I lead a charmed life and have the best barber.
841 stories
·
8 followers

The American housing crisis is a theft, not a shortage

1 Share

jbhemlock:

mitchipedia:

Economics From the Top Down: Since Reagan, the US has been on a massive policy of redistributing wealth from the poor to the rich.

By returning this stolen money, the US housing crisis would evaporate. No, I’m not kidding. If the United States were to undo its experiment with rampant inequality and return the distribution of income to the levels found in 1970, the housing crisis would disappear.

via

This is the thing that a many people don’t seem to realize: The current economic situation - some might call it a kleptocracy - didn’t just happen. It was deliberately set up this way, over time.

There’s a housing crisis because we allow hedge funds to buy up homes and become landlords. If you own a pet and have lamented the rising cost of taking them to the vet, look and see if your local vet was bought out by a hedge fund.

The current state of the economy can be changed. We’re not talking about rewriting the laws of physics here. You don’t have to simply accept that things are the way they are.

Read the whole story
Share this story
Delete

Pluralistic: Blue states should play "constitutional hardball" (18 Oct 2024)

2 Comments


Today's links



Blind Justice as an old woman on a throne. Her head has been replaced with the blindfolded head of Lady Liberty. On one of her balance scales stand a Klansman, a gun-waving clown, and a sinister figure in a business-suit. On the other scale is a bucking Democratic mule. Watching this scene are a midcentury family - father, mother, young daughter - holding hands. In the background is a 19th century map of the USA.

Blue states should play "constitutional hardball" (permalink)

Nothing's more frustrating that watching the GOP smash norms and decency to advance policies that harm millions of Americas, unless it's that, plus Democratic officials stamping their feet and saying, "C'mon guys, play fair."

The GOP's game is called "constitutional hardball." Think: Mitch McConnell refusing to hold confirmation hearings on Obama's federal judiciary appointments, not never for Merrick Garland's Supreme Court seat – then filling the Federal judiciary with the least-qualified, most FedSoc-addled lunatics in US history, all for lifetime appointments.

As bad as this is at the federal level, it's even worse at in the states, especially the Republican "trifecta" states where the GOP holds the governorship and the state house and senate, where shameless gerrymandering and legislative attacks on hard-won ballot measures are the order of the day. GOP-held state governments engage in rampant interstate aggression, targeting out-of-state abortion providers, publishers, and journalists.

This is a one-sided Cold Civil War, because state Dems, for the most part, are unwilling to play hardball in return (the closest they come is when, say, California sets strict emissions controls and manufacturers adopt them nationwide, rather than making special cars for the giant California market). Republicans engage in constitutional hardball and Dems refuse to fight back, a phenomenon called "asymmetrical constitutional hardball":

https://columbialawreview.org/content/asymmetric-constitutional-hardball/

Writing for The American Prospect, Arkadi Gerney and Sarah Knight make the case for symmetrical constitutional hardball:

https://prospect.org/politics/2024-10-18-playing-hardball/

The pair argue first, that the best way to get Republican state houses to play fair is to credibly threaten them with retaliatory action. They cite the recent attempt at a last-minute change the way that Nebraska's Electoral College votes are apportioned, which would have given all of five the state's EC votes to Trump. Maine threatened to effect the same change to its Electoral College system, which would have given all four of its EC votes to Harris. Nebraska surrendered.

But there's also a second advantage to playing Constitutional Hardball: it makes blue states better. For example, Minnesota gives free college tuition to exceptional low/middle-income students. Neighboring North Dakota got tired of losing all its smartest kids Minnesota schools and created its own subsidy. As Gerney and Knight point out, Minnesota (and other blue states) still has a huge advantage when it comes to attracting top talent, because attending university in a state with legal abortion is vastly preferable (and safer) than doing a degree in a forced-birth state.

Red states are bent on making life horrible for some really great people. The hardworking, talented Haitian migrants caught in the Springfield pogroms that Trump incited would be a fine addition to any blue state town – anyone who's got the gumption to haul ass out of a failed state and make their all the way to Springfield is gonna be a fantastic neighbor, citizen and worker, just like my refugee grandparents and father, who endured a million times more hardship than their neighbors ever did, getting to Toronto, finding jobs, and starting their family.

Influxes of young, hardworking immigrants are especially good for rural towns with dwindling populations. No wonder rural towns with above-average net migration swung for Biden in 2020.

All over America, families are despairing of their lives in red states. Whether you're worried that you or someone you love might need to terminate a pregnancy, or you're worried about gender-affirming care for you or a loved one, you can put your worries to rest in a blue state. Same goes for nurses and doctors who are worried they can't do medicine unless it accords with the imaginary dictates of Bronze Age prophets as claimed by pencil-neck Hitler wannabe Bible-thumper with a private jet and a face from Walmart. Fill the blue states with great schools, libraries and hospitals, and invite everyone who wants to do their job in a free country to come and work at 'em. Line every state border with abortion and mifepristone clinics, and set up billboards advertising the quality of life, the jobs, and the freedom in blue state America.

Every blue state public pension fund should ban investments in fossil fuels, and invest like crazy in renewables, especially in Texas, to hasten the bankrupting of the petro-kleptocracy that controls the state. Blue states should tack surcharges on goods imported from "right to work" states where unions are effectively banned, to compensate for the additional product testing needed to ensure that scab products are safe to use (ahem, Boeing).

Create joint occupational licensure rules across blue states: if you're certified as a teacher, nurse, hairdresser or auto-mechanic in New York, you should be able to carry that certification with you to Minnesota, California, or Maine. Create multi-state funding pools to build public housing. Offer med-school scholarships to the smartest red state kids, at universities where they'll learn evidence-based obstetrics rather than the Lysenokist nonsense taught at the Roy Moore College of Pediatrics and Obstetrics.

Dems have to get over their fear of "states' rights" and start playing state-level hardball. This doesn't mean escalating cruelty. Quite the contrary: every cruel measure enacted as red state red meat is a chance for blue states to extend a kindness, and capture even more of the best, brightest and kindest of the nation, creating a race to the top that Republicans can only win by abandoning their performative cruelty and corruption.


Hey look at this (permalink)



A Wayback Machine banner.

This day in history (permalink)

#20yrsago Interview with me on All About Symbian https://web.archive.org/web/20041209231331/http://www.allaboutsymbian.com/features/viewarticle.php?id=110

#20yrsago Weinberger: Photo-organizing infocalypse looms https://web.archive.org/web/20040715000000*/http://www.wired.com/wired/archive/12.10/photo.html

#10yrsago Comcast not welcome in Worcester, Mass thanks to bad customer service https://arstechnica.com/information-technology/2014/10/its-a-terrible-company-comcast-not-welcome-in-city-council-says/

#10yrsago Justin Hall at XOXO https://www.youtube.com/watch?v=mE6xyFyv7xk

#10yrsago Umbrella Revolution protesters retake the streets https://web.archive.org/web/20141020034358/http://www.worldaffairsjournal.org/content/chaos-hong-kong-protest-camp-police-use-batons-pepper-spray-repel-surge-protesters

#10yrsago CTO of NSA is moonlighting for Keith Alexander’s blue-chip rent-a-cybercops https://www.theguardian.com/us-news/2014/oct/17/senior-nsa-official-moonlighting-private-cybersecurity-firm

#10yrsago If you don’t agree to the new Wii U EULA, Nintendo will kill-switch it https://www.eff.org/deeplinks/2014/10/nintendo-updates-take-wii-u-hostage-until-you-agree-new-legal-terms

#10yrsago Canadian government threatens bird watchers for writing concerned letter about bee die-off https://www.cbc.ca/news/politics/revenue-canada-targets-birdwatchers-for-political-activity-1.2799546

#5yrsago Design fiction, politicized: the wearable face projector https://www.youtube.com/watch?v=_PoudPCevN0

#5yrsago Cable is bullshit, and so is 5G: give me fiber or give me death! https://www.eff.org/deeplinks/2019/10/why-fiber-vastly-superior-cable-and-5g

#5yrsago Relatives and cronies of Cambodia’s dictator have bought “golden passports” from Cyprus and exfiltrated millions https://www.reuters.com/investigates/special-report/cambodia-hunsen-wealth/

#5yrsago Berkeley city council unanimously votes to ban facial recognition technology https://www.eff.org/deeplinks/2019/10/victory-berkeley-city-council-unanimously-votes-ban-face-recognition

#5yrsago Greta Grotesk: a font based on Greta Thunberg’s hand-lettered signs https://drive.google.com/file/d/1f6JdU9jG6J69mngi5-xYwbKXtCcnslJo/view

#5yrsago Leaks reveal how creepy, cultish monopolist Intuit lobbied Congress and the IRS to kill free tax-filing https://www.propublica.org/article/inside-turbotax-20-year-fight-to-stop-americans-from-filing-their-taxes-for-free#168905

#5yrsago 6 years after expose revealed docs taking millions from pharma companies, it’s only getting worse https://www.propublica.org/article/we-found-over-700-doctors-who-were-paid-more-than-a-million-dollars-by-drug-and-medical-device-companies#169337

#5yrsago Pacifica Radio ignores injunction, continues to play canned content on NYC’s WBAI https://gothamist.com/news/judge-rules-wbai-can-return-air-owners-refuse-comply

#5yrsago McSweeney’s: sure, Bernie is incredibly popular, but can he sway the “completely hateable assholes, who want what’s worst for everyone?” https://www.mcsweeneys.net/articles/bernies-policies-are-good-but-how-can-he-appeal-to-the-absolute-worst-people-ever

#5yrsago The first book collecting the new Nancy comic is incredibly, fantastically, impossibly great https://memex.craphound.com/2019/10/17/the-first-book-collecting-the-new-nancy-comic-is-incredibly-fantastically-impossibly-great/

#1yrago Deb Chachra's "How Infrastructure Works" https://pluralistic.net/2023/10/17/care-work/#charismatic-megaprojects

#1yrago What Americans want https://pluralistic.net/2023/10/18/the-people-no/#tell-ya-what-i-want-what-i-really-really-want


Upcoming appearances (permalink)

A photo of me onstage, giving a speech, holding a mic.



A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)



A grid of my books with Will Stahle covers..

Latest books (permalink)



A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025

  • Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025



Colophon (permalink)

Today's top sources:

Currently writing:

  • Enshittification: a nonfiction book about platform decay for Farrar, Straus, Giroux. Today's progress: 768 words (66349 words total).

  • A Little Brother short story about DIY insulin PLANNING

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS FEB 2025

Latest podcast: Spill, part one (a Little Brother story) https://craphound.com/littlebrother/2024/10/06/spill-part-one-a-little-brother-story/


This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

Read the whole story
Share this story
Delete
2 public comments
ScottInPDX
18 days ago
reply
"Dems have to get over their fear of "states' rights" and start playing state-level hardball."

Countersigned.
Portland, Oregon, USA, Earth
cjheinz
18 days ago
reply
How obvious! How did no one ever notice before?
Lexington, KY; Naples, FL

You should be using an RSS reader

1 Comment

nameless-sdk:

plotholes-and-spellingerrors:

mostlysignssomeportents:

A rifle-bearing, bearded rebel with crossed bandoliers stands atop a mainframe. His belt bears the RSS logo. The mainframe is on a floor made of a busy, resistor-studded circuit board. The background is a halftoned RSS logo. Around the rebel is a halo of light.ALT

On OCTOBER 23 at 7PM, I’ll be in DECATUR, GEORGIA, presenting my novel THE BEZZLE at EAGLE EYE BOOKS.

No matter how hard we all wish it were otherwise, the sad fact is that there aren’t really individual solutions to systemic problems. For example: your personal diligence in recycling will have no meaningful impact on the climate emergency.

I get it. People write to me all the time, they say, “What can I change about my life to fight enshittification, or, at the very least, to reduce the amount of enshittification that I, personally, experience?”

It’s frustrating, but my general answer is, “Join a movement. Get involved with a union, with EFF, with the FSF. Tell your Congressional candidate to defend Lina Khan from billionaire Dem donors who want her fired. Do something systemic.”

There’s very little you can do as a consumer. You’re not going to shop your way out of monopoly capitalism. Now that Amazon has destroyed most of the brick-and-mortar and digital stores out of business, boycotting Amazon often just means doing without. The collective action problem of leaving Twitter or Facebook is so insurmountable that you end up stuck there, with a bunch of people you love and rely on, who all love each other, all hate the platform, but can’t agree on a day and time to leave or a destination to leave for and so end up stuck there.

I’ve been experiencing some challenging stuff in my personal life lately and yesterday, I just found myself unable to deal with my usual podcast fare so I tuned into the videos from the very last XOXO, in search of uplifting fare:

https://www.youtube.com/@xoxofest

I found it. Talks by Dan Olson, Cabel Sasser, Ed Yong and many others, especially Molly White:

https://www.youtube.com/watch?v=MTaeVVAvk-c

Molly’s talk was so, so good, but when I got to her call to action, I found myself pulling a bit of a face:

But the platforms do not exist without the people, and there are a lot more of us than there are of them. The platforms have installed themselves in a position of power, but they are also vulnerable…

Are the platforms really that vulnerable? The collective action problem is so hard, the switching costs are so high – maybe the fact that “there’s a lot more of us than there are of them” is a bug, not a feature. The more of us there are, the thornier our collective action problem and the higher the switching costs, after all.

And then I had a realization: the conduit through which I experience Molly’s excellent work is totally enshittification-proof, and the more I use it, the easier it is for everyone to be less enshittified.

This conduit is anti-lock-in, it works for nearly the whole internet. It is surveillance-resistant, far more accessible than the web or any mobile app interface. It is my secret super-power.

It’s RSS.

RSS (one of those ancient internet acronyms with multiple definitions, including, but not limited to, “Really Simple Syndication”) is an invisible, automatic way for internet-connected systems to public “feeds.” For example, rather than reloading the Wired homepage every day and trying to figure out which stories are new (their layout makes this very hard to do!), you can just sign up for Wired’s RSS feed, and use an RSS reader to monitor the site and preview new stories the moment they’re published. Wired pushes about 600 words from each article into that feed, stripped of the usual stuff that makes Wired nearly impossible to read: no 20-second delay subscription pop-up, text in a font and size of your choosing. You can follow Wired’s feed without any cookies, and Wired gets no information about which of its stories you read. Wired doesn’t even get to know that you’re monitoring its feed.

Keep reading

You can get RSS feeds for the Fedex, UPS and USPS parcels you’re awaiting, too.

Your local politician’s website probably has an RSS feed. Ditto your state and national reps. There’s an RSS feed for each federal agency (the FCC has a great blog!).

OH WHAT?!?

@draconicrose:

#I’ve personally been using inoreader#RSS is king for keeping up with webcomics

I’m sunk-cost-fallacied into IR right now, but between constantly raising costs while reducing limits, and actively enshittifying their features (“monitored feeds,” and now starred/saved articles sorting)… Improved interface my [bleep].

Most alternatives seem to be worse, of course. Which they’re probably relying on.

Read the whole story
Share this story
Delete
1 public comment
ScottInPDX
21 days ago
reply
Preaching to the NewsBlur choir here, and I totally agree with Cory. The vast majority of the media I regularly consume comes to me via RSS.
Portland, Oregon, USA, Earth

Bobbing and weaving

1 Comment

Float like a lead zeppelin, sting like the police:

I wouldn’t do Aaron Rupar’s job for a million dollars. OK I would, but I wouldn’t do it for a half million. Unless the fringes were really good.

Steve the hurricane guy:

Magical realism novel, set in a world where TVs lose power when the wind stops blowing. Where people drive hydrogen cell cars which explode like the Hindenburg in every accident, incinerating beautiful women within. Where electric boats too heavy to float are designed, manufactured, and purchased with no one noticing. When they sink, the sharks attack, forcing a decision crisis. Hurricanes are nuked, million acre forests are raked, and C-130s drop 17 tons of water on ancient burning cathedrals. Governments fund everything from tariffs so high that nobody buys any imports.

I’ve seen things you people wouldn’t believe. (Every person who lived through this 30 years from now).

The post Bobbing and weaving appeared first on Lawyers, Guns & Money.

Read the whole story
Share this story
Delete
1 public comment
ScottInPDX
26 days ago
reply
"I’ve seen things you people wouldn’t believe."

I hope future people can laugh at us, not looking back like this was the last of the good times.
Portland, Oregon, USA, Earth

Turning Everyday Gadgets into Bombs is a Bad Idea

1 Comment and 4 Shares

I think turning everyday gadgets into bombs is a bad idea. However, recent news coverage has been framing the weaponization of pagers and radios in the Middle East as something we do not need to concern ourselves with because “we” are safe.

I respectfully disagree. Our militaries wear uniforms, and our weapons of war are clearly marked as such because our societies operate on trust. As long as we don’t see uniformed soldiers marching through our streets, we can assume that the front lines of armed conflict are far from home. When enemies violate that trust, we call it terrorism, because we no longer feel safe around everyday people and objects.

The reason we don’t see exploding battery attacks more often is not because it’s technically hard, it’s because the erosion of public trust in everyday things isn’t worth it. The current discourse around the potential reach of such explosive devices is clouded by the assumption that it’s technically difficult to implement and thus unlikely to find its way to our front door.

That assumption is wrong. It is both surprisingly easy to do, and could be nearly impossible to detect. After I read about the attack, it took half an hour to combine fairly common supply chain knowledge with Wikipedia queries to propose the mechanism detailed below.

Why It’s Not Hard

Lithium pouch batteries are ubiquitous. They are produced in enormous volumes by countless factories around the world. Small laboratories in universities regularly build them in efforts to improve their capacity and longevity. One can purchase all the tools to produce batteries in R&D quantities for a surprisingly small amount of capital, on the order of $50,000. This is a good thing: more people researching batteries means more ideas to make our gadgets last longer, while getting us closer to our green energy objectives even faster.

Above is a screenshot I took today of search results on Alibaba for “pouch cell production line”.

The process to build such batteries is well understood and documented. Here is an excerpt from one vendor’s site promising to sell the equipment to build batteries in limited quantities (tens-to-hundreds per batch) for as little as $15,000:

Pouch cells are made by laying cathode and anode foils between a polymer separator that is folded many times:

Above from “High-resolution Interferometric Measurement of Thickness Change on a Lithium-Ion Pouch Battery” by Gunther Bohn, DOI:10.1088/1755-1315/281/1/012030, CC BY 3.0

The stacking process automated, where a machine takes alternating layers of cathode and anode material (shown as bare copper in the demo below) and wraps them in separator material:

There’s numerous videos on Youtube showing how this is done, here’s a couple of videos to get you started if you are curious.

After stacking, the assembly is laminated into an aluminum foil pouch, which is then trimmed and marked into the final lithium pouch format:

Above is a cell I had custom-fabricated for a product I make, the Precursor. It probably has about 10-15 layers inside, and it costs a few thousand dollars and a few weeks to get a thousand of these made. Point is, making custom pouch batteries isn’t rocket science – there’s a whole bunch of people who know how to do it, and a whole industry behind it.

Reports indicate the explosive payload in the cells is made of PETN. I can’t comment on how credible this is, but let’s assume for now that it’s accurate. I’m not an expert in organic chemistry or explosives, but a read-through the Wikipedia page indicates that it’s a fairly stable molecule, and it can be incorporated with plasticizers to create plastic explosives. Presumably, it can be mixed with binders to create a screen-printed sheet, and passivated if needed to make it electrically insulating. The pattern of the screen printing may be constructed to additionally create a shaped-charge effect, increasing the “bang for the buck” by concentrating the shock wave in an area, effectively turning the case around the device into a small fragmentation grenade.

Such a sheet could be inserted into the battery fold-and-stack process, after the first fold is made (or, with some effort, perhaps PETN could be incorporated into the spacer polymer itself – but let’s assume for now it’s just a drop-in sheet, which is easy to execute and likely effective). This would have the effect of making one of the cathode/anode pairs inactive, reducing the battery capacity, but only by a small amount: only one layer out of at least 10 layers is affected, thus reducing capacity by 10% or less. This may be well within the manufacturing tolerance of an inexpensive battery pack; alternatively, the cell could have an extra layer added to it to compensate for the capacity loss, with a very minor increase in the pack height (0.2mm or so, about the thickness of a sheet of paper – within the “swelling tolerance” of a battery pack).

Why It Could Be Hard to Detect

Once folded into the core of the battery, it is sealed in an aluminum pouch. If the manufacturing process carefully isolates the folding line from the laminating line, and/or rinses the outside of the pouch with acetone to dissolve away any PETN residue prior to marking, no explosive residue can escape the pouch, thus defeating swabs that look for chemical residue. It may also well evade methods such as X-Ray fluorescence (because the elements that compose the battery, separator and PETN are too similar and too light to be detected), and through-case methods like SORS (Spatially Offset Raman Spectroscopy) would likely be defeated by the multi-layer copper laminate structure of the battery itself blocking light from probing the inner layers.

Thus, I would posit that a lithium battery constructed with a PETN layer inside is largely undetectable: no visual inspection can see it, and no surface analytical method can detect it. I don’t know off-hand of a low-cost, high-throughput X-ray method that could detect it. A high-end CT machine could pick out the PETN layer, but it’d cost around a million dollars for one machine and scan times are around a half hour – not practical for i.e. airport security or high throughput customs screening. Electrical tests of capacity and impedance through electromechanical impedance spectroscopy (EIS) may struggle to differentiate a tampered battery from good batteries, especially if the battery was specifically engineered to fool such tests. An ultrasound test might be able to detect an extra layer, but it would require the battery to placed in intimate contact with an ultrasound scanner for screening. I also think that that PETN could be incorporated into the spacer polymer film itself, which would defeat even CT scanners (but may leave a detectable EIS fingerprint). Then again, this is just what I’m coming up with stream-of-consciousness: presumably an adversary with a staff of engineers and months of time could figure out numerous methods more clever than what I came up with shooting from the hip.

Detonating the PETN is a bit more tricky; without a detonator, PETN may conflagrate (burn fast), instead of detonating (and creating the much more damaging shock wave). However, the Wikipedia page notes that an electric spark with an energy in the range of 10-60 mJ is sufficient to initiate detonation.

Based on an available descriptions of the devices “getting hot” prior to detonation, one might suppose that detonation is initiated by a trigger-circuit shorting out the battery pack, causing the internal polymer spacers to melt, and eventually the cathode/anode pairs coming into contact, creating a spark. Such a spark may furthermore be guaranteed across the PETN sheet by introducing a small defect – such as a slight dimple – in the surrounding cathode/anode layers. Once the pack gets to the melting point of the spacers, the dimpled region is likely to connect, leading to a spark that then detonates the PETN layer sandwiched in between the cathode and anode layers.

But where do you hide this trigger-circuit?

It turns out that almost every lithium polymer pack has a small circuit board embedded in it called the PCM or “protection circuit module”. It contains a microcontroller, often in a “TSSOP-8” package, and at least one or more large transistors capable of handling the current capacity of the battery.

I’ve noted where the protection circuit is on my custom battery pack with a blue arrow. No electronics are visible because the circuit is folded over to protect the electronics from damage.

And above is a selection of three pouch cells that happen to have readily visible protection circuitry. The PCM is the thin green circuit board on the right hand side, covered in protective yellow tape. One take-away from this image is the diversity inherent in PCM modules: in fact, vendors may switch out PCM modules for functionally equivalent ones depending on component availability constraints.


Normally, the protection circuit has a simple job: sample the current flow and voltage of the pack, and if these go outside of a pre-defined range, turn off the flow of current.

Above: Example of a protection circuit inside a pouch battery. U1 is the controller IC, while U2 and U3 are two separate transistors employed to block current flow in both directions. One of these transistors can be repurposed to short across the battery while still leaving one transistor for protection use (able to block current flow in one direction). Thus the cell is still partially protected despite having a trigger circuit, defeating attempts to detect a modified circuit by simply counting the number of components on the circuit board, or by doing a simple short-circuit or overvoltage test.

A small re-wiring of traces on the protection circuit board gives you a circuit that instead of protecting the battery from out-of range conditions, turns it into a detonator for the PETN layer. One of the transistors that is normally used to cut the flow of electricity is instead wired across the terminals of the battery, allowing for a selective short circuit that can lead to the melting of the spacer layers, ultimately leading to a spark between the dimpled anode/cathode layers and thus detonation of the PETN.

The trigger itself may come via a “third wire” that is typically present on battery packs: the NTC temperature sensor. Many packs contain a safety feature where a nominally 10k resistor is provided to ground that has a so-called “negative temperature coefficient”, i.e., a resistance that changes in a well-characterized fashion with respect to temperature. By measuring the resistance, an external controller can detect if the pack is overheating, and disconnect it to prevent further damage.

However, the NTC can also be used as a one-wire communication bus: the controller IC on the protection circuit can readily sample the voltage on the NTC wire. Normally, the NTC has some constant positive bias applied to it; but if the NTC is connected to ground in a unique pattern, that can serve as a coded trigger to detonate.

The entirety of such a circuit could conceivably be implemented using an off-the-shelf microcontroller, such as the Microchip/Atmel Attiny 85/V, a TSSOP-8 device that would look perfectly at-home on a battery protection PCB, yet contains an on-board oscillator and sufficient code space such that it could decode a trigger pattern.

If the battery charger is integrated into the main MCU – which it often is in highly cost-reduced products such as pagers and walkie-talkies – the trigger sequence can be delivered to the battery with no detectable modification to the target device. Every circuit trace and component would be where it’s supposed to be, and the MCU would be an authentic, stock MCU.

The only difference is in the code: in addition to mapping a GPIO to an analog input to sample the NTC, the firmware would be modified to convert the GPIO into an output at “trigger time” which would pull the NTC to ground in the correct sequence to trigger the battery to explode. Note that this kind of flexibility of pin function is quite typical for modern microcontrollers.

Technical Summary

Thus, one could conceivably create a supply chain attack to put exploding batteries into everyday devices that is undetectable: the main control board is entirely unmodified; only a firmware change is needed to incorporate the trigger. It would pass every visual and electrical inspection.

The only component that has to be swapped out is the lithium pouch battery, which itself can be constructed for an investment as small as $15,000 in equipment (of course you’d need a specialist to operate the equipment, but pouch cells are ubiquitous enough that it would not be surprising to find a line at any university doing green-energy research). The lithium pouch cell itself can be constructed with an explosive layer that I hypothesize would be undetectable to most common analytical methods, and the detonator trigger can be constructed so that it is visually and mostly electrically indistinguishable from the protection circuit module that would be included on a stock lithium pouch battery, using only common, off-the-shelf components. Of course, if the adversary has the budget to make a custom chip, they could make the entire protection circuit perfectly indistinguishable to most forms of non-destructive inspection.

How To Attack a Supply Chain

Insofar as how one can get such cells and firmware updates into the supply chain – see any of my prior talks about the vulnerability of hardware supply chains to attack. For example: this talk which I gave in Israel in 2019 at the BlueHat event, outlining the numerous attack surfaces and porosity of modern hardware supply chains.

Above is a cartoon sketch of a supply chain. Getting fake components into the supply chain is easier than you might think. As a manufacturer of hardware, I have to deal with fake components all the time. This is especially true for batteries – most popular consumer electronic devices already have a healthy gray market for replacement batteries. These are batteries that look the same as OEM batteries and fetch an OEM price, but are made with sub-par components.

Aside from taking advantage of gray and secondary markets, there are multiple opportunities along the route from the factory to you to tamper with goods – from the customs inspector, to the courier.

But you don’t even have to go so far as offering anyone a bribe or being a state-level agency to get tampered batteries into a supply chain. Anyone can buy a bunch of items from Amazon, swap out the batteries, restore the packaging and seals, and return the goods to the warehouse (and yes, there is already a whole industry devoted to copying packaging and security seals for the purpose of warranty fraud). The perpetrator will be long-gone by the time the device is resold. Depending on the objective of the campaign, no further targeting may be necessary – just reports of dozens of devices simultaneously detonating in your home town may be sufficient to achieve a nefarious objective.

Note that such a “reverse-logistics injection attack” works even if you on-shore all your factories, and tariff the hell out of everyone else. Any “tourist” with a suitcase is all it takes.

Pandora’s Box is Open

Not all things that could exist should exist, and some ideas are better left unimplemented. Technology alone has no ethics: the difference between a patch and an exploit is the method in which a technology is disclosed. Exploding batteries have probably been conceived of and tested by spy agencies around the world, but never deployed en masse because while it may achieve a tactical win, it is too easy for weaker adversaries to copy the idea and justify its re-deployment in an asymmetric and devastating retaliation.

However, now that I’ve seen it executed, I am left with the terrifying realization that not only is it feasible, it’s relatively easy for any modestly-funded entity to implement. Not just our allies can do this – a wide cast of adversaries have this capability in their reach, from nation-states to cartels and gangs, to shady copycat battery factories just looking for a big payday (if chemical suppliers can moonlight in illicit drugs, what stops battery factories from dealing in bespoke munitions?). Bottom line is: we should approach the public policy debate around this assuming that someday, we could be victims of exploding batteries, too. Turning everyday objects into fragmentation grenades should be a crime, as it blurs the line between civilian and military technologies.

I fear that if we do not universally and swiftly condemn the practice of turning everyday gadgets into bombs, we risk legitimizing a military technology that can literally bring the front line of every conflict into your pocket, purse or home.

Read the whole story
Share this story
Delete
1 public comment
ScottInPDX
39 days ago
reply
"I fear that if we do not universally and swiftly condemn the practice of turning everyday gadgets into bombs, we risk legitimizing a military technology that can literally bring the front line of every conflict into your pocket, purse or home."

That's the last line, and spent the rest of the article explaining exactly how to do this. I'm already dreading when this happens again.
Portland, Oregon, USA, Earth

Republicans: Stop calling us Nazis!

1 Share

saywhat-politics:

Republicans: Stop calling us Nazis!


Donald Trump: Let’s give immigrants serial numbers.

Read the whole story
Share this story
Delete
Next Page of Stories