Friday Squid Blogging: Jurassic Squid Attack

It’s the oldest squid attack on record:

An ancient squid-like creature with 10 arms covered in hooks had just crushed the skull of its prey in a vicious attack when disaster struck, killing both predator and prey, according to a Jurassic period fossil of the duo found on the southern coast of England.

This 200 million-year-old fossil was originally discovered in the 19th century, but a new analysis reveals that it’s the oldest known example of a coleoid, or a class of cephalopods that includes octopuses, squid and cuttlefish, attacking prey.

More news.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on May 8, 2020 at 4:17 PM100 Comments


Mr. Peed Off May 8, 2020 4:54 PM

Later this year, users will no longer need to install an app to opt in to the contact-tracing effort: Apple and Google say proximity tracking will be built directly into phones’ operating systems in the coming months “to help ensure broad adoption.”

“Apple and Google’s effort will create a new de facto international standard for digital contact tracing.” But the two are not alone in developing apps in the private sector. Companies including PwC, Salesforce and the controversial Israeli cyberintelligence firm NSO Group are preparing to launch apps that would allow employers preparing to reopen their offices to track their employees.

Can the Israeli executive continue to authorize the state’s internal security service to conduct electronic contact tracing of COVID-19 patients without statutory authorization? On April 26, the Supreme Court of Israel said no.

Alejandro May 8, 2020 5:14 PM

Re: Ultrasonic leaks, tracking and cookies as mentioned by Mr. Peed Off @ this link:

Ultrasonic cookies require access to the microphone to work which is it’s Achilles Heel.

On Windows 10 goto Device Manager/Audio Inputs and Outputs/ right click the microphone, then disable it.

On the various phones I guess you have to go through each app to make sure microphone access is denied. Even then that leaves a big hole for Alexa, Siri, Hey Google, etc.

Any more ideas?

JonKnowsNothing May 8, 2020 5:54 PM



Ultrasonic cookies require access to the microphone to work which is it’s Achilles Heel.

On Windows 10 goto Device Manager/Audio Inputs and Outputs/ right click the microphone, then disable it.

There have been a good number of discussions on such topics and the take-away is this: What you suggest is not going to work.

There are layers and layers of software and hardware between the user interface and there are a lot of ways to get to the described end.

iirc: speakers and microphones are pretty much interchangeable.

Turning off an option on the UI does not turn it off on the physical level. Some folks advocate drilling out the offending parts which is way over my pay grade.

There are also ultrasonic specs that target any devices within range. Like an ultrasonic beacon from a movie targeting smartphones and computers for a loopback. Many IOT devices can be triggered to echo too.

Off is not OFF.

Rj May 8, 2020 6:08 PM

Cameras can be defeated with an opaque shutter. One place I worked recently had them pre-installed by the help desk team. A simple sliding piece of black plastic with a stationary holder and a self adhesive back. Takes about 2 seconds to install.

The microphone is a harder problem. If you open up the laptop, the microphone is usually connected to the mother board with a small cable. In the interests of easy parts replacement, this cable usually has a little connector at the motherboard end. Just unplug the cable and the microphone is disable. If you want a microphone, either plug one into the usb port, or use a bluetooth headset with a microphone.

MarkH May 8, 2020 6:34 PM

Modeling the Pandemic Long-Term

Two days ago, I observed here that

The overt policy of most states sounds like [aggressively reducing case numbers to a very low level], but because they aren’t suppressing infection enough to make [Test/Trace/Isolate] feasible, their de facto policy will [be to let the infection spread nearly to its natural limits] by fits and starts.

Or in other words, until effective vaccination is available, many countries will be following the policy of drifting into herd immunity … reasonably construed as mass homicide.

This article shows attempts to model what aimlessly drifting toward herd immunity might look like:

Although I didn’t see it spelled out in the article, it would seem that the models are for the U.S. Even so, the dynamics of the models probably would apply similarly to many other countries as well.

The second group of models in the article show what engineers call limit-cycle control: relax social distancing, wait for cases to explode to some threshold, and then reimpose social distancing. Politics and psychology being what they are, it’s impossible that things will operate so simply. But what’s interesting, is to consider the duty cycles (a lot more distancing than relaxation in some scenarios).

Those models also show the gradual approach toward a presumed herd immunity percentage of 55% (which is surely at the low end of required percentages) … but don’t come very close to it, even after two years of misery and death.

What they don’t show, is the cost in deaths and lost quality of life. [I’ve been reading a little about the condition of Covid-19 survivors after coming off the ventilator: needing to re-learn how to walk and to speak, suffering cognitive impairments and psychological trauma …]

Hopeful News on Antibodies

A recent U.S. study applied a SARS-CoV-2 antibody test that’s supposed to have less than 1% false positives, to people who’ve tested positive for the virus and then been recovered at least 14 days. Of 624 tested:

82% showed high levels of antibodies
7% showed low levels
11% showed no antibodies

Even more encouraging, of the 113 subjects who measured at low levels or no antibodies, they were able to get 64 to return a week later for a follow-up antibody test: only 3 still showed no antibodies.


• a high proportion of recovered Covid patients show high levels of antibodies

• almost all recovered Covid patients have at least some antibodies

• the build-up of antibodies seems to be slow, perhaps requiring about a month to level off

It’s very important to remember that the presence of antibodies by itself tells us nothing about how immune people might be, or how long such acquired immunity will persist.

It’s Time to Put the Bull$hit about Sweden to Rest

In reported Covid-19 deaths per population, Sweden has just surpassed the Netherlands … is continuing at high rates of new cases and deaths (with slight deceleration) … and seems likely to soon overtake France among the states with the worst rates of pandemic death. [In recent weeks, France has done remarkably well at suppressing spread of the virus.]

Denmark has many cultural and sociological characteristics in common with its larger neighbor. These countries are so near, that you can travel between them by driving your car across the Øresund Bridge.

Denmark has only about 30% as many deaths per unit of population as Sweden (and that percentage will shrink, as Sweden’s carnage grows). But, sputter Sweden’s defenders, the economy! The economy! Sweden is not paying the awful cost of lockdown!!!

… except that present economic forecasts predict Denmark to do a little better than Sweden in 2020, taking account of pandemic impacts.

There seems to be a fairly strong consensus among economists that economic growth vs. saving lives is a false dichotomy: countries that would be prosperous, had best protect their populations.

MarkH May 8, 2020 6:40 PM


It depends how much of the computer you allocate to trustworthy vs. compromised.

Although speakers make amazingly good microphones (for picking up conversation, they can work a LOT better than most microphones do), that can’t be exploited in a computer unless circuit connections are provided for connecting the speaker leads to and A/D input.

I’m guessing that most computers lack such a connection … unless they snuck one in 😉

Cencured May 8, 2020 6:52 PM

Comment Blocked

Your comment was blocked from appearing on the site. This may have happened for one of the following reasons:

You posted without typing anything in the name field, or you simply typed "Anonymous." Please choose a name or handle to use on the blog and try again. Conversations among several people all called "Anonymous" get too confusing.
Your comment was a duplicate of another recent comment. If you double-posted accidentally, you don't need to do anything more -- the first copy of the comment will still be published.
You posted using the name of an administrative account, but the blog couldn't authenticate you. If you are an administrator, please log in and try again; otherwise, please choose a different name. 

If none of these reasons apply, then your message was spam filtered and will be held for review by a human. We apologize for the inconvenience.

Sidebar photo of Bruce Schneier by Joe MacInnis.
About Bruce Schneier
Bruce Schneier

Canon May 8, 2020 6:57 PM

Not sure why you might want to look at the autofiltering, its a shame since the message might miss a big point.
Long story short UUID is intresting to look at


Canon May 8, 2020 7:23 PM

So not sure what is going on
since i got censured, tried some more times to no avail

Perhaps its the syntax or something within the message that is shied upon, dunno…
but that info is here

JonKnowsNothing May 8, 2020 7:36 PM


re: Speaker/Mic connections

There is the external connection, and then there are internal connectors, and deeper in are component options.

Depending on the system you can yank out the mic/speaker from the socket and you can drill out the socket but the internal component that runs it might very well still be active.

Now turning on an item within a component by itself might not do much but I wouldn’t want to bet there isn’t another route to obtain the desired end.

Components and device drivers have a whole range of capabilities many more than are enabled by the designer. Many components have serious low-level I/O functions and memory access. Sort of depends on who is minding the store even if they try to separate the features and functions there are still the old Blue Wire connectors.

Covering up the video camera optical port, removing physical wires from the ports are all good. It’s about the best most can do but in these Days of ZoomDoom it will be hard not to have a connection.

Some of the newer phones have so many cameras on them you will have to cover up the whole phone to block them. There are also other techs that are “thru the wall” and don’t need a camera.

Blue Wire = Engineering patch usually soldered on the board. Color coded by department or authorizing engineer. Often seen on prototypes but also on bad-build boards needing hardware changes. If permanent in a run of boards it can be done by the supply house. Sometimes fixed in the next run and sometimes not.

Canon May 8, 2020 7:40 PM

Hi, and lastly i would like to focus on some scenarious that were used that infact had to do with Crypto AG such alliances as maximator..


















SIGINT Seniors Pacific (SSPAC) also includes India, Singapore, South Korea, and Thailand

Snowden? report

Mentions that NSA works with Pakistan,Hungary,Ethiopia,Czech Republic










MAXIMATOR: (Signal Intel. Crypto since the 1976) was secret until around 2020?


Still active, among many things it could be said that Crypto AG was a Maximator Project and all information
regarding its inner secrets was spread across its members
Crypto AG ( 1970 — 1993 ) sold to more than 100 Countries!
Who blow the whistle ?

1976 Denmark was the initator and it was initaliy an alliance between DNK,SWE,GER
1977 Holland was invited and came along in 1978
Investment of Satelite Technology was the main driving force
1983 France wanted to come in and was supported by Germany
1984 France was invited and joined in 1985

Maximator är en tysk ölsort (Trippelbock vill jag minnas, MNZ ?)
Pullach until 2017 for Nachrichtendienst LDO ?
Noteras bör att andra länder velat gå med men nekats inträde, framförallt länder som Norge Spanien och Italien har setts
som “odugliga”

Common Solution until late 1980s used to be: A common approach was to use so-called correlation attacks on shift registers
Diplomatic Traffic was in focus (LDO again)

However it was higly effective also in places like the Falklands War 1982
where the Dutch provided GHCQ of a solution to read the rigged HC500 communications in Argentine
and was by many in the know the only thing that gave UK the possibility to win that was
otherwise they would have lost it, this was called the RUBICON Project










Germany, the Netherlands, France, Belgium and Denmark


So one can see a common pattern here that is occurring and its that of rigged encryption
making the enemy trust useless devices and then use that at once advantage, i would say brilliant stuff

Trudi Fenster-Klotz May 8, 2020 7:48 PM

This may have been posted earlier, but a very useful site for reviewing and comparing COVID-19 unfolding,

looks at doubling time by plotting for counts C, of either cases or deaths, ΔC (over 1 week) versus C.

It seems to be updated daily to keep up with published stats (Worldometer, JHopkins, etc.).

You can display linear, logarithmic, cases, deaths, selected groups of countries. With the data, one can display the line corresponding to C doubling time, for any choice of doubling time. Use this e.g. to see at what doubling time cases or deaths peaked.

You can run the time of display between the initial date of cases and any later date.

Hold your armchair pandemicists and imperialist modelers accountable !

Canon May 8, 2020 8:08 PM

so … where does this lead us in the todays stuff we have some intresting ones to consider.

  • Tutanota Email
  • Proton Mail

Probably every VPN Service that exists

TOR ? not sure probably ok if used wisely
– what is wisely ? good idea ?
* TOR Router with good leakage filters
* Separate TOR Chains for different countries ?
* Separate TOR Chains for DNS

Btw if you use SOCKS you cant use DNS filtering you need to use a transparent tor router to proxy all traffic, etc problems…

Yeah TOR is a mess but still useful if done right

What more, dump the smartpones
Dropbox 100% bullshit
Antivirus 100% Bullshit
Windows 100% Bullshit

Goodluck 🙂 I am Not joking


MarkH May 8, 2020 8:19 PM


Suppose, for the sake of discussion, that some sound chips have a perhaps undocumented diagnostic mode allowing speaker leads to be routed to an audio A/D channel.

The attack scenario in the articles linked by Mr Peed Off is commercial enterprises snooping customer information.

Even if the app designers are worried about people who disable microphones, how likely are APIs to expose such a secret hardware diagnostic?

If your primary security concern is the kind of intensive surveillance applied by the intelligence agencies of powerful states to high-value targets, then by all means drill out the mics … but I think you’ll have bigger worries to contend with.

For people protecting themselves against lesser threats, many of the attacks we discuss here are rather unlikely.

Canon May 8, 2020 8:27 PM

Hah just a reminder on this one
— What more, dump the smartpones

(Dont dump your phone inside a Thai Police Car) LOL


Dio G May 8, 2020 8:37 PM

“Later this year, users will no longer need to install an app to opt in to the contact-tracing effort: Apple and Google say proximity tracking will be built directly into phones’ operating systems in the coming months “to help ensure broad adoption.”

There doesn’t appear to be any legitimate business reason for Apple or Google to know to whom you are in ‘proximity’, close or otherwise. I’m sure the Chinese government will love the feature (and manage to require it be enabled clandestinely if not liberally).

Canon May 8, 2020 8:42 PM

Hmm its blocked again
Surely there must be some mysterious error going on with this UUID, not only does it almost get you run over buy a truck the information somehow cant get ink on internet

Guys do me a favour and look into this UUID thing please thank you and good night <<< its blocked as well

JG4 May 8, 2020 9:14 PM

I wrote up a concept a few years back suggesting that the locations of cell phones in a crowd could be mapped using undocumented ultrasonic features. If I recall correctly, I’ve used two previous handles here, John Galt III and John Galt IV, which I later abbreviated to JG4. I was consistent during those periods. This was written during the John Galt IV period.

John Galt IV • October 30, 2015 6:58 AM

There are ultrasound equivalents to radar which can be (or are) implemented in cell phones, likely as undocumented features. Such implementations would rely on other undocumented features, such as a microphone and earpiece (I hesitate to call it a speaker) with usable frequency response well beyond the range of human hearing. Some very special information could be gathered by clandestine activation. I will give only one example here, but the interested reader is invited to comment on some of the other brilliant and spooky applications of this technology.

An equivalent method of measuring cell-phone-to-cell phone distances in the crowd could be implemented by using the ultrasonic features described above, again using unique pseudorandom codes to uniquely identify each transmitter. Once the distances, locations and effective microphone pointing directions are known (which also can be represented by component transfer functions), the real magic begins. The voice of every speaker in the crowd can be isolated by beamforming combinations of the audio frequency signals picked up from each microphone and uniquely identified, even in the presence of heavy background noise.

I’ve claimed at least once that I posted a link to a microphone suitable for observing such signals, but I was twice unable to find it with diligent searches. Here are the results of a search at Digikey. You could have some fun spoofing the signals too.

SPU0410LR5H-QB-7 $0.30
100Hz ~ 80kHz Analog Microphone MEMS (Silicon) 1.5V ~ 3.6V Omnidirectional (-38dB ±3dB @ 94dB SPL) Solder Pads

50Hz ~ 40kHz Digital, PDM Microphone MEMS (Silicon) 1.65V ~ 3.63V Omnidirectional (-32dB ±1dB) Solder Pads

50Hz ~ 80kHz Analog Microphone MEMS (Silicon) Omnidirectional (-38dB ±3dB @ 94dB SPL) Solder Pads

50Hz ~ 80kHz Digital, PDM Microphone MEMS (Silicon) Omnidirectional (-26dB ±1dB @ 94dB SPL) Solder Pads

100Hz ~ 80kHz Digital, PDM Microphone MEMS (Silicon) 1.62V ~ 3.6V Omnidirectional (-26dB ±1dB @ 94dB SPL) Solder Pads

I still read NC too.

Voodoo priests recommend voodoo to stop covid-19 The Economist

Why America Can Make Semiconductors But Not Swabs

JonKnowsNothing May 9, 2020 1:33 AM



…chips have a perhaps undocumented diagnostic mode

It is probably very well documented but these documents are not read very much outside of the group of engineers writing the code for that particular chip.

Nearly every chip has some sort of loopback or testing pathway that allows code for that component to be tested independently of other parts. It is a Catch22 in many cases due to system dependencies whether you can get a “good test” without the rest of the system but you can do some sanity testing.

The documents for the chips are pretty dull reading, and the more complex the chip the more eye-glazing the huge stack of hard copy is to wade through.

Personally I’ve tried e-copies and hard-copies and I used both versions as I could mark up the hard copy for the features required by the engineering specs. A vast amount of capability for the majority of chips never gets used.

In thoughtful implementations, once everyone has a “happy camper face” with what you present, the rest of the options may have a “disable” method.

Sometimes its a simple as deleting a call from the stack or leaving a feature with a Null Return result. However, with really complex chips it would take forever to deactivate every unused feature.

But for the most part the documents are commonly available.

There is a caveat, not only are the documents likely to be slightly (or a lot out of date) for the chip design, there is every likelihood that the chip does not work as described in the documents.

Bad chips are worse to than just bad software, the release-fix maybe sometime-to-never and can crush a critical delivery faster than a black hole.

Phaete May 9, 2020 3:32 AM

@Canon and everyone with with posting problems.

If you do a forced refresh back on the homepage after posting you won’t get blocked.
Small cache issue, doesn’t get updated after you post in the new page sent, so do it manually.

MarkH May 9, 2020 4:51 AM


Whether or not publicly documented … do you suppose that such diagnostics are implemented in released device drivers?

If Mossad is after you, they might well find a way to swap drivers on you. But depending on the operating system, replacing a device driver may not be practical as a part of “app” installation.

Again, the lead comment on this topic was about businesses vacuuming commercial data, not state-level intelligence operations.

Many millions now have continuous streaming of microphone audio to remote servers for word identification, whether from phone, notebook or “hockey puck” device.

JonKnowsNothing May 9, 2020 11:22 AM



Whether or not publicly documented … do you suppose that such diagnostics are implemented in released device drivers?

This depends entirely on the team writing the code base. If a loopback option is needed in Engineering Testing and for Short Term/Long Term Testing it will remain enabled.

Whether it is accessible from higher level software also depends on those systems too. If a high level test is needed then there will be requirements to call down to the lower level. So generally some features are required.

If you run even a basic PC Hardware System Test for a video card there are a number of “cute” animations running while the lower level calls are made to the hardware. Not all of these even go that deep.

OSI 7 layer model may help here:

    |           |
7  Application      7  Application
6  Presentation     6  Presentation
5  Session      5  Session
4  Transport        4  Transport
3  Network      3  Network
2  Data         2  Data 
1  Physical     1  Physical
   |                 |
---^                  >------

Along all the paths and layers there are places where things can be turned On and Off. Most of the On/Off that is provided to End Users is at Layer 7 Application. Physical On and Off at the component level runs from Layer 1-4 with varying degrees of control.

Which is why OFF isn’t OFF and ON maybe ON – maybe.

ht tps://
ht tps://
ht tps://
(url fractured to prevent autorun)

MarkH May 9, 2020 2:07 PM


Some of us learned about OSI back in the 80’s … but didn’t find it too useful. I suppose that sound cards and device drivers primarily occupy the bottom two layers.

If the sound hardware uses amplifiers between the sound chip and speaker(s), then speaker EMFs in response to sound waves probably cannot be usefully monitored. [The type of chip in my old hardware was not designed to drive speakers.]

Even if the sound chip has internal amplifiers, then speaker EMFs probably cannot usefully be monitored unless the amplifiers can be shut down to a high-impedance state, and there is a signal path (either on- or off-chip) from the speaker pins to an ADC input.

Even if the hardware meets the criteria in the preceding paragraph, the speaker can’t be used as a microphone unless the device driver exports the ability to make the required hardware configuration to the driver API. On linux, this would (if I understand correctly) typically be done via ALSA.

None of this is to say, that it can’t be done. If you find an example “in the wild” of hardware/drivers that can run the speakers backward, I know I won’t be the only one to study it with very great interest!

Clive Robinson May 9, 2020 3:07 PM

@ MarkH, JonKnowsNothing,

None of this is to say, that it can’t be done. If you find an example “in the wild” of hardware/drivers that can run the speakers backward

We’ve been through this before.

For a century and a half or more a single pair of wires can be made to carry four sound channels that can all be pulled out using passive devices known as “two wire to four wire hybrids”.

As I’ve mentioned before the Russians used to supply Westerners with cars from the airport. This had a sealed off passenger compartment, and an AM broadcast receiver was built in as standard along with various other interesting items.

The radio was quite standard appart from a two wire to four wire hybrid between the audio amplifier and speaker. The two wire side of the hybrid went to the speaker (line) the amplifier went to the TX pair of the four wire side and the RX pair went off to one channel of a two track tape recorder, the second channel had an antenuated copy of the amplifier output.

The net result was that the speaker acting rather well as both speaker and microphone ended up picking up any other audio in the passenger cabin and recording it with almost crystal clarity.

Such two wire to four wire hybrids can be easily made with a couple of OpAmps built into the silicon of AC’97 compatible audio chips[1]. Oh and most of the mike/line connectors on a PC SoundCard are reversable, the chip works out from the devices impedence if a microphone, speaker or controler is plugged in and configuration is fairly simple.

So yes your PC speakers can pick up what you are saying around the computer even if it is playing music.


Sherman Jay May 9, 2020 3:09 PM

I HAVE ALWAYS SAID: Technology is just a tool. It can be a tool to make things or weaponized to hurt/murder people.

h tt ps://
by Naomi Klein

MINEOLA, NY – OCTOBER 27: New York Gov. Andrew Cuomo looks on as Google’s Executive Chairman, Eric Schmidt, left, talks during the Smart Schools Commission report at Mineola Middle School on October 27, 2014 in Mineola, New York. Governor Cuomo visited the Long Island school to receive the Smart Schools Commission report which calls for NY State to invest $2 billion in its schools in order to enhance teaching and learning through technology. (Photo by Alejandra Villa-Pool/Getty Images)

Screen New Deal
Under Cover of Mass Death, Andrew Cuomo Calls in the Billionaires to Build a High-Tech Dystopia

as the old 60’s song lyrics go:
‘nowhere to run to, baby nowhere to hide’

Mr. Peed Off May 9, 2020 3:39 PM

The tech industry is trying to cash in Covid-19.

If all of this sounds familiar it’s because, pre-Covid, this precise app-driven, gig-fueled future was being sold to us in the name of convenience, frictionlessness, and personalization. But many of us had concerns. About the security, quality, and inequity of telehealth and online classrooms. About driverless cars mowing down pedestrians and drones smashing packages (and people). About location tracking and cash-free commerce obliterating our privacy and entrenching racial and gender discrimination. About unscrupulous social media platforms poisoning our information ecology and our kids’ mental health. About “smart cities” filled with sensors supplanting local government. About the good jobs these technologies wiped out. About the bad jobs they mass produced.

And most of all, we had concerns about the democracy-threatening wealth and power accumulated by a handful of tech companies that are masters of abdication — eschewing all responsibility for the wreckage left behind in the fields they now dominate, whether media, retail, or transportation.

MarkH May 9, 2020 4:57 PM

@Clive, Jon:

I’ve been looking at the datasheet for an Analog Devices chip typical of the family used in my antique computers … Clive doesn’t have a monopoly on old hardware 😉

The datasheet proudly proclaims the chip to have “AC’97 2.3 compatible features”.

From my examination, I note the following:

  1. None of the ADC input paths shows any connection path to any audio output. [For mixing purpose, some of the signal paths to the outputs can be routed to ADCs, but those paths are on the driving end of amplifiers which connect to the output pins through mute or Hi-Z switches.]
  2. The “jack sense” features seem to be limited to
    • programmable control of output muting
    • programmable selection of output source
    • detection by software
  3. The “high power” output has a maximum capacity of 30 mW — fine for headphones, but rather wretched for speakers. I presume, therefore, that typical computer designs interpose audio amplifiers. That would mean two amplifiers pointed the wrong way, between the speaker terminals and the sound chip ADCs.

There’s a variety of tricks which can be played in the off-chip schematic. My old machines have separate headphone and microphone jacks. If I did the design, I’d connect the high-power output to the headphone jack, and drive the speakers through an audio amplifier chip from the line out pins. This would allow the possibility of automatically muting the speakers when headphones are plugged in.

If the sound card schematic connects unused audio inputs to the speaker terminals — and the power amplifier chips either have an output impedance that isn’t too low, or they can be disabled — then the speakers can indeed be used as microphones. Otherwise, I don’t see how the stunt could be accomplished.

If anybody has a concrete, real-world example of doing this on a mass-produced computer with unmodified hardware, please do tell!

name.withheld.for.obvious.reasons May 9, 2020 6:06 PM

@ MarkH, Jon, Clive

Clive doesn’t have a monopoly on old hardware 😉

Add me to the list of keepers of the old hardware, from components and data sheets to systems and devices…stuff still works too.

Some of the AD devices include enough smarts to run a small RTK like ECOS or QNX. A bit of ARM/AD mixture of compute features. Depends on how old and large (die larger than 10mm).

Sherman Jay May 9, 2020 6:23 PM

to: Mr. Peed Off,

Great Minds Research alike. Didn’t mean to steal your thunder.

Sherman Jay,
fellow of the Royal Society for the Preservation and Rejuvenation of Antiquated Computers

MarkH May 9, 2020 6:31 PM

@Sherman Jay:

I don’t so much rejuvenate old hardware, as keep using past the point of brokenness …

In keeping with this, my phone line’s gotten so bad that the DSL is intermittently useless.

Amazingly, it has moments of working pretty well despite the modem reporting 0 db SNR margin & 112 db attenuation!

The telco claims they’ll fix it Monday …

Sherman Jay May 9, 2020 6:34 PM

@Clive Robinson, MarkH, JonKnowsNothing,
” So yes your PC speakers can pick up what you are saying around the computer even if it is playing music.”

I don’t think I face much risk. I always use headphones on computers (only use speakers on my multimedia center which is air-gapped and never connects to the internet. And the headphone output is run through an electronic crossover, an amplifier, and an equalizer before getting to the speakers.)

And in the ‘wilderness’ where we live, it would be extremely unlikely for anyone to ‘mess with our gear’. Other than Wiley’s Bears (ref. to non-sequitor commic).

Sherman Jay May 9, 2020 6:41 PM

good luck with the DSL, the techdirt site often has articles on poor broadband in the u.s.

We have VDSL, takes over 5 minutes to boot the modem, is throttled to <20Mbps to keep cost reasonable. The old techs that work for the telco are usually quite helpful.

I noticed that the pots (copper) phone system that used to have backup batteries is now run directly from the electic grid and crashes (phone and internet) whenever there is a power outage in our neighborhood.

I am using an old (circa 2008) desktop I got from a neighbor who was going to put it in the landfill. It runs nicely with puppy or backbox linux.

JonKnowsNothing May 9, 2020 8:26 PM

@MarkH, @Clive, @All

re: audio redirects and other aspects

iirc the last time Clive expounded and corrected many misconceptions about “how these things work”, he gave a squid-lecture on Leon Theremin and his very interesting devices.

I have re-read Clive’s explanations many times and it’s all still over my level about “how it was done”. I have always hoped Clive would return and do a Master Class on this topic (starting with Theremin-For-Dummies which is my level).

Years ago I had read some stuff about Theremin but the tech details were glossed over with “no one knows” and painted the topic like it belonged with the Voynich manuscript and still un-deciphered Mayan Codices.

Imagine my utter delight reading Clive’s expounding on how it was actually done!!

For those not familiar with Leon Theremin some starting tidbits:

Leon Theremin:

a Russian and Soviet inventor, most famous for his invention of the theremin, one of the first electronic musical instruments and the first to be mass-produced. He also worked on early television research.

Theremin (music instrument):

is an electronic musical instrument controlled without physical contact by the thereminist (performer). It is named after its inventor, Léon Theremin, who patented the device in 1928.

The instrument’s controlling section usually consists of two metal antennas that sense the relative position of the thereminist’s hands and control oscillators for frequency with one hand, and amplitude (volume) with the other. The electric signals from the theremin are amplified and sent to a loudspeaker.

The sound of the instrument is often associated with eerie situations. Thus, the theremin has been used in movie soundtracks.

The Thing (the topic under discussion):

The Thing, also known as the Great Seal bug, was one of the first covert listening devices (or “bugs”) to use passive techniques to transmit an audio signal. It was concealed inside a gift given by the Soviet Union to W. Averell Harriman, the United States Ambassador to the Soviet Union, on August 4, 1945. Because it was passive, needing electromagnetic energy from an outside source to become energized and activate, it is considered a predecessor of radio-frequency identification (RFID) technology.

The Thing consisted of a tiny capacitive membrane connected to a small quarter-wavelength antenna; it had no power supply or active electronic components. The device, a passive cavity resonator, became active only when a radio signal of the correct frequency was sent to the device from an external transmitter. This is referred to in NSA parlance as “illuminating” a passive device. Sound waves (from voices inside the ambassador’s office) passed through the thin wood case, striking the membrane and causing it to vibrate. The movement of the membrane varied the capacitance “seen” by the antenna, which in turn modulated the radio waves that struck and were re-transmitted by the Thing. A receiver demodulated the signal so that sound picked up by the microphone could be heard, just as an ordinary radio receiver demodulates radio signals and outputs sound.

Theremin’s design made the listening device very difficult to detect, because it was very small, had no power supply or active electronic components, and did not radiate any signal unless it was actively being irradiated remotely.

ht tps://
ht tps://
ht tps://
ht tps://
ht tps://
(url fractured to prevent autorun)

Mr. Peed Off May 9, 2020 8:56 PM

Saddened to learn of the passing of an “internet forum friend”. He was a retired IBM engineer and was proud of his work with the System/3. He will be greatly missed.

I still have a pair of working 386 machines, a Pentium1, and a Pentium2.
First computer was an used Amstrand. I parted it and about 5 others out a few years ago because the closet was about to overflow. My current desktop (first computer i purchased new) is 2007 model. I figure repairing and upgrading is half the fun.

thatguy May 10, 2020 12:13 AM

Hey all,

I actually had a few questions I was hoping some experienced security individuals would be able to point me in the right direction with. I have only been in Security relative to computers and networks for a couple of years. My degree was in cybersecurity and the classes I took were only based in tech. I had never learned anything about security in general as a theoretical idea. I have been naturally applying the ideas ive learned about cybersecurity to other areas, such as security of an organization, people, different types systems, and even governments and nations. As a security analyst Ive developed a certain skill for sort of identifying patterns of probable connectivity out of the proverbial fire hose. I don’t have any mentor and have had to learn everything I know on my own. There are few security minded or even tech minded people that I work with. I was immediately hired while in school for an info security position at a manufacturing corporation. I have tried looking for books and courses about security but have only been able to turn up topics of computer and networking security or actual physical security such as police or guards. Im looking for some type of classical fundementals. Maybe something like “The Prince” or similar. Surely the idea of security goes back to ancient times. I recently watched a video in which Bruce made some comments such as “In times of certainty, centralize, and in times of uncertainty de-centralize.” I was curious where I could learn this type fundemental knowledge. I have a suspicion that a theoretical Security engineer may be something I very much enjoy. Being able to take any subject and observe or break it apart at a micro and macro level, how it works as a system and in networked systems. Being able to identify root causes, vulnerabilities to either defend or exploit, and the logical consequences/costs of those actions. Taking the perspective and vocabulary from Computer security and apply it to other areas, particularly law, foreign and domestic policy, national security, I suspect this may be something learned at the government level. Is anyone able to point me in the right direction with some resources or titles? Thanks in advance.

etv May 10, 2020 1:01 AM

Researchers demonstrated illicit repurposing of headphones as microphones in 2016 by taking advantage of chipset functionality


Phaete May 10, 2020 3:29 AM

@ Clive et al,

I’m not sure if it is possible with an AC97, but with the Realtek HDA you can reassign/redefine minijack input/outputs.
Define the headphone output as microphone input, give it an extra layer of software amplification and record it.

Take note of what headphone, simple should work, no DSP, preamps, BT connect etc there.

The Red Squid of Passion May 10, 2020 4:48 AM

@Dio G, others

I’m wondering if it’s possible to turn the Apple-Google proximity tracking to mesh network use?

I’m also thinking our dear friends in Apple and Google and other interested parties, will be screaming blue bloody murder the instant anybody starts hacking their precious devices to communicate in a non-authorized fashion. (You know Apple’s outrage at the very thought that someone out there might like to jailbreak their iPhone’s iOS.)

MarkH May 10, 2020 5:41 AM


Thanks much! To me, a few grams of demonstrated exploit outweighs a hundred kilos of speculation.

@JonKnowsNothing, etv, Clive:

For convenience, here’s a link to the write-up of the headphone exploit made at Ben-Gurion University of the Negev:

Some observations concerning this paper:

  1. The attack makes use of a “value-added feature” rather than some obscure diagnostic mode, and so is both plainly documented in the datasheet, and implemented in standard device drivers.

In the specimen datasheet I examined (for Realtek ALC892), the signal path from audio output pins to the ADCs is as clear and obvious, as is the lack of such signal path in the datasheet for the Analog Devices AD1888 Soundmax chip I looked at yesterday.

So, as any of us would expect, the accessibility of the attack depends on the particular hardware.

  1. The paper is deafeningly silent on the question of built-in (internal) laptop speakers, and refers with great explicitness to jack connections for external audio devices.

Now, why is that? Could it be that the authors failed to consider the possibility, or couldn’t afford a laptop for experimentation? My reading of the Realtek chip is that every output pin — including whichever outputs the design would allocate to internal speakers — can also be used as an audio input.

My interpretation is that the authors were neither stupid nor broke, but rather determined that even though the pins used to send audio signals to the internal speakers can be turned around as inputs, that capability is not useful … because there are external power amplifiers between the sound chip and the speakers. I think it likely that the overwhelming majority of laptops with built-in speakers have such power amplifiers.

If the Ben-Gurion team could have demonstrated eavesdropping via laptop internal speakers, surely they would have. It would have been a more dramatic exploit gaining a lot more publicity: a fair percentage of laptops have no headphones connected a fair percentage of the time, but almost all laptops have internal speakers connected all of the time.

Now, all of this being said, if a sound card is designed by Germanic engineers who love self-test and diagnostics, and there are input-capable pins on the sound chip not needed for other purposes, there’s nothing to prevent them from connecting the audio amplifier outputs to those spare inputs.

In such a sound card design, the speakers would be massively effective as microphones. It would be ideal if the audio amplifiers can be shutdown, but even if they can’t, the resulting attenuation would probably still allow plenty of eavesdropping.

MarkH May 10, 2020 1:21 PM


It is not a hack anymore but a simple software function.

I guess that one definition of “hack” for infosec purposes, would be an unanticipated software function, or a known function turned to an unexpected use …

For example, suppose that a notebook computer has a lamp next to the video camera, and that users have been instructed that when the camera is enabled, the lamp is also on.

If someone examines the documentation for the computer, and finds out that control of the lamp is independent of enabling the camera, they might use their knowledge to enable the camera while keeping the lamp dark. Whether or not that’s a hack, it’s a potential attack.

The people who invented “pin re-tasking” were imagining how it would make their products more useful. Did any of them anticipate that wired headphones might be “run backward” for snooping purposes?

Even if users of such computers know about pin re-tasking AKA jack detection (and I guess, most of them don’t), would they imagine that the machine intended to automatically recognize their headphones as an output device, would maliciously operate them as an input instead?

Thinking about how people use “hack” informally (not necessarily in a security context), I suggest that hacking is the use of knowledge and understanding to use apply resources in a manner very different — often startlingly different — from their usual application.

Sherman Jay May 10, 2020 2:02 PM

from May 10, 2020 3:29 AM @Phaete @ Clive, et al,
– – – – – considering this info provided :
‘I’m not sure if it is possible with an AC97, but with the Realtek HDA you can reassign/redefine minijack input/outputs.
Define the headphone output as microphone input, give it an extra layer of software amplification and record it.
Take note of what headphone, simple should work, no DSP, preamps, BT connect etc there.

the write-up of the headphone exploit made at Ben-Gurion University of the Negev . . .

So, as any of us would expect, the accessibility of the attack depends on the particular hardware.
My interpretation is that the authors were neither stupid nor broke, but rather determined that even though the pins used to send audio signals to the internal speakers can be turned around as inputs, that capability is not useful … because there are external power amplifiers between the sound chip and the speakers. << Good observation MarkH

Even if users of such computers know about pin re-tasking AKA jack detection (and I guess, most of them don’t), would they imagine that the machine intended to automatically recognize their headphones as an output device, would maliciously operate them as an input instead?’

        • I, Sherman Jay, reply – – – – – –
          Yes, I, and many I know are aware of jack detection. I have only one computer that detects when an audio device is plugged into the jack. And I don’t use it for anything other than an NAS (non-network attached storage) device for archiving data (no audio transducers attached to either inputs or outputs).

However, this all seems to require direct physical access to either the O/S audio input/output settings or the motherboard/sound card. I still think that my old computers and headphones that are not accessible to or altered by someone else are relatively quite safe.

I’ve used speakers and headphones as microphones in a number of experimental situations and it takes a verly large amount of amplification and equalization to get a clear signal. In those experiments. And, I found that when the headphones are over your ears, their sensitivity as a microphone is almost zero.

And, this all seems to rely on locational physical security of the computing devices

Phaete May 10, 2020 2:02 PM


I agree that the wider definition of a hack means altering it’s intended use.
But i expect a degree of modification for it to be called a hack.

The first laptop i got with an HDA chip like above was about 8-10 years ago.
Whenever i plugged something in the second minijack port i got a pop up in windows from RealTek asking me what i plugged in. Choices were: headphones, microphone, desktop speakers or advanced config.
I immediately had to satisfy my curiosity, plugged in my wired headphone buds and choose ‘microphone’
When i tapped my earbuds or blew on them, i saw the signal level in my software VU meter move violently.
That was all i needed to know, i did not do test on signal quality because that fully depends on a whole slew of variables.

So all it takes is to press the wrong button on your screen when you plug in your earphones in a minijack that is multipurpose (the first minijack on that laptop was shared SPDIF and analog headphones, no mic possible, only second and third allowed it)

So just clicking another button is not much of a modification or hack as i see it, even in the old school definition.

Sherman Jay May 10, 2020 2:13 PM

@Phaete, @MarkH,

“So all it takes is to press the wrong button on your screen when you plug in your earphones in a minijack that is multipurpose (the first minijack on that laptop was shared SPDIF and analog headphones, no mic possible, only second and third allowed it)”

— You are quite right when it comes to computers that have that ability to detect and assign input/output functions to audio devices when plugged in (that’s why, as I indicated, only one of my PC’s has that function and it has no audio devices connected)

It seems that everything new has a ‘spyware’ security vulnerability built in. Siri, Smart TV’s, laptops, ‘security’ cameras, covid location tracking, etc.

(so by almost any definition, ‘we’ve all been hacked’ and many of us have had our privacy ‘cracked’)

Sherman Jay May 10, 2020 2:49 PM

POTENTIAL NEW TOPIC (contribute or ignore as you wish):
Many of us here are considering the (in)security aspects of our societal infrastructure – specifically the power grid –

To be more energy secure, we want a battery backup system for our critical needs (refrigeration, communication, lighting, etc.) We’ve been looking at easy to maintain systems. Stationary battery technologies that are easily setup and maintained seem to be limited to Lead-acid and some form of Lithium.

Looking at Lithium, I see there is a common cell that is an oversized ‘AA’ cell designated 186550(?). They are used in laptop batteries and also (in the hundreds, wired series-parallel) in Battery Electric Vehicles (tesla, Nissan Leaf, etc.) Both those have carefully designed BMS (battery monitoring/management systems) to prevent overcharging and accomplish cell balancing to prolong the life of the pack.

HOWEVER, laptop batteries typically last only a year to three, whereas the same cells in Batt. Elect. Vehicles have an 8-10 year warranty and life span.

My question to the Schneier forum gurus is: What is causing this huge disparity in lifespan? And warranty.

MarkH May 10, 2020 2:55 PM

@Sherman Jay:

I think that the significance of the Ben-Gurion headphone attack is that it doesn’t require physical access.

Malware delivered to the computer by some typical remote attack vector, can then alter the sound chip settings without the user being aware.

Although it’s perhaps an “unfair” example, I once wired a compact “Hi Fi” speaker assembly to a mic preamp. I was amazed how well it worked.

I wasn’t surprised that the signal level (sensitivity) was very high, because the loudspeaker elements have a much larger “piston area” than a normal microphone diaphragm. I think it would have worked OK even with a line-level input.

But the clarity was magnificent. By dint of size, loudspeakers will be more directional than typical purpose-built microphones … though in a typical indoor environment, that’s no problem (and in fact may be desirable).

Obviously, such speakers aren’t well suited for typical microphone applications. But for eavesdropping on conversation, they function very well indeed.

Phaete May 10, 2020 3:06 PM

@Sherman Jay,

(short explanation, not going into specific chemistry part)

Modern 18650 batteries can be made for diverse functions.
Vape/electric tools usually require one that has a high max draw.
Powerbanks usually go for large capacity.
There are also ones for high number of recharges.

They all use slightly different chemistry, and have to sacrifice in the other areas. (high draw one has low number of recharges etc.)

The batteries in a car are bigger then 18650 (18mm*650mm) and optimised for large banks in cars.

Last thing is that a laptop battery has several 18650 in series(and then 2-3 of those paralell), and if one fails, the whole battery fails, so the chances are bigger that 1 in 12 fails then 1 in 1.

Sherman Jay May 10, 2020 3:46 PM

@MarkH — thanks for the explanation of the Ben-Gurion attack not requiring physical contact, I didn’t notice that. Could make lots of computers potentially vulnerable (Luckily, many of us probably aren’t high value targets.

@Phaete – thanks for the info. I know there a number of different battery configurations in laptop packs. I have an old one that is just some series connected.

Another factor a friend of mine mentioned is that lots of ‘fly-by-night’ foreign companies sell packs made up of used cells and ‘second-quality’ cells and that is why they fail so quickly.

We have set up a Raspberry Pi mod. 3 B+ that runs off a 12V 10AmpHr AGM lead acid batt. with a 5V 3Amp regulator pack. So far it has run for ~12 hours on the first charge.

There was a ‘one laptop per child’ model that had could be powered by either ‘AA’ alkaline cells or ‘NmH’ nickel-metal-hydride rechargeables. I wish there were such simple options for other laptops.

I bought a 12Vdc to 120Vac inverter at 400Watts and use it to power laptops on a test bench, but that is just such an awkward bucket brigade 12VDC > 120VAC >14VDC.

today is such a Tower of Babel of technology

name.withheld.for.obvious.reasons May 10, 2020 4:57 PM

@ Sherman Jay

I must be a volunteer to your Society, hopefully a royal appointment/anointment isn’t necessary. ;^)

Right now I am restoring an Hewlett Packard HP-41CV, the case screw mount moldings expired (polypropylene out gas degrade) causing one of the mount screws to dislodge. Problem is that the HP folks thought it would be fun to build a bus interface using a coiled fine mess conductor, circular windings on two sides held down to make contact with solder pads on the main board.

As general picture forms (the vertical lines–two coils, fabric between, and two holes in the middle for the threaded riser mount to pass through). Each solder pad has multiple threads of the coil in contact and functions to interface the keypad solder pads to the to main board while providing a layered gap of approximately 7mm. Without a firm grip by both screws the coils do not make full contact on the solder pads. Fabricated a new mount and have secured to the keyboard/main frame. Now to test…


  O                        O


Quite a convolution given that the display has a rather more modern header bus assembly. Anyway, cannot throw the it away, have had it 40 years and has run on 6 sets of batteries since purchase.

lurker May 10, 2020 9:45 PM

@Sherman Jay

I bought a 12Vdc to 120Vac inverter at 400Watts and use it to power laptops on a test bench, but that is just such an awkward bucket brigade 12VDC > 120VAC >14VDC.

I’m on 12 volt solar here, and I’m using a 12v > Select Your Voltage charger; it has about a dozen adapters that fit most laptops, and a magic inside each adapter tells the supply what votage to output, no thinking needed. There are a few brands of these around from the usual vendors, made on the Western Pacific. 120 (or 240) AC inverter is just too much…

Clive Robinson May 11, 2020 5:00 AM

@ Sherman Jay,

Ignoring for now “battery chemistry” that is changing faster than batteries have warranty life times currently, and the fact that some cells only get a couple of years and others five or more and nobody is realy sure why (hence the chemistry changes).

Two big relevances are,

1, Charge tempreture.
2, Discharge depth.

It’s not said much but lithium batteries don’t like the cold. A fast way to kill them is to try charging them near to the freezing point of water or lower in temp. Even though you can still discharge them at lower temprature.

The other thing makes a very marked difference in the battery life is discharge depth. The Tessla PowerWall for instance always keeps a minimum of 30% charge in the cells this increases the expected battery life by several times…

Remember that each battery chemistry has it’s own set of “funny rules” to get the best out of the battery in terms of peak power, continuous power, and battery discharge/recharge life.

But for a very rough rule of thumb I’ve generaly found that “depth of discharge” and “needle crystal growth” (memory effect) are the limiting factors on battery life.

Oh and even “non rechargable” batteries can actually be recharged a limited number of times with the right charging wave form and if they are not heavily discharged.

The important thing to remember is that all batteries if you over charge them have a habit of undergoing a chemistry change, the product of which you realy might not want around so as well as keep batteries warm at all times, also keep them ventilated and don’t over charge them.

myliit May 11, 2020 6:54 AM

“The Coronavirus Was an Emergency Until [our president] Found Out Who Was Dying

… The coronavirus epidemic has rendered the racial contract visible in multiple ways. Once the disproportionate impact of the epidemic was revealed to the American political and financial elite, many began to regard the rising death toll less as a national emergency than as an inconvenience. Temporary measures meant to prevent the spread of the disease by restricting movement, mandating the wearing of masks, or barring large social gatherings have become the foulest tyranny. The lives of workers at the front lines of the pandemic—such as meatpackers, transportation workers, and grocery clerks—have been deemed so worthless that legislators want to immunize their employers from liability even as they force them to work under unsafe conditions. In East New York, police assault black residents for violating social-distancing rules; in Lower Manhattan, they dole out masks and smiles to white pedestrians.


But the pandemic has introduced a new clause to the racial contract. The lives of disproportionately black and brown workers are being sacrificed to fuel the engine of a faltering economy, by a president who disdains them.


myliit May 11, 2020 10:56 AM

Does anybody know:

1) a robust way to try to decline cellular carrier updates on a) iPhone or b) Android?

2) is there a way to search a carrier’s website for the appropriate firmware. Any way to discern if the firmware is a custom build? Or does it even matter (since there are probably numerous ways to skin a horse, or something like that)?

2b) Is it worth bothering to check what is ostensibly installed?

3) Given the choice is it better to use a sim, an esim, or neither? For example, a computer or wi-fi only tablet and an iPhone’s hotspot?

4) Is there any reason to think the broadband provider with wires or glass to the home is more secure than using a cellular provider, in general?

Clive Robinson May 11, 2020 11:00 AM

@ myliit,

With regards the Atlantic,

    “But the pandemic has introduced a new clause to the racial contract. The lives of disproportionately black and brown workers are being sacrificed to fuel the engine of a faltering economy, by a president who disdains them.”

There are two actual issues and they are deliberately conflating them,

1, Susceptibility by skin tone,
2, Disdain by 1%of1% for others.

The important point to note is that the 1%of1% care not a jot what colour your skin tone is. They do not see you as an equal therefore you are “Canon-fodder to profit and status” that is they don’t see you at all other than a number or “Unit of work resource” (a point I’ve made a few times before, that has been some what unpopular nevertheless for being true).

The important point to realise that the more than four times increased sensitivity to SARS-CoV-2 and skin tone is actually one of “Vitamin D” or lack there of.

It’s been known for a number of years that irrespective of skin tone the outcome of respiratory diseases is to a degree governed by your latitude and the time of year. When migration to higher latitudes from lower latitudes became more pronounced the medical profession noted that those of darker skin tone faired less well with seasonal respiritory disease than those of lighter skin tone.

Various small scale research has shown a link to the amount of Vitamin D in people of all skin tone and susceptability to respiritory diseases.

I’ve mentioned that Vitamin D deficiencie is sufficiently flagged up by the healthcare profession with regards immunity that many governments above 45degrees of latitude recommend that people take a Vitamin D supplement.

There are two ways humans get their Vitamin D, about 10% of it through food and 90% of it through sunlight on the skin. Now as any one who has done solar power calculations will know there is a very very significant difference in light intensity with latitude, rather more than simple mathmatics might suggest. Thus the human race adapted to this many millennium ago, and it’s by skin tone related to latitude.

Two very recent papers of obsovational research on large cohorts (~1k) of COVID-19 show that there is a strong link between Vitamin D and your likely outcome. That is you are ten times more likely to end up being critical or dead with low Vitamin D levels than with high levels.

The choice is yours but personally I’ve already checked with my doctors because of my already poor prognosis should I catch SARS-CoV-2 and they are more than happy for me to take what might be considered a “high dose” of Vitamin D supplement.

I would suggest if anyone has doubts that they chat to their own doctor about doing the same irrespective of latitude.

Grima S May 11, 2020 12:25 PM

@Mark H re: Modeling the pandemic long-term
Your post betrays two fundamental misunderstandings:
First is the definition of “homicide”, which is a legal term for the death of one human caused by the actions of another. One human (a bystander) has no affirmative legal obligation to intervene to prevent the death of another.
Your second (apparent) misunderstanding is the purpose of government, which was invented to loot the earnings of the productive in order to to enrich a particular class of the unproductive (the minions of the State and their masters). That party not only largely lacks the means to prevent the specific deaths to which you allude, but also an incentive to do so, as the disease is most deadly to those who are neither actively contributing to the wealth confiscated by the State, nor beneficiaries of the kleptocracy.

Sherman Jay May 11, 2020 12:34 PM

I used HP test equip. in the 1970’s and while very functional, HP has always used ‘unconventional’ parts and ckts. Your HP is a true ‘survivor’, with lots of careful help from you.

We had a woman bring in ~3 year old HP laptop to our clinic. The plastic lid/display frame had plastic bosses melted through the holes of the metal hinge to hold it together. The plastic had broken loose and could not be fixed (if glued, the hinge springs would likely break the glue joint).

I’d love to have a large PV solar array and 12Vdc batt. backup sys. But, I live in a relative’s home in an HOA ‘controlled’ community so no separate struture to put PV panels on (roofs here leak from PV panel mounting hardware through roof mat’l).
Thanks for the info on the ‘univ’ power adapters.

You’re right (as usual). The EV list members talk about how Batt. Elect. Veh’s have Batt. heaters/coolers to keep temp. reg’d and the BMS (battery monitoring/management systems) prevent overcharging and full discharge (shuts everything down if charge <~8-10%) My laptops do the same thing (to some extent).

I cut open a dead cheap laptop batt pack and found the cells were all diff. brands and some were dead while others held some charge. Confirms @Phaete ideas and the idea that cheap packs are not worth buying.

RE: covid – we here are all convince we will hunker down, practice distancing and limit exposure until well after all the resurgences have passed.

Stay Careful and Well Everyone

1&1~=Umm May 11, 2020 3:27 PM

@Grima S:

“Negligent homicide :- is the killing of another person through gross negligence or without malice.”

Therefore it covers just negligence by a government or executive post holder when a harm (death) of one or more individuals is a direct result of that persons inaction.


“Negligent homicide :- is characterized as a death caused by conduct that grossly deviated from ordinary care. Negligent homicide may be charged as a lesser included offense of manslaughter. It is also sometimes referred to as ‘involuntary manslaughter’.”

Then there is the more general term from ‘Traditional English Law’ on which the US Legal system is based,

“Culpable homicide :- is a legal term used in the Commonwealth of Nations, particularly in Scottish law. It refers to the illegal killing of another, but can be with or without an intention to kill, depending on the statues of the particular jurisdiction. In India, it involves an intent to kill. However, in other areas it’s used in a manner similar to the use of manslaughter in the U.S., and refers to a killing without the premeditation required to commit murder.”

Which brings you to,

“Involuntary manslaughter :- means unintentional manslaughter. If a person commits the crime of manslaughter without any malice or intention they are charged with involuntary manslaughter. It may be committed with criminal negligence or during the commission of a crime not included within the felony-murder rule. It is also called manslaughter in the second degree. All manslaughters that do not come under voluntary manslaughter are involuntary manslaughters.”

Such crimes can be,

“Misfeasance :- an improper and unlawful carrying out of an act that, if correctly done, is in itself lawful and proper, and thus results in harm to another. Whilst unlawful it is careless or accidental in nature.”

“Malfeasance :- is distinguished by an intention to cause harm by doing an act which should not be done. That is, it is deliberate and knowing with intent ti cause harm to another.”

The terms misfeasance and malfeasance, broad in nature and are comprehensive terms, which include any wrongful conduct that affects, interrupts, or interferes with the performance of official duty.

myliit May 11, 2020 4:02 PM

@Clive Robinson
“There are two actual issues and they are deliberately conflating them,
1, Susceptibility by skin tone,
2, Disdain by 1%of1% for others.
The important point to note is that the 1%of1% care not a jot what colour your skin tone is. They do not see you as an equal therefore you are “Canon-fodder to profit and status” …”

2, most of the .0001,or less, may be color blind, but our president:
1) is, imo, probably a racist (see past hiring practices)
2) has an election to win
3) probably doesn’t want to be in prison with Bubba [1] (should he be tried, convicted, and imprisoned after leaving office; all the more reason for him not to leave office, regardless of cost to this country)

1, ianadoctor and vitamin d may be important, as may be: a) more crowded housing (harder to isolate), b) having to work because of less savings, c) lack of access to medical care (without bankruptcy being an option), d) fear of being deported as an undocumented alien, etc., …

In addition, is it still best to run lab tests when supplementing vit. D? For example, is there a safe D3 amount to take without, in general, needing to do lab tests?

[1] or Urban Dictionary

myliit May 11, 2020 6:55 PM

“ The inbox logged a message as I slept. Many hours passed before I checked. Probably should have kept away, but habit tugged. We had taken the channel dark last night. Not because we knew it was blown, but because we could not know. These email accounts were anonymous, encrypted, isolated from our everyday Internet lives. Best I could tell, there was no way to lock them down tighter. That thought had reassured me once.

It was the second half of May 2013. Nearly four months had passed since Laura Poitras, an independent filmmaker, had reached out to me for advice about a confidential source. Verax, as I came to know him later, had brought her an enigmatic tip about U.S. government surveillance. Poitras and I teamed up to see what would come of it. The previous night, months of suspense had come to an end. Verax delivered. The evidence was here. His story was real, the risks no longer conjecture. The FBI and the National Security Agency’s “Q Group,” which oversees internal security, were bound to devote sizable resources to this leak. For the first time in my career, I did not think it was out of the question that U.S. authorities would try to seize my notes and files. Without doubt we were about to become interesting to foreign intelligence services.

Poitras and I resolved to meet again in two days. Anything that came up sooner would have to wait. That plan did not last the night. I logged on the next morning, expecting nothing. According to the time stamp, Poitras had fired off a note less than four hours after we parted. She could not have slept much. I hadn’t either, but the fog cleared when I saw her subject line. It was our private signal for “urgent.” The message, once decrypted, was succinct.

“I really need to show you something.

You are going to want to see it.”

Odd. Very. Something to look at? After what we saw last night? Verax had sent a top-secret, compartmented presentation from the NSA, updated the previous month. Poitras and I stood over a small laptop screen past midnight, struggling with the jargon. The main points came through readily enough. Under the cover name PRISM, the NSA was siphoning data from tens of thousands of Yahoo, Google, Microsoft and Facebook accounts, among others. Forty-one slides and 8,000 words of speaker’s notes laid out the legal rationale and operating details. If authentic — and it sure looked that way — this briefing offered something very rare: an authoritative account, in near real time, of intelligence operations on U.S. soil that spilled far beyond the bounds acknowledged in public.


JonKnowsNothing May 11, 2020 7:06 PM

re: COVID19 mass sanitizing

After seeing many images of massed phalanxes of workers spraying and sanitizing public spaces using (probably) aerosol hydrogen peroxide, it was only time until something came up to “sanitize people”.

MSM reports and images of a plastic see-through tunnel-bubble that dispenses some sort of sanitized aerosol. People have to enter the tunnel and get sprayed “everywhere” before proceeding on their journey.

A product called biozinc was indicated as the spray.

As countries engage in mass-death-for-profit and consider various “bubbles and blobs” for contact or how to implement a 14 day quarantine without doing 14 days (tourism and business), it maybe this is one of their concepts.

There are those fun scenes in Sci-Fi movies where the hero/ine goes through multiple lock-rooms for decontamination. Life imitating movies.

ht tps://
(url fractured to prevent autorun)

Clive Robinson May 12, 2020 1:29 AM

@ Name.withheld…,

Right now I am restoring an Hewlett Packard HP-41CV,

I wish you luck on that, I used to have one of their first portable oscilloscopes, and it became such a pain it was “not fit to break into parts for scrap”.

Prior to the HP-41 back in the early 1970’s was the HP-35, at an unimaginable cost.

There was obviously profit to be made in Programable Scientific Calculators…

In the UK (Sir) Clive Sinclair was a producer of home electronics of note[1] and amoungst his more successful products were his calculators.

What he needed was a “Programable Scientific Calculator” to compeate with the HP-35…

For various reasons it was not realy a competitor of the HP-35, but it was in the price range that some middle class parents could justify for their son who was at school. It came with a set of four programing books with 120 example programs (a later library expanded it to over 400).

Whilst it was not an HP-35 it was the second calculator this young lad owned and was a real treasure. I’m not the only one to think it’s a bit of a miracle, because the engineers who designed the actual chip used, had said what Clive Sinclair wanted to do was just not possible… In one way they were right but in other ways they were wrong, to see why take a look at,

The calculator taught me a new way of thinking (Reverse Polish Notation) and gave me a taste of programing before it was realy available to most people (though that was to change rapidly[2]).

A side effect is when ever I try out a new programing language, the first programme I generally write is a RPN two stack programable calculator which in some languages on some OS’s (C on *nix) can be quite a bit more difficult than at first you migh think (you need “raw” not “cooked” input).

I still have the Sinclair calculator and the books and oh so important the “wallwart” for it is a thirsty beast. The last time I got it out it was still working.

Whilst I’ve no idea what it is worth financially, to me it was a gift beyond compare from my parents, neither of who lived to see me finish college. Part of their legacy to me was enough money to buy my first real computer the Apple ][ which I likewise still have and still use from time to time for programing.

[1] He actually started his home kits business by raiding the bins of a well known manufacturer for “sub standard” parts…

[2] Sinclair just a few years later came out with the ZX-80 then ZX-81. A spin off by some of those who worked for Sinclair was another RPN system, the Forth based Jupiter Ace that I also still have in working order.

SpaceLifeForm May 12, 2020 2:20 AM


1) a robust way to try to decline cellular carrier updates on a) iPhone or b) Android?

Faraday cage.

2) is there a way to search a carrier’s website for the appropriate firmware. Any way to discern if the firmware is a custom build? Or does it even matter (since there are probably numerous ways to skin a horse, or something like that)?

2b) Is it worth bothering to check what is ostensibly installed?

Don’t waste your time.

3) Given the choice is it better to use a sim, an esim, or neither? For example, a computer or wi-fi only tablet and an iPhone’s hotspot?

Avoid esim.
Hotspot route is not buying you much.

4) Is there any reason to think the broadband provider with wires or glass to the home is more secure than using a cellular provider, in general?

You don’t have to worry about Stingrays.

Clive Robinson May 12, 2020 6:13 AM

@ MarkH,

With regards a fellow “countryman” saying,

    “I’ve got a pickup truck, a chainsaw, and a gun … and nobody’s gonna stop me.”

I’m guessing by accident statistics, his following actions were,

1, Shot himself in the foot.
2, Attempt self surgery with the chain saw and a bottle of bourbon.
3, Wrap himself and the pickup around a bridge support when speeding to get help and finding he has no foot for the brake peddle.

In “The land of the free” some freedoms especially the right to buy and use excessive “force multipliers” without basic training or safety clothing etc does not sit well with the basic freedom of not bothering to learn anything from others…

The late Douglas Adams kind of made the point in one of his books, over toothpick manufacturers having to put instructions in the booklet.

Douglas did it in his usual way by having a character (John Watson AKA Wonko the sane[1]) in one of his books come to the conclusion in a surreal way. In this case John Watson on reading the instructions one day finally realised he would have to build an asylum for mankind and live outside whilst watching for missing dolphins, oh and change his name to reassure people.


myliit May 12, 2020 6:39 AM


Thank you for your response regarding cellular and broadband issues.

myliit May 12, 2020 6:57 AM

@vas pup, MarkH, Clive Robinson

Thank you for the brief 1:16 video and the ideas regarding alternative uses of robot dogs. At least this robot dog is readily recognizable as such; for example, speculation is not required like: “ I wonder, is that really an insect or is that really a bird?”

JonKnowsNothing May 12, 2020 9:44 AM

@Clive @Name.withheld

re: Sinclair Kits

Another Old Timer Memory:

I built one of the Sinclair kits when they first were offered in the USA.

First they sent me a completed version which I returned and asked for the kit with all the DIY parts in it. I got the parts kit and not long after that they stopped offering the DIY kit in the USA.

One of my CompSci profs was also building a “from scratch” kit procured from one of the trendy CompSci mags.

We had a “bet” who was going to get theirs to work first. Afaik, he never got his working.

I still have it, with manuals and the bubble memory bolt on and built my own wire-wrapped external keyboard for it.

From a time when you had a chance to really learn what was what and all you needed was a soldering iron.

ht tps://
(url fractured to prevent autorun)

A Serious Hypothetical May 12, 2020 10:47 AM


I just activated my “dole card” — my ATM card issued by [large Western United State] and used for accessing my Unemployment benefits (including $$$ from the CARES act). This involved choosing yet another username, password, security question (s), PIN, etc.

It occurred to me that states are suddenly issuing many more millions of these cards in a big hurry, and having to register them, and unprecedented amounts of $$$ are flowing through this to millions of new users, many of whom do not read this blog and might have lower levels of security awareness.

Has anybody heard of efforts to attack these particular cards right now? I know in my state, because of delays in setting up the program here, many weeks of benefits are being paid out all at once, a $5,000.00 starting balance would be pretty average, and multiply that by millions and that’s a LOT of money sitting out there.

While this is a subject more up Brian Krebs alley, I was wondering if there was any news of this.


Mr. Peed Off May 12, 2020 11:44 AM

For those who have time, some reading and thoughts on surveillance apps.

Finally, this technology, once deployed, will not be “rolled back.” We are repeatedly told that contact tracing apps and COVID-19-related surveillance are temporary measures for use until the pandemic passes. That’s likely to be a fantasy.

Surveillance inertia is remarkably difficult to resist. Norms get set and practices and tools become entrenched. And who can say when this will wind down? We’re still dealing with the supposedly temporary surveillance authorized almost 20 years ago in the wake of after 9/11. Rollbacks are rare and highly unlikely because the tools we build today will create a path dependency that will shape our future data and surveillance practices.

I have a lot of respect for these people as engineers but they are being asked to take on tasks that go far beyond engineering. Tasks that have to do with human and social engineering rather than technical engineering. Those are the kind of tasks I would prefer were taken on by human beings who are more well rounded, who know about philosophy and ethics, and know something about things other than efficiency, because it will not end well.

We did not elect them to help us solve our problems. Once Google is selected to run the infrastructure on which we are changing the world, Google will be there for ever. Democratic accountability will not be prevalent. You cannot file a public information request about Google. We are abandoning all the checks and balances we have built to keep our public officials in check for these cleaner, neater, more efficient technological solutions. Imperfection might be the price for democracy.

Sherman Jay May 12, 2020 2:35 PM

@Mr. Peed Off,
Thanks for the links, your comments and the linked documentation confirm what a lot of us are concerned about regarding more massive stripping of our privacy and security.

And, there are articles available that point out that the g00gle and aPPle apps are already being permanently incorporated into the operating systems of the phones.

“Privacy, we don’t need no stinkin’ privacy” to quote the old western movie

Sherman Jay May 12, 2020 2:41 PM

@JonKnowsNothing, et. al..
In that era, I used a woodburning iron for soldering. A friend of mine got a real soldering iron, but used acid-core solder instead of rosin-core and his solder joints turned into a science project of corrosion in a few months. We both laughed about it.

“Ahh, the good old days that never were.”

name.withheld.for.obvious.reasons May 12, 2020 5:56 PM

@JonKnowsNothing, @Clive

Speaking of kits, in the early 1970’s I had the good fortune to scour the dumpsters outside of the El Segundo TRW on the weekends. Managed to acquire probably hundreds of thousands of dollars in discrete components and hardware. Some of these “recovers” included device and system level components. The number of wire-wrap bread boards included tens of dozens of RTL/DTL, CMOS and bi-Metal loaded socketed components. Analog and relatively rare in the commercial sector, digital components, had price points at the time of $10 to $20 each and one board might hold fifty or so components. At the time I didn’t think to document the boards before salvaging, shucks and darn.

It was then that I decided to build a computer, yes as a newly minted teen-ager in elementary school the only systems available were yet to be built. A friend of mine was interested in doing this in our spare time, what could two 11 or 12 year old kids get into anyway? We started on the keyboard encoder, seemed a logical dev strategy at the time, there wasn’t a lot of document production by either of us. Our two kid team started a project before the release of digital calculators (non-nixie tube types). Nobody told us we couldn’t, so proceed.

Ironically, years later (about five or six), I’d figured out how TRW electronic data systems worked by doing some basic hacking. The typical response in those days, “Don’t bother me kid, I busy with something now go away!” I wasn’t much later and General Dynamics discovered that it had UUCP support, who would have thought? Guess a gate badge was pointless.

Clive Robinson May 12, 2020 11:59 PM

@ name.withheld…,

Guess a gate badge was pointless.

Remember that “physical security” fell under “fascilities managment”. ICTsec if it existed well kind of fell under… Yup individual projects and nobody talked to anybody due to “security policy”.

When it comes to high levels of security in technology organisations,

    Murphy was an optimist.

Something the NSA could probably tell a story or two about 😉

Clive Robinson May 13, 2020 1:26 AM

@ Bruce and the usual suspects,

We’ve been a little distracted this year one way or another and various news items have slipped by…

One of which was the result of the USAF ethical hacking “Hack the Air Force 4.0” competition from late last year,

Turns out over 12,000 vulnerabilities were found and 290,000USD awarded…

I guess it goes to prove something, though what exactly –other than wire cutters may be your only friend– I’m not entirely sure (though ~24bucks a vulnerability does appear a little tight fisted).

JonKnowsNothing May 13, 2020 1:38 AM

MSM report on testing sewage and wastewater for COVID19

Plans are to take samples of waste and sewer water and test for the presence of COVID19. Using the results to target areas with more land-based testing. Also plans to use the test to check for future active infections.

Wastewater tracking has already been used for years for tracking polio and for estimating how many illegal drugs we take as a country.

Scientists can detect fragments of the RNA (a virus’s DNA) of Sars-Cov2, the virus that causes Covid-19, in our sewage.

Probably useful in areas with centralized sewer treatment plants, probably not so useful for the millions with outhouse or open field latrines or with untreated discharge.

Every year along the California coast line there are “unregulated and untreated discharge” incidents where raw sewage flows into the oceans and rivers. Sometimes it’s due to a physical plant failure like a collapsed pond bank or broken pump, other times it’s due to plant over-capacity volume and the gunk has to be dumped out the nearest pipe.

All sorts of waste stuff gets dumped into the rivers and waterways and much of it can be tracked upstream to the source. Tracking it to the source does not often result in stopping the dumpsters.

In California we have had a long drought and moved much of our municipal tree and park watering to “grey or reclaimed” water, noted by their lavender colored pipes.

Is spraying COVID19 contaminated water on playgrounds, lawns and picnic areas another problem?

ht tps://
ht tps://
ht tps://
(url fractured to prevent autorun)

Wesley Parish May 13, 2020 4:28 AM

Facial Recognition Technology and Farcical Police Testing

In New Zealand we’ve just been informed that the NZ Police have run an unauthorized facial recognition test:


Minister of Justice Andrew Little says police failed to get any of the necessary clearance before trialling controversial facial recognition software.


[Clearview] was first approached by New Zealand police in January, and a short trial was later conducted, according to documents RNZ obtained under the Official Information Act. Police say they have decided not to use the product for the time being.


Privacy Commissioner John Edwards, who was not aware police had trialled Clearview Al when RNZ contacted him, said he would expect to be briefed on it before a trial was underway. He said Police Commissioner Andrew Coster told him he was also unaware of the trial.


Clearview Al, whose early financial backers include New Zealand citizen Peter Thiel, has built a database of about 2.8 billion faces by lifting users’ images from social media sites like Facebook, a practice that violates most of these companies’ terms of service.

A clear case of the police breaking the law. Of police thinking they themselves are above the law they are supposed to protect. Involving a company that engages in widespread and gratuitous copyright piracy and invasions of personal privacy.

I suspect that if faecal recognition software existed, the New Zealand police would be recognized by it.

MarkH May 13, 2020 5:18 AM


[Armed drone pilots] are “combatants hiding amongst civilians” which is a “no no” under various treaties.

I suggest that this represents a misconstruction of applicable law.

My understanding is that it is unlawful to either place combat forces among civilians, or to compel civilians to relocate among combat forces, for the purpose of using those civilians as “human shields.”

In general, throughout the history of warfare and up to the present day, military forces have often been mixed with or stationed very close to civilians. [There have been numerous exceptions, but I suggest that both situations occur frequently.]

The question of what constitutes a legitimate military target is fraught with nuance and ambiguity, but the avoidable infliction of civilian casualties is generally forbidden.

For this reason, the great majority of contemplated uses of nuclear weapons would be unlawful — a truth often missed.

The case of a nuclear attack against Las Vegas is quite fanciful, though it might make a droll movie. In the first instance, the targets of U.S. remote murder are unlikely to deploy nuclear bombs on American cities; and if they did, the choice of target would surely be based on considerations other than the notion of “legitimate targeting” or the presence of remote joystick pilots at a particular base.

A real world application of such laws would be in Donbass, for example, where the Kremlin’s forces love to fire their artillery from cities and towns. It suits Putin’s political agenda to maximize civilian losses on “his” side.

MarkH May 13, 2020 6:05 AM

For Those Who Still Believe that Unchecked Spread of Covid-19 is Good Policy

The combination of vast numbers of people getting sick with Covid-19, and the lapse of weeks and months, has provided the opportunity for the medical profession to form a picture of recovery for those who survive the illness. Parts of this picture are based on direct Covid data, and others are projections based on experience with similar respiratory viruses, or experience with similar kinds of tissue damage.

This picture looks very disturbing.

[You can also find articles on this subject in other journalism sites.]

The primary focus of attention — especially at first — has been deaths, and the pneumonia which is the most common way Covid-19 kills people.

However, the virus can attack many organs and tissues … and people who aren’t killed by it, may nonetheless suffer badly.

Some of the worst effects on survivors appear to be quite frequent, affecting between 30 and 50 percent of patients who’ve recovered from the acute phase of Covid-19. Some of the tissue damage is observable on people who had mild illness, or perhaps didn’t feel ill at all.

After-effects include lung scarring, heart damage, and neurological impairment. Some patients may need years to recover. Many of these lesions may never fully heal, and be significant enough to impair ordinary functioning, and quality of life.

Although it’s mercifully infrequent, it now appears that young children (who rarely die from Covid-19) sometimes develop severe inflammation of the heart and coronary arteries. A few have died; the long-term consequences for the rest are unknown.

Probably, many young adults have felt relatively confident, because Covid-19 mortality is so highly age correlated. However, there’s reason to worry that one after-effect may be infertility in men. For young men who’ve decided to attend “Covid parties,” one might visualize a sort of Darwinian selection in progress.

For me, two clear implications:

  1. Protecting yourself and your loved ones is very important, because even if your risk of death is low, your risk of a terrible loss of vitality and health may be many times higher.
  2. States which decide it’s a good idea to allow the virus to spread to its natural limit may find themselves not only losing thousands of people, but also with hundreds of thousands or even millions of survivors suffering, traumatized, disabled to varying degrees, and perhaps doomed to shortened lifespans.

The negligence of governments that allowed dreadful magnitudes of transmission (including Clive’s government, and mine), is madness.

To allow transmission by deliberate policy, is madness on stilts.

Clive Robinson May 13, 2020 8:32 AM

@ myliit,

The other day you queried about the efficacy of Vit D with regards it’s potential as COVID-19 prevention and reduction of leathality risk.

Well there is now a build up of “compelling evidence” and it looks like trials will begin,

Your other question about “safe dosage” is answered by the above, but as always,


Also show them the article, it might save other lives or reduce potential injury in those who become infected with SARS-CoV-2.

It’s by no means a “silver bullet” but it does strengthen your immune system, and by the looks of things everybody needs the best immune system they can get.

As for the chloroquine’s the news is not looking very promising currently. In fact in one observational research paper indicates it might actually be harmfull in later stage infections (though some argue that the fact zinc was not used with it may be the cause of failure).

myliit May 13, 2020 8:50 AM

@Clive Robinson


re: a potential safe dose of vitamin D3 (without testing)

So it sounds like Approx. 1000 D3 (whatever units) per day or approx. 2000 units every other day, depending on …, might be a reasonable guess

iirc some people may be on considerably higher doses, but that might indicate testing …

JG4 May 13, 2020 9:28 AM

Slightly less than ideal news – “Everything on your planet will be weaponized.” To first order, it already has, it’s just not evenly distributed. It will be in pursuit of the goal of all weapon systems – entropy maximization. I’m inclined to invoke the immortal words of Mencken, “Deserve to get it good and hard.” But murder as an evolutionary strategy compels us to remain in the existing Nash equilibrium. Fundamentally, that is why we need computer security. As well as air, water, food and energy security.

@blood discussion – Trying to collapse a few hundred or a few thousand biomolecular factors down to a single stickiness parameter is helpful when you are considering two inputs like rat poison and bad food from the agricultural-industrial-corporate crime cartels. It may not be the best path to understanding the myriad factors that go into health and longevity. I’d like to write a long and tedious rant about why omega-3 oils (fish in particular) will lead to better virus outcomes. As do selenium and vitamin D. The oxidative stress resistance produced by these nutrients and aerobic exercise also lead to better cognitive, respiratory and cardiac outcomes. @MarkH – Thanks for the link to the lasting damage from the viral pandemic. That was a sobering read.

@battery discussion – Tesla still use quite a few 18650’s. And by the way, they are 65 mm, not 650 mm long. One fundamental problem with batteries is morphology changes in the electroactive materials, on both cycling and aging. Another fundamental problem, less in lead-acid cells, is parasitic chemical reactions. That is why metal-anode lithium cells have very poor cycle life. Lithium-ion cells have less morphology changes and more direct parasitic reaction between the electrolyte and cathode materials. Lead-acid is quite different from lithium-ion in the sense that the chemical composition of the plates changes on cycling. There is a meaningful volume change as the sulfate goes in and out of solution, which causes portions of the electroactive materials to flake off. Precipitation of lead sulfate is another loss mechanism that also blocks function. In a lithium-ion system, you could think of the cycling as a physical migration of the lithium ions. The lithium ions are quite small so the volume change is fairly small. The cycle lives are at least a factor of 30 different – you’re lucky to get a hundred cycles out of a lead-acid cell, whereas a typical lithium-ion cell will give you a few thousand. I may have said before that restricting the voltage range can increase the lithium-ion cycle life by a factor of 10, in return for e.g., reduced driving range. Everything on your planet is a tradeoff in a tradespace. Float charging lead-acid cells will give them a long standby service life, but it won’t do much for cycle life. Conversely, float charging lithium-ion cells slightly reduces their lifetime. Everything on your planet has an energy-maneuverability diagram. Depending on what problem you are trying to solve, flow batteries could be a better answer. For mobile devices like cell phones and laptops, lithium-ion batteries are excellent. Bad idea for residential energy storage. I’m on the fence regarding their utility in transportation. Real men build sodium-chlorine batteries.

there’s a typo in the link today, it may get fixed

JPMorgan Is Now Banking for Bitcoin Exchanges Coinbase, Gemini Bloomberg

America’s digital Sputnik moment The Hill

Big Brother Is Watching You Watch

The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet Wired

Mitch McConnell Moves to Expand Bill Barr’s Surveillance Powers The Daily Beast.

JonKnowsNothing May 13, 2020 10:43 AM

re: unverifiable forged internet documents

disclaimer: I am not from Lands Down Under with little knowledge of their politics, politicians, political and regional procedures.

There is an on-going row about a document(s) and it’s authenticity. It seems Politician A: Angus Taylor used information from this particular document to claim another Politician B: Clover Moore did something “not correct”.

The document was forged or altered.

The interesting technical bit is the on-going debates about how and when the document was changed from the original.

My current understanding is this:

  1. The document was on the web and was correct (nothing bad happened)
  2. The document was “downloaded or accessed” and the data was changed (showing something bad happened)
  3. Politician A used the forged numbers to attack Politician B
  4. Politician A claims he did not change the document or had anything to do with changing it.
  5. Several LEO agencies in Australia say they cannot tell “who did it”.

    The Australian federal police say they did not reach a conclusion about who might be responsible for a doctored document that included wildly inflated and inaccurate travel figures purportedly from the City of Sydney’s 2018-19 annual report.

I find the claim by the LEOs that they cannot track back the changes and the history of the document to be “less than credible” given the extensive roll-back and roll-forward abilities within the entire range of electronic track and trace: creating and editing the document, version control on the web sites, and browser history just for starters.

We have seen some pretty impressive document tracking as in cases of Assange, Hammond and others. Except perhaps Snowdon (iirc the Intercept no longer maintains his archives).

There are some methods now that can “deep fake” documents and electronic data that leave no trace or audit indications and some of these have been used by the Security Services when it suits their purposes.

Q: Is it really possible that an ordinary Smoe could alter a document and leave no technical trace?

Q: If the Aussi LEOs cannot determine alteration and authenticity, would this indicate a “Security Service Great Seal DO NOT PASS!”?

ht tps://
ht tps://
ht tps://
ht tps://
ht tps://
ht tps://
(url fractured to prevent autorun)

myliit May 13, 2020 11:26 AM

@SpaceLifeForm, Edward Snowden, @thegrugq, etc., popcorn eaters, or non popcorn eaters

re: best practices, based on current knowledge, for repurposing old iOS or Android hardware, perhaps as a dedicated Zoom [1] or iMessage FaceTime [2] device

For example: Factory reset Ipad 2 to iOS 5.3.5. For use with Zoom/FaceTime/iMessage only. Perhaps periodic factory resets. Internet from an iPhone wifi hotspot, wifi from a router, or a jury rigged Mac wired connection to iPad [3] (any other ideas?).

Or should a more expensive iOS device be used? for example one still receiving security updates.

Should a dedicated (new) apple id and new email be used?

Any ideas, things to consider, or food for thought?

What threat models might this work with and not work with … ?

Should you use Tor or a VPN?




Misc.: Repurposing older hardware Date unknown iOS 5.3.5

SpaceLifeForm May 14, 2020 4:39 AM

@ JonKnowsNothing

“Is spraying COVID19 contaminated water on playgrounds, lawns and picnic areas another problem?”

Why not? If you touch the soles of your shoes, then you could be infected.

Contact tracing via sanitary sewer is a problem best dealt with by rats.

Rats may be carriers.

Make sure your drain traps do not dry out.

That vector (dry traps) came up from SARS investigation.

SpaceLifeForm May 14, 2020 4:58 AM

@ MarkH

“To allow transmission by deliberate policy, is madness on stilts.”


But that is what is happening.

IIRC, you originally promoted herd immunity angle. And Clive and myself disagreed with you on that strategy.

But, after the non-action by governments, the the table was laid.

Like I said before, it will be herd immunity come hell or high water. That is the only outcome that is plausible at this point.

Because the fascists want their money.

It really is the old line: “your money or your life”.

To all Americans that will be eligible to vote 2020-11-03, do your best to stay healthy, and make sure you vote, even if you are scared.

Because if you fail to vote, you may regret it.

Trudi Fenster-Klotz May 14, 2020 6:59 AM

It is surprising to me that the example of Taiwan is not more widely imitated. It seems to have the best record ~24 million population, fewer than 500 cases, fewer than 10 deaths, no general lockdown.

Clive Robinson May 14, 2020 1:11 PM

@ Trudi Fenster-Klotz,

It is surprising to me that the example of Taiwan is not more widely imitated.

The reason might be that the two countries that have been most hard hit because their leaders “played the fiddle” whilst people burned with fever… Instead of acting rationaly and where the science from previous epedemics and pandemics said they should go. They are of course the UK and US both run by “blond blow dry misogynistic slobs” that appear to have significant narcissistic and psychopath tendencies and pay attention only to very short term “vested interests” who enrich them. Such vested interests have now proved beyond any doubt that neo-liberalism is extreamly injurious to society in general and all citizens including themselves.

The UK and US could have followed the examples of both Taiwan and South Korea, they had more than sufficient time and warning to “close the borders” but both chose not to. If you look back on this blog you will find @SpaceLifeForm was calling out almost from the get go to close the borders down to limit spread. You will find I predicted where the infection would go along the silk road and into Europe, which is exactly what it did. You will find both of us arguing against the moronic “Herd Immunity Policy”[1] thought up by people with fairly obvious Dunning-Kruger deficiencies and significant pretensions to what they clearly are not (scientists, mathmeticians, or rational thinkers).

Along with others I’ve consistantly pointed out why the need for strong testing and strong issolation is required not just to protect the citizens but also to keep the economy going. Further that it would also be the least costly method of controling or eradicating the SARS-CoV-2 virus.

I also pointed out that the virus could be totaly eradicated in a little over a month if a true hard lockdown was implemented. Put simply in that time period those infected would either become immune or die, either way they could not infect other people and the virus starved of hosts would likewise die. The problem is that the West was never going to implement a true hard lockdown, thus all a lockdown would achive is a slowing down of the virus spread not it’s eradication.

Thus again due to the preasure of vested interests on politicians we are now lifting even the soft lockdowns we’ve had and as no other policy has realistically been put in place because that involves spending the money the self entitled believe belongs to them as their due, we are going to see the Rt rise again above 1, thus the hospitalisation rate will rise and unless something like another lockdown or effective control policy is put in place healthcare will become saturated and the CFR / death rate will start heading from ~0.5% towards 6%…

What history teaches us, is that with a seasonal virus[2] the second wave of an epidemic will be considerably worse than the first, and the third whilst better than the second will probably be as bad if not worse than the first…

But whilst we might be able to flatten the curve in the West if we stop listening and paying off vested interests and start looking after the citizens instead, much of the rest of the World can not. For instance India has ~600million people who have to work every day just to put food on the table that night. Worse the population density is high, in some places higher than you find in refugee camps, and sanitation and clean water are “ideals” not “realities”. Whilst there is limited healthcare it can not deal with even a micro fraction of the population to the standard of support many COVID-19 sufferes need to even have af 50:50 chance of survival, thus the CFR is going to be nearer 6% than ~0.5%.

Africa has similar issues to India even though it’s population density is a lot lower. For many even rudimentry healthcare and sanitation is non existant and clean water likewise.

South America ranges from very poor to western standards of healthcare, sanitation and clran water, but also has the advantage of a lower population desnisty in most places outside of cities where shanty towns are quite frequent. Again the issue of have to work to eat that day applies which means lockdowns are not going to work.

As we have no effective treatments and supportive healthcare can be quite intensive the ootions are limited at best.

They boil down to,

1, Vaccine.
2, Effective treatment
3, hard lockdown.
4, Taiwan / South Korean method.

The vaccine currebtky is a “pipe dream” and if we get very very lucky we might have something that is both safe and effective in a year and ramp up production in maybe two years. However Big Phama is a significant vested interest and the chances are they are going to fall into “Pandemic Capitalism” in one way or another, unless governments effectively put a Gun to their head. The South Korea Government has tried to head this off before it gets going by setting up a “moon shot” type effort whereby they pay Big Phama and thus have the right to make any vaccine available to all royalty and other fiscal encumbermant free. Where as the US, UK and Israel at the very least are in a death race to get the first vaccine, but without any guaranty of it not being encumbered by Big Phama profiteering.

Likewise the search for an effective treatment appears to be one of who can push the most expensive drug into trials… There is increasing observational evidence that just taking a Vitamin D supplement will reduce the likelyhood of becoming seriously or critically ill and reduce your chance of dying by a significant factor (8-10 times).

As indicated a true hard lockdown is not going to happen in the West for various reasons, mostly political therefore at best what we will end up repeatedly implementing will be about the worst possible way for not just society and the citizens that comprise it but the economy as well. But it will because of it’s short term nature please the vested interests that can not be bothered to look more than a quater into the future and realise that what they will actually get is a potracted death spiral.

Which leaves the Taiwanese / South Korean way of doing things…

But vested interests don’t like it, and they will fight against it tooth and nail, even though it is actually the best option for the econony to survive…

As they say “go figure”…

Oh it’s interesting to note that all those “false prohets” pushing the neo-liberal agenda appear to have disappeared as each one of their alternative reality models has been shown to be just as science predicted “a steaming load of ….”.

[1] A distinction needs to be made clear between the meaning of “herd immunity” as a biologicl effect and “herd immunity policy”. The former describes how a pathogen spreads through a population with time and is going to take between five and over eighty years to become effective with a novel pathogen, effectively killing on mass untill something like 50% of the population have become survivors and thus the pathogen is started to be robbed of viable hosts untill Rt gets below one, at which point the pathogen dies back but usually but ecomes endemic and prone to mutation with time thus flares up again as a slightly different strain. The political “Herd Immunity Policy” is a “do nothing” policy, to let the disease run wildfire through the population, and like Nero watch Rome burn whilst fiddling about. The important thing to not is the Case Fatality rate with and without healthcare. As far as we can tell with healthcare the CFR is between 0.5-1% but the CFR without healthcare is 5-6%. With the political “Herd Inmunity Policy” the ordinary healthcare provision becomes saturated and the CFR or death rate becomes a lot closer to 6% than the 0.5% or less if the healthcare system does not become saturated. Hence eventually the political “do nothing” “Herd Immunity Policy” thought up by unelected idiots driven by the whims of neo-liberal vested interests very quickly became discredited.

[2] With SARS-CoV-2 there is currently no indication what so ever that the virus is in any way seasonal. The only “seasonal” effects described can be as equally well described by the likely amount of Vitamin D people have in their system thus the state of their immune system.

vas pup May 14, 2020 2:59 PM

@Clive and interested bloggers:

Brain signal measurement using printed tattoo electrodes

“Researchers have developed ultra-light tattoo electrodes that are hardly noticeable on the skin and make long-term measurements of brain activity cheaper and easier.

First ever MEG-compatible dry electrodes

The new tattoo electrodes are the very first dry electrode type that is suitable for long-term EEG measurements and at the same time compatible with magneto-encephalography (MEG). MEG is a well-established method for monitoring brain activity, for which so far only so-called “wet electrodes” can be used. Such electrodes work on the basis of electrolyte, gel or an electrode paste, and thus dry out quickly and are unsuitable for long-term measurements. The new generation of tattoo electrodes consists exclusively of conductive polymers, i.e. it does not contain any metals which can be problematic for MEG examinations, and is printed exclusively with inkjet. “With our method, we produce the perfect MEG-compatible electrode while reducing costs and production time,” says Greco happily.

The TU Graz researcher is currently spinning ideas on how this technology can be used in clinics and in neuroengineering
===>>>as well as in the field of brain computer interfaces.”

Clive Robinson May 14, 2020 5:32 PM

@ vas pup,

… as well as in the field of brain computer interfaces.

Hmm “longterm”, how long term?

We already know that some countries (India being one) are already looking at brainwaves as the new “lie detector”…

I can just see some dictator of a Police State or it’s more modern equivalent looking to have these installed on everyone with some kind of “remote interface” just to make “police work” more efficient / low cost / etc.

Obviously it would need an AI backend to ensure that any results will be accepted “as is” (as computer never lie) into a court…

Just what every authoritarian following judicial system needs, “show trials for television” entertainment for the masses…

MarkH May 15, 2020 5:37 AM


… if you fail to vote, you may regret it.

Who wins in some upcoming elections (not only in the U.S., I suppose) will surely have life-and-death consequences.

For the record, I

(a) cited an article by David L. Katz proposing the “herd immunity policy,” and explained why the logic made sense to me, and why I thought it was worth considering;

(b) in the same thread, observed that the Dr Katz argument was predicated on about 99% of infections needing no special medical attention, which was not supported by data either then or now; and

(c) pushed back on provably false statements about herd immunity.

It seems to me that for the most part, I have discussed policy proposals without “taking a stand” on what’s the best thing to do. This would require a Solomonaic wisdom I don’t find in myself.

For example, I’ve seen new projections of how many of the poorest in the human family are expected to be at risk of death from starvation, in consequence of the global economic contraction.

That number may exceed the total deaths expected if no effort were made to check the spread of the pandemic.

What is the most moral course of action? The answer is far from clear to me.

In contrast, what so many countries (including mine) are doing is incurring enormous costs from counter-spread measures, without making them comprehensive enough to really control the disease.

Surely that is wrong: it’s the worst of both worlds.

I often think of words attributed to Winston Churchill, “there’s something to be said for making war on the Bolsheviks, and something to be said for making peace with the Bolsheviks … but nothing to said for the present policy.”

Which I suppose brings us back to the start: in most of the world, the hideous wrong steps have been taken, and the best opportunities lost. There’s no power on heaven or Earth that can change that now.

The best hope is for governments which will assemble the best talent, take strong and decisive action to marshal their resources jointly with private entities, and be guided by data and science.

Let’s hope that enough voters will understand this.

Trudi Fenster-Klotz May 15, 2020 9:14 AM


best hope is for governments

Perhaps a few grains of salt. E.g. –

Hong Kong is doing even better, in a way, than Taiwan.

Population ~ 7.5 million, ~ 1000 cases, ~ 5 deaths, response organized directly by the citizens

This in the presence of interference by the government.

Today we are all Hong Kong-ers. The person in the street needs to sift sift sift and do their own thinking. Healthy politics, then afterwards practical common good.

And as a happy by-product, this also wipes away the peer review paradox, and imperialistic modelling.

vas pup May 15, 2020 5:55 PM

@Clive Robinson • May 14, 2020 5:32 PM
Thank you! I agree that with ANY good technology implementation could serve evil. But, and you confirmed this statement multiple times on this blog: technology is neutral, but application of it is not.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.