Recent Comments


Note: new comments may take a few minutes to appear on this page.

June 13, 2021 7:00 PM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ SpaceLifeForm,

From s_mp_add.c

/* zero the carry */
u = 0;
for (i = 0; i dp[i] = a->dp[i] + b->dp[i] + u;

/* U = carry bit of T[i] */
u = c->dp[i] >> (mp_digit)MP_DIGIT_BIT;

/* take away carry bit from T[i] */
c->dp[i] &= MP_MASK;

}

Looks like it’s still using an overflow bit that gets shifted down by MP_DIGIT_BIT into an int for holding the carry ‘u’. Then a mask ‘MP_MASK’ to remove the overflow from the number...

June 13, 2021 6:39 PM

Fake on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

Please, all they injected you with was saline. I thought you should be aware that you are obliviously just some part of the placebo group of an experimental vaccine. They only give the real stuff to people who don’t have an axe to grind.

Well, that… and the ones who’s hypertensive paranoia would cause a massive stroke. It’s a shame those very same individuals are the devout anti block chain and tackle folks...

June 13, 2021 6:33 PM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ Fake,

i think he was issuing more of a challenge for some of the woodworkers around here

No I could do that with One’s Complement arithmetic and it’s two zeros.

What I had noticed was that atleast two Pen Source multi-precision or very long integer libraries dod the same inefficient addition.

Then checking “standard refrences” from Knuth (Art of computer programing) and Menezes et al (Handbook of applied cryptography) I discovered they also used the same inefficient addition...

June 13, 2021 6:29 PM

echo on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

https://theconversation.com/identity-fusion-why-some-people-will-go-to-extremes-for-the-beliefs-of-a-group-162624

When they’re ignored, hypocritical agents lose opportunities to receive donations, and their strategies also have less chance of being copied by others and carried forward to the next generation. This disadvantages hypocrites meaning that being fused becomes aligned with stronger levels of payoff, making fusion an attractive strategy to pursue...

June 13, 2021 5:19 PM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ Tatütata,

… or do you stick with “grade school” long multiplication?

There are a lot of time/memory trade offs with “multiplication” most do not realise that bit-by-bit multiplication generates “no carries” and is in fact the AND function. Thus can be made very fast if you have the memory.

But even when not, multi-precision does not gain anything using FFT multiplies untill you kind of clear the 1024bit mark, so certain security algorithms do not gain on random multiplication. However you can pre-compute oft used numbers so the FFT method suddenly does start offering advantages...

June 13, 2021 4:15 PM

Clive Robinson on FBI/AFP-Run Encrypted Phone :

@ David Leppik,

They were carrying around FBI-controlled, networked cameras & microphones.

The problem there is the “convenience” of “carrying around” that would have enabled their positions to be mapped. Which is a known and well documented OpSec fail and careless SOE radio operators learned the hard way during WWII that “being mapped” was “being captured” and all that went with it.

It’s been known widely for well over a decade and a half that due to “the spooks” infesting Standards Committees they had put remote microphone enables in all telecom phone standards on the excuse of “Health and Safety”. In fact if you can find the old UK GPO documents you will find it went in as part of “System X” digital phone design back in the 1960’s...

June 13, 2021 3:38 PM

anna on Detecting Deepfake Picture Editing :

Beautiful Taiwanese women for marriage today are mostly well-educated, psychologically stable, and well-behaved people. Family https://thegirlcanwrite.net/ values are important to them, which is natural for most people in the world. Marriage with such a girl will be very strong, she probably will not cheat, and her concern for the family is as strong as yours.

June 13, 2021 2:45 PM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ Weather, All interested,

First you need to understand a little fact that an optomising compiler should know if you make “C” local in scope to the loop block…

W = U + V + C

Is not equivalent to

W = V + C
W = U + W

Or any other combination using two adds.

This is because the compiler would recognise that C can only be 0 or 1 thus a single add of U + V with the assembler code starting with “add with carry”(ADC) not ADD would add C in at the least significant bit, so in assembler the C compiler would set the real CPU carry flag as appropriate...

June 13, 2021 10:27 AM

Fake on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

likely whatever the reference platform allows,

hence the timing/usage requirements.

i think he was issuing more of a challenge for some of the woodworkers around here

my jnb usage is an unpublished? size optimization for cstrlen wrt https://mattst88.com/programming/AssemblyProgrammersJournal/issue/3/

not the original host, good information circa early 2000 cstdlib analyzed and reimplemented in ia32...

June 13, 2021 10:17 AM

MarkH on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@Clive, who wrote:

“you test U and V against W then set C appropriately”

As I wrote above, a single test is sufficient. It doesn’t matter whether it’s U or V. [In the following, all word values are interpreted as unsigned.]

Suppose that the word is L bits wide, and define M = 2^L. Word addition effectively includes reduction modulo M.

In each word addition

U < M and V < M

If summing U + V generates a carry then...

June 13, 2021 9:54 AM

Tatütata on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

Clive,

If I understand correctly, you are implementing some sort of BIGNUM arithmetic on toaster chips (6502, MCS-48, PIC, and suchlike).

Are you dabbling in exotic methods including transform based approaches (FFT, etc.), CORDIC (useful in trig computations), Toom-Cook, Karatsuba, etc., or do you stick with “grade school” long multiplication?

June 13, 2021 8:48 AM

David Leppik on FBI/AFP-Run Encrypted Phone :

@Clive:

If I understand correctly, you’re suggesting that they shouldn’t have dropped their operational security (e.g. speaking in coded language.) That’s a fair point. But it doesn’t change the underlying fact:

They were carrying around FBI-controlled, networked cameras & microphones.

The fact that the FBI didn’t bother enabling the microphones when they weren’t on a call is just a matter of convenience for the FBI...

June 13, 2021 8:17 AM

Fake on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@Curious,

The way i understand ECC is…

How many different round trips can be taken between your house and the three nearest Walmarts?

Pick a point along one of those such routes and memorize it, the more accurate the geolocation of this analogy the harder your path would be to duplicate/retrace.

@All,

Google has cheapened their keyboard, please if I’m wrong correct me.

June 13, 2021 7:53 AM

Curious on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

To add to what I wrote:

If multiplying two integer numbers that was added from +1’s just before (even more integers), and seeing how two integers on a curve is the same as addition with a function leading to a third integer, perhaps it can’t be a surprise if an inverse relationship between numbers is just something obviously linear in ways.

Having said that, I still don’t quite know how ECC works...

June 13, 2021 7:40 AM

Curious on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

Re. the notion of an “infinite” amount of prime numbers:

One might at first be tempted to think of “an infinity” to actually be ‘infinite’, but this is obviously wrong. Because, instead of “an infinitely large range of numbers” as having ‘meaning’ by itself as a ‘metric’, if one take into account a notion how you can even conceptualize a metric as being meaningful, this relation is obviously indicative of a multi-dimensional aspect of something symmetric...

June 13, 2021 7:02 AM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ ALL interested,

Yes I have to write code for “odd machines” which range widely in capability…

Some where CPU might actually be “Custom FPGA State Machine” for getting a 5-100 times speed up over traditional Consumer Off The Shelf(COTS) CPU’s you find in PC’s, Smart Devices and IoT and the myriad of “rack servers”.

But I also still have to do stuff with “the cheapest of cheapest” used in “instrument heads” which can be 8 or even 4bit microcontrolers used in the likes of Industrial Control System(ICS) sensors or two-wire “control pannels” (think a switch or shaft encoder with bit banged RS232 output). Or what some now call “Dumb meters” for utilities providers and even “medical electronics” and “robotics”...

June 13, 2021 6:50 AM

Curious on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

I wonder if you could inverse the sum of all prime numbers, such that, in the inverse form, you ended up with simply integer numbers again. In that case P*Q could be as simple as 4+9=13 in some inverse way I imagine.

June 13, 2021 5:19 AM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ Weather,

As I said assembler is generally straight forward and if I was only dealing with one CPU architecture and a sensible optimising compiler that you can use in-line ASM macros in it would for both speed and efficiency be the way to do it…

But when talking 1byte and 2byte ints CPU architecture, there is one “truck-load” of CPU architectures which whilst the all do an add with carry and the bottom of the loop test is more or less,...

June 13, 2021 4:32 AM

Serverless Nomad on FBI/AFP-Run Encrypted Phone :

The last comment on cryptocurrency seems like a biased dig more than a reasoned argument. Certainly there are trust issues, which the ecosystem continues to try to address. Note by ecosystem I don’t just mean Bitcoin. However you don’t even attempt to juxtapose cryptocurrency with current fiat monetary systems that lack all manner of transparency. A system, at least in the US, that has been around longer than anyone reading this has been alive and has made zero attempts to become transparent and trustworthy...

June 13, 2021 4:30 AM

serverlessnomad on FBI/AFP-Run Encrypted Phone :

The last comment on cryptocurrency seems like a biased dig more than a reasoned argument. Certainly there are trust issues, which the ecosystem continues to try to address. Note by ecosystem I don’t just mean Bitcoin. However you don’t even attempt to juxtapose cryptocurrency with current fiat monetary systems that lack all manner of transparency. A system, at least in the US, that has been around longer than anyone reading this has been alive and has made zero attempts to become transparent and trustworthy...

June 13, 2021 3:59 AM

FA on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@SpaceLifeForm

Maybe I am misunderstanding what Clive is trying to do.

The odd thing about the method he describes is that, having 16-bit registers, it uses only 8 bits per iteration while it could use up to 15. To me it looks like somehting from ancient 8-bit microprocessors that didn’t have fast shift instructions.

June 13, 2021 3:45 AM

SpaceLifeForm on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ MarkH, Clive, Weather

Maybe I am misunderstanding what Clive is trying to do.

I read it as he was trying to get a speed up by treating 2 bytes as a 16 bit word.

Which it is of course. But if you actually are intending to add 8 bit values…

I guess the real question is: what are in the individual bytes? Have they already been sanitized so you know that the 16 bit add can never mess up what two separate 8-bit adds would do?...

June 13, 2021 3:41 AM

r on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

pushf pushfw pushfd and pushfq are all the same

but with slightly different behavior under different addressing modes

high level language is generally processor agnostic

it is possible to write processor and position agnostic code manually

it’s up to you to know that when you see an 0x90, what you’re actually looking at is an

xchgw %ax,%ax

somebody just gave you a shorter way of communicating that to the processor...

June 13, 2021 3:38 AM

FA on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@clive

Without going into the nitty gritty, you can do a two byte “int add” and care not that it overflows because you can easily check with a fast compare that is if the result is less than the smallest of U or W a carry would have been generated.

A compare would have to be followed by a branch, and that could be quite inefficient. OTOH, on most modern processors the shift will be single cycle or even come for free as part of the next addition (e.g. ARM)...

June 13, 2021 3:06 AM

SpaceLifeForm on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

As expected, Freenode is imploding

Also, anyone that was using Freenode should be aware that your passwords may have been collected in recent days.

This is breaking news…

hxtps://twitter.com/fsf/status/1403941542532952067

Despite our plans for a gradual transition, FSF staff and GNU volunteers are no longer in control of the #fsf and #gnu channels on the Freenode network. Please find us at http://libera.chat...

June 13, 2021 2:53 AM

MarkH on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@SpaceLifeForm:

I didn’t understand the offered example. 0x01ff “overflows a byte” before addition — it’s 9 bits long.

If the addition were performed on 8-bit words, the first operation would be 0xff + 0xff → 0xfe. The test for sum < addend indicates a carry out.

The second operation would be 1 + 1 + 1 → 3 (the two more significant bytes plus the carry).

Applying simple logic, nothing will be missed. [Note: in my realization the full addition is just a little more complicated, in that tests for carry or borrow must take into account any carry or borrow propagated from the preceding (next less significant) word.]...

June 13, 2021 2:15 AM

imm on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

</
I can’t use PUSHFD: it’s not supported in 64-bit mode. At least thats what gcc tells me 😉 .

After which assignment should I push?
/>

I wouldn’t know about that but there is also a 64-bit variant: PUSHFQ. Typically you put the push instruction after an arithmetic operation that would affect the bit you’re after, as soon as possible. Just like with a conditional branch like JO I mentioned. Check my edit...

June 13, 2021 2:14 AM

SpaceLifeForm on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ Weather, Clive, MarkH

Funny how much has changed since 1997, eh?

I have hardware from that timeframe (Pentiums). That work.

If I was going to to be doing any serious crypto stuff, I would use that old hardware.

I don’t care if it takes 5 minutes to create a cryptographic signature.

I have confidence that the microcode will not leak.

Plus, it is old BIOS, not UEFI.

How do people know what’s in their firmware?...

June 12, 2021 11:59 PM

SpaceLifeForm on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ Clive, Weather, MarkH

In C however with Char being an unsigned byte and Int being an unsigned double byte what you see is most odd.

Well, first, Int in C is normally signed, so you have to force unsigned.

I’m guessing you are dealing with some older stuff, including compiler.

But, by doing it word size, aren’t you setting yourself up for potential undetected overflow? Consider x=0x01ff, and y=0x01ff as the two words. If you add them together as 2 byte Int, the result will not overflow. Yet, if you added the two ff bytes together, that would overflow a byte...

June 12, 2021 10:32 PM

MarkH on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@Clive:

Two clarifications, for what I wrote above:

First, the C code I wrote represents integers as pure binary; a long integer is a sequence of concatenated words (I had 32- and 16-bit versions).

Second, it’s the Python long type that is multi-precision; in general, Python automatically converts to long when any fixed-point input or result is too large for its integer type.

As it turned out, finding the specimen Python source I studied didn’t take very long. I downloaded it in 2006, so it’s some flavor of Python 2...

June 12, 2021 9:51 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ THE TROUBLED INDIVIDUAL(S), FOR NOW KNOWN AS, ALL CAPS
There is a bit of hostility in your manner and rhetoric, is it your assertion that you must be pandered to while what arguments you make are ostensibly character acts and slanderous retorts. Expecting favorable treatment for ill tempered and vial statements seems like a streach to me. As I am not a professional in the fields of psychology or human behavior, might I suggest you seek professional help...

June 12, 2021 9:39 PM

MarkH on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@Clive:

I rolled my own multi-precision (fixed-point) code years ago, and your question inspired me to take a look at it.

It uses the full integer width, and derives carry (a boolean variable in the source code) from an unsigned comparison.

Note that it isn’t necessary to select the smaller of the two addends for comparison; when carry out occurs, the truncated sum is smaller than both of the addends. A single compare is sufficient for each “word” of the add or subtract operation...

June 12, 2021 8:38 PM

Weather on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@clive slf
You can do add CX, bx , the overflow flag won’t be set because its not ECX, ebx, you could try test ECX, which might set the pf or cf flag with a jz after,or and ecx 0x01 followed by xor bx,0x01 camp bx 0x01.

Just wook up will replied later

June 12, 2021 7:59 PM

mac and simm on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@echo
Grand to hear your thoughts.

To “break the FOI system” in Canada, one would have to believe it ever worked.

Even accepting redaction and response times as they are, one still has to wade through the morass of finding which public services are involved, before you can even initiate one, and likely, as with every other law, u will discover some contramanding law saying “oops for ‘certain people’ there are EXCEPTIONS, please try again sometime, sucker”...

June 12, 2021 7:33 PM

echo on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

https://www.independent.co.uk/asia/southeast-asia/duterte-hitler-maria-ressa-rappler-b1859291.html

Philippines president Rodrigo Duterte shares parallels with Nazi dictator Adolph Hitler, a leading Filipino media executive has said.

Maria Ressa, chief executive of the Filipino investigative news site Rappler, toldThe Independent that Duterte’s populist rhetoric is “appealing” in the same way Hitler’s was...

June 12, 2021 6:57 PM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ SpaceLifeForm, Weather, ALL,

You mentioned the “floating point” denormalisation CPU hardware issue yesterday.

Oddly, I’m looking into a related subject.

As you probably know in assembler you have access to a flags register, so when you add two ints you know if the result is zero or has overflowed as there are flags you can branch, skip over, or jump on depending on your CPU. Likwise there are greater than, less than, and equall to branches etc in most CPU assembler instruction sets. As an assembler level programmer you just take it for granted they are there and just adapt your thinking as to if it’s branches, skips, or jumps in the CPU ISA you are working with...

June 12, 2021 6:03 PM

r on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

I was just looking at that very picture yesterday thinking about how his is likely a dvd player board w some generic plan chip gutted reflashed and running some docker image remotely.

🙂

Maybe a TiVO w a spoofed mac 4 lulz.

June 12, 2021 5:51 PM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ SpaceLifeForm,

Clive, prove me wrong.

I can not because your hypothosis of,

Now that I think about it some more, the TLS handshake timing differences may actually be a side channel.

Is correct and easily shown as such, the only real question is the “information capacity” under any particular set of circumstances.

Which raises the question of “How much information capacity is required?” for you second hypothosis of,...

June 12, 2021 5:40 PM

echo on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

This is an old article but says basically the same as the newer material although the newer material does map out terrorist links (including US based terrorists) and the Latin American Catholic Church joining in and a lot of other organisation names plus Russian interference. Social media as we know can have a radicalising influence and this has been more exposed too. A fair few NGO’s and EU instititions and politicians and UK and US based activists and others are very much on the case now...

June 12, 2021 5:15 PM

Weather on FBI/AFP-Run Encrypted Phone :

@echo
Your extreme points would fit in well with a terriosit organization, I didn’t want to be another rung on the ladder, so can you change?

June 12, 2021 5:07 PM

metaschima on FBI/AFP-Run Encrypted Phone :

@TED

“Take for example some people who believe in some “-ism”. Similarly there are people who are convinced that some particular economic system/approach is better than others. These are also often based on opinions rather than unanimously agreed hard data.”

Yes. “-ism”s are ideologies used to deceive the masses. They all boil down to oligarchy, every last one that has ever existed and probably will ever exist. The many ruled by the few, a one way deal. There are small differences between them in how they treat the many. Some are very harsh while others offer more opportunity...

June 12, 2021 4:46 PM

echo on FBI/AFP-Run Encrypted Phone :

Freezing_in_Brazil

Want to know what’s ignorance? People discussing Latin American politics.

I have copies of and have read the reports written either by the people of those countries themselves or respected NGO’s. The Catholic church is up to its neck with far right aligned bad faith actors and it’s especially bad in Latin America. Their activity using various proxies has been detected in the UK and with great respect they can keep their nose out of our business. The EU is well aware of what the Catholic church are up to and are having none of it...

June 12, 2021 4:16 PM

on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@SpaceLifeForm:
@Moderator:
@Clive:
@Winter:

“The fakes appear better, but, they are fake.”

Not better exactly just different in some ways but not enough so they are still very easy to spot if you know what to look for.

Though you might have noticed the times slipped a bit. Troll-Tools a bit busy trying to make better fakes and failing miserably yet again.

However like those Monkey’s bashing away at typewriters, the Troll-Tools can be expected to have a little random success, but it ain’t gonna be t’bard they are turding out, because of fundemental errors in their abilities...

June 12, 2021 3:52 PM

SpaceLifeForm on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ Curious, Clive

Now that I think about it some more, the TLS handshake timing differences may actually be a side channel.

Where a Downgrade Attack can lead to fingerprinting.

Clive, prove me wrong.

I double-dog dare you.

June 12, 2021 3:09 PM

A Nonny Bunny on Detecting Deepfake Picture Editing :

@Chelloveck

So, if my understanding is correct, it’s an attack against a specific fill algorithm.

It’s not really all that specific. It relies on a well-documented weakness of many deep neural network models that allows them to be fooled by adversarial input, which makes them see things that aren’t there. And adversarial input that works for one network tend to work to some extent for others as well...

June 12, 2021 2:36 PM

MarkH on FBI/AFP-Run Encrypted Phone :

@Faustus:

Did Bruce say cryptocurrency should be “shut down?” I don’t recall that.

If he didn’t, you’ve offered a “straw man” argument … not good.

You wrote that we “live in a world where people find themselves unable to create.”

When in all human history has a greater proportion of people had opportunities for self-expression, or the creation of wealth?

...

June 12, 2021 1:45 PM

SpaceLifeForm on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ Curious

See safecurves. Understand 25519. Understand Montgomery Ladder.

The main reason why ECC is more secure than RSA is because of Constant-Time code.

It is less likely to leak.

It is also faster.

It has gotten to point these days, that when I visit a website, I can likely guess due to the TLS handshake time, whether the connection is RSA or ECC.

Firefox on desktop shows you when it is doing the TLS handshake. I’ve been doing this a long time. To quote a famous philosopher: “You can observe a lot just by watching”...

June 12, 2021 12:06 PM

on Friday Squid Blogging: Squids in Space :

@Goat:
@SpaceLifeForm:
@Clive:
@Moderator:
@Winter:

“Is not a comment from me I am confused which ones in this thread are real.”

As both myself and @SpaceLifeForm have said the Trool-Tools who are basically of the imbicilic keep bashing away form of Trumpian 400lb existing at their parents largess as thry lead a probably incell life style suffer from on or more of the ‘dark triad” of narcissism, psychopathy, sadism feel they must hsve their way. However they are also extreamly cowardly along with thrir ineptness and bellow K-12 passing grade IQ/ability, so one of lifes compleate failures in anything that others would recognise as “useful to society”...

June 12, 2021 11:09 AM

Freezing_in_Brazil on FBI/AFP-Run Encrypted Phone :

@ MarkH

Ditto the sentiments.

@ echo

In today’s world, politics is not that hard. UK politics is crystal clear. It can (and is) be monitored from afar. Want to know what’s ignorance? People discussing Latin American politics.

Regards

June 12, 2021 10:50 AM

JonKnowsNothing on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

MSM report on Google Chrome’s URL truncation scheme and the ending of their autohide of the full URL.

Per the article:
Google/Chrome has been truncating full URL paths leaving only the main domain name showing.

From:
  header//name.xxx/path1/path2/path3
To:
  name.xxx

Apple/Safari does something similar.

Google/Chrome will still hide the header. Meaning you don’t know if it’s legacy ht tp or ht tps or hX Xp or hX Xps. For Google/Chrome you can change autohide of the header with a setting...

June 12, 2021 10:02 AM

Faustus on FBI/AFP-Run Encrypted Phone :

When smart people are so resistant to an idea it makes me sad. I don’t believe that Bruce is totally blind to the interesting aspects of cryptocurrency. Nothing anybody does, no amount of success or invention, can ever satisfy a closed mind. In this case I have to believe it is closed by politics or money (as if they are different).

As solely an idea, cryptocurrency and the distributed finance it enables are fascinating. It is an extended examination of the possibilities of trustless or near trustless finance. It has reacted to concerns about energy usage much more rapidly than any other industry as Proof of Stake blockchains are rolling out to replace Proof of Work or to allow the heavy lifting to be done in a more efficient environment...

June 12, 2021 9:40 AM

Mr. Peed Off on Detecting Deepfake Picture Editing :

The answer is simple. If it is digital, it is untrustworthy. Snake oil peddlers, government and corporate propagandists, hucksters, and outright con men have made sure that anything digital is so suspect, that the only value is as entertainment.

June 12, 2021 8:13 AM

echo on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

https://www.dailymaverick.co.za/article/2021-06-10-exclusive-declassified-journalist-was-unlawfully-profiled-by-uk-foreign-office/

Exclusive: Declassified journalist was ‘unlawfully’ profiled by UK Foreign Office

[…]

Tom Short, a solicitor at law firm Leigh Day specialising in human rights, told Declassified: “Everyone has a right to know about the activities of public authorities, regardless of who they are or the reason why they are seeking information. This is a core principle of holding government to account in a democratic society. Accordingly, the FOIA is clear that requests must be treated as purpose and applicant blind.”...

June 12, 2021 8:13 AM

Weather on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@clive
Brute forcing at 1 hash a second would take awhile, wasn’t thinking probably.
Trying to work out how you could get the words from a book as the seed without you knowing what they are, to stop the power tools?

June 12, 2021 6:20 AM

Goatherder on Friday Squid Blogging: Squids in Space :

Is not a comment from me I am confused which ones in this thread are real.

That is the unfortunate result of the ongoing censorship by the rabid winterrascal and the complicit spineless moderator.

Understandably this has led to some not really desired situations, but like many times, patience is a virtue and as time goes by things will improve eventually (at least as soon as the aforementioned totalitarian oppressors change their ways of behaving themselves)...

June 12, 2021 6:12 AM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ Weather,

A loop 100k times might not be that effective as it looks

Err where I come from phone numbers are not 5 digit but 7 or 8 digit. So loops would be 10million or 100million. In the US they are longer than that.

However your point stands with regards insufficiency of loops. But the point remains if the original wallet owner was “thoughtfull” or “knowledgable” they could easily come up with a scheme for generating a pass phrase that in human time scale terms is uncrackable, and for a long time there after, which would give them quite a bit of leverage with the current value of bitcoins...

June 12, 2021 5:35 AM

Curious on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

To add to what I wrote:

I meant to say, what is it with ECC that makes it more secure than plain multiplication, with the afaik known advantage of having shorter key lengths.
I did not mean to say that, shorter keys = more security. 🙁

June 12, 2021 5:16 AM

KlausSchwab–WEF–NWO on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

Encore
From “Event 201” to “Cyber Polygon”: The WEF’s Simulation of a Coming “Cyber Pandemic”

Last year, the World Economic Forum teamed up with the Russian government and global banks to run a high-profile cyberattack simulation that targeted the financial industry, an actual event that would pave the way for a “reset” of the global economy. The simulation, named Cyber Polygon, may have been more than a typical planning exercise and bears similarities to the WEF-sponsored pandemic simulation Event 201 that briefly preceded the COVID-19 crisis...

June 12, 2021 4:44 AM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ No one,

Another “new handle”?

It is curious that you make the, Reuters link on Bitcoin non clickable, yet the Bloomberg link on COVID clickable… I wonder why?

But things get even stranger with you,

I never heard anyone blame a ransomware attack on a CEO because he’s not a nice guy.

That is quite a peculiar statment to make…

You will find, if you can be bothered to check, most organisational culture is shaped or set by the CEO, or those appointed by the CEO into managment positions...

June 12, 2021 4:27 AM

WashingtonInsider on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

China used social media to spread misinformation to discredit Western media during pandemic, report finds:

https://www.abc.net.au/news/2021-05-12/china-misinformation-ifj-report-covid-19/100135016

The Media’s Lab Leak Debacle Shows Why Banning ‘Misinformation’ Is a Terrible Idea
How a debate about COVID-19’s origins exposed a dangerous hubris

https://reason.com/2021/06/04/lab-leak-misinformation-media-fauci-covid-19/...

June 12, 2021 12:51 AM

Weather on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@clive
“Which may prove futile, in that the previous owner of the wallet could have picked a sentance or paragraph from a well known poem or book and added a few bits extra then run it through a hash algorithm a number of times. That number decided by say a telephone number or other publicly available”
A loop 100k times might not be that effective as it looks, it would slow down the bruteforce but getting information from a 64 char poem might still show, as you can do the loop and use that as a table attack instead of just once?...

June 12, 2021 12:26 AM

SpaceLifeForm on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

Silicon Turtles

Interesting attack via Floating Point MicroCode.

Make sure your FireFox is current. Can not speak for other browsers.

The demo shows FireFox pre version 87.0 can leak via this attack.

Note: This is not a browser problem per se. This is a microcode problem. So any attacker controlled data possibly can effect any program that uses Floating Point.

I’ll say it again: Fast does not mean safe...

June 11, 2021 10:55 PM

No one on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

Yesterday China announces they arrested 1,100 Bitcoin cross-border money launderers. So apparently China can now trace Bitcoin too.

/www.reuters.com/world/china/china-arrests-over-1100-suspects-crackdown-crypto-related-money-laundering-2021-06-10/

News media reporting major COVID outbreak of Bitcoin conference attendees. Oh no. https://www.bloomberg.com/news/articles/2021-06-10/miami-bitcoin-gathering-was-a-covid-hot-spot-attendees-say...

June 11, 2021 10:46 PM

Clive Robinson on FBI/AFP-Run Encrypted Phone :

@ David Leppik,

they can’t communicate at all if they can’t trust any device.

Sorry that’s not true at all, as I’ve already explained above in,

https://www.schneier.com/blog/archives/2021/06/fbi-afp-run-encrypted-phone.html/#comment-381218

What they lack is knowledge or the desire to implement such a system effectively.

The ability to communicate securely across very insecure “broadcast transmitters” was very much in use more than four decades befor Cellular Phones and into seven decades before Smart Devices...

June 11, 2021 10:15 PM

on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@SLF:
@Moderator:

“Maybe they have other plans…”

Looking further back into the logs it’s interesting to note the addition of @Clive Robinson handle to that of @Winter as an ‘active target” apprars to have started @ June 9, 2021 2:24 AM with,

https://www.schneier.com/blog/archives/2021/06/friday-squid-blogging-squids-in-space.html/#comment-381001

Thus it might have taken the Troll-Tools fumblings that long to have come up with the new attack strategy...

June 11, 2021 10:00 PM

Clive Robinson on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

@ Ismar,

what does this say about the robustness of digital currencies against state-level actors?

There is way to little fact and way to much supposition in that Dan Goodin piece for any conclusions to be drawn.

For instance it’s known that the US Government has already got a stock of bitcoin from previous FBI activities (one FBI agent actually tried stealing some, a few years back and got caught)...

June 11, 2021 9:43 PM

TED on FBI/AFP-Run Encrypted Phone :

@metaschima
Faith is indeed a religious concept because unlike Trust one party is not adequately authenticated and probably can never be.

In my view trust and faith is also very similar, as you mention. Besides “faith” which is a religious concept there is also “conviction” which is pretty much the same thing but applied in non-religious contexts.

For example we have had people who were convinced (not much hard evidence needed) from that a particular political system is the best approach. Take for example some people who ...

June 11, 2021 9:39 PM

Panic at the disco on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

Which digital currencies?
What else has recently been in the news that could’ve facilitated interdiction?
Which wallet was man handled, who’s purse was opened? This is after all, a referrer program and cuts and costs must be idiv.

Also note that all things considered, dis/misinformation serves a purpose.

FUD for comms
FUD for finsec

It spreads like grease deep fried and airborne, saturating outlets that already were leak eager in a penny starved internet advertising age...

June 11, 2021 8:45 PM

godel on FBI/AFP-Run Encrypted Phone :

@ drus ‘So, “3.7 tonnes of drugs, 104 weapons and $45 million” any idea about the return on investment for this program?’

I believe those figure were just for Australia and further arrests and confiscations were expected. There were supposedly 100 deaths prevented (hits) and 21 of those in Australia.

There also would have been large scale disruption of drug trafficking networks world wide (for a month or two)...

June 11, 2021 8:29 PM

Ismar on FBI/AFP-Run Encrypted Phone :

One aspect everyone seems to be missing here is the propensity of the criminals for risk taking. Namely, the criminals were more likely to use an application they new very little about because of the lure of doing something risky which brings with it a possibility of big financial rewards.
In addition, it might have helped that the app was recommended by one of their own as well as the convenience it offered over other more cumbersome (albeit more secure) methods of communication (fits well with the “get rich quick “ mentality)...

June 11, 2021 8:28 PM

I remember on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

The other day the Colonial Pipeline CEO said that the hackers gained access through a dormant VPN account.

The CEO also stated that they hadn’t yet figured out how the credentials were compromised.

April 2021 LinkedIn experienced a breach of 500 Million user records. What that leaked data contained is not known although LinkedIn claims it was not a breach and that no account data was included. But LI privacy policy is vague about what constitutes private data and what they sell or share...

June 11, 2021 8:01 PM

Fake on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

Wife says underwater landslide, I suppose I’m way out on this one with gamma rays under water. Maybe I should read the paper this time.

As for the aside, it looks to me to be a direct reposting you’ll note dated links from 2016 referencing various things. Pretty effective chaff short of a shared secret no?

I am not friendly. 😉

Why is it developers have all of the answers and none of the solutions?...

June 11, 2021 6:11 PM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Fossil of Squid Eating and Being Eaten :

11 JUNE 2021 — INTERLOPER TACTICS OF THE WEEK(END)
ATTENTION MODERATOR
It appears that about mid afternoon 11 JUNE CDT, a targeted campaign against the blog has been initiated. Some has scraped some of the most common contributors and posting in their name. The common theme in their narrative ramblings gives it away. Keywords:
ADHD, mental health, society, therapy

Haven’t reviewed the whole stream of posts but none of the threads appear related to anything the original authors might have posted...

June 11, 2021 5:47 PM

MikeMcMaster on FBI/AFP-Run Encrypted Phone :

@echo
It’s probably something I would do if I were them but then I wouldn’t blab about it.

They’ve advertised to the world: one secure messaging app was not so secure after all; what makes you think yours is any better?

I expect a lot of shady types will be turning a critical eye to their current mode of communication right about now. Wouldn’t take too much effort to shake them loose from otherwise secure apps by casting doubts on their provenance; the migration naturally to a system with a more positive reputation. And even if the move is to a platform not already infiltrated by authorities, the migration itself will lend itself to upheaval and mistakes that lead to information leakage...

June 11, 2021 5:46 PM

000000000000000000000000000000000000000000000 on Friday Squid Blogging: Squids in Space :

Indeterminate
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0...

June 11, 2021 5:45 PM

echo on Friday Squid Blogging: Squids in Space :

This is a very timely line of thinking, especially the observation that psychology’s malleability can be a blessing or a curse.

Our best science tells us that in the coming decade, the reality of our climate predicament will become undeniable, but also will go beyond what our minds have been conditioned to accept. As it becomes more real, it will become more unreal.

Psychology (and philosophy) can either help galvanize us to collective communal action, or just cause us to each endure the situation alone. Fostering acceptance of reality (which is healthy) without acquiescence to a dismal future (which is not) is a very fine line...

June 11, 2021 5:44 PM

Dirk Praet on Friday Squid Blogging: Squids in Space :

That’s very kind of you to suggest I need help to sort things out. It’s not a conspiracy it’s a group of like minded people in persuit common interests – money and social control. Maybe you should read up on WEF and Davos, the billionaires club. Somewhere in every government is somebody running scenarios of reduced population. We are past the numbers being merely unwieldy they have become impossible. New world order came out of the mouth of Bush Senior and has been espoused by WEF. You attempt to disparage my remarks with phrases like “reptile Jews”. I made no reference to anything like that and that you do reveals a condescending character assassin. It’s no surprise narcissism occured you, it’s on your mind often. Spare me the projection. FYI internal FBI documents released 50 years after JFK have the agents congratulating themselves on “conspiracy theory” being their best propaganda campaign ever. You can indoctrinated to belittle people who make legitimate inquiry. Obviously...

Sidebar photo of Bruce Schneier by Joe MacInnis.