Friday Squid Blogging: Strawberry Squid Video
Beautiful video shot off the California coast.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Beautiful video shot off the California coast.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
John • April 15, 2022 4:23 PM
I was just out looking at the early spring flowers here in NH USA.
Crocuses, Daffodils, and little white a blue flowers.
It is a nice time of year!!
SpaceLifeForm • April 15, 2022 4:34 PM
@ Ted, Clive
Almost speechless. Smiling. High Praise. Totally Fair Use.
You will not have to read far.
SpaceLifeForm • April 15, 2022 5:21 PM
While your WiFi and BT may not really be off, you can defend against sound and light exfiltration.
Light: Tape over camera.
Sound: Play background noise.
Maybe also just not use Zoom or WebX.
lurker • April 15, 2022 6:07 PM
On just this blog this week we get:
1) Suspected attempt to intrude on Ukraine power grid;
2) Potential vulnerability via SMB;
3) Possibilities for entry to ISC systems.
So what’s new? These things happen and will continue happening because:
1) people keep connecting power grids to the internet;
2) MS always leaves ports open to save the user from having to open them when needed;
3) ISC systems were designed to be easy to get into and “adjust”.
The fix is fairly simple:
1) don’t connect vital infrastructure to the public internet, or, if it’s really, really necessary, bolt it down securely (see also 2 & 3);
2) don’t use Windows, other Operating Systems are available, or, why do you need SMB on the internet? better protocols are available;
3) if you really, really need to have your ISC on the internet for monitoring, make it read-only. Yes, you’ll need a firewall. A lot of fault conditions reported will require on-site attention to mechanical devices that cannot be repaired over the ‘net.
There was another one this week that the link has drifted, which gained entry by probing ssh user/password logins.
I keep hearing the lyrics “Life gets tedious, don’t it?”
Leon Theremin • April 15, 2022 6:14 PM
Can You Insert Hardware Trojan Spyware IP into an IC at the Fab? Yes
Russian Elbrus CPUs produced in Russia (when they are ready) may very well be the first CPUs without silicon trojans like AMD/INTEL/APPLE/GOOGLE ones. Putting my buy order soon.
you can defend against sound
Sound: Play background noise.
This isn’t so simple. You need to make sure the eavesdropper cannot extract your signal by cross-correlation taking into account time is your worst snitch. So you end up randomizing/white-noising your background noise but still this is not sufficient. You can still be “degaussed” by signal energy levels and the way they mask into the environment if you can “sponge” yourself in.
Nick Levinson • April 15, 2022 7:23 PM
The wealthy or famous need a website just for their security, even if they don’t want a website or email and have no other use for it. Otherwise, someone else can create a website and do a pretty good job of impersonating the victim and then offering to give away money (it would be a scam for finding out other victims’ bank account details) or receive emails meant for the real person (and answer some in the wealthy/famous person’s name). See https://web.archive.org/web/20210424232326/https://www.yahoo.com/news/mackenzie-scott-gave-away-billions-160458841.html , based on https://www.nytimes.com/2021/04/24/business/mackenzie-scott-giving-scams.html .
Rich or well-known; it’s not necessary to be both. If you’re either one but not both, you still need a site. Anyway, it’s unlikely anyone rich will stay unknown for long. If you’re infamous, that’s like being famous, so you’re in the same boat.
Institutions, including governmental, nonprofit, and business, have the same need. Only the smallest and least well-known usually need not bother.
Try to get a .com domain that is based on your name and have the content professionally designed or look like it was, even if the content is short, because those two steps will help your site’s credibility as really yours and may help raise your Google ranking over scammers’ attempts. Even if you don’t want email, have a contact page that will send you emails (this can be done without publishing your email address). Nonprofits should use the .org domain but if whether you’re nonprofit is not obvious then get both .com and .org domains for the same name.
Zbi • April 15, 2022 8:11 PM
JARON LANIER DOES NOT EAT CEPHALOPODS: https://www.ft.com/content/a3ea16f6-7edd-11e8-bc55-50daf11b720d
Ted • April 15, 2022 9:10 PM
Re: Strawberry Squid
I’ve always wondered how far back some morphology goes. I see this week’s squid has one larger eye to see above, and one smaller eye to see below. That seems like a really unique adaptation.
I sometimes wonder if my cat came from a sea creature because of her countershading – light fur underneath and dark fur on top – like a dolphin or a reef shark. If sea creatures loved strings, strings, strings it would be uncanny 🙂
Ted • April 15, 2022 9:25 PM
Almost speechless. Smiling. High Praise. Totally Fair Use.
This calls for the Cha Cha Slide!
Curious • April 15, 2022 11:26 PM
I saw this on twitter just now, about how there is a study allegedly showing how online (some) video teleconferencing apps keeps recording audio even after you click “mute”.
The study has not yet been published according to the newspaper. I don’t know this website, but perhaps there is something to all of this.
This made me think of, how one maybe can’t ever know (or prove) if one is under surveillance, if an AI collects all kinds of data in all kinds of ways.
I live in a new apartment with wifi antennas built into the walls as I understand it, and if they can build in wifi antennas they can probably build in a microphone as well.
I’ve seen I think two articles i Swedish the last couple of years about how the police and some politicians want to place video and audio surveillance in people’s homes. That they want to target suspected criminals, doesn’t make it any better I think.
ResearcherZero • April 16, 2022 1:52 AM
Hardware switches, otherwise yank the cable when not in use.
The team suggests the solution might lie in developing easily accessible software “switches” or even hardware switches that allow users to manually enable and disable their microphones.
Critical CISCO WIFI vulnerability
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator.
This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable.
Customers may only install and expect support for software versions and feature sets for which they have purchased a license.
To determine whether the Cisco WLC configuration is vulnerable, issue the show macfilter summary CLI command. If RADIUS compatibility mode is other, as shown in the following example, the device is considered vulnerable
Option 1: No Macfilters in the Environment
Customers who do not use macfilters can reset the macfilter radius compatibility mode to the default value using the following CLI command:
wlc > config macfilter radius-compat cisco
Option 2: Macfilters in the Environment
Customers who use macfilters and who are able to change the radius server configuration to match other possible compatibility modes can modify the macfilter compatibility to either cisco or free using one of the following CLI commands:
wlc > config macfilter radius-compat cisco
wlc > config macfilter radius-compat free
“Our analysis of other behavior by the threat actor suggests that the actors may be mining the downloaded private repository contents, to which the stolen OAuth token had access, for secrets that could be used to pivot into other infrastructure.”
The impact on the npm organization includes unauthorized access to private GitHub.com repositories and “potential access” to npm packages on AWS S3 storage.
lurker • April 16, 2022 2:03 AM
When is a mute not a mute?
When it’s in a bowl of turtle soup.
As a hardware guy, if anyone ever asked me to use one of those “vca” I would be happy to set up my own camera and mic thru an interface box to USB. What’s wrong with the camera and mic built in to the computer? I can’t see the physical wires for a start, never mind the software boondoggling. As for the apps that don’t even use the APIs that MS provides, well isn’t that just like DOS 3 again…
NB the wisc.edu article contains a link to the paper.pdf to be presented in July.
Clive Robinson • April 16, 2022 4:46 AM
So what’s new? These things happen and will continue happening because
You are begining to sound sufficiently like me that people might incorrectly assume, one of us is a wooly foot apparel on strings for the other 😉
Clive Robinson • April 16, 2022 5:03 AM
@ Leon Theremin,
Can You Insert Hardware Trojan Spyware IP into an IC at the Fab? Yes
This is realy old news.
@RobertT, @Nick P, @Wael, myself and others discussed the ins and outs of all of this something like a decade ago on this blog.
In part it was why I spent more time on “Castles -v- Prisons” as it’s potentially the only way to deal with such issues.
Russian Elbrus CPUs produced in Russia
If they ever get to see the light of day, why should anyone trust them anymore than product from America, China, Europe, France, Japan, South Korea, North Korea, Taiwan, UK, etc?
There is a saying about patriotism and idiocy both ruining a nations collective IQ.
JonKnowsNothing • April 16, 2022 5:54 AM
A MSM report of California Police using their Patrol Car Public Address (PA) Systems to play copyrighted music when interacting with a stop.
Sounds like a nice Happy Gesture except …
The music, often Disney or other popular music themes, is copyrighted and heavily monitored on social media platforms with immediate Take Downs issued.
The blaring music is intended to be picked up as background noise by anyone videoing the interaction between the police and the individual. The volume is loud enough to obscure the conversation between the officer and their person of interest.
So, if a person videoing an interaction, uploads their video to social media platforms for archive, safe storage, and documenting the encounter, the rigid Take Down enforcement is triggered by the background music and the video is deleted.
POOF and BAM! No more views and no more alternate narratives.
officers blaring music from PA System
Disney Music Copyright Take Down Notice
vas pup • April 16, 2022 1:51 PM
The Robot Dog That Helps With Dementia – BBC Click
Astronauts return after China’s longest crewed mission
“The crew of one woman and two men landed after six months aboard China’s newest orbital station. Their Shenzhou-13 spacecraft is the latest mission in China’s drive to become a major space power.
During the mission, astronaut Wang carried out the first spacewalk by a Chinese woman. The 42-year-old woman was a military transport pilot.
Mission commander Zhai, 55, is a former fighter pilot who performed China’s first spacewalk in 2008. Ye, 41, is a People’s Liberation Army pilot.
The trio completed two spacewalks, carried out numerous scientific experiments, set up equipment and tested technologies for future construction during their time in orbit.
They also beamed back physics lessons for high school students.
China has put billions into its military-run space program, with hopes of having a permanently crewed space station by the end of 2022.
China has been excluded from the International Space Station (ISS) since 2011, when the US banned NASA from engaging with it.
The second-largest economy has plans to be on par with the US and Russia, which have decades of experience in space exploration.
Beijing is also planning to build a base on the moon, and the country’s National Space Administration said it aims to launch a crewed lunar mission by 2029.=
JonKnowsNothing • April 16, 2022 2:46 PM
re: Ownership of Chattel Labor
This is going on daily and quite well in many parts of the globe. There are governments and countries where the definition of Chattel Labor hasn’t changed in a long time.
In countries where they have changed or altered the use of of the term “chattel” as applied to humans, there are equivalent methods of achieving the same effect via other “official and legal” means. Indentured labor is still quite common around the globe and in “developed countries” that use different words to describe the same situation. (1)
1) The re-definition of “relevant” to mean “all”
vas pup • April 16, 2022 6:07 PM
Web3: What is it? How does it work?
“In a Web3 world, information is stored in virtual digital wallets, not in data centers. Individuals use these wallets to tap into Web3 applications, which are run on block-chain technology. When a user wants to disconnect from an application, they simply log off, disconnect their wallet and take their data with them.
Web3 developers also don’t need huge amounts of capital to design applications, which helps maintain autonomy.”
Read the whole article for details and chart at the bottom in particular.
SpaceLifeForm • April 16, 2022 10:40 PM
No checks of $100 million or more accepted.
ResearcherZero • April 16, 2022 11:34 PM
“There is a saying about patriotism and idiocy both ruining a nations collective IQ.”
Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously worked for companies under US sanctions.
Considering that these companies were sanctioned by the U.S. Treasury last week and Microsoft owns GitHub, an American company, the action is not unexpected.
However, suspending the private accounts of dozens of individuals that host no content connected to any sanctioned entities is quite surprising.
This appeal form requires the individual to certify that they do not use their GitHub account on behalf of a sanctioned entity.
ResearcherZero • April 16, 2022 11:42 PM
“We have never seen anything like this; it’s an exodus,” the source said. “There is higher morale in the Russian army than Morrison’s home division. The damage Hawke and Morrison have deliberately caused to the Liberal Party will long outlast Morrison’s prime ministership.”
Simmering anger has ripped through the division after local branch preselections were abandoned in 12 NSW seats following an intervention by Prime Minister Scott Morrison and his key ally, Immigration Minister Alex Hawke. 350 people quit the party
As the floodwaters rose higher and higher, submerging the stilts that once protected his home, Laurence Axtens grabbed a chair and placed it on top of a table.
Into this last-ditch perch he muscled his 91-year-old mother and then called for help. The police said that there was nothing they could do, but that someone from emergency services in their Australian state, New South Wales, would call back.
Three weeks later, Mr. Axtens is still waiting for that call.
“governance guided only by ideology without any concern for moral outcomes is a dangerous and deadly trap”
“Australia is the world’s largest exporter of both coal and gas. It recently was ranked 57th out of 57 countries on climate-change action.”
Mr. Morrison has tried to present the fires as catastrophe-as-usual, nothing out of the ordinary. This posture seems to be a chilling political calculation:
Australia is acutely vulnerable to climate change and it’s per capita emissions have shot to the highest in the world.
“accepts the findings of the IPCC and is seriously concerned about the potentially significant economic, social and environmental impacts of climate change, particularly on Australia”
“recommends that the Commonwealth undertake an assessment of the economic, social and environmental costs of a failure to adequately address climate change, particularly at a regional level”
Climate Change Performance Index 2022
Australia (Last Place) 0.00 Very Low Very Low Very Low
Australia – with the worst possible score – is still ranked worse than Brazil and Algeria. Australia receives ‘very low’ ratings in every CCPI category.
“there are lessons in these situations”
History shows that societies collapse when leaders undermine social contracts
How did thriving metropolises disappear like rain on the mountainside? Now it makes sense.
“Leadership becomes an appeal to prejudice and narcissism. The social future that marshals effort above and beyond oneself enabling the collective system to flourish shatters and with that comes precipitous decline.”
On the Beach
In 1957, Nevil Shute wrote his nightmarish vision of waiting to die in a nuclear catastrophe, On the Beach. He set it in Australia, the last place on earth to receive the radioactive fallout that would wipe out life on earth. That notion of isolation and relative safety has long been a mainstay for global views of Australia. In 2021, it may well be the reverse. It’s in Australia where it all begins – the bellwether of inaction on climate change.
Nick Levinson • April 16, 2022 11:42 PM
It says so in the U.S. I.R.S. official 2021 Form 1040-V (f1040v.pdf at irs.gov), page 1, column 2. The reason (the Nitter poster asked why in a comment) is likely that their database field or attribute has a fixed length of ten digits (8 for dollar digits and 2 for cents digits). Possibly, like one spreadsheet, some modern databases may deal with very large numbers by accepting them but insisting on displaying them in scientific or extended notation, which usually is approximate, which could wreak havoc with taxpayers’ legal rights if they pay.
However, in accordance with the instructions on the same form, you can pay $100,000,000 in cash on time provided there are 100,000 days between today and Monday night.
Maybe a decade ago, a major credit card company sent thousands of people bills for about 23 quadrillion dollars each. A couple of newspapers covered this, even the N.Y. Times. I was surprised that the company’s money field was designed to accept that many digits without input validation. The gross world product is merely 100 trillion give or take, per year, lately.
It is my practice to pay 23 quadrillions only in cash, because I don’t want that on my bill.
ResearcherZero • April 17, 2022 12:17 AM
For the first time, Defence spent more on domestic operations assisting the civil authority with Covid Assist and flood relief ($257.9 million) than it did on operations overseas ($255.3 million). But there’s little indication in the PBS that Defence is structuring itself to better meet contingencies of that nature.
…if the pudding is staying the same size while somebody is getting more of it, then somebody has to get less.
I’ve calculated that if this federal budget was $100, Australia would be spending $6 on defence, 72 cents on development, and a copper coin on the practice of diplomacy. In its primary focus on military responses, Australia risks being behind international trends.
I find this strange when I look at what diplomacy has done through the coordinated international response to Russia’s invasion of Ukraine, described by a Russian spokesperson as “total war.” It is a great illustration of how muscular and forceful international cooperation can be.
The US strategy includes building resilience within countries – including a free press, vibrant civil societies, and fiscal transparency to expose corruption – and building connections within and beyond the region through bilateral and multilateral engagement. It also focuses on driving regional prosperity by setting out economic frameworks and supporting digital economic governance, decarbonisation, clean energy investments, infrastructure, and secure supply chains.
And this is not an outlier.
The budget papers released on Tuesday night reveal overall spending on Defence co-operation programs will fall from an estimated $236m this financial year, to a forecast $227m in 2022-23.
“On the economy, it will paint Labor as a choker of growth. On security, it will call it soft on defence. In a particularly crass move, Mr Morrison has called Anthony Albanese, Labor’s leader, Beijing’s candidate.”
Clive Robinson • April 17, 2022 4:08 AM
@ vas pup, ALL,
Re : Web3: What is it? How does it work?
We’ve been through this befor, it will be an unmitigated disaster.
The crypro-coin shills have been given a new place to scream their nonsense and all those who foolishly put their money into block-chain tech and the like see a new oportunity to try to make it back from new fools.
Oh and there is that new nonsense of Non Fungible Tokens to pretend is an investment in black tulips…
Web3 is a very definitely a “con” and people would be wise to stear well clear of anything to do with it.
John • April 17, 2022 4:41 AM
Gotta wonder what is not a con these days??
Winter • April 17, 2022 5:35 AM
We have all seen this before, forced deportation, concentration camps, cremation of victims.
Russia ‘forcibly deports’ doctors, medics and civilians from Mariupol in war crimes cover-up, Ukraine claims
Footage shared by Mariupol City Council – which has not been independently verified – claims to show Ukrainian medics and civilians being shuffled into an enemy tank in the besieged city, which has largely been reduced to rubble after weeks of intense Russian bombardment.
Mariupol Mayor Vadym Boichenko said an estimated 40,000 residents have been deported from the region since the start of the invasion.
It follows claims that Russia has begun a widespread operation to erase all evidence of war crimes in cities such as Mariupol, as President Putin faces accusations of genocide from world leaders.
Mariupol City Council claimed on Wednesday that Russian forces have started deploying mobile crematoriums in Mariupol to cover up evidence of mass civilian “murders”.
Winter • April 17, 2022 6:23 AM
“Mr. Morrison has tried to present the fires as catastrophe-as-usual, nothing out of the ordinary. This posture seems to be a chilling political calculation:”
In democracy, I also consider that voters should heed: “Fool me once, shame on you, fool me twice, shame on me”
This is another version of the cruel law of society that “a people get the Government they deserve”.
Martin • April 17, 2022 6:36 AM
Re: Your Web 3 Post
Your concise comments/perspective on Block-Chain and NFTs are much appreciated.
SpaceLifeForm • April 17, 2022 1:11 PM
@ Nick Levinson, ALL
re: PIC 9(8)V99
It was not a question to me.
is likely that their database field or attribute has a fixed length of ten digits (8 for dollar digits and 2 for cents digits).
It is not ‘likely’. It is fact.
The PIC definition specifies exactly that there is 8 digits to the left of the decimal point, the ‘V’ defines the decimal position, and the 99 specifies that there are two decimal digits to the right of the ‘V’.
This is mainframe Cobol. Been there, done that. Never got a T-shirt.
I found it funny that the IRS spelled it out so clearly. How many people actually run into this problem where they have to cut multiple checks? Likely few.
Simple fix, right? Just change the definition to PIC 9(12)V99 and recompile. Wrong.
In theory, that sounds viable, but in reality, there would be so many ripple effects, that the programmers would scream.
There are certainly flat file record formats and databases (probably DB2) that would be impacted. Green Screen layouts, Printed reports too.
There may be even, to this day, be 80 column punched card Hollerith record layouts that are still being used. This is not to say they are still using physical punched cards, just that there is likely still software being used that only will deal with 80 byte records, with all kinds of data crammed into 80 bytes with no room to spare.
Legacy design dies hard.
Ripple effects are huge.
pup vas • April 17, 2022 1:49 PM
Swedish police shoot 3 during fresh riots — reports
=Three people were injured as police fired warning shots at rioters in the eastern city of Norrkoping, local media say. The unrest had started after a far-right politician threatened to burn a copy of the Quran.
During an interview with Aftonbladet on Sunday, Sweden’s Justice Minister Morgan Johansson told the rioters to “Go home, immediately.”
While labeling Paludan a “right-wing extremist fool, whose only goal is to drive violence and divisions,” Johannsson said that !!!!”Sweden is a democracy and in a democracy, fools also have freedom of speech.”
Agree absolutely. Fight ideas with ideas, and violence by law enforcement. Period.
!!!!!”Those who attack the police are criminal perpetrators. There is no other way to deal with them than to put up a hard fight,” he insisted.=
JonKnowsNothing • April 17, 2022 2:01 PM
re: On the importance of a “dot”
A fun MSM report on the findings of an important Mayan Glyph. The glyph depicts a deer head and a number in Mayan Script.
For those who have read or seen documentaries on the life of Richard Feynman, they may remember how he deciphered Mayan Glyphs and Mayan Codices on his own. The unpredictable Mr Feynman never let anyone stand in the way of figuring out things for himself.
I also have an arcane interest in Mayan Glyphs as well as forms of iconography.
So I was greatly interested in this important glyph. There was one thing wrong with the image in the report. The number that was reported is 7, but the image showed the number 6.
The report contains some great details about the Mayan counting systems (base 13 base 20 ), but I couldn’t understand why they would claim it was the number is 7 when it is clearly a 6.
The answer, listed as a caption under one of the images is:
7 Deer is a calendar date from 2,300 years ago.
Uaxaclajuun Ubʼaah Kʼawiil (aka 18 Rabbit)
ht tps://ars technica .com/science/2022/04/this-is-the-oldest-known-use-of-the-maya-calendar/
(url lightly fractured)
pup vas • April 17, 2022 2:27 PM
Recalled experiences surrounding death: More than hallucinations?
=Due to advances in resuscitation and critical care medicine, many people have survived encounters with death or being near-death. These people — who are estimated to comprise hundreds of millions of people around the world based on previous population studies — have consistently described recalled experiences surrounding death, which involve a unique set of mental recollections with universal themes.
The recalled experiences surrounding death are not consistent with hallucinations, illusions or psychedelic drug induced experiences, according to several previously published studies. Instead, they follow a specific narrative arc involving a perception of: (a) separation from the body with a heightened, vast sense of consciousness and recognition of death; (b) travel to a destination; (c) a meaningful and purposeful review of life, involving a critical analysis of all actions, intentions and thoughts towards others; a perception of (d) being in a place that feels like "home," and (e) a return back to life.
The experience of death culminates into previously unidentified, separate subthemes and is associated with positive long-term psychological transformation and growth.
Studies showing the emergence of gamma activity and electrical spikes -- ordinarily a sign of heightened states of consciousness on electroencephalography (EEG) -- in relation to death, further support the claims of millions of people who have reported experiencing lucidity and heightened consciousness in relation to death.
Frightening or distressing experiences in relation to death often neither share the same themes, nor the same narrative, transcendent qualities, ineffability, and positive transformative effects.
So far, the researchers say, evidence suggests that neither physiological nor cognitive processes end with death and that although systematic studies have not been able to absolutely prove the reality or meaning of patients’ experiences and claims of awareness in relation to death, it has been impossible to disclaim them either.=
pup vas • April 17, 2022 2:42 PM
The ethics of research on ‘conscious’ artificial brains
=This, the paper explains, provides guidance on how strict the conditions for experiments should be. These conditions should be decided based upon several criteria, which include the physiological state of the organoid, the stimuli to which it responds, the neural structures it possesses, and its cognitive functions.
!!!!Moreover, the paper argues that this framework is not exclusive to brain organoids. It can be applied to anything that is perceived to hold consciousness, such as fetuses, animals and even !!!robots.=
SpaceLifeForm • April 17, 2022 3:13 PM
High Tides help
This was faster than I expected.
MarkH • April 17, 2022 3:32 PM
I’m still digesting what this portends. For records, Moskva is (assuming Ukraine’s claims of successful missile attack to be true):
• the largest warship sunk by military action since WW II
• the first Russian flagship to be sunk since 1905 (Battle of Tsushima Straits)
• probably the largest warship ever sunk by missile strike
The human toll remains unknown. Approximately 100 men said to be survivors of the ship were shown in a Russian video; the crew complement was nearly 500.
Reportedly, Moskva provided air defense for other units of Russia’s Black Sea Fleet. Turkey will not permit the two other Russian ships of the same (Slava) class to enter the Black Sea while the war lasts.
The sinking might well cancel any reserve plan to invade Odessa from the sea
MarkH • April 17, 2022 3:41 PM
Moskva Sinking, 2
Two curious details from wikipedia:
• there may have been nuclear warheads aboard
• the ship’s chapel may have housed a relic claimed be a “fragment of the True Cross”
The ship was supposed to have a highly capable 3-tier self-defense system, intended to handle missile threats like Ukraine’s Neptunes.
It seems reasonable to infer that (a) the defense system failed to function as intended, and (b) damage control precautions and responses were insufficient.
Both of these could be compromised by inadequate training, which seems to a perennial flaw among Russian forces.
Leon Theremin • April 17, 2022 4:15 PM
How much of Moskva’s defense and navigation depended on computers? Could these have been impaired before the missiles?
Nick Levinson • April 17, 2022 4:21 PM
I misunderstood the PIC reference to be to a Nitter picture. My fault. Thanks for explaining.
I said the question was from the Nitter poster in a comment, not from you. I just was too lazy to look into how to reply directly in the Nitter thread.
I hesitate to say it’s a fact because surprises occur with systems an observer (like me) knows little about, e.g., not knowing what the IRS uses, but it’s at least likely and I don’t dispute your explanation. Given that, the costs you’ve given for the modification are realistic. Their maintenance techs must need a lot of duct tape and bubble gum or their digital equivalents. I maintained a proprietary phone system without manufacturer support or a manual and found installation wiring errors.
Decades ago, I dealt with a free Postal Service service to add Zip codes to a mailing list but which required that we specify the field length for fields that didn’t have one because we used a different system. Since they always concatenated certain fields while we needed to keep walk lists, the service was useless anyway, so I didn’t try to give a clerk a technical explanation about length flags.
I, too, don’t know why the IRS spelled it out, since many of their instructions are vague when the IRS thinks few people will care, like when I fill out a common form and it asks about another form and I have to dig deep to find out what that latter form is for. They have enough taxpayers who need the latter form to publish it, so maybe a lot more people than we imagine write checks for 9 or more figures. If it was just a dozen or so, it would be cheaper to send each check back with a notice and a month to send replacements; to prevent litigation over having already paid once there likely is already a rule to support the amount limit, as there’d have to be one for the Form 1040-V provision anyway.
Ted • April 17, 2022 7:24 PM
The show 60 Minutes has a 13-minute episode called: “Shields Up: U.S. officials preparing for potential Russian cyberattacks.”
It features Jen Easterly, Rob Lee, Julian Gutmanis, Lisa Monaco, and Dmitri Alperovitch.
ResearcherZero • April 17, 2022 10:33 PM
Morality has been thrown into the water.
A certain Prime Minister raised “children in the water” today during his election pitch.
So let us revisit that blurry video, from a previous training exercise, which in fact showed some life-boys being thrown into the water, not children, and what the politicians said at the time:
“There is something to me incompatible between somebody who claims to be a refugee and somebody who would throw their own child into the sea. It offends the natural instinct of protection and delivering security and safety to your children.” – John Howard (former PM)
“…it’s as clear as day ….” “they’ve also got film … someone has looked at it, and it is an absolute fact – children were thrown into the water.” – Peter Reith (former defense minister)
“…more disturbingly a number of children have been thrown overboard”… “clearly planned and pre-meditated.” – Philip Ruddock (former immigration minister)
Why does this still matter? Because truth in public life matters. Because the slur – the appalling accusation that people would be prepared to kill their own children to get into Australia – has never really gone away.
ResearcherZero • April 17, 2022 10:49 PM
On the subject of “throwing children overboard”, there were also 150 children on the SIEV X.
Select Committee for an inquiry into a certain maritime incident:
“… it [is] extraordinary that a major human disaster could occur in the vicinity of a theatre of intensive Australian operations and remain undetected until three days after the event, without any concern being raised within intelligence and decision making circles.” While no government department was found to be to blame for the tragedy, the committee was surprised that there had been no internal investigations into any systemic problems which could have allowed the Australian government to prevent it from occurring.”
“Faulkner builds to an impassioned crescendo; with scathing fury he raises the chilling and confronting issue of sabotage of asylum seeker vessels including SIEV X, calls for a judicial inquiry and affirms his determination to get to the truth.”
At the time, it seemed rather odd that the government knew nothing of SIEV-X until after the tragedy.
“At no time under the auspices of Operation Relex were we aware of the sailing of that vessel until we were told that it had in fact foundered.”
In fact, SIEV-X had been under surveillance for quite some time…
SIEV X went down in international waters south of Java in an area where Australia, under Operation Relex, was mounting a comprehensive surveillance operation.
SIEV X was actually under extensive surveillance by air and sea
Three hundred and fifty-three lives were lost on October 19, 2001 when SIEV X foundered. Most were women and children.
A decade after SIEV X, questions of possible Australian complicity in the sinking remain unanswered.
ResearcherZero • April 17, 2022 11:15 PM
Former senior defence bureaucrat Mike Scrafton is now alleging he had a conversation with the Prime Minister about this exact matter just days before the 2001 federal election.
But right up to polling day, Mr Howard insisted he had no reason to doubt the advice that he’d received saying the claims were true.
Mike Scrafton was later gagged by the Federal Government from giving evidence at the Senate inquiry into the affair.
That kind of thing would be a pretty normal day working in intelligence in Australia.
Deliver a report…. receive gag order.
After a while you just carry around a Tascam with the Psycho soundtrack on it, then hit play as they walk away.
ResearcherZero • April 17, 2022 11:32 PM
“Evidence so secret that Canberra lawyer Bernard Collaery himself cannot know what it is will be permitted to be used by the Attorney-General in the case against him.”
Collaery is the subject of legal action taken by the Australian Government under the auspices of an anti-terrorism act.
‘Australian politics’ biggest scandal’.
“You know. There’s not much back there [in Dili] we don’t know. We know what they’re saying about Laurie. They’re an open book to us.”
ResearcherZero • April 18, 2022 12:22 AM
Don’t waste any of the $9.9Bn budget running CNE against me. It’s a thorough waste of tax payer money.
Clive Robinson • April 18, 2022 5:33 AM
I’m assuming you migh need a little lift to your emotions this involves Big A and yet another Security Hole they have 😉
First a little background,
Dymo DRM Suicide and Fraud
Dymo, the lable printer company have put a DRM chip reader in their new lable printers (550 models) and the chip in the lable roll makes a role of lables upto ten time more expensive…
I thought “Nobody could be that dumb” again… was I ever wrong…
So there have been lots and lots of very less than polite comments and Dymo’s ratings have tanked and I mean realy tanked.
So Dymo have not only been killing their business with DRM, the backlash has made it very public, and the salrs droids can not keep up with it…
So what have Dymo done?
Well it’s,caused Dymo to exploit a security hole and knowingly behave in a fraudulant way…
That is they have been caught faking their Online ratings,
Now the question is, now that Dymo has made this security hole so obvious and,so widely known… Will Big A actually get around to fixing it?
My bet is Dymo is sufficiently large to “buy off” any sanctions from Big A.
ResearcherZero • April 18, 2022 5:52 AM
Exactly right, Dymo should try the ‘old peanut butter up the sleeve’ trick that politicians use. Bribes are the best bet for convincing the unwitting fools that you really can be trusted.
ResearcherZero • April 18, 2022 9:15 AM
Every Catalan Member of the European Parliament (MEP) that supported independence was targeted either directly with Pegasus, or via suspected relational targeting. Three MEPs were directly infected, two more had staff, family members, or close associates targeted with Pegasus.
Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.
We identified evidence of HOMAGE, a previously-undisclosed iOS zero-click vulnerability used by NSO Group that was effective against some versions prior to 13.2.
The HOMAGE exploit appears to have been in use during the last months of 2019, and involved an iMessage zero-click component that launched a WebKit instance in the com.apple.mediastream.mstreamd process, following a com.apple.private.alloy.photostream lookup for a Pegasus email address.
The zero-clicks used also included the KISMET exploit.
We identified a total of seven emails containing the Candiru spyware, via links to the domain name stat[.]email.
The email messages were well constructed efforts to entice the targets to click on the links.
Devil’s Tongue, also had functionality allowing the operator to directly use a victim’s cloud accounts on their infected device to send or post messages using their accounts. While it can be used as part of infection targeting, the same functionality could be used to plant evidence that would frame an individual in a way that would be exceedingly difficult for the victim to refute.
…strong circumstantial evidence suggests a nexus with Spanish authorities.
Clive Robinson • April 18, 2022 12:02 PM
…strong circumstantial evidence suggests a nexus with Spanish authorities.
You could also include the French and German authorities on that.
Their recent illigal behaviour in recent times towards Catalonian politicians, suggest they have way more than “a little skin in the game”.
Oh and then there are certain super power parties to the East and the West, who would very much like to be “panty sniffing” around the Catalan for stratigic advantage.
Whilst France, Germany, Russia and UK/US have their own malware, they also want “deniability” and no doubt currently the UK/US would gladdly see Spain get it in the neck, thus cause a lot further disruption in Europe.
Remember, the US State Dept Policy despite changes in executive, has very much been to “Destroy Europe” as a viable entity this century. Thus effectively stop another Super Power of larger Population and Economic viability than the US forming.
So do not rule out various “false flag” etc operations.
Spain is very much on the US “5h1t list” for various reasons, and leys just say there has been a lot of US activity there.
Remember the relationship the NSO had with Israel, and in turn the relationship Israel has with the US. Especially when it comes to clandestine activities of the very questionable kind. Since the days of Ollie North etc, those agencies have very much tried to work not just at arms length through “friendlies” but also to get the “friendlies” to set up “pasties” and “usefull idiots”.
What better way to get “Intel” than to “alow” the Spanish to gather it? Whislt unbeknown to the Spanish, the NSO say has backdoored the software that aggregates, so the NSO think that Israel is looking over the Spanish Shoulder and has convincing evidence of that (which they actually can not use). But in reality it’s the US, looking over NSO’s shoulder at Spanish activity through various potentially “Spanish” fronts/cut-outs.
It’s a typical sort of “Smoke-n-Mirrors” setup that is actually not that difficult to set up provided people are carefull. But repeatedly they have not been sufficiently carefull, a case of way too much in the way of “wrong organisational incentives”… Effectively the old issue of a mad rush into pushing forward an attack with no or too little thought as to defending flanks, rear, and supply lines, with the obvious consequences.
But with sufficient care a false flag can run successfuly which is why “Attribution can be hard”.
Oh funny one for people to think about…
The usuall Communications advice given is “use VHF and UHF” as “it’s very short range”…
Actually it’s not, those little Boafeng UV5R hsndsets that cost only $20-30 are used by people with little more than those “tactical antennas” to work not just “Low Earth Orbit”(LEO) satellites but also APRS and similar upto the ISS 500km up in space… Likewise some of those old US Mil Sats are getting “Pirated” woth equally as low cost equipment.
Fun little fact, it’s very easy to make a very light weight broad band antenna underneath a hobby drone or RC model Aircraft. This can be connectd to a “Software Defined Receiver”(SDR) that is as small as a “thumb drive” which in turn can be connected to one of a whole variety of Gumstick miniture “Single Board Computers”(SBC) that can connect via WiFi networking back to a “Ground Station”.
Such a system flying at 200-300m in the air has a very very large “RF footprint” effectively a 50-62km say ~30-40 mile radius.
With the right “Open Source Software” it can do some rather interesting Communications and Electronic Intelligence gathering. Unlike the mil systems where a lot of the grunt processing is done local to the receiver thus needs a big aircraft. The use of wireless networking enables the grunt to be done on the ground with laptops…
Something I don’t think the various “Super Power” militaries have given very much thought to untill recently…
The days of using VHF/UHF because it makes you more covert due to the “line of sight issues” actually now makes you very vulnerable…
This should not realy be “news” to the older readers here who have seen the increase of “spy in the sky” observation of mobile phones in crowds and what has been pulled forward on those Dec37 wanderers in places they should not be…
But as some say, sometimes “you have to join the dots”.
Oh for those that are curious about if they could do this themselves, the answer is “only too easily” but my advice is whilst “drones” sound like a good way to go I’d start with Radio Control Model Aircraft, they can stay up a lot lot longer with a heavier payload, they are quieter and more importantly can fly faster.
 Though the CIA has not been sufficiently carefull… There was the loss of agents in China and Iran due to very poor communications security… Then there has been those “Open Source Intel”(OSInt) types who have via the likes of ADS-B tracked back from funny flight paths all the way through several layers of Cut-Out’s back through CIA fronts, to discover that the CIA has been carrying out “Domestic Operations”.
 All very embarrassing, but a demonstration if you need it that due to the rapid pace of technology, the pedulum is swinging back. The Agencies assumed they had an advantage through technology, not realising that the technology was evolving so quickly that it was giving ordinary individuals faster paced technological advantage over the Agencies who are not keeping up for various reasons, not least is they do not employ anything like the best in the required fields. Also they have a poor mindset, when it comes to technology, back upto the 1960’s and 70’s it was the military pushing technological development. That had stoped befor well before the end of the last century. Now it is consumerism that is pushing technology and supris suprise neither the Agencies or in several cases their “Main Contractors” are keeping up with the pave of technology.
SpaceLifeForm • April 18, 2022 1:51 PM
MS is an APT
MS is a National Security problem
If you are an org that uses Windows in a network environment, you are probably hodling it wrong.
As a leader in the security space, Microsoft has an obligation to provide the highest levels of protection possible to its customers. Cloud-powered security products are the best form of defense against modern threats.
Microsoft is no longer recommending that DCs should have no internet access under any circumstances.
Note the double negative. They want stuff to leak, and probably have a backdoor.
Finally, for those organizations that are in completely air-gapped environments for legal or regulatory reasons, the suggestion is to maintain the status quo and completely restrict domain controllers from any internet access, both via technical and policy-based controls.
Translation: We really want you to use our shiny cloud for our profit, but if you have a clue, carry on.
SpaceLifeForm • April 18, 2022 2:37 PM
PICs all current? nyet
But it is start. Will help OSINT.
Google Maps has stopped hiding Russia’s secret military & strategic facilities. Allowing anyone in the public to view.
Open sourcing all secret Russian installations: including ICBMs, command posts and more with a resolution of 0.5m per pixel.
lurker • April 18, 2022 3:14 PM
Downing St. infected with pegasus? BBC World news reporting that “computers” at Nr.10 were infected, but other MSM talking about a single mobile device…
SpaceLifeForm • April 18, 2022 3:23 PM
More OSINT coverage of Google Maps news
name.withheld.for.obvious.reasons • April 18, 2022 5:55 PM
Events starting from the early eighteenth century were part of the enlightenment in western civilization. A truly revolutionary period in human history. Understanding history and our place in it is important, I can only speculate as to the period that covers the late twentieth and early twenty first century. To my mind, we look pretty pathetic.
Psychopaths do not seek consensus, permission, or approval when acting from their own internal moral and ethically corrupt perceptions. Rational thinking is not effective in arguing the merits of any issue or behavior of a psychopath no matter how obvious or simple the context of an idea or act might be. This is what makes people with a psychosis difficult, for example; narcissistic predilections met with a plea to moderate their rhetoric results in a dismissal of the requestor in various ways. A narcissist will proclaim the lack of (insert personal attack here) or the excess of (insert another personal attack) or an out right dismissal; “They know not of what they speak.” This makes reasoning and deliberation with people suffering from a psychosis nearly impossible to achieve. It is also a characteristic seen in many high level positions; a study revealed that approximately one quarter of the CEO’s in the United States have traits related to psychopathic behavior. This is well beyond the approximate %1 of the general population who suffer from a psychological predisposition such as uncontrolled rage.
Today, Julian Assange continues to be persecuted for the simple crime of “reporting truthfully”. We have a collective psychosis in the United States, a stark individualistic streak married to a need to cling to falsehoods for a group sense of belonging. A schism, a bifurcation, a split between the need to express oneself as “strong” while embracing the words of others without even forming your own. Let alone not putting any effort to investigate the nature of what and how you’ve come to believe what you believe.
As the world is witness to war crimes, and the criminals committing them, is to be the silent bystander on the murder scene. Anyone have any expectations that things are going well? YOU ARE ALL BEING LEAD BY CRIMINAL PSYCHOPATHS.
Clive Robinson • April 18, 2022 6:31 PM
This might bring back memories of time past,
And “How leopards don’t change their spots”, just try and hide in the dappled shade under a different bush…
I hope the EU actually turn around and seriously “fillet them this time”.
funny bunnies • April 18, 2022 7:19 PM
— 4 Men Gang-Raped, Killed and Ate a Protected Monitor Lizard
Forest officials in India are investigating four men who gang-raped, killed, cooked and ate a monitor lizard in one of India’s most protected forest reserves. It was the only monitor lizard in the park.
The incident took place on March 29 at the Sahyadri Tiger Reserve, in the western Indian state of Maharashtra. The forest’s camera traps, meant for tracking tigers, caught the accused men trespassing the reserve’s Chandoli National Park. Forest officials arrested the men between April 1 and 5, and found photos and videos on their phones of them gang-raping a monitor lizard, and then killing and eating it.
“I have never seen a crime like this before,” division forest officer Vishal Mali told VICE World News. “The men are in their 20s and 30s, and they appear to have done it for fun. There was no religious or black magic agenda.”
The men were identified as Sandeep Pawar, Mangesh Kamtekar, Akshay Kamtekar and Ramesh Ghag, all locals. They are charged under India’s Wildlife (Protection) Act 1972. A local court granted them bail last week.
India’s monitor lizards are endangered, and are a protected species by law. Violators may be punished with a seven-year jail term. A report by wildlife advocacy groups recorded 82 cases of sexual abuse against animals in India between 2010 and 2020. This was out of a total of 500,000 cases of animal-related crimes that include torture and killings.
Most recent cases of sexual abuse against animals include a man raping and killing a pregnant goat in southern India, and a 60-year-old man raping a female stray dog last year.
While the suspects are out on bail, Mali said the photos and videos of the incident have been sent to a forensic lab to build evidence for the case. Forest officials are also seeking legal advice on charging the accused under a law that criminalises unnatural sex between humans and animals. “Not only is this cruel, but there is a risk of zoonotic diseases from this kind of case. There are concerns of men carrying STDs and other infections from their act,” Mali said.
The Sahyadri Tiger Reserve, which is spread across over 1,166 square kilometres (116,600 hectares), is governed by the Indian government, and encompasses three national parks. The Chandoli National Park is spread across over 300 square kilometres (30,000 hectares) and has wildlife ranging from tigers and panthers, to reptiles such as monitor lizards and geckos. There is no official census of animals in the park, but Mali said it has 30 animals per square feet.
India’s monitor lizard population is steadily declining because of poaching. Eating monitor lizard meat is common across South Asia, Southeast Asia, Australia and Africa. Reports of the reptiles being hunted for their meat are common in India even though it’s illegal. In 2016, an Indian forest official was arrested after serving monitor lizard meat at a party. Monitor lizards are also hunted to make traditional medicine.
Mali said that manually surveilling over 1,000 square kilometres of reserve area is challenging for forest guards, but there are plans of deploying a new special protection force. “We will get a team of 100 people who will guard the premises more efficiently,” he said.
ResearcherZero • April 18, 2022 11:21 PM
@Clive Robinson @lurker
Fourth Party makes up a large quantity of collection…
“We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks.”
The Prime Minister’s Office (10 Downing Street)
The Foreign and Commonwealth Office (FCO) (Now the Foreign Commonwealth and Development office – FCDO)
A device connected to that network was infected using the spyware on 7 July 2020…
The report added that the National Cyber Security Centre (NCSC) tested several phones at Downing Street including that of the prime minister – but was unable to locate the infected device. It said the nature of any data taken was never determined.
The other spyware infections that targeted the UK’s Foreign Commonwealth and Development office were connected to NSO Group’s clients in the UAE, India, Cyprus, and Jordan.
Ron Deibert, Citizen Lab’s director, said in a statement that most cases in which his group suspect that governments are using spyware to carry out international espionage are “outside of our scope and mission”.
ResearcherZero • April 19, 2022 12:08 AM
Microsoft HELPER, using 7-Zip
Many operations such as XXE, Command Execution are performed through the hh.exe file. It is possible to see vulnerabilities such as XXE or command execution in every program that uses the hh.exe interface.
ResearcherZero • April 19, 2022 3:51 AM
Lobbyists, media consultants, researchers and politicians who were involved in questioning climate change testify to their actions and then offer varying degrees of apology — a series of aha moments whose sincerity is suspect and also beside the point. “Yeah, I wish I weren’t a part of that, looking back.” “I would have taken a different path.” “I can understand people saying to me, ‘You’re a traitor.’” Oh well.
Exxon Mobil offers a statement saying that its public pronouncements had always been “consistent with the contemporary understanding of mainstream climate science” — an understanding that it had done as much as anyone to shape.
“In the first place, there is general scientific agreement that the most likely manner in which mankind is influencing the global climate is through carbon dioxide release from the burning of fossil fuels,”
It was July 1977 when Exxon’s leaders received this blunt assessment, well before most of the world had heard of the looming climate crisis.
In the decades that followed, Exxon worked instead at the forefront of climate denial. It put its muscle behind efforts to manufacture doubt about the reality of global warming its own scientists had once confirmed. It lobbied to block federal and international action to control greenhouse gas emissions.
The world’s biggest oil company ExxonMobil knew climate change was real in 1981 but continued to fund deniers for 27 more years, according to a former employee.
“Shell benefits from its relationship with QRC, …QRC is also a key advocate for the gas sector in Queensland.”
QRC ran a political campaign in the 2020 Queensland state election, urging voters to vote against the Queensland Greens party.
In March 2021, QRC published a political engagement policy that states “QRC does not seek to intervene in the electoral process by directly campaigning for or
against any particular political party, group or individual”
“During this Federal election campaign, where winning Queensland seats is so crucial, no Party should be vague about their commitment to coal,”
Dr. Hansen reported today. “The first five months of 1988 are so warm globally that we conclude that 1988 will be the warmest year on record unless there is a remarkable, improbable cooling in the remainder of the year,” he told the Senate committee.
“Global warming has reached a level such that we can ascribe with a high degree of confidence a cause and effect relationship between the greenhouse effect and observed warming,”
“It is already happening now.”
Winter • April 19, 2022 4:23 AM
““The first five months of 1988 are so warm globally that we conclude that 1988 will be the warmest year on record unless there is a remarkable, improbable cooling in the remainder of the year,” he told the Senate committee.”
In early 1983, I was assigned a paper on predictions of CO2 induced Climate Change in a student reading colloquium. All of the predictions have come true since then.
I laugh in the face of anyone who says they did not know about climate change then.
Clive Robinson • April 19, 2022 5:54 AM
… multiple suspected instances of Pegasus spyware infections within official UK networks.
Think of the ancient philosopher Sun Zhu’s proverb,
“Keep friends close and your enemies closer”
It goes back millenia even though many think of it as screen dialog from The GodFather. “Keep your friends close and Film.
Supposadly it just means that you need to keep on closer eye on what your enemies are upto.
But that’s not the way it works in the inteligence game. Where,
“Watch your enimes actions but see your friends real intentions”.
Is the way you have to think. Mostly what your enemy does is fairly predictable, but only someone you mistakenly trust can truely betray you. So,
“The more you trust, the more you can be betrayed, but the less you trust, the less trust you get from others”.
A bit of a conundrum for many in the relationship game from individuals all the way up to super powers. Just remember “Special Relationship” is a “two way street” thus people have different destinations on that same road. Oh and “special” has more meanings than there are shades of pink in the most spectacular of sunsets.
Whilst NSO is/was a “private comercial” entity that in no way means that they did not have “special relationships” with one or more “state intelligence entities”.
Thus look on NSO as a multiple lane express highway with multiple complex interchanges…
It’s sensible to assume that NSO must hwve had a special relationship with the Israeli Government, and through them the US Government, if not directly certainly indirectly.
Further the way NSO’s systems worked, made “watching” the data gathered for their multiple clients easy…
Thus it would not be to much to assume that NSO’s software acted like a network of measuring instruments. Each of which fed back to a specific control interest at a close level (Certain Arab and other “resource wealthy” but politically and educationally limited states being at this level).
But then step back a little, such “close level” activity tells a part of a larger story.
To see why lets consider “industrial espionage” where the aim is to gain some advantage. As a supplier you know what rate you are supplying “raw feed” or “producer” stock to a manufacturer. But what you do not onow is how much is going into storage and how much into production. Knowing this, could be adventageous… So with an “Industrial Control System”(ICS) a couple of pressure sensors on either side of a valve give little information directly, but even over a very short period give an indication of producer flow. That ‘n an ICS would be “regulated” at a “close level” by a specific “control” system. That sensor information as part of a larger system over a longer period gives an indication of a larger process such as into a manufacturing process. Something that would be used as part of a “Supervisory Control And Data Acquisition”(SCADA) system. But this also indirectly reveals product production rate and output. So would be part of financial planing etc and so on upwards. Thus knowing the various sensor readings could be used to indicate things like potential share dividened etc or if as a supplier you could increase the cost of the raw feed / producer stock a little or even up your own production.
What applies to an ICS process whilst easy to see, also less obviously applies to all processes, including running a country.
Hence one part of “National Security” is very much “Economic Security” which makes it a “control nexus” for many not just the Sovereign Government but all those other Governments as well…
So think of NSO as an “instrument head” and work your way back up the chain as it were and identify interested parties as you go.
For instance due to various events in the recent past certain Middle East Governments have found “old friends” have become somewhat “cold and distant”… Due to those Sovereign Rulers “bad behaviours” such as butchering journalists that are employed by Newspapers owned by “Mr Amazon”.
Thus putting such malware onto political leaders phones to get an “inside track” on “old friends” thinking is not exactly unexpected.
Now consider how usefull such information might be to say Israel or the US?
So lets say a certain Arab leader through one of their Princes puts NSO spyware on a UK Gov Officials phone. He gets intel that he can use to plan with thus is happy. But the Israeli Government gets the same data without getting involved thus has better than “Plausable Deniability”. But also the US Government gets the same data with better than three solid layers of plausable deniability inbetween…
All because of the design of the NSO system…
In many ways it is what CarrierIQ was alleged to do back a decade or so OK to the vast majority of US citizens who had mobile phones. Obviously with “collect it all” carried out by the NSA at the “Internet router” level inside telcos they had not just a full ringside seat but full “deniability”…
It’s this sort of thing that is very obviously going on, that very few people actualy think about.
And when they do think about it and join a few dots, and possibly investigate a little it gets quite scarry for several people who would much prefere such things not be common knowledge…
JonKnowsNothing • April 19, 2022 9:52 AM
@MarkH, @Winter, @All
re: Odd Duck Live Memorex AI/ML photos
The AI/ML photo shoveler on my page as made an interesting shift in their data set.
Unable to get me to follow “click bait” images on the UKR-RU conflict, for which the images are more than self-explanatory without clicking them, it shoveled up a duplicate odd duck image under a totally new header that has nothing to do with the UKR-RU war.
The previously discussed picture of the young boy with the prominent eye condition behind a chain link fence has now appeared as an image for an article on the IMF Debt Analysis and the looming global problem of COVID Debt.
It might be that the boy, who was previously intended to represent children forced to evacuate UKR with or without parents or guardians, is now intended to represent the Totality of Global Government COVID Expenditures.
Hopefully the person, when he is older, will be able to claim compensation for the use of his image.
IMF tells governments
tackling COVID Debt
It's That Time Again... • April 19, 2022 10:33 AM
‘Clean up in isle 13’ again.
1, Crimson, #comment-403477 onward
2, Actually,#comment-403480 onward
Are the same person posting from a pre-recorded list of comments.
It’s been a while since we saw this particular behaviour of a troll bashing away at it like a Trumpian 400lb Teen on the bed meme.
We are supposed to think the “big-boy” is in the back room of their parents house… Or in a swamp some Putinesque idiot built the Internet Research Agency on… That is a Troll Farm not far from the Cow, Mos Cow.
The reality is likely even sadder.
Consider it is after all getting around to the kick-off to Tuesday, November 8, 2022 and the big midterm elections with the new Gerrymandered lines.
With all the House of Representatives 435 seats, and over a third of the Senate seats to be contested, along with a few others. It’s going to be “a big game” with lots of turf to be pawed over.
So some booby obviously thinks there is a lot to play for in “Snooze-on 22”.
Ted • April 19, 2022 12:28 PM
Stewart Baker mentioned a blog post he thought was particularly good on The Cyberlaw Podcast.
From Adaptive Mobile: The Mobile Network Battlefield in Ukraine
SpaceLifeForm • April 19, 2022 1:57 PM
@ Clive, ALL
Betcha it was found on AWS
The dots are Fox, Okta, AWS.
Upon further research nearly all records contained information indicating FOX content, storage information, internal FOX emails, usernames, employee ID numbers, affiliate station information and more. The records also captured a wide range of data points including event logging, host names, host account numbers, IP addresses, interface, device data, and much more.
Fox should assume that they are pwned at this point, and that Tucker’s testicles are warmer than usual.
Clive Robinson • April 19, 2022 3:34 PM
@ Ted, ALL,
Stewart Baker mentioned…
He does not “mention” every thing he says has notive and undercurrents.
1, What he was
2, What he did
3, What he does
4, What he wants
5, His lack of ethics
6, Who/What he believes in
The latter perhaps being the worst of all, if not for who pays him.
Treat every word he saus or writes as at the very least “A poisoned Chalice”. As they say “You have been warned”.
But back to the fact Ukrainian infrastructure networks appear more robust than expected.
1, Firstly aside from mobile towers a lot of the network is “below ground” something that whilst common in parts of Europe is less common elsewhere.
2, Russia had/has a problem in that their “unit” commubications is due to coruption done via cheap $20-30 Baofeng knock-offs that only cover a limited range of the upper VHF and lowet UHF frequencies.
The second point made Russia very “dependent” on the Mobile networks for any communications outside of a small detachment or squad.
What the article did not mention is that those SIM-Box systems have a fairly fatal flaw. They “don’t move” physically. That is a mobile phone effectively moves in two ways,
2, Signall strength / phase.
The first is fairly obvious and can be detected in various ways but mostly by time within a cell but from cell to cell switching on the actuall network traffic.
But it’s the second one that realy “gives the game away”. When a human uses a phone they are frequently holding it. This can cause the signal strength to change by 30db as well as “small movment” of a few CMs causing movment related phase changes and larger movment such as turning a head, leaning forward or just looking down to read causing step multipath changes.
Those SIM-Boxes do not give any of those “changes” as well as grouping 20-120 mobile phone ID’s into “identical patterns”…
It takes very little information to locate such very abnormal behaviours and thus spot the SIM-Box location. It also means that once one or two SIMs have caused the SIM-Box to be located, any new SIM that comes on air, even before it can place a call or SMS has been “identified” as very probably “hostile”.
This gives two basic options,
1, block the SIM.
2, Use it for Intel gathering.
As the SIM-Box is being used for non tactical but stratigic command etc the latter option is the most sensible
Basically it is a highly idiotic thing for the Russian’s to do…
Especially as in times past they have flown cruise missiles down the RF Transmission of a Satellite Phone (and why Osama Bin Laden stoped using one). Oh and a certain US Millitary-Inteligence leader making his public,
“We kill people based on metadata.”
Statment quietly calmly and in a very public forum without prompting as such…
There is a lot more I could say but this post is probably to long as it is…
 These “UV5R knock-offs” and similar have several issues, that make them “non-compliant” not just with FCC frequency and power restrictions for particular “service provision” they are “dirty” in various ways. That is they emit spurious emmissions they should not making them easier to “Direction Find” they are also way to “susceptable” to expected emmissions from other Equipment. That is they fail basic EMC requirments. One concequence is if two people use them on different frequencies but are “co-located” each time one transmits it desensitizes or fully blocks the receiver in the other unit. This has some very real down sides in battlefield communications as it makes it very unreliable when units are under attack thus under significant usage/stress, when coordintaion by radio is absolutly essential to maintain Command and Control.
 But another disadvantage is the near useless “stock antennas” only work on very limited parts of the frequency coverage, thus performance is at best “unpredictable”. But further the coaxial connector used on UV5R-Knock-Offs is the small “SMA” type very similar to those you find on WiFi equipment. SMA connectors especially those you solder directly onto PCB’s are at besy “fragile” and even a minor knock can cause degredation in the connections. Not well known is that whilst radio receivers will toletate fairly bad antenna connections –just sticking in a paper clip in instead of a proper antenna often works sufficiently well– radio trasmitters especially low voltage semiconductor P.A.s realy do not work into anything other than a “well matched load”. So any issue with an antenna especially those that are not immediately obvious like flaked/cracked of metal plating can cause all sorts of issues when the transmitter is used, essentially if the RF Power is not “going up the antenna” then it has to be going somewhere else… That is into the person holding it who becomes a “dummy-load”, back into the PA stage caising extreams of voltage and power disapation thus early partial or full failure of PA devices. But one exyra fun one, is it can cross-modulate with other parts of the handset circuitry, that can in some cases cause a handset to radiate a strong enough signal on one particular frequency, as well as any frequency it might be tuned to. This makes Direction Finding such handsets very much faster and can even for Amatures be made an “automated process”. So a bit like a soldier wearing a white light head-light on a night time battlefield it kind of makes you a very very easy target…
 VHF and UHF is extramly short range at ground level, giving maybe 0.1-2km depending on the environment if you are “in cover”. But can easily cover 500kM upwards into space, or 60kM to a receiver in a small drone or radio control aircraft at as little as 300m up… Thus again making a unit “easy to DF”.
 Most real military communications equipment works in MF-HF for “long range” communications. HF-Low VHF for unit to unit and unit to tactical support communications. VHF-UHF for in unit and unit to air support communications.
 Made by General Michael Hayden, Former Director of the NSA, you can hear it made around 60 seconds in,
Oh he also says “mutual friend” of Stewart Baker, who if he did not come up with the idea, certainly found the way to make it sound “legal”…
SpaceLifeForm • April 19, 2022 3:36 PM
ESET researchers have discovered and analyzed three vulnerabilities affecting various Lenovo consumer laptop models. The first two of these vulnerabilities – CVE-2021-3971, CVE-2021-3972 – affect UEFI firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks. Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated.
I doubt it was a ‘Mistake’.
I have a couple of these. Will assume they are vulnerable. One was given to me, reported as having a failing hard drive. It has been collecting dust for at least 5 years as I never messed with it. But, now, I am curious. Maybe the hard drive is fine, but the excess activity was due to malware. Win7. If I can determine that there is some other malware in the UEFI on the donated laptop, I will probably contact the FBI and give it to them for forensics. I am not saying that the person who donated is a bad actor. But, she may have got phished. I would not really care normally, as I would just factory reset, partition, and install Linux, setting up a dual boot, and be done. Probably never booting into Win7 again anyway.
But as this person works for [redacted], and was using at home pre-Covid, using VPN I believe, who knows?
I could boot Finnix and poke around. Or maybe not. If there is UEFI malware, can the malware destroy itself if it detects a live cd boot? Probably not, but it may be able to hide really well.
Hmmm. Maybe I should just give it to FBI in the first place as I do not really need it even though it is the best laptop I have.
SpaceLifeForm • April 19, 2022 3:56 PM
Wakeup calls are a Feature
If one is stuck, they may find UI at
Clive Robinson • April 19, 2022 3:58 PM
@ SpaceLifeForm, ALL,
Re : uefi vulnerabilities lenovo consumer laptops
Remember that Lenovo have some quite serious “previous” on this.
There was that persistent malware they put in their consumer laptop BIOS’s that nomatter how often you wiped the hard-drive the Lenovo malware would just be loaded yet again…
vas pup • April 19, 2022 6:10 PM
The sinking of Russia’s flagship might be a bad sign for the U.S. Navy
“America might have what is regarded as the most powerful navy in the world — China has the largest, but many of its ships are smaller — but it is clearly fragile. And that’s a problem.
“The U.S. Navy is on the verge of strategic bankruptcy,” Christopher Dougherty, a former assistant defense secretary, wrote last year. “Its fleet isn’t large enough to meet global day-to-day demands for naval forces. Due to repeated deployments and maintenance backlogs, the fleet also isn’t ready enough to meet these demands safely, nor can it quickly surge in an emergency.” He concluded that “the risk of its debts coming due suddenly (and perhaps violently) will increase.”
Even without those challenges, there is also the question of whether the U.S. Navy is built for the modern world.
Just as aircraft carriers once replaced battleships as the backbone of the fleet, there are now questions about whether America’s carrier-based fleet is overly vulnerable to a new generation of Chinese anti-ship ballistic missiles. And those questions are likely to get more pertinent if it turns out the Ukrainians really did take out the Moskva with their new Neptune missile.
America has spent much of the 21st century learning that the overwhelming power of its armed forces isn’t always so overwhelming. The sinking of the Moskva is a sign that such a lesson might also extend to the U.S. Navy. Finding out the hard way might be disastrous.”
SpaceLifeForm • April 19, 2022 6:30 PM
Geolocated Insanity Center
Gov. Ron DeSantis (R-FL) threatens Twitter after it activated “poison pill” plan to prevent Elon Musk’s acquisition:
“We’re gonna be looking at ways the state of Florida potentially can be holding these Twitter board of directors accountable for breaching their fiduciary duty.”
Good luck. You do not have the stock nor standing.
JonKnowsNothing • April 19, 2022 9:03 PM
re: Boats, Big Boats, Bigger Boats
It has been known for a very long time that all surface boats are nothing more than expensive bullseye targets.
The Navy still loves them because without boats, there isn’t any Navy. Traditions die slow and painful deaths.
Submarines aren’t any better although they can stay submerged for 6 months but have to carry air, water, purification systems which limits the number of war heads, torpedoes and missiles. A submarine is a basically a movable launch missile platform so the “navy” part is less important than the “launch” part.
Aircraft Carriers are mobile airfields, and again, sans boat there isn’t any Navy, so they continue to build these giant targets, and the Navy gets to play with airplanes as a bonus.
To get an appreciation of what a submarine really does, the German WW2 submarine U-505 located at the Museum of Science and Industry (Chicago) has a great exhibit of the captured U Boat. The exhibit has been refurbished since my visit, but it was impressive enough years ago. A giant diesel engine who’s only purpose was to drive a torpedo into another ship and sink it; the sailors serving on board, their only purpose was to keep the diesel engine working at full performance.
USS Reuben James (DD-245)
MarkH • April 19, 2022 10:13 PM
One step in the formation a conspiracy theory, is to choose an exotic hypothesis when ordinary explanations suffice.
The Guardian article I found using the search terms (thanks for that!) shows the child we have seen previously, with the caption (my italics added):
The IMF said governments should prioritise well-targeted support for vulnerable people, including refugees.
I was not able to find the previous Guardian article, but I recall you writing that it was described as a scene of refugees at a rail station.
MarkH • April 19, 2022 10:18 PM
The photo is credited to Jeff J Mitchell, who seems to be a fairly accomplished press photographer.
In my experience, when decent publishers like the Guardian use stock photos, they identify them as such. I’ve no reason to believe that the photo depicts anything other than actual refugees from the present war.
Your previous comments about press photos have identified things you thought didn’t look right, seeming to imply that they might be faked.
When there’s a real war, why would anybody bother to fake a soldier standing in snow (when there were surely thousands doing so), or to fake a beach with defenses against landing ships, when a country is trying to protect itself against a sea-borne invasion?
[The beach photo I posted was credited to an NY Times staff photographer, and it looked quite similar to one you described.]
MarkH • April 19, 2022 10:22 PM
As for AI/ML, almost any web coder can rotate a set of photos, and count which gets the most clicks.
It’s as simple as headlining the photos with higher click rates, hey presto!
No “artificial intelligence” needed, just entry-level programming.
Occam’s Razor is my great friend, and I commend it to all readers of this blog.
I’ve seen many high-flown fantasies proved to be exactly that.
Ted • April 19, 2022 10:35 PM
Basically [using a SIM Box] is a highly idiotic thing for the Russian’s to do…
Appreciate your thoughts. To your point:
The use of a fragile system such as this seems to have been a forced development driven by the poor state of Russian military communications and the fact that Ukrainian mobile operators had blocked outbound calls and Russian subscribers
The blog post said that Georgia had not blocked Russian mobile phone roamers when Russia invaded in August 2008. I’m glad to hear that Ukrainians can continue to use their mobile phones even if they cannot pay.
There’s enough that goes on without a war. I’ve never been a witness to how these modern-day networks could be managed in a time of serious conflict.
SpaceLifeForm • April 19, 2022 11:05 PM
Re: uefi vulnerabilities lenovo consumer laptops
Well, the two laptops apparently are too old to be effected. Ha.
Funny how the firmware updates require Windows 10.
Clive Robinson • April 19, 2022 11:28 PM
@ vas pup, ALL,
The sinking of Russia’s flagship might be a bad sign for the U.S. Navy
Yup and I’ve been saying it for a few years on this very blog, as you know the most recent being,
Yet further evidence you get to hear it here first “On Bruce’s Blog” 😉
For those that do not know, back many years ago a French company based in Toulouse called “SPOT Image” caused a few rucksions in the US DoD “Deep Intelligence Community” like the current US “National Reconnaissance Office”(NRO). The NRO being the agency with Satanic and worse mission patches including the one with the less cute cephlopod consuming the world patch that’s been mentioned on this blog before,
Beging all sorts of questions about the mental make up of those in the NRO and their desires and dreams 😉
The big problem though was not just “SPOT Images” were French, but a commercial organisation selling high resolution images from space to “all comers with the money to pay”…
These images were from the “Satellite Pour l’Observation de la Terre”(SPOT) satellite in a polar, sun sunchronus, circular, phased (by Hohmann transfer) orbit. Which alowed it to take high resolution images of any point on the surface of the earth within a lunar month.
The problem, as one image made very clear, was just how “high resolution” the images were when the satellite happened to pass over a Naval Group. In the process giving it’s exact position at a given time along with the image giving identifing information and other targeting usefull information including direction and effectively speed. Certain arrangements were entered into come the Gulf War…
Since then people have put up “Technology Demonstrator” satellite payloads to get “space qualification” for “consumer parts”. One of which from Surrey Satellite Technology Ltd (STL) which caused the US quite some embarrassment by showing that a US “Weather Satellite” was rather more than was being claimed… But one such “demonstrator” showed that you could take an “over the counter” Digital Camera costing a few hundred dollars and put it in the likes of a 1ft long by 4inch CubeSat and get it to send high resolution images back to Earth using COST equipment less expensive than a mobile phone… Now add in amateur rocketry fast approaching VLEO launch capability at “Hobby Prices” satellite observation technology has suddenly got very “democratic” and well within “Third World Tyrant pocket change” pricing.
The upshot of which is the previous US administration tried to put in place legislation via “Space Policy Directive-2 (SPD-2)” to limit the “resolution” of images to about 0.5m/pixel. Needless to say other Nation States with the capability to launch commercial satelites do not see why they should be constrained by US legislation… This caused various US high tech companies to complain and back in May 2020 under the new administration the US Commerce Dept issued much more relaxed and for once more sensibly structured rules and regulations (“rumour control” has it the NRO are back in their lair gnashing their teeth).
The point is President Trump had in a “tweet”, let “the cat out of the bag” when he released an image that was around 0.1m/pixel from a US Sat that had a “Hubble mirror” in it,
Note the quote from Cuckoo’s Egg author Clifford Stoll that such a telescope could resolve up to a theoretical best of,
“a couple inches. Not quite good enough to recognize a face”
In practice Hubble is known to be about half the theoretical best.
The point though is on a clear day which they mostly are at sea, such a satellite could see a person standing on the deck of a ship and which direction they are facing. Perhaps more importantly which way a flag was blowing and from that approximately how hard/fast with “wake measurements” giving vessel speed and directions (apparent and true). In essence more than sufficient “identification and targeting” information.
But don’t think it has to be a clear day “optically” thus mistakenly think cloud and smoke cover could be used to hide… Commercial sats have “Synthetic Apature Radar”(SAR) as well these days. Whilst SAR is of lower resolution, it actually gives better information regardless of cloud cover that it “sees right through”. Oh and for various reasons SAR is hard to jam effectively.
In short “you can’t hide a rowing boat” let alone an aircraft carrier any more, as recent commercial “old rule” SAR images of the Russian Fleet Flag Ship Moskva have shown.
In effect the Pacific War at the end of WWII saw the “15 minutes of fame” for aircraft carriers and with the advent of submarine launched “cruise missiles” and long range nuclear mines and torpedoes they are now the worlds most expensive “Holes in the water to be”…
And that’s before we start talking about the “boys toys” non-balistic trajectory hyper-sonic missile technology that can “crash the party at Mach 5” with a nuclear payload. Something it is alleged Russia has used against Ukranian petro-chem processing and storage facilities,
 There are a lot of mistaken beliefs about both jamming and stealth technologies when it comes to radar. Why this should be the case is a bit of a puzzle as most High School Science education should give due warning that such technologies are going to be both very expensive and mostly prey to low cost counter measures.
Winter • April 20, 2022 12:52 AM
“and with the advent of submarine launched “cruise missiles” and long range nuclear mines and torpedoes they are now the worlds most expensive “Holes in the water to be”…”
Wy do you think submarines are still invisible? Or will be invisible for long if they still are?
It has been known for a long time (1980s was when I heard about it) that large objects that impede water flow give an imprint on the waves on the surface.
Such an imprint can be extracted from higher order “frequency analysis” of wave patterns. Waves are easy to spot using radar.
To illustrate that this is not just theoretical, here is a news report of a Dutch submarine being spotted by the Russians in the Mediterranean:
The reason the Netherlands spend horrible amounts of money on these Walrus submarines is that they can supposedly remain undetected in shallow water. This incident was a rude awakening for the Dutch navy.
Gabe K • April 20, 2022 1:09 AM
I thought this was an interesting squid vehicle. Schneier in disguise?
ResearcherZero • April 20, 2022 2:47 AM
“The court emphasised that the open hearing of criminal trials was important because it deterred political prosecutions, allowed the public to scrutinise the actions of prosecutors, and permitted the public to properly assess the conduct of the accused person,”
Australia’s attorney general again intervened in the case, this time asking for significant parts of the judgment to be redacted, on grounds including national security.
A one-page summary said secret trials erode public confidence in the court and open the door to political prosecutions. It was an immensely important decision, rebuking the federal Attorney-General’s efforts to shroud this case in secrecy.
Despite the judgment’s importance, the Australian public is yet to see it. Immediately after the decision was delivered, the Attorney-General’s lawyers applied to have large parts of it redacted. In other words, the government wants a judgment that said no to secrecy to itself be secret.
By escalating the latest secrecy fight to our highest court, the government is aiding and abetting the ongoing, cumulative threat that secrecy poses to judicial integrity.
Collaery is not the only whistleblower on trial – David McBride, the war crimes whistleblower, and Richard Boyle, the tax office whistleblower, currently face the same fate.
“Because of the nature of the allegations, the charges brought against Bernard Collaery can only be pursued with the consent of the attorney general,”
However, when this consent was sought in September 2015, then AG George Brandis declined to provide any agreement to pursue the prosecution, and it wasn’t until after Christian Porter replaced him in late 2017, that the new chief lawmaker determined to prosecute the lawyer in May 2018.
The operation’s aim was to provide the Howard government with the upper hand in lucrative oil and gas treaty negotiations. This unethical arrangement benefited Australian resource company Woodside.
After learning that his former superior, Downer, had taken a position with Woodside following his retirement from politics, K went to the Inspector General of Intelligence and Security in 2008 to discuss an ASIS promotion dispute, which included the details of the bugging operation.
The IGIS recommended that K speak to ASIS-approved lawyer Collaery, who determined that the bugging was illegal. And in 2013, when K was about to join Collaery in the Netherlands to testify against Australia in the Hague in relation to the spying operation, ASIO raided both men’s homes.
Bernard Collaery is a former territory deputy chief minister and attorney general, who has provided counsel on numerous high-profile cases.
Australia, one of the richest countries in the world, bugged the cabinet office of an impoverished, newly independent neighbour as it sought to rebuild following Indonesia’s destructive invasion. All this was done for the sake of a financial windfall for Australia and private-sector energy companies.
…in order to successfully prosecute Collaery the government will have to admit in court that it spied on Timor-Leste.
ResearcherZero • April 20, 2022 2:56 AM
I’ve asked for one of these, but I still haven’t received my sample by mail.
“the drones are meant to float unassumingly in the sea, and are purposefully designed to look like squid as a type of camouflage”
Clive Robinson • April 20, 2022 4:22 AM
Wy do you think submarines are still invisible?
Firstly I did not say they were.
But they are not visable in the conventional sense fairly quickly in water.
Because conventional vessels have a horizon distance considerably larger than they are and submerged vessels do not.
With regards vortex shedding and the like, all objects in water displace water and any movment of water with regards to the object likewise has to be displaced. This requires “work” to be done which requires energy use at that point, and that energy use is in theory detectable.
However the same is true for “rocks on the bottom” and any other object.
But the point to remember is the refraction effects on absorbtion of coherant energy in the form of waves. In effect it reduces the area over which a submerged object is “visable” in relation to it’s depth.
Put simply whilst submarines are not invisable they can be very hard to see especially when they are deep and not moving at speed.
But your argument especially that derived from your “Dutch Navy” example has an implicit implication that I’ve discussed in the past. Which is the same problem we see with space vehicles and aerial vehicles and infact most vehicles. It is “the size required to support human operators” issue.
I’ve spent a large part of my engineering life doing one of two things,
1, Designing the fat out.
2, Pander to the fat’s needs, wants and desires.
Fat being an abstraction of the “human brain” which is made mainly from fat.
Vehicles designed around the former are very advantageous compared to the latter by several orders of magnitude in virtually every resource domain.
As I’ve noted in the past on one of my “work benches” is a cube that is just under 10cm on the edges. It is one of the larger prototype “Space vehicles” I design bits for. The smallest I guess is a little bit bigger than an Apple AirTag. It consists of two PCB’s one either side of a rechargable “coin cell” and outside of the PCB’s two high efficiency solar cells. Antennas and sensors are mounted between the PCB’s around the periphery of the coin cells. They are “functional vehicles” but “without the fat” and are good for way more than a year of opperation in LEO and VLEO. As it happens I’ve also worked on the design of maratime autonomous and remote vehical systems, both surface and submersible. Again “designing out the fat” was significantly adventageous even when it is “remote”.
The design of autonomous “mines” and “torpedoes” that can sit on the sea bed for years whilst it will have it’s complications is already in effect a “solved problem”. A vehicle or “delivery system” has been designed long ago for resource exploration and explotation just look up ROVs. We also know that the design of nuclear devices to go in torpedoes and missiles is a solved engineering issue as well. The question is of course humans being what they are is, “Who will be first?” to put the two together, assuming of course they have not done so already.
Compared to the cost of a submersable vehicle to keep a lump of fat alive and happy for even a few hours to the cost of doing the same for a “package” that will hold a ton of conventional explosive or similar volume/mass it’s effectively a “No brainer” in quite a few peoples lumps of fat…
Winter • April 20, 2022 5:05 AM
“Compared to the cost of a submersable vehicle to keep a lump of fat alive and happy for even a few hours to the cost of doing the same for a “package” that will hold a ton of conventional explosive or similar volume/mass it’s effectively a “No brainer” in quite a few peoples lumps of fat…”
I am sure there will be eventually autonomous bots that can tap undersea cables, follow and destroy war ships and submarines, or launch nuclear missiles. But I think current technology is not yet at a level that we can outsource complex policy and tactical decisions to AI. Also, I understood that communication with deep diving vehicles is not without its problems. Therefore, submersed drones steered from the other side of the globe too is not yet on par with aerial drones.
In summary, I think we will have to depend to humans inside at least some vehicles for the foreseeable future.
ResearcherZero • April 20, 2022 5:34 AM
Tiwi Island and Larrakia Traditional Owners recently launched international legal action against the multi-billion dollar Barossa Gas project in the Timor Sea hundreds of kilometres north of Darwin.
“Santos did not fully explain their plans to build a gas pipeline along our coast. Santos did not explain any of the risks,”
If further court action is successful it could prevent the South Korean Government from lending more than $964 million to the Barossa gas project, putting the financial viability of the project at risk.
“Would they be so free and easy, you know, lending money if it was their people that were going to be impacted? “
‘RIPE FOR RORTING’
“A lot of the companies that are seeking to benefit from this opaque process have made pretty major political donations and have sat in positions of power,”
Australian gas giants and Liberal Party donors Woodside and Santos, stand to benefit from cheap money and rapid approvals for new pipelines, exploration and gas terminals on the east coast.
Director at the Australasian Centre for Corporate Responsibility Dan Gocher called the new gas field “a carbon bomb”, although Santos plans to investigate “carbon-neutral LNG”.
The term carbon-neutral LNG is a misnomer, since offsets can cover greenhouse gases such as methane and nitrous oxide, not just carbon dioxide.
“Offsetting has become the most popular and sophisticated form of greenwash around. It could work in theory, but in practice, it’s riddled with flaws,”
“effectively a promise”
The futures market would allow companies to buy a simple credit, effectively a promise to reduce a tonne of emissions but not specifying where that would take place, in contrast to the existing market that offers direct access to particular offset projects.
net-zero pledges are propagating the belief that offsets are working fine.
…the fundamental political economy is structured around massive volumes of low-priced offsets — the most problematic ones. It becomes a race to the bottom, where people compete on price and not quality. They are about reducing compliance costs.
It’s all a massive con…
ResearcherZero • April 20, 2022 5:48 AM
Submarines are going to be used to visit the ‘Pacific family’.
As if we detonate “a carbon bomb”, they are basically all going to be living underwater. The subs are set to be delivered around 2040, right? Is that the plan, ‘Dad’?
Scott Morrison says there is ‘great concern across Pacific family’ over China’s potential new military pact with the Solomon Islands
ResearcherZero • April 20, 2022 6:00 AM
James Cameron embarks on an ocean voyage to find the bar and raise it, despite his crew’s attempts to explain that “the bar” is only a metaphor.
Surely this can’t continue, haven’t we already been through this scenario, and it was considered unworkable?
JonKnowsNothing • April 20, 2022 7:16 AM
@Clive, @ Winter, @All
re: Why do you think submarines are still invisible?
The only people who think submarines are “invisible” are the public who are given less than accurate information about the physics of how they work.
Items at rest tend to be more difficult to detect, as Clive pointed out.
Submarines are rarely at rest because even at rest they emit all sorts of other signals that can be detected. It’s better to move along before they get detected, which is one reason when a nuclear submarine leaves port, there is a great deal of secrecy and over-cover to prevent an initial “tag” from happening.
Once a submarine has “done something of notice”, it’s not easy be
Also consider their mission:
You won’t find too many submarines working on terra firma or in isolated lakes. You find them in oceans.
You don’t find too many taking a snooze under a shade tree. You find them in “areas of potential combat”. If you have an adversarial relationship with another country, that is bounded by oceans, that’s a pretty obvious location.
You might find them refueling, resupplying at ports of “friendly” nations. The location of ports capable of docking a submarine (aircraft carriers) is fairly limited. Australia is trying to decide where to place their “currently fictional nuclear subs” and so far only pork barrel locations are under consideration. It’s a limited search area.
And then there are the signals blast, which is so loud that pods of dead cetaceans result. Roadkill from the underwater highways.
Perhaps some while ago, they had more “cover” but they don’t anymore.
Marine mammals and sonar
Naval sonar-linked incidents
Clive Robinson • April 20, 2022 7:28 AM
But I think current technology is not yet at a level that we can outsource complex policy and tactical decisions to AI.
You realy are “over thinking it” there.
You do not need AI for a weapons system to work. Ever since the earliest of alarms there has been a very simple algorithm in play,
1, Look for sign.
2, Is sign there, if not then 1.
3, Trigger event.
The sign is a “differentiator” find one that works for Group A but not Group B and the algorithm works. When Group A is “in sight” then the “event” happens.
Such a differentiator can be a string a foot of the ground pulled taught against a balance. Small creatures pass underneath, larger creatures trip the balance past it’s tipping point thus “trigger” the “event” such as a “sapling sprung snare”.
As technology improved that ten thousand year old trap got updated in “The great war” and later “World War Two” we designed knew detectors for different differebtiators, hence passive acoustic, pressure, and magnetic, and active measured distance and similar mines.
No AI needed or involved for that.
As for delivery systems, I’ve sailed solo whilst asleep, using no more than a mechanical auto-stearing mechanism and a mechanical log. The “apparent wind” when sufficiently “off shore” stays relatively constant for hours at a time, thus can be used as a refrence. A look up table or mechanical calculator can correct for water movment based on the well established and reliable phase of the moon, so a mechanical clock/calander and assumed location as the input. The result a sailing vessel purely by the wind and simple mechanics can travel a straight line for a distance.
It’s actually very similar to the auto pilot in the V1 “cruise missile” only that used a mechanical compass, an air-screw to control the speed and when to stop the engine.
No AI needed or involved for that.
The use of assumed or calculated position can be used in a look up table and a complex course can be negotiated by moving on a series of straight line approximations, with the flextion or course change points more commonly called “way points”.
No AI needed or involved for that.
Once you have such a table, you can update it whilst it is being used. In effect it becomes an updatable buffer that can be made to appear endless (ie a circular buffer). Designing a simple “state machine” to do this requires justva clock source, a counter and a modulo function (mask all but the bottom bits). It’s what all sequential processing engines we call “Universal Turing Engines” have under the hood at the most primitive level. Known and established beyond doubt in the earky 1930’s several years before WWII.
No AI needed or involved for that.
But we also know know beyond doubt, that what underpined Turings Engine was also known to Charles Babbage at least a century prior to that. Probably before the 1820’s. He certainly knew all about data in tables and how to use them and was probably famillier with the “Jacquard Box/head” used on Dobby looms in his teenage years. Jacquard’s box was an incrementing “lookup table” using punched cards, the idea behind it started around a century earlier than that. Oh and the same principle was used in “Hurdy-Gurdies” that “Organ Grinders” used, much to Babbages anoyance and later life littigation.
So the principles of all that are required for a mechanical device to autonavigate a vessle used as a “Delivery System” were in place, and could have been made in the first quater of the 17 hundreds.
No AI needed or involved… Just technical accumen, and the abbility as Jacquard did “to bolt it all together”.
For my son, for fun we built a very simple state machine out of lego bricks and the “Technics rods” etc. The “lookup table” and “modulo opperator” were made with what many would call a “cam rod” which as any mechanic knows is the “sequencer” in a piston type engine…
The same sort of “cam table” can still be found in mechanical switches driven by a timer motor in washing machines still being made in the 1990’s. They were also still in use in “Ladder Logic” used in “Industrial Control Systems”(ICS) “Programable Logic Controlers”(PLCs) into atleast the begining of this century for high reliability “safety systems” used for the likes of “Emergancy Shutdown” sequencers. The simplicity of the cam being it can be easily driven by any kind of motor including what is a knob, acting as a “hand crank”.
The idea that we need AI in any way shape or form for weapons delivery systems is ludicrous. Some would note that it’s an attempt to keep a failed idea of some “faux current relevance” as a “side show” as a “Scary Monster” to distract people away from the real issue,
Some people with “Dark mental traits” such as being psychopaths will just build or get others to build the weapons systems. That they want to use, or more importantly sell, to gain power thus control to achieve their objectives.
They care squat-diddly about AI or the “socialogical arguments” around it. Either it furthers their objectives or it is irrelevant.
Trust me except where AI can be used to achive a specific objective as a “cut-out” by putting “hidden outcomes” in it, it is irrelevant to even high functioning psychopaths.
AI is currently irrelevant, except for the fact it can be used as a steping stone to hidden objectives that would scare most beyond comprehension if the actually saw and understood them. The psycopaths do not need AI, they never did, nor will they ever, except as some kind of way to achive objectives faster, using less resources, diverting attention etc.
In reality they see the world as three groups. Group A is their target group, Group B are others, not including themselves, thus they are Group C. Their primary focus is,
1, Keep Group C functional.
2, Ensure Group A is dealt with.
3, Treat Group B as irrelevant.
Thus their requirment for a “discriminator” is that it triggers for as many of Group A as possible. Never for Group C, and as for Group B, if some fall into the discriminator window and trigger it, it is irrelevant unless it effects the first two requirments negatively.
So for a weapon it must render Group A out, not blow up in Group C’s face, and as for Group B, well collateral damage happens…
Winter • April 20, 2022 7:46 AM
“The sign is a “differentiator” find one that works for Group A but not Group B and the algorithm works. When Group A is “in sight” then the “event” happens.”
Get call from president -> Fire nuclear war heads
See enemy ship -> Sink it
I can see some limits to that strategy.
JonKnowsNothing • April 20, 2022 8:01 AM
re: When there’s a real war, why would anybody bother to fake a soldier standing in snow (when there were surely thousands doing so), or to fake a beach with defenses against landing ships, when a country is trying to protect itself against a sea-borne invasion?
I would think this is pretty obvious… but perhaps not…
During any run up to a conflict,( or special event), there is a propaganda war in play long before any ballistics occur.
It is the business of “propaganda” and it doesn’t mean that it’s “evil or wrong”. It is information intended to sway public opinion in the direction wanted.
It’s the same as advertising for breakfast cereals, except the outcome of propaganda pieces often end up dead or maimed. Physical destruction goes with the package as a bonus.
So the images I’ve described aren’t some Occam Razor problem, they are intended to alter one’s view in a specific direction. Because my primary language is English and my WebTag Location is USA, I get pre-selected images for me. You get pre-selected images for you. If you are somewhere else, UK maybe, you get images selected for UK consumption. Same in France, Spain and every other country.
All of the images I’ve describe are clearly intended to draw a particular view point.
That you cannot find these same images isn’t surprising. Your click stream alters your AI/ML profile.
So, the Occam Razor, is this:
Why did the AI/ML pick these images to show to me?
Wars cannot be maintained without a constant support of the population. You know this very well. Propaganda is designed to prop-up a particular view.
Media serves as a mouthpiece for current official views, even if they are made by “unofficial sources”, “a government official said” or “anonymous source familiar with”.
Since I am in a position to watch and notice the odd ducks appearing in the midst of serious warfare and the results of the devastation because I do not click the images (although mouse tracking is certainly being done), I think it’s an interesting Reverse Analysis of the AI/ML Selection Pieces.
It’s like watching reports of SARS-CoV-2 fall off the main pages onto Page2… Watching which pieces go from the top to the bottom of the page, can give an indication at how important an editor thinks the article is. Further, the editor selects or is “encouraged” to select, the image, the source, the placement on the page.
There isn’t any conspiracy or weird stuff. It’s war advertising.
Winter • April 20, 2022 8:38 AM
Everything runs on chips nowadays, and Russia has not been able to produce their own silicon variety. Building modern weapons using Chinese microprocessors might be the only option Russia has. Not a very enticing option, that is.
Russia’s backward chip industry
At the end of last month, the US put Mikron on the Entity List following Russia’s invasion of the Ukraine and now, it seems, the Russian government recognises that it has to try and build a domestic industry or become reliant on China.
This will be a very long haul.
JonKnowsNothing • April 20, 2022 8:49 AM
@ Clive , @ Winter
1, Look for sign.
2, Is sign there, if not then 1.
3, Trigger event.
And do not get mistaken as a deer in the forest…
Winter • April 20, 2022 9:01 AM
“Building modern weapons using Chinese microprocessors might be the only option Russia has.”
Remember that China is using North Korea to keep South Korea and Japan in check. Without the North Korean diversion, South Korea would be a more formidable neighbor.
China might very well contemplate the same role for Russia. Keep Putin in power, but on a leash. Then use Russia to put continuous pressure on the EU and NATO.
This is short for: Putin’s “Greater Russian Empire” ends up a minion of China, kept on a chain and getting thrown a bone once in a while.
&ers • April 20, 2022 9:44 AM
@Clive @SpaceLifeForm @ALL
Winter • April 20, 2022 10:15 AM
We can argue all night and day about attribution, but in the real world people will go by: “If it walks like a duck….” and simply act like the Kremlin was behind it.
Given there is an active war going on, this will simply be chalked up on Russia’s long list of war actions.
It took Germany decades to be trusted again. Japan still has not made up with all their victims. I suspect Russia will be considered a poisonous snake in international politics for decades to come. Or more like the scorpion from the fable 
Unless, of course, Trump, Le Pen and other fan-boys/girls have their way. Then Putin will get statues everywhere as the savior of the Kleptocracy.
 Putin, the Scorpion, and the Frog
&ers • April 20, 2022 11:49 AM
Attribution here is not relevant at all.
How that attack was technically conducted however is.
I know that russia is currently very angry against Starlink.
If Musk won’t learn from this attack his Starlink satellites would be the next ones.
Winter • April 20, 2022 12:14 PM
“If Musk won’t learn from this attack his Starlink satellites would be the next ones.”
Putin is showing signs of desperation. He also is following the playbook of NK with missile launches.
I think things are going bad in Ukraine and in the economy. Ukraine is wearing down their army and the most powerful economies are boycotting Russia.
Trying to threathen people to buy your stuff is a desperate marketing strategy.
SpaceLifeForm • April 20, 2022 4:18 PM
@ Clive, Ted, ALL
re: Ukrainian mobile operators had blocked outbound calls and Russian subscribers
I do not believe this is accurate.
There is a Heavy Metal Rock-n-Roll in the theater.
Think about what a SIM ICCID tells the cellco tower.
Ted • April 20, 2022 5:34 PM
@SpaceLifeForm, Clive, All
re: Ukrainian mobile operators had blocked outbound calls and Russian subscribers
I do not believe this is accurate.
I’m a little uncertain of all the details here, so feel free to add your thoughts.
There was an update in the post. The SSSCIP later said that they were not blocking all phone calls made from Ukraine to Russia and Belarus as previously stated.
They added there has been eavesdropping on calls from Russian forces to Russia.
However, I don’t know if service to inbound roamers from Russia and Belarus is suspended.
At least according to the post, it seems like Russia was trying to use the SIM Box and GSM Gateways to:
to avoid call interception by trying to ‘blend in’ i.e. by dialing in-country only, and then using IP to bypass the blocks on outbound calling to Russia.
What were your thoughts with the SIM ICCID and cellco tower?
vas pup • April 20, 2022 5:35 PM
SpaceX shut down a Russian electromagnetic warfare attack in Ukraine last month — and the Pentagon is taking notes
“Dave Tremper, director of electronic warfare for the Office of the Secretary of Defense, pointed to SpaceX’s ability last month to swiftly stymie a Russian effort to jam its Starlink satellite broadband service, which was keeping Ukraine connected to the Internet. SpaceX founder Elon Musk steered thousands of Starlink terminals to Ukraine after an official sent him a tweet asking for help keeping the besieged country online.
“The next day [after reports about the Russian jamming effort hit the media], Starlink had slung a line of code and fixed it,” Tremper said. “And suddenly that [Russian jamming attack] was not effective anymore. From [the] EW technologist’s perspective, that is fantastic … and how they did that was eye-watering to me.”
The government, on the other hand, has a “significant timeline to make those types of corrections” as it muddles through analyses of what happened, decides how to fix it and gets a contract in place for the fix.
“We need to be able to have that agility,” Tremper said. “We need to be able to change our electromagnetic posture to be able to change, very dynamically, what we’re trying to do without losing capability along the way.”
SpaceLifeForm • April 20, 2022 5:37 PM
How is that security working for you today?
Is Zero really a Random number?
Is your SIM card vulnerable?
Did you upgrade lately so you get the latest new Bugs? I meant Features.
“It’s hard to overstate the severity of this bug. If you are using ECDSA signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18 version before the April 2022 Critical Patch Update (CPU). For context, almost all WebAuthn/FIDO devices in the real world (including Yubikeys use ECDSA signatures and many OIDC providers use ECDSA-signed JWTs.”
SpaceLifeForm • April 20, 2022 6:54 PM
@ vas pup
I read that as misinformation. Not going to say why at this time for security reasons.
This is ‘patience grasshopper’ time.
Clive Robinson • April 20, 2022 7:02 PM
@ Ted, SpaceLifeForm, ALL,
I’m a little uncertain of all the details here, so feel free to add your thoughts.
The author of the article is almost certainly “a little uncertain of all the details” as well. But may “know” or can “deduce” more that they would not write about.
Myself likewise, In my case somethings are “still works in progress” much as with any research.
But you do not need to “read the standards” or be “intimate with the prorocols” to work out quite a few things. Based on general knowledge of “communications networks” and “business” the underlying “charging model” can be reasonably approximated. From that you can deduce the various parts that have “unique identifiers” and why.
A knowledge of “circuit switching” and trunked star networks will tell you how “traffic analysis” can be usefully employed.
It is then a matter of thinking up how the unique ID’s and traffic analysis can be meshed together to be rather more than the sum of their parts.
As I pointed out just a little while back those SIM-Boxes have other characteristics that are very visable to the way the “technical engineering” of a mobile network works.
People with “computer” rather than “communications” backgrounds can miss a lot of things as they almost never actually play at the “physical layer”. So frequently they do not realise just how badly those SIM-Boxes can stand out compared to real mobile phones in actual users hands.
That is it is virtually impossible for two mobile phones even if glued to the same table will have closely similar RF behaviour when used by a human. Now consider the over 100 SIMS in the box, all sharing the same unmoving RF “head” and “antenna” with no moving “sacks of briney fat” moving in close proximity… Yup they will all have very closely similar mostly invarient behaviour. It kind of stretches credulity that anyone knowing that would deploy things the way the Russian’s have…
Thus not only have the Russian’s given the game away trivially due to apparent lack of knowledge, they also reveal other things that make them look a whole lot less than competent in the art of communications engineering. Or worse still they were “grossely over confident” and “baddly underestimated the Ukrainians” due to arrogance, bigitory, and worse.
Which actually makes the Russian atrocity behaviours so much easier to put in context thus understand. Those who believe they are “moraly superior” have a strong cognative bias, it’s unfortunatly a common trait in Russian criminals. When that bias is found flawed it causes cotnative dissonance and in effect rage, thus the challenged superiority has to be reestablished in other ways… Sadly often through sadistic violant behaviours driven by a narcissistic need for striking out in revenge… Which makes a whole load more mistakes extreamly likely to be made by the Russians, in what will in all likelyhood become a degenerative downward spiral… It’s certainly a behaviour pattern seen in the Russian Millitary, where brutality not brains can get you promoted.
But hey that’s just an “educated hunch”…
lurker • April 20, 2022 7:16 PM
The old ‘divide by zero bug’, eh? Ho hum…
Ted • April 20, 2022 7:37 PM
@Clive, SpaceLifeForm, All
But hey that’s just an “educated hunch”…
Great thoughts and well articulated! 🙌
ResearcherZero • April 20, 2022 9:30 PM
“show how important it is to quickly respond, and immediately shut down, such attacks”
If only the same attitude prevailed for insertion points for foreign espionage. Or aggravated criminal acts against members of the community, sometimes vulnerable members of the community. Areas of serious crime that could compromise politically exposed persons, who get themselves into large amounts of trouble.
As the Australian Federal Police notes, “no sector of the community should be immune”…
…but then strangely they say, “The issue of whether or not the public has the right to know is really not an issue that comes into our investigation process,” does this include crimes of abduction, assault, abuse or attempted murder?
…material advantageous to the government are not pursued while leaks relating to alleged misconduct of significant public interest are pursued due to embarrassment of the government and security agencies.
That article relates to sensitive material, but the Australian Federal Police has also sat on investigations into very serious criminal conduct for a very long time now, that does not involve sensitive material.
Instead serious criminal wrongdoing that has not been pursued.
What exact function does the AFP now play if it is no longer pursuing criminal matters that can lead to the compromise of members of parliament?
If you can hide your criminal past, and avoid a sentence liable for two or more years in prison, then apparently you are fit for parliament, no matter what you have done. That seems a little risky.
What happens when the public discovers what has been going on?
Perhaps it is time that they knew? Ample time has passed to address these issues, yet our instruments of law have failed to act in good faith.
ResearcherZero • April 20, 2022 10:46 PM
By appealing the Jo Dyer matter, Christian Porter is hoping to save about $900,000 but it could backfire if he loses as he will be up for even more costs.
Before Mr Porter’s defamation action against the ABC had begun, his lawyer Sue Chrysanthou was restrained from acting for him because of a perceived conflict of interest.
The case arose from a meeting between Ms Chrysanthou and Jo Dyer, a friend of the now-dead woman who had alleged that Mr Porter raped her.
…there was a conflict because knowledge of matters discussed in their consultation could have advantaged Mr Porter in his action against the ABC.
A key part of the case involved evidence from a friend of Ms Dyer, James Hooke. Mr Hooke was with Ms Dyer when she met Sue Chrysanthou and another lawyer to discuss what to do.
“Ms Chrysanthou acted for Ms Dyer in circumstances in which fair-minded members of the public would think that it was likely that material was disclosed to Ms Chrysanthou, which would be relevant to the proceedings instituted by Mr Porter against the ABC… and that Mr Porter might gain an advantage from his barrister possessing such information,”
“On Wednesday 24 June 2020, the body of a 49-year-old woman was located at a home at Adelaide by South Australia Police (SA Pol).”
A letter penned by “friends” of a woman who claimed she was raped by a man who is now a minister contains a grave warning to Scott Morrison.
“experienced first hand the way this government has treated that broad sweeping campaign as just another political problem preferably to be ignored, and if not ignored, managed”.
The behaviour demonstrated by police, the legal system, and the government, is both unbecoming and cowardly. One could also question it’s legality.
This is just one of a number of serious incidents Christian Porter was involved in. Katherine was not the only victim, there are others, many who’s lives were destroyed. Not only that, but other members of the current serving government were also involved in covering it up, along with other matters of serious crime, where they used their political connections to avoid prosecution and public scrutiny.
Defamation, suppression, intimidation and legal threats should not be used as tools against victims of crime. The law should instead protect victims of crime and be a means of redress, rather than be a means for offenders to inflict more hurt, and hide their misdeeds.
The coverup is said to be worse than the crime, and there have been some very serious crimes indeed. It would be wise for some to start praying.
ResearcherZero • April 20, 2022 11:00 PM
They awarded medals and awards for rescuing those children and young women, when they had let the offenders go, and now some of those same offenders sit in parliament? Are they kidding, seriously is this what the world has come to?
SpaceLifeForm • April 21, 2022 1:57 AM
Godot spotted in Shanghai
Clive Robinson • April 21, 2022 5:16 AM
@ SpaceLifeForm, ALL,
Re : Oracle screw up the crypto pooch by zero…
What’s the bet it gets a blog page to it’s self this week?
This is NOT good… And somebody was right to say it should get a “Perfect 10” on the “OMG how bad can it get” scale.
It is in quite a few cases the equivalent of a “Golden Front Door Key” that certain “Politzi” motivated people have fantasized about.
But how did it happen… All to easily I suspect, here is a guess,
As most readers hear know “Divide by zero” is something you don’t do so software people test-n-avoid.
But, software developers of what they consider “time critical” or “constant time” code hate “tests” with a passion as they not only “add time” they “add indeterminate time”.
Or more correctly from the security asspect “add input dependent time” which creates a “time based side channel” that can often easily be used to leak confidential information like “KeyMat”.
So there is quite an incentive not to do such tests…
Especially if there is an assumption that “in the real world that ain’t ever going to happen”…
After all if you throw a dice,
“How long will you have to throw it to get five hundred “even” numbers in a row?”
The glib answer is going to –incorrectly be– something like,
“The universe has not been around that long, nor will be”.
Even the correct “Buzz Lightyear” time scale response of,
“To Infinity and beyond!”
Is not regarded as a “time scale” but as a “never going to happen” point in time…
Which leads to the mistaken thought of,
“This test will always fail, so why do it?”
But that’s not the only “code minded” issue that comes up. There is one so common it should some how have a prohibition seared into the hearts and minds of every person who even dares to think “Can I do…” or “Could we do…” with a computer.
It all starts with the notion of “business logic”, that is there is some core algorithm or procedure the computer is going to do. It’s what “example code” almost always is. That is, it is stripped of all “Error and Exception Handeling code” and organised in some wanted flow on the excuse of “clarity” or “ease of understanding”.
The results are that people develop a view that there is,
1, Business logic code.
2, Glue logic code.
3, Error code.
The result is that “Error code” either gets,
A, Left out.
B, Incorrectly implemented.
C, Shuffled to the left.
D, Is “Somebody Elses Problem”(SEP).
An almost “built in by education” and in the some standards –Common Unix, Posix et al– problem is that data thus it’s processing,
A, Moves from the left (side of the page).
B, To the right (side of the page).
C, Therefore “input errors” (on the left).
D, Propogate to “business logic” (on the right).
E, Errors can not be “reliably” dealt with “down stream” (as NO right to left movment means data loss).
Thus the thinking gives rise to a fairly hard and fast but often wrong rule of,
“All error checking should be moved as far left as possible.”
But then there is,
4, Exception code.
Do consumer code developers ever write that? Or do they always opt for “Blue Screen of Death”(BSoD) SEP solutions to exceptions?
Hence there is always “data loss” and “system failure” built into the very foundations of a very great deal of “consumer application” code.
This sort of issue is so common it actually gave rise to the idea of “Design/Coding by contract”(DbC) as a methodology to “try” and stop it, or atleast limit it.
In essence DbC assums three things,
1, Side Effects happen.
2, Left-side “Pre-conditions”.
3, Right-side “Post-conditions”.
The first is an implicit assumption of two facts,
1, You have no right-side control.
2, Your left-side control is imperfect.
But there are three “weasle words” in there “conditions” and “imperfect” and importantly “contract”.
Conditions means “tests” and “imperfect” gives latitude to the designer to “minimise” both the tests carried out and what remedial action is taken (big mistake in the methodology).
But importantly “contract” requires code, in fact two pieces of code for each “contract” on either side of all the “interfaces”. This is generically,
5, Interface code.
But how many interfaces are there actually? Most assume two hence “Pre-conditions” and “Post-conditions. However people either don’t realise or chose to forget “side-effects” that arise because of “imperfect”… Which gives rise to the “target rich” “happy hunting ground” of “bugs / vulnerabilities”…
But interfaces are “boundaries of responsability” if you push something across an interface then it becomes “Somebody Elses Problem” not yours… But what happens if you make it a “Pre-Condition” thus push it left across your “input interface”? Well that automatically makes it a “Post-Condition” on the output interface of the preceding or calling proccess block. If that block is preceading BUT NOT calling then congratulations your push left has become an “exception”… Do you write “exception handlers” for your output interface?
Probably rarely and almost only when you “call” a subroutien. So if you are “writing to disk” and you get an exception what do you do with it?
Dump and Abort is the usual response sometimes but mostly not with a usefull error message in a log file.
So back to “divide by zero” issues… It’s easy to see how the get shifted out of business logic into the notion of interface logic at the input, making it either an implicit exception or worse unimplemented and untested for vulnerability…
But there’s another more subtal vulnerability…
What if there is a test and it branches?
What if handeling it also avoides some or all of the following business logic, or more importantly security steps?
Suprisingly you would think this happens so often it might as well be treated as a coin toss given.
Well somewhere in the above is what Oracle have done in their Java ‘mplementation library code, that is used in Smart Cards and SIMs so a major security blunder what ever the cause, and certainly not tested for…
So “Design by Contract” used?
I think not, or only given lip service to…
ResearcherZero • April 21, 2022 6:38 AM
“I told Moscow that you are such a good boy,”
He lived with his sick mother and never had a regular job. He had no obvious source of income and, according to his uncle, even signed up for welfare benefits as a caregiver deserving of state support. But Bohus Garbar, down-on-his-luck and in his early 50s, still managed to donate thousands of euros to Kremlin-friendly, far-right political parties in Slovakia. Family and friends are mystified.
Russia has not commented on Mr. Garbar’s liaison with Russian military intelligence, but it called the expulsion of Mr. Solomasov “groundless.”
“He definitely wasn’t in a state where he could support any political party,”
his nephew receiving instructions and two 500-euro bills, a small part of what officials say were tens of thousands of euros in payments, from a Russian military intelligence officer masquerading as a diplomat at Moscow’s embassy in Bratislava, the Slovak capital
ResearcherZero • April 21, 2022 6:50 AM
Just a bit of fun.
The judge said prosecutors did not prove the defendants tried to infiltrate the Secret Service with nefarious purposes…
ResearcherZero • April 21, 2022 6:55 AM
To be fair, a judge said there was “no harm done” after I was abducted, shot, and later stabbed with a syringe and my heart stopped.
&ers • April 21, 2022 4:21 PM
All hope is not lost.
SpaceLifeForm • April 21, 2022 10:52 PM
@ Clive, ALL
Oracle had an ECDSA library that was written in C++.
For some reason they decided it needed to be written in Java. So, it was not from scratch. They had a reference implementation.
Here’s the really dumb part:
The reference implementation did in fact do the tests for zero.
Clive Robinson • April 22, 2022 2:13 AM
Re : Here’s the really dumb part
The reference implementation did in fact do the tests for zero.
Raises the question of “Why?” that is what was the real reasoning, not the excuse they will no doubt scramble together with legal consul.
Which from the list I gave do you favour as “the real explanation”, or do you have another of your own?
I’m tentatively going with the “It aint goner ever happen in the real world so why bother” thinking of someone trying to over optimize library code for “specmanship” or similar reasons.
But they were wrong, it has happened… Because in the real world, not only is their random, there is also chaos and down via agency at work determanisticaly sifting through complexity to exploit…
But of course at the back of some peoples minds will be,
1, By accident or design?
2, If design, with what intent?
3, Is the intent malicious?
4, If malicious for who’s benifit?
To rephrase a song,
“Zero is a magic number”
 Originally from Disney’s Multiplication Rock from the very early seventies called “3 is a magic number” by Bob Dorough. It was made more famous in the late eighties by “Del a soul” who sampled in the Bob Borough track and added drums and a little scratch acid.
Oh and do remember “3 is a magic number” when considered as a result mod 4… Because the sums of squares are never 3 mod 4. Which is of relevence when it comes to Fermat’s theorem on odd primes being the sum of two squares (thus are called Pythagorean Primes). Hence the definition for Gaussian Primes, which have useful properties.
For some reason my brain won’t let me sleep like a stuck record it keeps spining around…
lurker • April 22, 2022 3:21 PM
It’s an obligation to stay positive. I think Nietzsche said that. We’ll just listen to Nietzsche.
One Ukranian farmer’s attitude to current affairs.
Winter • April 22, 2022 4:21 PM
“One Ukranian farmer’s attitude to current affairs.”
He is a Dutch farmer, emigrated with his wife to Ukraine.
Here is his vlog
SpaceLifeForm • April 22, 2022 5:16 PM
To 2G, or not to 2G, that is the question: Whether ’tis nobler in the mind to suffer The slings and arrows of outrageous cell networks, Or to take arms against a sea of tractors And by opposing send them.
Ted • April 22, 2022 5:31 PM
Or to take arms against a sea of tractors
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment