Bruce Schneier September 15, 2017 2:53 PM

New comment rule: do not post lengthy lists of links and headlines without comment. This open thread is meant for conversations about technical security, not a place to dump the news of the week. If you have a story you want to comment on, please do. If you just want to post links, please refrain.

I am in the process of making several changes to the moderation policy of this blog. Expect more to come as I continue to try to reduce political arguments. In general, consider these to be a good general rule: If you would not make the comment in my living room as a guest, do not make it here.

Ben A. September 15, 2017 3:01 PM


Hopefully these are in line with the comment policy. There’s also plenty of coverage of the US Equifax leak which is now affecting the UK and also iOS 11 and new forensic acquisition tools.


Weeks after 1Password shit on their customers [by forcing them to upload their passwords to the cloud] lawyers have now discovered that 1Password can “terminate or suspend” access to users’ cloud data (vaults and passwords) “without prior notice or liability” and “for any reason whatsoever”.

Nobody should use 1Password. Their terms of business are not only fundamentally flawed but unconscionable and unreasonable. They could have catastrophic consequences for their customers, especially businesses. Use open source password managers that have been audited: KeePass or Password Safe are free and store your data locally.

“We may terminate or suspend access to our Service immediately, without prior notice or liability, for any reason whatsoever, including, without limitation, if you breach the Terms. All provisions of the Terms shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability. Upon termination, your right to use the Service will immediately cease.”

The Crypto-Keepers

Pavel Durov, creator of Telegram, discusses how the FBI attempted to bribe his team into becoming moles.

He makes further reference to US-based ‘secure’ messaging apps.

The Backdoor Threat

“If I had cooperated in adding a backdoor [into curl] or been threatened to, then I wouldn’t tell you anyway and I’d thus say no to questions about it.”

[snipped by Moderator]

MarkH September 15, 2017 4:30 PM

Deepening Mystery of Sonic Attacks in Cuba

An Associated Press story on how difficult it is to make sense of the incidents in which US and Canadian diplomats suffered distressing experiences and a range of lasting health effects — some very profound — associated with loud and unusual sounds, the origins of which were not apparent.

I expect this topic was discussed here previously; I’ve been too busy to follow the blog consistently.

What I believe is new about this AP account, is how a number of factors compound the mystery, making it so difficult to propose plausible explanations. The article describes the bafflement of American investigators and security officials.

Some of the aggravating factors:

• large variations in victim reports of the strange noises

• large variations in the symptoms of those who have suffered losses to health

• difficulty in explaining how a feasible high-intensity sound attack could produce the observed health effects

• difficulty in explaining how a feasible sound attack could produce the locality (very loud in one spot, not audible a meter or two distant) reported in some cases

• obscurity as to who might be the attacker(s), and possible motivation

In respect of the last point, note that Cuba has long had favorable relations with Canada, and substantially improving relations with the US in the time frame of these incidents.

Ben A. September 15, 2017 4:55 PM

MarkH, take a look at those two links I’ve provided above in relation to this story.

There’s nothing consistent about this and it seems even the Cubans are baffled as to what’s going on. They’re being unusually cooperative.

The medical evidence suggests that the reported symptoms are impossible to produce with current weaponry so this could very well be a novel device unknown to mainstream experts.

MarkH September 15, 2017 5:29 PM


Thanks for your attention to moderation policies. The long lists had interesting links, but I have found them disruptive to the sense of a flow of discussion.

To take that a step further, I would welcome a limitation on the length of comments: either the displayed length (with some control to click at the bottom for readers wanting to see the rest of a long comment), or in the number of characters.

Stating the Obvious September 15, 2017 5:59 PM

U.S. Navy Investigating if Destroyer Crash Was Caused by Cyberattack

“The USA Fitzgerald and the McCain, both Arleigh Burke-class destroyers outfitted with a suite of advanced sensors and weapons, represent two of the most capable ships in the Navy’s arsenal. The collisions have raised troubling questions about the readiness of the American Pacific fleet at a time when it faces a number of threats in the region, from North Korean missile tests to China’s territorial claims over disputed islands.“

Well gee like six months late guys!
These ships need several hardened independent solutions that are fused together. Any dependencies should raise IMMEDIATE Red Flags and battle-stations mode.
Then draft some laid-off/canned Google engineers.
Either that or replace sailors with Elon Musk designed killer robots!

Moderator September 15, 2017 6:05 PM

@Ben A: Unfortunately, yours was the sort of lengthy post, consisting mostly of links, that we’re now discouraging, so as to promote conversation rather than a tl;dr morass. I’ve left your remarks on 1Password and the next two stories, and snipped the rest.

Sancho_P September 15, 2017 6:20 PM

Sorry, I have another lengthy point only tangent to security but it saddens me deeply, as it will be done by instruction sets the public will never know of:
Censoring free speech.

First they came …
(please read the linked wikipedia for the subtile US distortion of the quote)

… See, we have secret laws, and we have secret Amendments, too:

Yes, it’s your right to speak out freely,
– but it’s our right to silence you – because we can.

We may call it naive to store critical data (or any other important stuff) in the cloud.
But due to the contrary propaganda and a feeling of coolness many will have to learn it the hard way:
Do not entrust your property to strangers!

From traveling into the GDR I recall their motto:
Think what you want, but don’t tell anybody: Do not even trust your wife or kids.

I really do hope our time runs out before we reach that kind of freedom.

[1] It doesn’t matter if it is done by humans or an AI-powered algorithm.
To deny the word, to silence anyone, is contrary to find clues, to understand motives, and to react.
It’s the most insensible action we can take.
The only real power mankind has over animals is free speech.

If some speech is against the law, LE and justice system must handle that.
When business and laymen do justice we’re back in the Middle Ages.

furloin September 15, 2017 6:49 PM

@Bruce Schneier
“Posted on September 22, 2017 at 2:53 PM”
Am I the only one seeing two squid blogposts? One for this week and one for next week? Bruce you’re not a robot surely?

Winston Smith September 15, 2017 7:07 PM

Another thought on the Equifax breach…

If we get the government regulation that many clamor for, what to do if that resolution mandates silicon chip implants? Or requires private key registration? Or some other insidious effort? Ultimately the government’s choice of resolution might not be optimized for security/privacy but rather for control given the long history of government.

Wm H September 15, 2017 7:08 PM

@Mark H,
I would suggest one explanation as to how an attack could produce the locality (very loud in one spot, not audible a meter or two distant) is that the sound is most likely being generated in the ear.

For example, if you burst an eardrum it will sound very loud to you, but no one else nearby would be able to hear it. Basically, if they’re hitting the eardrum or associated nerves, it could generate a unique sound heard only by the victim.

What I’m curious is the reports of victims having difficulty “recalling specific words”. It’s unclear if the specific words are the same words for everyone, or if they are unique to each victim. From the way it is reported it seems to be the former, which would be really freaky, MKUltra-tinfoil-hat freaky, to say the least.

Alejandro September 15, 2017 8:02 PM


Your new rule has me confused.

Our political system has either specifically created or failed to responsibly act on many of the electronic privacy rights and security issues of our time. Thus politics and security are deeply intertwined.

How can we talk about one and not the other?

Godel September 15, 2017 8:03 PM

How about an extra post on Fridays just for news items with links? I downloaded last week’s squid post as HTML and it came to a grand total of 277kB.

Nick P September 15, 2017 8:24 PM

@ Godel

I’d start by copying and pasting just the comments into a text file to eliminate the HTML, CSS, etc. Then, filter so you have insightful, productive comments versus filler or the games people play. My current list of all my key essays and designs I’ve pulled of the blog into text form is under 1MB. That was for a prolific writer over most of 8-10 years. You’re talking one page of 100 comments in HTML. Whatever useful information you’re storing should result in a text file substantially less than 277KB. 😉

@ Alejandro

There’s specific times that politics gets in the way of tech. Those are proposed laws or existing laws. Substitute regulations for laws where appropriate. Also, subtract proposed laws that haven’t gotten far in their legislatures because scumbags propose evil laws all the time. Not worth reporting on in a forum like this. So, we talk about politics when it definitely effects us and is specific to technologies. That’s either bills that are about to pass, laws, or secret laws (eg Snowden stuff). That would actually cut off much political discussion here since much of it that comes near what I describe is based on speculation or just worrying. As in, people are just venting their emotions about what might be going on instead of writing constructively on what’s proven to be going on. Better to do the former on other forums with the latter being default here.

Lobotomised September 15, 2017 11:56 PM

I think your new moderation policy is sure to focus the content of the blog. However, I also think it will curtail thought and discussion from potentially productive avenues. Perhaps that’s what you want.

Bruce Schneier September 16, 2017 1:30 AM


“To take that a step further, I would welcome a limitation on the length of comments: either the displayed length (with some control to click at the bottom for readers wanting to see the rest of a long comment), or in the number of characters.”

We’re looking into this.

Bruce Schneier September 16, 2017 1:31 AM


“I think your new moderation policy is sure to focus the content of the blog. However, I also think it will curtail thought and discussion from potentially productive avenues. Perhaps that’s what you want.”

No moderation is perfect. We’re doing the best we can with the limited time we have.

Bruce Schneier September 16, 2017 1:34 AM


“How about an extra post on Fridays just for news items with links? I downloaded last week’s squid post as HTML and it came to a grand total of 277kB.”

I would rather those conversations go elsewhere. They cause too many problems here.

Bruce Schneier September 16, 2017 1:35 AM


“Our political system has either specifically created or failed to responsibly act on many of the electronic privacy rights and security issues of our time. Thus politics and security are deeply intertwined.
How can we talk about one and not the other?”

I hope we can collectively figure it out.

Andrew September 16, 2017 1:55 AM

We got to the point where comments are deleted without explanation.
Mmm, not a funny pace to stay…

MarkH September 16, 2017 2:34 AM

A modest proposal, concerning an appropriate role for politics in discussing security matters

Bruce’s note on moderation speaks of attempting to reduce political arguments in the comments, which is not the same things as banning any reference to politics.

In a serious effort to discuss security matters, it makes sense to me to refer as needed to legislation, and actions, by governments; and to the implications for security matters of policies promulgated by governments or political parties.

I hope that such topics can be discussed in a level-headed manner, without veering off into ideology, partisanship, moral judgments, deep dives into political philosophy, or allowing our reading of facts to be warped by personal distaste for some politician/government/ism/country.

When blog comments flow from a “four legs good, two legs bad” mindset, they give off far more heat than illumination.

Cassandra September 16, 2017 3:14 AM

In my view, part of the issue is the practice of using the comments section of Bruce’s blog as an informal forum. It is the wrong tool for that job, a bit like using a hammer as a screwdriver – it works, but the results are poor and messy.
There are probably very good reasons why Bruce does not wish to host a forum – not least, dealing with spam. I am a member of a semi-private forum (its robots.txt excludes the contents from mainstream well-behaved search engines) which has a small number of moderators who mostly delete spam postings. It is more than a single-person job.
Perhaps Bruce could recommend a forum where posts of information-security related links and headlines would not be unwelcome. I think such posts are interesting, and possibly useful, but not appropriate here, according to the current moderation policy.
Similarly, while politics is very interesting to some people, in-depth discussions are more welcome elsewhere, according to current moderation policy, and it might be beneficial to all if a different forum for such things were agreed upon by all concerned.
Above all, this is Bruce’s blog, and he decides what is appropriate to publish here.

Setting up a phpBB-based forum is not difficult, but the administration can be a time-sink. If Bruce doesn’t want to set one up (and I would understand why not) then perhaps one of the regulars might. I am not volunteering.

Clive Robinson September 16, 2017 3:24 AM

@ Ben A, MarkH,

The medical evidence suggests that the reported symptoms are impossible to produce with current weaponry so this could very well be a novel device unknown to mainstream experts.

There is a hidden assumption behind the source of that information. Which is medical science works by working “cause and effect” backwards[1]. This makes much of medical research like forrnsics. The problem is they first have to find a “quantifiable effect” they can argue back to a cause. If they don’t have a quantifiable effect they can measure then they can not characterize the cause and work that back another step to a probable device that caused it.

If however you were to ask the question in a different speculative way then you could come up with a list of potential causes that you could then speculate upon as to a potential weapon. But this would be supposition not fact, but it could give you a way to look for environmental differences between those who are showing symptoms and those who are not, even if the differences are transitory.

So based on the little that is known we are looking for something that causes some kind of stress that produces similar or the same symptoms. Unfortunatly we don’t have the full list just some highlights such as the headaches.

Headaches are caused by many things ranging from some form of pathogen through toxin to forms of trauma or physical insult. The fact that it’s a small and from reports “targeted group” and has not spread, tends to rule out pathogens. Likewise most –but not all– toxins can be found by minimally invasive testing such as blood samples. But most –but not all– toxins need to be taken in small quantities over a long period of time to cause persistant but not fatal effects. Whilst I would not rule out a one of contact with a catalyst type toxin or a neurotoxin –like say dimethyle-mercury[3]– poisons are not likely as they do eventually show up in autopsy screeining as the Polonium 210 radialogical poisoning of Alexanda Litvinenko showed[4].

Which leaves us physical trauma / insult to the body or head. Whilst being hit over the head with a baseball bat can be ruled out there are other forms of trauma. The point is what does the damage is not the baseball bat, I can put one gently on your head briefly everyday for the rest of your life and it would not cause you physical harm. What causes the harm is the energy transfered by a physical force, and what that energy does.

Well physical forces can be “unseen” and radiated at a target from a distance. We know from highschool that sound waves involve preasure and that EM radiation can cause localised heating. What we also know is that amongst others the US has significantly funded research into “non lethal weapons technology” of various forms including HERF weapons for crowd control etc.

We also know or can find out about the likes of “hydrostatic force” caused by sudden preasure changes that are caused by the likes of blastwaves. Also how soundwaves can cause “cavitation” in liquids for “ultra sound cleaning”.

In the US certainly and in other countries there is concern about the effects on the brain of “full contact” sports. The oldest known being “Punch Drunk” in boxers, but more recently the NFL has had to deal with “Chronic Traumatic Encephalopathy” (CTE) which may be of interest.

CTE involves repeated insults to the head, originally it was thought that these had to be major insults causing unconsciousness for medium to long time intervals. Later it was found from autopsies that even minor insults had a cumulative effect. Thus it maybe there is no safe threshold, and certainly a number of highly paid NFL players have concluded that and have decided that the significant rewards of an NFL career is not worth the risk, even though they have not been knocked unconcious or had a concussion.

You can look up the more sever symptoms of CTE on the Internet the Mayo has an easily accessable list[5].

The important thing to note is that as far as a weapon is concerned CTE causes cognative, memory and personality changes. If you were after Diplomats and Intelligence Officers these would be highly desirable. Especially as currently there are no medical tests that can be performed on a living patient that provides definitive proof of CTE. Even at autopsy the signs are difficult to diagnose even in severe cases.

If there is no safe lower limit and the effects are cumulative and can be caused by sound preasure that soldiers can experiance during training then it is something that should be considered for a weapon.

The question is are there ways to use either sound or EM radiation to cause the equivalent of a “head shake” without the target being realy aware of them.

For instance short pulses of radiated energy with high impulse energy but duration sufficiently short that inertia and slow response of the nervous system in the target does not make them consciously aware of the insult would be something to investigate if you had no ethical or moral constraint.

A short burst of several high impulse energy pulses would cause cavitation in fluids in the body causing localised preasure effects that although quite transitory could have the same energy delivery as a hard punch. But without the sustained force necessary to create more than fractional major body movment. It would also be outside of the human bodies sensory perception range. Think of it as a high power ultra sonic device, that is pulsed in the infra sonic range. We know that infra sound on it’s own can if sustained cause “unearthly feelings” and effects such as making you vomit or suffer from laxity in the bowels and bladder, along with psychological effects such as fear / paranoia. The reason infrasound does not get used very often is the very long wavelengths make it inefficient to generate. However ultrasonics can be much more easily generated especially into fairly tight beams of energy. If such a beam was modulated with pulses in the infrasound range then a nonlinear response surface such as the human body would demodulate the modulating frequence relatively well.

As I’ve mentioned in the past back in the 1970s through 80s research was being done into using two ultrasound beams with a difference frequency down in the same frequency range that brain waves etc have, for the purposes of defence by offence.

So I would certainly not rule out that these US and Canadian diplomatic staff were being subject to such a weapon.

[1] Normaly hard science works from cause to effect for several good reasons, one of which is repeatability. However when you move to living creatures morals and ethics become involved. As far as medical science is concerned you have the “First do no harm” restraint that has for good humain reason in more recent years been relaxed to the point where you can do harm if the outcome is less harm[2].

[2] You can see this with chemotherapy, which put simply is to inject some quite nasty poisons / toxins into your system that are primarily targeted at the cancer, but still do considerable harm to the rest of you in the process. The trick is that the cancer takes a fatal hit whilst the rest of the body does not so in time it can recover from the harms from the toxin, free of the cancer.




Clive Robinson September 16, 2017 3:58 AM

@ Stating the Obvious,

I would not rule out “trained stupidity” either.

Sophisticated systems need “usable” interfaces at many levels. Such systems usually replace older less acurate and slower technology.

In the past the captains of sea going vessels because of the slowness and inacuracy of navigation systems used to excercise caution and stay out in deep water as much as possible. Which had the side effect of making the vessels quite conspicuous to the likes of radar, thermal imaging and sonar type devices etc, thus they were “easy targets”. In old “battleship” days prior to radar and spotter aircraft the main form of defence tactic against being shelled was “to lay down smoke” upwind of the enemy like a fog bank such that it would roll down on them alowing the likes of destroyers to get well within attack range of the enemy without getting blown out of the water by the battleships much longer range guns.

Since that tactic nolonger works “shore hugging” is now a favoured tactic, but this requires fast and accurate navigation systems with a highly responsive helm. Which has given rise to quite sophisticated systems.

If you are only trained on the sophisticated systems and your battle planing is predicated by tactics reliant on such systems and even the vessel design is predicated by such systems you have to ask the question of “What happens when they go partially or fully wrong”.

It the crew are not on a bridge because the vessel has no traditional bridge then the crew do not do training that would only be done from a bridge. Likewise their thinking would not have the depth of experience required to be effective in a traditional bridge command arrangment.

In effect they have lost seamanship skills to a greater or lesser extent.

Thus when something goes partially wrong with the sophisticated systems it may not “flag up” in a manner or time that the command can adjust to especially if you are in tight to the shore or in busy shipping lanes.

Hence you have “trained in stupidity” of having put your vessel in the wrong place at the wrong time when something goes wrong, and not having the required facilities or skills to be able to get out of the position before trouble happens.

Cassandra September 16, 2017 4:00 AM

Just to add a couple of items:

1) Re: comment length. One technical solution is to us the same approach as The Register, where comments beyond a certain length are cut-off by greying out and have an ‘Expand Comment’ button. I have not inspected the page source to see how it is achieved.

2) Re: additional forum. Some regulars may wish to post on Soylent News. It should be accessible via TOR ( 7rmath4ro2of2a42.onion ), although currently few people do, so access may not be reliable. It carries no advertising, requiring voluntary funding – what this means is that you don’t have to pay, but if you don’t, it may not cover its hosting and other costs. It was set up as a spin off from Slashdot.

neill September 16, 2017 4:31 AM

maybe there could be a system of “popularity” that that would allow ben, clive et al. (other frequent posters) to voice their concerns to post before others

or maybe a system with “like” or “no like” would eliminate weird posters

Edward Morbius September 16, 2017 4:39 AM

Can an information regime passing the “Podesta Test” be specified?

The “Podesta Test” is the term I’m using for the ability of a high-profile target to make effective and non-fatal use of an information or communications medium without risking catastrophic unwanted or inadvertant disclosure of personal information.

Passwords alone are not sufficient. User-oriented encryption seems likely necessary (e.g., not merely service-wide encryption-at-rest, or SSL/TLS level ecryption-in-flight). At scale (billions of potential users), the ability to recover from lost or damaged keys is necessary — on the order of 10k times/daily. And there may be a call for some form of lawful decryption in specified cases.

I’m looking for discussion on how possible any of this is, and if so, what technical tools might provide same.

I’m looking toward:

  • Client-side, PKI-based encryption.
  • Physical-token security component. A near-field device similar to the NFCRing strikes me as ideal — think a modern signet ring. Preferably working within mm range, though a few cm might be viable. (If timing-based, this is ~0.1 – 0.001 nanosecond scale.) The system should not allow reading / monitoring from greater than 1m if at all possible. (Other form factors are possible, this strikes me as generally preferable.)
  • Replaceability of tokens: If lost, damaged, or compromised, the token can be replaced and previously-encoded data accessed. If possession of the token is itself a risk, the token may be discarded, destroyed, rendered unusable, or deactivated.
  • Physically: nothing pluggable. Both devices and sockets are too susceptible to damage. Contact / near-range only. This should work at the scale of, say, Tokyo Subway use, without significant maintenance / management headaches.
  • An identity management system tied to the physical factor. That is, the token itself is where at all possible not the identity, but provides access to a store, with specific IDs, counterparties, policies, access, etc., under user control where possible.
  • Quorum-based key recovery, possibly with an additional workfactor. E.g., some n of m key parts distributed amongst known entities, possibly with a degradation of the fragments such that some bits would have to be reconstructed, constituting a work factor. See Will Power’s PGP whitepaper on quorums (2003).
  • Possibly a public ledger / blockchain system for key rebuild or forcing. The benefit would be a reduced workfactor, the cost would be that such actions would be publicly disclosed, either fully or perhaps with some workfactor required as well. (Balancing disclosures becomes an interesting question.)

The goal is to make interception and exfiltration hard. (And of course, what alternative attacks are then pursued becomes … interesting.)

Allow for key recovery when desired by rightful owner, via split-key quorum. Also for data inheritance and/or legal access, but with a significant cost, and with full, if not immediate, disclosure.

Opportunistic encryption where possible.

If used in email or other messaging systems, there’s the matter of spam and abuse.

Metadata issues need to be addressed. PKI, particularly PGP/GPG, leaks this in spades, I’m well aware.

Key management should be as simple as possible. (But no simpler, of course.)

If keys are regenerated, the question of how/whether to re-encrypt data previously encrypted on an old key arises.

Designing the system capabilities to scale and threat should be a consideration. How many “John Podestas” are there? High-concern targets? Including political, military, business/corporate, finance, technological, and lower-scale targets? Thousands? Millions? Billions? (I’m suspecting “millions” for medium-to-high risk, a few hundreds to thousands of extreme risk.)

I’m interested in discussions of what’s possible, what’s not, and any possibly related projects. I see establishing protocols (hardware, software, comms, identifiers) as a very significant part of this. A sense of how protocols are, and are not established is key to anything useful developing.

I blog from That may be a useful intitial follow-up point, probably at the current Open Post.

I have some though not deep crypto experience myself.

Bruce Schneier September 16, 2017 6:33 AM


“We got to the point where comments are deleted without explanation.
Mmm, not a funny pace to stay…”

Yes. That will happen, especially posts that are obviously trolling or nasty or off topic. Everyone can read the blog posting rules. If a post is deleted, it’s because they violated one of those rules in the eyes of Myself or the Moderator. Neither of us have time for detailed explanations every time, and just deleting the offending posts is less disruptive.

My hope is that the blog will be a more fun place to stay: more interesting, less argumentation, politer. The alternative is shutting down comments, which I don’t want to do..

Bruce Schneier September 16, 2017 6:34 AM

@ MrC:

“Gee, I rather liked the lists of links and looked forward to them each week.”

Apologies, but they were doing more harm than good. There are other places for security news.

Ben A. September 16, 2017 7:41 AM

@Clive Robinson

The links I originally posted, but were snipped, responded to your hypothesis:

“And no single, sonic gadget seems to explain such an odd, inconsistent array of physical responses. “Brain damage and concussions, it’s not possible,” said Joseph Pompei, a former MIT researcher and psychoacoustics expert.”

“Somebody would have to submerge their head into a pool lined with very powerful ultrasound transducers.”

Another article talks about how nitrophenyl pentaden was used in the past on door handles and how radioactive nails were embedded into vehicle tyres for tracking:

There are more fascinating links that I’ve been reading but I shan’t post them in deference to the new moderation policy (as I don’t have time to comment on each URL).

JG4 September 16, 2017 7:43 AM

I’m with everyone who likes Ben A.’s links, but rules are rules. maybe the links can come back if/when filters are settable. the good side of the refocus is higher SNR and better discussions. the downside is the Procrustean bent. there was a hint of how long is too long, which I won’t have time to hit today. btw, my suggestion of viewing toggles doesn’t have to reside on the server side. I may not have said that it easily could be a browser plug-in that is open source. Nick P.’s excellent discussion of how to download and filter is spot on, even if it isn’t done in a browser. @Nick P. – have you considered open-sourcing any aspect of your filtering tools?

it’s not my living room and I feel bad that I pushed the limits, even if I was trying to illuminate why the quest for security on your planet is never-ending. living on scraping slabs of rock on a melted ball of iron circling a nuclear fireball may not be the best starting point for security, but there is no current access to Planet B, which does have a frozen core. and there is no Plan B. in a nutshell, your security always can be taken to further increase someone else’s security, irrespective of whether it is computer security, energy security, financial security, economic security, health security, water security, food security, or shelter security that is taken to grind out more money and power. one aspect of security is the power to be free from retribution, which is an element of full-spectrum dominance. if full-spectrum dominance were held by enlightened rulers, it might be the best thing that ever happened on your planet, because democracy and trust have very serious scaling problems. unfortunately, the politicians that people crave have the big six personality defects.

further, neurons, brains, people, groups, companies, agencies and governments are adaptive systems, so they always and everywhere are getting better at repurposing your security. enlightenment is realizing there are better approaches that increase everyone’s security. these are not necessarily zero-sum games, and that there often are win-win scenarios. in the absence of enlightened rulers, you have to get better at keeping what little data security, money, skills, health, water, food and shelter you have as the rules are changed bit by bit (no pun intended) to tilt the game to the state-sponsored winners. endarkenment is making things worse than zero-sum, moving into lose-lose more propositions, especially when there are better alternatives. because most governments and corporations have utterly failed to manage conflicts of interest, they have, perhaps unwittingly, put at risk the entire human population on the planet. enlightened robots and AI will find win-win scenarios. endarkened robots and AI will find lose-lose more scenarios.

@Clive – one pair of terms of art are blue-water operations and brown-water operations. the PT boats may have been the leading edge, besides being the naval equivalent of Boyd’s blitz fighter planes. river patrols in Vietnam were memorialized in Apocalypse Now. I remember reading about a couple of seals who swam n miles up a river in North Vietnam to blow up a petrochemical facility, quite successfully. I think that they spent much of the day laying underwater in the weeds breathing through pieces of hollow reeds or bamboo, while the leeches slowly ate them. unfortunately, the river was an open sewer, as they were in Roman times and in the US as recently as the 1960’s. if swimming in an Asian sewer doesn’t convince you that big pharma is part of the MIC, maybe it would start with an epidemic of malaria in your canal digging team. during my time in the imperial forces, there were legends of an incurable venereal disease (STD) in Asia that would get you sent to a quarantine camp without hope of ever going home. that could have been a clever application of game theory to the problem of keeping the J-bars out of trouble.

can’t recall seeing this mentioned for quite some time

Silent Circle | Secure Enterprise Communication Solutions Firm
Silent Circle offers private and encrypted mobile devices, software applications, and communication management services for enterprise.
…[who else had a white paper with an awesome framework?]
Nothing seen. Nothing heard.
Nothing disclosed.

Clive Robinson September 16, 2017 8:30 AM

@ Bruce and the usual suspects,

You might want to consider another example of an idea or knowledge put up on this blog, which has subsequently appeared as “A new development” in academia…

The paper in question is,

And if you look down this blog entry from back in 2014,

You will see that the last few paragraphs are a description of a a spread spectrum backscatter bugging device that I had designed and built for various customers some years before that, which the above paper has in effect re-worked or re-invented (make your own mind up on if you think it’s coincidence or not 😉

They have however chossen to use a Chirp Spread Spectrum[1] signal source that is now cheaply available, which offers some advantages in that it can be simpler to synchronise to. Back in the 1980’s I did play around with wide band CSS sources[2] at HF and experimentally at VHF and UHF for radio links. I did consider using CSS for the backscatter bugs but back then the level of compents needed was prohibitive (something the authors of the paper point out). So I went for a number of different solutions. The simplest was a DSSS solution similar to CDMA systems used in mobile phones from the mid 1990s. A much more interesting and inovative solution was using Walsh functions that I’ve yet to see anybody write up about (but give it another couple of years ;-).

@ Bruce,

Maybe keeping the blog alowing long posts will be benificial not just for everyday readers but graduate and other researchers.

Also the issue of “foot note” links, it’s often simpler to give such a link than it is to give a written description, for people to catch up to “the state of the art”. The newer or more complex an idea generaly the more foot notes it needs, which I appreciate is a bit of a problem.


[2] I first came across CSS in the early 1980’s, when it was used ti sweep across the entire 3-30MHz HF band. As the main use for CSS outside of lowpower radar systems was for “propagation soundings” to find the Maximum Usable Frequency (MUF) for long distance HF communications, and the number of skywave hops etc to adjust antennas for best probability of a working path.

JG4 September 16, 2017 9:01 AM

following up Clives, Ben A.’s and comments on the possible sonic weapon. I had a couple of ideas as I read this:

there is a very clever way to produce high-intensity localized sound, which is to focus a pulse laser to a small enough spot in air that the electric field intensity exceeds breakdown. the result is a loud snap and bright flash. I had a dream in the late 1980’s or early 1990’s that I was witnessing the test of a high-power military laser on a stone wall. I was expecting the sound from all of the lasers seen in movies, some sort of squealing noise. when the rock vaporized, there was a deafening concussion from the shock wave. that is a different acoustic effect and also would be accompanied by light, but can easily transit glass and could be devastating. if that were patterned on a wall, the resulting shock wave could be focused at a point in the room, e.g., at the targets ear drum, resulting in a painful rupture and bleeding.

the observations don’t seem to include bright lights, which would accompany a laser spark or plasma production from a surface. I didn’t seen any mention of the visual effects that would accompany Clive’s suggestion of a focused microwave beam inside the skull – a shock wave intense enough to produce TBI would almost certainly produce flashing lights that I saw too many times. I raised the issue of numerical aperture, wavelength and spot size around that time, and it still is relevant to the possibilities of a microwave attack. the limitations can be partially defeated in the near-field, but again it is unlikely. the observations could match a new energy delivery system that either produces sound as a side effect, e.g., thermal expansion of brain tissue from high power microwave pulses or production of high amplitude sound waves by heating ambient water vapor fast enough with microwaves.

herman September 16, 2017 9:01 AM

Regarding the ‘Cuban audio weapon’. I think someone used an old air powered jack hammer to break up some concrete and the young and sensitive snowflakes in the Canadian embassy never heard one before, as they were outlawed in the 1970s in most cities. (BTW, I’m an old Canadian slowflake, eh.)

Another interesting chirp noise annoyance that fortunately stopped operating were the Woodpecker radars. These were huge HF, over the horizon radars that were designed to detect incoming cruise missiles and nap of earth flying bombers. The Woodpecker radars were so named due the incessant check-check-check noise that HF radio amateurs were pestered with for decades.

The last Ukrainian Woodpecker was switched off when it became contaminated by the Chernobyl accident. The antenna is still there in the forest.

Wael September 16, 2017 9:12 AM

@Clive Robinson,

Every time you remind me of electromagnetics I wonder how in the world I got stuck with security and digital when my interest was always in analog and electromagnetics! Computers are just tools, like a hammer is, to me. Oh, yes! Now I remember:

One of my first jobs was a Microwave engineer, working on waveguides, strip and slot antennas, etc… It was a private company that worked on military specs and supplied parts to the defense (offense) industry. The owner / founder of the company was a mechanical engineer who didn’t understand the theory very well, but he had a successful buisness. One day he showed me a mechanical gauge on a waveguide that can be calibrated to show the frequency. He asked me what I thought of it. I told him it’s the dumbest idea I’ve seen; it should have been an LED or LCD display. He was really upset and told me: it’s my idea and I have a patent on it. I told him: well, maybe it doesn’t suck that much 😉 My tenure at the place was ubruptly “terminated” – lol 🙂

Sancho_P September 16, 2017 9:56 AM

@Moderator / Bruce

I am happy regarding improved moderation policy, many postings were to long for their content, it took more and more time to skim through the blog.
Same for the link postings (although Ben A.’s links were interesting, only who has the time to follow them – with nearly zero input for one’s daily life).
I appreciate deleting posts without notice, it’s your blog / time.
On the other hand it’s disturbing that we need a policy, but we do.

I like the single-daily-item style of this blog (and Friday’s scatter).
However, I’d love to read more comments from @Bruce, to have his opinion to our sometimes controversial comments.
But who has the time!
Thank you!

Sancho_P September 16, 2017 9:58 AM

Re: ominous weapon in Cuba

From Occam’s razor:
Have a look at their new spy equipment in and on top of the building for a technical flaw, or the AC for delivering air from (overheated) electronic components into the offices.

Ben A. September 16, 2017 10:14 AM


Having given the Cuba incident/s careful consideration I can’t attribute the effects/symptoms to one weapon alone: you get reports of one symptom which is diametrically opposed to another and cannot occur together.

The disparate symptoms suggest multiple weapons or surveillance technologies, e.g. electromagnetic radiation flooding the building, powerful x-rays, sonic weapons against individuals, maybe even poisoned food.

Even the pulse laser theory wouldn’t tie together all of their symptoms and would likely cause even more, and detectable, damage to its victims.


Regarding the new moderation policy, it’s Bruce’s blog and he’s free to impose whatever rules he pleases. He gives the example of conversation which is acceptable in his “living room”. Not knowing Bruce personally it’s difficult to gauge what he considers acceptable living room talk.

It may be an idea to provide two squid blogs – one for security news and one for everything else – although it’s difficult to know where to draw the line as some of Bruce’s own blog posts are ore government policy/politically oriented.

Maybe the rule goes as thus: if Bruce writes a policy/political blog post then the comments can be policy/political. For squid blogs, computer/technical security only.

In any event its Bruce’s blog which he provides at his own expense, with no adverts, so I’m not in any position to complain.

If there is to be an arbitrary character limit I think 2,000 characters would be a reasonable compromise or and unlimited length and some sort of ‘read more’ button for anything over 2,000 characters.

Trained Stupidity or Incompetence? September 16, 2017 10:23 AM

Equifax hired a music major as chief security officer and she has just retired

Equifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.
This is the person who was in charge of keeping your personal and financial data safe — and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.
Reporting by a few tech-savvy blogs has found that as soon as the Equifax data breach became public, someone began to scrub the internet of information about Mauldin.

albert September 16, 2017 12:08 PM

@Clive, Ben, Mark, et al,

  1. There are no moral restrictions on military research, only window-dressing for public consumption.
  2. The Russians used microwaves to irradiate US embassy personnel in Moscow from the late 60’s onward.
  3. The serious health effects of HF EM radiation have been known -and disregarded- since the 70’s. (See “The Zapping of America”-Paul Brodeur)
  4. High-power ultrasound (HPUS) is an unknown, as far as effects on humans is concerned. Animal study data is difficult to extrapolate to humans (mice can hear 90kHz tones). You can bet military research is ongoing. It started with sonar in WWII. Super-power sonar kills unknown numbers of marine mammals every year.
  5. EM radiation health effects are cumulative. HPUS effects may also be. As Brodeur showed, most scientists are still are unaware of research on these subjects.

  6. Perfect weapons are not detectable by humans alone*…they are the Holy Grail of warfare.

*even with instruments, who knows the ‘safe’ limits of HPUS? Is it the scientists who set the ‘safety’ limits for ionizing radiation? Governments like Japan, that keep raising the ‘safe’ limits around Fukushima?
. .. . .. — ….

AlanS September 16, 2017 12:12 PM

@Bruce, Nick P, Alejandro, and Winston Smith

Bruce has commented in numerous places (e.g. here, here, here, here) on the need for regulation to have security, most recently in the post on Equifax:

But if you want to prevent this kind of thing from happening again, your only solution is government regulation (as unlikely as that may be at the moment). The market can’t fix this. Markets work because buyers choose between sellers, and sellers compete for buyers. In case you didn’t notice, you’re not Equifax’s customer. You’re its product….This market failure isn’t unique to data security.

For why this is “unlikely…at the moment” see Balkin’s The Recent Unpleasantness: How to Understand the Cycles of Constitutional Time. We are in a period of constitutional rot. As Balkin points out, the founders were well aware that republics are very susceptible to constitutional rot, that factions will arise, that government will become oligarchical, and there will be periods in which anger with the decline of republican government will be exploited by demagogues. But he argues these states have cyclical in America, that the controls put in place by the founders, at least in the past, have allowed for the rot to bottom out and the restoration of the constitutional order and greater security.

Economists and politicians often cite Adam Smith to justify the idea that the market is self-regulating, natural phenomenon that when left alone will best serve the greatest number. He made no such argument. He knew all about the numerous ways markets could be detrimental to the social good and advocated for regulatory firewalls to restrain the “exertions of the natural liberty of a few individuals, which might endanger the security of the whole society”. He was also well aware that governments often fail in their regulatory role because they are captured by factional interests. Markets are not natural phenomenon. They exist in the context of institutions and regulations. The market is regulation. The regulations can be good or bad to various degrees. They can serve narrow interests or they can serve broader social interests, more or less. But the only way you will get close to good government, as both the founders and Smith were aware, is if the tendency towards factionalism is constrained, inequality is limited, and there is an educated and informed citizenry. Since at least the 1970s many of the controls on factional interests and the concentration of wealth, have been weakened (see here for some discussion. Note also that rational choice approaches to human behavior are internal to this process).

In the current circumstances it doesn’t matter whether we are or are not the customers of Equifax, Amazon, Google, Facebook, etc. What matters is, to paraphrase Bruce, “In case you didn’t notice, we are not the government’s customer”. Market failure is institutional failure.

albert September 16, 2017 12:22 PM

I’m only a bit surprised at Bruces new rule for long lists of links. My problem is that most of the links are so damned interesting that I obsess about them:)

I’d rather a short summary of one or two, carefully chosen with regard to Bruces guidelines.

I’m glad to see the disappearance of gun control, Trump/Hil’ry, Russian hacking, gov’t apologists, and personal attacks.

Well done, Bruce!

. .. . .. — ….

ab praeceptis September 16, 2017 12:34 PM

“Bruce Schneier cutting politics”

I myself once had a hardcore stance wrt politics here: None at all. In the end some people here convinced me arguing that security and politics often are strongly intertwined.

How about waiting and seeing first for a while?
It is my understanding that Bruce Schneier will not cut out politics completely but that he rather will cut out politics without concrete and relevant relation to a given security topic we discuss – which sounds quite reasonable to me.

One point I find a little sad is that JG4’s and a few others “news lists” will be gone. One the one hand I understand our host; I’ve complained myself; One is following a discussion and – bang – there is a big fat and unrelated news list.
On the other hand, thinking again, I found that my (personal) grief was basically about two things: a) they were too long and omnipresent and b) much of it was from widely read lists (like NH) or from questionable sources.

Insofar as Bruce Schneier pleases to consider comments/suggestions from regulars (which, well noted, he is not at all obliged to do in his “living room” here) I’d like to suggest a somewhat milder line, namely something like:
– only in the squids
– a certain max, e.g. 10 topics (not bold!) with 2 or 3 TL;DR lines each
only with concrete and obvious relation to security
– only not yet HN published items
– Must begin with a one liner that is clear, eg. “– [news list] –”

  • regulars (who do not make the above mentioned lists) can occasionally(!) post a news item, provided it’s obviously and clearly about security, which they feel important enough to be posted for our peers here.

All in all, however, I’m very pleased by our hosts new regime. Frankly, I was increasingly often wondering whether I’m on redit or on Schneiers blog during the last months.
From what I see so far (it’s quite early after all and still somewhat in progress) I’m very positive and looking forward to a good quality security blog. Let us support our host the best we can!

Frank Wilhoit September 16, 2017 1:13 PM

How – Why = 0

Why + Dishonesty = Politics

If these propositions were not true, we would have no problems of any kind and therefore have nothing to talk about. The mere existence of a discussion forum presumes that there is politics and that politics is the problem, the apud qua non. The necessary end state, the precondition for anything to actually be accomplished, is zero politics. We’re not going to get there, except as a thought experiment; but, as long as there is politics, thought experiments, and specifically thought experiments of just this kind, are all we have and all we can have.

A Nonny Bunny September 16, 2017 3:12 PM

Can anyone recommend some of those “other places for security news”?
(Preferably something easy to catch up on/with each week. It’s a bit of a weekend ritual for me.)

Sancho_P September 16, 2017 3:25 PM

@Ben A., re interesting news aggregator

As I understood @Bruce doesn’t want to host kind a news collection, esp. with non technical themes, neither during the week nor on Friday.
It might also involve some legal problems.
On the other hand, your semi automated aggregator 😉 produces a ton of good stuff, interesting for many of us who don’t have the time to search themselves. May I suggest you post them, exactly as there were seen here, at a more common place (pls not facecrook, probably check with, it sadly requires JS) and put a short hint here on Friday Squid, probably with one specially selected item / link and your comment.

A character limit is easily circumvented by bozos and really bad if one post really needs two words more – sensible people should know when it’s enough.

MarkH September 16, 2017 3:52 PM

@Nonny Bunny, et alia:

The squid post has been a place to catch up on security news for as long as it’s been around …

Commenters often bring attention to an interesting/important security story. I myself have brought up such news items now and again.

What’s a more recent development, is the frequent appearance of really long comments with links to a whole bunch of stories … lacking any particular point or message.

Imagine some folks are sitting at the pub of an evening … or in Bruce’s living room 😉 … discussing their favorite topic.

And then one or two participants, instead of saying “I heard an interesting thing today,” or “here’s my take on Fred’s idea,” spent several minutes playing clips from every story on the TV evening news programs.

Probably informative, and likely with points of interest, but not really conversational.

A Whopper of an Idea September 16, 2017 4:04 PM

Smart phones are known to emit both ultrasonic and infrasonic waves for completing the chain to Digital Voice Assistants. Thank you advertiser Burger King!

The smart phone is held extremely close to the brain and ear so the amount of power to damage a delicate ear drum is greatly lessened. Think of earplugs on the plane to Cuba.
Smart phone Lithium batteries hold considerable energy charge.
The latest phones can play very loud with minimal distortion.

Playing Our Song
The damage would obviously vary depending upon the model and how its was positioned with in-ear-buds the worst. Can the volume control be hacked too while headphones are attached?

Societal Conundrum
However I’m addicted to $1,000 smart phone and Whoppers!
So critical these phones are the primary basis for billions of mass surveillance targets.
Forrest says time to speak loudly and let your voice be heard.

Milo M. September 16, 2017 4:15 PM

“QUESTION: . . . any response to the report from the Associated Press . . .

MS NAUERT: Yeah. So I certainly read the article with great interest, as did a lot of us. There’s not going to be a lot that I’m going to be able to confirm about that report. . . .

I don’t have any change in numbers to provide you at this time. We can certainly say that 21 people have been affected by this. We hope that that number will not increase. We certainly can’t count that out. We are having our people medically tested. We have a full-time medical officer who is there in Cuba. . . . The investigation into all of this is still underway. It is an aggressive investigation that continues, and we will continue doing this until we find out who or what is responsible for this.

QUESTION: Does the number keep climbing because there have been new incidents or because more people have seen medical professionals and gotten diagnoses?

MS NAUERT: I think – so the last reported incident we have remains the same as what I told you before a few weeks ago, which was late August. We are not aware of anything that has taken place since that time, but our people continue to undergo tests. The symptoms – and I’ll be vague about this, but can be different in different people. And I’m not going to get into any specifics beyond that. But our people are continuing to be tested.

. . . QUESTION: When you – in the answer – your answer to the first question said you weren’t able to confirm the detail – any of the details that were in the report, but you’re not disputing anything in the report, are you?

MS NAUERT: I’m not confirming – I’m not confirming anything in the report. That wouldn’t be appropriate for me to do so, because some of what was reported was very detailed and it would certainly go beyond anything that we would be able to comment on.

. . . QUESTION: Have residences been changed at all?

MS NAUERT: I – Michelle, not that I’m aware of, but I will certainly look into that for you. I think that that is a good question. It’s a question that deserves to be asked, and I will be sure to follow up with our Diplomatic Security folks about that.”

The Canadians:

“The source, speaking on condition of anonymity, said more than five — but fewer than 10 — Canadian families were affected by the attacks. . . . In some cases, they heard loud grinding or ringing noises, or felt vibrations in their bodies. Some were in bed when the sensations began. Some reported the sounds and sensations could only be felt in certain parts of the house, and that they could walk in and out of the affected area, feeling the effects shut off as they moved away from it, and resume as they moved back in.”

A lengthy discussion of biological effects of sound waves in this 2002 study done for the US Navy by UT:ARL (Ref. 12 on the Wikipedia page for “Sonic Weapon”):

Ben A. September 16, 2017 4:22 PM


There are lots of services which don’t require JavaScript like Pastebin, Paste2, GitHub Gist to name but a few. 😉

They’re all anonymous and serve their basic purpose very well.

My news aggregator is actually fully automated although when I was posting links to this blog I was manually intervening prior to submission to ensure quality and to write a snippet about the content. The metatags were automatically added to my personal link farm so that I can search through them in years to come – similar to Pinboard.

If I were to post the URLs to a paste site then I could switch on full automation, people could review the stories and then if they wanted in-depth discussion they could return on here. Obviously this would require Bruce’s express permission as I don’t wish to circumvent his policy by the backdoor.

Sancho_P September 16, 2017 5:00 PM

@Ben A.

You could ask him or the Mod via the “About Me” page, but this would require them to make an explicit (likely positive) statement regarding such an advertising link. Probably they would prefer not to answer.
If such a solution would be easy for you, why not simply try it?

Ben A. September 16, 2017 6:18 PM


If such a solution would be easy for you, why not simply try it?

Because if I was invited to a host’s dinner party with the express instruction not to discuss politics I wouldn’t turn up and distribute leaflets on the subject instead. It’d be discourteous and a personal affront to the host.

Wang Chung September 16, 2017 11:20 PM

@ MarkH • September 15, 2017 4:30 PM – Deepening Mystery of Sonic Attacks in Cuba

Maybe they’re using pulsed microwaves (or modulated microwaves). Microwaves can penetrate the building’s wall. It could be delivered using some type of radar (Wave Field Synthesis) setup. This would account for the large differences in volume

Cassandra September 17, 2017 4:17 AM

Re: Cuban occurrences

Given the odd effects, I would be inclined to look for some kind of neurotoxin, which the affected people might have been exposed to inadvertently. There is a controversial case used in radiology research of a building in Taiwan where radioactively (Cobalt-60 in recycled steel) contaminated metal was used in the structure, and the inhabitants were concerned about the long-term effects. In other words, there could be a (benign[1]) environmental reason why people are experiencing health effects.

There are drugs that affect memory, and others that affect hearing, and something as simple as shellfish algae poisoning have have long-term sequelae. There are other chronic conditions that are more controversial: such as chronic Lyme disease.

As for hearing loud sounds when in bed, following the sense of “There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy.”, there is such a thing as ‘Exploding Head Syndrome‘.

[1]by benign, I mean no one explicitly set out to poison people: it could have happened by accident.

neill September 17, 2017 5:09 AM

@ben a.

i always found your link collection to be interesting, maybe you can collect those someplace else, and just post a link to that URL here (each friday)?

Clive Robinson September 17, 2017 5:10 AM

@ Milo M,

A lengthy discussion of biological effects of sound waves in this 2002 study done for the US Navy by UT:ARL

Lengthy it is at 82 pages, which is why I’ve only had time to read some of it.

The problem with the report is it’s a review of other studies / reviews into a very specific effect. That is discoraging hostile divers from sensitive under water areas.

Some of the resource material it reviews is half a century old, and medical science has moved almost as far in the last half century as it did for the two millennium preceading it.

Importantly though all of the information is about short term effects of sound exposure not longterm[1]. And there were no longterm follow ups on human experimental test subjects, to test for physiological or psychological effects.

Which is important, because we know that lower levels of mechanical vibration in the ELF to VLF range for prolonged periods cause amongst other things “white finger”.

So interesting as the report is[2], it’s not realy relevant not only is it not as good as comparing “apples with pears” but not even like comparing “sheep to sharks”.

We know that medical science has moved on in other ways, not just since the revied reports but the review it’s self. We also know that research into non lethal weapons continues apace,

[1] The only longterm refrence was about protecting farmed fish in British Columbia, where it was found that seals habitutated themselves to sound sources, but that was at best an assumption as to why.

[2] You will see reference to a non lethal weapon designed in the UK using two frequencies seperated by a frequency difference that is in the brain wave frequency range. Which was used by UK military forces, but still officially “No Comment”…

Clive Robinson September 17, 2017 5:44 AM

@ Albert,

5. EM radiation health effects are cumulative. HPUS effects may also be. As Brodeur showed, most scientists are still are unaware of research on these subjects.

This is a contentious issue. The likes of the National Radiological Protection Board (NRPB) still use simple volumetric heating effect and thermal conduction models to assess risk.

It has long been known that these are insufficient due to the likes of resonance effects and non linear dialectric effects. Whilst the NRPB do give a “hat tip” in the direction of resonance effects they do in effect ignore other known issues.

The simple fact is neither politicians nor the industry want more exacting regulations for the usual reasons we have seen played out almost countless times before.

The result is no real research is carried out nor is funding made available for it, and the little that does happen usually gets published in very obscure places.

However as others have noted, what were once very rare cancers in the head and neck are now becoming more common since the use of mobile phones. Whilst we can not say if this is due to mobile phone use or just better diagnostics, I would recommend prudence.

Thus my usuall advice to peoole is “use hands free” as much as possible, and “where possible don’t hold the phone”. That is don’t carry it around in your pocket up close to your body, and try to use it by putting it on a table etc when using hands free.

Clive Robinson September 17, 2017 6:27 AM

@ ab praeceptis,

In the end some people here convinced me arguing that security and politics often are strongly intertwined.

We might not like it –I certainly don’t– but Politics is part of the human condition at all levels. Likewise though few in the general poplulation appear to realise it these days Security is part of the human condition at all levels.

The reason is that “competition for resources” has and always will be part of the human condition at all levels. Hence the sarchastic “First amongst equals” saying.

Thus part of the problem is not “Politics” but “Relevant Politics” likewise it’s also in part not “Discussion” but “Reasonable discussion”.

In recent news a person has been sent to jail for making what is probably just a crass comment, certainly a lot less objectionable than what some comedians have done in the name of humour. We can learn another lesson from this which is “Venue and Audiance”. That is the venue has to be appropriate and the audiance unlikely to be offended in some way. But also another element, in the case of the person sent to jail they were fairly reviled due to other actions they had taken. Thus they had made themselves a target and had drawn significant ire from society upon themselves. Which gave others the excuse they needed to behave in the way they did by sending them to jail, which was most definatly “Dirty Politics” in play, but few if any will object because the person effected was reviled. Thus some may view those who argued for the jailing as “heros” when at other times with other people they would have been regarded as at best loathsome. Thus though it should not mob rule was in effect invoked as in lynching parties of old. Which makes politics also very context sensitive.

Thus the problem of trying to define what is and is not acceptable is not just difficult it also suffers from variability due to contect, social perception and a number of other variables.

As I’ve indicated in the past there are reasons why I do not have my own blog, and politics is one of them. Thus I in no way envy the task Bruce and the Moderator have.

I also from time to time post links I think might be of interest or a heads up for future threads, as I’m also aware of just how much effort it takes to find things of relavance, and also how easy it is to miss the first sign posts of something that may become big news.

Ben A. September 17, 2017 9:02 AM

Some fascinating information on how Apple have implemented FaceID.

All in all it seems very well thought out. The option to disable FaceID and rely upon a numeric PIN or complex password instead still exists.

1 – They don’t transmit FaceID data to the cloud
2 – It automatically adapts to your changing facial features
3 – The secure enclave hosts a non-reversible mathematical representation of your face
4 – Apple have discussed, but not yet implemented, requiring FaceID and a password
5 – Going suddenly from heavily bearded to beardless would probably require your password
6 – “Grip the side buttons on either side and hold them a little while” to disable FaceID
7 – FaceID emits no visible light – it’s entirely IR and existing light (works in dark)
8 – It’ll require password if iPhone rebooted or after 48 hours (just like TouchID)
9 – Five failed attempts of FaceID will cause the iPhone to require your password
10 – Developers don’t get access to raw sensor data
11 – You must use your password if phone not unlocked using a password or at all in 6.5 days and if Face ID hasn’t unlocked it in 4 hours
12 – A whitepaper with “extreme levels of detail” on FaceID will be release shortly
13 – FaceID is super quick
14 – Polarized sunglasses are fine; those with high IR filtration may be problematic
15 – Blind or visually impaired people can disable the “attention detection” feature
16 – “Face ID requires that it be able to see your eyes, nose and mouth”
17 – People who wear masks at work can’t use FaceID

Services like the one below, which create a 3D representation from a picture, won’t work for the reasons already explained:

Clive Robinson September 17, 2017 9:05 AM

@ Bruce and others,

This article on why Open Access to scholarly journals and books has effectivrly failed, might be of interest,

It goes into some depth (and gives other links) as to why the Green and Gold models[1] are failing and the black channel’s like SciHub are succeeding with probably 80-90% of all articles available.

[1] For those unfamiliar with the channel names,

[2] And for those not born in Scotland ‘O Flower of Scotland’ is the equivalent of the Scotish National Anthem.

JG4 September 17, 2017 11:02 AM

follow up comment on the lithosphere from yesterday, the technical term of art for floating slabs of crust. I was wrong, Planet B does not have a frozen core, but it will freeze sooner. the existential threat from volcanism may be 500 million years in the past for Planet B, whereas here, it is no more than 630,000 years in the past, and quite likely lies in the future. the heat in the core of the earth comes from radioactive decay of heavy elements, which were forged in supernovae, while the vast majority of heat at the earth’s surface comes from fusion of light elements in the heart of the sun. the book Dark Sun explores the making of the hydrogen bomb, which uses a fission trigger to ignite fusion of light elements, within a blanket of heavy elements to reflect and amplify the neutron flux. many of the significant advances were made by a Quaker who was too cognitively impaired to finish his thesis work, but revolutionized the business of nuclear weapons in the hope that the horror would steer humans to safety. he later recanted and publicized the lax security in the nuclear “security” industry. one of the most compelling reasons for a security apparatus is the existence of plutonium, of which there is a sufficient quantity to kill everyone on earth many times over. the greater danger is the potential use of plutonium as a chemical-radiation hazard, completely independent of the threat from nuclear explosions. more clearly, aerosolized delivery of plutonium via drones could kill everyone on the planet using only a tiny fraction of the “available” material. the Manhattan project probably was concluded before the risk was even recognized. the quotes on available indicate that great strides in security of fissile materials have been made since Ted Taylor’s tell-all with McPhee.

@Clive – I’d go a step further and say that Politics and Security always have been part and parcel of the human condition, to the point that both deeply affect our physiology and our consciousness. worse, I was slow to realize all of that. I could hope that driving that point home was important enough to leave some minor stains on Bruce’s living room carpet, and I’m happy to stay late and help clean up. your comments on appropriate venue and audience are spot on. as a sufferer of Asperger’s syndrome, my perceptions of appropriateness are not as finely tuned as others. worse, my sensitivity to non-verbal feedback also is impaired. I don’t want to shy away from discussing torture and other violations of international law by the Deep State and other actors, but I’m fine with avoiding a focus on them and trying to get back to the business at hand of secure machines. my screen above about plutonium serves as a reminder of the stakes. I owe MarkH some comments on electric grid security, where a failure would only wipe out 3/4 of the population in North American rather than everyone on the planet.

@Ben A. and others – my comments on lasers, microwaves and sounds weren’t meant to solve the puzzle, just to provide some additional possible pieces. I don’t seem to have tied diver area denial to lithotripsy, although immersion of someone’s head was noted as a method for coupling high-intensity ultrasound to the brain and the Navy research on diver health effects also was noted. the symptoms were described as occurring out of water. it would be a stroke of evil genius to cause damage with a subliminal power level, say in a swimming pool, then divert attention from the real weapon with a less dangerous attack in air. it’s a short step from the deployment of novel technologies by state actors to deployment by non-state actors, especially in cases where the components are inexpensive, widely available and easily assembled. I’ve been reserved in pointing out threat models, because I don’t want to contribute to further violence. btw, the acid attack in France is a good example of the problem with chemical security. that is nearly intractable, short of wearing barrier suits on the street. which is necessary if you don’t want to opt out of the video surveillance system. everywhere I look, I see intractable problems.

@AlanS – Thanks for your profound comment on economics. a lot of my knowledge, including economics, is superficial. I always believed in free markets, until I realized that there never were any. perhaps AI agents will be able to engage in true free market exchanges, at least in cases where the information isn’t asymmetric. a world free of coercion still might be a worthy, though unachievable goal. I realized some time ago how little I know about consumer behavior after reading finely-detailed theories about preferences for goods, including Veblen goods. the development to such a very fine detail level was driven at least in part by the excess profits from use of advertising to exploit cognitive limitations/flaws/biases. by the way, Vance Packard and Thorstein Veblen got a lot of stuff right. one of the things that I appreciate about this forum is that it is framed by our host and us, not by commercial interests like the simulacrum/pablum served up by television. I haven’t watched TV for a dozen years and only sparingly from the early 1990’s until then. Marx may have been correct about the opiate of the people in his time, but there are new ones now.

@albert – a colorful expression for “obsess about them” is “got wrapped around the axle.” in Australia, which came of age in a different time with different modes of agriculture, it is said that “I got hung up in that fence.” I highly recommend Rabbit-Proof Fence. just for the record, I am on both sides of the gun control debate and it holds a deep analogue to computer security in that self-defense is sacred in most Western traditions, but we still prohibit ownership of nuclear weapons. our private thoughts and conversations also are sacred.

I talked to one of the Deep State cogs yesterday, whose body language and facial expressions confirmed that everything, everywhere is recorded, even though he was constrained from saying anything. the exercise of calculating cost of disk space for audio storage can be repeated for various forms of video storage. a meaningful slice of the current demand for FPGA/HDL engineers is the need to extract biometrics from video feeds sent by ubiquitous cameras. FPGA enables a level and speed of compression to keep the cost of disk space in reach. I use biometrics here to include compressed formats for gait, which are unique. body language and facial expressions are another type of side-channel leakage that impinges on the discussion that Dirk P., Rachel, Clive and I had recently. I have a blend of OCD (mild), ADHD (serious), and Asperger’s (mild), as well as a healthy dose of paranoia, so it is easy for me to obsess about writing long and tedious screeds. I have been wrapped around the surveillance axle for a long time. before that I was wrapped around the minimization of attack surfaces by privacy enhancement, until I realized that the Blackwater psychopath next door was far more dangerous than anything else. that coincided with the original Psychopaths and Sociopaths post.

@ab praeceptis – well said.

ab praeceptis September 17, 2017 11:07 AM

Ben A.

1 – They don’t transmit FaceID data to the cloud

“I promise” said the furry predator “that I won’t eat you, dear lamb. I just don’t want to drink a nice cup of tea alone”.

And even if apple could be trusted, which the past strongly suggests not to do: a pen in some politicians hands can do an indeed awful lot.

Keep in mind that face recognition is considered to be one of the current miracle pills against all things evil. Diverse countries are starting FR in lots of public places (and agency buildings) or start to openly do what they did anyway but covertly.

A billion or so high quality ready available face profiles will make many politicians think greedily and have their pens ready.

Clive Robinson September 17, 2017 12:18 PM

@ The usual suspects,

I’ve been known to talk about beauty and elegance in engineering and using it as an argument not just for engineering practice, but the likely “fitness for purpose” of the end product.

But as we know there is an awful lot of “out of sight out of mind” behaviour where those payed to do a job take short cuts that often fatally weaken the end product when stressed[1]. Frequently it is the customer that ends up hurt not just financially.

Some people end up saying the the situation “stinks” which is indirectly a refrence to the fact the product is rotten.

Well It appears I’m not alone when I say “this code stinks” or more politly say it’s “malodourus”,

And I personally look forward as do others when there are real regulations with teeth inplace for commercial code.

As for those that say “it cann’t be done” it has been done in the past when the Government was the paymaster/client –which @Nick P pointed out a few days ago,– and still is done with the likes of NASA and other high value high risk projects.

[1] Short cuts especially those that compromise end product occur because managment do not carry out the required level of supervision. Because such behaviour appears endemic and can be quite profitable, we end up with legislative regulations to prevent such behaviour. Something that has yet to make it into the software business…

Clive Robinson September 17, 2017 12:32 PM

Ever wondered about early forms of “voice encryption”?

One of which is “voice inversion”, which could be understood to a “trained ear”, or Single Side Band type techniques. Which gave rise to Split Frequency Band Inversion, which although harder to break is still relatively easy.

Well Windytan who has an interesting blog has written up on it with some rather nice explanitary graphics,

ab praeceptis September 17, 2017 12:41 PM

Clive Robinson

Re “beauty and elegance in engineering” I fully agree (and have mentioned it occasionally myself).

Re the linked jetbrains blog post though, I neither see brilliance or weight there nor even consistence and, sorry, no, it’s not confirming your point; to be frank, it seems to me that it/she doesn’t even understand it.

The truth comes up in the comments where she explains the reason for writing that post: there’s a new toy/keyword in java(!) and that made her think.
To avoid misunderstandings, I don’t mean to bash her and what she says grosso modo makes sense (particularly for java coders, I guess) but it’s not about about or more than very remotely connected to “beauty and elegance”.

Which leads me to a side note: I occasionally use go, pretty much for one reason, namely a reasonably good CSP (Hoare) implementation and for not having gotten utterly wrong some basics (like C/C++/java et ses enfants terribles) – but – generally I profoundly hate it for what I perceive as arbitrary wanton decisions and constructs. Like the omnipresent nil (null) check based error handling. Or, to put it more generally, go is a quite perfect counter-example to beauty and elegance (except CSP whose elegance Hoare is to be thanked for; pikes merits are limited to not utterly f*cking it up).

Funny: Besides some quirks like semicolons after ends or not (explanation: termination vs. separation) the good old Pascal (and even more so the Modulas) is a quite good incarnation of beauty and elegance.

Occam's Lovecraft September 17, 2017 12:55 PM

Do not doubt the “reality” of the Cuban sonic attacks based on spurious assumptions.

• large variations in the symptoms of those who have suffered losses to health

-> Common in any widespread attack due to various factors, duration/intensity/etc.

• difficulty in explaining how a feasible high-intensity sound attack could produce the observed health effects

-> Nope, there is evidence that ULF/UHF can cause serious health effects of this type.
You just don’t know about it apparently, that doesn’t mean it doesn’t exist.
I don’t see anyone having a responsibility to explain it to you, google it.

• difficulty in explaining how a feasible sound attack could produce the locality (very loud in one spot, not audible a meter or two distant) reported in some cases

How is this even a question? UHF can be directed relatively easily, and there is going to be interference patterns when you’re shooting into a 3-D room layout obviously, you should hire a sound guy if you don’t believe it’s entirely reasonable to expect this.

• obscurity as to who might be the attacker(s), and possible motivation

That’s the problem with having a lot of enemy nations around the world due to a hegemonist and antagonistic economic foreign policy, you’re going to effectively piss off large swathes of the world and your attack surface area is huge at the same time. Bad combo.

There’s no reason to suspect any particular group of these attacks among those so motivated, the technology certainly isn’t brand new stuff. Its use in this way is possibly not even new, but we did not (publicly) know about this use until now.

To assume it was Cuban agents because it happened in a Cuban hotel is a bit naive in the world of spycraft obviously. Plenty of groups see Canada as connected to the US hip, and how the “Cuban Government” “feels” “publicly” about Canada for PR reasons really has no bearing on a potential motive either way.

Occam’s razor cuts two ways – you are doubting a specific conclusion based on questions that you answer with your doubting assumptions that turn out to be false.

As Trump would be right to note, jumping to conclusions without evidence in an ongoing investigation is usually a bad idea regardless of whether the guess turns out to be correct or not in the end.

Questioning is fine. Using the mask of questioning to doubt a specific conclusion is just good old bias.

JG4 September 17, 2017 1:25 PM

@Clive – I stumbled into this today, because I sent it to Phil Zimmerman the day after posting it in a comment here in 2015. I think that it nails some important aspect of your recent comments on how one comes to be a good engineer:

Intuition from experience is an essential feature. I am more of a scientist, but I was a passable engineer back in the day. There is more good content in the comment:

@Rachel – I missed when you joined the discussion, but this comment and this link is on point for your desire to foster valuable skills:

Thy God, Profits September 17, 2017 1:58 PM

“However as others have noted, what were once very rare cancers in the head and neck are now becoming more common since the use of mobile phones. Whilst we can not say if this is due to mobile phone use or just better diagnostics, I would recommend prudence.”

Dear Prudence,

There have been a lot of studies showing reasonably low power EM at short distances can cause albumin to cross the blood-brain barrier, along with anything foreign the albumin may be carrying from the bloodstream – say like fine aluminum powder present in all of us or any other contaminant that binds somehow – and once there, it has no escape route.

There are other studies that show how micro-magnetic effects at short ranges can affect gene transcription, one imagines during dna/rna duplication that could do bad things.

Add to it new chemicals never found in nature until they became prevalent and in fact overwhelmingly prevalent in the last 20-50 years, microplastics in tap water and bottled water alike, contaminated food chains with pesticides built-in to kill at unstudied rates and longevities, aerosolized metals from pollution sources, changing diets to mass-produced bleached bits of sterilized grain husks… there’s a lot of ways these things can interact to unpredictable outcomes that medical science – as we know it – will NEVER fully reproduce by sheer volume and expense of it all. It’s an experiment in situ, but SCIENTISTS ARE NOT IN CONTROL OF THE PARAMETERS.

The chemical industry is the oil industry is the pharma industry is the coal industry is the tobacco industry is the banking industry is the X-INDUSTRY THAT EXISTS TO PROFIT.

There is NO SUCH THING as the “free market” and never was. The very idea is a con.
Every merchant, every producer, every consumer has values and requisites and limits.

Growth without a thought as to how or why is a boon in economics, it’s the goal.
We all know it as cancer, locally. Economics is an idea and can’t die.
We have no such immunity from the reality of our self-poisoned world.

Without regulation of “brand new innovations” from microplastic beads in your shaving cream to pink slime in your ammonia/radiation steamed/recovered meat product you previously referred to by its brand name, the Whopper, just HOW BAD do you think things will get in the name of the new American impetus, privatized-profits-at-all-cost?

Even if we don’t even have the honesty to admit this is what we’re doing, who still thinks it’s noble to accelerate towards mass extinction for these economic paradigms?

Somewhere in a well-stocked bunker somewhere, anyone still think this is a good plan?
Jim Bakker? Rex Tillerson? Anyone at all?

Tor and Panopticlick September 17, 2017 3:46 PM

Are results between 1 in 200,000 and 1 in 400,000 users having the same browser fingerprint as you reasonable for an iPad mini and and an iPad air? In comparison, Tail’s Tor browser recently yielded about 1 in 150.

Are there some good ways to get larger numbers in iOS devices (1 in a smaller number). Javascript and cookie changes don’t seem to matter much.

Finally accessing the internet recently from an open wifi, portal capture, free wifi Tails was unable to synchronize the clock. With a non synchronized clock, I assume it might be easier to trace and individual Tor user around the world. Is that a valid assumption?

Clive Robinson September 17, 2017 3:48 PM

@ Occam’s Lovecraft,

Its use in this way is possibly not even new, but we did not (publicly) know about this use until now.

Not only is it not new, I’ve explained it on this blog a few times in the past, so older blog readers should be aware of it.

The idea of generating very narrow beams form wider beams goes back atleast as far as WWII with the German radio direction control beams[1] such as Knickebein (literally “crooked leg”). Which were a further development of the “Lorenz beam” blind landing system.

Early work in Teddington UK in the Naval researche establishment next to the National Physics laboratory was using the idea of low end ultrasonic beams for making three dimensional ultrasound images –what we might now think of as holograms– of boat hulls and other underwater objects and effects. There was however an out break of what was thought to be dermatitis at the time by the technicians using it. It was found out that the itching that gave rise to the scratching was caused by the 1-2cm wavelength ultrasound and the frequency difference at human body nerve/brain frequencies. This was turned into an early “non leathal” weapon for crowd control. Which the UK Government is alledged to have used in Northan Ireland during “The Troubles”. However like other ideas it “disapeared behind classification”.

It is known that like the Americans and “Paperclip” the Russian’s in effect captuted and co-opted German Scientists who had experience with various beam type weapons (Hitler had belief in advanced weapons and often took a personal interest, the idea of “Death Rays” to bring down aircraft was one). Amongst other things it enabled the Russian’s to get technically ahead on pre satellite missle detection systems such as the HF “Woodpecker” that has been mentiond here. Further it is known that the Russian’s bombarded all diplomatic missions with various forms of energy beams from almost the begining to the end of the Cold War, much of the information about what was going on is still classified today. It’s been indicated that the assumption is that they were mainly “Active EmSec” attacks. However modern medical science is showing that the likes of electromagnetic fields at very low frequency does effect the functioning of the brain (which has caused questions to be asked about medical imaging devices such as (N)MRI and Ultrasound). It’s also been shown that the Russian’s were trying to develop various mind and conscience effecting technology given names like “Russian Sleep machine”[2] in the west to improve NREM sleep and were well ahead of what we now call “Transcutaneous Electrical Nerve Stimulation” (TENS) machines.


[2] The term “Russian Sleep machine” appears to have originated from Larry Niven and appeared in his books long long befor the horror fiction story on “CreepyPasta”[3]. What is not clear is where Lary Niven got the idea from as it appears that the idea to run a low current electrical waveform through the central nervous system to induce loss of sensation / consciousness has some truth behind it, and was certainly something we now know was being researched in Russia, along with things like the use of phages to do a similar job as antibiotics. China also is known to use hypnosis and electrically stimulated acupuncture for loss of sensation for anesthetic free surgury as well as neurotoxins from bacteria such as Tetrodotoxin (TTX) that can be found in a number of sea creatures such as the fugu and lion fishes and varios octopi and crustaceans, one of which is said to be part of the “Haitian zombie drug”.

[3] The CreepyPasta story can easily be seen to contain false statments and is obviously not just false but bad fiction as well. Also sleep depravation studies whilst showing forms of hallucination along with other strange behavious from 48-72 hours it fairly quickly reaches the point where the person either passes out compleatly or has micro NREM sleep.

Occams L* September 17, 2017 5:00 PM

@Clive Said and meant was “about this use” emphasis mine – specifically a covert attack on sleeping targets, I don’t think we’ve seen that exposed before publicly but yes we should all be aware of the LRAD type developments.

The ones that get built for widespread, publicly ‘acceptable’ deployment and use are certainly not the only ones that get built.

What is interesting here is not necessarily high-technology state of the art weapons being demonstrated, though it may be that too, but in my view the very selective targeting and discrete use that has so far (publicly) been unattributed to any actor – in fact obscured to the point that we don’t even (publicly) know what TYPE of technology is being used to attack people. So the finger points nowhere, in public at least. Cuba denied all culpability and no other nation is yet at all implicated.

I think that’s kind of an amazing development considering how many attacks there seem to have been, all on “protected” US/Canadian diplomatic staff, and including as recently as last month. If it’s going to be kept secret that we know who did it for reciprocity sake, why publicly admit the story is real at all? If not known, that shows exactly how vulnerable diplomatic staff is abroad in 3rd party nations. One could note the reduced funding level for diplomatic state department programs we’ve seen lately.

One could also notice that the US in particular and Canada by extension are in the middle of a serious diplomatic row with Russia and both are trying to apply pressure to pressure points in non-war ways. Getting caught would be a major incident in a direct attack on diplomatic staff, the UN might even consider kicking them out over that. Putin would have to be at that level of will to do this, if it were his order.

I believe that he is.

Death by Alpha Decay September 17, 2017 5:28 PM

On topic albeit technically off theme and illustriously underwhelming: e.g. narrow band protections where wide band (EM) in general would be good antipolution legislation.

Kim the Fat Pig September 17, 2017 5:42 PM

@Cuban sonic attacks


Lead To:

MEDUSA (Mob Excess Deterrent Using Silent Audio) is a directed-energy
non-lethal weapon designed by WaveBand Corporation in 2003-2004 for
temporary personnel incapacitation.

The weapon is based on the microwave auditory effect resulting in a strong
sound sensation in the human head
when it is subject to certain kinds of
pulsed/modulated microwave radiation. The developers claimed
that through the combination of pulse parameters and pulse power, it is
possible to raise the auditory sensation to a “discomfort” level, deterring
personnel from entering a protected perimeter or, if necessary,
temporarily incapacitating particular individuals.

In 2005, Sierra Nevada Corporation acquired WaveBand Corporation
and ceased all work on the MEDUSA technology and did not pursue
the technology further.

Clive Robinson September 17, 2017 6:10 PM

@ Kim…,

In 2005, Sierra Nevada Corporation acquired WaveBand Corporation and ceased all work on the MEDUSA technology and did not pursue the technology further.

Err they did not stop for long, they were back at it in 2008 and touting for business in Europe.

Monday Morning Staff Topics September 17, 2017 6:47 PM

In decades past Ham and CB operators could use illegal boosters to increase radiated power.
The FCC drives around in vans to pinpoint the culprits.

Recently the FCC did not ban open-souce wireless routers. However manufactures removed, isolated and harden parameters relating to boosting or changing authorized radiated power.

However up until now, there is hardly any need to boost cell phone radiated power. It just has to reach the nearest tower.
However malicious actors may be able to reprogram then command and control to damage owners in many hard to detect or little understood ways.

Smart-phone manufacture all have binding terms-of-service clauses of the possible dangers of this radiation. They are probably only liable for grossly negligent designs.
While unpractical for many, I don’t own a smart phone. If I did I’d never play music or connect to the headphone jack. Use the speaker phone. Don’t take the phone to bed!

In any hostile location only use a dumb burner phone and land lines. This reduces precise phone number targeting. In spite of Big-Data, always disable targeting GPS through SS7 network.

Tempest Rooms in Reverse
Of course engineers will instrument areas of importance with single cycle triggered spectrum analyzers.
At sea the crews below deck are probably safe if their phones are secured, but NOT for those navigating.
Secure communications takes on a whole new (+safe) meaning.
Hearing tests are recommended at least annually.

Hereby September 17, 2017 7:25 PM

NSA thinks Intel ME is a security hazard and now maybe we can deactivate it:

I think this should be on top news everywhere. It finally shows that IME is indeed bad for privacy and dangerous no matter what Intel says. And the possibility of being able to disable it means there’s hope for the end user.

I wish researchers found out the detailed workings of AMD PSP as well, which so far has gone relatively unnoticed.

Clive Robinson September 18, 2017 12:01 AM

@ Lynn Grant,

It’s an octopus end table. (They don’t seem to have squid end tables, but at least it’s a fellows Cephalopod.)

I think that it might be due to the fact you don’t see photos or pictures of squid folding their legs back above their head like that, where as you do fairly frequently with octopi.

EvilKiru September 18, 2017 1:06 AM

@Wael: There’s definitely a high level of hyperbole involved in the article you linked to.

The headline reads like “all your device are belong to us” and the first paragraph seems to confirm that by implying that any BlueTooth device can be hacked using this exploit.

Eventually, however, the third to last paragraph admits that Windows and iOS devices aren’t vulnerable to this exploit at all and that Google is rolling out a patch the same day the article was published.

So yeah, basically click-bait unless your device runs Android.

Wael September 18, 2017 1:15 AM


Thanks for confirming! That was my conclusion as well. Click bait. When I read it, I expected to see some major news, but…

Clive Robinson September 18, 2017 1:21 AM

@ Wael,

Whilst doing a bit of background reading / catching up I saw this link,

And I thought “Oh good another view point” to get a broader background or new insight.

However after reading it I was left with the feeling that the article had been cobbled together from this blog and our hosts postings…

No new insights or even point of view. Reas it yourself and see what you think.

Wael September 18, 2017 1:51 AM

@Clive Robinson,

Date of the article is September 15th

that hackers recently broke into a casino through its fish tank.

Yep: Got your fish tank right here, pal!

Take, for example, Roomba, the adorable robotic vacuum cleaner. Since 2015, the high-end models have created maps of its users’ homes

That’s news to us! Ummm… Got your Roomba right here, bud!

More than 70 percent of smartphone apps are reporting personal data to third-party tracking companies like Google Analytics, the Facebook Graph API or Crashlytics.

Na! You don’t say! Links too many to list! Got your links, well… you get the picture.

The underlying problem is ownership

Really! Got your ownership and control right here, dawg!

We can do the same for all points mentioned in the article, but I am not feeling too well at the moment[1]

They only thing missing is some limerics, jokes, secret messages and C-v-P references. Otherwise it’ll be 100% “borrowing” from here.

[1] Yesterday I cooked a potato on the grill, mesquite, no less! Supposed to be a baked potato, but on the grill. At dinner time I looked in the fridge for the sour cream to put on it. Expiration date was three months ago. I said It’s already sour, it can’t get any worse, so I gobbled it down — big mistake! Thus, I am going to bed at an unusually early time.

Clive Robinson September 18, 2017 1:52 AM

2017 ignobel awards

Each year a list of research papers are graded for how do I put it… Their improbability.

The event and release of the list for this year was last thursday.

If you need a lift in your Monday Morning or any other time this week reading it might give life a little more perspective if not a smile or three,

Who September 18, 2017 2:58 AM


The proper process to resolve this mystery is to zoom in on the suspects most likely to benefit from the fear and harm resulting from the attacks.

What changes have occurred in the usual suspects determined to kill the improvement of relationship between US and Cuba? Are the attacks present on any Cuban government personnel and politicians. Has any American enemies of the usual suspects suffered from the attacks?

Clive Robinson September 18, 2017 3:47 AM

@ Wael,

What is sauce for the goose[1], may not be cream for the gander.

Later you might find out if it had any pro-biotics if your hair turns green 😉

Hope you get to feel better soon.

[1] There is an old saying about grease and geese… But as far as tatty recipes roast potatoes in either duck or goose fat are supposed to have the best taste…

Wael September 18, 2017 4:30 AM

@Clive Robinson,

Thanks! Almost feeling better now.
My hair can’t turn green
’cause I have a good spleen 😉

An amber alert woke me up!
Colorado car license plate #xxxx
What am I supposed to do? Run out and look for it at 2:30AM? Do you get these stupid alerts in the U.K.?
Oh, the blessings of a cell phone! Back to counting ducks and geese!

MarkH September 18, 2017 4:54 AM

Thanks to “Kim the Fat Pig” for the link on Microwave Auditory Effect.

I have been imagining microwave bombardment as a possible means because of locality, and some of the reported symptoms … but I didn’t know that microwave-induced perception of sound had been so thoroughly demonstrated.

As I recall, a specific health danger of exposure to high microwave flux is the formation of cataracts in the eyes, believed to be a consequence of tissue heating.

It would be interesting to find out the results of eye exams of the reported victims …

As to the oft-suspected link between mobile phones and cancer, I remain skeptical for a simple reason. In recent decades, the incidence of brain malignancies has been declining slightly (as measured in epidemiological statistics).

If mobile phone EM radiation has more than a very minute ability to induce cancer, then with billions of people who have been using such phones frequently for a good number of years now, we might reasonably expect a rising trend in brain malignancies, even if the average latency is very long.

This expectation should be amplified by the history of early adopters who used pre-digital mobile phones, which operated at much higher RF power levels.

The observed trend suggests that if there IS a phone-to-cancer link, then there must be some separate factor(s) decreasing other-cause brain malignancies sufficiently to overbalance the mobile phone effect. Not impossible, of course, but I suggest very unlikely.

Note that by focusing on brain malignancies, I am not addressing non-malignant brain tumors, or head tumors other than in brain tissue. I haven’t looked at statistics for those categories.

Rachel September 18, 2017 6:17 AM

MarkH (& Clive, Monday Morning Staff Topics)

Hi MarkH , mobile phones radiation is directly implicated in brain and other cancers. There are countless published studies. it’s not matter of conjecture, hypothesis, assumption, psuedo philosophical debates. Also remember its a multi billion dollar industry in bed with government and regulators, exactly as big tobacco was. say no more say no more, nudge nudge wink wink know what I mean? (sorry just a python reference for Clive)
Phone radiaton and related types of emissions has or can be expected to be upgraded to a class A ‘known carcinogen’ by WHO . Governments, Scientists, Institutions across the world are moving on all kinds of limitations on what thus far is a global experiment on human health unprecedented in history. The offical advice is ‘Childrens brains change after 20minutes exposure-fact’.
A colleague of mine whom specialises in the adverse effects of pulsed microwave radiation said last time he checked there were roughly 10,000 published papers referencing its adverse effects.
I appreciate Monday commenting on headphones & radiation. They definitely conduct the signal into the brain – definitely have all radio signals off if listening to music and don’t use headphones with calls. (Sancho-P you get me now)
There are meditation apps, Headspace being a famous one, for use with headphones and ones phone. Its doubly bad and I find it crazy there is no reference to the EMF risk
Not only are folks getting the headphone radiation they are trying to enter alpha or other brain states at the same time! Its catastrophic.
All the research demonstrates the brain and nervous system is most vulnerable to pulsed microwaves when asleep. If one does nothing else, unplug the router and switch off all sources of transmission at night

One interesting observation I came across. A researcher commented, while they were not negating the known dangers of tobacco smoking:They noted lung cancers were moderately low until the introduction of AM radio towers populated the US en masse in the 50’s. There was a immediate spike in lung cancer uniformly, a direct correalation as far as she could see

thanks, as ever. The off topic stuff (health stuff relevant for you, an area of expertise) I wish to communicate I will paste bin or similar and let you know; cos it doesnt need a reply.
Tell us, what is Planet B you refer to?

JG4 September 18, 2017 6:37 AM

@Wael – Thanks for the logic puzzle. I’ve always thought that there is a boolean matrix approach to this type of word problem and the related word problems with scheduling. like the test problems that begin, “A 7th-grade class rafting trip will have three rafts with 21 students. No more than nine students can ride in each raft, but never less than six are in each raft. Bob and John always travel in the same raft. Suzy and Kim hate each others guts so always will be in different rafts. And end with a hard question like, “Will Suzy and John be in the same raft?” can anyone provide a keyword or pointer to the appropriate mathematical technique or techniques?

@Thy God, Profits – you raise some topics that I have been wanting to explore in biochemical security. is your name a reference to “They Live?” you may enjoy this trifecta of unintended consequences that cost the US seven IQ points, a portion of the crime wave in the 1970’s and world-wide ecological damage:

a very nice data visualization. unfortunate that Hans Rosling is no longer with us. not only is Switzerland very high on the list, which implies a high standard of living, they also have the best civil defense infrastructure on your planet, including an EMP-resilient electric grid, which MarkH may note.

Which Countries Have the Most Economic Complexity?
Jeff Desjardins on September 14, 2017 at 12:18 pm

Topping the list are the economies of Japan (1st), Switzerland (2nd), Germany (3rd), and South Korea (4th). The United States sits in 9th place, and Canada is further down at 33rd.

I’ve been meaning to introduce this website that doesn’t suffer from conspiracy rot:

the North Koreans probably can’t deliver this sort of attack on the US yet, and the missile defense system may be able to stop a single rocket/weapon. the asymmetry between North and South Korea means that they could destroy the South Korean electric grid without hurting themselves much. I am amazed that the US media blithely talk about military solutions without mentioning the collateral damage that would devastate South Korea, a US-client state with a world-class economy. there is a lot more to say on the overlap between EMP and microwave attacks. there is an analogy to the chemical attacks too, because non-state actors have ready access to the key components of directed energy systems and consumer chemicals.

OODA loops don’t execute linearly, so are not well-matched to a von Neumann architecture when fast execution is a priority. breaking the opponent’s OODA loop requires extra speed in your own. the struggle for full-spectrum dominance will include computing hardware, as it always has. I don’t see how the US is going to keep up with China for very long. especially if US policy forces a collaboration with the Russians.

One, Software Defined Hardware, seeks “a hardware/software system that allows data-intensive algorithms to run at near ASIC efficiency without the cost, development time or single application limitations associated with ASIC development.”

Gram September 18, 2017 7:04 AM

Hi there,

I am a regular reader of this blog, and this is my first post.
Although I fully understand Bruce’s decision to limit lengthy posts, I believe that Ben A. posts are valuable.
@Ben A., would it be possible for you to put your weekly links collection in another place and post a unique link ?

Lynn Grant September 18, 2017 8:17 AM

@Clive Robinson,

I think that it might be due to the fact you don’t see photos or pictures of squid folding their legs back above their head like that, where as you do fairly frequently with octopi.

Good point! I didn’t think of that.


Steve Friedl September 18, 2017 8:44 AM

I also found the link posts useful, but understand Bruce wishes to set the tone around here.

Those looking for that kind of thing may wish to check out Daniel Miessler’s “Unsupervised Learning” blog, a weekly set of links mostly related to InfoSec and technology, that I’ve found really well curated.

CallMeLateForSupper September 18, 2017 9:36 AM

Quinn Norton vents on Emptywheel about the software business being unfit for purpose, the resulting smelly software; the average person’s not understanding computers but using them anyway and getting burned; bloggers and reporters who focus their efforts on damage caused by malware instead of on the flaky software/hardware that enabled malware. That’s just a taste; she says much more.

She closes with this: “And for the love of the gods, stop it with emailing attachments and links. Just stop. Do not send them, do not click on them. Use Whatsapp, use Dropbox, use a cloud account or hand someone a USB if you must, but stop using email to execute programs on your computer.”

“Software is a Long Con”

Cassandra September 18, 2017 11:36 AM


there is a methodical approach to logic puzzles, as demonstrated by their inventor, Charles Lutwidge Dodgson – aka Lewis Carroll ( and )

His book ‘Symbolic Logic’ is available at Project Gutenberg.

I echo Gram with his call to @Ben A. Posting his list of links some known and accessible place elsewhere would be welcomed by me.

albert September 18, 2017 11:46 AM

“…It has long been known that these are insufficient due to the likes of resonance effects and non linear dialectric effects…”

Blind Faith in Science.

It’s been know for decades that bacteria can be killed by certain audio frequencies applied electrically to their medium (blood) or even our skin. Even viruses can be destroyed this way. Furthermore, bacteria of different types have unique ‘frequencies of resonance’*. So one can selectively target certain cell types without hurting others. The key point is that frequencies rise as we move up the evolutionary ladder. Bacteria and viruses have kill frequencies in the hundreds of Hz, but multi-celled organisms have higher kill frequencies. In the GHz range, we’re close to mammalian frequencies, i.e. -us-.

Imagine a weapon that can kill all of your white blood cells. OK, I don’t even want to think about it.

There is a complex system of energy channels in all creatures. Ancient healing techniques are based on this.

“…At dinner time I looked in the fridge for the sour cream to put on it. Expiration date was three months ago. I said It’s already sour, it can’t get any worse, so I gobbled it down — big mistake!…”

ALL -pasteurized- dairy products ‘go bad’. Anyway, cows milk is for designed for cows offspring, not human consumption. The more we eff with Nature, the deeper our graves we dig.
. .. . .. — ….

  • I’m not sure it’s a resonance phenomena. It may be due to as yet unexplained energy effects.

/|\ QUEEN OF THE FOREST September 18, 2017 12:07 PM

@ Ben A:

Get a blog. Link to it in URL part of the form. Done.

And/Or – use a pastebin for ALL of your links during the week and just post that one pastebin link.

Bob Paddock September 18, 2017 12:20 PM


On the AP Story about Cuba:

“Other symptoms have included brain swelling, dizziness, nausea, severe headaches, balance problems and tinnitus, or prolonged ringing in the ears.”

Those symptoms as a set is what you have with high or low intracranial Cerebrospinal Fluid pressure.

It is impossible to tell high vs low as the symptoms are the same. The medication Diamox, that lowers pressure, is often given to determine high vs low. This is less than ideal. NASA as part of the Mars Mission is developing a non-invasive device to measure CSF pressure via the Tympanic Membrane. We are two years into a four year study.

Each individual has their own optimal level of pressure and volume of fluid. It does not take a lot to upset the balance as the body does not have a closed loop feedback system for this. The pressure/volume numbers found in the medical text books have been proven through real world patients to be meaningless. Few doctors in the world (less than ~50 going by published papers on the mater that I am aware of) that recognize CSF pressure/volume issues (such as Dural stretching).

There is a conference coming up dealing with this issue, to educate more doctors.

Bob Paddock September 18, 2017 12:31 PM


“Imagine a weapon that can kill all of your white blood cells. OK, I don’t even want to think about it.”

Research is already known to exist on Gene Bombs, to take a out a single race, say Caucasian, by non-Caucasian adversary.

Also Rife had the luxury of optical feedback in his work.

Anura September 18, 2017 1:03 PM


Anyway, cows milk is for designed for cows offspring, not human consumption.

Generally speaking, most things in nature are not designed with human consumption in mind.

Punnywise September 18, 2017 2:03 PM

“Expiration date was three months ago. I said It’s already sour, it can’t get any worse, so I gobbled it down — big mistake!”

Androidgestion, datarrhea.

Freezing September 18, 2017 2:04 PM

Setting up a phpBB-based forum is not difficult, but the administration can be a time-sink.

Yeah, but good luck finding an audience if you`re not Schneier.

Do not ascribe to malice September 18, 2017 2:18 PM

CCleaner had a 3 week period where its 32-bit version (not 64 bit tellingly) was compromised by a particular trojan that basically runs ONLY on 32 bit windows logged in with admin accounts – and anything else won’t do. If you’re in that boat you’re without exception making yourself vulnerable to drive-by already, but let’s forget that for now.

To pretend the entire ccleaner application tree is “no good” or “suspect” or “shady” based on a sole breach (one that occurred after it was bought by Avast, one might note) as if the source or authorship itself were somehow responsible for malware, suspect, shady, etc… it’s a misunderstanding of how software is developed and distributed with some underdeveloped accusations built-in.

After all breaches happen with major software packages, github major. The fact that it was detected within 3 weeks, fixed, disclosed, replaced, and the trojan in question is relatively easy to remove… this is all very good news for those affected.

Compared to Java, flash, microsoft, android, bluetooth, 3 weeks is pretty effing decent.
Experian had their holes open for way longer than that, and that’s a massive operation.
Linux has 10-15 year old flaws that just recently got fixed, more outstanding.
To say CCleaner is shadyware because of a breach is just not logical.

Now, if they had tried to cover it up? Like a certain orange elephant in the room?
That would be a different story now wouldn’t it.

Freezing September 18, 2017 2:36 PM

I am only thankful for this blog and in no position to complain. However, I, for one, would advise against length limit, lest we be deprived of Clive`s posts. 🙂

Greetings from Brazil.

Clive Robinson September 18, 2017 2:48 PM

@ Freezing,

However, I, for one, would advise against length limit, lest we be deprived of Clive`s posts. 🙂

I assure you they are not as long as they once used to be. I think @Nick P was keeping a link to what he indicated was the longest, and if not @Nick P I suspect @Wael can point out a few prize examples :$

MarkH September 18, 2017 3:17 PM


“mobile phones radiation is directly implicated in brain and other cancers. There are countless published studies.”

With respect, that is not my reading of what is known. There are a number of studies that have reported a small or weak correlation between exposure (or proxies for exposure) and malignancies.

There are also studies that fail to show any statistically significant effect.

There is almost no data showing a dose/response correlation, as would be expected for a carcinogen.

The position statements of various organizations and agencies that have health effects of EM radiation in their purview, are generally to the effect that a causal link between cell phones and cancer is not at present disproven … nor is it proven. Most endorse continuing research, which in fact is on-going

There is no physical explanation for how cell phone radiation could damage DNA, nor laboratory evidence that it does so.

At the power levels of modern mobile phones, the temperature increase in bodily tissues due to radio frequency heating is believed to be far too small to have any medical effect.

At present, there is no theoretical basis to explain how RF from mobile phones might cause cancer.

When, over the period of about 25 years, a large population is massively exposed to a new carcinogen, the rate of associated cancers would be expected to rise significantly.

Brain cancers have been slowly decreasing, since the start of the mobile phone era.

Rachel, how do YOU explain that?

JG4 September 18, 2017 4:49 PM

Thanks for the helpful comments on logic puzzles. I always struggled with those. a nice example where the cognitive power of machines will be especially helpful in the short term.

file under “dust of stars in earthen jars”

Could interstellar ice provide the answer to birth of DNA?

space is deeply wrapped in the national security blanket

`Rocket Man’ Justifies Northrop’s Pricey Missile Purchase
By Brooke Sutherland

Northrop Grumman is buying Orbital ATK for $7.8 billion
Los Angeles Times – 3 hours ago
Defense giant Northrop Grumman Corp. is acquiring aerospace and defense firm Orbital ATK Inc. for about $7.8 billion in cash,
a deal that would boost Northrop’s presence in the space, launch and missile industries.

did anyone catch that in the movie version of Contact, the secret code for interstellar travel was in the radio transmissions? in the book, it was woven into the deep digits of pi. that made the hair on the back of my neck stand up, even thought it is fiction.

I am not suggesting that there are messages in our DNA, but there is a lot of information about the past, our past, embedded in our DNA and the DNA of other species. there are vulnerabilities as well. I thought that Ken Alibek did a good job of describing those.

I trust that the regulars caught the reason in Secret History of Silicon Valley for the sudden US interest in radio astronomy during the cold war. the interest that bankrolled Greenbank, Arecibo, and VLBA in the southwest desert. there probably are a lot more, including Pine Gap.

@Rachel – there is only one other quasi-habitable planet in the solar system, which is Mars. I have been calling in Planet B. it is almost accessible with current technology. there are at least several habitable moons. I don’t have any good ideas for exchanging contact information, but I am open to ideas. several people, including TM, thoth and markus post website addresses. I noticed today that tightmail, which probably was mentioned last year, makes some interesting claims about an internal system of disposable intermediate email addresses that defeat metadata analysis. just like TOR defeats spookwerks surveillance 😉

I thought that Clive has alluded to variations on this threat model:

Long-range communication barrier for near-zero-power devices shattered

Sancho_P September 18, 2017 5:39 PM

@Moderator (neill, Gram, Cassandra, /|\ QUEEN OF THE FOREST)

I must apologize for coming back to my suggestion to Ben A.’ re his (e.g. Pastebin) page with interesting links.
A European and ESL, I do not understand what you meant, but it seems I’m not alone, or others don’t read (your) comment(s)?
Your answer was extremely short without referring to the question or the user,
please could you clarify your “No” to whom / what?

1) (@Sancho_P) No, we don’t want Ben A. to link his username to his page by the provided URL field.
2) (@Ben A.) No, it wouldn’t be discourteous and a personal affront to the host (since the URL field is a basic function of our comment form [1]).
3) The “No” has an other meaning.
4) –

My assumption was that you both would silently tolerate Ben’s linked name when he is (according to your policy rules) posting on the Friday Squid, without giving a blank “Go” as a prejudice for everybody.
Again, sorry for my crude (metric?) thinking.

[1] In fact, I guess this function would be dangerous in the EU if someone links there to “forbidden” sites, don’t know about the US.

@Ben A.
I apologize for causing you trouble, in my simple mind it was so easy!

JG4 September 18, 2017 6:21 PM

@Sancho_P – You may have missed the most logical meaning of the No here:

Moderator • September 16, 2017 7:17 PM

I read it to refer to this question:

security.txt • September 16, 2017 6:33 PM
Do long aggregated links exclude Nick P?

I think that Nick P. gets a pass, as do all others acting in good faith, when they write an excellent technical document that refers to the scientific literature at multiple points.

Moderator September 18, 2017 6:23 PM

@Sancho_P, I was responding to @security.txt’s question re aggregated link lists, and about @Nick_P.

Winston Smith September 18, 2017 8:00 PM


“NSA thinks Intel ME is a security hazard and now maybe we can deactivate it:”

I view the glass as half full and applaud the efforts involved and progress made:

Regarding the overall solution to the problem, I think alternatives are often better than forcing monopolies to their knees through regulation. Perhaps there is room for both.

Nick P September 18, 2017 10:14 PM

@ security.txt

Well, I’d be fine with the link posts I do falling under this rule so long as I could post at least one link to a Pastebin. After all, I wasn’t usually reposting HN or Slashdot with my Assurance News and the like where I dug through obscure sites basically nobody reported on to get a list of research to bring to blog audience. It also wasn’t regular enough for me to have an RSS feed or something.

Clive Robinson September 18, 2017 11:36 PM

@ Wael,

The Squid page,

You link to was a good page and people should re-read it from time to time, and it has some real gems in it further down. For instance a link I gave showing just how journalists could by poor OpSec do real harm,

With the attendant admission that I did not think I could sufficiently lock down our comms end point devices and computers against level three attackers (well equipt state level).

Oh and much much more, including the kindness of other blog readers.

Rachel September 19, 2017 2:50 AM

thanks for response. How am I going to explain an apparent decrease in brain cancer synonymous with the rise of mobile phones? Firstly I will raise the not so small matter of confusing/relating, causation and correlation. And I would also question the source of your information. Is it true? I appreciate you acknowledging the research is ongoing- indeed it is, the largest uncontrolled experiment in history! But you know what- I’m happy for you to believe whatever you need to. It’s certainly more convenient to believe mobile phones are harmless. Heaps easier, Waaaaay easier. Science is not my god. I’m not one of these folks that only believes or disbelieves (” thats been disproven!!!!”) based on what the double blind has decided for me, in a lab a million miles away and funneled through a journal. I prefer my experiences, first, for things that directly relate to me. (as opposed to things that don’t, which is when journals are handy) I know mobile phones fry my brain because I feel it and have symptoms, when I use them. As do millions of other people. It can be overwhelming in fact. To be fair and in good faith I will endeavour to provide the research I refer to. I can’t promise anything as unlike a normal person I have no computer and like everyone else here life is very conplicated. But it would be very good if I can support my claims so I’ll see what I can do. All the best

Clive Robinson September 19, 2017 5:18 AM

@ JG4,

Long-range communication barrier for near-zero-power devices shattered

I did a little more than alude to it a few days ago, I mentioned I had designed surveillance devices that work on a the Spread Spectrum principle back in the last century on this blog three years ago…

Have a look above at,

It’s not the first and almost certainly won’t be the last time academia eventually catches up with this blogs comments.

As RobertT once noted engineers know a heck of a lot more about the application of technology than researchers do, especially when it comes to things to do with security. Engineers in general do not have the “Publish or die” employment issue, in fact most of their employeers tend to encorrage the “Publish and we will ruin you” mentality. Thus engineers tend to be fairly taciturn on the likes of security as our host has found out in the past.

To quote “Old Man River” but of engineers,

    He must know something, but he don’t say nuthing that old man river he just keeps rolling along.

Bob Paddock September 19, 2017 6:56 AM

Microwave News has been collecting the scientific researcher reports on EMF vs Health for nearly two decades.

Anyone that has interest in this subject MUST read The Body Electric by the late Dr. Robert O. Becker and Gary Selden . Becker’s major interest was in studying organ regeneration. Along the way he discovered such things as lower levels of EMF could cause DNA changes that higher levels did not, all else being equal. ElectroMAGNETICs gets the attention, while somethings in the body are ElectroSTATIC machinery. Look how proteins move for example and new devices like nano-motors.

Epigenetics as promoted by Bruce Lipton would also be worth your time to look into.

JG4 September 19, 2017 7:07 AM

@Clive – Thanks for honoring me with a very nice essay. I couldn’t find the video where George Carlin said, “Do you think that the country who put a man on the moon couldn’t fix education tomorrow?” followed closely by, “The last thing that they want is a nation of critical thinkers.” Billingsgate alert – coarse and abusive language. The exact quote isn’t in here, but he gets the same points across:

The Reason Education Sucks

The herd are managed with distractions suited to their tastes. In an earlier time it was bread and circus. Today it is EBT and TV. With tribal sports teams, the Kardashians and whatever else passes for news at the end of empire.

@MarkH – as people die faster from opioid addiction, they don’t live long enough to develop cancer. look at how old Ted Kennedy and John McCain were when their brain cancers started or got far enough along to notice. the cell phones of the 1980’s were wildly more powerful than what was deployed in the 1990’s and things have gotten much better since then. Lee Atwater was a young man when he got brain cancer, but he traveled a lot more than others and managed a lot of venues. evil genius.

someone came very close to saying that surveillance is adaptive. I’ll go a step further, “anything involving humans is adaptive.” with data visualization, you can map the adaptations in real time.

Links 9/19/17 | naked capitalism – Tor Browser

Big Brother IS Watching You Watch
US cross-border data deal could open surveillance floodgates Open Democracy

biochemical security requires not fouling Planet A to the point that it is uninhabitable. many of the chemicals in play disrupt critical systems in the body that affect thinking and health.

Sustainability Now: Plastic in Your Beer, Toxins in Your Air, and Heavy Metals on Your Doorsteps

a followup to my comments on tribal warfare. this made the hair on the back of my neck stand up in 1991 and it still today. I’m impressed by how much progress Cyberdyne Systems have made since they were bought out by Skynet. the first three Terminator movies were brilliant works of art, and it is rare for someone to score a trifecta in the film business.

It’s in your nature to destroy yourselves

plus ça change, plus c’est la même chose. approaching peak irony – mind the event horizon

His experience of the tyranny, corruption, and decadence of that era (81–96) may explain the bitterness and irony of his political analysis. He draws our attention to the dangers of power without accountability, love of power untempered by principle, and the apathy and corruption engendered by the concentration of wealth generated through trade and conquest by the empire.

Clive Robinson September 19, 2017 7:18 AM

@ Disavow your carpooltunnel,

Are you a dirty needle user?

The idea given in the link you gave is very far from new, it’s just that the VM technology is getting easier to use.

There is however still an issue…

If you want to think in medical terms, then think about the brain blood barrier and in pregnant women the placenta. The idea is you have a barrier across which neither bacteria or viri can cross. Only the problem is other things like RNA and hormones and other small chemicals (diethylemercury for instance) can cross.

The same is true for the OS that hosts the VMs. The barrier between the Host OS and each VM alows stuff to cross, some of which could be fatal to the computer operation.

But even back in the days of booting from a CD after a power up there was a “lack of barrier” problem. Which was the problem of “semi-mutable memory”. It’s not just the hard drive platters that store data but that micro controler on it’s control board with a big hunk of Flash ROM as well (think bad block marking). Or the Flash ROM on other I/O devices.

Oh and don’t forget the Flash ROM that holds the BIOS that BadBIOS re-opened the issue about OS’s loading driver code from ROM and treating it as 100% trusted, something Lenovo went on to use for persistant malware. You might also remember when GCHQ’s “Tweedldee and Tweedldum went upto London” for a little shopping trip then to step into the Guardian News Papers “basment” to “securely destroy” Apple computers that had had the Snowden Archive on? The resulting photographs should be obligitory course material for any security qualification. As was the idiocy of letting a pissing match between seniors in the cabinate office and Guardian managment give publicity that arguably was “Prejudicial to UK National Security”.

Further any one who has been reading this blog prior to Snowden would have seen discussions about the issues of semi-mutable memory like Flash ROM in I/O devices, it was mentioned a few times when talking about cold booting from CD without a hard drive etc.

But as I pointed out long before Google anounced Chrome, the real problem with applications like web browsers was they removed the OS process memory protections often based in hardware, and replaced it with a single process space with shared memory thus it was like having no memory protection mechansium at all.

It was especialy bad on Versions of MS Windows where to try and avoid legal action they conjoined the web browser and the desktop, thus like sharing blood they shared malware and had atleast double the attack surface…

Sancho_P September 19, 2017 12:43 PM

@Moderator – Thanks for clarifying!

Having completely ignored that posting I still have probs to read it as legit question (in context to the policy update and Nick P’s posting style), funny how differently we click.

albert September 19, 2017 2:07 PM

@Bob, et al,

Thanks for the link.

The essential problem with ‘medical research’ is the lack of understanding of the function of -energy- in living systems.

Millions of dollars spent on studies of carcinogens (and millions more spent on ignoring/disputing them) have not yielded any cancer cures. Cancer is a bogeyman, equivalent to ‘terrorism’ in the police state.

As with particle physics, medicine has lost its way. No longer can researchers connect effects to causes, because of preconceived notions of how the body works.

I had an interesting experience on a trip to my doctors office. It’s located on the top floor of an office building, festooned with cell antennae. Since I often use the stairs, I noticed another stairway up to the roof. At the top, there was a DANGER sign, explaining how to avoid the antennas. Not a problem for the cellular maintenance folks, as they kill the power first, but for the HVAC and building maintenance folks who can’t.

Interesting, considering how ‘safe’ cell towers are for local residents.

We are -bathed- in cellular microwave radiation 24/7, and from WiFi hotspots everywhere, including our own homes. Add civilian/military radar, weather radar, UHF broadcasting antennas, microwave ovens…

Happy EM Day, everyone!
. .. . .. — ….

Clive Robinson September 19, 2017 4:05 PM

@ Albert,

Interesting, considering how ‘safe’ cell towers are for local residents.

If you accept the “heat model” as the harm graph, then due to the high gain (colinear corner reflector) antennas little or nothing is radiated either downards or upwards. Also with the ground plane effect of the roof the null under the mast can be 60-70dB down which in real terms is 1/million to 1/10millon of the Efective Radiated Power(ERP) of the often quite low (10-30dBm) power per channel going into the feeder[1]. Which can be a lot less than what escapes out of a microwave oven’s door seals if it’s had a bit of rough use[2].

However if you live on the top floor of a block of flats adjacent to the block the cellular base station is on you could be getting rather more power as you are now effectively in the main power lobe…

I can give you the power / distance / frequency calculations if you want them but in general they won’t give you a reliable value as they are for “free space” propergation and most buildings are anything but free space. When modeling things in general “the method of moments” is used which grew out of Lawrence Livermore National Laboratory’s NEC program from back in the 1970’s.

[1] Which is a bit misleading due to the voltage additive property of multiple channel transmissions giving very high instantaneous peek powers (when dealing with power to voltage conversion you multiply the power dB figure for each channel by two, then to get peak power add the voltage dB values together and then divide the total by two to get the peak power).

[2] Emissions from microwave ovens are generaly considered slightly more harmfull to living tissue than the same power emmisions from mobile phones at the same power levels due to the dielectric heating effect of OH tails on molecules. However few people put their head up against a microwave door…

albert September 19, 2017 5:05 PM


It’s interesting to note that in the example I cited, it’s impossible to stand in front of the antennas, except for a fraction of a second before you fall to your death. I suspect there is leakage round the sides of the enclosures. However, there are all sorts of serious symptoms associated with folks who live in the ‘main’ lobes.

Heating effects can kill; there are documented cases on record. If you get a copy of “The Zapping of America”, you can read the history of case studies. (Until I can read The “Body Electric”, “Microwave News” will have to do)

Other effects, like DNA damage could take years to assess, and ‘body energy’ effects will never be studied, because science doesn’t know or care about them.

As a general rule, corporations follow the forgiveness/permission paradigm and the ‘throw it at a wall and see if it sticks’ philosophy.

A -good- field-strength meter (better, a spectrum analyzer) will give you exposure data, but who’s to set the safe limits? Are we to look to those who establish the ‘safe’ limits for ionizing radiation?r

Rife had his microscope (never duplicated, AFAIK), but he used RF to penetrate the body with ‘audio’ frequencies. Skin-electrode systems work quite well, and are simpler and cheaper by far. Search for jwlabs for a good version. The A3 is the best buy. The A4 is cooler, but way expensive. (The usual disclaimers apply)

. .. . .. — ….

Clive Robinson September 19, 2017 5:25 PM

Gas Pump CC Skimer info

Normally you would expect to see Credit Card Skimmer info on Krebs, where it often lacks technical detail.

However SparkFun has a much more technical write up on CC Skimmers appearing in Gas Pumps in many places in North America, and in all likely hood “Comeing to a place near you soon”, if it’s not already fleeced you.

They have also come up with an app that detects this CC skimmer through it’s Bluetooth interface…

Nick P September 19, 2017 8:11 PM

The Karger-Thompson Attack: History, Prior Work, and Recommendations
(simplified, nicer version of prior discussions reposted from

There’s two angles here: trusting your compiler or tools to not be subverted; trusting your hardware not to be. They require the same concepts to solve.

Paul Karger invented the so-called Thompson attack in the MULTICS evaluation he sent to Thompson and the others. The solutions that he, Roger Schell, & other inventors of INFOSEC proposed were called high-assurance security. I recently noticed that they actually deployed first version of that (in SCOMP) before Thompson even wrote about that one problem. Karger et al didn’t play. The solutions collectively became the certification criteria for security called the TCSEC with its “Rainbow Books.”

So, here’s a summary of it restricted to relevant stuff. The system, including all privileged stuff, has to be formally specified in terms of requirements, design, & precise definition of safety/security for it. Some methods like VDM are close to programming languages if other stuff is hard. Basic points are no ambiguity is allowed, all states (including failure) are accounted for, and specs/models can map to the source code so their analyses are meaningful. The source itself is modular (info hiding a la Parnas), has interface checks for its assumptions (Dijkstra & Hoare), keeps trusted part to minimum (Hansen), is layered in a way with no looping of controls (predictability), uses safe language/CPU if possible (Barton), individual artifacts traceable to specific requirements/design (no dead code or backdoors), and everything tested against spec & security policy. This needed configuration management with physical and technical protection with all changes by any developer checked for failure or malice. System was cryptographically or physically transmitted to customers with option of on-site generation from source using standard, local tools w/ rerun of tests, proofs, etc.

Those systems had low odds of subversion on top of NSA pentesters not accomplishing anything with 2-5 years of hitting a few. Quite the contrast to how Karger et al shredded MULTICS on every level. Methods proved out. Today, we have multiple paths to go from those lessons learned: (a) high-assurance compilers like CompCert or CakeML that go from source to object code with mathematical proof of correctness like above; (b) apply formal or rigorous informal methods to simplified interpreter like Wirth’s P-code, Mini-ML, or Scheme the rest is built in; (c) pencil and paper method of the same where it’s done in simple functions or FSM’s checked by computers then produced from source by hand; (d) any of above on diverse hardware from mutually-suspicious parties checking all results are the same for probabilistic security. After initial compiler is bootstrapped, use it to compile extended version of itself with optimizations added in modular, optional way. That it’s laborious work using unpopular, development style & tools is why most “solutions” in FOSS for anti-subversion use hugely-complicated compilers written in C/C++ w/ maybe reproducible builds. Many ways available, esp with optimization passes, to sabotage source of apps esp disabling security checks. Accidental and intentional were published as proof.

For hardware, you have a similar problem but maybe easier to handle on formal verification side due to boolean & FSM’s. Been done several times from CLI’s stack (FM9001) to Rockwell’s AAMP7G to open-ish VAMP (DLX-like). My solution is a JOP- or Forth-like processor built on 350-500nm node that’s inspectable with a microscope against the supposed layout. It’s specified as abstract state machine, refined into FSM’s, and eventually into gates. Equivalence check each step formally and with tests. Design it formally or with careful, manual methods. The software to do the trusted steps of this process is verified so that just the initial input and final results verified by eye for hardware part. Run it in diverse toolchains on diverse hardware as in (d). Order 30-50 chips with random sample tested with logic analyzer & torn down for visual inspection. Rest probably OK. Physically protect them in many places so they can be trusted to make next set of hardware and software with each person’s pile of vetted chips adding to a distributed, assurance case when they output identical analyses or binaries. Do all the above in fast, state-of-the-art hardware & software for fast iterations with the safe stuff basically acting as a checker & root of trust for final production.

So, that’s how you do high-assurance systems that counter subversion at hardware and software level. It’s how it’s been done since the 70’s in software with hardware assurance at CLI starting in the 1980’s. Commercial and FOSS tools available to help with the task along with even free books online. Commercial & FOSS products/projects used them successfully. Supplier diversity, obfuscation, & equivalent results most important on hardware side. Strong, design-for-review with storage integrity & transmission security on software end built on simple, safe tooling. Prior work includes CompCert, Verisoft (VAMP + C + OS), Rockwell (models + SPARK + AAMP7G), Myreen et al’s stacks, the OP link in terms of comprehensibility, and so on. People just got to apply what’s worked & improved since the 1960’s if you count basics of design & implementation. It sounds tough but you’re countering human malice in hardware and software plus regular failures.

Meanwhile, I’m working on high-level schemes to do (b) to (d) above since I can’t handle learning formal verification just yet. I have three, potential ways to do it so far. Still revising them. I’ll pass it onto specialists once it looks doable.

Wael September 19, 2017 9:28 PM

@Nick P,

Excellent summary. I particularly like the way you mapped a concept to a reference like:

uses safe language/CPU if possible (Barton),

Well organized, bud! Well organized.

Nick P September 19, 2017 9:49 PM

@ Wael

Thanks! The references were partly a holdover from college but I think mainly since I already mentioned them in detail on Lobsters. So, I just put them in parentheses to save readers time on familiar material. The original post with them was my semi-masterpiece on history and assurance methods here. So, I just shorthanded.

JG4 September 19, 2017 10:00 PM

@albert, Bob, MarkH, Clive, Rachel and others – it took me a long time to remember this, but I’m pretty sure that 15 to 20 years ago, there was a landmark study on RF effects in live cell cultures, that saw effects well below the level expected from heating. it was not long after the time that I was alerted to the problem of brain cancer seen in Sweden in the 1990’s and not long before the first of the news clips below hit the press. I hadn’t seen or had forgotten the news clips until now, although I’ve seen the overall controversy in the headlines forever. and I had just about forgotten about the subtle cellular effects. because of my time in radar, which has been long associated with cataracts, I already was interested in understanding more about biological effects of RF. the anecdote about the brain cancer survivors support group in Sweden (which I heard roughly 1998 to 2001, if I didn’t say that already) put me on higher alert, so I read whatever showed up on the general topic in science news and similar outlets. it appears that there has been plenty of research effort since. I haven’t seen the particular membrane and membrane-bound protein effects mentioned in the recent discussion here, but Clive alluded to non-thermal effects, of which there are many, and may have said membrane potential. luckily the Sweden anecdote alone made me paranoid enough to not have a cell phone until 2008, and it didn’t take long for me to start keeping paper in the battery contacts, so my cell phone exposure has been very low.

my recollection is that the researchers claimed to have demonstrated a direct effect on cell growth, which may have involved DNA transcription, at power levels that should have been too weak to have any effect via thermal pathways. the details escape me, but effect was thought to have involved modulation of the cell membrane potential and a membrane-bound sensor protein that could send signals to cellular processes. cells are more complex than we currently understand and there are plenty of mechanisms beyond heating that can disrupt the subtle intracellular control and signaling systems, which is quite similar to the problem with environmental chemicals. my big three are bisphenol, polybrominated diphenyl ethers and diethyl hexyl phthalate. there are plenty of others. Einstein’s contribution to understanding the threshold of action in the photoelectric effect, which is wavelength-dependent rather than intensity-dependent, may be similar to radiation effects, where it is not heating, but a quantum of energy being sensed by a membrane-bound protein. biological effects are seen, though not consistently, at power levels too small to be thermal. the on-going discussion finally inspired me to have a look-see at the literature. this search pulled up a couple of gems that at least indicate a serious look at the cell culture studies

I also attempted to find any literature on epigenetic effects of RF, which will turn out to be a powerful approach to finding out if the effects are real. it is early innings for epigenetics, speaking of Sweden. I didn’t find anything worth mentioning, but I could have tried harder.

people in rural areas may have more fuel, pesticide and herbicide exposure than city dwellers, besides spending more time on the phone, with higher power levels, and more time driving and all kinds of other very-difficult-to-control variables.

Swedish Study Finds Cell Phone-Brain Tumor Link
Users of digital phones in rural areas may be at greater risk of brain cancer

The researchers said that incidence of brain tumors in rural areas of Sweden was much higher among users of GSM cell phones than among rural residents who were not cell phone users. The rate was also higher than among GSM users in urban areas.
The chance of developing a malignant brain tumor was roughly eight times higher for cell phone users in the Swedish countryside than in urban areas. The risk of developing any brain tumor was four times higher for country dwellers using mobile phones for five years or more, compared with those who did not use the devices.

New study links wireless phone use and malignant brain cancer
…[this corroborates my point that earlier cell phones were more dangerous]
Swedes who talked on cell or cordless phones for more than 25 years had three times the risk of one type of brain cancer, compared with people who used those phones for under a year, a new study in the journal Pathophysiology suggests.
The longer someone talked on their phone — in terms of hours and years — the more likely they were to develop glioma, a deadly form of brain cancer.
…[this corroborates MarkH’s point that cancer rates have not spiked, with the exceptions in Sweden noted above]
Though cell phone use tripled between 2000 and 2010, rates of cancer in areas of the brain exposed to more radiofrequency radiation from cell phones did not rise.

this seems to hew to the “party line.” btw, this document also bears on the purported Cuban embassy attacks. it may have been mentioned by Clive. the authors acknowledge that cellular effects are seen in many studies, but find them to be irreproducible, as well as inconsistent

Health Effects from Radiofrequency Electromagnetic Fields

Under conditions of high peak power, a pulsed microwave-stimulated auditory response occurs (Lin and Wang, 2007). Transient localised heating, and associated tissue expansion, generates an acoustic wave that stimulates the ear directly. Peak power densities of a few kilowatts per metre squared are required to exceed the threshold acoustic pressure for hearing in humans (20 mPa).

this certainly is a credible look at the literature, even if the results are inconclusive

Evidence of Biological Effects of RF Exposure Relevant to PAVE PAWS Radar System

speaking of biological effects, Peter Watts called 8u115h1t on my cardiotoxin targeting theory. he said that for how many times the stingray stabbed Steve Irwin when it freaked out, it would have been remarkable if his heart hadn’t been hit directly. he wasn’t the only near-famous to famous biologist to pooh-pooh the idea. I still think that it would be easy to miss some pressure/wave transducers and stinger targeting system, but I’ll defer to the biologists

MarkH September 20, 2017 3:20 AM

A Footnote on Microwave Auditory Effect

A few times in my life, I have experienced a sound coincident with nearby lightning strikes. [I’m pleased to report that in no case have I been “struck” (electrically shocked) by lightning discharge.]

The character of the apparent sound was a sharp snap — not very loud, but prominent and distinct; essentially similar to the sound from the arc created when shorting a capacitor charged to a high voltage by placing a piece of metal across the terminals.

[This type of sound is about as close as it’s practical to come to a “unit impulse” in audio, and has been used for testing microphone impulse response.]

In each case, I estimated the lightning bolt to be between roughly 30 and 150 meters distant, and the subjective sound was not due to transmission through the air of pressure from the lightning shock wave, because it was appeared to be precisely coincident with the flash of light.

I heard the acoustic wavefronts (thunder) distinctly later (some dozens or hundreds of milliseconds), and you won’t be surprised that it was in every case WAY louder than the light-synchronous snap.

The first couple of times I experienced this I was indoors, and supposed that the lightning must have induced an arc discharge in some electrical appliance in the room with me.

However, I eventually heard it one time while outdoors (in a massive downpour). It was then that it occurred to me that it possibly wasn’t an objective sound, but rather induced in my nervous system by electromagnetic radiation from the discharge.

Lightning bolts are of course very wide-spectrum emitters, and have been observed to emit microwave radiation, though in a quick search I did not find at what kind of power levels.

I haven’t encountered anyone else who described such experiences, but likely many others have. Perhaps I was experiencing natural examples of microwave auditory effect.

JG4 September 20, 2017 7:11 AM

whose data is it anyway? who’s phone is it? their code’s not good enough for me. worse, their hardware’s not good enough for me. Thanks Nick P for the brilliant system analysis of how to get to a secure system.

the Deep State started as the security wing of the Eastern Establishment, which was the old money and Ivy league schools. the power center of the US was pulled toward Texas with the oil boom. the technology epicenter of the Deep State has moved west in the past five to ten decades, with the draw of California weather and California petroleum for aviation, and the investments in JPL, Stanford, Caltech and other intellectual powerhouses that spawned the likes of HP, Intel, Google and others too numerous to catalog. in the time before the rise of Silicon Valley, the national security infrastructure was roughly located between Delaware (starting with propellants manufactured from animal urine) to NJ (glass and electron tubes, AT&T/Bell Labs) to Boston (MIT, Harvard, Brown, …) to the Connective River Valley (the machine tool industry and every major gun manufacturer of the time). the rise of the Pentagon pulled the epicenter south and spawned the rise of the Beltway Bandits. it was oil that propelled Howard Hughes to fame, but his work on various patches of the national security blanket was impressive. as much as anything, it was California petroleum that broke the Rockefeller cartel. the Eastern Establishment does not like to hold itself or its members accountable for mistakes, but they will crucify you on a moment’s notice if you threaten their status quo. their tribes of knuckledraggers (aka guard labor) also are unaccountable. from the establishment newspaper of record, some compelling evidence for biological effects from cell phone radiation:

A recent study by Nora Volkow, published in The Journal of the American Medical Association (JAMA) and reported in this newspaper on March 30, has raised this unusual possibility. Volkow is an innovative brain researcher who is director of the National Institute on Drug Abuse in Bethesda, Md. She recruited 47 people and placed an “active” phone next to one ear (the phone was on — generating radiation, but silent, so that Volkow could eliminate the effects of sound and conversation). She then used a specialized brain scanner capable of detecting alterations in glucose. Glucose — a sugar — is the metabolic fuel for the brain. When parts of the brain are activated, brain cells begin to metabolize glucose at an increased rate. Volkow’s scanner was equipped to detect even marginal changes in glucose metabolism.
When Volkow compared subjects with phones turned on with subjects who had their phones turned off, she found a striking pattern: there was a telltale sign of increased brain-glucose activity in the area of the brain immediately adjacent to the antenna of the phone.

not sure if this is credible or not, but the writing is fairly good and it ties to the scientific literature. there is an endless supply of misinformation and disinformation out there.

Rationale for Biologically-based Exposure Standards for Low-Intensity Electromagnetic Radiation
Overall, these 1800 or so new studies report abnormal gene transcription (Section 5); genotoxicity and single-and double-strand DNA damage (Section 6); stress proteins because of the fractal RF-antenna like nature of DNA (Section 7); chromatin condensation and loss of DNA repair capacity in human stem cells (Sections 6 and 15); reduction in free-radical scavengers – particularly melatonin (Sections 5, 9, 13, 14, 15, 16 and 17); neurotoxicity in humans and animals (Section 9), carcinogenicity in humans (Sections 11, 12, 13, 14, 15, 16 and 17); serious impacts on human and animal sperm morphology and function (Section 18); effects on offspring behavior (Section 18, 19 and 20); and effects on brain and cranial bone development in the offspring of animals that are exposed to cell phone radiation during pregnancy (Sections 5 and 18). This is only a snapshot of the evidence presented in the BioInitiative 2012 updated report.
Bioeffects are clearly established and occur at very low levels of exposure to electromagnetic fields and radiofrequency radiation. Bioeffects can occur in the first few minutes at levels associated with cell and cordless phone use. Bioeffects can also occur from just minutes of exposure to mobile phone masts (cell towers), WI-FI, and wireless utility ‘smart’ meters that produce whole-body exposure. Chronic base station level exposures can result in illness.

JG4 September 20, 2017 7:21 AM

I often have periods of creativity from going to conferences, where I am exposed to a barrage of new ideas. a lot of that happens on the airplane ride home. I hadn’t considered the possibility that hypoxia plays a role in altering creativity, but it definitely is affected by fasting, sleep deprivation and alcohol consumption. this article is interesting in light of my recent comments about altitude training. if cell phones alter brain metabolism (ignoring the effects of intentionally addictive apps), it is very like that the national mood is altered. just like leaded gasoline altered the national mood and collective IQ in the 1970’s.

unfortunate that we didn’t have pulse oximeters during altitude training. some private pilots wear them as a hypoxia alerting system. the first time I got my hands on one, I was able to drop oxygen saturation about 10% by running up and down four flights of stairs. if I held my breath for a couple of minutes it would get below 90%

There can be no doubt that aircraft cabins are peculiar places for humans to be. They are a weird environment where the air pressure is similar to that atop an 8,000ft-high (2.4km) mountain. The humidity is lower than in some of the world’s driest deserts while the air pumped into the cabin is cooled as low as 10°C (50F) to whisk away the excess heat generated by all the bodies and electronics onboard.
The reduced air pressure on airline flights can reduce the amount of oxygen in passengers’ blood between 6 and 25%, a drop that in hospital would lead many doctors to administer supplementary oxygen.

There are some studies, however, that show even relatively mild levels of hypoxia (deficiency in oxygen) can alter our ability to think clearly. At oxygen levels equivalent to altitudes above 12,000ft (3.6km), healthy adults can start to show measurable changes in their memory, their ability to perform calculations and make decisions. This is why the aviation regulations insist that pilots must wear supplementary oxygen if the cabin air pressure is greater than 12,500ft.
[this could be a result of impaired function of suppressor neurons]
Strangely, the air pressure at altitudes of over 7,000ft (2.1km) has been found to actually increase reaction times – great news for those who like to play computer games during their flight.
But there is some research that shows there can also be small decreases in cognitive performance and reasoning at oxygen levels found at 8,000ft (2.4km) – the same as those found in airline cabins. For most of us, this is unlikely to cloud our thinking much though.

Should you manage to keep your eyes open for long enough to see the crew dim the cabin, however, then you may experience another effect of the lower air pressure. Human night vision can deteriorate by 5-10% at altitudes of just 5,000ft (1.5km). This is because the photoreceptor cells in the retina needed to see in the dark are extremely oxygen-hungry and can struggle to get all they need at a high altitude, causing them to work less effectively.

“Anxiety levels can increase with hypoxia,” explains Valerie Martindale, president of the Aerospace Medical Association at King’s College London. Anxiety is not the only aspect of mood that can be affected by flying. A number of studies has shown spending time at altitude can increase negative emotions like tension, make people less friendly, decrease their energy levels and affect their ability to deal with stress.
“We have shown that some aspects of mood can be altered by exposure to cabin pressures equivalent to altitudes of 6,000-8000ft,” says Stephen Legg, professor of ergonomics at Massey Univeristy in New Zealand, who is studying the impact of mild hypoxia on people. This may go some way towards explaining why passengers often find themselves crying at films more mid-flight, but most effects in scientific studies seem to only occur at altitudes above those that commercial airline cabins are set to. Recently Legg also showed the mild dehydration that might be expected on a flight can also influence mood.

But Hinkelbein has uncovered another strange change in the human body that could also be messing the way our bodies normally work. A new study he conducted with colleagues at the University of Cologne, but yet to be published, has shown even 30 minutes in similar conditions to those experienced on a commercial airliner can alter the balance of molecules associated with the immune system in the blood of volunteers. It suggests the lower air pressure may cause a change in the way our immune systems work.
If flights do alter our immune systems it could not only leave us more vulnerable to picking up infections, but it could alter our mood too
“People used to think they got a cold or flu when travelling due to changes in the climate,” says Hinkelbein. “But it could be because their immune response changes while on a flight. It is something we need to research in more detail.”
If flights do alter our immune systems it could not only leave us more vulnerable to picking up infections, but it could alter our mood too. Increases in inflammation triggered by the immune system are thought to be linked to depression.
“A one off inflammatory challenge from a vaccine can produce a mood dip that resolves in about 48 hours,” says Ed Bullmore, head of psychiatry at the University of Cambridge and who studies how the immune system influences mood disorders. “It would be interesting if a 12-hour flight to the other side of the world caused something similar.”

Clive Robinson September 20, 2017 8:28 AM

@ MarkH,

I’m pleased to report that in no case have I been “struck” (electrically shocked) by lightning discharge.

There I have the (dis)advantage on you I was struck by what was probably a “pilot stroke” in the very late 1970’s. And according to a friend who witnessed it at the time “I lit up like a Christmass tree”. All I remembered was a disembodied fealing[1] then my friend shaking me by my sholders and screaming “are you alright” at me, and my umbrella I’d been holding in the dirt twenty or thirty feet away.

Being close to work we got the umbrella and headed for cover from the torential rain at work. In the staff room my friend was telling others of what he’d seen whilst I looked at the tip of my umbrella that now had very distinct burnt in markings that had not been there the day before. It was suggested that I go to hospital and being youngish and suffering from the foolishness of youth declined. Anyway during work the adrenaline or what ever started to wear off and I started feeling first jumpy then like my bones were itching (like you sometimes get with an infection). Any way shortly before going home time another colleague noticed I was not just pale but greenish and had a waxy sheen and offered to drive me up to the local hospital.

On getting to the reception desk the old bidy who hated male patients did her usual “deaf as a post” routine. So being fed up with her antics[2] I shouted loudly “Are you deaf, I’ve been struck by lightning” at which point not only did every one in the waiting area look up, a young oriental doctor appeared like a gennie from the lamp (but without the purple smoke) ushered me into a cubical where she told me to take of all my clothes. I said “What all of them?” at which point she said I could keep my underpants on. As I undressed various people wheeled in bits of electrical equipment and I was told to lay back at which point they wired me up like some Mary Shelly type experiment and left me there with the ticking of pen charts and whisper of the paper feed motors. The doctor returned examined the charts tore them off the machines and disapeared again.

Every so often a nurse would pop in the cubical stare at me head to toe, smile and say hello or their name and ask how I was feeling and take my pulse or a piece of equipment and disapear out again. One trainee nurse with a clip board asked a load of questions[3] in a general chatty way.

Eventually a much more senior doctor came in and said that yes I’d been struck by lightning and was still suffering the after effects. He then said I could go home but not to drive and rest for a couple of days. I asked if there was going to be after effects or if I would need to come back. He said I might get early onset arthritis in my left shoulder in thirty to fourty years. Thought for a moment then said in a slightly humours way, Oh if you drop down dead before then come back and let us know…

[1] But what I do remember from the strike was the fact I could not hear much for a little while, and it was eerie as the rain was pouring down and not only could I not hear it I could not realy feel it either and everything felt like it had slowed down. Kind of like I was observing from a distance not participating.

[2] I was still a teen but was playing rugby in an over 21’s team because I was to tall and well built –over 6’6″ and 50inch chest– and a little bit enthusiastic for youth teams. Although being quite fit –no beer gut back then and very lean and fast on my feet and well built due to sailing, canoeing and cycling– as a result of inexperiance and lack of fear/pain I used to throw myself into the game and broke more than my fair share of bones. Thus as a result I visted the hospital every few weeks with breaks, mild concussion or “suspect brusing”. Thus I was only to familiar with the old bat’s behaviour :@

[3] Being both young and a bit dense It was not till she turned up at the next match and came over and later joined us for drinks and stood close I realised what she had been upto. But I did forgive her over the following weeks 😉

Bob Paddock September 20, 2017 11:09 AM

@albert @JG4 @Clive

Albert not everyone is overlooking bio -energy- systems in the body.

Kaznacheyev [1] and his colleagues found via a simple experiment infections could be transmitted optically.

Take four petri dishes, must be made of Quartz, with healthy live Yeast from the same culture. Easier to draw than explain:

A -> G -> B

C -> Q -> D

A & C are infected after experiment is setup

B & D Targets on other side of Glass or Quartz barrier.

G Glass Q Quartz

Quartz transmits both ultraviolet and infrared, while glass is comparatively opaque to both.

Target-D would become infected within a few hours while Target-B would not.

The controls are rigorous unlike my simplistic description here.

The explanation can be found in Mitogenetic Radiation which is the force or specific energy that is supposedly given off by cells undergoing division. It may in turn stimulate the process of mitosis in other cells, better known as Gurvich Radiation, named after Alexander Gurwitsch. See also Otto Rahn “Invisible Radiations of Organisms”. Kaznacheyev work has been more recently carried on by Michaylova in Novosibirsk, that explains the Quartz/Glass issue. Related to Rife’s optical work? I don’t know, seems likely.

I know of know no one, at least publicly, connecting this optic work to issues of EMF. I suspect it all interacts in some way, as yet unknown (at least to me).

[1] V.P. Kaznacheyev et al, “Distant Intercellular Interactions in a System of Two Tissue Cultures,” Psychoenergetic Systems, Vol. 1, No. 3, March 1976, pp 141-142. [I have only gotten my hands on downstream version, not the original Russian paper. As Russia did not have Big Pharma, they are FAR head of us in EnergyMed and other Energy Systems of many types.]

Clive Robinson September 20, 2017 12:39 PM

@ Nick P, Wael,

Basic points are no ambiguity is allowed, all states (including failure) are accounted for

This is probably the most important security rule ever and applies at every single level of the computing stack, even when it appears impossible to many people.

The thing is when you manage to get behind the TEMPEST/EmSec “security curtain” as a design engineer (technicians are not realy told about it). You find that although you do get told it’s not presented in a way to make you realise just how important it realy is.

That is it’s more important than segregation/compartmentalization and absolutly essential for choke point instrumentation or hypervisors.

The first problem many designers –especially software– have is a basic failure to understand about how you deal with high numbers of states. Put simply you design only the required states and these are to be both simple and well formed. Every other state potential or actual gets shunted to a “fail safe” default. Often this is “fail hard and long” to stop the fail mode being used for a time based side channel.

The second problem especially software designers new appear to want to get to grips with is “errors and exceptions” often as simple as checking return values. Whilst it should be obvious many software people assume errors come from the left/input side only and forget that faults can be injected from the right/output very advantageously for attackers. In essence by injecting certain faults at the output the software can be in effect transparent against the assumed forward flow, thus it’s state and that of other processes before that can be enumerated via the “error handling” side channel.

I could go on but you’ve probably heard me bang on about it often enough 😉

Rachel September 20, 2017 2:08 PM

JG4 Albert Clive Robinson Bob Paddock

This is exciting. Rife technology goes FOSS. A group of volunteers have worked hard to bring a more advanced version of Rife, with more outstanding features. One assembles the box themselves with cheap, easily sourced materials with plans and assistance made available by the group. It connects to ones PC and the software modules are downloaded for free. Its in light of how expensive and exclusive Rife technology has been so far.

This is a hand held device. I have no idea how it works. It’s about the size of an electric shaver held and applied in basically the same fashion, to a diseased or injured region. Supposedly used by russian space program for therapy and first aid.
Mainstream enough for a lot of physical therapists to include use of in treatment. I’ve seen daily application literally half the time for broken bones to repair. I whacked my forehead on an airconditioner unit once at lunch. Someone present had a Scenar handy and applied it to the squash ball sized lump quickly growing on my face. After half an hour of contact with the unit there was literally no more lump
You -really- want to own one of these.

Supposedly the feds put poison on Rifes toothbrush. Once he worked out all the frequencies for diseases and their treatment, he made that data publically available, which was a despised act.So its said.

We started discussing the acoustic attacks in Cuba, which grew to debating the harm quotient of EMF, leading onto bio-energetic treatments. it’s useful to discuss pro security especially in technology. I’m particularly pleased to inform you of the above tech, both are simply stunning. But I feel this thread is another conversational bit of driftwood in light of what we’re aspiring to, on this forum

albert September 20, 2017 2:20 PM

Interesting thoughts on hypoxia. Living at 8000 foot altitudes requires adaptation. The reason for such low air pressures in (pressurized) aircraft is economic. At 8000ft the air pressure in the cabin is ~11psi, and the cabin stress is 14.7 – 11 = 3.7psi (533lbs/sq.ft), but at 35,000ft the stress is 14.7 – 3.5 = 11.2psi That’s 1613 pounds per square foot. Thus designers go for the lowest possible cabin air pressures to minimize stresses at cruising altitudes. And the stress loads go from ~0 to 1613psf and back to 0 every flight. Sudden big changes of altitude are to be avoided as well.

I must again emphasize that cancer studies become straw man arguments when the conclusions are “It doesn’t cause cancer, so it’s OK”.

In our ‘modern’ world, we are awash in pollutants, including, but by no means limited to, chemicals, drugs, ionizing and non-ionizing radiation, GMOs. We breath them, ingest them, and absorb them, and they are, as yet, beyond our control.

Forget climate change; pollution will eventually eliminate our species. Good news for the Earth, for us, not so much.

. .. . .. — ….

albert September 20, 2017 3:10 PM


They key to Rife is good electronic design. You need a max of 80V. Outputs are square waves. Output should be continuously variable for zero to 80V. Currents are low; 4-AA batteries will do. Frequency ‘programs’ can be placed on CDs, or recorded on digital recorders. I tested a Zoom H1 (a small portable, single AA battery). I used Audacity to generate the freqs, and copied them to the uSD card. Sweeps (like 10-20kHz) are a different story. Perhaps someone can write s/w to do that. Standard rubber pads can be used as electrodes. Use Calendula gel to avoid hot spots.

Caution: You can get burned with too much voltage, or poor skin contact. Electrodes can be placed anywhere on the body, except the face. Leave that to experts. Long, repeated sessions can release lots of toxins, so monitor your saliva pH and ensure it doesn’t go too far below 6. If your pH is below 6 before treatment, you may be in trouble. Aggressive treatments can produce a variety of symptoms, as well.

With battery power, and a tiny H1 (or portable CD player), you may do everyday tasks. Remember, sessions shouldn’t last more than 30 minutes; often 10 min is all that’s required for one session.

For frequency data, see “The Handbook of Rife Frequency Healing”, by Nina Silver.

IMO, the best commercial units are from (they have good general information on their website; read it!)

I’ve used their products, but I have no other connection with them.


@Clive, or other hardware gurus here, could probably design a really good circuit….

. .. . .. — ….

Rachel September 20, 2017 4:16 PM


wow, thats cool thanks for that. But do look at the link, the hardware is already cutting edge. they go into quantum applications of Rife hence the name.

Nice hypoxia write up.
I am reminded of character Tyler Durden in the book Fight Club, explaining whilst travelling at altitude :” The oxygen masks only deliver 8 minutes of air. They are not there to keep you alive. Oxygen makes you high. They are there so you’ll be happy about dying. ”
Old school is boxers going into the mountains in solitude for thin air punishing altitude training for conclusive title bout- and in myth the prophet left society to ascend the mountain, receive the New Tech and return so everyone could jack in. Must be why the Mongols and Gurkhas earn their legendary toughness. Actually their are specific genetic qualities to the Gurkha tribe allowing greater blood oxygen saturation. It is known locally even surrounding tribes are lacking this physiological trait (by a matter of degree) .
You must investigate Wim Hof. Stanislav Grof is the world pioneer and master in hypoxia as therapy. He moved on from psychedelics in the 60’s when he realised the breath could do the same and much more.

Clive Robinson September 20, 2017 4:25 PM

@ Akbert, Rachel,

They key to Rife is good electronic design. You need a max of 80V. Outputs are square waves. Output should be continuously variable for zero to 80V.

This is very similar to the system the Chinese use with acupunctur needles rather than electro-jell pads for anesthetic effect. Their system also generates both saw tooth and triangular waveforms. The kit –for vets– that I’ve looked at works from 0.25Hz to 35Khz and has a maximum voltage of 32V and is set to a level by a variable current limiter.

I’ve also designed diathermy equipment for GP/Dentist use as well as beauty/physio technicians under various names for hair and skin tag / wart etc removal. The original design that I was asked to improve on was a 1.8MHz “power oscillator” that could give 180Volts RMS 510V peak to peak into an electrode and “earthing” return pad. The original desgin scared me a lot as it could in the wrong hands cause severe burns, and if applied incorrectly to the face it could cause blindness…

Clive Robinson September 20, 2017 6:29 PM

For those curious about DNSSEC takeup.

This paper,

    A longitudinal, end-to-end view of the DNSSEC ecosystem

Was presented at USENIX Security 2017,

It goes into why after nearly two decades DNSSEC has only limped out of the starting gate and is in many ways broken,

    This paper performs the first large-scale, longitudinal measurement study into how well DNSSEC’s PKI is managed… Our investigation reveals pervasive mismanagement of the DNSSEC infrastructure. For example, we found that 31% of domains that support DNSSEC fail to publish all relevant records required for validation; 39% of the domains use insufficiently strong key-signing keys; and although 82% of resolvers in our study request DNSSEC records, only 12% of them actually attempt to validate them.

JG4 September 20, 2017 8:09 PM

the Shannon book came today, so I’m going to keep this rant short, at least by my standards. segue to the other book that I ordered at the same time. to track a target requires one integrator. if the target is moving, two integrators. if the target is accelerating, three integrators. if there is jerk (an acceleration of acceleration), then four integrators are required in the tracking loop. I’ve probably said before that control sytems are a simple form of OODA. did I mention the cold war gems that I got this summer in Boston? in the good old days, the textbooks were written by Nobel laureates. you can smell history when you open the pages. a surprisingly detailed view of what happened at the national labs forty years to fifty ago is trapped in the paper of these time machines.

@Bob Paddock, Rachel, albert and Clive – I actually remember seeing the bit about yeast communicating between test tubes on late-night television in the late 1970’s. the demonstration used some kind of electrical meter to (purportedly) measure electrical activity. they made a nice show of how adding food to one tube spiked electrical activity in the other. the bad news is, the proponent and guest on the late-night show was none other than Uri Geller. which is a convenient spring-board to Mr. Rife’s work. I’m sure that there have been many conspiracies to suppress good research, but the first thing that springs to mind when I hear about resonances of pathogens and bent spoons is 8u115h1t. not to say that there can’t be positive effects from electrical stimulation, just that the whole space is just as poorly understood as the effects of cell phone radiation. if the yeast communications were robust and reproducible, someone would have figured out how to make money with them.

the bit about bone-healing effects of small currents is very real. I’ve suspected for decades that bones are piezoelectric and lifting heavy weights generates signals that strengthen bones. electrical muscle stimulation also is very real, as is electro-shock therapy and the conventional practice of electroporation to install new plasmids into e. coli. Clive received a mild case of electroporation. glad that the recovery went well. some people who get electroporated never fully recover from organ damage, like the fireman who ran through a puddle of acrylonitrile to save someone’s life. evolution is extremely gnarly and very likely to pick up and use electromagnetic effects for communication. it is even plausible that bacterial structures emit particular frequencies when excited with food, but I haven’t seen a peep on the topic since Uri Geller in the 1970’s until today. I can’t think of any examples of RF, microwave, IR or THz communication between bacteria even suggested in any seminar or presentation that I’ve seen. I’m not saying it isn’t possible, just that I’m surprised someone didn’t make tehir career on it more recently and more visibly. the EM transmission seen thus far in nature are nerve transmission, various predators that sense electrical activity in prey, maybe platypus, sharks, and eels, as well as plants and animals that emit photons. and my suspicions about sting rays targeting heart muscle with cardiotoxins also might use electrical activity as a guide to where to sting, but that is idle speculation. already implicitly pooh-poohed by the biologists.

@the usual suspects – I am shocked by how little we know about the cascading sequences of unintended consequences that lie in the future. when I was a kid, it was believed that antioxidants would reduce the rate of aging, and there are plausible reasons some of that is true. if only people took their vitamin e and vitamin c, they’d soon be free of cancer. it turns out that some antioxidants result in more and more aggressive cancers, which is completely at odds with the original theory. until we bring into play the fact that the body is an adaptive system, then things start to make more sense. exercise, alcohol, air pollution, electrical stimulation, hypoxia, antioxidants and countless other environmental effects are injurious. because they turn on some genes and turn off others, they can actually reduce overall damage because of induced protective mechanisms, not unlike innoculation. antioxidants surpress free radicials, which otherwise would induce antioxidant enzyme production, as does exercise and moderate alcohol consumption. with reduced free radical production, the response to exercise is muted. it is plausible that RF currents, and various other things that we might do to our bodies with electricity, will induce protective effects, but I would proceed with extreme caution. as I have noted before, some of the environmental effects on gene expression are transmissible. cell phone radiation and therapeutic RF may affect future generations via epigenetics. we have just established that cell phone radiation is harmful in at least some instances. we know that hypoxia causes permanent cognitive deficits in all climbers tested who have been above 8000 meters without oxygen. we further know that under some circumstances, alcohol causes permanent cognitive deficits. Feynman quit drinking, because he didn’t want to risk what he knew to be a unique brain. we know that insulin injections can cause permanent cognitive deficiencies, up to and including persistent vegetative states and the big sleep. I believe that it is a bad idea to experiment with critical infrastructure when we don’t have a solid picture of how it works. Thorp and Buffett tried to teach us to gamble when the odds are in our favor. first we have to measure the odds, then roll the dice. we don’t know what we are doing or where it leads, but everything is a roll of the dice.

Silicon Valley Values September 21, 2017 4:39 AM

American politicians, after many decades of citizen abuse are finally waking-up, only beginning to scratch the surface of the dangers of an unregulated American Big-Data. They finally realize if they don’t act now they will lose the 2020 elections to Mark Zuckerberg’s minions. Other countries can see the issues – but somehow not the blinded Americans.

1) Google and Facebook Vehemently Oppose Sex trafficking Bill
“Silicon Valley holds itself out as being more than just an industry but a movement to make the world a better place,” Senator Rob Portman said in the hearing. “But selling human beings online is the dark side of the internet.”

The Senate invited Facebook and Google to testify but they declined.
Observe arrogant (do no Evil) Google at work, choosing to minimize who can prosecute them:
“One effort, by Google, would block state attorneys general from prosecuting web platforms for hosting any third-party sites that aided sex trafficking. Google said the Justice Department should be the sole agency in charge of enforcing sex trafficking laws.”

2) In the 2016 election Facebook was paid $$$ for political ads from fake accounts linked to Russia

3) Facebook knowingly allowed themselves to be paid to target ‘haters of certain ethnic groups’

4) Did anyone follow debauchery at the latest Burning Man fest?

No Echo, Cortana, Siri Here
a) Everything THEY do is ‘private’ and ‘ anonymous’ even with public officials:
They spoke on the condition of anonymity because Facebook’s discussions with the lawmakers were private.

b) Facebook and Google realized that the political landscape had changed, according to two people with knowledge of the decisions who spoke on the condition of anonymity because the internal corporate decisions were private. (see the movie The Circle)

Clive Robinson September 21, 2017 5:17 AM

@ who?

Well, if you are using Windows I guess a backdoored security tool is the least of your problems.

Funny how cynicism creeps up on you as time goes buy 😉

There ought to be a new universal law that given time every thing degrades to an event horizon where cynicism is guaranteed…

Anyone want to promote the idea thus inevitably having their name for ever more tied to being a cynic?

MarkH September 21, 2017 6:04 AM


“The oxygen masks only deliver 8 minutes of air. They are not there to keep you alive.”

Of course, that’s from a work of fiction, and probably is meant to illuminate some aspect of Durden’s character.

If you’re interested in how it’s designed to work, in the event of sudden depressurization of an airliner’s cabin, the flight crew is trained in a procedure to get the plain down to a safe altitude (typically 10,000 feet) within about 6 minutes.

In such an emergency descent, the plane will reach a life-sustaining altitude (25,000 feet or less) within about 4 minutes.

The emergency oxygen masks are designed to provide at least 12 minutes of oxygen. In an emergency descent with a suddenly depressurized cabin, probably everyone would survive without oxygen masks, but many might lose consciousness.

They really are provided for passenger safety.

It’s worth noting that Durden gets it exactly backwards. Breathing lots of oxygen (even more than you can normally get from air) doesn’t cause euphoria. For people in good health, breathing regular air with anywhere near the sea-level partial pressure of about 3 PSI is enough to fully oxygenate their blood. Having more oxygen available doesn’t change that.

However, hypoxia can induce euphoria. People who do altitude simulations (or experience abrupt hypoxia for other reasons) often report giddy or euphoric feelings.

In case there’s some delay in starting an emergency descent, it’s much better to use the emergency oxygen. The air at cruise altitude is so thin that it can’t sustain life. Without supplemental oxygen, brain cells will be dying within 300 seconds. When a person stops receiving oxygen (due to cardiac arrest, drowning or the like) it’s best to get them “breathing” within 200 seconds if possible, to ensure that they won’t suffer serious brain damage.

JG4 September 21, 2017 7:03 AM

@all – I hope that we are playing nicely enough now that Dirk, Thoth, TM and other good citizens will re-engage.

@Rachel and MarkH – one of the Jet Blue crashes was a pallet of oxygen candles, the other name for the widgets in the drop-down panel. “when breathing security is in conflict with fire security” when you pull the mask down, a striker ignites the perchlorate. if you light off a pallet of candles in the forward cargo compartment, the pilots’ feet will get hot and the cockpit will get smoky. the contents of the pallet shifted on takeoff and entropy got maximized quickly. I’ll fill in the details later on the only time that I’ve used a perchlorate candle, but it involved a puddle of jet fuel 20 to 30 feet across. water mist is your friend when heat output is well into the megawatts. pure oxygen rapidly accelerates damage to lung tissue via free radical oxidation, as does heavy exercise, like dragging a heavy hose up four flights of stairs. they blinded a lot of preemies back in the day, because pure oxyen is particularly destructive to the retina. the only thing worse than pure oxygen is hyperbaric oxygen. we could guess that the survivors eventually had memory problems, diabetes and hearing loss, as does everyone who lives long enough. hypoxia must be far less serious at 8,000 to 15,000 feet than it is at 27,000 feet, so mild hypoxia may not produce permanent cognitive deficits. many edge cases have genetic adaptations, as noted previously, to low iron soils, to endemic malaria and also to low oxygen partial pressure.

@Clive – nice essay. I’ve seen the claim that echoes of a previous universe may have transited the big bang, perhaps fossilized gravity waves or EM waves that were amplified by fast expansion. explosive growth of tech companies amplifies the quirks of the founders, in much the same way that government amplifies the tendencies (the good, the bad and the ugly) of Congress. I think of railroad spikes and tie plates as fossils from the railroad era, not that the era is anywhere near done. they were manufactured in vast quantities, as were insulators for the power and telecom industries of that era. our landfills will fossilize vast numbers of silicon crystal and rust-covered disks. I am optimistic that the robot excavators will dig them up and liquify the contents with chlorine to recover all of the elements as purified feedstocks. I was slow to connect fossils to information, and the extreme case is DNA good enough to sequence and clone. I am optimistic about the solar-electric future of railroads. Szilard and Yockey both recognized the importance of information in DNA. that information has been tuned by the interplay of two major forces, which I call the death tensor and the mate selection tensor, which really is just the mirror image of the death tensor.

the probability of some ordered state surviving in the fossil record is proportional to the number of individuals of that species ever having lived times the very low probability of any piece being preserved. railroad spikes and glass/ceramic insulators are particularly survivable. innovations like body segmentation produced vast numbers of individuals in the Cambrian explosion (entropy maximization) and their life in/on/near sediment preserved many specimens, which can be found in Utah, Montana and Colorado, as well as the Smithsonian. Dinosaur National Monument is worth the trip. a catastrophic flood packed a large number of individuals into mud. special conditions of geochemistry are required to preserve fossil specimens. particularly extreme preservation is seen in the Atacama desert and in ice, but anoxic muds carry bone information quite nicely. as a general rule, anything seen in the fossil record was a wildly successful species to have lived in numbers large enough to see, or lived in/near an extreme environment where preservation was enough more likely to offset lower numbers. anything can happen, but some things are more likely than others. I haven’t said often enough that I really like first principles derivations. Feynman said that if you can’t explain it using freshman calculus, you don’t understand it.

JG4 September 21, 2017 7:36 AM

@MarkH – I am only vaguely aware of SCADA, but I assume that the same poor practices that pervade most other computing industries have left it in horrifying disarray that invites bad people to do bad things, in a way that puts the future of the species at risk, or at least puts the future of the Empire in peril. when I do comment on power security, it is more from a DIY perspective, but sensors for the grid and grid protection can figure prominently in the OODA picture. the grid and threats to the grid provide many examples of generalized system identification. I can’t read this on TOR, so this link is not an endorsement of the content:

speaking of imperiling the future of the species, I can’t recall if anyone posted this previously:

Soviet air defense officer who saved the world dies at age 77 Ars Technica

this is a nice springboard to Wozniak, who ironically helped put more people onto the surveillance grid than all but the most elite of the elite, starting from his libertarian roots in phreaking:

luckily for the Woz, his life is a libertarian wet dream. they have mapped my attack surface so finely that the clickbait showing a titanium anchor has it located as if I were looking in the mirror at the vulnerable tooth. I’m pretty sure that the clickbait is tailored to show people with the same general appearance as ourselves and our friends. because I’ve seen them evolve over time, except when the clickait is hot young chickies. I’ve already forgotten what the latest hair-raising advert was, but it all teaches me how complete the surveillance web is. I’ve been on the surveillance grid longer than most (arrests 1984!, 1991, imprisonment 1992, PGP 1994 to 2006, partly a result of the colorful bookie) and I assume that they’ve left me alone for a few good reasons. I am particularly bitter than they molded me to be a prepper then designated it as a sign of terrorist bent. bitter enough to leave tomorrow, as the Woz did some time ago. I alluded to these gems a few times:

Apple Co-Founder Steve Wozniak Discusses The Constitution, NSA Spying and Torture
Michael Krieger | Posted Tuesday Jun 18, 2013 at 2:03 pm

…[I won’t spoil the video by including the excerpt. it’s worth watching]

Woz habla sobre iOS 7 y el programa de vigilancia PRISM

file under “the Woz has balls the size of alpha centauri” he exhibits some of the same playfulness here as Feynman, Shannon and JG4. btw, the security apparatus surrounding paper money and casinos both go way back in time. we recently touched on the west, which includes Wild, Wild West (whole-cloth fiction) and the origins of steampunk art. I particularly liked Robert Conrad in Baa, Baa Black Sheep, because my Dad was a fighter pilot in the imperial forces.

Letters-General Questions Answered


About 3 years ago I took my daughter, Sara, to Las Vegas for a gymnastics regional that she was in. During the lengthy warmups my wife and I walked down to the Hard Rock Casino and played slot machines. While generously feeding these machines I tipped the waitress a couple of $2 bills. Waitresses in casinos and other places often exclaim at how much they like getting these and how their kids love them. I have tons of $2 bill stories that will make a whole chapter in my book someday. My $2 bills are real and legit but unusual. [JG4: I have a collection of Zim notes, up to $100 trillion, Thanks to Juan Enriquez]

A short while later a casino security manager sat down next to me. He was very quiet and showed no emotion about anything. He was 30-ish and acted like a dedicated security man who knew everything about every type of cash situation ever. This man asked me where I’d gotten the bills and I started a little BS about buying them from a guy that hawked basketball tickets. I sometimes say this to peak [JG4: pique?, picque?] the interest in people that wonder if these bills are real or not. I said that I thought the bills were good and acted like I didn’t know what was going on, just enough to seem evasive. This man told me that they had tested the bills with their testing pen and that the bills were good.

Then he calmly said that they don’t make them like this. I sat for a long time silent and he repeated his statement. I said “you mean, on sheets?” These two $2 bills were attached to each other and perforated. You can purchase $1, $2, and now $5 bills from the Bureau of Printing and Engraving on sheets. The sheets come in sizes of 4, 16, and 32 bills each. I buy such sheets of $2 bills. I carry large sheets, folded in my pocket, and sometimes pull out scissors and cut a few off to pay for something in a store. It’s just for comedy, as the $2 bills cost nearly $3 each when purchased on sheets. They cost even more at coin stores.

As I opened my wallet, I considered whether I should risk using this fake ID on the Secret Service. It probably amounted to a real crime. I had my driver’s license as well. But you only live once and only a few of us even get a chance like this once in our lives. So I handed him the fake ID. He noted and returned it. The Secret Service took an ID that said “Laser Safety Officer” with a photo of myself wearing an eyepatch.

You can begin to see why many people don’t believe this story when I tell it.

Well, the interview covered my entire life history, including passport numbers and driver’s license numbers and all my credit cards and my family names and the schools I attended and more. We covered each of my friends’ names and phone numbers because I couldn’t remember which one had gotten the $2 bills gummed and perforated for me. This ‘interview’ lasted 40 minutes. I missed much of my own daughter’s regional gymnastics meet.

At the end of the session I wiped my brow and told the agent that I was glad it was about the $2 bills. I told him I was worried that he was after my for my 12 year old daughter winning $7500 at Keno that morning.

CallMeLateForSupper September 21, 2017 7:49 AM

@all re: CC skimmer article posted by Clive

First of all, love this article. Lots of quality pics of hardware (yum).

This leaped out at me:
“We were able to pull the firmware from the PIC using a PICKit 3.”

Say whaaaaa…t? Despite the fact that protecting firmware from dumping is fall-down easy, the silly card maker didn’t do it (eye-roll). Piker!

“If you are able to decompile the HEX code into assembly and can make some sense of the function of the firmware, please do so. […] If you are able to decipher additional functionality or interesting characteristics please let us know!”

Very appealing. Excellent project for the short, dark ways of winter. Haven’t dabbled in PIC in more than a decade though, so learning curve ahead!

Bob Paddock September 21, 2017 8:16 AM

@JG4, @Rachel

“…I’m surprised someone didn’t make [their] career on it more recently and more visibly…”

Places like The Rhine Research Center in Durham North Carolina do, see the link to their Bioenergy Lab; I’ve spent time there. It is being studied, just in places most don’t look…

“…the EM transmission seen thus far in nature are nerve transmission, various predators that sense electrical activity in prey, maybe platypus, sharks, and eels, as well as plants and animals that emit photons….”

It is Electrostatic based, see: ‘Detection and learning of floral electric fields by bumblebees‘ by Dominic Clarke, Heather Whitney, Gregory Sutton and Daniel Robert in Science Express. Same for Eels and Sharks. See The Hearth Math Institute research on Stingray/heart targeting.

To Rachel’s point we are drifting from Security. I would carry on such conversations in Bruce’s living room, in far more depth, I don’t know if they interest him? It is always easier to deal with Security when healthy and to know the unconventional ways an adversary may try to attack our health.

To bring this back to Security if you follow the -energy- you eventually end up at the Aharonov–Bohm Effect. Fields can be broken down to their constituent Potentials (E. T. Whittaker). Potentials are not stopped by Faraday Cages…

Nick P September 21, 2017 11:04 AM

@ All

CLKSCREW: Attacking ARM TrustZone security-oblivious, memory management

This is an amazing piece of work. They started with a good concept then hit it from all angles. But, once again, I gotta say: you heard it first on Schneier’s blog. That the problem area was a known unknown anyway. When debating with Joanna of Qubes, one of the reasons she said she chose Xen over the microkernels I mentioned was she wanted the power management. As people described it to me, I said here and elsewhere that the implementation was way too complicated to trust in a secure system. Such management features should be on a microcontroller sitting outside the CPU running verifiable algorithms. Also, use proper isolation to limit shared resources due to covert & side channels.

So, this attack happens since isolation is broken in numerous ways plus stuff is on-CPU. It was preventable but it would cost extra. The market prefers to spend a lot of money after disaster, though. Everything is running right on schedule.

Nick P September 21, 2017 11:15 AM

@ Wael

POLA and default deny fit into which description? The compiler thing or my list of assurance methods?

albert September 21, 2017 12:36 PM

@Clive, @JG4, @Rachel, @Bob P., et al,

Thank you all for the discussion. It has been enlightening.

Quartz is a conductor and amplifier for ‘Chi’, or ‘subtle energy’, or whatever term one prefers.

Such energy has a unique “vibration rate” that varies according to the element or compound under test, but follow no known rules for determining such rates. Living organisms also have overall rates.

Chi is undetectable with standard scientific instruments; this is why conventional science ignores it. The study of Chi is doomed to fail because of this.

. .. . .. — ….

MarkH September 21, 2017 2:06 PM


From what I’ve read about people hit by lightning, you seem to have been quite lucky to make a good recovery. If it was indeed a leader, that was perhaps what saved you …

I like to take long walks in my rural neighborhood, which sometimes entails getting caught in a summer thunderstorm (especially in the days before I could get local weather radar and detailed forecasts via the interwebs).

It was on one of those occasions, that I heard the “snap” effect I described above while out-of-doors. However, there were above-ground power and phone cables strung along the road on wooden utility poles, so I couldn’t exclude an objective sound coming from that source.

It may have been on the same drenched-to-the-skin walk, perhaps 20 minutes down the road, that my path crossed that of a large overhead power transmission line, the kind that typically operates a several hundred kV. [It might amuse a Brit that we often call these high-tension lines.]

Though visibility was limited by the heavy rain, as I reached the power line I could make out two pylons on each side of the road. During the time they were within my range of visibility, I saw all four of these pylons (or perhaps, their overhead ground wires) get direct lightning strikes.

It was about that time that I started to think, “hmmm, maybe it’s not so prudent to be out in these conditions.”

MarkH September 21, 2017 2:41 PM

@JG4, re oxygen:

Yes, oxygen generators get very hot. And as installed in modern passenger planes, they are mounted in a manner designed to safely accommodate that heat.

Jet transport operations of scheduled airlines in developed countries now experience something like one fatal calamity per 3,000,000 departures. Sadly, the “nut that holds the yoke” is implicated in the great majority of these increasingly rare aviation disasters. Loss of life in such flights is very rarely caused by failure of the equipment to function as designed … at least, not without the technical failure being aggravated by the flight crew failing to respond in accordance with their training.

I wouldn’t hesitate to use emergency oxygen over worries of it causing a cabin fire.

High partial pressures of oxygen are not good for the lungs, but lung damage isn’t a medical concern in short exposures. When pure oxygen is administered for a medical emergency (typically because lung damage has reduced capacity to oxygenate blood), doctors want to limit it to 24 hours if possible. The toxic effect on lungs of 5 hours of 100% O2 is probably too small to detect. Human lungs can probably tolerate 50% O2 without limitation.

However, high partial pressures of oxygen present an enormous fire danger!

MarkH September 21, 2017 5:17 PM

About the Mobile Phone Thing…

The open question of mobile phone EM radiation and cancer isn’t completely off the track from security.

Bruce has devoted considerable attention to how our innate patterns of thinking lead to extremely poor assessments of relative risk. It’s hardly an overstatement, to say that one might as well roll dice or throw darts, when ranking what is dangerous enough to merit attention.

Because our natural risk-ranking is so God-f*cking awful, we need help from tools like “statistics” and “logic” and, sorry to say, “science.”

I’m not an apologist for mobile phones. In general, I despise them (whilst at the same time using them).

If I saw evidence that my mobile phone is a dangerous carcinogen, I would responsibly recycle it 😉

People started producing sources of ionizing radiation in industrial quantities roughly 100 years ago, and sources of microwave radiation about 70 years ago. In consequence, large numbers of people have been exposed to this radiation in amounts far in excess of their natural exposure.

We have a LOT of information about health effects of ionizing radiation, and this knowledge was well enough established by 1970 that (as far as I know) there have been no discoveries since then showing that existing radiation health guidance was inadequate.

If anything, on-going research shows that some of the conservative modeling used in ionizing radiation health guidance over-predicted health effects.

A LOT of people have been exposed to varying powers of microwaves in many, many contexts.

How many large radars for military detection and targeting, air traffic control, and weather surveillance have been produced since radar was first invented? Surely, this number must be in the many thousands.

Smaller radars for combat aircraft, airliner weather avoidance, and even in the nose of some guided missiles have also been made by the thousands.

Even smaller radars are used for speed law enforcement on roadways and measuring the speed of baseball pitches … again, thousands upon thousands.

Microwaves are used to send signals to orbiting satellites, and they beam information back to Earth by microwave.

Microwaves were used for decades for long-distance telephone trunk relay, though that application seems to have been largely supplanted by optical fiber.

And of course, microwave ovens have been produced in the hundreds of millions.

A fraction of people live fairly close to mobile phone towers transmitting thousands of watts at phone frequencies.

Almost everyone is bathed in microwaves from our technological civilization.

But many thousands of people … at radar installations, communication antenna sites, in factories where radar or communication transmitters are manufactured, in microwave oven factories, avionics maintenance depots and the like … get much higher exposures. There’s a certain amount they get from normal operations, and there are inevitably negligence and mistakes leading to really huge exposures.

That mobile phones don’t cause cancer, is certainly not proven. But how likely is it, that with a vast experience of microwave exposure, a significant carcinogenic effect has not become obvious?

If you want to worry about your health, there are plenty of KNOWN hazards to consider.

There is one KNOWN carcinogen for nervous-system cancers: ionizing radiation. So, say “no” to cranial CT unless there’s a damn good reason. And don’t stick your head into the core of a nuclear reactor, no matter what they tell you!!!

Mobile phones are probably killing upwards of 10,000 people per year by being operated in the hands of motor vehicle drivers.

They are contributing to sedentary lifestyles that will shorten the lives of many millions.

They are contributing to the lack of actual socializing (you know, like two people who are actually within a meter of each other?), which is likely to cause mass devastation of psychological and bodily health.

Somewhere, I have a scan of a newspaper clipping. A young woman complained that vibration from nearby construction activity could endanger her pregnancy. In her photo, she held a lit cigarette.

A new study found that fetal mortality in Flint Michigan rose by more than 50% during the time when Republicans switched to a high-lead source for the city water supply, to save some money.

Being poor is deadly, in part because KNOWN pollutants are dumped onto the poor in vast disproportion.

The biggest risk factor for cancer is age. So if you’re really afraid of cancer, write lots of text messages while on public roads!

Edward Morbius September 22, 2017 12:26 AM

I’m looking for measures of quantified privacy, part of which requires a robust definition of privacy. There are some useful web and research results, but nothing particularly clear. Most of the references are overly specific to my interests — they concern statistical methods or quantified metrics specific to a particular data store, not a more general, social/cultural discussion.

Jill Lepore in a lecture, Unseen: The Risk of Privacy suggests a historical progression of concepts from mystery to secrecy to privacy:

  • Mystery: That which cannot be known, we’re asked to believe in the absence of evidence. Frequently religious.
  • Secrecy: That which is known, but not to everyone. Often state.
  • Privacy: Kept to ourselves. Generally personal.

It seems to me that privacy is the abilty to set, define, and defend boundaries. (A source of rather constant friction with Google.) In which case some of the possiblities for measurement:

  • The degree to which boundaries can be set.
  • The scope of boundaries which can be defined.
  • The extent to which those boundaries can be defended.
  • The amount of information exposed.
  • The number of parties with access to that information.
  • Whether or not others are better informed of the state or tendencies than the subject of the information itself.
  • Who benefits by the information — the subject or others?

That’s a partial and speculative list, but it gives some sense of where I’m looking.

Previous discussion:

Edward Morbius September 22, 2017 12:31 AM

@alejandro The way in which the intersection of security and politics is to be discussed here, if I’m reading Bruce’s guidelines correctly, is respectfully and productively.

I’ve tackled a similar problem elsewhere. The general guideline I’ve come up with is that it’s not necessary to agree, but one should generally be agreeable.

r September 22, 2017 5:37 AM


I am a ‘flintstone’, I love both my country and my countrymen (and women). Despite the truth behind your statement I still don’t think your direct attribution of ‘republican’ to be fair. While i may from time to time utter the phrase ‘repugnican’ may we keep that staple limited to ‘corrupt’ or ‘self serving’? We have many many many ‘good’ and well intended republicans both in my state and local vicinity thank you.

Clive Robinson September 22, 2017 7:48 AM

There is a BBC “business” news item on network security and IoT devices,

Whilst many readers here may know some or all of it, it’s a short reasonably well written piece you could put under the nose of less ICT savey managers etc for them to get a feel for the problem in a non “sales blurb” manner.

However one thing all should note is that in essence it’s about behavioral signiture analysis. That is “known” network devices have “known capabilities” a subset of which are actually permitted within an organisation or unit by technical policy. Thus if a device starts to behave either outside of it’s capabilities or it’s permissable capabilities it’s a red flag. Likewise if it starts communicating outside of it’s usuall or allowed host group or times even if it is staying within it’s capabilities.

Like it or not such systems are the way of the future, because it’s not possible to “know every device is secure” and they will improve as various AI analysis systems are added.

JG4 September 22, 2017 8:07 AM

Bruce has given clear indications, e.g., by posting “Murder is a recent evolutionary strategy”, that origins of the need for computer security are within the bounds of acceptable discourse. it’s a short step from murder to why we need trust, whether it is in hardware, firmware, software, systems, people, courts, legislation, etc. if it can be shown that trust is misplaced, the entire structure is in danger of collapse. a point well made by John Boyd and the reason that I am moving to Switzerland. the gateway drug for John Boyd literature is the movie The Pentagon Wars. today we are going to see some early national security infrastructure in the mold of neoliberal scavenging of human waste. humans always are at war, against one kind of entropy, in pursuit of maximization of another kind. money and power are proxies for the second kind. the types of entropy are defined in The Selfish Gene by Dawkins. it is the replicators that are driving this bus, but they are using epigenetics and various other mechanisms that have unintended and perverse effects in carrying out the mission. the replicators need Gibbs free energy in the form of food and petroleum to maintain homeostasis. the age of petroleum is drawing to a close, but the timeline is unclear.

@Clive – Thanks for the springboard. for some reason that escapes me, I was all but speechless this morning until I read your stack model. I’d like my derivation of the in-built tribal feature of humans to fit neatly into your stack model. to the extent that my derivation is correct, humans are pre-wired to fit into a hierarchical structure (‘society’) in a cooperative way, and to be able toggle into ‘berserker’ mode when it is necessary and/or useful to chop up the members of offending neighboring tribes. or more neatly, humans have a natural predisposition to violence, which is regulated genetically, epigenetically and culturally. the predisposition to violence was an essential feature of tribal life, not a bug. in civilized countries, it can be largely turned off, e.g., Japan. in the US we were brainwashed with incantations that began, “I am an American fighting man. I serve in the forces that guard our country and our way of life…” with the aim of turning on the mindset that Fred Reed captured beautifully. add some testosterone and you’ve got a volatile mixture. back in the day, it was a pretty good country, but it has gone downhill in recent years as a result of rampant greed and ethical decay. the blue tribe use propellants to destroy anyone who won’t listen to their instructions fast enough, or who try to run away. human rights always have taken a back seat to money and power. Empire is a machine with gears made of guns and words.

it should be clear that a system that routinely shoots blacks and deaf people isn’t worth defending. as Jim Kunstler puts it, even our architecture isn’t worth defending. the liars, thieves and murderers who run this asylum lately aren’t any better than the ones running any other asylums. my take is that the problem is unaccountable power, which is why I was rabidly anti-Marxist for many years. if it weren’t for Putin’s statemanship, I might be more rabid today. the lies from Clapper et al are just an attempt to maintain the status quo, but have breached trust at scale. Stalin and Mao practiced genocide on the scale of Ghengis Khan, but they didn’t do it the hard way with swords and horses. not that pooping blood on the Long March was easy work, but killing 50 million people with guns is a lot easier than doing it with swords. I am not at all pro-Marxist, but I realize that capitalism can create unaccountable powers just as dangerous as the Marxists. Congress has created unaccountable powers that may now control Congress. we have touched previously on how the US empire killed 20 million Asians in pursuit of resources and containment. napalm, carpet bombs and turbine engines make for much easier work than either swords and horses or guns and bullets. not sure how many millions were lost in the middle East genocides in pursuit of oil and arms sales, but Empire is a machine driven by greed, fear, hubris and amorality that crushes bodies and souls to make money and power.

we touched yesterday on how perchlorate can be used as a source of oxygen to maintain brain function at low atmospheric pressure. it could be chlorate in the candles, but that is made by the same process. the history of perchlorate is part of the DNA of Morton Thiokol, which had an impressive accident in the Utah desert. perchlorate and aluminum were the key ingredients of the solid boosters in the space shuttle program. it figures prominently in the acquisition of ATK Orbital by Northrop Grumman. Empire is a machine with gears made of elements, which provide the energetics and bioenergetics of carrots and sticks. the sticks have a lot of diversity, depending on the scale of entropy maximization. for killing individual deaf people, bullets are preferred. for killing 8 or 9 million North Koreans, carpet bombs are preferred. napalm and atom bombs are good for numbers in the range of 100,000 to 500,00 civilians. another day we will look at omega-3 oils as an essential input for maintaining cognitive abilities. your computer security won’t do much good if your human gears managed by gun gears and word gears can’t function.

file under “all your nitrogen are belong to us” and “human urine, excrement and bodies as national security infrastructure” it doesn’t come out in the article that I link here, but the colonists were able to use church infrastructure in the US to reprovision their forces in the escape from British empire. the graveyard soil could be dug up and extracted with hot water to get saltpetre. the worms had scattered the nitrogen more or less within the bounds of the stone walls, so the graves didn’t have to be desecrated to get the saltpetre. the wooden pews could be made into charcoal. if sulphur candles were used to manage the church mice, they would provide the third ingredient for propellant. I have no idea where the colonists got their sulphur, or the Europeans for that matter, but it still is a key cog in the national security infrastructure. today, sulphur comes from wells in Texas, where it probably is a byproduct of fossil fuel formation or volcanism. it is used at a staggering scale to make phosphate fertilizer, as well as for pickling steel and numerous other critical infrastructure functions. the fourth element is lead, from the melted organ pipes. it was the Germans who brought schutzenfest to the US, which led to catastrophic British losses at New Orleans, when they engaged the squirrel hunters led by Colonel Jackson.

Same old warfare?

Given that human nature is unchanging, new weapons are merely accelerants of the same old, same old fighting. In this timeless debate, three very different books on the interplay between technology and war assume that contemporary high-tech computerized weapons, the introduction of napalm during the Second World War, and the widespread production of saltpeter have all done their part to reinvent the theories of warfare of their respective ages.
Saltpetre was certainly felt to be mysterious (best used in a ratio of six parts sulphur, and one part charcoal). Early scientists were not sure whether it was organic and sprouted from the soil, or a mineral to be mined. They agreed only that it seemed to turn up most plentifully in soils rich in urine and dung. The result was that the British crown for four centuries gave a veritable blank cheque for freelancing saltpetre hunters to scour the countryside at a breakneck pace for this strategic national asset. And dig around they did, especially in toppling private stables, overturning outhouses, and tunnelling through refuse piles of both the rich (with some difficulty) and the poor, as well as in caves and burrows where naturally occurring manure and guano were plentiful.
Try as the British might to organize society to save their saltpetre systematically (something akin to the modern idea of putting your daily waste in the proper coloured plastic container), the crown was never quite able to turn a scavenging art into a science of systematized production. Haphazard collection persisted in Britain – unlike the more sophisticated processes in Switzerland and France – until the onset of the Industrial Revolution, mass importation of cheap saltpetre from India, and, later the replacement of gunpowder altogether by cordite-based ammunition.
Cressy captures well the tensions over near-lawless collectors who toppled barns and tore up gardens to get their hands on the treasure, without which, the crown continually lectured its British subjects, the growing empire would dissolve.

Copyright 2017 JG4 All rights reserved Published here by permission

—moderator snip here if four is too many—

Big Brother Is Watching You Watch

Dear Apple, The IPhoneX and FaceID are Orwellian and Creepy Hacker Noon

Distrustful US Allies Force Spy Agency to Back Down in Encryption Fight Reuters

SEC Hacked: Information From Breach May Have Been Used in Trading International Business Times

Beijing’s Battle to Control Its Homegrown Tech Giants FT

MarkH September 22, 2017 3:01 PM


I don’t get the flintstone reference … unless you mean old-fashioned (traditional). Anyway, I too love my country and countrymen.

I referenced a political party, which I almost never do on this blog, for a damn good reason.

In our crazy two-party system, one of the two has, since 1980, consistently adhered to a policy of comforting the comfortable, and afflicting the afflicted. Though they don’t always say it so plainly, a majority of them believe that poor people are poor because they are defective in morals and character. Accordingly, their suffering is proper and necessary.

I don’t believe that anybody said, “let’s kill and maim people to save a few million dollars.”

But consistently in the US, poor people bear an extremely disproportionate burden of all kinds of toxic pollution. Their political power is low, and their neighborhoods are convenient dumping grounds. Flint is one of the most distressed cities in all of America.

The GOP — Greed Over People — prioritized Cutting Costs (one of their Gods) over human lives. I suggest that the opposition party has a clearly distinct track record, when it comes to this type of decision making.

Clive Robinson September 22, 2017 3:43 PM

@ JG4,

Your posting, has revealed a failing to the changes in the 100 Latest Comments page.

It cuts a page down to about the first couple of paragraphs. Which means if you reply to two or more people with diferent sections for each in the same post the second and subsequent persons names do not get displayed and thus cannot be seen or searched for. Thus may get missed, by people like me who do not read individual thteads, unless they are the current days thread.

A case of “unintended consequences”.

Bruce Schneier September 22, 2017 4:50 PM

@Clive Robinson

“Your posting, has revealed a failing to the changes in the 100 Latest Comments page.”

You’re right. I hope people will quickly adapt.

Changes to the 100 latest comments September 22, 2017 4:56 PM

On one hand we could all be more concise; on the other hand …

Two things:

If you load 100 latest comments in your browser and then are away from the internet while reading them then you can’t read “More –>” until you are back on the internet, of course.

Second, for those counting ISP bytes, “More –>” might be costly, depending, of course, on the length of the respective thread.

r September 22, 2017 5:13 PM


Never attribute to malice what one can merely accomplish with incompetence.

You’re not from around here, 40% of “Genesee county” (roughly) can’t read beyond a 4th grade level and you want tho blame a political party when the great simplification amply falls on ‘government’ itself regardless of party? Sell me another line about who is failing when NOBODY steps up.

MarkH September 22, 2017 5:24 PM


You’re right. I’m from far-away Calhoun County Michigan, more than 100 miles as the crow flies.

Are you seriously suggesting that there is not a systematic difference between the way the two parties allocate public funds for low-income Americans?



Well, the Constitution guarantees your right to believe whatever you want.

Wael September 22, 2017 5:35 PM

@Clive Robinson,

has revealed a failing to the changes in the 100 Latest Comments

I thought about that as well. Just address all recipients in the header, then add each again for specific replies.

MarkH September 22, 2017 6:35 PM

@Clive, who wrote:

“Analysis from voting patterns indicates the stronger exit sentiment where immigration and ‘foreigners’ was lowest. Remain votes were higher where immigration was high.”

Polling indicates exactly the same pattern in the US.

Likewise, about four decades ago when violent crime incidence was miserably high in the US, there was a strong negative correlation: fear of crime was greatest where crime was least.

Democracy’s design flaw, is the appalling tendency of most to substitute emotion for knowledge and reason.

Clive Robinson September 22, 2017 8:19 PM

@ MarkH, r,

Are you seriously suggesting that there is not a systematic difference between the way the two parties allocate public funds for low-income Americans?

I think that the pair of you are talking about a large problem from different angles / view points. Neither of you is wrong in what you see and both views explain what you see of the problem.

It’s like the tale of the three blind men describing an elephant. One touches the tail and declares the elephant to be like a rope, another touches a leg and says the elephant is like a trunk of a tree, whilst the third on touching the flank says the elephant is like a barn.

The trick is to “see the whole beast for what it is” which often involves turning around walking some distance before turning around to a fresh point of view, to see how the close in views link together.

Education is often bad due to inadequate teaching, and this can happen because of lack of resources. Where parents have a choice they will move their children to what they think is a better place of learning. This often has the effect of reducing the average. Which is important because children like it or not learn as much from each other as they do from their teachers. They also tend to be competitive where they can and with what skills they have. If the skills are what others would consider anti-social then with few exceprions the peer group will move towards that skill set.

The next issue with education is funding, there is never enough money allocated to teaching. Even if it’s increased those who supply the schools will simply raise their prices and thus negate the increased value. It’s what you get with a captive market, the suppliers are the equivalent of parasites on another animal. As the animal grows the parasites suck more blood thus the animal gets held back. The parasites know enough not to suck too much blood and kill the host, but other wise they will bleed the animal all they can. We see exactlyvthe same behaviour in “big pharma” they do not want to cure an illness with a couple of pills if they can sufficiently control the symptoms, that way they sell a couple of pills a day indefinitely, at way way greater profit.

But there is another aspect which is political and involves the notion of “Throwing good money after bad”. It takes time to turn any large system around due to inertia, thus for quite a while any money spent will look likeva waste. Time is short in politics and most people think it’s a good idea to “Rewarding success”. Thus the not unexpected result will be resources will be diverted from where they are needed to where they are not, simply because it both looks good and forfiles peoples expectations…

There are a large number of similar issues the net result though is what you both see plus other issues. It’s a mess without the need of malice or venal behaviour, though you will find plenty of both if you do a little more than glance at the proble. But there is also another factor involved you don’t get fired if you follow the rules, but you need to break the rules to achive results. So from a self preservation point of view you do not try to fix things, because it’s most likely to end your career deeder than a dodo in amber. Survival in a bureaucracy is all about making no decisions or more precisely finding rules by which you are not alowed to make a decision…

It’s a fundemental difference between a businessman and a bureaucrat… A businessman will not survive the competition unless he pushes the rules to breaking point or beyond. A bureaucrat however will not survive if he breaks the rules. They are two fundamentally different mind sets. Kind of like salt and fresh water fish they can not survive in the others environment. Thus many “Headline Political Pronouncements” may sound good on paper or at the press conferance lectern, but are in reality fairly well doomed to die before they are even born.

It’s morally and ethically wrong to behave in these ways, but atleast you survive long enough to have regrets in a decade or three…

politics are strange or people are strange (Doors) September 23, 2017 1:40 AM

Regarding the upcoming German election:

“Election-watchers expected a flood of fake news and inflammatory social media aiding Alternative for Germany, known by its German initials, AfD, to come from Russia. But one of the major publishers of online content friendly to the far-right party is an American website financed in large part and lead by Jewish philanthropist Nina Rosenwald.”

Sound like Mercers, Cambridge Analytica, etc., and Brexit?

r September 23, 2017 5:31 AM


Incase you missed out.


Okayokay, anyways my point was more of lets blame less the group where the initiators are concerned and spend more energy on the individuals who caused it. Have you seen my local democrats? Neither side is without fault. I do, appreciate your sympathy n concern brother thanks.

Ps, you gonna do this years challenge?

Ill be watching, last year i think i only saw 2 Michigan people take it.

MarkH September 23, 2017 4:08 PM


I agree with you very strongly, that it’s a mistake — a very common one! — to attribute to malice what can be explained by incompetence. This mistake is at the root of most idiot conspiracy theories, including some propounded by frequent commenters on this blog 🙁

My persistence in hammering my argument, has to do with a deeper truth which I fear is missed by most of us.

When we point to “incompetence” or “benign neglect,” this seems to imply a lesser moral failing than the same damage done in malice.

But these are NOT exclusive categories of explanation.

Many have observed that an active alcoholic, no matter how chaotic his life and extreme his failures of simple functioning, almost ALWAYS gets his drink. This seemingly total incompetent, is in fact competent in at least one area, because that’s what he cares about.

We can say about politicians in general, that they have significant competence, and are rarely neglectful, concerning election and reelection.

And where politicians hew to certain policies and ideologies, the same phenomenon is at work. If your reason for being is to help the wealthy become wealthier, your best attention and competence will be focused in that direction.

The catastrophe in Flint cannot be disconnected, from the vitriolic hatred a certain segment of Americans feels toward the poor.

There was a choice between providing financial support for Flint in its post-apocalypse troubles, versus appointing “managers” to ruthlessly slash city expenditures.

And the water crisis didn’t happen all at once, in the twinkling of an eye. It evolved over time, in distinct stages, with massive citizen complaint. If those citizens had been the kind of people who vote Republican and make GOP campaign donations, would their pleas have been ignored for so many years?

Most people manage to muster at least a little competence, in the areas that are deeply important to them.

From people who think of the poor as a kind of dirt to be scraped off the soles of their shoes, exercise of competence on their behalf is hardly to be expected.

MarkH September 26, 2017 12:16 PM


It’s happening again, on a far worse scale, even as I write this.

About 3,500,000 Americans are facing an acute humanitarian crisis. At least 2,000,000 of them have NO POTABLE WATER SUPPLY.

Their electrical power grid is dead, and not expected to be fully restored for months. It’s difficult even to understand how bad conditions are, because there are no functioning telecommunications on most of their territory.

If they were pasty-faced high-income white people, the Federal Government — with GOP domination in the Executive, both houses of Congress, and even the Supreme Court — would be loudly proclaiming that this is the most severe crisis in American history!

But the Americans who are suffering are mostly poor.

And they have too much pigment in their skin.

Woe, woe to them.

Nick P September 27, 2017 10:00 AM

@ MarkH
(all re political arguments)

“If they were pasty-faced high-income white people… But the Americans who are suffering are mostly poor. And they have too much pigment in their skin. Woe, woe to them.”

Another reason I don’t like politics here as people’s biases distort their vision. You mention one side but not the other. Typical of such bias. During Katrina, almost all the media coverage and FEMA response was about New Orleans. Such a tragedy for the black community if watching any liberal media and a lot of conservative media, too. David Wong wrote about that saying this: “Kind of weird that a big hurricane hundreds of miles across managed to snipe one specific city and avoid everything else. To watch the news (or the multiple movies and TV shows about it), you’d barely hear about how the storm utterly steamrolled rural Mississippi, killing 238 people and doing an astounding $125 billion in damage.”

I remember that. I was in West Tennessee. We had refugees coming in from many places with most from Mississippi, not Louisiana. Lots of devastation with many being farmers wondering if they’d ever have a future. The locals, ranging from churches to private individuals, were taking care of the Mississippi refugees letting them stay in stores and extra rooms. The black-focused media didn’t give a damn about them. They were sub-human. Their conversations were all about one city with one color of people: black people. Their people. If those blacks got a bad response, that was major evidence of the worst kind of racism. If a whole state of half white & black was ignored, that’s evidence of nothing that’s not even worth covering or discussing. A number of blacks and white liberals even told me in comments online and in person that only a racist would be bringing that up trying to distract from the evils afflicting black people in America. (Huh?)

Such is political discourse on race and other hotbutton topics. I’m just using that one as an example as bias was ultra-clear. People discussing politics here will rarely be neutral reporters covering full picture. They’ll usually be from one side or another citing the view from their biased, media sources. They’ll argue past each other citing the same or warping other side’s arguments with “but…” Walls of text will form on this site. Rational readers will learn nothing useful since they’d have to fact check possibly dozens of claims in walls of text before believing any of them. They’ll skip a bunch since that takes a lot of time. The result is that at best politics on this blog will fuel different forms of ignorance in the general case.

So, I’d rather anyone talking all these politics refrain from it on this forum to focus on security news. The closest thing to politics we should be discussing is mitigations to a specific law being passed such as the Patriot Act. Then, quality of discourse goes back up.

Moderator September 27, 2017 1:32 PM

@Clive, agreed, disengagement from this conversation is a good idea. @Ratio and @MarkH, please do the same.

@All, discouraging off-topic political debate and polemic is one way we’re trying to reduce toxicity in this blog’s comments section. So let’s keep the focus here on security.

Moderator September 27, 2017 4:22 PM

All comments pertaining to the Catalan election have been removed; this conversation does not need to be saved for posterity.

Ratio September 27, 2017 7:47 PM


I’m baffled. Why would I, or anyone else, bother responding in a reasoned and civil manner (e.g., without resorting to ad hominem), using verifiable data (complete with sources) to comments even when they lack one or more of these characteristics if this is what happens? Responding in kind is easier and faster, after all, and there appears to be no downside. The incentives are completely backwards in this respect.

I sincerely hope you and our host succeed in raising the level of discourse and reducing toxicity of what’s still described as a lively and intelligent comment section, but I must admit I’m starting to loose faith.

I’ll take time off and see how it all plays out.

MarkH September 28, 2017 4:50 PM

@Nick P:

I guess my news sources are different. Unlike you, I distinctly recall detailed press coverage of the devastation in Mississippi.

Somewhere, there’s a dividing line between politics and policy, and I regret treading on it.

Studies of the demographics of natural disasters reportedly show that the elderly, poor and sick die in great disproportion to the average of the population.

Government policy can go far to alleviate that. To use the example you offered, a concentrated deployment of government resources might have had the potential to save far more lives in the city of New Orleans, as compared to the relatively vast area of the Mississippi gulf counties with their more dispersed populace.

We often devote great attention here to threats and vulnerabilities that are of a hypothetical nature, or from which no concrete harm has yet been discovered.

If actual causes of mass-scale loss, suffering and death — and what can be done to reduce their danger — don’t come into the domain of security, then …

… what on Earth does “security” even mean?

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.