Explosion in Beirut

This is the best video I’ve found of the explosion in Beirut, Lebanon yesterday. It shows the explosion from 4 different vantage points. The second version points out why you shouldn’t stand in front of a glass window if you witness an explosion. You will see the flash before the shock-wave hits. All that glass just might be turned into shrapnel. The 3rd and 4th seem to show the fireworks going off. And the 4th is a good explanation for why you should not stick around to take that interesting video.

Popular Mechanics tries to stem the rumor of an atomic explosion. The people taking the video, and the cameras, would not have survived. Massive Beirut Explosion Shows Mushroom Clouds Aren’t Just for Nukes

This phenomenon is called the Rayleigh-Taylor instability, which describes the interaction between two materials (fluids or gasses) of different densities when they’re forced together.

Can’t Challenge the Narrative

Because Big Tech wants you to believe what you are told to believe. YouTube Throws In the Towel.

Reasoned and fact-based discussions? We can’t have that! The 21st Century is ALL about Feelings.

YouTube deleted a video that dared to challenge some things said by the Left. Eventually the relented, but did put it behind a “prove your age” barrier.

What remains unexplained, of course, is why our video was banned in the first place. YouTube told us the American Experiment/Mac Donald video was “flagged for review.” As I noted here, “flagged” is a weasel word. Was Heather’s presentation “flagged” by a computer algorithm? If so, based on what? Was it “flagged” by a YouTube employee? If so, why, and based on what internal YouTube guidelines? Was it “flagged” by a goofball leftist? If so, on what basis, and why did YouTube immediately respond to such “flagging” by deleting the video?

Click thru for the video. It is 40 minutes, and it talks about crime statistics, so not exactly exciting, but it contradicts the Left, and it is still on YouTube. Something of a victory.

A 100-year-old Bit of Infrastructure Burns

From earlier this week… Freight bridges are usually very well maintained, but things do go wrong. UP Train Derails, Catches Fire on Bridge: Report.

The stories of the incident are not too enlightening, but if you click thru, the images that accompany this story are pretty amazing.

“At around 6:15 a.m. PT, July 29, a Union Pacific mixed freight train derailed on a bridge in Tempe, Ariz.,” UP said in a statement to Railway Age. “Eight to 10 railcars were on fire. The south side of the bridge collapsed and railcars fell into an empty park below. The bridge received its annual inspection July 9, 2020. The Phoenix Fire Department is on the scene. One person was treated for smoke inhalation. The train crew is uninjured. Three tank cars were on the ground under the bridge. Two contained cyclohexanone; one contained a rubber material. None are reported leaking, and no tank cars were involved in the fire. The cause of the derailment is under investigation.”

While it is a steel-truss bridge on concrete piers, it seems that there must have been some timber in the railroad’s construction for the fire to burn the way it did.

UPDATE: A section of the damaged bridge was taken down with explosive demolition. Portion of Tempe Town Lake bridge damaged in train derailment detonated.

Crews on Sunday detonated a 150-foot portion of a bridge over Tempe Town Lake, which was damaged in a train derailment last week.

You can’t expect reporters to get the words right; not when they have to do with anything technical. But the video is worth clicking thru. It’s explosive demolition!

UPDATE: It seems one of the tankers did leak. What is cyclohexanone? The chemical that leaked during the Tempe train derailment and injured 2.

Five hundred gallons of Cyclohexanone leaked before they could turn the tanker upright and contain the spill.

Cyclohexanone is frequently used in the production of nylon and is highly flammable. The chemical’s flashpoint is just 111 degrees, meaning the vapors will ignite if given a spark or open flame at that temperature.

The flashpoint is a point of concern for Glass as temperatures in Phoenix reached a scorching 118 degrees on Thursday.

It is apparently also a skin irritant, and can be an issue if the fumes are inhaled.

The 2 minute video at that last link isn’t annoying.

Which Is Why No One Should Be Using Google

I try to avoid using Google as a search engine. Matt Gaetz: Google Using ‘Market Dominance’ in Search to Engage in ‘Election Interference’.

It stopped answering the question I asked, started answering the question they were sure I meant to ask, and then instead of answering either question honestly, they started to give the information they thought I needed to know. Yeah, no thanks.

Rep. Matt Gaetz (R-FL) said during a House Judiciary Committee hearing on Wednesday on big tech and antitrust that Google is using its “market dominance” in search to engage in “election interference,” such as censoring Breitbart News and other conservative outlets.

Now I don’t usually read or link to Breitbart, but in this case they get it right.

I usually use the DuckDuckGo.com search engine, but even Bing can be more impartial than Google.

The Norsk Hydro Ransomware Attack

A review of the 2019 ransomware attack on Norsk Hydro, for the geeks in the audience. How to Survive a Ransomware Attack Without Paying the Ransom.

For those who don’t follow these things… It has been called, “The worst cyberattack in Norway’s history.”

At around midnight Oslo time on March 19, 2019, computers owned by Norsk Hydro ASA, a large aluminum manufacturer, started encrypting files and going offline en masse. It took two hours before a worker at its operations center in Hungary realized what was happening. He followed a scripted security procedure and took the company’s entire network offline—including its website, email system, payroll, and everything else. By then, a lot of damage was already done. Five hundred of Hydro’s servers and 2,700 of its PCs had been rendered useless, and a ransom note was flashing on employees’ computer screens.

Norsk Hydro didn’t pay the ransom for all the reasons that you can imagine. Lack of guarantees. Making Norsk Hydro an attractive target for other attacks. Feeding the evil beast.

It ended up costing the company 60 million US dollars. Insurance paid 3.6 million. Oh, and they had a reasonable amount of security in place before all this started. They weren’t ignoring stuff and hoping for the best. Here’s the moral of the story…

Even when you do everything you can to protect yourself from a cyberattack, a determined adversary will almost always be able to wreak havoc. In other words, it’s less a question of how to stop hackers from breaking in than how to best survive the inevitable damage.

The description of how things worked at an aluminum plant in Cressona, Pennsylvania is pretty fascinating. How people adapted to every computer at work being shut off.

Security Cameras Do Not Make You Safe

Is this really something that needs to be said? Apparently. WATCH: Security camera captures couple shot at by car burglars.

Violent criminals don’t stop being violent criminals because you are shouting about your security cameras.

So some people were trying to break into his car or cars.

Surveillance cameras around his home detected motion, so he investigated.

He was unarmed; they were armed. Can you guess what happened next?

The homeowner was grazed by a bullet on the shoulder but refused medical attention.

The suspects have not been detained or identified at this time.

He is lucky he didn’t get shot in the head for his trouble.

Okay, I often go on about how you can wait a really long time for a response to a 911 call, and you need to be prepared to take action yourself, but that is in cases where your life is in danger. When property is in danger of being stolen, just call 911 and wait. What did going outside accomplish for this guy? He almost got killed, and he now has bullet damage to the brickwork at the front entrance to his home.

Yes you need to be prepared. And yes being prepared doesn’t mean you should act recklessly. Property theft is one of the many reasons you have insurance.

Can’t Be Bothered to Secure Your Data…

Then you just might lose it. Ongoing Meow attack has nuked >1,000 databases without telling anyone why.

Note: The photo has nothing to do with the attack; I just love that image. (“I find your lack of password security disturbing.”)

More than 1,000 unsecured databases so far have been permanently deleted in an ongoing attack that leaves the word “meow” as its only calling card, according to Internet searches over the past day.

Hey if you can’t be bothered to use a password, it must not be important. It isn’t clear to me whether or not data has been stolen. But again, it doesn’t seem to be important, though the original data was stolen, and then it was deleted.

The attack first came to the attention of researcher Bob Diachenko on Tuesday, when he discovered a database that stored user details of the UFO VPN had been destroyed. UFO VPN had already been in the news that day because the world-readable database exposed a wealth of sensitive user information

A whole bunch of stuff, included plaintext passwords and usage logs, that UFO VPN “promised” not to keep, was stolen, and then the database was deleted by Meow.. (The moral of that story is, “NEVER use a free VPN.”)

Loschwitz Bridge – The Blue Wonder in Dresden

Loschwitz Bridge, Dresden, Saxony, GermanyIt’s a miracle the bridge survived. Wartime Bridge: Loschwitz Bridge (Blue Miracle/ Blaue Wunder) in Dresden.

Built from 1891 to 1893, that this bridge survived is a wonder. The Blue Wonder survived the repeated bombing of Dresden Germany during WWII, including the Fire Bombing of Dresden between 13 and 15 February 1945. The SS had wired it to explode, to cut off Allied Forces, but someone cut the wires to the explosives, so it survived the end of the war, with only minor damage from all the air-raids. It then survived a campaign by the East German government to tear it down and replace it with something modern.

The image above is from WikiMedia Commons. Click for a larger view, and more information, including attribution, and links to more images.

The bridge is an iron, cantilever truss bridge. It has a total length of just over 270 meters with a longest span of 146.68 meters. Actually the name, Blue Wonder, dates to when the bridge was new, and commentators of the day didn’t expect it to survive. A span of 146 meters was something of a miracle in 1891. In German, ein blaues Wunder erleben, is an idiom that means “an unpleasant surprise.” They really did not expect it to survive.

Due to its age, there are some traffic limitations on the Loschwitz Bridge, and since it was the only Elbe crossing in that part of Dresden, this was a bit a of a problem, and there was the usual increase in city congestion as well, so Dresden built a new bridge a few miles away, The Waldschlösschen Bridge (Waldschlößchenbrücke in German). There were plans to build a bridge at that location since the mid 1990s, but the good folks at the UN’s UNESCO decided that ANY changes were bad, and once construction on the new bridge began, UNESCO revoked the Dresden area’s Wold Heritage Site status. You can find an image of the new bridge at this link. As modern, arch bridges go, it isn’t bad. It isn’t a great or beautiful bridge, but it is low-key and functional. UNESCO says we can’t have functional!

I haven’t been able to find a video of the Loschwitz Bridge that I really like, but the video linked here is a short, two minute video, of a drone flight over the bridge. It shows some of the structure of the bridge, the Elbe River, and the surrounding area. There is a lot of travelogue video on The Blue Wonder, it is a tourist destination after all, but I can’t find much on the technical aspects of the bridge.

Banning Conservatives Is More Fun than Dealing with Crooks

Or so the behavior of Google/YouTube seems to indicate. Apple cofounder Steve Wozniak is suing YouTube after grifters used his likeness to promote extensive bitcoin scams.

The scam uses images and video of Wozniak to convince users to send bitcoin in order to receive twice as much back as part of a bitcoin giveaway, according to the lawsuit. YouTube has been hosting such videos for months and defrauded YouTube users our of millions of dollars, the lawsuit claims.

Funny how things work, isn’t it…

Another Tesla Autopilot Crash

And another crash involving a police car on the side of the road. Can Auto-Pilot Safety Be Improved?

Earlier Tuesday morning, there was another Tesla accident that was reported. The driver of the Tesla was said to be on autopilot and reportedly crashed into an Arizona Department of Public Safety police vehicle. [SNIP]

The patrol was already on the far left side of the road assisting with an earlier crash, and that is when the Tesla was said to have failed to slow down and move over, causing the crash to happen.

And it doesn’t end there…

The National Highway Safety Traffic Administration went as far as wanting a recall on the Tesla vehicle until the car is safe enough to drive and preventative cars from crashing due to it’s high-tech driver mode.

For some reason, there are not any stories in the regular media about this crash, but lots of stories about the soaring stock price.

Once Is Happenstance, Twice is Coincidence…

Three times is Enemy Action. In this case there were more than 3 times that something bad was done. Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data.

So there is a problem with Chinese-manufactured, Internet hardware being set up to spy on users. Color me shocked.

The researchers found seven problems with the firmware from C-Data. Each a major problem in its own right.

The vulnerabilities are as bad as it gets, but by far, the worst and most disturbing of the seven is the presence of Telnet backdoor accounts hardcoded in the firmware.

The accounts allow attackers to connect to the device via a Telnet server running on the device’s WAN (internet-side) interface. Kim and Torres said the accounts granted intruders full administrator [Command Line Interface] access.

And once in, they could retrieve the passwords of other Administration accounts on the machine, and do a host of other things.

This was not “responsibly disclosed” because the researchers don’t believe these are bugs. These are backdoors deliberately installed in the Fiber To The Home (FTTH) Optical Line Termination (OLT) devices. If your ISP offers “fiber service,” but your house is wired with copper, then there is a device like this somewhere nearby, not necessarily from C-Data, though they were a cheap solution. They also sold a lot of equipment to resellers, so it is hard to say how many of these things there are. Shodan probably knows.

One of the reasons that an organization would have purchased these things is because of cost. I understand cost-accounting as much as anyone in Information Technology and probably more than most, but there are times and places to cut costs and stuff that impacts the security of your entire network probably is not a good candidate.

Lake Delhi Dam Breach – July 2010

Why don’t people maintain infrastructure? If it is infrastructure that is nearly 100 years old, you can bet that it needs maintenance. While there were problems with the design, maintenance was definitely an issue. Lake Delhi Dam (Iowa, 2010). That is from Dam Failures, a project of the Association of State Dam Safety Officials.

Later in the week we have an anniversary of a dam failure.

Built in the 1920s for hydroelectric power, the Delhi Dam was 60 feet long, not including the powerhouse and the spillway, and 59 feet high.

The dam, which had maintained successful operations for over 90 years prior to the failure, was inspected by an Iowa Department of Natural Resources dam safety representative every five years. During the 2009 inspection, repairs to one of the three spillway gates, which was inoperable at the time, were advised. The Lake Delhi Recreation Association (LDRA), which owned and operated the dam, agreed to complete the repairs by the end of the calendar year.

That is they were to have been completed by the end of 2009. They had been started in 2010, but were not complete.

You should not have to be told to repair the spillway gate on dam if it doesn’t work. As for the design, the total available spillway volume was not sufficient to drain the reservoir, and with about 1/3 of the spillway not available, due to the non-functioning gate, disaster only required a massive storm.

Record rainfall and flooding impacted the state of Iowa during July of 2010. As a result, the area draining to Lake Delhi Dam received approximately 10 inches of rain over the course of 12 hours. This caused overtopping of the dam and its eventual failure on July 24, 2010.

The hazardous nature of the dam was never ironed out in the 90 some odd years it stood, so there was no disaster plan in place. Still, loss of life was averted. Here’s a link to a photo taken during the breach from one side of the dam.

The complete report on the incident can be found at this link. It includes a lot of info, including the image linked above and several more. And one disturbing note on inspections.

Dam inspectors performing inspections for the DNR and consulting engineering firms performing dam safety evaluations should have strong backgrounds in dam engineering and potential failure modes analysis. There were design weaknesses at Delhi Dam that an experienced dam engineer should have recognized, which likely would have led to additional investigations.

That people doing dam inspections don’t have “strong backgrounds in dam engineering” is a problem, to my way of thinking. So who is inspecting the dams? The governor’s second cousin?

If you look through my posts tagged with “Infrastructure,” the dam failures are almost always about maintenance problems, even when the inspection reports gave the dams in question a clean bill of health. “The dam has been fine for 90 years! What could go wrong?”

After the break there is video of the remains of the dam from one day after the breach, while the lake is still draining. There are quite a few videos at the link at the top of this post. Click thru, and look for the “Videos” tab.

The dam was reconstructed and the lake “reopened” in 2016.

Continue reading

75 Years of the Nuclear Age

The GadgetJuly 16, 1945. 5:29 AM Mountain Time, near Alamogordo, New Mexico.

The Gadget was detonated – the 1st nuclear explosion – by the Manhattan Project. It was a plutonium implosion device.

At 05:29:21 (July 16, 1945) local time, the device exploded. It left a crater of radioactive glass in the desert 10 feet (3.0 m) deep and 1,100 feet (340 m) wide. At the time of detonation, the surrounding mountains were illuminated brighter than daytime for one to two seconds, and the heat was reported as being as hot as an oven at the base camp. The observed colors of the illumination ranged from purple to green and eventually to white. The roar of the shock wave took 40 seconds to reach the observers. The shock wave was felt over 100 miles (160 km) away, and the mushroom cloud reached 7.5 miles (12.1 km) in height. After the initial euphoria of witnessing the explosion had passed, test director Kenneth Bainbridge commented to Los Alamos director J. Robert Oppenheimer, Now we are all sons of bitches. Oppenheimer later stated that, while watching the test, he was reminded of a line from the Bhagavad Gita, a Hindu scripture: Now I am become Death, the destroyer of worlds.

(The Gadget was similar to Fat Man, which was dropped on Nagasaki on the 9th August that year. Little Boy, which was dropped on Hiroshima on August 6th, was a uranium gun-trigger.)

Video of the blast is all over YouTube. Here is a short one.

The best documentary I have seen on The Manhattan Project is The Day After Trinity. It is currently available on YouTube; how long that will be the case is anyone’s guess. When it was filmed, several of the scientists from The Manhattan Project were still alive for interviews.

It was later determined to be an 18-to-20 kiloton explosion. (The equivalent of 18,000 tons of TNT or more) Relatively small by modern standards. Thermonuclear – or hydrogen – bombs are measured in megatons. (The largest -Tsar Bomba of the USSR – measured 50 megatons)

Not-so-happy Patch Tuesday

Somewhere an someone is saying, “We don’t need to patch…” Maybe it’s an executive. Maybe it’s an old IT guy who says, “We’ve always done it this way.” Where “this way” means applying patches a few times per year. Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical!.

Today is Microsoft’s July 2020 Patch Tuesday, and if you see Windows administrators cursing for no reason, now you know why!

There are several reasons for all the cursing…

So, there’s a wormable vulnerability in Microsoft Server, remote code execution problems in both Edge and the VBScript engine, an Elevation of Privilege vulnerability, a few problems that could enhance Phishing attacks, and more.

And for the wormable vulnerability in Microsoft Server, known as SigRed, there is already example code available that makes use of the vulnerability. Does anyone remember WannaCry? This Is A Big Deal. SigRed: A 17-year-old ‘wormable’ vulnerability for hijacking Microsoft Windows Server.

Dubbed “SigRed,” the cybersecurity team says the vulnerability is of particular importance to the enterprise as it is wormable — or self-propagating — and as such, is able to jump across vulnerable machines without any user interaction, potentially compromising an entire organization’s network of PCs in the process.

Data Stealing. Ransomware. Once a bad-guy is inside a corporate network with “arbitrary code execution,” they can do anything they want.

Illinois Waterway Infrastructure

Starved Rock Lock and Dam, Illinois WaterayLocks and dams are a part of our infrastructure that usually only make the news when they fail, but they can serve important functions.

The Illinois Waterway is a series of canals, dams and locks that make it possible for boat traffic (mostly barges and some recreational) to travel from Chicago and Lake Michigan to the Mississippi River.

The image above is of the Starved Rock Lock and Dam on the Illinois Waterway, near Starved Rock State Park, just southeast of Utica, Illinois. Click the image for a larger view. It is fairly typical of the locks on this waterway. The photo shows a towboat with 13 barges on tow entering the lock. Even though they are virtually all pusher-style boats, they are still called towboats.

It is good to see some maintenance being performed to this infrastructure. Illinois Waterway Lock Closures Begin.

The long-planned closure of six Illinois River locks and dams began July 1, with the full closure of LaGrange Lock and Dam and Starved Rock Lock and Dam to extend through September 30. They were followed by the full closures of Peoria Lock and Dam and Marseilles Lock and Dam July 6, to extend through October 29.

The other 2 dams won’t be closed entirely, not that it will make much difference overall to shipping.

Dresden Island Lock and Dam in Morris, Ill., and Brandon Road Lock and Dam in Joliet, Ill., are anticipated to be only partly closed, allowing for traffic to pass at night.

The work being done there is to prepare for more advanced work to be done in 2023.

The Starved Rock Lock and Dam is fairly typical of dams on this waterway. It was built in 1933. It is what’s known as a Panamax lock, the same size originally built in the Panama Canal. The lock is 600 feet long by 110 feet wide. That isn’t large enough to handle the typical 15-barge tow, plus towboat, so tows have to be broken up and passed thru the lock in turns. That lock raises or lowers boats by 19 Feet.

This work and the necessary closing of the waterway has been planned for a couple of years, and as mentioned above some of the work being done this year is just to get ready for more extensive work planned for 2023. It is a problem because the work will continue through harvest, and grains are one of the primary things carried by barge. It is so much more efficient to transport by water than to go by rail or truck, as long as you want to go where the river takes you. Comparison of Cargo Capacity Between Trucks, Trains and Barges

A standard-size barge operating on the Mississippi River has a cargo capacity of 1,500 tons, or 52,500 bushels, which works out to a colossal 3 million pounds. … Barges are normally tied together into 15 barge “tows.”

That 15 barge tow is roughly 225 jumbo-hopper rail cars, or a fleet of 870 53-foot dry vans. And the fuel required is much less, considering, though the speed is also less.

So we are taking care of our infrastructure, or at least some of it.

Malahide Viaduct Collapse

The Malahide Viaduct, also known as the Broadmeadow Viaduct for the estuary in Ireland that it crosses, is owned by Iarnród Éireann (Irish Rail). How do organizations forget stuff that they knew for 150 years? It seems to happen more than it should. Malahide Viaduct (2009)

On August 21st of 2009 as an Iarnród Éireann passenger/commuter train passed over the Malahide Viaduct, the train’s engineer witnessed a section of the bridge collapse. He was able to have the dispatch center stop all traffic across the bridge, so that there were no injuries. Pier 4 was washed away, and 2 sections of the bridge collapsed.

First some history.

An 11 span timber viaduct was first built here in 1843, for the Dublin and Drogheda Railway and a problem with settlement, noticed soon after construction, was solved by depositing huge quantities of stone around the timber support piers, thereby creating a type of weir. Erosion remained a problem, despite continuous efforts to combat it and in 1860 a new bridge opened with masonry piers supporting wrought iron spans. By 1968, 12 spans of prestressed concrete had replaced the much deteriorated, Victorian iron across the 176 metres of the viaduct. The stone weir remained vital to the stability of the overall structure.

While the stone weir remained vital to the structure, that knowledge was lost, because we don’t need to manage infrastructure, the bridge is obviously fine, or so everyone thought right up until it collapsed.

Ongoing maintenance of the weir had been a thing until 1996. The Malahide Viaduct Collapse. (There is a great image of the viaduct post-collapse at the top of that article. Click thru.)

In 1846, two years after construction, a stone weir – which can be thought of as an underwater wall – was built. This weir did two things: it reduced the volume of water flowing in and out of the estuary; and it directly protected the sediment at the base of the piles – the scour forces would first need to dig away this rock protection before they could begin to compromise the structure. But this wasn’t enough – the rock protection was eroding. So to keep this rock wall in place, stones had to be continually discharged along the weir to replace those that were lost.

Then in 1860 the timber piles were replaced with masonry piers supported directly on top of the stone weir, and the remainder of the timber structure was replaced with wrought iron beams, which decades later were replaced with the post-tensioned concrete beams that were in place at the time of the failure.

And throughout all this work, management of the scour risk continued. For example, in 1922, a total of 5,200 tonne of stone was discharged along the viaduct, and in 1967-68 grout was injected into the stone weir to help hold it together. Then further stone discharges occurred in 1976 and 1996.

As that article notes, there was 150 years of knowledge of the impact of erosion. How do you lose track of that? Because after 1996 there was no maintenance of weir, despite the fact that a 1997 report called out scouring at the base of pier 4. The report by the Railway Accident Investigation Unit of the European Union is quite long, and I haven’t read all of it. It does address the loss of that knowledge. August 2010 Malahide Viaduct Collapse on the Dublin to Belfast Line, on the 21st August 2009.

There was a loss of corporate memory when former Iarnród Éireann staff left the Division, which resulted in valuable information in the relation to the historic scouring and maintenance not being available to the staff in place at the time of the accident.

And there was no system in place for capturing – even with pen and paper – the issues relating to infrastructure. Which precipitated…

The historic maintenance regime for the discharge of stones along the Malahide Viaduct appears to have ceased in 1996, resulting in the deterioration of the weir which was protecting the structure against scouring.

The next item of note is that the Malahide Viaduct was inspected 3 days before it collapsed. It was in “fair” shape according to the report.

An inspection carried out on the Malahide Viaduct three days before the accident did not identify the scouring defects visible at the time;

How could this be? The people doing the inspections had really no way to detect scour, and they were not trained to do so anyway.

There are other issues. A derelict barge was left stranded on the side of the viaduct for a VERY long time, and probably contributed to erosion. Because maintenance is not important.

The company confirmed the viaduct was inspected twice last week, and that it stood over those inspections. A full bridge inspection was also carried out in October 2007, with the next scheduled inspection for October.

Several people called about erosion. The bridge was “inspected” and deemed safe. We’ve seen that again and again in failing infrastructure, a “good” rating on an inspection right before failure.

The missing pier was replaced, the rest were reinforced, the track repaired and trains started traveling across the viaduct about 3 months after the collapse.

After this viaduct collapsed, Iarnród Éireann ran around and inspected 100s of other viaducts.

Here’s a video that covers various hydraulic effects due to stuff we build in the water. I have it cued up to a section on bridge piers and scouring. The relevant bit is about 1 minute long.

The Security Nightmare of the Decade

So I’ve been trying to write a post on Ripple20. Quite unsuccessfully I might add. To explain what it is I need to immediately start talking about things like implementations of the TCP/IP communications stack. Or I can forget the tech details and just write about the implications. Neither is appealing.

And I don’t know that I can write about the implications without sounding like the sky is falling. Maybe it is. Maybe it has mostly fallen.

When the Cybersecurity & Infrastructure Security Agency (which was apparently named by the Department of Redundancy Department at DHS) says things are bad with medical devices, well things are not good. Ripple20 vulnerabilities affect IoT devices across all industries.

More than a dozen vulnerabilities, collectively named Ripple20, affecting the TCP/IP communication stack used in hundreds of millions of embedded devices paint a grim scenario for connected gadgets.

Some of the flaws are critical and can be exploited to gain remote control of all vulnerable devices on the network. They impact such a wide spectrum of products from so many vendors that it is easier to count those that are not affected.

Some of the stacks will be implemented in such a way as updating/replacing them will simply not be possible. Most will not be updated because of vendor and end-user apathy. I’m sure most reputable vendors, for things like medical equipment, will provide updates eventually. But medical equipment needs to be vetted by the FDA, and that won’t happen tomorrow.

So here’s some info on the problem as of the 24th. List of Ripple20 vulnerability advisories, patches, and updates.

If you have IoT devices in your home, and they are not keeping you alive, you might want to get rid of them, unless you can verify that they are not impacted. Good luck with that, because some of the vendors have gone out of business. The TCP/IP stack code, written in C is over 20 years old. (Do you know which TCP/IP stack implementation is in your color-changing light-bulbs that are so fun to change with your smartphone?) If you have stuff that is important, put it on a segmented network, and try to see what the vendor has to say.

Taum Sauk Dam Failure

This may be a case of “New Technology is not necessarily better than old technology.” Taum Sauk Dam (Missouri, 2005).

And then there is systems design. But we’ll get to that.

The plant consisted of an Upper Reservoir situated atop Proffit Mountain contained by a kidney-shaped rockfill dike, a Lower Reservoir and Powerhouse impounded by a concrete gravity dam, and a 7,000-foot-long concrete and steel-lined tunnel that connected the two.

Built in the 1960s it took off-peak power and pumped water to the upper reservoir, and then used that water to generate hydroelectric power during peak hours. When it was built there were 2 “float” type shutoffs to keep the pumps from overfilling the reservoir, as primary and backup. For some reason I have a vision of a giant toilet-tank fill valve. But when the reservoir was maintained in 2004, that system – which had worked since the 1960s – wasn’t high-tech enough and so it was replaced with 2 pressure traducers which would sense when the water level was too high. In theory.

On Sunday, September 25, 2005 an engineering tour of the site discovered water flowing over the reservoir. The transducers had broken free. When they were replaced they were not calibrated for the new position. And new “fail-safe” probes were added. It wasn’t enough, and the dam failed on December 14th.

On December 14, 2005, the Upper Reservoir of the Taum Sauk Pump Storage Plant failed by overtopping during the final minutes of one of its pumping cycles. As a result, the reservoir’s 4,300 acre-feet volume of stored water was released from a 656-foot-wide breach in 25 minutes, traveling down Proffit Mountain toward the Black River with a peak discharge of 273,000 cfs. Before it reached the river and flowed into the Lower Reservoir where it was entirely contained, the flood destroyed 281 acres of Johnson’s Shut-Ins State Park and ripped the superintendent’s home from its base.

No life was lost, but about $1 billion in damage was done.

Here is how Public Radio remembered the event, in 2015. Ten-year anniversary of reservoir breach that flooded Johnson’s Shut-ins state park.

The wall of water followed the Black River and swept through Johnson’s Shut-ins State Park, depositing tons of rock, boulders and sediment along the way. It also damaged the park’s lone residence, which housed park superintendent Jerry Toops, his wife, and their three children. They, too, were swept away, but all survived with only minor injuries.

You should click thru for the images; there are only 3, but worth a look. An aerial view of the devastation down the side of the mountain. The residence of the Park Superintendent after the flood. A photo of a boulder carried 1.5 miles by 1.3 billion gallons of water. I wish they had more info on the boulder; it looks to be a cube of rock about 5 feet on a side, more or less.

As for the systems design… (from the link at top.)

The “fail safe” Warrick probes failed to report the critical high water level in the reservoir because the probes had been incorrectly set at a higher elevation than the low point on the parapet. This was further compounded by system programming that required both probes to trip the pumps off-line. There was no program in place to maintain calibration of the sensors against actual reservoir levels, and no program to evaluate the actual crest elevation around the reservoir rim with respect to shut down triggers within the system programming.

What could go wrong? They were using High Tech™ sensors! So much better than that antiquated system from the 60s. Which never failed to shut down the pumps.

Anyway the reservoir was reconstructed out of roller-compacted concrete, and the rebuilt power station was opened in 2010. Along the way the owner of the generator paid some hefty fines.

Distributed Denial of Secrets Hits Law Enforcement

DDoSecrets is an alternative to Wikileaks. ‘BlueLeaks’ Exposes Files from Hundreds of Police Departments.

The data is from Fusion Centers, and comprises nearly 270 Gigabytes.

KrebsOnSecurity obtained an internal June 20 analysis by the National Fusion Center Association (NFCA), which confirmed the validity of the leaked data. The NFCA alert noted that the dates of the files in the leak actually span nearly 24 years — from August 1996 through June 19, 2020 — and that the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files.

And as per usual in these cases, a single point of failure, shared among a large number of Fusion Centers. In this case a single service provider.

The data also includes some banking data, in the form a ACH transfer numbers.

What it probably doesn’t include is any data of interest to the Woke crowd about possible police misconduct. It might put some people’s lives in danger if they are cooperating, or have cooperated, with police on investigations.

Someday, people will take data security seriously. But today is not that day.

A SWATing That The Cops Should Have Stopped

Definitely cops behaving stupidly. Sarasota couple terrified by police during ‘swatting’ incident.

While the 22 officers were enroute to the call the dispatcher TOLD THEM it was a possible SWATing. But that is not enough to stop a SWAT team. (It has probably been weeks, in Sarasota, since they got to conduct a full-on night-time raid. Do you think they were going to give up that opportunity? Honestly, I’m surprised they didn’t start the festivities with a flash-bang grenade or two.

No one from the Sarasota Police Department was willing to discuss this case.

According to an incident report the agency provided, 22 officers responded to the call, which was originally dispatched as a shooting.

“While enroute to the call, dispatch advised that the subject had his daughter and wife tied up and was threatening to harm himself,” one officer wrote in his report. “It was further advised by dispatch that the call was a possible ‘Swatting’ attempt.[My Empahsis: Z-Deb]

So after they point guns, cuff the couple and search the house, and find nothing, the cops don’t even say “sorry.” Because they aren’t sorry; probably the most fun SWAT in Sarasota has had in a month.