As I've said in my "platform:"

No nation should enjoy an open trade relationship with the Untied States unless it extends to all of its citizens essentially all of the protections in the 1st, 2nd, 3rd, 4th, 5th and 6th Amendments to the Constitution of the United States.

Thus, China should be told to go suck off goats:

“Religious organizations must adhere to the leadership of the Chinese Communist Party, observe the constitution, laws, regulations, ordinances, and policies, adhere to the principle of independence and self-government, adhere to the directives on religions in China, implementing the values of socialism,” Article 5 of the new policies states.

The new rules also say “religious organizations must spread the principles and policies of the Chinese Communist Party,” as well as requiring “religious personnel and religious citizens to support the leadership of the Chinese Communist Party, supporting the socialist system, adhering to and following the path of socialism with Chinese characteristics.”

China has sovereignty.

But so do we.

If Trump won't do this then we should: If you produce, source from or otherwise entertain commerce with China in any form as an American firm: **** you, **** your executives and **** your employees.  Oh, and **** your fanbois too.

All of them, without exception.

Especially you, Mr. Crook -- and Mr. Musk.

Well, here we are....

This month, the first person to obtain a legal "non-binary" sex designation has successfully petitioned the court originally responsible for his "non-binary" status to order that the sex on his birth certificate be restored to "male." In documents exclusively provided to PJ Media, James Shupe's petition described his "non-binary" designation as a "psychologically harmful legal fiction." He told PJ Media he hopes this decision will prevent a woman currently seeking "non-binary" recognition from following the same lies.

"The charade of not being male, the legal fiction, it's over," James Shupe told PJ Media on Tuesday. "The lies behind my fictitious sex changes, something I shamefully participated in, first to female, and then to non-binary, have been forever exposed. A truthful accounting of events has replaced the deceit that allowed me to become America's first legally non-binary person."

Yep.

I have repeatedly written on this topic, but nobody cares.  There is an entire grievance industry, never mind political pressure groups and very expensive, highly profitable "doctors" who are all too happy to cut off your wiener, perform various cosmetic procedures and fill you full of drugs.

But none of them can make you what you aren't.

That's the problem when you get down to it.  We are what we are.

But as I've noted, that evil white patriarchy gave up a lot of the "base urges" in order to do wise things.  You'll never hear that in the mainstream media, but it's true.  What's worse is that until the "Great Society" nonsense, which was the foundation of the premise that it's all about the feels, Black Americans were producing stable 2-parent families with kids and, while there weren't all that many Einsteins among them (whether you like it or not there is a divide in terms of where the median intellectual firepower line falls between both racial and geographic boundaries) they were doing ok and so were their kids.  The grievance industry destroyed that and turned a huge percentage of those people back into economic slaves; just poop out babies, structure the laws to favor ejecting men from the house, **** all the dudes you want and the government will give you a place to live and a check.  Unfortunately what those kids learn is that laying on your back works great if you're a gal but if you're a dude you're going to get thrown out by said gal as soon as you're done ejaculating so you may as well run drugs and gang-bang.  Yeah, that's worked out well, hasn't it?  Read HeyJackass recently as to the split when it comes to who's shooting who -- and worse, who's getting shot?  Or try the FBI crime stats, if you'd like.  One murder every 17 hours on average for 2019, and of those for whom we have victims and assailants, gee, you think there's a pattern in there?

Fact: If you're Hispanic you murder at a rate 2.86 times that of white people and if you're black you murder at 11.65 times the rate of white people.  Oh, and as for guns, the evil **********s in VA and elsewhere are not interested in the weapons those Hispanics and Blacks are using to murder; they want to ban certain rifles but five times as many people are murdered with knives as with all rifles combined -- and twenty times as many people are murdered with pistols, which is the (no surprise) preferred murder weapon.  Not that it matters which weapon is used if you're the victim; dead is dead.

The grievance industry -- with virtually every single one of its members being a hard, insane leftist -- created this epidemic of violence.  Thank you AOC, Sanders, Ilhan, Hillary, Bill, Schumer, Pelosi, Shapiro, Sharpton, Jackson and thousands of others.

The LGBTQPRSUVWXYZ crowd, part of that grievance industry, can always find another letter to graft on.  The latest is pedophilia.  Anyone who has two firing neurons in their head knows damn well that having flaming transvestites hosting "children's reading parties" at libraries is ****ing insane.  Daily Beast thinks this is just fine.  But let's talk about reality here for a moment: In Houston they had a convicted child molester in drag reading books to children as young as babies.  The fact that he was a Drag Queen, the qualifying factor for "Drag Queen Story Hour" apparently trumped the fact that he was convicted of molesting an 8 year old boy, or perhaps they didn't bother looking because, you know, he was in a special protected class of persons.  That we have an arm of the government -- a public library -- allowing this monster to have close personal contact with children, supervised or not, at public expense is an outrage.  Oh and never mind that it helps molesters tremendously if you first teach kids that they shouldn't be afraid of someone who's acting oddly like this.  After all it's unfair if said molester has a tough time obtaining any more victims, right?

This is all about delusion, just as is the "you can change your sex" thing is.  That it also, in the case of child molestation crosses into the serious criminal element of abuse of said children is a side effect to be ignored by these people.  The entire point of their delusional nonsense is that which you believe you are and can have.

No you can't.

Of course the screamers all raise hell and even try to criminalize calling something what it is if it "offends" someone.  Facts become crimes.  If I call a person who obviously is a male despite how they've dressed Sir in some places I can be arrested and in virtually all of them, nowdays, I can be sued if I'm an employer or otherwise have some "duty."

Duty to what?  To pander to a puerile or, equally bad, children's fantasy?

What happens when that fantasy resides in a 30 year old male body and involves assaulting 8 year olds?  That, as we've already seen, isn't sufficient to bar you from having more contact with 8 year olds while you're engaged in your fantasy-land nonsense.  What leads anyone to believe that if you're incapable of discerning that there are only two sexes, that absent genetic accidents (e.g. other than two sex chromosomes) you are one or the other, and even in the circumstance of an accident you are still biologically mostly one or the other and this was immutable from the very first cellular combination in the womb that you also cannot manage to discern far less-profound facts -- like, for instance, that it's wrong, unacceptable and felonious to molest 8 year old boys.

What will you do when it's your 8 year old boy that gets molested?

It's not like anyone gives a wet crap when thousands of young black people get shot as a result of these very same grievance-industry Marxists and their tripe so why would anyone expect a little forced anal sex to get the sane people in this nation pissed off enough to put a stop to this garbage?

Oh, so close....... tonight, tonight tonight...... oh hoh!!!!!

On Top of the Tree 16*20 $100

In follow-up to my previous post on the Repo mess, here's another thing to consider: Negative rate bonds.

Remember that these are guaranteed loss-making instruments if held to maturity.  That is, you give a government $100,000, they give you back $99,000 (as an example) one year later.  And so on.

The only way to make money on them is for rates to go more negative by enough that you can sell them for more than you paid because the new bond is even worse.

Now economists thought these could never be sold to anyone, anywhere, for that reason.  They are a literal intentional cash bonfire with the only possible redemption being the continued stupidity of the issuer and people's willingness to buy them.  Note that in the US at least "Primary Dealers" in exchange for being the sole source of non-direct purchases are obligated to buy at the auctions.

So what happens if you, as one of these banks, are stuffed full of this garbage?  Somehow you have to make that capital back.  One way to do it is for The Fed to have alleged "Excess Reserves" which they pay for 1.5% interest on.  Heh, now we could have a -1% bond, 1.5% IOER, and, well, that nets to 0.5%, right?  Sort of.  Except that the two things are disjoint; excess reserves come from deposits of cash or sales of securities (you have to have the cash first) while negative bonds are purchased.

Hmmm... not so linked, are they?

But the ECB and others arm-twisted and indeed these bonds got sold, and bought.  Then the ECB monetized a bunch of them and issued Euros.  Heh wait -- that's a flat-out intentional currency devaluation, isn't it?  Uh huh.

So now all this trash is laying around, and suddenly there's a problem -- rumblings on the horizon about the ECB and Euro zone generally may be basically forced to exit negative rates.

Well what if they do?  What happens to the value of all the ones currently out there?  They get bushwhacked!

What if that happens while you have these allegedly-safe "bonds" in a Repo transaction somewhere?  Oh, that would be bad.

Who's got a crap-ton of this stuff?  Good question -- but there's about $13 trillion, by the last guess I saw, of this garbage out there, and I think it's fair to bet that the ordinary retail dude or the holder of a bond fund wouldn't be buying them on purpose.  So does he have them?  Probably not.

Oh, and one final question: Is the Fed's more-or-less, it appears, "permanent" Repo attempting to act as a sink for these, and if so, under exactly what authority did The Fed act (and why does Congress and the American public permit) to transfer the negative yield implication -- that is, the capital loss on a foreign government bond to the US Taxpayer?

I mean, it's not like the Citizens of the United States might decide to demand a declaration of war on a nation that conspired with our own Federal Government and Federal Reserve (along with maybe even on our own government and Fed) if they were to determine that said Fed and Government did indeed conspire to transfer a foreign government's intentional capital loss that it incurred for the benefit of itself to US tax rolls, right?

Oh, they might?

Well that's damned inconvenient.

So the alleged "encrypted phones suck" thing has come up once again, with AG Barr claiming that Apple is refusing to "help" unlock the Pensacola shooter's iPhone.

This shouldn't BE a conversation -- because what's being discussed shouldn't be something the authorities can do, if you as a user choose to protect your data in a reasonable fashion.  Further, these devices are designed, intentionally, to make that not possible.

A quick primer -- there are available today for anyone who cares to use them (and a lot of people do, including banks, other financial institutions, individuals, corporations of all sorts, and governments) very high-quality encryption.  It is effectively unbreakable using today's technology.  The symmetric encryption used for the actual payload data on modern systems has never been demonstrably broken.  If it is broken then not only will criminals be unable to protect what they do but so will governments, military organizations, banks, your brokerage, etc.

The best means of deriving those session keys use either asymmetric encryption (e.g. RSA) or a multi-part derivation function that is "one way" - that is, you put in an input and get a key out, but the key cannot be reversed.  Multi-part key derivation has significant advantages, including some degree of protecting you from yourself.  That is, if you use a weak password then that can obviously be guessed, but if you ALSO need (for example) a strongly-generated piece on a smart-card or USB stick then without that even being able to guess the password doesn't help.

If a storage volume is encrypted using one of these systems it is effectively impenetrable except by obtaining the keying.  If part of the keying is in your head, then the 5th Amendment prevents the government from acquiring it without your consent, which they cannot compel.  Further, if it is only in your head and your head is no longer functional for some reason, whether by your own hand or someone else's, then obviously it's gone.  Note that if it is derived from biometric data, such as a fingerprint or retinal scan, current court decisions allow you to be compelled to provide those!  For this reason while it's ok for that type of information to be part of the key security demands it is never the entire key.

If, for example, I encrypt a disk volume using something like "GELI" (on FreeBSD) and use a composite key -- that is, part on a USB stick and part password -- then without both that disk cannot be decrypted.  Further, if the machine in question is tamper-aware it can upon detection of tampering (e.g. removal of the lid of the case) almost-instantly erase the keying blocks at the front of the volume containing the metadata needed to derive the session key from the provided components.  Without all three of those items it is not possible to determine the session key.  If the metadata blocks are destroyed (and there is no backup copy anywhere) you have a disk indistinguishable from one filled with random ones and zeros.

Now let's think about cellphones.  When the phone is running the entire storage volume is mounted.  This implies that any decryption keys have been provided and are in use.  Apple claims to have a multi-level "keybag" approach that is essentially file-by-file and, supposedly, can't be bypassed.  But how is it that a firm like Cellbrite can break into a locked iPhone if that is truly the case?  And why can Google remote unlock your device -- a capability they do not deny?

Let's cut the crap: If the session key has been destroyed by the operating system due to a timeout that allegedly "requires" you to re-enter the components to re-generate it, or it was never entered since the device was powered on then unless it is somewhere on the device or your credentials were stored either on the device or provider's infrastructure breaking in by other than brute-force guessing, which with a reasonably-decent password will take thousands of years even with supercomputer (e.g. NSA) assistance, is impossible.

At least Google is honest about it -- the storage encryption on your mobile device is not uniquely derived from, among other things, your entered password.  Further, these firms have intentionally designed their phones to be tough to "quick-hardlock" and they don't "time out" on a user-desired basis in that regard either.  Whether there is any actual protection if the device is off at the time of interception, or out of power, is an open question - but I would not bet on it.  More on that in a minute.

Let's presume once again said FreeBSD machine (e.g. my primary server.)  When it boots there is a small loader that has to be unencrypted.  That loader knows just enough to be able to look at the installed disks and figure out if any of them are bootable with a FreeBSD operating system -- and if so, if the components of that volume appear to be encrypted.  You tell the system this, incidentally, by setting a simple flag on the partition in question.

The loader doesn't know if the allegedly encrypted volume is really encrypted or full of trash; it has no way to know.  It asks for a password and then tries to use both it and, if the flags specify, the other location for an alleged other piece of the key derivation components (e.g. a USB stick.)  Once it has what it thinks is a valid set of keying it attempts to run through that, sets the keying for GELI on that space, and then probes the disk and sees if what's there is an actual volume or not.  If it's not a valid volume then you either specified a disk that wasn't really encrypted or you provided a wrong key component (password, bad USB stick, etc) -- it doesn't know which, just that the attempt failed.

If the loader actually sees a valid disk when it has done this then it knows that keying is good (because there's no possible way for the volume to be valid if it isn't) and it proceeds to load the operating system, then it passes the derivation information it used to the kernel, which then uses it to mount the disk and startup commences normally.

Note the risk here -- that loader, if it's tampered with, could get you to enter the password and stash it somewhere.  Now it's not a secret anymore!  Worse, it could steal the contents of any auxiliary keying device too.  So it is really, really important that this not happen, which is why you have things like "secure boot" and signed bootloaders on phones and some modern PCs.  But, of course, that requires you to trust whoever signed those boot components absolutely.

This is what Barr is talking about -- he wants Apple to provide him with a signed but tampered with bootloader that will start the phone.  Apple has refused.  But Apple is being disingenuous; that loader will not unlock the device by itself unless the user's password isn't really required to unlock the storage in the first place. 

Remember that in this case specifically the shooter is dead; his password, in his head, died with him.  Therefore if a compromised bootloader would unlock the device the password isn't actually required!

Let's say you wanted to steal my data off my system (whether with a warrant or not.)  One way to do it would be to tamper with the "gptzfsboot" file on my system somehow (theoretically you could break in, pull the cord, change that small unencrypted part of the disks involved, put them back in and turn the power back on.)  I might well think that is a random crash or power loss event -- and not that someone was screwing with me.  It is of course imperative that I not detect you did it, because if I do detect the tampering before you steal the data I can put the good code back and change the keying (e.g. password), never mind that I know you're trying to break in!  Assuming you can pull this off now all you need to do is force me to reboot it so I have to put the password in again (e.g. you kill the power for long enough that my battery backup system is exhausted) and the next time I boot the machine.... Bob's your uncle!  Now you serve your warrant and... heh, look what we have here!

But in the context of a mobile phone the manufacturer can send down a "software update" you have no control over or ability to understand what it is, nor can you in most cases replace with an older or different version on your own because mobile phones have what is called an "anti-rollback" register in them that prohibits you from loading an earlier version of the software.  This means you're 100% at the sufferance of the company since you (1) can't compile the software yourself after looking at it to see if it's doing something evil like storing and sending your password and (2) if the manufacturer does have some skulldruggery -- or just a bug -- in the code you can't roll it back either or you will brick the device.

But it gets worse.  Is your password really required to "start" the phone in the first place?  

No.

Let me explain.  I have a Pixel 3a and if I turn it off and then back on it says "unlock for all features and data."  Uh huh.  If I get an SMS message and I haven't unlocked it the phone does bing at me.  How did it manage to access the operating storage of the device without my password to unlock the volume?

The answer of course is that it didn't need my password to generate the storage key; it was in the device.  The phone couldn't have booted without it, but of course it clearly did boot.

Now what the manufacturers could do is recognize that there is a significant difference between types of data on your device.  Specifically, a phone call or text message isn't private because your service provider has the source and destination, time, and "size" (duration of the call) and in the case of a SMS it has the contents too.  Thus the manufacturer could have "not really locked" (equivalent to what all of the storage is now on your device) that is accessible on boot, just like it is now, and which would permit an either a restarted device or one which was either timed out or force-locked could access.

All the rest of the data, however, including all the application data, your photos and similar would be on a partition that is encrypted using key derivation that includes your manually-entered password.  On a boot none of this would be accessible without that, and on either expiration of a user-selected timeout or a "duress" action (e.g. long press on the power key) that keying would be destroyed in RAM.  That data would simply never be accessible to anyone without your personal act of unlocking -- period.  If you choose to use only a fingerprint or other biometric for that it's on you, but if you wanted to you could use a long alphanumeric password -- effectively impossible to guess, even if some firm can bypass any anti-guessing algorithm designed to slow down such a process.

Google tries to pretend they are doing this with fingerprint-unlocked devices in that about once a day it will demand your password for "extra security."  But that's a false premise.  Even though it is demanding my password, claiming it "needs" it, a text message that comes in still echoes to my Garmin watch, which means that (1) the phone can receive and store the text, (2) it can correlate that with my contact list which is run by an app and (3) it can also communicate that to a second app (Garmin Connect) which talks to the watch over Bluetooth.  None of this could happen if the storage keys had been destroyed and the volume was inaccessible.

Why isn't this done by the manufacturers?

It has nothing to do with terrorism.  It has to do with one and only one thing: Money.

Simply put because none of these companies get a wet crap about your privacy, and doing that would compromise their primary business model which is not selling you phones -- it's selling your personal data directly and indirectly via their "ecosystem" and app developers.  Since consumer fraud -- that is, intentionally concealing the true purpose and implications of what you allegedly "agree" to is no longer prosecuted, ever, and nobody in a large firm ever goes to prison for screwing consumers they do exactly that.

See, if this was implemented then any process running that had or desired to open a file handle on the encrypted volume would have to be blocked as soon as the keying was removed.  This means that any app that wanted to retrieve background information couldn't as soon as your timeout expired until and unless you re-entered the password.   Your much-vaunted "encrypted message app" could tell you something was waiting for you, but not what or from whom since it couldn't get to the storage until you unlocked the device.  You'd probably find that acceptable, by the way.

But Facebook would find it completely unacceptable that it couldn't get to your location all the time, because its app couldn't look up whatever sort of "user key" was associated with your user login information or anything else in storage when the device had timed out.  Google couldn't tell you that the store you just walked by takes Google Pay and Apple couldn't likewise tell you that the store takes Apple Pay.   Various other apps couldn't siphon off location or other data (e.g. Walmart saying "heh there's a Supercenter right over there!") because it couldn't get to its local storage either.

In other words now you'd have to have the phone unlocked and in use, or within the active "quick unlock" (e.g. fingerprint only) window for any background app to run that needs access to local storage -- because that local storage could implicate something personal and private.

There's utterly nothing preventing the Android and IOS folks from having their OS work this way.  In fact it wouldn't be difficult at all to change their code to work like this.  They have just refused to do so, on purpose, and it's not because they want to help the cops catch (dead) terrorists.

It's simply because their entire business model relies on that storage being accessible any time the device is on and has any sort of external connection, whether to WiFi or a mobile network.

The implication of this, however, is that nothing on your cellular device is ever secure.  Period.  This has profound implications for things like personal banking and other financial data, never mind any sort of business-sensitive information and, for many people, photos.

These firms are not selling you phones.

They're selling you to the companies that make apps for phones, including themselves.

And by the way, while you can hate on Google for this at least they're honest about it.