Schneier on Security

Clive Robinson • September 25, 2022 2:17 PM

@ JonKnowsNothing,

Re : Religious nutters who can not be wrong.

With regards[1],

“Sort of reminds me of the UK Post Office Fujitsu Mainframe Accounting Scandal.”

It was a bit simpler than that

There was a “religious loony” in charge at the UK Post Office on a “Calling from God”, who was primarily held accountable. You can look her up (She’s on not just Wikipedia, but the UK Gov’s web portal as well).

Arguably she was used as the “scape goat” but she had worked her way into so many positions of influance “by saying the right thing” she had to be sacrificed (though she still sees herself as “The innocent lamb of God, who did no wrong in his sight”, though every one else involved knows otherwise, they are not going to “put their heads above the parapet”).

What you have with AT&T is a very deliberate “Policy” that is similar to that UK banks, UK Energy, and UK Mobile Phone Service run. It’s purpose is to raise revenue it has no entitlement to. If you challenge it they “sell it on” to debt collectors who then ruin your financial position. The companies then right up what they see as “lost entitlement” against “tax” as losses, though still keeping it as “income” for “share holder documents”. Personally I call it what it is “Criminal behaviour” to extort that which they have no entitlement to and defraud their share holders and UK revenue service to aquire an unlawfull subsidy from the UK tax payers via the “public purse”.

[1] It’s a horrifing case of injustice and due in part to the Post Office having it’s own prosecutorial powers so could keep things “all in house”, thus “out of sight” for something like two decades. There have been untimely deaths, illness, imprisonment, destruction of peoples lives, reputations, credibility and inability to obtain employment. And it was all due to one person,

https://www.computerweekly.com/news/252500167/Post-Office-CEO-either-knew-what-was-going-on-in-Horizon-scandal-or-was-asleep-at-the-wheel

The URL is made from a direct quote from the Criminal Cases Review Commission (CCRC) chairperson Helen Pitcher.

The then Post Office CEO,

“Angican Priest Paula Vennells CBE”

The then single share holder of the Post Office was,

“The UK Government”

She was very clearly “not suitable” for the CEO post or other Director level posts she held,

https://www.gov.uk/government/people/paula-vennells

She has never shown any kind of “attrition” for her actions and has had to be “Hounded Out” by the press and others. Other than make a few Press statments, she apparantly does not see she did anything wrong, and her “Anglican Faith” gives her great comfort in her self –deluded– opinion (puts her in the same class as “Salvation Army”, Roman Catholic” and other “called to God” “kiddy fiddlers” and the like who anoint themselves with “God’s forgivness and blessing” and go merrily on their way).

The UK Government as the controling shareholder of the Post Office failed in it’s duty of care. Basically it did not want to know for two reasons,

1, Politics (current encumbrants).
2, Finance or “profit” or lack there of.

The resprcted Forensic Accountants, “Second Sight” examined Horizon and it’s “false accounting” in some detail and in 2014 published a report which described the Horizon Computer System from ICL now Fugitsu[2] as,

“Not fit for purpose”

The Post Office under “Paula Vennells” direction stated that,

“There is absolutely no evidence of any systemic issues with the computer system”.

Then went on to terminate the Initial Complaint Review and Mediation Scheme in 2015 and published a report clearing themselves of any wrongdoing…

Talk about “Marking one’s own homework to get a “100% Pass”…

The then Government right upto and including several Ministers and Prime Ministers were well aware that it was all nonsense and that there had been a gross miscarage of justice.

But they all quite deliberately “turned a blind eye” because collectively,

“They did not want to see a fleet of well over seven hundred cases come into view thus a major scandle.”

So they,

“Long grassed and deep sixed it.”

Which is not alowable and unlawful at best with criminality and fraud likely. Under UK law as the major share holder they Government had a “Duty of Care” and clear “Fiduciary Duty” to prevent “Fraud” which is what the CEO and board of the Post Office –and Fujitsu– were clearly committing. They all had evidence of that, and chose to alow it to be sat upon for their own “Gain”, and significant loss by others, including the English Tax and Revenue System or “public purse” via the then “Customs and Excise”(C&E)[3] and Inland Revenue.Thus obviously the elected UK Government has been keen to see the Post Office scandle “Go away” and we assume were complicit upto and beyound their eyebrows to achive such.

[2] What is not made clear is that with just about every UK Goverment “Big Project” the Horizon System was a failure from the “get go”. Started officially in 1996 it was arguably a “back room deal” in “Whitehall” to move money from the then profitable Post Office into the then ailing “International Computers Limited”(ICL) in short an illegal subsidy as ICL also did “other work” and was supposadly a UK “Flag Flyer” to “lead the way”.

Horizon should have been a simple “accounting system”, but was dressed up over and over for various political reasons into a major money and technology pit. By 1999 the cracks in the ailing ICL had been covered up enough for it to have been “Sold Off” and was thus part of Fujitsu. Who recognised Horizon for what it was –a false/illegal income stream– and about the only thong ICL was getting income from. Thus Fujitsu carried on “cranking the wheel” on the lucrative “sausage machine”(think pork barrel/Grease in the US political system though less obvious). However 1999 was the year when, the problems with all the “additions” realy started to begin with Horizon’s introduction. Put simply it was very clear to Fujitsu staff that it very wrongly detected the existence of “financial discrepancies” at “multiple post office branches” and could not be reconciled with simple “Paper Book Accounting” (apparently according to insiders much of it got covered up as “Y2K issues”). However the reality was that even the Directors of Fujitsu then knew that the entire system was “Fundementaly thus Irreconcilably Flawed” and essentially should be “started from scratch” with a “clean slate” start. This was Politically and Financially a disaster not just for Fujitsu who had knowingly been quite delibetately “cranking the handle” on what was an “Illegal Subsidy” but for UK Government elected Ministers and Prime Ministers but the Civil Service as well, so it got “long grassed” and “deep sixed”.

[3] The “Customs and Excise”(C&E) had a long history thus had collected many “Special Powers allong the way, including it’s own prosecutorial powers, and arguably the right to kill people without question (Think back to times of flint lock pistols and the like). However C&E got stripped of it’s prosecutable powers. Over the “Super Gun for Iraq” and a totally illegal “tax evasion scheme for criminals” they had setup as a “sting operation”. Which embarisingly for the Government also caused a Judge to call such reserved prosecution powers the then C&E had into significant question. Hence the C&E got “disolved” into the “Inland Revenue” their much hated rivals. In the UK legal system we don’t have “entrapment” legislation, Judges simply stop the cases say why and that used to be the end of it as historically defendents could only be prosecuted once (not any longer).

Clive Robinson • September 25, 2022 7:35 PM

@ Moderator, SpaceLifeForm, Winter, ALL,

Clean up time in “isle 13” again…

The above from,

1, blunt knife

Is the sort of moronic vulgarity you would expect from –as has been said befor of–,

“A Trumpian 400lb teen”

With a computer in their parents back room who does not gets out much so just sits and vegitates and pounds away at it very inexpertly for all they are worth.

Clive Robinson • September 25, 2022 8:10 PM

@ SpaceLifeForm,

Re : Tropical Storm Ian.

The reason I ask is that on listening to various Ham EmComm Ops apparently they’ve been told to “pack for a week and prepare to head to certain schools”. Likewise the Guard have been put on notice and apparantly Pres Biden has authorised Federal assistance including 2million meals, 1 million gallons of drinking water loaded up on 360 lorries. Due to power outages of upto a week possible.

Oh and the Artimis 1 moon rocket launch has not just been canceled but may very well be stabled back to assembly so not get back on pad untill late October,

https://www.bbc.co.uk/news/63022093

Clive Robinson • September 27, 2022 11:14 PM

@ SpaceLifeForm, fib, JonKnowsNothing,

Re : Trop Storm Ian.

“Worst forecast I have seen in the last 2 days is that it could reach Cat 5.”

That was what the “weather channel” indicated back then… And my concern was that it would hit and cross the south end of the peninsula, so getting into the atlantic and free of the US Eastern seaboard and building before heading out across towards the south of the UK and up the English channel or worse north of the “lizard” and south of Ireland so get forced up the Bristol channel causing major issues to Wales and the West of the UK.

Well it looks like, it’s going north of that from,

https://weather.com/storms/hurricane/news/2022-09-27-hurricane-ian-forecast-landfall-cuba-florida-tampa

Thus if it does cross and rebuild it will be a fine line on the direction and could end up pushing up surge into or actually hitting New York. Which last time got off lightly in some respects due to problems with electricity infrastructure the preceading summer thus “repairs” were already “stepped up” and could react more quickly.

I look at it this way, any prudent person within 26-50miles –depending on land hight– of the US Eastern seaboard should be “stocking up” on “non-perishables” and sufficient drinking water now (as inexpensive bottled water is about to go into short supply as Fedral authorities will be diverting it south amongst other “new demand”). The trick is to stock up without causing panic buying thus significant price hikes… But… TS Ian is going to cause food price inflation of atleast 10% which is likely going to “ratchet” and not come down again, so getting in early will save you later anyway. Oh and Covid will be seriously on the rise again in the US and it’s anybodies guess what the next “new varirnt of concern” will be in terms of it’s pathological potential…

Even I in the South of England will be starting to re-stock my pantry to it’s limit this week likewise bottled water not just because of Ian but winter as well as Covid, which in the UK is doing what Artimis did not do, which is “go orbital”…

Speaking of going up, I’ll be delaying puting back up my “refurbised” main HF antenna I’ve just taken down for it’s normal refurbishment. Instead I’ll be building a couple of spare “emeregency” “End Fed Half Waves”(EFHW)[1] rather than “Offset Fed” as though the are less effective they are way easier to deploy in a hurry and as they can use less expensive wire which is what tends to break

So “Fun times ahead” not… For all this blogs readers and their loved ones, families, friends, loved ones, and collegues etc “stay safe”.

[1] The name “End Fed Half Wave”(EFHW) is actually incorrect as you cannot get current to flow in a wire unless it has something to push against… Which is why they are in reality “Extream Offset Fed Antennas”[2] using either the feed line or what are called “displacment current” from end capacitence and the like to push against, which has a habit of going where you do not want it to go… Such as into your house wiring or you either of which can have painfull consequences…

[2] For the curious a quick first order approximation of “Extream Offset Fed Antennas”. They are seen as halfwave dipoles at their lowest “base frequency” of opperation and will work at harmonics above (and with a simple switching trick can become a quaterwave over counterpoise for half that base frequency). The question is “where to put the “feed point”(FP) well a graphical “first order” approach says at “1/N” where N is a low value integer so 2 gives a classic center fed, 3 gives a so called “Carolina Windom”[3] and other values of N give “other” designs. The thing is the “feed point impedence” changes with each N my prefered point both for impedence and mechanics is 1/5 that is on a “80 meter band” that has 40meter total dipole length, the feed point is approximately 8meters “in from the end”. In reality it’s actually slightly less as a look at the actual impedences at the various harmonics shows[4]. The reason is in part due to the so called “5% drop” due to the “dielectric effect” of the wire insulation but also, and more importantly to the capacitance at the ends of the dipole where the charge movment current is minimal “but not zero” and the voltage very high which can cause “coronal discharge” effects as the air gets ionized (you can with even moderate power hear hissing which means you are to close). So you need to keep the “ends free and clear” of any conductors and certain types of “dialectric heating effect” sensitive insulators like carbon fiber composits (which some fishing poles are made of). I normally assume a minimum of 2meters “off of the ground” and atleast 1-3m from end “support structures”. But the fun thing is the “shortening effect” realy only applies most noticably to the lowest frequency which means that the harmonic resonances are not where your first order calculations would indicate. The way to deal with this is “complicated” mathmatically but in reality involves adding a coil or resistor in a short way from the “long leg end”. If you add a coil it “narrows” the antenna resonance bandwidth as radiation efficiency “goes up”. If however you use a non inductive resistor it disipates some of the power but has the usefull effect of lowering the “Q” thus radiation efficiency, so making to the feed point the impedece lower thus the the “Standing Wave Ratio”(SWR) better and effectively being not just kinder to your “transmitter finals” but make the antenna look much more broad band. As a very rough appoximation of where to put the resistor use 1/N for the distance and a resistor of a little more than the feed point impedence –1 to 3 times– and rated at about half the transmitter average power over 1-3secs (this is based on I^2R heating, disipating, and cooling effects, of the modulation waveform and resistor physical design). Using a coil also alows the long leg to be significantly shortened as well, but it does hit the antenna radiation efficiency, as well as be difficult to even know where to start as the calculations can appear daunting[5] which is why MMNA etc programs are what people reach for before the wire cutters these days.

[3] https://www.hamradiosecrets.com/windom-antenna.html

[4] G8ODE did a nice study and write up,

http://rsars.files.wordpress.com/2013/01/study-of-the-ocf-dipole-antenna-g8ode-iss-1-31.pdf

You will also find interesting antenna designs at “Non-Stop-Systems” site in particular variations on the W3EDP, that are quite good for portable and EmComm use,

https://www.nonstopsystems.com/radio/frank_radio_antenna_multiband_end-fed.htm

The “tape measure counterpoise” version works rather well with a “fishing pole” supports as long as the pole is fiber glass not carbon fiber. He has a series of more detailed write ups on the W3EDP of which this is a start point,

https://nonstopsystems.com/radio/pdf-ant/w3edp-4fba.pdf

[5] To see why adding an inductor to an antenna can be “interesting” see towards the bottom of,

https://k7mem.com/Ant_Short_Dipole.html

Oh and remember thats for a low ~73 ohm feed point, you have to rejig things for a 200ohm etc feed point.

Clive Robinson • September 29, 2022 6:03 AM

@ erika,

Re : Survival is the base of security.

“I see here long-winded posts about HF antenna design and camping. Is this now a HAM or prepper forum ?”

What you have failed to notice is that the conversation is about the impending disaster Hurricane / Tropical Storm Ian is going to be on the South East corner of the United States.

One of the biggest security concerns in the US is just how fragile it’s infrastructure is. Not just ICT wise but in nearly every way. Unfortunately it is due to “short term thinking” which is one of the fastest ways to be totally insecure in every way imaginable.

So the effects of Hurricane / Tropical Storm Ian are going to be a lot worse than they might otherwise be (the US does not have the greatest number or strongest).

As you should know the French have a single word for both Safety and Security which is “sécurité”. The reason is a fundemental difference in point of view, they see safty and security as being so intertwined they are effectivrly the same. Those speaking English as their First Language see them as seperate…

I can assure you with getting on for half a century of experience in electronics, communications, industrial control etc with knowledge of “Intrinsically Safe”(Ex) design as well as “Fail Safe” for medical and other life critical systems, I can tell you as a native English speaker the base English way of thinking about safety and security is wrong and the French right.

Most of what you complain about are “foot notes” in support of the main argument so you can always just scroll through.

But your comment suggests you have not actually thought about things, specifically why there are foot notes.

Well the reason is a compromise based on the history of this blog.

In the past if say said something that someone disagreed with it would end up with a highly disruptive back and forth with demands for refrences and the like. The point is once it starts getting confrontential certain types of people tend not to back down and demand more and more refrences etc and it all spirals.

If however you include the refrences reasoning and logic in the main comment two things happen. Firstly it makes the reading heavy going, thus has caused people to not read the comment or complain about length (which is why the 100 Comments page only shows the first part of comments). Secondly it then becomes an essay not a comment, which is not what anyone realy wants.

So the trick is to try and get a balance. Again the history of this blog shows that the weekday threads were getting clogged with longer than necessary comments, but with a little indulgence on the weekend Squid Page the weekday threads became a lot less cluttered.

If your desire is just to read our hosts security posts, then why read the Squid Page?

So that is the challenge to you, after all nobody is forcing you to read it, so why be negative about it?

Comming up with positive suggestions might be better use of time.

But as for “Is this now a HAM or prepper forum ?” the answer is that it is still a “Security Forum”. The thing you have missed is,

“Attackers are not siloed”

They work with “reality as it is” not how many in ICTsec do which is highly siloed. To many practitioners lack bredth and their depth can often be very faulty because of it.

One of the primary reasons for “Radio Amateur” licencing is “experimentation” much of the technology we use can be shown to have come from their work.

As I’ve mentioned in the past the use of “Software Defind Radio”(SDR) has come as quite a shock to people in rather more sectors than just ICT Sec. But the thing is ICTsec is impacted quite heavily, as attackers use SDR just as they would netcat or a pair of wire cutters. That is they are a tool as a means to an end, which is a successful security breach. Those in ICTsec need to have an understanding of basic attack tools if they are even remotely going to be able to mount an advanced defence. That is like a burglar alarm or CCTV catches the attacker before they get through the security perimiter(s). To do that needs an attacker mindset, and that means understanding not just new tech from an advantage but a disadvantage.

Have a look at the history of TEMPEST / EmSec for over a human life time it has been one of the primary concerns of “National Security” and protecting secrets. Well Government policy has “out sourced” much that is National Security to corporates. This means that corporates like cloud providers realy have to step up to the plate. Only they are not, because they don’t have the skill sets or the right sort of thinking.

The information I provided on antennas is a lot more fundemental thus broader than “HF antenna design” the same rules apply right through into the microwave bands. Any EmSec specialist worth the title would not just know that but be able to tell you why without having to resort to using what most would consider arcane physics (Maxwell’s Equations, only one of which was actually Maxwell’s).

I could go on to show why what you call “prepper” is nothing of the sort but very common everyday knowledge as little as half a century ago. It’s also the non fighting side of combat every much a part of living as brushing your teeth and getting exercise. Have a look at life before HOA nonsense, the dommestic freezer / fridge and microwave meals. People living down the West Side of the US subject to the idiocy of Pacific Energy and Gas, get many many power cuts a year. Freezers do not work without power and generators are not just dangerous they make noise which makes them easy to steal. Of all the domestic white goods freezers use the most power, thus knowing how to preserve food without power is becoming a very valuable skill to have. It’s called “Pantry living” and will save you a very great deal of money and give you easy resiliance thus security against panic buying and supply chain failure. The next on the power consumption list is cooking, again it wastes a lot of energy. Food cooks at a temprature, energy is only needed to get it there, but the problem with most cookware is it lets the heat out into the environment so the food does not cook without continuous expensive energy input. Hay box cooking basically stops the heat escaping to the environment, so all you have to do is bring the food being cooked to temprature which is probably less than 1/6th of the energy use of hob top cooking then wait (original “slow cooking”. The old “bread ovens” used to work in a similar way, so can save a lot of expenditure. But the actual killer is house heating… The advice is not below 20C / 68F, well a healthy individual could live naked indefinately at that temprature. But most of the Western World does not get there or stay there very long if it does maybe 1/5th of the year. The cost of heating open plan housing is high very high, the cost of clothing to live at 4-10C / 39-50F is comparably a lot lot less. If the power goes out then you will be living in that temprature range in modern US homes because of their very poor design. So learn to live comfortably at 10C/50F and you will make major energy savings and save your life in winter power outages. So again security against energy supply loss and a significant saving in money, which with current rampent inflation making as many as half the US populations earnings not up to “modern living” energy&food consumption important.

Ask the people in Texas who survived and what they thought and how they lived in the Texas Outage. The people that you should ask though, you can not because they did not survive, because their personal security/safety was deficient…

Clive Robinson • September 29, 2022 1:35 PM

@ erika,

Ahhh,

“Or go to Facebook. What you are doing here is just socialising, even if you claim ‘not to do social media’.”

So your true motive becomes apparent…

Yes we get that here from time to time, most regular posters do. The thing is blogs were started to form communities from the original message boards of the 1980’s. Community discussions move thinking forward not backward. An analysis of our hosts published works shows he reads the conversations and they effect his thinking and what he says.

Such communities are not formed for social reasons but for contribution and learning reasons. You should know this if you ever moved in the higher levels of academic progression. Argument refines thinking and is generally constructive but it does not have to be anti-social argument which is generally not constructive.

But some never learn this.

For some they must complain of others whilst never contributing.

As an individual if you do not like something you have four choices,

1, Go somewhere else.
2, Remain silent.
3, Comment contributivly.
4, Just moan it’s not as you want.

As far as I’m aware you’ve never made a contributive comment under the handle you are using.

As I indicated earlier “negativity” is at best unhelpful and usually all about the moan and who makes it.

I further invited you to make a positive input, something you have so far failed to do.

Nodoubt others will see you as being personal in your attacks, which is “social” behaviour not asocial.

Picking your next choice of words with care or not is upto you…

Clive Robinson • September 29, 2022 5:43 PM

@ SpaceLifeForm,

Re : Chemical energy storage

“But, it does not because Homo Sapiens discovered Oil, and has now (100 years lets say), converted that stored energy into excess heat.”

It was actually coal not mineral oil that kicked of the industrial era of using the locked up energy as a force multiplier. With the first synthetic oil being made from the gassification of peet.

Prior to that the intense heat required for working with metals used charcoal, which takes upto seven years to produce from cutting down a preferably hardwood tree. The result was a lot of deforestation, which was perhaps the first cause of climate change (pick your expert pick their view).

Interrstingly in a horific / disgusting way charcoal was used for making gunpowder back in China several thousand years ago. It was discovered whilst the Chinese Alchemists were looking at how to obtain the secret of life by cooking up honey and the white crystals picked off of dung heaps. Both were known for a thousand years or so before that to be able to preserve food for long almost indefinite periods.

Which also tells you that cooking was the first formalised science, with the need for standard ratio measures to carry out standard formulations or recipies. It’s why an egg was and in some places still is used as the standard for mass as weight and dry and liquid volumes, measured in balance scales.

Clive Robinson • September 30, 2022 5:20 AM

@ erika,

Re : Knowledge

“Do you really think that two days ago anyone in Florida was going to read this blog for such advice ? HAMs know how to improvise an antenna if that would help.”

Hmm more assumptions and errors, are you trying to achieve some record?

The subject of hurricane / tropical storm Ian came up because some know it is both a safety and security issue and the costs in various ways were going to be high.

As for people in Florida reading it, I suspect some have, but that was not the purpose of giving it.

Peoples minds are mainly associative, that is the old “you smell a rose and think of yoir first love” behaviour. At the moment most readers of this blog in the US have hurricanes strongly in their mind. Giving the information associates it now associates it not just with Hurricane Ian but also to a lesser extent “natural disasters” that are becoming more frequent.

What will have happened is that they will remember it to some degree but will remember it with Hurricane Ian and thus will be able to easily search it out and reread it when the next natural disaster is impending.

As for Amateur users of Radio they fall into many catagories only some of which are one of the catagories of “Licenced Radio Amateur” and of those actually very few know how to design an antenna and why the antennas they do try don’t work as expected.

You appear to have even less knowledge of Radio than the average GMRS or Family Radio service user, but more importantly treat all such with considerable disdain and animosity.

They are on average unlikely to be impinging on your life in any realistic way, let alone causing you harm, which begs questions about you and your outlook on life…

Clive Robinson • September 30, 2022 5:45 AM

@ erika,

Re : What is Security

You quote this blogs host with,

“As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.”

I would think that covers “National Security” even “State and local security”. So a hurricane / Tropical Storm that is not yet over that may well have a minimum of a five year impact and trillion dollar cost directly and indirectly would fall under “National Security” as well as State and local. You may not be aware but back at the end of August 2005 Huricane Katrina did considerable damage, the effects of which are still going on today over 17 years later in terms of depressed local and regional economy and much else besides.

The thing is though, it is clear you are complaining without qualification. You are just saying no No NO and in peoples minds eye stamping your foot etc.

It’s clear you are saying you want things to be “your way” without stating what “your way” is.

Some might think that “Passive aggressive” but others will certainly see you as using it to attack individuals for some personal reason in what is actually stalkerish behaviour.

So are you going to actually do as you’ve been invited to do which is constructively contribute?

Clive Robinson • September 30, 2022 10:48 AM

@ SpaceLifeForm, ALL,

Looks like TS Ian is down to cat 1 and about to hit shore again.

Interestingly it only headed North not West of north as the models were predicting, which means the ground track is going to be different.

Whilst Cat 1 is by no means a walk in the park the level of damage and injury will be a lot less…

Apparently there is a small chance it will make it as far as Washington, but with all the hot air already there…

More seriously, this storm although not as bad as it could easily have been, it’s certainly bad enough and not yet over. The damage so far has been enormous and will take a long time to sort out. Inevitably some things will not go back the way they were, they can not. In other cases people and businesses will just leave and not return such is the way of natural disasters.

To those who have lost, you have my sincere sympathies, we are all diminished by loss both in our own and others lives.

Clive Robinson • October 1, 2022 6:05 AM

@ erika,

“I didn’t post any antenna theory at all, so what mistake ?”

You made an incorect claim, go back and read what you wrote agai.

“Misleading quote. I wrote “Many HAMs today” “

It’s not even “Many HAMs” so you were wrong either way. As I’ve explained it’s about “radio sports”, that started with people using CW and trying to contact a number of countries or states etc. Such is not at all exciting to listen to but that is not the point to each their own. However as in all facits of life there will always be those who claim,

1, It’s to easy now…
2, We should not have come down from the trees.

Claiming that means digital modes saved the day is frankly twaddle.

If as you claim expertise then “Misleading quote” or incorrect quotes appears to be a speciality of yours, which you keep getting caught out on.

But a new one,

“And if you think that digital modes like the ones developed by JT are ‘state of the art’ than you are at least 20 years behind.”

They were state of the art within the constraints of when developed and still are, remember the constraints are not all technical but regulatory and the regulations prevent the use of coding and other signal hiding techniques as well as baub rate and bandwidth. The stuff developed on Joe Taylor’s work progresses, trying to fill the the corners of low cosy, low power and importantly the alowable regulatory box some of which is very much political. As a comparison there are limits even in the US as to what sort of guns people are alowed to own and use, but designers still work to get the best within those constraints. State the art is always within constaints.

Which brings us to,

“WSJT-X is still my prime example of a software development disaster. Much of the DSP code switching between C(++) and Fortran all the time…”

Actually the C++ as originaly written in WSJT was because of “Qt” being used for the GUI. C was used as the glue holding various Fortran maths algorithms together. C is very bad at math, but fast in other respects and can be seen as the complement of Fortran (they are both Algol derived). It was in part written to demonstrate to students the practical capabilities of what they were learning and that has a bearing on things. As for the use of Fortran, well that has been the programing language of choice when training mathmaticians, and on the Intel platform Intel’s Fortran compiler libraries do outperform the C/C++ libraries, which was important 21years ago as PC hardware was not exactly high end at the turn of the century.

I’ve actually worked on many mixed language programs in my time for various reasons, yes it can be messy, but it does not have to be.

As for the state WSJT-X is in, it’s not Joe Taylor’s work any more it’s open source and has seen the touch of a hundred hands at least. What is needed is a re-write, but first someone needs to produce a C-library of code to replace the Fortran library and there is a reason why that bridge has not been crossed…

“Of course I know that, you are bragging about it regularly. And what was your job there ?”

Actually I don’t brag about it, I tell of experiences learned and some of the relevant sayings that others can learn from such as,

“You’d trust him with your life but not your wallet”

As for what I did there I have infact said before, as part of passing on the learning experience. But then you would know that if you had read my comments wouldn’t you…

We can keep batting this back and forth but my original point applies that you have not made any constructive comments or contributed positively to this blog, nothing that anyone can learn from and you are still not doing it.

I’ll leave it to your to decide how you want people to view you, and I suspect it will turn on what what you’ve failed to do.

Till then I’ll continue to try to help people at all levels in the ways I can.

Clive Robinson • October 1, 2022 8:20 PM

@ SpaceLifeForm, ALL,

Re : Of dots and spoons.

I try to cover all the steps on the journy from A to B as I assume the audiance is very wide, and I’d rather be of minor annoyance to those that see themselves as elite sprinters than otherwise “leave people behind”[1]. We don’t need self apointed elitists, who basically want to maintain a position by suppression. Often by “pulling up the draw bridge behind them”.

But… That said onto,

“Here is a story I am not seeing much coverage of: CloudFlare, MFA, and eSIM.”

Potentially it could be a disaster for the holders of all eSIM devices that if memory setvee Apple started and it’s now migratting to more and more “Smart Devices”.

People tend to forget there are reasons why in secure environments certain functions are carried out on “Hardware Security Moduals”(HSMs). Likewise they forget that SIMs in their hardware form are a stripped down HSM providing fairly strong segregation at minimal cost.

Whilst “eSIM” might sound like “SIM” all it realy is is an “app running in an insecure environment”…

You may remember that I made myself unpopular by pointing out that “Secure Messaging Apps” were not in the least bit secure and why.

Well exactly the same logic applies to eSIM apps and thus makes syealing of a “root of trust” almost trivial.

For those that want to argue “enclaves” I say “sorry no”. Because I’ve yet to see one that is actually secure, ad at best all they realy segregate and often badly is some small part of “Core Memory” not any of the other resources by which covert channels become available to attackers.

So I see eSIM in a system becoming major security weakness story when more attackers give it legs… By which time they will,

“Have taken the money and run”.

[1] Yes it’s why I use footnotes, to make life easier on the sprinters, but not leave people behind. Like you I feel the more people are aware of, the better there lives can be in all sorts of ways. Afyer all reinventing the wheel is usually not a productive use of resources. Also history has repeatedly shown that holding information in secret is an excuse for a form of brutal oppression and the information almost always gets out, often to the eventual cost of the oppressors.

Clive Robinson • October 3, 2022 9:42 AM

@ erika,

Re : LPI and Mil-tech

First off,

That is reality, grow up and accept that there are things you don’t know and probably never will.

It’s not the “reality” and I know rather more about the subject than many do having designed systems in those areas.

So,

“Second, there is today a lot of research being done on things like LPI waveforms, and most of it is classified because the military are driving this effort.”

Anyone with a knowledge of the basic laws of physics and information theory can “work it out” as I’ve indicated in the past. The reason for secrecy is the same as it has been for years,

1, To not give others ideas.
2, To not reveal weaknesses.

But to correct you the subject of “Low Probability of Intercept”(LPI) has come up here in the past along with MIMO in part as a method of defence against “relay attacks” on RFID and NFC systems. But there has been no real need to mention it since, so it has not been.

But LPI is an arms race, with certain basic ground rules.

1, The energy per bit at the receiver detector has to be above the equivalent noise for equivalent bandwidth.

2, The signal transmited is radient and has a 1/(r^2) drop off in the far field.

The implication of this is that any equivalent bandwidth and sensitivity receiver on the same channel as close or closer to the transmitter will receive the signal.

Thus you have two basic choices to hide a signal from a non intended receiver,

1, Change frequency rapidly.
2, Make signal multipart.

In the past the first was done using various Spread Spectrum techniques and the second various MIMO techniques.

The former requires at the authorised receiver a synchronization in time, the latter a known position.

That much is easily worked out and was before the end of WWII so can be by anyone who wishes to and for the most part suffices to move forward on to the more interesting things, that are moving forward faster in the private research domain rather than the mil.

However there are other ways to transmit the energy of a bit of data and it is this area which some are looking at to get around certain issues such as the equivalent of software channel bank receivers used as perfect resonators driving matched filters.

I could go on at length but as I’ve already said,

“We can keep batting this back and forth but my original point applies…”