Friday Squid Blogging: New Squid Species

Seems like they are being discovered all the time:

In the past, the DEEPEND crew has discovered three new species of Bathyteuthids, a type of squid that lives in depths between 700 and 2,000 meters. The findings were validated and published in 2020. Another new squid species description is currently in review at the Bulletin of Marine Science.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on August 5, 2022 at 4:13 PM64 Comments

Comments

Not really anonymous August 5, 2022 4:39 PM

DJB announced a new lawsuit this afternoon. It seems to be mostly about NIST not respounding to his FIOA requests reguarding NSA influence on the postquauntum cryptograpohy standard creation.

Leon Theremin August 5, 2022 6:56 PM

This position paper makes the case for wireless in-package nanonetworking as the enabler of efficient and versatile wired-wireless interconnect fabrics for massive heterogeneous processors.

https://arxiv.org/abs/2011.04107

Comment: Think your processor couldn’t have a covert networking interface phoning home? Think again.

Clive Robinson August 5, 2022 8:26 PM

@ SpaceLifeForm, usual suspects,

Linux vulnerability in Jens Axboe’s “io-uring”[1],

“an exploit that targets a hardened nsjail environment inside of Google’s container optimized OS (COS) distro. The exploit does not require unprivileged user namespaces and results in root privileges in the root namespace. To gain root, we leveraged a Use-After-Free vulnerability. This allowed us to execute our own code in kernelmode.”

https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/

It allows a user to run code in kernel mode, so is somewhat serious…

[1] Jens Axboe’s “io-uring” is a “swiss army knife” for system calls with a lot of performance enhancment. It gets the performance boost a couple of ways. Firstly system calls can be completed asynchronously, so threads do not have to block while waiting for the kernel to complete the call. Secondly multiple system call requests can be submitted at the same time. So a task that would normally make multiple system calls can be reduced down to making one. Which significantly reduces context switching between user and kernel space and back.

Clive Robinson August 5, 2022 9:09 PM

@ ALL,

Re : DJB taking NIST to court,

@Not really anonymous, noted above,

“DJB announced a new lawsuit this afternoon.”

But did not include a link.

Well this is a link to DJB’s write up,

http://blog.cr.yp.to/20220805-nsa.html

It’s a very good read and goes into some of the naatier bits of NIST being the NSA’s puppet.

As I’ve mentioned in the past the AES competition, was fairly clearly rigged so that which ever algorithm won, the practical implementation that would get used would be full of time based side channel leaks…

From a practical point of view AES is not an algorithm you would want to use in an “on-line mode”. A fact that reading NSA documents for the likes of it’s “Inline Media Encryptor”(IME) makes clear, that it’s only approved to “secret” for “Data at rest”.

Clive Robinson August 5, 2022 9:58 PM

@ Bruce, Usual Suspects,

Re : Helium crypto nonsense

A little while ago when our host @Bruce last posted about “blockchain”, I mentioned an odd ball “crypto-currency” scheme called “Helium” that uses,

“Proof of coverage”

Not “proof of work” and I said it was a joke at best…

Well it appears I’m not the only one,

https://blog.dshr.org/2022/08/helium.html

SpaceLifeForm August 6, 2022 2:40 AM

@ Not really anonymous, Clive, ALL

Here is the more secure link.

‘https://blog.cr.yp.to/20220805-nsa.html

SpaceLifeForm August 6, 2022 3:28 AM

@ Not really anonymous, Clive, ALL

This is the main complaint, which can bring you up to speed on the more recent events surrounding the Chasing of the PCQ Ghost. Most of the stuff of interest is on pages 3-5 of the 7 pages.

‘https://storage.courtlistener.com/recap/gov.uscourts.dcd.246022/gov.uscourts.dcd.246022.1.0.pdf

Bottom line: If it is NIST approved, run away. NIST is a Scary Ghost.

Clive Robinson August 6, 2022 6:32 AM

@ SpaceLifeForm, Not really anonymous, ALL,

Re : NIST – NSA and US DOC

NIST “is required” to consult the NSA, not be their front/puppet.

Going back to the AES competition like others I had my suspicions and have said as much.

It started earlier over DES and what was said about IBM pre DES work (Don Coppersmith and a couple of others from the IBM DES team comments over the years did not quite hang together with other info).

So I started to look into the NSA and what went before. It turned out I had reason to be suspicious as William Friedman was clearly playing games with mechanical crypto equipment used by the US.

Let’s just say the “weak to strong key” ratios were “odd”. It was when I looked into the centralised “Key Management”(KeyMan) the shoe started to drop…

The designs had a smaller than expected percentage of strong keys, and the available key range was larger than needed. Thus there were sufficient strong keys IF and ONLY IF you knew which ones they were.

I realised that the design was such that if it fell into enemy hands and they either used captured, or copied the design but were unaware of the weak to strong key issue and randomly selected keys about 1 in 5 of their messages would be easily decrypted.

Knowing how Britains Bletchly Park broke ciphers using a card catalogue of previous broken messages (so called “British Museum” method). I realised that the messages under weak keys would provide “steping stones” and make cryptanalysis and decoding of messages under strong keys not trivial but way way simpler.

When the NSA later formed and William Friedman joined, he in effect made this behaviour “standard policy” for them. The British were also playing a similar game and as the card game “Bridge” was extreamly popular with those at Bletchly, the name of a bridge tactic “finessing” became used for what was being done.

Knowing this you can then walk the historical time line and see things that were odd… like Crypto AG in effect being the only private crypto company to survive with Haglin and Friedman known to be proffessional if not actual friends. It was suspicious and this was as we now know effectively a “front”, even with suspicions the NSA/CIA arranged the death of Haglin’s son and other “awkward” Crypto AG staff[1].

It’s certainly known that NSA members on standards committees went out of their way to be rude, obstructive and alienating to other committee members to force through things that many did not agree with.

As is oft said,

“Once is happenstance, twice is coincidence, thrice is enemy action.”

On the “Means Motive and Opportunity” score the NSA rates a high pathological score, likewise the level of circumstancial evidence against them would have “Put a Saint in the electric chair”.

All you have to do is “walk the time line” and “join the dots” and the NSA MO becomes brutally stark.

In effect NIST is captured by the NSA like a child worker held in a third world sweat-shop where all the exits are locked and guarded…

[1] We don’t know the truth –yet– but there are reasons to think there were too many deaths and at convenient times,

https://inteltoday.org/2020/02/27/crypto-ag-was-boris-hagelin-jr-murdered-by-the-cia-update-bnd-boss-the-number-of-deaths-surrounding-crypto-ag-is-disproportionately-high/

Frankly August 6, 2022 8:58 AM

In the News: Amazon purchases iRobot, giving it a vast data trove mapping the interior of people’s homes, to add to their data on prescription drugs, buying-eating-reading habits, etc. They also have a flying drone for interior home security.

Where does all this lead? One warrant and all that data is available to law enforcement and (potentially overzealous) prosecutors. Abuse of power can easily take the form of abuse of data. Will Congress set limits on data use and abuse? Not if there are serious security issues nationwide.

Technology gives individuals who wish to do harm more and more power as time passes. Eventually, intrusive data is going to be used by LEOs and govt very widely, as a necessity to keep society safe. This is a inevitable as the progression of technology. You can write all the articles you want, but people and their elected reps will choose security over privacy whenever there is a grave threat.

Clive Robinson August 6, 2022 12:14 PM

@ ALL,

Re : The crusties -v- Young folk.

There is a war of sorts going on in the ICT industry which can be very very partisan at times. It actually should scare those doing “real world security” of “Industrial Control Systems”(ICS) and building systems around IoT Devices and the like. Just remember your kitchen is starting to become an IoT system, and your Home Entertainment system is probably already bowing down to other masters, as have all your Smart Devices.

Back when I was younger “the crusties” were “the systems people” and the “young folk” the free thinking producers of end user software. The youngsters saw themselves as fleet of foot and Rapid Prototyping was their “new way”. Yup that was when “RAD” was not two skateborders high fiving and trash talking, but “Rapid Application Development”

I however was one of the nearly unvoiced minor minority, developing embedded systems to stop billion dollar Off Shore Installations blowing up or air/space craft dropping on peoples heads. Back then “full stack” still ment being “agile with a wire wrap gun” or doing “taping” to produce your own PCB layers by hand. Familiarity with TTL, BitSlice, PALs and later PLDs and knowing what 20v10 ment were vital. Then 8bit CPU chips, yielded to 8bit microcontrolers and knowing 8048, 8051 assembler and several others such as the Motorola family became the thing, and being agile with a craft knife to do layouts got replaced with having a good laser printer and overhead projector transparencies. The CAD based layout shops became a scarcity as layout software started to run on 8086 PC’s even in peoples homes (I still have such a setup).

Well if you want someone with those “Real Full Stack” skills and there is a rapidly growing shortage, they are not that easy to find… Look for Physics / Chemistry / Aerospace graduates as they very probably had to atleast develop some of those skills to do their “hands on” projects.

Any way there is a bit more to it even in what javascript hackers call “full stack development”. Thus this might amuse,

https://www.logikalsolutions.com/wordpress/information-technology/yocto/

But to people like me “Yocto People” are just modern “air heads” floating up in some rarefied place way up the computing stack where they don’t get their hands dirty they tell robots to do it for them… So yeh I’m an “old Crusty” to even “old crusties” thus have the right to wave my walking stick and shout “Hey Kid get off my lawn” to those on their mobility scooters 😉

SpaceLifeForm August 6, 2022 1:23 PM

@ ALL

Twitter Leak

This is a serious blunder. The SPIN is strong.

This is why attackers want phone numbers and email addresses.

Twitter was leaking information for over a year.

I am shaking my head so much I may need to see a chiropractor.

‘https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts

We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account. We take our responsibility to protect your privacy very seriously and it is unfortunate that this happened.

. . .

As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any.

pup vas August 6, 2022 1:30 PM

How much does Taiwan depend on China?
https://www.dw.com/en/how-much-does-taiwan-depend-on-china/a-62725691

=Its highly developed semiconductor industry is as important for Taiwan as the automotive industry is for the German economy. And a comparison with Germany shows how dependent Taiwan is on exports. Around 70% of Taiwan’s economic output is attributable to its exports, in Germany it was 47% in 2021.

But, while the 2021 gross domestic product (GDP) per capita in China was $12,259, in Taiwan it was almost three times as high, at $33,775, according to data from the International Monetary Fund.

Overall, China is Taiwan’s most important trading partner, followed by the United States. More than 42% of Taiwan’s exports go to China, from where Taiwan gets around 22% of its imports. In 2020, goods and services worth $166 billion were exchanged between the two countries.

Taiwan is also among the top investors on the mainland. According to the government in Taipei, between 1991 and the end of May 2021, Taiwanese companies invested around $194 billion in a total of 44,577 Chinese projects. Chipmaker Foxconn’s factories are one of the best known examples. The contract manufacturer makes iPhones for Apple, Galaxy smartphones for Samsung and game consoles for Sony in plants throughout China.

Mahbubani does not believe that Beijing will use military force to take over Taiwan just yet. The >>>Chinese are much more interested in business than in ideologies.<<< For the decision-makers in Beijing, the risks clearly outweigh the opportunities, the Singaporean political scientist, diplomat and former president of the UN Security Council, emphasized in an interview with Bloomberg TV.=

SpaceLifeForm August 6, 2022 1:43 PM

@ ALL

re: Twitter Leak

Correction. According to Twiiter, it was only leaking for 6 to 7 months.

It took them another 6 to 7 months to report it. So between January of this year and now, they just kept it secret.

Why would this blunder be introduced into working code? It was likely intentional.

It really smells.

Clive Robinson August 6, 2022 1:48 PM

@ ALL,

Re : Crusties and JavaScript

I suspect some one will take exception to my comments about those righting JavaScript as not bring “full stack” or even having an understanding of what the actual “Computing stack” covers.

Well for those that might take exception you might not know who Douglas Crockford is but at the turn of the last century he came up with what nearly all software devekopers have heard of JSON.

Well he’s come to a relisation that might shock a lot of people bearing in mind JavaScript may be the most used programing language in the world currently, he wants it dead and buried as quickly as possible,

The best thing we can do today to JavaScript is to retire it. Twenty years ago, I was one of the few advocates for JavaScript. Its cobbling together of nested functions and dynamic objects was brilliant. I spent a decade trying to correct its flaws. I had a minor success with ES5. But since then, there has been strong interest in further bloating the language instead of making it better. So JavaScript, like the other dinosaur languages, has become a barrier to progress.”

https://devclass.com/2022/08/04/retire_javascript_says-json-creator-douglas-crockford/

I’ve said similar about C++, and the reason is the bigest “technical debt” creator of all,

“The ‘Code Reuse’ mantra”

It’s basically taken programing languages that had simplicity and elegance, and replaced the art of programming with the art of plumbing together dangerously over complex bloated “all things to all men” code libraries with fifty different kitchen sinks in every one.

If people want “Exhibit A” I can give you log4j which even scared the US Congress, the DoC, SEC and even the Fed…

pup vas August 6, 2022 3:55 PM

Advancing dynamic brain imaging with AI
https://www.sciencedaily.com/releases/2022/08/220801133143.htm

=MRI, electroencephalography (EEG) and magnetoencephalography have long served as the tools to study brain activity, but new research from Carnegie Mellon University introduces a novel, AI-based dynamic brain imaging technology which could map out rapidly changing electrical activity in the brain with high speed, high resolution, and low cost. The advancement comes on the heels of more than thirty years of research that Bin He has undertaken, focused on ways to improve non-invasive dynamic brain imaging technology.

Brain electrical activity is distributed over the three-dimensional brain and rapidly changes over time. Many efforts have been made to image brain function and dysfunction, and each method bears pros and cons. For example, MRI has commonly been used to study brain activity, but is not fast enough to capture brain dynamics. EEG is a favorable alternative to MRI technology however, its less-than-optimal spatial resolution has been a major hindrance in its wide utility for imaging.

“As part of a decades-long effort to develop innovative, non-invasive functional neuroimaging solutions, I have been working on a dynamic brain imaging technology that can provide precision, be effective and easy to use, to better serve clinicians and researchers,” said Bin He, professor of biomedical engineering at Carnegie Mellon University.

He continues, “Our group is the first to reach the goal by introducing AI and multi-scale brain models. Using biophysically inspired neural networks, we are innovating this deep learning approach to train a neural network that >>>can precisely translate scalp EEG signals back to neural circuit activity in the brain without human intervention.”=

pup vas August 6, 2022 4:05 PM

Wireless activation of targeted brain circuits in less than one second
https://www.sciencedaily.com/releases/2022/07/220714165806.htm

=A research team led by Rice University neuroengineers has created wireless technology to remotely activate specific brain circuits in fruit flies in under one second.

Robinson said the ability to activate genetically targeted cells at precise times could be a powerful tool for studying the brain, treating disease and >>>developing direct brain-machine communication technology.

>>The research was funded by DARPA (N66001-19-C-4020),<<< the National Science Foundation (1707562), the Welch Foundation (C-1963) and the National Institutes of Health (R01MH107474).=

SpaceLifeForm August 6, 2022 4:47 PM

@ ALL

re: Twitter Leak

I do not believe anything that Twitter says. There is good reason to understand why @ElonMusk filed something under seal.
I suspect that Twitter may have been caught on the ‘bug’, and they say they fixed it in January, but probably did not deploy until 2022-07-14.

Sorry, but lots of dots. I have a theory.

2016-06-09

‘https://www.socialmediatoday.com/social-networks/login-details-32-million-twitter-accounts-leaked-online-time-update-your-password

2021-07-21

‘https://www.cnbc.com/2021/07/21/man-busted-for-twitter-hack-of-biden-obama-musk-in-bitcoin-scam.html

2022-07-21

‘https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/

2022-07-14

‘https://www.bleepingcomputer.com/news/technology/twitter-outage-shows-something-went-wrong-error-message/

2022-07-27

‘https://www.komando.com/security-privacy/twitter-data-breach-2022/847827/

2022-08-01

‘https://thehackernews.com/2022/08/researchers-discover-nearly-3200-mobile.html?m=1

‘https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/

‘https://www.bleepingcomputer.com/news/security/over-3-200-apps-leak-twitter-api-keys-some-allowing-account-hijacks/

2022-08-05

‘https://nitter.net/vxunderground/status/1555661472679792641

Clive Robinson August 6, 2022 4:55 PM

@ pup vas, ALL,

Re : China & Taiwan

The former president of the UN Security Council comment you quoted of,

“Chinese are much more interested in business than in ideologies. For the decision-makers in Beijing, the risks clearly outweigh the opportunities”

Is I would say a reasonable assesment untill fairly recently.

As I noted the other day China has a food supply issue. Specifically protien from fowl and swine is in significant shortage due to various diseases. Thus China has an increasing need of foreign currancy to buy in replacment.

China’s most lucrative income like that of Taiwan is the US via consumer goods.

TSCM the worlds most prolific of chip manufacturers as well as probably the highest tech in the world based in Taiwan is an “ace in the hole” for Taiwan. Whilst TSCM only supply China’s FMCE manufacturing not millitary –as far as can be told– much of that supply is destined for foreign export by China to the US… Thus TSCM chip supply to the US is both direct and indirect.

For obvious reasons the US want TSCM fabs out of Taiwan and on US soil such that they come under the US War Act and similar. The Taiwanese Government knows that if it looses TSCM plants to the US then the US has no reason to protect Taiwan, likewise China knows that it will not get chip supply from US based fabs.

Which might explain the US alledged $2trillion Chip Act.

Part of which will be an all out push to destroy GSM 5G, and go for 6G or some entirely US Standard by which US control lost in the late 1980’s/90’s will potentially be regained.

And with that you can be absolutly certain that the US Government will do exactly what it has been accusing the Chinese of doing with 5G[1][2].

The result will as it currently is be that we will all be insecure and our privacy calously invaded for, money, power and control (say hello to Palantir).

So what happens next with China is critically dependent on US Politicians and their normal idiocy caused by short term thinking.

If the US upset the “trade balance” then China will fairly quickly develope very problematic National Security issues, which would bring into question current CCP plans.

So whilst I agree with the former president of the UN Security Council quoted comment… It will take very little for the US to upset the balance, which could easily precipitate out to the CCP prosecuting military action against Taiwan. How much and in what way again depends more on US actions than most realise.

[1] The US has been playing political games over accusations of China with regards 5G[2]. Whilst it is in theory possible, –if you by stupidity or design build a grossly insecure national 5G network– for other nations to spy on individuals, in practice it’s actually fairly simple to stop such attacks on a 5G network (but it also puts limits on your own ability to spy on your citizens). As the UK Govenment was advised several years ago which later became wider public knowledge when US Politicians started the “5G scare”… Part of which involved promoting dumb ass conspiracy theories, some of which resulted in idiots trying to burn down electricity pylons… That they supposadly thought were something to do with 5G mind control or similar… In fact known history shows that the biggest risk to individuals privacy and security is actually the US Intelligence community and their peers in WASP and other nation states.

[2] As for the repeated US claims about the Chinese Government “back-dooring” technology, the evidence is at the very best scant in deed. If it was realy there you would expect clarion calls to be trumoeted out with much fanfare by US politicians. The fact that they have not should tell people a few things… However for the US back dooring US technology, the evidence is very strong, with US IC personnel actually being photographed “in the act” amongst other things. The actual facts suggest that the Chinese do not need to backdoor Technology to be used in the West, because it is already so badly insecure to start off with… That is it’s easier and less expensive to find and exploit existing vulnarabilities in Western Tech than go to the trouble of making such vulnarabilities. So US Policy of “strong attack” with at best “pitiful defence” with regards the US ICT Industry products is going to carry on being a “Shoot yourself in the foot” policy for quite some time to come…

Clive Robinson August 6, 2022 5:46 PM

@ SpaceLifeForm, ALL,

Re: Twitter Behaviour

“I do not believe anything that Twitter says.”

You’ld be quite wise not to as William Shakespeare had one of his characters observe,

“There is something rotten in the State of Denmark.”

“There is good reason to understand why @ElonMusk filed something under seal.”

Even the Twitter board effectively admit they’ve “done wrong” by their filings. The question is when will either the SEC step upto the mark (effectively admiting they and Twitter Share Holders have been hoodwinked by the board’s probably fraudulant claims).

As Musk is effectively a major share holder and certainly the individual who holds most shares personally, he could start an action against Twitter based on their misfilings…

That would cause no end of problems. Because although the filing would be later than the Twitter Boards, it involves the Twitter behaviours prior to his offer to Twitter. This would potentially force “A trial within a trial” which would be messy messy messy at the very least.

Thus any claim Twitter make about Musk devaluing Twitter would first have to account for how much the Twitter board had falsely inflated the value via their obviously dubious filings to the SEC.

There would be the possibility that Musk could come out ahead on that. More interestingly, if another share holder who is not Musk linked brought such an action, then the case would in all probability have to run separately. Which would potrntially make a lot of information the Twitter board want to keep under wraps public.

Which brings us back to your point of,

“I suspect that Twitter may have been caught on the ‘bug’,”

Again the question arises what were the boards legal duties on reporting via SEC and other Federal Agencies.

We are going to need our own legal expert, to start predicting which way this current bag of snakes is going to move next…

Anyway time to get another bag of popcorn out the cupboard 0:)

SpaceLifeForm August 6, 2022 6:16 PM

@ Leon Theremin

Token Ring over optic fibre seems more secure when it comes to nanonetworking.

It would not be Broadcast, and likely saves energy.

The trick is the splicing interfaces.

Clive Robinson August 7, 2022 7:54 AM

@ ALL,

I’m surprised to note that yesterday passed without historic note…

On 6th Aug 1991 31 years ago the first official “HTTP” site was unvailed…

Since which Internet Security for the individual citizen tripped into “the danger zone”. As first crooks then Governments started to steal and accumulate personal information for their benifit and most others loss.

So when you are slicing that center piece of sunday lunch have a thought about just who knows what you are doing…

Remember,

“You are not realy paranoid if they are out to get you…”

And as they are out to get everyone who uses electronic communications… Only those “total off-griders” can by that definition be paranoid 😉

JonKnowsNothing August 7, 2022 10:17 AM

@Clive, @SpaceLifeForm, All

re: BA.4.6 Mutation S:R346T Growth Advantage

The SARS-CoV-2 mutations are keeping right on track with so many mutations that naming conventions have had to put a break on which mutations get named and which ones don’t. There are a number of agencies that assign names and each has their own criteria. WHO hasn’t issued a new Greek letter since Omicron but we many sub-lineages and mutations and recombinants all hanging out under the Omicron banner.

The criteria for a Pango Lineage name is now 2 fold: Must have a mutation(s) of significance and must have a geographic, population or host jump to get a name. BA.4.6 recently got its name after first being rejected as insignificant but within weeks found to be quite significant.

  • BA.4.6 is the alias for B.1.1.529.4.6. It’s mainly found in USA, England and Denmark.

BA.4.6 has a mutation point S:R346T which is now linked to “growth advantage” and has been seen in other contagious versions of COVID.

As the virus mutates, it gains and sheds mutations; the rate is much faster rate than originally expected. Some mutations make no difference to the host, having no obvious effect. Some mutations pop up or drop out repeatedly but seem to do nothing of significance. S:R346T can be linked to other contagious versions of COVID and tracked as to the impact of those versions.

      S:R346T is linked to those mutations that had significant growth and the lack of S:R346T in versions that fizzled.

Other mutations sites on the current watch list are:

  • 346-348
  • 356
  • 444-446
  • 452
  • 468
  • 486

===
Graphs and discussion (closed)

ht tps://github.com/cov-lineages/pango-designation/issues/741
ht tps://cov-spectrum.org/
requires JavaScript

Clive Robinson August 7, 2022 11:26 AM

@ JonKnowsNothing, SpaceLifeForm, ALL,

Re : SARS2 mutations

… the rate is much faster than originally expected.

The rate depends on three primary things,

1.0, Host availability.
2.0, Virus Infectiousness.
3.0, If host has other diseases.

The first (1.0) is dependent on,

1.1, Host immunity
1.2, Host density
1.3, Host movment.

Thus you would expect the first viral run through a high density city with significant population movment to make many hosts available and spread to be rapid. Thus the abiliry to mutate being similarly high.

The Second (2.0) is dependent on

2.1, Host immunity.
2.2, Viral RNA structure.

The Third is in part about the hosts ability to fight either novel or known to the immune system pathogens. There is a very long list including age and nutritional status that effect the human immune system, and in some cases a broad genetic component. Of interest currently is “vaccine escape”.

The mRNA vaccines had a very high efficacy because they were “tuned” to a specific virtually singular characteristc. Due to the fact quaranteen measures were not put in place, the virus gained the opportunity to mutate out from under the very narrow skirt of effectiveness. However other apparently less effective vaccines had a broader skirt and vaccine escape with those was much less. But because of lack of quarantine measures virus with sufficient mutations that had escaped mRNA vaccines ended up further mutating thus escaped the vaccines with the broader skirt.

So the best people can hopefor now is not vaccines, but natural immune system response br it primed by,

1, Vaccine.
2, Infection.
3, Both.

The figures such as they are suggest your immune system would have been best primed by both. That is the vaccine reduced the likely mortality of the original virus, and thus lower grade inffection from a later mutation actially gives your immune system a much wider response skirt than any of the vaccines.

One thing that has come up unexpectedly is that the virus mutations are way less seasonal than expected. The fact the northern hemispher is in “high summer” and the SARS2 infection rate is higher than it has ever been should be “Pause for thought” even in the most idiot of politicians.

Worse it’s very high despite many are still “masking up” and taking other preventative measures such as minimal contact / issolation.

The only saving grace, is inexplicably despite it’s infection chatacteristics the lethality appears to be dropping with mutations. Why this should be we’ve yet to find out and knowing what the downward driver is could be vital in future pandemics that are due to basic greed and political stupidity likely to happen again within a decade.

But there is a flip side… Right back in the early days, one of my major concerns was sequelea. Well we’ve seen it happen, with “long covid” and a significant pecentage with issue well after 12weeks and some apparently having suffered permanent loss of brain grey matter thus permanent cognative loss. Others similar unrecoverable damage to the heart, with lungs and liver having unrecoverable scaring or similar.

What we don’t yet know is what SARS2 has done with respect to longterm autoimmune diseases. I’m expecting new ones to arise, an increase in cancers and a more general shortening of life expectancy over the next decade or three.

And I suspect that barring accidents the odds of me dying by Covid and it’s effects are high on the list. The same as it will be for anyone currently over around 38-45 years old currently…

vas pup August 7, 2022 3:31 PM

Israel’s Innoviz secures $4b deal to supply Volkswagen with LiDAR sensors
https://www.timesofisrael.com/israels-innoviz-secures-4b-deal-to-supply-volkswagen-with-lidar-sensors/

“Israel’s Innoviz Technologies, a maker of sensors for self-driving cars, has landed a contract to supply sensors and perception software to Volkswagen in a deal worth about $4 billion, the company said Tuesday.

Under the deal, Innoviz will provide LiDAR technology and software to VW’s autonomous vehicles unit called CARIAD starting in 2025. Innoviz expects to supply between 5-8 million LiDAR units across multiple brands within the Volkswagen Group over an eight-year period, according to CNBC.

Kfar Saba-based Innoviz makes LiDAR (light detection and ranging) sensors that it says help automakers improve their vehicles’ safety, perception, connectivity and experience. The sensors provide accurate images of the vehicles’ surroundings through object detection, classification and tracking at long distances. LiDARs are a critical element of advanced driver assistance systems (ADAS) and autonomous vehicles (AVs).”

SpaceLifeForm August 8, 2022 2:00 PM

@ ALL

Cryptocurrency money laundering

It is being followed.

‘https://cryptobriefing.com/us-treasury-sanctions-ethereum-mixing-tool-tornado-cash/

SpaceLIfeForm August 8, 2022 2:30 PM

@ JonKnowsNothing, Clive, ALL

re: Stealthy Covid

Yes, the case rate did not decline as much as I expected for Northern Hemisphere Summer.

Two thoughts as to why. One is that the excessive heat is keeping more people indoors with little fresh air ventilation. The other is that many are still flying around on planes.

Check this out. My bold.

‘https://arstechnica.com/science/2022/08/58-of-human-infectious-diseases-can-be-worsened-by-climate-change/

The largest number of diseases aggravated by climate change involved vector-borne transmission, such as those spread by mosquitoes, bats or rodents. Looking at the type of climate hazard, the majority were associated with atmospheric warming (160 diseases), heavy precipitation (122) and flooding (121).

SpaceLifeForm August 8, 2022 6:36 PM

@ ALL

When a braindead AI chatbot reveals UI

‘https://www.vice.com/en/article/qjkkgm/facebooks-ai-chatbot-since-deleting-facebook-my-life-has-been-much-better

JonKnowsNothing August 8, 2022 11:15 PM

@SpaceLIfeForm @Clive, ALL

re: Stealthy Covid rate of non-decline

There isn’t any reason at all to expect a decline in cases. BA5 is significantly more transmissible than BA4; BA4 was more transmissible than previous variants.

Some countries are touting that their “COVID peaks are declining”, which is true enough, but the numbers as reported, are not exactly encouraging.

In one country: the numbers declined 500,000 in one week to 2,500,000 cases. The previous week it was 3,000,000 cases.

The table has reported numbers from my area. This is normally updated weekly. There have been no updates since 07/26/2022.
(note: I’ve never figured out how to set fixed format, ymmv)

These metrics are an indicator of the current rate of COVID-19 transmission in the county.

Week Positivity Rate New COVID-19 positive case per day per 100K population Health Equity Metric (HPI Test Positivity) Trend
7/26 20.7 41.9 22.6 higher
7/19 19.9 40.7 19.8 higher
7/11 17.5 35.8 17.3 higher
7/5 15.2 34.4 15.2 higher

Folks in this area are working on their 2nd and 3d bouts of COVID. As @Clive has pointed out the number of infections depends on the number of available hosts.

So are the numbers UP or DOWN?

We have lots of ways to not count things: shifting people to hospice, shifting them to care homes, shifting them to at-home care, basically shifting them anywhere they can on “Pancake Day”. (1)

===

1) “Pancake Day” is a reference to a event in the fictional stories of “Walt Longmire” by Craig Johnson (author). The Cold Dish – December 29, 2004.

Winter August 9, 2022 12:35 AM

@JonKnowsNothing

So are the numbers UP or DOWN?

That is immaterial at the moment. SARS2 is not going away any time soon, or ever. We still have 4 different corona variants going around as common cold viruses from zoonotic events from more than a century ago.[1]

So history tells us that it is pretty unlikely that SARS2 will disappear. More likely is that it will evolve over time to some fifth common cold or flu like virus. Until then, we will have to treat it like we treat the flu.

North American deaths are currently ~500 daily. [2]

[1]’https://www.newscientist.com/article/mg24632800-700-what-four-coronaviruses-from-history-can-tell-us-about-covid-19/

[2]’https://covid19.healthdata.org/north-america?view=daily-deaths&tab=trend

Clive Robinson August 9, 2022 8:14 AM

@ SpaceLifeForm, pen-testers, ALL,

You might find,

‘https://m.youtube.com/watch?v=MTldbQt6Zbs

Interesting it’s about using SDR to develop your own Spectrum Managment OSInt.

It was put up today, but is a talk from 2017… So it’s a little out of date in some respects.

Clive Robinson August 9, 2022 8:28 AM

@ ALL,

Community Internetless Wireless MESH networking

From HOPE 2022. Shows you how you can set up a community network using easily available parts, that does not need the Internet or Commercial Service Providers. And can go “global” via other radio links that are likewise non commercial so you don’t get to feel the corporate control.

The Talk actually starts at 3mins in

https://m.youtube.com/watch?v=o5g23fGQR-M

Worth a watch

vas pup August 9, 2022 4:40 PM

Biden signs off on semiconductor bill in challenge to China
https://www.dw.com/en/us-biden-signs-off-on-semiconductor-bill-in-challenge-to-china/a-62761790

“The future of microchip production will be “made in America,” said US President Joe Biden while presenting the $280 billion Chips and Science Act.

The US will invest around $52.7 billion (€51.6 billion) in microchip production under the $280 billion Chips and Science Act. The bipartisan measure is aimed to ensure the US can keep pace with China as the two countries vie for dominance in the high-tech sector.

“The future of the chip industry is going to be made in America,” US President Joe Biden said while signing the bill into law on Tuesday.

The move comes as the world faces a prolonged shortage of semiconductors, materials crucial for producing microchips. The terms “semiconductor” and “microchip” are often used interchangeably.”

SpaceLifeForm August 10, 2022 7:04 AM

@ vas pup, ALL

re: CHIPS

Note the Supply Chain bottlenecks. The biggest one being actual lithography equipment, stretched out nearly 2 years.

‘https://nitter.net/adam_tooze/status/1556241241490132994#m

Just the image. Probably quicker to view. Setting up new fab is slow.

‘https://nitter.net/pic/orig/media%2FFZivAKwWQAEYke6.jpg

Winter August 10, 2022 7:26 AM

@SpaceLifeForm

Note the Supply Chain bottlenecks. The biggest one being actual lithography equipment, stretched out nearly 2 years.

When you scan the list, there are many cross-dependencies. For instance, the ASML lithography equipment relies too on Zeiss and many of the usual suspects from the list. Trying to do rebuild that all in a single country is stupid. E.g, TMSC, Zeiss, ASML etc. are market leaders for a reason, and it took them a lot of time to get there.

Just throwing money at the problem won’t do it. The Chinese Big $50B Fund for development of the chip industry just went down in flames in a big fraud investigation. [1]

[1] ‘https://kfgo.com/2022/08/09/china-watchdog-investigates-three-more-execs-linked-to-chip-focused-big-fund/

Clive Robinson August 10, 2022 9:08 PM

@ Winter, SpaceLifeForm,

Re : Getting Chips Tech.

“Just throwing money at the problem won’t do it. The Chinese Big $50B Fund for development of the chip industry just went down in flames in a big fraud investigation.”

Throwing money at a problem has to be done even though it appears to show no returns…

Like “New Product Development” on Marketing, R&D in the tech sector, has a 9 in 10 failure rate, and that is expected to rise.

The reason being the more mature a domain is the less “easy to see wins” there are to take oportunity of. That is you have to start looking at what is hard as well as not that promising to move forward.

There is a sometimes heard joke floating about about CERN starting it’s own FAB “As they are the only place with a big enough accelerator to do the next gen lithography.”

Whilst not true it does make a point about the cost and difficulty of getting up the next step.

The important point about China and it’s $50billion investment, is not the money or the alledged penny-ante fraud[1], but that, it was actually started over a decade ago.

Which suggests that either the problem is genuinely very hard, or that China is very bad at economic espionage…

But even having the information via espionage might not help…

For instance knowing that part of the lithographic process is creating a plasma arc of tin, what does that tell you?

What it does not tell you is how it’s done and wether the tin is used in a closed cycle system or something else… You can make a reasonably safe bet that it took a lot of false starts and fallen horses before they got close to that finishing line.

The Chinese historically take the long view thus will probably get the results they want. The US however have a very different view, that is best described as “Very short term”.

Do you actually see the US putting two decades of work into it?

Nope nor do I…

[1] Without a lot more details it’s going to be impossible to say fraud. With hindsight, any investment can look like fraud if you want it to, it all depends on the spin you put on it. The CCP has a long history of using “fraud” and “crime” etc as a way of getting at people who might be embarrassing senior CCP members and getting them removed to prison or just executed. Under the surface the CCP has a lot of things Stalin would recognise and appreciate.

lurker August 10, 2022 11:03 PM

@Clive Robinson et al.
“The important point about China and it’s $50billion investment, …”

is that you don’t need 3nm. tech for locomotive power controllers, nor for 99 satelite TV sitcom channels, nor for twinkly light sneakers for kiddies.

Clive Robinson August 10, 2022 11:39 PM

@ JonKnowsNothing,

Re : Life’s Journey.

Much of what I was afraid of with SARS2 has bit by bit come true.

I take no pleasure in this as my predictions were all in effect detremental to the human stock.

The gauling thing is it need not have happened at all. It was two world leaders in particular that fiddled whilst the flames got started.

The UK was and still is as far as SARS2 is concerned “The dirty man of Europe” for which we can thank the blond blow dry idiot and his drink addled cronies. Who it turns out have lied more to the world than the Chinese are aledged to have done.

As for your “neck of the woods” I’ll let others have their say.

But in both cases greed of backhanders won the day over common sense and sensible behaviour, and nations burned not just the contents of their treasuries, but the lives of their citizens.

I doubt we will ever know the real death toll or cost, but I suspect a world war would have been less costly on both counts.

People talk about SARS2 getting less leathal, but is it?

Others argue it’s the “new flu” or “new cold”

Well whilst it could be argued it is a new “cold virus” as the figures from Australia show it’s every way worse than the other cold viruses put together.

Likewise it’s worse than the flu viruses as well.

It’s about as infectious as chickenpox if you include the asymptomatic infections. But the damage it does is arguably worse. And that is before we have any information on the longterm effects of “autoimmune disease” it might trigger. From what’s been seen with the many “long covid” effects I would say the chances are high that any autoimmune disease that does arise will be nasty, and the chances are it will also cause new strains of cancer…

Winter August 11, 2022 1:24 AM

@lurker

is that you don’t need 3nm. tech for locomotive power controllers, nor for 99 satelite TV sitcom

But you do need it for AI, and China’s ambition is to be world leader in AI and automated mass surveillance. For that goal, China needs the highest performance and most efficient chips.

Winter August 11, 2022 2:57 AM

@Clive

The gauling thing is it need not have happened at all. It was two world leaders in particular that fiddled whilst the flames got started.

I have seen nothing indicating that the outbreak could have been contained after it moved beyond Wuhan.

Without a vaccine, the virus could not be extinguished anymore. Stopping all human movement would ahve stopped the spread of the virus, but it would only work as long as there was no movement of people. Short of an impenetrable wall around all populations with carriers, the pandemic would continue the moment there was movement of people again. Australia and NEw Zealand are good examples of how that works.

Clive Robinson August 11, 2022 4:39 AM

@ lurker, ALL,

“… you don’t need 3nm. tech for… “

The “current” products China manufactures in bulk for the US but thats changing fast even at the consumer products level. Especially as China has decided to “second string” the US and develop leading edge products for other parts of the world.

Take for instance “automotive controlers”, they are still very much in their infancy, people want “smart cars” and soon “self driving vehicles” even where there are no roads (as has happened with communications, where the military requirments once led but consumer related products now are decades ahead, the same is about to happen with autonomous vehicles of all kinds).

For these you need,

1, High end communications.
2, High end AI.
3, High end hardware performance.
4, Highly adaptable hardware.

Which all will need 3nm chips very soon.

But there is another couple of asspects that you need to consider.

5, Reliability.
6, Cost.

One reason in fact the only reason “Smart Devices” could and can happen is the so called “System on a Chip”(SoC) devices.

These consist of one or sometimes way more microcontrolers on a single chip with what were once considered huge amounts of ROM and RAM and very high end I/O, all for $2-10. You get what would have once been the equivalent of several “Million Dollar” computers, with a level of reliability under the stress of a moving vehicle on rough terrain that no other way of manufacturing can do. SoCs are also the first step in flexible “Software defined Architecture” where each IO block is in it’s own right an application specific computer you program in the required functionality at boot time.

The thing is with a 64bit RISC core and say 3GByte of ROM and RAM plus 200,000 Gate FPGA and and numerous specialised 32/16/8 bit I/O controlers with complex high end I/O all for the same few dollars you could start making “Universal Devices”. Further bringing the cost down and the reliability up.

But as I keep saying from time to time,

“The future is parallel at all levels.”

The days of the “Castle” computer are now long over. Both Intel and AMD have effectively stopped making single CPU chips. They might call them multi-core but the reality is they are effectively Multi-CPU sharing the same exterior memory and control busses.

Why did they go this way? Well whilst not having hit,

“The laws of physics wall”

Increasing CPU speed further was not a cost effective way to increase performance, especially with the “Heat Death” issue.

They have also tried half heartedly to turn towards the “Prison” model for security. But in the case of Intel with SGX where it keeps failing, they have obviously continuously botched it from day one. Primarily because they can not lift themselves out of the “One Ring” mentality.

But either they will,

“Wise up or goto the wall”

The jury –consumers– are still deciding on that but there is an increasing trend not in Intel’s favour.

The x86 CISC is of dubious architecture and security nightmares has had it’s day. Yes it will hang around for a while because there is still a lot invested in it (think about it as the hardware equivalent of the more than six decade “Cobol Story”). It’s become a technological cul-de-sac, and is already being relegated to the position of “microcontroler” as half million gate integratd FPGA’s take on the “compute load”.

The same applies to all computing for that matter, the Harvard -v- Von Neumann architecture debate is well over and the winner[1] does not matter. Because even in the near future with integrated FPGA’s it’s become “Software Defigned Architecture”(SDA)[2] to get the high performance demanded. To get the best advantage of that 3nm is where you want to go to get that 200 times performance advantage…

[1] Both won and both have now lost. We ended up with Harvard at the core of the CPU but for ease of interconnection and one or two other advantages etc busses were joined at the periphery to give back the single CPU Von Neumann architecture at a 20,000ft view to keep “sequentially minded” programmers happy. They have both lost because core architecture is now becoming software defined to get between a 5 and 200 times increase in performance for certain algorithms that neither architecture could give.

[2] In a way we have “crypto-coin mining” to thank for making the use of “Field Programable Gate Arrays”(FPGA) and “Aplication Specific Gate Arrays”(ASGA) “obvious to all who care to look” in search of higher performance but still more or less “general purpose” computing[3] to support the very real need for “Software Defigned Architecture”(SDA) systems of the very near future.

[3] Logically if we ever get “room temprature” “Quantum Computing”(QC) on a chip, that will supplant or augment the Gata Arrays we are currently moving towards. Such is the nature of human development, the old moves out to make way for the new at the center. Historically we can see this with humans in cities since before Roman times, and with just about all knowledge we have aquired in that time as well.

Clive Robinson August 11, 2022 5:01 AM

@ All,

This realy made me laugh,

“I’m not the only one Iran is trying to assassinate”

It’s a qoute from John Bolton from yesterdays news[1]. Why do I find it funny? Well maybe this might help,

“Dear John,

Well you did orchestrate the murder of an Iranian Diplomat on a peace mission, I guess you don’t like the “eye for an eye” reasoning you espouse when it applies to you.

But, what makes you think it is only Iran that want’s to kill you?

I suspect the que is realy quite long, and many more would join it or chip in a few dollars if they could. Like maybe all those in the US who can see you as still ‘A clear and present danger’ to then and their loved ones for your ‘war at any price’ mentality towards not just Iran but other nations like China as well.

Remember,

‘Those who live by the sword…”

[1] The quote apparently came out of a Sky News[2] interview,

‘https://theglobalherald.com/news/im-not-the-only-one-iran-is-trying-to-assassinate/

[2] Sky News is one of “Rupert “the bare faced lier” Murdoch’s organs. As such it follows his now much demented behaviour as he desperately tries to remain relevant in the modern world. As such they are probably the only large MSM in the US to give Ex-Trumpian nutters sympathetic air time.

Winter August 11, 2022 6:06 AM

@Clive

The gauling thing is it need not have happened at all. It was two world leaders in particular that fiddled whilst the flames got started.

This editorial below was published in February 2020. I believe nothing in this editorial was wrong or alarmist. If anything, the editorial was too optimistic.

Preventing a covid-19 pandemic
‘https://www.bmj.com/content/368/bmj.m810.full

This assessment by the group at Imperial College London is now being played out, with community spread of the virus being seen in many countries, and the US Centers for Disease Control and Prevention (CDC) expressing the view that current global circumstances suggest it is likely this virus will cause a pandemic.6 We live in a world that is globally connected, in terms of the movement of people, goods, and food, while even within close knit communities, such as those currently locked down in Italy and elsewhere, the ideal conditions exist for the virus to spread from person to person. In one of the most cited research papers from the 1990s, Watts and Strogatz showed that the “small world” structure of society facilitates rapid disease propagation between distant and apparently unconnected communities, resulting in sporadic outbreaks that seem to start spontaneously, undermining even the most stringent attempts at containment.

The clinical features of covid-19 are well documented, with most people displaying mild symptoms or none at all and deaths occurring mainly in elderly and chronically ill patients. This is not the public perception as played out in the media and reinforced by gunpoint quarantine.

Given the lessons from 2009—which taught us that containment for a globally disseminated disease was futile—and accepting that most of the exported covid-19 cases from China (and elsewhere) are undetected, is it not time to admit that a global pandemic is upon us? The World Health Organization is reluctant to say so. Once the disease is recognised as a global pandemic, nations, commerce, and healthcare can move into a much more rational phase with resources targeted at those most at need.

Clive Robinson August 11, 2022 8:06 AM

@ Winter, ALL,

This,

“The clinical features of covid-19 are well documented, with most people displaying mild symptoms or none at all and deaths occurring mainly in elderly and chronically ill patients.”

Does not exactly fit with the “third biggest killer this year” from Australia…

Or those Northern Italian deaths at that time…

Do you remember I told you and others,

“we need to look at excess mortality deaths not the numbers given by Governments”

Because at that time the number of obtiuries and other notifications in the local press there were 12 times the five year average for the region and time of year.

Thus,

“This is not the public perception as played out in the media”

Those way higher than five year averages did not lie, then and still do not lie today. It was this Northern Italian death rate fairly accurately reported by both journalists and Town Mayors that woke people up to the risk.

Then as the aged and infirm hosts died out, quite predictavly the virus mutated towards the thirty year olds and was killing them as well.

SARS-2 was no “just a cold” or “just a flu” virus it was killing at a rate three or four times that of the five year average for flu.

But also quarantine, lockdown and similar did work…

You may remember it was reported that two of the flu virus strains are now extinct because of them.

If the quarantine and lockdown had been put in place as fast and effectively as the Chinese did the outcome would have been,

1, SARS-2 made extinct.
2, Two way less dedly flu strains would have remained.

On the “Calculus of death” the first outcome not the second would be preferable…

Oh and think back to Sweden with it’s “no wories” policy, and compare the mortality and medical injury figures to it’s immediately adjoining neighbours that did go into lockdown at the time.

I’m sorry but the evidence is in,

“Action was way to little way to late, for political not medical or safety reasons.”

In fact the evidence is mounting that this political behaviour was in fact quite deliberate because of “the profit” it woukd bring to Govetnmental Treasuries.

As for mRNA lots of “bad news” is starting to come out. Not just that it was way to specific thus had a way to narrow skirt. But also that it forced mutations to happen.

Then the evidence that it is more likely to cause harm to under 20 year olds than other vaccines…

Certain drug companies are pushing very hard to keep long term health figures vaccine indistinguishable. That is the data available for analysis only indicates vaccine status, not which vaccines.

Some have made claims that “long covid” may be related to which vaccine was used… If true it’s not surprising the drugs companies want the information at best opaque to examination.

However there are ways you can ferret the information out. For various reasons the USA was almost totally mRNA vaccines, other nations were not but the ratios of the vaccines used is known. So appropriate analysis could pull sufficient data togethet, to force more accurate data to be released.

Oh as for that “promise” mRNA could be rformulated within a couple of weeks if the virus did mutate. Have you seen any real evidence for that?

I tell you the evidence I have seen, and that’s that the mRNA vaccine manufacturers are saying to the US FDA that this comming years booster shots should be the same as the now usless first mRNA vaccines…

Now why would they do that if mRNA is so easily adaptable as was originally claimed?

Winter August 11, 2022 8:35 AM

@Clive

Does not exactly fit with the “third biggest killer this year” from Australia…

That was the state-of-knowledge in February 2020. Mortality proved to be around 1% of infections. But mortality depended strongly on the availability and quality of ICUs. With improved therapeutics, mortality was reduced significantly over the course of the pandemic.

To summarize, a low morbidity in a naive population can add up to a major killer.

If a imuno-naive population encounters a new pathogen, everybody will be infected and everybody will go through a full course of the infection. As adults have a less effective immune system than children, they will show a higher morbidity and mortality. Hence very low morbidity and mortality in children and increasing problems with age. This showed itself as high death rates in unvaccinated (older) people everywhere, up to the original disease mortality of ~1%. After vaccination or infection, morbidity and mortality will be strongly reduced, even with new variants.

A 1% death rate per year is close to the number of people that die every year from all causes (humans do not get much older than 100 year, if they get there at all). So it is pretty logical that COVID-19 was one of the main causes of death, if not the main.

Clive Robinson August 11, 2022 12:30 PM

@ SpaceLifeForm, ALL,

I guess this should not surprise anyone who reads here regularly…

But it appears that contrary to what Apple try to achieve in the way of privacy in iOS and Safari for their users, certain evil minded organisations do what they can to strip any and all privacy where they can,

https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser

The moral is those “apps” even when from “Walled Gardens” with alleged security protection, are without doubt highly undesirable from the users privacy and thus security asspect.

I guess telling people to “never load them” in the first place will fall on deaf ears…

SpaceLifeForm August 11, 2022 3:20 PM

@ Clive, ALL

Re: SQUIP

No, I did not note that PDF. I try to avoid them if someone has a good summary. If I do link to a PDF, I try to remember to note how large it is. That gives a heads-up to those reading on mobile. Plus, in general, I worry about the security of a PDF file in the first place. So, if I do link to a PDF, it would be at what I consider a trustable site.

It was the @ElReg article in the second link below. It was actually talking about the Intel flaw, but did reference the AMD issue.

I put it on the recent NIST article, because I was trying to point out that what NIST concludes may not matter if you interact with a malicious server, especially cloud. If the cloud is malicious, then it could intentionally leak stuff, especially admin KEYMAT like ssh keys.

If you rent cloud, it could leak. I would only use cloud for backup storage of previously encrypted data.I would not run web servers on cloud where PII is involved. There are cases where running a service on cloud may be acceptable because the data is not really security sensitive. But, likely few.

Do you trust your cloud today?

AWS would be last on my list based upon history.

First one is about Intel, second about AMD. Both attacks can leak. If you rent cloud, you could get either one, but that does not matter if the host is malicious.

https://www.schneier.com/blog/archives/2022/08/nists-post-quantum-cryptography-standards.html/#comment-408701

https://www.schneier.com/blog/archives/2022/08/nists-post-quantum-cryptography-standards.html/#comment-408718

SpaceLifeForm August 11, 2022 4:04 PM

@ ALL

Rubik’s Cube

If you are not familiar with @RachelTobac and @CISAJen I think you should do so because these fine ladies are looking out for your security.

I probably have forgotten how to solve a Rubik’s Cube, but for other mysterious reasons, it has reapppeared on my plate. I just have to find my cube, and refresh memory.

Watch the 12 second video. I think you will be impressed.

Scroll down a bit, you will spot it.

‘https://nitter.net/RachelTobac/status/1557536632802226181#m

SpaceLifeForm August 11, 2022 4:32 PM

@ ALL

Re: Cisco hack

Out of the many hacks, that seemingly^W are a everyday occurrence now, one thing about this one stands out to me.

Why is a vendor that is heavily involved in internet infrastructure, not using a HSM for authentication?

They should be required to do so by law.

Prove me wrong.

‘https://www.bleepingcomputer.com/news/security/cisco-hacked-by-yanluowang-ransomware-gang-28gb-allegedly-stolen/

SpaceLifeForm August 11, 2022 5:14 PM

Re: Mandalay power outage

This sucks because I was winning. Now I have to hang around.

‘https://nitter.net/MalwareJake/status/1557805163590533120#m

SpaceLifeForm August 11, 2022 6:30 PM

@ ALL

Re: as the insanity continues

Note that you can spot nutcases by the way they drive their vehicle. Trust me on this.

But, in this case, to document that you are going to attack FBI is Chef’s Kiss.

I’ll just say it in plain @BetoORourke
speak, the Mofo is lucky he is dead.

‘https://nitter.net/travis_view/status/1557853406055636992#m

‘https://nitter.net/travisakers/status/1557546910101250051#m

Clive Robinson August 11, 2022 7:48 PM

@ SpaceLifeForm,

Re : power outage

Maybe the revenge of the Physicists for not being alowed to have conferences in casino hotels as they don’t gamble…

Which begs the question of “Why You do?”

“This sucks because I was winning. Now I have to hang around.”

Not sure if you will get your money back or not.

The UK Casino Gambling regulations are wildly different to those in the US. So take this with a grain of “lot’s Wife”,

The slot machines and similar are required to keep a permanent audit trail so that “iregularities do not happen” and required pay out % is adhered to.

From what I remember of US gaming machines they all have the equivalent of a network port that sends back significant information to the “pit boss” so that if any statistical anomaly gets flagged up.

A friend who designs gaming machines for export from the UK has told me that some places are asking for “full bio-metrics” to be included, such as button press times/rythm and video/stills of the person using the machine which can be used to detect not just breathing rate but heart rate as well…

As I’ve indicated in the past I don’t gamble for fun or pleasure I don’t rock that way. I will for “instructive purposes” take small bets if I know I’m going to win. People generalky quickly learn not to have bets with me (if they don’t there is always my magic coin toss[1]).

I am however vaguely familliar with the inside of Casino playing areas and how to play one or two of the games (I won’t play poker for obvious reasons). It was useful for business reasons, for some reason many sales and marketing managers like to go to a casino for an evening, so being able to take them was part of “The business thing”.

My advise if you have to “do it for the team” is the old Right hand, Left hand pocket rule. Put say $100 in the lowest value chips in your right hand pocket and play only low value/risk games if you win anything then that goes in the left hand pocket. When the right hand pocket is empty STOP and go watch other people loose or just go to the bar / restaurant if not go home.

Oh and never ever play games where you play against other people rather than the house / dealer. Anyone who has played Bridge or Whist seriously can tell you that in a four or more player card game, if the other players collude you might get out with your shirt…

The secret to winning in a Casino is not to play any of the games, but have little side bets with other watchers that way, you can get not just “the house advantage” by betting against (someone winning) but also more favourable odds (evens). Oh remember there are two basic game play stratagies for each player,

1, Play to win.
2, Play not to loose.

In many games they can have over the entire game very different odds. Most often an opponent will “play to win” which causes them to make the wrong choices when you play bot to loose.

[1] I’ve mentioned this before, I can toss a coin and catch it to the back of my hand. And it does not matter when you call it I can nake it come up or not depending on the point I’m making. After ten to twenty correct reveals followed by ten to twenty incorrect reveals most people ask how the trick is done as nobody realy believes in magic or teleportation.

The secret is when you flip the coin up with your dominant hand you catch it with the dominant hand towards the top of the arc. You then bring it down onto the back of your other hand… If you watch your dominant hand as it catches the coin you will see which way up it is in your dominant hand. When you bring it down to the back of your other hand you know it’s the other way up. The hard part is getting the slight of hand right if you need to turn the coin over… I suggest using a coin that has two characteristics,

1, It’s less than a finger and a half in diameter.
2, It has a high contrast / reflectivity ratio between the heads and tails sides.

The first makes the slight of hand easier. The second means you can see which way up the coin is out of the corner of your eye…

JonKnowsNothing August 12, 2022 12:04 AM

@ Clive, @ SpaceLifeForm, @All

re: CDC: you are on your own

As the CDC has now withdrawn nearly all previous recommendations regarding C19, except for those in close quarters health care situations, we will be evaluating many options ourselves. Some of the MSM reported CDC suggestions, in absence of recommendations, include some drugs that were withdrawn a good while ago as ineffective. However, since the barrel is scraping bottom, anything might help.

Nearly every lab and pharmaceutical company that deals with vaccines and pathogens uses a a testing technique to validate how good a response their drug(s) give. Once you have figured out how to read the graphics, you can pretty much skip the inner details and go right to the summary/executive summary and understand what’s what.

For C19, labs hold samples of every major mutation and sub-lineage since D614G (aka Wild Type). The original virus is extinct and D614G mutation (predates Greek Letters) was the version that caused so much death and damage. It is the baseline for all tests.

Labs also hold samples of antibodies harvested from patients blood. This supply has to be renewed often with new samples, not only to replenish supplies but also to capture new antibodies combinations. Nearly every person has a unique immune system so their antibody response is also unique.

There are 3 tests done per mutation and per antibody test combination. Some will test for specific antibodies or effects but there are 3 versions done.

  • Low Medium High

There will be 3 sampling tests + 1 baseline. In the Low test a small amount of antibody will be introduced to a fixed amount of virus. In the Medium test and larger amount of antibody will be introduced to a fixed amount of virus. In the High test a large amount of antibody will be introduced to a fixed amount of virus.

The results are described but are usually presented as graphics. The graphics are much easier to digest than the text description.

From a human standpoint:

  • An Excellent result is when a Small amount of antibody neutralizes all the virus in the Small test.
  • For an Average result, the small amount of antibody left some active virus, but the Medium amount of antibody neutralized all the virus in the Medium test. This is what happens for a large number of people.
  • A Poor result, is when both the Low and Medium tests do not clear all active virus however the Large amount of Antibody clears the virus in that test. This is the scenario where you “need some help Mr Wizard”.
  • The version that’s Not Good News, is when neither the Low, Medium or High Antibody tests clear the virus. This is the case for reinfections, double infections, back to back infections and immune-suppressed infections where the virus continues to hang on or lurk until conditions are favorable for a viral resurgence.

Many of these tests will be found in hard science literature, but rarely reported on public facing websites or in standard canned reports.

For every drug, vaccine, treatment such tests are published. It’s not just a C19 thing, it’s for all conditions. Sometimes the graphics are easier to understand with less cross referencing between multiple iterations. Of course, multiple iterations are to be expected depending on the nature of the research. Those focused on determining the exact quantities needed to clear a condition will have many more iterations that just a Pass-Fail test sequence.

As the newer variants propagate, BA5, BA4, BA4.6 these tests will be run with varying results.

Since different governments pursue different aspects for their population, being able to determine how successful a drug or treatment is maybe a useful tool going forward.

Winter August 12, 2022 1:48 AM

There were norms?
Russian invasion has dangerously destabilized cyber security norms
‘https://www.theregister.com/2022/08/11/black_hat_hacktivists/

Around that time, another Estonian company launched a bug bounty program seeking vulnerabilities in Russian critical infrastructure systems with the aim of then passing these on to Ukrainian hacktivists.

“What if a Russian-owned company located in Germany were to organize an offensive bug bounty program that targets Ukrainian critical infrastructure, and shares the discovered vulnerabilities with the Russian intelligence community? Would Berlin, Brussels and Washington deem this acceptable behavior by the private sector?,” she asked.

“Soesanto says continuing to ignore the essence of the IT Army will wreak havoc on the future stability of cyberspace, and with it the national security landscape in Europe and beyond,” Zetter said. Meanwhile, “civilian infrastructure is very much on the agenda of attackers and will only become a greater target going forward,” she noted.

When you are up against Владимир Отравитель (Vladimir the Poisoner), you are fighting for your very life, and that of your family.

Winter August 12, 2022 3:04 AM

Now, from Amazon: Ring, the TV show.

Wanda Sykes To Host Syndicated Viral Video Show Featuring Ring Doorbell Technology From MGM
‘https://deadline.com/2022/08/wanda-sykes-host-syndicated-viral-video-show-ring-doorbell-technology-1235089510/

Clive Robinson August 12, 2022 6:38 AM

@ Winter,

Re : The ends justify the means

“There were norms?”

Yes and no. The notion of “norms” is the notion of “good or bad” taken from the individual observers “Point of View”(PoV) to a supposed mean PoV of an orgaisational unit. Such as that of a group of just a few upto a whole society.

Conflict in any form is at it’s base is about

1, Aquisition of Resources
2, Subjugation of people

Usually as a way of obtaining support for an individuals aberrant Psychological pathologies (Dark Triad etc).

It is always destructive in some way, even if not by initial violence and destruction[1]. Because no matter what people might say there is never a draw in human behaviour, someone gains and someone looses because that is what change means. It’s why there is the statment of

“Breaking someone’s rice bowl.”

What most do not think about is that all human interaction is a form of conflict, all involved loose or gain in some way and ultimately human existance is not even as good as a “zero sum game” because of entropy and being in a strongly bounded near enviroment.

Thus my repeated point about,

“Individual Rights -v- Social Responsabilities”

The “norms” are a reflection of “Social Responsabilities” which some call “The Social Contract”.

The thing is for contracts to work any potential cheaters have to be aware that there are penalties, and that they will be enforced in some way to their detriment if they do cheat. Thus “guard labour” is seen as a “necessary parasite on society” because of those with aberrant attitudes, behaviours and pathologies.

The “norms” are about what is acceptable in implicit human interaction contracts, and as with the notion of “rights” points of view differ in individuals and groups. As norms gain acceptance by the majority they become part of the “mores of society”

Often “norms” become codified as regulations and eventually legislation, such that punishment for transgressions also becomes codified.

Currently there are little or no norms for the non tangible information space. The few that exist are based on the notions of harms from the tangible physical space. Unfortunately most do not translate all that well from the physical to informational spaces.

It’s made worse by legislation around the quaint notions of,

1, Any person legal or natural.
2, Intellectual Property.

In essence the first alows for people to evade responsability and punishment through the use of partnerships, companies, and corporations. The second alows for the ownership of what ultimately is the interpretation of numbers.

Neither makes sense in the notion of a “society” because both create an artificial imbalance, that in turn creates growing conflict.

[1] For instance the war on society carried out by certain WASP nation leaders against the general citizenry by the mass collection of electronic communications has the destruction of

1.1 Personal Privacy
1.2 Continuance of Society

At it’s heart. The fist steps of “chilling of speech” is like screwing down the safety valve on a boiler preasure vessle and turning up the heat. You know what the eventual end result will be, but in the meantime you get increased power to use for what you want.

Winter August 12, 2022 7:47 AM

@Clive

Yes and no. The notion of “norms” is the notion of “good or bad” taken from the individual observers “Point of View”(PoV) to a supposed mean PoV of an orgaisational unit.

One of the commentators to the article (Potemkine!) made the crucial point:

Generally, belligerent behaviours in war are based on reciprocity, like “treat the prisoners of my country well and I’ll do the same for yours”.

Russia set a very low level for anything, may that be IT attacks, bombings civilians, committing atrocities against civilians and prisoners alike. You reap what you sow.

What we see Putin do is a “Burn all bridges” attack. He does not care about what happens to his side, soldiers nor civilians.

If he gets the Ukraine, he controls the food imports of Europe and Africa, in addition to fossil fuel and is basically Master of Europe. If he fails, he is toast anyway. So he is probably willing to fight to the very end.

Clive Robinson August 12, 2022 8:08 AM

@ JonKnowsNothing, SpaceLifeForm, ALL,

Re : Med testing.

… being able to determine how successful a drug or treatment is maybe a useful tool going forward.

There is unfortunately a very large pachyderm in the room making eruptions that make the atmosphere at best toxic.

The issue is nearly all drug trials / testing is done by drug companies, or people who have strong connections with drug companies.

Such testing costs significant money even for small short term clinical trials in hospitals. Which means that for drugs that are not in development / new the view of the drug companies or their associates is “No ROI”. So at best “sunk costs” with no profit potential.

Thus existing drugs do not get tested for efficacy against new diseases, especially if they are “off patent” or “off book”.

About the only time an “off patent” drug gets tested these days is not for “efficacy with a new disease” but for “contra indications with new drugs” the “yellow card” or similar system has flagged up.

The amount of influance “Big Phama” has over not just Executive Government but the regulatory authorities is horrifying. Analysis of “revolving door employment” and similar shows that it is endemic and very probably corrupt in significant ways.

Such “regulatory capture” is not at all healthy for society in several ways I won’t go into.

But consider just, one asspect, drugs that work and work well that are “off patent” get all sorts of arguments made against them in favour of the latest “wonder drug” that is normally very far from adiquately tested.

As an example “Warfarin” is a blood anticoagulant that inhibits circulating “clotting proteins” in the blood. Other drugs work on different parts of the clotting process such as aspirin which affects the blood platelets.

Whilst very effective Warfarin has issues, in that many common foods etc change it’s effectiveness and individuals have wildly different and changing responses to it. So regular INR testing is required (weekly for some people). Thus quite an industry of chemicals, equipment and personnel has built up around the testing. So many “rice bowls” have been made.

Around 2007 a new class of drugs that work by blocking the activity of the clotting protein factor Xa came along that do not need INR testing.

Many people were put on these new wonder drug DOAC’s especially those with “Atrial Fibrillation”(AF) a quite serious heart failur condition that can cause death directly, or by the build up of blood clots in the heart chambers that break away cause strokes and heart attacks.

Unfortunately it was discovered the hard way by the “Calculus of Death” that in fact these new wonder drug DOAC’s were not so wonderfull, in that they have an odd side effect. They only work if you are in a certain weight and hight range. If your BMI is to low or too high (but not apparently fat/lean ratios). Be an athlete outsise the BMI range, or a couch potato with more tires than the Mitchelan man then these new DOAC’s don’t work and the AF related blood clots return… If you are lucky and your Doctor is keeping up on your drugs review then you don’t find out the hard way by dropping dead…

But there is a problem… the sensible thing is to switch people back to Warfarin. But in the time healthcare was having it’s new DOAC “love in” through the 2010’s the Warfarin “anticoag clinics” were run down or closed and many rice bowls were broken thus chemicals and equipment and staff were at best in short supply if not “nolonger available”. But also many other new drugs were introduced that actually do not play at all nicely with Warfarin, so people on those have to be moved to alternatives if they exist.

Mostly though new drugs promise much but either fail to deliver, or cause major complications down the road because drug testing is at best marginal outside of jo/joe Average who are healthy college age kids looking to make some money (AKA Drug Company ideal test subjects).

Thus the reality of drug testing is the “Calculus of death” via the “yellow card” or similar systems, which tends to have quite a high body count.

One of the things that kind of annoys the Drs I have to work with is I tell them I do not do wonder drugs as I’m not an unpayed guinea-pig. They also find out I actually go check the “Yellow Card” for any drugs they suggest… On one occasion I pulled up the fact that a computerised prescribing checking system was wrong…

Have you any idea how twitchy people get when you do that?

Winter August 12, 2022 8:41 AM

@Clive

The issue is nearly all drug trials / testing is done by drug companies, or people who have strong connections with drug companies.

That is another example of We want our cake and we want to eat it.

The public wants safe drugs with no risk, but the public does not want to pay for it. Hence the costs and profits are delegated to what can only be described as psychopaths out for a bounty.

The alternative is a system where “the public” pays for drug development and testing for cures that do not earn enough monetary profit. For that to be even possible, the drug licensing system must be redesigned from the ground up.

Currently, it is next to impossible to register and market an existing tested and tried drug out of patent to the same patients that were taken the very same drug before, after it was withdrawn by the original producer.

We had a case in the Netherlands where a licensed pharmacist gave an unpatented needed supplement to a persono with a metabolic disease for tens of euros. After it was taken up by a drug company, the very same stuff costs thousands of euros.

Clive Robinson August 12, 2022 10:49 AM

@ Winter,

Aside from the blatent price gouging I have significant concerns about society.

For instance there are known to work cures using phages, that will never ever be aproved in the West under the current system because phages are a natural product, therefore not patentable (yet… however the USPO is moving that way and the EUPO appears to have been captured by lobyists from the US).

Thus the question who pays/profits from the “common good”?

I see it as further proof of the badness that almost always happens in hierarchical systems. Those at the top have the power to corupt, which makes them obvious targets for those who want to benifit by coruption in myriads of ways.

What the solution is to this I don’t know but some of the ideas I have would not be popular with the gougers.

I don’t know if you remember back a few years and the US public scandals such as when a US investor / hedge fund manager Martin Shkreli purchased the rights to an old drug and raised the price to $750 from $13.50. Or when compaby Mylan made huge price increases on its life-saving EpiPen for allergic reactions up to over $600 that contained less than $1 of Medication?

Well Shkreli did time but is out now and apparently ploting his revenge on Big Phama. As for Mylan they’ve got of light with a paltry 1/4billion fine and a bunch of smirks off camera…

But the epi-pen scandle led to DIY solutions and information on how to refil existing epipens going up on the web…

Not something I would encorage, but easy enough to do and with little effort (in fact some “single use” injections with rubber needle covers and large plunger tops can be used in “thump mode” (as soldiers used to describe their anti nerve agent pens administration). Where pushing the body hard will cause the needle to come through the rubber cover and go into the muscle of leg or arm. Coming up with simple mechanics for the rest of it would be little more difficult than examing how one of those auto-centerpunch pens work.

Winter August 12, 2022 11:35 AM

@Clive

I don’t know if you remember back a few years and the US public scandals such as when a US investor / hedge fund manager Martin Shkreli purchased the rights to an old drug and raised the price to $750 from $13.50.

I do remember that. But the scandal of all scandals is the opioid crisis which killed over 600,000 Americans. I believe no one was jailed over that mass murder.

But these specific examples are the result of Americans thinking that universal healthcare coverage is only possible with Stalinist Gulag camps. If you insist on not wearing seat belts, you die if your car is involved in a crash, if you insist on American Health Care, you die if you need care.

Clive Robinson August 12, 2022 12:50 PM

@ Winter,

Re : 600,000

I went over the reasons why that happened in the past on this blog, but you won’t find it here any longer though there are bits up on one of the archive services.

I was kind of hoping the past couple of years would have woken the US population up…

But apparently not,

‘https://jrreport.wordandbrown.com/2022/08/09/us-government-poised-for-long-awaited-powers-on-drug-pricing/

Note what got carved out…

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.