It's funny seeing this play out because in my personal life anytime I'm sharing a sensitive document where someone needs to see part of it but I don't want them to see the rest that's not relevant, I'll first block out/redact the text I don't want them to see (covering it, using a redacting highlighter thing, etc.), and then I'll screenshot the page and make that image a PDF.
I always felt paranoid (without any real evidence, just a guess) that there would always be a chance that anything done in software could be reversed somehow.
If it's not done properly, and you happen at any point in the chain to put black blocks on a compressed image (and PDF do compress internal images), you are leaking some bits of information in the shadow casted by the compression algorithm : (Self-plug : https://github.com/unrealwill/jpguncrop )
And that's just in the non-adversarial simple case.
If you don't know the provenance of images you are putting black box on (for example because of a rogue employee intentionally wanting to leak them, or if the image sensor of your target had been compromised to leak some info by another team), your redaction can be rendered ineffective, as some images can be made uncroppable by construction .
Right, using stenography to encode some parity bits into an image so that lost information can be reconstructed seems like an obvious approach - all sorts of approaches you could use, akin to FEC. Haven't looked at your site yet, will be interested to see what you've built :)
Edit: I checked it out, nice, I like the lower res stenography approach, can work very nicely with good upscaling filters - gave it a star :)
Somewhat related, I once sent a FOI request to a government agency that decided the most secure way to redact documents was to print them, use a permanent marker, and then scan them. Unfortunately they used dye based markers over laser print, so simply throwing the document into Photoshop and turning up the contrast made it readable.
I remember noticing that a teacher in high school had used white-out to hide the marks for the correct multiple choice answer on final exam practice questions before copying them. Then she literally cut-and-pasted questions from the practice questions for the final. I did mediocre on the essay, but got the highest score in the class on the multiple choice questions, because I could see little black dots where the white out was used.
I was thinking I understand what's going on but then I came to the image showing the diff and I don't understand at all how that diff can unredact anything.
It's not that you can unredact them from scratch (you could never get the blue circle back from this software). It's that you can tell which of the redacted images is which of the origin images. Investigative teams often find themselves in a situation where they have all four images, but need to work out which redacted files are which of the origins. Take for example, where headed paper is otherwise entirely redacted.
So with this technique, you can definitively say "Redacted-file-A is definitely a redacted version of Origin-file-A". Super useful for identifying forgeries in a stack of otherwise legitimate files.
Also good for for saying "the date on origin-file-B is 1993, and the file you've presented as evidence is provable as origin-file-b, so you definitely know of [whatever event] in 1993".
I learned that a long time ago when I was a student and wanted to submit a pdf generated by a trial version of some software as an assignment and was trying to be clever and cover the watermark that said unregistered with a white box.
When opening the file in my slow computer, I could see all the rendering of the watermark happening in slow motion until the white box would pop up on top of the text.
It's actually quite easy to open the pdf and see that there are several different elements per page to the document, eg the main text, an image, the footer, the title.
Randomly removing these by trial and error will usually quite easily allow you to find the watermark and nix it, with the advantage that even a sophisticated recipient will not be able to find out from the pdf file what the watermark was.
There's also metadata in the image files. What specifically would be sensitive in the pdf with screenshots metadata that is also not present in the sceenshot image metadata?
PDF has something called an "info dictionary", which most mainstream PDF-writing software will fill out with various bits of info that you might not want known.
Image files usually have substantially less metadata by default, unless it's one taken by a camera.
Normally, I'd never attribute to intention what can be blamed on incompetence. Especially if the government is doing it. But sure, if I were the intern tasked with this job...
it's absolutely bewildering how ridiculous everything has been so far in terms of competence and this really takes the cherry on the top near Christmas too.
USA is still very high, so they can go much much lower, but I think they might go to some still lower places, finding them where we didn't even know such places could exist. Some ideas:
Slavery has never been illegal in the US. The 13th amendment leaves slavery legal as punishment for a crime. The US has the highest rate of crime punishment in the world (higher than places like North Korea), an industry that profits by selling slave labour of those punished criminals, and known ties between those who profit from selling slave labour and those who decide how many things should be crimes.
Taking Greenland and Venezuela is given, as they took most of Latin America already. Just the new Mexican president looks like the next thorn in their eyes. Too competent, too social, too anti-corruption.
They effectively already left NATO and openly support Russia already.
ICC members are already under fire and some had their microsoft account banned by Trump.
Trump will invade Greenland and Canada first. China is less of an priority.
NATO works by projecting a united force. Nations unconditionally backing each other up. The USA is now clearly no longer a part of that. That's not to say that the USA will do nothing if a NATO member is attacked. It might. Or not.
For much of NATO history, the US is NATO. The US doesn’t want it to be like that anymore because it needs to strategically shift to the other side of the world. So, the US says “What if Europe can be NATO? If we can force them to meet the GDP commitment then maybe we don’t need to worry about them too much and commit less of our own resources to this theater.” But of course people interpret this as if the US is abandoning the alliance. No, the US just has other problems to deal with in the world.
That is the rationalization, but don't be surprised if the US would not confront China at all.
The main flow of capital in the US had been going to the mil.industry, but that is not the case anymore. It is mainly surveillance tech that is receiving capital. In a very unhealthy economy, this all looks eerily pre-'30s.
The US, right now, is only threatening weak countries, they don't have the industrial power to confront China, nor do they want it. This shouldn't be a surprise, some ideologues behind this maga-project belief in an America from one pole to the other. They believe in "spheres of influence", and as such China has their own sphere of influence. A sphere of influence means a kind of colony, where natural resources, people and industry are all resources to be extracted by them. It is the Russian model, it is the model of criminal mobs, it is might makes right, it is a multi-polar world.
Meanwhile, re-industrialization projects have been scrapped, partners have been scared of, and tariffs have hit the industry that was still left in America.
Monopolists are parasites on the economy, and the US is already very weakened from that. As the Japanese said, the US is still a great power, but the throne is empty. I suspect there will be skirmishes with other "great powers" over exploitable resources like Africa, Middle East, Europe, but I don't expect the current crop to go all-in on China.
Yes, the US has always been the driving force behind NATO. It provides close to 40% of the combined military personnel, and an even higher portion of military spending.
No longer committing to defend other NATO countries, even if their military spending exceeds the target, is abandoning the alliance though. NATO is little else than that commitment.
Any country without nukes, that is not currently developing them, is stupid imo.. Nukes are the only thing that can guarantee sovereignty now.
Ukraine gave up their nukes.
There's a left wing cooker conspiracy theory that the guy who gave Ukraine the Javalin anti tank missiles and forced NATO to increase military spending to 5% of GDP is actually a secret Russian agent.
This low https://en.wikipedia.org/wiki/Child_abuse_in_Pakistan aka a society where child abuse is simply accepted and mainstream, with the child abuse of child labour and dhijhadism being just additional nightmare fuel on top.
If we survive long enough I do believe historians will look back on this period and state as a matter of fact, rape and child abuse were completely acceptable, because it seems it’s totally fine with our elected leaders. If these leaders were democratically elected there is only one conclusion to draw from it…
Personally, I only trust an image manipulation tool to put down solid colored blocks, or something that does not involve the source pixels when deciding on the redacted pixel. Formats like PDF are just so complicated to trust.
This is what I do while sharing such images. I crop out those parts first and then take another screenshot. I do not even risk painting over and then take another screenshot. I have been doing this forever.
In practical terms, a more convenient way to achieve this is just printing the document to a PDF, which rasterises the visible layer into what the printer would see. Most pdf tools support this.
That seems like a dangerous approach. Though printer drivers do often use rasterization, especially when targeting cheap printers, many printers can render vector graphics and text as well. Print-to-PDF will often use the later approach, unless of course the source program always rasterizes it's output when sending it out to the printer driver, or the used Print-to-PDF driver is particularly stupid.
I then convert the image to grayscale only. Then I apply a filter so that only 16 colors are used. And I then adjust brightness/contrast so that "white is really white". It's all scripted: "screenshot to PDF". One of my oldest shell script.
16 shades of grey (not 50) is plenty enough for text to still be smooth.
I do it for several reasons, one of them being I often take manual notes on official documents (which infuriates my wife btw) but then sometimes I need to then scan the documents and send them (local IRS / notary / bank / whatever). So I'll just scan then I'll fill rectangle with white where I took handnotes. Another reason is when there's paper printed on two sides, at scan times sometimes if the paper is thin / ink is thick, the other side shall show.
I wonder how that'd work vs adversarial inputs: never really thought about it.
I was at a waterpark as a young teen and ended up trying the wave pool, but even being tall for my age I was shorter than a typical adult. When I first went out the waves weren't turned on/going yet, but once the waves started everyone moved forward and the crowded pool compressed even more, plus I got pushed even deeper into the deep end, and basically I sank down because I couldn't really get any space to swim and everyone else was standing. It was so packed with people that eventually (without my realizing at the time) it became impossible to move arms and legs enough to stay up, kinda like a crowd surge but in the water.
I must have been too shy to think of climbing onto the person next to me. My best guess is that I was "jumping" up off the bottom to get brief bits of air while hoping it wasn't in the middle of a wave. After doing this for a bit, could be just seconds, I started to panic (I really couldn't tell you how long, felt like forever). I heard a whistle and somehow this lifeguard was there through the crowd within seconds (they had been standing along the wall of the pool but I was more in the middle).
The people all around me shoulder to shoulder hadn't even noticed what was going on, I still feel amazed the lifeguard could pick me out from thousands of heads and get to me.
(I don't know if this can be considered "nice" cause it was their job, but it's something that has always stuck with me).
I was a lifeguard for about 8 years in high school and college. I pulled out close to 20 people. Never had to administer CPR: if you get there quick enough it’s maybe a bit of coughing.
I wonder if any of those people remember that.
I also cannot sit by a body of water with people swimming without falling back into lifeguard mode. I’ve pulled out a few people as a civilian. Nothing serious, but it would have been. Little kids and beaches are a rough combo.
PSA for anyone near water: Drowning people can act the opposite of what one might expect. No flailing, no splashing, no yelling, just quietly disappearing. It’s good to know the real signs to watch for. [0]
You can still recreate that life right now if you want, but people are choosing not to (I also choose not to so I'm not saying it's some requirement to do so).
You can get a piece of land and have a simple house on it, get a wood stove, stop buying things that generate trash (grow your own food, etc. and compost all scraps). Raise animals like chickens and goats. Put in a well. There's a ton of guides and YouTube videos out there about people who homestead.
I know people who do this on 1-2 acres and are a couple hours from a major city. The reality is that it's a ton of work and there's downsides, it depends on what kind of person you are.
(This is responding to your specific comment, I know that choosing to do this in the developed world is different from people who have no choice and no options in a developing country/place).
Between the vitamin D error (this affected US and Europe and probably more places) and the sodium/blood pressure study that was misleading if not outright false, it's amazing how a few data points can become widespread advice without much verification and follow-up.
I'm sure there's tons more cases that we don't even know about, not in the conspiracy sense, but more in the sense that there's some issues with how carefully these claims are validated before they get put out there as a rule to be followed.
Vitamin D and sodium are examples out of a couple core nutrients, and I could list other nutrients such as sugar or fat too. So the rate is not excellent.
> How many errors do police make? Actuaries? Security researchers?
They make plenty of mistakes too. What's your point?
I'm a bit confused, would love to learn. The Potsdam agreement said that Japan controls is main islands (the ones right by the mainland) and the other minor islands (anything not right next to the main island) would be determine by the Allies later. This was signed by China and obviously has been followed.
Then the Treaty of San Francisco (which didn't involve China signing or agreement or anything) said that the Allies would revert control of Okinawa to Japan, which was the Allies choice at that point given that they were in control as stipulated by the Potsdam agreement.
What's the gap between what was said and what happened? You could argue that the WW2 agreements were unfair and didn't follow historical ownership but I'm not sure which part of the agreements themselves was directly violated.
I think you and the person you are responding to are saying the same thing?
I don't think they literally meant public transit can't be profitable in any scenario, they meant that it takes a conscious choice to put money into transit with the intention of reaching some second benefit, which is a pretty good comparison to this topic too.
The public transit by itself is a money loser compared to alternatives, but by having it in place you get other benefits that make it worth it overall.
Not an expert but I think it has a lot to do with what gets prioritized by the government and other groups. Tax breaks and other support aren't infinite and where they (any given government) chooses to use them makes a big impact.
At the risk of making it more complicated than it's worth, you really need multiple indexes. Population and GDP are possible metrics, but they still don't capture everything. If we take universities as an example there's an absolute rank, but then there's also a rank within sub-colleges to tell us that while Harvard is a high ranking university, it's comparatively much more renowned for law than for computer science.
I always felt paranoid (without any real evidence, just a guess) that there would always be a chance that anything done in software could be reversed somehow.
reply