The Molinière Underwater Sculpture Park has pieces that are colored in part with squid ink.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Clive Robinson • December 16, 2023 10:00 AM
@ SpaceLifeForm,
Space weather prediction indicates we are due a G2 solar wind hit overnight (universal time).
Starting in about 3hours,
https://www.swpc.noaa.gov/products/3-day-forecast
Not as much as the G3 a couple of days back, but I’ve fingers crossed for some “sky glow” auroral activity and a break in the current 100% cloud cover over the Greenwich Meridian prime.
Gospel or Gossip • December 16, 2023 1:08 PM
NPR: Israel is using an AI system to find targets in Gaza. Experts say it’s just the start
Cyber Hodza • December 16, 2023 4:36 PM
@Gospel – is this the same AI they were using for the oversight of Gaza when Hamas launched their attacks in October or were they using some other technology then 😏?
ResearcherZero • December 16, 2023 8:04 PM
Group running multiple SQL injection attacks and Joomla CMS compromise. Although it’s C&C infrastructure was dismanlted, it’s likely to return.
“Rather than looking for specific data, the threat actor attempts to exfiltrate every possible piece of information within targeted databases.”
‘https://www.group-ib.com/blog/gambleforce-gang/
–
Disabling SQL database integration until 3CX identifies the problem and issues an update is probably a good idea.
“It’s an old style integration meant for an on-premise firewall secured network.”
please disable, please follow instructions
‘https://www.3cx.com/blog/news/sql-database-integration/
Clive Robinson • December 16, 2023 9:02 PM
@ SpaceLifeForm,
Re : Light in the night.
As I noted earlier,
“Space weather prediction indicates we are due a G2 solar wind hit overnight (universal time).”
Well we are getting it… But where I am is not showing a thing, nor is it for friends in Scotland.
As normal in the UK, “grey blankets all”…
Hopefully those up in Alaska and similar are getting a good show.
lurker • December 16, 2023 10:28 PM
@ResearcherZero
“It’s an old style integration meant for an on-premise firewall secured network.”
Don’t we still have those? Oh wait, Cloud, Cloudier, Cloudiest
SQL seems to have never developed beyond its old-school unix birthplace where all the users were trusted …
ResearcherZero • December 17, 2023 1:44 AM
A 10-inch-thick binder that contained raw intelligence (unredacted) the US and its NATO allies collected on Russians and Russian agents went missing during Trump’s last hours in office.
‘https://www.nytimes.com/2023/12/15/us/politics/trump-binder-classified-material-russia.html
“Under the care of then-White House chief of staff Mark Meadows.”
https://edition.cnn.com/2023/12/15/politics/cnn-report-missing-binder-trump-russia/index.html
“We assess with high confidence that the GRU used the Guccifer 2.0 persona, DCLeaks.com, and WikiLeaks to release US victim data obtained in cyber operations publicly and in exclusives to media outlets.”
‘https://www.dni.gov/files/documents/ICA_2017_01.pdf
Having the full ICA, the attorneys continue, will provide “the detailed information supporting [its] conclusions … in order to demonstrate to the jury that [Trump] did not create or cause the environment that the prosecution seeks to blame him for.” The ICA language doesn’t assert that Russia succeeded in creating this environment of skepticism, mind you, just that it was sought.
https://www.washingtonpost.com/politics/2023/11/28/trump-russia-election-interference/
Unit 26165 and Unit 74455
Details of how Russian intelligence hacked, then exfiltrated the DNC and DCCC data, then distribute that material through the DCLeaks and Guccifer 2.0 personas. “On or about August 22, 2016, the Conspirators, posing as Guccifer 2.0, transferred approximately 2.5 gigabytes of data stolen from the DCCC to a then-registered state lobbyist and online source of political news.”
‘https://www.justice.gov/file/1080281/download
APT28 has previously used tools including X-Tunnel, X-Agent and CompuTrace to penetrate target networks.
https://thecyberwire.com/stories/78dfcea0e67f46439eb02ae32d210322/cybersecurity-first-principles-intrusion-kill-chains
–
WikiLeaks started rolling out Podesta’s stolen emails. After the emails were released, WikiLeaks sent Trump Jr. a searchable link of the emails. “Btw we just released Podesta Emails Part 4.”
“Leak us one or more of your father’s tax returns.” The organization argued that The New York Times had already published “a fragment” of Mr. Trump’s returns, and “the rest could come out any time” through an equally “biased” source. WikiLeaks was also pressing for the returns because “if we publish them it will dramatically improve the perception of our impartiality.” And if the group could be seen as impartial, it reasoned, “the vast amount of stuff that we are publishing on Clinton will have much higher impact, because it won’t be perceived as coming from a ‘pro-Trump’ ‘pro-Russia’ source.
“It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to [Washington,] DC.”
Along with Wikileaks advising on Election Day that Trump should not concede if he lost. It’s all a little self serving, and far from open and transparent.
https://www.cbsnews.com/news/donald-trump-jr-wikileaks-corresponded-during-after-2016-campaign/
Guccifer 2.0 sends to Florida GOP operative Aaron Nevins 2.5 gigabytes of data from the Democratic Congressional Campaign Committee (DCCC)
Guccifer 2.0 sends Stone a link to Nevins’ page containing the Democratic Congressional Campaign Committee’s turnout data.
‘https://www.justsecurity.org/45435/timeline-roger-stone-russias-guccifer-2-0-wikileaks/
DCCC documents sent to Mr. Nevins analyzed specific Florida districts, showing how many people were dependable Democratic voters, how many were likely Democratic voters but needed a nudge, how many were frequent voters but not committed, and how many were core Republican voters—the kind of data strategists use in planning ad buys and other tactics.
https://talkingpointsmemo.com/edblog/are-we-missing-a-big-part-of-the-facebook-story
ResearcherZero • December 17, 2023 3:43 AM
@lurker
It’s very common to find SQL Server service accounts configured with local administrative or LocalSystem privileges and SQL servers are difficult to monitor.
The SVR also showed an interest in details of the SQL Server and JetBrains TeamCity CVE-2023-42793 (auth bypass and RCE)
‘https://www.ic3.gov/Media/News/2023/231213.pdf
“As part of this exploitation, the main threat actor used the TeamCity exploit to install an SSH certificate, which they then used to maintain access in this second victim’s environment.”
https://www.fortinet.com/blog/threat-research/teamcity-intrusion-saga-apt29-suspected-exploiting-cve-2023-42793
The SVR has also previously used xp_cmdshell
From this, ELECTRUM appears to leverage MS-SQL access to the central “pivot” machines to gain code execution throughout the ICS environment.
‘https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf
“The Windows process spawned by xp_cmdshell has the same security rights as the SQL Server service account.”
https://docs.microsoft.com/en-us/sql/relational-databases/linked-servers/create-linked-servers-sql-server-database-engine?view=sql-server-2017
Many types of data sources can be configured as linked servers, including third-party database providers and Azure Cosmos DB.
If the linked server is defined as an instance of SQL Server or an Azure SQL Managed Instance, remote stored procedures can be executed.
https://docs.microsoft.com/en-us/sql/relational-databases/linked-servers/create-linked-servers-sql-server-database-engine?view=sql-server-2017
SolarWinds supply chain attack
SolarWinds had used a software build-management tool called TeamCity, which acts like an orchestra conductor to turn source code into software.
TeamCity spins up virtual machines—in this case about 100—to do its work.
In a snapshot, they found a malicious file that had been on the virtual machine. Investigators dubbed it “Sunspot.”
https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/
ResearcherZero • December 17, 2023 4:32 AM
@lurker
And the auditing system is old too. A lot of stuff has been developed which may not always return correct or helpful responses when auditing. Bugs still remain that have been there for a very long time. Updating the code might not be too easy because any changes may have repercussions for more recently developed projects.
“anyone who wants to talk to the audit subsystem using their own code instead of libaudit will have to add a workaround to the Netlink layer of their stack to either fix or ignore the error, and apply that workaround only for certain message types.”
“The odds of these bugs getting fixed is approximately zero, because existing applications will break in interesting ways if the kernel starts setting the length field correctly.”
https://blog.des.no/2020/08/netlink-auditing-and-counting-bytes/
People do develop new approaches, and sometimes someone works out a clever new way of solving a problem. Occasionally people get together and do some voodoo. Or not.
Documentation helps…
“Unfortunately the protocol has evolved over the years, in an organic and undocumented fashion, making it hard to coherently explain.”
‘https://www.kernel.org/doc/html/next/userspace-api/netlink/intro.html
Clive Robinson • December 17, 2023 11:43 AM
@ lurker,
“SQL seems to have never developed beyond its old-school unix birthplace”
Will be 50years old next year, and was developed by “Chamberlin and Boyce” at IBM for System R on their bespoke hardware (IBM 360’s etc). They basically took Codd’s “relational model” and bolted it on what was an existing 1960s flat file DB system with some quaairelational features added in the early 70’s and went from there with a more relational front end to come up with SQUARE.
What became Oracle started their development in the late 1970’s and from memory did not get it out the door till the very early 1980’s. They had little choice but to use non-IBM hardware and OS, which did not leave much choice…
As we know Oracle made it big eventually on later Sun Hardware, but the OS especially at the file system layer was a bust (there was thar 2GByte file size limit). So Oracle did with Sun hardware what IBM would never have alowed them to do, which was to use the hard drives “Uncooked” puting their own file system on top of the raw device driver interface…
Back in the last century I did something similar when developing an encrypted video Sat-Comms communications system. It started off on very expensive hardware in purple fronted racks. However the aim was to do it on low cost PC based systems… Even Dual-Pentium systems with dual SCSI channel RAID, costing the equivalent of 1/3 of a senior engineers annual salary barely did the business (you can do it these days on a cheap laptop with solid state hard drives…). The OS was not BSD but AT&T Unix… But Microsoft had their name all over it[1] and got “double-bubble” on licencing fees on Intel platforms.
Any way enough of that trip down memory lane…
[1] What few do not realise is that when AT&T wanted to put Unix on to Intel hardware the ended up with a pile of dodo dropings called Xnix, that microsoft got three guys in a garage to make (SCO)… The big problem was no standard MMU, and when Intel shoved out the 286 it had hardware bugs in the memory control… The rights Microsoft got out of the deal gave them an immediate competative advantage against an other Unix on Intel untill Minux then Linux came along and together they have very much upset the Microsoft Apple cart… Untill then few realise that Mixrosoft and Tandy (Radio-Shack) were the biggest license sellers of Unix…
lurker • December 17, 2023 2:35 PM
@ResearcherZero, Clive
I know, I know. When I was given a SQL server to feed and care for, the first thing I did was to get a long stick and some heavy chains. The success in running it unhacked for three years I attribute to our wonderful upstream network gurus.
ResearcherZero • December 17, 2023 6:17 PM
@lurker
I’d run away. Screaming probably.
But it would be OK because I wouldn’t know the SA password anyway. 🙂
–
‘https://www.404media.co/cmg-cox-media-actually-listening-to-phones-smartspeakers-for-ads-marketing/
–
Reuters has temporarily removed the article “How an Indian startup hacked the world” to comply with a preliminary court order issued on Dec. 4, 2023, in a district court in New Delhi, India
‘https://www.reuters.com/investigates/special-report/usa-hackers-appin/
Numerous private spyware and employee-developed intrusion tools have also been used by Appin, which leveraged the freelancing platform Upwork to facilitate malware acquisition.
https://www.securityweek.com/researchers-dive-into-activities-of-indian-hack-for-hire-firm-appin/
–
Sandworm
During the first wave of attacks in early May, hackers targeted 16 Danish energy companies, successfully compromising 11 of them through a Zyxel firewall vulnerability.
Another unusual aspect of the incident is that many organizations were attacked simultaneously, indicating that hackers coordinated and carefully planned the attack.
‘https://therecord.media/danish-energy-companies-hacked-firewall-bug
XYZZY • December 17, 2023 6:55 PM
@ Clive Robinson
It was XENIX with and E. Simple port of UNIX. I did the Z8000 and 68k kernels. I added paging and device drivers. Others did it for Intel CPUs. It was quite stable on the 68k and there were many SUN 68k systems running XENIX in service for email and cross compiling at Microsoft.
Clive Robinson • December 17, 2023 8:22 PM
@ XYZZY,
“I did the Z8000 and 68k kernels.”
Back then I did hardware designs around both those chip sets, as I thought they had a future. Like other HWeng the Intel abominations not so much…
Whilst “being in good company” we were all wrong. The Z8000 barely made it to market in the Personal Computer domain (Olivetti if brain is not to creaky). The 68K made it through several generations, but it to did not make it in the Office level of Personal Computers, however it also went into embedded with the Dragonball range that I designed into some set-top devices in the first half of the 1990’s.
Back then “men were men and cut their own OS with their teeth” 😉
A legacy of most engineers still being 8biters at heart and in a lot of cases had a “Don’t need no stinking MMU or segmentation”. Thus most such OS’s would now be called BIOS’s at best.
It’s funny sometimes to still see people describe “C” as “high level Assembler”… Few these days realise the very very large gulf between the ISA and even the lowest of highlevel languages and the myriad of issues they brought up (dare I say “hidden pointer arithmetic”?).
In my dead tree cave I still have quite a few of the very few books on writting device drivers for various Unix implementations…
I’d like to say “Happy days” but I suspect you might know the reality of waking up after one to many all nighters with “Qwerty face” as Dilbert once described it…
Then there were the tricks some used with coffee and those cold med / pep-pills that were not quite legal in some places that “students” had learned were a way to keep up [1].
I ruined my eyesight with long long hours with a “wrap-gun” reconfiguring hardware hours after those “wiremen” had sensibly gone home[2] to their families (also managment did not like paying them overtime).
We also find out that “free pizza” is not a healthy diet in several ways… =(
[1] Invented very shortly after WWI and used by both sides as “pep-pils” in WWII… German U-boat commanders were issued with stocks of both a well known poppy extract as it caused constipation, and “Pervitin” to keep then upright and significantly reduce appetite… Apparently both Hitler and Goering were full on (ab)users…
[2] One of the reasons we “engineers” were given “gym membership” as a perk was that it was in the same building and opened early and closed late, and importantly had changing rooms with large lockers and showers, such that we could wash and change clothes without having to go home. Oh and secondarily to burn out the fight or flight hormone build up…
Clive Robinson • December 17, 2023 9:54 PM
@ ResearcherZero,
With regards the 404 article on Cox Media,
“Using your devices to bug you and sell you”.
I’ve assumed this possability for many many years…
It’s why I don’t have “smart devices” or IoT in my house or new white or brown goods.
The only device I have that connects out-side is a mobile phone that stays in a room that is not used to do anything active in other than read, or use it to browse the Internet…
Yes I’ve been and still do get called paranoid… But in response I just say,
“Give it time and you will wish you’d done the same.”
As the old saying has it,
“You ain’t paranoid if you know they are out to get you!”
And as I used to design and install very high end surveillance equipment [1] as let’s say “an overnight contractor” I kind of have knowledge about who used to go after who, though not why.
So yeh I’m a little further down the foot path than most, if not as back then “putting first steps…” / “cutting new ground…”.
The thing is that even with MIMO and microwave frequences, the RF spectrum is getting way over crowded and “RF Bugs” just can not be hidden these days with SDR and GNU Radio making counter surveillance way to easy.
Thus you have to be a “sapling in the forrest” and 2G used to be ideal, but it’s being torn out to make way for 5/6G the chipsets of which are way way to expensive for and well neigh impossible to get hold of in small quantities.
Thus using an app on someones phone is generally not just lower cost, it’s lower risk as well and way way less effort, with enormous profit potential hence all those VC’s sniffing around certain Israeli companies…
[1] The thing about “Low Probability of Intercept”(LPI) systems back then is that technically the transmitters could be way way simpler than the receivers. From a “surveillance equipment” perspective that makes the bugs inexpensive and the receivers well… Let’s just say the sort of customers I dealt with did not ask the price you just invoiced and it was paid “NQA’d”…
ResearcherZero • December 17, 2023 10:50 PM
The Cloud Under the Sea (bifurcation)
‘https://www.abc.net.au/news/2023-12-18/undersea-internet-cables-a-hotspot-for-espionage/103240612
A brief look at the history of undersea cables and COMINT (sans advertising)
‘https://www.youtube.com/watch?v=2P3P5OkGt8Q&t=270
You may also want to watch the one about nuclear subs because they are rad.
‘https://www.youtube.com/watch?v=AecFpnj383A&t=321
“The minute people came up with missiles, people started trying to shoot them down, and the minute people started trying to shoot them down, people started thinking about penetration aids.”
https://www.nytimes.com/2022/03/14/us/russia-ukraine-weapons-decoy.html
Short and Limited Reaction Time.
The warheads, of which there are multiples and which emerge from the cone of the missile, are “relative small,” which makes it hard to attack. Some of these warheads might be decoys, and contain nothing. A nuclear warhead inside a decoy balloon will travel at the same speed as an empty decoy balloon above the atmosphere, and will be indistinguishable from it.
‘https://ww2.aip.org/fyi/2022/physicists-argue-us-icbm-defenses-are-unreliable
–
An old idea that was used before until it wasn’t.
What would you do in order to NOT start a war with another country, like Iran for example, or perhaps even North Korea?
‘https://www.politico.com/news/2023/12/13/trump-north-korea-nuclear-weapons-plan-00131469
It also appears that the North Koreans were surprised by what the U.S. delegation knew about secret North Korean facilities. What happened in Hanoi ultimately says a great deal about how Trump perceives his own negotiating skills.
https://www.nbcnews.com/think/opinion/trump-s-north-korea-summit-failed-because-he-doesn-t-ncna979461
ResearcherZero • December 17, 2023 11:01 PM
Last time it went pretty bad. So I imagine the new plan won’t be like the last plan?
‘https://www.forbes.com/sites/alisondurkee/2023/07/10/trumps-north-korea-threats-made-officials-terrified-us-would-face-nuclear-attack-ex-staffer-reportedly-says/
“Never again will we provide the U.S. chief executive with another package to be used for achievements without receiving any returns,” Ri said, referring to Trump.
“Nothing is more hypocritical than an empty promise.”
“The U.S. professes to be an advocate for improved relations. But in fact, it is hell-bent on only exacerbating the situation,” he added.
Ri said North Korea would continue to build up its military forces, including its nuclear program, to counter what it sees as U.S. threats.
https://eu.usatoday.com/story/news/world/2020/06/12/north-korea-diplomacy-trump-has-failed-boost-nuclear-program/3174457001/
&ers • December 18, 2023 5:10 PM
@Clive @ALL
hxxps://www.businessinsider.com/ukraines-real-power-broker-yermak-zelensky-russia-war-biden-2023-12
Even if the Ukraine wins…do the people win?
Clive Robinson • December 19, 2023 12:39 AM
@ &ers, ResearcherZero,
My reply appears not to have been posted…
“Even if the Ukraine wins…do the people win?”
No, not their people, or our people, or the Russian people.
There are no winners in war, just wanton death destruction and enslavment in one form or another.
As for reperations, Putin is never going to alow that and Biden or the next US Presidebt will just carry on keeping Ukrainian hands tied, thus encoraging Russia to pour in resorces pointlessly on one mans vainglory.
So there will be no justice, no payment, and Putin will be back at it again in a year or two at the most…
Putin is already making claims about Nazis in Estonia abd Finland, so that kind of tells you where he’s planning to push forward next. You can be sure it will happen unless stopped. But the US State Dept is quite happy to let it happen…
To see why you need to understand a little background.
@ResearcherZero within the past 24hours linked to a story about North Korea and why they will never ever give up their nukes or delivery systems, and the US is kidding themselves if they think they will.
As I’ve indicated before, NK know they can never win a war against the US without the support of both China and Russia, which the North Koreans have assessed is not likely to be forth coming, so they have to defend themselves.
Therefore like Pakistan they have planted a “Keep off the Grass” notice on their front lawn. The US know that NK can hit US territory and more easily the territory of US alies with nukes. Thus the alies are telling the US not to be stupid.
But also US citizens are telling their government not to be stupid as well.
NK knows that if they launch their nukes, the US will retaliate so they will over all loose but not as much as may be relavant. However NK also know that the US probably can not stop a nuke with better than a 33% probability, thus over a sufficiently large US city NK will potentialy kill upwards of 100K US citizens some immediately some over the following decades. Unlike NK citizens who don’t much matter to their leadership, US citizens do matter to US leadership. So NK knows the US can not realy win either. That is it will end not in a win for either side just an ugly mess.
Thus as long as NK has not just nukes but a working delivery system, the US is going to leave them alone. Similar logic applies to both China and Russia. So from the NK perspective they are going to look after their nukes way more carefully than you would a pocket-watch at a pick-pocket convention.
The Ukraine had nukes, that would have kept Russia off of their lawn. However US policy was and still is,
“We will have all the nukes and you will have nothing, and do as we say.”
(but atleast have stopped troting out the “Bomb them back to the stoneages” rhetoric, though the State Dept still clearly think it’s the primary way to go).
The Ukraine did not want the expense or risk of keeping nukes so the UK and US worked out a plan, where the nukes left Ukraine and the UK and US prommised to keep Russia out of Ukranian soverign teritory…
However the world saw with India and Packistan the US pulled out chairs to the top table once they had nukes and delivery systems… However the world also saw that other nations that did not quite cross the line got given the back to the stoneages treatment… Now the Ukraine is becoming another thing for the world to see about US policy…
It’s why Turkey is never going to give up the nukes it has even though the delivery system is only aircraft.
Likewise the UK and France, they know they have as much to fear from the US as they do the other Super Powers, and upcomming super states like India.
Russia knows that it can push back against the US because Russia is both too large and dispersed and has too many nukes for the US to go down the MAD route.
If you analyze the US aid to the Ukraine it’s fairly pointless, it’s at best “token” for press publicity and mostly old junk that was going to be scrapped anyway. However now it will keep the war just ticking over, giving Europe Significant problems.
Europe on the other hand is pushing in quite a chunk of their top tier weapons over US objections…
It’s becoming fairly clear what US policy is and Europe is on the anvil and the US State Dept is more than happy about that and will watch on as the Russian hammer strikes.
So the only way Ukraine can get back their soverign territory and long term peace that the US and UK were treaty bound to ensure… Is to alow the Ukraine to attack Russian territory as best they can, because Russia has pulled back into US imposed safe zones so can attack the Ukrainians at will… It has to be alowed because that is the only way Putin will negotiate honestly.
For those living in Europe especially the East of Europe, it’s time for them to realise the US State Dept see them as less than “cannon fodder” to soak up Russian stupidity. The State Dept would be over the moon if say Germany got tied up like the Ukraine as the market potential would be enormous.
Clive Robinson • December 19, 2023 1:38 AM
@ ALL,
Speaking of fire and energy that few have known,
Yes another volcano erupts in Iceland.
Although it’s been expected for a couple of weeks to a month and some evacuation has taken place, we still do not have much data.
What we know is that it’s from a fissure situated north of Grindavik with lava fountains reaching heights well above 100 meters, and at the moment no ash in the upper atmosphere.
For those that don’t remember back to 2010 and the “Eyjafjallajokull” volcano in the southern part of the country, Iceland is in a bit of a significant place when it comes to air travel in the Northern Hemisphere. It closed air traffic for weeks… However to stop that happening again they have since changed the regulations (go figure that one…).
The reason it’s a significant concern is that volcanoes are easily capable of vomiting vast quantities of micro fine ash well above the hight jet aircraft can fly. Such ash can represent a major hazard to the blades in aircraft engines, thus the engines, the aircraft and all those aboard. Also such ash can cause other problems with regards EM radiation and communications and navigation.
But as the current eruption has a relatively high lava discharge rate, it suggests there is a fair amount of preasure in the magma. Which does mean that potentially this will have a serious and significant impact on local communities in the “Grindavik” area and important geo-thermal and other infrastructure including the Svartsengi power plant near the town. Also the lava has to go somewhere that can make areas barren for some time and it is close enough to effect the tourist attraction of Icelands famous Blue Lagoon.
I guess we will need to keep an eye on it upto and over the Xmas period if not into the new year… Though of considerably less concern to those west of Iceland as the prevailing weather is toward Europe…
ResearcherZero • December 19, 2023 4:23 AM
@Clive Robinson, ALL
To target a nuke with precision during launch phase, and not knock it down over allied or some other nation’s territory, you usually need to be reasonably close to where it launched, while also calculating cross-wind speeds and other factors. Not easy, with few second chances. Bob also lives under the flight path, and it’s his ancestral home.
Hopefully the interceptor detonates before getting to the target, yet in close proximity. Not every payload detonates initially either, or detonates close enough. You may also just knock it out of the air over Bob’s place, and Bob very rarely leaves his house or travels far when he does. Blowing up friends by accident is never a good look or easy to explain.
–
“The most critical of the four vulnerabilities has a CVSS score of 10.0 because it allows for arbitrary remote code execution as LocalSystem by unauthenticated remote attackers.”
‘https://www.microsoft.com/en-us/security/blog/2023/12/15/patching-perforce-perforations-critical-rce-vulnerability-discovered-in-perforce-helix-core-server/
‘https://www.perforce.com/manuals/p4sag/Content/P4SAG/chapter.security.html
update
‘https://www.perforce.com/downloads/helix-core-p4d
–
CVE-2023-35384 bypass
Organisations should use micro-segmentation to block outgoing SMB connections to remote public IP addresses, and disable NTLM, or add users to the Protected Users security group.
‘https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-one
Integer overflow. CVE-2023-36710
and Audio Compression Manager and Huffman decoding out-of-bounds writes.
“Although no impactful vulnerability was found during the reversing of the codec, we believe there may be vulnerabilities that hide in the different complex operations carried by the decoder.”
‘https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-two
Clive Robinson • December 19, 2023 8:01 AM
@ ResearcherZero, ALL,
Re : Bad “no-click” Microsoft RCE.
The Akamai post is fairly clear as to the mechanism thus we can expect it to get exploited.
The thing is apart from the nitty gritty none of it is new.
Warnings about translating one file location path type, into another path type have been around for years.
Even published in an O’Riley book on the use of grep… Where it tried to validate the many forms of disparat Email Address.
As for “chaining vulnerabilities” I’ve been pointing out for years now, that if I were to put “deniable vulnerabilities” into code it’s how I would go about doing it.
I’ve even at one time likened it to “aligning the wheels on a combination lock”.
So it brings up the question that people are increasingly asking with Microsodt code and their vulnerabilities,
“Negligence or Deliberate / Deniabile?”
Some are now more or less convinced that even though it sounds like a conspiracy theory, Microsoft are “Deliberately” putting in these “Deniable” vulnarabilities at the behest of a “third party agency”.
One argument given is that “siloing”[1] alows a person to be tasked with an individual piece of a task but remain in ignorance of the actual task objective. That is like with a jig-saw puzzle if you have only a single piece, and without the whole picture or enough pieces you can not work out the overall picture, or even where your piece fits in.
Are they right? Well the only answer that you can give aside from a shoulder shrug is “What’s the probability?”. That is how many times has it happened compared by some measurand and threshold test against say an industry norm or average. The problem though is there are an insufficient number of software organisations the size and type of Microsoft. So the “law of small numbers” is very much in play.
All we can say is we know that certain Intelligence Agencies put in “implants”. Some we know how –Cisco, Jupiter, RSA, SolarWinds products– but mostly we don’t.
Thus some consider it “fair” to say it’s probably endemic in “certain types” of ICT Industry organisations, in which MicroSoft would almost certainly fall. However that does not of necessity make it “organisationaly true” the nicety of the jig-saw approach is an agency can “turn” individuals by the usuall MICE techniques without those turned having to have knowlege of each other or what the actuall real task is, and there is little or nothing that they can tell others that would be believable.
[1] Siloing is a term more usually used where things go wrong in software development because teams of developers do not effectively communicate leading to all sorts of ills,
https://www.navalent.com/resources/blog/siloing/
But it is almost endemic in even low security classified areas, supposadly as a defence against “jig-saw” intel gathering tactics.
lurker • December 19, 2023 2:57 PM
@ResearcherZero, Clive Robinson
Another leftover from the days when one would hear the morning post arriving by the postman lifting the flap over the slot in the frobt door, then the sound of letters hitting the floor inside. Otherwise I can think of no valid business reason why an email app should be able to play a sound file.
name.withheld.for.obvious.reasons • December 19, 2023 3:52 PM
Thanks for the use of the time machine Clive,
As recently as 2007 a project prototype had me wrapping pins for a VME bus interface for dynamic board insertions. Also did manual mounts of dies with pins @ 0.5 mm on center. Took me 4 hours to manually attach. What fun those days were, I guess.
Clive Robinson • December 19, 2023 6:04 PM
@ name.withheld…
Re : Use of time machine.
“What fun those days were, I guess.”
Funny you should mention “way back then” and hint at the “not so” good times…
I’ve just been replying to someone else about something that back even in the 1990’s was so esoteric few even realised what carnage ICT was going to create, and it might amuse you as I suspect from your previous comments you would have been one of the very few to see it all coming down the mountain side,
The thing though, is what have we engineers got to show for our labours? Bad eye sight is one, lack of pay to potential being another, that’s the trouble with doing a job “for the crac” rather than be mercenary and “grab and fill yer boots”.
As no doubt others here know “Experience” that was deemed so important, did not in reality put much in the retirment pot, or mortgage.
I should have followed my fathers advice of,
“Study what makes you happy then become an accountant and business manager to pay for the hobbies that make you happy.”
Although I did get to own a number of homes along the way and a couple of yachts they were not your “California holes in the ground/water” type houses/boats. Worse I ruined many good hobbies by turning them into proffessions. Thus giving me the double problem of nolonger enjoying them, and having to find new hobbies to replace them.
I also damaged more than my eyes… When you look like a six and a half foot Klingon having a bad hair day, it’s assumed by many you are unbreakable… Actually things like cartilage and sinovial fluid in joints and spine are more fragile than for smaller people, and you don’t find out till years later when you realise why some people call a bed “The Rack” as in one of Tomas de Torquemada’s inquisitorial toys.
Would I have done things differently?
Probably not, even if I had realised the likely outcome. And I suspect a few others here would say the same.
Clive Robinson • December 19, 2023 6:35 PM
@ lurker, ALL,
“I can think of no valid business reason why an email app should be able to play a sound file.”
I suspect that 😉
1, You do not work in marketing.
2, You do not have a US MBA.
One of the first questions I ask when faced by an entity seeking guidence on how to get out of an ICT hole is,
“What is the business case for this computer to be externally connected?”
I think you can guess the types of responses I’ve been given…
In short though they rarely admit it, but they thought it would be a good idea based on some mantra they got taught…
In other non ICT cases ask them why they have entry systems and security on the front door but the doors on the loading dock held open by a fire extinguisher so the smokers have somewhere to commit their chosen sin…
You get the “security” picture ={
Our host once noted that people did not do the things security asked because they got in the way of them meeting managment targets.
Actually it’s worse than that, people do not do security because it stops them doing what they want to do…
The response though can be worse… No doubt you’ve heard of seniors buying lengths of chain and padlocks to put on the doors of fire escapes?
Whilst this is an extream example similar “quick fixes” happen all to frequently.
No doubt you’ve heard of the bottles with urine in that turn up in Amazon Warehouses? Well that’s “cause and effect” at work.
There is good reason why in Europe “Health and Safty” and “Workers Rights” legislation tends to be vastly different to that in the US… And it’s due to the fact that we have kind of learnt that the most valuable asset in a workplace is actually those that do the work, not those who manage them.
ResearcherZero • December 19, 2023 10:38 PM
@lurker
Henry the Engine began to notice that all the other trains around town looked a lot like him. But also a lot like the milkman.
https://www.youtube.com/watch?v=AJ2keSJzYyY&t=1383
–
‘https://www.theguardian.com/society/2023/dec/18/ministry-of-justice-plan-to-destroy-historical-wills-is-insane-say-experts
–
Patches are rolling out and are already available for some platforms.
“weaknesses in the AsyncSSH servers’ state machine, allowing an attacker to sign a victim’s client into another account without the victim noticing. Hence, it will enable strong phishing attacks and may grant the attacker Man-in-the-Middle (MitM) capabilities within the encrypted session. …To perform the Terrapin attack in practice, we require MitM capabilities at the network layer (the attacker must be able to intercept and modify the connection’s traffic). Additionally, the connection must be secured by either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC.”
If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.
‘https://terrapin-attack.com/
ResearcherZero • December 19, 2023 11:44 PM
@Clive Robinson
“Negligence or Deliberate / Deniable?”
‘Oh oooh ah gee, sorry about that. Who’d ever guess there would be a golden handshake vulnerability in our platform? We recommend you disable that option.’
One suspects a bit of both. There is obviously a lot of ignoring problems, the “it’s designed that way,” excuse, and disregarding of first principles in order to “fix it later”. Which itself could be deliberate obfuscation. And 1 and 2. Maybe they are flexible?
Microsoft was quite happy to make that same argument when requesting clearance to store sensitive information. Which is not the best pitch to win most over. ‘But have you seen my new sports car VROOM VROOM?’ The proverbial don’t give a flying duck.
Sometime in the 90’s…
‘Why not put all your sensitive information on our cloud service? It has a nice GUI, and it’s really easy to use. Here, hurry up and just sign this, I’m really busy.’
“No. At this point in time you do not even have a ‘cloud service’.”
And the suit is gone out the door without further discussion.
–
Retrospectively designed.
Anchoram found Defence officials had congratulated themselves for not recording minutes of a critical meeting in which KPMG’s work was being checked against its contract, listing this omission as a “pro” in a post-implementation review; the only “con” they identified in the same review was that “donuts [sic] arrived too early in the meeting”.
‘https://www.abc.net.au/news/2023-12-20/defence-data-contract-kmpg-weak-indefensible-review-finds/103247476
–
Total number of persons affected (including residents): 35,879,455
‘https://www.businesswire.com/news/home/20231218979935/en/Notice-To-Customers-of-Data-Security-Incident/
“We are providing notice to customers about a data security incident which exploited a vulnerability previously announced by Citrix.”
‘https://assets.xfinity.com/assets/dotcom/learn/Notice%20To%20Customers%20of%20Data%20Security%20Incident.pdf
–
Iranian petrol services disruption.
‘https://time.com/6548680/iran-hacker-gas-station-cyberattack-israel/
MuddyWaters using custom framework and keylogger to target telecommunications sector in Egypt, Sudan, and Tanzania.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms
‘https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
ResearcherZero • December 20, 2023 1:15 AM
Personally, I can’t see anything wrong with that picture.
‘https://www.news-medical.net/news/20231213/Machine-learning-predicts-the-long-term-future-of-shortsighted-eyes.aspx
“If I had these speeches, and I am not saying that I do, I would never read them.”
https://archive.vanityfair.com/article/share/e515a2cd-a51b-4f83-8d61-6ebb9a104e0a
But I myself do enjoy reading well argued legal opinion by the highly qualified…
“Even if Meadows were an ‘officer,’ his participation in an alleged conspiracy to overturn a presidential election was not related to his official duties.”
“We are aware of no authority suggesting that the Take Care Clause empowers federal executive interference with state election procedures based solely on the federal executive’s own initiative, and not in relation to another branch’s constitutionally-authorized act.”
“Simply put, whatever the precise contours of Meadows’s official authority, that authority did not extend to an alleged conspiracy to overturn valid election results.”
“These types of actions can cripple government operations, discourage federal officers from faithfully performing their duties and dissuade talented people from entering public service.”
‘https://media.ca11.uscourts.gov/opinions/pub/files/202312958.pdf
“At bottom, whatever the chief of staff’s role with respect to state election administration, that role does not include altering valid election results in favor of a particular candidate.”
https://www.nytimes.com/2023/12/18/us/meadows-trump-georgia-election-case.html
Winter • December 20, 2023 3:26 AM
@ResearcherZero
Personally, I can’t see anything wrong with that picture.
Re: High Myopia
I do not understand what you want to say here?
ResearcherZero • December 20, 2023 5:02 AM
@Winter
I guess I should be more blunt. I’m surprised at the look of surprise on some people’s faces lately. I’ve shoved my head pretty far up my own a— at times, but I didn’t walk around like that all the time. I’d get a sore back.
I was watching interviews with people who have been in politics for a very long time. Along with some of the responses by people who have been covering politics for a very long time.
They all got a good look-in behind the scenes on many occasions.
Perhaps the implications should have been written about earlier. Surely someone at least spit-balled the idea and extrapolated a little on how things might play out.
There seems to be some degree of shock at such skullduggery done out in the open. Many of those wearing startled expressions have born witness to plenty of ‘rat-f—ing’, by those ignoring rules and regulations in order to further their own interests, or otherwise acting as a law unto themselves. By some of the very same people in fact -that they are watching now. There are even articles about those players written during the last 50 years.
“devotion to the idea that expertise doesn’t matter”
‘https://www.npr.org/2023/12/08/1218100652/writers-at-the-atlantic-examine-what-trumps-second-term-could-look-like
“People who know him well suggest that he would not let that threat deter him a second time.”
What a second Trump term would mean for the Justice Department.
https://www.npr.org/2023/12/10/1198909470/consider-this-from-npr-draft-12-10-2023
‘https://www.theatlantic.com/magazine/archive/2024/01/trump-reelection-fbi-investigations-indictments/676123/
“a different type of lawyer”
‘https://www.nytimes.com/2023/11/01/us/politics/trump-2025-lawyers.html
And so on…
–
Going down to crazy town…
“In the 1990s, Russian women became followers of the demoness Lilith.”
In mid-December, the St. Petersburg academic journal Legal Science: History and Modernity published an article titled “The Russian Family as the Basis of Russian Statehood”
‘https://meduza.io/en/feature/2023/12/18/beast-people-feminists-and-aliens
Wikimedia.ru — the nonprofit organization that supports the Russian segment of Wikipedia, announced its dissolution on December 19, after its director Stanislav Kozlovsky was forced to resign from his job at the Moscow State University (MGU) due to Russian officials’ plans to label him a “foreign agent.”
Winter • December 20, 2023 5:29 AM
@ResearcherZero
Re: Myopia
So this was about politics, not Myopia.
My take on it is that people following right wing authoritarians is that the hate of the left is a historical trend.
In the past the left was about solidarity between the workers and the learned (students and academics). In practice, it was solidarity between white blue collar workers, white journeymen and students & academics. From the nineties , the left demanded solidarity with women and minorities. From then on increasing sections of white blue collar workers and journeymen realized that they do want to receive solidarity, but not give it.
Authoritarians like Trump do promise their followers that they will never have to give solidarity to others. That they will not receive any seems to elude these followers.
ResearcherZero • December 20, 2023 5:41 AM
@Winter
Told me she was my lawyer once. I took out pen and paper, and she asked me what I was doing. I explained that it would be prudent to keep a written record of the legal advice that was about to be provided.
“You don’t need to do that,” she said.
It was not her legal practice she had walked into. I also had never met her before. I asked for her card and was not that surprised to see she was the same former bookkeeper who had recently knocked off $200,000 from her employer (a close friend of her fathers).
The brash young ‘paralegal’ – from some other place – tried to fish for what I was intent on doing, why I was there, what I was doing, or what I might know.
I declined to accept any possible invitation for either representation or advice.
‘https://www.afr.com/companies/professional-services/michaelia-cash-the-only-choice-for-a-g-and-for-history-20210324-p57dtc
Winter • December 20, 2023 6:05 AM
@ResearcberZero
Told me she was my lawyer once.
Again, I have no idea what you want to communicate? Xmass is too close for me. My brain is already on vacation.
ResearcherZero • December 20, 2023 6:08 AM
@Winter
Who ever sent her probably didn’t mention nearly everyone involved in that case wound up dead, and it’s likely that very same person was responsible for it. Which might be why they did not tell her, and another reason why I thought best to not divulge any details which might give them another excuse for something which they seemed all to willing to do.
Personally I’d stay far away from that kind of strife and trouble if possible.
JonKnowsNothing • December 20, 2023 1:06 PM
@Clive, All
re: Supply Shocks and Suez Canal
A MSM reports the re-routing of 100 container ships from the Suez Canal due to hostilities in the area. (1)
Some interesting details from the article
It will be Jan-Feb 2024 before western consumer economies begin to notice item shortages. There are on-going food shortages globally which continue to impact specific products. Depending on what is in the containers (food v non-food v pharmaceuticals) it may get noticed ~Feb 2024 when resupply fails.
===
1)
HAIL warning
ht tps://www.theguardia n .c om/business/2023/dec/20/more-than-100-container-ships-rerouted-suez-canal-red-sea-houthi-attacks-yemen
Clive Robinson • December 20, 2023 2:12 PM
@ JonKnowsNothing,
Re : Taking the long route home.
“100+ Container ships diverted to the Long Route”
I suspect that it will fairly quickly be up in the thousands in total…
From memory The World Economic Forum claimed over 30% of world container traffic was going through the Suez cannal back when the Evergreen dug into the bank and created a fair amount of mayhem especially to supply chains from the Far East to Europe run on the JIT principle.
I know that trade through the cannal went down due to the “Problems to the East of Europe” due to insurance companies not providing cover incase Russia got through Turkey, out of the black Sea into the Aegean Sea and then the Med and started sinking commercial shiping as leverage. Which is still a realistic risk for the brokers no matter what politicians may say, and why the brokers want US politicals to stop the brain dead P1551ng contest and take the restraints off the Ukraine and alow Sebastopol and Crimea to be retaken and Russia and it’s Fleet to be evicted permanently or just sunk.
Also Egypt will be loosing considerable income and this will again be seen as down to political stupidity in Washington. Because it aids Russia…
But you also have to remember from where and to where those ships are going which is Far East to Europe. Which will cause shortages thus price rises in Europe. Again it Favours Russia. The question as yet to be answered is how China will see things as threat or opportunity…
All it realy needs now to put the cherry on top of the disaster cake is something to kick off in the South China seas say around Taiwan or more importantly Indonesia which effectively bottles up all south and west shipping from the south china seas to Africa, Europe, India etc.
As some are aware there are issues that are brewing up significantly with both Taiwan and Indonesia, with China and Australia…
In short it looks like the dominoes would take very very little to go from one or two falling to a free run cascade toppling into major chaos.
Meanwhile we have the nonsense in the Eagle Pass etc diverting the attention on the hill into rather idiotic internal feuding because an idiot thinks he can P155 higher up the wall, and is doing that dumb cow-poker walk that GWB used to do.
lurker • December 20, 2023 2:27 PM
@JonKnowsNothing, CliveRobinson
It’s not just the TEUs full of plastic baubles, it’s also oil tankers: from the Gulf to Europe, time, distance, money. Do the math.
ResearcherZero • December 20, 2023 4:56 PM
“Hybrid influencing, which is at the softer end, might be election interference, interfering into the domestic realm by affecting and polarising public opinion.”
On the more extreme end of the spectrum is hybrid warfare using military means. There have also been reported cyber attacks against Finland’s IT systems and critical infrastructure, as well as GPS jamming — Russia has several locations for electronic warfare forces near Finland, including in the north.
‘https://www.abc.net.au/news/2023-12-18/finland-closes-border-to-russia-hybrid-threat-operation/103238032
“precedent for the Kremlin using similar destabilisation tactics in the past”
temperatures along the border now regularly fall below -10C and many migrants have reportedly been arriving ill-dressed and underfed.
https://www.telegraph.co.uk/news/2023/11/27/finland-russia-border-migrants-putin-hybrid-warfare/
The migrant wave also came from countries where the Wagner Group and GRU are active, such as Libya and Sudan.
https://mwi.westpoint.edu/weaponized-migration-in-eastern-europes-frozen-north-do-not-overlook-russian-hybrid-warfare/
‘https://maphub.net/alleyesonwagner/all-eyes-on-wagner
With the rise of electronic warfare, the strain on aviation could be a sign of more serious economic and security issues.
https://www.gpsworld.com/beyond-the-frontlines-the-far-reaching-effects-of-electronic-warfare/
Man claims will raise force and invade Moldova. Russia was accused of trying to influence Moldova’s local elections on November 5, by sending wads of cash to a pro-Russia party.
‘https://www.globalsecurity.org/military/library/news/2023/12/mil-231218-rferl01.htm
–
Déjà vu
Europe has been under heavy migration pressure for years, triggering a backlash in many places against migrants that has also strengthened far-right parties.
Migration pressure pushes democracies to abandon some of their democratic commitment to giving people seeking asylum the right to seek protection, thereby exposing the fragility of democratic systems.
https://www.csmonitor.com/World/Europe/2023/1212/Why-Finland-blames-Russia-for-its-record-number-of-migrants
‘https://www.euronews.com/my-europe/2023/12/19/brussels-calls-on-serbia-to-probe-electoral-fraud-reports
Studenikin, who previously worked at the Organization for the Prohibition of Chemical Weapons (OPCW) in The Hague, arrived in Serbia on November 19 to begin his work as an OSCE election observer.
Because of Russia’s veto, the organisation has not had an approved budget since 2021. It has only survived on the basis of “creative diplomacy”, with individual member states finding money to fund its missions. OSCE members select the individuals they want to join an election-observation mission. The OSCE itself does not manage the recruitment of these observers, who are recommended by member states.
https://www.rferl.org/a/32726073.html
Studenikin was an employee of Russia’s Foreign Intelligence Service (SVR)
‘https://media.euobserver.com/89ab54d10744a77966785b87f2abc61c.pdf
A leaked document listed a series of demonstrations, including protests against Islam and Turkey held in Paris in March as “completed operations”, indicating that these had Russian involvement.
https://www.thelocal.se/20231206/russia-planned-to-stage-quran-burnings-in-sweden
Clive Robinson • December 20, 2023 6:44 PM
@ ResearcherZero, ALL,
Re : Russia and North / West European hybrid warfare.
“There have also been reported cyber attacks against Finland’s IT systems and critical infrastructure, as well as GPS jamming — Russia has several locations for electronic warfare forces near Finland, including in the north.”
As I noted a day or so ago, in response to @&ers it’s not just Finland but Estonia where there is clear evidence of “direct action” such as GPS and other critical systems interferance.
But in general all European Nations in the North and West including Germany, Holland, all Scandinavian countries and down to and including France have been subject to “anomalies” in critical systems as well as Internet and other network based attacks.
What is happening in other parts of Europe is less clear however Italy reported GPS systems sometimes giving false readings in coastal areas of several miles.
The finger has been repeatedly pointed at Russia and in one or two cases Russian “Diplomatic cover” personnel have been detained had equipment confiscated and sent home with their diplomatic status being suspended or revoked.
The question that nobody in authority wants to ask is when does this active interferance in critical systems cease to be “espionage” and constirite a “Primary Act of War” / “War crime” or as the MSM tend to say “a first strike”…
In part the reason for the reticence is the fact that as has been said on this blog by one or two for a number of years now,
“Atribution is hard, very hard.”
Thus “False Flag” operations are almost trivially achivable by anyone who has a little knowledge.
As a look back on this blog will show people were skeptical of this “False Flag” issue, tending to believe the politically inspired deceits rather than just think it through. Untill that is in early 2017 the CIA tools for exactly that purpose became widely publically known,
Since then it’s noticible how not just the US Government, but Cyber Security Companies who earned significant amounts via the USG agencies have “pulled back their horns” and are not just nolonger “bullish on attribution” they realy don’t attribute in the way they did back then.
ResearcherZero • December 20, 2023 9:53 PM
@Clive Robinson
Probably after they acknowledge sabotage, bombing, shooting, poisoning and kidnapping.
Or carrying the tools necessary to dispose of a body in the boot of their vehicle, and also repeatedly breaking into telecom facilities to tamper with the relevant equipment.
Attribution is very hard when you do not officially recognize capturing people with equipment in hand, inside infrastructure facilities, or other said activities, or bodies.
–
These vulnerabilities impact all supported versions of the products – Avalanche versions 6.3.1 and above. Older versions/releases are also at risk.
‘https://www.ivanti.com/blog/new-ivanti-avalanche-vulnerabilities
Anonymous • December 21, 2023 1:09 AM
Encrypted Email Service Tuta Denies It’s a ‘Honeypot’ for Five Eyes Intelligence
For years, Tutanota (which recently rebranded to “Tuta”) has been a trusted email provider. A former Canadian cop has accused it of being a honeypot.
By Lucas Ropek
Published November 15, 2023
https://gizmodo.com/tuta-email-denies-connection-to-intelligence-services-1851022465
Also:
— Alleged RCMP mole researched Brit spy “Kim Philby” while leaking Five Eyes intel to Hezbollah
https://www.thebureau.news/p/alleged-rcmp-mole-researched-brit
— Alleged RCMP leaker says he was tipped off that police targets had ‘moles’ in law enforcement
https://www.cbc.ca/news/politics/ortis-testimony-transcripts-1.7026011
JonKnowsNothing • December 21, 2023 5:42 PM
All
re: UK Horizon IT Post Office Scandal (1) slithers along
The latest info on the compensation scheme from the UK Government for the wrongful accusations and convictions of Post Office Annex Managers based on the inability of the Fujitsu Horizon IT Accounting System to sum a column of numbers correctly (2) is that the Government expects to payout less than half of the awards amounts allocated as previously predicted.
They say not so many people are applying for restitution.
Zho the numbers work out:
812 Convictions still in place. 54 permanent. 758 Convictions standing.
This is a very good deal for the UK Government. It follows a growing trend with other western economic polices
ROBODEBT – Claims of over payments of benefits over 30+ years.
ROBOTAX – Claims of under payment of tax going back 15years.
ROBOSHORTS – The deliberate underpayment of retirement benefits, such that once discovered there is no audit trail so that corrected amounts can be paid. Current value is $5Bill+ average $500/affected pensioner.
ROBODEATH – The not uncommon process where governments declare someone dead when they are very much alive. The good thing from the government POV is that the person cannot prove they are alive because all the data is locked up or destroyed: forms, tax data, citizenship data, bank accounts. They cannot even hire an Uber to meet F2F with an Official Anybody.
===
1)
ht tps://www.theguardian .c o m/business/2023/dec/21/post-office-almost-halves-amount-set-aside-for-horizon-it-scandal-compensation
Annual results show it holds only £244m for payments to wrongly convicted branch managers, after fewer appeals than expected
2) Shoddy Programming v Deliberate Fraudulent Accounting
3) In previous reports a number of accused or convicted people were denied review or compensation due to legal technicalities in how their cases were resolved. Their convictions were maintained even if the factual basis about the accounting was wrong.
ResearcherZero • December 21, 2023 8:16 PM
“What is needed is the public disclosure of technical analyses of the mobile spyware and tangible samples enabling public scrutiny of the malware.”
‘https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/
–
“A dangerous fallacy.” — If companies can reduce their operational emissions, that’s a good thing. It’s just that’s such a small part of the total.
‘https://thebulletin.org/2023/12/mass-delusion-and-wishful-thinking-why-everything-you-think-you-know-about-methane-is-probably-wrong/
“SMRs have ridiculously low load factors, and we don’t understand the reasons why they don’t produce much.”
https://thebulletin.org/2023/12/nuclear-expert-mycle-schneider-on-the-cop28-pledge-to-triple-nuclear-energy-production-trumpism-enters-energy-policy/
‘https://www.worldnuclearreport.org/IMG/pdf/wnisr2023-v3-hr.pdf
Elimination of the ICBM force and relying on a strategic nuclear dyad instead of a triad.
https://thebulletin.org/2023/12/rethinking-the-us-strategic-triad-when-it-comes-to-nuclear-platforms-how-many-are-enough/
Clive Robinson • December 21, 2023 10:42 PM
@ &ers, ResearcherZero,
Re : Security and the falacy of superior numbers of existential weapons against which there is no reliable defence.
There have been a few posts about both Russia and North Korea and the US world terminating stock of nukes.
Put simply the war hawks argue for either bigger hammers or more hammers so they can get in more damage…
But history shows that as a policy it fails and does not even make it into the joke category of Defence ideas. In short it’s counter productive.
Rather than take my word on it and my reasoning as laid out above, you might be interested in a more academic view,
https://www.tandfonline.com/doi/full/10.1080/09636412.2023.2225779
The issue with NK as it is with Pakistan is that their interest in nuclear capability is not as weapons of war but deterrence, that is they are “Keep of the Grass” notices rather than bunkers and coils of barbed wire and ultra-visable “Instant Armed Response”.
There are three things to keep in mind.
Firstly a regime will have survival plans in place to ensure their risk is not existential even though it is for the general population. In this respect threats of “scorched earth” or “mutually assured destruction”(MAD) are altogether pointless.
Secondly history shows that treaties and agreements only work for those with leverage. Giving up leverage ensures that some external force will try to force regime change and treaties have no meaning when they are not suppoeted by leverage. It’s why the issues at the Eastern edge of Europe are happening. The UK and US made promises to the Ukraine then looked the other way when Russia kicked in the door. Turkey has however hung onto it’s nukes and thus has leverage and is effectively left alone (though Putin would very much like to invade and secure access out of the black sea into the European underbelly.
Thirdly as long as delivery systems work even fractionaly better than defence systems then you have credible leverage.
In theoey the new NK delivery systems can reach many if not all major US cities. The best the US defence systems can do is maybe stop two out of three incoming warheads.
Even if the US turned the whole Korean penisular into radioactive slag and 99% of the population into “flah burn shadows” the regime will still remain in existance, but maybe 1-3million US citizens will be significant casualties. Even though less than 1% of the US population such casualties are unacceptable.
Thusno matter how many times more nukes the US has, they will never be of any real use.
Whilst the US would dearly love to be rid of the NK regime and it’s nukes it’s not going to happen by building up nuclear stock piles and running war games in disputed areas of NK territory, sending in carrier groups, or trying to cripple via sanctions. Those are known to be failed policies and will not just continue to fail but actually make the issues worse…
The way to solve the NK problem is in effect to get rid of NK as it currently exists and in effect make the regime redundant.
The way to do this is well known to illegal chemical dealers and animal trainers. Which is build up a dependency relationship.
It’s been well known since the 1990’s that South Korea has a shortage of people and resources but an excess of technological expertise and capabilities. NK has a lack of economy but no shortages of resources or manpower. Thus an equitable or trade opportunity exists for both SK and NK. Provided it is done with care the NK regime will find it’s ability to function will be curtailed by improving economic conditions. Within three to five generations it will probably be of no more than a figure head.
The trick which stops it all going horribly wrong is the issue of corruption. As no Western or First World nation democratic or otherwise has solved the corruption issue the real question becomes,
“How do you keep it managable?”
I have my views on this but there is little evidence from anywhere in the world that can be used as guidence. The general rule is neither capitalism or stalinism or any other hierarchical authoritarian system works… Thus we appear to need to flaten and broaden the model and try to be somewhere between capitalism with a small C and socialism with a small S with importantly openness and transparancy to all. Can we do it? Not without assistance and changes in society. Technology can if used correctly give some assistance, but it’s very much down to society “steping upto the plate” with regards “responsability”.
Clive Robinson • December 21, 2023 10:59 PM
@ &ers, ResearcherZero,
It got blackholed by automod so into the partition game…
Part 1,
Re : Security and the falacy of superior numbers of existential weapons against which there is no reliable defence.
There have been a few posts about both Russia and North Korea and the US world terminating stock of nukes.
Put simply the war hawks argue for either bigger hammers or more hammers so they can get in more damage…
But history shows that as a policy it fails and does not even make it into the joke category of Defence ideas. In short it’s counter productive.
Clive Robinson • December 21, 2023 11:01 PM
@ &ers, ResearcherZero,
Part 2,
Rather than take my word on it and my reasoning as laid out above, you might be interested in a more academic view,
https://www.tandfonline.com/doi/full/10.1080/09636412.2023.2225779
The issue with NK as it is with Pakistan is that their interest in nuclear capability is not as weapons of war but deterrence, that is they are “Keep of the Grass” notices rather than bunkers and coils of barbed wire and ultra-visable “Instant Armed Response”.
There are three things to keep in mind.
Firstly a regime will have survival plans in place to ensure their risk is not existential even though it is for the general population. In this respect threats of “scorched earth” or “mutually assured destruction”(MAD) are altogether pointless.
Secondly history shows that treaties and agreements only work for those with leverage. Giving up leverage ensures that some external force will try to force regime change and treaties have no meaning when they are not suppoeted by leverage. It’s why the issues at the Eastern edge of Europe are happening. The UK and US made promises to the Ukraine then looked the other way when Russia kicked in the door. Turkey has however hung onto it’s nukes and thus has leverage and is effectively left alone (though Putin would very much like to invade and secure access out of the black sea into the European underbelly.
Thirdly as long as delivery systems work even fractionaly better than defence systems then you have credible leverage.
Clive Robinson • December 21, 2023 11:15 PM
@ &ers, ResearcherZero,
Part 3,
In theory the new NK delivery systems can reach many if not all major US centers. The best the defence systems can do is maybe stop two out of three of the incoming devices.
Clive Robinson • December 21, 2023 11:20 PM
@ &ers, ResearcherZero,
Part 4,
So even if the whole of Korea got transformed into a stoneage wasteland and virtually all of their population into shadows the regime would still remain in existance…
Clive Robinson • December 21, 2023 11:21 PM
@ &ers, ResearcherZero,
Part 5,
But maybe 1-3million in US centers will be seen as significant. Even though that’s less than 1% such numbers are known to be politically unacceptable.
Thus no matter how many times more nukes they have, the excess will never be of any real use.
In fact the excess is known to be significantly detrimental. The cost of just maintaining the deterant excess is shocking.
Clive Robinson • December 21, 2023 11:23 PM
@ &ers, ResearcherZero,
Part 6,
Whilst the US would dearly love to be rid of the NK regime and it’s nukes it’s not going to happen by building up nuclear stock piles and running war games in disputed areas of NK territory, sending in carrier groups, or trying to cripple via sanctions. Those are known to be failed policies and will not just continue to fail but actually make the issues worse…
The way to solve the NK problem is in effect to get rid of NK as it currently exists and in effect make the regime redundant.
The way to do this is well known to illegal chemical dealers and animal trainers. Which is build up a dependency relationship.
It’s been well known since the 1990’s that South Korea has a shortage of people and resources but an excess of technological expertise and capabilities. NK has a lack of economy but no shortages of resources or manpower. Thus an equitable or trade opportunity exists for both SK and NK. Provided it is done with care the NK regime will find it’s ability to function will be curtailed by improving economic conditions. Within three to five generations it will probably be of no more than a figure head.
The trick which stops it all going horribly wrong is the issue of corruption. As no Western or First World nation democratic or otherwise has solved the corruption issue the real question becomes,
“How do you keep it managable?”
I have my views on this but there is little evidence from anywhere in the world that can be used as guidence. The general rule is neither capitalism or stalinism or any other hierarchical authoritarian system works… Thus we appear to need to flaten and broaden the model and try to be somewhere between capitalism with a small C and socialism with a small S with importantly openness and transparancy to all. Can we do it? Not without assistance and changes in society. Technology can if used correctly give some assistance, but it’s very much down to society “steping upto the plate” with regards “responsability”.
Clive Robinson • December 21, 2023 11:36 PM
@ Moderator,
It appears the auto-mod barfs on the word for a piece of land that juts out and is surounded by water, and begins with “P” and would be an “isthmus” if it had a large enough land mass on the end…
Maybe the “naughty word list” needs a little adjustment.
JonKnowsNothing • December 22, 2023 1:59 AM
@Clive, @ &ers, ResearcherZero, All
re: bigger hammers
@C: Put simply the war hawks argue for either bigger hammers or more hammers so they can get in more damage…
But history shows that as a policy it fails and does not even make it into the joke category of Defence ideas. In short it’s counter productive.
Bigger hammers never really work, not even in ancient times when rocks and sticks where the main weaponry.
What did work, and brought down the old USSR was Consumer Products. Some of it was good from the sense that the population had little or nothing to buy or select from, but also bad because it was not sustained.
Consider
Even today, having a shared meal makes relationships a bit easier. Office workers that share lunch (in or out) have better cohesion. Military feed the troops en masse. Working dogs get feed in a communal feed bin which reduces competition, aggression and and improves social behavior. Farmers know if they want to add a new horse to a field the best time is at feeding time when all the horses have their heads down eating hay.
When we want to distance ourselves, we feed people in solo settings: plates shoved through a mail slot. We remove social animals into solitary conditions. Humans have a hard time eating in a fancy restaurant solo without the company of a book or social media connection by phone, tablet, laptop.
However, if you throw a defined spanner in the works, like alcohol and drugs the result is less than harmonious. Both reduce the sense of common connection and highlight self euphoria.
So, if any entity really wanted to make a dent in aggression, they would counter with the very things that the aggression masks. It’s all pretty basic to everyone and most animals too.
Of note
The current reports on homelessness in the USA shows on one night there were 653,000 people living outside. 180,000 homeless in California with 108,000 of those women. 50% of people living in cars are over 55yo, some are 70, 80, 90 yo.
We worry about other places, far from us and maybe we should worry. However, the rate of homelessness in USA in rising at 12% a year.
We do not show compassion for our own populations, so it is little wonder that we do not show compassion for other peoples, in other nations.
Buying a nuke is so much more satisfying.
ResearcherZero • December 22, 2023 3:34 AM
Sweden has around 65,000 bunkers and is building more. While Finland has more than 50,000.
They are much cheaper and far more useful.
–
Only 20 out of 92 MPs responded to questions.
‘https://www.abc.net.au/news/2023-12-22/house-of-reps-male-mps-domestic-violence/103224064
–
“The US economy is more than 13 times the size of Russia’s. It controls the global reserve currency and has a decisive technological lead. Yet these will come to naught if Putin can play on America’s political enmities within.”
Most American aid is spent at home on US-made weapons, not in Ukraine. 90% is going to Americans. Ukraine funding amounts to less than 1 per cent of the US federal budget.
‘https://www.ft.com/content/2ad14344-6587-4eb4-b93d-35dc23ae2bbe
“Because when you get into the transactional issues of domestic politics, and you’re no longer thinking about national security, or these larger imperatives, then Ukraine dies a thousand deaths from all of the transactional efforts that domestic politicians engage in. Most political constituents, no matter the country, can’t really see beyond their own narrow interests.”
https://www.politico.com/news/magazine/2023/12/12/fiona-hill-ukraine-putin-00131285
Russia’s invasion of Ukraine have reversed three decades of progress in reducing poverty. Throughout history, hunger has sparked instability and even revolution.
‘https://www.usip.org/publications/2022/06/africa-putins-war-ukraine-drives-food-fuel-and-finance-crises
No one should have any illusions about what will happen next.
A weakening of American resolve could prompt allies in the region and in the Middle East to doubt their security guarantees and consider whether to seek their own nuclear safety net.
https://edition.cnn.com/2023/12/08/politics/congress-ukraine-aid-global-ramifications/index.html
not me • December 22, 2023 3:51 AM
love mum x
‘https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Clive Robinson • December 22, 2023 8:08 AM
@ ResearcherZero, ALL,
Re : No mandate nuisance makers.
“No one should have any illusions about what will happen next.”
Those politicos in both houses pushing to have their unsupported political aims made legislation have a mental disorder…
We already know from recent choices made by SCOTUS the harms that follow to women and social gains that took more than a lifetime to get.
People should realise that “America First” is nothing what so ever to do with the lives of the majority of Americans and their quality of life.
It’s about a few sick old men who have no conscience tilting at windmills. By demanding that US society be draged back to a century ago to what they see as “the good times” that were anything but for most in a US population that was nor even a third of what it is today.
Need I remind people of what had happened shortly before and followed shortly there after? How about the World wide flu pandemic befor, and the Great Depression and WWII to name but a couple after… Whilst history very rarely exactly repeates, it’s often close enough to be a more usefull predictive tool than many others…
The lesson that the US needs to learn both quickly and effectively is that “isolationism” does not work. It did not work for the original Americans, and it didn’t work a century ago, and it’s absolutly not going to work now.
The UK has at a minimum a 22 mile wide barrier of open sea between it and Europe, yet it does not stop people crossing.
The Channel Tunnel in France had better fences and prevention mechanisms than even the likes of a the Texan Abbot could put in place, and those tunnel preventions failed every day, day after day, month after month, year after year.
The nut jobs in the UK think gun boats and machine guns might stop the boats in the English Channel.
“It won’t”
Nor will the same along the US boarder. To quote a song from a little over half a century ago[1],
“The Eastern World it is exploding,
Violence flaring bullets loading,
You’re old enough to kill but not for voting,
You don’t believe in war but what’s that gun your toting?,
And even the Jordan river has bodies floating,”
[1] It’s “Eve of Destruction”, with a melody written by P.F.Slone and words on a crumpled piece of paper in 1965. Sung in a one take test tape by Barry McGuire early one day as there was a bit of spare studio time. How it got released is a story in it’s self, but it so scared the old white men up on the hill they wanted to have him killed off every which way they could… It certainly caused the death of his music career as industry execs saw him as political poison. Listen for yourself,
Clive Robinson • December 22, 2023 11:46 AM
@ JonKnowsNothing, ALL,
Re : Trinkets are things to loose.
“We felled the USSR with Electric Toasters”
Japan felled the US and UK consumer electronics industries with plastic cased, paper and resin copper clad board and less than a handfull of semiconductor electronic components that lasted a lifetime or more…
The cheap “pocket” transistor radio pushed out the craft built wooden cased steel chassied thermionic tube/valve “side board furniture” sized “Radiogram” that cost as much as a car and weighed as much as a motorcucle, and went wrong every year or so.
So with it went all the radiogram repair jobs as well… But the start of colour television gave some cushioning… But the same happened but a little more sneakilly, Japan killed the the UK and US domestic CRT production by flooding the market with at or below cost CRT tubes. When the domestic production went out of business the Japanese pushed up the price of CRTs such that their finished TV’s cost less than any US or UK manufacturer could get the CRT’s in a chassis for… So the UK and US domestic manufacture of TV’s died…
I participated in the late 80’s and 1990’s with first establishing the UK based Mobile Phone and Cordless phone manufacturing. Then in the mid 1990’s to moving much of it to South Korea. That had started doing to Japan, what Japan had done to the UK, US and European manufacturers.
The trick this time was how components were sold… In the UK, US and Europe you had to buy through layers of suppliers all taking between 25-75% profit on top. In South Korea the manufacturers of components came around begging you to buy their components. The price difference was such that it was in some cases 100:1 but 10:1 was normal and only a very few items were less than 3:1 differential.
I remember going to the offices of a European chip supplier in the UK to talk about chips for the PCI bus… They put on a nice technical display, but… When my boss asked for pricing and we were told 50USD/device in high volume we just laughed. They look puzzeled and my boss pointed out that their competition in the Far East had offered a two chip solution for slightly over a dollar in 1k order volume, they daftly said “That’s not possible” so my boss pulled out the confirmation fax that had arived over night… The company obviously did not get it and within a year had gone out of business.
Guess what China has been doing?
The only real difference is they are happy to sell components at very low cost even for low volume… Oh and make PCBs and fill them for only a fraction above cost. Are the Chinese companies making profit? Yes lots of it, how? Because short sighted people were stupid enough to “outsource” and “offshore” such work and in the process give away all the Trade Secrets, that the Chinese passed on to each other…
This “Make America Great Again” is all nonsense, that war has been lost and trying to refight it the same way is a madness beloved of old Generals with less sense than their horses. As a quote incorrectly attributed to Einstein has it,
“The very definition of madness is doing the same thing over and over and expecting different results.”
Unless the West fundamentally changes the way it does “business” then the loosing streak of very short term gain for very long term loss is going to continue in a way that few appear to want to come to terms with.
If the War Hawks and their political masters want leverage then they have to realy understand two things,
1, Leverage only exists when people you want to use it on have something to loose (not gain).
2, Leverage is not static but dynamic thus you have to stay ahead to maintain leverage.
The second point is where in the West the Capitalist or more correctly neo-con mindset gets it wrong.
They think they can flit from deal to deal in the same way endlessly. You can not, to give you an analogy,
You are in a wood and it starts to rain heavily, so you shelter under a tree. Fairly soon the tree is saturated and you start getting wet again. The neo-con view is “Run to the next tree”… But a moments thought tells you if the tree you are under is saturated so probably are all the other trees in the wood, so it does not matter which tree you run to, you are going to “take a cold bath”.
Is there a way to avoid the douching, yes several but they all involve two things,
1, Forward planning / prepardness
2, Changing your stratagy to match reality as time moves forward.
Most of thos MBA types brought up on neo-con mantra teaching appear congenitally incapable of observing, learning and acting that are the prerequisites of the above two steps. Thus they put even old generals with handlebar moustaches on old nags talking up how you tilt at windmills with lances in a comparative good light…
Our host @Bruce has alluded to this issue in the past, but it still appears that in the Tech Industries we are all still too timid to acknowledge and act realistically on the problem.
In part because nobody wants to “rock the boat” in the good times… Well need I point out that this last half decade has seen the music stop on that merry goround ride.
It takes 20-30years to train a good engineer way more than the oft quoted 10,000hours that in realiry only gets you to barely proficient.
Which gives rise to two fundemental questions of, Who is,
1, Who is going to pay for the 40,000 hours minimum of training and experience?
2, What are we all going to do now we knowlonger have those who have done the training and got the experience?
Answer those two effectively and you might just as a first world nation have a chance of staying in what is now a “Global Red Queens Race”.
If we don’t then we cead leverage to others, and their designs on us…
JonKnowsNothing • December 22, 2023 12:05 PM
@Clive, All
re: choices made by SCOTUS that harms women
RL Anecdote tl;dr
In conversation a person living in one of the 26 states that restrict women’s health care, asked rhetorically
I replied rhetorically
In regards to ROE, those of us old enough to remember Before ROE, know that the law will stop some but not all. People with few resources will have the biggest hurdles. However, under the current legal trajectory even wealthy ones will have difficulties.
Consider:
lurker • December 22, 2023 1:07 PM
@Clive Robinson
re: lost wars and one way functions
The KR problem was created in 1945 by USA and USSR failing to return the former Japanese colony to its rightful owners, but rather dividing it as spoils of war. KR was a kingdom, the people wanted a new King, the US did not.
The ME problem was created in 1919 by Britain and France slicing up the Ottoman Empire to their taste. The League of Nations Mandate gave Britain some legitimacy which they then squandered by failing to enforce the requirements of UN resolution 181 for a two state solution.
Hindsight can be agonising without a time machine or some other method to correct the blatant mistakes of history.
Winter • December 22, 2023 1:35 PM
@Clive
Who is going to pay for the 40,000 hours minimum of training and experience?
All the big Western tech powerhouses had their own training programs and technology science labs. From AT&T and Bell Labs, to Westinghouse, to Philips and NatLab in Europe.
They all ultimately diverted these to colleges and universities, ie, tax payers. As a result, they also outsourced whatever technology they needed.
Now the only thing left of them are their brand names. They could not produce the technology to save their life.
And everybody wants to hire engineers from Asia as they are unable to entice local youth to start an underpaid career in technology.
ResearcherZero • December 22, 2023 9:25 PM
@JonKnowsNothing @ALL
This was something I was looking at yesterday.
For the first time, the federal government set targets for ending violence against women and children.
https://www.dss.gov.au/the-national-plan-to-end-violence-against-women-and-children/first-action-plan-2023-2027
“Improve police responses and the justice system to better support victim-survivors through the provision of trauma-informed, culturally safe supports that promote safety and wellbeing, and hold people who choose to use violence to account.”
‘https://www.dss.gov.au/sites/default/files/documents/12_2023/d23-1021308-first-action-plan-accessible-pdf.pdf
That is something that the government has been asked to address for the last 30 years at least, by many qualified people and organisations, due to gross failures in our justice system, and repeated cases of negligence at all levels of the police.
“In all cases, masculinity and perceptions of power sets the background for the crimes.”
(And the response)
“It is a missed opportunity to contribute to a much-needed discussion about what lies behind these tragedies and how they can be prevented.”
https://womensagenda.com.au/latest/men-kill-partners-not-good-blokes-acting-character/
“Almost all had sought help from the police but did not receive the support that could have saved their lives.”
‘https://www.tandfonline.com/doi/full/10.1080/10345329.2023.2205625
“Chuck her on a lie detector.”
These statistics paint a horrendous and uncomfortable picture about how we value survivors’ experiences across the nation.
‘https://anrowsdev.wpenginepowered.com/wp-content/uploads/2021/10/ANROWS-NCAS-Mistrust-of-reporting-SV.pdf
ResearcherZero • December 22, 2023 10:02 PM
@JonKnowsNothing @ALL
Out of 92 elected male MPs, 70 could not bring themselves to say anything, and 2 made possibly what is their idea of a joke. After a series of horrific murders in the last week.
Stabbed to death at work in a public place by a colleague, or killed by someone they knew.
Their clearly is an underbelly of viciousness and violence in our society that male MPs will and do tolerate, along with repeated gross negligence and victim blaming.
If there is a hand grenade to be thrown, that can deflect from their responsibility, the male MPs can find it. They certainly are not above fighting in the dirt. The male MPs did however ask the women MPs to make official statements and talk with the media.
JonKnowsNothing • December 23, 2023 12:49 AM
@ResearcherZero , All
re: [men] could not bring themselves to say anything
There is a long history of violence against women and there is a corollary of women on women violence usually in household hierarchy system, where senior women or first wife gets to dictate how other women in the house are treated.
Stories are horrific as the women strive to exceed the brutality they themselves faced being part of a chattel system.
There was a popular folk song which was part of many a repertoire. I sang it along with lots of others until I stopped to consider the lyrics and the topic. I refuse to sing it any more and hopefully it will slip into oblivion.
The song is about a husband’s right of violence against his wife, set to a jaunty jig with lyrics to justify beating “the old sheep skin”.
MSM report today a headlines was
Winter • December 23, 2023 8:49 AM
@Everyone
re: [men] could not bring themselves to say anything
The situation in Texas is representative
‘https://www.gocomics.com/laloalcaraz/2023/12/14
Winter • December 23, 2023 11:11 AM
@All
If you think Republicans have an abortion problem, think again.
‘https://jessica.substack.com/p/the-gops-birth-control-problem
The problem, though, is that many Republicans don’t support birth control. In fact, conservative legislators and activists have spent years laying the groundwork to ban contraception. So Conway’s plan wasn’t exactly well-received. Since news of her lobbying efforts broke, there’s been a swift and intense backlash from the Right—making clear that Republicans don’t just have an abortion problem: They have a very big, and growing, birth control problem.
Note that the anti-abortion movement is about more white babies [1], not about saving “lives”.
[1] https://www.thenation.com/article/politics/anti-abortion-white-supremacy/
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
&ers • December 15, 2023 5:10 PM
@ALL
hxxps://news.err.ee/1609194952/10-000-people-s-data-stolen-in-genetic-testing-company-asper-biogene-leak