Friday Squid Blogging: New Squid Species

Seems like they are being discovered all the time:

In the past, the DEEPEND crew has discovered three new species of Bathyteuthids, a type of squid that lives in depths between 700 and 2,000 meters. The findings were validated and published in 2020. Another new squid species description is currently in review at the Bulletin of Marine Science.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Tags:

Posted on August 5, 2022 at 4:13 PM81 Comments

Comments

Not really anonymous August 5, 2022 4:39 PM

DJB announced a new lawsuit this afternoon. It seems to be mostly about NIST not respounding to his FIOA requests reguarding NSA influence on the postquauntum cryptograpohy standard creation.

Leon Theremin August 5, 2022 6:56 PM

This position paper makes the case for wireless in-package nanonetworking as the enabler of efficient and versatile wired-wireless interconnect fabrics for massive heterogeneous processors.

https://arxiv.org/abs/2011.04107

Comment: Think your processor couldn’t have a covert networking interface phoning home? Think again.

Clive Robinson August 5, 2022 8:26 PM

@ SpaceLifeForm, usual suspects,

Linux vulnerability in Jens Axboe’s “io-uring”[1],

“an exploit that targets a hardened nsjail environment inside of Google’s container optimized OS (COS) distro. The exploit does not require unprivileged user namespaces and results in root privileges in the root namespace. To gain root, we leveraged a Use-After-Free vulnerability. This allowed us to execute our own code in kernelmode.”

https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/

It allows a user to run code in kernel mode, so is somewhat serious…

[1] Jens Axboe’s “io-uring” is a “swiss army knife” for system calls with a lot of performance enhancment. It gets the performance boost a couple of ways. Firstly system calls can be completed asynchronously, so threads do not have to block while waiting for the kernel to complete the call. Secondly multiple system call requests can be submitted at the same time. So a task that would normally make multiple system calls can be reduced down to making one. Which significantly reduces context switching between user and kernel space and back.

Clive Robinson August 5, 2022 9:09 PM

@ ALL,

Re : DJB taking NIST to court,

@Not really anonymous, noted above,

“DJB announced a new lawsuit this afternoon.”

But did not include a link.

Well this is a link to DJB’s write up,

http://blog.cr.yp.to/20220805-nsa.html

It’s a very good read and goes into some of the naatier bits of NIST being the NSA’s puppet.

As I’ve mentioned in the past the AES competition, was fairly clearly rigged so that which ever algorithm won, the practical implementation that would get used would be full of time based side channel leaks…

From a practical point of view AES is not an algorithm you would want to use in an “on-line mode”. A fact that reading NSA documents for the likes of it’s “Inline Media Encryptor”(IME) makes clear, that it’s only approved to “secret” for “Data at rest”.

Clive Robinson August 5, 2022 9:58 PM

@ Bruce, Usual Suspects,

Re : Helium crypto nonsense

A little while ago when our host @Bruce last posted about “blockchain”, I mentioned an odd ball “crypto-currency” scheme called “Helium” that uses,

“Proof of coverage”

Not “proof of work” and I said it was a joke at best…

Well it appears I’m not the only one,

https://blog.dshr.org/2022/08/helium.html

SpaceLifeForm August 6, 2022 2:40 AM

@ Not really anonymous, Clive, ALL

Here is the more secure link.

‘https://blog.cr.yp.to/20220805-nsa.html

SpaceLifeForm August 6, 2022 3:28 AM

@ Not really anonymous, Clive, ALL

This is the main complaint, which can bring you up to speed on the more recent events surrounding the Chasing of the PCQ Ghost. Most of the stuff of interest is on pages 3-5 of the 7 pages.

‘https://storage.courtlistener.com/recap/gov.uscourts.dcd.246022/gov.uscourts.dcd.246022.1.0.pdf

Bottom line: If it is NIST approved, run away. NIST is a Scary Ghost.

Clive Robinson August 6, 2022 6:32 AM

@ SpaceLifeForm, Not really anonymous, ALL,

Re : NIST – NSA and US DOC

NIST “is required” to consult the NSA, not be their front/puppet.

Going back to the AES competition like others I had my suspicions and have said as much.

It started earlier over DES and what was said about IBM pre DES work (Don Coppersmith and a couple of others from the IBM DES team comments over the years did not quite hang together with other info).

So I started to look into the NSA and what went before. It turned out I had reason to be suspicious as William Friedman was clearly playing games with mechanical crypto equipment used by the US.

Let’s just say the “weak to strong key” ratios were “odd”. It was when I looked into the centralised “Key Management”(KeyMan) the shoe started to drop…

The designs had a smaller than expected percentage of strong keys, and the available key range was larger than needed. Thus there were sufficient strong keys IF and ONLY IF you knew which ones they were.

I realised that the design was such that if it fell into enemy hands and they either used captured, or copied the design but were unaware of the weak to strong key issue and randomly selected keys about 1 in 5 of their messages would be easily decrypted.

Knowing how Britains Bletchly Park broke ciphers using a card catalogue of previous broken messages (so called “British Museum” method). I realised that the messages under weak keys would provide “steping stones” and make cryptanalysis and decoding of messages under strong keys not trivial but way way simpler.

When the NSA later formed and William Friedman joined, he in effect made this behaviour “standard policy” for them. The British were also playing a similar game and as the card game “Bridge” was extreamly popular with those at Bletchly, the name of a bridge tactic “finessing” became used for what was being done.

Knowing this you can then walk the historical time line and see things that were odd… like Crypto AG in effect being the only private crypto company to survive with Haglin and Friedman known to be proffessional if not actual friends. It was suspicious and this was as we now know effectively a “front”, even with suspicions the NSA/CIA arranged the death of Haglin’s son and other “awkward” Crypto AG staff[1].

It’s certainly known that NSA members on standards committees went out of their way to be rude, obstructive and alienating to other committee members to force through things that many did not agree with.

As is oft said,

“Once is happenstance, twice is coincidence, thrice is enemy action.”

On the “Means Motive and Opportunity” score the NSA rates a high pathological score, likewise the level of circumstancial evidence against them would have “Put a Saint in the electric chair”.

All you have to do is “walk the time line” and “join the dots” and the NSA MO becomes brutally stark.

In effect NIST is captured by the NSA like a child worker held in a third world sweat-shop where all the exits are locked and guarded…

[1] We don’t know the truth –yet– but there are reasons to think there were too many deaths and at convenient times,

https://inteltoday.org/2020/02/27/crypto-ag-was-boris-hagelin-jr-murdered-by-the-cia-update-bnd-boss-the-number-of-deaths-surrounding-crypto-ag-is-disproportionately-high/

Frankly August 6, 2022 8:58 AM

In the News: Amazon purchases iRobot, giving it a vast data trove mapping the interior of people’s homes, to add to their data on prescription drugs, buying-eating-reading habits, etc. They also have a flying drone for interior home security.

Where does all this lead? One warrant and all that data is available to law enforcement and (potentially overzealous) prosecutors. Abuse of power can easily take the form of abuse of data. Will Congress set limits on data use and abuse? Not if there are serious security issues nationwide.

Technology gives individuals who wish to do harm more and more power as time passes. Eventually, intrusive data is going to be used by LEOs and govt very widely, as a necessity to keep society safe. This is a inevitable as the progression of technology. You can write all the articles you want, but people and their elected reps will choose security over privacy whenever there is a grave threat.

Clive Robinson August 6, 2022 12:14 PM

@ ALL,

Re : The crusties -v- Young folk.

There is a war of sorts going on in the ICT industry which can be very very partisan at times. It actually should scare those doing “real world security” of “Industrial Control Systems”(ICS) and building systems around IoT Devices and the like. Just remember your kitchen is starting to become an IoT system, and your Home Entertainment system is probably already bowing down to other masters, as have all your Smart Devices.

Back when I was younger “the crusties” were “the systems people” and the “young folk” the free thinking producers of end user software. The youngsters saw themselves as fleet of foot and Rapid Prototyping was their “new way”. Yup that was when “RAD” was not two skateborders high fiving and trash talking, but “Rapid Application Development”

I however was one of the nearly unvoiced minor minority, developing embedded systems to stop billion dollar Off Shore Installations blowing up or air/space craft dropping on peoples heads. Back then “full stack” still ment being “agile with a wire wrap gun” or doing “taping” to produce your own PCB layers by hand. Familiarity with TTL, BitSlice, PALs and later PLDs and knowing what 20v10 ment were vital. Then 8bit CPU chips, yielded to 8bit microcontrolers and knowing 8048, 8051 assembler and several others such as the Motorola family became the thing, and being agile with a craft knife to do layouts got replaced with having a good laser printer and overhead projector transparencies. The CAD based layout shops became a scarcity as layout software started to run on 8086 PC’s even in peoples homes (I still have such a setup).

Well if you want someone with those “Real Full Stack” skills and there is a rapidly growing shortage, they are not that easy to find… Look for Physics / Chemistry / Aerospace graduates as they very probably had to atleast develop some of those skills to do their “hands on” projects.

Any way there is a bit more to it even in what javascript hackers call “full stack development”. Thus this might amuse,

https://www.logikalsolutions.com/wordpress/information-technology/yocto/

But to people like me “Yocto People” are just modern “air heads” floating up in some rarefied place way up the computing stack where they don’t get their hands dirty they tell robots to do it for them… So yeh I’m an “old Crusty” to even “old crusties” thus have the right to wave my walking stick and shout “Hey Kid get off my lawn” to those on their mobility scooters 😉

SpaceLifeForm August 6, 2022 1:23 PM

@ ALL

Twitter Leak

This is a serious blunder. The SPIN is strong.

This is why attackers want phone numbers and email addresses.

Twitter was leaking information for over a year.

I am shaking my head so much I may need to see a chiropractor.

‘https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts

We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account. We take our responsibility to protect your privacy very seriously and it is unfortunate that this happened.

. . .

As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any.

pup vas August 6, 2022 1:30 PM

How much does Taiwan depend on China?
https://www.dw.com/en/how-much-does-taiwan-depend-on-china/a-62725691

=Its highly developed semiconductor industry is as important for Taiwan as the automotive industry is for the German economy. And a comparison with Germany shows how dependent Taiwan is on exports. Around 70% of Taiwan’s economic output is attributable to its exports, in Germany it was 47% in 2021.

But, while the 2021 gross domestic product (GDP) per capita in China was $12,259, in Taiwan it was almost three times as high, at $33,775, according to data from the International Monetary Fund.

Overall, China is Taiwan’s most important trading partner, followed by the United States. More than 42% of Taiwan’s exports go to China, from where Taiwan gets around 22% of its imports. In 2020, goods and services worth $166 billion were exchanged between the two countries.

Taiwan is also among the top investors on the mainland. According to the government in Taipei, between 1991 and the end of May 2021, Taiwanese companies invested around $194 billion in a total of 44,577 Chinese projects. Chipmaker Foxconn’s factories are one of the best known examples. The contract manufacturer makes iPhones for Apple, Galaxy smartphones for Samsung and game consoles for Sony in plants throughout China.

Mahbubani does not believe that Beijing will use military force to take over Taiwan just yet. The >>>Chinese are much more interested in business than in ideologies.<<< For the decision-makers in Beijing, the risks clearly outweigh the opportunities, the Singaporean political scientist, diplomat and former president of the UN Security Council, emphasized in an interview with Bloomberg TV.=

SpaceLifeForm August 6, 2022 1:43 PM

@ ALL

re: Twitter Leak

Correction. According to Twiiter, it was only leaking for 6 to 7 months.

It took them another 6 to 7 months to report it. So between January of this year and now, they just kept it secret.

Why would this blunder be introduced into working code? It was likely intentional.

It really smells.

Clive Robinson August 6, 2022 1:48 PM

@ ALL,

Re : Crusties and JavaScript

I suspect some one will take exception to my comments about those righting JavaScript as not bring “full stack” or even having an understanding of what the actual “Computing stack” covers.

Well for those that might take exception you might not know who Douglas Crockford is but at the turn of the last century he came up with what nearly all software devekopers have heard of JSON.

Well he’s come to a relisation that might shock a lot of people bearing in mind JavaScript may be the most used programing language in the world currently, he wants it dead and buried as quickly as possible,

The best thing we can do today to JavaScript is to retire it. Twenty years ago, I was one of the few advocates for JavaScript. Its cobbling together of nested functions and dynamic objects was brilliant. I spent a decade trying to correct its flaws. I had a minor success with ES5. But since then, there has been strong interest in further bloating the language instead of making it better. So JavaScript, like the other dinosaur languages, has become a barrier to progress.”

https://devclass.com/2022/08/04/retire_javascript_says-json-creator-douglas-crockford/

I’ve said similar about C++, and the reason is the bigest “technical debt” creator of all,

“The ‘Code Reuse’ mantra”

It’s basically taken programing languages that had simplicity and elegance, and replaced the art of programming with the art of plumbing together dangerously over complex bloated “all things to all men” code libraries with fifty different kitchen sinks in every one.

If people want “Exhibit A” I can give you log4j which even scared the US Congress, the DoC, SEC and even the Fed…

pup vas August 6, 2022 3:55 PM

Advancing dynamic brain imaging with AI
https://www.sciencedaily.com/releases/2022/08/220801133143.htm

=MRI, electroencephalography (EEG) and magnetoencephalography have long served as the tools to study brain activity, but new research from Carnegie Mellon University introduces a novel, AI-based dynamic brain imaging technology which could map out rapidly changing electrical activity in the brain with high speed, high resolution, and low cost. The advancement comes on the heels of more than thirty years of research that Bin He has undertaken, focused on ways to improve non-invasive dynamic brain imaging technology.

Brain electrical activity is distributed over the three-dimensional brain and rapidly changes over time. Many efforts have been made to image brain function and dysfunction, and each method bears pros and cons. For example, MRI has commonly been used to study brain activity, but is not fast enough to capture brain dynamics. EEG is a favorable alternative to MRI technology however, its less-than-optimal spatial resolution has been a major hindrance in its wide utility for imaging.

“As part of a decades-long effort to develop innovative, non-invasive functional neuroimaging solutions, I have been working on a dynamic brain imaging technology that can provide precision, be effective and easy to use, to better serve clinicians and researchers,” said Bin He, professor of biomedical engineering at Carnegie Mellon University.

He continues, “Our group is the first to reach the goal by introducing AI and multi-scale brain models. Using biophysically inspired neural networks, we are innovating this deep learning approach to train a neural network that >>>can precisely translate scalp EEG signals back to neural circuit activity in the brain without human intervention.”=

pup vas August 6, 2022 4:05 PM

Wireless activation of targeted brain circuits in less than one second
https://www.sciencedaily.com/releases/2022/07/220714165806.htm

=A research team led by Rice University neuroengineers has created wireless technology to remotely activate specific brain circuits in fruit flies in under one second.

Robinson said the ability to activate genetically targeted cells at precise times could be a powerful tool for studying the brain, treating disease and >>>developing direct brain-machine communication technology.

>>The research was funded by DARPA (N66001-19-C-4020),<<< the National Science Foundation (1707562), the Welch Foundation (C-1963) and the National Institutes of Health (R01MH107474).=

SpaceLifeForm August 6, 2022 4:47 PM

@ ALL

re: Twitter Leak

I do not believe anything that Twitter says. There is good reason to understand why @ElonMusk filed something under seal.
I suspect that Twitter may have been caught on the ‘bug’, and they say they fixed it in January, but probably did not deploy until 2022-07-14.

Sorry, but lots of dots. I have a theory.

2016-06-09

‘https://www.socialmediatoday.com/social-networks/login-details-32-million-twitter-accounts-leaked-online-time-update-your-password

2021-07-21

‘https://www.cnbc.com/2021/07/21/man-busted-for-twitter-hack-of-biden-obama-musk-in-bitcoin-scam.html

2022-07-21

‘https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/

2022-07-14

‘https://www.bleepingcomputer.com/news/technology/twitter-outage-shows-something-went-wrong-error-message/

2022-07-27

‘https://www.komando.com/security-privacy/twitter-data-breach-2022/847827/

2022-08-01

‘https://thehackernews.com/2022/08/researchers-discover-nearly-3200-mobile.html?m=1

‘https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/

‘https://www.bleepingcomputer.com/news/security/over-3-200-apps-leak-twitter-api-keys-some-allowing-account-hijacks/

2022-08-05

‘https://nitter.net/vxunderground/status/1555661472679792641

Clive Robinson August 6, 2022 4:55 PM

@ pup vas, ALL,

Re : China & Taiwan

The former president of the UN Security Council comment you quoted of,

“Chinese are much more interested in business than in ideologies. For the decision-makers in Beijing, the risks clearly outweigh the opportunities”

Is I would say a reasonable assesment untill fairly recently.

As I noted the other day China has a food supply issue. Specifically protien from fowl and swine is in significant shortage due to various diseases. Thus China has an increasing need of foreign currancy to buy in replacment.

China’s most lucrative income like that of Taiwan is the US via consumer goods.

TSCM the worlds most prolific of chip manufacturers as well as probably the highest tech in the world based in Taiwan is an “ace in the hole” for Taiwan. Whilst TSCM only supply China’s FMCE manufacturing not millitary –as far as can be told– much of that supply is destined for foreign export by China to the US… Thus TSCM chip supply to the US is both direct and indirect.

For obvious reasons the US want TSCM fabs out of Taiwan and on US soil such that they come under the US War Act and similar. The Taiwanese Government knows that if it looses TSCM plants to the US then the US has no reason to protect Taiwan, likewise China knows that it will not get chip supply from US based fabs.

Which might explain the US alledged $2trillion Chip Act.

Part of which will be an all out push to destroy GSM 5G, and go for 6G or some entirely US Standard by which US control lost in the late 1980’s/90’s will potentially be regained.

And with that you can be absolutly certain that the US Government will do exactly what it has been accusing the Chinese of doing with 5G[1][2].

The result will as it currently is be that we will all be insecure and our privacy calously invaded for, money, power and control (say hello to Palantir).

So what happens next with China is critically dependent on US Politicians and their normal idiocy caused by short term thinking.

If the US upset the “trade balance” then China will fairly quickly develope very problematic National Security issues, which would bring into question current CCP plans.

So whilst I agree with the former president of the UN Security Council quoted comment… It will take very little for the US to upset the balance, which could easily precipitate out to the CCP prosecuting military action against Taiwan. How much and in what way again depends more on US actions than most realise.

[1] The US has been playing political games over accusations of China with regards 5G[2]. Whilst it is in theory possible, –if you by stupidity or design build a grossly insecure national 5G network– for other nations to spy on individuals, in practice it’s actually fairly simple to stop such attacks on a 5G network (but it also puts limits on your own ability to spy on your citizens). As the UK Govenment was advised several years ago which later became wider public knowledge when US Politicians started the “5G scare”… Part of which involved promoting dumb ass conspiracy theories, some of which resulted in idiots trying to burn down electricity pylons… That they supposadly thought were something to do with 5G mind control or similar… In fact known history shows that the biggest risk to individuals privacy and security is actually the US Intelligence community and their peers in WASP and other nation states.

[2] As for the repeated US claims about the Chinese Government “back-dooring” technology, the evidence is at the very best scant in deed. If it was realy there you would expect clarion calls to be trumoeted out with much fanfare by US politicians. The fact that they have not should tell people a few things… However for the US back dooring US technology, the evidence is very strong, with US IC personnel actually being photographed “in the act” amongst other things. The actual facts suggest that the Chinese do not need to backdoor Technology to be used in the West, because it is already so badly insecure to start off with… That is it’s easier and less expensive to find and exploit existing vulnarabilities in Western Tech than go to the trouble of making such vulnarabilities. So US Policy of “strong attack” with at best “pitiful defence” with regards the US ICT Industry products is going to carry on being a “Shoot yourself in the foot” policy for quite some time to come…

Clive Robinson August 6, 2022 5:46 PM

@ SpaceLifeForm, ALL,

Re: Twitter Behaviour

“I do not believe anything that Twitter says.”

You’ld be quite wise not to as William Shakespeare had one of his characters observe,

“There is something rotten in the State of Denmark.”

“There is good reason to understand why @ElonMusk filed something under seal.”

Even the Twitter board effectively admit they’ve “done wrong” by their filings. The question is when will either the SEC step upto the mark (effectively admiting they and Twitter Share Holders have been hoodwinked by the board’s probably fraudulant claims).

As Musk is effectively a major share holder and certainly the individual who holds most shares personally, he could start an action against Twitter based on their misfilings…

That would cause no end of problems. Because although the filing would be later than the Twitter Boards, it involves the Twitter behaviours prior to his offer to Twitter. This would potentially force “A trial within a trial” which would be messy messy messy at the very least.

Thus any claim Twitter make about Musk devaluing Twitter would first have to account for how much the Twitter board had falsely inflated the value via their obviously dubious filings to the SEC.

There would be the possibility that Musk could come out ahead on that. More interestingly, if another share holder who is not Musk linked brought such an action, then the case would in all probability have to run separately. Which would potrntially make a lot of information the Twitter board want to keep under wraps public.

Which brings us back to your point of,

“I suspect that Twitter may have been caught on the ‘bug’,”

Again the question arises what were the boards legal duties on reporting via SEC and other Federal Agencies.

We are going to need our own legal expert, to start predicting which way this current bag of snakes is going to move next…

Anyway time to get another bag of popcorn out the cupboard 0:)

SpaceLifeForm August 6, 2022 6:16 PM

@ Leon Theremin

Token Ring over optic fibre seems more secure when it comes to nanonetworking.

It would not be Broadcast, and likely saves energy.

The trick is the splicing interfaces.

Clive Robinson August 7, 2022 7:54 AM

@ ALL,

I’m surprised to note that yesterday passed without historic note…

On 6th Aug 1991 31 years ago the first official “HTTP” site was unvailed…

Since which Internet Security for the individual citizen tripped into “the danger zone”. As first crooks then Governments started to steal and accumulate personal information for their benifit and most others loss.

So when you are slicing that center piece of sunday lunch have a thought about just who knows what you are doing…

Remember,

“You are not realy paranoid if they are out to get you…”

And as they are out to get everyone who uses electronic communications… Only those “total off-griders” can by that definition be paranoid 😉

JonKnowsNothing August 7, 2022 10:17 AM

@Clive, @SpaceLifeForm, All

re: BA.4.6 Mutation S:R346T Growth Advantage

The SARS-CoV-2 mutations are keeping right on track with so many mutations that naming conventions have had to put a break on which mutations get named and which ones don’t. There are a number of agencies that assign names and each has their own criteria. WHO hasn’t issued a new Greek letter since Omicron but we many sub-lineages and mutations and recombinants all hanging out under the Omicron banner.

The criteria for a Pango Lineage name is now 2 fold: Must have a mutation(s) of significance and must have a geographic, population or host jump to get a name. BA.4.6 recently got its name after first being rejected as insignificant but within weeks found to be quite significant.

  • BA.4.6 is the alias for B.1.1.529.4.6. It’s mainly found in USA, England and Denmark.

BA.4.6 has a mutation point S:R346T which is now linked to “growth advantage” and has been seen in other contagious versions of COVID.

As the virus mutates, it gains and sheds mutations; the rate is much faster rate than originally expected. Some mutations make no difference to the host, having no obvious effect. Some mutations pop up or drop out repeatedly but seem to do nothing of significance. S:R346T can be linked to other contagious versions of COVID and tracked as to the impact of those versions.

      S:R346T is linked to those mutations that had significant growth and the lack of S:R346T in versions that fizzled.

Other mutations sites on the current watch list are:

  • 346-348
  • 356
  • 444-446
  • 452
  • 468
  • 486

===
Graphs and discussion (closed)

ht tps://github.com/cov-lineages/pango-designation/issues/741
ht tps://cov-spectrum.org/
requires JavaScript

Clive Robinson August 7, 2022 11:26 AM

@ JonKnowsNothing, SpaceLifeForm, ALL,

Re : SARS2 mutations

… the rate is much faster than originally expected.

The rate depends on three primary things,

1.0, Host availability.
2.0, Virus Infectiousness.
3.0, If host has other diseases.

The first (1.0) is dependent on,

1.1, Host immunity
1.2, Host density
1.3, Host movment.

Thus you would expect the first viral run through a high density city with significant population movment to make many hosts available and spread to be rapid. Thus the abiliry to mutate being similarly high.

The Second (2.0) is dependent on

2.1, Host immunity.
2.2, Viral RNA structure.

The Third is in part about the hosts ability to fight either novel or known to the immune system pathogens. There is a very long list including age and nutritional status that effect the human immune system, and in some cases a broad genetic component. Of interest currently is “vaccine escape”.

The mRNA vaccines had a very high efficacy because they were “tuned” to a specific virtually singular characteristc. Due to the fact quaranteen measures were not put in place, the virus gained the opportunity to mutate out from under the very narrow skirt of effectiveness. However other apparently less effective vaccines had a broader skirt and vaccine escape with those was much less. But because of lack of quarantine measures virus with sufficient mutations that had escaped mRNA vaccines ended up further mutating thus escaped the vaccines with the broader skirt.

So the best people can hopefor now is not vaccines, but natural immune system response br it primed by,

1, Vaccine.
2, Infection.
3, Both.

The figures such as they are suggest your immune system would have been best primed by both. That is the vaccine reduced the likely mortality of the original virus, and thus lower grade inffection from a later mutation actially gives your immune system a much wider response skirt than any of the vaccines.

One thing that has come up unexpectedly is that the virus mutations are way less seasonal than expected. The fact the northern hemispher is in “high summer” and the SARS2 infection rate is higher than it has ever been should be “Pause for thought” even in the most idiot of politicians.

Worse it’s very high despite many are still “masking up” and taking other preventative measures such as minimal contact / issolation.

The only saving grace, is inexplicably despite it’s infection chatacteristics the lethality appears to be dropping with mutations. Why this should be we’ve yet to find out and knowing what the downward driver is could be vital in future pandemics that are due to basic greed and political stupidity likely to happen again within a decade.

But there is a flip side… Right back in the early days, one of my major concerns was sequelea. Well we’ve seen it happen, with “long covid” and a significant pecentage with issue well after 12weeks and some apparently having suffered permanent loss of brain grey matter thus permanent cognative loss. Others similar unrecoverable damage to the heart, with lungs and liver having unrecoverable scaring or similar.

What we don’t yet know is what SARS2 has done with respect to longterm autoimmune diseases. I’m expecting new ones to arise, an increase in cancers and a more general shortening of life expectancy over the next decade or three.

And I suspect that barring accidents the odds of me dying by Covid and it’s effects are high on the list. The same as it will be for anyone currently over around 38-45 years old currently…

vas pup August 7, 2022 3:31 PM

Israel’s Innoviz secures $4b deal to supply Volkswagen with LiDAR sensors
https://www.timesofisrael.com/israels-innoviz-secures-4b-deal-to-supply-volkswagen-with-lidar-sensors/

“Israel’s Innoviz Technologies, a maker of sensors for self-driving cars, has landed a contract to supply sensors and perception software to Volkswagen in a deal worth about $4 billion, the company said Tuesday.

Under the deal, Innoviz will provide LiDAR technology and software to VW’s autonomous vehicles unit called CARIAD starting in 2025. Innoviz expects to supply between 5-8 million LiDAR units across multiple brands within the Volkswagen Group over an eight-year period, according to CNBC.

Kfar Saba-based Innoviz makes LiDAR (light detection and ranging) sensors that it says help automakers improve their vehicles’ safety, perception, connectivity and experience. The sensors provide accurate images of the vehicles’ surroundings through object detection, classification and tracking at long distances. LiDARs are a critical element of advanced driver assistance systems (ADAS) and autonomous vehicles (AVs).”

SpaceLifeForm August 8, 2022 2:00 PM

@ ALL

Cryptocurrency money laundering

It is being followed.

‘https://cryptobriefing.com/us-treasury-sanctions-ethereum-mixing-tool-tornado-cash/

SpaceLIfeForm August 8, 2022 2:30 PM

@ JonKnowsNothing, Clive, ALL

re: Stealthy Covid

Yes, the case rate did not decline as much as I expected for Northern Hemisphere Summer.

Two thoughts as to why. One is that the excessive heat is keeping more people indoors with little fresh air ventilation. The other is that many are still flying around on planes.

Check this out. My bold.

‘https://arstechnica.com/science/2022/08/58-of-human-infectious-diseases-can-be-worsened-by-climate-change/

The largest number of diseases aggravated by climate change involved vector-borne transmission, such as those spread by mosquitoes, bats or rodents. Looking at the type of climate hazard, the majority were associated with atmospheric warming (160 diseases), heavy precipitation (122) and flooding (121).

SpaceLifeForm August 8, 2022 6:36 PM

@ ALL

When a braindead AI chatbot reveals UI

‘https://www.vice.com/en/article/qjkkgm/facebooks-ai-chatbot-since-deleting-facebook-my-life-has-been-much-better

JonKnowsNothing August 8, 2022 11:15 PM

@SpaceLIfeForm @Clive, ALL

re: Stealthy Covid rate of non-decline

There isn’t any reason at all to expect a decline in cases. BA5 is significantly more transmissible than BA4; BA4 was more transmissible than previous variants.

Some countries are touting that their “COVID peaks are declining”, which is true enough, but the numbers as reported, are not exactly encouraging.

In one country: the numbers declined 500,000 in one week to 2,500,000 cases. The previous week it was 3,000,000 cases.

The table has reported numbers from my area. This is normally updated weekly. There have been no updates since 07/26/2022.
(note: I’ve never figured out how to set fixed format, ymmv)

These metrics are an indicator of the current rate of COVID-19 transmission in the county.

Week Positivity Rate New COVID-19 positive case per day per 100K population Health Equity Metric (HPI Test Positivity) Trend
7/26 20.7 41.9 22.6 higher
7/19 19.9 40.7 19.8 higher
7/11 17.5 35.8 17.3 higher
7/5 15.2 34.4 15.2 higher

Folks in this area are working on their 2nd and 3d bouts of COVID. As @Clive has pointed out the number of infections depends on the number of available hosts.

So are the numbers UP or DOWN?

We have lots of ways to not count things: shifting people to hospice, shifting them to care homes, shifting them to at-home care, basically shifting them anywhere they can on “Pancake Day”. (1)

===

1) “Pancake Day” is a reference to a event in the fictional stories of “Walt Longmire” by Craig Johnson (author). The Cold Dish – December 29, 2004.

Winter August 9, 2022 12:35 AM

@JonKnowsNothing

So are the numbers UP or DOWN?

That is immaterial at the moment. SARS2 is not going away any time soon, or ever. We still have 4 different corona variants going around as common cold viruses from zoonotic events from more than a century ago.[1]

So history tells us that it is pretty unlikely that SARS2 will disappear. More likely is that it will evolve over time to some fifth common cold or flu like virus. Until then, we will have to treat it like we treat the flu.

North American deaths are currently ~500 daily. [2]

[1]’https://www.newscientist.com/article/mg24632800-700-what-four-coronaviruses-from-history-can-tell-us-about-covid-19/

[2]’https://covid19.healthdata.org/north-america?view=daily-deaths&tab=trend

Clive Robinson August 9, 2022 8:14 AM

@ SpaceLifeForm, pen-testers, ALL,

You might find,

‘https://m.youtube.com/watch?v=MTldbQt6Zbs

Interesting it’s about using SDR to develop your own Spectrum Managment OSInt.

It was put up today, but is a talk from 2017… So it’s a little out of date in some respects.

Clive Robinson August 9, 2022 8:28 AM

@ ALL,

Community Internetless Wireless MESH networking

From HOPE 2022. Shows you how you can set up a community network using easily available parts, that does not need the Internet or Commercial Service Providers. And can go “global” via other radio links that are likewise non commercial so you don’t get to feel the corporate control.

The Talk actually starts at 3mins in

https://m.youtube.com/watch?v=o5g23fGQR-M

Worth a watch

vas pup August 9, 2022 4:40 PM

Biden signs off on semiconductor bill in challenge to China
https://www.dw.com/en/us-biden-signs-off-on-semiconductor-bill-in-challenge-to-china/a-62761790

“The future of microchip production will be “made in America,” said US President Joe Biden while presenting the $280 billion Chips and Science Act.

The US will invest around $52.7 billion (€51.6 billion) in microchip production under the $280 billion Chips and Science Act. The bipartisan measure is aimed to ensure the US can keep pace with China as the two countries vie for dominance in the high-tech sector.

“The future of the chip industry is going to be made in America,” US President Joe Biden said while signing the bill into law on Tuesday.

The move comes as the world faces a prolonged shortage of semiconductors, materials crucial for producing microchips. The terms “semiconductor” and “microchip” are often used interchangeably.”

SpaceLifeForm August 10, 2022 7:04 AM

@ vas pup, ALL

re: CHIPS

Note the Supply Chain bottlenecks. The biggest one being actual lithography equipment, stretched out nearly 2 years.

‘https://nitter.net/adam_tooze/status/1556241241490132994#m

Just the image. Probably quicker to view. Setting up new fab is slow.

‘https://nitter.net/pic/orig/media%2FFZivAKwWQAEYke6.jpg

Winter August 10, 2022 7:26 AM

@SpaceLifeForm

Note the Supply Chain bottlenecks. The biggest one being actual lithography equipment, stretched out nearly 2 years.

When you scan the list, there are many cross-dependencies. For instance, the ASML lithography equipment relies too on Zeiss and many of the usual suspects from the list. Trying to do rebuild that all in a single country is stupid. E.g, TMSC, Zeiss, ASML etc. are market leaders for a reason, and it took them a lot of time to get there.

Just throwing money at the problem won’t do it. The Chinese Big $50B Fund for development of the chip industry just went down in flames in a big fraud investigation. [1]

[1] ‘https://kfgo.com/2022/08/09/china-watchdog-investigates-three-more-execs-linked-to-chip-focused-big-fund/

Clive Robinson August 10, 2022 9:08 PM

@ Winter, SpaceLifeForm,

Re : Getting Chips Tech.

“Just throwing money at the problem won’t do it. The Chinese Big $50B Fund for development of the chip industry just went down in flames in a big fraud investigation.”

Throwing money at a problem has to be done even though it appears to show no returns…

Like “New Product Development” on Marketing, R&D in the tech sector, has a 9 in 10 failure rate, and that is expected to rise.

The reason being the more mature a domain is the less “easy to see wins” there are to take oportunity of. That is you have to start looking at what is hard as well as not that promising to move forward.

There is a sometimes heard joke floating about about CERN starting it’s own FAB “As they are the only place with a big enough accelerator to do the next gen lithography.”

Whilst not true it does make a point about the cost and difficulty of getting up the next step.

The important point about China and it’s $50billion investment, is not the money or the alledged penny-ante fraud[1], but that, it was actually started over a decade ago.

Which suggests that either the problem is genuinely very hard, or that China is very bad at economic espionage…

But even having the information via espionage might not help…

For instance knowing that part of the lithographic process is creating a plasma arc of tin, what does that tell you?

What it does not tell you is how it’s done and wether the tin is used in a closed cycle system or something else… You can make a reasonably safe bet that it took a lot of false starts and fallen horses before they got close to that finishing line.

The Chinese historically take the long view thus will probably get the results they want. The US however have a very different view, that is best described as “Very short term”.

Do you actually see the US putting two decades of work into it?

Nope nor do I…

[1] Without a lot more details it’s going to be impossible to say fraud. With hindsight, any investment can look like fraud if you want it to, it all depends on the spin you put on it. The CCP has a long history of using “fraud” and “crime” etc as a way of getting at people who might be embarrassing senior CCP members and getting them removed to prison or just executed. Under the surface the CCP has a lot of things Stalin would recognise and appreciate.

lurker August 10, 2022 11:03 PM

@Clive Robinson et al.
“The important point about China and it’s $50billion investment, …”

is that you don’t need 3nm. tech for locomotive power controllers, nor for 99 satelite TV sitcom channels, nor for twinkly light sneakers for kiddies.

Clive Robinson August 10, 2022 11:39 PM

@ JonKnowsNothing,

Re : Life’s Journey.

Much of what I was afraid of with SARS2 has bit by bit come true.

I take no pleasure in this as my predictions were all in effect detremental to the human stock.

The gauling thing is it need not have happened at all. It was two world leaders in particular that fiddled whilst the flames got started.

The UK was and still is as far as SARS2 is concerned “The dirty man of Europe” for which we can thank the blond blow dry idiot and his drink addled cronies. Who it turns out have lied more to the world than the Chinese are aledged to have done.

As for your “neck of the woods” I’ll let others have their say.

But in both cases greed of backhanders won the day over common sense and sensible behaviour, and nations burned not just the contents of their treasuries, but the lives of their citizens.

I doubt we will ever know the real death toll or cost, but I suspect a world war would have been less costly on both counts.

People talk about SARS2 getting less leathal, but is it?

Others argue it’s the “new flu” or “new cold”

Well whilst it could be argued it is a new “cold virus” as the figures from Australia show it’s every way worse than the other cold viruses put together.

Likewise it’s worse than the flu viruses as well.

It’s about as infectious as chickenpox if you include the asymptomatic infections. But the damage it does is arguably worse. And that is before we have any information on the longterm effects of “autoimmune disease” it might trigger. From what’s been seen with the many “long covid” effects I would say the chances are high that any autoimmune disease that does arise will be nasty, and the chances are it will also cause new strains of cancer…

Winter August 11, 2022 1:24 AM

@lurker

is that you don’t need 3nm. tech for locomotive power controllers, nor for 99 satelite TV sitcom

But you do need it for AI, and China’s ambition is to be world leader in AI and automated mass surveillance. For that goal, China needs the highest performance and most efficient chips.

Winter August 11, 2022 2:57 AM

@Clive

The gauling thing is it need not have happened at all. It was two world leaders in particular that fiddled whilst the flames got started.

I have seen nothing indicating that the outbreak could have been contained after it moved beyond Wuhan.

Without a vaccine, the virus could not be extinguished anymore. Stopping all human movement would ahve stopped the spread of the virus, but it would only work as long as there was no movement of people. Short of an impenetrable wall around all populations with carriers, the pandemic would continue the moment there was movement of people again. Australia and NEw Zealand are good examples of how that works.

Clive Robinson August 11, 2022 4:39 AM

@ lurker, ALL,

“… you don’t need 3nm. tech for… “

The “current” products China manufactures in bulk for the US but thats changing fast even at the consumer products level. Especially as China has decided to “second string” the US and develop leading edge products for other parts of the world.

Take for instance “automotive controlers”, they are still very much in their infancy, people want “smart cars” and soon “self driving vehicles” even where there are no roads (as has happened with communications, where the military requirments once led but consumer related products now are decades ahead, the same is about to happen with autonomous vehicles of all kinds).

For these you need,

1, High end communications.
2, High end AI.
3, High end hardware performance.
4, Highly adaptable hardware.

Which all will need 3nm chips very soon.

But there is another couple of asspects that you need to consider.

5, Reliability.
6, Cost.

One reason in fact the only reason “Smart Devices” could and can happen is the so called “System on a Chip”(SoC) devices.

These consist of one or sometimes way more microcontrolers on a single chip with what were once considered huge amounts of ROM and RAM and very high end I/O, all for $2-10. You get what would have once been the equivalent of several “Million Dollar” computers, with a level of reliability under the stress of a moving vehicle on rough terrain that no other way of manufacturing can do. SoCs are also the first step in flexible “Software defined Architecture” where each IO block is in it’s own right an application specific computer you program in the required functionality at boot time.

The thing is with a 64bit RISC core and say 3GByte of ROM and RAM plus 200,000 Gate FPGA and and numerous specialised 32/16/8 bit I/O controlers with complex high end I/O all for the same few dollars you could start making “Universal Devices”. Further bringing the cost down and the reliability up.

But as I keep saying from time to time,

“The future is parallel at all levels.”

The days of the “Castle” computer are now long over. Both Intel and AMD have effectively stopped making single CPU chips. They might call them multi-core but the reality is they are effectively Multi-CPU sharing the same exterior memory and control busses.

Why did they go this way? Well whilst not having hit,

“The laws of physics wall”

Increasing CPU speed further was not a cost effective way to increase performance, especially with the “Heat Death” issue.

They have also tried half heartedly to turn towards the “Prison” model for security. But in the case of Intel with SGX where it keeps failing, they have obviously continuously botched it from day one. Primarily because they can not lift themselves out of the “One Ring” mentality.

But either they will,

“Wise up or goto the wall”

The jury –consumers– are still deciding on that but there is an increasing trend not in Intel’s favour.

The x86 CISC is of dubious architecture and security nightmares has had it’s day. Yes it will hang around for a while because there is still a lot invested in it (think about it as the hardware equivalent of the more than six decade “Cobol Story”). It’s become a technological cul-de-sac, and is already being relegated to the position of “microcontroler” as half million gate integratd FPGA’s take on the “compute load”.

The same applies to all computing for that matter, the Harvard -v- Von Neumann architecture debate is well over and the winner[1] does not matter. Because even in the near future with integrated FPGA’s it’s become “Software Defigned Architecture”(SDA)[2] to get the high performance demanded. To get the best advantage of that 3nm is where you want to go to get that 200 times performance advantage…

[1] Both won and both have now lost. We ended up with Harvard at the core of the CPU but for ease of interconnection and one or two other advantages etc busses were joined at the periphery to give back the single CPU Von Neumann architecture at a 20,000ft view to keep “sequentially minded” programmers happy. They have both lost because core architecture is now becoming software defined to get between a 5 and 200 times increase in performance for certain algorithms that neither architecture could give.

[2] In a way we have “crypto-coin mining” to thank for making the use of “Field Programable Gate Arrays”(FPGA) and “Aplication Specific Gate Arrays”(ASGA) “obvious to all who care to look” in search of higher performance but still more or less “general purpose” computing[3] to support the very real need for “Software Defigned Architecture”(SDA) systems of the very near future.

[3] Logically if we ever get “room temprature” “Quantum Computing”(QC) on a chip, that will supplant or augment the Gata Arrays we are currently moving towards. Such is the nature of human development, the old moves out to make way for the new at the center. Historically we can see this with humans in cities since before Roman times, and with just about all knowledge we have aquired in that time as well.

Clive Robinson August 11, 2022 5:01 AM

@ All,

This realy made me laugh,

“I’m not the only one Iran is trying to assassinate”

It’s a qoute from John Bolton from yesterdays news[1]. Why do I find it funny? Well maybe this might help,

“Dear John,

Well you did orchestrate the murder of an Iranian Diplomat on a peace mission, I guess you don’t like the “eye for an eye” reasoning you espouse when it applies to you.

But, what makes you think it is only Iran that want’s to kill you?

I suspect the que is realy quite long, and many more would join it or chip in a few dollars if they could. Like maybe all those in the US who can see you as still ‘A clear and present danger’ to then and their loved ones for your ‘war at any price’ mentality towards not just Iran but other nations like China as well.

Remember,

‘Those who live by the sword…”

[1] The quote apparently came out of a Sky News[2] interview,

‘https://theglobalherald.com/news/im-not-the-only-one-iran-is-trying-to-assassinate/

[2] Sky News is one of “Rupert “the bare faced lier” Murdoch’s organs. As such it follows his now much demented behaviour as he desperately tries to remain relevant in the modern world. As such they are probably the only large MSM in the US to give Ex-Trumpian nutters sympathetic air time.

Winter August 11, 2022 6:06 AM

@Clive

The gauling thing is it need not have happened at all. It was two world leaders in particular that fiddled whilst the flames got started.

This editorial below was published in February 2020. I believe nothing in this editorial was wrong or alarmist. If anything, the editorial was too optimistic.

Preventing a covid-19 pandemic
‘https://www.bmj.com/content/368/bmj.m810.full

This assessment by the group at Imperial College London is now being played out, with community spread of the virus being seen in many countries, and the US Centers for Disease Control and Prevention (CDC) expressing the view that current global circumstances suggest it is likely this virus will cause a pandemic.6 We live in a world that is globally connected, in terms of the movement of people, goods, and food, while even within close knit communities, such as those currently locked down in Italy and elsewhere, the ideal conditions exist for the virus to spread from person to person. In one of the most cited research papers from the 1990s, Watts and Strogatz showed that the “small world” structure of society facilitates rapid disease propagation between distant and apparently unconnected communities, resulting in sporadic outbreaks that seem to start spontaneously, undermining even the most stringent attempts at containment.

The clinical features of covid-19 are well documented, with most people displaying mild symptoms or none at all and deaths occurring mainly in elderly and chronically ill patients. This is not the public perception as played out in the media and reinforced by gunpoint quarantine.

Given the lessons from 2009—which taught us that containment for a globally disseminated disease was futile—and accepting that most of the exported covid-19 cases from China (and elsewhere) are undetected, is it not time to admit that a global pandemic is upon us? The World Health Organization is reluctant to say so. Once the disease is recognised as a global pandemic, nations, commerce, and healthcare can move into a much more rational phase with resources targeted at those most at need.

Clive Robinson August 11, 2022 8:06 AM

@ Winter, ALL,

This,

“The clinical features of covid-19 are well documented, with most people displaying mild symptoms or none at all and deaths occurring mainly in elderly and chronically ill patients.”

Does not exactly fit with the “third biggest killer this year” from Australia…

Or those Northern Italian deaths at that time…

Do you remember I told you and others,

“we need to look at excess mortality deaths not the numbers given by Governments”

Because at that time the number of obtiuries and other notifications in the local press there were 12 times the five year average for the region and time of year.

Thus,

“This is not the public perception as played out in the media”

Those way higher than five year averages did not lie, then and still do not lie today. It was this Northern Italian death rate fairly accurately reported by both journalists and Town Mayors that woke people up to the risk.

Then as the aged and infirm hosts died out, quite predictavly the virus mutated towards the thirty year olds and was killing them as well.

SARS-2 was no “just a cold” or “just a flu” virus it was killing at a rate three or four times that of the five year average for flu.

But also quarantine, lockdown and similar did work…

You may remember it was reported that two of the flu virus strains are now extinct because of them.

If the quarantine and lockdown had been put in place as fast and effectively as the Chinese did the outcome would have been,

1, SARS-2 made extinct.
2, Two way less dedly flu strains would have remained.

On the “Calculus of death” the first outcome not the second would be preferable…

Oh and think back to Sweden with it’s “no wories” policy, and compare the mortality and medical injury figures to it’s immediately adjoining neighbours that did go into lockdown at the time.

I’m sorry but the evidence is in,

“Action was way to little way to late, for political not medical or safety reasons.”

In fact the evidence is mounting that this political behaviour was in fact quite deliberate because of “the profit” it woukd bring to Govetnmental Treasuries.

As for mRNA lots of “bad news” is starting to come out. Not just that it was way to specific thus had a way to narrow skirt. But also that it forced mutations to happen.

Then the evidence that it is more likely to cause harm to under 20 year olds than other vaccines…

Certain drug companies are pushing very hard to keep long term health figures vaccine indistinguishable. That is the data available for analysis only indicates vaccine status, not which vaccines.

Some have made claims that “long covid” may be related to which vaccine was used… If true it’s not surprising the drugs companies want the information at best opaque to examination.

However there are ways you can ferret the information out. For various reasons the USA was almost totally mRNA vaccines, other nations were not but the ratios of the vaccines used is known. So appropriate analysis could pull sufficient data togethet, to force more accurate data to be released.

Oh as for that “promise” mRNA could be rformulated within a couple of weeks if the virus did mutate. Have you seen any real evidence for that?

I tell you the evidence I have seen, and that’s that the mRNA vaccine manufacturers are saying to the US FDA that this comming years booster shots should be the same as the now usless first mRNA vaccines…

Now why would they do that if mRNA is so easily adaptable as was originally claimed?

Winter August 11, 2022 8:35 AM

@Clive

Does not exactly fit with the “third biggest killer this year” from Australia…

That was the state-of-knowledge in February 2020. Mortality proved to be around 1% of infections. But mortality depended strongly on the availability and quality of ICUs. With improved therapeutics, mortality was reduced significantly over the course of the pandemic.

To summarize, a low morbidity in a naive population can add up to a major killer.

If a imuno-naive population encounters a new pathogen, everybody will be infected and everybody will go through a full course of the infection. As adults have a less effective immune system than children, they will show a higher morbidity and mortality. Hence very low morbidity and mortality in children and increasing problems with age. This showed itself as high death rates in unvaccinated (older) people everywhere, up to the original disease mortality of ~1%. After vaccination or infection, morbidity and mortality will be strongly reduced, even with new variants.

A 1% death rate per year is close to the number of people that die every year from all causes (humans do not get much older than 100 year, if they get there at all). So it is pretty logical that COVID-19 was one of the main causes of death, if not the main.

Clive Robinson August 11, 2022 12:30 PM

@ SpaceLifeForm, ALL,

I guess this should not surprise anyone who reads here regularly…

But it appears that contrary to what Apple try to achieve in the way of privacy in iOS and Safari for their users, certain evil minded organisations do what they can to strip any and all privacy where they can,

https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser

The moral is those “apps” even when from “Walled Gardens” with alleged security protection, are without doubt highly undesirable from the users privacy and thus security asspect.

I guess telling people to “never load them” in the first place will fall on deaf ears…

SpaceLifeForm August 11, 2022 3:20 PM

@ Clive, ALL

Re: SQUIP

No, I did not note that PDF. I try to avoid them if someone has a good summary. If I do link to a PDF, I try to remember to note how large it is. That gives a heads-up to those reading on mobile. Plus, in general, I worry about the security of a PDF file in the first place. So, if I do link to a PDF, it would be at what I consider a trustable site.

It was the @ElReg article in the second link below. It was actually talking about the Intel flaw, but did reference the AMD issue.

I put it on the recent NIST article, because I was trying to point out that what NIST concludes may not matter if you interact with a malicious server, especially cloud. If the cloud is malicious, then it could intentionally leak stuff, especially admin KEYMAT like ssh keys.

If you rent cloud, it could leak. I would only use cloud for backup storage of previously encrypted data.I would not run web servers on cloud where PII is involved. There are cases where running a service on cloud may be acceptable because the data is not really security sensitive. But, likely few.

Do you trust your cloud today?

AWS would be last on my list based upon history.

First one is about Intel, second about AMD. Both attacks can leak. If you rent cloud, you could get either one, but that does not matter if the host is malicious.

https://www.schneier.com/blog/archives/2022/08/nists-post-quantum-cryptography-standards.html/#comment-408701

https://www.schneier.com/blog/archives/2022/08/nists-post-quantum-cryptography-standards.html/#comment-408718

SpaceLifeForm August 11, 2022 4:04 PM

@ ALL

Rubik’s Cube

If you are not familiar with @RachelTobac and @CISAJen I think you should do so because these fine ladies are looking out for your security.

I probably have forgotten how to solve a Rubik’s Cube, but for other mysterious reasons, it has reapppeared on my plate. I just have to find my cube, and refresh memory.

Watch the 12 second video. I think you will be impressed.

Scroll down a bit, you will spot it.

‘https://nitter.net/RachelTobac/status/1557536632802226181#m

SpaceLifeForm August 11, 2022 4:32 PM

@ ALL

Re: Cisco hack

Out of the many hacks, that seemingly^W are a everyday occurrence now, one thing about this one stands out to me.

Why is a vendor that is heavily involved in internet infrastructure, not using a HSM for authentication?

They should be required to do so by law.

Prove me wrong.

‘https://www.bleepingcomputer.com/news/security/cisco-hacked-by-yanluowang-ransomware-gang-28gb-allegedly-stolen/

SpaceLifeForm August 11, 2022 5:14 PM

Re: Mandalay power outage

This sucks because I was winning. Now I have to hang around.

‘https://nitter.net/MalwareJake/status/1557805163590533120#m

SpaceLifeForm August 11, 2022 6:30 PM

@ ALL

Re: as the insanity continues

Note that you can spot nutcases by the way they drive their vehicle. Trust me on this.

But, in this case, to document that you are going to attack FBI is Chef’s Kiss.

I’ll just say it in plain @BetoORourke
speak, the Mofo is lucky he is dead.

‘https://nitter.net/travis_view/status/1557853406055636992#m

‘https://nitter.net/travisakers/status/1557546910101250051#m

Clive Robinson August 11, 2022 7:48 PM

@ SpaceLifeForm,

Re : power outage

Maybe the revenge of the Physicists for not being alowed to have conferences in casino hotels as they don’t gamble…

Which begs the question of “Why You do?”

“This sucks because I was winning. Now I have to hang around.”

Not sure if you will get your money back or not.

The UK Casino Gambling regulations are wildly different to those in the US. So take this with a grain of “lot’s Wife”,

The slot machines and similar are required to keep a permanent audit trail so that “iregularities do not happen” and required pay out % is adhered to.

From what I remember of US gaming machines they all have the equivalent of a network port that sends back significant information to the “pit boss” so that if any statistical anomaly gets flagged up.

A friend who designs gaming machines for export from the UK has told me that some places are asking for “full bio-metrics” to be included, such as button press times/rythm and video/stills of the person using the machine which can be used to detect not just breathing rate but heart rate as well…

As I’ve indicated in the past I don’t gamble for fun or pleasure I don’t rock that way. I will for “instructive purposes” take small bets if I know I’m going to win. People generalky quickly learn not to have bets with me (if they don’t there is always my magic coin toss[1]).

I am however vaguely familliar with the inside of Casino playing areas and how to play one or two of the games (I won’t play poker for obvious reasons). It was useful for business reasons, for some reason many sales and marketing managers like to go to a casino for an evening, so being able to take them was part of “The business thing”.

My advise if you have to “do it for the team” is the old Right hand, Left hand pocket rule. Put say $100 in the lowest value chips in your right hand pocket and play only low value/risk games if you win anything then that goes in the left hand pocket. When the right hand pocket is empty STOP and go watch other people loose or just go to the bar / restaurant if not go home.

Oh and never ever play games where you play against other people rather than the house / dealer. Anyone who has played Bridge or Whist seriously can tell you that in a four or more player card game, if the other players collude you might get out with your shirt…

The secret to winning in a Casino is not to play any of the games, but have little side bets with other watchers that way, you can get not just “the house advantage” by betting against (someone winning) but also more favourable odds (evens). Oh remember there are two basic game play stratagies for each player,

1, Play to win.
2, Play not to loose.

In many games they can have over the entire game very different odds. Most often an opponent will “play to win” which causes them to make the wrong choices when you play bot to loose.

[1] I’ve mentioned this before, I can toss a coin and catch it to the back of my hand. And it does not matter when you call it I can nake it come up or not depending on the point I’m making. After ten to twenty correct reveals followed by ten to twenty incorrect reveals most people ask how the trick is done as nobody realy believes in magic or teleportation.

The secret is when you flip the coin up with your dominant hand you catch it with the dominant hand towards the top of the arc. You then bring it down onto the back of your other hand… If you watch your dominant hand as it catches the coin you will see which way up it is in your dominant hand. When you bring it down to the back of your other hand you know it’s the other way up. The hard part is getting the slight of hand right if you need to turn the coin over… I suggest using a coin that has two characteristics,

1, It’s less than a finger and a half in diameter.
2, It has a high contrast / reflectivity ratio between the heads and tails sides.

The first makes the slight of hand easier. The second means you can see which way up the coin is out of the corner of your eye…

JonKnowsNothing August 12, 2022 12:04 AM

@ Clive, @ SpaceLifeForm, @All

re: CDC: you are on your own

As the CDC has now withdrawn nearly all previous recommendations regarding C19, except for those in close quarters health care situations, we will be evaluating many options ourselves. Some of the MSM reported CDC suggestions, in absence of recommendations, include some drugs that were withdrawn a good while ago as ineffective. However, since the barrel is scraping bottom, anything might help.

Nearly every lab and pharmaceutical company that deals with vaccines and pathogens uses a a testing technique to validate how good a response their drug(s) give. Once you have figured out how to read the graphics, you can pretty much skip the inner details and go right to the summary/executive summary and understand what’s what.

For C19, labs hold samples of every major mutation and sub-lineage since D614G (aka Wild Type). The original virus is extinct and D614G mutation (predates Greek Letters) was the version that caused so much death and damage. It is the baseline for all tests.

Labs also hold samples of antibodies harvested from patients blood. This supply has to be renewed often with new samples, not only to replenish supplies but also to capture new antibodies combinations. Nearly every person has a unique immune system so their antibody response is also unique.

There are 3 tests done per mutation and per antibody test combination. Some will test for specific antibodies or effects but there are 3 versions done.

  • Low Medium High

There will be 3 sampling tests + 1 baseline. In the Low test a small amount of antibody will be introduced to a fixed amount of virus. In the Medium test and larger amount of antibody will be introduced to a fixed amount of virus. In the High test a large amount of antibody will be introduced to a fixed amount of virus.

The results are described but are usually presented as graphics. The graphics are much easier to digest than the text description.

From a human standpoint:

  • An Excellent result is when a Small amount of antibody neutralizes all the virus in the Small test.
  • For an Average result, the small amount of antibody left some active virus, but the Medium amount of antibody neutralized all the virus in the Medium test. This is what happens for a large number of people.
  • A Poor result, is when both the Low and Medium tests do not clear all active virus however the Large amount of Antibody clears the virus in that test. This is the scenario where you “need some help Mr Wizard”.
  • The version that’s Not Good News, is when neither the Low, Medium or High Antibody tests clear the virus. This is the case for reinfections, double infections, back to back infections and immune-suppressed infections where the virus continues to hang on or lurk until conditions are favorable for a viral resurgence.

Many of these tests will be found in hard science literature, but rarely reported on public facing websites or in standard canned reports.

For every drug, vaccine, treatment such tests are published. It’s not just a C19 thing, it’s for all conditions. Sometimes the graphics are easier to understand with less cross referencing between multiple iterations. Of course, multiple iterations are to be expected depending on the nature of the research. Those focused on determining the exact quantities needed to clear a condition will have many more iterations that just a Pass-Fail test sequence.

As the newer variants propagate, BA5, BA4, BA4.6 these tests will be run with varying results.

Since different governments pursue different aspects for their population, being able to determine how successful a drug or treatment is maybe a useful tool going forward.

Winter August 12, 2022 1:48 AM

There were norms?
Russian invasion has dangerously destabilized cyber security norms
‘https://www.theregister.com/2022/08/11/black_hat_hacktivists/

Around that time, another Estonian company launched a bug bounty program seeking vulnerabilities in Russian critical infrastructure systems with the aim of then passing these on to Ukrainian hacktivists.

“What if a Russian-owned company located in Germany were to organize an offensive bug bounty program that targets Ukrainian critical infrastructure, and shares the discovered vulnerabilities with the Russian intelligence community? Would Berlin, Brussels and Washington deem this acceptable behavior by the private sector?,” she asked.

“Soesanto says continuing to ignore the essence of the IT Army will wreak havoc on the future stability of cyberspace, and with it the national security landscape in Europe and beyond,” Zetter said. Meanwhile, “civilian infrastructure is very much on the agenda of attackers and will only become a greater target going forward,” she noted.

When you are up against Владимир Отравитель (Vladimir the Poisoner), you are fighting for your very life, and that of your family.

Winter August 12, 2022 3:04 AM

Now, from Amazon: Ring, the TV show.

Wanda Sykes To Host Syndicated Viral Video Show Featuring Ring Doorbell Technology From MGM
‘https://deadline.com/2022/08/wanda-sykes-host-syndicated-viral-video-show-ring-doorbell-technology-1235089510/

Clive Robinson August 12, 2022 6:38 AM

@ Winter,

Re : The ends justify the means

“There were norms?”

Yes and no. The notion of “norms” is the notion of “good or bad” taken from the individual observers “Point of View”(PoV) to a supposed mean PoV of an orgaisational unit. Such as that of a group of just a few upto a whole society.

Conflict in any form is at it’s base is about

1, Aquisition of Resources
2, Subjugation of people

Usually as a way of obtaining support for an individuals aberrant Psychological pathologies (Dark Triad etc).

It is always destructive in some way, even if not by initial violence and destruction[1]. Because no matter what people might say there is never a draw in human behaviour, someone gains and someone looses because that is what change means. It’s why there is the statment of

“Breaking someone’s rice bowl.”

What most do not think about is that all human interaction is a form of conflict, all involved loose or gain in some way and ultimately human existance is not even as good as a “zero sum game” because of entropy and being in a strongly bounded near enviroment.

Thus my repeated point about,

“Individual Rights -v- Social Responsabilities”

The “norms” are a reflection of “Social Responsabilities” which some call “The Social Contract”.

The thing is for contracts to work any potential cheaters have to be aware that there are penalties, and that they will be enforced in some way to their detriment if they do cheat. Thus “guard labour” is seen as a “necessary parasite on society” because of those with aberrant attitudes, behaviours and pathologies.

The “norms” are about what is acceptable in implicit human interaction contracts, and as with the notion of “rights” points of view differ in individuals and groups. As norms gain acceptance by the majority they become part of the “mores of society”

Often “norms” become codified as regulations and eventually legislation, such that punishment for transgressions also becomes codified.

Currently there are little or no norms for the non tangible information space. The few that exist are based on the notions of harms from the tangible physical space. Unfortunately most do not translate all that well from the physical to informational spaces.

It’s made worse by legislation around the quaint notions of,

1, Any person legal or natural.
2, Intellectual Property.

In essence the first alows for people to evade responsability and punishment through the use of partnerships, companies, and corporations. The second alows for the ownership of what ultimately is the interpretation of numbers.

Neither makes sense in the notion of a “society” because both create an artificial imbalance, that in turn creates growing conflict.

[1] For instance the war on society carried out by certain WASP nation leaders against the general citizenry by the mass collection of electronic communications has the destruction of

1.1 Personal Privacy
1.2 Continuance of Society

At it’s heart. The fist steps of “chilling of speech” is like screwing down the safety valve on a boiler preasure vessle and turning up the heat. You know what the eventual end result will be, but in the meantime you get increased power to use for what you want.

Winter August 12, 2022 8:41 AM

@Clive

The issue is nearly all drug trials / testing is done by drug companies, or people who have strong connections with drug companies.

That is another example of We want our cake and we want to eat it.

The public wants safe drugs with no risk, but the public does not want to pay for it. Hence the costs and profits are delegated to what can only be described as psychopaths out for a bounty.

The alternative is a system where “the public” pays for drug development and testing for cures that do not earn enough monetary profit. For that to be even possible, the drug licensing system must be redesigned from the ground up.

Currently, it is next to impossible to register and market an existing tested and tried drug out of patent to the same patients that were taken the very same drug before, after it was withdrawn by the original producer.

We had a case in the Netherlands where a licensed pharmacist gave an unpatented needed supplement to a persono with a metabolic disease for tens of euros. After it was taken up by a drug company, the very same stuff costs thousands of euros.

Clive Robinson August 12, 2022 10:49 AM

@ Winter,

Aside from the blatent price gouging I have significant concerns about society.

For instance there are known to work cures using phages, that will never ever be aproved in the West under the current system because phages are a natural product, therefore not patentable (yet… however the USPO is moving that way and the EUPO appears to have been captured by lobyists from the US).

Thus the question who pays/profits from the “common good”?

I see it as further proof of the badness that almost always happens in hierarchical systems. Those at the top have the power to corupt, which makes them obvious targets for those who want to benifit by coruption in myriads of ways.

What the solution is to this I don’t know but some of the ideas I have would not be popular with the gougers.

I don’t know if you remember back a few years and the US public scandals such as when a US investor / hedge fund manager Martin Shkreli purchased the rights to an old drug and raised the price to $750 from $13.50. Or when compaby Mylan made huge price increases on its life-saving EpiPen for allergic reactions up to over $600 that contained less than $1 of Medication?

Well Shkreli did time but is out now and apparently ploting his revenge on Big Phama. As for Mylan they’ve got of light with a paltry 1/4billion fine and a bunch of smirks off camera…

But the epi-pen scandle led to DIY solutions and information on how to refil existing epipens going up on the web…

Not something I would encorage, but easy enough to do and with little effort (in fact some “single use” injections with rubber needle covers and large plunger tops can be used in “thump mode” (as soldiers used to describe their anti nerve agent pens administration). Where pushing the body hard will cause the needle to come through the rubber cover and go into the muscle of leg or arm. Coming up with simple mechanics for the rest of it would be little more difficult than examing how one of those auto-centerpunch pens work.

Winter August 12, 2022 11:35 AM

@Clive

I don’t know if you remember back a few years and the US public scandals such as when a US investor / hedge fund manager Martin Shkreli purchased the rights to an old drug and raised the price to $750 from $13.50.

I do remember that. But the scandal of all scandals is the opioid crisis which killed over 600,000 Americans. I believe no one was jailed over that mass murder.

But these specific examples are the result of Americans thinking that universal healthcare coverage is only possible with Stalinist Gulag camps. If you insist on not wearing seat belts, you die if your car is involved in a crash, if you insist on American Health Care, you die if you need care.

Clive Robinson August 12, 2022 12:50 PM

@ Winter,

Re : 600,000

I went over the reasons why that happened in the past on this blog, but you won’t find it here any longer though there are bits up on one of the archive services.

I was kind of hoping the past couple of years would have woken the US population up…

But apparently not,

‘https://jrreport.wordandbrown.com/2022/08/09/us-government-poised-for-long-awaited-powers-on-drug-pricing/

Note what got carved out…

lurker August 12, 2022 10:58 PM

@Ted

Before oxycontin there was thalidomide, and before that arsenic for complexion, and before that mercury as a bodily acaricide and for syphillis. As @Clive keeps reminding us, those who ought to learn from history, don’t.

Clive Robinson August 13, 2022 5:07 AM

@ lurker, SpaceLifeForm,

Re : Ted comment

It would appear your reply has been “orphaned”.

I suspect for the reason I mentioned in response to @Winter on the loss of 600,000.

Winter August 13, 2022 5:51 AM

@Clive, lurker, Ted et al.

I was kind of hoping the past couple of years would have woken the US population up…

Before oxycontin there was thalidomide, and before that arsenic for complexion, and before that mercury as a bodily acaricide and for syphillis.

It all started in 1971, see the Nixon tapes:

‘https://www.investmentwatchblog.com/nixon-and-ehrlichman-discuss-kaiser-permanente-in-1971/

Ehrlichman: “Edgar Kaiser is running his Permanente deal for profit. And the reason that he can … the reason he can do it … I had Edgar Kaiser come in … talk to me about this and I went into it in some depth. All the incentives are toward less medical care, because …”

President Nixon: [Unclear.]

Ehrlichman: “… the less care they give them, the more money they make.”

President Nixon: “Fine.” [Unclear.]

Ehrlichman: [Unclear] “… and the incentives run the right way.”

President Nixon: “Not bad.”

Nixon, and the GOP in general realized that the cheapest and most profitable Healthcare insurance is the one that does not give care. And that is the one the American people get. Unless they are able to pay for themselves.

Winter August 13, 2022 6:58 AM

@Clive, lurker, Ted et al.

More on Kaiser Permanente, not really a Not For Profit.

‘https://www.energyroyd.org.uk/archives/12788

In this American model, so-called Health Maintenance Organisations (HMOs) provide relatively low-cost health services that are based on short hospital stays and cherry-picking patients with health care needs that are not too costly.

Clive Robinson August 13, 2022 7:05 AM

@ Winter, lurker, Ted, ALL,

Re : Who pays the piper

“Unless they are able to pay for themselves.”

Or as in the case of US politicians, have the best healthcare in the world payed for by the US tax payers… Where no treatment no matter how expensive or off-book is available to them (think back to what Trump got when he had C19).

So they know the value of “State Funded Health Care” but don’t want others having the same privilege and long life expectency (two decades more than working US citizens).

lurker August 13, 2022 12:57 PM

@Winter“It all started in 1971 …”

1971 B.C.E I assume you really meant. Thst sort of nonsense was going on during the building of the pyramids, hence my reference to learning from history.

Winter August 13, 2022 1:21 PM

@lurker

Thst sort of nonsense was going on during the building of the pyramids

I am pretty sure insurance policies are a recent invention. The concept of health care plans are even younger.

SpaceLifeForm August 13, 2022 1:31 PM

@ Clive, Ted, lurker

Re: Ted comment disappeared

I noticed. I saw nothing wrong with it as it was accurate information.

I still suspect a database problem.

lurker August 13, 2022 3:49 PM

@Winter, “The concept of health care plans are even younger.”

The pyramid builders were paid partly in beer because it was recognised as the safest beverage. The bakers who provided the beer were contractors to the government who needed a healthy workforce.

lurker August 13, 2022 3:59 PM

@Winter, “I am pretty sure insurance policies are a recent invention.”

q.v. Codex Hammurabi, c.1750 BCE

Clive Robinson August 13, 2022 6:49 PM

@ lurker, Winter

Re : Egyptian Pyramids.

We are told a lot of nonsense about how the Pyramids were built.

The Hollywood version based on religious propaganda, is slaves being beaten into it, which is not at all true[1].

Due to weather the Nile Delta flooded and for three to four months agriculture was not happening. So they went to do what we would call “Government work” for which they were paid in various ways depending on their skill levels.

And yes, you are right,

The pyramid builders were paid partly in beer because it was recognised as the safest beverage.

It was what we would call “small beer” of which you could drink about 250-300ml every hour of the 16hour day without getting intoxicated or harming your liver. But there was also wine and other fermented fruit juices as well as fresh fruit juices from the likes of the pomegranate as in many places around the Eastern end of the Mediterranean.

The Egyptians also filtered and boiled water and made hot drinks. One such involved boiling dates and raisins to get a sweet flavour drink and a mash or paste used in cooking (people still do this, and some even ferment it illegally in Iran to get a very potent alcoholic drink).

During the flooding season fishing was also very productive and fish cooked the night before was often eaten with bread and the likes of dates during the following day. Fish were also dried or smoked to preserve them to last through out the year.

It was also during the flood season that a lot of artisan craft work was carried out and sophisticated techniques sugh as plating silver with gold cyanide were developed.

However after Ramses III was murdered by one of the lesser queens –although the Pharoes were male, power was passed on through women– things turned for the worse with various invasions and a drought that lasted over a century and a half.

[1] Well untill the Romans came to enslave the whole country around 75BC and take the wheat to keep their Empire going. They enforced slavery in agriculture and over taxed the land and created problems that led to amoungst other things crop failure and famine. Just as happened in the US with the “Dust Bowl”.

Winter August 14, 2022 2:26 AM

@lurker

q.v. Codex Hammurabi, c.1750 BCE

My definition of “insurance” seems to have been too limited. Mutuals were obviously not interested that much in fleecing themselves compared to external companies.

Wrt the beer for laborers (as Clive wrote: not slaves), the differences between beer, porridge, and bread are gradual. Beer is also a foodstuff that can deliver quite a lot of calories which is handy when you have to work hard.

Clive Robinson August 14, 2022 7:32 AM

@ Winter,

the differences between beer, porridge, and bread are gradual.

Not in the case of “porridge” two reasons,

1, Different grain (oats).
2, Not fermented in any way.

You might be thinking of “gruel” which can be made with most grains and may get fermented.

Basically it’s a way to “thicken liquids” like stock or milk to hold them longer in the dietry system. The French “Roux” is similar other than you use lippids (oil/fat) as the “cook trough” for the starter.

Take a heaped table spoon of your grain in powdered form and add two fluid ounces of water (or lipid if Roux) to it in the bottom of a sauce pan (appropriately named as gruel is technically a sauce). Work together to form a smooth paste or thick liquid, slowly heat up and keep working it to stop lumps forming. Take off heat and alow to cool down to hand hot, thrn add stock or milk / whey and whisk in. Transfer to a double boiler and just like making custard keep whisking untill suitably thick. This can be served hot or cold. As with making custard you can add alcohol containg liquids such as “spirits” like Ameretto to add flavour. If you add at the begining of the double boiler thickening most of the alcohol will be gone by the time it’s finished thickening.

There is a Victorian recipe for feeding the infirm where the liquids used were,

1, Beef stock.
2, A good “Porter” Ale.

At the start of the infirmity it was mostly beef stock which was common[1], and it tastes not much different to some beef suet pudings just more dilute.

As the infirmity progressed or if the patient “yellowed” or was bled then more Porter [2] or Sweet Stout[3] was added to fortify to make up for the loss.

The thickness of gruel varied from not much thicker than single cream right through to being able to let it cool and set and be cut into slabs. When made with milk it was used for weaning babies and was a staple food in Victorian and earlier work houses[4], prisons, and asylums. Where the inmates were expected to “Earn their keep” by hard labour if fit or “picking oakum”[5].

[1] Due to Queen Victoria consommé was popular, technically it’s reduced beef and vegtable stock with the bits taken out using crushed egg shells and whisked egg whites (we only use the egg whites these days as beef is much leaner).

[2] A Porter Ale is a brew that started with a popular blended beer known as “three threads ale”. Porter arose out of trying to make a single brew with the same characteristics of a dark chocolaty slightly sweet full bodied strong or full beer but with only the non bitter hops notes. It’s made with dark, caramelized malts and “Fuggle” hops grown in East Kent and harvested by Cockneys doing their summer working vacation “in the air” (ever wondered where “muggles” as a name came from 😉 Deepening on how you make it, it has a 4-10% alcohol content. Also appart from the alcohol it does make a fairly good “liquid food” only propperly made Scrumpy rivals it in this respect and would technically be a “whole food” you can live off of.

[3] There is a saying of “There are more stouts than Irishmen in Killarny” which is a joke within a joke. Killarny comes from the Irish “Cill Airne” which means ‘church of sloes’, and a “sloe” being a berry used in making “Gin” a drink that was regarded as being synonymous with the oppresive claimed to ve “God fearing” English officers (IPA or India Pale Ale with the “rank and file”).

[4] See the film “Oliver” to see gruel being dished out in a workhouse setting (it’s only marginally fanciful in it’s portrayal making such places look better than they realy were). It’s based on Charles Dickens’s novel “Oliver Twist” which mentions the extraction of oakum by orphaned children in the workhouse[5].

[5] Picking Oakum is not advised as it will give you cancer from the toxic dust and tars. However it was a usefull product in boat building for “caulking”,

https://en.wikipedia.org/wiki/Oakum

When I was younger I learnt the art of “caulking” and how to get “vegtable fiber” and “pitch” from the likes of ferns and conifers respectively, and also how to make “withies” cordage, and split and drill wood with wood to make planks so you could build a “clinker hull” without iron or any metals. Although at times strenuous work it is supprisingly easy with practice and just one or two tools, and making a new boat to fish from once a year as “evening work” easily done.

Winter August 14, 2022 7:52 AM

@Clive

2, Not fermented in any way

Fermentation is inevitable if the poridge is left alone. Hence the “gradual”.

Clive Robinson August 14, 2022 11:29 AM

@ Winter,

Fermentation is inevitable if the poridge is left alone.

Only if live bugs can get at it…

Some years ago I was experimenting with storing both cooked and uncooked bread in the freezer and in jars.

The result cooked bread does not like being frozen unless you under cook and let steam a bit in a closed bag before freezing from hot.

Uncooked bread has to be frozen “oven ready” or “part cooked” otherwise it is “heavy” soda bread however not such a prodlem being chemically risen rather than biologicaly risen.

Odd thing dried yeast appears happy in the freezer even after eight years…

Yes you can cook bread in jars and store for well over a year at room temprature.

Do not even think of trying to store uncooked or under cooked bread the bugs can get nasty…

Which brings us onto “porridge” if you make it thick enough that when cooled you can slice it, especially with dried fruits and the like and extra added milk powder it freezes OK.

If you jar it hot provided it’s “acid” then not a problem (home made lemon curd with extra juice). I’ve jar’d it being just cooked roled oats (lightly toasted) and made with full fat simmer reduced milk with no problems, likewise acidic butter milk. Best to add quite a bit of sugar if just oats and milk as that acts as an anti bug agent by dehydrating them rather than sugar a home made jam or marmalade made with acidic fruits stired in. If just sugar either add a vanila pod to it to make vanila sugar or lightly caramel some of it. If you add quite a bit of caramelized sugar, you can also add some rock salt to offset the sweetness much as they do in high priced candies.

Anyway, expect some “Don’t do that Delias” from some of the US “canning clubs” they get quite up tight about some “health risks” and tend to go overboard about it.

If we were talking about jaring / canning meat and some alkaline vegtables I would agree with them

Oh one thing… Even

“Security Thearter hits Food preservation”

As you might know food correctly prepared and put in mylar bags can be good for atleast 25years…

Well some one in the US has decided that mylar bags are being used by those on the wrong side of “The War on XXX” what ever XXX is. Therefore buying coloured mylar bags in sensible sizes and quantaties used to make you “A person of interest” but apparently that’s not good enough so now online retailers like Amazon have been telling sellers they can nolonger do so due to “US Gov Agency” without saying which bunch of goomboids it is…

JonKnowsNothing August 14, 2022 5:06 PM

@ Clive, @ Winter

re:
W: Fermentation is inevitable if the poridge is left alone.

C: Only if live bugs can get at it…

Which is the principle behind making sauerkraut and silage for animal feed.

Some of the process is updated now but huge piles of green chop feed (1) are piled high and fermentation takes place. As the pile is huge the oxygen inside the pile is used up as part of the process and fermentation stops. The product is fed mostly to cows as they have the ability to digest foods that simple stomach animals cannot.

As soon as the pile is opened, bad things start to grow in the exposed outer layers. The farmer has to remove enough of the edge every feeding to prevent bad bugs from wrecking the pile. Used to be about 15 feet along any opened surface.

Modern versions of silage storage, have the silage in packed tubes where the only exposed surface is at the open end of the tube. Greatly reduces the surface area where bad bugs can gain a foothold. Like squeezing toothpaste out of tube.

===

1) Fresh cut grass by lawn mower is not recommended for horses. Even a small delay between cutting v feeding v eating is enough to make a horse sick. Also horses are subject to a number of serious gut problems and packed down grass can get packed down in the gut. Either condition is a trip to the vet and sometimes the outcome is terminal for the horse.

If you want your horse to eat the grass on the lawn, let him graze the lawn directly. Free fertilizer goes with the package. Be mindful not to put a lot of hazardous chemicals on the lawn; those are not good for digestion either.

Clive Robinson August 15, 2022 6:28 AM

@ JonKnowsNothing, Winter, ALL,

Re : Little bugs and tech security

“Which is the principle behind making sauerkraut and…”

Many fermented foods are “pro-biotic”. With most but not all being vegtables with a lowish simple carbohydrate content and high fiber –complex carbohydrate– level and medium water content. Other fermented foods are made with fruit but… The result is the liquid is a vinegar if air is alowed in and alcohol if not cider vinegar is almost trivial to make and can be used as a mild cleaning agent amongst other important things. Whilst fish is also fermented in brine or alcohol, red meat and poultry tends not to be for good reasons –botulism etc– this gets “cured” and “smoked” instead or “cooked and caned”, though eggs can be brined or pickled. An exception and I would seriously suggest avoiding is fermented lipids such as belly fat, blubber, and butter, rancid Yack butter might have a very high price, and be “an aquired taste” but seriously it does not mean it should be treated as a delicacy…

Okay you were feeling peckish untill the lipids but what does it have to do with ICT security? Read on…

In Korea, traditionally people were paid a small sum of money on a daily or longer basis, and twice a year would get the bulk of their annual payment. These coincided with “Kimchi making time”.

To make kimchi is relatively simple. Traditionally you need glazed pots and holes in the ground salt and a cart load of cabbage and white radish and sometimes but not always dried chilli flakes.

In essence you chopped the cabbage and salted it in a glazed bowl and left it for a few hours to draw out liquid and start making brine. You collected the brine and rinsed the cabbage. You then added finely choped white radish (daikon / mooli) and mix in your flavouring paste (ginger and garlic base) and then press down hard into the glazed pots, then add the brine to cover the vegtables but leave a gap at the top. The jar was then sealed and put in a hole in the ground and left for atleast a week often longer. This way six months or a years supply of vegtables that would not otherwise keep are preserved to be eaten through out the year. What would happen is about once a week one or two of the tall glazed pots would be dug up and brought into the home and kimchi would be taken out for every meal. The important thing was to keep the vegtables still in the pot under the brine. Eventually you get to the bottom of the pot, but this does not mean you should throw the remaining brine away this can and is used in cooking I often use it for marinading strips of beef or pork before stirfrying, and as part of the liquid to cook noodles in or as part of a soup base.

But, as many people in South Korea now do not live in rural areas but high rise flats, kimchi making is done slightly differently these days as useful holes in the ground are hard to find 😉

This guide will give you an idea,

https://www.wikihow.com/Make-Kimchi

The important thing to note, is fermentation does not stop all you can do is slow it down by keeping it chilled. That was why the pots were buried in the ground to keep a low constant temprature so the fermentation was slow. In your home unless you have a “cool room” pantry keep it in the bottom of the fridge, and it should be okay for months providing you do not open the jars/bags.

Unfortunately the tradition of paying people every six months still goes on… and it creates a major headache for the technology industry, as people moving jobs will go, the minute the payment is in the bank, so whole teams can be decimated over night. This has obvious security risks as well.

Ifrit September 11, 2022 9:00 PM

In BASE64, how do you write “Please post videos of men burning to death while said men are screaming in pain”? Now, how do you encode it in ECDSA-4096 with public code of “404”?

sbrewing company March 5, 2024 8:15 AM

I love analyzing the Friday Squid Blogging posts! The exploration of new squid species provides a pleasant touch to my Fridays. The simplicity and ardor in sharing these discoveries make it a fun and fascinating read. Thanks for bringing such captivating snippets of marine lifestyles to our attention.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.