[Plura-list] Homebrew dongles let hospitals fix ventilators; Teddy Ruxpin and the Haunted Mansion; Dataminr helped cops spy on protesters with Twitte

Cory Doctorow doctorow at craphound.com
Fri Jul 10 12:31:47 EDT 2020


Three quick reminders:

1. I'm speaking with Hank Green today at 1630h Pacific; it's a launch
for his new novel

2. EFF's 30th birthday livestream starts today at 15h Pacific; I'll be
on at 20h to play Quiplash with Danny O'Brien:

3. The new edition of Little Brother and Homeland with an intro by
Edward Snowden came out three days ago:


Today's links

* Homebrew dongles let hospitals fix ventilators: You forgot Poland.

* Teddy Ruxpin and the Haunted Mansion: Ken Forsse's miniature Sid and
Marty Krofft haunted house.

* Dataminr helped cops spy on protesters with Twitter: And then they
split the most idiotic hairs imaginable over it.

* Police militarization has a business-model: The unstoppable force of
excess rents and Beltway Bandits.

* How Finspy protects itself from security researchers: Despots'
malware, wrapped in spaghetti code and VMs.

* Clamshell currency: Pismo Beach's solution to the bank holiday of 1933.

* Macron demands national database of porn preferences: Comment dit
kompromat en Français?

* This day in history: 2010, 2015, 2019

* Colophon: Recent publications, upcoming appearances, current writing
projects, current reading


🌍 Homebrew dongles let hospitals fix ventilators

Medtronic's 20-year-old PB840 ventilators are workhorses, but the
company has used DRM to prevent repairs by third parties. Controlling
repair gives medtechs monopolist two benefits:

1. They can charge higher-than-market rates for repairs and extract
"certification fees"; and

2. They can declare some units irreparable, forcing customers to junk
and replace them.

The DRM Medtronic uses means that even if you swap a working monitor
from a ventilator with a broken breathing unit to a ventilator with a
broken monitor and a working breathing unit, the system will refuse to


To get the repaired system to work, the technician needs to provide an
unlock code that syncs the monitor and the breathing unit, and Medtronic
controls those codes - it's the same scam John Deere uses for tractor
repairs and Apple used for Iphone 10 digitizer repairs.

But a Polish hacker is offering an unlock-code-generation library that
appears to come from Medtronic itself: "The Polish hacker told
Motherboard that technicians will take a manufacturer’s repair class in
the United States, get the required software, then share it widely."

This library is given to independent repair technicians in the USA
embeded in handmade, homebrew dongles housed in old clock cases. One
medtech cited by Jason Koebler says he's fixed at least 70 ventilators
with his dongle.

"This is a copy of a proprietary tool. It doesn’t take rocket science to
put these things back together. The weak point of these companies’
supply chains is other countries, so through our friends in other
countries we’re able to get this stuff."

Newer ventilators require internet-based activations following repairs,
with technicians paying $10k-15k/year to access the manufacturers' servers.

This follows from a steady rampup of high-cost "certifications" for
hospital technicians, without which they were denied access to parts and
manuals. Hospitals can't repair the equipment they own - and rely on to
save our lives - unless they shell out for expensive programs.

Note that paying for these programs doesn't change who fixes the gear or
how they fix it. In either case, the hospital's own repair staff do the
work, following the service manuals. The only difference is that
"authorized" repairs generate payments to manufacturers.

"For a lot of vendors, you have to get recertified every other year to
keep working on their equipment. I had a biomedical technician who lost
their certification during the middle of the pandemic [because it
lapsed]" -tech manager for 14 hospitals in covid-hit state.

"We called the mfgr and they wouldn't give us the info to service their
ventilators. Eventually we get on a call and say 'this is ludicrous,
this person has been working on these ventilators for 12 years. Release
the service key so I can get patients back on ventilators."

Medtech monopolists claim they'd be held liable if an uncertified repair
harmed a patient. They're wrong.

From that hospital tech manager: "we own the risk if equipment fails and
someone sues. Never have I heard of the maker of the equipment is named
in a lawsuit."

"Third-party repair professionals provide high quality, safe, and
effective servicing of medical devices." -US Food and Drug
Administration, 2018.


There has never been a more urgent moment for medical Right to Repair.
Not only can we not afford to spare a single ventilator that can be
pressed into service, but the pandemic has also eliminated
manufacturers' routine service for OTHER machines.

The devices used to treat your cancer, diabetes, or other conditions are
not receiving the preventative maintenance that was once required by the
manufacturers, and so they are liable to break as well. Without medical
right to repair, they may stay broken.


🌍 Teddy Ruxpin and the Haunted Mansion

Before Ken Forsse invented Teddy Ruxpin and struck it rich, he was a
Disney Imagineer who worked on the Haunted Mansion (he's even got a
tombstone in the Mansion graveyard: NEKEESORF).

Between Imagineering and Teddy Ruxpin, Forsse had another gig on
Atlanta's all-indoor "The World of Sid and Marty Krofft" (which only
lasted six months). During that time, he built *another* haunted
mansion, a scale model filled with handmade props.


The model took him 18 months to build, and it ended up retiring to
Forsse's home. In 2013, Reed and Zahava Savory tried to visit Forsse,
but his poor health meant they couldn't see him. Later, Forsse's wife,
Prof Jan Forsse, sent the Savorys photos of the model.

Today, those photos went up on the Long Forgotten blog, the most
detailed and intense home for Haunted Mansion history on the web. The
photos are incredible, revealing an attention to detail that beggars
belief. What a wild talent Forsse was!


🌍 Dataminr helped cops spy on protesters with Twitter

If you've heard of Dataminr, it's probably because of the 2016 shitstorm
in which it was revealed that the social media "analysis" company was
spying on Twitter users for US intelligence agencies.

Worse: Dataminr's investors included the CIA..and Twitter itself.

Twitter has since divested itself of its stake in Dataminr, but the
company remains a "trusted partner" with access to Twitter's firehose -
the raw feed of all public tweets.

Dataminr bills itself as a breaking news service, but it spies on
Twitter and hands data about anti-police violence protests to the police
departments that are being protested.

The company is worth $1.8b.


Writing in The Intercept, Sam Biddle uses internal whistleblower
information and leaked documents from Blueleaks to piece together a
picture of how Dataminr provides critical intelligence to law
enforcement agencies seeking to violently suppress Black Lives Matter

This is going on despite Dataminr and Twitters' joint assurances that
this will no longer happen.

These assurances are false. According to Biddle's internal source,
"[Cops] are some of Dataminr’s biggest clients and they set the agenda."

This allegation is supported by leaked documents and materials disclosed
by police departments after public records requests.

Dataminr spies on behalf of the police, and makes a lot of money doing so.


Which, you know, OK, fine. You guys are Vichy nerds. You're
collaborators. $1.8b buys a lot of conscience-assuaging. I get it.

But don't piss in my mouth and tell me it's raining.

By which I mean, when Biddle asked Dataminr and Twitter about using
tweets to help cops suppress protests, the responses were insultingly

As in, "We didn't send that tweet to Minneapolis police because of the
protest. It was a *traffic alert*."

Or claiming that they're not providing location data when many of the
tweets they're sending to cops have location tags, and many of the
remainder have location tags added by Dataminr before they're handed
over to cops.

Or claiming that they're sending "news alerts" to the police, not
"protest surveillance."

Law professor Andrew Ferguson compared this to calling police
photographs of protesters "photojournalism."

I mean:


The fuck.


Biddle really nails it here: "This isn’t surveillance because we have a
policy against surveillance, which therefore means we don’t engage in

And naturally, "Neither firm would comment or discuss how exactly the
above does not meet the definition of surveillance, nor would they
provide the institutional definitions of such as defined by either company."

Or as Brandi Collins-Dexter from Color Of Change said, "Twitter can’t
have it both ways, courting Black activists and marketing themselves as
the pre-eminent tool for organizing against injustice while turning a
blind eye to companies that are contracting with them for the clear
intent of surveillance."


🌍 Police militarization has a business-model

There's a reason American cops look like they're on patrol in Fallujah
and it's not mere sadism or gearpiggery. Militarizing the cops has a
business-model, and it's generated $7.4B for the Beltway Bandits that
supply all that gear to law enforcement.


Two federal programs - 1033 and 1122 - transfer billions in military
gear to local law enforcement. 1033 lets cops buy gear at the price that
the US military pays, and 1122 allows the military to donate "excess"
gear to police departments.

Neither program has even a smidgen of oversight or accountability. And
they haven't stopped at turning a nation of Barney Fifes into Judge
Dredd cosplayers - they also supply university police departments with
everything they need to effect a regional coup.

I'm not saying that white supremacy and racism don't play a part here.
They are an essential ingredient in this toxic stew - but they are
insufficient unto themselves.

The other part of the story here is the billions in Beltway Bandit
profits generated by these programs.

These excess rents are ammo for lobbyists who entice the US military to
buy "excess" gear that gets given away to cops, and for sales junkets
that entice cops to spend their budgets on gear for themselves.

There's a bright side to this: rooting racism and white supremacy out of
the military and local law enforcement is a long, complicated project -
but starving the military-industrial complex of money will go a long way
to neutralizing their power to convert racism to rifles.


🌍 How Finspy protects itself from security researchers

Finfisher/Finspy is malware made by Gamma, an Anglo-German cyber-arms
dealer, and sold to the world's most despicable dictators and torturers.
Microsoft Security has just published an extensive, fascinating analysis
of its self-defense measures.


There are two big threats to malware: first, that it will be decompiled
so that the vulnerabilities that it expoits can be patched, and second,
that this decompilation process will yield fingerprints that allow
security tools to reliable detect the malware's presence.

Malware authors put a lot of care into writing routines to frustrate
analysis, and Finfisher goes above and beyond in detecting whether it is
under examination and protecting itself from scrutiny.

It starts with "spaghetti code" - breaking instructions into tiny
fragments that jump one to the other, out of order, salted with junk
instructions that do nothing.

All of this code gets executed to load up a virtual machine with its own

The VM loads a bunch of subprograms that check for debuggers and
sandboxes - indicators that the malware is running on a security
analyst's workbench, rather than a target's system.

Then the system loads a bunch of fake bitmap images, throws away some of
their headers, reassembles them, and decrypts data hidden in the
resulting image.

Next comes *another* virtual machine with its own, different opcodes,
which decrypts and loads more software.

This is the installer, which loads up a bunch of DLLs, and begins
installation of the malware itself, which starts injecting code into the
user's programs.

The injector also has countermeasures to defeat common detection methods.

There's another round of obfuscation, and then various modules -
customized based on the target - start loading.

It's a very clever piece of puzzlemaking, and an even more clever piece
of detective work to solve it.

It's also a fascinating glimpse into the bizarre problem of software
figuring out whether it's running on a real computer or inside a
researcher's VM.

This may be the key to how Marcus "Malwaretech" Hutchins saved the world
from Wannacry ransomware.

Hutchins was examining Wannacry when he noticed that it was hardcoded to
try to reach a nonexistent domain,
iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. He registered that doman
and stood up a webserver there and every copy of Wannacry in the world
went dormant.

No one knows exactly what happened there, but it's likely that
Wannacry's method for figuring out if it was in the Matrix or not was to
try to contact a nonexistent website.

If the website answered, it would assume it was running in a
researcher's test system and it would cease to function - so when
Hutchins put up his webserver, every Wannacry instance on Earth decided
it was under scrutiny and ceased all activity.


🌍 Clamshell currency

In 1933, FDR shut all of America's banks for three days; this bank
holiday probably saved the US financial system from collapse by
preventing a bank-run, but it left American businesses and their
customers without cash.

In a paper published by the Newman Numismatics Portal in January, Joshua
Smith reports on his 2019 fieldwork with local historians to tell the
tale of the shells.

Smith observes that shell-based currency was first used in the region in
the precolonial times by Chumash First Nations people, drawing a
fascinating connection with a 1934 ethnography of Chumash trade and the
1933 bank holiday.

Smith makes a case that the 1933 revival of shell-based scrip started
with a joke, when a local pharmacist and a cigar store owner gave a
clam-based IOU to a service station owner as a joke. The service station
owner displayed it in his window and a customer bought it for $1.

This started a fast-moving local vogue for handpainting clamshell scrip,
and the service-station owner hired two local unemployed people to go
into production. Historical accounts differ, but somewhere between
$1,000 and $1,500 in clam-based money was issued.

Then, in 2013, on the 80th anniversary of the bank holiday, two local
merchants issued a new round of clamshell scrip: Girl's Restaurant and
Shellabration Beach House.

Once again, this sparked a local merchant's trend with many issuing
their own clamshell scrip, which still circulates to this day.


🌍 Macron demands national database of porn preferences

It's been less than a year since the UK's idiotic, doomed "age
verification law" for pornographic websites collapsed. This was a plan
to block all adult sites at the national firewall unless they collected
and stored the identities of their users.


It's hard to overstate the idiocy of this plan - who the actual fuck
thought it would be a good idea to create and store a net-worth-sortable
list of the pornographic tastes of an entire nation (the system would
lean heavily on credit cards for identity-verification).

Uh, France, apparently.


The French Parliament has just passed what amounts to the same law,
after Macron called for the creation of a national kompromat database in

I can't wait for the inevitable GDPR challenge.


🌍 This day in history

#10yrsago Iranian activists release free Persian Little Brother

#10yrsago Brazil's copyright law forbids using DRM to block fair use

#5yrsago Terrifying proposal for airplane seating

#5yrsago There Is Such a Thing As a Free Lunch

#5yrsago Gorgeous Taschen book: Art of Burning Man

#1yrago Fur industry paid protesters to attend California and New York
hearings on a fur ban

#1yrago AOC and Greta Thunberg talk tactics and hope

#1yrago Elizabeth Warren wants to force companies to warn investors
about their risks from climate change

#1yrago Bernie Sanders' presidential campaign maintains a page of
anti-endorsements: denunciations from billionaire ghouls and their
enablers https://berniesanders.com/anti-endorsements/

#1yrago Like Amazon, Google sends voice assistant recordings to
contractors for transcription, including recordings made inadvertently

#1yrago French politicians want to add an ag-gag rule to the country's
sweeping online hate speech proposal

#1yrago Cutbacks caused Brexit: austerity correlates with UKIP
membership https://www.aeaweb.org/articles?id=10.1257/aer.20181164

#1yrago Arbitrage nomads are stripping the carcasses of America's dying
big-box stores and moving the choicest morsels into Amazon warehouses

#1yrago Voting machine companies: the names of our parent companies are
trade secrets


🌍 Colophon

Today's top sources: Fipi Lele, Naked Capitalism
(https://www.nakedcapitalism.com/), Four Short Links

Currently writing:

* My next novel, "The Lost Cause," a post-GND novel about truth and
reconciliation. Yesterday's progress: 555 words (36565 total).

Currently reading: Anger Is a Gift by Mark Oshiro

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 09)

Upcoming appearances:

* In Conversation with Hank Green, Jul 10,

"Working as Intended: Surveillance Capitalism is not a Rogue
Capitalism," Jul 21,

Latest book:

* "Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden:
https://us.macmillan.com/books/9781250774583; personalized/signed copies

Upcoming books:

* "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters,
bedtime, gender, and kicking ass. Pre-order here:
https://us.macmillan.com/books/9781626723627. Get a personalized, signed
copy here:

* "Attack Surface": The third Little Brother book, Oct 20, 2020.

This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commerically,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.


Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.


🌍 How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


*When life gives you SARS, you make sarsaparilla* -Joey "Accordion Guy"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20200710/49d1a262/attachment.sig>

More information about the Plura-list mailing list