Friday Squid Blogging: A Squid-Related Vacation Tour in Hawaii

You can hunt for the Hawaiian bobtail squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on March 15, 2019 at 4:24 PM • 46 Comments

Comments

Sherman JerroldMarch 15, 2019 6:48 PM

The article below points out a lot of security and transparency conundrums throughout the u.s.:

https://www.eff.org/deeplinks/2019/03/foilies-2019

That organization, EFF, is deeply involved in trying to restore Net Neutrality in the u.s., which is intrinsically about protecting privacy and security AND preventing huge ISP corporations from censoring and throttling the internet for us poor slobs in the u.s. who pay WAY too much for mediocre internet access. And many in the u.s. still don't have any access that they can afford. As well as the likelihood that the ISPs are now (or soon will be) monetizing the user data they 'hoover-up'.

Privacy? Security? what quaint terms, not applicable anymore.

Ismar March 15, 2019 7:53 PM

A network of popular Facebook pages that have built large audiences catering to Australians agitated over hot button issues is under the control of trolls and scammers from the Balkans, an ABC investigation reveals.

This is the type of poison people like Christchurch shooting terrorists ready to get themselves indoctrinated enough to commit these despicable acts.

Facebook shares part of the responsibility by providing their far-reaching platform to spread their propaganda.

Sent from my phone

Gunter KönigsmannMarch 16, 2019 1:13 AM

Practical question/did post it on the wrong article first: My Firefox on Android (no add-ons) from time to time requests permission to record audio without telling why. This only happens on IT news sites that contain ads.
In the source code of the web page itself I don't see anything strange in these cases. Is there any way to debug that? The last time it happened was the "the verge" link above, but other websites like heise.de and golem.de are affected, too.

The program will request the permission only a while after the page shows on the screen, often does do so again when I switch to a different tab and switch back. It stops happening if I reload the page. On pages that load images only when you scroll down far enough to reach them scrolling down isn't necessary to trigger the request. And if doesn't matter if I am on WiFi or on mobile data nor does turning off images in the "advanced" preferences menu seem to change the chance of getting the request.

mod7March 16, 2019 6:50 AM

@SenateHearing: GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation

Twenty Years for Truth
After two decades of being bamboozled, In Senate testimony Will DeVries, senior privacy counsel for Google was forced to admit that Google tracks your location every four minutes(!) even when the Android owner has ALL location tracking turned off.
Google claims if we turned those off, your phone wouldn’t work like you’d expect," adding that the operational aspects of it are ‘complicated’ (nonsense, as smart owners only to turn on GPS when THEY need it).

But Senator Hawley wasn't satisfied with that. “It’s NOT complicated," he said. "What’s complicated is you don’t allow consumers to stop your tracking of them." [1]
"Here is my basic concern: Americans have not signed up for this, they think the products you’re offering are free; they’re not free. They think they can opt out; they can’t opt out. It's kind of like that old Eagle's song, 'You can check out any time you like, but you can never leave.' And that’s a problem for the American consumer; it’s a real problem.
And for somebody who has two small kids at home, the idea that your company and others like it will sweep up information to build a user profile on them that will track every step, every movement and monetize[2] that, and they can't do anything about it, and I can't do anything about it, that’s a big problem this Congress needs to address."[3]
https://iapp.org/news/a/at-hearing-us-senate-wants-answers-on-location-tracking-opt-in-consent/

Logically Android owners (especially our children) are entitled to seek class action damages and erasure of ill-gotten gains.
However don’t expect help from the Trump administration who has made a pact with the Devil[4] in allow the omnipresent tracking to continue unabated. Everything is a lie[5].

[1] the EU 4% fine is actually too small to fit this long-term worldwide transgression

[2] At age thirteen Google pressures children to release their highly sensitive educational dossier to advertisers and everyone else who pays. This practice is highly discriminatory as the poorer school district, the more likely they depend upon Google Classroom screens

[3] Big-data controlled news is proven biased, as this deceptive racking story was NOT published by the Google dependent news and tech outlets. The silence of the press is deafening!

[4] Data-mining engineers are very expensive. No wonder ad-blockers being designed-out of the Chrome browser. Or taxpayer funded web sites being blocked if Google can’t fingerprint citizens

[5] The Trump administration again views Silicon Valley as a proven 2020 reelection tool. The two sides may hate each other publicly but only has the awesome and unique POWER protect the other. To survive they have no choice but to work together

Another MouseMarch 16, 2019 1:14 PM

@Gunther i gave up on those pages, I'm only surfing on golem with Firefox focus, even this is showing that it's blocking more than 100 trackers, if you keep the page open for a while

1&1~=UmmMarch 16, 2019 7:49 PM

BitCoin by Ham Radio

https://news.bitcoin.com/no-internet-no-problem-how-to-send-bitcoin-by-amateur-radio/

This should make more than a few people who know anything about the practical realities laugh. It's not even half baked by a long way.

In amateur radio there is a quite new digital mode called JS8Call. It's based on something that has been more than a bone of contention in amateur radio called FT8. They along with several other WSPR modes alow very low signal to noise communications (about -30dB on the average CW / SSB receiver noise floor). The price you pay for this below the noise floor communications is it's incredibly narrow bandwidth.

As your data rate is in effect the inverse of your bandwidth this makes these modes slow, almost glacialy slow. So slow in fact you can go away and make a cup of coffee in the length of time it takes for two parties to exchange their call signs and Maidenhead locators. Which is why FT8 is kind of designed to run in that way. In fact you can with a few fiddles get it to 'Chase the DXCC for you in a day, whilst you are away at play' which obviously upsets those who have spent years doing it the more traditional way by 'key or voice'.

Well a group of European based Amateurs have reworked the effectively non interactive FT8 base system into something a little more interactive it was called FT8Call but is now JS8Call and if you look up OH8STN (survival Tech Nord) he has some instructables and YouTube vids on using this new experimental mode, for EmCom Prepping.

Now for some reason I can not fathom somebody has got the 'doomsday prepper' Stuf Hits The Fan (SHTF) type twitches about fiat currancies will disappear tomorrow or next week latest, and it won't be safe to move gold, diamonds or even base metals like nickle. And as a result has decided that the Internet will be gone as well, along with the now value less back pocket folding paper beer vouchers... It's funny how many preppers assume that mobile phones will still work even though the world has gone so bad they are planning on living in a hidden hole and cook caned food over a candle, and recycle their urine with reverse osmotic pumps etc. This is the 'first world' where the 'first thing to go' will be our aging infrastructure and what is built upon it, so 5G to No G in however long it takes the first battery backup to fail.

So these twitchy preppers argue there must be some kind of replacment for both fiat currency and the way to use it at distance... and as they have vaguely heard of commercial digital radio such as DMR sending data and voice over the air. And of course the get to hear of other 'Ham Digital Modes' and decided that BitCoin and Ham Digital must be a natural marriage... Trust me they are not as the article author aludes to.

BitCoin and reliable amateur HF DX data modes realy are not made to work together especially JS8Call and any kind of mass communications which would be needed for financial services. I won't go into the technical details but the data rate is incredibly slow. Worse the actual short datagram packet rates are based on sending at either 0,15,30,45 seconds past each minute and thus precision time sync will be required as well. Oh and all messages are point to point 'store and forward' which means relaying them is realy realy slow.

Lets put it this way you won't realy be hitting 20wpm on a point to point link. Especially when sending binary numbers which ciphered code effectively is. Because JS8Call uses a compression code system based around alphas just as old Samual Morses code did (which he based on counting the letters in a printers box so 'ETAONIRSH' are the most frequent thus shortest codes). Thus sending binary data incurs a significant time penalty, very significant even with other coding tricks.

But worse still only one transmitter can be up on any given low band HF frequency at any time for hundreds if not thousands of miles in radius. Thus there are very real resource contention issues which reduces the effective data speed even further.

But there are other more human issues. Setting up and running JS8Call is not for the inexperienced at using long haul (DX) HF comms links. Because there is a very great deal to know about propagation and the setting up of antennas, radios, interfaces computers, power supplies etc. All of which have to be 'just right'. Whilst it is getting easier at the computer to transceiver interface side with built in USB CAT/Audio in newer HF Transceivers, that does not solve getting the transceiver Air Interface to work. It is not just something you have to learn you have to be well practiced at, if you want any kind of reliability with your HF comms, because every setup is effectively unique. Especially at these times when sunspots are a real rarity and the MUF is down to the point where 40m (7.5MHz) can be above the MUF and the majority of HF bands are closed. You need not just experience and practice you need to have in depth knowledge of one of the more archaic areas of physics and astronomy. Remember with no Internet you won't get data from Solar observatories and space weather centers, so you will have to know how to do it your self and that's neither easy or fun and involves equipment you won't be able to put on your back or chuck in your SUV.

But there is more... it's known that BitCoin is not exactly quick off the mark with processing transactions... In fact it's so slow alternative payment methods have been sought quite often, which has opened windows for fraud.

JS8Call is even slower than the BitCoin public ledger update, trying to do it across JS8Call will take longer than a few hours, you could be looking at days if not weeks. But also if the SHTF has happened over a wide enough area for this to be needed, then the chances are there will be no 'grid power' so the 'proof of work' is not going to happen anyway and BitCoin mining etc will cease...

If people realy want to do these things they realy need to work out what exactly it is they are trying to do and how thus what is realy involved. No man is an island, and trust is not going to be very high at the best of times, the number of people you would have to get involved to make it all work is not exactly small... That brings in a whole raft of other issues and suddenly runing naked across the battle field holding a couple of gold bricks suddenly looks a whole lot more practical as a proposition to make payments than crypto-currencies and amateure radio below the noise floor HF data modes.

gordoMarch 16, 2019 9:06 PM

Good article.

The People Who Hated the Web Even Before Facebook
As the World Wide Web turns 30, a look back at its early skeptics
Alexis C. Madrigal The Atlantic Mar 15, 2019

Just a few years after the internet’s creation, a vociferous set of critics—most notably in Resisting the Virtual Life, a 1995 anthology published by City Lights Books—rose to challenge the ideas that underlay the technology, as previous groups had done with other, earlier technologies. This wasn’t the humbuggery of Clifford Stoll’s Newsweek essay arguing that the internet basically sucked. These were deeper criticisms about the kind of society that was building the internet, and how the dominant values of that culture, once encoded into the network, would generate new forms of oppression and suffering, at home and abroad.

https://www.theatlantic.com/technology/archive/2019/03/people-who-hated-web-even-before-facebook/584932/

David WalshMarch 16, 2019 10:51 PM

https://www.theguardian.com/culture/2019/mar/16/uk-online-porn-age-verification-launch

Proof of age soon to be legally required for UK pornography sites.
All morals aside. I am sure we can create a reasonably long list of all the things
wrong with this proposal.

The first thing that comes to my mind is economic. It's just going to make another crater in the UK economy as users look elsewhere
Perhaps the government is launching a paid VPN service at the same time

Alyer Babtu March 17, 2019 8:06 AM

@ gordo

The People Who Hated the Web Even Before Facebook

Mr. Madrigal dismisses Clifford Stoll’s Newsweek article, and Stoll himself said he was wrong and embarrassed by it. But Stoll’s comments about the negative effects of the internet on human relations, and teaching, seem to me mostly valid.

albertMarch 17, 2019 11:55 AM

Guys,

The Internet is just a communication technology, nothing more. The telephone had the same effect on the folks who used letter-writing as a communication method. It allowed folks who couldn't read or write* to communicate with others.

The issue is not the tech, it's
1. People who abuse it: i.e., the folks who run GG, FB, TT, and most Internet-connected companies.
2. People who allow themselves to be abused.

That these groups may eventually include most of humanity is sad, but it had to happen, 'cause that's the way we** roll



-----------
* Some wonder whether this is still true today.
** humanity as a group.
. .. . .. --- ....

VinnyGMarch 17, 2019 1:30 PM

@1&1~=Umm re: cryptocurrency & digital ham radio - The very concept that cryptocurrency would enjoy appreciable acceptance in a generalized deep dystopia is ludicrous in and of itself. The remainder of your analysis was very interesting reading (thank you!) but imo superfluous. In such a scenario, barter of useful items would be primary in the marketplace, at least initially. Ultimately a more abstract medium of exchange would evolve (this is required for any meaningful scaling up of trade volumes,) but history strongly suggests that would be something that scored highly on both scarcity and immutability criteria.

VinnyGMarch 17, 2019 1:37 PM

@albert re: internet issues - I think you have those two items ordered incorrectly. The first item cannot exist in the absence of the second, and imo the second group *has* included most of humanity for recorded history. Otherwise I generally agree...

gordoMarch 17, 2019 1:53 PM

@ Alyer Babtu,

Back in its early days the three big uses of the internet/www were email, porn and gaming. In some ways that hasn't changed much, but the general tone of Stoll's article at that time was (mostly) dismissive, i.e., "nothing to see here, move on, etc.", so I get what Madrigal was saying regarding Stoll's 'bah humbug'.

@ Albert,

Your points 1) and 2) were exactly what those early threat-modeler skeptics saw coming. And sure, I agree, "that's the way we** roll", to which I'd add that "we**", also, (mostly) ignore warnings until its unavoidable, i.e., we're harmed and/or there's a mess to clean up. The question now seems to be whether "we**", if not the powers that be, engage in another round of 'wash, rinse, repeat'.

AndersMarch 17, 2019 2:40 PM

Regarding bitcoin and HAM radio:

https://www.coindesk.com/bitcoin-coders-send-international-lightning-payment-over-ham-radio

You don't actually need high bandwidth for the single payment.
But before making the payment you need that the blockchain database
is up to date. Updating that amount of data over the HAM radio
is out of the question, you need to do this with working high
speed internet. But after that for making the payment you
don't need high bandwidth.

Alyer Babtu March 17, 2019 3:27 PM

@albert @gordo

a communication technology, nothing more

Not to rehash Marshall McLuhan and “the medium is the message” too much, but there are important aspects of human communication that seem to be lost or warped by the general internet medium. A kind of malnourishment of the person ensues.

McLuhan would seem to have a claim to 30 years or so priority in “inventing”, and diagnosing the pathologies of, the internet.

My thesis: computer technology is not an unlimited good and has an intrinsically limited domain of proper applicability. Outside that it tends to infantilize its users intellectually and in personal formation. This is true also of any artificial substitute for something given already in nature.

Not a surfing safariMarch 17, 2019 3:43 PM

Squidding Holiday

with apologies to Cliff Richard

We're all goin' on a squidding holiday
We’re in the Tides for a week or two
Fun and laughter on a squidding holiday
No more worries ‘cause we’re in Oahu
For a week or two

We're going where the squid shines brightly
We're going where the sea is blue
We've all seen it on the website
Now let's see if it's true

Etc.

Sherman JerroldMarch 17, 2019 4:51 PM

For over a year a relative of mine held free community computer clinics. He made presentations and created a website all to inform and warn people about dangerous internet activity. However, time and again the same people would come to the clinic, talk about clicking on some ad or opening an E-mail attachment and expect him to 'fix it again'. He finally got so discouraged at having to 'time after time pull their car out of the same ditch he warned them about beforehand' that he quit the clinics, for now.

I know many who contribute here are working on sophisticated and often 'low-level' ways to help bolster computer security for systems and users. And, I think that's wonderful. But, when you give a person a tool, teach them to use it safely and warn them how it can be dangerous, and they still cut their finger off doing just what you warned them about, how can we protect them from their own irresponsible actions?

And I know this will sound insensitive, but, how many times should we try to teach them the same security lessons before we give up?

Ed HurstMarch 17, 2019 5:31 PM

@Sherman Jerrold

I deal with this to some degree, as I run a computer tech support ministry. There is no one single answer for everyone. It depends on your relationship to the person who does that stuff, how you deal with people in general, and what you are trying to accomplish in doing that kind of work. To be honest, I seldom run into people that hard-headed about their own computer safety habits.

That said, I've been known to install various tools that restrict such things for people who just don't get it. I've created a policy-restricted account for one client and kept the admin password on file. I feel not the slightest sense of guilt for it, because they were still able to do everything they needed, and they didn't complain.

David WalshMarch 17, 2019 5:44 PM

Ed Hurst
as I run a computer tech support ministry.

This is a wonderful idea. For the non-agnostic, prayer is probably the only security resource remaining with any potential for the masses.
How's that working out for you?

ps you could probably get a script to automate most of it

MarkHMarch 17, 2019 6:25 PM

A propos of BitCoin via amateur radio:

"Preppers" (a.k.a. survivalists and/or Mormons) are a chronic source of amusement. I'm indebted to Umm...Clive for bringing to my attention their premise that:

(a) some collapse is probable that will render usual currency unusable, and

(b) in the wake of such a collapse, they will be able to use a financial transaction medium which can only function by placing extremely intense demands on infrastructure.

I concede that such coincidence is not provably impossible. Nonetheless, considering the interdependence of governments, monetary systems, and utilities (among other resource vendors), how plausible is it?

Have these guys worked out how much paper, pencils, and person-hours would be needed for a manual BitCoin ledger update?

gordoMarch 17, 2019 7:23 PM

@ Alyer Babtu,

I'm not sure I agree with the last sentence of your thesis (and I may have misunderstood you, but, specifically, the word "any" in "any artificial substitute" gave me pause, see, e.g., prosthetic limbs where the natural limb has either been lost or is missing, but, again, I may have misunderstood you).

Otherwise, I wholly agree with your thesis. And yes, after 30 years, we're seeing how both human growth and competitive business markets can be stunted, the latter of which brought to mind "(the law of) diminishing returns", but applies to human growth as well:

The Limits of Innovation: High Tech’s Diminishing Returns
By Tom Valovic Sep 24, 2018

Over the course of time, it is in the best interests of business to create products and services that resonate harmoniously with the need for more sustainable long term growth that supports the overall quality of life and the broader real-life needs of those who ultimately use those products and services. (last par.)

https://sociable.co/technology/innovation-tech-diminishing-returns/

. . . which leads to public-interest tech, policy and the public good (as in well-being).

Alyer Babtu March 17, 2019 9:25 PM

@gordo

I should have been clearer. As you mention, if nature has failed or been damaged, an artificial substitute is appropriate and good. Or even an artificial enhancement such as an exoskeleton (or supercomputer) might be appropriate in a necessity that exceeds natural limits.There is dignity in an artifact being used in its proper context, but the same thing out of place is a source of decay.

vas pupMarch 17, 2019 10:44 PM

@all (sorry, Clive is not there)

How quantum sensing is changing the way we see the world

https://www.bbc.com/news/business-47294704

"Stealthy detection

Not surprisingly, militaries across the world are also backing research in to quantum sensing.

Gravimeters in particular offer the potential for detecting your opponent's submarines, for instance. Gravity may be a weak force, but you can't shield against it.

So while stealth technology may hide your radar signature, it won't hide you from a quantum gravity sensor.

Last October, scientists at the US Army's RDECOM Research Laboratory in Maryland took a significant step forward in quantum sensing.

They used lasers to boost Rydberg atoms (which are much larger than normal atoms) to unusually high energy levels.

"This greatly increases the atom's sensitivity to electric fields. We've made a giant compass needle that is much more sensitive than conventional ones," says Dr Paul Kunz, part of the research team


Armies will want to detect what electrical devices may be transmitting or receiving data - in other words, "where the good guys and the bad guys are," adds Dr Kevin Cox.

=>>>>Unlike conventional receivers designed to detect signals over a particular frequency in the electromagnetic spectrum, Rydberg atoms are sensitive to a wide range of frequencies.

And as they don't absorb energy from the field that they measure, you can use them to detect signals [!!!}without your opponents realizing.

In short, "quantum technology has the potential to transform the world in ways we can barely imagine," concludes Birmingham University's Prof Bongs."

1&1~=UmmMarch 18, 2019 7:03 AM

@Anders:

"You don't actually need high bandwidth for the single payment."

Which would make the system fairly pointless as well. How many ATM cash withdrawals are made in the US each day?

But also how many 'interbank transfers' across boarders. It's hard to get full figures but we know from some services it's a lot.

JS8Call or 9600 APRS just won't support it. Oh and look at the mess WinLink is making of the HF bands to see that, and that gerdam awful APRS 'bug in your pocket' system that amateurs use to give their location every so often (I'm just thankfull few realise APRS has not only the equivalent of a TXT feature but Email as well).

To make the quivalent of an International Interbank Transaction, you kind of end up needing a banking service. Which in turn needs some kind of effective infrastructure not just for communications, but a Guard Labour force as well. History shows us guard labour ends up becoming a hierarchy which although it might not be a sovereign national government is likely to evolve into a Kingship process which gives you a Government. Because 'he who controls the exchange mechanism, controls the process of exchange beyond that of personal contact'.

Outside of smallish quantities of basic staples barter does not work very well. Look at the cost of even a tent, then think about that in terms of cabbages or fruit, you in effect end up with an 'agent/facilitator market' who will take your field of cabages and barter them with the equivalent of twenty to fifty shops or other known customers, and will ask for a fee of 15-30% if you are lucky. The alternative is you have to sit in a facilitator controled place of sale waiting for customers, thus not only do you have to pay for space, you waste your time hoping some one wants to buy your field of cabages, when you should be clearing ground etc for the next crop to be started etc.

If things get so bad fiat money or base metal tokens dies out, then for the first few years it will be 'the law of the gun' or other weapon untill people organize into communities with sufficient spare capacity to have guard labour etc. The last thing that most will see as having any value is a bunch of bits.

It's what a lot of people forget, value is mainly in the eye of the purchaser, not the seller. Especially when we are talking about totally intangible 'information', the only time that changes is with some form of monopoly and when the purchaser believes they need that particular good or service and that at the time it is the most expedient way to fulfill the need. Even if the need is a speculative one. This is especially true of Crypto-Currencies currently, hence the wild swings in preceived value, which tells you there is no real mainstream use for them. That is the more people who use a method of exchange generally the more stable it's 'real' as opposed to 'fiscal' value is. Generally it's only Governments, banks and investors who want 'fiscal' value as it's inflation against time is to their advantage not those of us who are 'wage surfs' tied into 'inflationary rent seeking' with which we generaly can not keep up.

1&1~=UmmMarch 18, 2019 7:49 AM

@vas pup:

"And as they don't absorb energy from the field that they measure, you can use them to detect signals without your opponents realizing."

That will upset a few people who believe rightly or wrongly that the transfer of 'information' requires the use of forces on energy or matter...

I suspect a little bit of journalistic licence / understanding is involved ;-)

But also people are not thinking about the problem. Gravity is caused by mass. When you are close to the mass as in standing on earth, contrary to popular belief gravity is not straight down...

If you are at the junction of hard high density rock and soft low density rock then your gravitational measurment will tilt towards the hard rock. Likewise if you are standing next to a cliff or mountain.

Thus what you are measuring is in part based on density and it's location and in part on the vector sum of all mass within range of your instrument's sensitivity. The greater the sensitivity the more density variation will effect your close to noise floor readings.

Thus that 2m wide well shaft could be hidden by giving it a shaped lid of the right density material to such that the density signal heads towards the noise floor.

Oh in the UK back in the 1970's a prof built a high density metal pendulum that was mounted in such a way that it formed two capacitors, one on the left of the swing the other on the right. These obviously like a seesaw went up and down proportional to the angle of the swing. This was used as one arm in a 'bridge circuit' and was very sensitive. So much so it could detect the movment of the moon via the movment of water in the see some thirty odd miles away, but it could also detect the mass change of the night security gaurd walking on his patrol around the laboratory complex that had floors that were atleast 2meter thick single pour reinforced concreate.

The problem with the instrument was two fold 1, swing damping and 2, low bandwidth due to trying to reduce the instrument noise floor.

I thus suspect that whilst these things will make good 'science day projects' getting a sufficiently low noise floor will make them very slow to use in real life usage.

VinnyGMarch 18, 2019 9:49 AM

@1&1~=Umm re: "law of the gun" - I think it is debatable whether a barter market or the law you cited would be the primary strategy employed for procuring and distributing the necessities of life in the postulated situation. That would imo depend very much on the specific scarcities and the specific individuals and communities seeking the scarce items. Anyone who needed to feed a family and had nothing to trade for food would quickly resort to theft, and possibly force. Unfortunately, for some, theft by force would be the default tactic. Certainly, force would be in play to some degree: whether to enforce theft, or to resist it.
@Mark H et al
I agree with some of the posted thoughts here mocking the "survivalist" movement and its self-proclaimed experts, as many who set themselves up as on-line authorities in "survival" are naught but posers with little to offer but laughable and ludicrous advice (not exclusively the province of "survivalists";>) However, I also find some of the thoughts posted in this thread that seem to reflect a belief that our current systems and institutions are so deep and robust as to be completely immune to catastrophic failure to be at least as ludicrous. Ample evidence contrary to that proposition that is regularly posted to this blog...

MarkHMarch 18, 2019 10:19 AM

@VinnyG:

I don't dispute the first premise (that there is non-trivial risk of collapse).

Where the foolishness comes in, is failure to comprehend how bad it would be, and how useless the "prep" would be in its face.

Probably most people, when imagining a tsunami, think of it in terms of a swimming pool, or experiences of going into the sea with some high waves, or even surfers riding down a seeming mountain of water.

The reality of a large tsunami, is finding in its aftermath human bones from which all flesh was stripped clean by the titanic force of thousands of tons of fast-moving water.

The "prep" of these "preppers" is like putting on a snorkel to save oneself from a tsunami.

But of course, their actions neither correspond to reality, nor is that even the purpose. It's a magical ritual by which they attempt to manage their fears about things beyond their control.

In that respect, making fantasy preparations for some imagined calamity may well be functional as a means of coping with anxiety. But probably investing in the stability of civilizational infrastructure -- for example, by casting their electoral ballots for people who can rationally respond to the greatest challenges -- would be vastly more useful.

Bob PaddockMarch 18, 2019 12:22 PM

@1&1~=Umm

"So much so it could detect the movement of the moon via the movement of water in the see some thirty odd miles away, but it could also detect the mass change of the night security guard walking on his patrol around the laboratory complex..."


In a Government, cost is no object for environmental isolation, experiment they found they were actually measuring an elevator in a building two blocks away.

1&1~=UmmMarch 18, 2019 4:24 PM

@VinnyG:

"The remainder of your analysis was very interesting reading (thank you!) but imo superfluous."

The problem is I don't know how educatrd or thoughtfull the many readers of this blog are.

Thus as you appreciate most of the problem areas I suspect from some experience many don't.

So it's a bit like telling jokes, if I ask a bunch of physics grads 'why did the cat slide of the roof' they get the 'because it had to little mew', but most others would give you a blank look. Likewise the mathmatical joke with 'Oh plus a constant' punch line.

The audiance here is broad and I like as many as possible to grok what I'm getting at because hopefully it will give them a little 'sixth sense' feeling that could save them a lot of pain in their future.

1&1~=UmmMarch 18, 2019 5:10 PM

@Sherman Jerrold:

"and they still cut their finger off doing just what you warned them about, how can we protect them from their own irresponsible actions?"

'With freedom comes the responsability to behave responsibly, to stand on ones own feet firmly' Also adults should 'live to learn, not learn to live' after the foundations have been taught to them.

You personaly owe them nothing unless you were paid to provide them with the fundemental information requested and methods to apply it and did not do so.

Many forget or do not care that teaching and learning is actually the responsability of both parties. The teacher to be clear and show how to apply the information so it becomes knowledge. The pupil the desire and ability to take the information and follow the methods shown to them. Thus be able to apply not just the information but the methods, in a way that makes it possible to apply not just the information given, but future information as well, to turn both not just into knowledge but practically apply it, such that it has real value for them and others.

Don't get hung up on the fact that despite your efforts to impart knowledge you have failed, unless you have good reason to believe you have not behaved responsibly. At the end of the day even the brightest of people will not be able to turn all information into knowledge, my inability to play stringed instruments to an acceptable level is not for want of information or effort in applying it, my meat hook fingers just don't want to play :-(

1&1~=UmmMarch 18, 2019 8:27 PM

@ Bob Paddock,

"In a Government, cost is no object for environmental isolation, experiment they found they were actually measuring an elevator in a building two blocks away."

Yup the Gov is never frightened to spend other peoples money extorted from not those at the 'cap stone' of the wealth pyramid, but every layer they can below that, hence the 'wage slaves' are paying for the guard labour they are threatened by, such is the nature of power.

As for measuring an elevator / lift* a half mile or so away, you don't say how they were detected. However over nearly a century and a half, there are all sorts of ways they have been a problem by radiating and conducting out energy that has anounced their presence loud, clear.

I regularly have to track down "man made" (QRM) electrical supply and radio frequency noise. People say power transformers are bad for the health, but the fields from modern panel TV's and LED lighting are way way worse, spreading energy much further and in wider bandwidths. As for leaky microwaves lets not go there, they are rare but they do happen, thankfully the wavelength is centimetric so the near field is quite small.

But lifts from the last century many of which are still around used Relay Ladder Logic to switch large contactors controling upwards of three horse power motors. Some of which were DC motors with "smoothing inductance" (more reliable than capacitors). The result when the "Back,EMF" snubber circuit using selenium or copper oxide diodes and dubious early electrolytic cappcitors started to break down is a reasonably high power spark transmitter. The range of which depended in part on if the motor and controler were at the bottom of the shaft (rarely done after the mid 60's) or at the top of the shaft (the norm untill this century and the return of hydrolic powered elevators). The top of a modern twenty or more story tower block is higher than quite a few antenna masts used for transmitting thus the interference radius can be quite large.

For various reasons few cared or even knew about the radiant energy fields surounding generators, motors and relay control circuits. Even upto the 1960's they were not realy a problem for most people. However in the early 1980's we started getting 'Electromagnetic Compatibility" (EMC) legislation due in most cases to the transistor replacing the thermionic valve/tube. Thus the troublesome receivers changed from being dining / parlor room furniture to put in your pocket Japanese battery powered transistor radios. Which for a multitude of reasons realy did not like man made electrical or magnetic field noise.

But even with what some consider draconian EMC legislation the interfetence problem of man made electrical and magnetic fields keeps coming back at us, and 'plant equipment' which lifts are realy part of, are still a major source of man made electrical and magnetic interference, fairly easily detectable at several hundreds of yards if not miles distance, in bad cases of repair and maintenance.

* This is not just a US-v-UK naming difference it actually had to do with a difference in energy sources effecting the design. As some know a number of US Cities had as part of their infrastructute 'hydrolic power' piped around early upto four story business and hotel districts. Back then one of the uses of this power was to 'push up or elevate" the passenger car, hence 'elevator' became a quite common name and fell into general usage. Over in the UK being a maritime nation the pasenger car was pulled up or 'lifted' by some kind of windlass lift mechanism.

Historically the UK lift mechanisms hade been driven by a power source which in some cases were actually water mill, animal or steam powered (with some animals being convicted criminals doing 'hard labour'). This started long before Faraday and others had started in on electricity as anything other than a scientific curiosity (the first but effectively usless motor being a dish of cinnabar derived mercury and a pivot hung wire). However once generators and their inverse motors had reached a usefull stage they quickly started replacing most other forms of 'static' or 'donkey' engine. With the except of those 'primary heat engines' driven by chemical energy such as steam, diesel and gas internal combustion engines that can all be found being used to drive the generators that drive our grids.

Sherman JerroldMarch 19, 2019 12:55 PM

@1&1~=Umm

Thank you. I appreciate your insights (and reinforcement of one concept I and my relative both think is valid regarding who is responsible). We've both always been sensitive to the fact that communication (and, as you pointed out: education) is a two-step process, requiring both clear transmission and thoughtful, understanding reception.

I guess he needs to make a diligent effort once or twice and then find a diplomatic way to decline to try to fix the mess created by repeated ignorant actions. As he is fond of saying: 'Diplomacy is telling someone to go to hell. But, doing it in such a way that they look forward to the trip'.

On another topic, on my two laptops I've noticed that the newer versions of firefox seem to be 'phoning home' every couple of minutes. I've changed all the 'preferences' to limit that, but using the 'about:config" level is difficult. I have read that google is now contributing massively to mozilla and expecting to direct firefox's actions to their own benefit. I really wish there were a simple way for us (as users) to prevent spying. Firewalls, as one partial answer to that, can be very difficult to effectively configure.

Does anyone have any suggestions?

No foil lining my hat yet.

VinnyGMarch 19, 2019 12:56 PM

@Mark H - re: risk of collapse - Thanks for the clarification. I wasn't certain from your post whether or not you had an underlying belief that the system was more or less invulnerable, in aggregate. I hope you were not insulted. I think that we agree on this subject more than disagree.

Sherman JerroldMarch 19, 2019 1:38 PM

@1&1~=Umm and re: to @ Bob Paddock,
I have used an old-fashioned transistor radio to 'snif' radio frequency signals from computers, internet modems, etc. (Usually a dead spot on the a.m. band with the volume at ~80%) The amount of leakage is significant and you can usually hear it change as signals are sent/received. If I remember correctly, the earlier Amana radar-range brand microwave ovens were the only ones that had such good shielding that they didn't require the 'don't stand nearby, this r/f will eventually cook you' warning label.

A 'cautious' friend uses this technique to make sure people have turned their mobile phones off to prevent obnoxious ring-tones from interrupting his presentations.

I suppose that such a receiver could be coupled with some very sophisticated software so that one might decode the signal into meaningful data. I think I've read of similar ideas on Schneier in the past.

FaustusMarch 19, 2019 6:23 PM

Griping about the Government

I'm always griping about the government stealing money and how big business does it better. Then I come across the Aurora super computer at Argonne National Labs https://www.technologyreview.com/the-download/613140/the-us-is-building-a-500m-exascale-computer-that-will-be-the-worlds-most/ and I have to say: ALL RIGHT!!

Could it be the government is doing good things and KEEPING IT SECRET? Maybe they are afraid that Billy-Barbara-Bob is going to look at his/her TV screen and say: Where's mine? Why is the government improving the world when I need more beer?

I searched "great government projects" and most of the results are old or in Asian dictatorships! This is interesting however: https://www.americanprogress.org/issues/economy/reports/2012/01/06/10930/top-10-u-s-government-investments-in-20th-century-american-competitiveness/ It is the history of a century of smart US government investments... Petering off into nothing in the last 20 years.

What is up with us? If we are going to hate billionaires and big corporations who is going to feed the engines of progress? The government must be doing some good, no? Why not tell us about it?

gordoMarch 19, 2019 9:45 PM

Re: Australian 'Assistance and Access' law:

Only politicians get exemption from encryption law
The Federal Government's encryption law spreads its net far and wide in society, but exempts one class of person — politicians — from its tentacles, according to an analysis of the law by lawyer and consultant Matthew Shearing.
by Sam Varghese ITWire 20 March 2019

"While the rest of the Australia (and in many cases, the world) is subject to the new legislation, the only people who are expressly excluded from everything in the Bill are the very people who rushed it through Parliament in the first place – the politicians."

https://www.itwire.com/government-tech-policy/86417-only-politicians-get-exemption-from-encryption-law.html

Also, from another article linked by Varghese, on Shearing's analysis, is this gem:

MPs excluded from encryption laws
by James Riley Innovation.Aus March 19, 2019

The TCN should give tech companies plenty of pause for thought, particularly where a potential vulnerability is introduced to a product that eventually has a downstream impact on customers. Liability has the potential to be become problematic indeed.


“When things go wrong and an incident occurs which affects your clients or customers, they’ll likely assume you didn’t implement sufficient security measures to protect their data and commence legal proceedings,” Mr Shearing said.

“Tucked away in the [legislation] is an ‘immunity’ provision which states that a provider (and their employees or agents) can’t be held liable by a third party for anything done to comply with a TAN or TCN.

There are obvious difficulties with this defence, most notably because if a breach or theft occurs you can’t go public and blame the notice – because that would breach the secrecy provisions of the legislation.

https://www.innovationaus.com/2019/03/MPs-excluded-from-encryption-laws

Rach El March 19, 2019 11:04 PM

1&1~=Umm

Likewise the mathmatical joke with 'Oh plus a constant' punch line.

I was going to tell you a joke about Sodium Chloride.
But then I then thought, Na


kee netheryMarch 19, 2019 11:14 PM

Process Control malware (Triton) can be deadly if desired.

Most controllers manipulate actuators; valves, motors, stuff that moves. Most controllers have a Fail Open or Fail Closed configuration. If the entire system goes down, what is the safe setting for that output? Fuel valve: Fail Closed. Water for fire suppression valve: Fail Open. A human sets this so that if the plant is losing power, everything shuts down safely.

Most controllers also have actuator limit stops. This motor should never exceed 70%, or go below 20%. This fuel valve should never open more than 50%.

These parameters are configured into the process controllers.

Malware can look at the Fail Open / Fail Closed configuration and then mess with the limit stops to create a situation that is deadly.

For example, Hydrogen Sulfide is a deadly gas (H2S). In a refinery, mostly it goes to a flare and gets burned. Imagine my malware opens the flare fuel valve which is normally Fail Closed to 100% and sets the low limit stop at 99% so that a human operator cannot close the valve. Imagine the flare air valve, normally Fail Open, is set to 0% and the high limit stop is set to 1%. All fuel, no air kills the flare and starts releasing fuel into the atmosphere which eventually is going to ignite and create an air burst. Now imagine this flare burns H2S and the H2S value (Fail Closed), is set to 100% open with a low limit stop of 99%.

Just those three valves pegged to the opposite of what is safe will flood the area with H2S (killing workers and people in the community) and then eventually the fuel in the atmosphere will ignite creating an air burst that could easily destroy a community. That is just three valves connected to controllers that malware can read their configs and set to the opposite without a clue what they do.

Now imagine every process controller in a chemical plant or factory set this way by malware all at once. The malware creators don't need to know anything about the facility being attacked. The controllers contain all the information the malware needs to know how to destroy everything.

Connecting industrial process controllers to the internet is a nightmare waiting to happen.

1&1~=UmmMarch 20, 2019 9:57 AM

@Rach El:

"But then I then thought, Na"

+1,

Ahh groan worthy jokes are the very salt of the earth ;-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.