Friday Squid Blogging: China’s Squid Fishing Ban Ineffective

China imposed a “pilot program banning fishing in parts of the south-west Atlantic Ocean from July to October, and parts of the eastern Pacific Ocean from September to December.” However, the conservation group Oceana analyzed the data and figured out that the Chinese weren’t fishing in those areas in those months, anyway.


blockquote>In the south-west Atlantic moratorium area, Oceana found there had been no fishing conducted by Chinese fleets in the same time period in 2019. Between 1,800 and 8,500 fishing hours were detected in the zone in each of the five years to 2019. In the eastern Pacific zone, China’s fishing fleet appeared to fish only 38 hours in the year before the ban’s introduction.

“Ending squid fishing in areas where there is no fishing does nothing to protect squid,” said Oceana’s campaign director, Max Valentine.



As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on August 25, 2023 at 5:06 PM78 Comments


Mr. Peed Off August 25, 2023 5:22 PM

John Warnock, a co-founder of Adobe who invented the PDF, has died. He was 82.

Widely known for creating the pioneering technology – in full, the portable document format – that changed the way documents are shared and printed, Warnock died on 19 August, Adobe said.

“John’s brilliance and technology innovations changed the world,” Adobe said. “It is a sad day for the Adobe community and the industry for which he has been an inspiration for decades.”

Unknown August 25, 2023 6:03 PM

@ Mr Peed Off – Wow – I came here for a question about pdf’s and I see your post. Sorry to hear this but it indicates it’s time to move on. Deprecated tech is dangerous.

My question is in relation to this discussion a few years ago about the insecurities involving pdf’s. Some of which is highlighted here:

My question is do pdfs retain the MAC address and if so does anyone know if there are commercial tools that break open pdf’s? I’m not looking to break open a pdf for nefarious reasons, I solely want to prove to a major civil Court that this is being done.

My view is documents and their PDF’s are the cause of much attacks, not only carrying nefarious code but also for identifying the creator of the document and identifying enough information from the document to leverage an attack on the creator. I suspect the COTS vendors involved in this profit from this data collection and sale.

In 2023 it’s time to move away from all documents to purpose built applications that contain the data, but it doesn’t move. Data in transit is most vulnerable. Providing temporary view of data is much safer and auditable.

SpaceLifeForm August 25, 2023 9:02 PM

Something about Supply Chain, Microsoft, and Signing Keys.

Maybe you should not use Windows.

Just saying.


SpaceLifeForm August 25, 2023 9:12 PM

You probably will want popcorn whilst you think about this.


Dave K. August 25, 2023 10:50 PM

‘[Yevgeny] Prigozhin was convinced Haftar’s regime was infiltrated by French intelligence and the CIA. Even the Libyan uniform he would wear on trips to Libya was made in Syria and brought from there—ensuring no bugs or tracking devices could be inserted.’

The Last Days of Wagner’s Prigozhin. On the run, the paramilitary chief crisscrossed his global business empire, desperate to show he was still in control; ‘I need more gold.’

lurker August 25, 2023 11:59 PM


High rotate ad on the Ars page:
“Adversaries love to come in through Windows”

But nobody ever got fired for buying [ IBM | MS ]. Isn’t it about time somebody did get fired for that? After all it’s been going on for #more than 30 years, what rock have these people been hiding their heads under? Especially people who do business with govt, and especially the govt itself …

Clive Robinson August 26, 2023 5:18 AM

@ SpaceLifeForm, Bruce, ALL,

Re : Code Signing fail was long expected.

“Something about Supply Chain, Microsoft, and Signing Keys.

Maybe you should not use Windows.”

Two issues there, one general, one specific,

1, Use of Code Signing.
2, Use of Microsoft Windows.

The logical fix for both currently can only be,

Don’t have ANY external connections


It’s not just Microsoft

It’s all the consumer and general commercial OS and similar software suppliers have the same “Code Signing” and “Root of Trust” issues.

Whilst the real solution is “fix the ICT Industry” and it’s poor quality issues caused by amongst other things the “Get it out the door fast” managment issues… It’s not going to happen soon, if ever, without significant external pressure, that won’t come from the customer side[1].

From the end of Dan Goodin’s article on ARS Technica we see,

“Microsoft’s string of failures in locking down its certification program, and its reticence when disclosing them, are undermining the entire concept of security, much to the delight of these adversaries.”

Is half right but also very importantly half wrong.

Yes we are talking about Microsoft’s certificate and code signing as well as their additional reporting systems failures here, but both Google and Apple have had similar problems with code signing in their walled gardens etc.

But as @NickP and myself warned on this blog years ago, “Code Signing” was a bad idea from the start. For these and many other reasons we listed. Since then I’ve repeatedly said we need to find a better solution to fix some or all the problems we identified, but actually the industry has done nothing except make the problem worse since then.

Tangentially NIST is trying to solve a small part of the problem with Post Quantum crypto algorithms, but that won’t solve the issue of all the code signed under QC-vulnerable algorithms. They are going to be a problem for upto half a century maybe more in infrastructure, manufacturing industry, and health electronics as I’ve previously indicated.

So the question arises as to,

“How do we solve the issues of code signing and root of trust?”

Well we actually know from the past they are actually not needed. Back then we only had “Physical Security” now we only use “Information Security”.

And… we’ve just seen suggestions we go back to the old ways, with a “replace the hardware” notice from a major security product vendor,

So with regards code signing and root of trust issues do we go back to what we know is “physically” workable, or do we push forward and replace them with other information based security systems that we almost certainly know will be vulnerable in many ways?

[1] The big players in the software side of the ICT Industry, know that their customers have to take what they are given by them. Because they have no alternative, worse Goverments are dictating the mandatory use of computers via tax and education domains as well as anywhere eles “human contact happens”. So the ICT Industry lobbies hard to stop any kind of legislation or regulation like “Lemon Laws”. So what we saw happen in the US Auto Industry that made “Death by Car” almost mandatory untill legislation and regulation changed it, will happen to the software industry. With mandatory “Death of Privacy by Software” already effectively beyond hope of recovery in our or our childrens life times.

Dr. S. Wiley August 26, 2023 1:52 PM

@ Clive Robinson,

Tangentially NIST is trying to solve a small part of the problem with Post Quantum crypto algorithms, but that won’t solve the issue of all the code signed under QC-vulnerable algorithms.

Signature algorithms are one of the easiest parts of a code-signing scheme, and Ralph Merkle had figured out the mechanics by 1980. Then, 40 years later, NIST approved the Merkle Signature Scheme as a post-quantum algorithm. It can sign only a limited number of messages, and any re-use can compromise security; but, for code-signing, these aren’t huge problems. Companies are expected to know what they’ve published (thus avoiding re-use), and of course they can always include new keys in a software update.

As usual, key management is a bigger problem: how can one prevent the signing keys from leaking, how should experimental software versions be signed, which keys should be trusted? And then, what should we trust signed software to do? Historically (on Windows, for example), any software judged “authentic” runs with the full authority of the user, even though capability-based security was known a decade before Merkle’s scheme.

So, in reality, people usually give full authority to anything that’s signed by anybody (who could get their key signed by any Certificate Authority the operating system vendor decided was trustworthy). People also fully trust any code that came with the operating system—even if the vendor won’t let them see the source code, as any trustworthy vendor would. But at least if something goes wrong, we might figure out which key was compromised or which company included an “accidental” security hole. Then we’ll basically do nothing with that information; companies who’ve failed to protect their keys or write secure software have faced no real consequences.

But at least it’s entertaining, as good theatre always is.

vas pup August 26, 2023 2:58 PM

EU safety laws start to bite for TikTok, Instagram and others

“Some of the biggest tech organizations and search engines now have to comply with new EU rules designed to protect users.

Under the EU Digital Services Act (DSA) rule-breakers can face big fines.

Nineteen major platforms, such as Facebook or TikTok, face the most stringent rules which include having plans in place to protect children and stop election interference.

While the UK Online Safety Bill is still working its way through parliament – the EU’s

Digital Services Act became law on 16 November 2022.

But firms were given time to make sure their systems complied.

On 25 April the commission named the very large online platforms – those with over 45 million EU users – that would be subject to the toughest rules. They are: Alibaba, AliExpress, Amazon Store, the Apple App Store,, Facebook, Google Play, Google Maps, Google Shopping, Instagram, LinkedIn, Pinterest, Snapchat, TikTok, X (formerly Twitter), Wikipedia, YouTube and Zalando. Search engines Google and Bing will also be subject to the rules.

There are extra requirements in the DSA for these very large platforms and search engines. They have to assess potential risks they may cause, report that assessment and
put in place measures to deal with the problem. This includes risks related to:
illegal content
rights, such as freedom of expression, media freedom, discrimination, consumer
protection and children’s rights
public security and threats to electoral processes
gender-based violence, public health, protection of minors, and mental and physical wellbeing.

!Targeted advertising based on profiling children is no longer permitted.

!!!They must also share with regulators details of how their algorithms work. This could include those which decide what adverts users see, or which posts appear in their feed.And they are required to have systems for sharing data with independent researchers [what type of data??? – vp].

In blog posts, and in statements given to the BBC, organizations have stressed the effort the put in to comply. Both TikTok and Meta said more than 1,000 people across their businesses had worked on complying with the act.

Many have already implemented changes. A number focus on personalized advertisements and feeds including:

Starting July TikTok stopped users in Europe aged 13-17 from being shown personalized advertising based on their online activity.
Since February Meta apps including Facebook and Instagram have stopped showing users aged 13-17 worldwide advertising based on their activity to the apps.
=>In Europe Facebook and Instagram gave users the option to view Stories and Reels only from people they follow, ranked in chronological order.

In the UK and Europe Snapchat is also restricting personalized ads for users aged 13-17. It is also creating a library of adverts shown in the EU.

There were also commitments to provide more data to researchers: Google promised to increase data access for those hoping to understand more about how Google Search, YouTube, Google Maps, Google Play and Shopping work.

Phil Bradley-Schmieg, legal counsel at the Wikimedia Foundation told the BBC: “Our hope is that lawmakers emulate the DSA; understand the diverse internet ecosystem [I have strong doubts on that understanding due to their lack of expertise – vp]; and protect safe, free, and public projects online. “

Tasha August 26, 2023 4:16 PM

@-, @Moderator

How is it advertising to link to your website while posting a relevant comment? And if it’s such a problem, why not just disable the feature? What other website will people link their name to?

Self-promotion, which some here are no stranger to, is disagreeable and yet it’s somehow less contemptible than the legion of tattle-tales continually crying out for daddy to come lay down the law.

(Incidentally, what is “unsolicited advertising”? Is there such a thing as solicited advertising, where people actually ask to be shown ads?)

Petre Peter August 27, 2023 9:48 AM

Swimming with squid, I realized that the sea offers infinite tranquility, and a man is never alone at sea. An abyss above, an abyss below, an abyss in the wires.

P Coffman August 27, 2023 11:13 AM


This is fresh; I can find no reference.

Yesterday, Microsoft arbitrarily changed my WSL 2 to CBL-Mariner. It clobbered my Ubuntu.

I realize CBL-Mariner has been in the works for a while. And I had backed up my work on Ubuntu.

Microsoft just does what it does, when it chooses to.

Well, maybe I was supposed to fanboy-follow MS or to disable some updating. Who cares? I never asked for this.

Also, CBL-Mariner will have Rust, not C++. The zealots have spoken.

Recently, a desktop needed replacement. Windows primary OS? With greater certainty, not where I want to go.

JonKnowsNothing August 27, 2023 11:41 AM


re: FISA and the ruling on ‘[REDACTED]’

HAIL (light warning)

Over on Marcy Wheeler’s site, she has a very interesting analysis of “REDACTED” in terms of performance under a FISC order for data. It is worth the time to read her detailing of how FISA defines access to data and communications.


  • WHO the “REDACTED” are is not clear, but clearly a company with access to data and/or communications
  • They were served with FISC orders to Render Unto Fill-in-the-Blank Agency data from Fill-in-the-Blank Customer-Person
  • under 702, the government can give a US-based Electronic Communications Service Provider, aka ESCP, a “directive” ordering not just content, but also technical assistance.
  • such directives apply to both data in motion (so telecoms) and data at rest (cloud providers)
  • The issue, … seems to pertain to whether the service provider had access to the comms in question — whether in motion or at rest … [it] may be a question of encrypted communications to which the provider did not have access.

On the issue of technical assistance, large corporations like G$$, M$ have a special departments to handle such requests, often called Pen Registers, where a data splitter is installed and copies of the data stream are passed to LEAs.

In some cases, smaller companies are required to make software and hardware changes to their network.

A hardware collection splitter is installed either in the corporate network or for telecoms, at any connection box (eg: serving area interface or service area interface (SAI) Central Office (CO) (1)).

Software collection may require the company to write or insert LEA code into their operating environment. (2)


ht tps://www.emptywheel. n e t/2023/08/27/fisc-rules-that-redacted-is-not-subject-to-fisa-702-for-one-of-its-services/


h ttps://en.wikipedia.o r g/wiki/Serving_area_interface

  • The SAI provides the termination of individual twisted pairs of a telephony local loop for onward connection back to the nearest telephone exchange (US: “central office” (CO)) or remote switch, or first to transmission equipment such as a subscriber loop carrier multiplexer and then to the exchange main distribution frame (MDF).

2) iirc(badly) At the start of the Snowden expose, a now defunct secure email provider was required to install such devices and to remove the encryption from “accounts”. There was a legal fight over the extensiveness of the software changes demanded. The warrant was for 1 account (presumed to be Snowden’s) but the LEAs demanded removal of encryption for all the accounts on the server. The owner was prohibited from getting legal presentation due to Security Gag Orders. The case was held in court in a far US state and only an approved security lawyer in that state could present the email-company owner. It was a nasty business and the company shut down rather than compromise their other customers. It was a long while before any details made their way to the public sphere.

Of interesting note: Many articles on WikiP have undergone editing and content changes. Lots of dead information pruned away. Some of that dead wood has been replaced by dictionary definitions.

(url fractured)

Vrag odnio salu August 27, 2023 5:30 PM

“ saboteurs appear to have sent simple so-called “radio-stop” commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as $30 of off-the-shelf radio equipment can broadcast the command to a Polish train—sending a series of three acoustic tones at a 150.100 megahertz frequency—and trigger their emergency stop function.”

lynn h August 28, 2023 1:12 AM

Vrag odnio salu, the $30 radio attack is perhaps the most stealthy denial-of-service attack for a railway; it’s easy to walk or drive by with a concealed transmitter. But one could also stop trains (in many areas) with a $1 jumper wire: just connect it between the two rails, and leave it there. That gets “re-discovered” occasionally, maybe gets a bit of press when protesters do it. Other low-tech attacks: install one of those “stop – workers present” signs; discard a couch on the tracks; read the emergency phone number off the crossing signals and convince them to stop the trains.

MK August 28, 2023 1:39 AM

“My question is do pdfs retain the MAC address and if so does anyone know if there are commercial tools that break open pdf’s? I’m not looking to break open a pdf for nefarious reasons, I solely want to prove to a major civil Court that this is being done.”
PDFs do not retain the MAC address during signing (since they can be signed locally). If one of the later encryption methods is used (Acrobt 8 or Acrobat X) with an Open password, all the crackers can do is brute force. Even Elcomsoft says that Acrobat X encryption is down to brute force. If you can prove that this is being done, we would all like to hear about it.

Fernado B August 28, 2023 1:13 PM

@ Unknown,

I’ve found the tool “qpdf” (not commercial as far as I know) useful for looking inside PDF files. Running “qpdf --qdf in.pdf out.pdf” will produce an out.pdf that’s mostly readable and searchable in a text editor (but watch out for hex-encoded text in angle brackets; your name might appear in such a form, especially if it’s got non-ASCII codepoints). It can also be edited, though it’s best to do that with a hex-editor to avoid moving anything around. Replace unwanted metadata with spaces, comment out lines, etc., then run “qpdf out.pdf mod.pdf” to re-compress and re-normalize things.

While I’m not aware of MAC addresses ever being included by tools that create PDFs, I suggest anyone creating documents for public release do so in a namespace without any access to personal information. The “bwrap” tool on Linux is useful for this; if using --unshare-all without real /home, /etc, or /var directories, a PDF-generator should have no way to know one’s real MAC or IP address or real name (unless it’s already part of the document being converted to PDF; some popular formats are actually ZIP files, so that might be one more inspection step).

By the way, if anyone has un-watermarked copies of the latest PDF specifications (“PDF 2” or ISO 32000/32001/32002 from 2020 through 2022), please upload to Library Genesis or post links here.

vas pup August 28, 2023 5:14 PM

I hope you do have objective non-biased moderator on this blog.
Moderator should be trained as AI: with clear guidelines.
Deleted should only posts that can’t pass objective test of relevance to the blog subject and violation of the civility/respect to other opinions.
Otherwise, it’ll become kind of social media with clear bias reflecting personal view of the owner only.
Nothing personal – just opinion.

ResearcherZero August 29, 2023 3:41 AM


You can remove metadata from documents and PDFs if you want to. There are programs available on Windows for redacting PDFs.

Or for other platforms…


Windows documents…


Hidden PDF information can also be revealed if it is cut and pasted into another document. (PDF documents use layers, in this case for black boxes)

You can use other formats such as an image, and remove the metadata from that if need be.

You can also scan PDFs (with VirusTotal for example) to check if they contain any malicious content. And then you can scan set a virus scanner to check files you download to ensure you have not instead downloaded a malicious file.

“hardened appliances” are often the softest route into a network for an advanced attacker

“we find that most files have the correct checks implemented – with a number of exceptions, including webauth_operation.php, that do not…

…- this could be the n-day tracked as CVE-2023-36846 that we are looking for!”


Disable J-Web, or limit access to only trusted hosts.



Attackers still exploiting CVE-2023-3519


Large number of Citrix servers compromised with webshells…

“Most apparent from our scanning results is the percentage of patched NetScalers that still contain a backdoor.”

If traces of compromise are discovered, secure forensic data; It is strongly recommended to make a forensic copy of both the disk and the memory of the appliance before any remediation or investigative actions are done. If the Citrix appliance is installed on a hypervisor, a snapshot can be made for follow-up investigation.



CVE-2023-3519 (critical) CVE-2023-3466 (XSS) CVE-2023-3467 (privilege escalation – root)


Exploitation of CVE-2023-3519 is not logged in the NetScaler application access logs.


ResearcherZero August 29, 2023 4:01 AM


PDFs can also contain third-party metadata. There is software to also retrieve metadata from PDFs. The skills and expertise required to recover evidence from Windows systems do not necessarily translate to Linux or Unix systems.

You may want to employ a professional skilled in ‘recovering digital evidence’.

ResearcherZero August 29, 2023 4:55 AM


Ensuring your evidence is not struck-out in the pretrial hearing is an important step. I have seen prosecutors try and strike out their own evidence later in a case, after they did not show up for the pretrial hearing. An aggressive opponent can resort to a number of sneaky tricks to try and prevent evidence from being admissible.

An experienced legal team and expert witnesses are important in a complicated case.

ResearcherZero August 29, 2023 5:28 AM

Real Time Bidding

“The DPC, represented by Joe Jeffers SC, said that it opened an inquiry on its own volition in 2019, which it says is ongoing.

The DPC said it will complete its own inquiry before resuming Dr Ryan’s complaint. The Commission said that its approach would ultimately result in a faster, and more effective handling of the complaint.

It also argued that the proceedings have been brought outside of the legal time frame allowed to bring a judicial review, and that arguments raised in the proceedings are premature.

It further claims that its decision to open an inquiry, and the manner how that probe has been operated are matters within the sole discretion of the DPC and are not matters that are amenable to judicial review proceedings.”


Unauthorised databroker access bot

“Eighty-two percent of American adults had a credit card in 2022, according to data from the Federal Reserve. Whenever someone applies for a credit card, their financial institution transfers personal details about the customer to the big three credit bureaus, Experian, Equifax, and TransUnion.”


Spreadsheet inadvertently attached to the FOI response


name.withheld.for.obvious.reasons August 29, 2023 5:55 PM

A channel on youtube, Silicon Curtain, hosted by Jonathan Fink, is a long form interview format covering Ukrainian issues in a wide spectrum, from corruption, juridical fidelity, history, and security. A country invaded by Russia, what resolve will be required to defeat a foreign invader attempting to carry out a cultural genocide in Eastern Europe? Why Russia has not been declared a terrorist state is beyond understanding. The level of war crimes and decimation visited upon Ukraine will be much clearer once the rubble and debris of the hundreds of villages and towns bombed into dust are combed and scrutinized.

The Silicon Curtain channel is an academic and civil society center for discussions in the west about the struggle Ukraine is entangled. Fink operates primarily from his residence in Oxford England and has a russo-european language expertise. His guests are ground level operatives within and outside Ukraine, mostly Ukrainians, and a mix of Eastern European institutionalist. One frequent guest, Konstantin, is a refugee in Turkmenistan having fled Russia prior to the first conscription called up by Putin. He provides fantastic insights into the Russian behavior from both the “man on the street”
to those inside the Kremlin perspective. Some very scary developments including re-education of the citizenry in a soviet era style and romanticism.

Ukraine is suffering from the effects of Putinism, a mafia gangster thugocracy masquerading as a nation state. A perfect contemporary example is the adjudication of one Prigozhin, owner/leader of the Wagner group. He fell out of an airplane window evidently.

Winter August 30, 2023 1:45 AM


Why Russia has not been declared a terrorist state is beyond understanding.

The main fear is a collapse of the Russian Federation (Russia).

A disintegration of Russia would spark wars from the Black Sea to Vladivostok and would directly involve, eg, Iran, Pakistan, India, China, and North Korea.[1]

There are politicians that would like to prevent such an outcome.

[1] Every country of the old USSR or bordering Russia would be involved, and all their allies.

Winter August 30, 2023 4:46 AM


Why Russia has not been declared a terrorist state is beyond understanding.

@Winter (me)

The main fear is a collapse of the Russian Federation (Russia).

As it happens, Politico published a different opinion just today:

The benefits of Russia’s coming disintegration

The rupture of the Russian Federation will be the third phase of imperial collapse after the unravelling of the Soviet bloc and the disintegration of the Soviet Union in the early 1990s. It’s driven by elite power struggles and intensifying rivalries between the central government and disaffected regions, which in some parts of the country, could lead to civil wars and border disputes. However, it will also embolden the emergence of new states and inter-regional federations, which will control their own resources and no longer send their men to die for Moscow’s empire.

Personally, I consider banking on a “controllable” disintegration of Russia a huge and dangerous gamble.

Clive Robinson August 30, 2023 10:43 AM

@ Winter,

Re : Russia going high order or fizzling out.

“Personally, I consider banking on a “controllable” disintegration of Russia a huge and dangerous gamble.”

It’s a daft gamble either way.

Firstly Russia is doomed in it’s current form, I think most would agree with that.

Secondly Russia realistically three fates ahead of it,

1, Trade it’s way to a modern diverse western economy.
2, Fail into Cannibalism again.
3, Fail into death by kinetic destruction.

Of the third way there is two options,

3.1 Outward then inward.
3.2 Just inward.

With both tending to option 2…

I know it appears grim but realistically based on Russian History Option 2 tends to be the result, till it all starts again with trying to build an Empire by force[1].

Which in the past has always been because surrounding states that have built themselves up to wealth by trade are not sufficient to withstand the Russian thugish jackboot because they were diverse and disparat and Russia just homicidal.

Now howrver it is a more interesting sotuation, we have an oligarchy of thugs and criminals that actually are just looking to “off each other”. Putin sits on top of this mess and has dreams of “Empire” which as he had a weak hand and over played it is now a bust.

NATO or something equivalent as a full on European military federation will grow and for the next century or two Russia will go into decline and infighting, unless it goes to not just the “trade it out” but “democratic” process.

I’m sure others will put other options on the table, but there is something in the Rus personality that keeps taking them back…

[1] History shows abject poverty where even the elite fail, is followed by a freeing up of the peasant / serf majority growing and trading their way out of poverty. Then the traditional Elite rise up and effectively enslaves the Rus yet again. In part this appears to be due to some faux mythology of “Glorious Past” that is an inherent failing. Each time “revolution” happens it just ends up in a new thuggish elite with nothing but criminal intent. This is not unique to Russia we see it play out all over the place, usually the words “War lord”, “Tyrant”, “Despot” are used to describe the same basic process. Which history shows always fails untill some form of democracy and trading is established that gets the civilian population above the point that individual thugs can succeed. The problem arises when the thugs form an oligarchy, which is Russia’s current state.

Winter August 30, 2023 12:48 PM


I know it appears grim but realistically based on Russian History Option 2 tends to be the result, till it all starts again with trying to build an Empire by force[1].

I saw a book review about Russia’s history since 1000 AD or so. All this time the Czar/secretary/president has ruled as God on Earth. Russia has even now distributed holy Icons with Putin’s image to the troops.[1]

Note that Patriarch Kirill, the head of the Russian Orthodox Church was a KGB agent according to Sviet (KGB) documents, and the rule that all priests had to have the blessings of the KGB.

[1] ‘

JonKnowsNothing August 30, 2023 1:24 PM

@Winter, @Clive, All

re: Geography of Europe, Asia, Eurasia

While politics might change, I can pretty much assert that the geography will not change.

The 1,000 year wars will continue, and future wars in the areas will continue.

The imaginary line between West and East was set due to geography.

Ongoing and historical errors, politics and presumptions are set by that imaginary line.

Political changes may happen but will not endure for long because the geography does not change.

Winter August 30, 2023 4:21 PM


The imaginary line between West and East was set due to geography.

That demarcation line was a Christian/British invention. NW Europe was historically a backwater populated by religious fanatics disconnected from the civilized world.[1]

When religious fundamentalists come into contact with cosmopolitan cultures like those in the Indian subcontinent or China, there are bound to be miscommunications and misunderstandings. The British simply lacked the teaching and cultural background to understand anything beyond their Parish.

[1] It is telling that the Mongols conquered most of Eurasia and the Middle East. They came also to Eastern Europe and ran up from Croatia and Byzantium all the way to Poland. As there was nothing worthwhile in Europe (just endless forests), they simply left again.

JonKnowsNothing August 30, 2023 5:08 PM

@Winter, All

re: That demarcation line was a Christian/British invention

I am pretty certain that Orthodox Christianity is not a British invention.

lurker August 30, 2023 9:25 PM

@JonKnowsNothing, Winter
“the imaginary line between east and west”

Is this the line drawn by Pope Alexander VI dividing the globe between two petty Iberian states? If he had known where Atlantis is/was, that line might be someplace else.

And peanut allergy might have reached the northern hemisphere without having to cross the Atlantic twice.

Clive Robinson August 30, 2023 11:38 PM

@ JonKnowsNothing, lurker, Winter,

“I am pretty certain that Orthodox Christianity is not a British invention.”

That’s not the way I read @Winter’s,

“That demarcation line was a Christian/British invention”

I read it as being “both” Holy Roman Empire Christian “political” behaviour at the begining of the second millennium AS WELL AS much later “political and business” behaviour which came about due to trade differences.

British “formal” christianity is known as “Church of England”(CoE) and was created by King Henry VIII in the 1530’s as he had decided he was fed up with Popish rule over him. The CoE is very different to what some call East / Greek Orthodox Christianity / Catholisism that went up the East side of Europe after the “Schism of 1054”. Where you ended up with the west Latin Catholics in Rome and Greek East Orthodox now in Istanbul. The Latin and Greek forms of Catholicism are effectively more alien to each other than CoE is to Latin catholicism that came from the See of the Holy Roman Empire, and what is simply called “Catholicism” in Britain. The Schism of 1054 has caused so many historic problems, especially with the variois Orthodox sects strongly associating with the likes of “Strong Men” fascism, and similar tyranical political forces including the nastier parts of Russian power politics of today. It is also extreamly misogynistic and sees women effectively as not even slaves, but property like farmyard “live stock”.

ResearcherZero August 31, 2023 12:08 AM

@Clive @Winter


The exchange…




Does knowing matter?

What sort of world would remain amid the radioactive fallout? For the last four decades, scientists modelling the Earth system have run computer simulations to find out.


Nuclear Operations plan (DoD)

Aria SSH authentication bypass


Well organised global espionage campaign.

“adequate planning and funding to anticipate and prepare for contingencies that could potentially disrupt their access to target networks”


Signal Plus Messenger and FlyGram (DoubleAgent)

“Lookout linked DoubleAgent to XSLCmd, an OS X backdoor, which was documented and also connected to the GREF group by FireEye in 2014. While several sources claim that GREF is associated with APT15 (such as NCCGroup, Lookout, Malpedia), ESET researchers do not have enough evidence to support that connection and continue tracking GREF as a separate group.”


ResearcherZero August 31, 2023 12:15 AM

Qantas ‘pudding-butchered’ it’s paying customers.

“They’re saying that they intend to just keep the money if nothing else happens.”

“This is not just about the usability of these credits, it’s about the fact that this significant amount of money has been sitting in Qantas’s bank accounts and earning its cost of capital when it should have been sitting in the customers’ bank accounts.”


It’s your honeymoon and your flight was cancelled? How sad. Would you like a voucher for a new flight?

vouchers set to expire by the end of the year…

“They are being given vouchers which they no longer want to use. They are denied refunds.”

The price gaps ranged from 50 per cent to 300 per cent more, depending on the credit value, compared to when people made fresh bookings.

the great Qantas flight credit racket


ResearcherZero August 31, 2023 12:27 AM

CVE-2023-34039 – lack of unique cryptographic key generation

…potentially leading to CVE-2023-20890 – an arbitrary file write vulnerability resulting in remote code execution.



Winter August 31, 2023 1:42 AM

@JonKnowsNothing, lurger

I am pretty certain that Orthodox Christianity is not a British invention.

Sorry, I thought you were referring to Kipling’s “East is East and West is West and never the twain shall meet”. That I see as an English invention.

The demarcation line between Eastern Orthodox and Catholicism/Protestant Christianity is the language boundary between the Greek and Latin [1] speaking worlds. The Hellenistic world was also the a big influence source for the Muslim world as the first batch of conquered converts were Hellenistic.

The Slavic people came later to Europe and their allegiance was determined by which nearby power could convert them. In the North West (Poland, Baltic), these were the Germanic people, in the East and South this was Byzantium.

[1] Latin includes Celtic and Germanic speaking people as they were in contact with the Latin speaking people from Rome.

Clive Robinson August 31, 2023 7:01 AM

@ ResearchZero, ALL,

Re : Isotopes on the trotter.

You asked,

“What sort of world would remain amid the radioactive fallout?”

Well one part of the answer is,

As they say “You couldn’t make it up!” but “You make your bed…”.

“Now, the team is warning against the detrimental long lasting effects of nuclear weapons and nuclear reactor disasters on food safety. Countries like the US, Soviet Union, and UK conducted thousands of nuclear weapons tests during the Cold War from the 1940s to 1990s.”

And the researchers note,

“Although Chernobyl has been widely believed to be the prime source of [cesium-137] in wild boars, we find that ‘old’ [cesium-137] from weapons fallout significantly contributes to the total level in those specimens that exceeded the regulatory limit”

But the same applies to birds and even insects, and their resulting food products including honey.

All it requires is a concentrator store “down the food chain”. With these hogs it’s an underground fungus that grows on tree roots they dig up and eat. But of you consider the tubers of plants and fat on animals and similar you find concentrator stores to some extent.

Clive Robinson August 31, 2023 7:19 AM

@ Bruce, ALL,

We have recently discussed an issue with a safety system on Polish Railways,

What was mentioned towards the end of the thread is that it could be done on a nation wide basis with quite simple technology and a little “lateral thinking” / “thinking hinky”.

However the discussion did not go very much further on to what the effects of doing so might be.

Well it turns out that during that thread discussion we were finding out for real. With the safety system for the UK Air Traffic Control in effect getting jammed and failing. The fall out of which is still happening,

Clive Robinson August 31, 2023 7:36 AM

@ Bruce, ALL,

Robodog gets a heads up gun idea

Another “AI gets leathal agency” story titled,

“Let’s give these quadruped robot dogs next-gen XM7 rifles, says US Army”

Whilst it’s being talked about as a “concept” I suspect the ideas are rather more advanced than that. As is the “RoboCop” version mentioned further down the article that is apparently getting “field trialed” in three US police forces.

Clive Robinson August 31, 2023 8:15 AM

@ JonKnowsNothing, Winter,

Some “background reading” for you,

From what has been found it looks like Pirola will fairly quickly become dominant, but it’s still to soon to assess the level of virulence…

With it now being “Schools back” virus season and few precautions if any in place this could be a time to follow “oriental social thinking” and go back to masks, wipes and sanitizer as social requirments.

Clive Robinson August 31, 2023 8:28 AM

@ ALL,

And you thought roaches were bad news…

Well somebody had to do it, somebody has taken the less desirable physical characteristics of roaches and similar and given the to robots…

Read more in the artical titled,

“Tiny, shape-shifting robot can squish itself into tight spaces”

How long do you reckon it’s going to take some US Mil Thinker to come up with a way to strap a weapon on it and make it an “assassin bot”?

Mind you I claim “bagssy” / Copyright on turning it into a “enter all domains surveillance device”…

P Coffman August 31, 2023 2:49 PM

@Tasha, there are a myriad of reasons why the policy might be this way.

As a user, I support the policy.

I visit the site to learn contemporary stuff.

Also, one might presume this site is not overly flashy for a real reason.

pup vas August 31, 2023 5:12 PM

Our Brains Were Not Built for This Much Uncertainty

=To stay motivated as we encounter unprecedented levels of uncertainty in every aspect of our lives, we should understand that the human brain simply was not built for this. Knowing what your brain does well — and what it does surprisingly poorly — can give you a much clearer sense of the strategies you need to not just endure, but to thrive.

For most of human history, we have been hunter-gatherers, living in groups where individuals had established roles and lives. While sometimes dangerous, life was largely predictable. The brain evolved to be remarkably good at recognizing patterns and building habits, turning very complex sets of behaviors into something we can do on autopilot. (Ever drive home from work and end up in your driveway, with no memory of actually driving home? That’s the kind of thing we’re talking about.)

Given that habits and recognizable patterns are kind of its “thing,” the brain evolved to be uncertainty-averse. When things become less predictable — and therefore less controllable — we experience a strong state of threat. You may already know that threat leads to “fight, freeze, or flight” responses in the brain. You may not know that it also leads to decreases in motivation, focus, agility, cooperative behavior, self-control, sense of purpose and meaning, and overall well-being. In addition, threat creates significant impairments in your working memory: You can’t hold as many ideas in your mind to solve problems, nor can you pull as much information from your long-term memory when you need it. Threats of uncertainty literally make us less capable, because dealing with them is just not something our brains evolved to do.

Three strategies based in science that can keep the brain in a good place.

Set expectations with realistic optimism.

The concept of realistic optimism is a simple but powerful one: Believe that everything is going to work out just fine, while accepting that getting there might not be easy. Research consistently shows that having positive expectations — or as pioneering social psychologist Albert Bandura called it, a strong sense of self-efficacy — is essential for staying motivated in the face of obstacles and setbacks. People sometimes !mistakenly believe that being “positive” means believing that you’ll succeed easily, or that success will happen to you. this unrealistic optimism consistently predicts failure — when you think things will come easily, you’re rarely prepared for when they don’t. uncertainty involves having to experiment to get things right. It means not everything works right away. It means if we hang in there, eventually it can be better than it is now.

Lift to bigger-picture thinking

You can think pretty much anything at different levels of abstraction or concreteness. Psychologists call this level of construal.
The level of construal we use to think about our actions turns out to have a significant impact on our behavior. When we think about the larger meaning or purpose that our actions serve (high-level construal), we’re more inspired and motivated and feel greater boosts to self-esteem and well-being. When we drop down to the nitty-gritty details of what we’re doing or need to do, we’re better at solving concrete problems and anticipating obstacles. Each level of construal has benefits, which is why it’s best to shift our thinking and lift up and drill down as needed.

!Unfortunately, it can be all too easy to end up “in the weeds” and stay there — our brains naturally shift our thinking down to a lower level of construal when we encounter difficulty or uncertainty.

Embrace candor

Working through so much change and dealing with unexpected setbacks means we need to be !constantly and honestly communicating with one another to co-create the right new norms and habits. we’re talking about the everyday conversations about what’s working and what isn’t that are needed as we figure out what a new normal needs to be. this sort of everyday candor is hard. People worry about how they come across to others as they share truthful perspectives. They worry that their opinions might not be welcome, or valued. They worry about bruising feelings and damaging relationships. And while these concerns are valid, in practice, the far greater damage is done when people operate in an environment that lacks transparency and empathy. =

Petre Peter August 31, 2023 5:36 PM

Beauty was probably the first hack. The Romans thought that beauty is an eternal curse.

lurker August 31, 2023 6:20 PM

@Clive Robinson
shape-shifting-robots “can passively change their shape”

Grrr, see what happens when you give a good story to a cub reporter …

lurker August 31, 2023 6:34 PM

@Clive Robinson, ALL
UK Air Traffic woes

“There are no indications that this was caused by a cyber-attack, the organization said.”

Lack of hinky thinking, sir. If I was sufficiently close to the action to know how malformed input can DOS the system, it would be the untraceable crime, no?

JonKnowsNothing August 31, 2023 9:22 PM


HAIL warning

A MSM report indicates a popular PVP game will start using real-time AI-powered voice chat moderation (aka ToxMod) in their upcoming November 2023 release.

  • ToxMod is an AI-powered voice moderation system designed to identify and act against what Activision calls “harmful language” that violates the game’s code of conduct.

Well… this will certainly be interesting. If you have never played PVP in open world environment (v Single Player PVE games) you might not be aware of the level of vocabulary in use.

I predict a few issues:

  • Lots of players no longer use in-game text or talk. They use 3d party conference servers like Discord or streaming services.
  • Voice chat generally is within an aligned group. All one side. Unless you get a cross-over on Discord because you opened the channel to another player’s group. This is done more to coordinate play times and play locations on the map. It’s also used to spy-inform from one group to another.
  • The main exchange is in text mode. Most aligned groups can block aka ignore particularly nasty language players. Everyone has a profanity filter option too.
  • The amount of urban slang is substantial and like all urban slang it changes rapidly.
  • The AI can likely keep up with the words on the Naughty List.
  • It’s the number of players that will be impacted is where the probable-flop will happen. Players are what generate income to the game company. It’s a lot of $$$$. Game companies often try to rein in “bad behavior” but find their revenue stream is heavily impacted. Even nice players can let off the F-word with appropriate adjectives and adverbs.
  • It’s a good idea if you don’t want to make money, because the nature of the game PVP and the setting is what generates the anger and frustration and name calling. It’s not uncommon to scream at the PC even if no one is listening…

Release Day is going to be V E R Y interesting.


ht tps://arstechnica.c o m/information-technology/2023/08/ai-powered-hate-speech-detection-will-moderate-voice-chat-in-call-of-duty/

(url fractured)

Clive Robinson September 1, 2023 7:00 AM

@ name.withheld…, Winter,

“Pope Francis recently spoke from the Vatican extolling the virtues of Russia’s great history.”

Don’t forget untill very recently the German Government and other enterties were doing the same. As were some US Politicians…

Putin pushing the myth of the Great Russian Past and being a modern “Strong Man” was not just for Russians to foolishly believe in.

As an indicator of just how successful faux-narative can be it’s scarry. Especially as it causes “cognative bias”…

Lets be honest those espousers of “strong men” and “glorious pasts” have not and will not change their foolishness just because Putin and Russia are currently failing.

The next tin-pot numpty who swaggers and pretends to be a man of iron or similar nonsense and says we must regain our glorious past will get them all jumping in line to do the “suicide conga”…

As some one once noted,

“There’s now’t so dumb as those that will not learn”.

The future comes no matter what, like an ever turning wheel, those that do not learn to stay ahead will get crushed, and become lost to the past.

Clive Robinson September 1, 2023 7:33 AM

@ lurker,

“Lack of hinky thinking, sir. If I was sufficiently close to the action to know how malformed input can DOS the system, it would be the untraceable crime, no?”

Our host @Bruce, has noted the scarcity of the ability to “think hinky” and the significant effect this has on security in general.

All systems that “act on their input”[1] can be DOSed in one way or another, the real question is,

“What is the cost to the attacker?”

Both during the DOS and afterwards, as afronted people can be quite unforgiving, if not vengeful, and venomously spiteful.

As for “untracable” that depends on “ephemeral”.

The French Criminologist Dr Edmond Locard, named the ‘Sherlock Holmes of Lyon’ by some had a basic notion that “every contact leaves a trace”.

Whilst it is logically true it leaves out two important points,

1, Signal to noise ratio.
2, Entropy.

Combined they ensure that every trace is effectively ephemeral to the human senses, and will become less and less noticable with time thus will “sink into the noise”.

Thus consider the “record it all” or “audit process” if an effective one is in place at all steps then your actions get recorded.

But the important question that has to be answered for it to be a crime, is “intent”, and ansering that mostly falls to the “allegedly impartial” future observer…

Which is why “show trials” and “kangaroo courts” are an ever present feature of our modern society and getting more prevelant as communications and it’s attendent surveillance increases…

[1] Systems fundementally are of three types, Sources, filters, Sinks built into chains or nets. Many are filters that is they take input, process it in some way, then output it. Fundementally the filter can be effectively passive or active with respect to the input. That is it does the same thing every time irrespective of the input, or it can examine the input and act on it. Blocks that are passive and properly designed can not be DOSed…

Winter September 1, 2023 8:56 AM

@ name.withheld…, Clive

“Pope Francis recently spoke from the Vatican extolling the virtues of Russia’s great history.”

I generally do not consider the opinions of religious leaders as authoritative. If anything, Russia’s “great past” has shown that great art can sprout from living hell.

If you want to get a taste of that hell, you could read any of the 19th century writers. For instance:
A Family of Noblemen the Gentlemen Golovliov, the Gentlemen Golovliov, by Mikhail Evgrafovich Saltykov

Condistions in Russia show in life expectancy that has always been low in Russia:

JonKnowsNothing September 1, 2023 9:44 AM

@Winter, @Clive, All

re: show in life expectancy that has always been low

In a great many countries, life expectancy is low or lower than “officially desired”.

It often occurs in places where access to medical care is poor or nil, where the daily income is insufficient to buy food, housing and education. Such places often co-occur with a large unskilled population. This is generically referred to as: Villages, Day Farmers (aka Peasants) or brute force Day Labor.

It’s all over the globe. It’s for certain in the USA. It’s for certain in places where the State Policies are such that there are increased penalties for being poor, increased penalties for living in “less than standard housing” and increased costs for education or the wholesale removal of education options. A side band can be found in the negative policies enacted for those with physical and mental differences.

The life of a serf, slave, un-emancipated person, with additional encumbrances due to gender will result in low life expectancy.

It’s not just a Russian thing, it happens in the USA, China, Europe, Central Europe, Afrika, South America, Asia, Australia. It is perhaps not best practice to claim something is unique when it is global in scope.

Historically (western history) the fate of “paupers” was of no interest to governments regardless of their economic structure or their political structure. The only time it raises to the point of notice is when the percentage of the population that falls into the “pauper” category increases to the extent that it jeopardizes government function.

In Canada and the USA, it’s pretty much Open Season on Indigenous persons, especially female persons. Thousands of unsolved cases, ignored over the years, fobbed off as “not important” have come to the front.

Australia, Mexico and South America have their own life-shortening Open Season on Indigenous, female and people with physical and mental differences. Europe as a whole, has no record to be proud of.

Individually, those of us with funds enough to have computers, smartphones, internet connection and the education to use them, will not fall into the Standard Short Life Expectancy Table.

One thing you might find in villages around the world: Those that survived the starvation, depredation, discrimination, suppression, relocations, physical attacks, and myriad other physical and mental insults-to-the-person, are tough individuals. They would not survive otherwise.

Winter September 1, 2023 10:20 AM


In a great many countries, life expectancy is low or lower than “officially desired”.

Indeed, but life expectancy has been lower in “Russia” than even in their European vassal states. Inside the Warsaw pact, the USSR had lower life expectancies than their European “allies”. life expectancy in “Russia” has been consistently lower than in, eg, Romania.

In short, while trying to keep up with their European counterparts in everything, the Russian government consistently prevented the poor from getting wealthier as this would endanger the position of the Czar et al.. The outcome has always been a lower life expectancy than even in their vassal states in the West.

Clive Robinson September 1, 2023 12:16 PM

@ Winter, JonKnowsNothing,

Re : Russian life expectancy.

“but life expectancy has been lower in “Russia” than even in their European vassal states. Inside the Warsaw pact, the USSR had lower life expectancies than their European “allies”. life expectancy in “Russia” has been consistently lower”

I’ve a Russian friend who has escaped the life that most Russians appear to live.

We know about the misogyny and extream violence that is rife. But also as my friend’s father observes,

“Chop of the purposeless heads and what do you see, blood so thin it can not freeze from alcohol, tarpit lungs from endless smoking, and garbage can guts from eating trash with cream so sour it could poison by just it’s smell.”

He tells stories about “the old days” when he lived in Moscow, when the people were so inebriated their work was little different to sabotage. So the communist party had to act, and the price of alcohol was pushed up so high it was a weeks wages. What did the “good citizens do?” the old went back to the old ways and distilled their own. The young clubed together and bought a half bottle and cotton wool.

The result was the old drank nearly pure alcohol and if careless when lighting a cigarette there would be a small pop as the vapour in their lungs exploded and they would fall dead to the floor. The young would soak the cotton wool in vodka and push it up their a55 where it would go into the blood fast…

I dread to think of the pain in either case…

But as he noted they always would talk of better times, from back when Russia had bread in every shop and Borscht was as grandmother once made when young, with good shin beef and fat beetroots, and big potatoes and was fit for any man, and similar tales that realy never were.

He then laughs sardonicaly and says he must be feeling home sick as he needs a drink…

He’s soon to be eighty which is about the average life expectancy living in North West London. As for Moscow from where he was born, not the under 60 it was just thirty years ago shortly after he left with his family. But even now it’s only a little over 65, and as his eldest daughter –a Dr of medicine– keeps reminding me, we can all eat better and get out for some healthy excercise, and look forward more to the better times we make.

Winter September 1, 2023 1:03 PM


We know about the misogyny and extream violence that is rife.

Wife bashing has recently been legalized to the overjoy of the Russian Orthodox church. [1]

Violence and hazing in the army is so bad that suicide is one of the main causes of death in the army during peacetime. [2]

A Dutch journalist who had lived in Russia for many years believed that this extreme hazing was (also) intended to beat the men into submission.

[1] ‘

[2] ‘

JonKnowsNothing September 1, 2023 3:56 PM

@Winter, @Clive, All

re: [gender] bashing has recently been legalized

It is hard to understand how such things come to be, but they do. It’s surprisingly easy to pass such laws. They almost always come with a “Holy Rite” or “Sacred Words”. The results are beyond description.

The USA has been passing such laws on an avalanche scale. Most of these repulsive laws are backed by the Western Christian and Catholic sacred texts (with slight variations). In @26 States half the population in those states, or people visiting them, are now at risk of no medical attention.

The furor over Royal Spanish Football Federation President Luis Rubiales Kiss Scandal will be dismissed by ~half the population while the other half will be provoked.

The enduring and dismal situation for women in Afghanistan and similar cultures (for which such practices are wide spread) remain a blot on our humanity.

It’s not just those countries, women are still sent “outside to the shed” monthly or refused access to sanitary facilities (various reasons and timetables such as during daylight hours) and sent to the barn for child birth.

In the USA, we continue to have our own problems with “20 minutes of action” at Stanford University and “foreign objects” found in cans of soda which can get you a job at SCOTUS.

A TV series drama of 1880’s Italy depicts a fictional version of a real person. It’s amazing to read the subtitles of words used at that time to justify all manner of restrictions. (1)

Modern reasoning has not changed much.



h ttps://en.wikipedia.o r g/wiki/Lidia_Poet

  • Lidia Poët (26 August 1855 – 25 February 1949) was the first modern female Italian lawyer. Her disbarment led to a movement to allow women to practice law and hold public office in Italy.
  • the enrollment of a woman on the roll “did not please” the office of the attorney general (procuratore generale), who entered a complaint with the Court of Appeal of Turin. Despite rejoinders, arguments, and examples of women lawyers in other countries, the attorney general argued that women were forbidden by law and public policy to enter the milizia togata.
  • Under Law n. 1176 of July 17, 1919, women were allowed to hold certain public offices. It wasn’t until 1920 that Lidia Poët as a 65 year old woman, was enlisted in the record of the members of the Council of lawyers and officially recognized as a lawyer, when finally enrolled in the roll of advocates in Turin.

(url fractured)

Clive Robinson September 1, 2023 7:54 PM

@ Bruce, All,

Barracuda ESG debacle continues

Despite Barracuda themselves telling customers to dump their “Email Security Gateways”(ESG) units, it appears that since May 2022 Chinese cyber-spies have via a critical bug in the ESG’s not just burrowed but entrenched themselves in the organisational networks behind the ESGs. Of those in the US affected about 1/3rd of systems so far identified were local and state level government entities.

Aside from Barracuda offering replacments, the FBI and Mandiant, have indicated that the attackers are very probably Chinese and have taken what appears to be extrodinary measures to remain within the systems affected,

So the publically known state level attacks have been taken up yet another notch.

It is thus overdue for people to ask why such organisations have such broad and exploitable connectivity.

Few employees need Internet access, and those that do, generally do not require an externally connected browsing device to be connected to an internal work device.

Those such as cut-n-paste from StackOverflow and the like coders who claim their efficiency will be effected, don’t consider the risks their behaviours bring with it. Likewise their managers and so on up the chain.

We are increasingly seeing attacks via the supply chain and as with this Barracuda ESG attack there is in reality “no fix” for various reasons you can find warnings about on this site going back more than a decade.

Thus even if you clean and sanitize your work proceadures, you remain vulnerable to the risky behaviours of your suppliers as long as attackers can get access.

Thus logically if you can not fix the supplier issue, and it appears you can not, the only other option is to fix the access option with the metaphorical use of a fire-axe to create a fire-break.

Which in reality is to segregate internal and external systems via an “Energy-Gap” and only where necessary put in place “gap crossing” technology.

Just remember that even the majority of “Data-Diodes” and similar devices are not strictly one way. Because they way they do “error correction” provides a reverse channel that can be exploited[1]. Whilst all feedback systems will enable the creation of “covert side channels” they can not be avoided if high reliability is a requirment. The best you can do is use various ways to “reduce the bandwidth” of the side channels to one or two bits in any given time period[3].

[1] There are two basic ways of removing this error correction back channel neither of which is liked by systems designers who put data reliability above security. The first is to have no error correction thus no back channel required you use hashes or similar authentication systems such that either files are valid or they are not. The second way is called “Forward Error Correction”(FEC) put simply you add authentication codes to small parts of your file, and send the files multiple times. You then stich a correct file together from the multiple parts. The way you use FEC is well established in deep space communications due to the time it would take for a back channel retransmission to take, also in media like CD’s, DVD’s, backup tapes, and similar. Effectively where the basic storage media is considered insufficiently reliable or an error correcting feedback loop impractical to impliment or more recently insufficiently secure[2]. Look up “Reed-Solomon Coding”(RS-Codes) or “Bose–Chaudhuri–Hocquenghem”(BCH) codes.

[2] As a practical matter, FEC codes have been considered for “Post Quantum Computing”(PQC) proof key exchange and signiture systems. It can be expected that some work done for PQC will actually flow back into FEC systems. So expect improvments to happen in various ways.

[3] The most obvious side channels are time or energy based. The normal way to introduce a time based side channel is by introducing timing errors, such as “transmission jitter”. The faster the recieving system responds the wider the bandwidth potential for the side channel. One way to stopit-down is to “clock the input” such that the only option an attacker has is to not send data in a clock period to send a single bit of information. There are other options such as “random rejection” where the reciever of the error code randomly drops incoming error correction data rather than pass it on, thus the side channel timing is disrupted. Whilst no method will be 100% side channel blocking, with care the channel bandwidth can be significantly reduced.

Winter September 2, 2023 7:44 AM


A TV series drama of 1880’s Italy depicts a fictional version of a real person.

That was a nice series to watch.

Someone recently pointed out in a newspaper article that from the early prehistoric start, the subjugation of women always had the objective to breed more boys to waste in war, ie, breed canon fodder. In Russia that aim is even open propaganda.

The new Republican driven forced labor for women comes at the same time and same states as the legalization of child labor and weakening of labor safety protection. I do not think this is a coincidence.

Winter September 5, 2023 10:08 AM


Oligarchy as a view on Russia
Re: George Kennan

Anyone who sees women doing what they want as a sign of degeneracy of society is an enemy of freedom in my book.

As Kennan considers the rights of any people in the world as subordinate to the security needs of Russia confirms this judgement to me. Especially as Russia have historically been as reliable in their foreign policies as the Hun hordes in Roman Europe or the Spanish conquistadors in Native South America.

A peace treaty with Russia seems to me to be as reliable as a peace treaty between Romans and the Huns or Native Americans and the Conquistadors was.

I would like to remind everyone of the behaviour of Soviet troops in East Germany after WWII:

name.withheld.for.obvious.reasons September 5, 2023 1:43 PM

Maybe I extoll too much…seems the thread disappeared. Not the first time, and doubt it will be the last. Maybe an exorcism is necessary to purge the daemons, I mean demons, from the cron job cleaning out the posts.

name.withheld.for.obvious.reasons September 6, 2023 1:11 AM

6 Sept 2023 — Rail Line Listening Posts, It’s not what you think – (ML footnotes)
Editorial Comment
Having reported on several breaking stories here on Bruce’s House of (Pain) Security, I have my ears relatively close to the ground or even on the rail. It is becoming obvious to me through several self organizing and ad hoc groups within the U.S., a level of pessimism and disgust with the state of the state regarding any future social order or civil society is widely understood and expressed in narrow channels. But it is not sufficient nor effective in curtailing the reordering of deck chairs on the USS Constitution, that too is clear in the narrows. What I am talking about is the rise of militant efforts to counter the fascist movement still running unabated either politically or institutionally (See Heritage Foundations Project 2025). Convicting and remanding Jan 6 rioters is not sufficient to mitigate unfettered illegality still happening across the United States to overthrow the U.S. government, legal systems, and normative social structures.

We have a Problem Set
From the “rule of law”, contemporary legal frameworks in use to date, to the law of the “Kingdom of God”[1].
Major news organizations, the New York Times, Washington Post, and other traditional newsprint establishments working in event-based reporting or long form journalism miss the mark on what is happening on the ground respecting religious organizations[2]. The transformation has not receded let alone halted. U.S. institutions and the MSM, including the Jan 6th Committee, cannot address theocratic incursions against the laws and foundational structure (U.S. Constitution) the erosion of secular state, defined as rational in nature, into a speculative and imaginary governing context[3]. It is no longer “You can’t handle the truth.” — Quote from Nicholson in the movie “A Few Good Men”. Transforming that quote, made modern for today, “You can’t have the truth. God told me so, and I only answer to God.” — me, 2023

Yet to be articulated, many have reported on the issues surrounding the transformation of U.S. politics but has not taken the head on challenge of usurping the usurpers. To my mind, a clear a resounding and continuous drum beat of “No, like it or not, no.” to all paying fealty to an authoritarian ideology hell bent (pun intended) on destruction, ending modernity as we know it. This response needs to occur in multiple forums, venues, institutions, and organizations as the pervasive and insidious plotting, planning, and organizing has planted many a fascist trees. The political agents, will, and system itself in under duress, functional mitigation has not visible or measurable reduced the threat.

[1] “Taking America Back for God: Christian Nationalism in the United States”, Oxford University Press, Whitehead and Perry, Feb 3, 2020.
[2] Article from BJC Magazine, “Christian nationalism and January 6”, Guy and Masters, Spring 2022, Vol 77, ed 1.
[3] The Freedom from Religion Foundation along with the BJC and its “Christians Against Christian Nationalism” project collaborated and published the report “Christian Nationalism and the January 6, 2021 Insurrection, 9 Feb 2022, – “BJCOnline, downloaded 5 Sept 2023, sxxtp://

Winter September 6, 2023 2:49 AM


From the “rule of law”, contemporary legal frameworks in use to date, to the law of the “Kingdom of God”[1].

The events you describe remind me of the introduction of the Prohibition 100 years ago.

The narrative of the Prohibition, as I understand it, was that in the runup and during WWI there was an accelerated influx of European immigrants and associated accelerated urbanisation. This upset the power balance between established white Anglo-Saxon rural communities and Catholic (and Jewish) non-English urban European immigrants (probably including urban black population). The Prohibition was a theocratic “war on drugs” response to criminalise and subdue urban (immigrant) populations.

The parallels are obvious to me. Classical Republican stronghold states have large Democrat voting urban centers that are growing rapidly and also attract Catholic Latin American immigrants.

The GOP is in a Demographic dead end street. It’s unwillingness to attract your urban voters (or even women in general) makes it a party of rural older white men. As The Donald already observed, if everyone could vote, no Republican would win any election [1].

The only way out for rural GOP is to prevent Urban and non-white Americans from voting. As this has become increasingly difficult, they have and will resort to an armed rebellion.

Note that “religion” is just an excuse here, just like it was to the Prohibition.


name.withheld.for.obvious.reasons September 6, 2023 3:12 AM

More than just duping the plebs into doin the dirty jobs, they become targets eventually as their usefulness will be short-lived.

And it is more than the GOP, it is a collective of so called elites that want to reorder boundaries, property, ownership, and authority. It is a fascistic hierarchy where the predator class run rampant. Accountability is the goal, not to be. Rules are for runts and peasants, not oil-igarchs.

Winter September 6, 2023 4:31 AM


More than just duping the plebs into doin the dirty jobs, they become targets eventually as their usefulness will be short-lived.

Hence the legalizing of child labor in Republican states.

And it is more than the GOP, it is a collective of so called elites that want to reorder boundaries, property, ownership, and authority.

But it is a white elite that currently has found a home in the GOP, or better, MAGA, camp. It is the GOP that has been openly for sale for the last decades [1]

[1] ‘

Winter September 6, 2023 5:33 AM

Re: Elite

The Onion, as always, has the best take on this subject:

Clive Robinson September 6, 2023 9:43 AM

@ ALL,

I think most of us know Mark Zuckebergs early higher education failings that finally led to FaceCrook.

Well this looks like a man using AI to follow in his footsteps,

In a way it’s a very sad reflection on the modern West culture.

On the more worrying side if psychologists and anthropologists are correct, it’s an indicator we are heading for yet another World War that would be rather more than devastating, and the usuall tricks of the wealthy to keep their children away from the slaughter will not work…

Clive Robinson September 6, 2023 1:12 PM

@ Bruce, ALL,

A story to keep your eyes on,

Raspberry Pi’s used to rob ATMs

The story is about three men seen rajng $5700 from a single ATM in Texas.

It’s claimed they used a Raspberry Pi to get past security and access the cash stacks.

No technical details are yet available, so it will be interesting to see them when they surface (if ever they do, as there might be a significant incentive for them to be kept secret).

Clive Robinson September 6, 2023 1:52 PM

@ ALL,

Hands up those who did not spot this comming,

US Law makers upset by AI CSAM

Let’s be honest AI can turn out bikini clad faux model unique images at a quite alarming rate.

The way much CSAM is found is because it’s not sufficiently unique.

So it’s not hard to see why certain types of people would use AI to create CSAM images both as deepfake variations and text-2-image descriptions,

But I’m not entirely sure these legal types actually understand the timechbology,

“The National Association of Attorneys General argued that such material is not victimless, as tools capable of generating such images was likely trained on actual CSAM, the creation of which harmed actual children.”

Actually as with deepfake porn no pornographic images are needed either as training data or subsequent input. Which is the real danger as images can be made that are shall we say not possible, or are beyond an survivable form of violence etc.

What sociologists and psychiatrists tell us is that no amount of technology restrictions will stop CSAM especially the worst forms of it. So no matter what legislation is in place CSAM will continue to be a scourge on modern society in this connected world, and the offenders are very much likely to stay ahead of the legislators.

As CSAM goes back atleast as far as Victorian photographs, it’s probably safe to assume the desire for such materials goes back a very long way, and was probably even considered normal in some societies. Thus may be caused by a form of genetic aberration.

So stoping a limited form of technology is not going to stop the problem any more than replacing wind mills with water mills on the notion there would be no sails to tilt at.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.