historical fatalism is disproven by the people of Ukraine. Ukraine is the historical heartland of the Russians, with Moscow a distant outskirt of Kiev. The Ukrainians now show that a common enemy and an enticing goal of freedom and prosperity can create a well organized nation.

It has been suggested that one reason Putin wanted to destroy the nation of Ukraine is to prevent a working democratic example for the Russian people. Just as China cannot tolerate a free and democratic nation of Chinese, Russia cannot tolerate the existence of a free and democratic nation of Russians. It might just raise the wrong questions.

&ers April 24, 2022 4:34 PM

@ALL

hxxps://www.washingtonpost.com/world/2022/04/23/ukraine-belarus-railway-saboteurs-russia/

(read with disabled JS, then you are not presented any annoyed
popup messages)

JonKnowsNothing April 24, 2022 8:20 PM

@Winter, @All

re: Remember Front and Back Loading

Just be mindful that some words and historical references get mangled badly in different geographic areas and under different historical contexts.

What you indicated in the historical reference is correct (Germany was the expected catalyst) but the other never took place. The words and theories get put in some serious meat grinders along the way, including an axe in Mexico.

Historical perspectives shift of course…

In San Francisco a set of famous (now infamous) murals was painted in a school. They were radical at the time. They depicted the colonial extermination of those who lived in these geographic areas and by painted image showed a view that was forbidden to express at the time.

Now those views are still considered “no longer acceptable” not because they showed depictions of colonial behaviors but because they remind people that they are or were subject to those behaviors. Instead of finding inspiration against such behavior they will cover up the offensive images.

The paint hasn’t changed in 50 years…

===

Search Term

Victor Arnautoff

Life of Washington

ffej April 24, 2022 8:43 PM

Curious about Clive and other’s views on China’s BSN (China’s NFT Plans for govt. digital control.
hxxps://www.lawfareblog.com/chinas-nft-plans-are-recipe-governments-digital-control

Winter April 24, 2022 9:34 PM

@ers

ukraine-belarus-railway-saboteurs-russia/

Bullies, dictators, and invaders seldom realize how much they are hated by their victims. This war will soil Russia’s Victory day (9th May) remembrance forever as Fraticide day.

Winter April 24, 2022 10:04 PM

@ffej

China’s BSN (China’s NFT Plans for govt. digital control).

The article is the first I see that describes NFTs intelligibly: NFTs are digital receipts. Furthermore, the Chinese are setting up a fiat cryptocurrency & national registry.

My interpretation is that the Chinese want to set up a Swift like global financial system on a global block chain. This time, the global system is under Chinese control.

I expect the Chinese will entice (force) those who do business with them to use this BSN & cryptocurrency.

With China on track to become the biggest economy globally, their financial system of choice will probably replace Swift. Which would give China the power over the global financial system that the USA has now.

As this Chinese Blockchain is permissioned, it will not need proof of work and could be very efficient, much more efficient than the current Swift system. Being permissioned, transactions on the chain will be censored. It will also not be immutable. Although, changing the Blockchain might be very impractical.

However, if this system is used too obviously as a tool of control and oppression of the Chinese people, that will chase away foreign as well as national customers and might result in black markets in China itself.

But if this works, nothing stops other entities to set up competing systems.

SpaceLifeForm April 24, 2022 11:04 PM

@ &ers

re: Belarus rail

Interesting. This is weeks old (not news), so it is strange that wapo now decides to report it. Or, maybe, it is just that MSM sucks.

SpaceLifeForm April 24, 2022 11:46 PM

Fires in Russia

Quite a few last 4 days. Some may be lightning induced.

Some may be SCADA failures.

hxtps://nitter.net/igorsushko/status/1517145872609341440#m

hxtps://www.technologyreview.com/2022/04/21/1050815/hackers-target-critical-infrastructure-pwn2own/

SpaceLifeForm April 25, 2022 12:24 AM

re: Fires in Russia

Couple of new small ones, no big deal.

I’m sure Putin will get his troops to help out on the Rosneft refinery fire.

hxtps://nitter.net/Osinttechnical/status/1518400915035897857#m

Clive Robinson April 25, 2022 4:59 AM

@ ALL,

With regards @&er’s link,

hxxps://www.washingtonpost.com/world/2022/04/23/ukraine-belarus-railway-saboteurs-russia/

To the article on the Belarusian Railway Freedom-Fighters, I think is this article that can be more easily accessed by,

https://theworldnews.net/au-news/the-belarusian-railway-saboteurs-who-helped-frustrate-russia-s-attack-on-kyiv

Either way note the comment about Microsoft (XP) being effectively the back-door which helped things be so problematical for the Russian invaders.

Clive Robinson April 25, 2022 5:11 AM

@ SpaceLifeForm, ALL,

Re : Fires in Russia

Remember a careless thought or match can burn a country down.

Historically the Rus, are centered on the far west of Russia and the East of what are Belarus and the Ukraine.

Much to Putin’s annoyance the Ukrainians have shown that “Mother Russia” has a history of killing her children, that is avoidable.

Belarusian’s nearly escaped Putin’s sadistic and psycopathic intent to salve his narcissism.

However the notion of the Rus without Russia has taken hold and is spreading.

Remember an idle thought, and a carelessly tossed match or cigarette end, can liberate more than just flames.

Winter April 25, 2022 5:24 AM

@Clive

However the notion of the Rus without Russia has taken hold and is spreading.

What is now called Russia was the Grand Duchy of Moscow and was only one of the Ruthenian, or Russian, people. The other original Russians are Belarus and Ukraine. Moscow’s power grew under the Golden Horde and then, after the great plague that depopulated Siberia, the whole of Asian Russia.

Moscow, aka, Russia, claiming to be the motherland of all Russian people is like America claiming to be the motherland of all English speaking people.

Clive Robinson April 25, 2022 6:33 AM

@ Winter,

Re : Moscow, aka, Russia, claiming…

Is what Putin has been dowing for the past decade or so with faux-histories of past glories that can be relived…

Historians have mainly said nothing about Putin’s nonsense, and some have chearfully followed along or worse joined in as the silver crosses their palms one way or another.

The truth appears to be that for probably a thousand years a very small group of aristocracy and religious leaders in effect “the first estate” have held the Rus and many many other peoples in serfdom via brutish behaviour, that is still seen in the Russian Military.

Such oppression can only continue as long as there is no better example to highlight what is bad.

Belarus and now the Ukraine have showed their is a better way, thus the oppression they are now receiving.

But the “old guard” is failing in many ways, and steadily increasing numbers are fighting their way out from under them one way or another.

Perhaps we should be asking if Russia and surounding areas is going to become the new “Middle East” with all that entails?

But do not forget things a little closer to home France and Spain supported by Germany looking the other way, have not been kindly towards those living in the Catalan, something I know many European Citizans see with considerable concern…

There appears to be a War-on-Democracy from within being fought by those who have supprisingly to many gained power. The UK’s current aledged leader being just one example.

It’s becoming clear to many that democratic leaders they are not and in some cases not even fit to be in charge of a cat-house.

Asking “How did we sleep walk into this mess?” is a fair question, but “How do we get out?” is a more pertinent one currently. Because last century the two global wars and hundreds of proxie wars did not rid us of “The pox that plagues us”, in fact it appears to have strengthaned it.

Winter April 25, 2022 7:23 AM

@Clive

Asking “How did we sleep walk into this mess?” is a fair question, but “How do we get out?” is a more pertinent one currently.

We see this illustrated in France just now. Macron wants to reorganize France’s economy to keep it competitive. But what people see is that the spoils of that change do not go to the lower SES. They only experience less security, lower wages, and higher costs.

Retirement age is one example. Anyone who looks at the demographics of Europe immediately sees that retirement age has to increase. However, those in the low-paid jobs see that they will not be able to make it to the current retirement age in their job, lt alone to an increased retirement age. They also know that they will never ever get a new job if they lose their current one if they are 50+.

That is, people are expected to work more years, but no one want to help them actually get the jobs that allow them to do so.

To build trust, it must be shown that people can indeed get jobs to work until the new retirement age and then get a reasonable pension. However, that would require a government and industry that actually shows they do care about these people and act. That will be very difficult as neither the government nor industry care nor would they want to lift a finger to help them.

And that is just one subject, retirement age. The same holds for every other of the many pain points in an agile, free, and freer, market economy.

As Democracy seems to help the rich, the poor will turn to non-democratic parties, given that the left does not seem to know what it wants. The fact that these right-wing extremists are all drooling for the kleptocratic power of Putin et al (the owner of Russia and the richest person in the world), and like Brexit, destroy the future of their children and like Orban, will steal them blind, is of later concern.

vas pup April 25, 2022 3:42 PM

@SpaceLifeForm • April 23, 2022 11:50 PM
Very possible – when you run the country in authoritarian mode as Russia and can’t really delegate any task being sure you don’t need to double check… My grandfather used to say: never desire new boss, new one could be substantially worse than current. That is like evil you already know and unknown evil.

@all
Can meat be grown in space?
https://www.bbc.com/news/technology-61116018

“The experiment was dreamt up by Aleph Farms, an Israeli company that specializes in growing meat from cells and is being carried out by the first all-private astronaut team to visit the International Space Station.

Sceptics though say the method is too unstable for astronauts to rely on – and that growing space meat will never be more simple than simply bringing it up from Earth.”

Many interesting details in article as well.

Winter April 25, 2022 4:10 PM

@SpaceLifeForm

Expect trump to be un-banned.

According to Fox News (if you believe them) Trump will not even ask to be un-banned (if you believe Trump).
ht-tps://www.foxnews.com/politics/trump-will-not-return-to-twitter-even-if-elon-musk-purchases-platform-will-begin-using-his-truth-social

Trump will build his own Social Media Empire. He probably learned the empire thing from his Idol in Russia.

SpaceLifeForm April 25, 2022 4:23 PM

@ ElonMusk

Here is your first homework assignment

Figure out why this obvious spambot made it thru the AI undetected.

Good luck.

hxtps://nitter.net/campuscodi/status/1518587468089593860#m

vas pup April 25, 2022 4:42 PM

A superyacht captain deployed sonic weapons and ‘pain rays’ to fend off pirates armed with Kalashnikovs, worker says

https://www.yahoo.com/news/superyacht-captain-deployed-sonic-weapons-123645856.html

“The captain of a superyacht deployed sonic weapons and “pain rays” to fend off armed pirates in the Arabian Sea, according to an industry insider.

“Kalashnikov-wielding pirates” were speeding towards the 230-foot yacht on inflatable boats, the anonymous worker, who spent 20 years in the superyacht business, wrote in The Times of London.

The captain was said to have deployed an onboard weapon that directed “ear-splitting, high-volume acoustics” at the pirates. He was also said to have used “pain rays” – narrow beams of electromagnetic energy that trigger a burning sensation on the skin.”

I love less-than-lethal weapons application in other security situations: suppress riots, preventing mass looting, home invasions, etc.
Unfortunately, legal system currently is more sympathetic to criminals than victims. That is my personal impression.

Clive Robinson April 25, 2022 4:43 PM

@ Winter,

Trump will build his own Social Media Empire.

Do you know that little English ditty,

“London Bridge is falling down”?

Just thinking of changing a word or three 😉

Clive Robinson April 25, 2022 5:10 PM

@ vas pup,

Under certain conditions, they can explode or burst into flames

So can a bag of dry “Chapati flour”, “icing sugar” and “non-dairy coffee whitener”.

They all make fairly good Fuel Air Explosives as well, look on You-Tube for MythBusters video… Even fine sawdust will do it as will wire-wool.

It’s why there have been city block and larger area explosions around “dock side silos” you only need a little bit of static electricity to give a spark with enough energy to “get over the entropy hump” and make things “go high order” or BLEVE[1].

Many would be truely shocked if they ever found out just how much potential lethality there is in their home, and that’s before talking about the stuff many people keep under their kitchen sink or in the garage without thought… Or that ever present timer come spark generator of the microwave oven and a bit of aluminium foil, or newspaper and toaster…

[1] Technically a BLEVE is often not an explosion, but those special effects you see on movies that look so spectacular often are those non explosion BLEVE

https://en.wikipedia.org/wiki/Boiling_liquid_expanding_vapor_explosion

Or an oil drum with fine saw dust or shreded rags, and a small explosive charge.

vas pup April 25, 2022 5:58 PM

@Clive. Thank you for input on the subject. I guess IC in all countries know about that and utilize them for covered operations around the globe.

Clive Robinson April 25, 2022 7:05 PM

@ ffej, Winter,

Re : China Web3 threat.

I’m still mulling the document over.

However I can already see one part is somewhat doomed from the get go as,described in the article,

“But by using blockchain technology to broadcast all vehicle data within a certain radius, cars could achieve “instantaneous synchronicity.”

This is as described a “stateful process for mobile objects” and I realy can not see why the block chain would realy be of any use to it (other than as a replacment for DNS or LDAP style DBs used for “static data” records).

Just yesterday I posted on the problem with “state” and “motion” and why it contains all sorts of unresolved issues,

https://www.schneier.com/blog/archives/2022/04/java-cryptography-implementation-mistake-allows-digital-signature-forgeries.html/#comment-403849

I’ll do some more thinking on it, but as @Winter notes NFT’s are in effect certified recipts… You do not need the block-chain to do that.

In fact it would be quicker, easier and more efficient with a public repository of PubKey signed transaction chains.

Also unlike “block-chain” such signed transaction chains would better fit in wirh current legal and financial systems.

Most of the block-chain issues like “rug-pulls” and similar are only possible because block-chain dors not work with established legal and financial systems.

The only real reason I can currently see for China’s wishy-washy block-chain proposals is “authoritarian control” over the world financial and then legal systems. In effect it’s a “Sovereignty Snatch” to build a virtual globe spaning “Ming Empire” of oppressed and submissive fiefdoms, to pay tribute into the center.

lurker April 25, 2022 11:35 PM

@Clive, ffej, All

After reading Yifan He’s article linked from lawfare, I must be missing something. His “synchronicity” of data broadcasting, or @Clive’s maintenance of state while in motion, seems to be achieved by a wave of the hand. It looks like one of those things that works perfectly on a PowerPoint slide, but not out in the street.

Or maybe this is one of the problems 5G is intended to solve…

Winter April 26, 2022 12:06 AM

@Clive

In fact it would be quicker, easier and more efficient with a public repository of PubKey signed transaction chains.

Eh, that is exactly what a permissioned blockchain is. This is what the Chinese system is supposed to do.

The advantage of a public Blockchain is that it records, broadcasts, and stores transactions globally. Compared to the current practice of point2point exchange of text messages, this is indeed considerable progress.

The Blockchain part allows for global entry of transactions and global consensus about transactions. China could use such a system to decouple it’s financial system from Swift. The case of Russia shows how valuable that would be.

Winter April 26, 2022 12:44 AM

@Clive

Just thinking of changing a word or three

You are too cryptic for me, sorry.

But if you mean to say that the GOP has become the party of stupid, whose figureheads are incompetent, ignorant, and inept, you are far from the first to notice.

That is a global problem for the alt/extreme right. I suspect that is because thesr leaders have to be like their followers to be trusted. And if there is one thing that characterizes the alt-right, it is ignorance, ineptitude, and incompetence.

SpaceLifeForm April 26, 2022 1:03 AM

Will this become a Y2k like problem?

Will the comment count overflow? Stay tuned.

936 as of now.

hxtps://arstechnica.com/tech-policy/2022/04/twitter-announces-deal-to-sell-company-to-elon-musk-for-44-billion/

ResearcherZero April 26, 2022 3:18 AM

@MarkH

It is eerie. It seems to have just continued on much the same the entire time.

“It is possible that the delivery of the Azart radios has been troubled by corruption. Reports from 2021 observed that senior military figures and the Azart’s manufacturer were under investigation for fraud and embezzlement. At least some of the radios had been manufactured in China before elements were added in Russia, the defendants claimed. Russian forums discussing the radios also feature complaints of ‘childhood illnesses’ and short battery lives for the Azart family, as well as further evidence of Chinese parts in the radios.”
https://rusi.org/explore-our-research/publications/commentary/russian-comms-ukraine-world-hertz

large suitcases, presumed to be “full of money”

Moscow’s veteran mayor Yuri Luzhkov sat on top of a “pyramid of corruption” involving the Kremlin, Russia’s police force, its security service, political parties and crime groups.

In the absence of laws that worked, Luzhkov – as well as other mayors and governors – paid off “key insiders in the Kremlin”.
https://www.theguardian.com/world/2010/dec/01/wikileaks-cables-moscow-mayor-corruption

Lavrov said the same thing at the end of the Cold War…

“They are similar in a way in their ability to play to the gallery. For example, they imitate negotiations,” Lavrov said.
https://www.reuters.com/world/russia-says-western-weapons-ukraine-legitimate-targets-russian-military-2022-04-25/

ResearcherZero April 26, 2022 3:27 AM

We would be wise to learn from Russia’s mistakes…

“foreign interference in all democratic processes in the European Union”
https://www.europarl.europa.eu/doceo/document/A-9-2022-0022_EN.html

“It was the rule of the game. And what’s most important, corruption was on the upper floor, with the authorities,”

JBS is the single biggest supplier of beef, chicken and leather globally, and exports fresh beef to Europe and about half of the corned beef eaten in the UK.
In 2017 its holding company agreed to pay one of the biggest fines in global corporate history — $3.2bn

Joesley, Wesley and some of their most senior executives outlined a vast scheme that involved payments to more than 1,800 politicians.
https://www.thebureauinvestigates.com/stories/2019-07-02/jbs-brazilian-butchers-took-over-the-world

‘Institutional Rot’

Bribery and fruad, such as that which lead to Scott Morrison’s sacking from the Australian Tourism Board…

“Both before and since becoming prime minister in August last year, Scott Morrison has refused to answer questions about why the tourism minister took the unusual step in July 2006 of sacking him as head of the agency.”

“The documents put a time line to the growing concern within government in 2005 and 2006 about the way Tourism Australia was handling these large contracts and about how the dismissal of its managing director was managed.”

“The contracts were worth $184 million, and the auditor focused most on the two biggest – those with companies M&C Saatchi for global creative services or advertising campaigns, and Carat for media placement.”

The audit report revealed that information had been kept from the board, procurement guidelines breached and private companies engaged before paperwork was signed and without appropriate value-for-money assessments.
https://www.thesaturdaypaper.com.au/news/politics/2019/06/08/fresh-documents-morrisons-sacking/15599160008252#hrd

Cash from the Russian mafia…

“the $12.6 million Scottish estate and the $79.7 million for golf courses in the United Kingdom, not to mention the $16.2 million for the Northern Virginia Winery. All in cash.”
https://www.wired.com/story/if-trump-is-laundering-russian-money-heres-how-it-works/

David Bogatin, an alleged Russian gangster who arrived in the United States a few years earlier with $3 in his pocket, sat down with Trump and bought not one but five condos, for a total of $6 million… And so began a 35-year relationship between Trump and Russian organized crime.
https://newrepublic.com/article/143586/trumps-russian-laundromat-trump-tower-luxury-high-rises-dirty-money-international-crime-syndicate

ResearcherZero April 26, 2022 3:37 AM

Group 123/Reaper/Starcruft

https://www.nknews.org/2022/04/north-korean-hackers-steal-ex-intelligence-officials-emails-in-malware-attack/

On 18 March 2022, NK News shared multiple malicious artifacts with the Stairwell threat research team from a spear-phishing campaign targeting journalists who specialize in the DPRK. These messages were sent from the personal email of a former director of South Korea’s National Intelligence Service (NIS).

Contained within the initial ZIP archive was a 282.7 MB Windows shortcut file (LNK) named Kang Min-chol Edits 2.lnk

The attackers masqueraded this shortcut as a document, using both the icon for Microsoft Word and adding comments similar to a Word document. Additionally, this LNK file was padded with 0x90 (or NOP/No Operation) bytes to artificially increase the size of this file, potentially as a means of preventing upload to detection services or malware repositories. When this LNK file is executed, it executes a PowerShell script that writes and opens a decoy document before starting the deployment process of GOLDBACKDOOR.

…NK News provided a second file that was sent by the attackers and initially staged on Microsoft OneDrive.
The content of this document matches that of the decoy document deployed by the LNK file in the previous phishing attempt, with one critical addition. Embedded in the document is a reference to an external image hosted on the cloud application platform Heroku. When viewed in Microsoft Word, if this link returns an image, it will be presented as part of the document; otherwise, it may go unnoticed by a user.

Based on the URL path and value in the id field corresponding to the document’s name, it is likely this was included to give the attacker visibility into when and where the document was opened. This type of operational security tradecraft is generally consistent with sophisticated threat actors with mature offensive programs.
https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf

Cisco’s Talos researchers noted …a 2014 attack on a Korean power plant had left “Are You Happy?” on wiped machines.

That wiper malware deletes a portion of the computer’s master boot record and restarts the computer so that it’s left fully paralyzed.
https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html

“This operator has continued to operate in a cloud of obscurity, mostly because they’ve stayed regional. But they’re showing all the signs of a maturing asset that’s commanded by the North Korean regime and can be turned to any purpose it wants.”

“They’re making moves outside of South Korea, which is very disconcerting, given their level of aggression,”
https://www.mandiant.com/sites/default/files/2021-09/rpt_APT37%20%281%29-1.pdf

ResearcherZero April 26, 2022 5:56 AM

“Post Office bosses have been accused of dragging their heels in negotiations over compensation for scores of sub-postmasters who were wrongly convicted of fraud.”
https://www.thetimes.co.uk/article/post-office-scandal-bosses-accused-of-prolonging-payout-talks-xfkwn5n72

Prosecutors and Post Office executives hid evidence from the beginning that showed no evidence of fraud, and that a new computer accounting system called Horizon was to blame for the accounting errors…

“More than 700 branch managers were given criminal convictions when faulty accounting software made it look as though money was missing from their sites.
It has been described as the most widespread miscarriage of justice in UK history, with dozens of convictions overturned and many more in line for compensation.”

Many former postmasters and postmistresses have described how the saga ruined their lives.
https://www.bbc.com/news/business-56718036

Fujitsu designed the system for tasks such as transactions, accounting and stocktaking. It wrongly detected the existence of financial shortfalls at dozens of post offices.
During 2000, the Post Office trained 63,000 employees to operate the new Horizon system. But already, staff had reported problems with it.

In 2014, the Horizon technology was described as “not fit for purpose” in some branches.
However, the Post Office said: “There is absolutely no evidence of any systemic issues with the computer system.”

Second Sight’s second investigation found Post Office software defective.
https://www.entertainmentdaily.co.uk/tv/panorama-the-post-office-scandal-timeline-what-happened-when-and-why/

Clive Robinson April 26, 2022 7:45 AM

@ lurker,

Or maybe this is one of the problems 5G is intended to solve…

Sorry, it’s taken me a few moments to stop the tears of mirth and get up from the floor from where my laughter landed me.

The only way they can do it is for each mobile unit to have it’s own synthetic refrence, then place other mobiles close to it on the same refrence but only for short distances…

It’s like the “map projection problem” points close can be assumed to be on a flat plan and the shortest line assumed straight. But just a short distance out those assumptions fail and objects are on vectors that unless centered on yoir point of refrence will be parabola or other interesting curve… And that’s before you start puting in the “relative time” that starts having noticable effect at 0.1km and ~20kph and above with modern electronics…

There is a reason why mobile phone sites use high precision time standards based on atomic resonance etc, and they atleast know where they are and can predict where they will be a while in advance due to what is effectively Earth’s inertia, adjusted by the moons orbital mass.

SpaceLifeForm April 26, 2022 3:48 PM

Cloud Physics is a hard problem

hxtps://www.vice.com/en/article/akvmke/facebook-doesnt-know-what-it-does-with-your-data-or-where-it-goes

“We do not have an adequate level of control and explainability over how our systems use data,” Facebook engineers say in leaked document.

SpaceLifeForm April 26, 2022 4:17 PM

Days Late, Dollars Short

hxtps://spacenews.com/space-companies-donate-funds-for-humanitarian-efforts-in-ukraine/

SpaceLifeForm April 26, 2022 4:44 PM

In Soviet Transnistria, no Transmistria

hxtps://nitter.net/christogrozev/status/1518868793950412800#m

The two most powerful AM transmitters in Europe were in Transnistria, and Russia was using them to cover Ukraine with Russian propaganda.

SpaceLifeForm April 26, 2022 6:09 PM

@ ALL

plausible deniability

Like FB, NSO wants to pretend they are Sergeant Schultz.

see https://www.schneier.com/blog/archives/2022/04/friday-squid-blogging-squid-skin-inspired-insulating-material.html/#comment-403973

https://www.techdirt.com/2022/04/26/nso-is-everywhere-and-still-lying-about-what-it-can-and-cant-do-to-control-misuse-of-its-exploits/

According to a former NSO employee, this is a lie. The company offers tech support to its customers that includes remote access. With this, NSO has access to customers’ data and remote databases. If it had any interest in curbing abuse, it had the power to do so. It simply chose not to.

Hulio and Zuckerberg are both pwned by Putin.

SpaceLifeForm April 27, 2022 12:30 AM

@ Clive, ALL

Can you break this pin code for this door lock?

I’m an OG, actually got it correct on first guess.

Study the pic. The pin is not 4 digits.

hxtps://nitter.net/TinkerSec/status/1518583239090319363#m

ResearcherZero April 27, 2022 7:24 AM

“signalling messages”

Facebook had presented the platform, which uses end-to-end encryption, as ideal for sensitive communications; now the company’s security team was more than two years into an effort to reinforce the security of its products. One task entailed looking at “signalling messages” automatically sent by WhatsApp users to the company’s servers, in order to initiate calls. That evening, Gheorghe was alerted to an unusual signalling message. A piece of code that was intended to dictate the ringtone contained, instead, code with strange instructions for the recipient’s phone.

… as engineers in Facebook’s international offices awoke and began to scrutinize the code, they grew concerned. …the code seemed “polished, slick, which was alarming.”
the code was an active exploit, one that was attacking vulnerabilities in their infrastructure as they watched. They could see that data were being copied from users’ phones.

“Made a decision to not roll out the server-side fix, because we don’t understand the root cause the impact for users and other possible attacker numbers / techniques.”
https://www.newyorker.com/magazine/2022/04/25/how-democracies-spy-on-their-citizens

Mr McCann was charged with 86 offences, including conspiracy to pervert the course of justice, perjury and intimidating witnesses.

The corruption inquiry is among the most serious integrity probes undertaken by the force’s internal affairs unit, known as the Professional Standards Command, in several years. It has grown to include claims that a small network of police sought to undermine the anti-corruption investigation into Mr McCann and other police suspects.

Four veteran officers alleged to have facilitated the allegedly illegal behaviour have also been suspended and may yet be charged with the offence of misconduct in public office, a source said.

officers lied under oath to obtain search warrants, meaning police raids were authorised by senior officers on the basis of concocted information.
Two juvenile offenders are also affected, according to a statement provided by police to The Age.
https://www.theage.com.au/national/victoria/police-officers-face-corruption-charges-for-allegedly-lying-to-obtain-warrants-20220126-p59rhg.html

“So the question for Mr Morrison is — why do you fear an anti-corruption commission? What is it you’re afraid they will find?”
https://thenewdaily.com.au/news/politics/2022/04/15/morrison-corruption-commission-icac/

“This is not just an information-gathering tool. It’s an intimidation tactic, and it works.”
https://www.newyorker.com/podcast/the-new-yorker-radio-hour/ronan-farrow-on-the-threat-of-spyware-plus-viola-davis

Clive Robinson April 27, 2022 7:44 AM

@ SpaceLifeForm,

Re : Digitas openus…

I’m guessing that it is a right hand Harry Pottering along with a thumb slide down the left and then right across the bottom.

Call it an “ergonomic guess”.

The shape of the finger oil smudges suggest the thumb usage.

JonKnowsNothing April 27, 2022 8:34 AM

@All

Over on Marcy Wheel’s site she has an interesting article, part of a series of on-going reports, that displays problems with Telling The Time.

The particular legal problems are connected to a series of email exchanges, although only a small subset of these have been made part of the court proceedings.

There are 2 different date-time stamps on the released emails.

  The header date time stamp. The body date time stamp.

There is also a 30 second offset in the time stamp on another set of exchanges, where an attached email (forward) has a 30 second date time stamp offset different from the original emailing.

  The body date time stamp in letter A. The same Letter A as a forwarded mail has a 30 second difference.

Among other things, besides the contents which are part of the on-going reports, it shows just how difficult is it technically to Tell The Time.

The overall problem is that legally, they don’t know how to Tell The Time either.

===

ht tps://www.empty wheel.n et/2022/04/26/john-durhams-irregular-now-sealed-timeline/

(url lightly fractured)

Clive Robinson April 27, 2022 9:32 AM

@ JonKnowsNothing, ALL,

The overall problem is that legally, they don’t know how to Tell The Time either.

Nor does anyone else…

For what many see as the,

“Fundemental measure from which all others are taken.”

It’s more than “a bit of a problem” it’s a whole heap of uncertainty piling up on other uncertainties…

Because the thing to understand is time is relative to all points in space be they moving with respect to each other or not, and that makes things just a tads difficult if more than two points in space are involved…

As I noted the other day, take a surface and draw on it a circle and place four equispaced points A,B,C,D, on it. Then have a moving object V that emits a constant frequency tone. As frequency is the reciprocal of time if changes in frequency are seen at the observing points then has time changed if the observed frequency changes?

Well our own ears tell us the pitch or frequency of a tone emitted from a moving object changes. Imagine the object V moving from point A sirctly through the center to point C opposit it. It’s not hard to work out that one point sees the frequency decrease proportionaly to the speed of the object V whilst the other sees it rise proportionately. But what of points B and D, they see the pitch rise and fall but not as a constant. The pitch changes faster at either points A or C and slowest as it goes through the center directly between points B and D.

If you plot out different paths and the resulting frequency changes you quickly find that the changes have nothing to do with the position of V at any one point in time, only it’s vector of direction and velocity.

Which makes life interesting when you realise nearly every location identifing system we have is based on relative time measurments of moving objects…

Winter April 27, 2022 11:00 AM

@Clive

Because the thing to understand is time is relative to all points in space be they moving with respect to each other or not, and that makes things just a tads difficult if more than two points in space are involved…

Clive, I am sure you already know, but as context for the general reader, this was the problem Einstein solved with his theory of General Relativity. Btw, it is also a problem when only two points in space are involved.

JonKnowsNothing April 27, 2022 1:51 PM

@ Winter, @Clive

While it may have an Einstein Answer, the problem is more prosaic, clearly having to do with the whole nature of timestamps on the internet, routing stamps and timing chips and email specs.

iirc(very badly) Some years back, a LEA got a hold of an email archive. The data and timestamps were super important to their case (I don’t remember what the case was about). What I vaguely recall is that the LEA-Tech plugged the archive into a live server and the server promptly reset all the timers and dates in the archive, rendering the entire archive useless as evidence.

The other point of note is that the images are of the display-view and not the email headers and encoding. So the time stamps could be off just from the way the display image was harvested.

The Intercept had a good article about why is it so hard to get Junk Science out o the courts. The short answer is: Once a case has had an outcome, the findings are cast in concrete. Every case thereafter has to do a lot of concrete hammering to get a cleaner start.

Timestamps as proof of anything really aren’t good proofs at all.

===

ht tps:/ /theintercept.com /2022/04/24/bite-mark-evidence-junk-science/
(url fractured to prevent autorun)

JonKnowsNothing April 27, 2022 2:28 PM

@Clive, @All

A curious thought…

1) The PM of the UK Boris-J, was actually born in the USA. He discovered this when he got an IRS demand for Capital Gains Taxes on a house he sold.

2) Now the PM is “guilty” of a series of infractions during COVID lock downs (Partygate).

3) The UK is home base for the “Compliantly Hostile” immigration scheme. These schemes exist in many countries including the USA and come under the heading of “good character” tests. Anyone found to be Not of Good Character can be deported to any of their ancestral homelands even if they had never lived there, or speak the language or have any legal status there (right to work, vote etc).

4) These Good Character tests have descended down the listings to things like “jay walking” (crossing the street outside of a marked pedestrian zone) and minor infractions from decades earlier.

5) Zho… Could the Home Office deport Boris, because he now has more than 1 infraction and he isn’t a UK native born person, and even if he was, he is no longer on the Good Character side of the ledger. So could they deport him to the USA?

6) If he were deported to the USA, afaik, he renounced his citizenship here, so he would be just another “illegal” and subject to arrest on the spot by ICE and incarceration for the foreseeable future.

7) Boris may have some connection to Turkey; would he get a better welcome there? Maybe Lithuania might be the better option?

SpaceLifeForm April 27, 2022 3:55 PM

@ JohnKnowsNothing, ALL

re: What time is it really?

What I found interesting regarding the email timestamps is the timezone differences, not the minute or second differences.

The many second differences are easily explained by a given computer not running NTP.

The timezone difference is more interesting to me. Remember, at the time (sorry) of these emails, It was still daylight saving time in US (most locales), so EDT then would be UTC-4.

So, was Fusion GPS really based in London? Probably, but no way to prove so as anyone can lie to their computer as to what timezone the computer is running in.

Checking article again, because it had few comments yesterday when I first read it.

Ok, someone brought up NTP.

Clearly, the various screencaps of the emails came from multiple machines, and probably none of them were running NTP.

Makes one wonder about Chain of Custody of Evidence, what with no digital signatures of the data, no?

lurker April 27, 2022 5:00 PM

@SLF, JKN

The many second differences are easily explained by a given computer not running NTP.

Indeed varied are the reasons people give to not run NTP, but it might cause apoplexy in a courtroom, where there may be an expectation that the computer is always right.

The timezone problem is almost as varied: if the email client does not show UTC±n (and are they obliged to?) when did Daylight saving start/end in the sender/receiver/’s timezone? were their zone files up to date? As you say, one or both could lie to their computer about the timezone.

Then there is the well known operating system that for many years defied internet convention on the system operation (and timestamping logs, if any), and the wallclock displayed to the user: UTC vs LOCALE.

Clive Robinson April 27, 2022 5:15 PM

@ Winter,

Einstein solved with his theory of General Relativity.

No he did not solve it. The “Einstein field equations”(EFE) are effectivrly a statistical description of the distribution of matter within the geometry of spacetime. As such the EFE effectively described the how and the why of observations, they do not of necessity give predictive solutions (mostly they do not).

It’s one of the reasons we still use Newton’s formulars for describing the motions of the planets and other celestial bodies. That is under certain linearising assumptions, velocities that are way below C, and very weak gravity the EFE reduce down to Newton’s law of gravitation. In essence by the process of further simplification you squash the spacetime to having only small deviations from “flat spacetime”, leading to the EFE effectively being linearized. Hence alowing further simplifying assumptions such as “symmetry” that in a few special cases such as Gravity Waves can sometimes give Exact solutions. But you then need to ask the obvious question “Under all those simplifications what is realy left of the EFE? And “What use are they in the general case?”.

That is trying to use Einstien’s work leads almost every time into something that blows up in your face. Mostly for practical work it gets used to describe a correction factor from a synthetic refrence. See how Global Positioning Satellite Systems”(GPSS) work.

In telecommunications systems the trick is to define a sythetic refrence point and have things so local to it the difference between linear and not is kept to small to matter (remember for very small X sin(X) ~= X and cos(X) ~= 1). You then “hand-off” from one small locality to the next, and just accept the very small errors caused by the boundry crossing as being “linear”. Usually by making the moving object change it’s time refrence to match the new locality it crosses into.

Btw, it is also a problem when only two points in space are involved.

Yes but we can solve the two body problem and a subset of three body problems after that things get very very problematic what ever you use. For instance try to come up with an equation for just four items of equal mass in the same circular orbit that start equidistant you will find that things just won’t work out. Yet nature manages to have rocks and dust maintain orbital disks for comparitively very long periods of time.

One solution is by the use of DFT’s at even the 15th harmonic you can calculate a very sharp corner case to box it in 😉

SpaceLifeForm April 27, 2022 6:19 PM

@ Neeps

Microsoft needs to dig back into their telemetry

Russia-aligned actors began pre-positioning for conflict as early as March 2021, escalating actions against organizations inside or allied with Ukraine to gain a larger foothold into Ukrainian systems.

Way back. Decades. I would recommend they start with their SCM. I would in particular pay heavy attention to what happened around the 98se release timeframe and the devs involved.

Winter April 28, 2022 1:00 AM

@Clive

The “Einstein field equations”(EFE) are effectivrly a statistical description of the distribution of matter within the geometry of spacetime.

I think we do not need to go into quantum gravity here. No time problem has yet needed such detail and a theory quantum gravity is unavailable yet anyway.

No he did not solve it.

You seem to use “solve” in a different way. EFE is exact to every measured and calculated decimal, of which there are many. The calculations are tedious, but nature does not owe us simple solutions. Quantum Mechanics has the same “feature” and no one claims it does not solve the problems of, eg, solid state physics or molecular chemistry.

If you want, and have the resources, you can determine the time difference between points exactly. Which is what geavital wave detection illustrates.

ResearcherZero April 28, 2022 4:05 AM

Evidence for lack of corporate responsibility.
Profits invested in personal asset security of executives and shareholders.

“It’s obvious that corporations are trying to pass on any form of short-term pain they might be feeling … and that’s serving the top, wealthiest class instead of those in need of fair wages or products that are affordable,”

The analysis of Securities and Exchange Commission filings for 100 US corporations found net profits up by a median of 49%, and in one case by as much as 111,000%. Those increases came as companies saddled customers with higher prices and all but ten executed massive stock buyback programs or bumped dividends to enrich investors.
https://www.theguardian.com/business/2022/apr/27/inflation-corporate-america-increased-prices-profits

Market and regulatory failure.

neeps April 28, 2022 6:07 AM

@SpaceLifeForm

I think we need to distinguish strategic assets like deliberately created backdoor-vulnerabilities from major tactical assets like compromised CDNs. I’m guessing Microsoft is talking about deployment of the tactical and doesn’t want to talk about the strategic at all.

fib April 28, 2022 11:47 AM

@vas pup

Re Mars ‘aurorae’

Maybe the solar wind is interacting with the “tail” of atoms expelled from the Martian atmosphere by the same solar wind [in the open circa Martian space, instead of the top of the atmosphere like on Earth]?

Anyway, it’s an interesting finding.

SpaceLifeForm April 28, 2022 2:49 PM

@ neeps

Excellent point.

But, I still believe MS should go back and look inside. What MS thought was a strategic deploy on their part may have actually been deployed against them.

I am not surprised about the number of zero-days anymore. Reverse-engineering patches really works. Understanding well-commented source code is better.

Just yesterday, I saw something a MS person noted some time back. They were reviewing a 10k line source file.

I have no idea which version of Windows this came into use, but if I had to guess, NT timeframe.

A 10k line source file should be ringing your alarm bell immediately. Imagine being given the task to fix that code that you have never seen before. How long do you think it would take you to start studying it and actually understand what it is accomplishing?

Before you attempt to answer that question, what if it kernel source?

Double, triple your estimate, for sure.

He said the souce file was ‘archaic C’, poorly commented. Probably horribly structured too.

He did note that a comment at the top of the file was accurate. The comment:

// this code has bugs

JonKnowsNothing April 28, 2022 3:27 PM

@SpaceLifeForm

re: Looking inside for bugs

RL anecdote tl;dr

During Halloween at a high tech company, the departments put on a skit as part of an afternoon gathering.

The hardware engineering department, dressed in faux monks robes, brought in a chassis of the latest design while chanting “Bring out the dead… Bring out the dead.”

The lead developer reached into the chassis and pulled out handfuls of plastic spiders which were tossed to the gleeful and cheering audience.

“So many bugs… so many bugs…”

Still brings out a grins and the plastic spider adorned my monitor for a long time.

vas pup April 28, 2022 3:45 PM

Did you know TSA prohibits these unsuspecting items from being in your carry-on bag?
https://www.yahoo.com/news/did-know-tsa-prohibits-unsuspecting-185632484.html

“Samsung Galaxy Note 7

According to the U.S. Department of Transportation and the Federal Aviation Administration, all Samsung Galaxy Note 7 smartphone devices are banned from air travel in the United States.

The ban was initiated in 2016 after a series of recalls on the device were ordered due to its tendency to spontaneously combust.

“Device owners have experienced documented incidents of dangerous evolution of heat with both recalled and replacement Samsung Galaxy Note7 devices,” the Department of Transportation said in a statement. “Anyone violating the ban may be subject to criminal prosecution in addition to fines.”

See article for other items.

vas pup April 28, 2022 5:08 PM

“Politics is a matter of choices, and a man doesn’t set up the choices himself. And there is always a price to make a choice. You know that. You’ve made a choice, and you know how much it cost you. There is always a price.”
― Robert Penn Warren, All the King’s Men

Just want to share.

SpaceLifeForm April 28, 2022 5:13 PM

@ ALL

What is a useful protocol that creates trust without having to meet in person?

Tags: Warrants, EDR, AuthN, AuthZ, Role, Identity, Trust, Timestamps, Signatures

hxtps://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/

“It’s highly risky if you get caught,” Weaver said. “But doing this is not a matter of skill. It’s one of will. It’s a fundamentally unfixable problem without completely redoing how we think about identity on the Internet on a national scale.”

The current situation with fraudulent EDRs illustrates the dangers of relying solely on email to process legal requests for highly sensitive subscriber data. In July 2021, a bipartisan group of U.S. senators introduced new legislation to combat the growing use of counterfeit court orders by scammers and criminals. The bill calls for funding for state and tribal courts to adopt widely available digital signature technology that meets standards developed by the National Institute of Standards and Technology.

“Forged court orders, usually involving copy-and-pasted signatures of judges, have been used to authorize illegal wiretaps and fraudulently take down legitimate reviews and websites by those seeking to conceal negative information and past crimes,” the lawmakers said in a statement introducing their bill.

The Digital Authenticity for Court Orders Act would require federal, state and tribal courts to use a digital signature for orders authorizing surveillance, domain seizures and removal of online content.

The main problem to think about, is how does the key signing work?

How does one trust a Pubkey?

I could tell you all here publicly, a pubkey for encryption, and another for signing. Disregard any data channel to make that useful.

But, unless you have met me face-to-face, and we have proved to each other that you and I are both who we say we are, and have exchanged signed and encrypted challenges in near real time (while face-to-face), showing each other that we both have control of the private keys, you can not really trust me, nor can I trust you.

What is a useful protocol that creates trust without having to meet in person?

Clive Robinson April 28, 2022 5:23 PM

@ vas pup, ALL,

With regards,

“You’ve made a choice, and you know how much it cost you. There is always a price.”

Whilst there is always a price, it is effectively a zero-sum game, often the real cost is hidden from you quite deliberately.

Otherwise a rational actor would chose to not have any of the choices on offer, so effect change. Which is a problem, because there are those who firmly believe that not only can change not be allowed, it must most definately be prohibited at all costs, including but not limited to the lives of the innocent.

Certain people were not being whimsical when talking about the blood of patriots and tyrants alike. As always the so called “collateral damage” whilst not on the order, allways comes with the “butcher’s bill”.

vas pup April 28, 2022 5:41 PM

@Clive related to “about the blood of patriots and tyrants alike”

“Process as process is neither morally good nor morally bad. We may judge results but not process. The morally bad agent may perform the deed which is good. The morally good agent may perform the deed which is bad. Maybe a man has to sell his soul to get the power to do good.”
Robert Penn Warren, All the King’s Men: Restored Edition

lurker April 28, 2022 6:46 PM

@SpaceLifeForm, “// this code has bugs”

That must come with an Artistic Licence because I’ve seen it in more man pages than I want to remember…

Clive Robinson April 29, 2022 2:20 AM

@ SpaceLifeForm, ALL,

What is a useful protocol that creates trust without having to meet in person?

As I keep pointibg out it depends…

Firstly define what you mean as “trust” it is a “weasel word” with very different meanings.

But for simplicity assume that,

1, Human Trust
2, Security Trust

Are two very different things with almost opposite meanings.

If you are asking about “Human Trust” then the answer to your question is the one I’ve made before,

“You can not solve sociological problems with technological solutions.”

That is doomed from the get go.

If you are asking about “Security Trust” it is a problem that is still been worked on with “Rendezvous Protocols” that will mostly fail to achieve what you appear to be asking for.

To see why you first have to understand the parable of the apple barrel.

For a couple of weeks each year a farmers apple trees have fruit just right for picking and storing. But how to store them is a question that is very old.
It was found that using a barrel that was tarred on the outside and dry straw lined on the inside would in most cases work. But making such barrels is expensive so it was thought the larger the barrel the better. But the farmers found this was a bad idea and ended up using lots of smaller expensive barrels.

Why did they go down that expensive route? Well it turns out that just one bad apple in the barrel will turn every other apple in the barrel no matter how good bad eventually. The problem is when you pick an apple you have no way of telling if the apple is good or bar, and the apple does not know either. So if all your crop is in one barrel you loose your entire crop. If however you use two barrels the chance is better that you only loose half the crop and so on. The more barrels you use the better your chance of keeping most of the crop.

Or to put it another way whilst the number of bad apples is small, you can minimise the harm they can do by minimising their reach. It appears the obvious lesson, but actually it’s not.

The important lesson is,

“No matter how good you make a barrel, it can not stop the rot inside”.

So whilst “security trust” can make good barrels, it’s “human trust” failing that rots from within.

Hence technology can not solve all the trust issues, in fact it can solve very few of them, and then usually at some other cost.

To see why. Lets see an actual example.

To most people the “True OTP” is just to much of a hassle to make. So many have been seduced,by the idea of the “Faux OTP” or “Stream Cipher”. The argument being that you can replace a “True RNG” with a “Crypto Secure” or “CS-RNG”.

The problem is that whilst the Faux OTP can appear to give you advantages over the True OTP such as a guarantee of flat distribution and no key reuse it comes at a very very steep price. That is every bit from the CS-RNG is determanisticaly related to every other bit. The entire security strength of a True OTP is “equiprobable” that goes right out of the window with a CS-RNG. What also goes with it is the all important “deniability in the face of examination or betrayal”.

An examining third party gets to see,

1, The ciphertext.
2, The claimed KeyMat.

If the betraying party or the agents of the examining third party know or can show a CS-RNG was used, then they can either reproduce or produce the plaintext with such a degree of certainty that deniability is effectively removed from the betrayed party. Because there is no independence of bits at some point (unicity distance) the rest of the KeyMat can be calculated.

However if a True OTP is used, both the first and second parties can easily produce a fake piece of KeyMat that produces any plain text they wish and claim it is valid. Thus all a betraying party does is betray themselves not the other party who retains full deniability as to the plaintext.

The reduction in effort and cost with a Faux OTP made with a CS-RNG is “using a bigger barrel” thus the risk of loosing the whole crop over just one bad apple is guaranteed. However use all those tiny barrels of the True OTP made with a True RNG then you only loose one bad apple, not the rest of the crop.

But to make the point further. All “Security Trust” can give you is a secure Shannon Channel down which a human can send any message of their choosing. It is “Human Trust” that defines if that message is good or bad.

So whilst “Security Trust” can make it look like a message can be trusted, in fact it can not. Especially with modern technology usage.

Because of another point I keep making which is “Where is the security end point”. If as an attacker I can get to the plaintext interface at the far side of the security end point it’s game over, I gain all the “Security Trust” of the technological solution…

If you look far enough back on this blog, you will see that @Nick P, @Wael, several others and I discussed this with regards “Code Signing” for patches and why it could never be trusted… Which has more recently been repeatedly –embarrisingly for Microsoft and the like– proved.

Well this “emergancy” system suffers from exactly the same failings…

1, Bad Apples always exist.
2, All technical measures humans use are vulnerable to “end run attacks”.

In short,

“Such a system can NEVER be TRUSTED.”

A point that should be beaten into every legislators head with a suitable “$5 Wrench” as the flip side to what KXCD indicated so many years ago.

SpaceLifeForm April 29, 2022 2:59 AM

@ Clive, ALL

I was referring to “Security Trust”. There are too many examples of where “Human Trust” has failed, because the person turned out to be a Bad Apple.

Sorry for not being clear.

Winter April 29, 2022 3:51 AM

@SpaceLifeForm

There are too many examples of where “Human Trust” has failed, because the person turned out to be a Bad Apple.

I suspect that, in the end, meaningful Security always involves “Human Trust”.

But see also
Inside Risks An Integrated Approach to Safety and Security Based on Systems Theory
ht-tp://www.csl.sri.com/users/neumann/cacm232.pdf

Safety experts see their role as preventing losses due to unintentional actions by benevolent actors. Security experts see their role as preventing losses due to intentional actions by malevolent actors.

Clive Robinson April 29, 2022 5:50 AM

@ Winter, SpaceLifeForm, ALL,

Re : Inside Risks An Integrated Approach to Safety and Security Based on Systems Theory quote.

The implication of that quote is “one or the other” style reasoning and that is realy not the case.

I see them as one and the same, my fundemental viewpoint being

“There is no such thing as an accident they are all predictable events by the laws of nature. All that is lacking is sufficient information in sufficient time to take corrective action.”

For years I’ve pointed out two things of note in this respect,

1, The French language has one word for both “Sécurité”.
2, They are both subsets of the more general Quality Process.

That is there is no real distinction between them they are just points on a spectrum. That is there are ranges involved,

A, Benevolent to Malicious.
B, Unintentional to intentional.

And we realy should think accordingly, as the old joke has it,

“The only difference between an outsider and an insider attacking, is the latter has a little more patience to get alowed in”.

The notions expressed in points A and B are “touchy feely feal good nonsense” made by post event observers, and have no place in the design and construction of technical systems.

How often have I pointed out that,

1, Technology has no agency it possesses no inate intelligence, emotion, or ethics.
2, Technology has no more understanding of good or bad than your finger.
3, It does as commanded by a Directing Mind that has agency and some inate intelligence, as for emotion or ethics that is open to question.
4, It is the observer who decides if the commanded use by the Directing Mind is good or bad, as the observer often has the social functions of emotion and ethics.
5, Emotion and ethics are the processes of societies functioning and they obviously change as society changes.

It’s why I also point out that,

“Technological systems can not be used to solve sociological issues”

It’s why the likes of Machine Learning and Soft-AI will mostly fail for the uses many ill-informed people want to put them to. But why do they want to do so? Is it due to their own inate inabilities or their desire to put in place a “fall guy” behind which they can hide their true intent?

But if you want just one take away to learn from, that I repeat from time to time with regards both Safety and Security systems,

They are a Quality Process that should be in place before day zero of any project.

Just acknowledging and acting on that one thing will start to improve things quite noticeably.

SpaceLifeForm April 30, 2022 3:12 PM

@ Winter, Clive, ALL

I suspect that, in the end, meaningful Security always involves “Human Trust”.

True. Here, though, in the context of fake EDRs, and fake warrants with a forged signature of a Judge, there must be a way to root that out.

“They are a Quality Process that should be in place before day zero of any project.”

Which includes Security. The evidence is clear, you can not bolt on security to a process after tbe fact. It will fail. Security must be addressed on day zero.

And EDRs are a project, using an insecure process.

Shamir Secret Sharing could help root out the Bad Apples.

Clive Robinson May 1, 2022 6:48 AM

@ SpaceLifeForm,

Here, though, in the context of fake EDRs, and fake warrants with a forged signature of a Judge, there must be a way to root that out.

Not sure a judges signiture is needed with an EDR.

If it is though it will only change the game slightly at best, because the “authorities” don’t want a secure system. As that would deprive them of at the very least some level of deniability which implies liability…

The essence of an authoritarian system is to acrew things like money, status, acolytes, and pseudo-legitimacy to get power. But power is not the end game. The end game is,

“Unbridled control over others”.

You see this in “The King Game” where the head of the hierarchy claims to be acting on the direction of a deity as the “God-Head”[1]. As their actions are divine they can not be questioned. So

“Total Control gives total coruption.”

Which means they have to have,

“No actual liability or responsability in the system.”

Just the sufficient illusion of it to act as a barricade to any investigator. You see this with all the “Thin Blue Line Brotherhood” nonsense.

Obviously such total coruption is desirable to others, not in the authoritarian hierarchy. The hierarchy obviously labels them as the modern form of heritic, of Terrorist or Criminal to demonise and make a distinction. In fact the only real distinction is being inside or outside of the necessary ring around the king.

So whilst,

Shamir Secret Sharing could help root out the Bad Apples.

Might stop “outsiders”, it won’t stop “insiders” as it is a technological solution of Security Trust being applied to a sociological issue of Human Trust.

Worse the hierarchy will fight anything that roots out “Bad Apples” because the whole purpose of the hierarchy once the turn has happened is to provide a haven for “bad apples”.

Thus what is actually needed is a command structure that can not be turned… I’m unaware of any such system existing, even though I am aware of actual attempts (look at PGP’s early history for a technological example via a “web of trust”, and later “reputational systems”).

The nearest I’m aware of on the sociological side are not actually experements. They are organisations with a single non party political aim and having or developing an overriding principle to “total openness” to never do anything in secret. So not just all is documented but all is documented in public.

We know that in the UK and the US there have been attempts by various Govenment IC and LE agencies and private well funded groups, to infultrate and change such organisations. Primarily so they could be discredited by “dirty tricks” campaigns. But where the open and non political principles held, such attacks usually failed. In fact they sometimes back fired drastical through the court system for the likes of defamation or worse. One eventual fall out in the UK was the comming to light of Met Police active policy on undercover agents forming illegitimate relationships and siring of children that created a significant scandle.

Whilst such organisations can endure their popularity is based on societal support, so as society changes their popularty thus fortunes wax and wane. One such organisation you can look up is the originally late 1950’s London based “Campaign for Nuclear Disarmament”(CND)[4]. Their semaphore ND in a circle symbol has become the de facto peace symbol around the globe.

[1] Divinity by God-Head is a form of absolute deniability. The King claims to be the humble servant of God’s direction. So in effect just like your index finger it is free of liability for what happens as it is therefor not the “directing mind” and has no responsability or liability[2]. But also… To question in any way the God-Heads actions is the act of heresy, thus an unplesant death or worse for those who do.

[2] Therefore they have absolutly no liability for their actions outside of a necessary trusted ring. So they can outside of that ring do what ever they please, as long as the ring is kept loyal. To reduce the number, risk and cost from the necessary ring, there is the rule of succession. This is where the God-Head “is in the blood” and can only be passed to a blood relative[3] hence the need for “An heir and a spare” preferably from a direct blood relative of the most powerfull of the necessary ring. Hence the reason heraldic symbols that make historic blood lines clear even to illiterate peasents, even if they are a compleate fabrication (one of the reasons some blood lines include Jesus…).

[3] To see two results of this, look up the roll of castration and emasculation in royal courts, and how eunuchs gained incredible political power. Sufficient that many willingly self emasculated. Secondly the results of the blood line “closed stud book breeding” that has given rise not just to so many “royal diseases” but as in the case of the Spanish Habsburg blood line and the disfiguring Habsburg Jaw. When, Charles V, arrived in Spain in 1516 to become ruler, he couldn’t fully close his mouth due to his Habsburg jaw. Apparently this gave rise to ribald comments from the subjects. However that jaw was a sign of a deeper malignancy from the inbreeding, that of increasing sterility from generation to generation, and the demise of the Habsburg blood line.

[4] I rather suspect CND’s popularity is going to grow again based on current events on the far Eastern boarders of europe. With the threats made by adjoining nation’s failing psychopath leaders to use nuclear weapons to stop what they see as dissent by those nations on the edge of Europe, but not yet under it’s protection.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.