Friday Squid Blogging: Squid Purse
Perfect for an evening out.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Comments
Clive Robinson • November 11, 2022 8:11 PM
@ Carl Fink, ALL,
Re : Take new and leave it behind.
You ask if others have heard about,
“I saw a warning that the COP27 app supplied by the Egyptian government is spyware reporting back to said government.”
Specifically no, but it’s so common that you should automatically assume it is true for your own safety, both short and longterm.
Which brings us to,
“I also saw a report that it can’t actually be removed, even by a factory reset.”
It depends on what you mean by a “factory reset”…
Put simply as any experienced embedded systems designer can tell you, what most consumers are encoraged to think of / call a “factory reset” is actually nothing of the sort…
It is no more than a bit of software that can be easily overwritten that simply changes a few memory locations back to default states, nothing more.
If someone overwrites or hooks that bit of software then what you call “factory reset” will not work the way you would hope it does.
An actual real “factory reset” as done on the initial production line, usually –but not always– clears out all memory on the device. It then adds the lever-loader that alows only some parts of the EA-ROM or RAM to be written too. This is used to pull in the BIOS / OS Bootloader and in some but not all cases the base OS then test and diagnostics software to ensure the devices functionality.
This test and diagnostics software is then removed and replaced with the rest of the OS and apps and the “unique ID’s” set so it can be supplied as a retail unit.
The point being that the real factory reset as carried out on the production line in the factory is done via a hardware interface, that can not be stopped, otherwise the device could not be initially programed thus brought into a “sane state”, to have the BIOS / Drivers and base OS put on it.
It’s why my default advice to those traveling across boarders for way more than a decade has been,
1, Do not take valuables with you.
2, If you must then assume they will be attacked by the state you are visiting.
Point one is the old “if you don’t take it, it can not be stolen” advice I’ve told people since the early 1980’s and should be regarded as “common sense”. Obviously it applies to “information objects” as well as it does to “physical objects”. So do not take even a “work” mobile/smart device as the call record, SMS messages and any files etc on it will be “copied”. If you need to take a phone then buy the cheapest device that will work in your chosen destination (2G phones do still work in some places and can be purchaced for as little as $20, 4G around $100). If anyone asks why you have a new phone, ask them if they have ever had their phone stolen/lost, and had to fill out the insurance paperwork…
Similar logic applies to smart devices and computers. As far as I’m aware in the US you can currently get a usable Ebook/laptop computer for $60 (Evolve Maestro).
But you might be better buying one when you’ve cleared the customs zones in the country you are visiting. Assume an “Evil Maid” will visit there are ways to reduce that risk[1] but it’s best to assume any electronics you have has been compromized.
Either ditch them before you leave the country, or when you get back home. I find most “charities” that help children get a better education / start in life will as the proverbial saying has it “bite your hand off” to get such donations.
[1] A metal briefcase with decent combination locks and hinges is actially quite a deterant to an “Evil Maid” the addition of a cheap vibration alarm inside makes life even more unpleasent for such “room service”, but it’s best to keep things with you at all times. I’m known to take my briefcase into the bathroom, shut the door, kick a wedge in underneath it so it can not be “gently opened” and hang a vibration alarm on the back off the door. I’ve discussed how to make a hotel room door “entry resistant” for “when you sleep” etc before and the principle is similar.
lurker • November 11, 2022 10:24 PM
Since [early 2020], we as a community have learnt a lot, a lot more about Covid.
President of cruise operator Carnival Australia as the Majestic Princess berths in Sydney with a 17% positive case rate.
Nick Levinson • November 11, 2022 11:00 PM
A postage stamp honoring cryptologist women in World War II came out in October in the U.S. (https://store.usps.com/store/product/buy-stamps/women-cryptologists-of-world-war-ii-stamps-S_482204 (as accessed Nov. 8, 2022)). The design, including in the selvage, includes a ciphertext message that you won’t have much difficulty decrypting (although it’ll be problematic but understandable when you find that it says that women cry). As a bonus, it illustrates the problem typified in the redivider game (the one-time pad, not used on this stamp, is secure but so labor-intensive that, to reduce labor, encrypters eliminate spaces and decrypters guess where to put spaces, risking misunderstanding the plaintext and possibly accidentally starting a war, and the redivider game presents this issue as a game). Since the face value is the Forever rate, which is not denominated, then, given a treaty on mail, the stamp can be used only for domestic mail. Insert here your favorite wisecrack about export control: _____.
SpaceLifeForm • November 12, 2022 2:39 AM
@ MarkH, fib, -, JKN, Nick, FA, Clive, Lurker, vas pup, &ers, Weather
MarkH is playing with Random radioactive atoms again. 🙂
It is cool that he bookmarked it. Definitely interesting to review.
This is just a short squid from just over a year ago, when trolls were rampant. I’d be curious if anyone has thought about what has changed in this timeframe, and if your thinking since then has changed.
Go thru it. Remember what was going on back then.
For example, I think I nailed this call about OK.
A few more tables, and some outer-join queries, and stuff will start happening.
SpaceLifeForm • November 12, 2022 4:06 AM
@ Sut Vachz
Sorry, did not mean to leave you out of the above. Misread my own notes. You had good comments. Like I said, short squid. 😉
Clive Robinson • November 12, 2022 4:16 AM
@ SpaceLifeForm,
Re : What’s changed?
Both a lot and a little, we now have the war that almost everyone said or hoped Russia would not start, but those who had studied history were more or less correct in saying what would happen.
But of otherthings, I warned of rabbit holes based on history and in that apparently the wheel has gone around with no immediately noticable change in direction.
Winter • November 12, 2022 5:29 AM
@Clive
Re : What’s changed?
Both a lot and a little, we now have the war that almost everyone said or hoped Russia would not start, but those who had studied history were more or less correct in saying what would happen.
Moreover, Russia’s army showed to be as dysfunctional as the rest of the country. The second strongest army ready to take on NATO proved to be the second strongest army in Ukraine.
Meanwhile, extreme right Strong Men showed to be unable to solve any problems Bolsonaro, Xi, Trump) but all want to go back to the 1950’s or even 19th century (GOP).
But mainly, those decadent weak liberal democrats cheerfully band together, turn down the thermostat and hand Putin’s head on a platter.
JonKnowsNothing • November 12, 2022 6:54 AM
@ Clive, @ Carl Fink, ALL
re: Factory Resets that Don’t
An example of what a “reset” may or may not do. This is a software example, not specific to a phone but common in client-server situations or any situation were settings are on one device but a master list of actions is held on another (aka mainframe, cloudframe).
In this case there are several states: First Use, Upgrade, User Config, with on-use cross checks to the main-cloud-frame for validity.
On first use, the device software downloaded has a listing of on-offs. In a phone this can be seen in the settings. It exists in most software, although often the settings are hidden in the Registry. This may or may not be the definitive list of settings. Some devices permit User-Config settings such a keybinds stored in a separate file.
On first connect, the device and source run through a setup routine to validate the system. Based on specifics of hardware and software some settings will be auto adjusted for graphics, cpu, disk space, mouse, keyboard, localization (language and number formats). These settings are done auto-magically.
Then come the upgrades, which are primary bug fixes masquerading as improvements in User Interface or New Features. Stuff arrives and is auto-magically setup.
User Config items are things that an individual prefers rather than the default. Currently Dark Mode display is default in many apps, a throw back to green on black CRT displays. If you prefer Light Mode, you have to switch so you have black on white Paper display.
The difficulty is that some of these settings are never rechecked again. You can alter them but you can not get the “factory mode” version back because the main-cloud-frame doesn’t do the full exhaustive check on reconnect. Even on first connect it may not do an exhaustive check defaulting to only the Critical Connection checks.
ex: Graphics Mode aberration
On first connect the default graphics mode detected is LOW RES. Upgrade changes this to MEDIUM RES. User Config switches this to HIGH RES. After reboots and more upgrades, the User Config switches this to ULTRA HIGH RES.
The problem happens because the server side never validates the setting. It’s validated on the client side only.
So the error happens when ULTRA HIGH RES crashes into a device driver that is not compatible and not checked for by either the client side or server side and the everything crashes to the desktop (if you are lucky) and BSOD (if you are not).
User Config resets to Last Known Good Config which is HIGH RES but the system still crashes to the desktop because the sever side never revalidates ALL the initial graphics settings or flags incompatible settings.
Worse, the graphics card is now in an unstable setting because some of the settings are left in ULTRA HIGH RES and some are in MEDIUM RES and some are in LOW RES again because the entire system is never reset or revalidated to a stable state.
Individual settings themselves are valid but the entire set is not.
With various memory types you cannot wipe the bad settings. Even if you wipe the system, the settings are fixed in the device memory. Even if you remove the graphics card hoping that a full power off and reinstall will work, it doesn’t because the settings are still stored in an onboard chip.
In a polite case, a full uninstall and reinstall may work but you have the REGISTRY problem.
You might be able to get back to a default state if you reinstall in a different USER ACCOUNT on the system. (1) The REGISTRY will be blank for that USER and you might luck out getting the full initialization and synchronization between devices, client side and main-cloud-frame side.
When LEAs and BadGuys do this, they make sure you cannot remove it by storing the bad code in places that are harder to find and impossible to change (wave soldered chips). It also means that sometimes their hacks can be found because they are in impossible to change parts of the system. So they run many checks to validate their own environment with self-destruct code if anything is offset. Even with such self destruct codes they run into physics: memory gaps in contiguous allocations in onboard chips and memory modules. Negative space where none should be is revealing too.
===
1) Lots of folks run with 1 account, ADMIN, because they never complete the 3 days of upgrades and configurations need to get to the point were you can do a USER ACCOUNT. Plus one message round of YOU NEED ADMIN TO RUN THIS PROGRAM deters people from creating them.
Clive Robinson • November 12, 2022 7:07 AM
@ Winter,
Re : The illusion of strength to hide weakness
“… extreme right Strong Men showed to be unable to solve any problems…”
We have a saying in the UK of,
“Thinking with your fists”
It’s what those with certain of the “dark mental defects” do instead of studying, learning and reasoning.
It’s generally easy to spot the major syptoms of “self entitled” and “self righteous” and certain forms of “self belief”.
All of which not only makes them authoritarian in nature but also all to easy to follow…
Usually by those who either need to be led as with autoritarian followers (that make the majority of “guard labour”). Or by those that have not yet developed or gained confidence in their abilities to learn from lifes leasons and use their reasoning abilities that makes things not just understandable, but in many ways broadly predictable.
There is a joke about “jocks” in that all the effort they spend on building muscles stops them developing mental muscle. The reality is that their mental deficits are what causes their inability to learn. All to often they learn that violent force gets them what they want, thus never progress their learning beyond that. Unfortunately it also makes them not that difficult to manipulate… Those “men of power” are all to frequently “puppets” for others who use them as “front men”.
Thus when the crowd turn up with pitchforks and burning brands, it’s the “front man” puppet that gets strung up. Whilst those who were realy calling the shots, slip out the back and all to often to hide in the back of the crowd. Then move their way forward again to pull the strings on the next set of puppets…
JonKnowsNothing • November 12, 2022 7:13 AM
@Winter, Clive, All
re: History’s Future: Turning down the thermostat
@Winter: Shouldn’t we all be cheering for the forced reckoning with climate change and living in freezing temperatures?
afaik Freezing is not restricted by man-made borders. It’s also not really bothered much by currency fluctuations. Freezing is pretty much the same on the streets of Los Angeles, where people freeze to death regularly, and freezing in Toronto. Maybe the amount of snow on the ground differs.
Freezing requires less heat. Heat which is currently produced by oil or electricity made by oil-coal fired generation. So less heat, means less oil usage. Win Win.
How’re the winter crops coming? Any prep for early planting? No???
If you aren’t going to eat animal protein, y’all better get a move on.
Winter • November 12, 2022 7:30 AM
@Clive
@Winter: Shouldn’t we all be cheering for the forced reckoning with climate change and living in freezing temperatures?
There is enough sustainable energy, it just has to be harvested.
It is FUD by the fossil fuel industry that we need to drastically reduce energy consumption to stop climate change. But no amount of saving or reduction will stop climate change. Only a switch to sustainable energy can.
I say, invest money in the energy switch, not in trying to live on less energy.
Clive Robinson • November 12, 2022 8:09 AM
@ Winter, JonKnowsNothing, ALL,
Re : Energy source.
“I say, invest money in the energy switch, not in trying to live on less energy.”
I say “do both”.
They are not in anyway “one or the other” and they mostly do not need the same resources. What they do share mostly benifits both goals so,
“Works for both even being done for one”.
Fun thought, one of the most effective forms of insulation for homes is the natural waste product for the production of vegtable energy and protein. We call it “straw”. It also does an effective job of “carbon capture”, and towards it’s “end of life” it becomes an effective “mulsh / fertilizer” trappeng both warmth and water in the soil vastly improving it’s utiliry to agriculture.
Wheat stem straw is just one of many such multiuse natural products.
Winter • November 12, 2022 10:42 AM
@Clive
We call it “straw”.
It burns quite well. I once saw an old farmhouse with a thatched roof burn. It made me decide to never ever live under such a roof.
I say “do both”.
Current propaganda is to divert attention to energy shaming instead of energy switching.
Climate activists are silenced by shaming them when they participate in conferences only reachable by plane. If you are on a sailboat crossing the Atlantic to participate in a meeting, most of that time is lost.
lurker • November 12, 2022 12:18 PM
@JonKnowsNothing
re prepping winter crops
Here in the other hemisphere prepping spring crops has been seriously delayed by rain, enough falls in a day to need another week drying. Regrettably the weeds that thrive in this are not known to be edible to humans.
lurker • November 12, 2022 12:23 PM
@Winter, burning straw
Is saved for kitchen fuel in rural China, a practice of many millenia. More recently maize stalks are also used.
Clive Robinson • November 12, 2022 1:58 PM
@ Winter,
Re : Burning Straw.
“I once saw an old farmhouse with a thatched roof burn.”
I don’t know where you were but the only thatched foofs I’ve come across were not made of straw, as it’s too short and thin thus too dense. They were made of reed stems which are quite large and hollow thus have a low density which means they have a lot of air in them… Even steel wool which has a similar low density burns in an alarming way.
Straw bales on the other hand are high density and realy are not that easy to burn, less so than equivalent sized lumps of softwood. As for compressed straw pannels they are approved as a fire retardant material.
If you want to see “fire resistant” ay work, a pile of old style telephone books in a stack just don’t burn, even when you hit them with a blow torch cutter they only char…
@ lurker,
“Is saved for kitchen fuel in rural China, a practice of many millenia.”
Are you talking “wheat crop stems” or “rice crop stems”?
I’ve used wheat crop stems but it kind of “warms you twice” in that you have to put in quite a bit of physical work to get it into a form where it burns well for cooking.
You almost have to build a “rocket stove” type construction and twist up finger thin ropes of straw length.
Interestingly you can turn straw into a form of polymer glue from the lignin in it that you can lay straw stems or choped straw in and compress like a form of “Glass reinforced plastic”(GRP) to make pannels and box form support members.
Unfortunately research in that area appears to have been killed off in most places yet again with Australia being one of the few places moving it forward… Usually the kill off is done by the “local authorities” being near impossible to get them to accept “alternative materials” for building. They insist on going with either “energy intensive” brick / concrete / steal / aluminium or petro-chem products, or only fast rotting types of soft woods that rot almost as fast as they grow…
https://architectureau.com/articles/durra-panel/
https://www.abc.net.au/news/2021-10-29/straw-house-building-panels/100575658
MarkH • November 12, 2022 3:23 PM
@Clive, Winter:
I was fascinated by thatched roofs I saw in East Anglia years ago. I learned that they were made from varieties of reeds found on the edges of streams and wetlands, and assumed that to be universal practice.
But according to wikipedia, “All evidence indicates that water reed was rarely used for thatching outside of East Anglia.” Wheat straw was apparently the go-to material. Sadly, changes in agriculture and land use have greatly lessened Britain’s supply of thatch-quality reeds and wheat.
Again from wp, “modern imported water reed on an average roof in England does not last any longer than good quality wheat straw.”
Hillaire Belloc:
If I ever become a rich man,
Or if ever I grow to be old,
I will build a house with deep thatch
To shelter me from the cold
MarkH • November 12, 2022 3:29 PM
@SpaceLifeForm:
It’s kind of you to link to the old/new thread.
I wish I played with rather fewer radioactive atoms, but the soil in my region is fairly rich in heavy nuclei.
lurker • November 12, 2022 3:32 PM
@Clive
The rural Chinese kitchen stove has a built in double-action box bellows.
vas pup • November 12, 2022 4:13 PM
@Winter • November 12, 2022 5:29 AM
“Moreover, Russia’s army showed to be as dysfunctional as the rest of the country. The second strongest army ready to take on NATO proved to be the second strongest army in Ukraine.”
Looks like You’re right. Let see any changes happened as results of failures analysis.
@all:
EU lawmakers say bloc failing to address use of Israeli spyware at heart of scandal
“BRUSSELS (AP) — The European Parliament’s inquiry committee investigating the use of surveillance spyware by the bloc’s governments said Tuesday the EU’s executive arm and member countries are failing to properly tackle a surveillance scandal that has targeted opposition politicians and journalists.
In a draft report published Tuesday, the committee investigating Pegasus spyware said the European Council and national ==>governments “are practicing omerta” — or a code of silence — and regretted that the European Commission only shared “reluctantly and piecemeal” information concerning spyware attacks on its own employees.
A spokesman for the Commission responded that any attempt from national security services to illegally access data of citizens “is unacceptable” and insisted it has already started taking action to protect journalists from the use of spyware.
According to EU lawmakers, NSO Group has sold its products in at least 14 EU countries.
“In at least four member states, Poland, Hungary, Greece, and Spain, there has been illegitimate use of spyware, and there are suspicions about its use in Cyprus,” they said, adding that Cyprus and Bulgaria serve as the export hub for spyware
==>The committee also deplored that Europol, the EU’s crime agency, did not start an investigation into the matter.
“Only after being pressed by the European Parliament, it addressed a letter to five Member States, asking if a police inquiry had started, and if they could be of assistance,” lawmakers said in their draft report.”
Yeah, what you expect executive branch was not properly controlled and become state within state or rather deep state within state.
vas pup • November 12, 2022 4:15 PM
North Korean hacker attack on Israeli crypto firm said thwarted
https://www.timesofisrael.com/north-korean-hacker-attack-on-israeli-crypto-firm-said-thwarted/
“North Korean hackers attempted to steal money from an Israeli crypto firm in an attack that was described as “professional and sophisticated,” Channel 12 news reported Monday.
According to the report, the North Koreans posed as a Japanese supplier of the unnamed company in an attempt to gain access to the funds.
The hack was stopped by personnel from cybersecurity firm Konfidas, the report said.
!!!!The report said that the attack last week used “unfamiliar tools” that had “set off alarm bells in Israel.”
According to the report, if the hack had been successful, the funds would have been used for the development of Pyongyang’s nuclear program.
Last year, a leaked confidential UN report said North Korea had stolen more than $300 million worth of cryptocurrencies through cyberattacks to support its weapons programs in the face of sanctions.
Financial institutions and exchanges were hacked to generate revenue for Pyongyang’s nuclear and missile development, the document said, with the vast majority of the proceeds coming from two thefts in 2020.”
SpaceLifeForm • November 12, 2022 7:10 PM
re: Twitter implosion
Some glitches have now appeared, but the core is still functioning.
When you fire the techs, and lose institutional knowledge, then things will not get fixed fast. If you are a manager, and do not understand the level of institutional knowledge of those you are managing, and you fire them, and have an oops moment, and now want them back, well, you were not a good manager in the first place, and you should be fired.
As I said, techs can manage well on their own, and do not want deadweight management around wasting their time and effort.
Thread on visible glitches showing up.
‘https://nitter.net/i/status/1591120030887878656
Thread on the management by someone that does have the institutional knowledge and has the T-shirt.
‘https://nitter.net/i/status/1591502124977950720
SpaceLifeForm • November 12, 2022 8:05 PM
re: Twitter implosion
At this point, I suspect that Logfiles are not being reviewed and rotated and storage space is being chewed up quickly.
But, hey, what do I know?
‘https://www.technologyreview.com/2022/11/08/1062886/heres-how-a-twitter-engineer-says-it-will-break-in-the-coming-weeks/
SpaceLifeForm • November 12, 2022 8:50 PM
re: Twitter implosion
Another problem that may be occurring is RAM wasted, excessive page swaping, and OOM conditions. Externally visible symptoms (slowness) point to this.
There may be a lot of hung or zombie processes. That would be an indication of old bugs that the fired tech had work-arounds for, but they are no longer there to babysit the servers.
But, hey, what do I know?
SpaceLifeForm • November 12, 2022 9:53 PM
@ Ted
re; Mastodon
I have been paying attention, connecting dots, and watching the situation. Many tech and security folk that I read on Twitter have set up an account.
But, currently, it will not scale. One impediment is that you have to pick a server, and unless your followers are paying attention to your tweets, they will not know which Mastodon instance you are on.
SpaceLifeForm • November 12, 2022 10:14 PM
@ Ted
re: Mastodon
Check this out from a security perspective. I have tabs, and will use them. Be careful out there.
‘https://nitter.net/MalwareTechBlog/status/1589521899243319296#m
SpaceLifeForm • November 12, 2022 11:05 PM
@ Ted, ALL
re: Twitter implosion
Elmo, you are totally clueless. Or a puppet.
Elmo, is this related to FTX?
Elmo, do you not understand what a Contract is? How can you be so stupid?
Looks like we are back to Groklaw Time, where you learn that Contracts are what you use against people. But in reverse.
Lawyers: Hey! Billable hours!
I have tabs. There are a lot of buses to throw management under. See my bold.
‘https://nitter.net/CaseyNewton/status/1591608302076858371#m
Getting word that a large number of number of Twitter contractors were just laid off this afternoon with no notice, both in the US and abroad. Functions affected appear to include content moderation, real estate, and marketing, among others
Contractors aren’t being notified at all, they’re just losing access to Slack and email. Managers figured it out when their workers just disappeared from the system.
JonKnowsNothing • November 13, 2022 1:22 AM
@ lurker, @Winter, Clive, All
re: Straw Houses
There is a technique called “Straw Bale Walls”, which uses straw as an insulator in walls. It’s an old tech with new tech applications. It’s also fire resistant.
Straw is used, not hay. Hay has grain and seed heads in the bale, while straw has only stalks, usually wheat. Straw bales are very dense and do not burn easily. Modern tech adds additional compression (squeeze) to the bail increasing the density.
Cases of spontaneous combustion happens when green fields are cut and baled before curing aka drying is complete. If bailed too soon, it’s like a self heating compost pile with enough energy to erupt into open flame. Plenty of fields have hay bale bonfires. So the important part is to cure it completely.
The basic techniques for straw bale homes now follows two tracks.
1) The straw bale is used as infill in the walls and the structure is built using standard stick-frame techniques (wood or metal studs)
2) The straw bale walls are also structural supports for the roof and the roof trusses rest directly on the bale wall
The construction of the wall isn’t difficult and there are “barn raising” groups that build the houses while teaching the technique to new learners.
The wall must be completely sealed in a plaster sarcophagus. Getting this part correct determines the longevity of the wall. The sarcophagus increases the fire resistance of the wall sealing it off from oxygen supply. Conduits are used to run utilities and prevent intrusions in the bales. If done badly, the wall will decay and rot away in short order. If done correctly the wall will last 100 years.
Repairing a failed wall isn’t easy because you have to redo the entire wall. So it’s important to get it right the first time.
You can build your own straw bale wall and house for fraction of the cost of standard housing. The insulation value means the house stays cool in heat and warm in cold.
In ancient times, travelers would often sleep in the hay pile or hay loft not just because it was a poor persons lodging but it was also warm, comfortable and water proof due to the conical construction of large hay piles.
The biggest problem with building using this method, now that zoning laws allow this type of construction, is finding a qualified builder who will make sure everything is built correctly. They know how to build stick frame with fiberglass batting between studs but they don’t know how to install straw bales for a fraction of the material costs and significant improvement in the R-Value of the house.
As in other situations with similar constraints, builders want the make a big profit, not a little one.
Another method is Packed Sheep Wool. This is more like fiberglass batting, and uses the cast off parts of the fleece. Packed wool is also fire resistant. It’s harder to come by and often has to be imported from sheep raising countries at higher price than spun glass.
SpaceLifeForm • November 13, 2022 2:11 AM
@ JonKnowsNothing
Well said.
Hay is for Horses. Straw is for them to lay on.
There is no nutritional value in Straw. The Hay Bales are stored in the barn. There is no such thing as a Hay Ride. They are Straw Rides.
Clive Robinson • November 13, 2022 4:45 AM
@ JonKnowsNothing, lurker, SpaceLifeForm, Winter, ALL,
Re : A huff and a puff is not enough.
The wolf would not be able to blow a modern straw house down. As they can be made easily within building codes for hurricane areas. And the modern board material is supposadly longer lasting than treated lumber so with care homes could last ten generations (remember energy intensive reinforced concrete high density city living is only good for fifty years average).
But more importantly The straw to build a reasonable sized house using the new compression techniques is one seasons crop from a 5-10 acre or an average of 30,000 square meter, which is ~1/85 of a square mile. To build of wood takes from the same land area –using ill advised fast growing soft woods– takes thirty years and two to seven years to season and turn to flat board etc. Softwood for building is ill advised as a building material because it’s average life without significant chemical treatment is only 30-50years due to the fact it is an attractive food source for rot and insects.
Importantly fast growing softwoods do not provide any other product over those thirty years and the work required to pull up stumps and prepare for new trees is using traditional methods a whole years work for a two men and four beasts. Thus the cycle stretches to 1 home every 33years and no other crop.
Wheat stalk to bale is done every year, the preparing of the land is a weeks work for one man and two beasts and the harvesting, stooking and baling about two weeks in total for a one man team.
Wheat however would give in the same period a food crop as well. In the UK the rolling annual average is above 7.5tons of hard grain per hectare (2.471 acre 10,000sqm). So 720tones over the same 32 year period.
Which would be sufficient to feed a lot of people, based on an average annual consumption of 1000kg for an agrerian nearly vegitarian style family of 6. Or for US style living twice that number of people. So upwards of 135 people.
As for the nutritional content, growing range etc,
https://encyclopedia.pub/entry/15651
Obviously that number comes down if you have to feed live-stock and work animals/beasts but a ten acreage area is more than sufficient to sustainably keep several families in a co-operative life style.
Winter • November 13, 2022 7:37 AM
@Clive
The wolf would not be able to blow a modern straw house down.
I totally believe this. However, for good isolation, you want a high fluff factor, air content. That won’t work well for inflammable materials. But if you can get high isolation with straw, that is great.
JonKnowsNothing • November 13, 2022 10:31 AM
@Winter, Clive, SpaceLifeForm, All
re: high fluff factor, air content
In passive house type buildings there are several paths to getting a high R-Value (heat and cold retention while reducing the same as penetration).
Air fluff really depends on how the building is constructed. In the case of straw and straw bale walls, the air that is compressed is the space between the stalks. The stalks themselves are not crushed. Due to how stalks grow, round with hollow core, the stalk has all the heat-cold trap space needed. What is not needed is the space between the stalks, even compressed by baling.
You don’t really need mechanically ultra compressed bales, and you can hand compress them enough with hand leveraged twisting and restringing them if you want to do that. The size of the bale makes a difference too, some bales might weigh in at 80lbs and others 250lbs. Increased compression factors into the larger bales. The downside of larger bales is you need equipment to move them.
Bales need to be kept off the ground and fully sheltered from moisture until they go in the wall and get sealed. Using smaller bales you can build a wall or room with a Tom Sawyer Fence Painting Team of Friends.
Another application is to use the bales as a passive exterior wall along an existing wall. If there is room inside, you can build the wall on the interior. There is a difference in benefit v interior space adding it after-the-fact. It’s not a bad choice for non-insulated garden sheds. Exterior use can cut wind chill and direct rain damage to the plywood exterior.
One important aspect of the wall is to reduce air pass through, so you have to make sure there is enough air to expel radon gas percolating up from the ground. The conduits help prevent damage and provide a clean pathway for utilities but light switches and other wall protrusions have to be considered too. Some building codes specify how many access points are needed per linear foot. Also a nailing board (chair rail) for hanging items on the wall is a good idea, as one puncture of the wall sarcophagus from hanging a picture could lead to an expensive repair.
A significant problem with converting modern stick-frame building is the depth of the wall. 2″x4″ studs do not provide sufficient space for a straw bale which is 24″ or more wide. With deeper walls, windows and doors need offsets. You get a nice window seat for free. The look is more of an Adobe House profile than a Flat Stucco profile.
A couple of stacked straw bales in their sarcophagus makes an excellent garden bench.
Ted • November 13, 2022 10:53 AM
@SpaceLifeForm
Re: Mastodon
I haven’t dived into Mastodon head first, but I have dipped a toe in the water. As you mentioned, lots of the chatty tech and infosec crowd on Twitter have set up accounts on Mastodon.
Per @gossithedog: “ioc.exchange has 12k active users now, infosec.exchange just hit 20k active users.”
https://infosec.exchange/@gossithedog/109336064160277494
Apparently you can follow people on other servers, not just the one you sign-up on. For example I can search for Mike Masnick and follow him on the mastadon.social server.
https://mastodon.social/@mmasnick/109334746960959070
Brian Krebs has a new funny (?) account pic.
https://infosec.exchange/@briankrebs
It’s mostly cloud watching for me. We’ll see what additional info comes out about the service and how it’s managed. Lots of people have put one foot over the fence though. We shall see.
Winter • November 13, 2022 11:28 AM
@JonKnowsNothing
A significant problem with converting modern stick-frame building is the depth of the wall. 2″x4″ studs do not provide sufficient space for a straw bale which is 24″ or more wide.
This is far beyond my knowledge. 90+% of houses in the Netherlands are build with double stone walls (concrete or bricks) with isolation in the airspace in between. Walls must withstand 13 Beaufort winds head on.
One reason we have many 4 century old house still occupied.
Different situation.
JonKnowsNothing • November 13, 2022 12:15 PM
@Winter, Clive, SpaceLifeForm, All
re: different situation and double stone walls
This is certainly true and building methods vary throughout the USA by climate and regional preference.
California is known for earthquakes. We don’t like things falling on top of us, so we build with a thin wood frame and 1 inch (2.5cm) sheet rock walls. Especially after an earthquake and brick walls collapsed killing people.
My first visits to Chicago were eye poppers as brick walls and multistory brick buildings were normal. I could hardly make myself go inside.
The stone buildings of Europe were a serious challenge, although I finally got comfortable being inside. I was so comfortable that during a, then rare, earthquake in France when all the others ran outside, I rolled over and went back to sleep. It was barely a roller but the French thought the sky was falling.
As global climate changes building methods are going to need changing too. One size doesn’t fit all. Some is not practical and some is not aesthetically acceptable. All based on local resource availability.
RL tl;dr
I had a recent discussion with a California PG&E Utility Advisor on upgrades to make the house more energy efficient. Years ago when I had the house built I insisted on many new things at the time but are now commonly included. So most of what was offered I already had.
The problem is what is needed is beyond the minimum to pass building codes. So, while I have dual-pane with Ecoating windows, I would be best served with quad-pane or triple pane argon filled windows.
The PG&E advisor was aghast! QUAD PANE?? Those are EXPENSIVE!!!
I told the person, if you really want to improve energy efficiency you cannot get by with the minimum allowed by building codes. You need to look at the US Department of Energy recommendations which details the expected current and future needs for each zone.
We NEED quad pane windows.
Obviously, PG&E declined any advice or retrofit.
Clive Robinson • November 13, 2022 2:25 PM
@ JonKnowsNothing, SpaceLifeForm, Winter, All,
Re: Different situation and double walls and drapes.
There are two basic ways to heat a home, one is by directly heating the air which heats fast but looses fast to the suroundings. Which gives you little or no ability to chose the time you use the supplied energy source. Which in turn as nearly everyone will heat / cool at the same time massive grid peaks that are really really expensive infrustruxture wise.
The other form of heating is storage or mass heating. Basically you take a big mass of earth, bricks, tank of water or oil/wax and you heat it to some high temprature, this then leaks heat into the environment over time. Thus when you heat the mass often makes little or no difference which is good for grid infrastructure. But also it alows off grid heating to be upto three times more effective for a given fuel. Put simply the higher the temprature you combust a hydro carbon the more energy you get out. That is you fully burn it rather than send between half and two thirds up the chimney uncombusted and worse dragging energy with it as hot water vapour.
Importantly for off grid mass heating you need a heat exchanger chimney. In essence this is a long pipe with thin walls that is in the thermal mass that acts as the storage element.
Thus the question arises
“Where to put the mass?”
Idealy it would be under the building in a thermal sarcophagus, that alows warm air to rise from floor level and get extracted at ceiling level to be heat-exchanger re-cycled. The next best is in the center of the building. Old houses used to be built with a massive stone chimney in the center with the building around it. Rhe cooking and water heating was done at the lowest level and the “waste heat” from those fires heated the chimney which then kept the whole building warm. Later “farm house” style had two chimneys with the humans living in the middle and the less hardy animals living in the “gables”. The same with servants in large houses. The “south face” would be for day living and the north for night etc. The north side in farms often had the “feed, fodder and bedding” stores up against it acting as an insulation against the mass of the walls.
Double walls were common in colder climates, in Scotland 18inch or more stone walls are common in older buildings and these would be lined internally, history shows the transition from heavy felt hangings through tapestries and onto wood panneling. In other parts of the world the panneling was put on the outside of the building as cladding. In most of these the idea of thermal mass had stopped with the Romans and did not start again untill the 1800’s.
A single width of brick wall is actually not very strong nor very resilient to weather and was thus cold damp or actually wet. Two widths of brick with a half brick or full brick width of space with occassional ties was very much stronger, did not let the weather in and was unexpectedly warmer. Put simply the inner wall became an inefficient mass storage.
Some may remember the 1970’s craze for “cavity wall insulation” it turned out to be a bad idea as the materials used were not very stable and by the 1990’s people with it were having all sorts of problems.
Modern housing is built with much more stable insulating sheets or sealed packets of glass fiber wool. Which hopefully should remain effective for a hundred years or so.
However there are a lot of “high rise” housing which were made with concrete panels. Thermally they were a disaster and being exposed to the weather degraded them very quickly. Which is why there was a craze for adding aluminium and plastic polymer resin cladding thermal insulating pannels to the out side of them.
Untill Grenfell Tower turned into an inferno via the “chimney effect”. Loss of life was high, and those responsible have effectively “flown by night”…
https://en.m.wikipedia.org/wiki/Grenfell_Tower
If you are building a new building you have to decide what type of heating you are going to use, and importantly deal with the inevitable decay in a sustainable way.
My prefered choice would be for a double wall design, where the inner wall is two widths of brick thick, a one brick width air gap, a single brick width wall and then an outer layer of easily removable and upgradable insulation and weather cladding. Heating to be “under floor” but also with air vent heating directed up the room side of the internal walls to build up storage in the thermal mass.
If done right the house will not require any “grid” energy with the fans and exchangers running off of solar power.
Is it an “expensive build” yes and no. In terms of initial capital investment, yes, but over the half millennium or more it will survive if maintained then it will be a lot less expensive than other types of building (Some US homes won’t last a lifetime let alone a century, yet the build cost is almost as high…).
As for windows, yes multiple layer high tech glazing is nice (and expensive). But are actually designed for the lazy… The use of recessed windows with white tiles on both sides on the supporting walls and extetnal shutters and heavy internal curtains give similar results at much lower costs, but you have to open and close the shutters and curtains.
lurker • November 13, 2022 2:54 PM
@Bruce
Does this thread comply with Russian trade sanctions? (See link at top)
Nick Levinson • November 13, 2022 5:19 PM
The U.S. Postal Service recommends not mailing from their blue mailboxes, especially over the next few months as holidays approach, especially after the last pickup of the weekday or of Saturday, due to thefts by gangs coordinating online (Yahoo (which I read) or Lifehacker (probably same article) and Alabama Media Group (this article Oct. 25) (all as accessed today)).
The blue deposit boxes are common on streets.
Details of online coordination were essentially limited to bad actors “using the internet and social media to coordinate strategic targeting of post office collection boxes”.
For decades, the USPS shied away from admitting that there’s any significant problem of theft there, even though they recently made the standard deposit opening much smaller, presumably to make fishing a lot harder and local police where I live have posters up warning against using the mailboxes.
Mailing from inside post offices is more secure.
SpaceLifeForm • November 14, 2022 12:46 AM
@ Ted
Re: Mastodon
Good examples. I follow them as you probably guessed. Time for a new bookmark folder. Cool, I have the letter ‘M’ available on my bookmarks menubar. Horizontal space is a problem, so may have to shorten some other folder name. Yes, I have lots of bookmarks and bookmark folders. To give you an idea, under my ‘T’ bookmark folder, I have over 10 subfolders plus a bunch of others that I have not dragged into a subfolder. The subfolders contain links to those I regularly or periodically read.
‘https://infosec.exchange/@kimzetter
‘https://infosec.exchange/@racheltobac
Check this out:
‘https://mastodon.social/explore
Here’s some examples:
‘https://hachyderm.io/@nova/109337218906019916
I love watching all these Mastodon instances come online because I am realizing that there are literally thousands of CEO/Admins in the world who know how to operate a social media service better than Elon.
‘https://macaw.social/about/more
This server is intended for current and previous twitter employees and their friends/family.
ResearcherZero • November 14, 2022 2:17 AM
Election disinformation fueled midterm conspiracies, but far behind 2020 levels
https://www.cyberscoop.com/midterm-election-disinformation-quiet/
–
Only 27% of the posts remained neutral, asking users to wait until evidence is found before assigning responsibility or discussing the environmental impact of the escaped methane.
https://cepa.org/article/conspiracy-theorists-right-wing-politicians-fuel-nord-stream-disinformation/
old footage misused in tweets
https://www.france24.com/en/tv-shows/truth-or-fake/20220929-twitter-posts-suggest-the-us-is-behind-nord-stream-pipeline-sabotage
ResearcherZero • November 14, 2022 2:57 AM
The Good News!
Exxon Mobil made $18bn in profits in three months. Shell and Chevron each made nearly $12bn
hxxps://priceofoil.org/content/uploads/2022/03/oil-profits-march-2022.pdf
BP America, Chevron, Devon Energy, ExxonMobil, Pioneer Natural Resources, and Shell all made record profits in 2021
hxxps://www.accountable.us/wp-content/uploads/2022/03/20220307-UPDATED-Oil-And-Gas-2021-Profits-1.pdf
with enough cash left over for just a smidge of lobbying
https://www.opensecrets.org/industries/indus.php?ind=E01
–
The Bad
“We are going to cross, early next decade, 1.5C.”
https://doi.org/10.5194/essd-14-4811-2022
I like to go wee wee.
ATN • November 14, 2022 4:34 AM
TRT World very good documentary about how “deep fake” is evolving…
STORYTELLER: SEEING IS BELIEVING
Our societies are suffering from information overload, which blurs the line between information and disinformation. Are we moving toward a world without truth?
Did not find a direct link, search around:
https://www.trtworld.com/topics/storyteller
SpaceLifeForm • November 14, 2022 5:17 AM
@ Ted
Re: Shuffling cards
So, @mmasnick had a link on Mastodon, but he did not put it on twitter.
‘https://www.youtube.com/watch?v=5_KcQt0z-eE
Well, as best as I can tell. He may have, but as twitter implodes, and more and more subsystems are having problems, let me just twistily paraphrase John Gilmore:
Twitter is damaged, and Mastodon is working around it.
p.s. Ever hear about DPA and CFIUS ?
‘https://www.investopedia.com/defense-production-act-dpa-5187806
A revision in 2018 further widened the scope of transactions that could fall under national security review, including those involving a foreigner taking a noncontrolling stake in a U.S. company.
Clive Robinson • November 14, 2022 9:02 AM
@ SpaceLifeForm, Ted, ALL,
Re : Where Next.
As you’ve observed
“but as twitter implodes”
Twitter is nolonger what it once was and is still on a downwards trajectory at some pace.
It’s clear that the financial markets do not think Twitter will last out the year in a viable form, and so they now see Elon Musk as a goat to be first bled dry then consumemed as part of a ritual feast.
The real question is of course,
“Where will it stop?”
Will it stop with Twitter or will it go through FaceBook, LinkedIn and the others that have never actually earned their keep and only “idiot speculation” gives them value.
One of the reasons I never got involved with social media is it forces you to share details about yourself that whilst individually not harmful, though like the pieces of a colarge, when put together they can make a picture that is neither true or that you would want to see made and displayed.
But there was the other problem that seldom gets talked about which is,
“Who owns your Personan details?”
We now know it’s as sure as heck not you, but if not then who?
Often they are seen as,
“An asset of the entity that forms a work with them.”
That is basically the act of collecting them turns them into a “work” which has copyright, thus assumed value.
But more importantly what happens when the entity that created the work falls into debt or ceases to exist?
In short the asset belongs to either the creditors or the stockholders.
Importantly there is no limit to what they can do with such an asset to realise value…
Thus as the Social Media Corps colapse, your details become the property of those you would consider unscrupulous when you find out the levels they will go to to realise value on them…
Oh and that includes all those dtails you thought you had deleted, but those Social Media Corps never actually delete, they just remove from your view…
So the question you should ask is,
“What happens when Google Implodes?”
Which will happen if the Intetnet add revenue bubble truly explodes…
Ted • November 14, 2022 9:48 AM
@SpaceLifeForm, Clive, All
Re: Mastodon
Oooh. Cool! On my small following list I had Tobac and Carhart, and am now adding Zetter. Thanks for heads up!
In addition to access via web browser, I see there is an app for iPhone and Android too. And while Mastodon is open source, I don’t know how this translates to the apps.
Graham Cluley discusses the security of Mastodon on his podcast and also has an article.
Key take-aways: Enable MFA and note that “DMs” are stored in clear text on the Mastodon server. Plus, as you mentioned earlier, if you add someone’s name in a DM they are brought into the convo. Also, posts are called “toots.” We’ll see if this carries on. lol
https://grahamcluley.com/mastodon-what-you-need-to-know-for-your-security-and-privacy/
Nick Levinson • November 14, 2022 9:55 AM
@Clive Robinson, @SpaceLifeForm, & @Ted:
Who owns your personal details is often no one. Copyright law protects expression but not the underlying information so expressed. If personal details are those generated or collected by someone else, they may be allowed to keep them secret from you, which may be an artifact of ownership until revelation; or they may be allowed to restrict use, such as forbidding me to use someone else’s Social Security Number as if mine. If a business has a copy of your details, it goes bankrupt, and its assets are sold, your height and weight are not sold but their file stating your name, height, and weight can be sold despite a privacy policy to the contrary. (It is possible for you to sell your name as your likeness for commercial use, but that’s unusual and a different case.)
fib • November 14, 2022 10:09 AM
@ SLF, All
re: RNG
It was a nice [and fun] discussion. It’s amazing you have kept track of it. Interestingly, right now, with some free time in my hands, I’m experimenting with rtl-srd — entropy extraction from atmospheric noise.
Note: I still dream of a neat RNG americium chip installed on my motherboard. 🙂
Regards
Tatütata • November 14, 2022 11:14 AM
This is far beyond my knowledge. 90+% of houses in the Netherlands are build with double stone walls (concrete or bricks) with isolation in the airspace in between. Walls must withstand 13 Beaufort winds head on.
They can perhaps resist wind, but not natural gas extraction, see Groningen. (Same problem in coal mining regions in BE-FR-DE, or more recently, with deep geothermal direct injection systems).
My memories of the construction quality of early to mid-20th century ZH suburbia aren’t nearly that enthusiastic. (Like, “Is there any straight wall in this joint?”) Newer flat blocks with pile foundations are probably a different story.
Ted • November 14, 2022 11:16 AM
@SpaceLifeForm, Clive, Nick Levinson, All
Re: Mastodon
According to a NYT article: “There are at least 4,000 independent servers, according to estimates by fediverse.party.”
https://fediverse.party/en/mastodon/
“Anyone can create his or her own version of Mastodon, known as a server, with rules and regulations that apply only to that version. Those are enforced by the people who use that version.”
So glad you are discovering different elements of the service. It’s great the former Twitter-folk have someplace they can connect 🙂
https://www.nytimes.com/2022/11/07/technology/mastodon-twitter-elon-musk.html
Winter • November 14, 2022 11:37 AM
@
They can perhaps resist wind, but not natural gas extraction, see Groningen.
Clearly. Even our earthquakes are man-made, unintentionally. Houses were build for wind-stress and cold, not exotic things like earthquakes. Building codes for the gas region now must be upgraded.
My memories of the construction quality of early to mid-20th century ZH suburbia aren’t nearly that enthusiastic.
WWII destroyed the center of Rotterdam (partly German bombings, partly ill-advised urban renovation). After WWII, a lot of housing had to be build with a focus on quantity over quality. Many of these houses should be raised and replaced, indeed.
Newer flat blocks with pile foundations are probably a different story.
We would be lucky to be able to build on sand. Most of Holland (N&Z) is build on peat bogs. pile foundations are a must everywhere in the western part of the country.
Bryan • November 14, 2022 11:57 AM
@Clive:
Interestingly you can turn straw into a form of polymer glue from the lignin in it that you can lay straw stems or choped straw in
There’s an old saying in the pulp and paper industry: “You can make anything from lignin except money.”
Winter • November 14, 2022 1:23 PM
Re: Twitter implosion
Twitter engineer calls out Elon Musk for technical BS in unusual career move
‘https://www.theregister.com/2022/11/14/musk_twitter_rpc_spat/
Responding to Musk’s original post, software engineer Ben Leib said: “As former tech lead for timelines infrastructure at Twitter, I can confidently say this man has no idea wtf he’s talking about.”
I think we wil soon see unambiguous evidence of that.
Clive Robinson • November 14, 2022 3:27 PM
@ Winter, SpaceLifeForm, Ted, ALL,
Re : Social media implosion #1
Yes the advertisers and their money are leaving, but it’s not just Twitter they are running from (Meta is having major probs in that area as well).
But there is another issue that some of us have mentioned from time to time and indicated that it can not be outrun for ever…
The engineer that said,
“Frankly we should probably prioritize some big rewrites to combat 10+ years of tech debt”
Might have been only speaking about Twitter but, it’s true of all the Silicon Valley Mega Software Corps doing “Social Media”.
Their game was to introduce as many new features as possible to “grab eyeballs” at the highest “burn rate” they could or pay mega-bucks for Start-Ups that might be the next “new thing” and just throw it in.
The result is a “Tsunami of Technical Debt” that has not just crested but is starting to crash down. Worse much of what is up there descending has not just rotted but become putriesent to the point it is a pestilence of pandemic proportions…
Will “Social media” Corps in Sillicon Valley survive?
Is a question the answer to depends I guess on your definition of “survive” (Meta is now worth less than a quater of what it was a short time ago, and looks like it’s going to keep dropping with a massive VR rock tied to it’s neck).
I suspect a new bunch of players will now enter into “Social Media”. Some will be “decentralised” running on hardware in back bedrooms or instances on cloud services.
They will have the problem that Web 1 had of “no index” or “searchablity”. Well the worlds largest centralised system Google solved in part that issue for the Web. The question is who will solve it for decentralised social media thus giving Goverments back some degree of “hidden hand” control.
They will also have that other problem of “Making Money” to pay wages and infrastructure costs… A problem that has not been effectively resolved since the 1980’s…
Ted • November 14, 2022 4:18 PM
@Clive, SpaceLifeForm, Winter, All
They will also have that other problem of “Making Money” to pay wages and infrastructure costs…
Yeppers. The infosec.exchange instance has a wiki page that may shed light on some of its operating costs and setup. Now this info may pertain to the pre-Muskian Twitter era. So it’ll be something to keep an eye on if its membership continues to rocket up.
https://wiki.infosec.exchange/
Here are some details from the wiki page:
Infosec.exchange receives $851.96 per week from 491 patrons. Goal: $400.00
Infosec.Exchange servers are located in Germany, running on servers rented from Hetzner.
Operating costs for infosec.exchange:
SpaceLifeForm • November 14, 2022 6:07 PM
re: Twitter implosion
Pulling wires at Random, you FAFO
Musk earlier today: Part of today will be turning off the “microservices” bloatware. Less than 20% are actually needed for Twitter to work!
Users later: I can not log in with SMS 2FA anymore!
Must have pulled the wire leading to Twilio.
There is a reason why adults keep things out of the reach of children.
Clive Robinson • November 14, 2022 7:16 PM
@ SpaceLifeForm,
“There is a reason why adults keep things out of the reach of children.”
Yup, VHS video tapes were expensive, and mom did not want her shows being tapped over with MTV…
Now I’ve “shown my age” I guess I should ask,
“Does MTV even broadcast anymore?” 😉
SpaceLifeForm • November 14, 2022 8:03 PM
Re: Twitter implosion
As I said previously, I would have suspended the @elonmusk account.
If you think you are a genius manager, you have no idea how the techs can burn your ass. Just by trolling you.
But, hey, what do I know?
‘https://nitter.net/staringispolite/status/1592208393045147649#m
SpaceLifeForm • November 14, 2022 9:16 PM
@ fib, Winter, Clive
When you can smell the smell from the catalytic converters a mile away.
This is what the Georgia voters are looking at in the US Senate race runoff vote next month.
Maybe Herschel Walker will get hired at The Onion.
‘https://nitter.net/therecount/status/1592216714380394496#m
“If we was ready for the green agenda, I’d raise my hand right now. But we’re not ready right now … What we need to do is keep having those gas-guzzling cars, ’cause we got the good emissions under those cars.”
Clive Robinson • November 15, 2022 12:46 AM
@ SpaceLifeForm,
Re : Maybe Herschel Walker…
Got used as a “pinking agent” “test dummy” when he was younger…
The trouble is his audience look like the sort that just suck up that polution of the airwaves and nod along like those who used to inhabit opium dens a century or so back. As some say,
“Same 5h1t different day.”
Clive Robinson • November 15, 2022 1:18 AM
@ SpaceLifeForm, ALL,
Anyone else noticing DuckDuckGo is failing over the past 12hours?
In the UK I’m getting lots of network time outs and failure to get the front page up.
lurker • November 15, 2022 1:27 AM
@Clive Robinson
DDG seems as good as ever in the SW Pacific 0620 UTC. caveat: I haven’t needed to use it in the previous 12 hours.
Suspob • November 15, 2022 5:38 PM
Stealing passwords from infosec Mastodon – without bypassing CSP
_https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
SpaceLifeForm • November 15, 2022 7:48 PM
@ Suspob, Ted, -, Clive
Re: Mastodon bug
Thank you for the link.
They think they have fixed it.
But maybe it is tip of iceberg stuff.
The more complex the software, the more attack surface.
HTML and markdown parsing filters are complex, as has been found here.
Clive Robinson • November 15, 2022 8:40 PM
@ lurker,
The curse of asking a question, is somehow it technomagicaly solves the problem…
DDG has since about 30mins or so after I asked finallt worked for me… And it’s been OK for me since then.
I’m not sure where the prob was, other websites such as this one were actually working better than normal for the time of day. Which is why I assumed it was a DDG problem rather than a basic network problem.
So “scratching my head” as to an idea, all I can do at the moment is thank you for your reply.
SpaceLifeForm • November 15, 2022 11:45 PM
@ Ted, Clive, ALL
re: Twitter implosion
As I mentioned, the techs can mess with the bad manager.
Well, you may have heard of the Twitter shortener, where less characters are needed for the full URL, right?
Check this out, just copypasta this vanity link into a empty window or tab:
t.co/elon
Just for the lulz.
lurker • November 16, 2022 12:22 AM
Lord Lucan lives in Brisbane, according to this lightweight MSM piece on Facial Recognition,
. . .
re twitter implosion, the whole continent of Africa used to run on a single 41/8 address space, so why would you need an office there?
lurker • November 16, 2022 12:24 AM
@Clive Robinson
My tecchie explanation is it must have been too many birds sitting on the wires . . .
Ted • November 16, 2022 1:09 AM
@Suspob, SpaceLifeForm, Clive
Re: Password-stealing attack on Glitch (a Mastodon fork)
Good article! Thanks for sharing! It’s taken me a bit to try to understand this attack, but there was a supporting article that summarized:
“Heyes found he was able to steal users’ stored credentials using Chrome’s autofill feature by tricking them into clicking a malicious element he had disguised as a toolbar.”
Glad it’s been patched – even though I’m not entirely (read: not at all) sure how 🙂 From Heye’s timeline:
“Tue, 15 Nov, 08:00 – Confirmed infosec.exchange had applied the patch
Tue, 15 Nov, 14:00 – Blog published”
I’m sure this won’t be the last exposed vuln. Hopefully we’ll see more nice hackers publishing their findings.
SpaceLifeForm • November 16, 2022 2:11 AM
@ Ted, Clive, ALL
re: Mastodon
It appears the action going forward is twofold.
You create another Twitter account, where the actual twitter account id is really the name that points to your new Mastodon account. Remember, the twitter name field is flexible. But not the twitter account id field. But the twitter account id field is flexible at the time you create it.
Then you post your tweet to the new twitter account.
Then you re-tweet the post from the new twitter account under the old twitter account. You have two accounts that you control. You make the new twitter account private where only the old twitter account can see the new.
So, the readers reading the old twitter account will clearly see the new account id, which really points the reader to the Mastodon account.
At least, I think this is what he is doing.
‘https://nitter.net/thegrugq
This makes sense even if extra work, because if someone else re-tweets a comment from the old twitter account, and if a reader of a someone else does not normally follow the original tweeters timeline, they will at least have a chance to catch the information being conveyed.
The alternative is just to change the twitter name field to be the new Mastodon account id as seen many times. But, then, the reader has to be more certain of the twitter account id, and if a fake pops up, and others re-tweet, then people can fall for fakes. For example, kimzetter has already seen two fake accounts on Mastodon. You have her real account ids, no need to repeat.
The longer you have been reading someone, the better. You will know what they pay attention to, and what their writing style is. Fakes will become obvious.
Something about communication comes to mind.
SpaceLifeForm • November 16, 2022 3:44 AM
@ lurker
re: Twitter implosion
The likely reason for the Ghana office was to have multiple people there that were fluent in other languages besides English. For Moderation.
‘https://www.theafricareport.com/257935/twitter-layoffs-in-accra-could-spell-disaster-for-its-operations-in-africa/
‘https://breathlist.com/africa/ghana/culture-and-people/languages-in-ghana/
name.withheld.for.obvious.reasons • November 16, 2022 3:45 AM
@ Clive
I never really wanted my MTV, and my…
But Book TV, all in brother.
SpaceLifeForm • November 16, 2022 4:25 AM
@ Ted, Clive, ALL
Re: Twitter implosion
Obviously, I have must have fallen asleep on my mouse wheel. This is old stuff now, like over 24 hours. I really don’t know how I missed this. LOL.
‘https://nitter.net/t_i_g_g
‘https://twitterisgoinggreat.com/
Clive Robinson • November 16, 2022 5:53 AM
@ SpaceLifeForm,
“Just for the lulz.”
What can I say… that was just “D’Astley D” 😉
As for “Twitterisgoinggreat” down the drain, there are some fun things in there like an unveiled threat from a Congressman to Musk telling him to sort Twitter out or Congress will…
Oh and the breach of the agreement with the EU over Twitter’s GDPA agreement… 4% of turnover could be a “coup de grass”…
Talk about “running with scissors”.
SpaceLifeForm • November 16, 2022 6:11 AM
@ Clive, lurker
Re: DDG 12 hour Flu
I did not check as I was doing other research, but a 12 hour flu kinda says to me that they were doing some heavy maintenance work, or, it was maybe a bad perf problem (OOM, Loopers, Livelocks, bad NICs, etc – pick your poison), and your question was spotted and woke someone up.
You never know when you spot a problem, mention it, it get’s resolved, and you never hear a postmortem. But, you have to mention them, or they may get overlooked even longer.
Livelocks are the nastiest poison available. Will never kill you, but you will never move. Actually trying to find the cause, you will wish it was a deadlock. Nasty problem. You really need to know the system design intimately (years of knowledge), and know how to debug at source code level just by reading and thinking about timing scenarios (years of knowledge).
You have to be able to think about and solve the problem without a debugger, otherwise you can run into the Heisenbug problem.
You have to be able to find bugs by just thinking about them.
Clive Robinson • November 16, 2022 8:25 AM
@ lurker,
“… it must have been too many birds sitting on the wires . . .”
And I’m guessing they were “all a twitter” 😉
In the UK we have a nursery song that has the magic line “that’s the way the money goes, pop goes the weasel” (the tune of which makes a fine jazz ditty).
That song line happens to remind me of Elon Musk and his current behaviour / predicament…
Many still sing it for their children, I even did my best “baloo the bear” impresonation[1] for my son when he was of that age. However very very few understand what the line means.
Back in the 1800’s those who made hats worked with specialist tools to amoungst other things “iron mecury into fur” as a preservative. Unfortunately mercury vapour is a very deadly neurotoxin the first symptoms of which are bad headaches followed by declining mental abilities that back then were considered by “the great and the good” to be due to a weakness of moral fiber… In part because the only relief for headaches back in the 1800’s was very cheap gut-rot gin called Geneva-liquor a pint of which would kill you but cost less than bread, or a “penny worth of your finest” opium from the local Pharmacist who might be adding other things such as arsenic or extract of foxglove or similar poisons to it.
So then as now people called strong liquor “The working man’s painkiller”.
Anyway the use of liquor gets rapidly less effective so the hatters used to try to get drunk and stay drunk over their down time. To do this they needed cash money. So it was common for a workman to take his tools to a pawn brokers also known as “The working man’s bank” to get the funds by pawning them also known as “poping” them, which is where the “pop” in the line comes from.
If you read “Alice in Wonderland” you will read about “The mad hatter’s tea party” which fairly accurately describes some of the symptoms of mecury poisoning. The tool that was responsible was an iron of a particular shape known as a weasel. Hence the second unknown in the line.
You used to be able to see weasels in museums, but now because the mecury has formed an amalgam with the metal of the iron and leaches back into the environment as poison vapour… Museums either don’t keep them or treat them as hazardous materials to be locked safely away.
[1] The original Baloo Phil Harris sounds much better, than I ever could,
https://m.youtube.com/watch?v=sQq-Ffh6gfo
There are words in there that could be good advice for Elon Musk and others 😉
Clive Robinson • November 16, 2022 8:38 AM
@ SpaceLifeForm,
“You have to be able to find bugs by just thinking about them.”
The very definition of,
“Thinking hinky”
For my sins, I’ve been doing it for well over half a century even before I was picking locks as a pre-teen.
In many ways it’s realy the skill by which I earned my income. And it’s still with me as I aproach my dotage 😉
One thing I do know is it scares the less practiced in the medical profession, it’s even occasionaly funny when consultants get me to explain “as an engineer” why some things that appear bizarre are rationally explainable.
Phillip • November 16, 2022 8:47 AM
@JonKnowsNothing
Thank you, thank you, thank you. A system reset pushing the earlier image back onto you. All of our prophylactic measures are a disaster when a process server is waiting for me.
Clive Robinson • November 16, 2022 8:58 AM
@ Name.Withheld…,
Re : It must be music lessons today.
“But Book TV, all in brother.”
Is that a refrence to the album “Brothers in Arms” by “Dire Straits”?
You appear to know atleast the opening words 😉
As for being in “dire straits” it would appear that the pending implosion is has put a few egotists in there…
For those “to young” to have heard it the first time around,
MarkH • November 16, 2022 10:45 AM
@Clive:
Back when I still had a TV feed, Book TV was a favorite. CSPAN is a service to cover Congress, which usually does no business on weekends, so they run two days on nonfiction books, mostly author speeches or interviews.
Tatütata • November 16, 2022 1:36 PM
When I think of popping weasels, I thing the 1933 Marx Brothers flick “Duck Soup”, where Rufus T. Firefly’s exposes the laws of his new administration.
https://www.youtube.com/watch?v=uSsUoxlSADk
[…]
I will not stand for anything that’s crooked or unfair
I’m simply on the up and up, so everyone beware
If anyone’s caught taking graft and I don’t get my share
We stand him up against the wall and pop goes the weasel[…]
If any man should come between a husband and his bride
We find our which one she prefers by letting her decide
If she prefers the other man, the husband steps outside
We stand him up against the wall and pop goes the weasel
At last a candid and truthful statesman…
BTW, one of my favourite films.
SpaceLifeForm • November 16, 2022 7:43 PM
Re: Twitter implosion
So, in 3 months it will get worse. Their email system is probably crickets now.
Musk said any employee who has not done so by 5 p.m. ET on Thursday will receive three months severance.
‘https://nitter.net/donie/status/1592859900941852674#m
Here is a good example of why Twitter is an asset for National Security.
‘https://www.vox.com/future-perfect/23462333/sam-bankman-fried-ftx-cryptocurrency-effective-altruism-crypto-bahamas-philanthropy
JonKnowsNothing • November 16, 2022 8:33 PM
@SpaceLifeForm, All
re: Social Media can never be an asset for National Security
Well, not in the USA.
No matter how many people use Social Media in the USA, to get it classified as a public service or national security item would require the “ownership” to be moved to the US Government. The US could then lease-back, rent-out, authorize or deputize companies to provide service, as we do with telecom and cable-digital signals (FCC and others).
Wall$$$ would not be amused.
It would look pretty odd having the blue-bird stripped in exchange for a mil-spec heraldic device. I doubt it would too popular if the 3Ls started stamping their icons openly on the HUD either.
EM might pass out in relief though, if it happened before he loses everything he has ever worked for or rather any assets he has left to be stripped of. Mr.HardCore isn’t that resilient.
SpaceLifeForm • November 16, 2022 10:00 PM
@ JonKnowsNothing, Clive, ALL
I have Dots
Very, very interesting Dots.
You may recall that months ago I mentioned 64433 and STOP.
‘https://www.inforisktoday.com/twitter-two-factor-authentication-has-vulnerability-a-20475
A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting “STOP” to the Twitter verification service results in the service turning off SMS two-factor authentication.
“Your phone has been removed and SMS 2FA has been disabled from all
accounts,” is the automated response.
JonKnowsNothing • November 16, 2022 10:36 PM
@SpaceLifeForm, @Clive, All
re: STOP ala phunycode
Krebs has a new article up about bad URLs being used to hack systems (aka Punycode). He details a current exploit seller and how they fit into the supply chain for exploiting access using namespace differences.
It’s similar to the problem of BadCerts, I don’t need XYZ language if I don’t speak, read or write it to be automagically opened on my system. If I decide to learn that language or have need of it, I can DL later. The reason it’s there is lazy-config, one setup for the world and you get Etruscan and Euskadi when all you need is the latter….
So an “unchecked variable”, might actually be validated but the system doesn’t know lamb chops about the meaning. Might as well try sending MINTSAUCE to get the same effect if you find the correct Punycode.
===
ht tps://krebsonsecurity.co m/2022/11/disneyland-malware-team-its-a-puny-world-after-all/
htt p s://en.wikipedia.or g/wiki/Punycode
(url fractured)
SpaceLifeForm • November 16, 2022 10:44 PM
Re: Twitter implosion
Maybe someone read this:
Even if not, I still feel honored! LOL.
https://www.theonion.com/elon-musk-demands-twitter-servers-explain-what-all-thes-1849786227
name.withheld.for.obvious.reasons • November 16, 2022 11:34 PM
@ Clive
I am not going to say I have rhythm, but yes, Dire Straits. I’m puzzling a Midnight Oil chorus–a least in a context that is useful.
@ MarkH
Yes, I have been addicted to Book TV for over 30 years. Peter, Karen, and Brian Lamb used to host the show and had great interviews and conversations with authors. Brian Lamb is a personal hero, so erudite and thoughtful, with patience and tolerance. It seems to exude from all the pores of his body.
My father once scolded me; “Son, you watch too much CSPAN!” It was as if he were more comfortable in me partaking in something pornographic (adult programming, always cracks me up). I may have just possibly given my pronouns away.
SpaceLifeForm • November 17, 2022 12:51 AM
@ JonKnowsNothing, Clive, ALL
Twitter NatSec
One can not pay attention to everything 24×7, but you can make Book (on TV even), that someone is paying attention and others are connecting dots.
I am out of Blue Check Marks, but they apply here:
https://nitter.net/RVAwonk/status/1592347386684506113#m
Here are two links she mentioned:
https://www.sciencedirect.com/science/article/pii/S2405844020316479
Using Twitter for crisis communications in a natural disaster: Hurricane Harvey
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4494697/
Twitter as a Potential Disaster Risk Reduction Tool
Nick Levinson • November 17, 2022 1:08 AM
@lurker & @SpaceLifeForm:
Having a foreign office can be for lots of reasons.
One is if it’s required by law there, and the law may be to force a company to have legal nexus in that nation as a condition of doing business there, thereby giving the nation jurisdiction over the company so the nation’s laws are enforceable.
India requires hiring some Indians in India so India can arrest someone.
Some U.S. news media closed their offices in Russia when it became illegal to call what Russia is doing in Ukraine a war and calling it that in an American news report could lead to arrests of their media people in Russia.
SpaceLifeForm • November 17, 2022 2:55 AM
@ ALL
Re: Running with Scissors
This thread is really, really awesome. Please read it, even if you are an OG like plenty of us here. More importantly, us OG need to get the youngins to read it and understand it. Understand what he is saying here. Communicate it to the youngins. Let them know they do not need to be scared, and that they can do good stuff.
Seriously, this is spot on. Best thread I’ve ever read, and I seriously thank Robert Graham for taking the time. Well done sir!
SpaceLifeForm • November 17, 2022 3:47 AM
@ Clive, lurker
Re: DDG 12 hour Flu
Were you beta testing?
‘https://arstechnica.com/gadgets/2022/11/duckduckgos-android-anti-tracking-tool-offers-stronger-third-party-protections/
installs a local VPN service on your phone, which can then start automatically blocking trackers on DDG’s public blocklist.
Nick Levinson • November 17, 2022 4:23 AM
Attention to Twitter because of the new ownership and the new person at the top is remarkably much larger, here and in mainstream media, than is normal even for well-known U.S. companies that get new ownership and a new person at the top. He brought it on himself and he has created his own crisis. May he have a lovely time.
I understand a Washington Post reporter got a blue check for an account made in someone else’s name, the someone else being a Senator who gave the reporter permission and now is demanding that Twitter explain just how they determine that someone is using their real identity, and the Senator, who sits on two Senate subcommittees relevant to Twitter and Tesla, has said that the new owner fix this or Congress will do it for him (that may be partly a bluff but it’s not likely completely empty as a threat).
Clive Robinson • November 17, 2022 8:34 AM
@ Nick Levinson,
Your #comment-412556 above at 4:23AM reads oddly compared to your other posts.
In the past a certain troll has tried taking over peoples handles on this site…
So just “checking” to see it is actually you and that you are OK?
&ers • November 17, 2022 12:24 PM
@Clive @SpaceLifeForm @ALL
They dismantled the Iranian Shahed 136 drone.
hxxps://censor.net/ru/video_news/3381097/v_dronah_shahed136_iranskogo_proizvodstva_tolko_dvigateli_ostalnoe_komponenty_bolee_30_zapadnyh_kompaniyi
This is truly an international product.
Only engine in however Iranian.
They tracked more than 30 USA/European companies products there.
Servo is Hitec USA Group, batteries Panasonic, ceramic antenna
comes from Canadian Tallisman, most of electronics comes from
Texas Instruments (transceivers/drivers/signal processors etc).
Main control block is from Russia.
There are also Ukrainian products – relays. So somehow those
relays end up in Iran and come back to Ukraine bringing death…
fib • November 17, 2022 2:42 PM
@ Clive
To give you some feedback
I’m a heavy DDG user and I haven’t experienced any problem lately. In fact I never had any noticeable problem with it.
SpaceLifeForm • November 17, 2022 3:42 PM
@ Ted, ALL
Re: Mastodon
Is Mastodon Private and Secure? Let’s Take a Look
https://www.eff.org/deeplinks/2022/11/mastodon-private-and-secure-lets-take-look
The Fediverse Could Be Awesome (if we don’t screw it up)
https://www.eff.org/deeplinks/2022/11/fediverse-could-be-awesome-if-we-dont-screw-it
SpaceLifeForm • November 17, 2022 6:34 PM
@ fib
Re: WX
You will probably find this interesting while you bask in warmth. I am not, as 10 days ago it was 80F here, and since then, it has already snowed twice (not major). But, at least I am not in Buffalo, NY.
This tells you how good the weather models are these days.
The NFL has moved the scheduled game of Cleveland at Buffalo to be played in Detroit due to a incoming storm.
Granted, Buffalo gets lake effect snow.
The game was to be Sunday in Buffalo, it is Thursday. Flurries are expected there on Sunday. It is not snowing there now.
Wait for it!
They are expecting at least 4 FEET of snow.
SpaceLifeForm • November 17, 2022 7:38 PM
@ MarkH, Winter, ALL
Re: Big Bang, Redshift, Observation, Measurement
JWST is going to break delusions of some physicists that have bought into the illusion of Big Bang and Redshift
Alas, I repeat myself.
‘https://www.theverge.com/2022/11/17/23464796/jwst-galaxies-early-universe-nasa-james-webb
“Somehow, the universe has managed to form galaxies faster and earlier than we thought,” said Tommaso Treu, principal investigator for one of JWST’s programs (GLASS-JWST), in a press briefing.
[It is because they do not understand what they Observe and have a model in their mind that may be a false model]
[One needs to think outside the box]
Clive Robinson • November 17, 2022 7:54 PM
@ SpaceLifeForm,
Re : Were you beta testing?
No I was “alpha testing” another issue altogether, with regards one of the search engines DDG uses as a back end, that “pushes” out what appears to be illegal content from a search typo[1].
I was unaware of the beta of an Android VPN as it’s something new, I’ll look into as it might be usefull.
[1] A user I know who is a multilingual translator / technical writer wants to improve their scope thus earning capabilities by branching out as an educator for hire as well.
So they were looking for course material to “borrow ideas from” on Java Programing so ment to enter
“Java Teaching”
They would start in the DDG “all” then look at the “images” for “death by viewfoil” or “video” for actuall presentations “to get inspiration” from.
On one occasion they misstyped “Java” and left the second “a” out and she was very shocked by what came up in “images”… Let’s just say it was most definitely a wall of “NSFW” (some of it’s quite disturbing smut using adult actors who are small in stature etc).
Interestingly the NSFW appears to only comes up in “images” not in “Videos” because videos get “front loaded” by YouTube link thumbnails. Likewise with “All” that gets frontloaded with non specific probbably ranked links so images might be to far down the page to be seen.
This gives the problem that such NSFW often only comes up to a users eyes in “images” not “all”, “video”, etc, and as such the images get dowloaded in the background unseen. So a user might not be aware of what is getting “pushed” onto their PC and cached…
You would be surprised, I certainly was, at just how many normal word “misspellings” or words joined because “a space between” was missed or they got hyphenated, cause this issue with the particular search engine DDG uses.
Worse acronyms that look like many university or online course identifiers do the same thing.
I guess it’s because the originators of such content want to get past “content filters” of the search engine in question.
Ted • November 17, 2022 9:16 PM
@SpaceLifeForm, All
Re: Mastodon
Thanks for the EFF links! They are really on top of what’s happening. I just happened to catch another interview with Jerry. He said he has some excellent content moderators helping with the instance. He upgraded the server. It’s going to be interesting for sure.
https://infosec.exchange/@jerry/109362312004996109
“Here is a pic of the staff leaving Infosec.exchange HQ in protest of going too long without belly rubs”
&ers • November 17, 2022 9:47 PM
@Clive @SpaceLifeForm @ALL
Another article on Shahed drones:
hxxps://www.telegraph.co.uk/world-news/2022/10/29/iranian-made-drones-shot-ukraine-stuffed-us-components-available/
Seems somehow somewhere something was lost in translation.
Russian article is a little bit different.
Clive Robinson • November 17, 2022 10:14 PM
@ &ers, SpaceLifeForm, ALL,
Re : Iranian Shahed 136 drone.
A quick glance at the photos suggests,
1, Engine is made from air cooled motorbike engine parts, some of which look like they are made outside of Iran.
2, The 18650 batteries could come from anywhere they are made, they are after all a “standard part” and realy nothing special. The fact that the same Japanese batteries turn up in Chinese products from Bang-Good and Ali-barba and also in Russian products sold into the West should tell you that they are ubiquitous (and probably started their life in a South American hole in the ground[1]).
3, What looks like a standard patch antenna sub-assembly, whilst it’s claimed to be Canadian, it’s actually made with other components some of which may well be Chinese in origin.
As for the alledged US actuator well lets just say not that much is truley “made in the US” any longer, but assembly from Chinese made parts is very common, even after the Trumpian rath.
All it realy shows is that the world economy is global and parts come “on the boat” via very long supply chains.
The “presentation” in the article though appears to be all “political” in intent. I’ll let some one who can read the text naturally pass comment on the articles tone.
But if you look back on this blog I’ve repeatedly mentioned building drones / UAVs using parts from the Internet, in essence all the Iranian’s have done is “up scalled the idea”. It is an obvious way to go for anyone involved in modern manufacture.
As an example, an electronic circuit I designed with a friend some years ago now whilst at a trade show in Hollond and was once proudly “Made in England”, is now made with… a PCB made in the US (RT-Duroid), etched in China, with custom ceramic capacitors etched in Japan on Korean substrate, wound silver plated coils from China, RF Power Transistors sourced via Holland, a micro controller made in Scotland, power FETs made in Wales, assembled in Brazil, and tested and put in broadcast transmitters in England. Then sold back into the US, UK, South America, Middle East, Europe, China, Australia, Asia to name just a few… All of it managed, administered, marketed, sold by the Internet. Such is the nature of modern electronics manufacture these days, it all realy is “global” and unless it’s collecting airmiles via UPS etc all “comes over on the boat” or has hopped on a train from China[2],
https://en.m.wikipedia.org/wiki/Yiwu–London_railway_line
[1] There is an old saying about deep holes in the ground,
“Tis only a mine when there’s a Cornishman at the bottom.”
It originates from Victorian industry exporting it’s self and spreading around the world. It’s kind of like “Every Boston Cop is an Irishman”, likewise Brooklyn or New York, the old observation of “if it’s dressed in blue and has a whistle…”.
Nick Levinson • November 17, 2022 10:23 PM
@Clive Robinson: No, it’s my post, I’m fine, and thank you for asking. I’m not sure what would be odd, although the sentence “May he have a lovely time.” is a take-off on the more common saying (maybe from Chinese culture) “May you live in interesting times.” Where I wrote “has said that the new owner fix this or . . . .”, I should have written “has said that the new owner should fix this or . . . .”, and that’s my fault in editing.
Clive Robinson • November 18, 2022 12:00 AM
@ SpaceLifeForm, Ted, ALL,
Re : When the bubble bursts what next.
It’s no secret that Social Media as purveyed by the Silicon Valley Mega Corps is sinking into a lot of trouble and still going down.
It’s not just Twitter Imploding, Meta lost around 750billion in value recently with markets very twitchy over it’s tens of billions being wasted on VR headsets for the “Meterverse” dream which like “True AI” is always a decade in the future at the very least.
All of which is also being driven down hard by the global recession we have “entered” (but politicians are to scared to say[1]). Those big Corps will see less and less speculative investment especially from pensions, and the already plummeting add revenue to diminish and dry up. Hi-Tech layoffs will increase and the pace of “big-tech” technology will slow.
So “Social Media” as it currently is will have it’s bubble burst, or defalte as you can not survive on black tulip bulbs.
So what will come in it’s place, especially as the “rent seaking” cloud will probably shrink back significantly as well.
Unlikely to be the already discredited Web 3.0 based on NFTs and other blockchain trinkets and similar nonsense that as with all cracked pipe dreams won’t realy happen[2].
So what will happen? Most likely many Governments will put up their own National Fire Walls using Orwellian “blaim the infidels” propaganda. Putting their own “controled” infrastructure services behind them and the Global Internet will become at best a net of Federated National nets. Expansion if any will not be “through the USA” or other Five-Eyes etc “choke points” but regional cross boarder hops.
The result of which will probably be the further downward federation of networks much like village to village roadways pre motorways and similar.
The idea of the “Fediverse” and Mastodon fit in well with this “back to the village” future. Where people will actually have local social networking much of which might be by mesh WiFi and similar networks where you “don’t rent” the connection and the hub is in the “church hall” and run as a local charity like food banks / community pantries are currently.
Back in the 1980’s we had “bulletin boards” and peer to peer networking that built into a mesh that carried the early Email around. Some of us once “played on the WELL” and similar “bridging” through other boards. So we already know how to make it work.
But, technology especially as a hobby never stops, and has more often then people realise “moved the world forwards”…
One such hobby is Amateur / Ham radio which has been quietly busy integrating the use of the Internet into the radio hobby to expand the bandwidth regulators won’t give. I can use my digital handset to talk to a hotspot that scoots it down a data network to a federated system of what appear to be chat rooms or channels that conect to other hotspots around the world. It can also do Email and work with SMS messaging. Whilst the physical layer is currently the Internet it does not have to be. The EmComm side of Ham Radio has been working on adapting WiFi gear to work in one of the Amateur band allocations to do high bandwidth mesh networking that can be a low cost setup drop in to replace rent seeking service providers. It takes very little technically to replace most of what “mobile service” provision does, but actually at lower cost over just a year or less. Thus mobile service providers will probavly fight for protective legislation but it would not take much to force them either out, or to bring their pricing right down as they have in other parts of the world. We could easily see 5G stall and 6G get pushed well out into the future rather than just less than a decade away. So don’t throw your 4G and LTE mobiles out yet. Heck in some places 2G is going to carry on as it provides reliable income…
[1] With food inflation running at over 20% and in some cases 70% on basics like flour and vegetable oil and with rapid fuel inflation only held back by a delayed autumn temprature drop, but should kick in soon as incessant rain has pulled the energy out of the atmosphere. So 30-80% fuel inflation is to be expected. But worse the rain has also delayed winter crop planting by more than a month so 30% drop in resultant basic grain production tonnage and similar in other food crops expected. The true inflation for those at the bottom of the socioeconomic ladder where food, fuel and rent is 90-95% of their total income is expected to be homelessness, starvation, as well as respitory illness and the other signs of real poverty like stunted growth and mental development.
[2] Remember there are two web threes, the one the Silicon Valley Mega-Corps were pushing to grab more PPI to feed a Marketing driven add industry thats now shrinking. And the nutbar one from those looking to still milk blockchains by hanging geegaws like Non Fungible Tokens and Smart Contracts and other equivalent base metal bling on them. Something tells me neither are realy going to happen, and things will go widely parallel and decentralized and thus more than likely federated to the point of “back to the village” style computing from peoples homes and the like.
SpaceLifeForm • November 18, 2022 2:43 AM
@ Ted, Clive, ALL
Re: Twitter implosion
Please spend 17 minutes listening to my homie. Pause as needed, write down keywords, take notes. Believe me, there will be a test someday on this. Pay attention now. Connect dots.
Is Elon Musk DESTROYING Twitter?
name.withheld.for.obvious.reasons • November 18, 2022 5:19 AM
@ Clive
You’re dating yourself (not in a self indulgent one-person hug), bur are you still using Mosaic, WAIS, and Gopher? How many Lotus 1-2-3, Visicalc, or Multi-Plan/Calc spreadsheets are you hiding under your bed?
No, you didn’t just say, “All of them!” I must be herring things.
Is that a Wang word processor in your living room? CDC wants their 300bpi tape drives back. I’ll bet your washing machine only takes Winchester drives and you still listen to the Platters (on the radio).
By the bye, seems my humor hits the floor, often. Not germane as perceived, but I’d argue on target and subtly sarcastic (not personal, well, mostly).
SpaceLifeForm • November 18, 2022 6:16 AM
re: Twitter implosion
Well, it appears there was massive Mouse Poison, as most could not click their mouse. Apparently, Elmo will now allow remote work. All of the Payroll department is gone. Tax, Finance, gone. Not sure why anyone would stay as they can not get into the HQ building anyway. Something about steenkin Badgers 🙂
A joke I saw (lost link):
The Twitter employee directory now consists of 280 characters.
JonKnowsNothing • November 18, 2022 9:07 AM
@SpaceLifeForm, All
re: why anyone would stay [Twitz] …?
One reason is: HEALTH CARE INSURANCE
There are others having to do with employee contracts and defined benefits but health care insurance is a good bet, especially if you have a family.
Anyone who has ever seen a COBRA payment (1), has has their mouth drop open at the cost. If they have a family and theirs is the only health insurance they have (2), and if they had some prior experience navigating health insurance programs, that would add to the concern about voluntarily leaving.
Unfortunately, people are excellent at shooting-their-own-foot and often haven’t sorted things like this out, when the Loyalty Oath comes around.
A financially advantageous version is:
- So what… sign the thing and go home at 5pm anyway.
Let HeadTwit keep paying you, and instead of 3 months severance you may last 12 months until next review or cut off.
If you are thinking farther than your personal umbrage about the TwitHead, you will work the system, get another slot lined up. Secure your health care options for conversion, to avoid the COBRA shock and care gap (3).
There is a significant advantage to being laid off or fired, than walking away because their HeadInSands Boss, who couldn’t find an IFTHENELSE statement, makes foolish remarks.
It may feel good mentally, for a short time. But cold, hungry, uninsured and uninsurable isn’t a good spot to be. You have to be a better capitalist than a TwitHead-TakingAHeader.
The odd thing, not really so odd, is that all those unemployment benefits and services came via programs and policies that are antithesis of NeoCon-NeoLiberal-Illiberal economic policies.
You only discover their value, once you really need them, and understand how they got created and why.
===
1) COBRA is the health care insurance an employee can take with them for ~18months, as long as they pay both the employer and employee parts of the premium.
2) In any parts of the USA, health care insurers now require a pooling of all insurances on a claim. eg: spouseA had InsurerA and spouseB has InsurerB. If there is a claim, then both InsurerA and InsurerB share the the cost.
Previously, a person could select which insurance company to they wanted file a claim with. Insurers didn’t like being on the hook solo, so if you have access to more than one health care coverage they will both pay a portion.
3) There is a clause called Pre-Existing Condition. In some states it’s no longer allowed but the health care industry fights hard to get it reinstated. What this clause says is that if your health issue started prior to your insurance you get NOTHING and they pay NOTHING.
As many health care issues start decades earlier but go either undetected or worse “MD monitored but not treated”, you can find yourself sick with an expensive condition to treat. If you don’t have pocket money for a $250K procedure … the outcome is ….
SpaceLifeForm • November 19, 2022 5:22 AM
@ JonKnowsNothing
Besides the Health Insurance problem, then other big one is those on H1-B visa. As to COBRA, huge rip-off. It can wipe out your severance and unemployment benefits before you find another job. So, if you can, you forgo that and hope you still stay healthy.
ReseedingErrLine • November 21, 2022 2:45 PM
I was looking at the re-seeding approach used by Fortuna, and I do not think it is as robust as stated. To give one pathological example:
If I have an entropy source that produces one bit of true entropy in every output, but it is in low bit, and the high bits are just the previous output rotated. (So outputs might be 000a, then 00ab, then 0abc, then abcd only with 32 bits rateher than just 4). The way Fortuna works, every 32 outputs would be written into the fastest/weakest reseeding pool. An attacker could brute force the reseeding, and by doing so could determine all of the entropy put into all of the other pools, rendering them useless.
The general problem exists for any case where outputs of the entropy source are correlated with previous outputs. I don’t see an obvious way to fix this, but I think there needs to be a warning abut this since a great many entropy sources have correlated outputs.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Carl Fink • November 11, 2022 6:35 PM
So, I saw a warning that the COP27 app supplied by the Egyptian government is spyware reporting back to said government.
I also saw a report that it can’t actually be removed, even by a factory reset.
Anyone here have sources for anything? I can’t find it in the popular or tech press. (Reports that the app is spyware, yes, but not that it is irremovable.)