Recent Comments


Note: new comments may take a few minutes to appear on this page.

February 27, 2021 1:55 AM

SpaceLifeForm on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

@ Clive

Bail denied today.

I’ve watched the videos hundreds of times. Height about 5 foot 5 inches per mug shot matches videos in alley. Body build matches. I know someone that has this exact body build, same height, not large breasts, but while at a brisk walk, has the exact same gait as in the videos.

In the one alley video, when the person rounds the corner, it sure looks like an obvious left breast to me. And interestingly, puts left hand into hoodie pocket immediately...

February 27, 2021 1:44 AM

xcv on Tracking Bitcoin Scams :

@Clive Robinson

Do you know what that “Hard value” is supposed to be?

There’s gold, silver, other precious metals, gemstones, etc. — not so much from the point of view of vanity or personal adornment — but from that of small items of considerable worth or value, to include coins, bars of precious metals, etc.

Also the unalienable rights of self-defense with weapons including firearms, without which there cannot really be any private ownership of or ability to keep hold of anything of “hard” or real value...

February 27, 2021 1:20 AM

ResearcherZero on The Problem with Treating Data as a Commodity :

Hypothetically speaking, there may also be instances where I would have to give evidence that ‘someone was not me’, where they were framed in a crime, where my ID was dropped at the scene of the crime near their home.

Just sharing the same first name is enough information for someone to find themselves in a spot of bother. Identity theft is also very common.

Mark zuckerberg is not bothered by these implications. Apparently when we are all connected in an open society, serious crimes like rape and murder will simply vanish, and there will be no need to protect the identity or locations of children in danger. I presume in this scenario adults would fend for themselves, as all forms of corruption will have evaporated, this would be incredibly easy...

February 27, 2021 12:52 AM

CCNA Training in Noida on Router Security :

WHAT YOU CAN DO

One immediate step all business owners should take is to ensure all security updates and patches have been installed on your WiFi router. If your router isn’t set to naturally update, you’ll have to do this physically. The directions for this can regularly be found in your router’s guidance manual or online.

If you have numerous employees currently telecommuting, you may likewise wish to encourage them to update their routers...

February 27, 2021 12:51 AM

ResearcherZero on The Problem with Treating Data as a Commodity :

Back to the subject at hand.

If I was to be hypothetically, a protected witnesses, data ownership would not protect my privacy. All problems for protected witnesses revolve around data access.

It is very easy for anyone to get access or alter your data if they have departmental clearance, even if it is restricted. Bribery and intimidation is rife, and so are lapses in security.

If a file is restricted to a departmental manager, the departmental manager will at some time go on leave, or be transferred/retired. There are also other points of access, such as for medical reasons, via doctors or someone in the health system...

February 27, 2021 12:45 AM

Summer Training Institutes in Delhi on Tracking Bitcoin Scams :

Public cryptocurrencies are almost all decentralized, e.g. not owned or governed by a single entity, essentially crypto has no governing body thus is not regulated.

February 27, 2021 12:37 AM

ResearcherZero on The Problem with Treating Data as a Commodity :

@Clive Robinson

Perhaps Cybernetics?

The ‘radical’ idea that the natural world can be described using electrical networks and feedback loops, until you get lost in the woods because your phone doesn’t work.
You planned on watching that survival course on the web next week, and as a result you die of exposure.

February 27, 2021 12:22 AM

ResearcherZero on The Problem with Treating Data as a Commodity :

@Clive Robinson

I’ll have a stab at it:

Why have a system that can detect campaigns launched within the nation, when instead you can have a $1.2B bureaucratic money making machine. You could name it, for example, TrailBlazer, and everyone in your circle could have a stake in it and make a sizable profit from the contract. You could cannibalize ideas from previous projects. Strip out any functions to encrypt or anonymize domestic traffic, which of course would then make it illegal to operate domestically, but it could sweep up everything else, and you could wrap it in a shiny package and market it everywhere as a total surveillance solution...

February 27, 2021 12:18 AM

JonKnowsNothing on Twelve-Year-Old Vulnerability Found in Windows Defender :

@fed.up @Clive

re:
fed.up: phone company keeps great logs.

Clive:
4, Log isn’t a fake construction
5, Log isn’t a substitution.

Phone company logs are not reliable. Doesn’t matter what the metadata download shows you, they can be changed and not all changes happen in an audit trail.

Not too long ago, there were proofs of trackless and traceless methods employed to alter secure documents. This included pdfs and all standard documents as well as database documents such as PACER court filings. These techniques are in use by the 3-Letters to alter documents, timestamps and doc logs and other details. The disclosure asserted that these methods are not detectable by data forensics. Subsequent studies confirmed the finding. (ymmv)...

February 26, 2021 11:39 PM

Anonymous on On Chinese-Owned Technology Platforms :

@JonKnowsNothing
“What isn’t available is a way for an Individual to have their own Impenetrable Firewall. All the ones on offer leak like sieves and provide only a fig leaf’s worth of protection.”

On Windows, there is a “firewall” that is very unyielding, and that is IPsec. Above the IP level, there are over 100 protocols that can run. One is TCP (6). Another is UDP (17). Throw in ICMP and bada-bing, we’re rocking with IPv4, with only 3 protocols enabled. Back in the day, I needed PPTP – that’s protocol 47...

February 26, 2021 10:20 PM

AL on Friday Squid Blogging: Far Side Cartoon :

@TRUE_AMERICAN
The bitcoin possible bubble came up on tonight’s Wealthtrack podcast. (25 min)
https://wealthtrack.com/bitcoin-is-one-of-many-bubbles-of-historic-proportions-today-says-financial-historian-james-grant/

The guest indicated that the bubble is in part being fueled by the Fed and other central banks’ money printing, which has pushed interest rates to a 4000 year low.

At least some people are piling into bitcoin as the Fed prints and prints, as a hedge against the dollar...

February 26, 2021 9:51 PM

Fed.up on On Chinese-Owned Technology Platforms :

Perhaps the solution is different country versions. I was in Japan at a conference and I noticed that their version of PowerPoint was different than in the USA. Different markets have different UI and color preferences.

So why not have different chip sets and core code for countries? Perhaps there could be different user signatures too? This would also serve to protect against hacking if American versions weren’t allowed to be sold outside of the USA and perhaps there could be a way so that software wouldn’t even work outside of its borders. US Media outlets do this so why couldn’t software do this too?...

February 26, 2021 8:49 PM

fed.up on Twelve-Year-Old Vulnerability Found in Windows Defender :

@ Clive

There was another Congressional Microsoft/FE/SW hearing today.

It was long, but often focused on logs. Apparently M might not keep any despite various US laws. M also charges customers for logs.

Perhaps Congress is reading this blog. One can only hope.

My phone company keeps great logs. I often download my metadata when I need to remind myself of an important conversation or text. I have not tried to query data older a few years but I’m told I can if I need to. It probably isn’t a well known feature amongst the general public, but I find it so important that it keeps me tethered to this carrier for decades...

February 26, 2021 7:03 PM

Clive Robinson on Twelve-Year-Old Vulnerability Found in Windows Defender :

@ fed.up, SpaceLifeForm,

If software logs cannot be trusted and the software manages any regulated data then the software cannot be sold in the USA.

Trusted in what way?

As a general rule of thumb, data on hard drives or removable media,

“Are not worth the paper it’s written on”.

You have to have some way of ensuring,

1, Time accuracy.
2, Order accuracy.
3, Data accuracy.
4, Log isn’t a fake construction...

February 26, 2021 6:49 PM

TRUE_AMERICAN on Friday Squid Blogging: Far Side Cartoon :

This is incredible.

Just now someone calls me, American number, in the background mighty noise, something busy, woman on the phone, speaks hardly and only very laboriously English, and wants to enlighten me absolutely about it and also ask – I would have to answer only a few questions – how I could “profit” from Bitcoins.

I had already written at the price of 20,000 that I think it’s a scam, because you can manipulate the price, in which a few insiders – or even the same under different identities – sell the things as a zero business around in circles and call any prices for it...

February 26, 2021 6:22 PM

Clive Robinson on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

@ SpaceLifeForm,

Yes. End caps do not match. I have not found any real clear pictures.

That lack of clarity is also a hinderance, because you don’t get a clear enough view of the timers. But the only timers I’ve seen that look like those in the UK are the old mechanical timers for “kitchens” so maybe an hour at most countdown timer… And they both appeared to be at the zero position…

Now if you look up the use of such timers they are generally closed contact / connected at the zero position “as they count down not up”. Thus they can be dangerous to use as they are the equivalent of “firing at rest” thus you need a seperate arming procedure...

February 26, 2021 6:16 PM

fed.up on Twelve-Year-Old Vulnerability Found in Windows Defender :

@ JonKnowsNothing

I apologize on behalf of all Americans. Truly. I wonder if the USA was in the Commonwealth would there be any diplomatic immunity? I don’t think so.

@ SpaceLifeForm

If a US corp doesn’t have secure logs that is jail time. WorldCom was a $129 Billion company in 1999 and it disappeared in a couple of a months due to this. Their CEO went to jail for 20 years and just died a few weeks ago. If software logs cannot be trusted and the software manages any regulated data then the software cannot be sold in the USA...

February 26, 2021 5:45 PM

Clive Robinson on The Problem with Treating Data as a Commodity :

@ name.withheld…,

The level at which information and data is abstracted into knowledge and insight that has the capability to drive events and actions in meatspace seems not well understood.

It’s getting on for midnight here, and although I’ve read your post twice, my brain kind of stops after that sentence.

I’ll give it another try in the morning.

February 26, 2021 5:38 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Far Side Cartoon :

@ MODERATOR: REPOSTED FROM PREVIOUS SQUID, EDITED
Programmatic Systems in support of Bad Faith
Senators such as Ron Johnson from Wisconsin are engaged in a propaganda feedback loop that use materials provided by people such as Brietbart, Bannon, and Miller .

First, the position that the GOP takes is based on a response to an event or issue that is being contested in public but being manipulated and presented to the public disingenuously. Once this conspiracy is floated, the stamp of approval is given by the likes of FOX, OAN, NewsMax, and Christian evangelical pastors and pushed all the way to the pulpit. Once pushed, the operatives on the response side (GOP politicians) run a circular campaign based on the conspiracy (outright lying and violating public trust)...

February 26, 2021 5:13 PM

D-503 on Friday Squid Blogging: Far Side Cartoon :

Link recycled from a previous Friday Squid:
ht tps://larsonluvr.tumblr.com/post/51015552582/squids-can-sense-fear-gary-larson
But there are so many giant squid themed Far Side cartoons to choose from!

February 26, 2021 4:43 PM

SpaceLifeForm on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

@ Clive

“There is something very distinctly odd about the way it’s all been put together.”

Yes. End caps do not match. I have not found any real clear pictures.
Easily disabled by a water cannon. Not really hidden at all when they could have been placed a few feet away and been hidden. The one at DNC could have been put under the bushes. The one at RNC could have been put behind the recycle bin...

February 26, 2021 4:08 PM

JonKnowsNothing on On Chinese-Owned Technology Platforms :

@Clive

re: You also forgot to mention what would happen to the US economy… To say it would “grind to a halt” would be like comparing a glaciers forward momentum to that of a rocket going for a moon shot.

Anecdote: tl;dr

In the mists of time before the internet but during they heyday of internal networks, I did a stint with one of the heavy ends of the financial spectrum. The person (1) in charge of getting the company set up for computers had never used one before and had no interest in using one and saw no reason there should be a computer anywhere...

February 26, 2021 3:27 PM

AL on On Chinese-Owned Technology Platforms :

@Clive
MMT is done for one reason, and one reason only. Our debt markets function under supply vs. demand principles. The Fed (and ECB) increases the supply to the point that interest rates resolve around 0%. That is why corporations are borrowing and leveraging their business. If the Fed stopped printing, with the huge deficits, interest rates would soar, and goodby stock market.

And it’s not “favored suppliers”. Trump wanted to end the payroll tax and print Social Security benefits. The far-left want the Fed to print and extinguish student loans. Biden’s $2T stimulus will be printed (created) because to finance it in debt markets would result in soaring interest rates...

February 26, 2021 2:57 PM

Anonymous on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

@ MODERATOR: Will repost to the appropriate Friday Squid when available and under EDITORIAL DISCRETION
Programmatic Systems in support of Bad Faith
Senators such as Ron Johnson from Minnesota are engaged in a propaganda feedback loop that use materials provided by people such as Brietbart, Bannon, and Miller .

First, the position that the GOP takes is based on a response to an event or issue that is being contested in public but being manipulated and presented to the public disingenuously. Once this conspiracy is floated, the stamp of approval is given by the likes of FOX, OAN, NewsMax, and Christian evangelical pastors and pushed all the way to the pulpit. Once pushed, the operatives on the response side (GOP politicians) run a circular campaign based on the conspiracy (outright lying and violating public trust)...

February 26, 2021 2:56 PM

Clive Robinson on Tracking Bitcoin Scams :

@ xcv, MarkH,

being that a solid or stable economy needs to be based on something of hard value

Do you know what that “Hard value” is supposed to be?

Then you say,

as opposed to free market Capitalism.

Do you understand what the “free market” actually does to “Hard value” especially in neo-con and liberal hands?

Me thinks you need to get out a bit, beyond the books written by people (economists) for other people (capatlists) to stroke their egos and give them excuses for their behaviours, all in return for a handfull of silver pieces and a nice office, expenses payed confernce visits etc...

February 26, 2021 2:55 PM

name.withheld.for.obvious.reasons on The Problem with Treating Data as a Commodity :

I see this in a contextual and time domain dependent expressed as the kernel of the “real world” environment we live in, that is on planet Earth as I understand it.

The level at which information and data is abstracted into knowledge and insight that has the capability to drive events and actions in meatspace seems not well understood. There is the contextual wrap around in which data derives a meta-info type of expression. Say individuals with specific information cause for events that aligned with both their own meta-info and a larger contextual meta-knowledge domain to form a singular and group based triggered action. Individual, sub-group, group, collectives, and other formations of knowledge domains generated from raw data is potentially exploitable to make or cause one or more elements of a domain or domains to respond or react...

February 26, 2021 2:40 PM

Clive Robinson on On Chinese-Owned Technology Platforms :

@ JonKnowsNothing,

The primary reason the USA public doesn’t see it in use at that level is that too much global traffic passes along the USA backbone and Bluffdale would starve.

You also forgot to mention what would happen to the US economy… To say it would “grind to a halt” would be like comparing a glaciers forward momentum to that of a rocket going for a moon shot.

Because the Internet is seen as “free to use” it’s had just about everything put on it…...

February 26, 2021 2:12 PM

xcv on Tracking Bitcoin Scams :

@MarkH

If I make any assertion consistent with the “Austrian school,” it will surely be by accident, because I regard that doctrine as a load of ideological palaver disconnected from data-based economics.

You’re taking the Communist Party line position of the Fed along with the cult of John Maynard Keynes, i.e. the “Keynesian” or Marxist school of economics.

The other side of the argument (represented by Ludwig von Mises) being that a solid or stable economy needs to be based on something of hard value rather than a government bureaucracy based on a party line ideology of data collection, measurement, central government planning, control, and manipulation of interest rates and issuance of soft currency for a ...

February 26, 2021 1:42 PM

JonKnowsNothing on On Chinese-Owned Technology Platforms :

@AL

re: The answer to the problem in this particular paper might simply be the Great Firewall of the U.S. Certainly, well before war, we would cut off connectivity. We’re asymmetrical now, because they have their firewall and we don’t.

Every country has a firewall or ability to shut down the internet. They may call it different names but the functionality is there and gets used.

Once upon a Web-Time there were specific prohibitions on breaking the net and Splinter-Net was to be avoided. Breaking the net completely returns us to the level of Sneaker Net function...

February 26, 2021 1:38 PM

Clive Robinson on On Chinese-Owned Technology Platforms :

@ AL,

I’d like to see a story on how it was that the U.S. adopted Modern Monetary Theory without a political debate.

Though it makes me grind my teeth, it’s fairly easy to explain[1],

1, Gov purchases from “favoured” suppliers by printing money.

2, The suppliers move the money into real assets or effrctively off shore.

3, The suppliers pay legislators to give them favoured tax status of fractions of a percent or less...

February 26, 2021 12:14 PM

MarkH on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

In the most recent meeting of Texas’ now-infamous ERCOT, it was revealed that the Texas electrical power grid came within 277 seconds of a comprehensive shutdown — that is, a state-wide blackout.

At the peak of the calamity, 48.6% of generating capacity was offline. Most of the failures were in gas-powered plants, with supply of fuel (rather than servicability of the generating equipment) being the primary cause...

February 26, 2021 12:13 PM

Indeed on On Chinese-Owned Technology Platforms :

@lurker

Yep, the lockdowns certainly have been the greatest threat to public health we’ve experienced in decades. You can see this in the states that are open and doing fine vs states that have been unable to tackle the lockdown hydra.

They get crucified in the news, but the reality is quite different.

February 26, 2021 12:10 PM

AL on On Chinese-Owned Technology Platforms :

@Clive

The report seems to confine itself to internet/tech security. I’m not seeing a declaration of war here. You’re reading a little too much into it. This is what I see.

The US response to the growing threat posed by China-controlled internet platforms lacks coherence. The United States needs a clear, effective, and consistent strategy on these issues…

That said, I do think neocon foreign policy is the number one threat to the U.S. While China spends on infrastructure and new silk road that will boost their economic strength we’ve flushed $3T down the toilet in the Middle East, with bombs dropping this week. China’s economy grew in 2020 while our Federal Reserve prints money like it is the Weimar Republic. Same goes for the ECB...

February 26, 2021 12:05 PM

lurker on On Chinese-Owned Technology Platforms :

@Clive: The report is in effect an excuse to declare warfare on China.

The report contains a lot of stodgy filling and very little meat. To go to war on the excuse of this report would merely reiterate the poverty of intellect the report expounds.

Before I started my industrial career I had already learned the radio trade by converting ex-US WW2 equipment for amateur and shortwave use. It was made to milspec to withstand battle conditions. Then in the ’60s I encountered US domestic appliances, and was astounded that such rubbish could be made by the same great (as I thought back then) nation...

February 26, 2021 11:39 AM

MarkH on Tracking Bitcoin Scams :

Re deflation:

If I make any assertion consistent with the “Austrian school,” it will surely be by accident, because I regard that doctrine as a load of ideological palaver disconnected from data-based economics.

Per Dave’s trenchant observation, Bitcon is de facto a pyramid scheme, whether it became so by design or as an unanticipated consequence.

A great friend of mine — and a life-long engineer — has noted how many technology products and systems have gruesomely bad operator interfaces, which are confusing, laborious and counter-intuitive for most people to use...

February 26, 2021 11:22 AM

JonKnowsNothing on The Problem with Treating Data as a Commodity :

@All

Added to the difficulties are the various rules as applied and not applied to the data/items/information.

A bullfighter in Spain was denied a copyright on one of his performances. It is rather hard to determine why a performance doesn’t qualify the same as a movie or theater or live performance does but is seems that in Spain the rain falls mainly on Paintings.

There is some dancing about reproducibility and the court found that using “common techniques” known in bullfighting, strung together in a performance does not qualify for copyright...

February 26, 2021 10:30 AM

Winter on The Problem with Treating Data as a Commodity :

The whole “who owns the information” breaks down spectacularly with genetic information. My genetic make-up is shared by my relatives. So when I “sell” my genetic information, I also sell information about my siblings, parents, (grand)-children, uncles aunts, cousins etc.

Ownership is a flawed concept even in the material world, e.g., who can dispose as he want of a lake, river, air, soil, a condominium, farmland? With the infamous IP, it becomes even more strained, and with privacy, information ownership becomes poisonous like radioactive waste...

February 26, 2021 9:55 AM

Clive Robinson on The Problem with Treating Data as a Commodity :

@ ALL,

In times past “property” was something physical and tangible and effectively unique and unreproducable.

Thus the law relied on the unreproducability as a way of javing unique ownership.

Then someone industrialised the process of making pins and from that point on tangible physical objects became less and less unique.

Sometime there after the value in non tangible works became realised and rather than come up with new fundamental legislation they tried to reuse existing legislation that did not fit well...

February 26, 2021 9:55 AM

Winter on On Chinese-Owned Technology Platforms :

@Clive
“Does not exactly strike me as a wise thing to do, especially when just about everything in the US has due to neo-cons become way way to fragile.”

The NeoCons et al. were very fond of the the Roman Empire, with the USA as Rome. But they did not looked at how Rome fell:
– Massive tax evasion by the rich and powerful
– The Roman equivalent of “supply chain poisoning”, hiring non-Roman soldiers...

February 26, 2021 8:53 AM

Delvin Anaris on The Problem with Treating Data as a Commodity :

@David Rudling: But where do you draw the line?

If I see you wearing a cool Star Wars shirt in passing, and happen to mention to someone else later that day that I saw a guy wearing a cool Star Wars shirt, is that an invasion of your privacy?

What color or type of shirt you’re wearing is out there in public for everyone to see. I get that there’s been a depressing and distressing level of colonization of the public sphere in recent years, particularly with things like ubiquitous CCTV in London and other cities around the globe, but I don’t think that a reasonable response to that is to say “if you see me in public, any description of me you would make to anyone else is my private data, and you are stealing from me by communicating it in any way”...

February 26, 2021 7:51 AM

David Rudling on The Problem with Treating Data as a Commodity :

I am a hardline privacy protaganist. I therefore support the concept of personal information as property.

Without it, one can write absurdities such as :-

“Rather than trying to resolve whether personal information belongs to individuals or to the companies that collect it, …”

instead of what it should be:-

“Rather than trying to resolve whether personal information belongs to individuals or to the companies that steal it, …”...

February 26, 2021 7:22 AM

jbmartin6 on The Problem with Treating Data as a Commodity :

Very interesting,I tend to agree, ownership is entirely the wrong concept to apply to these issues. If I look at you and see you are wearing a green shirt, is that your data or my data? Why should you have the ability to tell me whether or not I can tell someone else that I saw you with a green shirt?

February 26, 2021 5:54 AM

Clive Robinson on On Chinese-Owned Technology Platforms :

@ AL, Winter,

I don’t see why it needs to include Australia. The best people to be working on that report would be people in Australia.

I see you don’t get the point, whilst Winter did.

The report is in effect an excuse to declare warfare on China.

By and large those in the US including the politicians have been too stupid and short sighted, thus the neo-con, libiterian attitudes has led the US into the dire straits it’s got it’s self in economically and now realises it can not catch up on on it’s own merits...

February 26, 2021 4:51 AM

xcv on Tracking Bitcoin Scams :

@ Ray Dillinger

the single largest holder – Satoshi Nakamoto himself – will never, ever, spend his coins. So… effectively the money supply isn’t as large.

That’s what I can’t figure out. Some middle-aged or older Japanese man slinging a purse around — very reclusive, I wouldn’t say “queer” or “LGBT” or anything like that — it’s an attention-getter symbolic of the electronic “cryptocurrency” he’s selling...

February 26, 2021 4:08 AM

Java Training in Gurgaon on Tracking Bitcoin Scams :

Except that the mining reward in bitcoins per block decreases exponentially over time (in stages), to the effect the number of bitcoins that can ever be mined is limited 21 million.Java Training in Gurgaon

February 26, 2021 2:36 AM

Winter on On Chinese-Owned Technology Platforms :

@Clive
“Well how about first starting with “Australian National Security”? Or most other countries in the world.”

Because the USA has to do a delicate balance act to protect USA National Security while at the same time prevent other countries from protecting their national security.

The US seem to be fighting very hard to keep other countries insecure. So hard, that the USA themselves regularly are a victim of these efforts...

February 26, 2021 1:35 AM

Winter on Friday Squid Blogging: Flying Squid :

@Space
“Texas Leaders Ignored Warnings A Decade Ago That Their Power Supply Was In Danger”

Libertarianism and infrastructure, a match made in hell. It is a lesson that the latter part of “live free or die” is much more real than is generally advertised.

Search for “A libertarian walks into a bear” for more entertaining examples of “freedom to feed the bears”.

...

February 25, 2021 11:48 PM

AL on On Chinese-Owned Technology Platforms :

@Clive
“It’s interesting to note that the “US National Security” is given as the reason for the report.

Well how about first starting with “Australian National Security”? Or most other countries in the world.”

I read the report, and it is confined to China and the U.S. I don’t understand why we can’t have a microcosm, a topic confined to a narrowly tailored issue.

I don’t see why it needs to include Australia. The best people to be working on that report would be people in Australia...

February 25, 2021 11:26 PM

Clive Robinson on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

@ name.withheld…,

How does this work?

Long answer short “It can not”.

History shows that the place with most corruption is the place with most influence. Which in hierarchies is ususual at the top of the heap.

Thus how do you stop the leader going rouge?

Well now ancient sayings such as “Who watches the watchers” how hard a problem it has been down through the millennia.

As William Shakespeare wrote, sometimes the only way is for the layer beneath to pull the leader down. Thus “Et tu, Brute?”[1] but what follows is almost always nasty, such is the nature of “power vacuums”. But even when there is a clear untainted replacment, the inertia built up that necessitated the eventual act of assassination or regicide moves on...

February 25, 2021 11:02 PM

xcv on On Chinese-Owned Technology Platforms :

wiredog • February 25, 2021 8:24 AM

@Matthias Hörmann
Most of the government agencies I’ve worked with in the IC do those sorts of things. Whenever there’s an update to software we use, for example, it gets thoroughly analyzed to ensure it doesn’t do anything unexpected.

Thoroughly analyzed? Hah! They procrastinate. Anything else would be unexpected. Government agencies are government agencies, with all the bureaucracy and literally red tape with secret and top secret ticker tape over everything, bright red lipstick, rouge on their cheeks, and all the conversation of a hair salon or pedicure spa. You’ve got Miss Moneypenny syndrome at all those govoernment offices. Too many government workers act like they somehow have more “intelligence” than common citizens, tell us how stupid we are, all these federal laws about their “need to know” shit that ain’t none of their business in the first place, what they’re allowed to blab about all they want on the job, but we are not to breathe a word about it or even question anything, or they ship us off by “extraordinary rendition” to Guantanamo Bay or some place like that for torture and interrogation...

February 25, 2021 10:22 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

Scenario 1: Electoral Robbery
Where a post election process completes with officials certifying the results, how is it that a candidate in the election states “I just need 11,780 votes” and not be accountable. After asking for the votes, the candidate indicates that the officials are behaving illegally and are at risk, including the SOS attorney so they’d better play ball.

Scenario 2: Bank Robbery...

February 25, 2021 10:12 PM

SpaceLifeForm on Twelve-Year-Old Vulnerability Found in Windows Defender :

@ fed.up, JonKnowsNothing, Clive, name.withheld.for.obvious.reasons

Attribution is hard.

The cybercrooks do not care about any laws in any jurisdiction.

There is zero need for new laws. Existing laws work fine.

New laws would probably be a mistake.

The task is to catch the cybercrooks, and then prosecute.

As to logging, if the attacker is good, the evidence will not be logged.

https://spectrum.ieee.org/telecom/security/the-athens-affair...

February 25, 2021 8:52 PM

JonKnowsNothing on Twelve-Year-Old Vulnerability Found in Windows Defender :

@fed.up

re: we need laws

The problem with laws is that they only apply to some and not others, a select few ignore or circumvent them and the other parts of the globe do not necessarily agree to “our laws”.

In the USA, we cannot even get people to wear a face mask to save the lives of their nearest and dearest and the lives of every stranger they meet.

Getting a bunch of NSA-types to agree not to break the laws of other countries is going to be a tough sell; as in No Sale...

February 25, 2021 7:10 PM

fed.up on Twelve-Year-Old Vulnerability Found in Windows Defender :

@ JonKnowsNothing

Cybersecurity is now on the honor system. And there is no honor whatsoever in the system. It has drawn the most spurious of characters, with the exception of Bruce’s followers.

M and the DHS/DoD say “No Trust”. This means we need laws.

@ Clive

I understand you. It took me a while.
The UK is about to pass a SOX equivalent law which mandates unalterable logs. If it is similar to the US, which they say it will be, this includes IT and cybersecurity...

February 25, 2021 5:56 PM

vas pup on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

What we know about the ‘California coronavirus’
https://www.dw.com/en/what-we-know-about-the-california-coronavirus/a-56703340

“A new strain of the coronavirus, first detected in California, may be the most virulent and deadly form of COVID-19 yet. And it’s spreading internationally.

First, it’s important to note that at time of writing, scientists know relatively little about the so-called “California coronavirus.”...

February 25, 2021 5:54 PM

sid on Click Here to Kill Everybody Sale :

hi,
did anyone who has already received is book? I don’t have any updates on this, other than the purchase email.

February 25, 2021 3:16 PM

Clive Robinson on Twelve-Year-Old Vulnerability Found in Windows Defender :

@ fed.up,

I thought logs were unmodifiable, but if they are not to be trusted, then doesn’t this imply that the source code wasn’t just “looked at”?

You’ve hit on one of my favorite points about the difference between “paper records” and “data records”.

Paper records are such that trying to remove or alter a single record whilst not impossible is actually quite difficult, and extreamly difficult if somebody decides to have a closer more forensic look...

February 25, 2021 3:13 PM

Godfree Roberts on On Chinese-Owned Technology Platforms :

China will launch four new technology platforms this year, to which it owns most of the IP: IoT, Central Bank Digital Currency (CBDC), Blockchain Services Network (a platform), and Quantum Secure Networks.

Western nations will have the option to develop alternatives, of course, but the combined costs of lost opportunity, time lag, and cost will make alternatives less palatable.

February 25, 2021 2:21 PM

JonKnowsNothing on Twelve-Year-Old Vulnerability Found in Windows Defender :

@fed.up

re: The New Cybersecurity Protectorate

And what do you expect will actually change? What do expect will happen? Even should your entire list of wants be enacted; what will be different?

At the risk of being redundant… Nearly everything on your list is already required.

We have lots of experience with New Law Enforcement Agencies; War on Drugs, War on Immigration; War on COVID-19; War on Terror (getting a bit old that one)...

February 25, 2021 1:09 PM

fed.up on Twelve-Year-Old Vulnerability Found in Windows Defender :

@ Clive – thank you!

The big tech companies profits depend upon growing data.
That’s diametrically opposed to the best interest of their customers and society.
I agree with you 100%. The biggest risk to every institution is keeping too much data. Outside of science and healthcare, data’s value is on par with bitcoin. It is only valuable until people find out it isn’t.

The more data you have, the more data you have to protect. The more data you have to protect, the harder it is to protect it...

February 25, 2021 12:56 PM

Clive Robinson on Twelve-Year-Old Vulnerability Found in Windows Defender :

@ lurker,

Oh for the good old days when the data was all stored on paper. Then every now and then you’d have a plague of mice, or a flood or a fire, and suddenly there was a whole lot less data to worry about.

Very popular with UK Civil Servents at “senior levels” so much so that a still famous early 1980’s UK TV Satirical Comedy series “Yes Minister” had it pop up occasionaly in the story plots,...

February 25, 2021 12:46 PM

on GPS Vulnerabilities :

@Moderator:

The post from ‘Jacques Nadeau’ is link advertising.

February 25, 2021 12:25 PM

Clive Robinson on On Chinese-Owned Technology Platforms :

It’s interesting to note that the “US National Security” is given as the reason for the report.

Well how about first starting with “Australian National Security”? Or most other countries in the world.

Put simply the US has had such an overwhelming effect on the National Security of just about every other country in the world, it assumes it is automaticaly “lord and master” and that “all dissent must be crushed” just like any “School playground bully” assumes that “might is right”...

February 25, 2021 12:24 PM

Bob Paddock on Twelve-Year-Old Vulnerability Found in Windows Defender :

@Space:LifeForm

“Reverse Engineering takes more time and effort than reading source code.”

Long ago I had an Avocet 1805, update of 1802, Assembler that produced pretty and correct listings. The .HEX output file created did not match what the source code or the listing showed. Took a bit of time to figure that out.

Some of the higher end software standards for flight grade software require inspection of the generated output for this very reason...

February 25, 2021 11:07 AM

JonKnowsNothing on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

@SpaceLifeForm @Clive

re:Who knows how?

The FBI does. They do regular demonstrations.

There are well documented cases where their assertions are “less than honest”.

tl;dr Old News
Case Unsolved: The attempt on Bari’s life remains an open case

On May 24, 1990, in Oakland, California, the vehicle used by Bari and Darryl Cherney was blown up by a pipe bomb.[26] Bari was severely injured by the blast, as the bomb was located under her seat; Cherney suffered minor injuries. Bari was arrested for transporting explosives while she was still in critical condition with a fractured pelvis and other major injuries...

February 25, 2021 10:38 AM

JonKnowsNothing on Dependency Confusion: Another Supply-Chain Vulnerability :

@me @All

re:lack of due diligence on the receiving ends is appalling

Back up the microscope and look at more of the elephant. It’s not appalling it’s deliberate. In countries that have certain economic systems, the consideration and value of such things is based on money.

Think of this as a balance. The more the money side tips towards the desired side then the policy will lean that way. If the desired side is “short term profits” or similar longer term national goals, the balance will be loaded to tip in that direction. Anything that tips the balance the other way will be removed or deleted...

February 25, 2021 9:50 AM

JonKnowsNothing on On Chinese-Owned Technology Platforms :

@Joe K

re: why millions of US homeless are not considered as part of “our national security”

Because it is a Hoover Institution report. It’s an influential place to be sure but it’s also the home base for out of work NeoLiberal-NeoCons-Arch-Libertarian prominent named persons.

The value of such reports is primarily to give “cover” for the myriads of “Hoover Fellows” paychecks .

One can also discern the bias in the report from the title: “Chinese technology”. You don’t have to read one more sentence to know what the report’s findings will be in the executive summary...

February 25, 2021 8:38 AM

Joe K on On Chinese-Owned Technology Platforms :

The phrase “our national security” features prominently in this report.

This phrase always makes me wonder why the processes that have
rendered millions of US residents homeless are seemingly never
considered to belong under this rubric.

I am curious why “banks, not bombs” makes any difference at all, since
it surely makes no difference to the ones rendered homeless.

Perhaps the explanation is hidden in the referent of “our”? JP Morgan...

February 25, 2021 8:24 AM

wiredog on On Chinese-Owned Technology Platforms :

@Matthias Hörmann
Most of the government agencies I’ve worked with in the IC do those sorts of things. Whenever there’s an update to software we use, for example, it gets thoroughly analyzed to ensure it doesn’t do anything unexpected.

February 25, 2021 8:06 AM

Matthias Hörmann on On Chinese-Owned Technology Platforms :

Wouldn’t it make sense to do a similar risk analysis for all goods, services and information sources used by either government employees, a significant portion of the population or major parts of the economy?

It has amazed me for decades that that does not seem to be standard operating procedure for governments to evaluate the risks and benefits of large external but also internal suppliers of physical products, information and services for obvious failure modes like...

February 25, 2021 6:49 AM

me on Dependency Confusion: Another Supply-Chain Vulnerability :

Funny also that github is owned by MS.

Can’t they just simply decide to deliver changed files to specific downloaders?

Master-of Supply-chain.

A choke point.

Would such an action even violate the TOS?
What’s to stop them?
The lack of due diligence on the receiving ends is appalling.

February 25, 2021 6:15 AM

Clive Robinson on Dependency Confusion: Another Supply-Chain Vulnerability :

@ SpaceLifeForm, JonKnowsNothing, lurker, MrC, ALL,

Worked really well before. 11 or 17 lines? Your call.

The point that the articles miss out on is that the developer of the code had legal rights over his code that he had not in any way signed away and he excercised them.

What is also not mentioned is the person who coded a replacment has stolen the original developers intellectual property.

The code “might” be different but for it to work,...

February 25, 2021 5:05 AM

Clive Robinson on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

@ SpaceLifeForm,

Not sure where you make the connection but lets run with it.

Firstly there has been a lot of noise about protestors being identified by semi unique featutes.

There was the woman with the limited edition tee shirt, and others.

They turn up to events wearing such items but orherwise do not leave forensic evidence that identifies them.

There is a saying about once is odd, twice is coincidence three times is enemy action...

February 25, 2021 2:06 AM

SpaceLifeForm on Dependency Confusion: Another Supply-Chain Vulnerability :

@ name.withheld.for.obvious.reasons

Got to get fresh blood in Congress. Too many dinosaurs that do not grok technology or supply chains.

My googlefu is failing me right now, but I definitely recall a congress-critter that dissed farmers, and said he would just go to the grocery store.

February 25, 2021 1:25 AM

name.withheld.for.obvious.reasons on Dependency Confusion: Another Supply-Chain Vulnerability :

Today during the confirmation hearing for the Director of the CIA, William Burns, I couldn’t help but be struck by the inane and nearly pointless conversations with Senators about supply chain issues. How many years has this topic been beaten to death on this blog–over thousands. Everything from vendor and manufacturer issues and sourcing, design and integration, and implementation, process, and source controls beyond infinitum. It is as if I’d taking the wayback machine and Mr. Peabody was instructed to set the dial to 1982...

February 25, 2021 1:14 AM

SpaceLifeForm on Dependency Confusion: Another Supply-Chain Vulnerability :

@ MrC, Clive, JonKnowsNothing, lurker, ALL

FAILFAST

Worked really well before. 11 or 17 lines? Your call.

hx tps://arstechnica.com/information-technology/2016/03/rage-quit-coder-unpublished-17-lines-of-javascript-and-broke-the-internet/

ht xps://www.theregister.com/2016/03/23/npm_left_pad_chaos/

February 25, 2021 1:04 AM

SpaceLifeForm on Dependency Confusion: Another Supply-Chain Vulnerability :

@ MrC, Clive, JonKnowsNothing, lurker, ALL

When doing your software build, you want to FAILFAST.

You want to know there is a problem as soon as possible.

This is why you want the complete codebase on your build machine(s).

You do not want to encounter unexpected dependency failures.

You certainly do want want to rely upon pulling code on they fly over the internet. Why have a dependency on internet connection when you should not need it?...

February 25, 2021 12:06 AM

SpaceLifeForm on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

@ Clive

While I appreciate your concern about bellingcat, this is definitely good OSINT. My dot: I always thought that the person in the DC alley was female, even though a tech female that I read did not think so.

But, this is a match to me. Solid match.

hxt ps://www.msnbc.com/weekends-with-alex-witt/watch/fbi-releases-new-images-of-dc-pipe-bomb-suspect-100279877918

hx xps://www.bellingcat.com/news/americas/2021/02/24/woman-accused-of-stealing-nancy-pelosis-laptop-appears-in-video-making-nazi-salute/...

February 25, 2021 12:02 AM

lurker on Twelve-Year-Old Vulnerability Found in Windows Defender :

@Clive

So the reality for many is their mountains of data are actually very costly to store and use, for little gain…

Oh for the good old days when the data was all stored on paper. Then every now and then you’d have a plague of mice, or a flood or a fire, and suddenly there was a whole lot less data to worry about.

February 24, 2021 11:27 PM

on Thinking about Intimate Surveillance :

@ Moderator,

The above from “Diane Ford” is a repeat offender at unsolicited service advertising. For what appears to be a very questionable service.

February 24, 2021 11:23 PM

Clive Robinson on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

@ JonKnowsNothing,

Things are as chaotic as ever in Sunny California

I’m sorry to hear the woes of what would be considered a prosperous “Nation State” in Europe or many other First/Second World regions.

If you remember back a year ago I assumed that due to “social policy” in some parts of California, the state would become a COVID hotspot and near disaster zone. Thus was pleased to be wrong when it did not play out that way...

February 24, 2021 10:56 PM

Clive Robinson on Dependency Confusion: Another Supply-Chain Vulnerability :

@ Mr C, JonKnowsNothing, lurker, SpaceLifeForm, ALL,

Then a human being has to sort out where the reorg moved it to and update the dependency list.

“Bang you are dead” or more politely QED.

That is a “Grade A1” exploitable vector via “social engineering” and other techniques.

As I indicated it’s a game of “Whack-o-Mole” and I suspect not one for which a realistic security solution exists, or is likely to exist any time soon...

February 24, 2021 10:41 PM

Clive Robinson on Twelve-Year-Old Vulnerability Found in Windows Defender :

@ fed.up,

notice FE testimony to Congress said put everything in the cloud for safekeeping
then this PaloA video is also very interesting says the opposite

I’m not going to watch it because I’ve been through the variois arguments in the past.

You will find that the answer selected very very rarely has anything what so ever to do with security and almost everything to do with reducing cost. Such is the sad state of afaires within even the likes of the CIA and other IC and LEA entities...

February 24, 2021 7:51 PM

MrC on Dependency Confusion: Another Supply-Chain Vulnerability :

@ JonKnowsNothing:

I may have missed something but… what do you plan to do when the URL changes?

The build fails. Then a human being has to sort out where the reorg moved it to and update the dependency list. “Failing hard/loud” is preferable to letting the build system make a guess about what to substitute for the missing files.

February 24, 2021 7:21 PM

xcv on Medieval Security Techniques :

Paper stock certificates are disappearing.

If you need help with learning how to get a stock certificate, you can post your legal need on UpCounsel’s marketplace. UpCounsel accepts only the top 5 percent of lawyers to its site. Lawyers on UpCounsel come from law schools such as Harvard Law and Yale Law and average 14 years of legal experience, including work with or on behalf of companies like Google, Menlo Ventures, and Airbnb. ...

February 24, 2021 5:28 PM

Clive Robinson on Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish :

@ SpaceLifeForm, ALL,

I mentioned that a TLA had assets burned.

Yes the CIA “Your ass is Coup de Grâce” system, that resulted in the deaths of quite a few people in China.

I remember it rather too well.

As I understand it some whiz kid web developer came up with a system, where people made the mistake of assuming “impressive” was “secure”. It was not. Worse it was easy to spot the traffic…

Of course nobody was to blaim…...

Sidebar photo of Bruce Schneier by Joe MacInnis.