Friday Squid Blogging: Stuffed Squid with Vegetables and Pancetta

A Croatian recipe.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on January 10, 2020 at 4:09 PM • 94 Comments

Comments

AndersJanuary 10, 2020 4:24 PM

In 3 days win7 support will end and people
will be forced to upgrade to win10

So win10 is secure, right?

github.com/bluefrostsecurity/CVE-2019-1215/

Mandatory reading

tonsky.me/blog/disenchantment/

JonKnowsNothingJanuary 10, 2020 6:38 PM

re: Win7 and earlier

I didn't even know there was an option for support anymore...

I have seen rumors that M$ will try to bypass blocks people have setup to stop upgrades* but no real details about how M$ is planning on doing that.

* from the previous disastrous attempts to force upgrades on non-compatible HW

That as may be but M$ is going to blow up the trillion $$ MMORPG game market because those folks still support Vista and 32bit. Most never even supported Win7. And for those companies that do offer 64 bit, most clients will blow up at the first raid boss fight with a total crash to the desktop and free raid wipe.

No Tank No Boss No Win No Loot.

AndersJanuary 10, 2020 6:57 PM

@JonKnowsNothing

There will be full screen notification...

www.theverge.com/2019/12/10/21004720/microsoft-windows-7-end-of-support-fullscreen-notifications-prompts

Not AndersJanuary 10, 2020 7:18 PM

win7 support will end. So what? There won't be any forced upgrade here, I can promise that.

If we have win7 systems for specific purposes, not directly on a LAN, why bother?

We have zero interest in using Win10, so Win7 will stay, on a network segment alone, used only for 3 specific reasons (not general purpose). All our other systems run either Linux or BSD.

name.withheld.for.obvious.reasonsJanuary 10, 2020 10:03 PM

Self referentially, I noticed a change to the archive document body that is interesting. Appears to be a tokenized inline preferences scrapping from the client. It appears as the first block of js code within the document, is there a reason to be concerned or is this possibly a MITM from my ISP? I don't believe it to be from my ISP since the in-domain sourced reference is /scripts/jquery.socialshareprivacy.2.js and is not part of some cross-scripting issue.

One quick guess is a EU-DPR type set of tools. Just seems "new". It is probably nothing, but hey, discover is a process.

CODE OF INTEREST (partial, just to hint at what is making me think about this):

[ C D A T A [


$.fn.socialSharePrivacy.settings.order = ...
$.fn.socialSharePrivacy.settings.path_prefix = "\/"\;

Trying to make a regular expression that is not transformed by the posting process...not going to fight it today. Maybe someone will look at this and give me a clue.

Thanks

name.withheld.for.obvious.reasonsJanuary 10, 2020 10:18 PM

I must say that it is disappointing to see so little come from the industry complaining about this Windows 7 baloney. Windows 10 is nothing more than spyware and for home users it is nothing more than the government sanctioned OS.

Look at Microsoft's announcement this week that it will be providing law enforcement with information about child pornography sources. Microsoft claims that AI is part or their solution, what they are not disclosing is the sourcing methods. The spyware that is Windows 10 will make sure that self reporting is done in a judicious and trustworthy fashion--just like Microsoft's development process.

I will repeat what I have asserted in the past, Cortana is the lever within the OS that is being used to subvert your privacy. It is the Text Processing API that all OS function calls are intercepted prior to any transport or at rest transforms are performed. That includes IO such as voice, translation, and textual sources--hash is only for breakfast, not for encoding algorithms anymore.

Trustworthy, a term that has little meaning in the context of the "new normal" these days. Our cultural has been infected with a type of Neo-narissistic-fascist-fuedualism with long term prospects pointing downward towards Lucifer/Vader and not skyward towards Peter/Obi-Won.

AlJanuary 11, 2020 12:04 AM

The way I look at Win 7 support, the updates will come next week, along with Win 8 and Win 10 updates. And at that point, Win 7 is supported.

It's only when the next updates occur, either in Feb, or some out of cycle update occurs that I deem Win 7 out of support. And there are paid options for some to extend Win 7 support, so we should hear when there was an update for Win 7 for some, but not all. And then, if the update isn't installed, Win 7 is out of support.

But with updates being installed next Tuesday, I treat Win 7 as probably going to be out of support the 2nd Tuesday in February.

I'll have to see what I can do with a decrepit notebook then.

mostly harmfulJanuary 11, 2020 12:58 AM

@ name.withheld.for.obvious.reasons RE your "code of interest":

	// <![CDATA[
	// define the default order of the buttons:
	$.fn.socialSharePrivacy.settings.order = ['facebook', 'twitter', 'gplus'];
	$.fn.socialSharePrivacy.settings.path_prefix = '/';
	// ]]>

The above is cut/pasted from my locally archived copy of Bruce's November 2017 post on New Research in Invisible Inks, which I happened to have lying around, which I downloaded back in November 2017. So if it looks identical to what you see currently in the page source of this present article, I suspect it isn't an especially new addition.

Trying to make a regular expression that is not transformed by the posting process […]

To get the code displayed "as-is" in my comment here, I wrapped it in <pre> tags, and replaced all the '<' and '>' characters with (respectively) "&lt;" and "&gt;". Had it contained any '&' characters intended for literal display (that is, that I didn't want to be interpreted as part of HTML character entity references), I would have replaced those with "&amp;" as well.

I am not a jquery wizard, so here ends my contribution to the process of discovery, to borrow your phrase. (But it looks to me like the two statements are supposed to be site-specific environment settings for the jquery functions defined when your javascript-capable browser includes that socialshareprivacy file you noticed: "display social media icons in this order, and resolve relative paths in the most boring way possible".)

Hope you are enjoying your weekend.

It's a crap!January 11, 2020 1:46 AM

I'd have zero confidence in the final round of updates @ 7 being just clean security necessities. Win10 is never going to be secure and advertising (buying 'compliant' h/w for that?) under that rationale is amusing. Most 10 users are still just going to be direct-plugged into their ISP-supplied old-sauce default-pw router anyway.

Major browsers stop updating clients for 7 platforms in ~18 months so unless there's some nasty sideways metavuln that leverages a huge wormy botnet / black eye for MS between now and then, (in which case they may even OOB a patch though not officially supported) a well-crippled 7 used judiciously is as or more secure than a fully topped-off 10 with all install-default bells and telemetry whistles pealing away. Eventually 7 may become more trouble than it's worth but right now I'd wager more people feel that way about 10.

ChrisJanuary 11, 2020 1:48 AM

You should all start to migrate to another operating system
Not sure if MacOS is better regarding to spying because its an american corporation behind it but at least it feels more stable.

Then we have Linux, i started methodologically to transision away from Windows in the late 2012 (However i used Linux from around 1999 - 2006) and before that OS/2 :-) mmmmmemories, anywhow i dont see any reason to use Windows.

Just do it, start today, do it step by step but it has to start, make a plan
and kick your selfe in the ass and do it! Its lot of fun too, much more so than Windows

The way i started was
- Installed Virtualbox in my then Windows Machine looked at distrolist
to see which linux scored highest, downloaded the ISO files for different distros. Installed them one by one, run them to see what they were about.
Watched a bunch of Youtube videos on the subject, eventually i ended up with Mint Cinnamon

- Then i did the oposite, in Mint i installed Virtualbox
and in that virtualbox i installed windows so i could have access to
the applications, i thought i needed from windows (Mostly a big missunderstanding, since linux has almost allways an alternative application or an alternative way of doing a task that is better than the one you know about)

- Then there are other things to consider, such as Citrix, most corporations use Citrix to access the company applications, so if so, the transission is easier, just a Citrix receiver in Linux and thats taken care of.

- You can also leave like one Windows machine and RDP into it to run what ever task you need to do in Windows

Good Luck and get rid of Windows now for christ sake its a nightmare

JonKnowsNothingJanuary 11, 2020 3:37 AM

One of the many hubris self-deceits of Tier 1 folks who know computers programming and make more money than those Tier 2 folks that work at ToTheWallMart McDeathBurgers and other not-so-high paying jobs which even being on the low end of economies, make way more than the Tier 3 in the mandated no-pay slavery market: zero-hours contracts, gig economy and community service, is this:

  • There are a craptonnage of old systems.
  • There is not enough hard currency for 2 of the above categories to buy new systems, hardware etc
  • "Just Install X Y Z or Use A B C" misses that A B C and X Y Z either have their own compromised parts or are not friendly to the folks in 2 of the above categories.

Just makes me cringe to see the elitist concept of: Spend What You Don't Have ( to fix What Works even if it works badly)

It really doesn't matter anymore if the old systems are pawned - there's nothing to take. It's been taken already.

The very advocates of this Spend What You Don't Have solution though ARE the targets of choice. Y'all have the knowledge, the know-how, and ability. So watch what you advocate because the low levels are not the target here.

Every time we churn the system, we open up new pathways for advanced pawnage.

When old systems die, people drop off the internet, when you drop off the internet you no longer count for pretty much anything. Dropping 20,000 or 200,000 or 2,000,000 old systems into the landfill is not about upgrading security. It's about dropping 20,000 or 200,000 or 2,000,000 from voter rolls, social services, healthcare, even grocery delivery by amazon drone. It allows Govts that mandate Internet Only Applications to claim reduction in demand for services, improved non-existent jobs and fewer claims for unemployment support.

Austerity by another name is called End of Life Cycle.


the profitability and competitiveness of American corporations aren’t the same as the wellbeing and competitiveness of Americans. American corporations have no particular obligation to the United States. They’re obligated to their shareholders.

ht tps://www.theguardian.com/commentisfree/2020/jan/11/us-china-trump-agreement-tesla-investment
(url fractured to prevent autorun)

Gunter KönigsmannJanuary 11, 2020 5:19 AM

@mostly harmful: The socialshareprivacy buttons might be the ones that were written by heise.de as a try to provide share buttons that track you only if you use them so websites could disable trackers by default if they want to without loosing functionality.

Clive RobinsonJanuary 11, 2020 6:30 AM

@ Al,

I'll have to see what I can do with a decrepit notebook then.

They can be very usefull, it all depends on what you want to do with them.

I've got a very old IBM Laptop that runs XP and MS Office 95, PuTTY, TeraTerm and Mirror, it connects to a network and can put out "PostScript" which my printer likes. It has some odd drivers that make it happy to talk to an NFS NAS box used to both local file store and user data backup (I backup the Laptop HD less regularly via another method.

It also Dual boots into a Linux OS that I have some development tools on, but again this works happily with both the printer and NAS box and as a real "serial" terminal[1], which is good as it does not have USB.

So it does what I want of it, which as it does not involve Web Browsing, Playing Games, or using WiFi/Bluetooth/whatever or pluging in USB devices it's OK, and the sound is not to bad and it does play DVD's.

Whilst I have had to change the battery twice the rest of it has hung in there for more than a couple of decades. When it dies as all things eventually do I shall miss it a bit, but not that much.

The big problem with later laptops of which I've a few kicking around is the inbuilt peripherals I don't use like WiFi and WebCams etc. As I don't use them I don't miss them nor do I have to find crazy drivers for them. The real problem for me is graphics drivers. The *nix OSs tend not to support some of them, but they do still work at reduced capability.

Thus depending on your needs you can get a supprisingly long life out of older hardware.

As I've mentioned befor I still have an MSDOS/Win3.11 machine that works and has a C compiler that kind of talks K&R that I use to still support some software I developed more years ago than I care to remember ;-)

[1] Yes I'm an aging Command Line user with a "beard with badger in it" so my main use for a Windowing system is to have multiple terminals open...

Bob PaddockJanuary 11, 2020 8:35 AM

Sort of Squid related. What happens when you put 3D glasses on a Cuttelfish.
They could have at least used polarized glasses. Even security related when considering the camouflage aspects.

"Cuttlefish use stereopsis to strike at prey"

"Cephalopods are visually driven hunters, with renowned cognitive and camouflage abilities ... "

https://advances.sciencemag.org/content/6/2/eaay6036.full

AndersJanuary 11, 2020 8:39 AM

@Clive

Yes, with old computers and OS still lot can be done.
XP is still quite a nice and secure OS in separated segment.

But i hate to see where web is developing and how security
is brought as a excuse for business greed.

And hiring too - most information security industry companies
hide their e-mail contacts and do hiring only through specialized
hiring companies and those web sites that explicitly require javascript
and latest browser. However there are numerous cases where data is leaked
from those hiring companies. One example:

gdpr.report/news/2019/06/28/data-breach-exposes/

So here lies interesting controversy - information security companies
don't care about their candidates security at all.

Yes i know all this quite well since one of my friend is currently
seeking a job and he filled me in with all this. BTW, if anyone
has any information security related job to offer to my friend,
i will forward this to him.


Not bitte but bitterJanuary 11, 2020 8:50 AM

"Not sure if MacOS is better regarding to spying because its an american corporation behind it but at least it feels more stable."

Well there's vanilla spying and then there's outright stealing all your user data to repackage it as their entire business model going forward, while lying to you and forcing you into a subscription model with everything you do being mirrored in/ reliant on a (leaky..) cloud you don't control.. pick a poison. Better than MS, yes.

But MacOS minor version upgrades are a PITA too - Get comfy in a dev environment with a tool suite you're ok with, then wait 1-3 months for the newly compatible versions of everything you rely on to come out at every other update - assuming they even get around to it? Talk about agile dev, you never get real comfortable.

Folks with infinite time to instantly rewrite custom drivers and reverse-refactor all their 3rd party plugins, they might 'enjoy' the bleeding edge have no problem and see forced agility as a security feature. But when office goons can't even reinstall their "necessary" Excel / A-dope suite? That's a problem. You either wait for it or you're scrambling to replace it. And these things all update at different times with issues, there's no actual synchro. You can get get stuck in limbo for weeks and there's no guarantee it resolves, no one can depend on that. Whoever solves this frees up Billions of man hours, Trillions worldwide.

You either have a monolithic-yet-altruistic OS company that umbrellas out over its most important dev tools and makes it all play nice, pipelining and testing and partnerships and long term mapping, or you need a healthy and deeply plugged in FOSS community that doesn't get burned out by repeated proprietary black box decisions or IP/license protectionism and whimsy. Apple seems as or more committed to gadget fitbit crap and $1000 phones, Sharper Image crap. Don't like it? Go ahead and move away, they dare you.. you've already paid 2x for their rounded-corner-yet-dust-disabled hardware.

In the end we all go back to BSD and Apple sells trips to Mars or something.

ChrisJanuary 11, 2020 9:48 AM

Re: Wyden’s questions come after Mozilla removed Avast's and AVG’s extensions for harvesting user data
--
This is actually a very important topic all by it self, we dont have any oversight of what antivirus companies do, just some indications such as:
American companies should not use Russian antivirus products.

If you think about it for a second, that would meen they know something, maybe the answer is dont use antivirus products at all, at least his is my take of it.

Also if you think even further, i would bet some money on that antivirus companies have close links to security sevices, I meen look at any of the products out there, some perhaps more than others, not naming any product names because its not the point, the point is they see what you see, they have the hashes of your files and so on, why would they not runaway and do something with that information. And like Clive pointed out earlier it starts with:
Poor kids we need to protect them.
And good luck trying to run Windows without antivirus, its beyond repair.

Then we have the DNS, have noticed that all of a sudden its so important
to have centralized DNS lookups from Cloudflare and co. and all big names are pushing towards that, Firefox and the like, why is that exactly...

AndersJanuary 11, 2020 9:50 AM

medium.com/@woj_ciech/when-%EA%93%98amerka-meets-healthcare-research-on-exposed-medical-devices-ac62f2840da4

Bob PaddockJanuary 11, 2020 12:00 PM


@Clive Robinson wrote in the recent Drone post:

"I can tell you from the prototype cube-sat on my bench, the electronics required to act as a Narowband voice bandwidth repeater can be built on less than a 2x4 PCB and have cross polarised "fine spring wire" antennas in just a few grams. Further using modern LiPo batteries..."

Is that Ham Radio or professionally related?

If Ham Radio how do we get to use it or at least listen to it?

I looked into doing a cube-sat a couple of years ago it was looking in the $250,000 to $500, 000 range. Out of my budget at the time. Have costs gone down much recently?

"...Further using modern LiPo batteries..."

Those suck in the cold.
Any thermal management tricks you can share?

Paranoid Marinade January 11, 2020 12:11 PM

@Chris

Avast and AVG are free products & increasingly bundleware and adware. Anyone who didn't see this coming with these two has not seen them in use in the last ~5+ years.

That doesn't make all AV suspect but browser plugins should ALWAYS be suspect until proven otherwise because they sit right on an easy revenue stream and these are companies interested in easy money. Browsing data is fluid currency. If they're collecting that without disclosure or pretending not to, that's BS and they knew better. Kind of like running ad-supported AV... :/

"And good luck trying to run Windows without antivirus, its beyond repair" - eh, if you apply security paradigms you're not downloading a whole lot of unknown files regardless of AV status. Depending on AV to save you in such instances is very Old Testament.

"Then we have the DNS, have noticed that all of a sudden its so important to have centralized DNS lookups from Cloudflare and co. and all big names are pushing towards that, Firefox and the like, why is that exactly..."

Because being pointed to non-legit DNS is pretty bad. If they're a trusted authority doing sanity checks and multi-source distributed authentication this is a good thing.
Assuming the EULA/PPol is legit and adhered to, great.

The caveat is that you've put all your eggs in that one basket, so they know all about you in one handy spreadsheet. But don't think for a minute that Quantum Intercept type folks care what DNS you point to. This would only keep you away from redirected phishing dupe sites. It's not going to prevent top-level ISP pipe managers from redirecting you wherever they want your traffic to actually go, nor do they even need that to send you extra bits in the middle of what your session expected. What's the bigger threat to you and 99.9% of people though, being phished out of a credit card or banking credential etc or being spied on by Big Mordor for national security or catching paedos? The latter you'd probably never be affected by individually unless you're doing something they really don't like. If you are, skip DNS entirely. Memorize Ip's. :p


AndersJanuary 11, 2020 12:40 PM

@Chris

"And good luck trying to run Windows without antivirus, its beyond repair."

I have actually done that and i'm still doing it.

Bob PaddockJanuary 11, 2020 2:56 PM

@Paranoid Marinade

"... If you are, skip DNS entirely. Memorize Ip's."

Lets say I do memorize some IPs.

How does that help if the web site is using vhosts?

How do I tell it I want example.org and not example.com that are both hosted on the same IP, of a server I do not control?


SpaceLifeFormJanuary 11, 2020 3:26 PM

@ Bob Paddock

Excellent question.

Especially, if example.com is delivering malware js / wasm, and example.com looks just like example.org

How many users will notice?

Especially, if their browser does not display the full URL?

SpaceLifeFormJanuary 11, 2020 5:03 PM

@ MarkH, Clive, All

Lets talk about Alice and Bob a bit more.

Alice and Bob know *at minimum* two ephemeral pubkeys from the other party.

Lets say they are both 32 bytes.

If there are more keys involved, then the security level is better, but the cpu cycles cost will definitely increase.

The key (no pun intended), is that the comm actually involves 128 bytes of keymat (not 128 bits).

The chances that Frank and Gordo have the same 128 BYTES of KEYMAT is really slim to none.

Alice creates a "Bag of bits'

It is transmitted to the net. Somewhere.

Alice created the (Bag of bits). Let's call it Bob0.

Alice, using her two private keys, and Bob's two Pubkeys, does the following:


E(S(E(S(payload)))) -> Bob0

It gets dumped somewhere.

Bob finds Bob0 magically, somehow.

So, at this point Bob has obtained Bob0, the "Bag of bits".

It's just a "Bag of bits"

What does Bob do?

Bob, wondering, why do I have this "Bag of bits", it looks like total random noise to me!

(it may in fact be totally random noise, that could be fed into a random pool. Important)

Bob, thinking. Maybe this is a message from Alice!

Remember, both Alice and Bob have *at least* two pubkeys from the other party.

Bob, thinking it is from Alice, trys one of his private keys to decrypt. Guaranteed to work. Result is still random looking.

Then Bob splits off what may be a signature from Bob0, giving Bob1 and a signature.

Bob, still thinking that that "Bag of bits" may have been originated by Alice, decides to see if one of the Alice pubkeys works with the signature.

To keep this short, lets assume it works. But Bob may have to try one of the other (minimal 2) Alice Pubkeys that Bob knows.

Assuming that Bob got lucky, and his first guess on his private key and his first guess on the signing key that Alice used, still not done.

So, now Bob has to repeat the process on the Bob1 chunk of data.

And this process can be layered, with a bigger set of keys.

And Bob may get a chunk of data that is not intended for Bob.

The signature checks will fail.

But, the more keys involved, the higher the cost in terms of cpu cycles.

SpaceLifeFormJanuary 11, 2020 6:05 PM

@ lurker

"What's the best DNS to use now?"

There is none. Seriously.

Pick your poison.

AndersJanuary 11, 2020 6:16 PM

@lurker

One option is to set up your own resolver.
You know what services you use, put those
IP's and names into hosts file and enjoy.

Malware has long used the same trick to redirect
you to another sites. And people have used this
trick long to block some AD servers resolving
them to localhost.

PhaeteJanuary 11, 2020 6:23 PM

@lurker

What's the best DNS to use now?

A proxy or tunnel to a DNS that is least restrictive and most truthful for your purposes.

If you are really serious about it, run an internal DNS with a proxy to sync with the root DNS servers.
This can be tricky as many autoconfigs, caches, and isp reroutings, while trying to be helpful, end up fouling the setup.

MKJanuary 11, 2020 7:06 PM

I don't run my computer for the Operating System, I run it in order to run Apps I want to use. In my case, a bunch of Adobe apps: InDesign, Photoshop, Acrobat, and Microsoft Apps: Word, Excel, PowerPoint. I'm willing to live with whatever OS is needed, and I run an assortment of virus checkers on top of that. The open source verions of these apps are all deficient in one or more ways, and why should I put up with that just to run Linux?

JonJanuary 11, 2020 11:45 PM

@MK :

The open source verions of these apps are all deficient in one or more ways, and why should I put up with that just to run Linux?

Because the closed-source versions of these apps are all deficient in one or more other, and sometimes more interesting, ways.

How much do you care about other people having your data? And other people forcing you to use their own, often highly-priced, services? And data format lock-in, so you have to keep paying them or your own files become inaccessible? Et cetera...

Jon

the other lurkerJanuary 12, 2020 12:34 AM

@Chris, all

Then we have the DNS, have noticed that all of a sudden its so important to have centralized DNS lookups from Cloudflare and co...
I used to run pdnsd with a 28day cache lifetime, which greatly reduced my demand of external DNS services. I've recently dropped MacOS, and am currently on Debian because none of the BSD had graphics drivers could handle my screen. But pdnsd hasn't had any work on it for 7 - 8 years, mebbe it was so good it didn't need it... So Debian dropped it at the last major point version. I'm getting tired of having to rebuild my toolkits.

ChrisJanuary 12, 2020 1:09 AM

@MK I don't run my computer for the Operating System, I run it in order to run Apps I want to use. In my case, a bunch of Adobe apps: InDesign, Photoshop, Acrobat, and Microsoft Apps: Word, Excel, PowerPoint
-
This is a valid question, and I guess the real reason for why Linux dont take of, why dont we have these applicatons in Linux, really hard question to answer, looking at developers i think lot of developers use Linux, so why dont we have the multitude of software for it, intresting question, dont know.

My guess is that its related to investment, and shareholders dont see any money in Linux. Any takes on this other than, yeah this is so but what can we do about it.

ChrisJanuary 12, 2020 1:13 AM

@I used to run pdnsd with a 28day cache lifetime
--
Not seen that before, have to check, personaly i run DNSMASQ
it has some intresting features that i really like
maybe you have a look at it, its powerful

Clive RobinsonJanuary 12, 2020 4:59 AM

@ Bob Paddock,

Is that Ham Radio or professionally related?

It could be both, I know in the UK it's called "Amateur Radio" but it's the same with "sports". You are only "Amateur" because you don't compeate for money. With radio it's because you don't use the traffic carrying capability as a commercial venture. It's not because you do not do things in a proffessional manner.

You would be forgiven for thinking that it's daft point to make, but unfortunately others of importance have drawn such a distinction. In the US the FCC have taken an even more stringent view point in the past. That is for years they refused to licence a module for a space craft because it had been designed and built by students at a military academy because they were in effect Federally "Paid employees" whilst doing the design...

It's this sort of nonsense that means that the US AMSAT efforts have in effect fallen in a quagmire, whilst European and Middle East, Indian and other nations have moved ahead in the game.

But to answer your question I will avoid the issue by saying it's neither, it's option three "research" which covers all maner of things in what is an independent way.

An interesting thought for you, satellites have the same issues as bullets, golf balls and shuttle cocks do. The greater the surface area compared to mass the shorter the duration of their flight. But the greater the mass the more energy has to be put into the start of the flight.

Components in space depending on their orbit are subjected to various types of radiation across the whole EM band.

Without going into the details some "space hardend" components are ordinary production run components that have been stress tested then shielded. So a 25cent 555 timer you might use as a watchdog timer gets to be nearer 2000 dollars for a bit of stress testing and having two thin plates of tantalum put on either side of it. One reason that tantalum is used is that from the radiaton stopping potential it only needs to be half the thickness of lead, thus has less mass.

So the question arises as to is that reduction in mass for 8000 times the price worth it?

The answer when you consider things is "no" thus the question moves further to "shield individual components" or "shield PCBs". Well the answer is "it depends" but when you consider the way the launch market for the likes of cubsats works you are given a physical size and a maximum mass per unit. So bearing in mind the flight life you are better off designing to get the maximum mass alowed. This makes "shielding the PCBs" the better option unless you realy are stuffing it in. You can also use other materials such as titanium which have other advantages (look up the JADE "jovian radiation vault" for other information).

However that still leaves another issue, which is "burning them in". Hardend components undergo a much more serious set of tests, you can look up some of what needs to be done to take a chip from ordinary industrial ratings through to military ratings, well things need to go further for space hardening (and even though well known guess what ITAR and similar come a knocking...).

The trick howrver is developing tests that will quickly and as inexpensively rule components "in or out" of further consideration or what "extra considerations" need to be taken into acount for them.

For instance a microprocessor will behave in unintended ways if any of the bits in the register file get flipped. Whilst you can do somethings to reduce this at the chip design level the problem does not go away. So in effect they should all be rulled out but... So one way to compensate for this is a watchdog circuit that kicks the reset line if an event happens or fails to happen. But this will only happen if the watchdog circuit works, so you need to be able to build one that is effective. So you need the 555 timer and some discreet components, one of which would be a high value capacitor.

Sadly capacitors are a dielectric between two conductors, a dielectric when hit by ionizing radiation becomes a conductor, therefor you have to know how to deal with the effects of this and design around it safely. Insulators around components including all pasive components are effectively dialectrics. Thus if you are designing for operation in a very low presure ionised gas environment you need to consider voltage creep and arc etc.

You can look up "pay-walled" research papers or Internet articles where others have done some of the work for you such as,

https://www.ttiinc.com/content/ttiinc/en/resources/marketeye/categories/passives/me-slovick-20160809.html

But at the end of the day you have to "build and test" less you "build and cuss" when something you did not read up on lifts it's head above the parapit.

Have a hunt around for why certain very exprnsive Swiss atomic clocks have failed prematurely in the "European GPS" Galileo satellites,

https://phys.org/news/2017-07-europe-galileo-satnav-problems-clocks.html

AndersJanuary 12, 2020 8:55 AM

@MK

You need to run those programs is understandable, but
i'm sure you don't need to run latest versions on them.

If you are ready and willing to use older versions, they
give you also more flexible choice of underlying OS, which
in turn gives you better control over your privacy.

AndersJanuary 12, 2020 10:19 AM

blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/

SpaceLifeFormJanuary 12, 2020 12:53 PM

Regarding DNS:

You may want to check out unbound.

Flexible config. Overide TTL. You can chain dnsmasq into the picture. Hint: local listen ip address does *NOT* have to be 127.0.0.1

localhost is really any 127/8 address you want.

You can configure unbound to listen at 127.1.2.3:53 for example.

Electron 007January 12, 2020 2:04 PM

@SpaceLifeForm

Regarding DNS:

You may want to check out unbound.

Google has answers.

"Unbound is a modern successor to Dan Bernstein's djbdns [3], because its design is focused on security and it includes DNSSEC. Developer NLnet Labs describes Unbound as a validating, recursive, caching DNS resolver [4]."

NLnet is located at the Science Park in Amsterdam, close to the national research center for mathematics (CWI) where NLnet was founded and where the first public connection to the internet in Europe was made in 1988.

Bunch of college frat boys smokin' weed, man. What kind of court system they got over there? Is there a Bitcoin-friendly crypto-mom? You know the judge? Have any idea if it's civil or criminal, huh? Who seized my domain name?

vas pupJanuary 12, 2020 3:25 PM

Researchers: Are we on the cusp of an ‘AI winter’?
https://www.bbc.com/news/technology-51064369

"'Far to go'

While AGI isn't going to be created any time soon, machines have learned how to master complex tasks like:
◾playing the ancient Chinese board game Go
◾identifying human faces
◾translating text into practically every language
◾spotting tumors
◾driving cars
◾identifying animals."

===>Why identifying security threats (LEA/IC/national security vector) spotting patterns in cases of serial killers, rapists, you name it not in this list [VP]?

"Reality check

So what will AI look like at the end of the 20s, and how will researchers go about developing it?

"In the next decade, I hope we'll see a more measured, realistic view of AI's capability, rather than the hype we've seen so far," said Catherine Breslin, an ex-Amazon AI researcher.

The term "AI" became a real buzzword through the last decade, with companies of all shapes and sizes latching onto the term, often for marketing purposes.

"The manifold of things which were lumped into the term "AI" will be recognized and discussed separately," said Samim Winiger, a former AI researcher at Google in Berlin.

"What we called 'AI' or 'machine learning' during the past 10-20 years, will be seen as just yet another form of 'computation'".

:( on last paragraph [VP]

AtAStoreJanuary 12, 2020 3:57 PM

"Inside Google’s Quest for Millions of Medical Records
The company has struck deals that grant it access to troves of patient data; ‘We want to be helpful’

PALO ALTO, Calif.—Roughly a year ago, Google offered health-data company Cerner Corp. an unusually rich proposal.

Cerner was interviewing Silicon Valley giants to pick a storage provider for 250 million health records, one of the largest collections of U.S. patient data. Google dispatched former chief executive Eric Schmidt to personally pitch Cerner over several phone calls and offered around $250 million in discounts and incentives, people familiar with the matter say." ...

https://www.wsj.com/articles/paging-dr-google-how-the-tech-giant-is-laying-claim-to-health-data-11578719700

Bob PaddockJanuary 12, 2020 4:22 PM

"... In the US the FCC have taken an even more stringent view point..."

I always found it odd that if I want to operate from space I must have my Extra Class grade license.

"... It's this sort of nonsense that means that the US AMSAT efforts..."

Yes, I hear little of US AMSAT today.

"...But to answer your question I will avoid the issue by saying it's neither, it's option three "research" which covers all maner of things in what is an independent way. ..."

My actual questions was can I play with it when lunched Launched?

"... An interesting thought for you, satellites have the same issues as bullets, golf balls and shuttle cocks do. The greater the surface area compared to mass the shorter the duration of their flight. But the greater the mass the more energy has to be put into the start of the flight. ..."

Following Conventional Physics. Have you ever looked at the work of T.T.Brown or O.T.Carr's "Amusement Device"?

" ... Components in space depending on their orbit are subjected to various types of radiation across the whole EM band. ..."

From years of designing Coal Mining equipment I'm familiar with many of the same issues. The natural radioactive sources as well as actual Neutron Emitters operating near by to measure the coal face thickness.

"... However that still leaves another issue, which is 'burning them in'. Hardend components undergo a much more serious set of tests...

I usually go with the trade-off of Automotive Grade parts.

For example I would consider this, rather than 555 with capacitor issues:

https://www.ti.com/product/TPL5010-Q1

Now with that questions become exactly how many particles dose it take to upset a device only consuming 35 nA? Probably fewer than we'd like.

"... For instance a microprocessor will behave in unintended ways if any of the bits in the register file get flipped. ..."

Yes, Single-Event-Upsets are a problem. That problem has been around a long time, for example this old Zilog App note gives some mitigation strategies:

AN0037-"Using Software Techniques to Maximize Z8 MCU System Noise Immunity"

I once had a 1805 (1802 with a couple of extra features) that had a broken XOR instruction on only certain bit patterns. It took DAYS to find that bug, and less than a minute to fix when I realized it was a hardware problem and not the firmware.

The Silicon-On-Sapphire based 1802s were once very popular to use in Sats. Probably many still running in orbit today.

http://stuffin.space is always interesting to look at to see just how much junk is up there.

"... This makes 'shielding the PCBs' the better option..."

I like to use Amorphous Metals like MetGlas.

SpaceLifeFormJanuary 12, 2020 4:54 PM

DNS, unbound. I forgot a critical point.

You do *NOT* want ::1 in your /etc/resolv.conf

You do *NOT* want *any* ipv6 address there.

You want LAN traffic to be *only* ipv4.

127/8 gives you flexibility.

Using ::1 over ipv6 does not.

Always run your DNS over ipv4 local.

You can get ipv6 addresses via unbound, but you do *NOT* have to do local DNS lookups over ipv6.

Unbound can return you an ipv6 address if you need it, but you can ask the resolver over ipv4.

Always ask over ipv4.

The lookup can happen locally via ipv4.

The result can be an ipv6 address.

AlejandroJanuary 12, 2020 6:18 PM

@Lurker

Cloudflare DNS 1.1.1.1, 1.0.0.1

I have been using it awhile. It's good and fast. The main draw, however, is it keeps the ISP from collecting and selling your DNS history which is quite legal of course. (So much for the generic Privacy Policy expressing extreme concern for our privacy.)

I run my website through Cloudflare for one reason only: The firewall and security features are drop dead gorgeous. For example, you can check a few boxes and block a whole country, like China, Russia, Nigeria...etc. You can block by ASN number, user agent, ipv6 ranges....you name it and it's easy.

Unfortunately, a lot of the bad guys are hiding in major web services like AWS these days which are America registered but can really from anywhere by anyone....Of course you can simply block AWS (or whatever ) too.

So they are to be trusted?

I don't know. Their battle against TOR got pretty vicious for awhile. That's sounds like it would be a Five Eyes favored position. And of course being a CDN is a simple, easy way to do MITM even though they promise not to look. (lol)

And, there are rumors of over friendliness to American .gov LEO...

Anyway, pick your poison.

On whole I think they do more good than harm.

Electron 007January 12, 2020 8:31 PM

DNS, unbound. I forgot a critical point.
You do *NOT* want ::1 in your /etc/resolv.conf
You do *NOT* want *any* ipv6 address there.
You want LAN traffic to be *only* ipv4.
127/8 gives you flexibility.
Using ::1 over ipv6 does not.
Always run your DNS over ipv4 local.
You can get ipv6 addresses via unbound, but you do *NOT* have to do local DNS lookups over ipv6.
Unbound can return you an ipv6 address if you need it, but you can ask the resolver over ipv4.
Always ask over ipv4.
The lookup can happen locally via ipv4.
The result can be an ipv6 address.

That is so broken it's not even funny.

"::1" is the IPv6 equivalent of "127.0.0.1" for IPv4

According to RFC 4193, "FC01::/8" is apparently reserved for locally assigned, locally routable addresses "like" those of RFC 1918, namely 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 in IPv4, interminable frat-house stupidity notwithstanding.

The issue of "NAT" (Network Address Translation) is not mentioned anywhere in the RFC, because it is "discouraged" for IPv6 by the Powers That Be, who have "deprecated" NAT in pursuit of ever more universal one-world-government global control over local end user devices, but in all practicality, using some form of NAT to masquerade behind a public internet address does not need to be any more difficult in IPv6 than it is in IPv4.

https://tools.ietf.org/html/rfc4193

The deprecation of NAT is demanded by telecom service providers who wish to impose arbitrary or fee-for-service restrictions on "tethering" or sharing internet from mobile or other internet-connected devices.

JG4January 12, 2020 9:36 PM

security alert: bird poop in the intertubes

nakedcapitalism.com/2020/01/links-1-11-2020.html
...

Big Brother is Watching You Watch

Hundreds of Millions of Cable Modems Are Vulnerable To New Cable Haunt Vulnerability ZDNet

Imperial Collapse Watch

Noam Chomsky: America Has Built a Global Dystopia TruthDig (David L)

Trump Transition

Feces from a giant kettle of vultures is disrupting CBP communications on the US-Mexico border Quartz (Dan K)
...

Electron 007January 12, 2020 11:19 PM

Correction:

According to RFC 4193, "FC01::/8" ... interminable frat-house stupidity notwithstanding.

No. That's FD00::/8, isn't it? Namely FC00/7 with the "L" bit set to 1, namely bit 7 in big-endian mode numbering from 0. It's an area where people "witch" and then they laugh and snicker in their college dorm halls or corporate cubicles when they deliberately cause others to make mistakes.

These people (yes, certain global elitists) are simply not willing, even in the RFCs, to come right out and say, or specify certain things in a straightforward way so as to minimize the waste of others' time, effort and money.

Paranoid MarinadeJanuary 13, 2020 11:24 AM

"Lets say I do memorize some IPs."

Bob, you're exploring a joke in full spelunking gear.. carry on.

"How do I tell it I want example.org and not example.com that are both hosted on the same IP, of a server I do not control?"

This is a pretty niche problem for someone so paranoid they don't use DNS, per the example.

But the obvious answer is : You don't. You pay cash, get on the bus and walk backwards in a looping criss-cross the rest of the way to the website of choice, in disguise. The truly secure never take the same route twice!

Remember - they are watch-making, and they will advertise those watches to you if not careful. "Who cares what time it is anyway? Noon somewhere.." -Siddharta Gautama

MarkHJanuary 13, 2020 1:43 PM

@vas pup:

re. the bulleted list of "complex tasks" which "machines have learned how to master" ...

For me, it's expected that with sufficiently powerful computers and sufficiently refined software, human-level proficiency can be achieved in a variety of board games which can be fully comprehended by a purely abstract description.

Such problems (like chess and go) can be played in a closed mathematical/logical space.

Everything else on the list is irretrievably enmeshed in the messiness and ambiguity of the world in which our lives take place.

In most of remaining domains of the list, I think it can be said that within carefully controlled and restricted conditions, laboratory-style testing has demonstrated levels of proficiency comparable to, or in some cases exceeding, the way people do those things.

The automation of those tasks is almost certain to suffer from the classic "AI" weakness called brittleness: they will fail (often very severely) in circumstances outside those carefully controlled (and often, poorly understood) boundaries ... and the automated systems won't be able to distinguish that they have gone wrong.

The success with tumor detection is interesting, and may prove practical: it's being tried out in a medical context where the creation, formatting and quality of imaging is controlled by human professionals, and thus may be comparatively free of the dangers of the unexpected.

As to face recognition, error rates and susceptibility to countermeasures seem (for now, at least) to show significant weakness; but even an accuracy of only 80% (for example) is sufficient to make an Orwellian totalitarianism more cost-efficient (see China, People's Republic of).

In the case of language translation, however, my observation is that automation is still God-awful. To be fair, I can say that it is literally comparable to human performance: roughly as accurate as a person whose lifetime familiarity with at least one of the two languages is not more than a couple of hundred hours.
__________________________________________

In sum, there's a vast canyon between "as good as a proficient person," and "pretty lousy, but sufficient to be extremely dangerous in the hands of people lacking comprehension and/or ethics."

I suggest that as of early 2020, most so-called AI functions in that nasty void.

SpaceLifeFormJanuary 13, 2020 4:07 PM

@ Electron 007

"::1" is the IPv6 equivalent of "127.0.0.1" for IPv4

Yeah, but 127.*.*.* is also localhost.

127/8 gives you more flexibility so that you can chain application servers on one physical server that use the same port numbers. That may be important if you can not configure the port numbers that the application server will listen on (but assuming you can configure the listen address)

If I had to use ipv6 on a lan, I would look at using FC00::/8 internally.

Otherwise, I do not trust ipv6.

Especially on a closed source ip stack.

I think it leaks, at minimum, fingerprints.

Probably by design.

SpaceLifeFormJanuary 13, 2020 5:20 PM

@ Clive

Why endpoint security is a cluster.

When the platform is not helping...

hxxps://www.twitter.com/josephfcox/status/1216761349910466567

Electron 007January 13, 2020 6:20 PM

If I had to use ipv6 on a lan, I would look at using FC00::/8 internally.
Otherwise, I do not trust ipv6.
Especially on a closed source ip stack.
I think it leaks, at minimum, fingerprints.
Probably by design.

Those addresses are "reserved, and "shouldn't" cause conflict for the time being, (at the time of the RFC,) but I do believe the correct address block is FD00::/8, not FC00::/8.

Both /8 blocks together comprise the FC00::/7 mentioned in the RFC, but the last bit (of the 8) is supposed to be set to one for locally assigned use.

Without the privacy extensions of https://tools.ietf.org/html/rfc4941 the hardware MAC address of your end user device does tend to become incorporated into a global IPv6 address and leaked to the world as part of your IPv6 "fingerprint".

Petre Peter January 14, 2020 10:23 AM

Two guys pose as cops and another as a perpetrator. The object of the game is to nab the tourist's passport and then, as he pleads, sell it back to him. In Romania this is known as the Maradona maneuver. -Bruce Benderson, The Romanian.

SpaceLifeFormJanuary 14, 2020 2:08 PM

I would expect some out-of-band patches for Win7 any day now (unless it was included today - not clear). Just like Microsoft did for EternalBlue (Wannacry) on XP.

I suspect the problem is so bad, that they could no longer trust their internal systems, even those not on the internet.

In other words, DOD probably rolled a bunch of new keys in recent weeks for SIPRNet and JWICS after patching internally.

They probably smelled it via unusual traffic.

And, that would be an NSA function, to find unusual traffic.

I'm sure they have the source code, but they certainly have the resources to reverse engineer the binary.

The question is: How long has it been exploited?

Just because there are no 'in-the-wild' reports does not mean it was not happening. It could be very subtle, very low traftic.


hxxps://kb.cert.org/vuls/id/849224/


The Microsoft Windows CryptoAPI, which is provided by Crypt32.dll, fails to validate ECC certificates in a way that properly leverages the protections that ECC cryptography should provide. As a result, an attacker may be able to craft a certificate that appears to have the ability to be traced to a trusted root certificate authority.

Any software, including third-party non-Microsoft software, that relies on the Windows CertGetCertificateChain() function to determine if an X.509 certificate can be traced to a trusted root CA may incorrectly determine the trustworthiness of a certificate chain.

AndersJanuary 14, 2020 4:09 PM

@SpaceLifeForm

NSA is crying out. Maybe they have added there something extra
along they SURE want to be present everywhere...for them.

mobile.twitter.com/NSAGov/status/1217152211056238593?p=v

SpaceLifeFormJanuary 14, 2020 5:37 PM

@ Anders, ALL

hxxps://mobile.twitter.com/SwiftOnSecurity/status/1217159419533893633

Turn your Windows computers off, immediately.

This may be why people are NOT getting the updates.


Do not update!

Wait.

This problem may not be Windows only, but at this point, turn off Windows, otherwise you may get a backdoor installed.

Yeah, I know some think I'm nuts, but better safe that sorry.

Let's see what the reverse of patch tells us over next few days. Assuming a legit patch.

People have already found things.

If you are not an experienced dev, shutdown. You do not want to go thru major headache.


vas pupJanuary 16, 2020 12:25 PM

Drones are everywhere now - see article below.

Why are Chinese fishermen finding so many 'submarine spies'?
https://www.bbc.com/news/world-asia-china-51130644

"So where do the "submarine spies" come from? What do they do? Why are they valuable?

And why are Chinese fishermen finding so many?
Jiangsu is a province in eastern China, with a coastline more than 1,000km (620 miles) long.

It faces Japan and South Korea, while Taiwan is around 500 miles south. This geography - and the huge US presence in the region - begins to explain why fishermen keep finding these devices.

China has not revealed where the devices came from, merely saying they were "made in other countries".

But regional expert and consultant Alexander Neill says they probably came from "the US Navy, the Japan Self-Defense Forces, or potentially Taiwan - this is a big area of rivalry".

So what are the Americans, the Japanese, or the Taiwanese hoping to learn?

In 2009, the US Navy sponsored research into underwater drones, broadly known as "unmanned undersea vehicles (UUVs)". The research recommended seven ways UUVs could be used, including:
◾Tracking "potentially adversary submarines"
◾Looking for and dealing with underwater bombs - particularly in other countries' waters
◾Deploying surveillance equipment
◾Monitoring "undersea infrastructure", such as communication cables

The research also highlighted the strengths of UUVs. Gliders - a smaller UUV, likely to be what the Jiangsu fishermen found - can be deployed for "months" and are "cheap enough to be considered expendable".

In this instance, cheap means "only tens of thousands of dollars".

Their cost, range, and capability mean "submarine spies" are increasingly important - Mr Neill estimates the number worldwide is "certainly in the upper hundreds".

So this explains - in part - why they keep turning up in Chinese nets. The country has a huge fishing fleet, and the law of averages suggests it will scoop up the occasional drone.

China doesn't just find underwater drones - it operates them, too.

At the military parade to mark the 70th anniversary of the People's Republic of China (PRC), the HSU001 was unveiled - a large UUV, possibly capable of launching smaller drones.

And five months earlier, another Chinese UUV was revealed in a less formal way, when Indonesian fishermen caught a "missile" with Chinese markings in the Riau Islands.

"It's not a missile, but a sea drone, which is usually used for underwater research," said police.

Although its origin was not confirmed, experts suspect it was part of China's vast sub-surface surveillance - the so-called "Great Underwater Wall of China".

So, as UUV technology develops, more fishermen - whether in China, Indonesia, or beyond - can expect to find more drones."


Clive RobinsonJanuary 16, 2020 1:13 PM

@ vas pup,

It's funny how North Korea got left of the list of "foreign made" sub sea drones.

You would be surprised at just how many not just countries but corporations use subsea drones.

The thing is when you are below the wave roll at 30-60ft it's a fairly quiet and apart from deep currents stable environment, if you are not doing "station keeping" or running against the currents you need very little power. Most coastlines have fairly predictable currents so drop a drone in at one end and appart from minor course correction it will come out at thr distant end.

The main difference between commercial and military/spy subsea drones is how you launch them. Commercial is alnost aleays from "support vessels" and military/spy from submarines.

The US is known to have started using Signals Surveillance sub sea drones in the cold war, shortly after on submarine was nearly lost.

Maratime law is a bit sketchy on the use of "unmaned vessels" and taking them over. It could easily be piracy unless it could be clearly shown the vessel was not under command[1] and thus becoming a hazard to navigation. But to avoid the charge of Piracy the Chinese would be required to offer the vessel back to it's owners or opetators.

Also the definition of what constitutes international waters. China has very specifically pushed this so hard the UN has found their claims of territorial waters to be unbelievable, especially with the murders of non chinese nationals involved in fishing or comming to close to the artificial islands/garrisons China is building all over the south china seas. It's still an open question of if WW III will start next to Iran or in the South China seas...

You can be fairly certain that many countries have these subsea drones "passing by" and not only are they aware of them they know precisely where they are[2]. But because they are technically under command or in international waters they get left alone for now.

[1] The definition of "under command" is quite fluid when you consider a yacht on wind vane course correction or hauled too or on a sea anchor when the lone yachtsman is getting their head down for a couple of hours.

[2] Look up what a SQUID is and one of it's maratime watch uses are.

vas pupJanuary 16, 2020 3:17 PM

Who's liable? The AV or the human driver?
https://www.sciencedaily.com/releases/2020/01/200114163142.htm

"Researchers have developed a joint fault-based liability rule that can be used to regulate both self-driving car manufacturers and human drivers. They propose a game-theoretic model that describes the strategic interactions among the law maker, the self-driving car manufacturer, the self-driving car, and human drivers, and examine how, as the market penetration of AVs increases, the liability rule should evolve.

Their findings are outlined in a new study to be presented on January 14 by Sharon Di, assistant professor of civil engineering and engineering mechanics, and Eric Talley, Isidor and Seville Sulzbacher Professor of Law, at the Transportation Research Board's 99th Annual Meeting in Washington, D.C

While most current studies have focused on designing AVs' driving algorithms in various scenarios to ensure traffic efficiency and safety, they have not explored human drivers' behavioral adaptation to AVs. Di and Talley wondered about the "moral hazard" effect on humans, whether with exposure to more and more traffic encounters with AVs, people might be less inclined to exercise "due care" when faced with AVs on the road and [!!!]drive in a more risky fashion.

====>>>"Human drivers perceive AVs as intelligent agents with the ability to adapt to more aggressive and potentially dangerous human driving behavior," says Di, who is a member of Columbia's Data Science Institute. "We found that human drivers may take advantage of this technology by driving carelessly and taking more risks, because they know that self-driving cars would be designed to drive more conservatively."

Clive RobinsonJanuary 16, 2020 3:35 PM

@ Bruce and the usual suspects,

This month it's fifty years since the release of Stanley Kubrick's "Dr Strangelove".

Although a "black comedy" and widly castigatrd by many as "soviet propaganda" or similar, it did strike many as having some kind of self consistent reality not far from the reality of "bomb them back to the stone ages" --alleged-- comments of General Curtis LeMay. Who claimed of the film that “Nothing like that could happen”. Nodoubt hoping that his position as the Air Force Chief of Staff and commander of the US nuclear deterant at the time gave gravitas to his protestation that in a subsequent film "Fail-Safe" released a few months later “The incidents in ‘Fail-Safe’ are deliberate lies!”, I guess it was not his year ;-)

Well it turns out not only did Stanley Kubrick do fairly thorough research, even the "colour" of satire he added by the apparently mad people involved, was not very far off the mark,

https://www.newyorker.com/news/news-desk/almost-everything-in-dr-strangelove-was-true

The thing is, whilst the Nuclear Deterant is supposadly the ultimate security system, in practice it's not. In reality it's fairly hum-drum and as failure prone as it or infact most security projects get, when they have the “always/never” dilemma "built in" with a single point of failure (ie the sole person with command responsability being unavailable when required).

The reason the Nuclear Deterant is seen in the way it is and causes so many ludicrous problems, is one rather more of psychology than nuts and bolts. Humans have failings, one of which is "trust" which we automatically asign "responsability" to when we place trust in some one willingly or not. When trust goes wrong as it frequently does, it is not those who "place the trust" but those in whom "trust was placed" that are blaimed. It's what is politely known as a "no win scenario" the best you can hope for is an endless "draw". Which is the very essence of the Mutually Assured Destruction (MAD) doctrine.

Unfortunately MAD has an assumption on which it is based, which is both sides in what was a two player game must believe that destruction will be mutual. This is predicated on the notion that no rational mind could think otherwise...

Unfortunately people are seriously begining to believe that MAD is not assured any longer and that you can devide an arsenal into tactical and stratigic nuclear devices. With the implicit assumption that the use of tactical nukes is now acceptable, because it's nolonger a two sided game. That is the use of nukes might be between two other beligerants, and if they are not heading your way, you don't push the button because you won't know where to send them, thus you let things play out for "safeties sake".

This problem of a two player game that can only be drawn not won for both players often gets built into security systems at the earliest of stages because it simplifies the logic immensely. Most games even though we may not realise it are infact multiplayer, even when there are only two sitting at the table of play.

Thus there are lessons to be learned in why stratigic defence systems with only two players are not realy stratigic or two player and are thus inherently unstable, and thinking in such terms causes all security systems to have in built failures waiting to be exercised.

It actually gets worse when you also include the "Defence spending dilemma" where you only ever find where you are "spending to little", not "spending to much" thus due to finite spending resources you get as a ninimum "lost opportunity costs".

vas pupJanuary 16, 2020 4:27 PM

@Clive - thank you for your input and clarification on international maritime law.

My guess drug cartels may utilize underwater drones for smuggling as well. With their unlimited financial resources and no moral/legal limits in their modus operandi, they are also in the play.

SpaceLifeFormJanuary 16, 2020 5:19 PM

@ Clive

Does this smell like portable Stingrays?

Hidden under coat?

hxxps://www.glasgowlive.co.uk/news/glasgow-news/police-scotland-roll-out-encryption-17568762.amp

SpaceLifeFormJanuary 16, 2020 6:14 PM

@ Clive

"Most games even though we may not realise it are infact multiplayer, even when there are only two sitting at the table of play."

Yep.

Prisoners dilemma.

A strange game. The only winning move is not to play. How about a nice game of chess?

The Third Player is not where most would think.

The 'Table of Play': Terra Firma.

AndersJanuary 16, 2020 6:21 PM

www.bloomberg.com/news/features/2020-01-16/the-crime-fighting-app-whose-developers-allegedly-went-rogue

Clive RobinsonJanuary 16, 2020 8:04 PM

@ vas pup,

My guess drug cartels may utilize underwater drones for smuggling as well.

I think they are either well ahead of you or certainly fast on that route,

https://en.wikipedia.org/wiki/Narco_submarine

I can not remember off of the top of my head who the author was or the name of the story, but over fourty years ago I was reading a "dog eared book" that was kind of "Hammond Innes" in nature. So it was probably written twenty odd years befor that so say early 1950's

In essence the plot line was based around the idea of drug smugglers usink a WWII Mk VIII torpedo[1] launched from the side of a ship, the warhead replaced with a half ton or so of cocaine or some other drug.

The story gave a very good description othe Mk VIII and it's internals and how you would extend the range. And I must admit it was these technical details that stuck in my head rather than the main plot[2].

[1] The British 21" Mk VIII designed in 1925 carried over 800lb of Torpex and at 35knts (65km/h) had a rang of 15,000 yards (~14km) and was designed to enable destroyers to be able to attack cruisers and battle ships. It was still current on submarines during the Falklands war where it sank the old USS_Phoenix that had been sold to Argentina in 1951. Later versions like the Mk X had a considerably reduced range but higher speed and lighter warhead and were designed to be used against much less well armoured ships.

[2] Yes forever the geek even when they were called nurds :-o My saving grace was I also played rugby, kind of like American football but without all the "get in your way" body armour. So nobody ever kicked sand in my face at the beach, not that they got the chance, as I was only on it long enough to get a boat, canoe or wind surffer across it ;-)

Clive RobinsonJanuary 16, 2020 8:28 PM

@ SpaceLifeForm,

The 'Table of Play': Terra Firma.

And the heavens above.

Not reported in the New Yorker article is that Russian scientists came up with an earler "doomsday device". Imagine if you will a ship the size of a small oil tanker loaded from stem to stern with fuel and dozens of Tzar Bomba, the most powerfull thermonuclear devices ever built. It's mission to sail up and down in shallow waters with all sorts of nuclear detonation detectors on board. It was designed to automatically detonate all the nuclear devices simultaniously such that it would have been measured in the Gigertonne range, to vapourize the sea around it for some distance and use that to carry radioactive material up to the very top of the atmospher and beyond. That would take many months to come out of the air killing just about every living thing on the surface of the earth. Apparently the scientists were a little supprised when the Russia premier of the time told them they were mad and not to be so stupid.. .

The problem as his son an engineering scientist himself had told him was that the detectors used in the fail safe were not reliable. That is whilst they would successfully detect nuclear events, they could not tell the difference between a nuclear event and a large solar flare...

Nor I suspect a nuclear detonation in space. Which was one of the options for testing, it was also mentioned as a method of dealing with large lumps of rock etc that might hit earth. But also there was Pluto,

https://en.wikipedia.org/wiki/Project_Pluto

Which was the US's own particular brand of nuclear insanity from the early 1960's. Which unfortunately the Russian's might well be attempting not just to duplicate but actually bring into service...

Clive RobinsonJanuary 16, 2020 8:45 PM

@ SpaceLifeForm,

Does this smell like portable Stingrays?

Not as described, it sounds like a digital forensics lab in a "port-a-loo".

It basically sounds like an unwarranted extension to "stop and search" pushed through on the "think of the children" crap. It will almost certainly be used on "fishing expeditions" using the premise of "E' looks guilty guv".

As for the argument it won't keep anything, that is a compleate load and the police spokesperson should know it. Your smart device files will all be downloaded to be checked in various ways, and then supposadly "deleted". As you and I both know, once on a hard drive, especially a solid state drive, the files are not realy deleted, only the directory entries are changed... Worse with solid State drives the wear leveling algorithm means you can not even overwrite the file with an old style "Secure Erase" program...

Clive RobinsonJanuary 16, 2020 9:02 PM

@ Sed Contra,

Every time I read about such LIDARS, I can not help but think what else they could fairly cheaply make.

Like how about an "autolay" system for a gun?

You simply point the gun in the right direction and as you squease the triger, the gun programes and fires a smart bullet accurately to the target...

Thus "Everyman a sniper from the get go".

name.withheld.for.obvious.reasonsJanuary 16, 2020 10:51 PM

Taking this topic to the squid (deep water hunter)

From Georgetown University Law Center, 2011 - The Limits of National Security
Legal Theory Research Paper No. 12-118, Laura K. Donohue is available from
hxxps://scholarship.law.georgetown.edu/cgi/viewcontent.cgi?article=2027&context=facpub

The script has indeed been flipped. An excerpt from the Donohue thesis:

The national security interests of the Founders centered on protection of the Union, the constitutional structure of the state, and the national government as the institutional representation of the people as sovereign. But it is not now the protection of the people’s sovereignty that is the primary aim of federal activity. Instead, it is the federal government’s sovereignty, which, through secret mechanisms and a greatly enlarged administrative capacity, is being secured as against the people.

[PDF source referenced 16 JAN 2020 @ scholarship.law.georgetown.edu]

Clive RobinsonJanuary 17, 2020 8:35 AM

@ name.withheld...,

The script has indeed been flipped.

Pardon me for sounding a little trite, but as an outsider to the US, I thought that it was obvious to all, when J Edgar Hoover did not follow the mandatory requirments of giving up his office.

Further the implementation of "secret law" has always been a red flag indicator of a non-democratic almost tyranical executive, most definately serving it's senior hierarchy and it's "financial supporters", not the people. Because secret law is discretionary law, with the discretion used for the purposes of power. It is in effect the modern way of "Divine Right" by which past Kings excercised "unquestionable" power of life, death, and removal of "God's grace" via burial in unconsecrated ground, disinternment or feeding your body to "the beasts of field and country" in various ways.

The old game was a "Catch 22"[1] the king said when his edicts were questioned "It came from God". If you then continue to question the edict you are by definition a heretic and thus get a heretics death and disposal. Which at best was burned at the stake etc by "the righteous majority" who are in fact living in fear of the same heretics fate, thus accepting your fate under the edict of being beheaded or exciled but still being buried in consecrated ground was preferable...

In England it was not the people who decided enough was enough it was a few other religeious zealots who chopped a kings head off for effectively "consorting with the devil" the embodiment of which was the Pope. In essence King Charles "getting into bed" with "Catholic forces" was seen as being the sin beyond all others that was unforgivable, so a death warrant was issued.

The problem with Regicide legitimate or not, is you leave behind a vacuum. This is due to the populous having been bred from birth to "Respect God, King and Country". Thus a republic fails due to the vacuum of no king. Even when there has been no monarch in a country, people need "Gods on Earth" to look upto, thus they have to be special which we call "being regal". Presidents who maybe get elected democratically, and tyrants / despots who grab power are not regal, thus they don't get the genuflecting respect that has been bred in "the people" from birth (swearing allegiance to a flag just does not work without lots of reinforcment). Therefore such leaders are seen at best as being "just" human with all the failings that go with it. Thus they get treated as human, especially when it comes to being used as bullet catchers by others with tyranical aspirations. Or in the public eye instantly replacable with anyone of many puppets, deadbeats, crooks, or scheming profiteer etc, and the nearest they can get to being regal is to grab the flag and claim to be a patriot in some way. Hence a term for perfidy is "To wrap thrmselves in the flag".

[1] A "catch-22" situation arises from a logical contradiction in a set of rules. The term became immortalized from the film based on Joseph Heller's 1953 novel of the same name. The Catch 22 in both was a reference to a military rule that said that a soldier could apply for a medical discharge due to insanity, but that the mere act of applying is a rational thing to do, thus it proves that you are in fact sane, thus ineligable for an insanity discharge. Thus the only way out was if your commanding officer thought you were "crazy", but as all soldiers had to be crazy to be there you again could not be considered crazy by the normal measures... The same idea was used as a continuous "gag line" in MASH where corporal Max Klinger was "bucking for a section 8 discharge" by being a flamboyant cross dressed, and eventually "got into the habit". It did not stop him getting promoted to Sergeant though...

Jim Van ZandtJanuary 17, 2020 12:16 PM

Europe's General Data Protection Regulation (GDPR) allows consumers to see private data collected by companies. However, the companies can require certain personal details to identify the right file. The NYT has a story about researchers exploiting this provision to access someone else's data. I.e., yet more confusion between identification and authentication.

vas pupJanuary 17, 2020 1:02 PM

@Clive: thank you for your input on torpedoes.
I have such feeling that all technology progress speed up by military (to kill) and in private sector by pleasure (legal or illegal: porn- main driver for the Internet, drugs you name it). Just observation.
Clive, God bless you! Take care of your health and be with us as long as possible. Sincerely, VP.

JG4January 17, 2020 5:42 PM

@Clive - The only thing crazier than a nuclear ramjet would be a nuclear spaceship. I hope that I said that I had dinner with Hubert Yockey in 2008, but that was before I read The Curve of Binding Energy by McPhee and Taylor. So, I didn't think to ask wtf? was a Quaker doing with nuclear bombs. Dr. Yockey must have been at peace with his work, because he recently passed away, age 101. My use of the Gloogle and Scamazon links is not an endorsement of either. More like grudging acknowledgment.

Project Orion: The True Story of the Atomic Spaceship
https://books.google.com/books?id=r_Gu4f0QxrkC&pg=PA67
By George Dyson
...
In 1952, at the Nevada Test Site, Ted Taylor added to his already considerable reputation by holding up a small parabolic mirror and lighting up a cigarette with an atomic bomb. The fireball was twelve miles away. "I carefully extinguished the cigarette and saved it for a while in my desk drawer at Los Alamos," he says. "Sometime, probably in a state of excitement about some new kind of bomb, I must have smoked it by mistake."
...

Ted Taylor, the chain-smoking Quaker, revolutionized the US nuclear weapons program, before he repented. We don't hear about Smedley Butler often enough, speaking of irony. The story is well told here:

The Curve of Binding Energy $1.95 used
by John McPhee (Author) Reprint Edition
4.1 out of 5 stars | 44 ratings
https://www.amazon.com/Curve-Binding-Energy-Alarming-Theodore/dp/0374515980

SpaceLifeFormJanuary 17, 2020 6:13 PM

@ JG4, Clive

"The only thing crazier than a nuclear ramjet would be a nuclear spaceship."

I would not exclude that as the Third Party.

Just saying.

Clive RobinsonJanuary 18, 2020 2:18 AM

@ JG4, SpaceLifeForm,

The only thing crazier than a nuclear ramjet would be a nuclear spaceship.

I was aware of one idea to build a "heavy lift platform" like a parabolic mirror, to create a massive "pulse jet". Put simply micro nukes would be dropped through the mirror and exploded at the focal point directing the energy downwards in a broad pulse along with the consequent radiation transport energy. As far as I am aware the basic idea was tested quite small scale with conventional explosives and found to be workable. The lift capability came out to be on the order of 2000-5000 tons over and above that of the mirror and engine "fuel" and "fuel injection" mechanism.

However it was about the time when the question of EMP realy got going and I guess such a system realy would have been a US wide "self-denial of service" device.

I must read up on project Orion, it sounds as though it is both "technically brilliant whilst mader than a bag of ferrets in mating season".

Clive RobinsonJanuary 18, 2020 4:38 AM

@ ALL,

The BBC did a program on Project Orion a few years back when some of those involved where still alive to be interviewed. It's called "To Mars by A-Bomb" and it's up on youtube,

https://m.youtube.com/watch?v=znmZeEycRwE

It makes fascinating watching.

One good bit starts at 25mins in, where Freeman Dyson explains why we have "mad scientists" it's almost but not quite "boys and their toys".

I think a few of the readers hear know my belief that mankind needs to get of this rock for a whole variety of reasons, and that we should do it whilst we still can. It appears those interviewed share a similar view. But as with me only if it can be done safely.

What is mentioned in the documentry is that fallout deaths was and obviously still is a major concern. However what is not is that Russia developed very clean small atomic devices in the 15kiloton rage for digging canals and that our previous estimates of harm from radiation appear to be erring very much on the side of caution (which unfortunatly appears to be reigniting the idea of using tactical nukes again). So dealing with the EMP effect is probably the biggest concern in certain peoples minds as far as launch harms are concerned. Some feel this could be limited to a 150km area, so as,Russia and China have sufficient "unpopulated" areas they might well be the first to build a full prorotype. As one person in the documentry observed we might be surprised one day just as we were with Sputnik...

SpaceLifeFormJanuary 18, 2020 6:42 PM

@ Clive

"I think a few of the readers hear know my belief that mankind needs to get of this rock for a whole variety of reasons, and that we should do it whilst we still can"

That is exactly what the Third Party would want Homo Sapiens to believe.

Homo Sapiens is the *ONLY* bipedal SpaceLifeForm that can be convinced to board a spaceship, on their own will.

There is no better rock.

I guess you never watched the Movie "V"


MarkHJanuary 18, 2020 6:50 PM

@ Clive, SpaceLifeForm:

I hear they're soliciting volunteers to travel to New Worlds aboard the "B" Ark.

InfoSec engineers are most welcome!

name.withheld.for.obvious.reasonsJanuary 18, 2020 6:58 PM

@ Clive

I diverge a bit from your thesis, and it is primarily from my own internal reference/bias/attitude. I understand how ill informed people can make assumptive "judgements" and/or assessments. You see it everywhere, in all facets of life and in all peoples. The problem I have is that when this behavior is exercised by individuals that "know better" but are happy to lazily ignore the work/responsibility/requirements/engagement that issues often require, they repeatedly punt.

What I think describes our autocratic "tendency" (I personally don't need a leader/hero/mentor/master) in belonging or social cohesion is probably BS (for me at least). I can understand it, but don't like it or would prefer to point out some other issues more salient.

This goes back to my point about the "educated" and so called enlightened individuals such as technocrats and this "falling down". There is this underlying tendency to avoid, ironically, the complex issues wherein the cognizant participation of competent individuals is fully warranted. It is easier to design a complex system that is composed of any number of linear and definitive elements or components than it is to take on the usability and consequences of say a new power source. The second, third, fourth, and often more orders of complexity or derivative's doesn't often include the "real world".

Look at the the governments arguments about cryptographic systems (both specifically and generally), it is as if Dr. Frankenstein set out to make a Jeckel and Hyde reanimation and believed it to be a worthwhile endeavor.

If you want to understand my thesis regarding general social institutions, Monty Python's "Holy Grail" is a good go-to summary in nearly every social context. It is fantastic, brilliant, and funny as all get out. Ironically, it is still relevant. The scenes span from political organizing theory to education and religious dogmas and practices. It is irreverent as one could be, surprised it was even produced. The script could not have been an easy sell...specially in the late 70's. My hats off to them and Pink Floyd band members that got it done.

Electron 007January 18, 2020 9:19 PM

at peace with his work, because he recently passed away, age 101. My use of the Gloogle and Scamazon links is not an endorsement of either. More like grudging acknowledgment.

A$$hol3s protesting corporate America are worse than their bosses. They keep showing up for work and punching the corporate time clock, and we have to bust through their picket line to order anything online, maintain a bank account, and fight all the police union complicity in crimes of identity theft.

Clive RobinsonJanuary 19, 2020 11:48 AM

@ SpaceLifeForm, MarkH,

I'm not talking about venturing of to "boldly go" no it's much more "down to earth than that. You say,

There is no better rock.

Correction,

    There WAS no better rock.

Very past tense.

And it is a very real security problem that in a not very great time realy could be an existential risk.

At the simplest we do know big rocks head our way at very high velocities every few thousand years or so. One supposadly helped wipe out most of the large creatures living on the earth which gave mammals a chance to be come dominant, we also have reason to belive there was another natural incident that nearly wiped mankind out, due to our lack of diversity. More importantly, we know it's going to happen again not if but when, being somewhere else might be a good idea but where? When it's global or regionaly existential...

But that aside we are doing ourselves no favours in the longevity stakes as a species, because we don't think or don't care to think about our cause that effects the next or more generations. In effect we throw the rubbish over our neighbours wall, or neighbours in this case being our descendants, who can not throw it back or stop us, only clean up the mess we've died away from.

The simple fact is we've dug out/up what is easy to get at and we need ever more resources that are increasingly more difficult to get at. Worse as our current first world societal structure has become undermind by our economic stupidity we have ineffect created a "drug addicts need" to destructively and recklessly consume that which is beyond doubt both bad for us and in excess of any need...

One symptom of this reckless need was the problem caused by the use of "Deep Water Horizon" which long befor the deep sea blowout was giving warning signs it was beyond the abilities of certain US oil companies (owned by certain well known politicians that brought us the Iraq war as well). The blowout when it came caused a very much on going ecological disaster from the Florida Panhandle to Tampa Bay and god alone knows where else.

Technical experts in the oil industry had advised against drilling that deep for good reason. Only part of which was that it was so technically risky and there were no known ways of dealing technically with unexpected issues. So it was well known in the idustry that there was no feasable disaster recovery plan if any one of thousands of things went wrong, just vague irrelevant platitudes that were ignored for ostensibly political reasons. That it all did go horribly wrong was thus no great suprise, especially if you consider it was because of the "bullishness" driven by ideology of certain parties with a long track record of things going wrong in that way.

Call it a "signpost on the road to disaster" or "a warning that should be heeded" we are running into increasingly major problems with the scarcity of resources, that some nations have already quite understandably decided to exploit for the best advantage they can (basic market economics at play).

Either we in the first world cut back on our lifestyles which is not likely to happen even with major conflict, or we have to find other ways to get the resources we need. It's a fairly simple equation...

But what should we do as resources become scarce how do we decide?

For instance which is worse making more coal fired powerstations and burn up increasing quantities of fosil fuels with the known negative effects on us now. Or in the US alone build 500 nuclear power plants at a half billion dollars each and as a minimum have the spent fuel issues of type two reactors for a hundred thousand years? But just to add to the fun what happens when something goes wrong? The difference between the two types of power station is the "heat source". So coal burning furnaces spewing poisons into the atmosphere continuously that stop burning fairly quickly, or type two nuclear reactors that are in no way fail safe that will should something go wrong spew radioative materials for upto twenty years or so, that will cause environmental issues for many many thousands of years after we are dead.

I'm sure 10million Australians who have had their life expectancy cut by upto twenty years due to the smoke inhalation from having an area the size of a European country go up in flames will want a say as will no doubt the very many who have suffered flooding in Africa.

Put simply as a species we are exceptionaly greedy, and we consume vasts amounts of resources, which are irreplacable much of which we recklessy waste. For instance something like 50% of electricity generated in the US is wasted in a number of ways or used grossly inefficiently, which amounts to the same thing.

And don't make the mistake of thinking "green energy" will be a miracle solution, it won't get even close with the way we currently behave.

In the US especially with the "base load" it is beyond the capacity that solar / wind / wave / biomass electrical generation can provide reliably or economically as needed even with other yet to be invented/created storage technologies[1].

What local "green" will do however is help cut distribution loss which along with other more efficient methods such as heat pumps will reduce losses and improve over all reliability. But getting real on those losses and inefficiences is very important.

Depending on who's figures and where they are in the first world the "average" house uses between 0.5-9.5 kW hours of electricity a day although the upper figure drops when averaged for seasonal variation. In the US 6-8 kW hours is quite normal much of which is just to shift heat around grossly inefficiently. A few years ago we realised that there was a problem with "light bulbs" and their efficiency. There have been comments that changing from incandescent bulbs to more energy efficient lights in New York alone saved the cost of building a new power station and puting in the required infrastructur which in todays pricing has probably saved 1 Billion USD alone.

I could go on but the point is like it or not the worlds population is still growing, and many aspire towards European or US life styles. With the US apparently consuming ~50% of energy resources used domesticaly it should be clear that something has to change.

Either we need to get more resources in or we need to be not just more efficient but have much much lower life style expectations, that would be mid to low Second World currently[2][3]. Which would also kill our current economic processes so we would start sliding down to third world anyway...

So if we don't get off of this rock to get more resources in the near future life is going to get a lot less pleasant at an increasing pace. At some point on the downwards slope we will cross a tipping point where getting resources from outside this rock and it's bubble is not going to be feasable. Then the journy down that slope will despite how more efficient we can make things end up limiting mankind majorly, and if history is anything to go by that will be significantly hastened by increasing conflict.

What being more efficient in the use of our resources does is buy us a little more time. Science and technology are making rapid progress but there are limits on what it can do. As we know nothing will ever be 100% efficient even getting from 90 to 95% efficiency is a major effort and achievement in physical processes. However getting from 5% to 25% is usually easy often trivialy so just by slight changes in usage or behaviour and making a 2% improvment year on year is also often achievable. But as you get closer to 100% the changes can become less pleasant.

How less pleasant? Well think becoming vegitarian and with a very limited range of foods for one, not having private transport beyond a folding bicycle another, no flying away on holiday etc all those first world differences from second/third world existane being taken away from you.

[1] Energy storage is a thorny issue at the best of times, the storage of electricity in batteries is at best a sick joke as we don't have the resources to build lead or lithium based batteries to cover the "base load". Other technologies such as nickle iron "rob" resources from other technologies so are not realy contenders.

Thus we need to think about storing energy in other ways. As a first world householder the biggest use of energy is "moving heat around" something like 80% of "resistive" heating ends up wasted currently. You can store enough energy to keep a reasonably well insulated home comfortable for upto a week with a few cubic meters of water[4] using heat pumps that over all would use between 10-25% of the energy used by resistive heating. Add another system for "grey water" heat recovery and you could be looking at another significant saving depending on your life style. Ventilation through heat exchangers and condensors means homes can be maintaind with fresh air at constant humidity. There are experimental homes that use various techniques where even solar heating works throught the year for both hot water and heating if people remember to close doors etc.

[2] Oddly for many people, is the realisation of the main difference between first world and second/third world living in our homes is light, hot water, heating and what we eat. That is whilst a lot of our technology not just lighting has become very much more efficient over the last fourty years, other things have not. For instance such as that big "hidden" consumer of energy at around 0.25-1 kW hours of energy consumption is our fridge/freezers, especially upright freezers. One especially bad aspect of that is we don't take the heat away, due to "building them in" to our kitchens so we make them consume even more energy. Because we trap the heat close around them. Heat which could be better used heating other places in the house or added to heat storage. Likewise washing/drying machines be they dishes or clothes.

[3] Another energy issue to do with our standard of living and health is "potable water" and the disposal of sewerage. As first world humans the waste of energy caused by our usages of potable water for everything is frankly astonishing and often a significant waste of resources. Many people waste more water washing their teeth than they drink in a day, because they leave the tap running whilst they do it. As for "having a pee" 9000ml of potable water to get rid of 100-500ml of 95% water urine on average should make people think. Saving and filtering "grey water" from washing people/clothes/dishes to use to flush instead makes a significant difference as would changing the design of toilets. However for "off grid" in poor soil areas using human waste liquid and solid to make compost and fertiliser will over a number of years significantly improve the soil quite safely, enabling it to trap more water and heat and be usefull for growing various low effort crops such as tall grasses that can be used to trap carbon and further improve the soil (hay mulch). Trapping further thermal energy helping to further enrich the soil via various biological processes and increasing the growing season of "storable crops" like root vegetables and canning/preserving of certain fruits such as tomatoes etc. Whilst the average garden would not be sufficient to feed one person for the whole year, the work involved with the likes of hay mulch culture is less than the comparative cost of organic vegtables (the hay can be "spoiled feed" and got for the price of taking it away).

[4] Whilst water has good storage potential between it's two phase change points, the limited range between them and other issues (significant expansion) can cause problems. Unlike certain other "phase change" materials that can often look like waxes with room temprature melt points or hot water melt points. These work well, as do other room temprature materials that can be easily built into walls and the like. Even building the "concreate raft" on which many homes are built slightly differently will enable it to be used as a very large heat storage device and thermal buffer.

MarkHJanuary 19, 2020 3:08 PM

@Clive:

"Deep Water Horizon" which long before the deep sea blowout was giving warning signs it was beyond the abilities of certain US oil companies

Were you making a funny?

Where does that 'B' come from in "BP"?

How is it, that you could travel from your home to the headquarters of the company which operated Deepwater Horizon in a few hours of surface travel, without crossing an international border?

This of course has no relevance to the substance of the arguments you presented; it just kind of "jumped out" at me :)
____________________________________________

More seriously, a plausible attempt to establish a persistent human presence on any other rock could easily cost trillions of dollars, and have an extremely high risk of abysmal failure.

I think it debatable, at least, whether a balancing of

(a) the required investment of material resources, ingenuity, creativity and courage; and

(b) the odds of success

make it a better bet to focus such heroic efforts on some other rock, or the rock we got.

Clive RobinsonJanuary 19, 2020 4:12 PM

@ MarkH,

With regards the odds.

Would you rather try and squeeze more life out of an AA carbon-zinc battery by putting it under your arm for half an hour, or go down to the shops and get a new battery?

If you stay in, the upside is you know that today at least you won't get soaked by the rain catch a chill and get pneumonia, or struck by lightening, run down or in otherways get mauled by traffic, nor will you get mugged or arrested or all manner of other risks (may be not the zombie brain eaters though unless of course you are in Eastbourne[1] ;-).

But you do know that tommorow or the day after you are going to have to make the choice,

1, You are going to have to face those risks as the battery will not last.

2, You give up using what ever the battery is used for.

That is it's not an "if" but "when" situation, even if you do find another trick to keep the battery going it will eventually fain, no ifs, buts or maybes it will fail.

Thus society is the person with choice, the battery is earth's resources and the device is the standard of living.

Because like it or hate it you are going to shuffle of this mortal coil at some point, you can not currently avoid it. Importantly everything mankind does has a risk involved, also there is a probability of something happening whilst you are alive to just wipe you of the score board Thus the younger you are actually the greater the odds you are going to die by some event, sport or repeated activity. If you think about it, as you get towards the end of your life the odds actually start to look better.

Which is why somebody came up with a measure of this and called it "micromorts" thus sky diving is begining to look good again now I'm getting older.

I guess I better start thinking about a big fat life insurance policy, wait a year or two then start in on the "bucket list"...

Or alteratively I could stay indoors avoiding my own shadow eat oatmeal with prune juice, a touch of salad for lunch and bean soup for supper, and work out when it's time to "Move to Eastbourne"[1].

[1] Eastbourne is a place on England's south coast that has an unofficial town symbol of a "bath chair, over two crossed incontinence bags", and looks like it is full of the living dead. Where truthfully every hotel reception desk has at least six stacks of business cards advertising mobility scooters, another dozen advertising "temporary nurses" and advice leaflets from the RSPCA about how to ensure your pets are looked after when you croak. And I suspect if you take a sneak look in the hotel emergancy telephone numbers list you will find every undertaker for twenty miles around sorted by what their referal "kickback" payments are, and how fast and discreetly they can get the stiff out of a hotel room so the hotel can get the next paying stiff to be in at premium rates. After all business is business and they are there to make the best of it in a tough economic climate. I'm told Florida has similar towns with not just Muzack in lifts, but deaf aid coils so even the old get tortured by "Merve and the mellow tones" doing "Copacabana", or The girl from Ipanema".

MarkHJanuary 19, 2020 6:53 PM

@Clive,

Thanks for the tip! I shall scrupulously avoid Eastbourne in my future travel itineraries ... unless somebody wheels me there, incontinence bags in tow ;)

I firmly believe that many kinds of risks are worth chancing. The metaphor for the question I raised: we're in a desperate war, must counterattack in order to have any hope of survival, and ammo is running low. How to allocate resources? On which front(s) to act?

While we're on metaphors, Zn/C batteries have a minute capability for recharge. What if our suffering ecosphere is more like Ni/Cd? That's a different decision problem.

PS Will holding it

Clive RobinsonJanuary 20, 2020 3:58 PM

@ MarkH,

Will holding the battery warm it enough to get more mA hours out?

Battery chemistry is actually very temperature sensitive. For instance if you try charging a LiPo battery at 32F/0C you will destroy it very very quickly, faster than you would recharging supposadly unrechargable batteries like Zinc/cardon (see below).

The mA rating is generaly based on the overly warm 25C room temprature. And depending on battery technology can have a gradient of 10% for each degree Celsius below that... So yes in winter if you are young with good blood flow in your hands then yes it does make quite a difference. Take NiCads that used to be used by wild life filmers using the previous generation of Video camera. They were known for putting the batteries in their underwear under their arms or even between their legs to get double or sometimes tripple the number of minutes filming in snowy conditions.

While we're on metaphors, Zn/C batteries have a minute capability for recharge. What if our suffering ecosphere is more like Ni/Cd? That's a different decision problem.

Zinc Carbon batteries if you use the right charging waveform and discharge curves can be recharged quite safely ten to twenty times sometimes more if the discharge rate is very small. In parts of Europe you can by "primary cell" rechargers for nearly all supposadly non rechargable primary cell chemistries.

But for obvious reasons in less ecologicaly friendly first world nations where economic growth is predicated on needless rapid churn of products, manufacturers don't want you realy knowing this. Therefore they pull the "Every one is a dumb jackass, therefore for 'Health and Safety' reasons we must not let them know" trick...

As for our ecosphere being like a NiCad, it's actually better than the best non organic chemistry battery technologies. NiCads have a life not far off 250 recharge cycles (more with light discharge which is why my phone battery is still good after a decade). The ecosphere is up in the 3-15 thousand recharge cycles as a minimum and decades and centuries in others.

But all such things work on a % loss of functionality per time cycle. Irespective of the length of the time cycle if the % remains constant that is an exponential curve, and we know that it's got a calcuable and known "half life".

It's why I mentioned "buying time" because whilst it does reduce the % in any given time period thus increasing the half life often significantly, unless something else changes we know what the results will be and when. Thus "buying time for science" will extend the time even further, but that still won't solve the problem, jus move the half life.

Thus my point about finding new resources, and the quicker we do it the less painfull will be the journy in the long run.

Which brings up the inverse ratio. The classic example was the Human Genome Project. When they started talking about it it was with the state and availability of technology to take 2.5-3.5 thousand years... However starting it brought science and technology on board quickly. The result was the human genome was mapped in a very small fraction of that time. You can look at the Moon Race in a similar way.

Thus if we realy wanted to get into near space to take advantage of abundant reliable energy, raw materials and advantagious near zero-g manufacturing we could very realistically be up and running in considerably less than thirty years, maybe even a decade.

The real problem every one gets hung up on incorrectly is "getting men into space". We live at the bottom of a large gravity well, thus climbing up is hard. But we don't need man in near space, micro robots that easily reconfigure and in effect reproduce are way way more efficient, flexible and no great loss if individual units go wrong, provided they are designed to be easily "scavenged".

As for getting things down from space, being at the bottom of a well should give you an idea about the ease/riska of that.

The real question is what to drop back to earth. People again get needlessly hung up on that and talk about the sprawl of factories on earth. Which is realy puting blinkers on...

The answer is "feed stock" and for "3d Printing". The technology is sufficiently advanced that out side of "heavy industrial" and other realy quite rare industrial procese we now know how to 3D Print many things. And that also includes the likes of chemical synthesis for even food.

So though still a long way from "Startrek Replicators" we are definately on the starting blocks for something that looks, quacks and waddles like it.

The big problem is "entrenched" looks for problems over the fence to protect it's own turf. It's why "disruptive tech" is where our futures exist for the next climb up the human learning curve.

Is it worth it "hell yes, and the sooner the better" look back at Appolo and the Mapping the Human Genome Project, it realy will reduce the pain to the point we might not even notice and move the world on to a new way of living, it won't be a "golden age" but it might well be bigger than the Renaissance period or Industrial Revolution. Society will if alowed change, and todays supposed existential problems will look "quaint" to our youngest childrrn or most of our grand children.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.