Friday Squid Blogging: Squidmobile
The Squidmobile.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Comments
vas pup • May 13, 2022 5:53 PM
The forgotten genius who invented our future
https://www.bbc.com/reel/video/p0c6k16c/the-forgotten-genius-who-invented-our-future
SpaceLifeForm • May 13, 2022 6:13 PM
An interesting, but worthless AI bot. Not even GPT-3 worthy. Can not form coherent sentences. Why Portugal is the target, I do not know.
No links. No point. Just babble.
Sad. A waste of moving electrons.
SpaceLifeForm • May 13, 2022 6:28 PM
Dude, it’s called a bus.
hxtps://therecord.media/cia-ciso-joseph-rich-baich/
CIA selects new CISO with deep private sector experience
Clive Robinson • May 13, 2022 7:24 PM
@ SpaceLifeForm,
Re : Fascist Ponzi Dots.
It’s long been suspected that the “alledged” Twitter user figures were a nonsense, and that the Twitter board of governance were not being honest about the number of fake accounts.
That less than 5% figure in the filings does not tie up with the shown –by others– to be 50% or more fake followers on even minor celebrity accounts.
The implication is the only “real eyeballs” looking at Tweets are for what are non celebrity accounts with fifty or less followers. Not those placing advertising revenue want to hear let alone have confirmed.
So yes Musk could walk away from the deal, and as for that $1billion walk away fee… He might not even have to do that… If Musk’s team can show that Twitter were “egging the pudding” which appears is quite likely, then he can claim various levels of misrepresentation upto criminal by the Twitter board…
As a rule of thumb you do not pay walk away fees on what are basically frauds at any level. By the time it gets to court Twitter will effectively be gone. As Twitter was already on a decendant trajectory, the release of confirmatory news that they have been misrepresenting the real number of eyes would most likely start a rug-pull by the current advertising funders.
Quite a few idiots bought Twitter shares hoping to be able to cash in on it in some way… Well they might be wise to sell at the current loss now, rather than wait on the very likely news Twitter shares will drop down to less than a 1/4 of their pre offer value.
And that’s what the “new smart money will be on idiots” will hope is that Musk will re-negotiate the deal and that will some how save them…
If Musk does re-negotiate it will be downwards and if he pushes bad faith behaviour by the board he could end up with Twitter for between 1/4 and a 1/2 of the original offer and the shareholders biting his hand off in their keenness to take it.
But Musk is unlikely to be very generous from his point of view the Twitter board has cost him more than Twitter is now likely worth…
The problem the Twitter board has is that as Musk re-negotiates the more his “Due Dilligence” investigators will find as the clock is running. Whilst Musk is very probably not alowed to “disclose” by contract that is hardly going to make a difference… If they find potentialy criminal activity by the Twitter board they have a requirment of notification to the appropriate authorities, something that would fairly quickly get known publicly. If Musk’s investigators find other activities that are unlawful but not of necessity criminal actions by Twitters Board, that too is more than likely to get public attention.
Even if unlawful or criminal actions by the Twitter board, do not come to the public attention, just a delay in any potential closing of a negotiation will bring the share price down…
Time to get in some bags of microwave popcorn whilst they are still less than Twitter Shares… Especially as the price of corn is rising significantly currently due to orher world events…
SpaceLifeForm • May 13, 2022 10:40 PM
Hello. Hello? Is this thing working?
Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones
https://arxiv.org/abs/2205.06114
On recent iPhones, Bluetooth, Near Field Communication (NFC), and Ultra-wideband (UWB) keep running after power off, and all three wireless chips have direct access to the secure element. As a practical example what this means to security, we demonstrate the possibility to load malware onto a Bluetooth chip that is executed while the iPhone is off.
hxtps://nitter.net/naehrdine/status/1525130302779273216#m
Winter • May 14, 2022 2:17 AM
@Clive
It’s long been suspected that the “alledged” Twitter user figures were a nonsense, and that the Twitter board of governance were not being honest about the number of fake accounts.
Are you surprised? I do not personally know anyone who mentioned having read something on Twitter ever. I do not even know anyone who told me she or he was on Twitter. It has been suggested that all real Twitter users work in the media or politics, with some business media consultants added in the mix.
But the eyeball problem holds for all social media, all “impressions” of online advertising, and even the numbers of eyes that are claimed to see ads in magazines.
The fact that ad impressions have been overstated by those who sell ad space is so well known that I do not believe advertisers are still falling for it. That fact must have been priced in.
But Twitter knowingly misleading advertisers and share holders is still fraud.
SpaceLifeForm • May 14, 2022 3:41 AM
Terra Zeros. How many can you insert after the decimal point?
hxtps://coinmarketcap.com/currencies/terra-luna/
The live Terra price today is $0.000246 USD with a 24-hour trading volume of $3,054,577,847 USD.
Yeah, sure. Insane.
A red or green plastic mil that one could use to ride a bus 70 years ago is worth much more. Just on the collector value side.
Clive Robinson • May 14, 2022 4:25 AM
@ SpaceLifeForm,
Re : coup may happen soon
We’ve heard it will be “all over by Christmas” or New Year before… Most noticable by the fact it is not.
Likewise a “Coup d’état” is oft forcast but actually does not realy happen, the failing leader simply bows out, runs away, or very occasionaly kills themselves. In the case of Russia, militry “old guard” coups have in more recent times failed against the “old guard” an indicator that as what is happening in terms of standards of living and freedoms in the first and second worlds gets through along with the knowledge of disasterous military campaigns, the “old Guard” actually has very little real support.
What will be killing Putin is the jokes… Counter pose The “Mighty Russian man of Power” with the “Comedian leader of a bunch of farmers” yet the farmers are winning against Russian forces… There will be jokes, painful jokes, at Putin’s expense, that will belittle him. It is that which will spread the rot of belief in Putin the Russian People who are already starting to feel. They are starting to feel like they have been lied to for too long, and made fools of, and their ire will start to focus.
It is said “Putin is the richest man in the world” but the reality is he has stolen that out of the mouths of the Russian Children and their aging Grand Parents. It’s going to get taken back from him and his family and their criminal supporters. What will happen to it is probably other governments will take it on various excuses but some will come back to Russia.
The problem we have is not that of “a man” but “a people”. Just over a third of a century ago a previous Russian premier, realised that the “old Guard” ways could nolonger work. He tried to give the Russian people the future to soon to quickly. The Russian people did not pick up the challenge, instead they gave it away to criminals rather than face upto the challenge.
As we know from nature, if you let a disease or pestilence in, it has to run it’s course. So it’s often seen as “kill or cure”… But the reality is somewhat different.
Putin is going to stop being the Russian leader at some point how does not realy matter. The important thing is it is “a man” that will go, but what comes next “a people” will decide one way or another.
What will the Russian People decide? Will they fall again for easy lies, or will they realise that there are no easy short cuts to what they want?
A little reality, “Men of Power” are generally failures because they are not realists, they are in fact generally deranged in some way. On the other hand “Comedians” have to work people, they tend to be very much realists. Which is better to run a country? I don’t know, but as “Men of Power” fail and fail often, I’d put my money on a realist, if they can make us smile as well so much the better, it will make the blisters of the journy easier to bear.
So though I do not think “it will be over by Christmas” and the clean up will take many many years more than I have, I actually do think large as they are Russia is the loosing side. Because when you look at things which country currently has not “a man” but “a people” suppprting a view of a reality they can see and are willing to fight for?
But also consider what it is the Ukranians as “a people” actually want, and what the Russians as “a people” actually want, is not very much different to what the British, French, German and American’s as “a people” want. Which is “Peace and Prosperity” which in not what “Men of Power” give. Because “Men of Power” always “see them selves” out in front “leading”, this makes them see the nation not as “a people” to be supported to get what the citizens want, but “a tool to be used” to keep the leader in front…
Take a look at the leaders of the G7 pre covid and ask yourself who was actually for their people and who was for themselves?
ResearcherZero • May 14, 2022 4:29 AM
“Does your mother know I’m here?” ~ said The Cat in The Hat, accoridng to a freak named Seuss. (And he said it in a real creepy voice)
“We want our people to understand: They should make no assumptions about anonymity. You are not anonymous on this planet at this point in our existence. Everyone is trackable, traceable, discoverable to some degree.”
https://www.nytimes.com/interactive/2019/12/20/opinion/location-data-national-security.html
“A Ukrainian man has been able to track the redeployment of Russian troops to the east of the country via a pair of wireless earbuds looted from his home near Kyiv.
The Airpods were taken from Hostomel, 17 miles from Kyiv, towards the beginning of the invasion when Russian forces were attempting to capture the capital.”
https://www.thetimes.co.uk/article/stolen-airpods-give-away-russian-retreat-positions-c60j88nvv
…even PlayStations can be detected by adversaries because they are networked.
“I don’t understand why people don’t understand,” Neller said. “If I can find you, I can target you; and if I can target you, I can shoot you; and if I can shoot at you, I can kill you. It’s pretty simple.”
https://taskandpurpose.com/analysis/russia-ukraine-cell-phones-track-combat/
Ukrainian artillery forces and the Democratic National Committee have something surprising in common: They were targeted by the same Russian code and spied upon by the same military intelligence unit.
https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf
Russia has been hacking into soldiers’ personal smartphones in an effort to “gain operational information, gauge troop strength and intimidate soldiers,”
Russia could gain access to sensitive military information, as well as impact how NATO responds to Russian military actions, such as by sending out fake instructions to NATO troops. The attacks targeted the group of 4,000 NATO troops that deployed to Poland and the Baltic states this year (2017) to defend the European border with Russia amid heightened tensions with Moscow.
https://www.axios.com/2017/12/15/report-russias-hacking-nato-soldiers-smartphones-1513305963
social media makes it cheap and easy to target soldiers and veterans in their virtual hangouts for intelligence gathering and influence campaigns
Russia has dramatically increased its “active measures” — a form of political warfare that includes disinformation, propaganda and compromising leaders with bribes and blackmail
https://www.politico.com/magazine/story/2017/06/12/how-russia-targets-the-us-military-215247/
50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.
Each piece of information in this file represents the precise location of a single smartphone over a period of several months in 2016 and 2017.
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
…scan around with Google maps and see what else is there
https://freethoughtblogs.com/stderr/2018/01/21/that-was-too-easy/
Google’s access to your location data …a map of your exact movements, every single day, stretching back for as long as you have been walking around with your phone. You can use the calendar view to see exactly where you have been on a given day. If this horrifies you, you are not alone.
…the “snooper’s charter”, obliges internet service providers to keep all data and theoretically allows pretty much any arm of the government or police services to access it for any reason.
https://www.theguardian.com/commentisfree/2018/jan/29/strava-app-mapping-every-move
“Your location has been shared 5,398 times with Facebook, Groupon, GO Launcher EX and seven other apps in the last 14 days.”
https://www.cs.cmu.edu/news/2015/carnegie-mellon-study-shows-people-act-protect-privacy-when-told-how-often-phone-apps-share-personal-information
how to build them
https://medium.com/strava-engineering/the-global-heatmap-now-6x-hotter-23fc01d301de
Where your children are…
“This will be a treasure trove for any spying agency, I would presume.”
…with technology now everywhere in the classroom — much of it, like laptops, provided by some school districts — parents may not be aware how connected their children really are.
“There are no valid reasons that someone can tell me right now as to why they need to collect this data for people that are under 18 years old,”
https://www.nytimes.com/interactive/2019/12/21/opinion/pasadena-smartphone-spying.html
publishing all users’ location data to the entire web despite its privacy-policy promise to users that “You can opt out of such broadcasts through your privacy settings.”
https://www.wired.com/2010/06/foursquare-privacy-funding/
And that is why privacy is important…
Still not convinced? -BANG!
Ted • May 14, 2022 5:52 AM
Did you all see this? Twitter (Slashdot)
NSA Says ‘No Backdoor’ for Spies in New US Encryption Scheme
I really hope I’m not missing any subtlety. The US would like to roll out quantum-resistant cryptography to protect economy by 2035. The algorithms should be available by 2024.
I think I saw the Director of NSA is handling this process for groups that are using National Security Systems (NSS). They have their own versions?
https://twitter.com/nsa_csdirector/status/1521969557233143810
JonKnowsNothing • May 14, 2022 7:10 AM
@ Ted, @All
re:
Did you all see this?
NSA Says ‘No Backdoor’ for Spies in New US Encryption Scheme
I really hope I’m not missing any subtlety…
The subtlety is:
- “No Backdoor” is new-speak definition for “No Backdoor For You But for US (NOBUS)”.
The NSA cannot “prove” there are no backdoors, they can show indications, tests and statistics that confirm their negative statement but that is not proof.
Proving their negative hypothesis is false, happens once you find any backdoor.
Backdoors might not be overt or in-your-face doors labeled “backdoor here!”, but very hard to find code bits commonly called bugs. Particularly Edge and Corner Case bugs. Très Handy.
If you have followed some of the threads in the blog on HW and Chip design (@Clive, @SpaceLifeForm, others), you can infer quickly that the statement is “over broad” because all current hardware is already subject to backdoor failures.
Quantum just has more places to fail, simultaneously, everywhere at once.
Nick Levinson • May 14, 2022 7:21 AM
@SpaceLifeForm, @Clive Robinson, & @Winter:
@SpaceLifeForm:
No price can go down 100% unless it goes down to 0.
@Clive Robinson & @Winter:
Some advertisers won’t care about eyeball figures if those advertisers have sales they deem adequate for what they’re paying.
And some will care. But the advertisers with more experience with the platform may not.
Media probably have been inflating for for long. Decades ago, I was with a very small print outlet, and was advised from another print medium to triple our circulation figures because everyone does and advertisers expect us to and so they cut it accordingly, implying that if we’re honest we’d be penalized.
JonKnowsNothing • May 14, 2022 7:24 AM
@Winter, @SpaceLifeForm, @All
re: turns 70 this summer
ahhhh… hmmm… do I detect a slight bit of ageism in that statement?
Maybe it’s just a matter of record? right?
Perhaps I’m a bit sensitive, as a recently read medical document stated that anyone over 60-65 is a high surgical risk and therefore the HMO may decline to do surgical procedures, even “life saving ones”, because … well… one is too f-ing old for them to bother with…
ymmv, however, my odometer is not running backwards… 🙂
Nick Levinson • May 14, 2022 7:32 AM
Computer security where demand is high must be pretty good overall when managed with enough resources, including skill, commitment, and time, even for non-airgapped systems, or hardly any institution that would fail without high security and that would cause other institutions to fail would deploy computers.
Consider international conflicts, criminal cases, academic studies, business competition, and ransom opportunities (high-end).
Granted, there’ve been break-ins, data extractions, and, I assume, data alterations at major installations. But if it was too frequent then we’d be handing out abacuses to all K-12 students with skill testing and we’d be growing and chopping a lot more trees.
The exception to this thesis is large-scale war. Everyone with the resources to do so may be collecting zero-day exploits that defenders hadn’t anticipated and the collectors may not exploit them until the war is underway, so we (or any side) likely won’t have time to detect and defend against them.
Winter • May 14, 2022 7:51 AM
@JonKnowsNothing
ahhhh… hmmm… do I detect a slight bit of ageism in that statement?
Not really. But if your image is macho shirtless bear riding, there might be a point when you either need to change your image, or retire. Anyhow, at 70-, you are going to see that your future has a horizon, and you want to take steps accordingly.
Snarking aside, it was common knowledge that Putin was preparing to hand over the presidency to a successor. Maybe not this year, but soonish.
JonKnowsNothing • May 14, 2022 7:56 AM
@ Nick Levinson, @SpaceLifeForm, @Clive Robinson, & @Winter:
re: No price can go down 100% unless it goes down to 0.
Prices can go negative but perhaps not in the context of that example because stock markets de-list stocks where the prices fall below a set threshold.
That threshold is set by the different exchanges and each has their own qualifications. Stocks that fall of one exchange maybe relisted on another or fall into the Penny Stock Market Listings.
But those normally require some positive balance, which can be done during a stock restructuring.
- eg: 1 stock falls to .01 a share. It is relisted when the share pool has been recast as 1:10 (1 new stock = 10 old stocks) on the Penny Exchanges at 1 stock for .10.
There’s a lot of fun and games with shares, share pools, share classification, reclassification, dilution, conversions, re-acquisition, retirement, warrants, options, longs, shorts, derivatives and more.
For items to fall into “negative zones” the item must have serious defects. One might consider something like Disposal of Nuclear Waste. The Waste had serious negative value that requires spending large sums to dispose of it or rather to pay “someone to take it”.
A similar process happens with “donations” of physical goods (ala Recycle Markets). The goods are donated because to their current owner they have zero or negative value (hauling to the dump and paying dump fees) but recycling centers can carry the debt costs for disposing of the truly useless items and selling on the still usable ones.
In the USA tax codes these sometimes come under “loss carry forwards” or “tax credits”. The credits are offsets to the lost value of the goods. So the goods have zero current value but carry their negative values forward as deductions.
Deductions and Credits are only useful if you have taxable income. They often have different timing and use restrictions, which in the USA, changes every 18 months or less. (1)
===
1) The USA Congress is primarily in charge of the National Income and Budget. Governments in the USA use special accounting procedures that are completely different than individual GAAP accounting. Government Accounting is not like individual budgets with “checkbooks and bank balances”. Something the Tea-Bag-Set don’t quite understand but that’s intentional.
Winter • May 14, 2022 8:05 AM
@JonKnowsNothing
Perhaps I’m a bit sensitive, as a recently read medical document stated that anyone over 60-65 is a high surgical risk and therefore the HMO may decline to do surgical procedures, even “life saving ones”,
I do not know about the situation in the USA, where I know hospitals dump patients at a bus stop wearing only their hospital gown [1].
However, older patients do respond differently to treatments. From a certain age, they might not wake up anymore after an induced coma or even full anesthetics (e.g., with mild dementia). Chemo-therapy is known to work less well in older (80+) cancer patients. As the general benefit of chemo therapy is not always that high, the side-effects of the treatment might overrule using them in older people.
Also, a 6 months stay in a hospital might be an inconvenience to a 30 yo, it might be half the expected remaining time of an 80+/90+.
That means, that even in countries where cost is not a consideration, there are good reasons to be careful what you do to an older person.
[1] ht-tps://www.nytimes.com/2018/01/11/us/baltimore-hospital-patient-woman.html
JonKnowsNothing • May 14, 2022 8:07 AM
@Winter
re: at 70-, you are going to see that your future has a horizon, and you want to take steps accordingly.
You must have a very poor genetic pool in your family….
Someone send a message to Peter Thiel, ’cause he’s betting the farm to live longer than that…
===
Search Terms
Methuselah Foundation
The Methuselah Foundation is a non-profit organization with a declared mission to “make 90 the new 50 by 2030” by supporting tissue engineering and regenerative medicine therapies.
JonKnowsNothing • May 14, 2022 8:44 AM
@Winter
re: However, older patients do respond differently to treatments.
This might be better recast as:
Under currently standard techniques outcomes for older persons may not be the same as for younger persons.
Generically, surgical processes remain the same as in ancient times
- Slash
- Burn
- Poison
We do have newer procedures and methods:
a) situations where surgery is needed are reduced
b) non-surgical interventions may have equal outcomes
c) surgical techniques and strategies change
There are impediments to changes because not every change is beneficial but SARS-CoV-2 had shown that some previously methods of treatment had negative outcomes were continued because they were “treatment standard” and now they are not. (1)
Post surgical improvements, may now include an “oral carbohydrate preload drink” @2hrs prior to the procedure, although there are some contra-indications for persons with diabetes where the amount of fluid taken in is reduced by 50%. (2)
Nearly all medical processes and procedures are intended to Prolong and Extend Life. There isn’t any reason and should not be an arbitrary cut off. All medical facilities in the USA use SOFA scoring, even outside of Triage conditions, to reduce their Cost Ratios. The SOFA score values set, in the USA, for age and life expectancy have minimal counts on the score card. In practice MDs place a significantly higher score against age, mostly due to Medical Costs. Medical Costs are the gate keepers for treatment, age is the excuse. (3)
===
Search Terms and concepts
1) laying on back v laying on stomach.
2) Nil by Mouth
3) Michael Rosen @74yo was in COVID ICU for 47 days and recovered.
JonKnowsNothing • May 14, 2022 8:57 AM
@Winter
re: But if your image is macho shirtless bear riding, there might be a point when you either need to change your image, or retire.
How about a bottle blond comb-over, with orange paint, hefty paunch and full frontal dental orthodontia, riding a golf cart, holding a bible upside down?
No??
Didn’t think so… me either.
Age it seems is not a requirement for vehicle preference.
Winter • May 14, 2022 9:23 AM
@JonKnowsNothing
How about a bottle blond comb-over, with orange paint, hefty paunch and full frontal dental orthodontia, riding a golf cart, holding a bible upside down?
Russians expect different qualities in their leaders than Republican voters. Illiteracy seems to be a plus in USA Republican circles, but it is much less so in Russia I was told.
JonKnowsNothing • May 14, 2022 9:34 AM
@All
The doxing of the USA RvW document fallout continues. An interesting comment by one of the SCOTUS Justices highlighted an ongoing issue. The context of the comment is the USA, but it applies globally.
[What might happen] if people are unwilling to “live with outcomes we don’t agree with”…
Justice Clarence Thomas
Yes, very perceptive.
50yrs of living with an outcome that 6 Justices didn’t like, for an example?
There’s a whole other class of global conditions that fall into that category. Some trivial and some more deadly.
It applies equally to programming, computer systems, design, along with every aspect of modern computing. Not everyone can pick up their huaraches and walk away.
====
Search Terms
ht tps://www.theguardian. com/law/2022/may/14/clarence-thomas-supreme-court-leak-abortion
Justices Thomas, Gorsuch, Kavanaugh, Barrett, Alito, Roberts
(url lightly fractured)
Winter • May 14, 2022 9:37 AM
@JonKnowsNothing
Nearly all medical processes and procedures are intended to Prolong and Extend Life. There isn’t any reason and should not be an arbitrary cut off.
Things have advanced, but not like people think. At the end of life, there is a sense of quality-of-life. Some “treatments” are debilitating. This is exemplified in two quotes:
- If I had known what the outcome would be, I would never have agreed to this treatment
- Sir/Madam, this new treatment is expected to prolong your life with 6 months. However, you will have to come into the hospital now and will never leave it again. Do you want this, or would you prefer to spend the remaining time you have with your loved ones?
These are not hypotheticals. I have heard these quotes from treating medical doctors.
And yes, there are many conditions where slash, burn, and poison are the only things that can keep you alive. Even modern wonder treatments, like immunotherapy, work in only 30% of cases, and even then with often horrible side effects.
There are things that will indeed help pushing back these slash, burn, and poison treatments: Stop smoking, drink no alcohol, keep your weight down, eat your vegetables, and walk a few thousand steps every day (10k is overdoing it).
But I know that people prefer slash, burn, and poison later over behaving responsible now.
Ted • May 14, 2022 9:51 AM
@JonKnowsNothing
you can infer quickly that the statement is “over broad” because all current hardware is already subject to backdoor failures.
Ugh. Well with China pouring billions into quantum computing and who knows what else, I’d like to imagine someone is checking the weather.
Tamika • May 14, 2022 10:47 AM
@SpaceLifeForm,
Terra Zeros. How many can you insert after the decimal point?: “The live Terra price today is $0.000246 USD with a 24-hour trading volume of $3,054,577,847 USD.”
That’s triple the market capitalization, suggesting that every coin that exists has been traded 3 times in the past 24 hours. I find that difficult to believe. Though I have no trouble believing it lost 99.97% of its value, particularly after reading on Wikipedia “The US SEC issued a subpoena for Terraform Labs and [its co-founder] Do Kwon in 2021. [Kwon] responded by stating that he woundn’t comply with the demands, and instead would be suing the SEC.”
@Nick Levinson,
No price can go down 100% unless it goes down to 0.
It’s good that you understand basic English and math. It’s surprising how often I see even supposedly well-educated people write things like “the price has decreased by 4000 times” (which, given that Terra was valued at $1 last week, would imply a value of $-3999; i.e. that one would pay $3999 for anyone to take it off their hands).
@JonKnowsNothing,
The NSA cannot “prove” there are no backdoors, they can show indications, tests and statistics that confirm their negative statement but that is not proof.
This is true, and I’d never say we should trust such a statement from the NSA. But it’s not obvious that they could hide a backdoor. Look at what happened with Dual EC DBRG: the potential for a backdoor was identified before the standard was even published, though it was another decade before people considered that “confirmed” after seeing the Snowden leaks and the RSA Security “bribe”.
It’s generally believed that they’re not quite as far ahead of the general cryptographic community as they once were. Maybe a few years, but not a decade. People have found weaknesses in once-secret NSA systems that don’t appear to be backdoors (SHA0, famously). So, are they good enough to design a backdoor that won’t raise suspicion among the crypto community that’s now paranoid about everything they do, and can remain unleaked and undiscovered for the 20+ years it’ll likely be till the new algorithm(s) surpass our current ones? I doubt it, and I imagine they’re well aware of the difficulty.
The post-quantum systems, given the amount of “new” math involved, are probably particularly vulnerable to flaws being overlooked (good for backdoor-makers)—but also to flaws being suddenly discovered. One of the NIST third-round finalists, Rainbow, was broken quite badly: full private key recovery in 53 hours.
Backdoors might not be overt or in-your-face doors labeled “backdoor here!”, but very hard to find code bits commonly called bugs. Particularly Edge and Corner Case bugs.
These bugs tend to crop up more in implementations than the definitions of cryptosystems, and I think it would be difficult to use them for a robust backdoor. People might later discover e.g. classes of weak keys and update software to work around them while maintaining compatibility. Or reimplement the thing in whatever new programming language is popular, and accidentally avoid the bug.
There’s also the possibility that US agencies (and those of US allies) are learning from the problems that result from insecurity. I suspect combining the databases of Google, Apple, and OnStar would let one identify at least 50% of the people employed by the NSA, an organization once so secretive nobody could confirm it existed. There were the American military patrols identified by soldiers publishing their exercise data, the Russian operations identified by soldiers posting geo-tagged photographs, the assassins/spies identified by Bellingcat, and the Greek wiretapping case of 2004. The idea that government employees could use “standard” (insecure) stuff at home without impacting government security—as long as they use “the good stuff” at work—seems increasingly dubious, to the extent I could believe the NSA et al. pushing for real security.
Winter • May 14, 2022 11:27 AM
@SpaceLifeForm,
Terra Zeros. How many can you insert after the decimal point?: “The live Terra price today is $0.000246 USD with a 24-hour trading volume of $3,054,577,847 USD.”
What follows is my incomplete, amateur, understanding.
UST was (supposed to be) a “stable coin”, pegged to the USD $. Such a “stable coin” is supposed to be backed by collateral. There are several of such stable coins based on cryptocurrencies. There are two classes:
1) Fully, or over, collateralized, ie, there is at least as much value in U$ in the collateral as there are stable coins. Often, you need $2 value of collateral for $1 value of the stable coin. These are stable, and boring. Meaning, you cannot do a lot of speculating
2) Under collateralized cryptocoins, with only a fractional of the value backed by collaterals.
UST (Terra) was under-collateralized. In practice, there were $0.20 collateral for every $1 of UST. The risks of this set-up was covered by rather complicated extra coins (governance tokens, Luna, Anchor) and rules. One thing that was a red flag was a scheme (Anchor) where you could earn 20% interest on stakes of the underlying “governance” coin, with rules to limit leveraging.
There are rumors that UST was brought down by a rather intricate attack.
ht-tps://finance.yahoo.com/news/did-concerted-attack-cause-terra-202732021.html
It involved, according to the rumors, the attacker to go short on Bitcoin for $1B and then played the Terra system to force the UST below 1$ and force the Terra network to massively sell their Bitcoin collateral. This drove the price of Bitcoin down making the value problem of UST even worse. This caused a bank run.
Waht went to zero+rounding was not UST, but the governance token Luna which was needed to run the Terra blockchain. UST is at the moment still worth $0.18. Still a major loss, but not zero.
Those who shorted Bitcoin made off with an estimated $800M worth of Bitcoin.
All rumors at this point. But if true, someone with very, very deep pockets crushed UST. Shorting anything for $1B takes some resources.
lurker • May 14, 2022 1:28 PM
@Winter
And there is information that General Valery Gerasimov, chief of the Russian General Staff, had been fired.
Sorry, I think you misspelled speculation. At least the red top rag NY Post didn’t:
Speculation is swirling that Russian President Vladimir Putin has sacked his top commander . . .
NYP quoted a single source, quoted it as unverified, and noted other rumours that they labelled as “rumors”. I believe they do this to claim they are “speaking the truth.”
Winter • May 14, 2022 1:42 PM
@Lurker
Sorry, I think you misspelled speculation.
Probably a better word for it.
Winter • May 14, 2022 1:49 PM
@Lurker
Sorry, I think you misspelled speculation.
Myself
Probably a better word for it.
Still, given the progress of the “liberation” of Eastern Ukraine, including the unconfirmed near-dearh experience of the general, and with the current churn in the inner circle of Putin, I think everybody will be mightily surprised if the general will take up command again.
Clive Robinson • May 14, 2022 3:21 PM
@ Nick Levinson, ALL,
No price can go down 100% unless it goes down to 0.
Which in theory it can not do…
Such are the problems with normalization people forget what goes up may not go down or the otherway deprnding on what you are doing.
For instance if you say,
“Yesterday it opened at 1.65 and the price went up 100% before lunch, but only dropped by 50% later before close”
Then ask what the opening price difference this morning was to that of yesterday…
Many would either get it wrong or have to pause to explicitly work it out.
Doing “running” normalisations is way beyond most people who don’t understand “exponential”. Frighteningly as seen with people explaining the SARS-CoV-2 growth figures it was got wrong by so many “proffessional people” that it got quite scary.
But it can be easy to get wrong if you make the mistake of going through several conversion factors… If people look back over this blog they will see there have been times when I posted with a tired mind and got things wrong, one being the conversion of weight through the conversion of liquid measures.
JonKnowsNothing • May 14, 2022 3:33 PM
@Ted, @Tamika, @All
re: Backdoors and China pouring billions into quantum
There is much speculation about the state of China’s technology. The current trajectory is that China and the Western world will split apart technically and the West has already launched No Chinese -Tech- Welcome (1)(2).
So, if one considers backdoors:
1) The NSA claims they have none
2) China claims there are none in Western products.
- The West is not buying much in Chinese Tech but is heavily invested in Chinese manufacturing which is the hub of Western tech & consumer product creation.
- China is building their own systems for themselves and have no issues putting backdoors into their own systems. Their internal systems depend upon it.
Not the same but a divergent class of the problem.
Quantum systems will have backdoors aka bugs due the complexity.
To paraphrase the smarter folks:
- One can create a mathematically correct encryption algorithm
- Implementing the algorithm is where the failure takes place
===
Search Terms
1) USA Chinese Exclusion Act 1882
2) Supercomputers have their own leap frog competition.
China’s super computers have often out performed, been built faster, deployed more quickly than those in the USA pipelines.
The USA builds 2 variations for each generation of supercomputers.
One version is targeted to science and quasi-public access.
The other version is highly secret and capabilities are speculated to be multiples of the complimentary public version. The use is restricted to Military and Intelligence uses. This latter version is the one that processes all the NSA collected telemetry.
Sumadelet • May 14, 2022 3:48 PM
Re: Price going down by 4,000 times.
It long mystified me how mathematically incoherent this was, along with ‘4 times smaller’, or ‘twice as small’, but I’ve managed to rationalize it by realising that many people are uncomfortable with fractional quantities and what they mean is:
Price going down by 4,00 times: the price has dropped to a level such that you need to multiply it by 4,000 to get to the starting price.
4 times smaller: the quantity in question has decreased to a level such that you need to multiply it by 4 to get back to the original.
Twice as small: the quantity in question has decreased to a level such that you need to multiply it by 2 to get back to the original.
Of course, people also get confused by percentages. I have been earnestly informed that if something declines from 80% of a value to 40% of a value, it has gone down by 40% (the difference between 80 and 40).
JonKnowsNothing • May 14, 2022 3:51 PM
@Winter
re: someone with very, very deep pockets crushed UST. Shorting anything for $1B takes some resources.
The process is call Arbitrage. Exploiting minute fluctuations in pricing, buying cheap and selling in the higher priced market.
You need some funds or financial connections for letters of credit (1) to run a big trade but if the arbitrage happens correctly, the deal is made, swapped, closed and cashed in very quickly. Minutes even.
With after hours trading, barred to simple folk, but used heavily by financial institutions and hedge funds, a Friday night deal might not even be noticed by the ordinary folk until Monday opening.
===
Search Terms
Arbitrage
1) In the USA these would be similar to the Pre-Qualification Letter given out to home buyers by lending institutions as “proof” they can pay on an pre-arranged amount. There is no exchange of significant money at the time a deal is made only “earnest money”.
Earnest payment
vas pup • May 14, 2022 3:59 PM
Copying others to dare – Bruce love risk subject
https://www.sciencedaily.com/releases/2022/05/220511092212.htm
“The best things in life are unlikely to occur. In many situations, taking at least moderate risks yields higher expected rewards. Yet many people struggle with taking such risks: they are overly cautious and forego high payoffs. “However, we are not alone in this struggle, but we can observe and learn from others,” says Wataru Toyokawa. “We therefore wanted to find out whether social learning can also rescue us from adverse risk aversion.” The answer is yes, as the authors from the Cluster of Excellence Centre for the Advanced Study of Collective Behaviour showed in a just published study in the journal eLife.”
After reading the whole article I was thinking is the same applied for physical risk taking aversion?
Tamika • May 14, 2022 4:53 PM
@ Sumadelet,
It long mystified me how mathematically incoherent this was, along with ‘4 times smaller’, or ‘twice as small’, but I’ve managed to rationalize it by realising that many people are uncomfortable with fractional quantities and what they mean is:
Yes, sometimes the intended meaning can be inferred, but there’s also a common off-by-one error that’s relevant with small multipliers. “2 times as large” and “2 times larger” are not the same thing; the first is a doubling, the second a tripling. I’m inclined to call it more of a linguistic error than a mathematical one; it’s not like the meaning of “times” and “larger” are ambiguous or obscure. I expect some advertiser is eventually gonna get in trouble for making false claims like “2 times faster” (for a product that’s merely 1 time faster). If this class of error is combined with “times smaller”, I can’t even guess at the correct number.
When I log into my investment account, it shows percentage increases and decreases for everything, including one fund with a more than 200% increase (over a decade). They calculate it correctly, but I wonder how many people are wondering why they “only” got 200% when the markets tripled. Then again, I’ve think I’ve even seen banks confuse “percent” with “percent per annum”, so maybe they’d be happy to see “20%”. (I hope nobody thinks they can really get a 25-year mortgate at “5%”; in reality, they might pay back more than double the principal over that term.)
&ers • May 14, 2022 5:00 PM
@ALL
hxxps://www.euractiv.com/section/data-protection/news/leak-commission-to-force-scanning-of-communications-to-combat-child-pornography/
Clive Robinson • May 14, 2022 5:05 PM
@ Winter,
You know, the Chief of Staff who was almost killed by an Ukrainian attack recently.
Which was why at the time we heard he had been shipped back to Russia crtically but not mortaly wounded I said on this blog he was probably lucky…
He will no doubt if left alone at some point recover. Atleast for now he has the excuse not to be involved in the direction of the failing incursion.
Thus if Putin fails as appears likely to get his objectives, the old General will be able to excuse his way out of his no good battle plan.
If the old general is realy lucky Putin will drop dead whilst he is still recuperating. So he will be able to write a book by which he will be able to top his pension up, seal his place in history, as well as blaiming others for the plans failure to be carried out correctly.
However some of us were aware from before it started it was probably going to end in failure for Putin.
It’s why I said Putin “Has the troops to take the Ukraine but not hold it”. It turns out his military could not even achive the initial aims by a very long way.
It has now turned into a major war of attrician which for some is a “meat grinder” they are not going to survive or go home from. In effect they are trapped between “a man” who is a despotic idiot with dreams, and “a people” that know they are going to be eradicated if those dreams even remotely become reality. So they have nothing to loose by a fight to the death, and everything to gain if it’s not their death. Those Russian conscripts are caught in the middle and at some point they are going to realise their only hope of survival is to break away from the despot and those who are trying to enforce his despotic dreams.
Which way it goes from hear is very much in the balance, but I would not rule out a deliberate escalation into rather more than a regional conflict within a nation by Putin.
That is if he is to survive he has to have something to keep the Russian people behind him and carry them forward… A return to a “cold war” status might be enough, but an actual war from another source would give him a few extra months or even years…
It’s why Russia blocking food to around 20% of people in the world is something that is effectively the start of “global warfare” by Putin and is unlikely to end well.
I seriously suggest people start “stocking up” without “panic buying” I can see the price of many food stuffs doubling over the next year.
With Covid storing “90days” or a quater of a years supply of food was with lockdown shown to be sensible. Some religions have always said a years supply should be kept in storage. But back when I was young having a pantry with a year or more of food stuffs in it was actually not as strange as it might seem to teenagers and the like these days, who might not even have a weeks food supply in their home. Because they forget or just don’t realise harvests are annual in nature. If you “grow your own” as most once did, you would need to store the harvest to last the following year and maybe more if the next harvest was poor.
When it comes to your personal survival “Just In Time”(JIT) is not at all wise as it’s predicated on “Fault Free Supply” which in turn is based on faultless “Supply Chains” which I hope most people now realise are at best an illusion.
JIT has made the Far East and the West extreamly vulnerable, which in turn means much less effort is required by a hostile party to cause interuption or cessation of supply…
Worse JIT and the so called “LEAN” methods have made things very very much more prone to “Cascade Failure”. Due to certain MBA Mantra’s there is a non insignificant probability that there is a “single fuse” that if it blows at a “certain time” will cause an almost total “Cascade Failure”. Not just of the energy supply, but also the communications required to control the energy supply. So once the power is down it will stay down untill it can be brought back up another way, if of course there actually is one any longer (MBA Mantra problem).
As for that “certain time”, when is it most probable such a fuse will blow? Well the bad news is when it is most likely to cause maximum fault, as that is the time it’s most under stress.
Most of our supply systems be the Water, Food, Energy, or Communications have long since crossed a threshold where their complexity has not just ceased to be linerarly understandable but effectively chaotic. Which means you realy can not model it in a way amenable to being able to control it. Think of it this way, if it’s beyond your control then it is as far as you are concerned “Out of Control” and that is never good.
Clive Robinson • May 14, 2022 5:18 PM
@ Winter, JonKnowsNothing, ALL,
Russians expect different qualities in their leaders than Republican voters.
Yes immunity to pour from the bottle poisons for one…
In America a Republican might think a “cutting word” is sufficcient to “kill your political future”…
In Russia experience tells them it can take rather more than a sharp knife to stop political progress…
So poison, bombs, bullets, are just some of the things a prospective Russian politician needs to be immune to or carefully avoident of.
ResearcherZero • May 14, 2022 5:22 PM
“I have always disliked those who, with their infected noses and erotic fantasies, break into other people’s private affairs.”
A little rich for a guy long involved in the kidnapping of children, and assassinations.
A former K.G.B. operative steeped in the agency’s ways of subterfuge, disinformation and the Janus-like ability to present different selves depending on the situation, he has shrouded his personal life in secrecy and wrapped it in rumor.
Mr. Putin’s family circle are beneficiaries of a kleptocratic system that Mr. Putin rules over like a mafia don, with oligarch lieutenants paying him tribute in the form of wealth, lucrative jobs or luxurious villas lavished on his family and those in the potential orbit of his affection.
Mr. Putin’s personal story seemed filled with the stuff of myth making. He used an official biography — published in 2001, when he first took power as an apparent next-generation democrat — to burnish his image as a tough but heroic family man.
…he tells the story of personally saving the family, while naked, when a faulty sauna burned down the family dacha.
“state-funded programs that have received billions of dollars from the Kremlin toward genetics research and are personally overseen by Mr. Putin.”
https://www.nytimes.com/2022/05/13/world/europe/putin-family-wealth-sanctions.html
Alfa-Endo is funded by Alfa Bank, a large Russian bank with subsidiaries in the United States, Britain and Cyprus. The largest shareholder is Mikhail Fridman, a billionaire with interests in banking, energy and telecoms. An official at the bank said: “Alfa Bank, and broadly speaking Alfa Group, act as financial sponsors for the project and that’s it … We are not aware who else is participating in the project otherwise.”
Maria’s husband used to work for Gazprombank, a large lender with strong links to the elite around Putin. And until at least August this year, Jorrit Joost Faassen was listed on the website of MEF Audit, a Russian consulting group, as its deputy chairman. He no longer appears on the website and did not respond to requests for comment.
https://www.reuters.com/investigates/special-report/russia-capitalism-daughters/
Putin’s affairs…
“Ms. Kabaeva, a famously flexible Olympic gold medalist in rhythmic gymnastics, who, at 24, was about the age of his daughters and had become a public face of his political party. Kabaeva has been a member of Parliament since she was selected for a seat late last year by United Russia, the political party that Putin controls.”
https://www.nytimes.com/2008/04/18/world/europe/18iht-russia.4.12145532.html
SpaceLifeForm • May 14, 2022 5:41 PM
@ Metadata
Thank you for owning up.
I know you are not a bot, but you made it look like that. Avoid long rambling sentences. Be clear. Be consistent with clear writing style. At least provide a point or a link.
You are probably not aware that I have been called Mr. Metadata by a lawyer in the US. He is correct. I pay heavy attention to metadata, for security reasons.
I also pay heavy attention to writing style. I can read this blog upside down (scrolling backwards), and, many times, know who wrote the comment before I can confirm my conclusion. Happens every day.
Seriously, every day.
ResearcherZero • May 14, 2022 5:45 PM
For decades, policymakers have assumed that production and financial markets can largely look after themselves, with some oversight by regulators. These assumptions are poorly suited to a world in which hostile governments can weaponize the weak points in the global economy against their adversaries.
Targeted attacks against chokepoints can quickly disrupt the entire network.
Governments and firms need to prepare for disruptions from intentional, rather than random, shocks. And the fallout is hard to foresee.
The amount of money hidden in tax havens is possible to measure only indirectly, and offshore dollars are hard to assess or control. ‘Dark pools’, in which large volumes of complex financial instruments are traded, are opaque to outsiders. With so little to go on, impacts are difficult to predict. Even limited efforts to weaponize global networks can have big unanticipated consequences.
Russian retaliation might give rise to a vicious spiral of counter retaliation. Debates on nuclear war and cybersecurity conflicts focus on whether a shared understanding of a ‘ladder of escalation’, from less to more extreme uses, can lower risks. No common picture of weaponized economic networks exists.
Addressing such vulnerabilities will involve difficult — and political — trade-offs between economic progress and national security.
Shoring up financial networks will be even harder.
https://www.nature.com/articles/d41586-022-01254-5
SpaceLifeForm • May 14, 2022 6:07 PM
@ Clive, Winter
You can now see what has disappeared, as I can clearly see that you both saw it.
Most certainly happened because it touched too closely to an ongoing investigation.
It’s all good. At least I get some confirmation that it is being investigated.
Read early, read often.
lurker • May 14, 2022 6:08 PM
@Clive Robinson @JonKnowsNothing
The sample in this Cambridge study might be small (46 severe Covid-19 patients). Anectdotal evidence is adduced from other cases of classical neuro-psychology, but nothing from neuro-physiology. Ageing 20 years, or losing 10 IQ points might seem bad, but the doctor finally acknowledged that there could be a lot in the genes you inherited. I can’t find followups on an earlier suggestion that the disease is actually vascular epithelitis.
ResearcherZero • May 14, 2022 6:52 PM
@Clive Robinson
Lavrov had a party at the Hermitage after it was refurbished and the director was so disturbed by what they found the next day, he was crying. In other countries the crimes they committed would result in life-in-prison, but in Russia it’s now totally normal, and the older generation would dismiss it as lies and rumors.
Crimes in parliament seem to be increasingly prevalent outside of Russia, probably also increasingly reported. Drug and alcohol fueled parties, rape, the odd coup, mean that corruption is being normalised, and though still a long way short of Russian standards, we might get there eventually.
Our policing and legal systems hold themselves to some very low standards, and our dear old politicians have been claiming that they must remain impartial for a very long time, while being anything but.
Politicians do not implement the recommendations of inquiries, yet they have a lot of them.
It’s very weak stuff when people in Aged Care can not eat due to mouth ulcers, dental problems, and suffer very sub standard nutrition, …following an inquiry. Institutional Abuse, Disability, Deaths in Custody, Banking, all follow the same pattern. Failure, fraud, corruption, and no accountability.
An angry and divided population is easy to exploit, and this inevitability was pointed out in repeated intelligence reports, which were of course ignored. But if people want to elect politicians more interested in money than accountability, they can expect more “freedom” from the rule of law.
Diana Ross sung about it:
Upside down
Boy, you turn me
Inside out
And round and round
Upside down
Boy, you turn me
Inside out
And round and round
https://www.youtube.com/watch?v=Po0BbGMSX4g
I like to think it’s about getting f**ked by crooked politicians. If it continues, we’ll all go down together.
“Sri Lanka: protesters set ministers’ homes on fire as economic crisis deepens.”
https://www.theguardian.com/world/video/2022/may/10/sri-lanka-prime-minister-resigns-amid-violent-protests-video-report
ResearcherZero • May 14, 2022 10:08 PM
OFAC identified accounting, trust and corporate formation, and management consulting as categories of services that are subject to a prohibition on the export, reexport, sale, or supply, directly or indirectly, from the United States, or by a U.S. person, wherever located, to any person located in the Russian Federation
https://home.treasury.gov/news/press-releases/jy0771
While the industries are now barred from working with anyone inside Russia, professional enablers of financial secrecy in states like Wyoming and Alaska have opposed proposals to increase transparency.
The ‘cowboy cocktail’
The cocktail and variations of it — consisting of a Wyoming trust and layers of private companies with concealed ownership— allow the world’s wealthy to move and spend money in extraordinary secrecy, protected by some of the strongest privacy laws in the country and, in some cases, without even the cursory oversight performed by regulators in other states.
Millionaires and billionaires from around the world have taken note. In recent years, families from India to Italy to Venezuela abandoned international financial centers for law firms in Wyoming’s ski resorts and mining towns, helping to turn the state into one of the world’s top tax havens.
https://www.icij.org/investigations/pandora-papers/the-cowboy-cocktail-how-wyoming-became-one-of-the-worlds-top-tax-havens/
SpaceLifeForm • May 15, 2022 1:57 AM
@ Ted, JonKnowsNothing
re: NIST PQC
Even if there is no bugdoor in whatever standards are selected for Post Quantum Cryptography, in the short term I still recommend moving from RSA to ECC. ECC with a safecurve.
I think it will buy you time.
I believe that there exists a two-step process to factor semiprimes.
Both steps approximately running in O(log sqrt(N)) time.
I have not found the algorithms yet, but I believe, based upon mathematical argument, that they must exist. They are probably very complicated, yet they must exist.
I would not assume that these algorithms have not been discovered.
If something is deterministic, then it is not random, right?
SpaceLifeForm • May 15, 2022 3:20 AM
@ Winter, Tamika
Terra Zeros. How many can you insert after the decimal point?: The live Terra price today is $0.000301 USD with a 24-hour trading volume of $7,868,551,118 USD. Terra is up 34.89% in the last 24 hours.
Gee, if I invested $1K yesterday, I could be up a dime.
Terra and Bitfinex only exist for one reason: To launder money.
&ers • May 15, 2022 8:17 AM
@ALL
Following topic (Squidmobile) and Friday the 13.th:
hxxps://nitter.net/CanadianUkrain1/status/1524850790640254982
Nice Mad Max style. It figures:
hxxps://pbs.twimg.com/media/FSpUre4XsAY0NA4?format=jpg
@SLF:
If,
“Terra is up 34.89% in the last 24 hours.”
Is true then,
“Gee, if I invested $1K yesterday”
Your $1K would be increased by 1.3489 times, which is a bit more than a dime…
vas pup • May 15, 2022 5:21 PM
I noticed sanitizing of blog is very active.
My usual question Who made decision? Bruce/Moderator or collective deep state?
Nick Levinson • May 15, 2022 6:35 PM
@vas pup:
This is Bruce’s blog and Bruce mainly focuses on IT security. He likely is interested in, say, military cybersecurity but probably not in, say, where battalions should be positioned in the event missiles start flying. We all should try to stay on the topics in which Bruce is interested, so it remains worth his while to read or skim it. For expressing other content, in general there are other means.
Most fora in which I participate do not comment on specific edits or deletions. Even a request about a specific instance gets no more than a link to a general policy.
I gather moderation is by someone at Bruce’s direction or by Bruce himself. If you think anyone else might be editing or deleting posts or how they might, please post information on that, because I think Bruce would want to know.
ResearcherZero • May 15, 2022 7:02 PM
a Chinese warship with spying capabilities had been hugging the nation’s western coastline
“Its intention, of course, is to collect intelligence right along the coastline,”
“It has been in close proximity to military and intelligence installations on the west coast of Australia.”
https://abcnews.go.com/International/wireStory/australia-chinese-spy-ship-hugging-west-coast-84689035
Sure it’s not a whale? That’s the usual joke that’s passed around parliament after such events.
–
Putin’s past
“terrorism should become our main weapon.”
https://www.politico.com/news/magazine/2020/06/20/vladimir-putin-dresden-kgb-330203
“Volodya began his career in the most odious section of the KGB — the Fifth Directorate,”
https://correctiv.org/en/latest-stories/the-system-of-putin/2015/07/30/putins-early-years/
The KGB/FSB long term plan
“There is a widespread opinion that economic problems were the main cause of the USSR breakdown, that economic problems led to Gorbachev’s reforms. My counter-arguments are: (1) the USSR was a society run by people with particular interests and motives; (2) these people were perfectly happy with the economic arrangement of the Soviet Union.”
“The Russians needed to gain legal status for their companies in the West. So again, the Russians are putting the West in a dire strategic position, because of al Qaeda, because of a new dependence on Russian gas and oil, because sections of the Western business community are collaborating with Russia in commercial ventures; and this will allow Moscow to expand its military-political endeavors across the globe. Russia today has resources it could only dream of during the Cold War. They need not spy on British Petroleum, since they are helping British Petroleum. The same is true of the Western media, finance, etc., etc. The field of intelligence has changed, and different tactics are being used. So the nature of spying has changed. It is not less than before, but even more intense.”
https://www.tldm.org/news46/a-kgb-officers-insights-on-the-soviet-union-and-its-fall.htm
SpaceLifeForm • May 15, 2022 7:31 PM
@ –
Good catch, my bad. What I meant is if I bought 1K luna, I could have made a dime. Maybe. In theory.
Except, not. Gas fees. HODL.
I think my point is still valid.
Again, for those in the back: Tether and Bitfinex are money laundering operations, nothing more. The IRS and FBI are on top of this, big time.
BTW, the cryptocurrency exchanges use SQL, not blockchain. That is how they churn the money quickly, as in 3 times capitalization per day as Tamika noted.
hxtps://www.buzzfeednews.com/article/richardnieva/crypto-terra-luna-stablecoin-explainer
Theoretically, a stablecoin fixed to USD should maintain its value of $1 per token — but that is not at all what happened this week.
If If, Then Then.
hxtps://en.m.wikipedia.org/wiki/Theory-theory
lurker • May 15, 2022 7:58 PM
@ResearcherZero, All
Stanislav Petrov explains how he said nyet in 1983 and a computer glitch became an embarassment, not a nuclear catastrophe.
JonKnowsNothing • May 15, 2022 8:36 PM
@vas pup, @ Nick Levinson
re: Road Rash Incidents
I had an uncomplicated post go into the Sofa Pits (1) today also.
I find that Sofa Pits are more common on Sundays which I imagine is from
- backup software putting file locks on part of the posting system
- heavy posting and the pending-queue gets full
- there is some server side cpu-usage throttle-slow down and the post hits “end of file” with the kick back phrase
My personal myths include
- Adding in URLs
-
Adding in too many References
-
Adding too much Detail
-
Adding too Long a post
I have been unlucky using any of the techniques recommended such as Wait and Try Again or Rewrite the Post etc.
I stopped using “preview” too; no idea if that makes much difference to stuff I write unless I’m posting columns of numbers, in which case, they never line up in columns so – not much of a loss.
I doubted that our host cared too much to bump a post describing the mathematical calculations for topological terrains, but evidently it was so.
My 0-valued bitcoin is on the weekly long backup locking files.
===
1) In an MMORPG game I play, the voice over for one the characters has a “thick British style” accent. The phrase is supposed to be “sent to the Sulfur Pits” but sounds like “sent to the Sofa Pits”.
Tamika • May 16, 2022 12:09 AM
@ SpaceLifeForm,
Even if there is no bugdoor in whatever standards are selected for Post Quantum Cryptography, in the short term I still recommend moving from RSA to ECC. ECC with a safecurve.
Even in the medium-to-long term, the current trend of combining ECC and a post-quantum algorithm is likely a good idea. OpenSSH started doing it recently, and the Google Chrome developers ran TLS experiments in 2016 and 2018. If one’s careful to avoid implementation blunders such as using the same key for both algorithms, an attacker would have to break both to break the system. (And remember that when the “RSA is broken” future comes, it won’t be evenly distributed; it’ll probably be too expensive for several decades to indiscriminately and routinely break everything encrypted with quantum-vulnerable methods.)
Clive Robinson • May 16, 2022 4:10 AM
@ SpaceLifeForm, JonKnowsNothing, Ted, ALL,
If something is deterministic, then it is not random, right?
Err yes and no… it’s complicated. Which is why “random” is an ill defined word at the best of times.
To see why consider the following using determanistic processes.
We have a basic –but false– assumption of a simple determanistic process that with no feedback and no load will turn a “known input” into a “known output”.
Which with “digital systems” is what you often get.
Now consider a real world system where there is not just a load but a dynamic load, that can also add a signal back into the system from the output.
Think of a transistor controling the current to a DC motor as an example you will probably find one or more such circuits around your garage/workshop or home in modern tools and household devices including vacuum cleaners.
To try and get around two significant problems with DC motors of,
1, Complex load based characteristic
2, Back EMF pushing energy back into the drive circuit
You end up using a feedback system that is complicated by being dependent on the output load and the input control signal, against both time and frequency.
In effect you end up with a control system always working with atleast one unknown that is unpredictable.
Now consider an electric trolly or similar with two DC motors driving the rear wheels indipendently. They each have their own feedback system but the trolly will go in any which way unless there is a third control mechanism changing the control inputs to both motors to keep the trolly going in the desired direction.
The point is that you can not tell from looking at the control signal going into just one motor what the trolly is actually doing. Therefore the control signal appears to have a “random” component, even though the processes are determanistic.
The more complex a determanistic system becomes and the more feedback loops it has, then the more “random” various parts of it become to the observer at that point.
But look on it another way, which is the way an OTP using an XOR gate works. If you know the output you need to know one of the inputs to know the other input. But both the AND and OR gates don’t alow you to learn the other input you have to know both…
But even with the XOR gate what happens if one of the inputs comes from another gate even another XOR gate? You fairly quickly realise that at some point your ability to walk backwards becomes impractical if not impossible. You either know all the inputs or the output will appear to have a “random” component.
So now think about a summing circuit, which nearly all electronics and most physical systems are. What if you do not, nor can not, know all the inputs? even though they are all determanisticaly generated?
From your point of view, the result is “random” in electronics we tend to lift the corner of the carpet and sweep it all under and call it “noise” and assign it some basic probabilistic properties we “colour it by” hence “white noise”, “pink noise” etc.
So if you can not observe all inputs then the output you observe of a determanistic process will appear to have a “random” component.
Clive Robinson • May 16, 2022 1:55 PM
@ Tanika, SpaceLifeForm, ALL,
Even in the medium-to-long term, the current trend of combining ECC and a post-quantum algorithm is likely a good idea.
The idea of “chaining algorithms” with orthogonal primitive or base methods has been around since before the AES competition.
If also done in a framework such that the various crypto algorithms can be “plug and play” then you’ve got a system that can be upgraded effectively and easily.
As an idea whilst discussed from time to time it was for various reasons not taken up, except in some very niche areas.
For instance one communications system adopted the idea using “crypto modules” that used a common pin interface on a motherboard in a locked tamper evident metal case.
But the real problem with even hybrid systems is that crypto algorithms appear only good for about a quater of a century. A lot of what we might want to use crypto algorithms for needs to be good for between a century to a millennium.
Such as the signing of land leases and other longterm agreements.
But also consider
1, Control Systems
2, Smart Grids
3, Implanted medical electronics
These all have expected lifetimes of a quater century or more and you certainly would not want to be “changing out” modules within them without very good reason.
So physical modules are very definately less preferable to software modules in some systems.
Which brings us around to the issue of “upgrade security” the current “code signing” method is to put it politely a joke security wise. Yet we have no idea of what to replace it with…
Just a few of the issues we need to get started on, but apparently nobody wants to for various reasons.
SpaceLifeForm • May 16, 2022 4:41 PM
@ Clive
You fairly quickly realise that at some point your ability to walk backwards becomes impractical if not impossible. You either know all the inputs or the output will appear to have a “random” component.
That literally Sums It Up.
The two-step process that I envision does require a Backward Walk, and a Forward Walk.
To make the problem more interesting, is that there are 3 inputs. It is not binary.
My argument is that the algorithms must exist, otherwise there is a problem in maths.
The algorithms may be very complex, but they must exist.
Just to be clear here, I am talking about factoring a Semiprime.
vas pup • May 16, 2022 5:00 PM
@Nick Levinson
Do you really know how deep state is working?
They could ask anybody very politely to do on not to do something they thing is harmful, and they have in their pocket gag order which was giving them under pretext of fighting terrorism, but they applied it by their own discretion.
Just watch popular on cable TV: ‘CSI Declassified’, ‘Forbidden History’, ‘Facts v Fiction’, recently on NEWSMAX documentary – last weekend interview with NSA veteran.
Then, continue to trust them.
Nobody could stop anybody to be fooled if that anybody do not want to know truth and think blind loyalty = patriotism.
Best,
vas pup
vas pup • May 16, 2022 5:18 PM
Small fix for previous post: not CSI declassified, but CIA declassified.
I want to share this quote with all bloggers:
“Every man can educate himself. It’s shameful to put one’s mind into the hands of those whom you wouldn’t entrust with your money. Dare to think for yourself.”
~ Voltaire
That is why I want to hear those with dissent opinion (time shows they often right) rather than parroting mass media input.
Abe • May 17, 2022 4:11 AM
Nvidia releases security update for out-of-support GPUs
Martin Brinkmann = May 17, 2022
https://www.ghacks.net/2022/05/17/nvidia-releases-security-update-for-out-of-support-gpus/
“Nvidia published[1] a security bulletin on May 16, 2022 in which it informs customers about a new software security update for the Nvidia GPU display driver. The update patches security issues in earlier driver versions that can lead to “denial of service, information disclosure, or data tampering”.”
[…]
“Windows and Linux versions of the drivers are affected according to the security bulletin.”
[…]
ResearcherZero • May 17, 2022 4:53 AM
The 2nd Additional Protocol to the Budapest Convention on Cybercrime
“Considering the proliferation of cybercrime and the increasing complexity of obtaining electronic evidence that may be stored in foreign, multiple, shifting or unknown jurisdictions, the powers of law enforcement are limited by territorial boundaries. As a result, only a very small share of cybercrime that is reported to criminal justice authorities is leading to court decisions.”
“As a response, the Protocol provides a legal basis for disclosure of domain name registration information and for direct co-operation with service providers for subscriber information, effective means to obtain subscriber information and traffic data, immediate co-operation in emergencies, mutual assistance tools, as well as personal data protection safeguards.”
Full text of the Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence.
https://rm.coe.int/1680a49dab
ResearcherZero • May 17, 2022 6:02 AM
@lurker
There are a few articles claiming nuclear warfare is quite survivable, as nuclear weapons are aimed at infrastructure such as bridges.
Luckily some of our politicians, in challenging times, requiring responsibility, accountability, or perhaps even a little courage, either hide, shield themselves behind lawyers, or curl up in a ball upon the ground.
Fortunately too, the public doesn’t know their backgrounds, and the public persona they see is a complete work of fiction produced by PR teams. Their real behavior in times of crisis remains hidden, otherwise it would frighten the utter hell out of people. The rest of the politicians turn a blind eye to their behavior until it becomes a complete disaster.
It’s like that in every country, and it was no different in the 1980’s.
They all deny the cocaine, adultery, and disgusting drunken behavior at political functions, but it’s always the same. Some of the current lot have behaved that way since the 1980’s, so current events should surprise no one.
Avoiding responsibility and accountability has consequences, and events can only be ignored, classified, and covered up for so long. Eventually it all just starts spewing out from under the carpet in a decade long projectile vomit. WW1 and WW2 were both massive spews. A single nuclear sub can spew that much these days, and in half the time it took 40 years ago.
Our saving grace, social media, which can help ensure we pick a right proper d**khead on the ballot paper at election time. There is millions in dirty money, all targeted to help us make that choice, and ensure problems never get fixed.
85% of humans live under a corrupt government. The arms trade and extractive industries (fossil fuels) are responsible for %60 of all corruption…
“the global average remains unchanged for the tenth year in a row, at just 43 out of a possible 100 points.”
“Despite multiple commitments, 131 countries have made no significant progress against corruption in the last decade.”
“Two-thirds of countries score below 50, indicating that they have serious corruption problems, while 27 countries are at their lowest score ever.”
https://www.transparency.org/en/cpi/2021
fib • May 17, 2022 6:04 PM
Re Age
Tomorrow is guaranteed for no one.
Greetings from Bellynaro’s Brazil [soon to become a Putin-loving soviet banana republic – with a little help of the most incompetent and corrupt military in the western hemisphere] – may the stars help us
SpaceLifeForm • May 17, 2022 7:33 PM
RUSpin
hxtps://www.reuters.com/markets/europe/minister-says-russia-not-planning-block-youtube-interfax-2022-05-17/
“We do not want to close ourselves off from anyone,” Shadaev said. “On the contrary, we think that Russia should remain a part of the global network.”
RuTube has been fully hacked by Anonymous for many days now, and some in Russia and elsewhere need a back channel.
You do what you do. Keep up the good work.
SpaceLifeForm • May 17, 2022 7:45 PM
The fascists will think this is just a flesh wound.
hxtps://www.zdnet.com/article/software-freedom-conservancy-wins-big-step-forward-for-open-source-rights/
Clive Robinson • May 17, 2022 10:02 PM
@ The usual suspects,
What do you get when you mixe,
1, A Tesler
2, And a cheap BLE device
It appears to be a “door popper, and off you go” due to Tesler’s passive entry system,
https://www.theregister.com/2022/05/17/ble_vulnerability_lets_attackers_steal/?td=keepreading-top
Yes, it’s a “Relay Attack” which is kind of old news but it works against Bluetoothe BLE that has a rang limiting technique built in that fails…
The reason is “stacks” the Bluetooth SIG group ranging system uses a large part of the stack, that obviously adds significant latency.
The relay attack cuts out enough of the stack to get well within the latency to extend the ranging out to around 8-10 times it’s intended range.
So an attack that would not previously be possible becomes so, all be it somewhat contrived there are enough places this will work if the attackers prepare in advance.
The important things to note,
1, This is all Bluetooth BLE ranging security products not just Tesla.
2, There is still room to move further down the Bluetooth stack so relay attack range can be increased.
I’ll be honest and say “You can colour me unsurprised” I’ve been saying for years that range based protocols using RF need to be thought out with care and done at the hardware level or in stack parlance “at the physical layer”.
One way you can do it is with some limited acceptability is by using “Ultra-WideBand”(UWB) technology where the chip signal delay is used in a similar way to “JPL ranging codes”.
vas pup • May 18, 2022 3:51 PM
Robot Dog Olympics takes place at MoD in Bristol
https://www.bbc.com/news/uk-england-bristol-61483615
“The robots are designed to perform non-offensive tasks to protect troops and do not carry firearms.
Instead they aid troops by searching and scanning or delivering medicine and food into disaster areas.
The event was run by the Future Capabilities Group (FCG) at Defence Equipment and Support, the procurement arm of the MoD.
Suzy Harris, head of expeditionary robotics for the FCG, said: “Robotics and autonomous systems are becoming increasingly important in allowing soldiers to operate faster, for longer and enabling them to step back from some of the most challenging and dangerous tasks.”
vas pup • May 18, 2022 4:46 PM
How much can a company learn just from the sound of your voice?
https://www.youtube.com/watch?v=zUt9zLYJJHc
SpaceLifeForm • May 18, 2022 7:43 PM
@ JonKnowsNothing
HIP-RIP
Authoritarians always say it is not their fault. Always someone else to blame. Always. Never them.
A week ago, no big deal.
hxtps://arstechnica.com/science/2022/05/north-koreas-covid-outbreak-taking-favorable-turn-as-cases-exceed-1-7m/
JonKnowsNothing • May 18, 2022 9:11 PM
@SpaceLifeForm, @Clive, @All
re:North Korea “fevers”
While watching the temperatures rise as the “fevers” roll through the North Korean countryside, it would be useful to consider what would happen if China, abandons their Zero-COVID policy.
The HIP-RIP-LOVIDs are primarily concerned with China’s factory closures but China has already estimated the blow out if BA2121 really escapes containment. Factory closures will be the least of China’s worries.
It is also useful to remember that the same scenario can happen in the “boostered” economies having to do with Antibody Fatigue Declining Effectiveness Response. Also, the 1 drug still directly useful is ONE DRUG and there is a shortage of that too.
The pipeline for “new” treatments is particularly sparse. There were 300+ in the pipeline, unfortunately 300 of those are for variants that are no longer a problem.
The Fifth Wave is hitting the USA. My date marked it started on May 06, 2022.
The CDC is doing PR again.
To quote from a MMORPG I play:
Is this your first time to visit Minas Tirith?
Shame you couldn’t see it in better days…
SpaceLifeForm • May 18, 2022 10:05 PM
Tech Support: Did you try turning it off and back on?
If we do not hear back from you after two days, we will close this trouble ticket as Resolved: Cosmic Rays.
hxtps://www.jpl.nasa.gov/news/engineers-investigating-nasas-voyager-1-telemetry-data
JokingInTuva • May 19, 2022 5:35 AM
From the “The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms” thread:
https://www.schneier.com/blog/archives/2022/05/the-nsa-says-that-there-are-no-known-flaws-in-nists-quantum-resistant-algorithms.html/#comment-404902
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Fm4cDfsx65s
It points to some feasible attacks to LWE based PQC candidates.
Is it risking the whole LWE schemas? or just the “simplified” Saber/Kyber proposals?
In any case, being below the AES-128 margin seems not very promising…
Clive Robinson • May 19, 2022 5:52 AM
@ SpaceLifeForm, ALL,
Re : If we do not hear back from you after two days
Two things,
Firstly I’m seeing page load times from this blogs site in the 1-2minute range at the moment, anyone else see abnormaly long load times?
Secondly JPL’s superannurated space craft. I fondly remember the excitment those they caused in me when they were first talked about in the media, their launch and what came back, even the ScFi Startreck movie…
I’m very glad they are still hanging in there, each year I loose one or two more friends and acquaintances, a reminder that eventually all things do come to an end and even the celestial clocks will stop, and then all there will be is the slow decay of thermal noise with the occasional “pop-corn” peak. They may be just boxes of antiquated electronics, but they were, and still are “aspirational” to many people who will never see the science other than as media news. But I have a feeling that even though the current funding will end in a few years, more funding and newer technology will keep the thread alive for as long as possible. Some things you do, just because they are possible as firsts, and that alone makes them important.
Clive Robinson • May 19, 2022 6:31 AM
@ ALL,
Anyone else noticed Daniel J. Bernstein’s comment on the NIST Post Quantum Crypto contest of,
“So, instead of a scientific process studying clearly defined questions, there’s a political process weaponizing a lack of clarity. At some point
observers are forced to ask whether the lack of clarity is deliberate.”
In essence he is saying that there is a high probability “someone has put the fix in”…
It does not take much of a study of crypto history to see that the NSA has a long history of “finessing” or “putting the fix in” as does GCHQ and other SigInt agencies. However as the NSA unlike the other SigInt agencies is also the technical adviser to NIST…
It’s not difficult to make a weighted assumption that there may all ready be a “weak algorithm” already selected to get the winning prize, as happened with the AES competition.
SpaceLifeForm • May 19, 2022 2:06 PM
@ Clive
I have never seen any horrible response time for this site. But, being on the other side of the pond, I am closer to the servers.
I would clear your browser cache and reboot.
Voyager engineering is amazing, but I have to say that Webb Telescope tops that. Not just the hardware, but the entire process of deployment. The recent pics are amazing.
hxtps://petapixel.com/2022/05/10/nasa-shows-off-webb-telescope-sharpness-with-comparison-photo/
SpaceLifeForm • May 19, 2022 4:07 PM
@ MrC, Clive
re: NIST PQC
Yeah, it smells fishy. DJB is pointing that out. Some group is pushing Kyber.
My Hinky Sense says that this exercise is misdirection, wasting time.
I am old skool. My measurement of cumputer power has always been Cycletime times RAM size.
My Hinky Sense has been telling me for some time that there are players trying to get you to stick to RSA, and avoid ECC because Post Quantum Crypto. I.E., the message is, do not convert to ECC now, because you should be wasting your time chasing the PQC Ghost.
SpaceLifeForm • May 19, 2022 4:52 PM
DOJ Announces It Won’t Prosecute White Hat Security Researchers
hxtps://www.vice.com/en/article/v7d9nb/department-of-justice-security-researchers-new-cfaa-policy
“The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”
Marcus Hutchins @MalwareTechBlog
¯\_(ツ)_/¯
Clive Robinson • May 19, 2022 6:19 PM
@ SpaceLifeForm,
I get the fealing there is a lot mor DJB would like to say, but can not because of his position and the fact it is a public forum.
As for me, as I guess you know by now I’ve not realy worried to much about “image” so I tend to call it as I see it and supply the evidence behind my thinking (hence the reason why I still claim the NSA deliberatly “fixed” the AES competition, but not in the way most would think).
Likeeise I was calling the NSA behaviours on,
1, Standards
2, Protocols
3, Implementations
Years before others, and have also worked out one set of tricks the NSA predecessors did with mechanical field cipher machines by only having about 20% of the key space being “strong”… As they issued the KeyMat and knew which keys were strong, they could ensure it was more securely used than someone just using it with “randomly selected” keys, of which around 20% would be very weak. This gave the ability to know enough about the enemy “plaintext” format and other “traffic” information to make the cryptanalysis almost trivial of even strong keys.
But moving forward to the FBI/DoJ “psychos-R-Us” and,
“Marcus Hutchins @MalwareTechBlog”
Remember they wabted an insider to do their dirty work. Hence they tried to prosecute him as an adult for things he had done as a minor, thus should not have been alowed, the FBI agents also purjured themselves in court, but the judge just nodded it by…
So I would take that “White Hats R OK” message and treat it with a very very deep degree of suspicion, especially if you are not a US citizen.
As I’ve said before, I have absolutly no intention of ever traveling to, through, or over the “Americas” be it North or South again. Nor to Australia and quite a few other other countries, including several in the ME and EU, the UK would be on that list if I were not a citizen already resident. Because I’ve no wish to end up in “Special Administrative Measures”(SAM) under the thumb of a moronic political appointee like Barr, being made bankrupt, or worse. As a non US citizen you are “guilty” without question even if you can prove you are innocent, because they will just get somebody to commit perjury… It’s also why the advice to US Citizens is “Don’t talk” to the Cops, Feds, or any other Federal or State agency, especially Coastguard, Customs, and Boarder agencies because you will only give them information to make you look guilty. And they will find something to find you guilry of, even if it’s “Conspiracy to tie shoe laces in a public place”…
fib • May 19, 2022 6:37 PM
@Clive
Assuming it is not a rhetorical question, I’m posting this to say I’m not getting any problem with the site loading speed. Among all the posters I’m probably at the lowest end of the Internet infrastructure, so I should have noticed. Good luck.
Regards
SpaceLifeForm • May 19, 2022 8:27 PM
It’s a bold move Cotton, let’s see if it pays off.
hxtps://arstechnica.com/tech-policy/2022/05/twitter-deal-leaves-elon-musk-with-no-easy-way-out/
© 2022 The Financial Times Ltd. All rights reserved. Not to be redistributed, copied, or modified in any way.
FOAD FT. Ever heard of Fair Use?
Seriously, just FOAD. HTH. HAND.
ResearcherZero • May 19, 2022 11:44 PM
“A global comprehensive treaty to counter cybercrime first proposed by Russia has gained enough support at the United Nations for negotiations to begin early next year” (2022).
“many of the governments leading the initiative use cybercrime as a cover to crack down on rights”
“Russia was joined by seven co-sponsors. They include China, which employs technology for coercion, control, and repression, in a model of techno-authoritarianism that is spreading around the world. Cambodia, another initial co-sponsor, has proposed a cybercrime law that threatens increased surveillance of internet users, including whistleblowers, and would restrict free expression online and reduce privacy. This comes on top of several repressive laws, including its recently approved National Internet Gateway, which will enable the government to significantly increase its control over the internet.”
https://www.hrw.org/news/2021/08/13/cybercrime-dangerous-new-un-treaty-could-be-worse-rights
Second session is scheduled for May-June 2022
https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/ahc-second-session.html
We are not convinced that there is a need for a new international convention on cybercrime. We have grave concerns that the approach for the UN’s work in this area proposed in the “Draft United Nations Convention on Cooperation in Combating Cybercrime” (A/C.3/72/12), circulated by the Russian Federation, could undermine the use of the internet to exercise human rights and facilitate social and economic development.
First, the “use of information and communications technologies for criminal purposes” is not defined in the resolution.
Second, criminalising ordinary online activities of individuals and organisations through the application of cybercrime laws constitutes a growing trend in many countries in the world.
Third, the “Draft United Nations Convention on Cooperation in Combating Cybercrime”, which is meant to serve as a basis for developing a comprehensive international convention, raises a number of concerns. Of particular concern is that the Draft Convention proposes going far beyond what the Budapest Convention allows for regarding cross-border access to data, including by limiting the ability of a signatory to refuse to provide access to requested data.
Fourth, we are not convinced that there is a need for a new international convention on cybercrime.
Finally, countering cybercrime is necessarily a multistakeholder endeavour. It requires government officials and experts, members of the technical community, civil society, the private sector, and scientific and research institutions. The establishment of an ad hoc intergovernmental committee of experts to address the issue of cybercrime would exclude key stakeholders who bring valuable expertise and perspectives both in terms of effectively countering the use of ICTs for criminal purposes and to ensure that such efforts do not undermine the use of ICTs for the enjoyment of human rights and social and economic development.
We strongly urge your delegation to vote against resolution A/C.3/74/L/11/Rev.1 on “Countering the use of information and communications technologies for criminal purposes” and to work to ensure that initiatives to address cybercrime are inclusive of all stakeholders.
https://www.apc.org/en/pubs/open-letter-un-general-assembly-proposed-international-convention-cybercrime-poses-threat-human
Any proposed convention should incorporate clear and robust human rights safeguards. A convention without such safeguards or that dilutes States’ human rights obligations would place individuals at risk and make our digital presence even more insecure, each threatening fundamental human rights.
https://www.eff.org/nb/deeplinks/2022/02/letter-united-nations-include-human-rights-safeguards-proposed-cybercrime-treaty
Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes
https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home
The existing International Cybercrime Treaty
The treaty requires criminalization of offenses such as hacking, the production, sale or distribution of hacking tools, and an expansion of criminal liability for intellectual property violations (Articles 2-11).
It requires each participating nation to grant new powers of search and seizure to its law enforcement authorities. They include the power to force an Internet Service Provider (ISP) to preserve a citizen’s internet usage records or other data, and the power to monitor a citizen’s online activities in real time (Articles 16-22).
It requires law enforcement in every participating country to assist police from other participating countries. US police would be required to cooperate “”mutual assistance requests”” from police in other participating nations “”to the widest extent possible”” (Articles 23-35).
https://www.aclu.org/other/seven-reasons-us-should-reject-international-cybercrime-treaty
text
https://www.aclu.org/legal-document/text-council-europes-convention-cybercrime-treaty
Australia became a signatory to the International Cybercrime Treaty in 2013
ResearcherZero • May 20, 2022 12:02 AM
@SpaceLifeForm
Ever get the feeling that some announcements are disguised to cover up creepy surveillance laws which are further designed to erode human rights?
As long as spies have unbreakable encryption, then we can assume we are all safe.
“Ofcom, Britain’s telecommunications regulator, says that a startling 60% of teenagers who use smartphones describe themselves as “highly addicted” to being “Slaves to the Economist”. So do 37% of adults.”
https://www.youtube.com/watch?v=37j1IQTq080&t=2526s
ResearcherZero • May 20, 2022 12:43 AM
Government report finds no flying objects over Afghanistan
The Afghan air force, the main military advantage the government had over the Taliban, had not been projected to be self-sufficient until 2030 at the earliest.
The contractors maintained basically all of the Western equipment, particularly the air assets that we had given the Afghans.
We never really trained them on logistics. Their logistics were horrible.
We’ve been issuing reports – over 700 reports, I think, we have issued – highlighting serious problems. The information was out there…
https://www.npr.org/2022/05/18/1099680594/inspector-general-examines-why-the-afghan-army-dissolved-after-the-u-s-withdrawa
“Sigar was not able to obtain copies of these annexes, despite official requests made to the US Department of Defence and the US Department of State,”
“Taliban propaganda weaponised that vacuum against local commanders and elders by claiming the Taliban had a secret deal with the United States for certain districts or provinces to be surrendered to them,”
https://s3.documentcloud.org/documents/22019676/sigar-22-22-ip.pdf
–
just three weeks after its announcement, the Disinformation Governance Board is being “paused,”
The board was created to study best practices in combating the harmful effects of disinformation and to help DHS counter viral lies and propaganda that could threaten domestic security. Unlike the “Ministry of Truth” in George Orwell’s “1984” that became a derogatory comparison point,
https://www.washingtonpost.com/technology/2022/05/18/disinformation-board-dhs-nina-jankowicz/
Clive Robinson • May 20, 2022 3:56 AM
@ SpaceLifeForm, fib,
Thanks for the replies.
I was seeing the problem only with this blog, then very shortly after I posted about it, it “magically stopped” at the top of the hour…
Suggesting a finger pushed a button somewhere in the lineup or a timer timed out.
fib • May 20, 2022 8:46 AM
@ SpaceLifeForm
Roger that, my friend.
The local press reports that Musk comes to the country through an arrangement made by the Minister of Communications, Fábio Faria, with whom the billionaire met in November last year. On that occasion, Faria discussed with Musk a partnership to carry out surveillance of the Amazon through satellites.
What is strange is that Bolsonaro [and the chunk of the military that supports him – which professional observers swear to be a minority in Brazil’s armed forces] have always been adamantly against foreigners “poking their noses into the Amazon”, which is a very delicate subject here.
So this seems to me something just for the consumption of public opinion and that the real reasons are linked to the incumbent’s presidential campaign. It smells like fish. Let’s follow it all closely.
PS: It is dismaying to see an entrepreneur linked to innovation and revolutionary projects being involved with the worst of the global reactionarism. As one of these reactionaries would say, “it’s sad”.
Clive Robinson • May 20, 2022 8:59 AM
@ ALL,
Some of you know who Leslie Lamport is and some of you maybe not.
He has been described as the father of distributed systems, he views himself as a mathmatician who works in the real world on real problems relating to the design of computing systems,
https://m.youtube.com/watch?v=rkZzg7Vowao
But his views and ideas are more general than some realise.
At 2min 51sec he says,
“A distributed system is one, in which your computer can be rendered usless by the failure of a computer you did not know even existed”
But it’s not just a “computer” it can be some other sub-component of computing such as a piece of sodtware.
I think most can see that log4J was an example of this.
So the statment is as much about distributed systems as it is about the security of systems.
When you understand the undelying nature of what “distributed” encompasses you get to realise it is very very fundemental to all systems.
As some of you who read my comments will know I’ve said one of the biggest failings in the software industry is those developing code blinker themselves and thing only in a single sequential cause and effect process. As I say from time to time,
1, We have reached the limits of sequential systems due to the laws of physics,
2, Because of this “The future is parallel”,
3, Importantly “It will be at all scales”,
4, So “The future is distributed”,
5, At speeds that “Makes everything non local”,
6, So “Relativity can not be avoided”.
Yup think about that for a moment… Leslie says he had similar ideas after reading a paper…
As I’ve mentioned, I was looking back three decades ago in to doing a PhD in distributed systems and the problems that the limits of the laws of physics applied as constraint. Specifically issues to do with “multi-processing” and “time cones” with respect to distributed databases from “CPU Register Files, through to globe spaning or more” that importantly were individually “partial or incompleate databases” thus both “parallel processing and communications beyond C/(2fclk) distances” thus being “non-local” and involving relativity.
My problem, I could not find an advisor… It was way to far out of their thinking back then…
Anyway the Video only came out a couple of days ago, watch the whole thing and enjoy, and do new things but do remember,
“The laws of physics apply”,
even across the width of your thumbnail, which is where we can clock logic upto and just beyond currently, for all the good it does us.
MarkH • May 20, 2022 4:04 PM
@Clive,
Last year I wrote a fan letter to Mr Lamport after revisiting his wonderfully elegant Bakery Algorithm, invented back when you and I were still young …
He kindly took time to reply. He’s sharp as ever, and (to judge from an online photo or two) looks to be ageing most gracefully.
Being lucky enough to have his wisdom available to us, we had best take heed.
ResearcherZero • May 20, 2022 9:05 PM
The Budapest Convention (existing framework)
“The Convention is the first international treaty on crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security. It also contains a series of powers and procedures such as the search of computer networks and interception.”
signatories and countries that have been invited to accede
https://www.coe.int/en/web/cybercrime/the-budapest-convention
details
https://www.coe.int/en/web/conventions/full-list?module=treaty-detail&treatynum=185
SpaceLifeForm • May 21, 2022 6:37 PM
@ fib, ALL
Seeing the Forest for the Trees.
“Tear down this canopy!”
“Think of the poor Starlink ground stations!”
This is the insanity of the world we live in due to the love of money.
Do not worry, Mother Nature has the solution.
SpaceLifeForm • May 22, 2022 3:43 PM
@ fib, ALL
What is crazy, is that I was not actually following the Bolsonaro Musk meeting at all. I was just thinking outside the box. Correctly, it appears.
hxtps://undark.org/2022/02/28/us-backed-companies-poised-to-expand-mining-in-the-amazon/
There must be a lot of Lithium in the Amazon basin for Tesla batteries.
Destroying the Amazon rain forest is bad.
The levels of destruction over the past 3 decades certainly has contributed to climate change.
SpaceLifeForm • May 22, 2022 5:20 PM
LOL!
SpaceLifeForm • May 22, 2022 5:38 PM
@ Clive, ALL
Tesla is shorthand for a design problem.
So, during your development lifecycle reviews, one should say:
That looks like a Tesla, need to fix.
It’s just a bug! Will fix next release.
No, it is a Tesla!
Can we make this a meme?
hxtps://nitter.net/steinkobbe/status/1528380860550062082#m
See car fire, locked doors, window design. Oh, an actual person inside.
Clive Robinson • May 22, 2022 5:50 PM
@ SpaceLifeForm, Freezing_in_Brazil, ALL,
There must be a lot of Lithium in the Amazon basin for Tesla batteries.
Long answer short “not enough”…
The thing is it appears there is not sufficient of any suitable metal to make sufficient batteries…
Therefore we need to look at something else for energy storage.
The most common elements in the earths crust are silicon, aluminium, with oxygen and hydrogen also being in the oceans and atmospher far outstripping everytging else. From which it might be possible to make very high surface area electrodes from silicon and aluminium that are stable and a hydrogen / oxygen fuel cell.
Would this be sufficient for storing around 3 times our current 24hour energy requirments? A good question that few can answer and most of them prevaricate about the subject.
The honest answer is we need to throw carbon back into the mix and find a way to produce high octain hydrocarbons… That is we need the natural carbon cycle to deminish, but a synthetic carbon cycle to go up dramatically but in a very restricted way.
Which is basically bad news in many respects because of the solar energy capture problem and getting over the energy hump of quantumn energy extracthion…
It would be fun looking, and head scratchig, but unfortunately we’ve probably got as little as 20 years to get things sorted out on a globle scale…
SpaceLifeForm • May 22, 2022 6:52 PM
Europe provides air support
hxtps://www.theguardian.com/us-news/2022/may/22/us-baby-formula-shortage-europe-shipment
hxtps://nitter.net/GSwarthout/status/1528154952765296641#m
Clive Robinson • May 22, 2022 11:28 PM
@ SpaceLifeForm, ALL,
Re : Neo-Con created baby formular crisis.
We have top White House economic advisor Brian Deese, Director of the National Economic Council, saying of Abbott,
“We had a manufacturer who wasn’t following the rules and that was making formula that had the risk of making babies sick”
But we should ask “Who’s Rules?” they were or were not following,
Apparently Brian Deese as Director of the National Economic Council, quite bluntly put the blam on US manufacturer Abbott. Who’s Directors according to financial records and whistleblower documents, wilfully chose getting their bonuses over safe opperation by cutting back on maintainence and basic cleanliness.
That is the Directors,
1, To meet “expectations” thus gain “benifts”
2, Spent alledged “windfall profits” on filling the pockets of investors.
3, So did not replace aging / failing equipment.
4, Or maintain existing equipment so it could be kept sufficiently clean.
5, Which probably alowed the build up of dangerous bacteria found in its infant nutritional products.
6, So endangering the wellbeing, health, development and lives of US infants.
7, That caused a nation wide product recall. Which wreaked havoc in the the nationwide supply chain.
8, Of what had been alowed to become a de facto monopoly.
Sounds in line with neo-con rules of the Free market knows best… So what is the problem?
Clive Robinson • May 23, 2022 1:06 AM
@ SpaceLifeForm, ALL,
Re : Neo-Con created baby formular crisis.
Part 2, what it hides behind.
Part of the modern version of “The American Dream” is that a fist full of plastic will forefill an add created craving before your brain regains it’s normal chemical balance. With the press of a button you “debt it” to be payed off maybe by the time you retire.
Only the pandemic, created by the “Don’t stop the planes” needed to keep “The Anerican Dream” swirling has had it’s revenge on those you don’t see…
Eight months ago “The Atlantic” was lifting the lid on what made the US 24hour a day Ad/Buy obsession spiral keep going and why the crunch. The sweat shops, child labour and worse various social responsability and ethical purchasing groups had been waving flags and ring bells over all this century. That form the labour of the “supply chain”, that when Amazon and other workers revealed what went on in their Warehouses of how they were being –equivalently mildly– treated caused such a shock.
Read down to the managers being sacked for running betting pools on how many of their staff would get/die of Covid. Also the brutality and thousands of deaths in the meat packing industry, which you might remember the previous US President effectively forced workers into. All just more grist on the neo-con mill.
Well there were predictable results of the lockdown, an increase in pregnancies that almost always follows even short term blackouts. The new trends pushed by the medical proffession about nutrition and not breast feeding in the economically disadvantaged that originates from US Gov agencies. And other policies such as WIC and those of the FDA. All causing issue in the supply chain labour force not just in the US but back through ports to ships stuck outside them causing all sorts of issues going back up the supply chain.
@vas pup links to an article about no cars being sold for a month in part of China… It’s due in part to lack of product to sell due to supply chain issues, but now also new lockdowns that will create further supply chain issues to the US.
A friend used to joke that the seeds of another “Toilet paper crisis” had been sown so it was time to hord it again. In short they put the blaim on Amazon buying up all the paper pulp used to make toilet paper, to use it to make all the cardboard boxes to deliver stuff…”
The fact that the joke has come true in other ways as well, such as there being a world wide paper shortage so there is,a shortage of books being published for Amazon to deliver, but also “A4 paper” that will have knock back effects on sales of computer printers and other office equipment…
Neo-con policy had all resiliance taken out of the supply chains so that they were cheap enough to make “Off Shoring Jobs” profitable. This made them not just fragile but so tightly wound that they are now exploding like fragmentation grenades and you know not where the shrapnel may fly…
All like a game of musical chairs where the music gets faster and faster and suddenly stops, the chaos of manic scrambling to regain a throne is not dignified and damaging.
Winter • May 23, 2022 1:58 AM
@Clive
The most common elements in the earths crust are silicon, aluminium, with oxygen and hydrogen also being in the oceans and atmospher far outstripping everytging else.
I think you forgot carbon. Not that carbon is the most common element, but because it is most easily available.
So, build batteries using organic chemistry, which obviously is already worked on:
ht-tps://en.wikipedia.org/wiki/Organic_radical_battery
Winter • May 23, 2022 2:07 AM
@Clive
The new trends pushed by the medical proffession about nutrition and not breast feeding in the economically disadvantaged that originates from US Gov agencies.
If a mother has to go back to work, or wants to go back to work, formula is the only real option.
Given that the US does not even has paid maternity leave (many women have NO maternity leave if they want to keep their job), what are the option of the poor?[1]
[1] In this context any household that require all available parents to work. In the US, the majority of children grow up in households where all parents must work:
ht-tps://www.americanprogress.org/article/breadwinning-mothers-continue-u-s-norm/
Winter • May 23, 2022 2:19 AM
@ Clive, SpaceLifeForm, ALL,
Re : Neo-Con created baby formular crisis.
Not simply “Neo-con”. The exact same happened in China, where unscrupulous producers added a poisonous substance to formula that fooled the tests so they could reduce the amount of protein in the formula. [1]
Chinese people started hoarding formula from other countries, e.g., Australia and the Netherlands, to sell it in China. As a result, there was a shortage of formula in the Netherlands (do not know about Australia).
Someone who works in the industry explained to me that it is extremely difficult to expand production. Infant formula requires special (medical grade) constituents whose production is already at their maximum and production facilities cannot easily be expanded. IT is also not easy to expand the amount of milk that is available for the production of formula.
[1] ht-tps://en.wikipedia.org/wiki/2008_Chinese_milk_scandal
Winter • May 23, 2022 6:21 AM
Cool:
CandyCodes: simple universally unique edible identifiers for confirming the authenticity of pharmaceuticals
ht-tps://www.nature.com/articles/s41598-022-11234-4
Counterfeit or substandard medicines adversely affect the health of millions of people and cost an estimated $200 billion USD annually. Their burden is greatest in developing countries, where the World Health Organization estimates that one in ten medical products are fake. In this work, I describe a simple addition to the existing drug manufacturing process that imparts an edible universally unique physical identifier to each pill, tablet, capsule, caplet, etc. This technique uses nonpareils (also called sprinkles and “hundreds and thousands”), tiny inexpensive multicolor candy spheres that are normally added to other candies or desserts as decorations. If nonpareils are applied at random to a pill immediately after manufacture, the specific pattern they form is unlikely to ever be repeated by random chance; this means that the pattern (or “CandyCode”) can be used to uniquely identify the pill and distinguish it from all other pills. By taking a photograph of each CandyCoded pill after manufacture and recording the location and color of each nonpareil, a manufacturer can construct a database containing the CandyCodes of all known-authentic pills they produce. A consumer can then simply use a cellphone to photograph a pill and transfer its image to the manufacturer’s server, which determines whether the pill’s CandyCode matches a known-good CandyCode in their database (meaning that the pill is authentic) or does not have a match in the database (in which case the consumer is warned that the pill may be counterfeit and should not be consumed).
(Emphasis mine)
Clive Robinson • May 23, 2022 6:50 AM
@ Winter,
So, build batteries using organic chemistry, which obviously is already worked on
Which part of the battery?
I mentioned using hydro-carbons which are part of organic chemistry as the equivalent of a fuel. One current area of investigation is using “active bio-agents” such as bacteria, slimes, molds, and all that other self reproductive stuff (which could be a danger in of it’s self).
But as part of the “plates” or electrode surfaces carbon generally has some distinct disadvantages and thus a very very short life time.
I could go through it but it’s biggest fail is that in it’s electrically useful form of graphite it is mechanically weak, and in it’s mechanically strongest form diamond it is perhaps one of the best electrical insulators around.
In between we have carbon nano-tube developments, but whilst as individual physical elements they show interesting properties, the way we currently make them is not efficient and could be politely described as chaotic, thus not amenable to mass manufacturing.
One area that has also been considered for other things is using diamond as a semiconductor. Research is active in the area, but after nearly fourty years we have not come up with an effective method of producing “raw stock”.
Clive Robinson • May 23, 2022 7:44 AM
@ Winter,
If a mother has to go back to work, or wants to go back to work, formula is the only real option.
Whilst not true, it was not my area of concern…
The FDA has some very strange requirments for “baby formular” brought in as what can only be described as “market protection” behaviour. Whilst also encoraging the use of known to be harmful sugars. Whilst this favours the four manufacturers in the US it puts infants on the first steps of type two diabetes and various other diseases particularly those leading to early heart problem related deaths.
With regards,
Given that the US does not even has paid maternity leave (many women have NO maternity leave if they want to keep their job), what are the option of the poor?
In the US they have a policy equivalent to “food vouchers” for a significant number of mothers to obtain baby formular but only from certain “favoured suppliers” and the ingredients used well lets just say I as an adult would not eat them, and they could not be sold in other Western Economies…
One of these “favoured few” is Abbott who’s Directors behaviours caused the already bad situation to cross a threahold that has become an ireversable crisis under the FDA rules. Technically those imports from the EU whilst considerably better for an infant than the US ones, are “technically illegal” under FDA rules.
We know this because those in the US chosing to use better formular who import it across US boarders have had it ceased and conviscatd by US customs authorities.
But this does make me smile in an ironic way,
Not simply “Neo-con”. The exact same happened in China, where unscrupulous producers added a poisonous substance to formula that fooled the tests so they could reduce the amount of protein in the formula.
I am well aware of this adulteration and have mentioned it before on this blog along with the fact that some involved were sentanced to death by the Chinese authorities.
The point is the rules followed by most criminals are covered vy those same “neo-con” rules. They are very detrimental moral or ethical rules and not in any way political rules. So yes they are the same set of rules if followed in the US by corporations or China by the equivalent, both with the very deliberate aim of profiting over disadvantaging others health and wellbeing.
Such criminal disregard of ethics and morals is effectively caused by incurable mental disease, it has no aligence to politics or broader culture. The fact it also appears to be endemic in the FDA as has been shown by the pandenic, should maybe open up a few peoples eyes to just how much root and branch surgery needs to be done on the FDA and other “revolving door” regulators.
Winter • May 23, 2022 8:00 AM
@Clive
Which part of the battery?
Organic batteries based on just redox polymers
ht-tps://www.sciencedirect.com/science/article/pii/S0079670021000964
Redox-active polymers have gained interest as environmentally friendly alternative to inorganic materials in applications such as electrodes in lithium-ion batteries. All-polymer batteries were first disregarded with respect to other technologies due to their lower energy densities. However, the inherent benefits of redox polymers such as processability, flexibility, recyclability, high-rate performance and the perspective to prepare batteries from renewable resources has re-ignited interest in recent years. This review article aims to provide a comprehensive overview on the state of the art of batteries in which the active material is a redox polymer; including “static” all-polymer batteries and polymer-air batteries but also “flowing” systems such as polymer based redox-flow batteries (pRFB). First, a succinct overview of the recent developments of redox polymers will be given, summarizing the historic trends and developments. Second, an exhaustive discussion of the various battery prototypes will be provided, considering all steps in the development of organic batteries just based in redox polymers. Finally, future perspectives on all-polymer batteries will be discussed, summarizing the major challenges that are still to be overcome to unlock their commercial implementation.
Leon Theremin • May 23, 2022 8:02 AM
US military will defend Taiwan ‘if it comes to that,’ Biden says
hxxps://www.foxnews.com/world/us-troops-defend-taiwan-china-invades-biden
Published May 23, 2022 2:16am EDT
US academics stand by ‘scorched earth’ destruction of TSMC assets if China invades Taiwan
hxxps://www.taiwannews.com.tw/en/news/4393176
Published 2021/12/30 12:06
The people of Taiwan would be misguided in thinking Biden cares about their lives. All that matters is keeping the semiconductor fabs there pushing out backdoored chips so the US Empire can continue to conduct electromagnetic terrorism around the world. And if that isn’t possible, destroy the fabs so China can’t use them for the same purpose or to make chips without Silicon Trojans.
Winter • May 23, 2022 8:26 AM
@Leon
The people of Taiwan would be misguided in thinking Biden cares about their lives. All that matters is keeping the semiconductor fabs there pushing out backdoored chips so the US Empire can continue to conduct electromagnetic terrorism around the world. And if that isn’t possible, destroy the fabs so China can’t use them for the same purpose or to make chips without Silicon Trojans.
You are shortsighted.
Indeed, the people in the US do not care for the lives of non-(USA)-Americans nor even for most of their compatriots. But the reason they need Taiwan is that the US economy (and arms industry) would crater without the chips produced in Taiwan.
The “electromagnetic” terrorism is utterly irrelevant if there are no chips to put in gadgets. The gadget come first, any surveillance comes later.
SpaceLifeForm • May 23, 2022 4:01 PM
@ Clive
Nice segue from toilet paper to throne.
Even if unintentional, I found it amusing because of the descriptive terms in between.
Clive Robinson • May 24, 2022 2:05 AM
@ Leon Theremin, Winter, ALL,
All that matters is keeping the semiconductor fabs there pushing out backdoored chips so the US Empire can continue to conduct electromagnetic terrorism around the world.
You make two claims,
1, “pushing out backdoored chips”
2, “conduct electromagnetic terrorism”
Neither are mentioned in the article you link to[1].
In fact searching for “electromagnetic terrorism” shows it’s a term that originated from research in Russia, and it has nothing to do with “backdoored chips”. In fact it is more akin to EMP, Marx Generators and HERF systems that terrorists might be able to aquire and use virtually untracably,
https://www.groundreport.com/electromagnetic-terrorism-injecting-emp-into-digital-devices-2/
https://nap.nationalacademies.org/read/10301/chapter/11
https://nap.nationalacademies.org/read/12490/chapter/19
Which indicates you do not understand “the term of art” as is currently used, and has been since atleast the 1980’s.
Which leaves us with “backdoored chips”, a subject that comes up on this blog from time to time.
The first thing to note about any “door” is,
“To use a door for either ingress or egress you must have access to it. A door you can not access is one that effectively does not exist for you, so you can not use it for ingress or egress.”
Thus to stop the use of backdoors, frontdoors, golden keys, bug doors, and the multitude of other types of door you simply have to stop access to the door. Which is actually not that difficult to do.
Almost the first rule of all security is “segregation” which gives seperation thus lack of access to the segregated item. A long used but now sadly out of date expression is “air gapping” which was mostly about “physical segregation” (the US Gov actually classified information about “energy segregation”).
The likes of both passive and active EmSec techniques brings up the point that an “air gap” is of little impediment thus segregation to radiated or conducted energy, be it electromechanical (EM) or mechanical (vibration) or even gravitational.
Thus the gap has to be for more than physical objects it has to be to energy objects as well hence “energy gapping” is a more appropriate term.
But the purpose of backdoors and similar is for the ingress or egress of something that is actually not tangible as matter or energy are, but intangible “information”. Thus it is important to note that information to be moved has to be communicated and this is done so by first impressing / modulating it on matter / energy and transporting those in distance and time. If you can stop the information being impressed or modulated then it can not be transported.
However stopping the modulation of information can be very difficult to do. Which is why the two main TEMPEST techniques are achieved by reducing any communications signal (energy) and it’s ability to carry information (bandwidth).
Thus putting chips backdoored or not in a segregated space by blocking energy (shielding) or antenuating it (absorption) and limiting bandwidth (filtering) enables the unwanted or unintentional ingress or egress of energy and any information that may be modulated upon it.
Whilst most consumer or commercial electronics is not designed for EmSec it is required by law to meet “ElectroMagnetic Compatability”(EMC) regulations. The information on EMC Compliance in terms of radiation (egress) and susceptibility (ingress) and the design behind it is fairly readily available. As the basic physics and supporting mathmatics are likewise readily available, the knowledge to extend EMC compliance into EmSec segregation is also fairly readily available, even though many specific techniques are not openly described they can be deduced.
[1] An article that many regards as unhinged for various reasons. But even if you consider what they call for to be a valid “theoretical thought excercise” it fails in the “practical implementation” considerations of just how you would go about it. That is to ensure “the Fab plants will be destroyed”, as a credible threat you would have to ensure that they could be destroyed in minutes in case of “covert attack”.
That is like the traditional methods of bridge destruction during a “defensive retreat” in active warfare. In which you pre-prepare the bridge by lacing it with explosives and several simple so reliable ways to set them off along with men in defended strong points to set them off. This obviously imposses not considerable cost, not just to man and maintain, but an even more significant risk by accident. It also in turn has the “third party belligerents” issue which is a lot more than political activists / terrorists gaining access and setting the explosives off. What is not often discussed and is why the Cold War MAD doctrine is nolonger credible, is such doing such things turns it from a “two player zero sum game” into a “multiplayer non zero sum game”. That is a any one of a number of entities could destroy one of Taiwans major economic pillers at minimal cost and then “step in”. For instance the US has minimal control over what the major Taiwanese semiconductor manufactures do. Which is why the US is currently preasuring them to build Fab plants in the US under the excuse of “supply chain protection”, but with a moments thought you will realise that brings those Fab plants should they be built under direct US Gov control via existing “war legislation” that gets used in peacetime (see current baby formula issues). It would be both economic and defence suicide for Taiwan to do either thing. What that paper actually proposes is that Taiwan destroy it’s economic viability by buying US weapons and having to build a standing army, which history in the Far East suggests will lead to a failing in democracy via the likes of military Coups and then the following years of more and more military sales and oppressive and criminal activities by the military junta / dictators. Thus the US would gain from military sales, control of the semiconductor supply chain and reduction in it’s foreign commitments (see what has happened to the Ukraine). None of which would be in any way desirable by most of the rest of the world.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Metadata • May 13, 2022 5:31 PM
+- delta good news on Portugal. Currently the discussion of metadata use by judicial&secret services authorities resurfaced on the Portuguese scene as the constitutional court concluded it’s illegality with a vast majority by the constitutional judges (strangely after 8 years of similar EU constitutional conclusions). After this decision and taking into respect the common ground of rule of law established by the peoples 25th of April revolution, and now on a context of major representation in Portuguese parliament by the Portuguese socialist party in co-habitance with a social democratic (second major party after socialists) and Opusdei Portuguese president we witness on of the major attempts of subversion of the basic social/human rights of Portuguese society by attempting a re-write of the constitution using this Trojan argument of metadata vital need for judicial investigations on our current technological times. When I qualify such attempt as a Trojan one I mean to focus every Portuguese to the procedures that take place on such refactors, as +- media starts to gives us an hint” such refactors of constitutional revision may encompass matters in any matter related with the main objective of such reforms.