I too have wanted to shoot the Internet, and/or Comcast.

Multiple bullets hit Xfinity fiber cable, causing outage in Oakland:

The outage happened before 5 a.m. Sunday after a shooting near the city's Eastmont Mall, and affected about 20,000 customers across Oakland, according to an Xfinity spokesperson. The outage affected all of Xfinity's services, including Internet, TV, phone and home security systems.

Normally you only see that kind of marksmanship in superhero movies.

Previously, previously, previously, previously.

Tags: , , ,

Mammals can breathe through anus

"We ass-blasted these mice with an air compressor, and then when we drowned them, they took longer to die! I fucking love science!"

In the new study, Takebe and his collaborators provide evidence for intestinal breathing in rats, mice, and pigs. First, they designed an intestinal gas ventilation system to administer pure oxygen through the rectum of mice. They showed that without the system, no mice survived 11 minutes of extremely low-oxygen conditions. With intestinal gas ventilation, more oxygen reached the heart, and 75% of mice survived 50 minutes of normally lethal low-oxygen conditions.

Because the intestinal gas ventilation system requires abrasion of the intestinal muscosa, it is unlikely to be clinically feasible, especially in severely ill patients -- so the researchers also developed a liquid-based alternative using oxygenated perfluorochemicals.

Previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , ,

Google says it is good for their business if their competitors' cars kill more people.

Waymo sues California DMV to keep driverless car crash data from being made public:

The lawsuit argues that releasing this information to the public would put Waymo at a competitive disadvantage.

Making public the process by which Waymo analyzes crashes "could provide strategic insight to Waymo's competitors and third parties regarding Waymo's assessment of those collisions from a variety of different perspectives, including potential technological remediation," the company argues.

Moreover, it could have a "chilling effect" on the entire autonomous vehicle industry. "Potential market participants interested in deploying autonomous vehicles in California will be dissuaded from investing valuable time and resources developing this technology if there is a demonstrated track record of their trade secrets being released," Waymo claims.

Let's be crystal clear about what they're saying here:

"Technological remediation" means "how make car not crash".

if Google's competitors knew more about how the Waymo robots avoid killing people, that would allow their competitors to also kill fewer people, and that would be bad for Google's business. In fact, they claim it would have a "chilling effect" on the entire autonomous murderbot industry.

Google would prefer that their competitors' cars kill more people than their own, because that makes LINE GO UP.

They are saying the quiet part out loud.

Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , , , , ,

Great Moments in Patents: All Skeletons Are Bastards

US1749090A: Apparatus for obtaining criminal confessions and photographically recording them:

The primary object of my invention is the provision of an apparatus for the creation of illusory efiects calculated to impress the subject with their being of a supernatural character and to so work upon his imagination as to enable an inquisitor operating in conjunction with-the recording system to obtain confessions and graphically record them by light action under the control of electric impulses governed by varying intensities of sound waves. [...]

The skeleton 16 is arranged in front of the panel 8, with its feet resting upon the glass top of the light chamber 14, the lights 27 mounted in this chamber being adapted to flood the entire skeleton from the feet up, while a second source of light 28 mounted upon the panel 8 over the skull of the skeleton, as shown in Figure 1, is adapted for additional flooding from an opposite direction, the purpose being to produce the appearance of an apparition having a translucent outer, or astral body, and a diaphanous veiling constituting the so-called aura, the lighting being of a character adapted to flood with a ghostly light and to bring out clearly the skeleton's outlines. To add to the mystification, the bulbs 22, forming the eyes of the skeleton, will be caused to blink, upon the subjects replying to questions while under examination, this blinking resulting from the variations in the sound waves as governed by the microphones controlling the electric circuits; [...]

The light bulbs 22 are of either the usual evacuated order, or gas filled, but differ in that one-half of the bulb is of blue color, while the other half is of red, to meet the double requirements of the emitted light, the blue being used as better adapted for the recordation of the sound waves, and the red for the purpose of imparting to the eyes of the skeleton an unnatural ghastly glow. [...]

A megaphone 32 is arranged for the convenience of the examiner, in questioning a suspect, the outer end of said megaphone being connected to the skull of the skeleton in such manner that the voice of the operator appears to come from the mouth of the skeleton.

Previously, previously, previously, previously, previously.

Tags: , , , ,

DNA Lounge: Wherein 'This shouldn't be our job'

Emma Silvers in The Chronicle:

As the omicron variant began to surge last month, some in the Bay Area arts community saw the waves of cancellations as reminiscent of the pandemic's early days, when shelter-in-place orders brought live events to a screeching, definitive halt. But there's a glaring difference this time around: Event organizers and performers are the ones doing the canceling. That's because local officials' current approach to restrictions is a stark contrast to the position they took in March and April 2020. Namely, there aren't many. [...]

"We could have gone through with the show and no one would have stopped us, which is a little insane," Goff told The Chronicle a few weeks later. "The reality is, we as musicians are not qualified to be making these decisions." [...]

"You're backing people into a corner," said Patrick Brown, founder of San Francisco music label Text Me Records. "When it comes down to it, most people will risk their health rather than go bankrupt if you're not giving them any other options." [...]

Indeed, in the absence of new citywide mandates, an increasing number of Bay Area venues have voluntarily adopted new policies aimed at keeping staff and attendees safe. [...]

"We are getting no guidance or support from the city," DNA Lounge owner Jamie Zawinski told The Chronicle. Zawinski referred to Breed's recent statements as "the Trump approach: telling people to 'personal choice' their way out of a structural, societal problem."

"If the mayor cared about protecting people rather than protecting capital, all restaurants and bars would be closed right now ... (but) for us to just unilaterally close down, while every other nightclub is going full speed ahead, isn't really an option. For that to happen, we would need support from our government, both legal and financial, and that support doesn't exist anymore." [...]

Low ticket sales due to COVID fears aren't helped by the reality that people don't want to buy tickets if they're not sure a show will actually happen. Then there's the fact that most hourly venue staff have no safety net when they're called off work because a performance was canceled -- as opposed to when clubs were shuttered and they could file for unemployment.


The reason the Tuesday Noon sirens haven't returned:

A new system was installed in 2005, which was then hacked in 2018, and fixing that exploit apparently requires replacing the entire communications infrastructure. SFDEM has been downplaying this and referring to this security firedrill as simply "upgrades".

tl;dr version --

I keep seeing articles asking what happened to the sirens, and then answering themselves that they "are antiquated" and "need repairs", which sounds like they're rusty or something. But what really happened was, in 2018 the siren network was hacked because it had no encryption.

The vendor claimed to have immediately rolled out a fix, and then in 2019, San Francisco shut the entire system down for what they believed at the time would be two years. For "upgrades". So, upgrading this system, which had been going off weekly since 1945 necessitated shutting the whole thing down immediately. Not, like, acquiring the budget and the equipment; testing it; staging it; and then shutting down the old system, no. Something was so badly wrong with it that they decided to completely scrap this piece of security infrastructure. Keeping it running at all was judged to be more dangerous than not having it at all.

That sounds like an active exploit in the wild, to me. That sounds like "the only way to prevent this attack is to replace the entire system". My guess is that the fix they came up with is to go with a new vendor entirely. Why is it so expensive? One guess would be that the new vendor uses a different communication system that requires replacing the radios and antennae on all of the horns.

But since SFDEM has been completely silent about what's involved in this "upgrade" (E.g., what is being replaced? Why? Who are the new vendors?) we have no way of knowing.

Here's a timeline that I was able to scrape together:

1942: Sirens installed. This page went online in 2015 and hasn't been updated since, but describes the 2005 system:

Each device is capable of playing up to seven different tones. The most common one is a "wail".

Voice messaging can either be: 1) pre-recorded on a chip installed in each device; 2) broadcast from the Department of Emergency Management through a recorded message or a live message; or 3) broadcast through the use of a mobile transmitter. [...]

Public safety mobile and portable radios can be remotely programmed to patch into the siren devices to allow the operator to make emergency announcements. [...]

Siren devices can be pre-programmed into a variety of groups for specific announcements. One such group is the Tsunami Warning group for sirens located in the inundation areas of the City.

I haven't found any technical details on how that original system worked, or what kinds of upgrades (if any) were made to the signalling network between 1942 and 2005. That probably means that the answer is "none". It's unlikely that the WWII-vintage system was hard-wired, so it's fair to assume that the old analog system was also trivially exploited by anyone who knew the frequencies and signaling protocol.

Oct 1995: Emergency Sirens Fail to Wail:

Nine of San Francisco's 49 emergency sirens, including one at the Ferry Building, failed to go off as scheduled during Tuesday morning's test, officials disclosed yesterday.

"These sirens were built in 1942, and many of them need repairs," said Frank Schober, coordinator of the Mayor's Office of Emergency Planning.

Schober hopes to replace all 49 of the 500-pound electromechanical devices with lighter electronic sirens. The cost would be about $125,000 a year with the job spread over five years.

Nov 2004: It's kaput for those old air-raid sirens:

The old air-raid sirens that have been sounding in San Francisco every Tuesday at noon since World War II are being replaced with a state-of-the-art emergency warning system that can be used to alert the public in the case of earthquakes, tsunamis, bioterror attacks or other disasters, Mayor Gavin Newsom said Tuesday. [...]

San Francisco's old system has fallen into disrepair over the years, with only about a dozen of the original 50 sirens in working order. Officials are replacing the old mechanical devices with a digital system that will be both siren and public address system. They will be located in 65 locations in the city.

The federal government provided a $2.1 million Homeland Security grant to pay for the upgraded system. The new devices are expected to be fully up and running in January.

By 2005, the siren system was being described as "new", so 2004 or 2005 is when the WWII-vintage analog system was replaced with a digital radio network. Sorry, I meant to say a "state of the art" digital radio network. So how did that work out? Let's check in...

Nov 2005: Hearings urged on faulty siren system:

Mayor Gavin Newsom and Board of Supervisors President Aaron Peskin called separately Tuesday for public hearings to educate residents about flaws found with the city's new emergency siren system.

City officials say the sirens, an early warning system for disasters, aren't loud enough and can be heard in only 50 to 60 percent of the city rather than the 90 percent called for in the contract with Acoustic Technology Inc. The city attorney sent a letter to the contractor Friday claiming breach of contract and demanding that the problems be resolved by the end of the year.

After that, I don't see any press about the sirens for a few years, until a couple incidents where they mysteriously went off at unplanned times. And then... womp womp...

Aug 2012: Emergency siren accidentally activated:

San Francisco emergency officials activated a warning siren Sunday afternoon, triggering some confusion among residents. The siren, which sounded around 3:45 p.m., was activated accidentally, and there was no emergency, according to the San Francisco Department of Emergency Management.

Nov 2014: Officials investigate after outdoor sirens triggered at odd hours:

Outdoor emergency sirens in San Francisco were accidentally triggered late Saturday and early Sunday morning, according to the San Francisco Department of Emergency Management. The sirens were temporarily out of service on Sunday afternoon as city crews conducted testing to determine the cause.

Alarms went off around 11 p.m. Saturday in the Bernal Heights, Noe Valley and Hunters Point neighborhoods, the Bayview District, City Hall, and other areas, but there is currently no known emergency that would have triggered the alarms, department spokesman Francis Zamora said.

Alarms around the city went off again around 5 a.m., he said.

Apr 2018: SF's emergency sirens had a security bug -- it's fixed now:

San Francisco officials have been quietly scrambling since early February to patch a security vulnerability in the city's outdoor alert system that, if left unaddressed, could have allowed hackers to seize control of the city's network of 114 emergency sirens.

On Thursday, the Department of Technology announced that the problem had been fixed. [...] The technology department declined to share the specifics of the vulnerability, other than to say that it had to do with how electronic signals were being encrypted as they were being relayed across the alert system.

"It's fixed now", huh?

Apr 2018: This Radio Hacker Could Hijack Citywide Emergency Sirens to Play Any Sound:

Now, after two-and-a-half years of patiently recording and reverse-engineering those weekly radio communications, Seeber has indeed found that he or anyone with a laptop and a $35 radio could not only trigger those sirens, as unknown hackers did in Dallas last year. They could also make them play any audio they choose: false warnings of incoming tsunamis or missile strikes, dangerous or mass-panic-inducing instructions, 3 am serenades of death metal or Tony Bennett. And he has found the same hackable siren systems not only in San Francisco but in two other cities. [...]

When WIRED reached out to ATI Systems, the company responded that "the vulnerability is largely theoretical and has not yet been seen in the field." It also argued that Bastille had broken the law with its research by violating FCC regulations against intercepting and even merely divulging the existence of government radio signals without authorization. But in a statement it sent to Bastille after the researchers warned ATI about its security flaws, ATI wrote that Bastille's findings are "likely true" and that it's testing a software update it plans to roll out soon.

Apr 2018: SirenJack White Paper (PDF), and CVE-2018-8862:

No no no -- thank you!
The SirenJack vulnerability is distinct from the replay attack that struck the Federal Signal-manufactured Dallas tornado warning system on April 7th, 2017. The older Dallas system used Dual Tone Multi Frequency (DTMF) tones to activate the system over an analog radio link. It is trivial to record the audio of those tones (e.g. on a laptop or tape recorder), and then replay them on the same frequency while transmitting. The activation 'code' usually is fixed, and therefore can be accepted multiple times. [...]

The proprietary digital radio protocol used by ATI to control the San Francisco OPWS was found to have no encryption. As messages were sent in the clear, the patterns of changing elements became easy to interpret. These patterns could be extrapolated to craft malicious messages that conform to the protocol's format and therefore look legitimate, such as activation commands to trigger false alarms. In a deployment where regular testing takes place, knowledge gained by passive observation of test activation commands can be used to trigger the siren system in that deployment at will. [...]

The protocol does not draw on any truly secure practices to prevent analysis of the relevant fields, and thwart potential interference with the system. It is therefore vulnerable due to its reliance on security through obscurity. [...]

A Proof-of-Concept was demonstrated on an ATI siren node with a single horn at a low volume at an isolated location. A modulator and transmitter were created using GNU Radio and a USRP B200mini SDR. Knowledge of the protocol gained by passive observation of two active deployments (San Francisco, CA and Sedgwick County, KS) provided sufficient information to enable the crafting of legitimate activation commands for this node, the configuration for which was unknown. [...]

ATI has stated they have worked on increasing the level of security of their radio protocol, and this fix has now been reported to be rolled out across San Francisco's OPWS. During the weeks leading up the public disclosure, the OPWS frequency in San Francisco was active with an increasing number of packets that displayed higher entropy (appeared random), and activation commands in San Francisco have no longer been seen in the clear since public disclosure. No cryptanalysis has been performed to determine the efficacy of the fix. Details of remediation steps have not been made available publicly.

Oh, so the fix has been rolled out in San Francisco, huh? Let's see how that's going....

Dec 2019: Upgrades will silence sirens for two years:

The last scheduled siren test is planned for Dec. 10 before a hardware and software overhaul expected to cost up to $2.5 million takes them offline.

The upgrades -- the first since 2005 -- are intended to make the sirens more reliable and secure from outside tampering, the city's Department of Emergency Management said in a statement.

The two-year outage is necessary so that the city can test new specialized equipment before upgrading all 119 sirens.

Securing the sirens has been an issue for the city recently. Last year, the Department of Technology, which maintains the sirens, disclosed that it spent months trying to patch a security vulnerability that, if left unaddressed, could have allowed hackers to seize control of the sirens.

Dec 2021: Siren system stays silent after original upgrade deadline:

The Outdoor Public Warning System, which dates back to World War II, was silenced in December 2019 due to security concerns.

Upgrades were originally expected to take two years, but the city isn't any closer to finishing the project now. Zamora said it's because the COVID-19 pandemic response altered spending priorities.

Jan 2022: Tsunami advisory wouldn't have triggered SF's emergency sirens, but why do they remain silent?

"Right now the sirens are offline and they are offline due to the fact that there were some significant security issues related to the technology," said Mary Ellen Carroll, Director of San Francisco's Department of Emergency Management. "So, we had to take them offline about two years ago."

The city's Department of Emergency Management says this tsunami advisory would not have triggered an outdoor alert even if it were up and working because of the low risk to the area. Director Carroll says the department relied on first responders securing the beach and existing wireless technology to push alerts to the mobile devices of those who have opted into AlertSF and if necessary even to those who have not. "We would not have sounded the sirens for this alert, and we did use AlertSF, out texting alerts to let people know what was going on," said Carroll.

During the 2018-2022 period, we also got a lot of journalistic malpractice like this article on Curbed, which is what happens when so-called journalists just publish press releases without asking any real questions:

Why is it being repaired? It's antiquated. San Francisco will invest between $2,000,000 to $2,500,000 in upgrades to the bring the OPWS up to snuff. Upgrades will include new hardware that will improve the reliability system.

But we can always rely on the @SFSiren twitter account to tell the truth:

Nov 9, 2021: It's my #Twitterversary! I have been on Twitter for 12 years, since 10 Nov 2009

Nov 9, 2020: It's my #Twitterversary! I have been on Twitter for 11 years, since 10 Nov 2009

Mar 16, 2020: @SFSiren Retweeted @mjg59: San Francisco, noon tomorrow: the entire population leaning out of their windows and making the emergency siren noise

This is a test. This is a test of the outdoor warning system. This is only a test.

This is a test. This is a test of the outdoor warning system. This is only a test.

This is a test. This is a test of the outdoor warning system. This is only a test.

This is a test. This is a test of the outdoor warning system. This is only a test.

Here are some questions that I still have. If you are a journalist with enough clout that SFDEM will take your calls, how about you try and get these answers?

  1. What actually happened in 2012 and 2014 when the sirens were going off unscheduled? You're probably going to need to FOIA the incident reports to get a straight answer about this.

  2. What happened in 2018 when "officials" were "scrambling" to fix the security problem? What was their understanding of the exploit? What specific actions were taken?

  3. Was the exploit considered to have been mitigated? If not, why was the system left operational between Apr 2018 and Dec 2019?

  4. Why was the system completely shut down in Dec 2019? Was it because of the exploit discovered in 2018? Please note, "we needed to test new specialized equipment" does not answer the question of why the existing system was taken completely offline.

  5. What are the details of the plan for bringing the system back online? What hardware will be replaced? What vendors and what products are involved? What security analysis has been performed on the new products?

But those are just the questions that I would be asking, if I was a journalist. What do I know.

Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , ,

DNA Lounge: Wherein we're saying goodbye to Bootie

I am sorry to say that Saturday, Feb 12 will be the final Bootie at DNA Lounge. There's one more remaining before that, this Saturday, Jan 29.

Bootie began as a monthly party at Cherry Bar (formerly Covered Wagon, later Codeword) in August 2003. They first joined us here at DNA Lounge in February 2005, when they began hosting the Lounge during our monthly Pop Roxx parties. Then, having outgrown Cherry Bar, Bootie moved to DNA Lounge as a monthly party starting in March 2006. It was an immediate hit, doing impressively higher numbers than the tiny CW room had allowed. By February 2008 we expanded it to twice a month, then to weekly in October 2009, and eventually to four rooms in October 2012.

Bootie was more than just another DJ dance party; every event included a hugely varied cast of underground and alternative performers -- drag, burlesque, aerialists, circus arts. At the height of its power, Bootie was not only giving those performers access to a huge audience that would otherwise be inaccessible to them, but it was also exposing that audience to a wide variety of performance art that many of them had never seen before. And that's a public service. At every event, you could look down at the crowd at the edge of the stage and see a bunch of faces looking up in amazement, with "what the fuck am I even seeing right now?" written all over them.

And when Bootie first started at DNA, it was also one of the horniest crowds I had ever seen. You don't even know.

For many years, it was far and away our most successful event. Bootie was what paid the bills and kept the lights on. When other events were slow, or there was a bad month, at least there was Bootie. In fact, Bootie's great attendance in the 2010-2012 era was a contributing factor to our decision to expand into next door and open DNA Pizza and Above DNA: we needed the space!

But, what goes up must come down...

We started getting concerned about Bootie's attendance around 2017, and we tried a bunch of different things to reverse the trend. We switched it to 18+, and then we began spending a huge amount of money on promotion, not just online advertising but also getting posters and flyers wayyyy out into the suburbs. Our thinking was, "It's a pop party on a Saturday. If people aren't showing up, it's because we aren't reaching them."

Though, to me -- and not all of our team agree with me on this -- one of the biggest red flags was when we reached the point where half of the people coming in immediately asked our staff, "Where's the hiphop room?" They came to Bootie, but they weren't here for Bootie. What they wanted to hear was exactly the same music you can hear for no cover at every corner bar in town, or any town. And they sure had no interest in seeing a drag show. What made Bootie unique wasn't what drew them to us: they were here just because it was a Saturday. The "community" aspect of the party had faded.

Anyway, that aside, our big promotional push actually seemed to be working! In mid- to late-2019, our Bootie attendance numbers began trending upward again...

And then, oops, pandemic. And it never really recovered.

Now obviously everything has sucked in 2021 and 2022, across the board, but even in comparison to our other events, Bootie was in the ICU. So, it was time for it to stop being weekly. We hoped that it could recover as a monthly, and we were planning on giving that a shot beginning next month. But, Adriana decided that instead of continuing at DNA as a monthly, she'd rather find a smaller room and take Bootie to another venue. We wish her the best of luck.

It's a bummer, and we will miss Bootie, but 16 years (or 19, depending on how you count) is an incredibly long lifetime for a party. It is nearly unprecedented.

We hope to see you at those final two parties! Masked and boosted.

Dooooooooon't stop........ belieeeeeeeeeeevin'........


Hacker Takes Over Numbers Station For Rickrolls And Memes

Buzzer is a Russian military station currently haunted by radio pirates:

Mysterious Russian shortwave radio station UVB-76, known as The Buzzer, normally broadcasts nothing but indecipherable beeps and numbers. But recently it has started to take music requests and post memes, after hackers seemingly took control of the channel for their own purposes. "Aboba" a voice repeatedly said over the station earlier today, before proceeding to blast Russian rave music.

The Buzzer, a Russian numbers station in use since the Cold War, became a sensation on the internet in the late 2000s thanks to 4Chan, and ever since people have wondered about the channel's origins and purpose. It's been especially good fodder for online creepypasta and paranormal enthusiasts because of the mysterious voices that occasionally read out nonsensical chains of numbers and words.

This week, however, it was home to Guy Fawkes masks, Discord pings, and Rick Astley's "Never Gonna Give You Up," as listeners gathered around YouTube streams for The Buzzer to witness the ghostly mashup.

Previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , , , , , ,

Users mourn the loss of top stolen credit card site

Can you imagine a breathlessly credulous article like this being written about someone who found their path to financial independence through smashing car windows and selling fentanyl-tainted cocaine?

Among those lamenting the loss is Player 456, a 27-year-old based in Ghana. "UniCC was credible and affordable. That's why I'm really heartbroken."

When COVID-19 struck Ghana in 2020, the government introduced lockdowns that impacted Player 456's livelihood. "I work in the events industry," he says. "You can guess how business went." Looking to make cash, he spoke to a friend who suggested he get into online fraud. [...]

For Player 456, it was an eye-opener. Alongside the ability to buy access to compromised credit cards, which could be used for illicit online shopping sprees, the site also held a database of stolen U.S. Social Security numbers. Those numbers allowed people to file fraudulently for unemployment benefits, depositing the cash in U.S.-based dupe accounts they gained access to via UniCC. [...]

"UniCC gave me a way out to turn my finances around -- even though I realize it was at the peril of someone else on the other side of the world," he says. "I see people suffer because they have no money. Graduates, people whose jobs they've lost because of COVID. I hoped they'll all get a chance like I did. But now it's gone."

Tags: , , , , ,

Every un-shredded car is a policy failure

Previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , ,

  • Previously