Friday Squid Blogging: Hawaiian Bobtail Squid Squirts Researcher

Cute video.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on October 4, 2019 at 4:23 PM • 115 Comments

Comments

ThothOctober 4, 2019 8:41 PM

@Ismar

Or on the other hand ... the chatters of politicians and diplomats can also be easily tracked. You can imagine how much easier the Chinese and Russians can peak into messages sent by Western politicians and diplomats .... oh wait .... you mean backdoor only for 5Eyes in NOBUS style ? They (China and Russia) would also want a way in to prevent anti-Chinese/Russian "terrorists/separatists" from escaping the "Net of the Law" whatever it might mean.

Peter ROctober 4, 2019 8:47 PM

To find out whether backdoors are truly important to law enforcement agencies, let's see if they are willing to accept liability for misuse. If they fully believe that backdoors would not compromise security, then they would not resist liability should the backdoors fail.

I would suggest that they pay $1000 (USD) to anyone whose information is compromised if a backdoor is used outside of the publicly disclosed purpose of the backdoor, whether by hackers or the government. Not "up to amount $XXXX", they just pay the promised amount. Not "actual damages", which are difficult to measure and prove. While $1000 won't compensate someone whose life was ruined, in most cases compromise of a backdoor would affect large enough numbers of people that the government would feel some pain. I'm not sure how to prevent this from becoming a "$1000 fee to cheat", but maybe someone could figure that out. Anyway, the principle of accepting liability is a start.


Sherman JayOctober 4, 2019 11:35 PM

@Peter R

I understand and appreciate your desire for law enforcement to be held accountable. However, backdoors will be cracked by malicious players. And, in examining all the data breaches of millions of ID's by government and private corporations almost none were held accountable. I don't think your idea would work. We live in a world where government and corporations weasel out of any responsibility most of the time. Think: banksters crashed the economy in 2007-2008 and none of them went to prison or repaid their victims. In fact, those taxpayer victims had to pay to bail out the crooked banksters!

As an example, for a long time Arizona Dept of Transportation had a system that allowed almost anyone to order a replacement driver's license by providing just a little superficial info. Questions were raised about the problems of abuse, but nothing was done. No one knows how many victims there are but some lost hundreds of thousands of dollars because someone else got a copy of their driver's license, found someone that looked a little like the real owner and committed ID theft.

WeatherOctober 5, 2019 12:06 AM

@bruce
I use a android phone to visit this site, and notice coraltions with part of the phone and just this site.
Any comment?

WeatherOctober 5, 2019 12:33 AM

@bruce
It happens with other American sites like arstecnca. Maybe some airport screening thingy.

JonOctober 5, 2019 1:40 AM

@ Sherman_Jay

... found someone that looked a little like the real owner

Even that's not really required. There's an old trick that involves 'showing your ID' carefully held (very tightly, but apparently casually) with your thumb over the picture. Yes, the clerk is supposed to take the whole ID into their own hands, but if you look suitably truculent about it and hold on tightly they won't. They'll compare names, and off you go.

's why California state IDs (incl. DLs) now have two copies of the picture on them. Dunno if it helps much, though - the second picture is v. small. J.

Gunter KönigsmannOctober 5, 2019 5:53 AM

@weather: what do you mean bu coraltions?
For about two years on news sites that talk about security and contain ads my phone asked me if I want Firefox to be able to use the camera and the microphone. This happened both in wifi and on mobile internet, but only if I was in certain locations. Then a Firefox update changed that Ti the question if I want to enter a fraudulent website. Shortly lagmter this warning was gone. Hope this doesn't mean this branch of malverising has been replaced by a less-visible one.

JohnOctober 5, 2019 8:07 AM

When I load the New York Times website am I in a public space or a private space? Is it public in the same sense that a supermarket/bar/restaurant is a public space? When I go to facebook is it a private space like a membership required club or public? What about the trackers from Facebook/Google/etc on the Times site? As far as I know Facebook/Google could not install cameras in physical public spaces and use that data to profile the general public in those spaces. How would a platform like Facebook be different from a CDN in this context?

I have done some superficial research (a few quick web searches) but didn't find anything obviously helpful. I do understand that this is a topic that, in the best light, is viewed as unsettled law. It appears to me that answering the basic question: "Where am I" would help inform the issue of what responsibility the owner of the space has for obtaining consent to collect data and how they might be held to account for misuse of that data.

Clive RobinsonOctober 5, 2019 11:17 AM

@ John,

When I load the New York Times website am I in a public space or a private space?

As far as I'm aware under UK, US and other WASP nation jurisdictions the Internet has no "Public space".

That is you either own or rent your computer and it's connections and all your communications travel across privately ownd cables and equipment.

It's also been said that 1980's US legislation brought in by Ronald "Ray-gun" after he had watched Mathew Broderic in War Games is so broad, that what should be properly covered under tort/civil law now has inherited criminal status. That is breach of a simple TOS agreament is now covered by criminal sanctions...

Pay a lawyer a fee for his opinion, but don't be supprised if they advise you that in effect what ever you do on the Internet you will be acting against someones policy.

Have a look at this piece of madness from Rupert Murdoch and the usuall US Telco suspects all of whom want to data-rape you,

https://www.techdirt.com/articles/20190929/16484543093/telcos-rupert-murdoch-pushing-nonsense-story-that-google-helping-keep-your-internet-activity-more-private-is-antitrust-violation.shtml

vasp pupOctober 5, 2019 2:24 PM

The Army Wants Killer Electromagnetic Pulse Artillery Shells

https://nationalinterest.org/blog/buzz/army-wants-killer-electromagnetic-pulse-artillery-shells-85166

Related links:
https://nationalinterest.org/feature/russias-next-military-game-changer-microwave-weapons-16946

North Korea obtains EMP weapons from Russia, could now melt most of the electronics in Asia:
https://www.extremetech.com/extreme/170563-north-korea-emp

"Weaponized EMPs generally come in two forms: nuclear and non-nuclear. Non-nuclear EMPs are fairly weak (on the order of one million times weaker than their nuclear counterparts), but that’s not necessarily a bad thing if you’re just trying to knock out the electronics of a small, localized area (a military base or water pumping station, for example). At this point, we have no idea if North Korea has acquired nuclear or non-nuclear EMP tech from Russia — but as non-nuclear EMPs are pretty dull, let’s just assume the worst and assume that North Korea now has a nuclear EMP in its possession."

Could Faraday Cages protect IT infrastructure
component against EMP attack?

WeatherOctober 5, 2019 3:28 PM

@Gunter
The process "phone" should be used for calls and text, but after visiting this site the standard memory usage of 1mb goes to 10mb.

SpaceLifeFormOctober 5, 2019 3:56 PM

Threads and cores. Race conditions.

OEMs will not fix soon.

You are being MICROattacked, from various angles, in a SOFT manner.

hxxps[:]//github.com/google/ktsan/wiki/KCSAN

When G finds hundreds of issues in two days,
then you know why there is no CVE.

SpaceLifeFormOctober 5, 2019 5:22 PM

@vasp pup

It is very doubtful that Faraday Cage can protect from EMP.

A Very Large EMP, (for various values of Large), will take out the AC network in a given region.

One needs Solar and Battery op, double caged.

And even that, internet comms, probably DEAD.

Recovery requires Solar, Batteries, Radio.

Or, hand-cranked Radio.

SpaceLifeFormOctober 5, 2019 6:06 PM

@Weather

You are not alone.
Interestingly, I also only see that (cough) *internet behaviour* (cough), on various sites.

In other words, YMMV.

It really, really depends.

Are you talking about 'stuff' that various ic folk do not want to be discussed?
(IOW, they don't want you to accidently blow a ongoing investigation)


Or are you you talking about 'stuff' that they should be following up on, and researching?

Again, it all depends.

AndersOctober 5, 2019 6:41 PM

Old, but still relevant!

hxxps: // arstechnica.com/information-technology/2012/09/big-brother-meets-big-data-the-next-wave-in-net-surveillance-tech/

RudolphOctober 5, 2019 6:43 PM

Perhaps the researcher was squirted because of bullying activities such as making fun of companies that "deserve to be made fun of."

AlejandroOctober 5, 2019 7:41 PM

@Ismar

Re: Facebook Backdoor

It's been discussed here not long ago:

https://www.schneier.com/blog/archives/2019/08/facebook_plans_.html

Seems the official, public positioning of FB's "embedded content moderation and blacklist filtering algorithm" system (read backdoor) has evolved to the Good Guys protecting the Little Children, Five Eyes, vs. The Ever Sneaky and Evil Facebook which is refusing to agree to backdoor access to grandma's recipes, I mean the multi-millions of pedophiles using FB apps. (Quick question if it's such a big problem, and they know there are millions, why aren't they doing something about it???)

I think it's much worse than that though. FB's device centric backdoor is clearly the new Clipper Chip model for the entire internet. I am thinking maybe they didn't even invent it. Are they really that smart?

The idea is to stage this mock battle and after a highly public and weird debate, FB "caves in" and installs the back door on every user device, everywhere as part of their apps package thus setting the precedent for the whole world.

That will give FB wide open access to all user content, encrypted or not, as well as any number of government ops on the mailing list. And, of course there will be handsome handling fees. Worth billions of dollars, of course.

Other internet entities seeing a good thing ($$$) and no legal repercussions will stand in line to install their own device centric backdoors. (I suspect some have already been enrolled, with less drama than the FB side show.)

In short, my thought is FB is in cahoots with Five Eyes and they are close to making it happen.

I honestly don't any way to legally stop it. Do you? Anyone? It looks to me like the corporations will do this willingly for the money and there is no law to stop them.

Somebody feel free to tell why I am wrong. In detail.

(p.s. Will Cathcart's comments should be discounted heavily in my view. I won't say why because I can't prove it.)

AlejandroOctober 5, 2019 8:56 PM

@vasp pup

Ed Price, (Director Emeritus of the Patriarchy???) provided some perspective on EMP and Faraday cages.

Strangely enough he suggests an old favorite of mine, and many at this forum, : Aluminum broiler foil as a viable defense!

Everyday day I get more and more reasons never to take my tin foil hat off, even in bed. (Nighttime would be the best for a sneak attack.)

Who woulda' thunk it...aluminum foil can foil a military grade EMP attack.

BTW, I am sure I read years ago EMP is not nearly as effective as portrayed. As I recall, the article said most vehicles would be able to resist an attack, or at least recover quickly.

https://www.quora.com/Does-a-faraday-cage-protect-a-device-against-any-EMP?share=1#

OK, I admit this topic is more nuanced than my post, but it's a start.

AlejandroOctober 5, 2019 8:59 PM

Ed Price, (Director Emeritus of the Patriarchy???) provided some perspective on EMP and Faraday cages.

Strangely enough he suggests an old favorite of mine, and am many at this forum: Aluminum broiler foil as a viable defense!

Everyday day I get more and more reasons never to take my tin foil hat off, even in bed. (Nighttime would be the best for a sneak attack.)

Who woulda' thunk it...aluminum foil can foil a military grade EMP attack.

BTW, I am sure I read years ago EMP is not nearly as effective as portrayed. As I recall, the article said most vehicles would be able to resist an attack, or at least recover quickly.

https://www.quora.com/Does-a-faraday-cage-protect-a-device-against-any-EMP?share=1#

OK, I admit this topic is more nuanced than my post, but it's a start.

Sherman JayOctober 5, 2019 9:04 PM

@SpaceLifeForm @vasp pup

"It is very doubtful that Faraday Cage can protect from EMP.
A Very Large EMP, (for various values of Large), will take out the AC network in a given region.
One needs Solar and Battery op, double caged."
- - - -
Ever since the North Korea debacle about a year ago (anxiety lessened now that we know it is all 'theatrics' on the part of the two dictator egos involved). I've been reading about Faraday Cage tech. (trying to be prudent, and not end up a paranoid 'prepper'). Apparently, some u.s. gov't and private research in the 1950's or so put some cages (fully sealed and insulated from ground with no through fittings or cables) in the vicinity of nuclear tests (exposing them to the EMP) and the radios and equip. they put inside (very fully insulated from the metal cage enclosure) survived. Also, some 'old tech' (some simple batt. powered vacuum tube radios with no antenna attached) seemed to be more robust than tiny transistors. Some articles talked about mesh screen Faraday cages and referred to the holes in the mesh having to be 1mm or less because of the the frequency/wavelength of the various components of an EMP. And, there appear to be a number of different types of EMP's generated by different devices/explosions.

Also, as I understand it, harddrives and SSD's will fry, but optical media (CD/DVD) will not be damaged.

Sherman JayOctober 5, 2019 9:17 PM

@all about EMP's
I'll make myself vulnerable to ridicule by disclosing that as an amateur JIC experiment, I've put a bunch of batteries, LED flashlights, backup harddrives (wrapped in 2 alternating layers of plastic and foil) and a couple of older laptops, power supplies and 2 Citizen's band transceivers, etc. in a heavy galvanized 24 gallon garbage can that has a tight fitting lid and is sitting on 1"x1" by 24" plastic blocks.

As a very un-robust test, I put a cell phone in it, closed the lid tightly and called it. No ring. I left the lid with only a narrow crack open, called it and the phone rang. Obviously, I don't have the equipment to mimic an EMP to test with.

WeatherOctober 5, 2019 9:22 PM

@Spacelifeform
Its happened 6months plus or minus, I disregard it most of the time, I know Google updates the phone OS software, the apps I do manually, but the "phone" process is always on ,good place to put it, I don't know just seems fishy.

@Anders
JavaScript is on,I use it as a research portal ,to get info from majority of sites.
Noscript add-on ,Firefox said wasn't supported.

HortonOctober 5, 2019 9:57 PM

As I have noticed, quite a few contributors have posted URLs of outlets like arstechnica, verge, vice, WaPo, NYT etc. May I suggest to post archived links using archive.is? This would prevent above-mentioned outlets to obtain additional traffic.

After all, we do not want to support websites like this one, do we? http://archive.is/N0YVb

O.k. Maybe I'm wrong on that.

- WASP nations? Had a good laugh here (he mentioned it several times in the past). Yet, on further thoughts, a bit "special"... Almost racist, I would say. How then would you call a muslim nation?

- Does a Faraday help in case of an EMP? Yes. But it only protects the specific object it shields. Obviously, shielding entire infrastructures would be a bit tricky. But yes, some organizations have contingency plans set up in case of EMPs. And they would work.

Sherman JayOctober 5, 2019 10:19 PM

@Horton,
I take your point about not giving undue traffic to some of these sites. They all load tracking goodies on your computer with every visit. In researching tracking, I installed privacy badger on firefox and found that a medical lab that does blood tests and should be very protective of patients' data has 4 third-party vendors that get all the data and those servers load 6-10 tracking goodies on my browser. Privacy is dying a fast and painful death.

I have seen these archive.is URLs occasionally, but didn't know where they served from. I just checked the Whois at Name.com and it reports archive.is is in Prague, the Czech Republic. I have no doubt that there are many decent honest people in Prague, however, do we know the security reputation of this firm?

% This is the ISNIC Whois server.
%
% Rights restricted by copyright.
% See https://www.isnic.is/en/about/copyright

domain: archive.is
registrant: DP36-IS
admin-c: DP36-IS
tech-c: DP36-IS
zone-c: DP36-IS
billing-c: DP36-IS
nserver: carl.archive.is
nserver: elsa.archive.is
nserver: dave.archive.is
dnssec: unsigned delegation
created: May 16 2012
expires: May 16 2020
source: ISNIC

person: Denis Petrov
nic-hdl: DP36-IS
address: Bilkova 16
address: Prague, Stare Mesto 11000
address: CZ
phone: +420 775168924
e-mail: @dns.li
created: May 16 2012
source: ISNIC

HortonOctober 5, 2019 11:11 PM

@Sherman Jay

Fast, as expected.

Yes, an address in the CSSR indeed looks dodgy. Could even be a Russian front. You never know. Right?

A few months ago, I red on a tech site that using archive.today - now it's called archive.is - was racist.

There's also some discussion here but tl;dr.

https://www.webmasterworld.com/content_copywriting/4906072.htm


I believe 1984 should apply to everybody. What is your opinion on that, Sherman Jay?

As Eric Schmidt said: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

Guess, you know what he means.

I would not want that Tweet to "disappear". How about you?

http://archive.is/8e82W

HortonOctober 5, 2019 11:19 PM

Here, the Wikipedia definition for goalposting.

"Logical fallacy. Moving the goalposts is an informal fallacy in which evidence presented in response to a specific claim is dismissed and some other (often greater) evidence is demanded. That is, after an attempt has been made to score a goal, the goalposts are moved to exclude the attempt."

Reminds me of Protonmail's responses on Reddit. But that's another story where I relax, watch, and eat the popcorn...

Sherman JayOctober 5, 2019 11:44 PM

@Horton,
I read the webmasterworld posts. They are mostly concerned (rightly so) with their websites not getting direct hits and the possibility of counterfeit sites using their 'content'. I began creating websites in the mid 1990's and it was a different world. Today, there is very little respect for the creations of others. Pirating and plagiarizing is rampant. There are few things people can do to truly protect their creations from piracy.

1984? One of my friends says "George Orwell was an optimist". By reading all the intelligent articles and postings on Schneier and other sites working in the public interest, you will find that we are all besieged. I'm not a cynic, just willing to continue working for the betterment of people while realizing there is a lot of dishonesty and greed driving too many powerful interests.

Regarding the Eric Schmidt quote, many people are willing to give up all privacy stating 'I have nothing to hide'. Some will use that idea as a weapon to try to coerce someone to divulge private details that others have no justification for knowing. And, that can lead to abuse; the further invasion/destruction of privacy by government and spying corporations. I am convinced there are times when honest and decent people need some privacy. Would you want someone spying on all your intimate moments with your spouse?

HortonOctober 6, 2019 12:51 AM

@Sherman Jay

Maybe there was a misunderstanding, so I will try to clarify. (Even though I do not think there was a misunderstanding.)


(1) archive: The purpose of archive.is is not to "plagiarize" or to "pirate". The purpose rather is to preserve what has been written on certain websites. Even tough a lot of content can be found on archive.org, you can get content on archive.org removed. It's a bit tedious but possible. On archive.is, on the other side, it is near to impossible. Now, if you got the archive.is URL, you can go to archive.org and oftentimes you will find the content there. That could be useful once archive.is will be down. Which will happen sooner or later.

Unfortunately, in the very recent past, we have seen very often that controversial content has been altered by the authors or deleted altogether. A good example is a finance blog (which last week gained worldwide notoriety) which had to take down posts several times in the past because it was forced to do so. So, if you archive a controversial post using archive.is, you have a snapshot that cannot be deleted or removed.

Archiving also can help to combat the fake media.

Anyway, as you are on schneier.com, you certainly know what I mean.


(2) 1984: Here, I absolutely agree with you. We all should have a right to privacy. Above-all privacy from the state and state affiliated organizations. Now, the questions are: Should that privacy be granted to a select group of a few privileged people or to everybody? What should that right to privacy encompass?

Prior to introducing a new surveillance law, an organization started collecting signatures for a petition. A few times, I approached those fine (and young) people and asked them: What, in your opinion, incorporates privacy? "your intimate moments with your spouse" (as you wrote)?

Does it also extend to your bank account? Well, here the issue of privacy seemed to become a bit tricky, since I did not get one single clear-cut answer.

Privacy, in my opinion, refers to all aspects of a person's life, i.e. also to his financial affairs. Yet, exactly the organization that collected signatures for the petition against the surveillance law has persons in the committee who strongly oppose privacy that extends to an individual's financial affairs.

Ironically, one of the persons in the committee is a "professional" politician (he claims also to be a businessman, since he got an outfit that designs flyers for his political party), just like his spouse. The both earn some $1,2m cumulatively (from politics only!) and live in a coop flat for $1,300 @ month.

That shows you the hypocrisy surrounding the privacy discussion. Either you are for privacy or you are against privacy. It is black and white.

AndersOctober 6, 2019 3:01 AM

@Weather

"Noscript add-on ,Firefox said wasn't supported."

What do you mean? Noscript for "Quantum" based Firefox
is long out, even incorporated into TOR browser.

Be aware that different "entities" can inject arbitrary
Javascript code into your web traffic. I have seen this
is repressive countries on Middle-East. Turn Javascript
OFF whenever you can.

Clive RobinsonOctober 6, 2019 5:09 AM

Something for the weekend

Got nothing to do with the kids this weekend?

How about a practical demonstration of a "Replay Attack". In a fun way, where you unlock a car[1] with less than 100USD of unsuspicious parts?

https://m.youtube.com/watch?v=M2JY1_Xmokg

Yup it realy is that easy for some older[1] cars.

[1] Since the replay attack on electronic car keys has been around for a while now, some, but only some car manufacturers have more expensive "rolling code" and similar defences against rrplay attacks. The problem is in many cases the "rolling code" is way to easily worked out[2].

[2] Although the file gets called unlock.iq it is if you listen a stereo WAV file. The number of editors and other software tools for playing with WAV files is immense. Thus you can very easily see the actual transmitted data and with a little thought and effort pull out the "changing code" from the static data. If you have access to enough key fobs there are fairly standard crypto attacks you can use to analyze and then play with the code...

HortonOctober 6, 2019 8:38 AM

Must have hit a nerve with my post about selective privacy and archive.is!

Ah, les braves gens!

The masks usually fall pretty fast.

Here, another Tweet from our innocent friend: http://archive.is/BcwHQ

Clive RobinsonOctober 6, 2019 9:20 AM

@ Horton,

WASP nations? Had a good laugh here...

It stands for "White Anglo Saxon Protestant" and more or less covers the same teritory as the "Five-Eyes" but takes less typing.

There are a number of such phrases and their oragins are not what you appear to think

BystanderOctober 6, 2019 10:14 AM

@vasp pup

The development of non-nuclear EMP-weapons is going on for quite a while.
A wide availability will lower the threshold for their use.

https://www.researchgate.net/publication/235163256_The_Electromagnetic_Bomb_-_A_Weapon_of_Electrical_Mass_Destruction

https://spectrum.ieee.org/biomedical/devices/the-dawn-of-the-ebomb

Maybe it is a hype, maybe not.
It is certainly a good reminder on how fragile our electrical and information infrastructure is currently.

Using these weapons without a hardened infrastructure is sitting in a glass house and throwing stones - not a wise move.

HortonOctober 6, 2019 12:54 PM

"WASP nations? Had a good laugh here..."

"It stands for "White Anglo Saxon Protestant" and more or less covers the same teritory as the "Five-Eyes" but takes less typing."

"but takes less typing."

Oo.. ookey, fair enough.

Honi soit qui mal y pense.

BystanderOctober 6, 2019 2:28 PM

@Sherman Jay

As a very un-robust test, I put a cell phone in it, closed the lid tightly and called it. No ring. I left the lid with only a narrow crack open, called it and the phone rang. Obviously, I don't have the equipment to mimic an EMP to test with.

If you want to test, make yourself familiar with MIL-STD-461G RS 105, here is an example for test equipment and setup:
https://www.atecorp.com/compliance-standards/mil/mil-std-461g-rs105

The real-world pulse will be not exactly the same and might be very different.
Small equipment not plugged into mails or cables has a better chance to survive.
It depends on how much power at what frequency is present and how much your equipment will tolerate.

SpaceLifeFormOctober 6, 2019 3:24 PM

@Sherman Jay @vasp pup

(fully sealed and insulated from ground with no through fittings or cables)

That is the key.

If you do solar, double cage, with rotation of batteries, then you can have a wire from solar panels to the battaries that are in the outside cage.

If EMP hits, that can fry the batteries in the outside cage. But the batteries in the inner cage should be ok.

How many batteries to keep ready in the inner cage will depend upon scenarios.

The reason for double cage is to prevent a 'smart battery' from being able to leak [stuff]. Not sure that leaks are still impossible with this design. 8ut, with good design, and good hardware, it should be minimal.

@Clive

You can find the leak, I *know* you can.


C U AnonOctober 6, 2019 3:36 PM

"Honi soit qui mal y pense."

"Tel qui s'en rit aujourd'hui, s'honorera de la porter, car ce ruban sera mis en tel honneur que les railleurs le chercheront avec empressement"

And so the music played on.

Oh "archive.is" has a major problem that is fairly well known, many ISP's block it with a "Think of the children" type warning.

TatütataOctober 6, 2019 4:09 PM

Re: EMP

From the article:

However, the proposal does not specify how all this is to be accomplished. A query to the Army didn’t shed much light. In an email response, the project scientist said that the project is “open to a broad range of non-kinetic effects.” In fact, the artillery shells don’t even have to be 155-millimeter, but “maybe any other caliber that has the space to place an electronic subsystem that can be used to neutralize an enemy infrastructure and computer based systems.”

Patent US10180309B1 assigned to the US Army might provide a clue.

It describes an EMP attachment for a rifle. A blank cartridge is shot, and the gases compress a Exelis/Harris EC-64). The electrical pulse thus obtained is coupled to a wideband antenna.

An EMP artillery shell would presumably be based on the same general principles: chemical charge actuating a pulse generator coupled to an antenna.

SpaceLifeFormOctober 6, 2019 4:16 PM

@Weather

Yes, it is fishy.

There is a lot going on, that clearly is classsified, and at the same time, very likely illegal under 4th Ammendment in USA.

Basically, without spelling out what I think is really going on (HOM), I can suggest:

Get off social media.

If you can not, avoid login unless you have to post. Then logoff.

You are much better off to read social media or any website anonymously.

Avoid using an app.

Keep your devices up to date. (good luck)

Use multiple devices on different networks.

Avoid javascript. (it is not a fix though)

Avoid GPS. Turn off if not needed.

Turn off WIFI and BlueTooth unless needed.

CLEAR COOKIES OFTEN.

CLEAR COOKIES OFTEN.

CLEAR COOKIES OFTEN.

TatütataOctober 6, 2019 4:24 PM

Aaargh, pressed submit too soon. The link is defective. As I was trying to fix it, I noticed another interesting (if I can use this term) patent application (abandoned) by the Rheinmetall corporation for an EMP artillery shell. It mentions as prior art another US Army patent, US5192827 from 1993.

Sachant proche le résultat
Tous les grands chefs d'État lui ont rendu visite [...]
Mais sitôt qu'ils sont tous entrés
Il les a enfermés en disant "soyez sages"
Et, quand la bombe a explosé
De tous ces personnages il n'en est plus rien resté

(Boris Vian, La java des bombes atomiques)

anaOctober 6, 2019 4:27 PM

i was lost with no hope for my wife was cheating and had always got away with it because i did not know how or always too scared to pin anything on her. with the help a friend who recommended me to collinshackworld AT g mail dot com who help hack her phone, email, chat, sms and expose her for a cheater she is. I just want to say a big thank you to collinshackworld At G mail dot com. am sure someone out there is looking for how to solve his relationship problems, you can also contact him for all sorts of hacking job..he is fast and reliable. CONTACT via text on whats app through this number + 1 409 999 3477.

AndersOctober 6, 2019 5:03 PM

@SpaceLifeForm

"Keep your devices up to date. (good luck)"

This is double-edged sword. I have one win10 test box
and the constant life that goes on there in the background,
just terrifies me. With win10 you don't own the computer any more,
that "MegaHard Doors" company owns it and "updates" it whenever
it likes. Of course with new bugs. And trying to fix them brings
more bugs.

hxxps[:]//www.maketecheasier.com/latest-windows-10-update-problems/

Clive RobinsonOctober 6, 2019 5:34 PM

@Sherman Jay, SpaceLifeForm,

I'll make myself vulnerable to ridicule by disclosing that as...

Actually you won't, because of the nature of the subject, it's as much "specialized art" as it is "sound enginneering" and complrx mathmatical modelling.

The first principle if you like is that a rising pulse edge which is "infinitely fast" contains energy at every frequency. This means you need not just a fast rising edge but it also has to go from zero to some impossable to support "Volts/meter field strength".

Put simply we don't have an electronic circuit that can generate that. You need an explosive force to act as your generator.

In the case of a nuclear bomb it "cheats" because it uses "radiation transport" that moves from X-Ray frequencies downwards through ultraviolet on through visable light, IR and into the radio spectrum downwards even below audio frequencies. At each step it leaves energy behind it, pumping out in ever expanding shells.

The point is that there is always more energy at any particular frequency than Earth's atmosphere can support and it gets trapped as the atmosphere breaks down in some way as electrons etc get stripped off of atoms etc.

The atmospheric breakdown rules are complicated (see Paschen's Law) and are based on gas types and preasure. Obviously as the electrons become detached from atoms they become "free electrons" thus the impedence of the atmosphere changes and as current flows energy gets both trapped and transported. For normal air at around 1 atmosphere a few micro-meters gap will support 375V. But a nuclear EMP pulse can be beyond voltages we can measure considerable distences away from the epicentre...

Back last Century Russia had the Foxbat aircraft, that little was known about till a pilot defected with one.

The main stream media / press ridiculed the Russians because it was made of steel including the skin, and the electronics was miniture valve/tube technology...

Then the trade press on chatting to some "old grey beards" got told a few facts of life about steel and valves when it comes to EMP survivability.

Copper and aluminium have low electrical conductivity so will shield against the voltage based "E field" however this gets turned into very high currents which has two efects. First off I think we all know about thin strips of metal "arcing and sparking" in microwaves, it's due to I^2R heating effects. Baking foil will catch fire in an EMP pulse... The second thing is that high currents have high magnetic fields copper and aluminium don't shield magnetic or H fields very well. Which means voltage fields get generated on the inside of the shielding... Fero-metals however do shield magnetic fields considerably better.

But there is a flip side to those thin strips of copper and aluminiun. As many will know thin strips of conducting metals make fairly good antennas and have various resonant frequencies. Well so do their inverse which is slots, splits or cracks in conducting surfaces. It also happens that holes in metal sheets/foils/etc also have resonant effects, although they can when square or circular act more as high pass filters.

Thus "testing" for EMP effects is a bit difficult but you can use variations on MEMS methods to predict how metal objects will behave in EMP type fields.

The advantage of valves/tubes is you can play tricks with their gas content and the wire used to make the "grid" used as the control element between the cathode and anode. You can make them such that they will support hundreds if not thousands of volts as well as going very low impedence when the voltage goes too high, because they are voltage not current devices. The net effect is they are orders of magnitude easier to protect than semiconductors, which are current devices so blow up if you even look at them in the wrong light (UV can do it quite well)...

The upshot is wrap your electronics in conductive bags that are vacuum sealed with both desicant's and oxygen absorbers inside. These you then solder inside tin plated sheet iron boxes (biscuit tins etc) seperated from the sides by anti-static "carbon loaded foam" of the sort DIL IC's used to be kept on, often called "Hundred ohm foam". The tins then get stored insulated from each other in a copper meash or aluminium "basket" which then get stacked up and insulated in the likes of 50Gallon steel oil drums. Easy peasy not...

Yes it's a lot of faff but for the inner equipment the US State Dept has issued "packaging specifications" for the likes of low power SSB LF through HF and selected parts of the VHF band receivers and specialised AA batteries for "stay behind" purposess for various agencies in foreign missions not just diplomatic. You can sometimes by these "surplus" and the packing is a sight to behold (think MRE packaging looks)...

In essence these "baggies" get put in stainless steal ammo canisters then in insulated bags that end up in stainless steel "trunk" type corrosion and immersion proof cases that get buried 3-5ft down in underground caches at special RV points (yes damp soil can make fairly good EMP screening as well as limiting accidental discovery).

Interestingly none of the members of the stay-behind teams are technicians and never were even during the coldwar (oh and the #2 / second, normally had special orders to shoot the #1 / leader as generally they would know to much about other teams).

Some of the early "spy-sets" were also designed for "stay-behind" these were valve/tube radios and interestingly the electrolytic capacitors in them were expected to degrade with time in storage, and instructions inside the manuals told you how to restor them to their correct values before "first use".

But lets be honest modern even quite expensive radio gear (5,000-10,000USD range) won't survive an indirect lightning strike that earths out outside buildings 30-50 feet from the equipment that is disconnected from not just the antennas and mains supply but other equipment such as networked computers.

When you've made that sort of investment, building specialized steel equipment racks inside a wooden bureau lined with copper and externally wrapped in chromed steel sheet both silver soldered so they form a good electrical bond with braid gasket around the lid edges to ensure continuity when closed is suddenly not so daft ;-)

Nor for that matter is getting propper lightning gear for the roof, radio mast and other "high points". There is by the way quite a high level of "art" in getting all the lightning paths very very low inductance as well as impedance, it's not something most electricians have a clue about (though your local fire station/house are likely to know who you should get in contact with).

Alyer Babtu October 6, 2019 6:13 PM

@Clive Robinson

the electronics was miniture valve/tube technology...

How miniature can they be ?

SpaceLifeFormOctober 6, 2019 6:17 PM

hxxps[:]//freedom-to-tinker.com/2019/10/06/content-moderation-for-end-to-end-encrypted-messaging/


CLEAR COOKIES OFTEN

CLEAR COOKIES OFTEN

CLEAR COKKIES OFTEN

Sherman JayOctober 6, 2019 6:19 PM

@clive,
"interestingly the electrolytic capacitors in them were expected to degrade with time in storage, and instructions inside the manuals told you how to restor them to their correct
values before "first use"."

If I remember correctly (sometimes being ancient helps) in the 1950's the electrolyte in electrolytic caps would dry out and you could use a syringe and needle to inject fluid into them to 'restore' them to full value. Some of the high quality ones even had a rubber plug for that purpose. (Always carefully discharge any high value caps of any charge before playing wiht them)

One trick I learned was putting radio and TV antennas in the attic instead of mounting them outside where they tended to act like a lightning rod. That attenuated the signal a little, but kept them from frying.

Sherman JayOctober 6, 2019 6:24 PM

@Alyer Babtu,
valves, tubes "How miniature can they be ?"

In the 1960's they developed 'acorn' tubes that were about 8mm (3/8") in diameter and 10-12mm (1/2") long with leads coming out of one end. Most had metal 'envelopes' instead of glass. They were just a little larger that the 'germanium point-contact' transistors that existed at the same time.

Clive can correct me if I mis-remembered.

Clive RobinsonOctober 6, 2019 6:32 PM

@ Alyer Babtu,

How miniature can they be ?

Well "acorn valves" which were actually smaller than real acorns were produced at the end of WWII. And 1950's research had some in very small "relay can" style tubes.

Modern techniques using nano etching and similar could make them very very small indeed. The big problem are Hydrogen and Helium, they turn up in all sorts of places as Apple phone users have found.

Sherman JayOctober 6, 2019 6:34 PM

@Anders and @SpaceLifeForm,

Regarding the phones and win10 constant dialog with outside agencies, you both make good points. I have been helping people attending computer clinics and Win10 is getting to be ever more of a problem: constantly delaying shutdown and startup to install the bug-fixes for the previous updates. And browsers are the big vulnerability in almost any system.

On a PC (win or linux) You can delete all cookies on shutdown of the browser (or when leaving a troublesome site) but you need to do more, like using a program like bleachbit to try to scour the residue. However, your ISP and many sites visited are identifying you by means more insidious than cookies.

There are some 'open source' phones that are now available. But, they are expensive, difficult to connect and I don't know how secure they are. If you use them for web browsing, they probably pick up the same tracking crap anyway.

We are all besieged. But, I sincerely applaud your efforts to fight the abuse.

Sherman JayOctober 6, 2019 6:40 PM

@clive and @Anders,

Thanks for the further info on subminiature tube/valves and the good link to that article.

I wonder if fully insulated metal envelopes/cans for subminiature tube/valves could help like a miniature faraday cage? I know that sometimes metal envelopes/cans cause a them to develop 'microphonics'.

AndersOctober 6, 2019 6:54 PM

@Sherman Jay @Clive

Russians used those rod pentodes for a reason -
they can withstand EMP and thanks to their special
design also high G forces on the planes. So through
the cold war those rod pentodes were main building
blocks.

TatütataOctober 6, 2019 7:09 PM

Acorn tubes were introduced in the 1930s, but weren't really used that much in WW2. The revolutionary Philips EF50 (in the striking red housing) was a more common sight in radar IF strips, and also in more mundane applications, such as Wireless Set No. 19, a 2-to-8 MHz tank set with an intercom facility, and a very short range 220MHz set. The VHF transceiver was a very simple affair, with an odd-looking E1148 triode (with the two tags on a regular octal base) running a regenerative set.

According to this interesting site, the tooling for the EF50 was evacuated from Holland to Britain on 10 May 1940.

The miniature valves of the 1950s (6AU6, 12AX7/ECC83, etc.) were really a further development and simplification of the EF50.

Nuvistors were really a last gasp. I personally only ever saw them once, in the input stage of a 100MHz oscilloscope.

Regarding nuclear survivability, I visited Honecker's bunker in Germany. I don't really remember noticing special measures regarding EMP, the terrifying bit was the internal suspended survival cell for the big cheese, a bunker within a bunker. Command and control was supposed to be implemented with troposcatter links (in a nearby bunker). There was no illusion to be had about the survivability of a hit any closer than a couple of km.

In West-Berlin you can visit a facility destined for civilians. An underground garage was meant to welcome citizens on a first come, first served basis. The whole thing looked as protective as a paper bag on your head.

Clive RobinsonOctober 6, 2019 8:43 PM

@ Sherman Jay,

I know that sometimes metal envelopes/cans cause a them to develop 'microphonics'.

The dreaded microphonics appear in all sorts of components, not just active ones.

So inductors that are in essence springs, will behave as such. As their turns move with respect to each other small changes in both indictance and capacitance take place. But more interestingly they also act like simple generators as well.

Capacitors being two metal plates seperated by an insulator can also have parts move thus cause cjamges im capacitance. In old style valve/tube radios you would often have three vaned variable capacitors on the same shaft. As the vanes could vibrate the capacitance would change slightly causing FM modulation of the oscilator, IF or both.

A metal can/case around any component will cause a change in capacitance when subject to vibration. The only question is by how much...

@ Anders, Tatütata,

Thanks for the links on the Russian Rod valves and little Nuvistor devices.

The joke of it is there is another device out there which is kind of a FET that replaces the cathode and grid in a high voltage valve. I've been racking my brains to remember more on them, but I'm getting to that point in life where a head cold makes concentration difficult :-(

Visitor New ZealandOctober 6, 2019 8:47 PM

@ Horton

A good example is a finance blog (which last week gained worldwide notoriety) which had to take down posts several times in the past because it was forced to do so.


would you be so kind as to identify this finance blog you refer to, and why they achieved this notoriety of which you speak

I recognise your style.have you posted here before under a different name.

1&1~=UmmOctober 6, 2019 11:32 PM

Visitor New Zealand: "I recognise your style.have you posted here before under a different name."

I think the answers you want are 'YES' because 'BANNED'.

MarkHOctober 7, 2019 2:05 AM

Re: EMP

People interested in this topic may care to read a comment I wrote here last year.

The facilities to which I refer, are intended to survive nuclear destinations at any range from a few hundred meters distance to high-altitude explosions designed to optimize distributed EMP effects.

These facilities have quite a variety of electronic gadgetry inside.

Apparently, the people involved in the design and certification of these facilities are confident that yes, Faraday cages (of suitable design) CAN provide EMP protection, and probably have substantial test data to support that.

For folks wishing to "try this at home," (a) testing the efficacy of your shielding is probably quite difficult, and (b) as others have observed, it's worth asking what good some of your gadgets would be when public networks are gone.

If you're thinking about surviving a nuclear attack, an adequate source if potable water will perhaps be a higher priority.

lurkerOctober 7, 2019 4:06 AM

@Alejandro
last time I looked it was still legal to not use, or look at FB. I believe that with javascript off the blue f can't track you, but sooner or later the jackboots will appear at the door, and we hold-outs will be taken away for re-education…

miquelOctober 7, 2019 6:45 AM

Regarding the point of Australia demanding a back door for Face Book Encryption, or not install encryption.

More likely Facebook will feel compelled create a method to acquire any user's key, or install a BackDoor and still claim not to have done so.

However, an argument for the Pro Encryption folks to consider. If a Terrorist has an alternative means to communicate with secure encryption then it matters less whether FaceBook has secure Encryption. Perhaps excepting that FaceBook makes the use of end to end encryption easier for the technically less knowledgeable.

If easy to use End to End Encryption is easily available for a non-sophisticated user, then whether FaceBook makes a Back Door available is not relevant to the government intentions. A BackDoor is relevant to say, a criminal who wants to know when some FaceBook user is on vacation.

BertOctober 7, 2019 6:52 AM

When a company like protonmail.com needs to make a blog post telling you about why you should trust them then something is up. The fact that protonvpn which is owned by protonmail.com and is fully endorsed and promoted by them is run by a data mining company who also runs nordvpn tells you something.

MiquelOctober 7, 2019 7:21 AM

EMP's. I know a fellow who has a Survivalist store/mentality, where his dialogue is largely about EMP's.

As someone here on the forum has already mentioned, one of the major issues with an EMP is that there are within the major electric power infrastructure Transformers which would be destroyed by an EMP, and would take many years to replace.

Whether your car MOBO survives is less important than Gasoline itself would be first hoarded, then without refineries, a distribution system, no gasoline. Within three months the hoarded gasoline can have problems with water in it.

The transportation which would continue to perform would be an older, pre-mobo car, that is converted to run on gas, is that propane or butane. As Natural gas will be available, we live in Texas.

TatütataOctober 7, 2019 7:49 AM

The joke of it is there is another device out there which is kind of a FET that replaces the cathode and grid in a high voltage valve.

I'm trying to picture what you're describing, which I understand to be a device involving both a vacuum, and a semiconductor. The closest I could come up with is the ignitron, which used a block of semiconducting material as a reliable trigger for a mercury rectifier. Those beasts were used from the 40s to the 70s, and played a significant in electric railways, e.g., the early French BB16500. They were superseded by silicon diodes and SCRs, the inconvenient SCRs themselves being quickly outclassed by GTOs and IGBTs.

When you go up in frequency you have a real zoo of really wonderful vacuum devices, klystrons, IOTs, gyrotrons, TWTs, etc., but nothing remotely matching your description.

About 15-25 years ago I read an article in the technology section of The Economist describing research into what I would call monolithic vacuum technology. The elements of microscopic vacuum devices would be etched into silicon using IC manufacturing techniques. IIRC, the cathodes were miniature tungsten pins that did not require additional head due to their size and scale. The grids and anodes were also etched. The writers predicted a great future for these. I tried looking up papers in the literature, but never found any, and never heard from this idea since.

FaustusOctober 7, 2019 9:58 AM

@ Bert

The fact that you are posting a content free attack on protonmail says a lot more to me than protonmail trying to explain what factors make them relatively trustworthy, while pointing out that nothing is absolutely safe. Like we should feel better about them if they just issued a blanket "trust us" without explanation?

GasmanOctober 7, 2019 1:38 PM

@Bert: Could not agree more with you re PM. Let's just relax, sit back, and watch how the drama unfolds.

HortonOctober 7, 2019 1:43 PM

@Visitor New Zealand: insideparadeplatz.ch. Story re Thiam, Credit Suisse, Detectives. For the rest, Google is your friend.

HortonOctober 7, 2019 1:56 PM

"Oh "archive.is" has a major problem that is fairly well known, many ISP's block it with a "Think of the children" type warning."

"Honest communication is built on truth and integrity and upon respect of the one for the other." Benjamin E. Mays

TatütataOctober 7, 2019 3:03 PM

John Seabrook: Can a Machine Learn to Write for The New Yorker?, The New Yorker, 14 October 2019 edition

This essay discusses the advances in AI-based writing systems and their implications.

GPT-2 was like a three-year-old prodigiously gifted with the illusion, at least, of college-level writing ability. But even a child prodigy could have a goal in writing; the machine’s only goal is to predict the next word. It can’t sustain a thought, because it can’t think causally. Deep learning works brilliantly at capturing all the edgy patterns in our syntactic gymnastics, but because it lacks a pre-coded base of procedural knowledge it can’t use its language skills to reason or to conceptualize. An intelligent machine needs both kinds of thinking.

Plagiarism detection is mentioned as the background of some of the researchers in that field, but the author does not appear to envision the security-relevant probable consequence of the availability of AI-based writing. Essay mills or students will be able to transform existing material into text that will superficially look to be in the style of the alleged author, and which could be sufficiently paraphrased to escape plagiarism detection algorithms.

Elsewhere, at New York Magazine there is an excerpt of Cambridge Analytica whistleblower Christopher Wylie book's "MINDF*CK: Cambridge Analytica and the Plot to Break America".

SpaceLifeFormOctober 7, 2019 3:08 PM

@Sherman Jay

The cookie 'stuff' is very interesting.

@miquel sees it in his last point.

On my various road trips, I have visited some interesting businesses.

Except. Incorrect.

In recent months.

This has to be AI 'at work'. Cough.


SpaceLifeFormOctober 7, 2019 3:15 PM

@SPAM

Yes it was obvious, but no one bit AFAICS.

I believe everyone here spots obvious trolls while asleep.

C U AnonOctober 7, 2019 3:37 PM

Horton: "Honest communication is built on truth and integrity and upon respect of the one for the other." Benjamin E. Mays"

For communications to happen honestly or not, you have to be able to atleast see what is being said.

If a third party blocks the entire site with a "Think of the children" style warning, that is not communication but denunciation by kangaroo court.

From what was taught some years ago it was pointed out that the biggest obstacle to "The age of reason" was the Holy Roman Empire preventing "Knowledge being communicated" on threat of death or worse... Now I was not there, I suspect none of us were. But if true, we could well be two or three centuries behind in science and technology because of such censorship.

I'm of the view that knowledge is neither good or bad, it's simply knowledge that could be used for many things. Seeing knowledge as good or bad says more about the censors than perhaps many realise.

We have entered an age of censorship by those who believe not only are they better than others but that their views should be the only one that people should hear. Worse that people should in no way question the censors view point. Even when at the end of the day the censors are revealed as being effectively mindless and 'following orders' given by those who usually turn out at best to be criminals, at worst those who should never be alowed to have authority over others that they will enforce by violence or worse.

SpaceLifeFormOctober 7, 2019 5:56 PM

@Sherman Jay

The cookie 'stuff' is very interesting.

So, my location has changed yet again.

This is interesting, to say the least.

I got a popup that showed a 'business' that I should not have seen. It instantly vanished.

But, it was website that is used by a friend.

And he uses win10.

But, I guess I was stupid, and showed up wth insecure devices to fx his win10 box.

David October 7, 2019 9:58 PM

Gasman

@Bert: Could not agree more with you re PM. Let's just relax, sit back, and watch how the drama unfolds.


I suspect we know you by one or more other names.

What drama? Your life must be very boring. So according to you, gmail, yahoo and the rest are all entirely drama free. what free email provider do you rely on?

When did gmail, microsoft, yahoo, or apple make a blog post outling how they are not secure, how they are secure, who their investors are, where trust lies, how they are transparent, how their infrastructure is set up, how the law does and doesn't apply, and so on?

as for the 'data mining VPN' claims. Substantiate please? And, Protonmail encrypting message content will, um, make data mining a bit tricky

Globex OutreachOctober 8, 2019 4:13 AM

The population size of the Hawaiian bobtail squid is currently unknown as are threats to this species. Although human impact on the ocean is growing, so is the knowledge that we depend on healthy seas.

Bob PaddockOctober 8, 2019 8:52 AM

@Clive Robinson

"...separated from the sides by anti-static 'carbon loaded foam' of the sort DIL IC's used to be kept on, often called 'Hundred ohm foam'".

A lot of that black 'carbon' anti-staic foam is acidic. ICs left in it will have their leads dissolved when go to remove the IC from the foam after many years. This is why many places have moved to the pink anti-static material.

I'd be concerned about this acidic process compromising the metal it is in contact with.

SpaceLifeFormOctober 8, 2019 1:42 PM

The cookie 'stuff' is very interesting.

So, using different devices on different networks, after clearing cookies, cache, and bookmarks, the behaviour is different when it comes to typing in 'schn' into google.

I suspect hidden leaking of MAC addresses.

I suspect AI tracking of metadata to correlate contacts. SS7.

In conclusion, probably all devices leak MAC. So, if the ISPs are providing the MAC to (cough) Large Content Providers (cough), and the devices can leak the MAC, and since the ISP knows the MAC, the LCP very likely knows your location even if you are not using GPS.

Why does this matter?

Because an NSL can be tossed on the LCP, but no one will know.

SpaceLifeFormOctober 8, 2019 2:11 PM

One more point I forgot to mention with regard to MAC address leaks.

With correlation, you will not be safe with VPN or TOR.

My recommendation: do not do illegal stuff over the internet.

Just saying.


tdsOctober 8, 2019 2:18 PM

@emptywheel tweeted:

"Why is NSA releasing this advisory and not DHS/CERT?

NSA Cybersecurity Advisory: Malicious Cyber Actors Leveraging VPN Vulnerabilities for Attack; Check VPN Products for Upgrade"

https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1982939/nsa-cybersecurity-advisory-malicious-cyber-actors-leveraging-vpn-vulnerabilitie/ (USG)

"The National Security Agency is alerting that multiple Advanced Persistent Threat (APT) actors are currently exploiting various VPN vulnerabilities to gain access to unprotected networks... Known vulnerabilities include Pulse SecureTM, Palo Alto GlobalProtectTM, and Fortinet FortigateTM VPN products. If you suspect you may have been compromised:"

SpaceLifeFormOctober 8, 2019 4:52 PM

@tds

It could be misdirection. Or a wakeup call by some in NSA.

Not misdirection by @emptywheel. She pays attention.

RSA is dead.

Some inside NSA care, but bad actors inside.

Cosmic CreepersOctober 8, 2019 11:26 PM

Collapse OS Is An Open-Source Operating System For the Post-Apocalypse
https://www.vice.com/en_us/article/ywaqbg/collapse-os-is-an-open-source-operating-system-for-the-post-apocalypse

The operating system is designed to work with ubiquitous, easy-to-scavenge components in a future where consumer electronics are a thing of the past.

...

“Computers, after a couple of decades, will break down beyond repair and we won't be able to program microcontrollers any more,” the Collapse OS website explains. “To avoid this fate, we need to have a system that can be designed from scavenged parts and program microcontrollers.”

JG4October 9, 2019 7:19 AM

My political affiliation has changed from milquetoast libertarian to compassionate nihilist.

https://www.nakedcapitalism.com/2019/10/links-10-9-19.html
...

Big Brother is Watching You Watch

Beware the digital Stasi in your pocket Financial Times (David L). Gee, ya think?

FBI’s Use of Surveillance Database Violated Americans’ Privacy Rights: Court The Hill

Remember the FBI’s promise it wasn’t abusing the NSA’s data on US citizens? Well, guess what… The Register (Dr. Kevin)

Twitter Took Phone Numbers for Security and Used Them for Advertising Vice

Tetris challenge: emergency services worldwide go flat-out in viral meme Guardian.
...

Sherman JayOctober 9, 2019 3:12 PM

@EvilKiru • October 8, 2019 6:21 PM
and
@SpaceLifeForm: MAC Addresses were never meant to be secret.
- - - - -
There are some distributions of linux (and some instructions on-line) that will help you alter the MAC address of your computer

And, though I, myself, haven't the forensic skill to find the details, I am pretty sure that there are ways being used beyond MAC address, cookies and tagged images, such as our ISP records that are being used to track us.

Please use startpage or (now questioned) duckduckgo to search, not the spymaster g00gle.

Good luck to all of us in the battle for privacy!

RachelOctober 9, 2019 3:32 PM

Sherman Jay & SpaceLifeForm

a simple couple of tools that help 'a little', in combination, with corporate malfeasance online

u block origin & bleach bit used in between sessions. so after logging into your spyware mail/ social media, for example, or media site, close the browser and anything u block origin hasn't already handled running bleach bit will remove. Select additional entries for scanning in bleach bit menu

Sherman JayOctober 9, 2019 3:39 PM

@Cosmic Creepers • October 8, 2019 11:26 PM
Collapse OS Is An Open-Source Operating System For the Post-Apocalypse
“Computers, after a couple of decades, will break down beyond repair and we won't be able to program microcontrollers any more,” the Collapse OS website explains. “To avoid this fate, we need to have a system that can be designed from scavenged parts and program microcontrollers.”
- - - -
Good ideas.
The Z80 is certainly plentiful, but how many people will be able to piece together a fully functioning computer in 20 years? And, will the Collapse OS have all the software that you need?

They should stipulate optical media for storage of the O/S for archival longevity, not solid state or spinning disc HDDs which won't last.

My experience includes having a 1997 Dell PIII running Win2000 and Connocheat Linux in a dual boot that still runs beautifully. I might shield it from EMPs with a double faraday chage JIC. But, that's 22 years and nothing's failed on it (other than replacing the RTC lithium disc batt every 5 or so years)

Of course, in 20 years, who knows what the world will be like? Upload my brain into a Tandy TRS80? LOL!

Sherman JayOctober 9, 2019 3:47 PM

@Rachel
a simple couple of tools that help 'a little', in combination, with corporate malfeasance online
- - - -
You're very helpful as usual. Thanks for filling in the gaps in the security toolbox for us everyday users. I have been using bleachbit on Linux and Windows for a few years now. I'll need to look into Ublock origin.

And, as I've mentioned, it couldn't hurt to remaster linux with the tools and links you need on a CD or DVD and run from that. When you shut it down, there's no contamination (locally, at least, you may be leaving breadcrumbs on the web)

Clive RobinsonOctober 9, 2019 8:38 PM

@ Cosmic Creepers, Sherman Jay,

This quote from the Collapse OS website explains a distinct lack of current knowledge,

    “Computers, after a couple of decades, will break down beyond repair and we won't be able to program microcontrollers any more,”.

Whilst it might and I say only might be true of the technology (I still run an Apple ][ from the late 1970's and cordless phones I designed in the 1990's are still functioning well, as are some "Well Head" intrinsically safe RTU's from the 1980's and other Industrial Control Systems, Oh and some Mil kit I designed is still not only in service it's still advertised as being sold as new).

It does not reflect on the "wet-ware" or MeatSpace dwellers known as "Jo(e) Public".

As a few of you on the US East coast might have noticed there was a bit of unpleasent weather a few weeks back that worked it's way up through Grand Bahamas... Anyone actually heard the news about what has happened about crime and such like there? Some are actually stating that those on average well paid US Citizens salary and above might not go back as "The Dream has been Killed" by the looting etc etc.

As some of you may know I don't do U-tube or such like on any of my computers etc. However my son does and we both share a morbid fascination for "SHTF Preppers" they are realy "road kill reality TV" and for anthropologists they would make a fascinating sub-group study.

Now unpleasent weather can have other effects, a strong wind a rotting tree and powerlines is not a good combination, made worse by profit driven lack of "preventative maintainance" and "capacity planning" adding cascade fail into the mix. The result was a power outage over a hundred Sq mile area or so giving rise to the loss of power to many homes, shops, businesses etc.

One such home had a "good old prepper and a stepfamily" in a multiple occupancy building. He had his hundred days of rice, beans, MRE's[1], caned spam etc and ten gallons of water per person in bottles and more for washing and other sanitary functions. However... He had a problem or three...

Firstly his prepardness for cooking was shall we say "recommended" by other "preppers" and as he found --and anyone who can read what it says on the tin-- Steno food heaters are only "to keep food warm --sort of-- not for heating up pre-cooked food out of tins or plastic / desicated camping food, or to get water up to a rolling boil for long enough to make beans safe to eat[2] or actually cook anything edible let alone appetising in the slightest.

Which secondly the family apparently refused to touch Dad's "prepper food" --unsuprisingly-- and the man found himself driving twenty to thirty miles to get "cheese burgers" etc from fast food joints outside of the effected area. Which as every one else was doing the same thing, was causing not only hour long ques at the MuckyThrowUps it also caused gas shortages etc...

Thirdly, both my son and I were having what you might politely call "an unreality moment" (ie WTF) when the prepper said he was going to get rid of the Steno and use a camping --propane-- gas cooker in his basment and use the extractor pipe for his washing machine as a chimney...

Apparently the prepers saving grace in the whole four day event was some "Home Depot Solar panels" and battery, that not only gave them a couple of LED lights for night time, it also kept the mobile phones and tablets charged up... Yup for most of that family priority #1 was smart devices...

Remember folks preppers are the ones allegedly preparing for EMP / nuclear war, Bio/Chemical warfare, 1000year Solar Storms and other major globe stopping events that lead to a total break down in society hence "SHTF" (which I'm told does not mean "Society Has Tanked Fast ;-)

The point most miss is, that as climate change events are on the increase hurricanes and other unpleasent weather are becoming more frequent and the free market demand more profit, thus cost cutting means more cascade fails...

Further the general population under 30 appears not to have an iota of knowledge about basic camping let alone more indepth skills, unless their parents pushed them into it when small. So even those who think they are getting preppared are not doing things even remotely correctly (see how many don't mention having 100Kg of salt, 100ltr of vinigar, 50Kg chilly powder/flakes and large quantities of unperfumed Sodium hypochlorite, and Sodium Hydroxide).

In short if the average First World prepper can't hack the little bumps in the road of life as ~75% of the worlds population can almost every day. What are their chances if "the big one comes down the pipe"?

Unfortunately like much of the population if there is no external help they will be dead in a very short period of time (50-300hours). Depending on the time of year two months for a few, and the chance of making it to two years slim to none for upto 90%. Depression, violence, dehydration, starvation, disease, injury, malnutrition are the order of things most likely to kill people[3]. With hypothermia and heat stroke being seasonal killers to spice it up a bit.

So saying,

    after a couple of decades

Is just of no relavance --contact with relaity-- in human terms if things go that badly wrong such as a direct hit from an asteroid or solar storm taking out the entire worlds manufacturing capability.

Depending on how bad it happens we might still have about 10% of the population after a couple of years and no actuall need for technology much beyond that of the mid to late Victorian era to have society function...

But the thing is you can make vacuum pumps with hand tools and likewise the tools to blow glass. Thus we will with a little practice be able to make valves/tubes so mid to late 1930's type electronics will be easily possible. As with the early 1960's transistors will become available. As we know what needs to be done, it's an enginering not inventing process that will take about a third the time. The same applies to chemistry provided we can get the feed stock. Medicine on the other hand will take a very short time for some drugs but may not happen at all for other drugs (what we now know about phages etc it will probably be easier to develope them than many modern antibiotics).

Engineering will be an odd one at the foundation of just about everything else. Many mechanical enginering tools these days are computers on basic precission mechanics driven by motors. Quite a few will work quite well without the computers, you quite literaly unplug them. Further half horse power and up AC motors, if not actually in direct use when a solar storm or EMP pulse hits, will not be realy that effected. The same with many hand start generators. The thing about such generators is they are relatively easy to run on "town gas" --mix of hydrogen and carbon monoxide-- which is not that hard to make. As for making "gas storage" you can use a cows stomach and boiled up hoofs and sinues to make gas containers that will hold hydrogen fairly easily (look up the gas cell manufacture for Zepplins). The carbon monoxide can easily be kept "under water" and there are still a few gasometers around to show how to make more of them.

Thus the chances are we would after the initial drop in population, probably be back to an early to mid twentieth century existance within a half decade or so. How fast we would then catch up with todays technology might be as little as a decade. There are still quite a few people around who when younger were taught as part of their engineering education to be "tool makers" and it's the ability to make tools to make better tools that will get us back.

As for software, who actually cares or will care?

Seriously have a look at a late 1970's US life style, computers realy were not playing that big a roll in society and it's functioning. Even then the main usage outside of engineering and science was due to the increasing size of population, which changed from ~200 to ~225 million in the seventies. With the envisaged worse case population down to around 35million or 1/7th of the 1970 population computers can be seen as nice but unnecessary. However the chances are there will be more than enough of them around in good working order to more than equal the computing needs of the 1980's.

If we do have to "go back" to earlier valve/tube type computers, they will mostly be programed in the likes of assembler. As far as high level languages go Algol 68 is the follow on from Algo 60 and the language behind C which is still the language behind many others. Back when I was much younger I wrote in assembler a very basic interpreter and compiler as did several others. In a magazine of the early 1980's the rudiments of building your own C compiler were given along with an explanation of the iterative process. There was a "Small C" book that gave it in greater depth again with source code. Thus we could get back to where we are now as far as programing languages go fairly easily. After all books care more about fire and bad weather than they do about EMP/Solar storms so they will probably be around.

But something tells me we just won't bother with most computer languages due to their gross inefficiencies. The fact that "Microsoft Foundation Class" might be expunged from the world, for some reason makes me feel somewhat "up beat" about the "SHTF" ;-)

[1] MRE's are US Mil issue rations officially called "Meals Ready to Eat" --unoficially Meals rejected by Ethiopians--. Like the much earlier K-Rations they are "stop gap" high energy meals. If you are lucky the worst you will suffer without "Fresh" is constipation, but using MREs as the only food for two weeks or more will start you on a downward malnutrition path. Which is why the "Aid Relief" HDR' or Humanitarian Daily Ration packs which are suitable for even vegans and based on rice, beans, potatoes and other micro nutrient rich vegtables are a better bet. But even they are not ment for longterm food supplies. Thus the biggest risk to society is not carrying certain live plants and insects across a one to two year time period.

[2] Something we should all know that "Granny would have taught you" upto around the 1970's, is thst quite a few foods we eat are quite poisonous unless you prepare them propperly. Many pulses like Red Kidney Beans have to not only be soaked for 24hours, they need to be vigourously boiled for ten minutes before being put on a lower heat to cook through properly. The green parts of most "root vegtables" and quite a number of other food plants are poisonous including tomatos, potatoes, rhubarb and most seeds in fruits like apples, pears, cherries etc. Oh and watch out for "Death by Casava" it contains a nice couple of "kill me nasty" poisons. However it also works the other way the poisons in some other plants such as tea can act as anti-biotics as can some green veined cheeses like Roquefort. You might not like the idea of slapping smelly cheese onto a fresh wound but as French sheep farmers knew a century or more ago it can easily save your life.

[3] Having in my younger days witnessed the dibilitating effects of what used to be called "disaster shock" first hand and the first cognitive imparment of dehydration sickness, even though you were told it was one of those things you thought was some kind of old wives tale. But when you see it, that very debilitating effect of what is a form of depression realy hits home very very hard. The initial cure is relatively simple in most cases which is to stabilise any physiological symptoms, then effectively force people to do things for themselves and others, what used to be called "make yourself usefull". What you can not stop or treat in an ongoing disaster is the onset of survivor guilt and PTSD that takes time and specialist care, and major life changes are to be expected.

RachelOctober 9, 2019 8:54 PM

Sherman Jay

glad you feel supported. No Script isn't necessary when using U Block Origin, it's either one or the other, and the latter doesn't break sites, although the former allows one to see exactly whats going on. I never had the patience to understand the granular function and ended up switching it either on or off which defeated the purpose somewhat.

U Block Origin blocks about 200 entities on
Air B and B without breaking the site. Thats the most I've ever seen on one site.

Clive Robinson and Nick P point out individual browser tabs are poorly sandboxed so multiple tabs is in effect one giant tab. I find it better to open and close the browser for anything requiring a log in.

While certain cellular lifeforms make noises about Protonmail, it remains a solid structure against a section of a threat model other mail providers can never attend to. That is, at the least, corporate malfeasace and drag net fishing.

A good tip courtesy of Clive Robinson is to use a unique email address for each part of your life, this can be stepped up to one unique address when having major (ongoing) dealings with one single entity.
And most definitely one unique email for anything requiring a log in.
This goes a long way and it is easier and more efficient than it sounds. Proton mail allows this to be achieved in about 60 seconds.

Have you thought about teaching Open BSD to your group?

Sherman JayOctober 10, 2019 4:24 PM

@Rachel and @clive,
Again, thanks for all the helpful tips and info.

Regarding BSD, I know it has many good intrinsic security and safety features. I intend to delve into it 'in my spare time' -LOL. However, most of the people I work with are quite limited in their computer knowledge, many are still at the stage where they need to be reminded to use 'shutdown' instead of just powering the computer off (and risk borking the O/S).

For a few years now, I've used separate E-mail addresses for special situations. I label them TA1@whatever.com, TA2@whatever.com, etc. The TA stands for 'throw-away' so if they attract too much 'detritus' I can just delete them.

Sed Contra October 10, 2019 7:48 PM

After sending an email (from mobile device) on a "sensitive" topic currently in the news, with some French text with a c-cedilla in it, my (one would have thought totally unrelated work machine Windows 10 laptop) started exhibiting a keyboard fault where it would type the c-cedilla at random times. The keyboard was also doing other stuff - e.g. single quote would not show without hitting another key.

After informing my email correspondent of this, the weird behavior stopped.

Poisson arrivals ? You be the judge...

EvilKiruOctober 11, 2019 11:26 AM

@Sed Contra: Maybe your Windows computer has multiple keyboard layouts enabled and you accidentally switched between them when you held the left Alt and Shift keys down together, switching to a layout where the ' character becomes a key modifier, such that pressing, for example, ' and e in sequence generates an e with the ' mark above it and requires pressing the ' key twice to generate the ' character. Then after communicating with your correspondent, you managed to hold down left Ctrl and Shift together at the same time again, switching back to your normal keyboard layout.

Sed Contra October 11, 2019 2:18 PM

@ EvilKiru

That sounds entirely possible. While fumbling with the mobile, I may have fat-elbowed or -forarmed the other machine’s keyboard just the right way.

Clive RobinsonOctober 11, 2019 5:32 PM

@ All with EMP / CME interest.

If you have an interest in protecting your electromechanics and electronics from "Electromagnetic Pulse" (EMP) from nukes, "Coronal Mass Ejectors" (CME) for "space weather" and "Lightning" from atmospheric weather, you might find the following U-Tube posters vids of interest,

https://m.youtube.com/user/disasterprepper/videos

You can thank my son for the link.

I've only watched one or two of them and I'm a bit more pesermistic on the levels and types of screening and filtering needed. He thinks 50dB of antenuation is sufficient, and yes for some things it is. But I'm looking at communications equipment like "emergancy" and "broadcast" recievers in plastic cases which also includes a lot of things like cheap two way radios for the likes of FRS/PMR and ISM band usage. This type of kit is realy several orders of magnitude more susceptable to E1/E2 conducted and radiated E fields, thus need 70 or 90dB antenuation or better.

Another issue you will hear mentioned is the use of ferrites for conducted "common mode" fields. This takes you into "Radio Frequency Interferance" (RFI) prevention and "Electromagnetic Compatability" (EMC) techniques. But be warned when it comes to EMP / CME and even lightning they can be not that usefull after a quite short period of time.

In essence what they do is slow the pulse rise time untill the core saturates and it stops working and just lets the current pass through. Air core inductors don't suffer from this problem. If you are going to use "filter" components to slow rise times remember they have to be critically or under damped otherwise they will ring, which acts like a voltage multiplier which you realy don't want. After any filter you should have real series resistance in the line and after that high voltage fast break down devices like Transorbs and avalanch gas discharge devices. But now having slowed down the pulse by storing energy from it in the filter, and clamping the voltage you need to have real old fashioned circuit breakers preferably with "gap quenchers" to cut your device off of the mains circuit and stop the protection circuitry over heating from I^2R heating effects as they try to dispate the energy. Oh and those earthing leads, they do not want any kinks, bends or turns in them to keep the onductive reactance as low as possible so the increased energy can be quickly shunted to ground.

Oh watch out for "disimilar metal" issues. In school you probably learnt that two disimilar metals diped in acid would make a power cell. You might also have been told about bimetalic strips that bend different amounts depending on what temprature they are at. You don't want either of these effects in your faraday shield as they have a very dramatic detrimental effects on the level of antenuation you get.

Whilst aluminium is a low cost sheet metal and fairly easy to work even with hand tools it is a quite reactive metal, hence it has an insulating layer at it's surface which is normally it's oxide, which just happens to be a very good insulator. On my bench I have strips of aluminium rod with an enhanced oxide layer, and they don't conduct electricity even when you drop them across bare mains wiring...

Why is this a problem, well if you have an RF Gasket material many are effectively copper braid on a spongy inner or small copper fingers. Copper and aluminium do not make happy bed fellows. Even standard room humidity will cause the oxide layer to increase rapidly. Thus unless you take certain pasivation steps, what was a good RF seal when you made a box, --even a year down the road-- with copper the insulation can have built up way beyond the point where you effectively have no seal/gasket at all electricaly...

There are atleast another hundred or so little wrigles you need to know and thus the "10,000 Hour Rule" applies as it does with most other skills you want to become proficient at.

name.withheld.for.obvious.reasonsOctober 14, 2019 5:14 PM

In a future far, far, far away...the Scientists of the Federation called after good times for the spatial plasmas of the force to be quashed.

Bruce, do you still have a communicator...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.