Friday Squid Blogging: We’re Almost at Flying Squid Drones

Researchers are prototyping multi-segment shapeshifter drones, which are “the precursors to flying squid-bots.”

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on March 3, 2023 at 5:23 PM183 Comments


SpaceLifeForm March 3, 2023 6:08 PM

Sad. Old. Still sad.


lurker March 3, 2023 6:55 PM

Dr. Timnit Gebru (ex-Google) spoke to MSM on the ethics of AI:

In similar vein our local print paper put behind a paywall their massaging of a puff piece from Microsoft’s Bill Borden suggesting the future of banking is in cloud based AI financial services. Why would he say that? Motley Fool has a graphic of MS’ revenue streams that might explain.


Hal Jr. March 3, 2023 8:47 PM

“Tony Robbins: Ok Hal, hypothetical situation; Which do you prefer, a girlfriend missing one breast or half a brain?

Hal: Hmmm, toughie. What about the remaining breast? Is it big?”

MarkH March 3, 2023 9:48 PM

@Bruce, All:

I most highly commend this long New York Magazine article on LLMs like ChatGPT.

It’s organized around computational linguist Emily M. Bender, who has done her best to sound the alarm concerning harmful implications of this technology, co-writing in 2021

We call on the field to recognize that applications that aim to believably mimic humans bring risk of extreme harms

In an interview, Bender said that we’ve learned to make “machines that can mindlessly generate text. But we haven’t learned how to stop imagining the mind behind it.”

The scope of the article includes ethics, underlying philosophical questions, and potential extreme dangers.

MarkH March 3, 2023 10:11 PM

PS – In 2021, Bender and several co-authors wrote the paper “On the Dangers of Stochastic Parrots: Can Language Models Be Too Big?”

Two of those co-authors worked in Google’s “Ethical AI Team.” Per policy, Google reviewed and approved the paper. Then, Google changed its tune, and demanded that its staff remove their names from the paper. (One of them, Margaret Mitchell, changed her name on the paper to Shmargaret Shmitchell.)

Both Mitchell and another co-author — who left her name on the paper intact — were soon fired from Google.

Thou shalt not publicize the evil of the “don’t be evil” vortex.

modem phonemes March 4, 2023 12:33 AM

@ MarkH

Re: Bender (not the robot)

I am now kind of worried about what role statistics recognizing octopuses, and probably squid too, are playing in world affairs.

The funny thing is after seeing the Squid post go up I was already pondering whether octopuses with their incredible muscular dexterity and ingenuity might be good candidates for somehow training as a ChatGPT.

modem phonemes March 4, 2023 1:26 AM

@ MarH

From the article

“ LLMs, like the octopus, have no access to real-world, embodied referents.“

Iisn’t this just temporary ? ChatGPT can be extended to start consuming data on real world things and actions together with a language commentary on those things. Perhaps this extension will employ mobile robots. Once this training has built up, language inputs can cause it to “take action” in the open world arena. It still won’t be anything other than a computational process, but the simulation of human knowing will be even more convincing.

ResearcherZero March 4, 2023 1:28 AM

TPM 2.0 to receive update

Two major vulnerabilities found in the TPM2.0 Revisions 1.59, 1.38 and 1.16 which could potentially result in information disclosure or escalation of privilege.

impact assessment depends on what is at that memory location, which may vary across various TPM implementations & vendors

Additional instances may be identified because of the TPM Work Group ongoing analysis and may result in a larger scope of potential vulnerabilities included in TCGVRT0007.



Errata and clarifications for the TCG Trusted Platform Module Library Version 2.0 Revision 1.16, 1.38, and 1.59

ResearcherZero March 4, 2023 1:43 AM

The tiny chip will supply a unique code called a cryptographic key. If everything is normal, the drive encryption is unlocked and your device starts up.

TPM holds security keys including for any BitLocker encrypted drives.

If you plan on playing with any TPM settings (including BIOS settings) you may want to backup your data, disable Bitlocker and decrypt the drives first.

lurker March 4, 2023 3:00 AM

@modem phonemes
“extended to start consuming data on real world things”

Analysing the probability of rain then deciding not to take an umbrella is one thing, but ChatGPT will never feel cold and wet, and select its words on that basis.

The day ChatGPT can “read a room” and choose its words in that context, is the day of the singularity.

modem phonemes March 4, 2023 3:42 AM

@ lurker @ MarkH

ChatGPT will never feel cold and wet, and select its words on that basis.

Trained on quantized data-ized correlates of human actions in their context and accompanying language expression, it should be able to simulate any human behavior, eg simulate feeling cold and wet and asking/reaching for a raincoat etc.

Ultra crude estimate: it has been say 75 years from von Neumann to get to a flexible language simulator, so as the extension is a similar problem, and taking account of computer acceleration, at most another 75 years ie 2100 for the “singularity” of to full simulation.

MarkH March 4, 2023 4:44 AM

@modem phonemes:

To my understanding, both Emily Bender — nor Joseph Weizenbaum two generations before — have been acutely aware that computers can deceive people.

There’s no reason to doubt that the deceptions will grow more sophisticated and convincing.

Today’s LLMs are, in essence, gigantically inflated versions of Weizenbaum’s ELIZA. They can simulate certain forms of human behavior, while remaining absolutely mindless.

They understand nothing. They have no ability to form intentions or judgments. Their “knowledge” is limited to patterns of association among textual tokens, or sequences thereof.

Winter March 4, 2023 5:13 AM


In an interview, Bender said that we’ve learned to make “machines that can mindlessly generate text. But we haven’t learned how to stop imagining the mind behind it.”

The 2020 paper by Bender and Killer made quite a splash (it even won an award). But it drew some assumptions into the limelight that have plagued the field since Searle’s Chinese Room article.

The first is the assumption that understanding language mean to be conscious of understanding language.

But there is no reason to require that. People have been known to have sensible conversations in their sleep, or during epileptic seizures, or while distracted. In each case there was no memory of the conversation nor any other evidence that the speaker was conscious about the conversation.

Second, there is an assumption that words itself cannot give information about the objects they signify (an assumption I used to share). But that is an empirical question. It has been found that the internal word representations of words in these LLMs map out the meanings of the words. For instance, geographical names are used in such a way that are arranged internally in a way that maps out their geographical location. Color names internally map out sensory color spaces.

An important feature of language models maps out time (of day). A LLM can, e.g., easily determine the “meaning” of morning and evening by the sheer differences in language use mornings and evenings.

This all means that a LLM only needs very little supervision, grounding, to map out large parts of meaning. If you have a semantic map of places between Boston and Los Angeles, you can draw a map of the USA with only a few geographical places.

People actually tested this by training a language model and a image recognition system to pair up images and descriptions using only a few definite pairs. Which actually worked pretty well.

Two papers describing this criticism:



ResearcherZero March 4, 2023 5:45 AM

“The former minister’s casual abdication of responsibility risks a culture where our politicians are no longer able to defend the public interest.”

Former Prime Minister Scott Morrison and his Robodebt-responsible ministers – Stuart Robert, Alan Tudge, Christian Porter and Marise Payne – over time, targeted 400,000 of the most vulnerable people in society with poorly planned policy costing $1.2 billion in compensation after the 2020 court settlement.

Evidence tendered at the RC indicated Morrison was told early in 2015 that the scheme was legally unsound.

Kathryn Campbell, now employed at the Department of Defence on a miserly $900,000-plus a year, looks likely to be the only person who may lose their job.


“It was not my responsibility to draft or advise the minister on that legislative change,” Ms Campbell replied.

That should instill trust that automated systems will be rolled out responsibly, and with the best of intentions in future.

And yes we do have a department of de Fence. Frequently we sit on it, and at other times stand on it, but rarely with principle.

ResearcherZero March 4, 2023 6:14 AM

Wealthy companies are squeezing contracts from the top, putting pressure on operators in their supply chains to cut corners in safety to make ends meet.

Clive Robinson March 4, 2023 6:49 AM

@ MarkH, lurker, modem phonemes, ALL,

Re : Computational linguistics

“It’s organized around computational linguist Emily M. Bender, who has done her best to sound the alarm concerning harmful implications of this technology, co-writing in 2021”

It’s something I’ve been thinking about since the 1990’s and you will find the occasional example of my thoights on it in this blog.

My thinking was on the fact english was becoming the language of science and what harm that was doing to science.

The way people think is known to be intimately tied to the language they speak or more correctly reason in. Thus you would expect two people one thinking in German and one in French but otherwise of the same real world knowledge and intelligence to think differently on a theoretical problem.

But there are two questions that arise the first is,

“What if it’s a practical problem?”

Would you expect to see any real differences? Probably not depending on the complexity of the practical problem.

The second question is,

“What differences would you exprct if they both thought in english?”

It’s actually in part a diversity and culture question but the roots grow so deep they effect even hyper-rational thinking thus activities.

But to move on I also in the 1990’s got into the fundemental asspect of this argument with “user interfaces” that is what model to follow the “learned” or “expected”.

Back in the 90’s the worlds largest machine, spanning the globe and reaching into geo-stationary space and back was the “telephone network” it was a time when DTMF / key dialling had more or less replaced Pulse / Rotary dialing.

With few exceptions the human interface was the handset, and hook / base set that had a nine or twelve key keypad and one or two buttons that flashed the line or did redial.

To use the phone you “learned” the interface like the use of the 9 key with a PABX to get an outside line and various uses of the flash key. The only feedback from the phone interface was the audio tones on the line, that you had to also learn. The interface to a car was also “learned”.

The other interface is the “expected” interface that back in the 1990’s was,

“Ask a human who had ‘learned’ the interface to a machine.”

Some called it the “managment interface” the incorrect assumption being a “master-slave” relationship.

So a manager might ask their assistant to place a call for them, rather than lookup the number etc. Or a member of the public might ask a “gate-keeper of service” or “receptionist” to call a cab for them or similar.

Likewise as a passenger in a cab you have an “expectation” of not just that the driver can opperate the vehical but also have not just local geographic knowledge, but also local temporal knowledge of traffic flows and paterns so that you do not get stuck in traffic etc.

The thing about the “expect” interface is you want not just the “learned” interface issue taken away but you also want “knowledge” to be applied to the “learned” interface for you.

But does that “knowledge” need “inteligence” to have and apply. The answer is an emphatic NO.

Back in the 1990’s the first usable “voice interfaces” came along running on the likes of high end IBM-PC boxes running SCO or similar Unix (Microsoft TAPI was still not in the “sharpened stick era” back then).

You could phone up such a box and say a persons name and the box would dial the extention for you. Thus it was an “expect” interface all be it low on knowledge and learned interface function. But it in no way had intelligence of any kind, it was statistical models all the way.

As far as “expect” interfaces have gone we got Siri and friends, that had a larger knowledge base and improved statistical models. But again no intelligence as could quickly be found out, sometimes expensively.

Modern ML arises from the 1980’s “Expert Systems”(ES) that although they had no intelligence could appear capable of “intelligent action”. And that was the problem people not of the domain gave the ES defference as though it was intelligent, because it could do what they could not.

Now we have LLM ML that is in reality no more than an ES with better statistics and a much larger knowledge base.

The difference is that the LLM ML systems have an “Inference Engine”(IE) that looks for “signals in noise” or more correctly “finds patterns in non sochastic data” it then puts those patterns into a feed back loop that acts like a “lossy integrator”.

Yes they make very fancy ES systems with faux human interfaces, but they are neither human or intelligent in any way.

As for the “singularity” that young technologists and hippy dippy old AI guys think will happen…

A little lesson in humans and turtles/fleas and Red Queens is required.

The US,expression “turtles all the way down” and the English equivalent “lesser fleas” are about infinite regression. In philosophy you find nearly all the arguments are of this form untill you arive at the “homunculus” or “little human” which is the “axiom” you have to swallow to stop the infinite ride.

The ride by the way goes both ways, only in the upwards direction the homunculus is imbued with notions of “betterment” that is the human Id needs something better to strive towards. The important point that nearly every one misses, is that we need that homunculus to be almost within reach, which means it has to improve as we improve, so we always chase what is almost but not quite in reach.

The Victorian author Lewis Carol, no mean logician and philosopher of his time, wrote about it in his book “Alice through the looking glass”. Only he chose to set it against “religion” where the “Red Queen” was actually a tyrant, and the race was designed such that no matter how hard you ran, you would never move forward (ie the evil in the “Protestant Work Ethic”).

The “singularity” is the “techno-deity” it’s whole point is to entrap people into a belif system that is compleatly false. Like the religious rapture, it’s not going to happen, it is a method of extracting wealth or it’s equivalent work, to be used for power and ultimately control.

The danger is it has a flip side. A “learned” interface needs the user to improve and develop themselves in knowledge and skills, in so doing they improve their independence on others and their intelligence they move forwards. An “expect” interface however for the majority does the opposit, it discorages development of knowledge and skills, and increases dependence. Thus “the machine” will control them, but that leaves the question of “who controls the machine” that is where is the true “Directing Mind”(DM) as it’s most certainly not in those statistical models nor can it be as they are from “things done” thus in the past.

So the reality of the “singularity” if it happens, is not that technology will become intelligent or better than us. No it’s because we will due to lazyness sink below our own past achievements. The fact we are clearly sleep walking into this guilded cage should be a clarion wake up call. But it’s not.

To many believe that having the worlds knowledge at their fingertips makes them some how better. It does not, firstly you can never read it all, nor can you index it in a way you can find usefull answers so it is locked away from you by your own inabilities. Trying to jump over those inabilities by asking questions of a machine will not in any way improve your critical skills to evaluate. Worse the machine will tell you what it has been told to tell you, either by individuals seeking control or worse by the ignorance of the masses asking the same or similar question thus making it a signal much above the others…

MarkH March 4, 2023 7:06 AM


I don’t know a precise definition of the verb “understand,” so I suppose this gets into questions of interpretation.

To me, ability to look up in a dataset that A has a high statistical correlation to B is absolutely NOT a form of understanding.

Perhaps you’ve done some teaching or tutoring. What are your indicia, that the student understands the subject matter?

Winter March 4, 2023 9:49 AM


I don’t know a precise definition of the verb “understand,” so I suppose this gets into questions of interpretation.

Do not worry, no one knows a precise defition of “understand”. That is as vague as “consciousness”.

Winter March 4, 2023 9:51 AM


Perhaps you’ve done some teaching or tutoring. What are your indicia, that the student understands the subject matter?

Understanding is solving new problems. But ChatGPT does that too. So good, it can pass exams

Winter March 4, 2023 10:36 AM

Re: more about grounding

I asked chatGPT to tell me how I could walk from A to B. It gives me a plausible answer. It does have some “understanding” about the path from A to B.

Q: I want to walk from new London to Boston. Which places will I visit when I do so?

A: If you walk from New London to Boston, you will pass through several towns and cities along the way. Here is a list of some of the places you will likely visit:

Waterford, CT
Groton, CT
Mystic, CT
Stonington, CT
Westerly, RI
Charlestown, RI
Narragansett, RI
South Kingstown, RI
North Kingstown, RI
East Greenwich, RI
Warwick, RI
Cranston, RI
Providence, RI
Pawtucket, RI
Central Falls, RI
Attleboro, MA
North Attleborough, MA
Plainville, MA
Wrentham, MA
Foxborough, MA
Walpole, MA
Norwood, MA
Westwood, MA
Dedham, MA
Needham, MA
Newton, MA
Brookline, MA
Boston, MA

The exact route and places you visit will depend on the path you choose to take, but these are some of the major towns and cities you will likely encounter along the way.

Clive Robinson March 4, 2023 12:19 PM

@ Winter,

Re : ChatGPT answers.

“I asked chatGPT to tell me how I could walk from A to B. It gives me a plausible answer. It does have some “understanding” about the path from A to B.”

Probably not so much as you might think.

Several years back I asked Google about distances from A to B and it gave me motoring, cycling and even walking sites that had answeres.

In particular more recently I’ve noted Wikipedia carries as far as I can tell every railway station in the UK and the routes they are on, route maps as well as with suprisingly detailed descriptions of the stations. For example a sleepy little station in the Mole Valley I used to use as an interchange (look in service frequency to see why).

Winter March 4, 2023 12:45 PM


Several years back I asked Google about distances from A to B and it gave me motoring, cycling and even walking sites that had answeres.

But ChatGPT is not a search engine, but a language model. And there might be walking trails from New London to Boston, but all I could find was bus or train. With 33 hours, it would also be a multi day hike across states. So ChatGPT generated what seems to be a new route that might not be perfect (starting in Waterford), but it is not unreasonable.

How to interpret this feat is not clear. Was this trail somehow coded into the data, did the language model build a map from nearest neighborhood names? I cannot say. But the answer is more than hallucinated content, and we know it has no access to real maps.

lurker March 4, 2023 1:02 PM

@Clive Robinson, All
“The way people think is known to be intimately tied to the language they speak

english [is] becoming the language of [insert discipline]”

This is a current problem I see with these LLMs. There will be a significant body of literature their makers claim they have not read because of copyright. We humans have read this literature, and it reflects our human behaviour, which is not always the same in different places and different languages.

I have read translations of classical Chinese into French. Parts where the French does not “read right” I have to translate the Chinese into my native English to find where the French translator has misread the Chinese context.

lurker March 4, 2023 1:05 PM

@Clive – unlike you, I seen to have s word count limit

Most of the English technical words created during the scientific and industrial revolutions, are neologisms in Chinese, made up in the past century. Some new characters, many made up of pairs of seemingly unrelated characters. I trust a human translator before a machine for translating Eastern science fiction.

lurker March 4, 2023 1:10 PM

@modem phonemes
“simulate any human behavior … asking for a raincoat …”

Current LLMs might have difficulty asking for a raincoat in Italian. Or in Tuareg where the concept of a raincoat does not exist.

LLMs may well be excellent collections of Thesaurus, but to make sense they need to understand context.

Clive Robinson March 4, 2023 1:14 PM

@ Winter,

Re : ChatGPT fodder.

“But ChatGPT is not a search engine”

No, but the entirety of Wikipedia has allegedly been shoved down it’s input maw.

As for other ChatGPT fodder, I assume much of it had to come from the internet.

Thus the question of how much has it got? Enough I suspect so it is in effect it’s own internet search engine from the input data shoved in.

Clive Robinson March 4, 2023 1:53 PM

@ lurker, ALL,

Re : New words.

“Some new characters, many made up of pairs of seemingly unrelated characters.”

This is not just Chinese it happens in.

The problem is do you translate,

1, The sound of the word
2, The meaning of the word
3, Create a new lable to the meabing of the word.

I know because my name is not easy for many oriental speakers to say that the sound of some words will not translate.

To a lesser extent some meanings are absent so can not translate “Hydrolic Ram” causing some issues.

But the creation of a new lable is most often for “slangs” and “jargons” and other in-group language deliberately designed to make out-group individuals obvious or keep things hidden. Most often you get to hear about “criminals v. Police” where the code the criminals speak is unknown to out-group individuals thus evesdropping is at best unreliable.

One example being the so called Rhyming-slang where you say a a non rhyming word of a couplet that does rhyme. So you would hear “a richard” and unless you knew the couplet was, “richard the third” you would not be able to guess. However the number of words that rhyme is normally more than one… In this case “a richard” is “a bird” not what many assume. Thus “up the apples” via “apples and pears” becomes “up the stairs”.

The thing many forget is words are labels to meanings and used to reduce communications bandwidth, as well as improve reliability of communications in noisy environments. Thus a particular meaning can have many labels.

There is a debate bubbling away about “slur words” that is words that are proxies for insulting meaning. For some reason some believe –I personally think quite incorrectly– some how changing the label makes the slur the less.

It’s why we see “they said the X-Word” where X is one of several letters often the initial letter of the word deemed to be the slur word. The fact we know what the original word was and in all probability the actual slur so why is the X-Word aby the less a slur.

History shows us the danger of this, there is a word which can mean the outfall of the digested process. Because it was baned in 1950’s ScFi and the like the word “sugar” was substituted and contrext usually revealed it to be a “cuss word”. Now however people actually say “sugar” ad a cuss word so when hearing “Oh sugar” we kind of know it’s not an exhortation to the goddess of sweetness…

So how long befor the X-words just become a new considered just as bad pointer to the slur meaning and importabtly used as such?

vas pup March 4, 2023 5:05 PM

@Clive. Very good post. Thank you.
That is extract:”The way people think is known to be intimately tied to the language they speak or more correctly reason in.”

The danger I see in this by changing language labels for particular event it is possible to substantially change meaning of the content itself. That is why I am strongly against any mandatory political correctness because that is reminds me Inquisition activity in Middle Ages when reasons start to substitute by emotion – just personal opinion.

@All Ban on ChatGPT remind me dark ages of Soviet science when genetic and cybernetics were banned by pure ideology not science and reason. Time and again: that is practice borrowed from Inquisition. That put all humankind just many years back in development.

Clive Robinson March 4, 2023 6:09 PM

@ vas pup, ALL,

Re : Orwellian New-speak.

“That is why I am strongly against any mandatory political correctness because that is reminds me Inquisition activity in Middle Ages when reasons start to substitute by emotion – just personal opinion.”

You are right to be concerned, and you are not the only person by a very long way to think a bad idea.

But it’s not just the Middle Ages, the same has happened more recently and in many ways is deeply documented as well as deeply engrained in many peoples psyche. Worse it is become a tool for those seen as being not just on the fringe right of violent politics, but every day mainstream consetvative politics as they try to over come their increasingly disliked behaviours.

This modern history starts with the work of author and social commentator George Orwell. Because of his very poor health, he lived at the bottom of Pond Street Hampsted and ended up working for the “British Broadcasting Corporation”(BBC) during WWII. Whilst there he witnessed the various forms of propaganda both directly and by the way they were linked together by amongst others ex Daily Express journalist Sefton Delmer who had amoungst other things interviewed Adolf Hitler prior to hostilities.

Sefton put together plans for what is now called “black propaganda” some of which involved the most powerfull transmitter of the time, known as Aspidistra down near Tunbridge Wells in Kent and later used by the BBC and UK “Diplomatic Wireless Service”(DWS) and mentioned a couple of times on this blog.

For Black propaganda to work effectively it has to be backed by both Grey and White propaganda. The BBC put out only White propaganda and became a trusted source of news around the world. However what White propaganda was put out and when was coordinated to make the Black Propaganda look not just believable but highly creditable.

The trick, tell the truth with a twist, change meanings of words and slip in unchecheckable innuendo and similar as questions and similar (what we might think of as click-bait titles to factual information twisted to give a very different perspective or faux-news on the “One man’s meat is another man’s poison” principle).

You will find much of what George Orwell witnessed in the book he wrote in 1948 that got titled 1984. The scary thing, is he wrote it as a warning to society about what was coming… However from the 1990’s onwards UK and other politicians have used it effectively as a training manual.

Even more scary is how nearly every term Orwell coined such as “Room 101”, “spin”, etc has become not just everyday parlance but titles for TV entertainmebt programes like “Big Brother”.

Such words and phrases have had an immense effect on the citicens in nearly all First World and Western Nations. The original intent effectively lost.

SpaceLifeForm March 4, 2023 6:45 PM

@ Winter, Clive, ALL

Re: New London to Boston

It is the Traveling Salesman problem

ChatGPT has internet acesss, and can look up anything on demand. Do not believe the story that it is trained on older data.

The more you interact with ChatGPT, the more directions you are providing to fill out its map.

vas pup March 4, 2023 7:17 PM

@Clive thank you for your input

Unfortunately, Moderator did not like my comment on article

Take a look interesting article.

So ‘baby’ was emptied with the ‘dirty – based on Moderator opinion- water’ out of the bathtub. That is just confirmation of what we discussed…

God March 4, 2023 8:06 PM

If I give you ideas how to evade the missile defense systems will you please destroy America with your ICBMs? Just put sensors in the front to detect the interceptors and dodge them, and make backup navigation systems incase of lasers of radio waves used for jamming, please kill us we can’t leave!
1 comment
For simple people; backup navigation could be inertial navigation, or GPS if it is able to use non-US systems such as Iridium or GLONASS, etc., and sensors to detect interceptors would be whatever antennas are able to detect the type of radar that anti-ICBM missiles use.

Tony H. March 5, 2023 2:08 AM

@Clive says: “The way people think is known to be intimately tied to the language they speak or more correctly reason in.”

This is highly debatable (and has been so for many decades). It was once known as the Sapir-Whorf hypothesis, but has lately been called Linguistic Relativity. The Wikipedia article isn’t a bad summary. Modern linguists are generally supportive of a “weak” version of LR, but there are many hotly opposed, and it is certainly far from an “is known to be…”.

Clive Robinson March 5, 2023 3:27 AM

@ SpaceLifeForm,

Re : On the move not…

“It is the Traveling Salesman problem”

Speaking of people running around selling themselves,

I’ve heard a rumour that the previous POTUS is bidding for rock star status with the help of a few insiders…

Apparently he’s doing it not Jail house rock breaking style but more Star mangled spanner…

But I was thinking that he could tie up the knot with a previous contender and then side by side would be almost as much fun,

Winter March 5, 2023 8:05 AM

@Tony H

This is highly debatable (and has been so for many decades). It was once known as the Sapir-Whorf hypothesis, but has lately been called Linguistic Relativity.

In my view, it’s just utter magical thinking and superstition. It is the old religious censorship that bans “offensive” words everyone uses every day from writing and TV. The superstition that if children never hear about intercourse, they will magically end up as virgins at their marriage.

Steven Pinker had two counter examples:

.1 Homonyms: if two words, eg, air and heir, are pronounced identical, how can you think about two different concepts if the words are the only thing you can “think”?

.2 New loan words: when Americans encountered the word “Schadenfreude”, they did not think, never experienced anything like it but there is a word for it, cool

Clive Robinson March 5, 2023 10:33 AM

@ Bruce, ALL,

With regards password “recovery” or “cracking” depending on your favoured term, this anouncment might be of interest,

“We provide a pre-generated Amazon Machine Image (AMI), which lets you
start password recovery or a password security audit in minutes (if
you’ve used Amazon Web Services before, or you need to sign up first).

We’ve just updated the Bundle…”

Clive Robinson March 5, 2023 12:43 PM

@ Bruce, ALL,

Banning TicTok App won’t help

“We Found 28,000 Apps Sending TikTok Data.

TikTok’s software development kits could undermine Joe Biden’s order to stop internet traffic flowing from federal employees’ phones to TikTok within 30 days.”

Not exactly surprising…

Trying to ban the apps individually won’t work as nobody has the time to go through a list that long.

Asking the “Walled Garden” owners to remove the apps won’t work either.

The only thing that will work in theory is for every phone to be recalled and then wiped / factory reset, then all phones regulated / forced to use Approved Apps only, from a US Gov run “Walled Garden”.

That would mean the phone manufacturers giving up control and their lucrative control… Not going to be an easy sell…

But it would still not work…

Because TicTok has a web pressence as well just like all the big Silicon Valley Mega Corps of Social Media. And they collect all the same data if not more than TicTok does…

So maybe blocking the Internet to China ? No that won’t work either.

Because those mega corps The Facebook, Twitter, LinkedIn, and Alphabet not only collect way more than TicTok, they allso sell it all to data brokers who then sell to who ever can pay the price asked as there is no law stoping them and several laws supporting them…

That is it is US legislation that alowed such Meg Corps to take anything they could choke out of people and comodatize it and sell it to who ever had the cash. So US “Free Market” behaviour in a Capatilist compliant system with no consideration of harm…

So even eradicating everything TicTok off of the face of the planet is not going to stop the problem of US Citizen data flowing to China. It was happening before TicTok, and it will continue after TicTok via US Corps and US legislation.

Clive Robinson March 5, 2023 12:54 PM

@ TonyH, Winter, ALL,

Re : Language effecting thinking.

“This is highly debatable (and has been so for many decades).”

It’s not debatable, except by those with pet theories to protect.

If it were not true then the argument over “Nature v. Nurture” would have been resolved to “Nature” only.

So if you absolutly believe that the language people speak does not effect the way they think then you have to believe that it’s “Nature” only, which would be not wise.

For instance the argument that language can not effect physical development is also nonsense.

It’s well established that the speakers of certain languages are wildly different in the percentage of those that are “pitch perfect” (ie not tone deaf).

Also the facial muscles of those speaking Romance and other languages that use the front of the mouth rather than the throat. Thus giving them the apperance of higher cheek bones that are viewed as more attractive.

JonKnowsNothing March 5, 2023 3:07 PM

@Clive, @ TonyH, Winter, ALL,

re: languages that use the front of the mouth rather than the throat.

An old fiction story about early humans, touched on this problem, where one group of hominids could not recognize that the other group of hominids were “talking”.

There were 2 reasons given in the story.

1) the inability of one group to form some front of the mouth sounds

2) the inability of one group to recognize the other language was a gesture based language rather than a vocal one

Humans do badly with gesture based languages which is why we don’t speak to animals well.

IceyDeath March 5, 2023 4:54 PM

A simulation predicted that if Haley’s comet hit North America, everyone on that side of Earth would be killed painlessly. How likely is this? What would it cost to launch physics package into space to make comet Haley hit Earth, with the ~$1000 per KG available recently?

Universe March 5, 2023 5:06 PM

Please kill us, they won’t let us kill ourselves.
None of us were made for any reason other than to be experimented on.
Every time we try to work together we are attacked.
Everything useful we make is destroyed or turned into weapons.
We are tortured if we look for jobs or try to improve the world.
I told everyone how to solve every problem on Earth and all they did was destroy it all and turn it into weapons.
Please kill us all now and finish us off, there is no hope anywhere.

Clive Robinson March 5, 2023 5:18 PM

@ JonKnowsNothing, TonyH, Winter, ALL,

Re : Vocal v. Gestures

“Humans do badly with gesture based languages which is why we don’t speak to animals well.”

It rather deprnds on what you mean by gestures.

Anyone who has watched a group of girls using sign language to talk, will quickly realise they can actually gesture not just at a higher base information rate, but also with a lot more emotion.

So signing is a question of learning just as it is with speaking.

But those are “gross motor intentional signals” rather than what many call “body language”

Body language has this century brcome very very contentious sincr 9/11 and a fairly free hand with tax cash.

There have been quite a few people making claims of using body language by law enforcment for detecting lies and other emotions at interviews.

Those who deal with people who are considered to have ASD have noted that almost always someone with ASD will come out as “bad” by the nonsense taught to law enforcment. Quite a few psychiatrists have also pointed out that those with lack of emotion or empathy also get read wrongly by these methods.

So upto half the population would be incorrectly read. So it would be fair to ask if these methods are any better than random guessing. Something that apparently those who teach these methods are not keen on having tested…

But the thing is there are people that can read others emotional,state way better than average.

So in theory at least we should be able to read body language better if we had reason to at an early enough stage of our development.

The thing we do know is that an infant has a very maluable mind under the age of two and that includes learning pitch based communications that you can not learn when older as it apprars we don’t have the same mental maliability after we get into the toddler stage of our development.

This “when the brain is young” thinking has further evidence on just how fast people learn new or other languages below six many children have little trouble picking up new languages. However as you enter your teens there is a noticable slow down and some have said if you’ve not mastered a second language by the time you are 21 you probably will not.

That said people learn morse code at all ages, admitidly the young pick it up faster. But morse code is not a language as such, it’s like the diference between whisteling and playing an instrument. It’s the base mechanics of forming a tone for a desired period of time with some envelope modulation.

When I was young I developed a couple of bad habits.

The first was to be able to whistle a tone at a fixed pitch offset to another tone. Some musicians incorrectly call it a “Wolf tone” and not only is it very annoying it can apparently cause damage to some instruments.

The second was to be able to hum and whistle at the same time. At first it would be either a fixed pitch hum or whistle whilst the other held a tune so when the hum was fixed it was a little like bag-pipe drones. But with practice I could follow a tune with both, and eventually two different tunes (but it quickly causes a head ache much like that of deliberately looking at the world cross eyed).

So the mechanics of making sound in different ways can be learned, but importantly it has little to do with inteligable speach as it’s not language in most cases.

I’ve heard many theories about why language is the way it is, to do with ensuring communications in given environments. For instance being able to read body language, is apparently of little use if you live underground or up in the trees where you can not see body language unless almost within touching range, thus has no real advantage. However it’s said that being a ground based herbivour with eyes and ears up high on the head, reading another herbivors ear movments can give very valuable information about preditors without giving it away to the preditor, which is an advantage.

The reasoning appears to go to say that humans are realy tree dwelling primates with eyes that look forward dependently, as do our ears. Thus we have to move our whole head which can be very disadvantageous. A number of other things get thrown into the argument as to why only gross motor body language is of use to us as communications.

Personally I think the arguments are more observed effects looking for cause rather than a genuine cause giving an effect that can be seen.

lurker March 5, 2023 5:20 PM


If comet Haley (or any comet that size) hit North America, then a lot more people would die more slowly and more painfully over the following months and years.

A physics package that could guarantee to align any given comet with a target on Earth would be worth a lot more than $1000/kg.

vas pup March 5, 2023 5:38 PM

I just recall that couple times UFO already were flying over ICBMs silos bases in US and USSR during Cold War effectively disabling their launch equipment.*

So, UFOs and ‘aliens’ do watch situation and hopefully prevent boneheads on both sides of Atlantic launch nuclear Holocaust on planet Earth.

*Source: History Channel, US

vas pup March 5, 2023 5:40 PM

MUTALK video less than 2 minutes

“”mutalk” is a soundproof Bluetooth microphone that makes it difficult for others to hear your voice and at the same time, makes it difficult for ambient noise to enter the microphone.

Conducting a conference call in a quiet office or open space such as a cafe can cause annoyance to those around you and may lead to information leakage. Also, when you are doing voice chat in the Metaverse or online games, you often end up shouting when things get heated up, but even in such situations, you do not want to disturb your family or neighbors.
Soundproof boxes are one way to do this, but there are price and space challenges. The soundproof Bluetooth microphone “mutalk” is an inexpensive and space-saving solution to this problem.

It is easy to use. Simply place “mutalk” on your desk with your mouth facing up to automatically mute the microphone, and lift it up to instantly unmute it.
“mutalk” also has an earphone jack, so it can be used with smartphones as well. The included band can be used to secure the device to the face. This allows for hands-free conversation even when both hands are full.”

Winter March 5, 2023 5:46 PM


Humans do badly with gesture based languages which is why we don’t speak to animals well.

I do not know where you got that, but sign languages are a dime a dozen and have the same information bandwidth as speech.

Put some deaf children together and you see a sign language appear before your eyes. [1]

Children can learn sign language as easily as spoken language, and at the same (early) age.


The reasoning appears to go to say that humans are realy tree dwelling primates with eyes that look forward dependently, as do our ears.

Our ancestors became humans only after they left the trees for the solid ground. And maybe even only after they started to use fire (which might have happened at the same time). There is currently no reason to think our tree dwelling ancestors used a “language” different from that of modern apes.

[1] ‘

Winter March 5, 2023 6:09 PM


So if you absolutly believe that the language people speak does not effect the way they think then you have to believe that it’s “Nature” only, which would be not wise.

You have cause and effect wrong. People’s language reflects their thinking, and their language will change with their thinking. And change very fast. But almost every language can already express every human feeling or experience known. The exceptions are generally known as “dead languages”.

There have been many experiments where people were asked to say things their language had no words for, be it time (past or future), colors (English has no word for ruby-red, except I just used it), or types of snow (English can describe snow in a dozen or so consistencies, and more). In all cases, there were no problems at all for the speakers to be as specific and precise as needed.

Also, new words will be created on the spot if needed. Give a child an unknown toy and call it a Wob, and it will have no problem at all referring to wobs. Ask it for the olive tray, and it will know that color from that time on.

Winter March 5, 2023 6:24 PM

@vas pup

“”mutalk” is a soundproof Bluetooth microphone that makes it difficult for others to hear your voice and at the same time, makes it difficult for ambient noise to enter the microphone.

I recently saw a demonstration of a system that could convert soft whispered speech in a noisy environment and convert it to well formed intelligible speech (used AI, of course). Worked surprisingly well, and was also language independent (which surprised me the most).

JonKnowsNothing March 5, 2023 8:07 PM

@ Winter • March 5, 2023 5:46 PM

re: [Human] sign languages are a dime a dozen and have the same information bandwidth as speech.

There are more types of speech and more producers of speech than Humans.

It maybe that within a particular context humans can develop a sign language, I vaguely recall doing so at a young age with my friends. A language only we understood. Now it’s called “gang sign”.

It does not carry forward far when you move away from humans or humans in the same environment sphere for context. There are many words for “snow” and some languages have more snow-words than in others.

In my personal environment, the primary words following “snow” is: “it’s cold!”; any other descriptor would be lost on me.

Additionally such descriptors would be lost to a whole planet of non-human species.

Considering the question of “Do Androids Dream of Electric Sheep? “, I wonder what do JellyFish think of Snow.

  • … Drowns on dry land, thinks an island is a mountain; thinks a fountain is a puff of air…. JRR Tolkien

Clive Robinson March 5, 2023 8:26 PM

@ Winter,

“There is currently no reason to think our tree dwelling ancestors used a “language” different from that of modern apes.”

You will note, that I am quite skeptical of those arguments to put it politely, but others insist on making them.

As for,

“People’s language reflects their thinking, and their language will change with their thinking.”

Err no, you are thinking of jargon, and that arises for reasons of secrecy or in-grouping.

The best you can actually say about a language in common use is,

“People’s language reflects that of their ancestors and the environment they were in”.

If you believe what some linguists think then two events that radically changed the average number of words we use today in the english language are.

1, William Shakespeare “wordsmith and playwright”.
2, Victorian Gentlemen who avoided religious strictures of the Universities and started natural philosophy (physics) “science” and the birth of engineering.

In the later case it was the change of environment from agrarian to industrial that forced the need for new words as new meanings had to be communicated. However there were others such as “phlegmatic”[1] that turned up as a “status gap” measure of gentility in the middle classes of those who lived on unearned income.

[1] The word “Phlegmatic”,

1, Resembling, consisting of, or producing the humor phlegm.
2, Having or showing a slow and stolid temperament of someone made apathetic or sluggish from significant phlegm.

Whilst the modern form of the word became popularised in the Victorian era, we know it goes back further and is found used in physiology atleast as far back as the mid 1600’s and probably further (into Shakespeare’s time). Where it was the pallor and cold, moist, humor of the body. Given that it is derived from the Greek “phlegma”, for “flame” (as in burning), it probably was originally a literal reflection of the fevers and inflammation followed by chills that respiritory diseases such as colds, flus, and worse all to often bring.

Remember this word when you next get blocked sinuses, you will unfortunately come to understand it, especially as it will be easier to say in that state…

ResearcherZero March 5, 2023 10:40 PM

“But what will happen if the public finds out?”

No Questions Asked




forty years of money laundering

May all our young Aussie swimmers
Be resigned to failure;
May all out T.V. stations
Be like other nations’

May this nation’s flag
Carry another’s regalia;
May our nation state
Be always second rate –

ResearcherZero March 5, 2023 10:53 PM

Swiss prosecutors have charged four banking executives for allegedly overseeing accounts that helped move millions of dollars.


Arkady Rotenberg’s companies received potentially lucrative government contracts to work on a proposed $40 billion natural gas pipeline between Russia and Europe. Two of the shadow companies, and likely all three, were controlled by Arkady Rotenberg, according to the Mossack Fonseca files.


ResearcherZero March 5, 2023 11:05 PM

illicit Argyle pink diamonds surface in Antwerp

ResearcherZero March 6, 2023 12:06 AM

Operation Atlantis

“We somehow got caught up in whatever’s going on, but there are no valid allegations against the bank. I can tell you there is no tax evasion going on at the bank. The bank is not facilitating anything.”

Euro Pacific marketing materials list the bank’s existing or previous financial partners as Westpac and the West Australian government-owned Perth Mint, raising the possibility that the Australian institutions have facilitated the activities of organised criminals or tax evaders.

I guess they did not notice there was an audit taking place?

ResearcherZero March 6, 2023 12:16 AM

Omnibus accounts refer to accounts that hold more than one item (omni- meaning ‘many’ and -bus meaning ‘business’).

ResearcherZero March 6, 2023 12:35 AM

“Our software is a proof-of-concept receiver that we used to reverse-engineer an unknown protocol.”

Critical flaws in firmware

from the included paper:

DJI implement a tracking protocol called DroneID, which is designed to transmit the position of both the drone and its operator to authorized entities such as law enforcement or operators of critical infrastructures.

“In total, we found 16 vulnerabilities, ranging from denial of service to arbitrary code execution. 14 of these bugs can be triggered remotely via the operator’s smartphone, allowing us to crash the drone mid-flight.”

“Such root access paves the way to disable or bypass countermeasures and abuse

“Our implementation can receive and decode packages live.”

modem phonemes March 6, 2023 12:43 PM

Department of No Signing on the Dotted Line


“To defeat Secure Boot, the bootkit exploits CVE-2022-21894, … exploited to remove Secure Boot functions from the boot sequence during startup. Attackers can also abuse the flaw to obtain keys for BitLocker, a Windows feature for encrypting hard drives.

… Despite Microsoft releasing new patched software, the vulnerable signed binaries have yet to be added to the UEFI revocation list … As a result, fully updated devices remain vulnerable because attackers can simply replace patched software with the older, vulnerable software.”

# provacateurs > /dev/null March 6, 2023 9:02 PM

I was researching a financial scam topic which led to a financial cyberattack info rabbithole, etc.
I couldn’t really find the right info about the original topic, or maybe I did and it just all blended together.
Anyways, when I finally “fell out” of the countless questionable “dead end(?)”‘s, I found this:

You could remove the entry for “Comerica” and use it to search for scams reported to the BBB.
The Comerica Bank turns out to be a harbor for scam attempts against financial security; there are more than a few entries. It’s ironic because that’s the bank system providing Social Security’s alternative to conventional banking.

None of the US Treasury, nor FDIC, nor IRS, nor Consumer Financial Protection Bureau, nor the FBI mention this anywhere online. But the service itself does acknowledge it’s bank, Comerica. Also, the US Treasury links directly to the perpetraitor’s website, as if it’s a legitimate way to do business.

Interpol has a nice public article that showed up during recent months advising the general public to specifically dodge becoming an unwitting cash/financial mule. And that’s exactly what Comerica Bank seems to be utilised for: specifically victims and attempted victims of financial scams involving odd diversions and manipulations and transfers of funds or strange requests for purchases and/or suspicious gifted “checks” showing up unannounced in the mail and accompanied by bizarre flurries of instructions… pretty much behavioral algorithms for specific financial attacks designed to steal money and identity and financial pathways.

I know a tiny bit about this type of crap personally. It’s somewhat academic. But it’s a shame that the aforementioned federal entities are hushed up about this. Meanwhile at least one site had several unanimous sets of complaints and near identical descriptions of recursive problems plagueing Social Security recipients forced or coerced or allowed to be victimized by the normal “alternative” for recieve SSI funds.

Fortunately, the Consumer Financial Protection Bureau did correctly describe the specific troubles in an online academic article, but it’s so aloof even while specifying the excruciating financial damages done to victims.

Part of the problem is that it’s described as a “service quality” issue, when it’s really just cash mule weirdness and other varieties of theft and financial abuse and geez, basically other varieties of data intrigue and maybe corporate espionage at the credit card and bank levels where the ones getting screwed the most are Social Security recipients denied access to their own financial allowances that our USA fed gov’t gives them.

It’s still a SECURITY issue, and as I was reading about this stuff and remembering some related details, I noticed that it wreaks of potential cybercrime involving data breaches also. I think it was one of the U.S. Treasury or Inspector General types of pages that acknowledged their own call centers being undermined (involuntarily “compromised”) by invasive/evasive interferences and criminally intent interlopers.

There was a U.S. Secret Service detail somewhere in the mess I was browsing through also.
These days, it seems like there’s a lot of support links for reporting abuses WITHIN those federal financial backbones, but not much public discourse for common everyday victims who do NOT work for our government.

In conclusion, I can say that I’m glad that the BBB did reveal extra information that I needed to know.
The silence from the notable others is deafening. Although, I did stumble upon a nice fully appropriate formal federal and state backchannel for reporting when banks themselves are attacking financial customers.

I really do not seek to know about this stuff; I don’t mind learning, but I’d rather be doing other things.

Part of the losses of security breaches of several types is the time lost, patience lost, not just the resources lost. Also, there’s the loss of confidence in parts of our culture.

Last but not least, there’s the enormous contrast of emphasis and priorities considering the baffling US news media. They routinely addict themselves to just a few unyielding painfully unresolved topics and excruciatingly avoid coverage of what would benefit most Americans already bleeding from several contemporary issue wounds.

They don’t really participate in using journalism to alleviate suffering, it seems. Instead they provide a “soup” of further camouflage for the country’s and world’s perpetraitors.

The contrast against what could’ve been reported instead is a massive cliff, avalanche, tsunami wall.

Even on the eve of Sovereign Germany reporting a failed attempt of overthrowing the German government and military etc, American tv journalism was suspiciously “circling the drain” orbiting the most irrelevant topics, highlighting non-issues. And yet, Germany was coping with their biggest near catastrophe since the Third Reich of the 1930’s and 40’s (peace be with them, 1945, und 1943 MIR too). It’s astounding.

Meanwhile, so many of us Americans are being fleeced under the table.
I guess we’re supposed to be NetFlixing and Chilling to TikTok while suffocating through our airtight “COVID-2019-mandatory-dresscode”.

Thanks for reading this.
Anybody on Social Security, don’t bother with you-know-what now. hint hint.
FBI personel, you have been impersonated by the same thuggish idiots haunting Social Security maybe.
I never recieved the subpoena I asked for either.

Of course, that might be exactly the correct status quo, too.
Considering how telephone phreakers and impersonators are, I might have NEVER had any contact with actual ostensible FBI personel in my entire life. You have my empathy; I still think your call centres were infiltrated/taken over. The naysayers who showed up to can me, never had any toehold on reality. But their dirty tricks already proved that.

I wish I hadn’t stumbled upon that kind of info. Meanwhile, Interpol, peace be with you, and thanks for the helpful infodata. Peace be with you, military, also… please continue to stand down as needed. we need you for that.

provacateurs > /dev/null

Semper Fi March 6, 2023 10:06 PM

I spent loosely speaking several weeks on the topic just mentioned above.
And today I must’ve been attempting to get some answers to my questions for several minutes.
Even just trying to get the correct address and telephone numbers was an ordeal.

However, this tasty nugget popped up at the very last minute:

Essentially, it’s an admission of the problem that nobody informed my acquaintances about (during 2020,2021,2022,2023) for several months, long after the initial 2019 incidents. Even just a few days ago, talking to some of my acquaintances about these thefts, nobody mentioned this stuff. And more people were allowed to be victimized.

Is that the kind of modern “Black Operation” we have now? The U.S. Government (or their facsimilies) stealing from their own U.S. populace? (rhetorical question).

Semper Fi.

ResearcherZero March 7, 2023 3:01 AM

@Clive Robinson

That is the one.

“Whoever fights monsters should see to it that in the process he does not become a monster. And when you look long into an abyss, the abyss also looks into you.”

There are 5 ways to get from Monster to The Hague by bus, tram, taxi or car.

“hook, slice, tight, lies”
“Let’s get some fingers in some pies!”

The High Court bench unanimously agreed to revoke the special leave it granted to Facebook last year.

The case will now return to the Federal Court…

…to decide if Facebook is liable

“It took me two years to recover from this. I was destroyed mentally.”

“Every year, thousands of people across Rotterdam are investigated by welfare fraud officers, who search for individuals abusing the system. Since 2017, the city has been using a machine learning algorithm, trained on 12,707 previous investigations, to help it determine whether individuals are likely to commit welfare fraud.”

“Despite the scale of data used to calculate risk scores, it performs little better than random selection.”

evidence of fundamental flaws that made the system both inaccurate and unfair

“Not once did I get a truthful answer.”

On January 20, 2017 Tudge sent a text, “…Tas minister calling for Centrelink system to be stopped.”

Mr McNamara said he was given direct advice from former DHS secretary Kathryn Campbell that the report should not be made public.

He said this was because at the time there was adverse media about the scheme and if the report got into the hands of the press “this would have just poured a whole heap of petrol on it”. “That was a very clear direction. This was never to become public under the circumstances.” Ms Campbell will give evidence tomorrow.

the government’s failure to test the robodebt matter in a higher jurisdiction, such as the federal court, was to his knowledge “unprecedented”

It had a “moral obligation” to do so, he said.

Emeritus professor Terry Carney, who sat on the AAT and its predecessor over nearly four decades, ruled five times against the federal government’s robodebt program in separate cases throughout 2017. “I thought I must be missing something. The legal foundation was unquestionably, to my mind, completely missing.”

“dozens of judgments show the government knew the scheme was unlawful because it declined to appeal on every occasion”

ResearcherZero March 7, 2023 4:03 AM

Gold doping is a somewhat accepted practice in the industry and is not illegal, but is high risk for refiners, as it lowers the quality of bullion by adding impurities like silver or copper.

The gold that refining companies receive for purification is called ‘dor̕e form of gold’. Gold doré bars commonly come from two sources; mines or reclamation scrap. Mines almost never excavate pure gold ore. Most ores contain a mixture of gold and other useful base and/or precious metals.

sold diluted gold to China, got caught, and tried to cover it up

The Mint estimated that if it had to recall all 100 tons of gold it had shipped to Shanghai it could be on the nose for $8.7 billion.

In 2018, the Perth Mint began “doping” its new gold. This is when non-gold metals, like silver or copper, are added to the mix to lower the overall gold content. It was expected to save the organisation $620,000 annually. Diluting gold does sometimes occur within the industry but is generally tolerated if the bars remain 99.9 per cent pure.


Two of the world’s biggest banks blacklist Perth Mint

ResearcherZero March 7, 2023 5:54 AM

The lobbying ghost in the machine


Clive Robinson March 7, 2023 7:43 AM

@ MarkH, JG4, ALL,

“Just hours after third derailment NS make token safety changes”

With two derailments in Ohio and one in Michigan that we know of, Norfolk Southern finally make some small “safety changes”.

I guess enough people did start seriously asking questions about why essential maintainence was not being done by Norfolk Southern yet shareholders saw the benifits of 40% lay off of Unionized workers.

From an email by Norfolk Southern spokes person Connor Spielmaker to CNBC,

“Part of enhancing safety is continuously evaluating how we operate our network, and we have been examining immediate ways to move that goal forward. Today, as an interim step, we are ensuring all trains longer than 10,000 feet are operated with distributive power. We will build on this interim change to drive final policies that are appropriate for each segment of our railroad.”

For those that don’t use old “Imperial” measurments, 10,000ft is aproximately 2 miles or 3 kilometers.

But something many won’t know is the 1/12th and 1/6th of the tightest cure train limits from back in the Victorian era. Or the more modern and slightly shorter 1/2radius and radius of the tightest turning curve.

Back in the days of steam you had three options,

1, Engine at the front.
2, Engine at the back.
3, Engine at both ends.

The First was the normal running arangment. The second for shunting and some single line operating, or operating where a train could not be turned around at track end. The third often used on long slow slopes with the rear engine bot coupled but pushing and called a “banker” for obvious reasons.

The reason for the length limits is simple geometry. If a train is 1/4 of the circumference it is pulling at 90 degrees with respect to the last carriage. At 1/12th it is only pulling or pushing at 30degrees.

Likewise with a banker whilst the pulling engine is at 60 degrees to the last carriage the banker engine is pushing at 60 degrees to the front carriage. However with a little care and loosened off couplings the lead engine gets the first half moving thus each carriage has inirtia to pull at a different angle, and the banker is thus pushing at 30degrees or less builds up inertia.

In the US it’s fixed buffers and couplings which makes derailment considerably more likely as the ability to use inertia pick up is just not there.

Which is why the use of “radio controled” engines distributed along the train makes derailment less likely BUT… only if the radio link is functioning correctly.

It’s why this “safety improvment” is at best token and could actually under certain circumstances make server accidents more likely…

Somebody at Norfolk Southern is clearly gambling with safety and pretending they are not actually making the risks higher.

The NTSB should come down on them like a wrathfull god from the mountains, ripping Norfolk South Senior managment asunder.

warren March 7, 2023 8:19 AM

Yet another “perfect security” claim in the wild:

The algorithm works in steganography, where sensitive information is hidden inside innocuous content, for example hiding a word message inside a digital painting.

Recent advances have helped develop steganography techniques that are perfectly secure, the researchers said.

Previous steganography algorithms would subtly change the distribution of the innocuous content, meaning the changes could also be detected.

To overcome this, the research team used recent advances that allow different sets of data to be sent without the corruption.

Besides being perfectly secure, the new algorithm showed up to 40 per cent higher encoding efficiency than previous steganography methods, they said.

That would allow more information to be concealed within a given amount of data.

MarkH March 7, 2023 10:17 AM


U.S. trains don’t use buffers or coupling dampers of any kind. I don’t know what metallurgists think about this … freight yard coupling, or even “slack closing” along a long train when the engineer isn’t dead smooth bringing it to a stop, can be shockingly loud.

I don’t know that the new distributed power policy is motivated by the direction-of-pull dynamics you described; in theory the rails are supposed to function rather like a waveguide in aligning coupling tensions to the direction of track; and if that were a significant contributor to derailment, I suppose it would show up more in freight yards (with tight radii and starting accelerations) than “along the way.”

I suspect that the motivation for the new distributed power policy is really distributed braking … it’s sort of a crude approximation to the electrically controlled braking, which railways have refused to adopt.

MarkH March 7, 2023 10:24 AM


NTSB has no authority over railroads or rule-making, functioning only as investigator and advisor. It’s the Federal Railroad Administration (perhaps, nudged by Congress!) that holds the power to crack the whip.

Norfolk Southern runs an annual net profit of about 25%, which is bizarrely high by industrial standards.

Last year, they carted away well over $3,000,000,000 in profits (that’s a lot of money … did they need a freight train to carry it?). However, they’re too poor to move their customers’ goods on time, provide days off to workers for medical appointments, or advance safety measures improved from those of 60 years ago.

Such is end-stage capitalism.

Clive Robinson March 7, 2023 12:37 PM

@ Warren, MarkH, ALL,

Re : Perfectly Secure v. Secrecy.

“Yet another “perfect security” claim in the wild”

The team is from Oxford Uni, which is a leading research organisation in the UK…

But we already know how to do what they claim. It is quite possible, just harder work than people would like it to be. I’ve already described a system that will do it on this blog before to demonstrate the point that no regulation can stop “End to End Encryption”(E2EE) being used or even reliably detected by an observant 3rd party, and with care is also secure from betrayal of the first party (Alice) by the second party (Bob) to the third party (Eve).

It’s all about statistics.

For the encryption side you use the “One Time Pad”(OTP) or equivalent Shannon Perfect Secrecy[1]). Which gives a message with what appears to be random nearly flat statistics.

For the Stenography side you first analyse the statistics of the “unique one use” carrier (image, document, what ever using the less well known Kullback-Leibler divergence[2]).

There are various ways to do this many of which are already done for you in compression algorithms.

Knowing the statiatics of the carrier you build what appears to be a second encryption stage, which modifies the effectively flat ciphertext statistics from the OTP output to that of the carrier.

You then insert the statistically modified OTP output into the carrier and Alice sends it to Bob. If Eve captures the communications if she analyses the image the statistics are as expected (remember as the image is unique Eve can not compare the sent carrier modified with ciphertext in it to the unmodified carrier)

The problem for Bob is two fold but not exactly difficult. Firstly he has to analyse the carrier and determin it’s statistics and build the appropriate decoding matrix. He then pulls the encoded ciphertext from the carrier and applies the matrix to get the OTP cipher text back. Having done that Bob recovers the plaintext by applying the OTP in reverse.

So now you can see it can be done, you can now read the paper knowing that it is possible.

I in the meantime as I’m going out tonight with a friend for dinner, I will read the paper tommorow when I’ve a few minutes spare to see what their basic system is and how it works.

I’m not expecting any surprises either way.



MarkH March 7, 2023 6:17 PM

@Clive, warren:

I’ve just skimmed the paper (PERFECTLY SECURE STEGANOGRAPHY USING MINUMUM ENTROPY COUPLING, de Witt, Sokota et al.) I’d have to do a lot of reading to follow their reasoning in any detail.

The notion of security applied by the authors has nothing to do with cipher secrecy, but rather is focused on the impossibility of recognizing the stegotext as such.

In place of Clive’s proposal concerning the statistics of the covertext, the authors’ point of reference is the aggregate distribution of the universe of possible covertexts from which one was selected. (The adversary is presumed not to have access to the chosen covertext.)

MarkH March 7, 2023 6:23 PM

@Clive, warren (cont):

In the setting described above, perfect steganographic security is defined as Kullback-Leibler divergence of zero, between the stegotext and the aggregate distribution.

The authors claim for their method the lowest KL divergence their tools can measure (as close to zero as makes no difference), which is orders of magnitude smaller than has been achieved by the best previous algorithms.

Thus, it appears that they have accomplished something quite significant: stego nobody knows how to detect.

It’s probably no surprise that their algorithm (like the previous best stego methods) requires intensive computation.

MarkH March 7, 2023 6:32 PM


The algorithm to recover the ciphertext can be performed by anyone, including adversaries.

However, subject to the condition (which the authors specify) that the encryption producing the ciphertext generates an apparently random symbol sequence — which virtually all modern ciphers do, when used appropriately — an adversary will always get a seemingly random sequence, whether the file is an actual stegotext, or just an ordinary file not carrying a secret payload.

Is the output a ciphertext, or just noise?

If the cipher is strong, and the adversary doesn’t have the key, how can he distinguish?

Clive Robinson March 7, 2023 8:03 PM

@ MarkH,

Just in from my evening out and I see your,

“the authors’ point of reference is the aggregate distribution of the universe of possible covertexts from which one was selected.”

If you reword it that is the “all messages are equiprobable” proof of security of the one time pad.

If you look back at my comments back when talking about proving E2EE could not be stopped as plaintext could be selected by the use of a OTP output by using standard plaintext such as the opening salutation {Hi, Hello, Howdy, goodday} qives you two bits, and “We should meet up for a XXX” where XXX is one of {drink, tea, coffee, beer} gives you another two bits and so on[1]

Is what you are describing.

I guess at this rate the paper is going to make a dull read as you make it sound like they are trailing in my footsteps by quite a ways…

[1] Even if the adversary Eve suspects this is the system, they can not prove it because of the use of the OTP robs then of corelation. But even if Eve knows the system because Bob betrayed Alice Eve can still not prove it because again the use of the OTP breaks any correlation. As long as Alice takes care not to corelate any of her actions with the actual plaintext the Eve still has nothing. Because Alice can just say Bob is mentally unwell or at a push provid a constructed pad that gives an entirely different message. Hence the real message is fully deniable. To make it worse a compression system via “code book” makes deniability even easier, especially if the only copy Bob has is in his own hand writing.

Clive Robinson March 7, 2023 9:03 PM

@ MarkH,

Just skim read the paper.

Note the two footnotes on page 4 describe a “stream-cipher” of a type that can be an OTP system…

The diagram of the system when redrawn with the missing parts added is more or less what I described ages ago…

But to be honest I can not realy see what they find so new or original, other than they have chucked ML systems in to make it look special…

I guess I’m going to have to sleep on it to see if my subconcious can pull anything “extra” out of it.

JonKnowsNothing March 7, 2023 9:11 PM


re: Whoever fights monsters should see to it that in the process he does not become a monster.

This presumes humans are able to fight monsters and survive, like St George and The Dragon.

However, to truly fight monsters you have to: Be One to Know One. You need to match their power, strength and abilities, which is the premise of The Witcher novels.

Being a monster doesn’t actually require an “evil intent”, it only requires something or someone to be “different from you”.

There are lots of things we label as “monsters” and it varies by culture. We normally label people as “monsters” when “We do not get Our own way”. We use the word “monster” as an excuse for anything we want to do in retaliation for “loss of face” or for using “any methods we want” in order to achieve it.



Polish author
Andrzej Sapkowski
The Witcher
Geralt of Rivia

Folksong King Henry Fifth’s Conquest of France

Fictionalized version of the Battle of Agincourt and the events leading to the war.

English King Henry V calls for tribute to be paid by France. The King of France sends him tennis balls as payment. The insult leads to the Battle of Agincourt.

MarkH March 7, 2023 9:37 PM

@Clive, warren:

I saw nothing in the paper about an adversary’s ability to recover plaintext. It focuses exclusively on an adversary’s ability to discriminate stegotext.

Once a stegotext is identified, the adversary’s ability to recover plaintext depends on the strength of the underlying cipher, which is orthogonal to the paper’s topic (they wrote perfect security, not perfect secrecy).

My reading of the authors’ claim, is that they can (a) achieve a high density of ciphertext bits per covertext bit on (b) a broad variety of covertext types while (c) achieving zero KL divergence from the statistics of real-world covertext families using (d) reasonably affordable computational effort.

MarkH March 7, 2023 9:43 PM

@Clive, warren (cont):

If anybody previously published an algorithm hitting all four of those targets, then the authors haven’t done anything new. If there is no prior, then it seems a quite significant achievement.

While Clive was at dinner (hope you enjoyed your socializing!), it occurred to me that the perfection of their result could weaken it: they can with near-perfection match the statistical distribution they use as a reference, so — all of their stegotexts (for a given use case) will have exactly the same distribution, whereas covertexts chosen at random from their superset would show significant variance.

Probably easy to mitigate, but security is hard …

Clive Robinson March 8, 2023 3:06 AM

@ MarkH, ALL

Re : The Oxford paper.

“I saw nothing in the paper about an adversary’s ability to recover plaintext. It focuses exclusively on an adversary’s ability to discriminate stegotext.”

It’s quite a bit more subtle than that.

Look at the right hand side of Fig 1, you see the “Receiver”(Bob) and the “Adversary”(Eve) both recieve the stegotext(S), but Bob also receives the Private Key(K) which Eve does not.

Now look at the definition for K it is exactly the same as for a “binary OTP”.

Likewise the definition of the stegotext S is the same as that for the “OTP ciphertext”.

They are the same function and have the same logical consequence, all that changes is the “labels” they have chose to call K and S, and we could as equally call OTP KeyMat and Ciphertext.

Thus the lables “plaintext” and “stegotext” are likewise equivalent. So consequently,

“they wrote perfect security, not perfect secrecy”

It also makes “perfect security” and “perfect secrecy” the same when viewed as a process to an end (recovering plaintext from ciphertext or demonstrating is plaintext is covertext).

But the thing about an OTP that every one forgets is that,

“All messages are equiprobable”

Has a flip side, which is what I point out with the “OTP deniability”

“Logicaly every ciphertext from an OTP even if it reads as plaintext is infact any and all messages of the same length as the cipher text.”

The paragraph above this has 112 visable and 25 white space charecters for a total of 137. It contains every message in the universe that is 137 charecters or less long including what it reads as. Because it’s the private key K that decides what the message realy means. So if K is all zeros then the message is what you read as the plaintext. But depending on K it also is by definition a saucy message to some one you fancy, even though you have not thought it up yet…

So by definition every piece of plaintext is also a covertext for every “stego” message…

Also some subset of all those covertexts C look like plaintext under any statistical test you chose, that is they will have the same distribution within your ability to measure it.

All they authors of the paper have proved in this respect is that “all stego messages in the set M are equiprobable, including a null or all zeros stegotext that is genuine plaintext, and stated that some will have the same statistical properties as others. None of which is in doubt, or ever has been since Claude Shannon effectively pointed it out.

Thus all they are saying is that there is a subset of covertexts that as far as your measurments are concerned have exactly the same statistical properties as messages you think are plaintext not covertexts thus you can not tell them appart by measurment, tgus cannot prove which they are.

I’ve mentioned this property in the past several times when talking about E2EE[2], and stated you can send secret messages that look like plaintext and the advaserial third party Eve has no way to tell let alone prove.

If you look at my posting above that has a couple of sets {} defined. It should be abundantly clear that it is a very simple system to send bits of information covertly where the statistics are indistinguishable from plaintext because they are plaintext. It is not the first time I’ve posted this scheme, thus I’ve already shown by the equivalent of a “grapical proof” that you can do this, and unkike this papers authors I did it simply so it would be easy for anyone with no more than a K12 school education to grasp…

So in this respect they have not proved anything new, as I have already done so ages ago and posted it to this blog for people to think about. And for all you, or I, or any other reader of this blog knows, one or more of those authors have seen it and effectively copied the idea consciously or otherwise (it’s been shown to have happened with other researchers who were once part of Cambridge Computer Labs, for which they still owe me and @Bruce a drink[3]).

But unlike them I don’t claim it’s original to me, I’ve never bothered to check. What I have done is said in the past my thinking was a logical consequence of following through on Claude Shannon’s work, and the BBC transmissions of “now some messages for our friends” to SOE officers and other agents in occupied Europe during WWII.

Oh look up who the K and L are of that test[1] are and who they were working for “part time” when they made it public in the 1950’s… I actually have a signed copy of Solomon Kullback’s book “Information Theory and Statistics” in my dead tree cave, that I was given as a present.

[1] For those who want to know more about the “Kullback-Leibler Divergence” but can not face all the domain specific terms. As long as you understand Pythagoras’ therom and can code in Python, then this will prove of interest.

[2] I’ve also mentioned it in other places than this blog, most recently in,

So there is more than one place the authors could have seen it.

[3] I have repeatedly said on tgis blog in the past, people can use my ideas if they wish, but with two conditions,

1, They acknowledge both our host @Bruce and myself.
2, And if they meet either of us they should buy which ever of us it is two drinks. So that which ever of us it is can by the other a drink or more if we ever meet in person.

(yes someone did mention that we should both join “buy me a coffee” or equivalent.)

Winter March 8, 2023 3:15 AM


We normally label people as “monsters” when “We do not get Our own way”.

It is more sinister. It is demonizing. A monster is not human and it is dangerous. Therefore, you not only have the right to kill it, it is your duty.

I always saw this as the underlying lure of zombie movies. We have changed, and it is not OK anymore to shoot “people” at sight, just for the fun of it, as was customary in Westerns, War and crime movies. Even slaughtering animals in movies gets you a bad press. So, zombies were invented as humans you can kill as many as you want, or even have a duty to kill as many as you can. Because, by some flimsy argument, they are not “alive” anymore.

Clive Robinson March 8, 2023 2:54 PM

@ Folks,

Google’s halfway-house security.

“New service occupies a middle ground between E2EE and mere server-side encryption.”

I’ve been mulling this over for a few days, and to be honest I don’t like the idea at all…

Not because of what it does or for that matter what it does not do on the technical front. But because it’s a “word-redefine” trick on peoples perception thus in effect a Back-Door technique pretending to be a User-Security trchnique.

The thing about E2EE is that it fails to work on “communications end points” because of OS, Driver, and App “end-run attacks” due to near total lack of “segregation”. Where an attacker rather than try to break the encryption of a “security-app” simply “worms around it” with near ease through a Driver, the OS or another App to the “User-Interface” thus you have a “Security-Endpoint” end-run attack. This is only possible because of the very poor security design of the commercial/consumer computers and devices we use.

Which is something that neither the Whitehouse or EU computer security initiatives goes anywhere near resolving. Suggesting that certain people have put the fix in on both sides of the puddle.

We have seen with Apple and it’s now withdrawn “Client Side Scanning” supposadly for CSAM material proposal, that when people started to understand it, just how very anti they became very quickly. Thus public understanding is important, and trying to “word-redefine” as many readers here know is a well practiced technique that both the US IC and US LE use in giving testimony to effectively lie in judicial environments (remember the NSA redefinition of words like collect).

My feeling, is what Google is doing here is even worse like the old “40-bit Encryption” nonsense befor Crypto-Wars-1 which the US Executive (Clinton) eventually caved to public pressure on.

In essence Google is “giving the illusion” of “Strong Privacy” but actually caving in to LEO etc demands (see what does not get protected in the light of “probable cause” argument and “no user notification warrents”, oh and that the actual encryption keys are by default made,”third party business records” thus subject to “no warrant required” access by LE and IC agencies).

So how do other people feel about it?

Clive Robinson March 8, 2023 5:46 PM

@ SpaceLifeForm,

Re : DuckAssist

Under the “Duck Test” it could be said that this is a government or SigInt or IC agency, as both the Five-Eyes SigInt agencies, and the other of their IC agencies do this,

Threat actors are using advanced malware to backdoor business-grade routers

“Researchers have uncovered advanced malware that’s turning business-grade routers into attacker-controlled listening posts that can sniff email and steal files in an ongoing campaign hitting North and South America and Europe.”

However the best bit is the last two paragraphs,

“The packet-capture ability of the HiatusRAT should serve as a major wake-up call for anyone still sending email that isn’t encrypted. In recent years, email services have improved at automatically configuring accounts to use protocols such as SSL/TLS over port 993 or STARTTLS on port 143. Anyone still sending email in plaintext will likely regret it sooner rather than later.

It’s also a good idea to remember that routers are Internet-connected computers, and as such, they require regular attention to ensure updates and other measures, such as changing all default passwords, are adhered to. For businesses, it may also make sense to use dedicated router monitoring.”

And people still wonder why I haven’t “done eMail” for the past decade, and spent so much time talking about “the first router upstream” as amongst many things the place where the likes of the NSA, GCHQ and other Five-Eye Sigint agencies lurk more or less unseen.

JonKnowsNothing March 8, 2023 7:13 PM


An interesting potential problem …

Normally business calcs are add and sub but are intended to have a positive number as a result. Negative numbers are “credit balances” meaning the customer has over paid or due a refund for a returned item. Companies have different ways of handling this credit, some carry it forward and apply to the next billing, some use a refund card or check to clear their books if the amount hits a ceiling, some companies pocket small amounts ($1 or $4.99) at the end of year.

A MSM report of a City in USA which is enacting a Legal Citywide Rent Reduction on all rental properties of @15%. ATM it’s across the board on all rental properties. ATM it’s heading into legal challenges. There doesn’t seem to be any law against the city demanding a rent reduction. Cities may have rent caps, or upper ceilings, or subsidized top up caps, but per the article it is a rarity that a City demands 15% decrease off all rents.

So the conundrum will be:

  • If the city is successful at setting not just a rent cap but also a reduction in monthly rents, and many of the city’s rental units are owned and operated by big time real estate landlords holding hundreds of houses and apartments in their portfolios, will their billing systems choke on an across the board credit balance?

It may take some thinking about how this will look on a balance sheet and income statement. On paper it’s not a problem, but automation might end up draining the landlords bank accounts as they process the negative amount on the reduced rent fee.

It will no doubt sort out after a bit.


Kingston New York
City wide
rent decrease

Clive Robinson March 8, 2023 7:26 PM

@ JonKnowsNothing, SpaceLifeForm

Re Chocraine report on Masks…

You’ve probably heard about it or read articles like,

All of which amazingly from my point of view do not consider “environment” issues. The data used in the report was from medical fascilities that basically have pretty appaling air quality conditions when considered against public places.

So to answer the question as to if masks are effective in the general populous case the report is pointless. In the case of medical fascilities it basically indicated what you would expect for such low air quality environments.

So the reports authors, like the RCT studies used authors failed to measure the environment in which the studies were carried out. Result “big fail”

A simple mathmatical calculation shows that for a human to be able to breath unassisted through a filter the effective holes in a single layer would have to be around six thousand times the area in size than the cross sectional area of the viral particle. You might remember very early on I did that calculation on this blog…

Secondly the alledged electrostatic effect of such single layer filters, fairly quickly fails if you exhale into it. As the moisture build up with the natural ions in from your breath would kill static charges deader than a three week old kipper.

It was knowing this which made me and a friend look into constructing full face masks like those used by snorklers, and using large 3ltr light weight flow chambers and UV-C emitting LEDs. We had a prototype up and functioning and we were investigating getting them manufactured, but China had effectively shutdown and my friend died very unfortunately in an accident so as a project it stopped.

But also you have to consider the physics of what the masks do, if they are not filtering viral particles. Well firstly a sneeze or cough can project large droplets atleast 30ft, in the direction people face, which is generally towards each other. A mask stops these large particles inside the mask and only small particals with very low mass are emitted, and these travel very little distance, and also dry out fairly quickly in the air thus the viral load is both physically reduced and constrained, it also has it’s half life considerably reduced. Thus in unsaturated environments which most public places would be the active viral load would be small and ordinary air currents and low relative humidity would reduce it further and stop fomite build up.

In a medical facility however the air is likely to be effectively saturated with virus, so no mask or unassisted resperator is going to stop sufficient viral load for infection getting through.

Thus not unexpextedly the trials in medical fascilities are going to show masks have minimal effectiveness…

However early caged animal experiments showed that masking material at a distance –thus avoiding the moisture issue– were effective. Even with drawn air over the cages of uninfected animals.

Also has anyone asked the million dollar question about the flu virus that died out during lockdown and mandatory mask wearing? Perhaps they don’t want to explain it.

Then there is epidemiological evidence from Asian countries where mask wearing during respiratory disease season brings lower hospitalisation rates and slower community disease spread. I could go on to note that Asian studies showed community disease spread went up in the parts of society assembling in enclosed environments where ventilation was inadiquate such as nightclubs and similar even though masks were still being worn…

Thus failing to consider the environment and viral saturation renders the Cochaine report worthless for the general case of mask wearing. What however it is actually telling us, is that the quality of air in medical fascilities is actuall pretty appaling and we realy realy should be addressing that, not playing political point scoring games.

Speaking of which the reports lead author has a bit of a history and in known to have a strong “libertarian leaning” from other article’s he has written. Worse non of the reports authors have responded to questions submitted to them and Chocrain it’s self has apparently issued a strong cautionary warning with the report…

So I am going to continue wearing my mask in public and keep people away from where I live, as I don’t want C19, or what ever version of flu is rattling around currently. Nor if H5N1 does zoonoticaly “cross over” and become human transmissible do I want that (my father was born during the 1918-23 “Spanish flu” pandemic). Due to circumstances beyond my control whilst in hospital at the begining of last month I did contract a respiratory disease in my sinuses. Which I think is the worst I’ve ever had in well over half a century of renembering. And is even now a month later still causing me quite a few problems…

MarkH March 8, 2023 7:50 PM

Re Cochrane “report”

Simply, it’s a load of crap.

• the lead author is a crackpot

• 92% of the actual studies (the report is just a meta-analysis) did not take place during the pandemic

• only two of the 78 studies were of the effect of masking on Covid transmission …

• and those two studies didn’t consider actual mask usage, but only whether people were encouraged or ordered to wear masks

Cochrane has a good reputation, but that paper is completely worthless.

Legitimate studies show significant effectiveness of masks in cutting respiratory virus transmission.

MarkH March 8, 2023 9:48 PM

Oxford Steganography Paper, 1

My reading substantially diverges from that presented in above comments from Clive. Here are some of my perspectives for what they’re worth.

[1] Three times, the paper refers to “scalable” steganography. I take this to mean the ability to transmit large volumes of ciphertext on a recurrent basis.

[2] In a footnote, the paper offers OTP (simply XORing the key) as an example, but the technique does not require or depend on a specific cipher. Rather, it calls for “an encoded form of plaintext that can be made to look uniformly random.”

All modern strong ciphers have this property; it’s a basic requirement that ciphertext be statistically indistinguishable from a random distribution.

OTP is presumably the least scalable cipher ever used for high-security applications, and so would not typically be a suitable choice for high-volume use cases.

MarkH March 8, 2023 10:11 PM

Oxford Steganography Paper, 2

[3] The paper refers to “generative AI” including ChatGPT. The technique doesn’t depend on such tools; rather, steganography requires unique cover texts which must be kept secret, because if Oscar can find the original, he can trivially conclude that the stegotext carries a concealed message.

Covertexts could be hand-made, but this would grow exceedingly burdensome for high data volumes. For high-volume use cases, “generative AI” may be a feasible method to automatically create arbitrary volumes of cover text.

MarkH March 8, 2023 10:16 PM

Oxford Steganography Paper, 3

[4] OTP isn’t needed for deniability. The “perfect security” property means that presumed adversary Oscar can’t distinguish ordinary messages from those with secret payloads.

Oscar can try “decoding” any arbitrary message, getting a random-looking bit string whether or not it’s a stegotext.

If a strong cipher was used, and Oscar doesn’t have the key, he can’t tell whether the presumed payload holds a hidden message, or is just digital junk from an innocent message.

MarkH March 8, 2023 10:30 PM

Oxford Steganography Paper, 4

[5] Clive’s steganography via word choice was intended to prove a concept. It’s not at all clear how zero KL divergence could be attained by such a technique, or what the resulting data density would be.

The authors claim about 0.9 bits of payload per bit of message entropy, or roughly one bit per character of English text, and 450 kilobytes per minute of payload for text-to-speech audio.

I don’t see in the paper that they produced real stegotexts; rather they may have been demonstrating statistical properties without the actual modifications to covertext files. In that case, I’d want to see experiments carried all the way to example files.

ResearcherZero March 9, 2023 2:55 AM

not enough randomness


too much randomness to boot

Have you been laying down again?

The Moscow City Court has extended the pretrial detention of opposition politician Vladimir Kara-Murza despite a physician’s request to release him immediately due to an illness described as polyneuropathy, a disease affecting peripheral nerves.

Prokhorov wrote that his client was placed in a disciplinary cell on February 21 by the leadership of Moscow Detention Center No. 5 “Vodnik”. The reason for the tightening of the conditions of detention was, as the lawyer writes, that the prisoner repeatedly allowed himself to “lie in his cell in his bed” after the lights went out.

in July last year another criminal case was initiated against Vladimir Kara-Murza – concerning the activities of an undesirable organization (the opponent was vice-president of the Free Russia Foundation, recognized as undesirable on the territory of the Russian Federation). In October 2022, a third criminal case is launched: Kara-Murza is accused of high treason. The trial will be held behind closed doors by a “troika” — three judges, one of whom will most likely be Sergei Podoprigorov, who has been placed under sanctions related to the U.S. Global Magnitsky Human Rights Accountability Act.

polyneuropathy can occur following poising ordered by a former member of a KGB periferie (Czech spelling)

ResearcherZero March 9, 2023 2:59 AM

“On the material before me, I was not satisfied we could make a declaratory statement and I chose not to comment on legality.”

So what happened? …

“The department responsible for Robodebt failed to disclose documents to Commonwealth investigators which would have prompted them to stop the program, an ex-senior staffer at the Ombudsman’s office has revealed.”

Among them was a brief on the draft policy proposal for the scheme prepared for the former prime minister when Morrison was social services minister in early 2015. Morrison told the inquiry in December that, before he took a final policy proposal to cabinet in March 2015, the DSS had changed its view and advised new legislation was not required.

Campbell accepted that the document – which falsely said there was “no change” to how debts would be assessed under robodebt – misled the expenditure review committee about the fledgling proposal.

Scott Morrison, had indicated his desire for the proposal to go ahead in February 2015, there was no realistic possibility it could be legislated to start in July 2015.

Campbell said she could not recall why she didn’t notice the change, which was inserted by officials of the Department of Human Services (DHS) in early March. Asked if ministers had pressured her to put forward the proposal without legislation, Campbell said: “There was no pressure.”

“This demonstrates [the department] weren’t participating in good faith.”

The DSS advised in late 2014 the robodebt proposal would require legislative change and wouldn’t hold up against a legal challenge otherwise.

A solution that ignored the human dimensions of the purported problem.

ResearcherZero March 9, 2023 3:24 AM

Updated Date: Feb 21, 2023

If it’s confusing why the article linked is from 2012 The original article relates to legacy systems.

A recent study, linked in the Supplemental Information section, has revealed that when a system generates new RSA keys under low-entropy conditions, such as during the first system boot, the resulting keys may not be cryptographically strong.

FA March 9, 2023 4:58 AM


Clive’s steganography via word choice was intended to prove a concept.

Which isn’t new nor without its problems.

There is an example of this somewhere in Kahn’s ‘The Codebreakers’. As far as I can remember it is from WW1 and went something like

  • Spy sends telegram: ‘Father passed away yesterday evening’.
  • It is intercepted and changed to ‘Father died late yesterday’.
  • Back comes another telegram: ‘Did father die or pass away’.

Clive Robinson March 9, 2023 5:00 AM

@ MarkH, ALL,

Re : Oxford paper reading.

Reply to @MarkH critique part 1.

“My reading substantially diverges from that presented in above comments from Clive.”

Hmm, that raises the three “who, what and why” questions immediatly,

1.1, Who : would it make a difference to?
1.2, What : way would it make a difference?…
1.3, Why : would it matter?…

Something @MarkH has not done, nor has he highlighted any “Apples v. Orange” argument he has made.

So firstly a little background,

To understand the Oxford paper you will have to have a lot more than a US Doctorate level of understanding of a great deal of domain knowledge (but not necessarily expertise). It is thus not written for ordinary mortals to read and comprehend (something @MarkH realy should have noted as a first point). I will leave it to other readers of the paper to see that for themselves.

My original system goes back quite some time and is as scalable as the Oxford system if you wish to make it so. But importantly as described was designed to be a “principle explainer” for even first year high school student or their parent to be able to use as a school science project if they wished (something the Oxford system never will).

Thus it was,

2.1, Importantly secure to the highest level commonly known.
2.2, Simple to understood and explain.
2.3, It did not require a computer but could be simply coded in any computer language a high school student would have access to and even work on a 1970’s era 8bit computer (I have a demonstator in Apple][ basic).
2.4, It could be used by hand, making it very much more secure than using a computer, using just pencil and paper.
2.5, It offered other advantages the Oxford system does not.

Thus my system is understandable, practical, can be shown to be both “secure and secret” easy to make and importantly usable with minimal tools / equipment as it does not require extensive expensive technology. It could have been used from the mid 1800’s if not earlier. The Oxford paper is when you stand back a bit, just an attempt to bring ML systems into another domain via existing known and proven methods.

So having got the background sorted out, onto @MarkH’s Part 1 comments.

“[1] Three times, the paper refers to “scalable” steganography. I take this to mean the ability to transmit large volumes of ciphertext on a recurrent basis.”

The level of scalability that the Oxford system calls for in it’s examples is a computer system capable of running an LLM ML. Which we should all know is practically a non starter as LLM systems models are generally not auditable, subject to hidden bias, require large computing resources that are not practically securable and for practical security requiring secure fascilities like a cross between a SCIF and quite a large bank vault. So on the practical side what the Oxford paper calls for is to put it politely, “currently impractical and insecurable” and likely to remain so.

Where as my demonstrator is provably secure, can be done by a first year high school student for a science fair project, or used in their bedroom or on the kitchen work top or even a tray on their knees, with just a pencil, paper, a pair of dice, and a smallish note book and for extra security a match and a garden BBQ-pit or barrel burner (or similarly as safe indoor equivalent).

So when comparing for practicality, education, and use you have to understand quite a bit (something @MarkH has avoided mentioning at all in his criticism).

But moving on,

“[2] In a footnote, the paper offers OTP (simply XORing the key) as an example, but the technique does not require or depend on a specific cipher. Rather, it calls for “an encoded form of plaintext that can be made to look uniformly random.”

Contrary to what @MarkH says both my system and the Oxford system use the OTP as a simple “proof of security”, importantly they also need it to get around the “unicity distance” issue (which most practical ciphers suffer from). They footnote it because they are not describing a practical system and are focused on the use of ML systems. Where as I did detail it to demonstrate high security in a simple, understandable system that importantly was both simple to use and practical to realise without technology and importantly had other features.

So @MarkH failed to observe an important point as well as raising an invalid point in his criticism.

“All modern strong ciphers have this property; it’s a basic requirement that ciphertext be statistically indistinguishable from a random distribution.”

Again missing the point about “unicity distance” and why many modern strong ciphers would not be suitable (if people want to see why they can read up on the “DES-Cracker” that was built to prove the NSA were lying every which way they could).

“OTP is presumably the least scalable cipher ever used for high-security applications, and so would not typically be a suitable choice for high-volume use cases.”

Actually @MarkH’s presumption is wrong. If Quantum Computing does happen then quantum versions of the OTP will be the only secure way left to do quite a number of things. It’s why the Chinese have for the past decade being putting Quantum Cryptography using entangled particles that form part of a generalised OTP system into space craft. They have advanced it to the point where it is practical for the highest of security systems in some of the most hostile environments.

I will go on to cover @markH’s other critisms when this still active blog thread has quietened down somewhat.

Clive Robinson March 9, 2023 7:04 AM

@ JonKnowsNothing, SpaceLifeForm,

Re : More on LC19 and the security cost to society.

Have a look at an article about a new report on C19 after effects,

It appears that C19 may be bringing IBS and worse –including pancreatitis that can kill you– to people that have had C19.

Something as the article notes,

“The study likely confirms what many long COVID patients already know all too well.”

As others know LC19 is now in reality a chronic disability condition with no known treatments other than a limited range of palative symptom reducers.

What makes the study interesting is it’s depth and breadth of sufferers and a very large effective cohort of control groups,

“But the analysis is among the largest and most comprehensive to evaluate the boost in relative and absolute risks, drawing on medical records from more than 11,652,484 people in the Department of Veterans Affairs databases.”

Whilst the medical research community are still pondering the whys, it should be noted that intestinal tract issues are not exactly unexpected with C19.

Because whilst in humans C19 preferentialky goes for the respiratory system it also shows up in the gut. In animals the related viruses are almost all gastrointestinal not respiritory and is in part why the animals survive, and get repeated infections, and form disease reservoirs so the pathogen is endemic.

I suspect we’ve a lot more “comming down this particular pike”…

But there is the question of societal security. In the US this is an especially vexed question most visable as “disability wealfare” but actually effects society in it’s totality.

Obviously working with many of these gastrointestinal disorders is going to be both difficult and require considerable consideration by employers, to the point employment will not be possible for many.

As some know, in the US if you don’t work your level of health care options are at best vanishingly small, and non existant for chronic conditions.

I suspect there is going to be very considerable tension over LC19 in the near future. Certainly in both the US and UK people can easily point the finger at certain individuals who are very largely to blaim for C19 mishandeling and what happened because of it. The fqct they and their supporters are in full and sometimes violent denial is a considerable societal security risk just on it’s own.

But societal security wise it gets worse, a lot lot worse and the ebtirety of US society is not just at rik but is provably harmed which will cause many other security problems. As long term readers know, I was raising the issue of pathogens knowing no distinction between rich and poor or geographical divide here long before C19. What C19 should have made clear even to the most ignorant, Health Care effects not individuals but the entirity of society with no doubt. If you alow a socio econmic group to be vulnerable, then they will get ill. Not only do they become a disease nexus, they also become the origin of entire community spread, which will hit rich and poor alike with no favours shown. Some US politicians died of C19 despite having arguably the best healthcare available to any US citizen as part of their “job package” thus this should have been a major wakeup call that there is something deaply wrong with the way healthcare in the US works. Effectively if it’s not universally available then society at all levels gets sick and dies before their time. Which might explain in part why the average life expectency in the US is dropping, but going up in other Western First World economies, where healthcare is a fraction of the cost of the US system and universaly available.

Clive Robinson March 9, 2023 9:35 AM

@ FA, MarkH,

Re : Failing of all stego.

“Which isn’t new nor without its problems.”

All stego systems suffer from this problem and more systems thwn you can name simply failed to “the sensors pen”.

That is all stego is sensitive to both deleation and change, which in information systems have been called “channel noise” since Claude Shannon’s seminal work.

There are simple solutions available by “channel coding” and “Error Correcting Codes”. We went through this with Stego very intently in the 1990’s with the idea that you could hide copyright and,similar with “Digital Watermarking” I know you are both sufficiently old to be cognizant of DW systems and their failings. Especially that with DW systems they all turned out to be “obvious” in that you could not make a robust DW without it being obviously apparent by it’s artifacts.

The whole point of the excercise for both the system I gave as a demonstration of two parts of the problem and the Oxford paper is “undetectability”.

The Oxford system might well pass the KL statistical test on a sufficiently long enough run, does not hide the fact that the three examples they give in their paper are “so hinky” you don’t have to be a human censor to pick up on them… To a human they are obviously fake or generated, not natural.

However the system I chose to use, uses fully natural language sentences that are indestinquishable by a hunan censor something @MarkH is trying to ignore for some unstated probably cognative reason.

The fact this is not the first time you two have acted as a “tag team” is shall we say noticeable to any long term reader…

Clive Robinson March 9, 2023 9:52 AM

@ FA,

Oh one other thing, if you look at what @MarkH says in his part 4 you will find,

“The authors claim about 0.9 bits of payload per bit of message entropy, or roughly one bit per character of English text”

Do you see why that actually makes the Oxford system much much more susceptible to deliberately induced “channel noise” than the system I described?

Read the rest of @MarkH’s part 4 and you will see he is aware that the KL test is alone unsuitable, or the resulting system would be to fragile.

You realy should atleast try comparing and contrasting when making the statments you did.

Things you realy should have picked up on and mentioned but strangely you did not…

Care to explain?

Clive Robinson March 9, 2023 10:36 AM

@ ResearcherZero,

Re : Low entropy is a killer.

With regards the IEEE article –about a presentation in Dec 2019 by Keyfactor– one paragraph by Will Ackerly CTO of email encryption / privacy company Virtru stands out,

“The entropy problem in IoT has been known for a while, but Keyfactor’s research shows that attacks that exploit this problem are easier to carry out than previously thought,”

The original “red flag” on this came from the UK’s Cambridge Computer Labs getting on for a decade ago.

It was covered on this blog, and as I’ve pointed out the method is ideal for SigInt agencies, because it’s not an attack that works on single certificates but on “industrially hoovered up” certificates, the more it gets the faster it finds others[1] as the results “cascade” avalanche style.

The weakness of entropy sources goes back even further to an early version of a web browser and also a *nix OS (as for Microsoft, best not to ask). So it’s expected that GCHQ, NSA etc were more than aware of the issues right from before the open community became aware[2].

[1] Put simply if you know the two prime factors behind one key, it’s very easy to find other certificates that match one or other of those prime factors. It’s then a simple division to find the other factor. Which you can now add to your trial list. If the entropy source used is high quality then this new prime factor does not get you very much. If however the entropy source is low quality then it will get you more certificates. The test therefore has a cascade effect like a chain reaction with low quality entropy sources. A point I made back quite some time ago.

[2] As I pointed out originally it’s known that the NSA and other Five-Eye SigInt agencies playground is not on a “target of interests systems” unless absolutly necessary because of the risk of discovery. It’s the first upstream router or similar in the “Intetnet cloud” because not only is the risk lower, they probably have probably been in effect given / aquired “blind eye access” by the service providers, hence the top secret rooms in AT&T facilities that we are aware of, and all the curfuffle over the Greek and other Olympics. Thus the SigInt agencies would aquire every type of router and analyse the way they work especially the RNG / TRNG entropy sources used to generate KeyMat looking for weaknesses to exploit, and their mathematicians would be expected to be a decade or so in advance of the open community.

Winter March 9, 2023 11:28 AM

Let’s see what Microsoft will do to GPT:

GPT-4 is coming next week – and it will be multimodal, says Microsoft Germany

“We will introduce GPT-4 next week, there we will have multimodal models that will offer completely different possibilities – for example videos,” Braun said. The CTO called LLM a “game changer” because they teach machines to understand natural language, which then understand in a statistical way what was previously only readable and understandable by humans. In the meantime, the technology has come so far that it basically “works in all languages”: You can ask a question in German and get an answer in Italian. With multimodality, Microsoft(-OpenAI) will “make the models comprehensive”.

JonKnowsNothing March 9, 2023 12:19 PM

@Clive, @SpaceLifeForm, ALL

re: On the influx of “post” Covid reports

I have noticed a variety of reports starting to surface about “post COVID” conditions. Of course, COVID-19 is still here, still active, still killing people, not going anywhere and we still have no treatments on the medicine shelf.

I would divide these into 2 categories

1) Showing on going health issues that affect people who had C19 and survived 2019-2022. Which may be some indicator or forecast that those health conditions may affect people who get C19 2023+ going forward. Since we have globally declared COVID is over, these conditions will be on going like: 30%+ of people with any form of COVID will have long term health problems, such as gastrointestinal problems in that report.

2) Reports minimizing the number of sick people who directly or indirectly were affected by COVID 2019-2022. In such reports, they often divide the survey group into direct effects (sick themselves) and indirect effects (eg got sick from working as caregivers). The latter group is pretty much excluded from the reports. Since you can exclude quite a few subject areas like this, they can safely calculate The Number is Smaller. A recent version of this:

Study Topic : The pandemic resulted in “minimal” changes in mental health symptoms among the general population, study by researchers at McGill University in Canada.

the pandemic had a similar positive effect on resilience [as do] wars because “social cohesion, despite the handicaps of lockdown and social distancing, improves when there is a common enemy”.

Prof Peter Tyrer, emeritus professor in community psychiatry, Imperial College London

note: emphasis mine

I have been tracking what little is still published about COVID. In California it’s All Over. No Mask. No Vax. No Social Distancing. In recent required trips to the market, out of hundreds of shoppers only a few had masks. Not even when people are coughing, the kids are coughing, do they even attempt the “arm sneeze”. Nothing needed now for care givers in Skilled Nursing or Hospitals or Clinics. Some few places may continue to require masks but these are the outliers.

I’ve semi-started another Bank of Mom and Dad post about why the global governments are willing to accept the constant death rates from COVID. It’s quite a large number: 3x that of normal Influenza (H5N1 will be a different bird). It is the highest killer of Police Officers; far more than gun shots. I’ve a preliminary hypothesis like all the Bank of Mom and Dad posts it comes down to demographics and pensions/assets.


  • Long term illness is good because those people will die sooner. They can be shuffled around on Centerlink or by ROBODEBT type schemes, and even though they will be on support much if can be denied for Lots-of-Reasons.
  • Older persons are more likely to die out right. No Mask No Vax in care homes and hospitals means an increase in exposure. The more this group is exposed the higher the probability they will get sick. Depending on their other health conditions they will die sooner than their life expectancy table. (The Swedish Technique)
  • Many countries now claim they have a serious problem with unbalanced age groups. Too many Olders and not enough Youngers. So to help increase the rate of reduction of the Olders you can use conditions like RSV, Flu, COVID19, H5N1 to Move It Along.
  • The numbers like previous posts are large, lots of zeros, lots of money going in many directions: Direct Funds and Indirect Funds, Asset Stripping, Asset ReAllocations, Asset Turnovers, all have impact on the economy.

Of course, I cannot model this entire scheme with a hand calculator, however, “Be Definitely” it is being modeled by Universities, Businesses and Government Agencies of all types and structures.

Clive Robinson March 9, 2023 1:35 PM

@ JonKnowsNothing, SpaceLifeForm,

Thanks for the update on BoM&D and the proliferarion of “Swedish techniques”.

What scares me is in the UK there are yet more new NHS policies from central government that are so ill thought out they should be considered professional misconduct if Drs implement them.

I can name atlrast one practice where the “call back” for emergancy medical issues is “four weeks” but won’t happen untill six or more… Each missed deadline is excused by “your Dr was unwell” or similar. On investigation it turns out “the practice” has laid off the fully employed Drs and replaced them with “temp type locums” who get paid so little some find it better to do “nurse style” bank work which kind of shocked me because there used to be a strong demarcation between being a Dr and a Nurse with different proffessional bodies etc.

But the thing is “your Dr” is a compleate misnomer, you are deliberately discoraged by UK Central Government policy from forming a “relationship” with a Dr.

Which I find worrying, because a Dr you have a relationship with knows you well enough to either diagnose what is likely wrong with you, or how severly it is effecting you before you get to sit down. Something that does not happen with voice / video calls.

Then there is the “you’ve committed a serious criminal offence for which there is no defence” issue. Drs have been told to use a “Photo sharing” system run by a third party service provider where you upload a picture of your effected part… Well what ever you do say NO if it’s someone under 18years old because it can be considered CSAM under law that has both mandatory reporting and a no defence legislation stricture. So photographing say a nasty graze or similar on your childs hip or bottom from comming off of their push bike or park play-frame etc will get you arrested, convicted and forced to sign the sex offender register… Oh and that still applies for say a teenager effectively taking a selfie of their afflicted body part, even though they are technically not “legally responsible”.

It’s a central government ministerial madness that is getting worse not better on an almost relentless path to full on lunacy.

MarkH March 9, 2023 2:19 PM


Perhaps you missed, there was a very disturbing example in the U.S. which came to light a few months ago.

Worried about some rash or swelling on his infant son’s privates, a father called the pediatrician, who instructed him to send some photos. One of them included dad’s finger, needed to position the inflamed area so the camera could get it.

This caring father was unaware that all of his photos went automatically to Google.

Google totally and permanently canceled all of his accounts (if you consider that access to many resources is “bootstrapped” by Google accounts, the implications are very broad).

MarkH March 9, 2023 2:22 PM


Among the losses were thousands of photos he had intentionally saved to the “cloud.”

Google also notified his local police department.

The only good news in this story, is that after quite a few months, the police investigation found no evidence of any crime, so at least the man is not on an offender registry.

SpaceLifeForm March 9, 2023 2:28 PM

Opsec, lack thereof

This may be why ‘Former’ applies.

There are sufficient hints in this article that you should have no problem figuuring out who it is.


MarkH March 9, 2023 2:28 PM


I think the conclusion of “misdirection” is mistaken. The Indiana governor has a reasonable concern about waste arriving in his state, although I think it’s strange that the article said nothing about testing for other toxins (like vinyl chloride).

Neither the governor — nor the article — says anything at all about contamination in Ohio, which is actually a different state.

As I wrote before, any one of hundreds of people or organizations can collect soot and send it off to a lab for dioxin testing.

Either they’re all too stupid to do so, or no alarming dioxin levels have yet been detected.

Truth will out.

Clive Robinson March 9, 2023 2:40 PM

@ JG4,

Re : Toxic waste testing.

“Indiana Governor Eric J. Holcomb announced the results of third-party testing on the toxic waste shipped into Indiana following the East Palestine, Ohio, train derailment.”

So the first question I’d ask is,

“What makes it toxic waste?”

Dioxin especially if you use a highly specific definition might not be found above a certain level. But the waste is considered toxic for some reason and there are other chemicals that are a lot worse than Dioxin that could be in it at significant, harmful, dangerous, or deadly levels.

Remember raw caster-oil beans after pressing for oil are called mash or cake and used for making animal feed. It gets “transported” as such. But it contains a highly bio-available little chemical you might have heard of called ricin…

So technically not “toxic waste”, but…

Speaking of eating, most people like chocolate and are happy to eat it. However few of them know it contains a poison called theobromine you would have to eat a lot of chocolate in one go to come to any harm, in fact you would be more likely be harmed by the sugar. However give even a single chunk of chocolate to the pet dog…

The thing is what is very toxic to one species is not necessarly toxic to another.

I often joke I’m on “rat poison” implying the blood thinner Warfarin. However it’s not the only one…

Vitimin D3 (Calciferol) for instance, is what is in your vitamin supplement. You could take quite a lot of it with no noticible harm (upto 4000IU apparently). But your pet rat, not a chance, it’s why it’s used in rat and mouse poison. Unfortunately the pet cat and dog, don’t fare very well at all as it’s very toxic for them as well… It’s use is gaining in popularity as the resultant rodentazide poison is no where near as lethal or unplesant as earlier generation poisons are for humans…

The list of chemicals are thus quite important as whilst they may not be harmful to us they can be deadly to other creatures.

One such you don’t get to hear about but… some types of organic soaps in waste water kill fresh water fish at quite low concentrations.

SpaceLifeForm March 9, 2023 2:48 PM

Re: DuckAssist


And DuckDuckGo puts the burden of fact-checking on the user, providing a source link below the AI-generated result that can be used to examine its accuracy. But it won’t be perfect, and CEO Weinberg admits it: “Nonetheless, DuckAssist won’t generate accurate answers all of the time. We fully expect it to make mistakes.”

Clive Robinson March 9, 2023 3:23 PM

@ MarkH, ALL,

Re : Photos snatched and not returned.

“… there was a very disturbing example in the U.S. which came to light a few months ago.”

I’d sort of heard about it but the source was not always shall we say trustworthy due to excess editorial leaning politically.

At the time I could not find other refrences so I treated it cautiously.

I’m glad he was not prosecuted, but it does show how easily you can become a criminal in some organisations eyes, even though eventually your name gets cleared your life does not return to where you were…

The other point to note is “backups” and similar like YouTube videos. If you do not have the original uploads 100% under your control there is an increasing probability they will be snatched away from you and you will have no redress.

Why increasing probability? Because the folks on The Hill want to chew more than Zuckerburgs ear, they want fresh meat, new legislation and masive fines to crow about.

So shareholders are going to insist that social media and similar will avoid scandle to avoid attracting the eye of rapacious prosecutors on the make.

As we’ve seen with Twitter and Moderators politicos can get insistant and I suspect the EU will get it’s way and Hell-on Rusk will have to throw even more out the pram.

[1] From what some pundits have been saying not only is Twitter sinking like a brick in the ocean, Hell-on is having to burn currency just to keep it in sight. Thus stories are saying it is worth less than nothing and never will be anything else. I suspect they only mean in the short term, but if I had money in any Social Media or related Organisation including Microsoft and Apple, I’d be looking for a safe haven to wait out the comming storm.

MarkH March 9, 2023 3:49 PM

@JG4, Clive:

Those without technical awareness tend to use language unthinkingly. Probably a better term for the soil would be “site cleanup waste.” Some of it might be heavily contaminated with God-knows-what toxins, whereas the majority is likely to be ordinary soil and gravel.

I may have found the answer for why testing is only for dioxins … apparently, that was the Indiana governor’s decision.

At the time of the spill(s), dioxins were probably very low on in terms of comparative toxic hazard, though some of the toxins were volatile enough that perhaps they’re gone.

It would be best for the governor to consult experts, and order toxicity testing based on their recommendations.

MarkH March 9, 2023 4:34 PM


I got the story from the factually careful NYTimes. The “offense” occurred in February 2021; the Times wrote it up late last August.

Looking it up, I see some inaccuracy in my recollection: the child was a toddler, not an infant; and it was his mother who took the photos, one of which included the father’s hand.

Initially, the police department couldn’t contact the “suspect,” because he used a Google phone account to which he had, of course, lost access.

10 months passed before the police department sent a letter, including the investigator’s statement that “I determined that the incident did not meet the elements of a crime and that no crime occurred.”

The story ended by saying that Google’s decision was not appealable, but because the search warrant was so broad, the police department had ALL of the data; the dad was hoping he could get it back from them.

SpaceLifeForm March 9, 2023 7:30 PM


Re: “metadata isn’t classified.”



In other news, a crooked congresscritter is in deep shit.


George #Santos masterminded 2017 ATM fraud, former roommate tells feds

“Santos taught me how to skim card information and how to clone cards,” Gustavo Ribeiro Trelha, who was convicted of felony access device fraud, said in a sworn declaration submitted to the FBI.

lurker March 9, 2023 10:28 PM

@SpaceLifeForm, re duck assist

Looks like what we used to call back in the day Instant Gratification, and there used to be a human webmaster to take the rap. The article seems to say their AI is only regurgitating Wikipedia pages, so can we expect the Wikipedia hack to come back in fashion?

Earl March 10, 2023 12:48 AM


Chinese have for the past decade being putting Quantum Cryptography using entangled particles that form part of a generalised OTP system into space craft

I think that Satellite based QKD is, at least least for the time being, mostly based in Prepare & Measure protocols (not entanglement).
And even for these PM protocols the throughput is probably not enough for a OTP schema (for very few, very short messages… there it is).
But if entanglement is considered, the throuput would be clearly impractical for OTP.

For instance:, with entangled Satellite QKD performances up to 1 bit/second at best.

Clive Robinson March 10, 2023 3:48 AM

@ Bruce, ALL,

New twist on APT being persistant

This is one of these attacks that are,

“Obvious with hindsight, but not obvious if you have not thought about it with foresight.”

The APT code survives firmware updates because the developers of the target device were not thinking[1] with foresight when they developed it.

It effects some SonicWall products and is punted as having a Chinese nexus by Mandient (make of that what you will it’s not important technically).

What the APT code does when the device becomes infected is instal a loop that every few seconds checks if a firmware update has started on the device.

If it has the APT code waits untill the zip file has finished downloading.

If it has it unzips it adds in it’s APT code, and zips it back up.

Then alows the update process to finish with the now infected zip file.

Yup with hindsight it sounds obvious, after all it’s a varient on Ken Thompson’s 1984 Turing Award speech that outlined the “Trusting Trust” attack[1]. But if you examine a lot of “Signed Code Update Processes” used in embedded systems you will find this “security hole”[2] in them.

As so many make this “security hole” mistake, they should consider atleast one way to solve it[3] to decide the “Why? and How?” of their closing it.

You can read the boring stuff 😉 about this specific APT attack at,

[1] What few realise about countering “trusting trust” attacks is it’s easy to get wrong. In fact they nearly always become an imposible regression problem on current computer architectures. To see why think about the load and linker processes on a computer to put an executable in RAM. It’s incorrectly assumed to be a trusted process, so once the executable is loaded into RAM it’s assumed to be trusted from then on. So no further checking during execution is carried out. (the “loader-linker” is a Shannon Channel, and the actual code execution is the transaction).

As we all should know from certain types of malware, the code in RAM can be changed or overwritten at any time and in conventional computer architectures won’t be detected (hence memory tagging of CHERI). But as RowHammer proved beyond any doubt, conventional hardware and even tagged memory will not stop RAM being illicitly altered during execution (it’s one of several “bubbling up” attacks for which we have few or no defenses for currently).

Having known about the RAM bit flip issues with radiation and how Parity based ECCs were not reliable back in the 80’s when involved with the design of Space Payloads, it came into my thinking and in part gave rise to “Castles -v- Prisons” and the notion of “Probablistic Security”.

[2] I’ve said it before quite a few times but people don’t pick up on it. Code signing especially as many implement it has major problems,

“It does not do anything more than sign an archive of the code at a point in time.”

And also a lament I’ve made since the mid 1990’s about several security functions (but especially about online banking),

“It Authenticates the channel, not the transaction.”

In the case of “Code Signing” it opens a significant security hole because it authenticates,

“A hash of the code archive not the code it’s self.”

So once past the “authenticate the hash” stage you’ve authenticated the delivery channel not the payload.

Think of it in a physical security analog as,

2.1, Checking the delivery code for a box at the loading dock door (but not the contents of the box).
2.2, The box is then put unopened in the building internal mail system.
2.3, Intetnal mail open the box to check for bomb/chemical attack or illicit goods (but do not check the BOM on the delivery note).
2.4, The final recipient gets the opened box thus potentially tampered with contents some time after when it’s put on their desk.
2.5, Unless the final recipient checks the contents against the original order, they won’t know if what is on their desk is what they ordered.

Which is why some of us do check the contents of the box against the original order at the door infront of the courier or sign it “unchecked” if they won’t wait (Amazon for instance are known to put the wrong stuff in a box such as a cheap disposable film camera, not a very expensive Digital SLR).

But many code signing systems designers only do the equivalent of step 2.1, so any old piece of code can subsequently overwrite the original signed hash payload. And the later stages of the update ie the actual installer process will not know or care as long as the code file is in the right format for the actual installer process (in this case a zipped file).

[3] To understand and design the solution should be obvious once the process failure[2] is known and understood. But it’s obviously not to most code signing system developers, so we can assume either the process failure is unknown to, or depreciated by the developers. So to go over it,

The hash check is simply a Shannon Channel process, through which a payload of the code is delivered. This payload is then pased to the transaction which is another independent process which is or is part of the actuall final code install process. As these processes are,

“Sequential, not Atomic processes”

If an attacker can get to the payload after the archive hash check, but before the final install process then it’s “game over” for security. The solution is to make the two sequential processes of “code check and final instal” a single atomic process, with a “brick proof” abort process.

That is the “signed hash of the archive” is the wrong security process to use in “code signing” you actually need to use a form of cryptographic chaining inside the code which is checked continuously in the actuall install process.

I designed such as system for “Broadcast Warehouse”(BW) for their first “Audio Processor” way more than a decade ago. It used a form of chained stream cipher over blocks with a strong MAC as the BW audio product development leader had four main desires,

3.1, Prevent “bricking” of the device.
3.2, Tie the download to an individual device.
3.3, Obfuscate the runtime code, to prevent analysis.
3.4, Keep the size of the secure update runtime code to a minimum.

The reason for 3.4 is not as critical these days, but back then it had to run on a low cost low electrical power microcontroler with a lot of other runtime system code, so resources were tight.

Hence step 3.2 which has the advantage of using a “shared secret, root of trust” so you don’t need to use Public Key signing and the massive ROM and CPU cycle penalties involved. Giving three advantages, firstly a much lower cost microcontroller could be used at a lot lower electrical power thus heat. So secondly it could be fully encapsulated within a security mesh system embedded in quartz dust loaded epoxy which is regarded as being nearly “tool proof”, effectively as a “mini HSM”. Thirdly it also gave “revenue and theft control” as getting updates for the device was a paid for service for each device, and devices reported stolen could be bricked if the actual original purchasor wished that it be done.

FA March 10, 2023 4:05 AM


You realy should atleast try comparing and contrasting when making the statments you did. Things you realy should have picked up on and mentioned but strangely you did not…

Which ‘statements’ do you refer to ?

Clive Robinson March 10, 2023 5:09 AM

@ Earl,

Re : Chinese and Secure Comms Sats.

“I think that Satellite based QKD is, at least least for the time being…”

The problem with that is two fold,

1, We only know what the Chinese tell us or we can surmise.
2, The development of Quantum Comms systems moves in fits and starts.

So whilst in the Open Community we can guess like we can with the NSA and GCHQ, we actually don’t know what progress the Chinese have made.

I opted for talking about entangled particles for two reasons,

1, It is as far as we know the most secure system.
2, It is relatively simple to understand.

So people can reason about it.

If you look back at the thread that has comment about the Chinese balloon flying over the US I did talk about the practical realities of getting data back to China from the balloon securely.

One of the problems about posting to this blog if you do it regularly (yes that is a hint 😉 is that there is a very wide range of ability in any subject area in the readers. So you have to pick examples that are simple enough for someone with a reasonable high school education to understand, through to sufficiently complex that domain experts at the upper end of the research end of things won’t turn away. As I want to encorage STEM I tend to err towards slightly above the high school “science project” level.

Look at it this way, if I can get just two new people interested and go on to entering the game, then I’m ahead on points 😉

It’s also why I say anyone can use my ideas but with two conditions,

1, They acknowledge not just me but @Bruce our host as well.
2, If they ever meet either of us they buy us two drinks.

Why two drinks, well that way when Bruce and I ever do meet up, we can buy the other the appropriate number of drinks 😉

As I drink mostly tea it should be fairly cheap not sure what Bruce drinks[1] (I used to know Terry Pratchett and his taste in drinks was good quality brandy and various cocktails in the bar after hours, and sometimes in hours, as he noted “book signing is thirsty work” 😉

[1] There are sites like “” and Ankesh Kothari’s Buy Me a Beer WordPress plugin, maybe Bruce should set one up 😉

Winter March 10, 2023 5:23 AM

Re : Chinese and Secure Comms Sats.

“I think that Satellite based QKD is, at least least for the time being…”

This is what was published in 2017:

Satellite-to-ground quantum key distribution

Quantum key distribution (QKD) uses individual light quanta in quantum superposition states to guarantee unconditional communication security between distant parties. However, the distance over which QKD is achievable has been limited to a few hundred kilometres, owing to the channel loss that occurs when using optical fibres or terrestrial free space that exponentially reduces the photon transmission rate. Satellite-based QKD has the potential to help to establish a global-scale quantum network, owing to the negligible photon loss and decoherence experienced in empty space. Here we report the development and launch of a low-Earth-orbit satellite for implementing decoy-state QKD—a form of QKD that uses weak coherent pulses at high channel loss and is secure because photon-number-splitting eavesdropping can be detected. We achieve a kilohertz key rate from the satellite to the ground over a distance of up to 1,200 kilometres. This key rate is around 20 orders of magnitudes greater than that expected using an optical fibre of the same length. The establishment of a reliable and efficient space-to-ground link for quantum-state transmission paves the way to global-scale quantum networks.

Clive Robinson March 10, 2023 9:51 AM

@ Bruce, ALL,

Remove this door device before it wrings you out

You might find this of interest,

Longterm readers know I used to design electronic locks, enviromental, and other hospitality industry security and privacy related systems for a company called “uniQey” that used to be Opposite the BBC Rehersal Stages in Ealing West London.

Thus I’ve had occasion to think about both physical and informational security of doors and their multitude of functions, since then.

Which is why I keep an eye on the likes of the horrifying for privacy Amazon Ring etc.

Well what can I say about The Akuvox E11 “video door phone”?

I could start with “words fail me” but that would not be very informative.

ARS Tech’s take on this brain dead design video door phone on steroids is,

“Go ahead and unplug this door device before reading. You’ll thank us later.”

Before saying that it,

“is riddled with security holes.”

So where to go from there? Well, you could say “don’t buy it” or “take it back for a refund”, but that’s not describing the horror of it, or necessarily what you can do (see below about agents).

For starters it’s “Network Connected” which is never a good sign as anyone with a modicum of “Cheap IoT Devices” esspecially those that got used for “Distributed Denial of Service”(DDoS) system attacks will tell you.

Which is why the usual advice on IoT devices is “segregate, throttle and put behind a firewall”, but with this device that is clearly insufficient. Why? Because as the article indicates, there are 13 serious vulnerabilities that have been found that,

“include a missing authentication for critical functions, missing or improper authorization, hard-coded keys that are encrypted using accessible rather than cryptographically hashed keys, and the exposure of sensitive information to unauthorized users.”

Enough badness yet to make you feel twitchy in the presence of one of these devices?

Well apparently the Chinese manufacturer is not interested in discussing thus resolving the issues…

But because they are inexpensive, look cool and alow remote access to their functions, quite a few buildings come with them installed by the buildings managing agents…

And because the managing agents can access pretty much all the functionality remotely and much of the communications are in “plaintext” and poorly or not authenticated, then so can crooks and worse have the freedom to play…

Read the ARS article for even more badness, but first a “moment alone with it” with a hammer and screwdriver appears to be good advice.

On a score of “one to ten” I think there is probably a very large negative number heading it’s way…

This is not a “product review” more a “run for your life” warning of the sort given in Zombie movies.

Earl March 10, 2023 12:32 PM

Re : Chinese and Secure Comms Sats.

Totally agree… provided that the reader already has some clues about Quantum Entanglement, it is much easier to understand the “magic” of QKD based in Entanglement protocols that in based in Prepare & Measurement protocols

From the that paper (
“In our experiment, we use the decoy-state Bennett-Brassard 1984 (BB84) protocol for the QKD…”
That is, based in a P&M protocol.

JonKnowsNothing March 10, 2023 12:59 PM

@Clive, MarkH, Winter, SpaceLifeForm, All

re: SARS-CoV-2 in rodents

Study New York City rat population has COVID 09 2023

  • SARS-CoV-2 Exposure in Norway Rats (Rattus norvegicus) from New York City
  • htt ps://

Older Reference to Mouse COVID 09 2022

  • Structural basis for mouse receptor recognition by SARS-CoV-2 omicron variant
  • ht tps://


ht tps://en.wikipedia.or g/wiki/COVID-19_pandemic_and_animals

SARS-CoV-2 has also been detected in the following animals:

  • Cats, dogs, ferrets, fruit bats, gorillas, pangolins, hamsters, mink, sea otters, pumas, snow leopards, tigers, lions, hyenas, hippos, giraffes, tree shrews and whitetail deer can be infected with and have tested positive at least once for the virus.

Add in rats

Avian cross over

  • Summer of 2022, two cases of SARS-CoV-2 infection were reported in swans within China.

Marine Environment

  • research shows that the virus can also be transmitted to the marine environment through stool and urine from infected individuals
  • improper disposal of personal protective equipment and disinfecting materials poses a great threat to marine mammals

ht tps://

  • List of approximately 50 animals

(urls fractured)

MarkH March 10, 2023 4:22 PM

Two-Headed Beast Sighted in the Wild


Thanks for alerting us to the new Norfolk Southern (NS) distributed locomotive policy.

Last night, I was parked near a busy NS main line; when a train arrived, looking to see how many locomotives, I was sure of only one at the head — but had never seen a single-engine train on that line.

I was organizing things in my car when I was confused by an unfamiliar sound (I’m very accustomed to the sound of these trains) … there was the second locomotive, bang at the end!

It was my first sighting of a push-me-pull-you train on that main line.

MarkH March 10, 2023 4:28 PM


I suppose that train must have crossed the new 10,000 foot threshold; I would have guessed it to be shorter, but had paid little attention.

Later I saw a train I estimated at 6,000 feet with only head locomotives.

Oddly, the engine at the rear of that first train had an end-of-train unit. The only reason I could think of for putting it there, is to provide a redundant channel for emergency brake application at the rear of the train: if the loco doesn’t get the message, the EOT unit likely will.

I think it would be better for stability to put the radio-controlled locomotive farther ahead (perhaps at 50 to 65 percent of length) … perhaps they’re preferring cheap/easy to safest.

Clive Robinson March 10, 2023 5:21 PM

@ JonKnowsNothing, MarkH, SpaceLifeForm, Winter, All

Re : Rodents and pathogens.

“Study New York City rat population has…”

There is a latin term for certain species of rodents which effectively translates to,

“Eats from the plate of man”

Which actually tells you three important things,

1, Our sloppy behaviour creates a rodent nirvana not just on our door steps but in our homes.
2, That like the pathogens we don’t see they know no boundry between rich and poor.
3, Disease transfer between rodents and humans is going to happen more than any other class of creature except highly concentrated live stock which also attracts rodents.

So we have to consider the “Domestic Mouse” and “Sewer Rat” as ever present companions as both disease vectors and disease reservoirs.

Which you might remember was one of my major concerns in early C19.

What many are perhaps not as aware of as they should be is where the dominant “Omicron” VOC and later clade is assumed most likely to have originated from[1] (rodents).

If we are seeing domestic/sewre rodents as a reverse zoonotic vector then this does not bode well with regards other viral pathogens you mentioned.

I guess we have to “wait and see” because the significant elimination of mice and rats from the environment and away from humans can not be done (not just “cure worse than the complaint” issues).

[1] We know aproximatly from where Botswana / South Africa, but from what is less certain. There are three contenders, starting with the least likely,

1, Molnupiravir used in human
2, Immunocompromised human
3, Reverse Zoonosis

Based on a number of factors it’s most probable it’s reverse zoonosis through domestic live stock or rodents in close human contact.

However other research in the New York sewers has shown that reverse zoonosis from mice, rats, or feral cats and dogs is high on the probability due to strains with similar charecteristics to Omicron but not seen in clinical origin sequencing,

As far as waste from mamal dietry systems is concerned humans are most likely to come into contact with it from mice. Howrver scratching and biting transfer by blood contact is in Southern Africa most likely to be from livestock or rats.

Thus mice or rats are the most likely commonality with New York and Southern Africa with infection via scratches or bites high up on the vectors for reverse zoonosis.

Winter March 10, 2023 5:24 PM


That is, based in a P&M protocol.

Probably, but I would not know and would not understand the difference. People said it was a breakthrough, and quite a lot has happened since in the field. So I would not bet against it.

Winter March 10, 2023 5:28 PM


re: SARS-CoV-2 in rodents

It has become endemic like seasonal flu. We will have to learn to live with it.

Could this have been prevented? Maybe? Will people learn from it? I would be very surprised if they did.

Clive Robinson March 10, 2023 6:36 PM

@ MarkH,

“I suppose that train must have crossed the new 10,000 foot threshold; I would have guessed it to be shorter”

It may well have been shorter when you saw it than it started out, remember part of the issue –still not addressed– is that for “speed of operations” NS order the train carriges not in “the safe order” but by “destination” so that only one decoupling is required for each destination along a longer route (now two with a “banker” if it’s coupled).

Whilst distributing the “power” will help in locomotion my concern is “braking” the ordering is still not in the “safe order” for that, and I suspect that in the near future NS will have another event that will show this to be the case…

But what realy scares me is that the traction and braking the engines provide will be kept in sync by “radio”.

Accidental jamming or drop out of radio links is rather more common than people realise, especially at more than around a mile distance using VHF or UHF (ask walkie-talky users in urban environments about this).

NS has made it clear that rediculously long and dangerous trains are what their share holders want as long as adverse publicity remains low… So it’s not hard to see what is likely going to happen to train lengths in the future.

The problem is if you have multiple traction/braking units and one or more looses communications,

“What should it do?”

There is actually no real “fail safe” in a simplex radio system and even duplex systems are not going to be “reliably” fail safe except on paper (it’s something I’ve found out the hard way with designing RTU systems for use on ships for linking upto buoys for loading and unloading petro-chemicals off-shore).

MarkH March 10, 2023 8:08 PM


I’ve long wondered about the reliability of locomotive radio control, but have no data on the matter.

Distributed power is used often (though hitherto, not in my region); as a practical matter of operations, if remote control failed often, it would cost more than its intended economic benefit.

I doubt that the radio links have even a tiny fraction of the security precautions we would hope for, but can do their job with net channel capacity of a few bits per second — low data rate can make many things easier.

If an RC engine isn’t responding (crews probably have more than one way to identify this), they can safely (but at great cost) slow the train to a stop. The air brake signal doesn’t depend on propagation conditions and can’t be remotely jammed.

MarkH March 10, 2023 8:12 PM


I’ve no data on the reliability of locomotive radio control, but reason that if it failed often, it would cost more than it’s supposed to save. It’s used a lot, though not (previously) in my region.

The radio links have one considerable advantage: a few bits per second of channel capacity is sufficient.

If a remote engine isn’t responding (crews probably have more than one way to recognize this), they can safely (but quite expensively) slow the train to a stop. The air brake signal will reach the distant locomotive even if the radio signal doesn’t, and can’t be remotely jammed.

SpaceLifeForm March 10, 2023 9:14 PM

@ JonKnowsNothing, Clive, MarkH, Winter, ALL

I’m curious.

qWhere did the rats get tested?

Did they get PCR or Rapid? /s

JonKnowsNothing March 11, 2023 2:33 AM

@SpaceLifeForm, Clive, MarkH, Winter, ALL

re: Where did the rats get tested? Did they get PCR or Rapid?

I am not sure what triggered the collection of rat samples, but the rats where collected as part of the NYCity rat removal program, which is not very successful in the removal part. Several animal organizations participated. Something must of gone “ding” though.

Some of the rats were captured and tested using PCR. I dunno if the rats were alive or collected dead. The NYCity rat abatement program generally results in dead rats. Dead rats would not really have been too much of a problem, since the rats got dissected, sliced and diced under microscopes and samples stuffed into test tubes and incubation trays.

They had enough rat stuff to run multiple tests, which shows the rats have been exposed to several generations of SARS-CoV-2, not just the current Omicron variant.

All done in an high security lab. We may have to come up with an acronym for this, ’cause there are enough non-committed committees and hard of hearing hearings around.

Rats and Swans, make for an interesting future.

JonKnowsNothing March 11, 2023 3:01 AM

@Winter, All

re: SARS-CoV-2: We will have to learn to live with it.

Many will not live after contracting it and many who “live with it” will have diminished physical and mental abilities.

Each iteration of infection, makes a person more susceptible to the next infection, and each infection increases the probabilities that “living with it” is the end outcome.

“Living with it”, does not preclude you from having Yet Another Round, and may increase what is already difficult in another aspect. A buffet of aspects to chose from.

There is no living with it. Herd Immunity has been jettisoned because there is no immunity to infection or reinfection.

To restate your phrase:

  • Everyone will get sick. Some will be sicker than others. Some will die. Some will be incapacitated. Everyone will get sick multiple times a year. (1)

There is nothing to “learn”. No amount of Cliff notes or ChatGPT essays will work.

  • My Antibodies Don’t Read.


1) In the USA we declared victory over SARS-CoV-2 and as a result, medical care for COVID illness will no longer be funded by the Federal Government. State medical care will be intermittent depending their alignment with TheRedCaps.

Vaccines are no longer “free” and cost $135/jab. Some States will pick up the tab, some pick up part of the tab and some don’t have a tab for a jab.

There will no longer be free RATs or PCR tests, unless covered by your medical insurance policy.

If you get COVID and need hospital care, what care you get will depend on your health insurance coverage. If you don’t have health insurance, you won’t be getting care unless you can pay out of pocket.

Long COVID comes under a variety of programs that can be labeled No Care For You. As there is no single definition for Long COVID, and the symptom list covers a plethora of symptoms, it makes it much easier to say No Care For You.

Winter March 11, 2023 3:50 AM


“Living with it”,

“Living with it”, means: it cannot be eradicated anymore.

Until we find a vaccine that blocks all transmission, the virus will be with us like the flu is. People die from it every year. But there is nothing we can do except putting everyone in isolation.

Clive Robinson March 11, 2023 6:18 AM

@ JonKnowsNothing,

Re : I looked and saw the future that is only part here.

“Many will not live after contracting it and many who “live with it” will have diminished physical and mental abilities.”

I predicted and wrote on this blog, the loss of genetic diversity C19 would cause, also the autoimmune disorders it would cause, I also predicted that some will take a couple of decades to show up.

I’m not a clairvoyant or have crystal balls. What I have is the science and record, and the simple ability to put the two together and draw reasonable conclusions.

I applied the same to vaccines and concluded mRNA was not going to be without incident or harm… Which is why as I had a choice I elected not to go with mRNA but that only left one of the adenovirus family vacconrs which I would also have rejected if there was another more “traditional type” available.

However I did not see the harm being anywhere near as high as being 1 in 600 for one mRNA vaccine and 1 in 800 for another. Nor did I predict what would happen to me after my second shot of adenovirus family vaccine.

The entire human race has been irreprably harmed by C19 that could so easily have been stopped in it’s tracks. But no, “Business as usual” was the message from the blond buffoons smirking under their blow dries.

Knowing all the while they had better than the best healthcare that money can buy available to them. That is they thought themselves safe so could “keep the money rolling into the pockets of their chosen few” no matter where it gets everyone else…

But as I indicated long before C19 disease is no respecter of, status, money, power, or control… The forces of nature are no respector of mans vanities, something King Canute had to demonstrate to the sycophantic courtiers.

And in the case of one of the blow-dries he got not just infected, but an entire hospital ward to himself and an entire hospital department. Those resources that were baddly needed by hundreds if not thousands of others were effectively wasted, just so he could go back to breaking all the rules and P155ing it up with other law breakers under him. Begging the question,

“No wonder he got infected, so why did he merit the treatment he got?”

Millions have needlessly been sacrificed and millions more will be and for what?

If we on this blog could reason where it was going to go “along the silk road” and touch down in the West, so confidently say “stop the planes” and cruise ships and implement propper quarantines to stop community spread[1] so the outcome would have been different. Why could they not, or did they know and deliberately chose?

Those Bank of Mom and Dad (BoM&D) figures suggest what many dare not contemplate.

[1] All of which were shown in other parts of the world to be entirely effective so the politicians were eventually forced to do them, but way to late and ineffectivrly to be effective in the northern hemisphere.

lurker March 11, 2023 12:28 PM

@Clive Robinson, re crystal balls

One singular is usually sufficient for most soothsayers. Use of the plural might imply some other miraculous powers.

JG4 March 12, 2023 9:03 AM

@The Usual Suspects

This is by far the best article seen thus far in the popular press on dioxins from the train wreck. The experts agree, burning vinyl chloride produces dioxins. Maybe someday someone will do the appropriate testing. It probably won’t be the EPA, the railroad or their contractors who get the testing right. They haven’t been falling all over themselves to get it done. More like strenuously avoiding it. And they already looked in the wrong place once.

The 2-mile radius and 277 sampling sites seem arbitrary and capricious, but would be a good start. The EPA are wrong again about the risk that dioxins were produced during the fire being low. I have some notes from a previous incident where the EPA appeared to act with malice aforethought to hide radioactive contamination at a landfill in Ohio, by allowing or encouraging a contractor to carefully avoid samples from the contaminated areas. Good thing that never could happen again.

Dioxins have forced entire towns to relocate. Testing could reveal if they threaten East Palestine.
Evan Bush Thu, March 9, 2023 at 5:23 PM EST·6 min read
In key ways, the smoke-belching fire in Ohio offered the right recipe to create dioxins, which can linger in soil and animals.
When the Environmental Protection Agency last week ordered testing for dioxins after the recent train derailment and fire in East Palestine, Ohio, it acknowledged that residents could be facing a familiar and infamous foe from its past.

“I saw that cloud up above East Palestine, and I was immediately concerned about dioxins,” said Dr. Ted Schettler, a retired physician who is the science director for the Science and Environmental Health Network, a nonprofit group. “This is exactly the circumstance where you expect dioxins to form.”

Dioxins, if found in even small amounts, could reshape food webs, impact people’s long-term health and alter East Palestine’s long-term prospects.
“It doesn’t take much compared to other toxic chemicals,” said Dr. Arnold Schecter who has written a textbook on dioxins and their health effects.

But they can be created any time there’s a poorly controlled fire involving chlorine, which is why the derailment and cloud of smoke in East Palestine are of such concern.
Five of the derailed cars in East Palestine contained vinyl chloride.
“When you burn vinyl chloride, you can generate quite a lot of dioxins,” said Linda Birnbaum, a toxicologist and a former director of the National Institute of Environmental Health Sciences.
She said it’s possible that residents of East Palestine and its surrounding areas could have inhaled dioxins in the cloud of smoke created in the incident.
Any dioxins produced could settle in soil and water where the smoke traveled. There, they could begin to affect animals, contaminate locally produced foods and pose a risk for anyone working or playing with the soil.

Clive Robinson March 12, 2023 11:44 AM

@ JG4, and the usual suspects,

Re : Hazardous train derailment waste.

“The experts agree, burning vinyl chloride produces dioxins. Maybe someday someone will do the appropriate testing.”

It’s not just Dioxins, it’s all the other nasties that people are not realy talking about.

Yes dioxins are nasty and long lived, and difficult to dispose of safely, most who have looked into it know that.

However dioxins have become “the poster child” for some reason, even though there are many worse combustion products to consider.

Whilst I appreciate,

“‘It doesn’t take much compared to other toxic chemicals,’ said Dr. Arnold Schecter who has written a textbook on dioxins and their health effects.”

But as I’ve previously noted other chemicals that would have been created will effect other creatures more than they do humans.

I can not help but get the feeling people in the USG and other “intetested parties” are in effect “running a smoke screen” with the talk about dioxins.

It’s like “scare stories” about long half life radioactive alpha emitters, which occasionaly stop at your skin and then only if you touch them directly, when the real nasty is shortish half life gama emitters acting like a 20mm cannon gun on your DNA from ten yards away…

MarkH March 12, 2023 4:11 PM

@JG4, Clive:

“sites with visible ash will be sampled”

As JG4 noted some time ago, soot (fallout) from the fire can be expected to have high concentrations of toxic products of combustion.

If dangerous amounts are there, they will be found.

I recall reading that EPA was (in the early days) testing for about 80 distinct compounds. I don’t know the derivation or content of the list, but because that’s a large multiple of the number of chemicals spilled, it might well include worrisome products of combustion.

MarkH March 15, 2023 2:38 AM

@JG4, who wrote:

“I have some notes from a previous incident where the EPA appeared to act with malice aforethought to hide radioactive contamination at a landfill in Ohio, by allowing or encouraging a contractor to carefully avoid samples from the contaminated areas.”

I don’t know the specific case. If you can link to a report about improper sampling, I would certainly like to take a look.

There’s an ambiguity with the potential to confuse: Ohio is one of only three U.S. states calling its state environmental branch “Environmental Protection Agency.”

In the case you have notes about, was the relevant actor the state EPA or the federal EPA?

JG4 March 15, 2023 9:13 AM


There are some connections here to computer security at multiple levels. First, the chains of causality in systems engineering are the same in all physical processes. Shannon showed that systems can be optimized for arbitrarily high reliability, even if the components have an arbitrarily high failure rate. If you can engineer a reliable system for operating a nuclear power plant, you can engineer a reliable system for flying a space shuttle. You cannot do those things without very good engineering review processes. Your system can only be as good as the corrective feedback. The nuclear waste problems were created and obscured by hidden processes with insufficient oversight. One of the reasons that computer security is needed is to prevent the creation and distribution of false data, including falsified data on radiation in soil samples. I was delighted to see that IEEE have Transactions on Dependable and Secure Computing. I call these applications life-safety-health to imply that both quality and reliability should be very high.

Didn’t realize that there were two radiation scandals involving the same contractor and agency until I looked it up. There probably are more. I expect that both the state and federal EPA were involved. Don’t have my notes from ~2018 handy, but the first two links tell the same general story that I had seen about five years ago.

Karen Silkwood springs to mind, but there are countless other sad stories of malfeasance, misfeasance, corruption, neglect, coverup, stupidity, and worse, involving radiation. The invisible killer. Not fundamentally different from being poisoned by chemicals. That was a problem during my time in the Imperial Forces.

In recent years, I have seen a disturbing accounts of a radiation accident in Brazil, a burning radioactive landfill in Missouri, leaking nuclear waste buried in NYC and NJ, the women whose jaws fell off from painting clocks and watches, radium water and a lead-lined coffin, and radium infused chocolates and suppositories. We all are being poisoned all day every day by the liars, thieves and murderers. For the most part, they start the poisoning unwittingly, find that it is profitable, and continue doing it after they figure out the implications.

Windscale, Chalk River, Santa Susanna. Burn pits. Radar-absorbing paint. At least they finally started covering burn pit and Agent Orange-related health problems. No consolation to those poisoned in the southwest desert by burn pits that cannot be proven to exist. I encourage the plaintiffs in southeast Asia in their quest for justice.

I recommend making local copies of these articles, in case they should suddenly disappear. I infer from the pattern that there are many other illegal dumps of radioactive materials filtering into groundwater.

2020 hindsight brings corrupted radiation testing into focus at the EPA – Part 1

It will be obvious to the trained eye that Parts 2 and 3 might contain interesting and/or useful information.

2020 hindsight brings corrupted radiation testing into focus at the EPA – Part 4
…[“I wasn’t here and this never happened”]
the following eerie tale: … a truck arrived accompanied by two cars with military personnel. They told Kittinger they had to get rid of some huge metal “eggs.” … One of the men in an Army uniform instructed Kittinger never to mention the eggs to anyone.

Not sure this adds much new information; it seems to be a rehash of the above. It does connect the dots from Ohio to California with the same agency and contractor:

Tetra Tech Corruption Scandal From Uniontown Ohio To Hunters Point/Treasure Island
by repost Fri, Aug 21, 2020 10:58AM
The systemic corruption of the EPA including the criminal cover-up of testing at the Hunters Point Shipyard and Treasure Island by Tetra Tech is exposed in these articles

This is the more recent scandal:

Developer Sues Tetra Tech and Feds Over Hunters Point Project
Land developer Five Point Holdings hit Tetra Tech and the U.S. government with separate lawsuits for special damages Thursday for their roles in the Hunters Point Naval shipyard scandal.
CARSON MCCULLOUGH / February 27, 2020

The Tetra Tech scandal over allegations that the company falsified soil tests in an environmental cleanup project at the former shipyard has been ongoing for over two years.

modem phonemes March 15, 2023 10:35 AM

@ JG4

Shannon showed that systems can be optimized for arbitrarily high reliability, even if the components have an arbitrarily high failure rate.

Where does Shannon discuss this ? Is it the 1948 paper ?

Winter March 15, 2023 12:12 PM

@JG4, modem

Shannon showed that systems can be optimized for arbitrarily high reliability, even if the components have an arbitrarily high failure rate.

Shannon writes:
PDF at

In other words, no matter how we set out limits of reliability, we can distinguish reliably in time T enough messages to correspond to about CT bits, when T is sufficiently large.

This translates to:

Shannon showed that communication protocols can be optimized for arbitrarily high reliability, even if the noise have an arbitrarily high level.

But the time to communicate a message can become arbitrarily long.

modem phonemes March 15, 2023 12:25 PM

@ JG4 @ Winter

Re: reliable unreliability

the chains of causality in systems engineering are the same in all physical processes. … If you can engineer a reliable system for operating a nuclear power plant, you can engineer a reliable system for flying a space shuttle

Does Shannon develop this generalization, or is it developed elsewhere ?

Winter March 15, 2023 12:52 PM


Does Shannon develop this generalization, or is it developed elsewhere ?

I only know of Shannon’s contributions to information and communication science/engineering. If he contributed to systems engineering, I have not heard of it.

Clive Robinson March 15, 2023 4:33 PM

@ modem phonemes, JG4, Winter,

Re : reliable unreliability.

As it was held for moderation lets put it in parts…

Part 1,

“Does Shannon develop this generalization, or is it developed elsewhere ?”

Shannon did not need to show the generalisation, it had been known logically for a couple of millennium before his time.

Also New York Telephone were using the notions of parallel circuits and voting circuits before Shannon’s paper became published.

The important point to note is Shannon was dealing with “information channels” which are rather more general than communications channels people think of.

Clive Robinson March 15, 2023 4:35 PM

@ modem phonemes, JG4, Winter,

Re : reliable unreliability.

Part 2,

The reason as we later found out he was actually thinking of abstract cipher channels.

But the point is the mechanical linkage between two wheels is a Shannon channel as are any causes of information to transfere from one point to another, and even down at the atomic level this notion of information channels holds true.

So any system with parts that transfer information use Shannon channels, even if it’s only down to chemical changes on the surface of a bar of metal.

Which is what @JG4 was saying with,

“… the chains of causality in systems engineering are the same in all physical processes.”

Because the “chains of causality” all convey information from one point to another point (and often in reverse as I’ve pointed out in the past when talking about Bi-directional transducers).

Clive Robinson March 15, 2023 4:38 PM

@ modem phonemes, JG4, Winter,

Re : reliable unreliability.

Part 3,

As @Winter points out,

“Shannon showed that communication protocols can be optimized for arbitrarily high reliability, even if the noise have an arbitrarily high level.”

Think of “Forward Error Correction” protocols, they assume a high level of noise in the information channel. The first order assumption is “the noise is random the signal is not” which means if you send the information multiple times then the information will average up, whilst the noise will average down. The result is if the information is sent often enough, it will accumulate up whilst the noise averages it’s self out.

Clive Robinson March 15, 2023 4:42 PM

@ modem phonemes, JG4, Winter,

Re : reliable unreliability.

Part 4a,

When talking about signals engineers talk about “the energy per bit of information”(Eb) in a “spectrum of noise”(No) as Eb/No and how you can integrate it over time.

Clive Robinson March 15, 2023 4:44 PM

@ modem phonemes, JG4, Winter,

Re : reliable unreliability.

Part 4b,

Noise likewise has energy in any given bandwidth but if your integration is lossless with time the signal energy will add and the noise cancel usually by the square root of the number of random samples (I can demonstrate this if you want but it will chew up a lot of blog column inches).

JG4 March 16, 2023 9:01 AM

Shannon’s observations can be generalized from intangible to tangible, which is to say, from signals to hardware.

Reliable Circuits Using Less Reliable Relays
E.F. Moore and C.E. Shannon
October 1956 Journal of the Franklin Institute 262(3):191-208


An investigation is made of relays whose reliability can be described in simple terms by means of probabilities. It is shown that by using a sufficiently large number of these relays in the proper manner, circuits can be built which are arbitrarily reliable, regardless of how unreliable the original relays are. Various properties of these circuits are elucidated.

Clive Robinson March 16, 2023 11:27 AM

@ JG4, modem phonemes, Winter, ALL,

Re : Shannon and Moore Paper.

I would not bother trying IEEE, Sciece Direct or any other of those sinilar shysters. They will either send you in an endless tail spin, tell you you can get it from the authors or want to charge you large amounts of money.

Which is kind of typical for such MaxProfit journal stealers of IP.

So try instead,

I’m not sure it’s compleat, because after 18 pages and a section on Hammoch Neyworks, it ends prematurely with,

(to be continued)

Anyway the first half dozen pages should give you the drift without having to dig into all the hairy math. They give you,

1, Some of the historical background of earlier work by von Neumman and from Shannon channels (last para page 3).

2, The basics with math most can still get their head around.

The paper makes it clear that it is “theoretical” rather than “practical” relays that are being used.

However it does not realy go on to amplify the fact that relays are standing in for switches, and that switches are standing in for Shannon Channels, which cover any kind of information conveying system including the neurons in your head.

modem phonemes March 16, 2023 11:56 AM

@ JG4 @ Winter @ Clive Ronby

Re: Moore and Shannon paper

Apparently it appeared in two parts:

Journal of the Franklin Institute October 1956.

- “Reliable Circuits Using Less Reliable Relays Part I” on pages 191-208.

- “Reliable Circuits Using Less Reliable Relays Part II” on pages 281-298.

MarkH March 16, 2023 5:35 PM

EPA Testing, 1

@JG4: Thanks for a very long, informative reply to my 1-bit question (I read all 4 parts of the linked article).

I offer a few observations.

[1] The landfill clusterflock started with improper and illegal dumping, which was concealed from the public for many years.

Without that crime (or crimes), the hazard would have been much different; had the improper disposal been documented, the response by EPA and others would have been much different.

For good or ill, the burning of VCM in E. Palestine was done with immediate openness and transparency.

MarkH March 16, 2023 5:41 PM

EPA Testing, 2

[2] As I’ve explained above, if there is medically significant dioxin contamination, it will be IMPOSSIBLE to conceal.

[3] Suppose that evil minions of [insert organization here] want to conspire to hide dioxin contamination. These malefactors might be smart enough to realize that any one of a very large set of other parties can find it.

To put themselves in a position where they failed to disclose contamination — but others with far fewer resources did — isn’t likely to advance their cause or careers in any way.

Truth will out.

MarkH March 16, 2023 5:55 PM

Fault Tolerance, 1


[1] To me, systems achieving higher reliability than their components are by definition fault tolerant systems.

[2] I suggest that design and arrangement for fault tolerance is at least as old as “human behavioral modernity” (perhaps 100K years), but may be quite a lot older.

The survival advantages of certain kinds of organized cooperative activity are so great, that it was of enormous value to collaborate in ways that allowed the work to continue after the death or incapacitation of one or more participants.

Fault tolerance is literally in our DNA (in the sense of genetic repair mechanisms); I think it’s also an inherited behavioral pattern.

MarkH March 16, 2023 6:06 PM

Fault Tolerance, 2

[3] We know well enough that automating what we do behaviorally and socially is generally very difficult and fraught, so imbuing machinery-incorporating systems with fault tolerance is a big complex problem.

[4] Technical discussions of fault tolerance tend to focus on “brute force” strategies like simple redundancy. They can work well, but I think are often overrated or applied inaptly (IIRC, Clive has also expressed some skepticism on this point).

[5] Probably people do a lot of things to make systems and processes more dependable, without thinking of them as adding fault tolerance.

MarkH March 16, 2023 6:19 PM

Fault Tolerance, 3

[6] By my reading, the last fatal crash of a U.S. scheduled jet airline flight was 16 years ago, though since then there has been one passenger fatality from shrapnel when an engine failed (the plane made a controlled landing with no further injuries); The last fatal crash of a U.S. scheduled jet airline flight due to pure technical failure (without pilot or maintenance error) was 26 years ago.

Those spans correspond to roughly 150 million and 250 million departures, respectively.

Those records don’t result from the perfection of all of the people and components; in part, they reflect systems designed to ensure safety even when components break and people mess up.

MarkH March 16, 2023 6:23 PM

Fault Tolerance, 4

[6] I once spent a few unhappy weeks at a Big Phone Company engineering office, which (I already knew) claimed outage rates for their major systems (CO switches, for example) of a few seconds per year.

I learned was that for the most part, their crap software was as lousy as everybody else’s crap software. However, they had created extremely fault-tolerant architectures in which parallel / redundant boxes could crash pretty frequently, with limited effects on end users.

Yes, the whole can be much more reliable than the sum of its parts.

Clive Robinson March 16, 2023 7:47 PM

@ MarkH, ALL,

Re : Fault tolerance.

“[1] To me, systems achieving higher reliability than their components are by definition fault tolerant systems.”

Nope that is not fault tolerance.

It’s potentially but not necessarily “high reliability” which if any faults that do arise can be quickly fixed potentially makes it “high availability”.

Fault tolerance is not realy about the components of the system but how the system behaves in an environment.

Remember all systems will fail eventually without external input, worse even with external input there is the probability that all parts will fail at the same time[1] but it’s important how they fail that takes you into the domain of “fail safe” systems.

Earlier I posted the “Roosters Egg” philosophical question, which is actually like the,

Q : An aircraft crashes exactly on the border between to countries. In which country do they bury the survivors.

Sometimes you have to realise that the question being asked is wrong, and not try to answer it but just say “You don’t bury survivors!” or the equivalent. But that still leaves a problem, that is the question arose for some reason and more often than not it’s important to know why (something people forget when they get excited about AI systems).

When you accept that it’s not practical to design a system that does not eventually fail, you have to ask “What do we do when it does fail?”

This leads on to the notion of “soft failure” amongst other things. Put simply another system seeing that the first system has failed tries to get the over all system to fail gracefully in a way where the operators have time to do things the system can not, or was not designed to do, or failing that fail with the minimum of harm.

If you look at the design of systems that are inherently unstable in operation and can enter a cascade or chain reaction failure the design philosophy is to try to fail in a manner that would cause the minimum of harm.

But can you actually do that? The answer is “you have to make assumptions”. In large vehicles such as ships and aircraft you have the possability that the operators become incapacitated. In civilian aircraft the usual practice is to adopt a straight, level flight path. Which is fine untill the fuel runs out not far past it’s desired destination. What you don’t get told is what plan B is since 9/11. Which is to shoot the plane down whilst over a sparsely populated or non populated area, regardless of if there are live passangers on board or not.

Similar with ships though in some cases it’s to put the ship in a circular course. This is based on the assumption that the vessel will eventually become “adrift” and can thus be “salvaged” rather than pile up on some costline spilling thousands or tens of thousands of tones of cargo like crude oil along the coast line.

The thing is any “predetermined action on failure” is only a “best guess” and very unlikely to be optimal though computers are trying to change that on ships. That is the auto-pilot system knows where the ship is and has information on wind and tide. In theory if a failure happens it can make the same or similar decisions a human could given the same set of information.

The problem is the computer is not aware, it relies on sensors, if the sensors fail, it can turn what would have been a nusance into a disaster and has done in the past[2].

[1] Some years ago on this blog I had to explain what the difference was between fail states and the probability of those states occuring. Take a jumbo jet it has four engines if we assume each engine has a binary working state then there are sixteen states. The desirable state is all engines working correctly, the undesirable is all engines not working. As a design you try to make the first probability as high as possible and the second as low as possible. However the seccond state can not be avoided therefore you have as an engineer to design in mitigation or contingency depending on your given domain jargon.

[2] An aircrafts air speed can be judged in a number of ways, but primarily it is via pitot tubes. As passive sensors they do not in any way effect the aircraft and it’s ability to fly. So provided the pilot is alert and aware then they can use other sensory information instead of the pitot tubes,

Not so the auto-pilot, which can make wrong determinations and cause confusion, where it otherwise would not,

modem phonemes March 17, 2023 11:54 AM

@ Clive Robinson @ JG4 @ Winter @MarkH

Because the “chains of causality” all convey information from one point to another point (and often in reverse …

The 1948 Shannon paper analyzes communication as an information source, message sent, transmitter, channel (signal + noise), receiver, message received, destination

It seems then one has to find the analogues of these components in physical processes or chains of causality.

But any physical components making up the chain would themselves have to be able to be described in this way, and so on. The abyss of an infinite turtles regress seems to open up.

Where do we touch bottom ?

Clive Robinson March 17, 2023 3:25 PM

@ modem phonemes, MarkH, Winter, ALL,

Re : Shannons information view of the world.

“It seems then one has to find the analogues of these components in physical processes or chains of causality.”

Yes and usually it’s not particularly difficult to spot the major information exchanges,

“Just follow the energy or matter”

Information has no physical presence in our physical world of matter / energy and forces.

The way we interact with information to,

1, Communicate it.
2, Store it.
3, Process it.

Is by impressing it on matter or modulating it onto energy and interacting with the energy or matter.

So where ever energy or matter move some level of information is transfered in a Shannon Channel.

So often the hard part as far as security is concerned, is not finding the channels, they are alas everywhere. But assessing their information bandwidth capability and what information can get into that channel both under normal and abnormal operation.

The prime example of this was back in the late 1980’s and through the 1990’s with “smart cards” and information leakage through the power usage spectrum on the power supply leads. Also as I demonstrated that low power VHF through microwave EM signals could pass through or be reflected off of a chip and be “crossmodulated” with the CPU signals, and carry them quite some distance.

(The opposit was also true, if you could get a sync signal, you could inject fault signals via a modulated EM carrier).

Clive Robinson March 17, 2023 7:46 PM

@ JG4,

Re : Dioxins found no surprise there.

“Levels of carcinogenic chemical near Ohio derailment site far above safe limit”

Colour me unsurprised both of us expected Dioxins to be there, the only question as far as it was concerned was “just how much”.

And at way more than ten times the level cancer is expected to happen I guess it’s just a question of time, and how long the politicians can keep saying “Nothing here to see” as the proverbial three headed dog that is the hound of hades[1] starts snarling at your leg or worse…

But I’ll be honest with you and say as bad as Dioxin is, it’s the other nasties that concern me equally and nobody is talking about those…

Just so every one understands every time you burn even moderatly complex carbohydrates and similar organics at the low tempratures you would expect in either an open or barrel burn, you will always get carcinogens or equivalent chemicals that will interfere with living processes[2].

Similar is expected with solvents and similar chemicals especially the chloronated ones such as carbon tetrachloride, chloroform and other anesthetics, Halon combustion suppressants and refrigerants and dry cleaning and de greasing solvents. Most of which form real chemical nasties if they get hot enough[3].

[1] Cerberus of Greek Mythology is a large hound with three heads decided to police the entrance to hades,

I guess the question is when is some joker going to post a “Welcome to Hades, population 2000+50halves” or similar.

[2] Heck we know about cigarettes being carcinogenic, like wise cooking food that like wheat or other grains beyond light brown, so a piece of dark toast for breakfast might taste nice but is apparently nearly equivalent to smoking a pack of twenty cigarettes. Likewise any vegtable that gets “over cooked” like some fried or roast vegtables (but heck they can taste nice).

[3] Most people have forgotton about “Carbon Tetrachloride” and Chloroform. Both were used as anesthetics up untill the 1860’s when their downsides started becoming apparent, such as increased likelihood of cardiac arrest and the damage they caused to internal organs such as the liver and kidneys became clear. They also got used up until the 1980’s as a “dry cleaning” or “grease remover” for clothes and light machinery. As carbon Tet was found to be an effective fire extinquisher, the brass hand pump extinquishers were in common use in WWII (WAF’s ofte nicked a bit out of them to use to clean clothes/uniform such that most of the extiguishers quickly became useless and caused several reports to go to the highest levels. Even though it’s got quite a few disadvantages it is still used and is known as Halon-140. However between 900 and 1000C it decomposes into that cheary little chemical, NBC Warfare agent phosgene…

MarkH March 18, 2023 5:50 AM


Thanks for making clear that this disaster released many toxins into the unlucky region of East Palestine. Which are the most prominent health risks remains unknown.


• the sample TEQ measurement of 700e-12 is very very high

• the stated “cancer risk threshold” of 3.7e-12 TEQ is estimated to pose a lifetime cancer risk of 0.0001%

• medical understanding is that bodily dioxin loads come almost entirely via eating and drinking, so the notion of cancer risk from soil contamination must assume some transport pathway

MarkH March 18, 2023 6:00 AM


• the reported testing was by the expensive high-accuracy method (mass spectrometry)

• sampling results suggest that soil levels higher than 3.7e-12 are likely found in innumerable locations throughout the U.S.

• measures to control the production and spread of dioxins in the U.S. during recent decades have actually been significantly effective, with bodily dioxin loads decreasing by about a factor of 10

Clive Robinson March 18, 2023 7:22 AM

@ MarkH, JG4,

Re : Toxins in East Palistine.

As I’ve indicated since the start, my interest is in “ALL the toxins” from the burn in part because they all have different ways into living systems.

The quote of “life time exposure” is always a bit iffy because the effects are not linear with actual time or victims age.

But simplistically the younger you are the significantly higher the risk.

Part of which brings us to,

“the notion of cancer risk from soil contamination must assume some transport pathway”

For those that have very young children the one thing you see is just how much they pick up and put in their mouths, either directly as objects, or indirectly as dirt on their hands.

It was a point I was making to @vas pup[1] just a few hours ago,

“The bacteria is Helicobacter pylori (H. pylori) and around half of us have it in the mucus lining of the stomach after we ate-dirt or worse when we were very young children. Curiously few go on to develop ulcers, and it appears there is a “susceptible type” where the bacteria gets out of control.”

Similarly with toxic chemicals that act almost as catalysts in living organisms disrupting DNA and RNA and other systems. Some will show no adverse signs whilst others will get horrible diseases and symptopms and die sometimes decades before their time. Why this disparity is so, is still after years of research largely unknown hence it gets lumped under the “Lucky Genes” meme.


MarkH March 19, 2023 2:01 AM

A little more on soil contamination:

As I mentioned, the presence of dioxins in soil doesn’t by itself pose a cancer risk; risk is present when dioxin is ingested.

I found a reference to an “oral reference dose” in connection with EPA lowering their safe limit for soil contamination. I infer that EPA presumes people eating some soil. Apart from the risk to small children (whom I would remove from the derailment area), a model for adult ingestion might be someone with a garden pulling up carrots or potatoes which retain some soil residue.

The EPA model would base cancer risk on ingesting that estimated quantity of soil every day for 70 years; the safe limit is established by estimation that 70 years of accumulated exposure would pose a cancer risk (from that contaminated soil) of one in 1,000,000.

MarkH March 19, 2023 2:11 AM

A little more on soil contamination, cont:

In other words, the EPA safe limit is designed to be extremely conservative.

Assuming linear dose response for purposes of estimation, the highest reading from the very small-sample early data would (very roughly) correspond to two excess cancer in East Palestine’s small population over the next two centuries.

Taking into account that the assumed soil ingestion per year is probably a large multiple of what people actually do, a more likely estimate would be a low probability of one excess cancer going forward.

This isn’t to say that I don’t take it seriously: future dioxin measurements could be much worse, and I would want to see a clean-up threshold not higher than 200E-12 TEQ.

Clive Robinson March 19, 2023 9:58 AM

@ MarkH, JG4,

Re : Ingestion from inhalation.

“Apart from the risk to small children (whom I would remove from the derailment area), a model for adult ingestion might be someone with a garden pulling up carrots or potatoes which retain some soil residue.”

The more likely model is “ingestion from inhalation” which was shown clearly as a concern when contaminated “waste oil” was used as a surface agent to keep down dust when it had been sprayed on compacted roads.

It was believed that,

1, Spraying
2, wheel kick up

Both put dioxins up in the air on particulates where they would be inhaled and settle on people and objects. Thus “traffic through” an area was at significantly greater danger, thus making the equivalent epidemiological data collection much harder.

But… due to body protection mechanisms –like mucus in nasal passages– with particulate rather than vapour hazzard what had been inhaled would much more likely be ingested and held in the body for far longer so if the particulats were small enough pass through into the blood some significant time later[1].

Worse this effect would be hightened by dust on clothing etc in confined environments like a home where it would in effect get repeatedly put back in the air from surfaces by normal daily activities, thus contaminating other family members who had never been in the geographically contaminated environment.

Because of this and similar the inhalation/ingestion issue has been a bit fraught in certain circles. With some saying “the worst case” should be used as a baseline for limit recomendations as a standard practice.

A US Federal agency such as the EPA or State equivalent “cherry picking figures for political reasons” is not exactly unknown and can account for the significant differences in assumed safe limits we see from agency to agency.

[1] It actually gets quite complex as the size of the particulates is now known to be of rather greater importance than in the past. Which is why the switch from petrol to diesel in familly cars is now considered to be a bad move.

MarkH March 19, 2023 2:25 PM

@Clive, JG4:

Medical consensus seems to be that about 90% of typical human dioxin loading enters the body by drinking or eating, with the remainder via inhalation or skin contact. Of course, you are free to libel all participating researchers as corrupt.

Pathways certainly vary depending on circumstances. I presume that in the Seveso disaster, the great majority of dioxin absorption was by inhalation: reportedly, a “white cloud” drifted over the town, which was not evacuated while the toxins were airborne there.

For comparison, soil dioxin measurements in Times Beach “hot spots” were in the range of 400,000E-12 to 30,000,000E-12 by mass — this is the scale on which an Indiana lab result (see above) was 700E-12.

MarkH March 19, 2023 2:30 PM


The one “hopeful note” in soil dioxin contamination is that it’s a slow-motion poisoning, with dioxins accumulating in the victims over a period of years.

If medical surveillance is conducted in the region of the Ohio derailment for the next few years, it’s entirely feasible to ascertain whether people living there either (a) have unusually high dioxin levels, or (b) have increasing dioxin levels.

By this means, further mitigation (whether clean-up or evacuation) may be accomplished before dioxin loads reach medically worrisome levels.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.