Friday Squid Blogging: A Squid-Related Vacation Tour in Hawaii

You can hunt for the Hawaiian bobtail squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on March 15, 2019 at 4:24 PM • 55 Comments


Sherman JerroldMarch 15, 2019 6:48 PM

The article below points out a lot of security and transparency conundrums throughout the u.s.:

That organization, EFF, is deeply involved in trying to restore Net Neutrality in the u.s., which is intrinsically about protecting privacy and security AND preventing huge ISP corporations from censoring and throttling the internet for us poor slobs in the u.s. who pay WAY too much for mediocre internet access. And many in the u.s. still don't have any access that they can afford. As well as the likelihood that the ISPs are now (or soon will be) monetizing the user data they 'hoover-up'.

Privacy? Security? what quaint terms, not applicable anymore.

Ismar March 15, 2019 7:53 PM

A network of popular Facebook pages that have built large audiences catering to Australians agitated over hot button issues is under the control of trolls and scammers from the Balkans, an ABC investigation reveals.

This is the type of poison people like Christchurch shooting terrorists ready to get themselves indoctrinated enough to commit these despicable acts.

Facebook shares part of the responsibility by providing their far-reaching platform to spread their propaganda.

Sent from my phone

Gunter KönigsmannMarch 16, 2019 1:13 AM

Practical question/did post it on the wrong article first: My Firefox on Android (no add-ons) from time to time requests permission to record audio without telling why. This only happens on IT news sites that contain ads.
In the source code of the web page itself I don't see anything strange in these cases. Is there any way to debug that? The last time it happened was the "the verge" link above, but other websites like and are affected, too.

The program will request the permission only a while after the page shows on the screen, often does do so again when I switch to a different tab and switch back. It stops happening if I reload the page. On pages that load images only when you scroll down far enough to reach them scrolling down isn't necessary to trigger the request. And if doesn't matter if I am on WiFi or on mobile data nor does turning off images in the "advanced" preferences menu seem to change the chance of getting the request.

mod7March 16, 2019 6:50 AM

@SenateHearing: GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation

Twenty Years for Truth
After two decades of being bamboozled, In Senate testimony Will DeVries, senior privacy counsel for Google was forced to admit that Google tracks your location every four minutes(!) even when the Android owner has ALL location tracking turned off.
Google claims if we turned those off, your phone wouldn’t work like you’d expect," adding that the operational aspects of it are ‘complicated’ (nonsense, as smart owners only to turn on GPS when THEY need it).

But Senator Hawley wasn't satisfied with that. “It’s NOT complicated," he said. "What’s complicated is you don’t allow consumers to stop your tracking of them." [1]
"Here is my basic concern: Americans have not signed up for this, they think the products you’re offering are free; they’re not free. They think they can opt out; they can’t opt out. It's kind of like that old Eagle's song, 'You can check out any time you like, but you can never leave.' And that’s a problem for the American consumer; it’s a real problem.
And for somebody who has two small kids at home, the idea that your company and others like it will sweep up information to build a user profile on them that will track every step, every movement and monetize[2] that, and they can't do anything about it, and I can't do anything about it, that’s a big problem this Congress needs to address."[3]

Logically Android owners (especially our children) are entitled to seek class action damages and erasure of ill-gotten gains.
However don’t expect help from the Trump administration who has made a pact with the Devil[4] in allow the omnipresent tracking to continue unabated. Everything is a lie[5].

[1] the EU 4% fine is actually too small to fit this long-term worldwide transgression

[2] At age thirteen Google pressures children to release their highly sensitive educational dossier to advertisers and everyone else who pays. This practice is highly discriminatory as the poorer school district, the more likely they depend upon Google Classroom screens

[3] Big-data controlled news is proven biased, as this deceptive racking story was NOT published by the Google dependent news and tech outlets. The silence of the press is deafening!

[4] Data-mining engineers are very expensive. No wonder ad-blockers being designed-out of the Chrome browser. Or taxpayer funded web sites being blocked if Google can’t fingerprint citizens

[5] The Trump administration again views Silicon Valley as a proven 2020 reelection tool. The two sides may hate each other publicly but only has the awesome and unique POWER protect the other. To survive they have no choice but to work together

Another MouseMarch 16, 2019 1:14 PM

@Gunther i gave up on those pages, I'm only surfing on golem with Firefox focus, even this is showing that it's blocking more than 100 trackers, if you keep the page open for a while

1&1~=UmmMarch 16, 2019 7:49 PM

BitCoin by Ham Radio

This should make more than a few people who know anything about the practical realities laugh. It's not even half baked by a long way.

In amateur radio there is a quite new digital mode called JS8Call. It's based on something that has been more than a bone of contention in amateur radio called FT8. They along with several other WSPR modes alow very low signal to noise communications (about -30dB on the average CW / SSB receiver noise floor). The price you pay for this below the noise floor communications is it's incredibly narrow bandwidth.

As your data rate is in effect the inverse of your bandwidth this makes these modes slow, almost glacialy slow. So slow in fact you can go away and make a cup of coffee in the length of time it takes for two parties to exchange their call signs and Maidenhead locators. Which is why FT8 is kind of designed to run in that way. In fact you can with a few fiddles get it to 'Chase the DXCC for you in a day, whilst you are away at play' which obviously upsets those who have spent years doing it the more traditional way by 'key or voice'.

Well a group of European based Amateurs have reworked the effectively non interactive FT8 base system into something a little more interactive it was called FT8Call but is now JS8Call and if you look up OH8STN (survival Tech Nord) he has some instructables and YouTube vids on using this new experimental mode, for EmCom Prepping.

Now for some reason I can not fathom somebody has got the 'doomsday prepper' Stuf Hits The Fan (SHTF) type twitches about fiat currancies will disappear tomorrow or next week latest, and it won't be safe to move gold, diamonds or even base metals like nickle. And as a result has decided that the Internet will be gone as well, along with the now value less back pocket folding paper beer vouchers... It's funny how many preppers assume that mobile phones will still work even though the world has gone so bad they are planning on living in a hidden hole and cook caned food over a candle, and recycle their urine with reverse osmotic pumps etc. This is the 'first world' where the 'first thing to go' will be our aging infrastructure and what is built upon it, so 5G to No G in however long it takes the first battery backup to fail.

So these twitchy preppers argue there must be some kind of replacment for both fiat currency and the way to use it at distance... and as they have vaguely heard of commercial digital radio such as DMR sending data and voice over the air. And of course the get to hear of other 'Ham Digital Modes' and decided that BitCoin and Ham Digital must be a natural marriage... Trust me they are not as the article author aludes to.

BitCoin and reliable amateur HF DX data modes realy are not made to work together especially JS8Call and any kind of mass communications which would be needed for financial services. I won't go into the technical details but the data rate is incredibly slow. Worse the actual short datagram packet rates are based on sending at either 0,15,30,45 seconds past each minute and thus precision time sync will be required as well. Oh and all messages are point to point 'store and forward' which means relaying them is realy realy slow.

Lets put it this way you won't realy be hitting 20wpm on a point to point link. Especially when sending binary numbers which ciphered code effectively is. Because JS8Call uses a compression code system based around alphas just as old Samual Morses code did (which he based on counting the letters in a printers box so 'ETAONIRSH' are the most frequent thus shortest codes). Thus sending binary data incurs a significant time penalty, very significant even with other coding tricks.

But worse still only one transmitter can be up on any given low band HF frequency at any time for hundreds if not thousands of miles in radius. Thus there are very real resource contention issues which reduces the effective data speed even further.

But there are other more human issues. Setting up and running JS8Call is not for the inexperienced at using long haul (DX) HF comms links. Because there is a very great deal to know about propagation and the setting up of antennas, radios, interfaces computers, power supplies etc. All of which have to be 'just right'. Whilst it is getting easier at the computer to transceiver interface side with built in USB CAT/Audio in newer HF Transceivers, that does not solve getting the transceiver Air Interface to work. It is not just something you have to learn you have to be well practiced at, if you want any kind of reliability with your HF comms, because every setup is effectively unique. Especially at these times when sunspots are a real rarity and the MUF is down to the point where 40m (7.5MHz) can be above the MUF and the majority of HF bands are closed. You need not just experience and practice you need to have in depth knowledge of one of the more archaic areas of physics and astronomy. Remember with no Internet you won't get data from Solar observatories and space weather centers, so you will have to know how to do it your self and that's neither easy or fun and involves equipment you won't be able to put on your back or chuck in your SUV.

But there is more... it's known that BitCoin is not exactly quick off the mark with processing transactions... In fact it's so slow alternative payment methods have been sought quite often, which has opened windows for fraud.

JS8Call is even slower than the BitCoin public ledger update, trying to do it across JS8Call will take longer than a few hours, you could be looking at days if not weeks. But also if the SHTF has happened over a wide enough area for this to be needed, then the chances are there will be no 'grid power' so the 'proof of work' is not going to happen anyway and BitCoin mining etc will cease...

If people realy want to do these things they realy need to work out what exactly it is they are trying to do and how thus what is realy involved. No man is an island, and trust is not going to be very high at the best of times, the number of people you would have to get involved to make it all work is not exactly small... That brings in a whole raft of other issues and suddenly runing naked across the battle field holding a couple of gold bricks suddenly looks a whole lot more practical as a proposition to make payments than crypto-currencies and amateure radio below the noise floor HF data modes.

gordoMarch 16, 2019 9:06 PM

Good article.

The People Who Hated the Web Even Before Facebook
As the World Wide Web turns 30, a look back at its early skeptics
Alexis C. Madrigal The Atlantic Mar 15, 2019

Just a few years after the internet’s creation, a vociferous set of critics—most notably in Resisting the Virtual Life, a 1995 anthology published by City Lights Books—rose to challenge the ideas that underlay the technology, as previous groups had done with other, earlier technologies. This wasn’t the humbuggery of Clifford Stoll’s Newsweek essay arguing that the internet basically sucked. These were deeper criticisms about the kind of society that was building the internet, and how the dominant values of that culture, once encoded into the network, would generate new forms of oppression and suffering, at home and abroad.

David WalshMarch 16, 2019 10:51 PM

Proof of age soon to be legally required for UK pornography sites.
All morals aside. I am sure we can create a reasonably long list of all the things
wrong with this proposal.

The first thing that comes to my mind is economic. It's just going to make another crater in the UK economy as users look elsewhere
Perhaps the government is launching a paid VPN service at the same time

Alyer Babtu March 17, 2019 8:06 AM

@ gordo

The People Who Hated the Web Even Before Facebook

Mr. Madrigal dismisses Clifford Stoll’s Newsweek article, and Stoll himself said he was wrong and embarrassed by it. But Stoll’s comments about the negative effects of the internet on human relations, and teaching, seem to me mostly valid.

albertMarch 17, 2019 11:55 AM


The Internet is just a communication technology, nothing more. The telephone had the same effect on the folks who used letter-writing as a communication method. It allowed folks who couldn't read or write* to communicate with others.

The issue is not the tech, it's
1. People who abuse it: i.e., the folks who run GG, FB, TT, and most Internet-connected companies.
2. People who allow themselves to be abused.

That these groups may eventually include most of humanity is sad, but it had to happen, 'cause that's the way we** roll

* Some wonder whether this is still true today.
** humanity as a group.
. .. . .. --- ....

VinnyGMarch 17, 2019 1:30 PM

@1&1~=Umm re: cryptocurrency & digital ham radio - The very concept that cryptocurrency would enjoy appreciable acceptance in a generalized deep dystopia is ludicrous in and of itself. The remainder of your analysis was very interesting reading (thank you!) but imo superfluous. In such a scenario, barter of useful items would be primary in the marketplace, at least initially. Ultimately a more abstract medium of exchange would evolve (this is required for any meaningful scaling up of trade volumes,) but history strongly suggests that would be something that scored highly on both scarcity and immutability criteria.

VinnyGMarch 17, 2019 1:37 PM

@albert re: internet issues - I think you have those two items ordered incorrectly. The first item cannot exist in the absence of the second, and imo the second group *has* included most of humanity for recorded history. Otherwise I generally agree...

gordoMarch 17, 2019 1:53 PM

@ Alyer Babtu,

Back in its early days the three big uses of the internet/www were email, porn and gaming. In some ways that hasn't changed much, but the general tone of Stoll's article at that time was (mostly) dismissive, i.e., "nothing to see here, move on, etc.", so I get what Madrigal was saying regarding Stoll's 'bah humbug'.

@ Albert,

Your points 1) and 2) were exactly what those early threat-modeler skeptics saw coming. And sure, I agree, "that's the way we** roll", to which I'd add that "we**", also, (mostly) ignore warnings until its unavoidable, i.e., we're harmed and/or there's a mess to clean up. The question now seems to be whether "we**", if not the powers that be, engage in another round of 'wash, rinse, repeat'.

AndersMarch 17, 2019 2:40 PM

Regarding bitcoin and HAM radio:

You don't actually need high bandwidth for the single payment.
But before making the payment you need that the blockchain database
is up to date. Updating that amount of data over the HAM radio
is out of the question, you need to do this with working high
speed internet. But after that for making the payment you
don't need high bandwidth.

Alyer Babtu March 17, 2019 3:27 PM

@albert @gordo

a communication technology, nothing more

Not to rehash Marshall McLuhan and “the medium is the message” too much, but there are important aspects of human communication that seem to be lost or warped by the general internet medium. A kind of malnourishment of the person ensues.

McLuhan would seem to have a claim to 30 years or so priority in “inventing”, and diagnosing the pathologies of, the internet.

My thesis: computer technology is not an unlimited good and has an intrinsically limited domain of proper applicability. Outside that it tends to infantilize its users intellectually and in personal formation. This is true also of any artificial substitute for something given already in nature.

Not a surfing safariMarch 17, 2019 3:43 PM

Squidding Holiday

with apologies to Cliff Richard

We're all goin' on a squidding holiday
We’re in the Tides for a week or two
Fun and laughter on a squidding holiday
No more worries ‘cause we’re in Oahu
For a week or two

We're going where the squid shines brightly
We're going where the sea is blue
We've all seen it on the website
Now let's see if it's true


Sherman JerroldMarch 17, 2019 4:51 PM

For over a year a relative of mine held free community computer clinics. He made presentations and created a website all to inform and warn people about dangerous internet activity. However, time and again the same people would come to the clinic, talk about clicking on some ad or opening an E-mail attachment and expect him to 'fix it again'. He finally got so discouraged at having to 'time after time pull their car out of the same ditch he warned them about beforehand' that he quit the clinics, for now.

I know many who contribute here are working on sophisticated and often 'low-level' ways to help bolster computer security for systems and users. And, I think that's wonderful. But, when you give a person a tool, teach them to use it safely and warn them how it can be dangerous, and they still cut their finger off doing just what you warned them about, how can we protect them from their own irresponsible actions?

And I know this will sound insensitive, but, how many times should we try to teach them the same security lessons before we give up?

Ed HurstMarch 17, 2019 5:31 PM

@Sherman Jerrold

I deal with this to some degree, as I run a computer tech support ministry. There is no one single answer for everyone. It depends on your relationship to the person who does that stuff, how you deal with people in general, and what you are trying to accomplish in doing that kind of work. To be honest, I seldom run into people that hard-headed about their own computer safety habits.

That said, I've been known to install various tools that restrict such things for people who just don't get it. I've created a policy-restricted account for one client and kept the admin password on file. I feel not the slightest sense of guilt for it, because they were still able to do everything they needed, and they didn't complain.

David WalshMarch 17, 2019 5:44 PM

Ed Hurst
as I run a computer tech support ministry.

This is a wonderful idea. For the non-agnostic, prayer is probably the only security resource remaining with any potential for the masses.
How's that working out for you?

ps you could probably get a script to automate most of it

MarkHMarch 17, 2019 6:25 PM

A propos of BitCoin via amateur radio:

"Preppers" (a.k.a. survivalists and/or Mormons) are a chronic source of amusement. I'm indebted to Umm...Clive for bringing to my attention their premise that:

(a) some collapse is probable that will render usual currency unusable, and

(b) in the wake of such a collapse, they will be able to use a financial transaction medium which can only function by placing extremely intense demands on infrastructure.

I concede that such coincidence is not provably impossible. Nonetheless, considering the interdependence of governments, monetary systems, and utilities (among other resource vendors), how plausible is it?

Have these guys worked out how much paper, pencils, and person-hours would be needed for a manual BitCoin ledger update?

gordoMarch 17, 2019 7:23 PM

@ Alyer Babtu,

I'm not sure I agree with the last sentence of your thesis (and I may have misunderstood you, but, specifically, the word "any" in "any artificial substitute" gave me pause, see, e.g., prosthetic limbs where the natural limb has either been lost or is missing, but, again, I may have misunderstood you).

Otherwise, I wholly agree with your thesis. And yes, after 30 years, we're seeing how both human growth and competitive business markets can be stunted, the latter of which brought to mind "(the law of) diminishing returns", but applies to human growth as well:

The Limits of Innovation: High Tech’s Diminishing Returns
By Tom Valovic Sep 24, 2018

Over the course of time, it is in the best interests of business to create products and services that resonate harmoniously with the need for more sustainable long term growth that supports the overall quality of life and the broader real-life needs of those who ultimately use those products and services. (last par.)

. . . which leads to public-interest tech, policy and the public good (as in well-being).

Alyer Babtu March 17, 2019 9:25 PM


I should have been clearer. As you mention, if nature has failed or been damaged, an artificial substitute is appropriate and good. Or even an artificial enhancement such as an exoskeleton (or supercomputer) might be appropriate in a necessity that exceeds natural limits.There is dignity in an artifact being used in its proper context, but the same thing out of place is a source of decay.

vas pupMarch 17, 2019 10:44 PM

@all (sorry, Clive is not there)

How quantum sensing is changing the way we see the world

"Stealthy detection

Not surprisingly, militaries across the world are also backing research in to quantum sensing.

Gravimeters in particular offer the potential for detecting your opponent's submarines, for instance. Gravity may be a weak force, but you can't shield against it.

So while stealth technology may hide your radar signature, it won't hide you from a quantum gravity sensor.

Last October, scientists at the US Army's RDECOM Research Laboratory in Maryland took a significant step forward in quantum sensing.

They used lasers to boost Rydberg atoms (which are much larger than normal atoms) to unusually high energy levels.

"This greatly increases the atom's sensitivity to electric fields. We've made a giant compass needle that is much more sensitive than conventional ones," says Dr Paul Kunz, part of the research team

Armies will want to detect what electrical devices may be transmitting or receiving data - in other words, "where the good guys and the bad guys are," adds Dr Kevin Cox.

=>>>>Unlike conventional receivers designed to detect signals over a particular frequency in the electromagnetic spectrum, Rydberg atoms are sensitive to a wide range of frequencies.

And as they don't absorb energy from the field that they measure, you can use them to detect signals [!!!}without your opponents realizing.

In short, "quantum technology has the potential to transform the world in ways we can barely imagine," concludes Birmingham University's Prof Bongs."

1&1~=UmmMarch 18, 2019 7:03 AM


"You don't actually need high bandwidth for the single payment."

Which would make the system fairly pointless as well. How many ATM cash withdrawals are made in the US each day?

But also how many 'interbank transfers' across boarders. It's hard to get full figures but we know from some services it's a lot.

JS8Call or 9600 APRS just won't support it. Oh and look at the mess WinLink is making of the HF bands to see that, and that gerdam awful APRS 'bug in your pocket' system that amateurs use to give their location every so often (I'm just thankfull few realise APRS has not only the equivalent of a TXT feature but Email as well).

To make the quivalent of an International Interbank Transaction, you kind of end up needing a banking service. Which in turn needs some kind of effective infrastructure not just for communications, but a Guard Labour force as well. History shows us guard labour ends up becoming a hierarchy which although it might not be a sovereign national government is likely to evolve into a Kingship process which gives you a Government. Because 'he who controls the exchange mechanism, controls the process of exchange beyond that of personal contact'.

Outside of smallish quantities of basic staples barter does not work very well. Look at the cost of even a tent, then think about that in terms of cabbages or fruit, you in effect end up with an 'agent/facilitator market' who will take your field of cabages and barter them with the equivalent of twenty to fifty shops or other known customers, and will ask for a fee of 15-30% if you are lucky. The alternative is you have to sit in a facilitator controled place of sale waiting for customers, thus not only do you have to pay for space, you waste your time hoping some one wants to buy your field of cabages, when you should be clearing ground etc for the next crop to be started etc.

If things get so bad fiat money or base metal tokens dies out, then for the first few years it will be 'the law of the gun' or other weapon untill people organize into communities with sufficient spare capacity to have guard labour etc. The last thing that most will see as having any value is a bunch of bits.

It's what a lot of people forget, value is mainly in the eye of the purchaser, not the seller. Especially when we are talking about totally intangible 'information', the only time that changes is with some form of monopoly and when the purchaser believes they need that particular good or service and that at the time it is the most expedient way to fulfill the need. Even if the need is a speculative one. This is especially true of Crypto-Currencies currently, hence the wild swings in preceived value, which tells you there is no real mainstream use for them. That is the more people who use a method of exchange generally the more stable it's 'real' as opposed to 'fiscal' value is. Generally it's only Governments, banks and investors who want 'fiscal' value as it's inflation against time is to their advantage not those of us who are 'wage surfs' tied into 'inflationary rent seeking' with which we generaly can not keep up.

1&1~=UmmMarch 18, 2019 7:49 AM

@vas pup:

"And as they don't absorb energy from the field that they measure, you can use them to detect signals without your opponents realizing."

That will upset a few people who believe rightly or wrongly that the transfer of 'information' requires the use of forces on energy or matter...

I suspect a little bit of journalistic licence / understanding is involved ;-)

But also people are not thinking about the problem. Gravity is caused by mass. When you are close to the mass as in standing on earth, contrary to popular belief gravity is not straight down...

If you are at the junction of hard high density rock and soft low density rock then your gravitational measurment will tilt towards the hard rock. Likewise if you are standing next to a cliff or mountain.

Thus what you are measuring is in part based on density and it's location and in part on the vector sum of all mass within range of your instrument's sensitivity. The greater the sensitivity the more density variation will effect your close to noise floor readings.

Thus that 2m wide well shaft could be hidden by giving it a shaped lid of the right density material to such that the density signal heads towards the noise floor.

Oh in the UK back in the 1970's a prof built a high density metal pendulum that was mounted in such a way that it formed two capacitors, one on the left of the swing the other on the right. These obviously like a seesaw went up and down proportional to the angle of the swing. This was used as one arm in a 'bridge circuit' and was very sensitive. So much so it could detect the movment of the moon via the movment of water in the see some thirty odd miles away, but it could also detect the mass change of the night security gaurd walking on his patrol around the laboratory complex that had floors that were atleast 2meter thick single pour reinforced concreate.

The problem with the instrument was two fold 1, swing damping and 2, low bandwidth due to trying to reduce the instrument noise floor.

I thus suspect that whilst these things will make good 'science day projects' getting a sufficiently low noise floor will make them very slow to use in real life usage.

VinnyGMarch 18, 2019 9:49 AM

@1&1~=Umm re: "law of the gun" - I think it is debatable whether a barter market or the law you cited would be the primary strategy employed for procuring and distributing the necessities of life in the postulated situation. That would imo depend very much on the specific scarcities and the specific individuals and communities seeking the scarce items. Anyone who needed to feed a family and had nothing to trade for food would quickly resort to theft, and possibly force. Unfortunately, for some, theft by force would be the default tactic. Certainly, force would be in play to some degree: whether to enforce theft, or to resist it.
@Mark H et al
I agree with some of the posted thoughts here mocking the "survivalist" movement and its self-proclaimed experts, as many who set themselves up as on-line authorities in "survival" are naught but posers with little to offer but laughable and ludicrous advice (not exclusively the province of "survivalists";>) However, I also find some of the thoughts posted in this thread that seem to reflect a belief that our current systems and institutions are so deep and robust as to be completely immune to catastrophic failure to be at least as ludicrous. Ample evidence contrary to that proposition that is regularly posted to this blog...

MarkHMarch 18, 2019 10:19 AM


I don't dispute the first premise (that there is non-trivial risk of collapse).

Where the foolishness comes in, is failure to comprehend how bad it would be, and how useless the "prep" would be in its face.

Probably most people, when imagining a tsunami, think of it in terms of a swimming pool, or experiences of going into the sea with some high waves, or even surfers riding down a seeming mountain of water.

The reality of a large tsunami, is finding in its aftermath human bones from which all flesh was stripped clean by the titanic force of thousands of tons of fast-moving water.

The "prep" of these "preppers" is like putting on a snorkel to save oneself from a tsunami.

But of course, their actions neither correspond to reality, nor is that even the purpose. It's a magical ritual by which they attempt to manage their fears about things beyond their control.

In that respect, making fantasy preparations for some imagined calamity may well be functional as a means of coping with anxiety. But probably investing in the stability of civilizational infrastructure -- for example, by casting their electoral ballots for people who can rationally respond to the greatest challenges -- would be vastly more useful.

Bob PaddockMarch 18, 2019 12:22 PM


"So much so it could detect the movement of the moon via the movement of water in the see some thirty odd miles away, but it could also detect the mass change of the night security guard walking on his patrol around the laboratory complex..."

In a Government, cost is no object for environmental isolation, experiment they found they were actually measuring an elevator in a building two blocks away.

1&1~=UmmMarch 18, 2019 4:24 PM


"The remainder of your analysis was very interesting reading (thank you!) but imo superfluous."

The problem is I don't know how educatrd or thoughtfull the many readers of this blog are.

Thus as you appreciate most of the problem areas I suspect from some experience many don't.

So it's a bit like telling jokes, if I ask a bunch of physics grads 'why did the cat slide of the roof' they get the 'because it had to little mew', but most others would give you a blank look. Likewise the mathmatical joke with 'Oh plus a constant' punch line.

The audiance here is broad and I like as many as possible to grok what I'm getting at because hopefully it will give them a little 'sixth sense' feeling that could save them a lot of pain in their future.

1&1~=UmmMarch 18, 2019 5:10 PM

@Sherman Jerrold:

"and they still cut their finger off doing just what you warned them about, how can we protect them from their own irresponsible actions?"

'With freedom comes the responsability to behave responsibly, to stand on ones own feet firmly' Also adults should 'live to learn, not learn to live' after the foundations have been taught to them.

You personaly owe them nothing unless you were paid to provide them with the fundemental information requested and methods to apply it and did not do so.

Many forget or do not care that teaching and learning is actually the responsability of both parties. The teacher to be clear and show how to apply the information so it becomes knowledge. The pupil the desire and ability to take the information and follow the methods shown to them. Thus be able to apply not just the information but the methods, in a way that makes it possible to apply not just the information given, but future information as well, to turn both not just into knowledge but practically apply it, such that it has real value for them and others.

Don't get hung up on the fact that despite your efforts to impart knowledge you have failed, unless you have good reason to believe you have not behaved responsibly. At the end of the day even the brightest of people will not be able to turn all information into knowledge, my inability to play stringed instruments to an acceptable level is not for want of information or effort in applying it, my meat hook fingers just don't want to play :-(

1&1~=UmmMarch 18, 2019 8:27 PM

@ Bob Paddock,

"In a Government, cost is no object for environmental isolation, experiment they found they were actually measuring an elevator in a building two blocks away."

Yup the Gov is never frightened to spend other peoples money extorted from not those at the 'cap stone' of the wealth pyramid, but every layer they can below that, hence the 'wage slaves' are paying for the guard labour they are threatened by, such is the nature of power.

As for measuring an elevator / lift* a half mile or so away, you don't say how they were detected. However over nearly a century and a half, there are all sorts of ways they have been a problem by radiating and conducting out energy that has anounced their presence loud, clear.

I regularly have to track down "man made" (QRM) electrical supply and radio frequency noise. People say power transformers are bad for the health, but the fields from modern panel TV's and LED lighting are way way worse, spreading energy much further and in wider bandwidths. As for leaky microwaves lets not go there, they are rare but they do happen, thankfully the wavelength is centimetric so the near field is quite small.

But lifts from the last century many of which are still around used Relay Ladder Logic to switch large contactors controling upwards of three horse power motors. Some of which were DC motors with "smoothing inductance" (more reliable than capacitors). The result when the "Back,EMF" snubber circuit using selenium or copper oxide diodes and dubious early electrolytic cappcitors started to break down is a reasonably high power spark transmitter. The range of which depended in part on if the motor and controler were at the bottom of the shaft (rarely done after the mid 60's) or at the top of the shaft (the norm untill this century and the return of hydrolic powered elevators). The top of a modern twenty or more story tower block is higher than quite a few antenna masts used for transmitting thus the interference radius can be quite large.

For various reasons few cared or even knew about the radiant energy fields surounding generators, motors and relay control circuits. Even upto the 1960's they were not realy a problem for most people. However in the early 1980's we started getting 'Electromagnetic Compatibility" (EMC) legislation due in most cases to the transistor replacing the thermionic valve/tube. Thus the troublesome receivers changed from being dining / parlor room furniture to put in your pocket Japanese battery powered transistor radios. Which for a multitude of reasons realy did not like man made electrical or magnetic field noise.

But even with what some consider draconian EMC legislation the interfetence problem of man made electrical and magnetic fields keeps coming back at us, and 'plant equipment' which lifts are realy part of, are still a major source of man made electrical and magnetic interference, fairly easily detectable at several hundreds of yards if not miles distance, in bad cases of repair and maintenance.

* This is not just a US-v-UK naming difference it actually had to do with a difference in energy sources effecting the design. As some know a number of US Cities had as part of their infrastructute 'hydrolic power' piped around early upto four story business and hotel districts. Back then one of the uses of this power was to 'push up or elevate" the passenger car, hence 'elevator' became a quite common name and fell into general usage. Over in the UK being a maritime nation the pasenger car was pulled up or 'lifted' by some kind of windlass lift mechanism.

Historically the UK lift mechanisms hade been driven by a power source which in some cases were actually water mill, animal or steam powered (with some animals being convicted criminals doing 'hard labour'). This started long before Faraday and others had started in on electricity as anything other than a scientific curiosity (the first but effectively usless motor being a dish of cinnabar derived mercury and a pivot hung wire). However once generators and their inverse motors had reached a usefull stage they quickly started replacing most other forms of 'static' or 'donkey' engine. With the except of those 'primary heat engines' driven by chemical energy such as steam, diesel and gas internal combustion engines that can all be found being used to drive the generators that drive our grids.

Sherman JerroldMarch 19, 2019 12:55 PM


Thank you. I appreciate your insights (and reinforcement of one concept I and my relative both think is valid regarding who is responsible). We've both always been sensitive to the fact that communication (and, as you pointed out: education) is a two-step process, requiring both clear transmission and thoughtful, understanding reception.

I guess he needs to make a diligent effort once or twice and then find a diplomatic way to decline to try to fix the mess created by repeated ignorant actions. As he is fond of saying: 'Diplomacy is telling someone to go to hell. But, doing it in such a way that they look forward to the trip'.

On another topic, on my two laptops I've noticed that the newer versions of firefox seem to be 'phoning home' every couple of minutes. I've changed all the 'preferences' to limit that, but using the 'about:config" level is difficult. I have read that google is now contributing massively to mozilla and expecting to direct firefox's actions to their own benefit. I really wish there were a simple way for us (as users) to prevent spying. Firewalls, as one partial answer to that, can be very difficult to effectively configure.

Does anyone have any suggestions?

No foil lining my hat yet.

VinnyGMarch 19, 2019 12:56 PM

@Mark H - re: risk of collapse - Thanks for the clarification. I wasn't certain from your post whether or not you had an underlying belief that the system was more or less invulnerable, in aggregate. I hope you were not insulted. I think that we agree on this subject more than disagree.

Sherman JerroldMarch 19, 2019 1:38 PM

@1&1~=Umm and re: to @ Bob Paddock,
I have used an old-fashioned transistor radio to 'snif' radio frequency signals from computers, internet modems, etc. (Usually a dead spot on the a.m. band with the volume at ~80%) The amount of leakage is significant and you can usually hear it change as signals are sent/received. If I remember correctly, the earlier Amana radar-range brand microwave ovens were the only ones that had such good shielding that they didn't require the 'don't stand nearby, this r/f will eventually cook you' warning label.

A 'cautious' friend uses this technique to make sure people have turned their mobile phones off to prevent obnoxious ring-tones from interrupting his presentations.

I suppose that such a receiver could be coupled with some very sophisticated software so that one might decode the signal into meaningful data. I think I've read of similar ideas on Schneier in the past.

FaustusMarch 19, 2019 6:23 PM

Griping about the Government

I'm always griping about the government stealing money and how big business does it better. Then I come across the Aurora super computer at Argonne National Labs and I have to say: ALL RIGHT!!

Could it be the government is doing good things and KEEPING IT SECRET? Maybe they are afraid that Billy-Barbara-Bob is going to look at his/her TV screen and say: Where's mine? Why is the government improving the world when I need more beer?

I searched "great government projects" and most of the results are old or in Asian dictatorships! This is interesting however: It is the history of a century of smart US government investments... Petering off into nothing in the last 20 years.

What is up with us? If we are going to hate billionaires and big corporations who is going to feed the engines of progress? The government must be doing some good, no? Why not tell us about it?

gordoMarch 19, 2019 9:45 PM

Re: Australian 'Assistance and Access' law:

Only politicians get exemption from encryption law
The Federal Government's encryption law spreads its net far and wide in society, but exempts one class of person — politicians — from its tentacles, according to an analysis of the law by lawyer and consultant Matthew Shearing.
by Sam Varghese ITWire 20 March 2019

"While the rest of the Australia (and in many cases, the world) is subject to the new legislation, the only people who are expressly excluded from everything in the Bill are the very people who rushed it through Parliament in the first place – the politicians."

Also, from another article linked by Varghese, on Shearing's analysis, is this gem:

MPs excluded from encryption laws
by James Riley Innovation.Aus March 19, 2019

The TCN should give tech companies plenty of pause for thought, particularly where a potential vulnerability is introduced to a product that eventually has a downstream impact on customers. Liability has the potential to be become problematic indeed.

“When things go wrong and an incident occurs which affects your clients or customers, they’ll likely assume you didn’t implement sufficient security measures to protect their data and commence legal proceedings,” Mr Shearing said.

“Tucked away in the [legislation] is an ‘immunity’ provision which states that a provider (and their employees or agents) can’t be held liable by a third party for anything done to comply with a TAN or TCN.

There are obvious difficulties with this defence, most notably because if a breach or theft occurs you can’t go public and blame the notice – because that would breach the secrecy provisions of the legislation.

Rach El March 19, 2019 11:04 PM


Likewise the mathmatical joke with 'Oh plus a constant' punch line.

I was going to tell you a joke about Sodium Chloride.
But then I then thought, Na

kee netheryMarch 19, 2019 11:14 PM

Process Control malware (Triton) can be deadly if desired.

Most controllers manipulate actuators; valves, motors, stuff that moves. Most controllers have a Fail Open or Fail Closed configuration. If the entire system goes down, what is the safe setting for that output? Fuel valve: Fail Closed. Water for fire suppression valve: Fail Open. A human sets this so that if the plant is losing power, everything shuts down safely.

Most controllers also have actuator limit stops. This motor should never exceed 70%, or go below 20%. This fuel valve should never open more than 50%.

These parameters are configured into the process controllers.

Malware can look at the Fail Open / Fail Closed configuration and then mess with the limit stops to create a situation that is deadly.

For example, Hydrogen Sulfide is a deadly gas (H2S). In a refinery, mostly it goes to a flare and gets burned. Imagine my malware opens the flare fuel valve which is normally Fail Closed to 100% and sets the low limit stop at 99% so that a human operator cannot close the valve. Imagine the flare air valve, normally Fail Open, is set to 0% and the high limit stop is set to 1%. All fuel, no air kills the flare and starts releasing fuel into the atmosphere which eventually is going to ignite and create an air burst. Now imagine this flare burns H2S and the H2S value (Fail Closed), is set to 100% open with a low limit stop of 99%.

Just those three valves pegged to the opposite of what is safe will flood the area with H2S (killing workers and people in the community) and then eventually the fuel in the atmosphere will ignite creating an air burst that could easily destroy a community. That is just three valves connected to controllers that malware can read their configs and set to the opposite without a clue what they do.

Now imagine every process controller in a chemical plant or factory set this way by malware all at once. The malware creators don't need to know anything about the facility being attacked. The controllers contain all the information the malware needs to know how to destroy everything.

Connecting industrial process controllers to the internet is a nightmare waiting to happen.

1&1~=UmmMarch 20, 2019 9:57 AM

@Rach El:

"But then I then thought, Na"


Ahh groan worthy jokes are the very salt of the earth ;-)

MarkHMarch 20, 2019 6:21 PM

Not only has BitCoin recently lost more than 80 percent of its exchange value, but also a new analysis suggests that reported annual market volume (about USD 16 billion) may be greatly overstated, with the actual volume more like 2 billion.

BitCoin exchanges have significant incentives to exaggerate their volume, which might plausibly account for such a discrepancy. [By the analysis, some exchanges appeared to be one-to-one, while others showed signs of enormous magnification.]

BitCoin marketeers are crowing that the value will shoot upwards any day now ... tulips, anyone?

As we discussed above, it's difficult to construct a plausible scenario in which Dollars, Euros and Renminbi are worthless, while BitCoin remains a functional tool for economic exchange.

I suggest that the "preppers" would be far better off planning for a situation in which their BitCoin have become worthless, and good old hard currency remains a functional tool for economic exchange.

1&1~=UmmMarch 21, 2019 8:11 AM

@Bruce Schneier:

It appears that in both Australia and New Zeland ISPs have decided on their own to block sites that may or may not contain the video footage taken by the Gunman's camera of his actions in Christchurch NZ.

Whilst I can understand the sentiment the ISPs have acted as judge jury and executioner of not just the sites carrying the video but apparently other unrelated sites as well.

As the article notes there is a recognised legal process in both countries for "take downs'. Importantly but not mentioned is that the process includes not just judicial over sight but an appeals process as well.

I am concerned that this extra judicial or vigilanty activity by the ISPs some of whom are major international corporations will be the thin edge on corporate censorship. That is what is OK for big crimes quickly becomes OK for little crimes, then even more quickly things that are not even crimes but offend corporate sensibilities and profits.

But 'on the flip side' politicians etc have found a new game in town. They take legal action against major corporates, attempting to portray themselves as 'David v Goliath' where as a more worldly wise person knowing the way the idiots work would see it as 'cynical self aggrandizement', as a legal scholar explains quite nicely,

As a side note on 'ahh didums' hurt feelings, it appears that the US cable lobby who are very much against the Internet for corporate sensibility and profit reasons have decided to change their name in part because they think mentioning 'cable' pre-prejudices peoples attituteds towards them so that they think they are not being treated fairly... So the word 'cable' has been replaced at great tax deductable corporate expense with 'communications',

It's nice to see the corporate world is living down to the expectations of an aging cynic ;-)

lurkerMarch 21, 2019 4:42 PM

@1&1~=Umm at least has a filter on distribution of live streams, in that they can only originate from "verified" users. This simple notion doesn't figure in FB's CYA so far. What data do we have on the limits of "verifiability" of YT users? In other news on the mess that is the blue f, Krebs is reporting they stored a bunch* of user passwords in plaintext for inhouse "experimental" purposes.
* up to 600M depending on who is telling

gordoMarch 21, 2019 5:44 PM

This is new to me. Others may find it of interest, as well.

Telecom Crimes Against the IoT and 5G
March 21, 2019
by: Trend Micro Research and Europol’s European Cybercrime Centre (EC3)

A common and well-known link that communication devices and internet devices have is the use of a SIM card. For IoT devices to have a unique presence and connection to the internet, they should have a SIM in the same way a phone does. This could be a familiar white SIM card, or something smaller attached to the circuitry of the device. A phone makes or receives calls, SMS, or data. Identically, an IoT device has a SIM to allow it to receive and make calls, SMS, or data.

SIM cards can serve like credit or debit cards in that they are used to initiate billing or connections that have corresponding fees. That’s why SIM cards, unfortunately, can be subject to many of the same frauds and risks credit cards are. In addition, the use of SIM cards — and telecom in general — in fraud appeals to criminals, perhaps because the telecom sector is not under regulation for money laundering controls.


In addition to above blog entry:

Report highlights

Full report:

1&1~=UmmMarch 21, 2019 9:35 PM

Is your Phone# your new SSN#

Most readers here are probably aware of just what a bad idea Social Security Numbers are as a 'what you know' authentication factor.

Well it appears the ICT industry has not learnt a darn thing about that level of stupidity. Because they are now using your mobile phone number not just the way they used to do with SSNs but for a lot more, and in ever more stupid ways, such as using your phone number as an alternative account name, thus allowing even simpler forms of attack.

This is doubly stupid because in theory you only get on SSN in life and it does not get given to other people. Mobile phone numbers are like roulette wheel numbers, theres always a fixed number of them so they keep coming up for different people as an almost penultimate form of recycling.

A few days ago Brian Krebs interviewed a security research on this issue and it makes interesting reading,

1&1~=UmmMarch 21, 2019 10:41 PM


"In other news on the mess that is the blue f"

You should give the link,

because others reading along might be to lazy to go look it up now, and in a month or so's time it would be too hard for most people.

But yes Facebook, what can I say that's safe for 'pre-watershed readers' or those at work with over zealous employer 'spy over the shoulder' scanning... I'll give the Psycho-Z his due, it does make maintaining a low blood preasure difficult.

Back in the very early 1980's in the UK the then Government owned national telecommunications provider 'British Telecom' decided that as TV had Teletext, people would pay good money for a similarly clunky interface to dial up from home... They to decided that storing passwords in 'plaintext' and making them available to 'internal staff' was a good way to save costs etc.

Unsurprisingly even back then over a third of a century ago their security --or lack there of-- was compromised. Due to some people trying to report the problem to what were 'deliberatly deaf corporate ears' two of them ended up in court and were successfully prosecuted for fraud. After a long appeals process their conviction was overturned by the then highest court in the land (House of Lords) who also sent a very loud ultra clear message to the then Government that they needed proper legislation, hence the first UK Computer misuse act.

Similar things have happened in other countries, such 'central secrets' are a target for all variety of coloured hat wearers, and in a related way the second* principle answer as to why 'golden keys', 'front doors', 'back doors' and other 'idiot features for lazy LEOs' are a guaranteed failure. That is not 'if' just 'when' they will be compromised.

There should not be any security professional who is not aware of these forms of idiocy so why are the Psycho-Z minions doing it?

I suspect that getting an honest answer will be at best difficult, so based on previous Psyco-Z behaviours it has to be for 'money, power, or both'. The easiest answer is that like thr facebook users phone numbers used for 2FA they are being monetized in some very questionable way. Thus it could be for 'ratteling the door handle' for a users other online accounts to see if it's an 'open sesame' magical key to a hidden wealth of marketable new information (why 'Single Sign On' should never ever be used outside of strict organisational bounds).

What ever the actual reason it's almost certainly 'bad news' for the Psucho-Z's cattle.

People can read FB's corporate word on the subject at,

However it is full of the usual corporate banalities, half truths, and unverifiable statments, so treat it in the same way you would on finding a pile of washed up used toilet paper on your expensive beach holiday.

* The principle reason they will fail is that people can use pre-encryption outside of the reach of such technical measures. The simplest being a secure pencil and paper cipher such as a One Time Pad or varient. Which is what the smarter criminals will do, thus pointing out that contrary to LEO claims these measures are for use on the general public.

TrishaladderMarch 22, 2019 11:21 AM

@ mod7,

It's a given that both the internet and the phone are pretty much useless for privacy related activities (unless by those terms you really mean the plundering of privacy related activities).

What is needed is a new form of communication altogether, run at the grass roots level, without the ISP corps. It'd be the "open source" version of an ISP. Everyone talks about quantum cryptography as a key protection scheme, but it's quite possibly a communications system in its own right.

The sun's rays are all photon/quantum entangled within a certain cross section of the sun's total solar output. So, perhaps within a few miles of diameter, all of the photons are entangled with each other. This could make an easy but relatively secure communications medium (more like a broadcast, since all the entangled states are the same). Two way communication then works by reversing the "broadcast". Of course, since it's quantum stuff - nothing is actually broadcast, and the system relies on a sampling of the sun's rays within live-state quantum memories.

At ten miles, maybe there is 70 percent entanglement, so the system works at slightly less efficiency. At 50 miles, maybe it's 25 percent, with lower efficiency. So, there'd need to be "nodes" to cover intended areas. The cost of operation (once you get past the quantum memories) would be close to zero, hence making for a "grass roots" open source sort of ISP.

Nodes would be easy to pick up, since most photons would decohere upon hitting say - rocks - while only the sampled photons would stay live.

vas pup March 22, 2019 1:43 PM

@1&1~=Umm • March 21, 2019 9:35 PM
Thank you for the link provided.
Within it there is link to other related article caught my attention:

"All four major wireless carriers — AT&T, Sprint, T-Mobile and Verizon — let customers add security against SIM swaps and related schemes by setting a PIN that needs to be provided over the phone or in person at a store before account changes should be made. But these security features can be bypassed by incompetent or corrupt mobile store employees.

Mobile store employees who can be bought or tricked into conducting SIM swaps are known as “plugs” in the Ogusers community, and without them SIM swapping schemes become much more difficult."

I guess each company is responsible (at least civil responsibility) for actions of employees. That is just additional prove humans are almost always the weakest link in security chain.

I have a question: I guess NSA or other LEAs (federal) do have current values of name and other identifiers of the owner of phone number regardless of process of recycling?
Why that information is not available for other security verification application?
Do we have national up to date DB where phone # is key?

1&1~=UmmMarch 23, 2019 5:41 PM

@vas pup:

There are other readers who could answer your questions better than I can for what ever country you are interested in. You could try poping them up on the friday squid.

That said I will try to I hope provide the answers you are looking for.

"I guess NSA or other LEAs (federal) do have current values of name and other identifiers of the owner of phone number regardless of process of recycling?"

Probably not, even though they might want to. In the UK for instance there is a nice little scam going with regards fast food delivery, much like there was with Uber taxis. Some one with a right to work would register themselves with a brand new phone and their motorbike. They would then rent the phone out to a Brasilian or other who could pass themselves of as being European and take a percentage off of the top. To avoid 'producer' issues the renter would have to use a push bike or similar licence not required transportation.

With regards,

"Why that information is not available for other security verification application?"

I can not answer for most countries but in the UK we do have some 'data silo' rules plus the IC don't like playing with LEOs, they likrwise, basically both see the other as trouble in many ways.

To solve this the UK Gov tried puting a single front end on, that in theory would liaise with all agencies with entitlement under RIPA and similar acts of legislation. Not sure how it's working out I think the LEOs as they have had budget cuts to supposadly set this up are fairly determined not to play as they have to pay again, and would rather see it fail ignominiously. Thus blaim the cutrent UK PM who they see as incompetent at best, and probably poisonous not far behind. Because as we saw this week writ large, it's always somebody else's fault with her. Basically she's the sort that pours petrol on a fire as a quick and cheap solution, and then blaims the victim for not stopping her...

Which brings us to your third question,

"Do we have national up to date DB where phone # is key?"

I don't know about outside the UK. But in the UK there is supposadly a phone database for both land lines and mobile phones that companies add their data to... What there actually are is a number of disparate databases held by each phone service provider to translate various numbers into other numbers. For instance every mobile phone is supposed to have two unique numbers one that is effectively the electronic serial number of the phone hardware, the other is the identity number of the SIM, neither is the phone number and niether can be dialed by users (supposadly). Even with land lines they have frame numbers. Basically these numbers are used as entries into the phone users service providers database which then links to the phone number, this atangment alows for "many to many" relationships. The user details are probably not held in that DB but the associated billing DB which in essence is a 'counter of billing pulses'. However due to the very strange way the telcos aportion cost it's quite a bit more complicated, and why someone as in the Greek Olympics can set up accounts that work in the most peculiar of ways.

But there are yet other DBs that log mobile phone location and movment details amongst many other details. Why they were set up in the first place is unclear, but you can guess who were amongst the first to stick their noses in that trough...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.