Account and INFO Security
Data Breach
The gun sales site Gunauction.com has had its database breached. The data exposed belonged to 550,000 users, including customers’ full names, home addresses, email addresses, plaintext passwords, and telephone numbers.
My advice is that you make sure that you change your passwords for that site using password best practices.
Medical News
The Physics of Manslaughter
Today’s post comes from the UK, and I try not to talk about legal issues in other countries because I just don’t understand the laws in other nations, and don’t want to stick my nose in them. The difference here is that the case involves some technical issues of SCUBA diving and of dive medicine, areas where I feel like I have some level of mastery. This is a technical post, so for those of you who are not interested in physiology and physics of SCUBA, this may or may not be interesting.
A diving instructor in the UK was teaching an experienced recreational diver a course on deep diving. The dive that they did was to 115 feet.
On this dive, they were diving at around 4.5 atmospheres, and this requires some level of care. I don’t see in this account where the instructor messed up, with the exception that I wouldn’t have had a student doing a check dive like this with an 80 cuFt cylinder (which is what the Europeans call 12 liter).
In this case, however, the government brought in a diver from the UK Navy as their expert witness. He testified that the instructor was wrong in three ways- the dive violated the rule of thirds, they were down longer than the dive tables dictated for that depth, and he held his struggling student underwater when the student was attempting to get to the surface, causing his death by drowning.
Let’s start by addressing each of these in turn. The rule of thirds. The rule of thirds is a rule that says you use one third of your air supply to get into the dive, one third coming out, and hold one third in reserve. This rule is generally only used when you are “diving in the overhead,” meaning that there is either a physical or physiological barrier that would prevent you from surfacing. A physical barrier would be diving in a cave, a shipwreck, or diving so deep for so long that you cannot surface because you have a decompression obligation to work through before you can surface. Neither of those was the case here. In that case, the rule is to ensure that you surface with at least 500 psi of gas left in your tank.
The second argument, that the dive tables’ “no decompression” limits for that depth had been exceeded is ridiculous. When you are a new open water diver, you are taught to use tables, but no one, and I mean no one, follows them. The invention of dive computers has rendered them obsolete. The reason for this is that the dive tables assume that you descend at the maximum safe rate from the surface to the maximum depth, then ascend at the maximum safe rate to the safety stop. This is called a “square profile” and no one dives like this in real life. A dive computer monitors your depth every 30 seconds or so, and gives you “credit” for time spent at shallower depths. This has the effect of more than doubling your permissible dive time. Everyone today “dives their computer.”
A great example of this is the standard dive on Florida’s coral reefs. Off the coast of West Palm Beach, there are several reef lines. The most interesting one from a SCUBA perspective is about a mile or so offshore, in 60-100 feet of water. If you were to dive the top of that reef, the tables say that you can spend a maximum of 40 minutes at 70 feet of depth before exceeding the no decompression limit. Most divers will spend a minute or two at that 70 feet, maybe 5 or 10 minutes at 65 feet, then more time at 55 or 60 feet, etc. The result is that divers with computers might well spend 55 to 65 minutes and still not exceed decompression limits. The Commander would have known this, himself being a certified PADI divemaster.
Instead, he contends that the “out of air” situation was so dire that the diver should have been permitted to make an unrestricted surfacing, despite the fact that the student was breathing on the instructor’s plentiful air source. Ridiculous.
I actually did this exact dive here in the states when I got my own extended diving certification some years ago. It is standard practice at the end of any dive that is deeper than 40 feet to stop at a depth between 15 and 20 feet for three minutes. This is called a “safety stop” and is intended to give any gases that have been absorbed in the blood time to diffuse out of the blood and prevent hyperbaric injuries. It’s recommended by each of the three big certification agencies. (NAUI, PADI, and SSI)
Another protocol that some divers follow is to stop for one minute at half of your current depth. So if you had been at 120 feet, a one minute stop at 60 feet is followed by a one minute stop at 30 feet, followed by a one minute stop at 15 feet. No matter how you do it, coming up as slowly as you can is how you avoid hyperbaric injury.
In fact, three of the dive accidents that resulted in injury, and the only diving fatality I have ever been present for was related to a diver ascending too quickly. The physics and physiology of breathing pressurized gases is technically demanding, especially so when diving to depths below 99 feet. Safety stops are VERY important, especially when you are diving at pressures higher than 4 atmospheres of pressure (99 feet).
I myself have had four diving emergencies that required either emergency surfacing or my buddy’s intervention. Three of them were due to equipment failure, and one because I was a moron. One of them required sharing air. We still had time to do our safety stop.
Even so, it’s obvious that the prosecution wanted to railroad this guy. The student in question had a history of high blood pressure, and the autopsy showed that he had alcohol and cocaine in his system. None of this was known to the instructor at the time of the dive.
In this case, the signs of immersive pulmonary edema were there. For those of you who may dive, or who may work in the medical field, pay attention. Immersive pulmonary edema is very similar to the flash pulmonary edema seen with heart failure patients who are suddenly taken off of CPAP. It’s complicated by the changes in pressure caused by depth changes messing with the Renin-Angiotensin-Aldosterone System (RAAS), which regulates blood pressure. Also adding to the complications is the creation of nitric oxide that occurs with sudden pressure changes in SCUBA diving. In patients with hypertension, heart problems, or kidney problems, this combination can be life threatening.
The signs were there: The student was easily winded with mild exertion, he couldn’t perform underwater navigation while at depth (indicating possible mental status changes from hypoxia), and was complaining that he wasn’t getting any air, even though everything was working perfectly ( a sign of shortness of breath). If he was taking an ACE inhibitor for his high blood pressure, this could even make this condition worse.
So how do you treat this? While diving, adopt the rules that I have always followed:
- Any diver on any given dive can terminate the dive for any reason. This is done by giving any diver in your group a “thumbs up” sign, and is called “thumbing a dive.”
- Any diver having apparent confusion, disorientation, or an equipment problem should cause the thumbing of the dive.
- Any diver having shortness of breath should be placed on oxygen as soon as they are on the surface.
- On the way down, take a few seconds at 65 feet or so to get organized. Look each other in the eye and make sure everyone gives you the “OK” sign.
- At any dive below 60 feet, make sure that you do your safety stops.
- Follow other safe practices like ascent rate, NDL limits, and make sure that everyone is diving within the limits of their training and experience.
My Qualifications
My Internet handle has been Divemedic for more than two decades for good reason. I am a certified Master diver, deep diver, mixed gas diver, public safety diver, and Rescue diver. I am certified by all three of the big US recreational SCUBA training agencies at one level or another: NAUI, PADI, and SSI. I have been SCUBA diving for about 30 years. I used to be on a professional dive rescue team. I have been employed at various times as a rescue and salvage diver and had more than 2,000 dives in my logbook, representing more than 900 hours underwater before I stopped bothering to log them, 16 years ago. Enough dives that I have literally worn out a few sets of equipment. I have been present for half a dozen dive casualties, one a fatality. So I understand many of the issues. With that being said, let’s get into the post.
Self Defense
Just Give Them What They Want
The antigun left’s mantra in self defense shootings is always one of a few responses, including:
- Take Your Beating Like a Man
- Just Give Them What They Want
Just give them what they want. The left claims that all you have to do is give them what they ask for, after all, they are probably just trying to feed their family. A few dollars isn’t worth killing over. Just comply. This clerk did, and he was executed for it. Even though it’s difficult to see, you should click on over and watch the video (sorry, can’t embed it).
This begs the question: What if what the criminal wants is your life? How do you know the difference? He is demonstrating the ability, the willingness, the means to kill you, over a few dollars. Remember.
Self Defense
Othering
Two men threaten physical violence against a restaurant patron. One threatens deadly force (“I will stick yo ass, nigga.”). The comments to this video claim that they are in the right because the man said he is a racist.
I wouldn’t have turned my back on them. These thugs went there with the intention of starting a confrontation. They brought an expensive camera with them and are clearly goading him into a response. So they walked up to his table and started a scene, so they could record the it after they started the event by stealing a drink from the table. So given these facts:
- Thug in hat: “I will beat yo ass right now. Here, hold this camera.”
- Turns hat backwards.
- Gets in the guys face.
- Outnumbered two to one
In this case, I think that it is reasonable to believe that there is a real risk of imminently becoming the victim of violence. Keep in mind that he has already threatened deadly force. They stole a drink. That makes this armed robbery, a forcible felony.
Would a warning be in order: “Back off right now, or you are going to regret it?” Or, is the threat imminent enough that immediate force can be used?
If force can be used or threatened, is it enough for the presentation for a firearm, or would you be limited to pepper spray? If you are wrong, you either die or go to jail.
Account and INFO Security
The Spy Who Called Me
Just as we have always suspected, we now have solid evidence that your cell phone is spying on you and forwarding your information to the ChiComs. Again, it doesn’t matter how careful you are, there are security leaks. It may be on your end, it may be on the other end, but it is inevitable that there are ways for black hats to gain access to your stuff.
I know that there are some out there who think they are more clever than the other side, but is everyone you do business with just as smart? What about their employees? Your phone? The government employees handling your information?
How much of your stuff is being read, unbeknownst to you? I assume that governments with their unlimited resources can see whatever they want, no matter how hard I try to secure it. I just want to make my stuff harder to steal than most people’s, so maybe the thieves spend their time on the lower hanging fruit.
Account and INFO Security
Phishing
As apps that do all of the heavy lifting for you become more widespread, the threats to your accounts become more pronounced. This software allows even amateurs to get into the cybercrime business. The software and the scams are becoming ever more sophisticated, with some of them catching even the most wary people.
As one business owner found out when he lost more than $120k, these guys are getting pretty good at suckering people in. Thinking that you are smarter or that you can’t possibly be fooled is a mistake.
He received a call from a person claiming to be from the Chase fraud department and asking to verify a suspicious transaction.
The 800-number matched Chase customer service so Mullenaux didn’t think it was suspicious when the person asked him to log into his account via a secured link sent by text message for identification purposes. The link looked legitimate and the website that opened appeared identical to his Chase banking app, so he logged in.
Thinking about this now and preparing a security plan is the best way to defend yourself. In this case, a password manager would have known the site wasn’t legit, and would not have filled in his credentials. That may have been the red flag he needed to realize he was being suckered. Most of us know that we shouldn’t give our credentials to someone who contacts us, but this new breed of con man is using a combination of misdirection and deceit to trick us into letting our guards down. Using computer tools to aid us in spotting fake login sites is the way to go, IMO.
Medical
Posturing
The nice folks over at GunFreeZone posted a link to a video and expressed an opinion on posturing. I invite you to go and check it out. Unfortunately, that opinion is incorrect. JKB makes the claim that the loser of the fight is displaying decorticate posturing. He is wrong.
What you see in the video is decerebrate posturing. In the difference lies a huge change in prognosis. All posturing is a common outcome of severe brain injury. It refers to involuntary and abnormal positioning, and the presence of posturing after TBI suggests a poor prognosis.
Both types of posturing often indicate some extent of damage to the brainstem, which is the part of the brain that controls important functions like breathing. Decerebrate posturing, which is what we see in the video JKB linked to, is caused by damage to deeper brain structures and is much more common than the other type, decorticate posturing. Decorticate posturing is caused by damage to both hemispheres of the cerebral cortex and is rarer than decerebrate posturing, but is generally associated with better survival rates.
Generally, the recovery outlook for individuals with abnormal posturing after brain injury is poor. Even though there are instances where individuals regain consciousness and recover, only 37% of those who display decorticate posturing after a head injury survive. Only about 10% of individuals with decerebrate posturing survive.
In the video JKB links to, the individual displaying this posturing has one thing going for him: Youth. If he is admitted into the hospital within 6 hours of his injury, he is likely to double his chances of survival, even though it is still likely that he will have some permanent disability. So an 80% chance of death, and a 20% chance of permanent disability. All of that from a punch to the head.
Think about that the next time someone says that a concealed carrier should just take “his beating like a man.”
Account and INFO Security
Phishing Ads
Just when you think you are done talking about information security for awhile, the bad actors come along and prove you wrong. The latest is that black hats are targeting users of valuable sites with phishing ad and search engine results on Google and other search engines. The scam is that you search for your favorite website’s login, and the first hit is a phishing site that grabs your login information before forwarding you to the legit site.
In this case, it is users of the password manager “Bitwarden” and 1password that are the targets, but I have seen reports of similar attacks with other password managers, banking sites, and others. Recent research has shown that threat actors are using Google ads to fuel their malware delivery campaigns for initial access to corporate networks, to steal credentials, and for phishing attacks.
What’s interesting to me is that Google, YouTube, and other sites are busy clamping down on reports of the 2020 election, COVID vaccines, and everything else under the sun, but are actively allowing ads on their sites that are actual theft.
The best defense to this is the use of MFA that uses FIDO 2.0 or higher. The article that I linked to above says that hardware keys are cumbersome, but I have thus far found them easy to use, and certainly no more difficult than the authenticator apps that are out there. Another thing the article gets wrong is that all MFA is subject to “man in the middle” attacks. That may be true of authenticator and SMS versions of MFA, but the YubiKey system is not subject to man in the middle attacks, because the system uses the two keys of public key encryption to ensure that both parties are legitimate. I am sure that other hardware keys are available that do the same thing, I just have no experience with them.
You will note that Microsoft warned of this back in July and recommended the use of FIDO (Fast ID Online) 2.0 protocols for MFA. This rules out many authenticator apps as well as SMS methods of MFA. Note that the YubiKey 5 uses FIDO 2.0.
Be very, very wary of the websites that you are using. The crooks are getting more and more inventive every day.
Account and INFO Security
T Mobile
In the latest of the data breaches, T Mobile reports that 37 million customers had their names, billing addresses, emails, phone numbers, dates of birth, T-Mobile account numbers and information describing the kind of service they have with the wireless carrier stolen in a data breach. T-Mobile claims that no social security numbers, credit card information, government ID numbers, passwords, PINs or financial information were exposed.
PayPal also had a data breach of 35,000 customer files. Names, dates of birth, addresses, Social Security numbers, tax IDs and phone numbers were all exposed. The accounts were breached using a credential stuffing attack, likely using one of these cracking tools. Now I doubt many of my readers use PayPal, considering their antigun stance, but it still illustrates how active hacking is.
Still, I recommend that you change your password if you are a customer of one of these services. Please make sure it’s a secure one.
You have locked your credit reports, haven’t you? Even if you aren’t a T Mobile customer, please do so. I would also recommend that you pull each of your credit reports every year. The law says you can do so, free of charge, every year.