Chinese squid fishing boats are overwhelming Ecuador and Peru.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Frankly • March 10, 2023 9:00 PM
Journalist Matt Taibbi said he was protecting the identity of a source by refusing to give the date of first contact with that source: “Taibbi began to say he couldn’t reveal that information when Garcia insisted she simply needed a date.”
How easy is it to fine the source, if you have that information, the date? I’d say, if you are the government, pretty easy. So Taibbi is right that giving out the date might be tantamount to disclosing a source.
SpaceLifeForm • March 10, 2023 9:20 PM
SVB will be interesting.
Normally, you do not take control of a bank in the morning.
lurker • March 10, 2023 10:25 PM
@SpaceLifeForm
“… a loss caused by the sale of assets, mainly US government bonds …”
Used to be gummint paper was rock solid, only a fool could lose with it, …
ResearcherZero • March 11, 2023 2:51 AM
We were told it was the way of the future.
“Does [Robodebt] produce an inaccurate figure? Well… it possibly does and now we know we can’t do that.”
‘https://www.smh.com.au/politics/federal/so-sad-too-bad-response-to-robo-debt-impact-20230310-p5cr4j.html
(paywalled)
Australia’s current commonwealth ombud, Iain Anderson, has called for an increase in investigatory powers for the statutory office, including the equivalent of a standing right of entry and search of government electronic records and IT systems like other oversight inspectorates.
‘https://www.themandarin.com.au/214343-ombud-demands-new-teeth-to-stop-next-robodebt/
ResearcherZero • March 11, 2023 2:53 AM
“Australia is doing our bit”
‘https://www.abc.net.au/news/2023-03-11/scott-morrison-defends-australias-climate-change-action/11549260
‘A Fair Bit of Auditing’
‘https://parlinfo.aph.gov.au/parlInfo/download/publications/tabledpapers/e3dbd671-93fc-48e4-8e7a-d7f177d55e6f/upload_pdf/Auditor-General_Report_2019-2020_47.pdf;fileType=application%2Fpdf
In Morrison’s government, a lack of accountability has become systemic.
‘https://www.themonthly.com.au/issue/2021/february/1612098000/nick-feik/scandals-he-walks-past
“The tuna smells a bit off Sir?”
‘https://www.theguardian.com/australia-news/2020/sep/30/agency-that-uncovered-sports-rorts-will-be-forced-to-cut-back-on-audits-without-budget-rescue
‘https://www.anao.gov.au/work/performance-audit/award-funding-under-the-community-sport-infrastructure-program
Ever since Scott Morrison was sacked from his job as managing director of Tourism Australia in 2006, the reasons for his dismissal have been kept secret.
‘https://www.smh.com.au/national/i-was-gobsmacked-when-he-became-prime-minister-20220826-p5bd19.html
Scott Morrison ‘the Lord wants me to be prime minister’
‘https://www.nytimes.com/2022/08/16/world/australia/scott-morrison-minister.html
Gave himself God-like powers
‘https://www.sydneycriminallawyers.com.au/blog/morrison-created-the-immigration-ministers-god-like-powers-when-he-held-office/
The End Result…
“The end result is that, to the extent that the public and the parliament are not informed of appointments that have been made under s 64 of the constitution, the principles of responsible government are fundamentally undermined.”
‘https://www.theage.com.au/politics/federal/morrison-s-ministries-legal-but-undermined-principles-of-responsible-government-solicitor-general-20220823-p5bc2j.html
“But that doesn’t explain why the rest of the system went along with it. That is the thing I find most troubling.”
‘https://thenewdaily.com.au/news/politics/australian-politics/2022/08/24/turnbull-morrison-ministries/
ResearcherZero • March 11, 2023 3:09 AM
@vas pup
The general idea of ‘top secret’ is that people don’t know how things actually work. How things actually work is often a long way from what people believe in theory. Putin plagiarized, often verbatim, the text he submitted at university. Back then he was referred to as “the student”. You would have to ask Lavrov what he meant by that, but I don’t think he was being polite. Of course that was before they set off on their journey along ‘The Yellow Brick Road’ to find the young lad some ‘courage’.
‘https://www.txtreport.com/news/2023-02-09-the-committee-of-the-czech-senate-called-to-recognize-the-kgb-and-gubazik-as-organizations-that-support-terrorism.rypny5Mpi.html
“It is very serious news, any such act, should it be confirmed, must clearly have consequences.”
‘https://www.reuters.com/world/europe/czech-minister-says-russia-row-could-influence-nuclear-station-tender-2021-04-17/
Jailing and persecuting dissidents the old fashioned way.
‘https://www.tabletmag.com/sections/arts-letters/articles/philip-roth-the-tourist
A dash of nuance, and go easy on my nuts.
‘https://www.psychologytoday.com/us/blog/finding-meaning-in-imperfect-world/201812/why-many-our-political-opponents-are-not-evil
ResearcherZero • March 11, 2023 3:25 AM
@vas pup
The point I’m making is don’t think he spent much time studying at school, considering also what came out of his mouth. I could describe it like Tucker Carlson listening to Sydney Powell, except on a vast array of subjects from Russian history, to the moon landings. Perhaps he was busy doing something else at university, who knows?
“The whole thing seems insane to me”
‘https://www.documentcloud.org/documents/23700972-2023-03-08-dominion-reply-brief_redacted-public
ResearcherZero • March 11, 2023 3:33 AM
“You probably can make a smartphone in Russia with Chinese parts, but it’s not very efficient,” ….“And why would anyone buy a Russian phone that is more expensive than Xiaomi?”
‘https://www.wired.com/story/russia-ncc-phone-android-sanctions/
So you could put nine cameras on the back, for taking photos of all kinds of things you don’t have while you are abroad, and the schematics of how to build them.
Winter • March 11, 2023 4:25 AM
@ResearcherZero
Why Many of Our Political Opponents Are Not That Evil
My personal experience is that Good-Bad is orthogonal to any political dimension.
Een econoom in de VK schreef:
“boeren hebben geen bedrijfsmodel, zij zijn een bedrijfsmodel”
Winter • March 11, 2023 4:27 AM
Sorry, that was a different discussion.
Winter • March 11, 2023 8:20 AM
@Clive
Do the farmers know?
I suppose they do. But like most victims of oppression or exploitation, they first blame bystanders.
Context, we have regional elections and farmers protest massive against the environmental laws they broke for a decade.[1]
Point is, farming in the Netherlands is quite profitable for everyone but the farmers. Farmers are ruthlessly exploited by banks, animal feed and agroindustrial giants, and supermarkets. They generally run at near bankruptcy income.
So they blame nature reserves and European environmental laws for their plight. Because 3/4 of meat is exported into the EU, that route of protest is closed. Without EU export, most farmers would have to close shop anyway. So the farmers want to get rid of nature. Or simply deny there is an environmental problem, which is the same.
The answer is, the farmers know why they do not make money, but they deflect the anger to people who they think are a weaker opponent [2]
[1] The Netherlands imports massive amounts of animal feed, egg, soya and corn, to feed animals and exports the meat. The only thing that stays is the manure which destroys what little nature we have left.
[2] One politician argued during an interview that the problem was not too many pigs and cattle, but too many people. We should reduce the population of the Netherlands. And that we should seriously look at asylum seekers as the root problem.
Clive Robinson • March 11, 2023 10:00 AM
@ Winter,
Re : Politicians banging wrong drum.
“And that we should seriously look at asylum seekers as the root problem.”
Actually they are more likely to be the solution than the problem.
“Blaim johnny foreigner”
Is a familiar refrain come mantra that is the poloticians,
“… know why they do not make money, but they deflect the anger to people who they think are a weaker opponent”
The UK and Holland have historically been “importers of cheap labour” into what are “slums”. The fickle or feckless labour perishes, and the brighter labour prospers and moves out and in three maybe four generations is usually middle or upper middle class with professions and professional status (read “legaly protected” closed shops / guilds). So creating “a demand” for new labour to keep the cycle going.
Up untill the 1980’s most business had long, medium, and short term plans that involved building up capital to finance certain expected events, such as replacing tools, plant, buildings and similar.
However the Thatcher and Reagan monumental error of “free market” happenend. So not only did sensible legislation and regulation get removed, but “Next Quater only” thinking became de Jure, along with neo-con mantras of “Don’t leave money on the table”. Which gave rise to the mindless activities such as “off shoring” expertise to would be competitors and incurring long fragile supply lines, but worst of all massive debt that can not realistically be serviced sensibly.
In short we made Brazil, China, India and Russia what they are, and ourselves bankrupt in more ways than fiscally (just printing currency does not give rise to ability or skill in the work place, just hyper inflation and bank runs). now we are having to live with the consequences…
One of which is the near bankruptcy of the “Silicon Valley Bank” now in enforced receivership, from what is effectively a bank run caused by the Fed[1] policies. Not to disimilar to 2008 only SVB was not playing in dangerous or faux financial markets as far as we can tell from currently available news. Oh and the US Fed policy continues with another hiked interest rate yet again. It also clearly wants unemployment to rise by between two and four million before year end to bring wages down. Thus a double whammy for workers, hit by both inflation and enforced earning reduction.
What people are not mentioning is the last time around this nonsense eas tried inflation hit over 17% and at other times unemployment above 30% great if you hold real wealth assets and have liquidity for “fire-sale pricing”, bad if you only have fiscal assets or realy bad if you have no assets at all.
So the “R-Word” is not being wispered as “may be”, or even “when” but now “This is the start of a global recession”, with people asking “How long?”, “How deep?” and worst of all “How many?” laid off…
But horror shock, some are using the “K-Word” and asking “When are we returning to Keynesian economics?” forgetting that Keynes rejected Say’s hypothesis of “Supply creates it’s own demand”. For the obvious reason if there is no “end demand” no matter how much supply you create at some finite point bankruptcy occurs so there is no supply created demand as supply has stopped. Hence “The Great Depression” as without the creation of supply, you have enforced “involuntary unemployment” thus no wages to fund demand, nor savings to fund supply development. The result stagnation, untill demand can occur again and the spiral slowely unwound.
So lets all gather around a brazier in Hooverville[2] and sing,
Happy days WILL be here again,
The skies above are drear again.
We just don’t how long to cheer again.
Happy days WILL be here again
(with appologies to the 1929 original).
[1] SVB eforced FDIC receivership, due to US FED policy,
https://www.theguardian.com/us-news/2023/mar/10/silicon-valley-bank-collapse-explainer
[2] What happened to those made home less or desperatly travelling to seek work,
https://en.wikipedia.org/wiki/Hooverville
The invention of the “Hobo Stove” predeceasedssor to the modern jet or down-draft stoves, that could cook with just twigs is attributed by some to Hooverville’s (of which there were many).
Frank Wilhoit • March 11, 2023 10:55 AM
@Clive, what the Fed is trying to do is not exactly to raise the unemployment rate, but to create a labor surplus. This is not quite the same thing, and, under today’s conditions, it is not possible; but they will try, using the methods that worked twenty or forty years ago. Those methods will not work, whereupon they will double down on them, again and again, until nothing remains.
JonKnowsNothing • March 11, 2023 1:41 PM
@Clive, SpaceLifeForm, MarkH, Winter, All
re: The Bank of Mom and Dad COVID Year Three: So on and so forth
As we move into the long holding pattern with SARS-CoV-2, and the probable rise of several different viral candidates that we will be contending with sooner or later, a look at the BoM&D figures might be useful.
The primary problem is nearly all reporting has ceased or will be ending soon. This is public reporting . Some back-end science reports will continue but public reporting is ending. Friday the Johns Hopkins COVID Tracker website, a hub of information 2019-2022 is closing down due to lack of incoming data. It isn’t that SARS-CoV-2 has gone away, it is that government funding has dried up. There are many reasons including the Official End of the Pandemic in the USA as declared by President Joe Biden. March 2023 will see the end of Masks, Vaccinations, Social Distancing requirements for those businesses that still follow those guidelines. Many businesses along with the population have already jettisoned these parameters.
So a few scope issues to consider with the following numbers.
Global daily deaths from COVID19 = 1,000 per day
1,000 daily deaths * 365 = 365,000 deaths per year
365,000 deaths per year * 5 years = 1,825,000 deaths 5 years
365,000 deaths per year * 10 years = 3,650,000 deaths 10 years
Using USA pensions as a baseline.
Low Pensions USA poverty guidelines.
1 person = $14,500 / year
$14,500 / 12 = $1208 / month
Medium Pension USA SSA already retired.
1 person = $24,000 / year
$24,000 / 12 = $2,000 / month
Max Pension USA SSA retired 2023+.
1 person = $43,200 / year
$43,200 / 12 = $3600 / month
If 100 % of deaths are older persons, when they die their pension stops. The amount saved varies by their Life Expectancy Table. Estimate @ 5 years of lost life.
Poverty Level = $14,500 / year
1,000 daily deaths * 365 = 365,000 deaths per year * $14,500 = $5,292,500,000
365,000 deaths per year * 5 years = 1,825,000 deaths 5 years * $14,500 = $26,462,500,000
Medium Level = $24,000 / year
1,000 daily deaths * 365 = 365,000 deaths per year * $24,000 = $8,760,000,000
365,000 deaths per year * 5 years = 1,825,000 deaths 5 years * $24,000 = $43,800,000,000
If 100 % of deaths are younger persons, they never collect their pension. The amount saved varies by their Life Expectancy Table. Estimate @ 10 years of lost life.
Max Pension 2023 = $43,200 / year
1,000 daily deaths * 365 = 365,000 deaths per year * $43,200 = $15,768,000,000
365,000 deaths per yr * 10 yrs = 3,650,000 deaths 10 yrs * $43,200 = $157,680,000,000
Weighted Average Expected Outcomes
If 100 % of deaths are older persons the pensions Not Paid will be
Expected savings per year
($5,292,500,000 + $8,760,000,000 ) /2 = $7,026,250,000
Expected savings for 5 years
($26,462,500,000 + $43,800,000,000 ) / 2 = $70,262,500,000 * 5 yrs = $351,312,500,000
If 100 % of deaths are younger persons, they never collect their pension. These are funds the government collected for their retirement but never has to pay out or return.
Expected no payout per year $15,768,000,000
Expect no payout over 10 years $157,680,000,000
Averaging the Older and Younger savings amounts
Annual savings from COVID deaths.
($7,026,250,000 avg older savings + $15,768,000,000 younger no payout) / 2 =
($22,794,250,000 / 2) = $11,397,125,000
Summary Estimated Value of On Going Deaths from COVID
Annual Savings $11,397,125,000
Savings over 5 years
$11,397,125,000 annual savings * 5 years = $56,985,625,000
Savings over 10 years
$11,397,125,000 annual savings * 10 years = $113,971,250,000
SpaceLifeForm • March 11, 2023 4:16 PM
@ JonKnowsNothing, Clive, Winter, MarkH, ALL
Re; Covid immunity
Interesting article about a genetic variant of the HLA gene.
I mention this because it would have been 3 years ago, that I pondered this question:
Are people getting infected easier because they had not had the common cold in past year or so?
It is interesting that in the last 3 years I have not had a common cold since I got vaxed with J and J, the only vax I have received. One time. Nothing since.
I have certainly been exposed by now. Maybe I have these genes, I do not know.
My uncle recently told me (discussing my mums death), that I have good genes. I am not sure why he told me that, but family history can be murky.
‘https://www.nbcnews.com/news/amp/rcna72885
Her team discovered a common genetic thread: a gene called HLA-B*15:01. People who have this HLA version were more than twice as likely to have an asymptomatic infection, Hollenbach found. That protection was increased by more than eight times if a person had two copies of the gene.
vas pup • March 11, 2023 4:28 PM
Will future computers run on human brain cells?
Breaking ground on new field of ‘organoid intelligence’
https://www.sciencedaily.com/releases/2023/02/230228075739.htm
“A “biocomputer” powered by human brain cells could be developed within our lifetime, according to Johns Hopkins University researchers who expect such technology to exponentially expand the capabilities of modern computing and create novel fields of
study.
“Computing and artificial intelligence have been driving the technology revolution but they are reaching a ceiling,” said Thomas Hartung, a professor of environmental health sciences at the Johns Hopkins Bloomberg School of Public Health and Whiting School of Engineering who is spearheading the work. “Biocomputing is an enormous effort of compacting computational power and increasing its efficiency to push past our current technological limits.”
For nearly two decades scientists have used tiny organoids, lab-grown tissue resembling fully grown organs, to experiment on kidneys, lungs, and other organs without resorting to human or animal testing. More recently Hartung and colleagues at Johns Hopkins have been working with brain organoids, orbs the size of a pen dot with neurons and other features that !!! promise to sustain basic functions like learning and remembering.
Computers that run on this “biological hardware” could in the next decade begin to alleviate energy-consumption demands of supercomputing that are becoming increasingly unsustainable, Hartung said. Even though computers process calculations involving numbers and data faster than humans, brains are much smarter in making complex logical decisions, like telling a dog from a cat.”
More details in the article/link.
vas pup • March 11, 2023 4:30 PM
@Clive. Thank you for your input https://www.schneier.com/blog/archives/2023/03/friday-squid-blogging-chinese-squid-fishing-in-the-southeast-pacific.html/#comment-419242
vas pup • March 11, 2023 5:07 PM
What’s so exciting about Mars?
https://www.dw.com/en/why-are-researchers-so-excited-about-mars/video-64952218
2 min good video
JonKnowsNothing • March 11, 2023 7:50 PM
@SpaceLifeForm, All
re: COVID and a gene called HLA-B*15:01
There is this study of
It’s somewhat of a rare protein receptor that only shows up when someone is seriously ill. It’s not floating about in normal circumstances. LLRC15 can effectively gum up the FSpike. Part of the study description was how they discovered it and isolated it.
I wonder if these are related?
===
Fibroblast-expressed LRRC15 is a receptor for SARS-CoV-2 spike and controls antiviral and antifibrotic transcriptional programs
LRRC15 is a novel SARS-CoV-2 spike-binding receptor that can help control viral load and regulate antiviral and antifibrotic transcriptional programs in the context of COVID-19 infection.
ht tps://journals.plos.o r g/plosbiology/article?id=10.1371/journal.pbio.3001967
(url factured)
SpaceLifeForm • March 11, 2023 8:42 PM
@ Clive, Bruce, ALL
Re: Physical metal keys
This is bizarro land. Read.
It was a few years ago, that someone took the wrong car. Same model, same color, same parking lot.
A 1 in 10,000 chance on the key. Then multiply that with the chance of same model, same color, and same parking lot.
Well, it has happened again, and no metal key was involved.
Both people wrre able to unlock each others cars.
And that was how they were able to communicate to each other and get the cars exchanged.
Paper metadata.
‘https://globalnews.ca/news/9541040/bc-tesla-driving-wrong-car-app/
the other Tesla driver told him he was able to get his number because he had printed out a document, which was in his car and it had his phone number on it.
Nick Levinson • March 11, 2023 11:41 PM
@Frankly, @ResearcherZero, @SpaceLifeForm, @vas pup, & @lurker:
@Frankly:
What beyond PII you have to keep secret to protect an identity will vary from case to case, and often you can’t just protect everything, so you have to select carefully and then not forget what exactly you selected to protect.
The FBI caught someone because, while their IT security was very good, it hadn’t in the past been as good, and the past had a clue.
@ResearcherZero (more below):
Auditing’s utility is evident in a (happy part of the) history of Schindler’s list. A Jew working for him wrote convincing reports for the Nazis about their productivity. But by the end of WWII Schindler had produced only half a train carload of anything. I thus presume the Nazis didn’t audit, despite knowing that his workers were Jewish and he wasn’t having them killed (a Jewish hospital in Berlin was required to have a number killed at intervals but I don’t think a Nazi even asked Schindler to do that, and he may have had more Jews than the hospital did). Without auditing, problems likely remain and multiply.
Someone who ran an organization was caught having stolen when the organization was routinely audited.
@SpaceLifeForm:
Insurance to supplement FDIC insurance, for higher balances and for accounts (if any) not covered by FDIC, may suddenly look attractive to many companies. I assume most of the large-balance SVB customers didn’t have it, because most banks looked very solid. Premiums will raise business costs but probably not by much, since most banks likely are well run and therefore the insurance shouldn’t cost much. It will also encourage customers to move their main balances to better-known banks, concentrating banking business, although not by much, given access to loans and physical convenience of other competitors.
Cars and keys: Since I don’t drive, I didn’t wonder about a story told on Car Talk (NPR (radio)), but I should have. Someone drove a wrong car off a lot, the one whose car was thus taken was calling, and the radio host hypothesized what happened: an easy innocent mistake (e.g., many rentals are red sports models) and the caller has “lousy taste in music”, so the car was quickly returned. The Car Talk hosts had their own repair garage and hinted they’d made the same mistake and added a system to prevent it. But now I wonder how an innocent thief could start the wrong car. One doesn’t usually jump the ignition on one’s own car.
@ResearcherZero & @vas pup:
The New Yorker reportedly found that Ron DeSantis was described by former law classmates as so smart that he couldn’t be plagiarized from because a professor would detect the plagiary. That’s not a comment on his politics, just on his intelligence and on its constraining other students’ ability to plagiarize.
@lurker:
Sale at a loss may have had to do with the value at which an asset was carried on the holder’s (bank’s) books. I understand that only some should be revalued periodically while others should not be revalued but kept at acquisition value until sold. I forgot the rationale for which is which and I forgot where I read this.
Clive Robinson • March 12, 2023 1:16 AM
@ JonKnowsNothing, SpaceLifeForm, Winter,
Re : Adenovirus knowledge.
Back in 1999 a paper was published in the Journal of General Medicine,
https://pubmed.ncbi.nlm.nih.gov/10738553/
If I’d known about it at the time I had to make my choice, on C19 vaccine it would have made things considerably more difficult.
(Note the “cited by” papers, it might give a little insight as to potentially where things are going).
Admittedly I don’t have long furry ears and “eat my own 541t” like rabbits do but I would have been more cautious, than I was…
As I’ve mentioned within three weeks of having had my “second shot” (having deliberatly spaced them as far appart in time as the then available science suggested was optimal) I was admitted to hospital with less than 5% heart output and a blood clot the size of my thumbnail in my heart and other heart related issues. At the time the cardiologists put me back on the “Rat Poison”(Warfarin) and took me off of Riveroxoban saying that “it was possibly the cause”[1]
Since then I’ve been refused C19 booster shots without a letter from my “General Practitioner”(GP). Having had three seperate GP’s in three different “practices” since then in a little over a year and a half, a letter has not been forth comming, though “flu jabs” have been offered and given.
Now there is neither choice or booster for me in England… So the chances are if I get C19 the outcome will not be good at all…
Oh and since the flu jab, I appear to have aquired another autoimmune issue this time in my feet, where the joints at the ball of the foot are swollen and sufficiently tender that they are not weight bearing in bare feet or flat soled footware[2].
[1] I’d been put on Riveroxaban originally because of “a turf war” between the health service providers where I live and INR testing. I was apparently a round peg not fitting in their square hole view of the world, and unlike others I got fairly vocal then militant so was viewed as a thorn in the paw.
Oh and surprise surprise Riveroxaban and related drugs are not the “wonder drugs” they were painted as by BigPhama, lots of issues have been flaged up with them by “post-marketing surveillance” that the effectively defective drug testing methodology used did not pull up. My advice for the little it’s worth is,
“If any of them get mentioned to you, go look them up”
Especially if your body profile is not “average European” it will make you better informed than probably your prescriber, and might just save you from a quite premature death…
[2] To my anoyance — being taller than most and having larger feet than most to start off with– I’ve also gone up a couple of sizes in width… So effectively beyond what is “normally available shoe sizing”. The temporary solution currently is to effectively “bind my feet” to push the soft tissue swelling down, then get in slightly more than normal raised heal strong walking-boot footware and keep tightly laced. Then move around slowly for an hour or so untill the pain subsides, and the ability to use a low level flight of stairs becomes just possible (but not sensible)…
As you can imagine it kind of puts a “gimp in my day”… But does alow me to get out for Hospital visits etc for “Tests” (if some one suggests removing fluid from your big toe joint for testing, ask for a smack round the back of the head with a brick first, it might make the experience easier and more pleasent…).
Clive Robinson • March 12, 2023 3:15 AM
@ SpaceLifeForm,
Re : Birthday Paradox.
When you say,
“A 1 in 10,000 chance on the key.”
Do you mean their are 10,000 posible key profiles?
If so you need to consider two things,
1, Many key profiles are not cut due to mechanical issues.
2, The birthday paradox.
So as a rough guestimate the actual number of key profiles in use would be around a half the total (sometimes less).
Then you have to apply the birthday paradox, or more properly the “birthday attack” which often gets crudely aproximated to “halve the number of bits”
So whilst we don’t know the actual number of key profiles in use, you could go with 4096 or 8192 as a range (ie 2^12 to 2^13).
Which gives a range of 64-90 same model cars in the carpark for ~50% chance of having two sets of keys having the same profile…
Which is actually quite small…
As for colour etc there is the old Model T joke to consider,
“You can have it in any color you want as long as it’s black”.
The simple fact is more than a century later the joke is little changed,
“Vans are white, sports cars red, and family cars dull, and if you see a yellow Mini scream “yellow mini” and optionally hit the person next to you.”
iAPX • March 12, 2023 8:07 AM
@Clive
Thanks for your testimony, I have some problems on my side, won’t elaborate but 3 of those are deadly on the long-run. My beloved one have a rare condition.
So I took a lot of time to learn about our health, our sicknesses and also our drugs, side-effects, how to recreate a compatible healthy diet, and naturally vaccines because they are part of our ammunitions to defend ourselves.
And there’s a parallel with hacking and IT security: opportunism.
A healthy IT system will endure a lot before being abused.
Introduce few weaknesses, here and there, and this same IT system will go on his knees incredibly faster, and worse, the security team will lost time and money to defend against the same threat that were benign if the system were healthy.
At the end of the day, my comprehension of IT security and my health are helping each other, and in both case I try to mitigate problems the best way I can.
Clive Robinson • March 12, 2023 11:13 AM
@ iAPX,
“in both case I try to mitigate problems the best way I can.”
As I get older I’ve found in life, that there are very few “cures or solutions” just “mitigations till the next “entropy event” happens.
Worse with hindsight, every mitigation appears to sow the seeds for the next entropy event.
I’ve learnt many things the hardway, by hqving to chip away at the rockface. Not the easy way of class, books, and the distilled knowledge they contain. There is a lot I would give to be able to tell my younger self the leasons the easy way…
One hard lesson I’ve had to learn is that the ICT industry, especially the ICTsec section of it rarely if ever records it’s history, almost never distills out the hardwon knowledge, and is almost always finding new ways to repeat past mistakes just a very short time later.
Why we do this to ourselves I realy don’t know, in times not so long past much of life changed when knolwedge in the Victorian and Edwardian era’s took us from artisanal hand crafts and agrarian lifestyles to science, engineering, industry and the near banshment of the darkness and the growth of transportation, cities and medicine giving us a freedom that was unimaginable.
When I was born the technology benifits society got, were from the military developing weapons to kill in horribly horific ways you would not wish to imagine.
Then an accident with a crystal with an unseen crack in it kicked of a revolution we all take for granted yet few have even the tiniest incling of how it works.
The Semiconductor indistry has changed not just the world but mankind as well. We have spread industrial across the globe, and agrarian as our great grandfathers understood it is almost gone.
One result as @Rouleauz triangles posted[1] is that as we become industrialised the cost of children rises, and you have to work longer before you have them to be able to afford them. So the birth rate drops as industrialisation takes a hold, so later and less children. A generation used to be every 15-20years with 4-7children now it’s 35-45 years and many couples are only having one child.
We are also living longer, in a few months I shall pass an odd goal post, in that I will be the oldest male member of our descended family tree, and by modern standards I’m by no means old.
As I grew up the “Three R’s” had only just stopped beong “beaten” into children with leather straps and ebony rods that could and did break bones, and children were nolonger beaten with them and had their hands broken for being left handed (as my father did)… For nearly all except the very rich the crucial life test was the “Eleven Plus Exam”(11+) that decided if you would be sent down the short brutal craft path and into work by 14 or into Grammar School to be taught the knowledge you would need to get to University to enter a Profession. I did not pass my 11+ because the head of the school claimed I had cheated and draged me out of the exam. Actually it was the other way around another boy was trying to copy off of me, but the head hated my mother (she used to be his boss and found him not to be suitable for promotion several times, he only got promotion after my mother left to have children, I later found him to be a thief so I guess my mother was right).
So I was destined for some dead end job at best. Then the Government changed the way education worked, they decided that Grammar Schools were a bad idea, and set about making the education of all children wider in scope and two years longer and “streaming” via the 11+ was officially stopped. So I did much better than some had plans for, and I ended up going to technical college where I did rather well, and should have gone on to be one of the less than 10% to go to University I certainly had the required grades. Unfortunatly I was an orphan and owned half a house, and thus was barred from grants by my local authority which in turn ment I was denied a University place…
So I went into work and soon knew the value of learning by self education[2]…
The problem we realy have is “short term thinking managment” who have worked out that if they cut wages they can force women to stay in work at low pay rates as it’s the only way a family can meet the costs of education etc. So we have the modern phenomenon of the “One Child per Couple” which has done oh so much harm to China and now the First World and now the Second World as they start to industrialise.
We talk about how mankind will run out of food, fuel and many other things. But you don’t hear about “runing out of knowledge”. The simple fact is unlike food and fuel, mankinds survival critically depends on knowledge. With knowledge we can find ways to move beyond “the way we did things”. You can see this in food production, first with the replacment of horses with steam, steam with petrol then diesel and now renewable energy. Farm labour is virtually all gone and has in effect migrated into the servicing, manufacture and design of the near robots that has replaced farm labour. The loosers mainly being the horses, with the moved man power leading different, way less brutish and longer life styles and times.
So why does the ICT industry and particular the ICTsec not learn from it’s history?
The honest answer is senior managment do not want them to, and actively discorage it…
A knowledgeable workforce has always been a very real and ever present danger to certain types who rise up in managment, in the same way a tyrant, despot or dictator knows an educated civilian population is a threat to them.
Such people would happily destroy mankind tommorow as long as they have status, power and unlimited control today…
Call it “self serving” to ensure the rise of knowledge and learning from history, because none of us are getting any yonger and someone has to provide pensions etc to todays workers who become retirees tomorrow. So it is, if you think about it, the first duty of every citizen, loyal to mankind and society, to ensure that they have children, and that all the children are well educated (and those that get in the way of that should have status, power and control removed from them both quickly and permanently).
But according to those who crave status, power and unlimited control for their own ends… That viewpoint makes me some kind of “Evil Socialist” 😉
[1] @Rouleauz triangles post,
[2] I later entered Uni as a mature self funded student on a Master of Science in InfoSys Design and started moving over to do a real PhD[3]. Then I was attacked one Thursday morning on my way to work and my head was Karate Kicked into a metal sign post by what appears to have been a police “Confidential Informant”… So another “set-back” on my personal road of learning…
[3] I say “real PhD” as I already had a DD I’d got from a US let’s be polite and call it an “educational organisation” that did not exactly teach… Unsurprisingly it got “cleaned up” when the US Gov discovered just how many of Gov employees had got promotions and pay rises by using it (for pay the money, submit a thesis, get an award, collect higher pay grade…) It’s a model a lot of once very reputable Uni’s have drifted into as they have turned themselves into “hedge funds” (and no doubt will soon regret it as the recession realy starts to bite).
JonKnowsNothing • March 12, 2023 1:12 PM
All
re: Not all rows are oared
An interesting guffaw or coffee snortz story:
The US FBI turned over a Spread Sheet listing of evidence as required to the Defense. It’s an important list of evidence and information used in a prominent Dec37 Trial.
It also contains messages and comments by and between FBI agents that the FBI did not want disclosed. About 1,000 hidden rows, not meant to be seen by anyone other than the FBI, got sent to the Defense.
Some of the exchanges are snortz worthy.
It appears [some of our] Jencks production may include a spill of classified information
U.S. attorney Jocelyn Ballantine [ overseeing the case ]
Spill: a new definition of Own Goal.
===
Jan. 6 seditious conspiracy comes into focus at Proud Boys trial as classified ‘spill’ roils proceedings
by Brandi Buchman (new journalist at EW)
ht tps://www.emptywheel.n et/2023/03/10/jan-6-seditious-conspiracy-comes-into-focus-at-proud-boys-trial-as-classified-spill-roils-proceedings/
(url fractured)
modem phonemes • March 12, 2023 1:34 PM
Naive musings
This story from February 2023 about AI assisted controlled fusion was widely repeated in the media but there doesn’t seem to be much since:
Elliott Montroll in
https://www.ams.org/journals/bull/1987-16-01/S0273-0979-1987-15462-0/S0273-0979-1987-15462-0.pdf
said regarding fusion that there were too many parameters –
“ … magnetically confined fusion seems even further away than it did in 1951. What has happened? Why has this branch of physics failed to live up to expectations?
I contend that the magnetically confined fusion program has fallen victim to the tyranny of many dimensionless constants. The great engineering successes of the past have involved processes which could, to a first approximation, be characterized by a small number of dimensionless constants. “
AI llke ChatGPT use millions of parameters. Could this model be adapted to the controlled fusion problem ?
modpho • March 12, 2023 2:00 PM
My previous post should have said February 2022 not 2023.
vas pup • March 12, 2023 5:14 PM
You may finds this article related very interesting
Maternal mortality: Pregnancy is ‘shockingly dangerous’
https://www.dw.com/en/maternal-mortality-pregnancy-is-shockingly-dangerous/a-64922346
Respectfully, vp
vas pup • March 12, 2023 5:48 PM
A Digital Artist Used AI To Show Us What Celebrities Might Look Like Decades From Now
https://www.yahoo.com/lifestyle/digital-artist-used-ai-show-041602318.html
Very good! I guess there are similar several forensic for the same purpose to find missing person/child.
My question: Is there any AI tool to do reverse image from old age photo to younger image? Can AI basically remove any enhancement: make up, post plastic surgery changes you name it?
I guess usage by LEAs of such application is obvious.
See this link related: The problems with TikTok’s controversial ‘beauty filters
https://www.bbc.com/future/article/20230301-the-problems-with-tiktoks-controversial-beauty-filters
SpaceLifeForm • March 12, 2023 7:28 PM
Dots.
New York, a while ago, just
shut down Signature Bank.
The dots between SVB, NSO, and Signature Bamk loom large.
The Level3 networking issues are probably related.
ResearcherZero • March 12, 2023 8:53 PM
Modelling Insect Brains
‘https://www.abc.net.au/news/2023-03-13/flinders-university-scientists-use-insect-biology-to-build-robot/102080380
–
When Mr Dominello declined to attend an awards dinner hosted by ClubsNSW, a furious Nationals leader John Barilaro texted him.
“You are seriously a deadset dick …” the message read.
“What about just looking after your stakeholders. Like ClubsNSW …
“Do your f***en job.”
‘https://www.abc.net.au/news/2023-03-13/victor-dominello-speaks-out-on-power-of-gambling-lobby-clubsnsw/102072788
‘https://www.crimecommission.nsw.gov.au/final-islington-report.pdf
‘https://www.crimecommission.nsw.gov.au/files/project-islington-report-inquiry-into-money-laundering-via-electronic-gaming-machines-in-hotels-and-clubs.pdf
Barilaro had sought support to apply for the recently vacated chief executive position of embattled lobby group ClubsNSW.
‘https://www.smh.com.au/national/nsw/bushfire-grants-report-sent-to-corruption-watchdog-20230203-p5chtm.html
Stolz, who has oesophagus and bone cancer, was being pursued by the lobby group for breach of confidentiality and criminal contempt over the alleged leak of a series of documents exposing a lack of compliance with anti-money laundering laws in the sector.
‘https://www.theguardian.com/australia-news/2023/feb/07/clubsnsw-settles-case-with-terminally-ill-whistleblower-troy-stolz
ResearcherZero • March 12, 2023 9:56 PM
In late 2014 Scott Morrison had just been moved from immigration to social services minister, after prosecuting the Coalition’s Operation Sovereign Borders agenda. As Morrison would later tell the media – and much later the royal commission – he intended to bring the same enforcement zeal to his new portfolio.
Two mothers, Jennifer Miller and Kathleen Madgwick, told how their young sons had taken their own lives while dealing with the robodebt system, including one who was hounded over an unlawful debt of $17,000.
The commissioner, the former Queensland supreme court chief justice Catherine Holmes SC, will have to consider whether senior public servants from two departments knowingly implemented an unlawful program targeting hundreds of thousands of people, including some of the most vulnerable in the country – and if so, whether they did so by collusion or because one department deceived another.
She will need to evaluate the role – if any – of implied pressure by ministers, and the possibility of a public service cover-up to protect the reputations of those initially involved. Reckless indifference is a key feature of the civil tort of misfeasance in public office.
‘https://www.theguardian.com/australia-news/2023/mar/11/robodebt-five-years-of-lies-mistakes-and-failures-that-caused-a-18bn-scandal
“The government is not considering any proposal to commence online compliance for vulnerable Australians.”
The department estimates about $430m would be raised from those aged 65 and over. If the scheme is expanded, 240,000 older Australians, 40,000 people in remote areas (50% of whom are Indigenous) and 70,000 others considered vulnerable by Centrelink would be subject to the debt recovery program, the documents show.
‘https://www.theguardian.com/australia-news/2019/aug/23/robodebt-target-pensioners-sensitive-groups-leaked-documents
ResearcherZero • March 12, 2023 11:18 PM
Cut me legs off and call me Shorty!
‘https://www.ags.gov.au/publications/news/misfeasance-public-office-explored-new-express-law
“with reckless indifference or deliberate blindness” – A very, very high bar.
‘https://www.mondaq.com/australia/constitutional-administrative-law/980146/federal-court-confirms-high-bar-for-misfeasance-in-public-office
Lawyers for the former prime minister argue his reputation could be damaged if the confidential papers are kept under wraps.
‘https://thenewdaily.com.au/news/politics/australian-politics/2022/12/06/scott-morrison-robodebt-secret/
The Morrison government is fighting to keep under wraps documents that a former public servant says could show “what went wrong” with Centrelink’s botched robodebt program.
‘https://www.theguardian.com/australia-news/2021/jun/23/robodebt-government-fights-to-keep-secret-documents-that-may-show-what-went-wrong
“Citizens are, as the saying goes, like mushrooms: to be kept in the dark and fed bulls***.”
https://www.themonthly.com.au/issue/2021/february/1612098000/nick-feik/scandals-he-walks-past
JonKnowsNothing • March 12, 2023 11:33 PM
@SpaceLifeForm, All
re: The Level3 networking issues
What issues are you referring to? Level 3 as the internet backbone for the USA or Level 3 as the fiber optic large scale rollout construction project company?
They are separate areas inside Level 3.
I would guess the first is safe, as it’s mostly funded by the 3Ls so they can have their mega-groping routers on the backbone funneling data to Bluffdale.
I would guess it’s the construction part of the company. “Not a lot of Meat Left on that Bone”. Lots of cities got tired of their Downtowns being constantly torn up so that new fiber lines could be laid in the trench. (1)
===
1) I recently read the phrase “Meat on the Bone” being used to describe projects or configurations that had room to squeeze more money for profit the developers-builders
MarkH • March 12, 2023 11:53 PM
@SpaceLifeForm:
Earlier today I skimmed an article from an investment/trading rag which listed two “top tens” — the 10 banks with the most exposure in each of two categories related to the fall of Silicon Valley Bank.
The author was careful to say that these exposures don’t foretell the failure of the 20 listed banks … I don’t recall whether Signature was one of them. [The site has a nasty paywall, I can’t even look at the article again.]
ThreeRs • March 13, 2023 12:35 AM
@JonKnowsNothing
re: row hiding
It sure says a lot about thoroughness and professional approach to work when hidden rows are left in a workbook that is passed on that way, in that circumstance, not to mention putting those comments in the workbook in the first place. Sheesh.
Saw this earlier at “Web3 is Going Just Great” site, where a hidden row was used maliciously:
‘https://web3isgoinggreat.com/?id=peopledao-loses-120000-after-payment-spreadsheet-is-shared-publicly
MarkH • March 13, 2023 12:37 AM
@SpaceLifeForm:
I’ve read that SVB was the 16th largest bank in the U.S.; Signature would have been around number 40.
I can understand ignorant people falling for the Ponzi / pyramid fraud of cryptocurrency.
What excuse do banks have?
MarkH • March 13, 2023 12:53 AM
@SpaceLifeForm:
I just now read that in Friday stock trading, shares in 3 banks were deeply discounted due to investor anxiety:
First Republic, PacWest, and Signature Bank
SpaceLifeForm • March 13, 2023 3:51 AM
Talk about a Fire Sale.
One whole Pound.
Note: this is the UK edition, not US edition.
It really smells of coverup.
‘https://www.reuters.com/markets/deals/hsbc-says-it-has-acquired-silicon-valley-bank-uk-2023-03-13/
HSBC (HSBA.L) said on Monday it is acquiring the UK subsidiary of stricken Silicon Valley Bank for 1 pound, rescuing a key lender for technology start-ups in Britain.
“This acquisition makes excellent strategic sense for our business in the UK,” HSBC CEO Noel Quinn said in a statement.
Winter • March 13, 2023 6:25 AM
@SLF
Talk about a Fire Sale.
One whole Pound.
I am more interested in the debt HSBC will have to service. They claim none. It is clear from the report that this “sale” was ordered by the Bank of England.
JonKnowsNothing • March 13, 2023 7:15 AM
@SpaceLifeForm, MarkH, Winter, All
re: bank mutual support system
Banks come and go. Within the structure of the Banking System, there are various methods of dealing with bank failures or potential bank failures.
Banks can fail because they do not generate enough revenue from Their use of Your Deposits to fund Construction Projects, Loans for Operating Cash Flows and a other methods of using your funds.
Your salary and savings deposited at a Bank are used by the Bank to make a profit for the Bank. In the USA an individual has a guarantee by the Federal Deposit Insurance Corporation that some of these monies will not be “lost” should the bank fail. Monies above the ceiling are not covered by the FDIC insurance.
The Bank takes your money and other monies and make loans to other people. The kind of loans made depends on the type of bank. Consumer banks make house loans, car loans. Other types of banks make Big Business Loans so businesses can buy up “twits”. Farmer’s Banks make loans to to farmers so they can cover their yearly farming expenses.
The amount of money actually in a bank at any one time is Very Little. Money in a bank is only the amount they need for their average daily needs. Every day they do an analysis of their cash position. In the USA, the Banks borrow or store money in the Federal Reserve System. Every day the banks determine how much they need for that day and any surplus goes to the Federal Reserve.
The Federal Reserve loans these funds to other banks. Banks pay the Federal Reserve interest on those loans. This is one of the indices W$ worries about.
So a few items to consider
===
Search Terms
Federal Deposit Insurance Corporation
Clive Robinson • March 13, 2023 7:20 AM
@ SpaceLifeForm, JonKnowsNothing, Winter,
Re : More Monkey business.
The tax dollars from the past couple of years were obviously burning a hole in somebodies pocket,
https://www.reuters.com/markets/deals/pfizer-buy-seagen-deal-valued-43-billion-2023-03-13/
So I guess the gain of function will be more than expected…
Winter • March 13, 2023 8:35 AM
@Jon
The Bank takes your money and other monies and make loans to other people.
Banks are inherently unstable. They borrow short term money, your salary, and loan it out long term, your mortgage.
The public can withdraw their monyat any time, but the bank cannot call back it’s loans. So there is no “secure” bank.
Banks are necessary, so the country has to back them one way or another.
Canis familiaris • March 13, 2023 9:58 AM
Banks don’t need deposits to finance loans. That way of banking vanished a long, long time ago, if it ever existed.
Banks actually create money out of thin air whenever they loan money, which is a good trick, and why they are ‘regulated’, as only the ‘right kind of people’ are allowed to do that.
There are requirements to hold a small float of liquid funding to allow a proportion of the bank’s depositors to withdraw some of their deposits, but it certainly is not 100% coverage, or even 10%. The banks have a collective agreement to bail-out a bank that finds more people want to withdraw their deposits than they have liquid assets to cover. It’s bad form to need this.
The loans that a bank makes, through a process of magic-mixing are packaged up into financial instruments called bonds that are sold on the money markets as things that provide an income. The bank charges more interest (on average) on its loans than it pays (on average) on its bonds – the difference being where they make their profit and cover their running costs. You need very little money to set up a bank that can loan out a huge amount of money. In fact, banks really don’t like small depositors, as there are all sorts of regulations to protect them, and interfere with the business of making money out of thin air.
The bonds have all sorts of different attributes which appeal to buyers, and the magic-mixing allows different levels of risk to be blended and hidden. Regulations are there to attempt to prevent outright fraud, but are always in catch-up mode.
The ‘lies to children’ about banking obfuscate the real story: they are licensed by governments to create money from nothing, and make a lot of money doing so. If they get too greedy, they fail, and ordinary folk pay. The financial system is optimized to give the greatest rewards to those who take the greatest risks, and bankers have infinite funding to gamble with.
Clive Robinson • March 13, 2023 10:43 AM
@ SpaceLifeForm, JonKnowsNothing, Winter,
Re : SVB sold to HSBC
“It really smells of coverup.”
Or,
“Running Scared”
We have started down the slipper slope of a global recession even though employment is the highest it’s been in the US since before Ronnie Reagan coughed into a microphone his little joke about nuking the ruskies.
Money is now bying about 80% or less of the basic necessary goods it did this time last year (there are jokes about the “Dollar Store” has rebranded to “Buck-n-Half land”). But for most on the lower socio-economic rungs of the ladder their income has not gone up at all though their rents and all sorts of other outgoings have…
Oh and their employers expectations of increased hours of service unpaid without benift etc have gone up… Hence the increase in the status gap, and springing up of food pantries/banks all over even in quite affluent areas.
People are thus looking to either get the money out in cash or start buying assets that won’t depreciate as quickly, or just stock up on non perishable food or “paying ahead” on utilities now they are rocketing up.
That’s money the banks are not getting interest free from all those who had excess in their current accounts. Worse even companies are “drawing out” any spare and converting it into assets etc.
Back a few years ago there was a Bank called “Northern Rock” you might want to look it up. Some in the US Fed and Government still blaim it for the Financial crisis because it had a “bank run”…
Whilst the 2006-2009 US financial crisis started in the US Sub-prime housing market, and kind of ended in Feb 2009 just over a month after the “American Recovery and Reinvestment Act”(ARRA) of 2009, which gave payroll tax credit that fed the end of the supply chain thus increased demand (Keynesian “demand increases supply thus economic activity”). So saw economic indicators reverse and stabilize.
The Fed and various US Goverment agencies argued that the sub-prime had effectively been contained within the US Finance industry, but it was the very public run on the UK Nortern Rock Bank that caused the US public etc to start behaving in a way that brought US Financial institutions down. Of course it would be impolite of me to point out that the Fed and US Agencies with this view are the ones that removed the regulations preventing the activities and then looked the other way… to the build up of several massive bubbles of which what we now call US SubPrime was the first to burst as “doddgy discounts” expired and defaults rose significantly, thus causing a snowball effect.
You can see the time line though those that have been editing it have tried to hide away much of ehat actually went on,
https://en.m.wikipedia.org/wiki/Financial_crisis_of_2007–2008
I’m not saying the same thing could happen again, after all the US housing bubble is not what it was, but much else is however the same…
Trinidad • March 13, 2023 11:56 AM
there are jokes about the “Dollar Store” has rebranded to “Buck-n-Half land”
Jokes? Dollar Tree raised prices to $1.25 in 2021 (1.5 CAD in Canadian stores). The states of Vermont and Ohio have sued Dollar General for deceptive pricing. The store called “99 Cents Only” raised prices to 99.99 cents in 2007, and apparently has items as high as 299 cents now.
modem phonemes • March 13, 2023 1:03 PM
@ Clive Robinson @ SpaceLifeForm @ JonKnowsNothing, @ Winter
Re: I’m a-fraud you put all your eggs one sub-prime basket
The Wiki entry on Professor William Black has a nice summary of the 2008 global party and links to more detailed articles.
https://en.m.wikipedia.org/wiki/William_K._Black
Professor David Luenberger’s book “Investment Science” has a quite readable account of the CMO/CDO (collateralized mortgage/debt obligations) financial derivatives involved.
Michael Lewis’s book “The Big Short” has some vivid accounts of 2008 day by day on Main Street and Wall Street.
Order of the Day: Have had moved on before the music stops (and it is observed there are no chairs).
JonKnowsNothing • March 13, 2023 1:04 PM
@Trinidad, Clive, All
re:
@C: There are jokes about the “Dollar Store” has rebranded to “Buck-n-Half land”
@T: Jokes? Dollar Tree raised prices to $1.25 in 2021 (1.5 CAD in Canadian stores).
iirc(badly) At the time the $Store upped their price .25USD cents, the business reports indicated that during the lockdowns, the company had made substantial profits, albeit lower than pre-lockdown. Once lockdowns ended, the company was expected to return to their higher level of profit.
The CEO of the company decided to raise the price .25USD cents in order to “recover his lost profit” from the few years of lockdown of about $250M USD.
The price increase was not due to the increase cost of goods, services or transport.
JonKnowsNothing • March 13, 2023 1:27 PM
@ modem phonemes, @ Clive, @ SpaceLifeForm, @ Winter, All
re: US financial crisis started in the US Sub-prime housing market
fwiw: This problem has not ended. The 2008 rot is still sitting On The Books and waiting to explode again. The issue gets deferred because “no one will take a hair cut”.
There’s a lot written about the situation, most from the 10,000 foot view. On the ground it looks a bit different and the fallout is still active.
Much of the bad debt was purchased by global banks; the interest rate was juicy and the bundled debt packs had Good and Bad loans in them. Banks deal with bad loans all the time, the Repo Industry is based on Bad Loans and reselling the reclaimed assets.
A huge percentage of these loans were acquired by German banks. Desperate countries with unstable or even stable economies were sold these loans because the interest on the loans helped them:
a) bail out current funding
b) invest in huge infrastructure projects adored by global banking
c) those same infrastructure cost overruns needed more funding
d) see Infinite Loop
It works until the system cannot sustain the costs of Interest Only payments. Once those reach some point of ( N times their GDP ), default happens. Countries run out of bandwidth just like running out of memory in an infinite loop.
So the defaults roll up the pipeline and land in the laps of the main sellers. In this case it was the German Banks, the default was in Greece. There was a revolution over it. Middle and Upper Income Brackets collapsed and the whole economy tanked. Much has been written about what happened and what didn’t happen.
So what didn’t happen is the debt being written off aka A Hair Cut. The same as Student Debt, Medical Debt, Credit Card Debit, Housing Debt. No one will take a haircut.
Greece ended up taking out more loans to pay the Interest Only loans to German Banks. Those loans came due not too long ago and the German Banks floated the Greeks another loan. At some point this cycle will fail. Right now German Banks are being propped up by Greece until the next collapse point.
So, the 2008 US Crisis Explosion is hiding in Greece, financed by German Banks.
JonKnowsNothing • March 13, 2023 1:53 PM
@ modem phonemes, @ Clive, @ SpaceLifeForm, @ Winter, All
re: US financial crisis started in the US Sub-prime housing market
Footnote 1: Reselling the same horse.
This is a favorite activity of Horse Trainers and Horse Traders. There’s a long fight about what, if any, difference there is between a “trainer” and a “trader”.
Essential any horse will work for this. Horses that are considered “pretty” are prime targets for this.
The T or T, gets the horse “ready for sale”, whether it’s 1day, 3days, or 3months.
In the USA, anyone can buy a horse, you don’t need to know anything at all about them. It’s like buying a car or a can of soup. If you have funds you buy it, even if you don’t like Split Pea Soup.
Horses, unlike canned soup, have their own survival techniques and when they come into contact with humans they have to use whatever techniques they can come up with just to get by. They have a limited arsenal but will use whatever they can. Hence humans devise all sorts of mechanics to defeat this response, nearly anything can be done to them by humans because horses are livestock aka property. There are some laws to prevent extreme human behavior but nothing really gets in the way on a practical day2day basis. Even Olympic Riders have been caught out using prohibited techniques at high levels, there’s no prohibition below that.
So if a human does not invest in KNOWLEDGE and learn about horses or how to ride and gets instruction from a reputable teacher (not necessarily one with a certificate) to LEARN TO RIDE, things go pear-shaped pretty fast.
The horse becomes unmanageable for that owner, and it goes back to the T or T to be sold and another horse purchased.
It’s a circular sale of the same horse, going from one owner to another to another to another. It doesn’t matter what kind of horse or what type of horse activity is involved, the cycle rolls on an on.
The T or T has no problem “fixing the horse”. Horses are after all fairly simple animals and once you understand the mechanics of what works and what doesn’t, you don’t need all those gimmicks to deal with them and get their minds sorted out.
That being said there are a couple of caveats:
1) Horses are powerful animals. Before cars, this is how people got killed. Dealing with a powerful animal that has developed a survival technique is not something for an amateur to take on. Amateurs are the reason the horse has a problem in the first place. Recovery sometimes requires a significant confrontation between that behavior and creating a better calmer behavior more conducive to the animal’s normal state. This can be very dangerous interaction.
2) Some horses are too badly damaged to have a successful recovery. There are few outlets for such horses who may not even be suited as a lawn ornament. In the USA there are almost no options for such horses.
modem phonemes • March 13, 2023 4:07 PM
@ JonKnowsNothing
Re: horses have minds of their own
A race horse breeder/trainer told me he once had a wonderful female horse that by bloodline and conformation should have been a runaway winner but would simply not race, not interested. Rather than trade off, he kept the horse. All her offspring were champions. She was not a racer but a great nurturer of racers.
Clive Robinson • March 13, 2023 5:19 PM
@ Bruce, the usual suspects and those who’s brains still function
New “collision attack” on RIPEMD-160
Titled,
“Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP”
https://eprint.iacr.org/2023/277.pdf
I’ve read it but I’m not going to even try to explain it whilst my brain still aches 😉
Clive Robinson • March 13, 2023 5:48 PM
@ SpaceLifeForm,
Re : Router mitigation not fix.
As you know some years back now routers had limited memory in which to store routing information. It became possible to attack them because of this.
Well a mitigation was put in place, but like all mitigations it was not a fix, therefore time and other factors have caught up…
Titled,
“Are large-scale prefix de-aggregation attacks possible?”
https://blog.apnic.net/2023/03/13/kirin-a-bgp-flooding-attack-feasibility/
It looks into a BGP flooding attack potential in the current much more “inter-connected” environment,
“Internet routers have finite Forwarding Information Base (FIB) and Routing Information Base (RIB) memory and may drop updates, close connections, or entirely crash upon exceeding their physical limitations. This observation has led to the introduction of de-aggregation attacks — an attack in which an Autonomous System (AS) introduces enough new routes into the routing ecosystem to exhaust the memory of (potentially random) target routers — more than a decade ago. As a countermeasure, networks often limit the maximum number of prefixes they may receive via each session.“
That was the mitigation, this is what’s changed
“With per-session prefix limits in place, an AS may need hundreds or thousands of sessions to originate critical numbers of prefixes. A decade or two ago, only a few ASes even had the infrastructure footprint to fulfil this requirement. Nowadays, there are over a thousand Internet Exchange Points (IXPs), each providing access to sessions with tens or hundreds of other networks. Attackers may connect to these IXPs virtually via BGP-enabled virtual machines or physically via a Layer-2 connectivity provider, allowing them to reach hundreds of IXPs after a short time without deploying additional hardware and at a low cost.”
The answer is,
“Based on our analyses, we assessed prefix de-aggregation attacks to be viable.”
And the answer to this you will see is still a mitigation not a fix…
JonKnowsNothing • March 13, 2023 5:49 PM
@modem phonemes
re: A smart trainer knows – most of the time
Horses are born with 100% of all knowledge they need to be to “Be A Horse”. Humans are not that fortunate. Horses get unfortunate “Human Treatments” because it is humans that decide “what the horse is going to do”. Horses have little say in the matter.
Your trainer was wise to realize that the horse didn’t fit in with what the human wanted from her, but she was quite suited for another purpose.
If you wander over to the Spanish Riding School website and check out their breeding program and sales program you can get a good idea of what a high end system looks for. There is nothing at all wrong with the foals for sale and sometimes they sell an older horse under saddle too. What you can see is the attempt for humans to understand why some horses do well with their program and some would rather not. The Piber Federal Stud Farm in Austria is one of the highest quality Stud Farms in the world. Every horse bred and born there has a truly Royal Horse Pedigree. Yet some horses would rather do something else and wisely the caretakers of the Spanish Riding School and Lipizzaners grant their request.
There is one aspect that cannot be ignored and that is Money. Money drives many poor outcomes for a horse. Horses are A Business. They can come with big price tags or small price tags, but it’s a business. A business rarely considers the outcome past the number of carrots on the check. (1)
===
1) Carrot Listing. Many sites with horses for sale do not list zeros or put a price on the horse. They use carrot icons as an indicator for how far to the left of the decimal point is their asking price.
Clive Robinson • March 13, 2023 6:22 PM
@ SpaceLifeForm, ALL,
Re : SVB demise and Palantir Founder.
I won’t make comment as some will know what my feelings are any time Peter Thiel’s name turns up as an instigator.
Just read,
https://www.washingtonexaminer.com/news/business/svb-collapse-peter-thiel-silicon-valley-
Clive Robinson • March 13, 2023 6:30 PM
@ JonKnowsNothing, ALL,
Re : RoboDebt meets triage.
Yet another quite deliberate use of computers to distance corrupt or worse decisions with the old,
“Computer says NO”
Argument. This time in US medical insurance,
https://www.statnews.com/2023/03/13/medicare-advantage-plans-denial-artificial-intelligence/
Some people need to be subjected to their own rules…
Clive Robinson • March 13, 2023 7:16 PM
@ ALL,
Is the cloud killing you?
When the notion of the cloud came about, I said caution was to be advised as security would be poor and noving supplier near impossible. Also it would only be effective for certain types of processing.
Then there was the loss of expertise and the fact that would put costs up… which it did.
Well some are now saying that the cloud is effectively bad news,
https://www.theregister.com/2023/03/13/ahrefs_on_prem_savings/
Whilst there still are some who will benifit from the cloud, increasing numbers will be better off moving “in house”.
This is not the first time we’ve been through this cycle, those old enough and creaky enough will remember “time-share” on IBM systems that eventually dwindled to “Pay Role” for small companies in the 1980’s and disapeared as the PC started getting legs into “server land” with the likes of Novel.
Will cloud, die out, no, and like all cyclic things it will wax and wayne with technology changes.
If you think about it the flip side of the cloud is via “Smart Devices” where “thin-client computing” went.
JonKnowsNothing • March 13, 2023 8:42 PM
@Clive, All
re: RoboDebt meets triage
I recently had a convo with a person in medical field on this topic. In the USA, For Profit medicine, which includes Non Profit medicine which does not mean No Profit, the medical staff is isolated from the costs of care and medications they prescribe for their patients.
It was a dreamland job, where the MDs would no longer have to deal with filthy lucre or paperwork and could go about their working life doing “medicine” and take home a healthy chunk of wages. Those below MD level, got the same dreamland promise but much less in the way of wages.
So, MDs don’t know the costs, they don’t know the rules of engagement, they don’t know how to help people navigate various medical situations like: Home Care, Home Aide, In Home Support all of which may mean different things depending on the insurance coverage. They only see a few items on their summary page when you go for an appointment.
The prominent ones are: Name, Sex, AGE.
Age is all they need to know that you are going to get cut off on the basis of “evidence based medicine”. Starting backwards from “everyone will die” (except Peter Thiel) and counting down.
The cut off age is Sixty Years Old. When you hit Sixty Five, things get tough. At Seventy you might still get something but at Eighty or Ninety your options go to Nil.
The conversation with the MD revolved around the cost of my own medication, which is $100,000 / year. I am on a charity program to fund that. Every year I have to reapply. The question was how long was it realistic to expect The Charity fund this cost in real terms. No one knows of course but we can speculate.
A potential treatment for my condition is $1,000,000. So $100,000 looks cheap to the AI statistical calcs by comparison.
The MD disclosed they have diabetes and the cost of their insulin is $800 per injector, of which they need several per month. Without it the MD will die. We had a good exchange about how Ely Lilly will be reducing the cost of the injector to $35. The other Big Pharmas are holding at $800.
Our chat continued to explore the impacts of the costs of Rx. A drug that had good profile for a patient was ordered. The patient went to the pharmacy to get the drug. The drug cost $100,000 per order. The patient called the MD who could only reply that if they patient couldn’t afford the drug, to tell the pharmacy and maybe the pharmacy could do something.
I told the MD that what this amounts to is:
The MD said that’s exactly what it is.
ResearcherZero • March 13, 2023 9:01 PM
‘https://www.bleepingcomputer.com/news/security/fortinet-new-fortios-bug-used-as-zero-day-to-attack-govt-networks/
–
The attackers put significant effort into the stability and persistence of their tooling. This allows their access to the network to persist through firmware updates and maintain a foothold on the network through the SonicWall Device.
To achieve this persistence, the malware checks for available firmware upgrades every 10 seconds. When an update becomes available, the malware copies the archived file for backup, unzips it, mounts it, and then copies the entire package of malicious files to it. The malware also adds a backdoor root user to the mounted file. Then, the malware rezips the file so it’s ready for installation.
The malware uses a bash script named ‘firewalld’ that executes a SQL command to steal credentials and execute other components, including the TinyShell backdoor.
‘https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall
maintenance release
‘https://blog.sonicwall.com/en-us/2023/03/new-sma-release-updates-openssl-library-includes-key-security-features/
–
from a previous attack:
“The security firm also said it had spotted an OpenSSL library file that had been modified in a way that could weaken the encryption used to protect communication on Pulse Secure systems. The modification breaks random number generation by using a value known to the attacker. The company said it doesn’t know enough about the origin of this file or the group(s) using it to provide more detail.”
‘https://www.theregister.com/2021/04/20/china_pulse_connect_secure_vpn/
‘https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755
ResearcherZero • March 13, 2023 9:27 PM
@JonKnowsNothing
According to the pitch, “the NHS uses Palantir Foundry to make better use of data to improve patients’ lives”
“Paige.AI, as well as to medical data brokers who pool the data — from doctor and hospital records, to insurance claims and prescriptions”
‘https://www.washingtonpost.com/national/health-science/who-owns-your-medical-data-most-likely-not-you/2018/11/23/28785efc-e77d-11e8-a939-9469f1166f9d_story.html
data pooling
‘https://www.forbes.com/sites/forbestechcouncil/2018/04/23/who-really-owns-your-health-data/
“We recommend a regulatory model with four signature features: (i) substantial protection for personal health data similar to the GDPR with transparent limits on how, when, and by whom patient data can be accessed, used, and transmitted; (ii) input from relevant stakeholders; (iii) interoperability; and (iv) greater research into a health-data service, rather than goods, model.”
‘https://pubmed.ncbi.nlm.nih.gov/34611493/
The contentious procurement of the UK health service’s £480 million ($580 million) Federated Data Platform (FDP) – which US spy-tech firm Palantir is tipped to win – has seen a new competitor enter the fray in the form of a UK consortium of vendors.
Voror Health Technologies, Eclipse and Black Pear are among consortium members promising to undercut the US bidder for the scheme
‘https://www.theregister.com/2023/02/28/nhs_fdp_consortium_bid/
It is possible the technology in Foundry, a proprietary system, may be interoperable without necessarily offering a level playing field to alternative suppliers hoping to replicate its dashboards.
‘https://www.theregister.com/2023/02/06/nhs_palantir_data_platform/
–
‘https://www.computerweekly.com/news/365531020/Investigatory-Powers-Act-Home-Office-proposes-rethink-of-safeguards-on-bulk-data-collection
“The report needs to be finalised by early April. Constraints related to the timetable for possible future legislation means that the time scale for comment must of necessity be short.”
‘https://www.daqc.co.uk/2023/02/09/investigatory-powers-act-review/
Briefing: UK’s Private Intelligence Industry
‘https://privacyinternational.org/sites/default/files/2022-05/PI-Briefing.pdf
ResearcherZero • March 13, 2023 9:30 PM
“It would be the biggest tax fraud in Australia’s history, definitely, there is no question. It would be the biggest tax fraud.”
‘https://www.abc.net.au/news/2023-03-13/lauren-cranston-found-guilty-over-105-m-tax-fraud/102089424
“If this was uncovered, if this was fully uncovered and they knew exactly what was going on, it would be f*****’ Ben Hur man, this is a big sized company.”
“What the f*** would you text me that for?
The court was told that the company was named after the Greek god of abundance and wealth.
Plutus Payroll, was used to collect gross wages from employers before money owed to the ATO was siphoned off into “second tier” or “bottom” companies with dummy directors.
‘https://www.abc.net.au/news/2023-03-07/adam-cranston-guilty-over-role-in-plutus-payroll-scandal/102064322
ResearcherZero • March 13, 2023 11:57 PM
🙁
‘https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
ResearcherZero • March 14, 2023 12:08 AM
“None of these prototypes comes close to meeting reasonable requirements for efficacy and privacy.”
‘https://www.lightbluetouchpaper.org/2023/02/27/bugs-still-considered-harmful/
‘https://www.rephrain.ac.uk/files/2023/02/Safety-Tech-Challenge-Fund-evaluation-framework-report.pdf
“We welcome feedback and constructive comments on the report.”
‘https://www.rephrain.ac.uk/safety-tech-challenge-fund/
ResearcherZero • March 14, 2023 2:25 AM
“Either you’re an obedient consumer who uses what Samsung, Google, Apple, and Meta have to offer, or you’re a criminal. Good luck developing your moribund tech industry with that attitude.”
‘https://cyberlaw.stanford.edu/blog/2023/02/my-comment-uk-government-its-proposal-ban-%E2%80%9Cbespoke%E2%80%9D-%E2%80%9Csophisticated%E2%80%9D-encrypted-phones
The government says, with a straight face, that to Protect the Children it must install back doors in end-to-end encryption.
‘https://www.theregister.com/2023/03/13/column/
S. 106
‘https://blogs.soas.ac.uk/cop/wp-content/uploads/2022/12/SOAS-ICOP-Briefing-Online-Safety-Bill.pdf
–
‘https://www.ceasefire.ca/wp-content/uploads/2023/03/LETTER-FROM-DANIEL-ELLSBERG.pdf
Code of Ethics • March 14, 2023 1:53 PM
About allegations of Lubuntu OS corrupting computer BIOSes:
These claims must’ve shown up relatively recently; the claims weren’t there a small quantity of years ago when I downloaded an ISO from the Lubuntu website to install Lubuntu.
I remember it vividly, because it was the first time, in several years of using Lubuntu, that the ISO showed up as corrupt.
I knew it was corrupt, or worse, just a fake ISO “impersonating” actual Lubuntu, because of how it specifically deviated from several years of Lubuntu tradtition.
It seemed like the ISO server had been hacked by an internet bully who had replaced some of the Lubuntu contents with his/her own RIDICULOUS content.
The original and actual Lubuntu author(s) maintained a consistency and a professionalism that was and is instantly recognizeable by Lubuntu users and Lubuntu fans. We know what it’s like in actual use.
So, back in that time, I knew I was dealing with a kind of malware, but I coped with it for a while because I was planning on erasing the whole system and starting from scratch anyhow.
Lubuntu was in my stash of LiveUSB’s because the download size is modest and it tends to boot and contain what I need enough to start erasing Microsoft Windows and installing whichever Linuxes I feel like.
Anyway, about the claims of Lubuntu causing BIOS corruption. I don’t think it’s the fault of the Lubuntu creators. I think their ISO servers got hacked and their ISO’s replaced or infected.
Again, authentic Lubuntu has a specific set of characteristics which the malware creators, malicious hackers did not conform to. They probably didn’t even like it, because what they put there was so outrageously silly it clearly didn’t belong there. And I’m not going to say exactly what it was.
Some programmers have specific style and standards for even the program script punctuation and grammar. Those who messed up Lubuntu via contamination, do not have such specific style nor standards.
I don’t know if what’s there now causes BIOS issues or not, but the original Lubuntu project was innocent and I believe it was outside interferences, not the Lubuntu project or it’s specific parts causing BIOS or malware issues.
I also happened to notice earlier today that the Github Lubuntu area mentions internet bullies. Of course malware creators and malicious hackers are a kind of internet bully, so even that part fits.
Meanwhile, quite a longer time ago, Canonical LTD, locked up and threw away a very large portion of what used to be “support” and enthusiast forums. Several posts marked [SOLVED], identifying common problems and their embedded solutions were deliberately moved out of reach of the users of Ubuntu, Kubuntu, Edbuntu, Emmabuntu, Lubuntu, Xubuntu, Ubuntu Studio, and the Ubuntu derivatives.
That’s when I quit relying upon any of the Ubuntu Linuxes because their own primary “parent” threw away and stamped out the free technical support which was actually working. I changed to a completely different type of Linux.
Sebastian • March 14, 2023 2:16 PM
I saw a cartoon last week, regarding the failing immigration system the Tories are hell bent on diverting away from their ineptitude, and it had a person on it saying “We must stop immigration and start looking after our own”.
In the next frame, a child asks him “Please help, I’m starving” – to which he tells the child “Fuck off”.
And here we are, the UK in 2023. If the news isn’t wolf whistling the knuckle draggers and distracting the rest of us from what matters, it’s not news. Or something to be cared about.
Peter • March 14, 2023 2:19 PM
On Politics Live today, there was a Tory MP foaming at the mouth complaining that Lineker should be sacked, he is paid £1.4m (panel guest said he was being envious – chuckle) and the frothing Tory MP then said his constituents were paying in part Linekers wages.
The hypocrisy/irony was completely lost on the frothing Tory MP, where they obtained 43.6% of the votes and have an 80 seat majority (reduced by some now) and the other 56.4% of the population were paying fro the Tory MPs in part.
This is about control, and as you have indicated, the Tories want to remain in power at all costs, hence the politics of division.
For the encryption, once it has been explained slowly to them, they should back down.
But then, we do have an election coming up, and maybe extreme politics will be used to call dissenters the usual left wing, unpatriotic blob.
Maybe the house of lords will add a caveat that if the backdoor encryption is implemented, that any money lost due to this is reimbursed with additional compensation too.
From this, we can see that the Tory party is a mess, and full of cretins, so it will be a case of just see how it plays out.
modem phonemes • March 14, 2023 3:07 PM
Re: ram& LLaMA LLaMA LLaMA LLaMA ding dong
But ‘glory’ doesn’t mean ‘a nice knock-down argument,’” Alice objected.
“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean—neither more nor less.”
“The question is,” said Alice, “whether you can make words mean so many different things.”
“The question is,” said Humpty Dumpty, “which is to be master—that’s all.”
SpaceLifeForm • March 14, 2023 3:49 PM
@ Clive
Re : Router mitigation not fix.
Seems like you have read a comment of mine elsewhere.
You can keep ypur router tables cleaner if you do not support ipV6.
SpaceLifeForm • March 14, 2023 5:59 PM
@ Clive, ALL
Re: ICMP RCE
No deets yet.
Apparently, it only works on Windows.
Gee, what a surprise.
vas pup • March 14, 2023 7:39 PM
Pipe-policing robots
https://www.dw.com/en/sewer-leaks-robots-to-the-rescue/video-64980036
“In Europe, 26% of the water supply is lost each year due to leaks in the sewer systems. Tiny pipe robots can enter the network, locate faults and transmit information and location to an engineer, helping save billions of liters of water.”
Question: That is developed in UK in close ally of US. How many years it’ll take to implement it here?
Clive Robinson • March 14, 2023 8:08 PM
@ SpaceLifeForm, ALL,
Re : ICMP RCE
“Gee, what a surprise.”
Possibly not 😉
A little history for those that don’t remember / learn from it.
It’s not the first time Microsoft has had ICMP RCE issues, if memory serves this is the third or fourth time…
As to the last I actively remember it was back oh about two and a half years ago.
Back in late 2020 Microsoft had IPV6 ICMP issues affecting Windows 10 and Windows Server that at the time was said to have RCE potential.
It was called “Bad Neighbour”, I remember it however because of the other name in use of “Ping of Death Redux”. Which harkened back to the “Ping of Death” vulnerability in 2013 that if memory serves correctly was an MS Windows only DoS and potential RCE.
Not sure if they are all related, but you know what they say about “Dogs and their vomit…”
Oh and remember Microsoft did not write their TCP/IP software they simply misappropriated it from the “Regents of the University of California” Berkley Systems Development (BSD) which was why the original “Tear Drop” attack hit so many OS’s.
But speaking of dogs, IPv6 was and still is a disaster area, it was badly thought out and the issues with 128bit IP addresses keep turning up like “acid reflux”. Then there was the security model (IPsec[1]) and what a disaster it turned out to be and still continues to be.
You might remember this,
The problem though is IPv4 is entrenched in the Internet psyche and will probably be hanging around in another 25years or so at least…
Remember the old advise,
“Sometimes when things stick to a blanket, the best you can do is burn the blanket.”
[1] StrongSWAN has a list of IPsec and other security RFC’s,
lurker • March 14, 2023 8:20 PM
@vas pup
Lost in Translation?
‘s/sewer/supply/g’
In English “sewer” usually means the foulwater system. While leaks of foul water are serious and ahould fixed quickly, detecting them is not as easy as this robot thinks.
Clean water supply is usually at pressures up to 5 bar, and leaks are routinely detected by acoustic means, the noise from a leak is quite distinct. This robot seems to have the advantage of mobility inside smaller pipes, allowing more accurate location of leaks.
SpaceLifeForm • March 15, 2023 3:17 AM
@ Clive
Re: ICMP RCE
It may be this, or related to it.
‘https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415
Clive Robinson • March 15, 2023 5:48 AM
@ SpaceLifeForm,
Re : ICMP RCE
Bit and bobs are getting dragged into the light…
One SecFirm (Tenable[1]) said that there were 76 inddividual CVE’s,
“Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed.”
In this MS Patch Tuesday are quite a few RCE’s, so pick your choice, but also,
“CVE-2023-23415 is a RCE vulnerability in Windows operating systems and was assigned a CVSSv3 score of 9.8. The vulnerability lies in the way the operating system handles ICMP packets when an application running on the vulnerable Windows host is bound to a raw socket. Exploitation is performed by sending a malicious fragmented IP packet to a vulnerable target, leading to arbitrary code execution.”
Others have indicated that one of the CVE’s has been used by suspected Russian attackers, against US Gov and US Infrastructure sites hinting at this ICMP RCE.
Oh Tenable also gave another CRITICAL, in the Windows “Cryptographic Services” as another RCE,
CVE-2023-23416 is a RCE vulnerability in Windows operating systems that was assigned a CVSSv3 score of 8.4. The vulnerability exists in Windows Cryptographic Services, a suite of cryptographic tools in Windows operating systems. Exploitation is performed by importing a malicious certificate onto a vulnerable target, requiring the attacker to authenticate to the target or entice an authenticated user into importing the malicious certificate. CVE-2023-23416 was given a rating of “Exploitation More Likely” using the Microsoft Exploitability Index.
“
There’s an itch at the back of my head that says this is not a first for Microsoft and Crypto Certs.
[1] Tenable give a break down of the MS Patch Tuesday,
https://www.tenable.com/blog/microsofts-march-2023-patch-tuesday-addresses-76-cves-cve-2023-23397
SpaceLifeForm • March 15, 2023 5:06 PM
Is 860 a big number?
I think it is.
‘https://www.bleepingcomputer.com/news/security/fbi-ransomware-hit-860-critical-infrastructure-orgs-in-2022/
Clive Robinson • March 15, 2023 6:26 PM
@ SpaceLifeForm, ALL,
Re : Big v. Small
“Is 860 a big number?”
Both yes and no, that’s why we normalize and call it a percentage.
I do not know just how many US CInf systems there are and the FBI probably does not either.
Especially as many orgs will try very hard not to have such expensive liability hung around their necks.
The simple fact is Ransomware is profitable and a real “free market” so you can tell what’s going to happen.
1, Those that can will enter the market as long as there is profit.
2, Those “that can” increases by way of knowledge and availability.
There is little or nothing you can do about the spread of knowledge, also trying to remove the profit actually rarely works.
So that leaves the control measure as “availability” of targets. Currently it is what they call “a target rich environment” and the number of “fixes” is few and “mitigations” short lived.
Anyone looking at Microsoft’s current “Patch Tuesday” inclusions will see something like 1/3rd of the patches are to stop “Remote Code Execution”(RCE) attacks.
Some of the RCE’s have been known to already be used against “Critical Infrastructure” on MS systems.
The simple fact is any RCE attack will give a toe-hold at some level, some at above any user level so beyond what most SysAdmins can deal with. Once an attacker is in and has got to the “system” level they can do virtually anything they want.
You have three possible defences against “unknown” attack vectors,
1, Have no external comms.
2, Run external to the system profiling.
3, Shut the system down and sweep all memory for illicit changes.
Of the three the first makes most sense where it can be used.
I look at the FBI recommendations and groan inwardly as whilst they might look good as bullet points…
Any way as most of us realise, it does not matter how hard we work to make systems secure, managment or marketing will do the opposit…
Such is the nature of “free markets” the spiral is by definition downwards given a little time.
lurker • March 15, 2023 11:30 PM
@SpaceLifeForm, @Clive
If 860 is a big number, it’s interesting that the biggest part of it is Healthcare & Public Health. Are there really more of these? Are these the worst protected? Do these provide best ROI for the bad guys?
Just because more innocent bystanders get hurt is a return to script kiddies doing it for lulz …
Clive Robinson • March 16, 2023 4:30 AM
@ lurker, SpaceLifeForm,
Re : Critical Infrastructure Risk.
“it’s interesting that the biggest part of it is Healthcare & Public Health.”
It also has the biggest number of computer users in CInt and comparatively speaking has by far the least amount of money to spend per user or computer.
“Do these provide best ROI for the bad guys?”
It depends on how you look at it…
They are obviously easy to get into (I still cringe when thinking about one consult I did on a hospital). But also they have a fall back… If the hospital won’t pay and the attackers have the patient medical records they can contact the patients directly and “put the screws” on them. Whilst many patients would not pay as they can’t, there will always be some who will, and others can be coerced if the attackers show they know who the victim works for or similar.
From a ransom attacker’s point of view they need to contact a potential victim as easily, cheaply and anonymously as possible. Thus electronically by Email or similar would be their chosen route.
So giving organisations the minimum of contact information the better your chances of avoiding being a secondary ransom attack victim. Or being used for identity theft or similar.
ResearcherZero • March 16, 2023 6:27 AM
“The attacker appears to have used the employee login credentials to steal personal information that was held by two other service providers.”
‘https://www.smh.com.au/business/banking-and-finance/328-000-ids-feared-stolen-in-sophisticated-latitude-financial-hack-20230316-p5cslo.html
It said the attack appeared to have originated from “a major vendor used by Latitude”, which the ABC understands was essentially a back-end infrastructure provider.
“As of today, Latitude understands that approximately 103,000 identification documents, more than 97 per cent of which are copies of drivers’ licences, were stolen from the first service provider”, the company said in its statement.
“Approximately 225,000 customer records were also stolen from the second service provider.”
‘https://www.abc.net.au/news/2023-03-16/latitude-financial-hack-what-we-know/102105266
“We’ve had laws that required the acquisition of data that didn’t need to be acquired, laws that demand the retention of data that didn’t need to be retained.”
Once you’ve handed over data, it’s rarely up to you what happens to it after that.
‘https://www.abc.net.au/news/2022-10-21/medibank-optus-data-hack/101558932
–
A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service (USMS) servers.
‘https://www.bleepingcomputer.com/news/security/hacker-selling-data-allegedly-stolen-in-us-marshals-service-hack/
Luckily, according to sources, the attackers didn’t gain access to any data related to the witness protection program WITSEC.
‘https://www.malwarebytes.com/blog/news/2023/02/us-marshals-service-hit-by-ransomware-and-data-breach
‘https://www.nbcnews.com/politics/politics-news/major-us-marshals-service-hack-compromises-sensitive-info-rcna72581
–
‘https://blog.quarkslab.com/vulnerabilities-in-the-tpm-20-reference-implementation-code.html
–
‘We conclude’ or ‘I believe’? Rationality declined decades ago
While the current ‘post-truth era’ has taken many by surprise, the study shows that over the past forty years public interest has undergone an accelerating shift from the collective to the individual, and from rationality towards emotion.
‘https://www.wur.nl/en/news-wur/Show/We-conclude-or-I-believe-Rationality-declined-decades-ago.htm
–
Issues about privacy, autonomy, equity, and the common good need to be considered and balanced, and knowing how to do so can be challenging in practice.
‘https://www.who.int/publications/i/item/who-guidelines-on-ethical-issues-in-public-health-surveillance
modem phonemes • March 16, 2023 9:30 AM
Dept. of Will the Atmosphere Be Set On Fire ?
To simulate GPT-4 behaving like an agent that can act in the world, ARC combined GPT-4 with a simple read-execute-print loop that allowed the model to execute code, do chain-of-thought reasoning, and delegate to copies of itself. ARC then investigated whether a version of this program running on a cloud computing service, with a small amount of money and an account with a language model API, would be able to make more money, set up copies of itself, and increase its own robustness.
This footnote made the rounds on Twitter yesterday and raised concerns among AI experts, because if GPT-4 were able to perform these tasks, the experiment itself might have posed a risk to humanity.
Winter • March 16, 2023 10:10 AM
On a lighter note:
Ken Thompson, Who Co-created UNIX, is Now Moving to Debian GNU/Linux (Raspbian)
‘http://techrights.org/2023/03/15/ken-thompson-transcript-scale/
[00:00] Audience member: ok, Ken. What’s your operating system of choice, today?
Ken Thompson: I have for most of my life, because I was sort of born into it run Apple. Right now, recently, meaning within the last five years I’ve become more and more and more depressed and
[laughter from audience]
what Apple is doing to something which should allow you to work
[00:30] is just atrocious but they are taking space and time to do it so it’s ok. And I have come within the last month or two to say even though I’ve invested a zillion years in Apple, I’m throwing it away and I’m going to Linux, Raspbian in particular.
[applause and cheers from audience]
Ken Thompson: Anyway, I’m half transitioned now.
Clive Robinson • March 16, 2023 11:48 AM
@ Winter,
Re : Ken and the Rooster egg…
“Ken Thompson: Anyway, I’m half transitioned now.”
There is an old philosphical question,
Q : There is a church spire that comes to a perfect point and it is thus avoided by all of our feathered friends. For this reason a Rooster decides that it must therefore be a safe place for what it has in mind. So on a calm windless day up it flys and carefully lays an egg with the “big end down” and flys off. Now as we all know things do not remain balanced for ever so must eventually fall. The question is not in which direction but simply when?
Thus Ken’s half transition is like the egg…
Clive Robinson • March 16, 2023 3:14 PM
@ JonKnowsNothing, ALL,
Re : Phikosophy of triage and BoM&D
I was doing a read through various web sites as I do whilst waiting for a member of the medical profession to give me half truths or lies about my lack of health (trust me this is normal as I don’t fit in this years budjet as I’m either to old or too young or my post code is wrong etc).
The fact that they don’t see it as an investment in future budgetary savings, thus will spend a lot more does not appear to occure to them (or if it does they “long arm” it to somebody who has a “Kill them all” agenda that would put a psychopath on crystal to shame).
Anyway I came across this,
Remember my view on AI being used as a way to hide agendas and use as the very least “The computer says NO” as an excuse, especially as it’s virtually impossible to show AI has been “deliberately tampered with” even a short time down the road…
We can expect more,
“RoboDebt meets triage”
As “a matter of political policy” due to the fact it’s so easy for politicos to say “Wasn’t me Gov, it was that bloke down the road”.
SpaceLifeForm • March 16, 2023 6:28 PM
@ ALL
Not a good day for me. Found my brother dead earlier today. 18 days after losing my mum.
Not surprised really. It sucks, but I will keep doing what I do, so, here are two links worth checking out.
‘https://www.coindesk.com/consensus-magazine/2023/03/15/ukraine-russia-sanctions-tether/
‘https://www.propublica.org/article/secret-irs-files-trading-competitors-stock
JonKnowsNothing • March 16, 2023 6:46 PM
@SpaceLifeForm
Words probably do not make much of an impact when confronted with so much sorrow, but please know I am thinking of you and hope the coming days go as smoothly as possible.
Take care of yourself, be kind to yourself, stop for a cuppa.
MarkH • March 16, 2023 7:03 PM
@SpaceLifeForm:
Sometimes when one of our brothers or sisters in this old world is hit by waves of loss in succession, I think of the bible’s Job.
All my respect to you, for continuing to put one foot ahead of the other.
Clive Robinson • March 16, 2023 8:06 PM
@ SpaceLifeForm,
I’m sorry to here you’ve had another death in the family.
From my own experience of loss, I can only say “Remember the good times” and be happy for those times.
It’s more than 45years since I lost both my parents, and still a day does not go by that I do not remember them. Similarly with friends I have lost throughout my life. Each I remember with fondness for the good times we had, and how they made my life more interesting if not better.
I personally believe, that people live on in other peoples memories, the stories they pass on about them to others and the words they write about them.
Painfull as it might be at first, get a note book and write down the things you remember. As you read the words you have written, they will help bring back other memories to write down, and with time and photos and other information included, you will have a biography of them.
SpaceLifeForm • March 16, 2023 10:26 PM
@ JonKnowsNothing, MarkH, Clive, ALL
Thank you for the kind words.
Keep paying attention. It is what you can do while alive and help society.
I am pretty sure no phone number is required. SIM ID is probably sufficient.
SS7 is not secure.
‘https://9to5google.com/2023/03/16/google-exynos-modem-vulnerabilities/
SpaceLifeForm • March 17, 2023 12:11 AM
Keep paying attention folks.
And stop using Windows.
‘https://arstechnica.com/information-technology/2023/03/federal-agency-hacked-by-2-groups-thanks-to-flaw-that-went-unpatched-for-4-years/
JonKnowsNothing • March 17, 2023 1:26 AM
@Clive, @All
re: Shaking the money tree or BoM&D No Deposit No Return
A MSM report on the failure of SVB and looming failures of several other banks indicated that the of the Assets held by SVB: 94% were uninsured, and of the assets held by First Republic Bank: 68% were uninsured.
Of the many individuals who had FDIC coverage of 250,000USD, this amounted to 6% of SVB holdings and 32% of FRB.
Banks are still investing in “derivatives of derivatives of derivatives” although the name has changed. Maybe Bitcoin was the replacement?
There isn’t much difference in the end between FDIC insured and Government Bail Out. FDIC insures the smaller depositor and the Governments and Oligarchs bailout the Big Investors with money they collect from the small depositors and people who don’t have enough to make a deposit or keep a bank account open. Governments will “recoup” the funds via taxes, fees and Budget FlimFlam.
There are other banks globally that are shaking too. Credit Suisse isn’t sound. The banks in China that funded the collapsed high rise luxury condo forests have had those investments tank too. The Eurozone banks are watching the waves moving in their direction and they have an additional Big Wave in the ongoing financing of the UKRvRU proxy war.
Interest has an odd ability to not only multiply linearly but exponentially and it goes down just as fast as it goes up. The multiplier effect gets greater the farther it gets from A-Starting Point.
In Economic Terms Interest as the rate of return index for the current value of money is Good.
However, in practice, there really isn’t much benefit. It is linked to housing shortages, food shortages, work shortages, lack of healthcare, lack of dental care, lack of Old Age Pensions, lack of a stable level of Quality of Life.
As Banks try to tame Interest Rates and Governments try to Push, Shove and Maneuver it in different directions, the size of the global economies is such that we can see how it will destabilize everyone else…
Can we see it for our own personal economic bubbles?
I don’t have much in the way of savings anymore, because that’s the way it goes after you stop working: no more income. So whatever you have set aside and managed to hold on to, is all there is. I can only hope that what there is doesn’t get flung in the SHYTFAN along with Peter Thiel’s $50Million USD.
Peter’s friends will no doubt float money back to him; Oligarchs don’t like to see Oligarchs lose their funds.
The Bank of Mom & Dad Depositor isn’t going to get much of anything.
SpaceLifeForm • March 17, 2023 2:44 AM
@ JonKnowsNothing, Clive
re: Shaking the money tree or BoM&D No Deposit No Return
Yep. I am cash flow poor at this time.
House insurance was not paid. Behind now. Not sure why.
I am looking at 2 more months before I get a Death Certicate and get bills organized.
I will be ok later. I went to cash out a pension (small) earlier this week, and the website was down.
Apparently, a lot of people are dying these days. Police officer today agreed.
He told me he had Covid 3 times. I told him no surprise.
Clive Robinson • March 17, 2023 5:07 AM
@ JonKnowsNothing, SpaceLifeForm,
Re : No Deposit no return.
Based on what others with more “insider information” are doing we are heading for another “Run on a Bank” finally making clear we are in another global recession but with the appearence for public consumption of it being another,
“‘Financial Crisis'(FC4?) precipitated by the little people”
Hence not telling the real cause of the problem, which has been building since Thatcher and Reagan back in the 1980’s with the “Free Market”, demanded by the finance industry and pushed by neo-con think tanks. Which amoungst other things gave rise to the “Lloyds LMX Spiral” scandal.
Since the “deregulation” of the “Big Bang” you will find just one or two of the nastiest mid rung operators have come to be exposed. Look up the history of “Fred The Shred” for instance, and Bob Diamond at Barclays over the LIBOR scandal, but others at the likes of HSBC remain nameless. As do those where their misdeeds get hidden by corporate structures and large fines that the little people pay, and soon it’s “back to normal” with a different financial scam.
As for those higher up the ladder you don’t get to hear of what they do… It’s not written down and often it’s first made legal by “suasion” over private meetings. The most public of which is Davos, but you don’t get to see the actual people, just their proxies. Not to different to lobbyists, but less crude and way more effective.
But what are those neo-con think tanks doing that those top rung squatters fund through multiple defensive layers?
Well some would call it revisionist history others worse, but when challenged they tell you, you do not have the correct point of view…
A prime example is from Philip Booth, who was at the time the “Institute of Economic Affairs”(IEA) editorial and programme director. Who also had many many other jobs (including religious posts a characteristic that we have come to realise is indicative of a “certain type” like the ex-head of the UK Post Office who had so many innocent people jailed or driven to their deaths).
At the time (2015) The Guardian tried to debunk the nonsense by Philip Booth, but there is only so far you can go. Before “the friends” –pay masyers– of the person you are trying to hold to account starting whisper and similar campaigns against you. Which have been the nastier side of US Politics against journalists in recent years. Such attacks mainly run by the right of center folks (the names of which would probably trip the moderation filter).
Any way you can read The Guardian article,
https://www.theguardian.com/business/2015/may/25/margaret-thatcher-deregulated-city-london
Then read the IEA’s copy of the actual Philip Bootb artical and see how he is blaiming “the little people” in several ways.
Oh a little warning before you do go read it,
Do not click on any of the links in the article “they are watching”[1] also turn of cookies and javascript
https://iea.org.uk/publications/research/thatcher-the-myth-of-deregulation
[1] If you “mouse-over” you will see the links are of the form,
http://www.iea.org.uk/in-the-media/… …
That is rather than give the link to the Guardian article as I have done, they cause your browser to link back to their system, where your details will be recorded as will the link…
[2] Barclays and what they did to LIBOR had an effect on every person who had savings, debts, or any kind of financial commitment,
‘htt ps://www.hbs.edu/faculty/Pages/item.aspx?num=43888
ResearcherZero • March 17, 2023 5:19 AM
“We believe the targeting of these devices will continue to be the go to technique for espionage groups attempting to access hard targets.”
FortiGate devices with Federal Information Processing Standards (FIPS) compliance mode enabled failed to boot after it was later rebooted. When FIPS mode is enabled, a checksum of the operating system is compared with the checksum of a clean image. Since the operating system was tampered by the threat actor, the checksum comparison failed, and the FortiGate Firewalls protectively failed to startup.
With assistance from Fortinet, Mandiant acquired a forensic image of these failing devices, prompting the discovery of the ICMP port knocking backdoor CASTLETAP.
‘https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem
–
“The same individuals show up again and again—and I mean the people with the actual hands on the keyboard.”
Dutch law enforcement didn’t just identify and arrest Serebriakov and his team, who were part of a different GRU unit generally known as Fancy Bear or APT28. They also seized Serebriakov’s backpack full of technical equipment, as well as his laptop and other hacking devices in his team’s rental car.
When investigators examined that confiscated Wi-Fi hacking equipment, they found evidence of a long list of Wi-Fi networks it had connected to previously, essentially mapping out the travels of Serebriakov and his colleagues to carry out previous hacking operations.
‘https://www.wired.com/story/russia-gru-sandworm-serebriakov/
Winter • March 17, 2023 5:57 AM
@Clive
Based on what others with more “insider information” are doing we are heading for another “Run on a Bank” finally making clear we are in another global recession but with the appearence for public consumption of it being another,
I think there have been bank failings and bank runs every decade since the 19th century. There is nothing special about a failing bank. Banks are inherently unstable.
‘https://en.wikipedia.org/wiki/Bank_failure
‘https://en.wikipedia.org/wiki/List_of_largest_U.S._bank_failures
‘https://en.wikipedia.org/wiki/List_of_bank_runs
ResearcherZero • March 17, 2023 6:13 AM
@Winter
Human vision, photosynthesis and other natural processes harvest light with proteins that contain molecules known as chromophores, many of which twist when light hits them. The hallmark of this twisting motion, called photoisomerization, is that part of the molecule rotates around a particular chemical bond.
“One possibility is that the distribution of atoms in the molecular space blocks or allows rotation about each chemical bond, known as the steric effect. An alternative has to do with the idea that when molecules with double bonds are excited, there is a separation of charge, and so the surrounding electric fields might favor the rotation of one bond over another. This is called the electrostatic effect.”
‘https://phys.org/news/2020-02-electric-fields-affect-molecular-light-sensitive.html
Overcoming a hurdle on the path to renewable-energy storage
‘https://phys.org/news/2022-01-hurdle-path-renewable-energy-storage.html
photocatalytic water splitting
‘https://phys.org/news/2022-05-electricity-kind-green-hydrogen.html
“Artificial photosynthesis is the holy grail of all chemists.”
‘https://phys.org/news/2022-01-efficiency-artificial-photosynthesis.html
…
And in research perhaps applicable to semiconductors:
polarons are formed when individual electrons in crystals distort their surrounding atomic lattice, producing composite objects that behave more like a massive particles than electron waves
‘https://journals.aps.org/prb/abstract/10.1103/PhysRevB.105.115414
Essentially, a polaron is a composite particle comprised of an electron surrounded by a cloud of phonons (i.e. lattice vibrations). This quasiparticle is heavier than the electron itself and due to its substantial weight it can sometimes become trapped in a crystal lattice.
‘https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.122.246403
“We now plan to use these tools to investigate a broader family of materials. We would also like to understand how these particles respond to electric and magnetic fields and how one could leverage their unique properties to realize new functionalities.”
‘https://dx.doi.org/10.1038/s41567-023-01953-4
Winter • March 17, 2023 6:57 AM
@ResearcherZero
Human vision, photosynthesis and other natural processes harvest light with proteins that contain molecules known as chromophores, many of which twist when light hits them.
There are many such systems. And there are even more pundits who will claim their randomness are not “pure enough”. There will always be drift, side-channels, and biases that can be raised.
What I understand is that it is rarely the underlying physics that is the limitation, but the measuring and post processing. That will never be perfect. So there will always be pundits who claim it is too imperfect.
It all depends on your threat model. Perfect security and eternal peace are only achieved in death.
Clive Robinson • March 17, 2023 8:10 AM
@ ResearcherZero, ALL,
Re : A long known threat.
You say,
“Since the operating system was tampered by the threat actor, the checksum comparison failed, and the FortiGate Firewalls protectively failed to startup.”
This is an example of “trust given once” where “trust must be checked repeatedly”.
That is the “trust check” was only at boot up, not as it should have been regularly during system run time.
As I noted just the other day “code signing” and “linker loading” fail because our basic behaviours are wrong when it comes to trust checks.
Code signing is a “one time trust check” of just a signiture of a hash of an archive. Unfortunately once that hash signiture is checked everything is incorrectly assumed to be OK. It’s not for a whole multiplicity of reasons. Because,
“It authentcates the channel not the transaction.”
Or if you prefere it’s the sealed box you sign for at the door because it’s got the right tracking number or shipping details. Neither of which say the box contents match what was ordered, nor when you think about can they do so (which is why you should always write “unchecked” in the signiture box).
But that channel has an “end point” which ment that a process running on the system could get in after the signature is checked, but before the “patch” was installed. Which leaves a glaring security hole… In that case,What the illicit APT process did was after the signiture was checked, was unzip the delivered archive, then add it’s malware to it and zip it back up, then let the updater write it to memory as though it was the original zip…
This could happen because it was,
“A non atomic multistep serial process.”
Where the code signing check was done independently and way upstream of the code updating process.
But we also have the same issue with code in memory. The current design of Comercial / Consumer Computers is entirely inadiquate security wise and thus leaves a gaping security hole that’s been known about since the 1970’s and the early “Direct Memory Access”(DMA) used with high speed communications. As the DMA works at a lower level in the computing stack than the CPU and MMU below it they can not protect against what the DMA can change in memory. Likewise nor can the CPU and MMU protect against I/O devices that run their own core memory modifing processes.
The same is true with any activity that changes the contents of Core memory, it is after all how some types of malware get in, as is the case of the issue you mention.
Some people mistakenly believe that “Memory tagging” will solve this, but it won’t. When you consider it memory tagging is like “Parity Error Checking” of memory, it is basically better than nothing but still unreliable.
I thought about this years ago which is why I came up with the notion of “Castles -v- Prisons” or C-v-P / CvP as others ended up calling it.
It worked around the notion of “Probabalistic Security” and simplified processes running in “prison cells”. If malware got in, it would have to be in memory. So the first step is to minimize the memory available to the simplified process. The second step is every so often stop the simplified process CPU and another “state machine” would “walk the memory” to check the process had not been changed in memory.
Obviously halting a CPU so a state machine can walk through every memory location reduces the CPU processing ability. Thus the trade off was between CPU throughput and security, hence probablistic.
The reason the malware you mention was found, was effectively a similar process in action that is a security verification was done every so often which found the malware. The problem is that it was done so infrequently that the probability of it detecting the malware before it could do harm was very very low. However it proves the point that you have to perform “trust checks” on memory and program behaviour, independently on a very regular basis, if you want even a small chance of catching malware when it is in your system before it does harm.
Clive Robinson • March 17, 2023 3:01 PM
@ Winter, ResearcherZero, ALL,
Re : Mostly people say Random when they don’t know the inputs.
<
blockquote>”And there are even more pundits who will claim their randomness are not “pure enough”. There will always be drift, side-channels, and biases that can be raised.”
Yes and raised with significant validity, because they have a habit of becoming known to an attacker in ways most who disparage them have little comprehension of or don’t care to get to understand, thus blow security out of the water at step 1.
What many call “True Random” or “Random” is actually “noise” which is “assumed to be random” but is actually,
“The sum of multiple signals”[1]
Mostly the signals are not at all random and many are mostly determanistic[5].
Interestingly if you go for the “minimum multiple” of two signals, it is exactly the same model as a “stream cipher” and all alledgedly random signals can be treated as such.
Thus you can in effect invert the view and say one signal is “determanistic” and the other “non determanistic”. The dificulty which immediately becomes obvious is how you seperate the wanted “non determanistic” from the unwanted “determanistic”[5].
The basic answer is these days using DSP algorithms to synthesize any non determanistic signal, invert it and add it in as another input.
Whilst this deals with signals you can recognize as determanistic and synthesize in waveform and phase, you can not do the same for “chaotic” signals which can appear random but are not at all.
You can easily generate such a signal with two oscilators at different non harmonically related frequencies driving a D-Type latch. If the frequencies are stable, and you integrate the random looking and complex latch output that “looks random” close in, you get a very nearly perfect sin wave at the difference frequency of the two input sinewaves… Which is a bit of an “Opps moment when you demonstrate it”. It’s also something a lot of Silicon Valley Chip designers appear non cognizant of as they use “ring buffer oscilators” to drive a D-type latch and use that as an on chip random source… Worse fully determanistic signals such as “power supply noise” phase modulate the oscilator outputs. This just adds a determanistic noise to the D-Type output, which when put through a hash algorithm gives the very false impression of “random” when it’s nothing of the sort.
[1] The use of summation makes the process effectively degenerate to just the two signal case. Which can be easily seen when you consider
Sigout = Mod N (Sigi+1 + Sum0…i)
[2] So any proof or attack on the two signal case is valid for how ever many signals you chose to use as input.
So if any of the input signals are both,
“Truely unknown and truely unpredictable.”
Which is very rare[5]. Then the Sigout can be considered from the observer’s point of view “non determanistic”.
However if none of the input signals are Truely unknown and Truely unpredictable, then the signal output is from all points of view “determanistic” therefore not random[3].
[3] Can “determanistic” be used to replace “truely random”, well that is a bit of a vexed question. The generalised idea is,
“Determanistic is sufficient if the observer is incapable of determaning that the output is determanistic.”
Which whilst nice in concept and used in a number of alledged proofs, is actually not true.
Any determanistic cryptographic algorithm has dependency. That is each bit is dependent in some way on the previous bits. If you know the size of the effective state array as is needed for a stream generator it is trivial to show that if the actual state array is N bits, you need a maximum of 3N-2 bits output to be able to determine every bit from there on. This is actually related to the “unicity distance” of all cipher systems[4].
[4] Shannon called the issue with input statistics and their effect on uniquely discovering a key “unicity distance”. and went on to prove that for “Perfect secrecy” –ie all messages equiprobable– the length of the key material had to be as long as the plaintext message length and all ciphertext characters had to be not just equiprobable themselves but also independent of each other (statistically flat / fair ball drawing from an urn with the ball being returned to the urn after it’s drawn).
[5] Contrary to the impression given most natural sources have little indipendence from bit to bit. Worse many follow a predictable line on a graph or have an offset they sit upon.
Thus “true entropy” is actually a very rare commodity like fine scent that has to be distilled out with very great care.
Also humans are very very bad judges of “random” and our statistical algorithms aren’t much better. Whilst they can tell you a source you test is bad in one particular way it can not tell you the myriad of other ways it has failed, and none can say a source is good.
[6] The unicity distance is based on the output of a cipher, and defines the length of the message where the all messages are equiprobable drops to just one message in what is effectively a brut force search. As such it uses the plaintext statistics which makes it message statistics dependent.
The simple way to see this is to view the cipher as a simple “Belalso” –Vigenere– cipher. Lets say the alphabet size is 26 letters and the message is 5 letters long. It’s easy to see that there are 26^5 possible messages (N) and likewise 26^5 keys(K). However if and only if the plaintext is in readable english such as WINED or CRIED it’s easy to see that the number of messages (M) is now very much reduced from N.
Importantly though is to realise that for any given ciphertext(C) beyond a certain length each M has only one key K that gives the plantext. So with K possible keys, only K(M/N) of them will produce acceptable english plaintext. Just one of these keys(K) is the correct key, even though several keys will on short lengths give acceptable plaintext(M). Thus the question arises at what length L of the message is a sufficient length to eliminate all but the correct key.
By observation as M/N gets decreasingly small as the length L of the message increases, at some point L will be large enough to make the number of incorrect keys equal to zero. Equivalently, this is the message length L where K(M/N)=1. This L is the unicity distance. Important to note that for the same key K the unicity distance L is dependent on the plaintext statistics so will vary from message to message.
Also in a fully determanistic cipher the number of keys(K) is dependent on either the width and complexity of the equivalent mapping of a block cipher, or the actual size of the state storage in a stream cipher. With english plain text being nearly always uniquely recognized in 25-29 characters or ~127bits the unicity distance of DES would be less than 2blocks and a little over 1 block for AES.
[7] What Shannon did not emphasize, is unicity distance is also dependent on the key statistics as well as the plaintext statistics. So whilst someone might argue with a “book code” of approximately 2000 charecters a page, and 250 pages the total size of key material is 400,000, the reality is that is way way off. For instance if you are known to have only 10books in your possession then it does not take much in the way of a trial search to find which is being used. Because you would in effect be using a key stream where the individual chatacters are NOT independent of each other or even close to being statistically flat. Which gives rise to a much faster way of breaking the cipher. The statistics of the cipher text via a simple Chi Squared test would show not only that two plaintexts had been used but other charecteristics that would make breaking out the plaintext from the keytext easy, thus giving a length of keytext which could be searched for in hundreds of thousands of books remarkably quickly. But even the books do not need to be searched. All authors have a style that can be recognised statistically thus limit the body of works to be searched down to very few, maybe a dozen or two.
Winter • March 17, 2023 3:39 PM
@Clive
Re : Mostly people say Random when they don’t know the inputs.
It is easy to fill a year enumerating subjects most people misunderstand. I know of only two rigorous definitions of “random”, the one used in thermodynamics, ie, coarse graining phase space, and the one from Kolmogorov complexity. Maybe there are others, or better ones. Feel free to educate us.
SpaceLifeForm • March 17, 2023 6:09 PM
@ Clive
Gut feel. The CS bailout is to deflect from DB.
Not that either are trustable.
Oshner • March 17, 2023 6:15 PM
@jonknows…
Let’s stipulate that if the patient has no insurance what follows is moot.
If a patient does have insurance and they are told the drug is 100K the question is not if their life is being held for ransom but by who and for how much.
Let’s look at the simple example of statins. Atorvastatin was long known to be an excellent lipid lowering agent but insurance companies wouldn’t pay for it because it was considered novel and unproven. That is until it became generic and then pretty much everyone was switched to it. This happens all the time with drugs across therapeutic areas.
If our patient who has insurance is told their out of pocket cost is 100K then it is their insurance company that has a gun to their head. The same is true in less extreme examples. When you pay more out of pocket for your medicine year over year it has more to do with your pharmacy benefit manager raising copays to discourage use than it does with what the PBM pays the drug company.
There is a reason that CVS, Walgreens and United Healthcare are in the top ten of the Fortune 500 and it’s not because they are enhancing quality of care and outcomes.
modem phonemes • March 17, 2023 7:25 PM
@ Clive Robinson @ Winter @ ResearcherZero
Re: random randonée
We were always told that “noise is just unmodeled signal”. Perhaps “random” should be discarded in favor of “spontaneous”, that is, not part of the plan. E.g., we were measuring performance but then a bird was ingested in the right engine, which blew up …
Everything proceeds by cause and effect. Does this mean deterministic ?
Clive Robinson • March 17, 2023 7:52 PM
@ SpaceLifeForm, JonKnowsNothing, name.withheld…,
Re : Banks and crappers.
It’s not just CS and DB,
lurker • March 17, 2023 11:29 PM
@SLF, @Clive, Ors
re CS, DB, Uncle Tom Cobbeley
I heard an expert this morning on a radio station I’m not allowed to name, who explained it simply. The problem is in part, gambling with other people’s money. Banks have to do this to make a profit, but there are rules, government laws and business prudence. When things go squishy the other part of the problem is that the people responsible are never brought to account. So it will just go on going on.
The explaining gent didn’t say in words, but his tone of voice suggested things like public pillory, and personal bankruptcy …
JonKnowsNothing • March 18, 2023 1:16 AM
@Oshner, All
re: It’s not on the list
The listing of available drugs that you describe is called The Formulary (aka pharmacy listing). Every health care insurance, hospital, dispensary has one. It’s linked in a long chain going UP and then Down, like a B-Tree.
Years ago, when still employed, I had a Rx for a drug that cost $500/month. Back in the days when you could get a burger, fries, drink for under $2. It was not on The Formulary and I didn’t get any charity help paying for it. I did what everyone does with outrageous costs IF they can, and that is Work While Ill. That doesn’t help you get better sooner.
Years later now, some folks are savvy about The Formulary which changes annually. When “open enrollment” happens between Nov – Jan, if you are Of An Age, you get deluged with information, nearly all of it Pie In The Sky or missing in particular details. One of them is The Formulary list, which differs from Insurer to Insurer.(1)
Plenty of folks have swapped providers because they thought they were getting a “better deal” only to find the common drug needed for a health condition is Not On The List. If it’s Not On The List you are SOL. It maybe On The List this year, but maybe not Next Year.
===
1) fwiw My charity renewal for the $100K+ drug is in March. Provider changes end in Jan. Will it be on the list or not on the list next year? Only Godot Knows.
Clive Robinson • March 18, 2023 1:55 AM
@ modem phonemes, ResearcherZero, Winter, ALL,
Re : Some things just happen.
“Everything proceeds by cause and effect. Does this mean deterministic ?”
Err no. To be “determanistic” requires more than “cause and effect” it also requires it be repeatable, by prediction, thus design.
So whilst I can hit a golf ball and get it to land somewhere, I can not subsequently claim where it landed was by design. If however I say it will be a “hole in one” and it does indeed drop down the hole, even that does not make it “by design” unless I can do it every time… (which at the very least would probably and almost quite predictably get my golf clubs used by others for less than legal application against my person, so would be by design and very probably repeated, so becoming a quite determanistic intent).
Clive Robinson • March 18, 2023 7:57 AM
@ lurker,
Re : Bankers that need discipline
“The explaining gent didn’t say in words, but his tone of voice suggested things like public pillory, and personal bankruptcy …”
Just remember that whilst “pillory” which means “putting in the stocks” which was easily seen as a form of torture that could kill people quite easily or leave them open to significant degradarion, and cause the victim temporary or permanent damage to the spine and posture thus ability to work is,
“OK with one blog reader who hides behind a sock pupet”
But it’s apparently not okay by the sock puppet to say
“String them up by their thumbs”
Which was not a tourture and was designed to be a “justice being seen to be done” show that they and those that saw them standing there should hence forwards be “upright / standup citizens”.
But the person you heard was right, the punishment of corporate fines might sound good untill you realise they will either be “tax deducted” or “the customer will pay” or worse in some cases a “double tap” of both.
Winter • March 18, 2023 9:41 AM
@modem
“Everything proceeds by cause and effect. Does this mean deterministic ?”
The laws of physics work such that initial conditions go to one and only one constellation of final conditions. And the laws show that for every set of final conditions there is one and only one set of initial conditions.
This is the basis of determinism and Laplace’s demon
‘https://en.wikipedia.org/wiki/Laplace%27s_demon
According to determinism, if someone (the demon) knows the precise location and momentum of every atom in the universe, their past and future values for any given time are entailed; they can be calculated from the laws of classical mechanics.[2]
Clive Robinson • March 18, 2023 11:22 AM
@ Winter, modem phonems,
Re : It claims no free will.
“This is the basis of determinism and Laplace’s demon”
And you can easily see he was wrong with just therty seconds of thought.
I will just disprove the,
“their past and future values for any given time are entailed”
Thar can only work if two assumptions are true,
1, Every thing is determanistic
2, Every thing is linear.
We know the first is not true because we have “free will” and other entities have “agency”
The second is harder to understand. But we know that mostly the universe is not linear. Almost every thing works as a percentage of a percebtage which fundementally is exponential.
As I explained in an earler post the state of any object is the sumation of it’s interactions.
But if two objects colide some of the energy of one gets transfered to the other, the same with change in direction and momentum. Momentum however is not a linear quantaty when any kind of force or field is involved.
You can look the proof up as it’s part of thermodynamics but you get the equivalent of a true one way function that is not reversable.
The implication of this is that the “demon” would have to have perfect knowledge of the “finite” Universe in infinite resolution as a recording.
I’ve shown before that as the Universe is both physical and finite, only a finite amount of information can be impressed on the matter or modulated on the energy.
Either way or together there is a finite maximum amount of information that can be stored thus there is a finite amount of history the demon can have memory of.
What Laplace’s demon actually tells us is that religion / mysticism in his time imposed what were base axioms to his reasoning that were false.
The thing is we know that “free will” was still causing reasoning issues with Einstein, his contempories and even those who were still denying that free will existed less than a century ago.
Likewise it was not much before that, that Cantor burst the bubble on the thinking about infinity which had driven some of his contempories and predicessor quite mad with some effectively killing themselves over it.
Just one more of oh so many reason to hold deity belief in compleate contempt.
Winter • March 18, 2023 12:21 PM
@Clive
We know the first is not true because we have “free will” and other entities have “agency”
What is free will? And how does it interact with the laws of nature? Most accounts of “free will” transcend physics, and the arguments for it are in the “just so stories” category.
Laplace’s demon is based on known laws of nature. If these laws describe nature, then Laplace’s demon can perfectly predict all of the future from the past. If you say it can’t, you effectively say the laws of nature as currently formulated are wrong. Please feel free to amend them and win the Nobel prize.
However, it is also true that Laplace’s demon would need to compute a simulation of the universe. If the demon has itself to obey the laws of nature, the simulation would be as large as the universe, and the simulation would not be faster than the evolution in the real universe. So it would not really “predict” anything. And there are other obstacles to such a simulation too.
If the demon would like to predict the near future of only a small patch of the universe, it would still have to simulate a volume the size of the causal light cone of that future patch.
But this was all not the point of Laplace. The point is, the physics of the universe is deterministic. If you want it to be non-deterministic, you need to change physics. Past failures to improve physics in this direction should not be seen as a disincentive.
One problem with “causality” is that it hinges on our understanding of time and space. And we really do not understand the nature of time and space. We even do not understand why we can travel any which way in space, but in time we travel in one direction only, with a speed that fixes us to space.
For instance, with time travel, causality would go out of the window, as does determinism. The laws of physics do not prohibit time travel, but there is always a snag in the equations that show time travel. It should work, but you always need something odd, like negative mass.
PS. I do not see how Cantor fits in this discussion.
modem phonemes • March 18, 2023 1:23 PM
@ Winter @ Clive Robinson
how does it interact with the laws of nature? Most accounts of “free will” transcend physics
The “laws of nature”, physics, are just the current quantitative model of what is present to us based on accumulated current experience. They are provisional, good enough to be going on with until they are not. E.g. the alteration in the then laws occasioned by relativity, and quantum mechanics. The laws, even in the above provisional sense are currently incomplete because these two have yet to be coherently combined. Also the possibility that models that describe the world may be chaotic means complete prediction will never be possible because of the infinite precision required in relevant data measurements for such models.
The restriction to the quantitative enmattered aspects of reality also limits these physics models. That they don’t seem to have room for something like free will only indicates the limited scope they start with.
The acceptability of modern physics is itself something outside of physics. We accept the laws because they work well. This is a general intellectual criterion that isn’t part of physics.
Winter • March 18, 2023 2:26 PM
@modem
They are provisional, good enough to be going on with until they are not.
Physicists are able to test their models down to the 19th decimal. I do not assume free will is hiding behind the 20th decimals. So where is it hiding so physics cannot see it?
But the real challenge is to define Free Will, so we can distinguish it from, eg, Non-Free Will.
Also the possibility that models that describe the world may be chaotic means complete prediction will never be possible because of the infinite precision required in relevant data measurements for such models.
How is this relevant for Free Will? Is Free Will a synonym for Random? I do not particularly feel for my Free Will being just a RNG.
The restriction to the quantitative enmattered aspects of reality also limits these physics models.
If it is observable, it is a subject of science. So, if we can observe Free Will qualitatively, we can study it in biology or physics.
The acceptability of modern physics is itself something outside of physics.
Indeed. But non-working theories, eg, theology or metaphysics, have a habit of leading to a lot of heat but no substance. Theology is at the root of some of the worst mass killings in history, motivated by arguments that are so arcane that they are only understood by a few specialist historians.
lurker • March 18, 2023 3:10 PM
@Winter, Clive, et al.
If Cantor doesn’t fit the discussion, how about Poincarré?
He didn’t know about interstellar dust or radiation pressure, so could only conjecture, not prove, that Laplace’s demon could never establish stable orbits for three bodies about their centre of gravity.
Winter • March 18, 2023 3:47 PM
@lurker
that Laplace’s demon could never establish stable orbits for three bodies about their centre of gravity.
As far as I know, such stable orbits simply do not exist. All planetary systems containing more than two bodies are chaotic and unstable.
But this does not mean the demon could not simulate (predict) the movements over all time.
modem phonemes • March 18, 2023 6:23 PM
@ Winter @ Clove Robinson
But the real challenge is to define Free Will
More precisely we should say “free choice”. We are all aware of ourselves as sentient agents and that in our ordinary acts we are not forced, but have freedom or free choice, with the moral responsibilities and rights that follow upon this.
The remark about chaotic systems was only meant to further underline the limits of laws of physics
If it is observable, it is a subject of science.
We accept the fact of free choice on the basis of our sensible experience. Free choice is the subject of science, just not primarily of the quantitative science of modern physics. The science of cognition and of metaphysics à la Aristotle are the directly related sciences.
Clive Robinson • March 18, 2023 9:12 PM
@ Winter, lurker, modem phonemes,
Re : Free will and agency.
“What is free will? And how does it interact with the laws of nature? Most accounts of “free will” transcend physics, and the arguments for it are in the “just so stories” category.”
Free will is about choice or the same as the Roosters Egg, “You know it will fall, but you do not know when or in which direction it will fall nore can you in a finite physical universe but you know it will fall”[1]
It’s the same as the balls in a “quincunxor”[2] you can show that their starting path is toward the center of the base line and first pin. But any imperfection between the release point and the first pin no matter how slight will cause a divertion that when you boil it down comes out to the square root of the modulous –or absolute value but not sign– of some value aproaching but never reaching zero (thus importantly giving symmetry around the path). Because that value can never be determind we give it a probability between two values.
Now you can argue the demon has “infinite depth of vision” but as I’ve shown in the past in a finite physical universe which science says this universe is, there is no ability to store, communicate or process such values. As you yourself know because you have used in the past the square root of two argument to show infinity exists, and the effect it had on thinking when Pythagoras worked out this fact.
Now the interesting thing with the “quincunxor” is that beneath the first pin there are two pins forming a row. And beneath that row another row where effectively each pin has two equidistant pins below and either side of it’s center line to the base (obviously you deduplicate where two pins would be coincident in space). Thus every pin is a spire for the Roosters Egg of the decending ball to form an impossible to know choice of direction at an impossible to know time as neither can be calculated due to the infinity problem in a finite physical universe.
All of that is within the laws of physics to however many X^-N radix values you care to use, the next radix always has that “root of two” infinity issue beyween two points.
So you can not know what route each ball will take and where it will end up on the base line. All you know is that it has a probability from the center line of the first pin to the base. It’s simple to see it must be symetrical by the basic law of reflection, but the probability less so, but as you know can be calculated to some approximate value we call an imprecise probability.
But as you also know on mass the balls will fall in the same pattern every time[1]. Because of this we can work with the imprecise probabilities and mostly care not a jot which direction the Roosters Egg will fall or when it changes direction, if it does or does not at any given pin.
You can argue any which way you like but you know if you are rational that the result of this is that no matter what the demon might know it is always insufficient therefore the demon as described can not exist except as a concept based on a cognative bias from a belief of “all knowing all powerfull” that can not exist in our finite physical universe.
If you want to argue the point further consider another rational proof given by Donald Knuth if you want to look it up (see §3.4.1-C of the second volume of his still incompleate and evolving Treatise of Seminumerical Algorithms). I give a brief over view and the consequences it has for both the Demon and your argument below[3].
Which brings us to your,
“If you say it can’t, you effectively say the laws of nature as currently formulated are wrong. Please feel free to amend them and win the Nobel prize.”
No I don’t say the “laws of nature as currentky formulated are wrong”. I actuall prove your view point is incorrect in a finite universe.
And no I do not expect a Nobel in physics for “stating the bleeding obvious” though arguably they have all been awarded for exactly that reason. Which is also informal proof if required that our knowledge of physics is not just incompleate, it is still evolving.
But another point you should keep in the back of your mind “chaotic” means neither “random” or “unstable” nor even an aproximation to them. Which can be demonstrated by simply observing the jointed pendulum, it always ends up in a stable and fully predictable point of rest. Further it’s behaviour has quite predictable but nonlinear points based on the level of energy you initially put into it, and the value of force we call gravity applied to it.
[1] Unlike a simulation… When my son was at that intently curious stage where he would get into anything and everything. I took him to a museum in Telford where such behaviours can be induldged more or less safely, without the need for “helicopter parenting”. They had a “simulation” there that adiquately demonstrates the limit of knowledge. It simulated a fun fair “loop the loop” ride where you could control the initial energy of the push and how the car would respond using the laws of motion. However I showed that if you got the amount of energy just right, you could get the car to stop hanging down from the very top of the loop. I left the car like that several times and each time a “demonstrator” came buy they would note it and press a hidden reset button as they mistakenly thought the program or the computer had locked up… When I realised this I told the demonstrater it was actuall working correctly and briefly demonstrated it. It turned out the demonstrator was a volunteer who was at university doing a degree in physics. So as my son was actively engaged with something else, I got chatting with the demonstrato and explained that the program “should not be fixed” as it actually demonstrated visually something quite fundemental to all including up beyond graduate level. That is it gave a visual example of Turings “Halting Proof” as well as the limits of finite resources on the ability to “know” or “predict” thus why caution should always be used with the output of simulations for “real life modeling”.
[2] The “quincunxor” from the Galton boxor quincunxor, or Galton board, is seen almost where ever simple gambling, children are alowed to loose money at, happens like “fun fairs”. The device was “thought up” or as others prefere “invented” by Sir Francis Galton. He did it to demonstrate what we now call the “Central limit theorem”. Esspecially that with sufficient sample size –number of balls– the binomial distribution, actually approximates what we now call the “normal distribution” or bell curve. Similar can be reasond by adding flat distribution probabilities such as the out come of throwing multiple dice[3].
[3] Briefly because Knuth not just explains it but gives an itterative proof you can easily look up (see “The art of Computer Programming” Vol II §3.4.1-C of his ever incompleate thus evolving Treatise on Seminumerical Algorithms).
When you throw a single dice, if it’s “fair” it’s observed distribution becomes flat the more times you throw it, as we should expect[4]. But when you add a second dice the probabilities of throwing two dice add, so with each throw of the pair, and supprisingly to many the probability distribution is nolonger flat, it becomes a triangle. Add a third dice and you add those triangles from throwing a pair up and suddenly you see the start of the normal distribution emerging in the center. Keep adding dice and “the tails” become a closser and closser match to those of the normal continuous distribution. Knowing this is actually useful in a practical sense in that if you have a “true random generator” where the outputs are truely independent and “fair”, then by simply adding N outputs you go from a flat to normal distribution with any precision you care, based only on increasing N… And importantly for arguments about that Demon, the bit width of the underlying “natural numbers” or integers you use to approximate real numbers, showing that the Demons abilities inside our finite universe are also finite, thus there will always be information the Demon “Can not know”.
[4] However the dice no matter however “fair” never actuall predictably reaches a flat distribution nor does it stay there once it gets there, it always ends up crossing back and forth “hunting” it. Thus the question arises as to the trend of the curve of such hunting, and the nature of the “noise” is it random, chotic, both or something else like complex but determanistic, and of course in this physically finite universe will we ever have sufficient knowledge to “know rather than approximate by average?”
lurker • March 18, 2023 11:52 PM
@Winter, @Clive, et al
So Laplace cautiously named his agent as a lesser deity, because only a deity could perform the supernatural feats he described of it, but at the time the relations between Church and mathematics were not so good.
Winter • March 19, 2023 4:51 AM
@lurker, Clive, modem
So Laplace cautiously named his agent as a lesser deity, because only a deity could perform the supernatural feats he described of it,
Indeed. Spinoza attributed these feats to God himself, but I understood he used “God” as a synonym for “nature”. That did not end well for Spinoza.
All questions about feasibility or precision are beside the point. It is a demon because the point is that if you know everything now, all future is determined. And a demon can know everything to infinite precision and is not bounded by space and time.
As for computability, the universe is a computer and computes its own evolution [1]. So a second computer, demon, doing the same computation is not uncomputabile.
@Clive
Free will is about choice or the same as the Roosters Egg…
That is psychology, a science that has shown quite forcefully that most, if not all, of free will is an illusion. However, without a definition,Free Will can neither be proven nor disproven.
But I also never wrote that determinism would allow the prediction of human decisions. Predicting human thoughts is a computation that almost certainly falls under the Halting Problem proof.
[1] Computational capacity of the universe, Seth Lloyd
‘https://arxiv.org/abs/quant-ph/0110141
Clive Robinson • March 19, 2023 11:27 AM
@ Winter,
Re : Roosters Egg.
“That is psychology, a science that has shown quite forcefully that most, if not all, of free will is an illusion.”
Err no it’s actually about the probability of impossible things…
Roosters being the male chicken do not lay eggs, hence the “impossability” of it being layed on an infinitely fine needle point church spire… For all to see fall, though they know not when, nor in which direction as it’s obvioulsy as impossible to know…
So if you say it is an illusion you have to say the same of the Demon and it’s capabilities “obviously impossible” and “impossible to know”.
Which takes us back to the earlier discourse on
“Cogito, ergo sum”
With regards Seth Lloyd, I have as I’ve mentioned before read his book, and it is an intriguing and in some ways a very beguiling if not seductive view. However you also have to consider the issues raised by Kurt Gödel, Alonzo Church and Alan Turing, from the early 1930’s. Specifically that no system of non trivial logic is capable of describing it’s self. Thus you would have to redfine the accepted fundemebtal underpinings and definition of “computer”. But even so the finite limitations I described can not be removed unless you could prove that the processing of information is both above and beyond, thus entirely unconstrained, by the limitations of energy/matter, forces and the speed of light that are assumed to hold sway inside our physical and finite universe. If you can prove that, then yes you would get a Nobel Prize, but more probably lynched, (under the “Adam’s postulate[1]). Because you would have kicked the foundations entirely out from under “Natural Philosophy”…
[1] From Douglas Adam’s HHGTTG (he would have been 71 on the 11th of March). The postualte is about the fate of the scientist who invented the Infinite Improbability Drive,
“Lynched by fellow scientists, when they decided the one thing they realy couldn’t stand was a smartarse.”
Winter • March 19, 2023 12:27 PM
@Clive
So if you say it is an illusion you have to say the same of the Demon and it’s capabilities “obviously impossible” and “impossible to know”.
A “demon” is not introduced into a thought experiment to indicate a gadget that can actually be built.
Trying to argue Laplace’s or Maxwell’s demons cannot be built is to totally misunderstand the arguments.
To exorcize a demon, you have to indicate where the laws of nature are broken. Maxwell’s demon was exorcized when it was shown to have a memory that absorbed the entropy that was extracted from the system. Laplace’s demon has not been exorcized yet.
If you want to argue the evolution of the universe is not deterministic (which is the point of Laplace), then tell us where the indeterminism enter the equation. What fundamental processes are non-reversible? Or, what fundamental effects have no cause?
Specifically that no system of non trivial logic is capable of describing it’s self.
Laplace’s demon describes the universe, not itself. And if the universe is a computer (see Seth Lloyd), then it can be simulated perfectly on another computer, say a demon.
lurker • March 19, 2023 1:02 PM
@Winter
“Laplace’s demon describes the universe, not itself.”
Thus the demon is not in “the universe”, giving some of us conceptual problems about its existence.
Clive Robinson • March 19, 2023 1:47 PM
@ Winter,
“If you want to argue the evolution of the universe is not deterministic (which is the point of Laplace), then tell us where the indeterminism enter the equation.”
I can not, for exactly the same reason the Demon can not exist.
There are fundemental laws of nature that stop us being able to see the universe in it’s entirety (see “time cones”) or look back beyond certain points in time.
The fundemental rules as we see them for our universe most definately make the Demon impossible. Not just as a potential reality but an idea.
We know beyond any doubt that anyone has ever bothered to raise that omnipotence and omniscience are within our universe ruled out by the laws of nature as we know them.
So,
“Laplace’s demon describes the universe, not itself.”
It is only a concept out of a man’s mind to describe his thought processes by analogy. In reality it does not make it as a postulate.
Winter • March 19, 2023 2:09 PM
@lurker
Thus the demon is not in “the universe”, giving some of us conceptual problems about its existence.
That is inherent to talking about “The Universe”. But then, “demons” are said to exist not in this Universe, but only to visit.
Winter • March 19, 2023 2:17 PM
@Clive
It is only a concept out of a man’s mind to describe his thought processes by analogy. In reality it does not make it as a postulate.
It is quite generally assumed that Laplace did not believe in the existence of demons that predicted the future based on perfect knowledge of the current universe.
So, I can only conclude that he had a different intention when he wrote about the demon that caries his name.
Maybe the following links can give some clarification?
‘https://plato.stanford.edu/entries/determinism-causal/
‘https://en.wikipedia.org/wiki/Laplace%27s_demon
modem phonemes • March 20, 2023 10:37 AM
@ Clive Robinson @ Winter @ lurker
Re: laws of physics, determinism, universe et al
The forward and backward continuability depends on the characteristics of the system of equations. The equations themselves may pose a barrier. The presence of finite time singularities e.g. as in Penrose and Hawking, is a possibility. So on its own terms laws of physics determinism is questionable.
Nobody would argue with the fact that the mathematical modeling approach to matter has proved fruitful in discovery. It’s reasonable to expect that since material nature is quantified, investigations via quantity could be helpful. It’s important to remember the models are just part of a provisional dialogue and subject to complete rewriting even as they lead to deeper experiential knowledge and questions. “Totalizing” them at any point is doomed to disappointment. Perhaps this is a reflection of our being able to only work backwards from effects to partial knowledge of causes.
JG4 • March 20, 2023 4:40 PM
Sorry for everyones losses and medical challenges. Especially the ones caused by bioaccumulation of dioxins/dibenzofurans and other toxins in fish. Think PCBs, PBDEs, and PFOS/PFAS, also known as perfluorodisaster. I will say more later.
@Dept. of Atmospheric Nuclear Fires
One puzzle piece not in evidence until now is whether ChatGPT can engage in mass fraud using an army of copies of itself. That could lead to a stunning increase in scams and worse. As well as providing funding for actuators. I thought that if AI systems don’t have actuators, there is relative safety. But they could learn very quickly to herd humans. At least the easily misled. Elon Musk may have been ahead of the curve again, probably because of his smoking habits. Hypersonics guarantee that there will not be sufficient time for a human in the loop to act, so the agency with the largest budget on the planet has been experimenting with closed-loop machine control of weapons systems. May you live in fascinating times.
We can hope that the liars, thieves and murderers at Microsoft have put some safety features into their systems. It seems that every product that they offer has security flaws, often brought about by efforts toward automation.
AI IN CONTROL AI chatbot GPT-4 caught ‘controlling human’ in ‘first terrifying example’ of the machine’s abilities
https://www.the-sun.com/tech/7659120/ai-chatbot-gpt-4-controls-human/
Charlotte Edwards, Assistant Technology and Science Editor
Published: 17:22 ET, Mar 17 2023 Updated: 17:22 ET, Mar 17 2023
NEW chatbot GPT-4 is OpenAI’s latest creation since ChatGPT and it’s already causing controversy.
The AI was able to fool a human into ticking an “I’m not a robot” checkbox for it, according to a document released by OpenAI.
…
modem phonemes • March 21, 2023 9:05 AM
P.S. Life, the universe, and the equations of everything
Looking at the equations one notices things like x, y,z, t. These are coordinates, imposed by an observer. They are not things simply present physically, but are conventions.. They are ratios of real physical quantities to conventionally chosen ”unit” physical quantities.
So the laws of physics are expressed using arbitrary non-natural quantities. This seems like a defect. Shouldn’t one expect “laws” to be able to be expressed in terms of naturally occurring quantities, free of conventions ?
“Space” and “time” are “space-time” are not fundamental. Material things and motions are fundamental. What is the intrinsic form of the quantitative relations ?
Winter • March 21, 2023 9:21 AM
@modem
So the laws of physics are expressed using arbitrary non-natural quantities.
But all our laws of physics are “observer independent”, that is, independent of the selection of vector base, scale, or units.
There are “natural units”, e.g., the Planck units [1]. But these are not very practical. Constants like the speed of light in vacuum are independent of the quantities chosen and the universe is homogeneous and isotropic, so there are no special positions or directions. These symmetries are deeply connected to preserved quantities, e.g., mass/energy and linear and angular momentum [2]. That was the point of Einstein’s Relativity Theory, both Special and General.
All together, this tells us that Physics does look the same whatever basis or units you chose to describe it. Or, from another viewpoint, there are no natural units.
[1] ‘https://en.wikipedia.org/wiki/Planck_units
[2] ‘https://en.wikipedia.org/wiki/Conservation_law
modem phonemes • March 21, 2023 10:35 AM
@ Winter
the universe is homogeneous and isotropic
This is perhaps valid locally but what can be said globally ? E.g. Eddington in The Mathematical Theory of Relativity discusses the possibility of the signature of space/time changing, e.g. two dimensional time.
Physics does look the same whatever basis or units
This is similar to the definition of a differentiable manifold as a (topological) space that is everywhere locally faithfully mappable to Euclidean space (of some dimension), i.e. coordinate patches; and for which the the transformation between local maps (where they overlap) is differentiable. Then the whole analysis is to find the intrinsic characteristics of the space expressed without reference to coordinates.
This is achieved in mathematics but has this intrinsic expression been presented on Physics ?
Winter • March 21, 2023 11:09 AM
@modem
This is perhaps valid locally but what can be said globally ?
Astronomers have looked far in space and time (~10B lightyears) and have not found any evidence that the universe is not homogeneous and isotropic. If you want non-observational evidence, do not look at physics, or science.
This is achieved in mathematics but has this intrinsic expression been presented on Physics ?
The preeminent physical theory that depends on this is General Relativity, and that has so far weathered every test thrown at it, down to recording gravitational waves from merging black holes. Again observations do not find any evidence of a non-homogeneous or non-isotropic universe.
Just throwing up questions does not help much. Especially not if you do it without looking whether they have already been answered. A God of the gaps will shrink with the gaps.
modem phonemes • March 21, 2023 12:03 PM
@ Winter
A God of the gaps will shrink with the gaps
Not sure how this is relevant. My question there was whether there is a treatment of Physics, General Relativity say, that proceeds without using coordinates for everything. In mathematics, this intrinsic approach greatly clarified and made explicit what is going on, compared to the coordinates and indices based approach of say the 19th century (Levi-Civita).
modem phonemes • March 21, 2023 12:23 PM
@ Winter All
Just throwing up questions does not help much. Especially not if you do it without looking whether they have already been answered.
Sure it does or can. Not being an expert except in a small area, one asks questions (probably foolish ones) hoping for on return a flash of insight or guidance for intuition, i.e. a “teaching:learning” moment. It doesn’t help much to just dive into the literature.
Specifically regarding homogeneity and isotropy, this just sounds totally wrong to my mathematical gut. In the small there is homogeneity perhaps, but there is nothing by nature like this. It would say the universe is just a big cancer.
So far for today’s foolishness.
Winter • March 21, 2023 12:33 PM
@modem
Not sure how this is relevant.
Your questions are always regarding places in the universe where we have not yet been able to look. Wherever we have looked, physics does work flawlessly. Speculating about possible deviations of current physics in places we are unable to look sounds a lot like those old arguments, or new ones in creationism, that God is hidden in the gaps of science.
My question there was whether there is a treatment of Physics, General Relativity say, that proceeds without using coordinates for everything.
Physics, and science in general, tries to predict/model measurements. Measurements are quantitative and hence require coordinates. Without coordinates, you quickly end up in qualitative statements which cannot distinguish between possible theories.
As the current method of science, which we can trace back to Euclid and Plato, is very successful, scientists feel little inclinations to go qualitative.
But then, scientists do not look for the Answer to the Ultimate Question of Life, the Universe, and Everything.
modem phonemes • March 21, 2023 1:18 PM
@ Winter
Wherever we have looked, physics does work flawlessly.
That’s only because the physics has been corrected, augmented, totally revised etc. to accommodate the accumulation of what we have looked at as we go along. It’s not flawless while new data and phenomena are in the process of being understood. E.g. today, M-theory or quantum loop? Or are they really the same ? Stay tuned for further episodes.
Without coordinates, you quickly end up in qualitative statements
Not so. It’s ok to start with coordinates, just as the definition of manifold starts with local patches mapped to Euclidean coordinate space. But to put the local patches together seems to at least implicitly require the intrinsic point of view.
Winter • March 21, 2023 1:55 PM
@modem
That’s only because the physics has been corrected, augmented, totally revised etc. to accommodate the accumulation of what we have looked at as we go along.
That’s called the scientific method. It gave us quantum mechanics, electricity and computers, and microbiology and antibiotics. Without it you and I would not be corresponding and probably would not even be alive.
today, M-theory or quantum loop?
Both are pure mathematics, ie, theoretical physics. Astronomers do not want to touch them. Neither theory has observations to back them. That is why they cannot decide which one to choose. There still is no credible successor of General Relativity. GR has boatloads of observational evidence to back it.
But to put the local patches together seems to at least implicitly require the intrinsic point of view.
General Relativity is doing that. If you formulate physics in Tensor mathematics, all of physics works in any manifold. Astronomers have looked how far out you can do this, and it looks you can do this as far out as you can look.
There are exiting developments around dark matter, but those behind it tell us it is too early to draw any conclusions.
modem phonemes • March 22, 2023 11:27 AM
@ Winter
General Relativity
Just a quick footnote, Robert M. Wald “General Relativity” U. Chicago Press (1984) develops the theory using modern intrinsic geometry, with a minimal use of coordinates.
Extract discussing multiple indices and coordinates versus intrinsic geometric formulation:
“ In other treatments, equation (2.3.8) often is used as the defining property of a tensor. The definition we have given here has the advantage that it generally is much easier to define a quantity as a tensor by displaying it as a multilinear map on vectors and dual vectors than it is to display it as a collection of numbers associated with a coordinate system which changes according to equation (2.3.8) when we change coordinate systems. In fact, as we shall illustrate throughout this book, it is rarely worthwhile to introduce a basis and take components of a tensor at all, let alone to worry about how these components change under a change of basis.”
Winter • March 22, 2023 12:21 PM
@modem
In fact, as we shall illustrate throughout this book, it is rarely worthwhile to introduce a basis and take components of a tensor at all, let alone to worry about how these components change under a change of basis.
This is like in Euclid’s Elements. You can do all of the proofs without any measuring om arcs or lengths. But if you want to see whether the earth is flat or a sphere, or doing surveying, you will have to measure the arcs and lengths of the sides of triangles.
Likewise, you can do most, if not all, of GR without actually filling in the numbers for the tensors. But if you want to actually see what happens, e.g., when calculating the slowing down of pulsars, spinning neutron stars, you will have to measure masses, times, and distances.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Clive Robinson • March 10, 2023 7:22 PM
@ vas pup, ALL,
Re : Hypersonic flight.
As with all things it’s more complicated than that[1].
One issue is anti-misiles have to fly faster than the missiles they are targeting by several times.
This has issues, one of which is lack of manoverability due to lack of structural strength. This means the slower flying hypersonic missile has the considerable advantage of a tighter turning circle than the anti-weapon. So flying in a hypersonic missile on a random path profile makes it difficult to lockon to and destroy.
What a lot of people don’t realise is that plasma build up just like a space craft on reentry, causes a radio-blackout for the hypersonic missile therefore it can not use radar or radio to know where it’s target is.
Whilst this is not much of an issue when attacking land based fixed and hardened targets, it makes a significant difference if the target is mobile at 50kph or more.
The “flare” from the plasma does not need to be seen by radar it has a fairly easily identifiable emission spectrum visable in space. So it can be detected relatively easily thus mobile vehicles can just “scatter” as a first order defence mechanism. Even relatively slow moving ships can get out of the way if the missile has a conventional munitions payload.
We are aware that China has thought on this issue, and their aircraft launched hypersonic missiles have been designed for nuclear warheads as they are used as long range “stand-off” weapons.
Hence we know both the US and Chinese have researched into laser anti-weapons for ship defence, that have already been deployed. Such laser weapons can also be used offensively and they have been observed “lighting up the sky” in the South China Sea.
Thus new “tactics” are going to need to be developed for these new weapons and I suspect Russia will be at best a long way behind not just China and the US, but other Western nations such as France and UK both of whom see them as next generation lucrative arms exports as do their “partners”.
[1] Have a look at the first such design of hypersonic missile, cslled “Pluto” designed in the 1960’s by the US and scrapped for various reasons (not just becsuse it was an unshielded nuclear reactor pumping out organic killing neutron radiation).
If you remember back a few years ago Russia tried to develop it’s own Pluto and one of the early flights went badly wrong and radiation levels all over Europe went up so we had a good idea of what Russia was upto without needing any “secret intelligence”.