Short-ish (15m) video on using the TinySA Ultra to work up an RF baseline for your immediate area, and how to use it to detect nearby drones.

Shoutout to @brushbeater near the end, and his new dedicated drone detection device, for sale at . brushbeater.store

Apologies for 1) my voice, 2) the occasional truck drive-by, and 3) the brief segment of the drone flying. I've caught a slight bug, so my voice is a little weird now. This road is usually zero traffic, so I wasn't expecting the interruptions. And the 20 or so seconds of drone flight totally drowned out what I was saying. However, you didn't miss anything; I was just filling the awkward pause until I landed it, and pointing out there's no real change in the plot between it sitting on the ground and flying.

Also, let me know if you like this. I did zero editing, and it was a single take. If you think it's useful, I'll try to do more things like this in the future. I'm considering a DF (direction-finding)/foxhunt demo for the next one, to show people how to locate a transmitter, using either a loop antenna or a Yagi (and how DFing is different using the two different antennas).

On this, the anniversary of January 6th, I'd like to remind you that you are constantly surveilled. If you intend to participate in any activity in the future that may one day (even years later) be determined to be something someone in power didn't approve of, be conscious of:

* Private surveillance, which law enforcement (LE) may also access, either in real-time, or after the fact, with or without the surveillance owner's knowledge or permission. This includes things like doorbell cameras (e.g., Ring), home security cameras, security cameras in parking lots, stores, security cameras built into ATMs, cameras on electric vehicle charging stations, cameras in vehicles themselves (both externally-facing and internal, either built into the vehicle, or as an aftermarket add-on), and so on. Also, be aware that most of these also have decent microphones.

* Public surveillance, such as Police Observation Devices (PODs), traffic cameras, tollbooth cameras, etc.

* All purchases you make with anything other than cash are electronically recorded and stored, including date, time, location, and items purchased.

* All cash withdrawals you make are electronically recorded and stored, including date, time, location, and amounts, and can be correlated by intelligence analysts to other activities.

* All vehicle movement is tracked, either directly via the telematics unit in the vehicle (and possibly also by your smartphone), or indirectly via license plate readers, traffic cameras, AI-assisted surveillance devices like Flock cameras that are now in widespread use by LE, satellite surveillance, etc.

* Any interactions between you and any other entity in which personal information is exchanged is electronically recorded and stored.

* All movements of any cellphone, smart or otherwise, "burner" or not, are tracked. "Off" doesn't do what you think it does, and a Faraday bag is not protection against this. If you must participate in such activities, take absolutely no electronic devices with you. No "smart" watch, no "smart" ring, no phone, "smart" or otherwise, no "burners", nothing. You should emit zero RF energy.

* There is no such thing as a "burner". You do not possess the tradecraft necessary to successfully use a secondary device safely and in a privacy-preserving manner, and you WILL get caught. I don't care what your "but" is about to be: no.

* Always rely on foot travel whenever possible. Keep as close to trees or the sides of buildings as possible. Wear a hat with a brim that covers your face. Wear a hood. Wear a mask (thanks to COVID, it's now normalized). Put several uncomfortable pebbles in one shoe. Cover all visible skin to the greatest extent possible. Always try to look slightly down, never up.

* When foot travel is impossible, bicycles should be preferred. When these are unfeasible, rely on public transit to the greatest extent possible (note to millennials: this means busses and taxis and trains and other things paid for in cash, not Uber or Lyft or other ride-sharing services).

* Never initiate secondary activities (acquiring a hotel room, entering the primary area, etc.) close to the time of the primary activity. Your goal is to decouple to the greatest extent possible any activity you participate in with the one in question, both in time and, where possible, space.

* "Decoys" won't work. Again, you don't have the tradecraft necessary to make them effective. So giving someone else your phone, debit card, etc. isn't going to fool anyone.

* Establish patterns of life well (months, years) in advance that make the above activities not stick out like a sore thumb.

Forgot to add the tire pressure sensors in your wheels are also, increasingly, tracked.

All internet activity is electronically recorded and stored. This includes all searches (yes, even using those search engines that are supposedly "private", yes, even using "incognito mode" or "private browsing mode").

This includes all network traffic, including activity on TOR, IPFS, and other supposed "alternative, secure, secret, private" networks.

This includes -- well, let's just say that if you're using an electronic device of any kind to do it, it's being recorded and stored and can be accessed by LE.

Yes, even when you thought you were being sneaky and using a kiosk computer, or that demo unit in the store, or the one down to the library, or your buddy's machine. Yes, it's readily identifiable as your activity, not theirs.

Correlation is a cruel, heartless bitch.

I've been telling you people: tech ain't your friend. I want to talk about this a bit, so read on.

https://twitter.com/hahussain/status/1836035130416124390

As of right now, there's no specific information on exactly what make and model of pagers were involved, or if they were pagers at all. They could have been one of those SIM-based radios or similar.

However, all signs point to this being a malware-based remote attack by Israeli intelligence at this time.

So, how could someone pull something like this off?

The obvious conclusion many will jump to is that someone intercepted the devices and planted small explosive charges in them.

While this is the low-hanging fruit, it's also the least logistically feasible. Plus, it's unnecessary.

Most electronic devices these days come from the factory full of explosives, in the form of capacitors and lithium-ion batteries.

Fun fact about Li-Ion batteries: expose the contents to air, and you get what chemists call an energetic reaction, and what your average person calls an explosion.

How would someone do that remotely, to multiple devices simultaneously, using malware? Easy.

As I mentioned, modern electronics are full of capacitors. Capacitors store charge. Most are tiny these days, as they're SMT (surface-mount technology); smaller than a grain of rice in many instances. Some, however, are the older barrel-style capacitors. This is because the size of SMT capacitors limits their capacity. Sometimes, you need something bigger. to help power the mechanical motor inside a pager or phone, for example, that provides the vibration. Many people don't realize that vibrating devices do so by simply rapidly spinning a lopsided weight attached to a small motor inside the device.

All of the circuitry in a modern electronic device, save for things like the very initial stages of external power input, are mediated and controlled by computer chips. Computer chips, in turn, can have their behavior modified via software.

So, all it'd take would be for some smart person to figure out a way to override the existing safeguards that prevent overvoltage or overcurrent conditions on certain parts of the circuit board via malware. With those safeguards removed, one or more capacitors may receive too much charge too quickly, and when that happens, they tend to very quickly burn out. So quickly, it's like a small "pop".

Do that to a capacitor or several near enough to a Li-Ion battery, and you rupture the (flimsy, thin) packaging protecting it. Once that's ruptured, the battery explodes violently.

Given how densely packed the circuitry and components are in modern electronic devices, the likelihood of a capacitor or several being extremely close to, if not in contact with, the battery is quite high.

All the smart person would need is knowledge of the make/model of device carried by many Hezbollah operatives, and time. Time to disassemble and examine the internals of the device. Time to reverse engineer the firmware to find a vulnerability (relatively easy, and there are automated tools to do all this), and time to determine the most effective means of delivery, preferably without the target's knowledge or interaction (multiple mechanisms for this exist, even with smartphones).

Then, they detonate the devices at the time of their choosing.

Yesterday, when I mentioned that Starlink would be of limited use in a true emergency situation in which there may be infrastructural issues with parts of the internet, many people demonstrated they don't quite understand how the internet works.

So, this morning, we're going to dive into that a bit. Buckle up. A 🧵.

First, your primary interaction with the internet is likely through phone apps or web browsers. To you, it's simple as can be: you launch the app, or type in a domain in the address bar of your browser (or, if you're like most people, just use a search engine and click on the first link that looks reasonable), and you're taken to the content and/or functionality you want.

It's nowhere near that simple. And I'm going to try to avoid analogies so people don't get confused, while also trying to be as detailed as possible but still keeping it simple for the layperson.

To begin, you need to understand how you get to what you want on the internet. And that begins with addressing. Everything connected to the internet has an address. In fact, they have multiple addresses, but we'll get to that in a bit. For now, I'm discussing Internet Protocol, or IP, addresses.

You generally don't interact with or even see these. They look like a dotted quad: 192.168.37.42, for example.

What you generally see and interact with are domain names. Fully-qualified domain names, to be specific. A domain name looks like: .

In , there are actually 3 domains, and a subdomain:

www: subdomain
: second level domain
com: top level domain
.: root domain

You're probably wondering where that final period (".") came from that I labeled "root domain". It's implied at the end of every domain, after the top level domain.

Every domain name registered on the internet is purchased through either a registrar, or an agent acting on behalf of a registrar. A registrar is a company that has permission to sell entries in a database held by a registry.
Registries are companies given authority over the data for top level domains.

So, for example, there is a registry for .com. That registry company sells the rights to create entries in the .com database to various registrars, who in turn sell domain names to the public.

When someone buys a domain name, they give their money to a registrar, and that registrar puts the domain name in the top level domain's registry database.

So, let's say I buy . I pay my money, and my personal details (or those of a privacy agent I pay to mask my personal details) are entered into the registry database for .com, stating that I own that domain. Along with that are some unique identifiers, an expiry date for the domain, and two or more domain names or IP addresses for authoritative nameservers.

The authoritative nameservers become very important in a minute. They are the location of the database that contains all the data for the subdomains of . So, for example, it'll contain the IP address for , if I put it in there. And I have to, because since I own , I'm responsible for managing the addressing for anything under it.

The root domain servers know the IP addresses for all the registries for all the top level domains in the world.

So! When you type in into your web browser, or a phone app tries to access , your computer starts a whole series of questions going out into the internet, trying to find out the IP address for .

This is generally done using a caching recursive resolver (we're going to skip over things like stub resolvers for the purpose of this thread). A caching recursive resolver is the closest most of you will come to interacting with DNS infrastructure. Many people use popular ones like 8.8.8.8, or 1.1.1.1. Other people are content to use the ones assigned to them and run by their ISP.

So, when you try to connect to , your computer reaches out to whichever caching recursive resolvers your computer knows about, and says, "Hey! What's the IP address for ?"

They will either know the answer because they've already done the research and have saved ("cached") the answer, and it'll answer immediately, telling your computer the IP address, or it'll begin the process of recursive resolution.

In recursive resolution, the caching recursive resolver looks up the IP address for one of the root DNS servers, which is stored locally on the caching recursive resolver as part of the configuration process in what's called a "root hints" file, and goes and asks the root server "Hey! What's the IP address for ?"

The root server doesn't know. Because that's not its job. Its job is to know the IP addresses of the top level domain registry databases. So the root server responds, "Beats me. Go ask Bob. Bob's responsible for .com." and gives the caching recursive resolver the IP address for the .com registry.

The caching recursive resolver goes and asks the .com registry, "Hey, what's the IP address for ?" And it responds, "Who knows? Go ask Bill; he's responsible for !" and gives it the names for the authoritative nameservers I put in when I registered .

Now the caching recursive resolver has to start another entire process of recursion to look up the IP addresses for the names I put in as the authoritative nameservers for . Once the caching recursive resolver has those IP addresses, it goes to whichever one it wants (not really, but we're not addressing nameserver priorities, round-robining, and such here) and says, "Everyone tells me you're responsible for . What's the IP address for ?"

And, all else being equal (there are multiple further wrinkles I'm avoiding to keep this simple), your caching recursive resolver is told the IP address for .

It then caches that response, which it'll keep until the TTL (time to live) value assigned to the answer expires (it won't, but that's an entirely other story and has to do with a whole lot of politics, comp sci, and DNS inside baseball; I used to work for the guy who invented DNS, so I got to see the sausage get made routinely), and it gives your computer the IP address for .

That's before your computer or phone has sent a single bit of data to .

As you can see, there's a whole lot that can go wrong just in this process alone. If any point along any of this fails, or provides incorrect information, you can't reach .

And there are myriad ways in which any of that I just described could fail. We'll be discussing some of those further along.

One spectacular way it can fail is human stupidity. Back in 2016, a journalist named Brian Krebs was investigating some criminals pulling scams on unsuspecting businesses, selling them DDoS protection while the criminals were the ones perpetrating the DDoS attacks.

He embarassed them pretty good. In response, the criminals executed what was then the world's largest DDoS attack against his website.

His website was hosted by a company called Akamai. Akamai's a big deal in the internet world. They're responsible for a whole lot of stuff. One of the things they provide is DNS hosting -- that is, providing authoritative DNS services for individuals and companies. Like I described up above, when I bought . I said I was responsible for managing the data for . I'm also responsible for making that data available to the internet. I could run my own authoritative nameserver, but common practice these days is to pay someone else.

Akamai is one of those someone elses. And tons of people pay them for exactly this. Very large companies, like microsoft, and amazon, and zoom, and a bunch of other companies you'd instantly recognize.

When those criminals launched that massive DDoS, it revealed to the world how dumb most network folks are these days: they ignored . IANA is the organization responsible for all the rules and standards regarding how the internet works. There have always been requirements for how DNS should be run. The ones we're concerned with here are that there should always be at least two authoritative nameservers, they should not be the same, and they should not be run by the same company, on the same infrastructure, in the same geographic or logical area.

That last one totally f*cked the entire East Coast of the US, and thus, much of the world, that day. Because everyone and their dog decided they'd just make all their authoritative nameservers be Akamai servers.

So, when Akamai got attacked, none of those authoritative nameservers could be reached.

And these days, the TTL for most names is 0 or very close to it. Which means answers for name queries only get cached for a few seconds.

Which, in turn, means recursive resolvers are constantly having to recurse to get the latest IP for a name. Which means they have to be able to talk to the authoritative nameservers responsible for the names they need IPs for.

That day, no one could, because everyone ignored IANA.

And they still do. To this very day. Not a single lesson was learned. Everyone just makes both their authoritative nameservers different names within the same company, usually within the same network, in the same geographic region.

A handful of p*ssed off script kiddies took Amazon and many other of the largest internet companies offline that day, and weren't even trying to.

So, when I say the internet is fragile and there are tons of ways you can effectively take it down, this is but one example of what I meant.

And all I've covered so far is how to get an IP address for a domain name. We haven't even gotten to the good stuff yet.

I've also avoided topics like DNS cache poisoning, NXDOMAIN redirection, typosquatting, domain sniping, bitsquatting, and other ways to manipulate DNS results, because I'm -- you'll chuckle at this point -- trying to keep it simple.

Next, we'll discuss a bit about how data flows over the internet, and what your computer does with that IP address. But first, I need another cup of coffee, so don't get impatient.example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
example.com
iana.org/help/nameserve…

I just noticed that, when I said "fully-qualified domain name", I gave an example that X decided to turn into a URL, and shorten a bit.

I actually typed in the correct thing: www[.]example[.]com (the brackets are to prevent X from doing it again), but in the text, it made it look like .

So, when you read that bit, please mentally put the "www" in front of for that one statement.example.com
example.com

Since my post yesterday, I've had several people privately ask how to go from where I was a year ago, to where I am now.

So, I'm going to spend some time talking about this. It'll touch on a lot of things, so pay attention. Read on...

https://twitter.com/DolioJ/status/1819548312195977539

First, some background on me: I've been lifting heavy for more than 20 years, though I stopped around 2015, due to a serious injury on the platform at a national competition. It wasn't my first such injury; in 2013, I snapped my right forearm in half on the upstroke of my first attempt at benching 385 in training. That won me a plate, five pins, and a screw in that arm, and a year-plus of agonizing pain, trying to work through what turned out to be tendon adhesions to the interosseous membrane (thank you, Kelly Starrett, for taking the time to see me at your gym and help me figure out what multiple medical specialists and therapists couldn't).

I used to be a competitive powerlifter, and nationally ranked. In 2015, I went to New Jersey to compete in a national competition. For that meet, I was lighter than I've ever been: I weighed in at 220, having cut from the mid 240s in a week's time (yes, it's possible, by severely manipulating your body's water retention and sodium content). Rehydrating and replacing electrolytes immediately after weigh in, I was back to mid 230s within an hour. After eating, I was back to around 240.

That's pretty normal for competitors, particularly at that level.

Anyway, I was also competing raw, after years of geared lifting ("gear", in this context, is bench shirts and squat and deadlift suits). In this particular league, "raw" meant not even using wrist or knee wraps. Completely raw. Also a novelty for me.

For those unfamiliar with powerlifting, it's an individual event, where competitors each do three squats, followed by three bench attempts, followed by three deadlifts, with each competitor rotating through one lift before doing their next.

On my third squat, I told the spotters to take the weight, as I felt something off and very painful in my lower back. I found out later I'd herniated both L4 and L5. At the time, I thought I'd just pulled a muscle.

I got assisted off the platform, went to the back of the room, and lay on the floor, while I had my wife get my horse liniment, DMSO, and capsaicin, and I applied all liberally to my lower back. Then, I tried to roll it (I don't use a foam roller; I use a 6" diameter PVC pipe; I find it more effective). The liniments and such helped with the pain enough that I could gingerly roll the area, and I was well enough to get through my bench warmups, though I only took 3 different weights.

I completed my benches successfully, but by that time, because you keep a tight arch when doing a powerlift bench, my back was even worse.

By the time it was time for deadlifts, I didn't even warm up. I told the scoring table and judges I was going to just take one, light, token deadlift at around 550lbs (I was going to go for a personal best around 740 at that meet; it wasn't to be).

I spent the next two to three years rehabbing my back, and not lifting at all. I refused to get back surgery, because everyone I talked to that'd had surgery for their hernias felt they were worse off after than without the surgery. So, lots and lots of chiropractic work, infrared light therapy, warm castor oil compresses, and stretching, not to mention my wife's infinite patience, and I was more or less healed.

But I hadn't lifted since.

The point is, I've been lifting for quite a while. I regularly walked around around 260lbs with either six-pack or eight-pack abs.

But I hadn't lifted since that day in 2015 that ended my competitive lifting career.

Fast forward to last year (2023), when I attended @Brushbeater's Scout course. It was originally supposed to be both Scout and Recce, but by the last day of Scout, I was out of gas. On the last exercise of the course, our squads decided to assault full-speed up the most grueling hill on his property.

I didn't make it. I got 2/3rds of the way up the hill, and was sucking wind so much I had to stop, and the medics came over to tend to me. I had a (for me) shameful ride in the SxS back to the team room.

I am not a spring chicken. However, I am also not dead yet. I'm in my late 50s. Having spent a decade in peak physical form (for me), that hill kicked me in the nuts and brought me to reality in a way nothing else could.

I was no longer in shape enough to protect myself or my family. I sat, tears in my eyes, telling @VA_minuteman that I cannot let my daughter have to deal with what I worry is coming without me.

You have to understand something about me: I do NOT quit. I do not give up. I consider any such action a VERY personal failure, and I consider it utterly unacceptable.

People generally fall into two camps: those who will accept defeat, and those who absolutely refuse to.

I'm one of the latter.

So, though I had been doing weighted rucks and some gym workouts for several months to get ready for those courses, I realized I was lying to myself.

Right then and there, sitting quietly in the team room by myself, listening to the radio chatter and waiting for the rest of my team to successfully complete the course, I vowed to myself I would not let that F'ing hill beat me.

So I went back to the gym, determined to get back in shape.

That's what I've been doing for the past year.

And here, I'll give you some hard-won wisdom and knowledge from my journey, both over the past year, and since I decided to start lifting decades ago.

Several people have asked what they should focus on to start prepping.

Frankly, if you didn't start quite some time ago, it's too late.

However, to humor those who feel the need:

1) a serviceable semiauto 5.56 rifle, with optic and a sling. Learn to shoot it. Learn to maintain it. Buy consumables (BCG, barrel, springs, etc.), and the tools necessary to service the platform. Learn your zero. Dial it in. Learn to reconfirm occasionally.

2) a serviceable semiauto pistol in your preferred caliber (as long as it's at least 9mm), with night sights and IWB holster. Learn to shoot it. Learn to maintain it. Buy consumables (barrel, firing pin, springs, etc.), and the tools necessary to service the platform. Learn how to smoothly and quickly draw from concealed, how to properly present and acquire a sight picture.

3) significant quantities of ammo for both, in preferred configuration. I prefer 77gr OTM for the 5.56, and currently carry G9 ammo in my 9mm. But you do you. "Significant quantities" is arguable, but frankly, I can easily go through 1,000 rounds a month on either platform just going to the range. A short range trip is 400-500 rounds. 10k rounds of 5.56 isn't a lot. I probably only keep about 5k 9mm rounds on hand, however, because most of my work will be done with the rifle.

4) a GOOD ($300-500, or thereabouts) fixed blade knife of an appropriate size for bushcraft work, and good stones to sharpen it with. Learn how to use it. Learn how to sharpen it.

5) You need several pairs of serviceable long pants and long-sleeve shirts. Things that will stand up to crawling on your knees and elbows a lot. Things that will withstand getting and staying dirty. Things that are going to break up your silhouette and help you blend into your environment.

6) You need several pairs of serviceable gloves. See #5.

7) You need a good stock of undergarments and wool socks.

8) You need two pairs of GOOD boots, designed for hiking/climbing/moving over rough terrain. And you need to break them in. Get multiple extra pairs of laces.

9) Dry bags in assorted sizes.

10) A solid ruck.

11) Some form of load-bearing equipment (LBE). Whether this is a battle belt, a chest rig, or both. Figure out what works best for you.

12) Radios capable of transmitting and receiving in HF, UHF, and VHF, and the knowledge and skill to use them, along with the ability to power them in austere environments.

13) Multiple means of starting fires, and knowledge of how to build various types of fires, including smokeless, and the knowledge of when not to build fires, and how to properly rid yourself of them when decamping.

14) A GOOD light. One that preferably emits white, red, and green or blue light. A headlamp is ideal. You also need rechargeable batteries and the means to recharge them.

15) Portable, sustainable power generation.

16) A solid land nav compass, the ability to read a map properly and navigate with it.

17) Signal mirror.

18) Paracord.

19) A QUIET tarp or shelter half.

20) Duct tape/100MPH tape. In a matte color.

21) Some means of carrying at least two quarts of water.

22) Man-portable water filtration, and the knowledge of how to collect water in multiple ways, including things like solar stills and how to get water from plants.

23) several GOOD, fully-stocked IFAKs and a few larger, better-equipped FAKs, and the knowledge of how and when to use everything in each.

...and that's just some of what'd go in your pack or on your person, plus a few things that'd stay nearby in a hide or camp. I haven't even touched on sustainment, such as near-term food and water, hunting, trapping, fishing, long-term food and water, skills like stalking, light/signals/trash/noise discipline, medicine, foraging, and so on.

I mean, if you really feel compelled, you can start buying stuff. But buying stuff isn't what you need. You need the skills and knowledge of how and when to use the stuff you'll buy. And that's what you don't have time for.

Buying things will not save you.

Also, be aware I left out TONS of stuff. Considerations for environment, climate, and season. Several good, serviceable hats. Camo pattern selection. What to do about body odors and cooking odors. How, when, and where to dig a latrine. How to skin and gut your kills. How to preserve food. How to purify water. Silcock keys. Heavy equipment keys. Lockpicks. Bolt cutters. Entrenching tools. Axe and/or hatchet. Camo netting. Cobra hood. Multitools. Trench periscope. Good basic set of general-purpose tools. Signal flags. Waterproofing. Rain covers and ponchos. Why personal hygiene is critical in the field. Adequate nutritional considerations. Bush and fieldcraft.

There's just so much, and the window to learn any of it is closing very rapidly.

I can recommend all of @DolioJ's books, all of @DonShift3's books, all of @wayofftheres's books, and all of @Brushbeater's books. They're not a substitute for training, but at least you'll have something to work from.

Also, books like and and . Dave Canterbury's Bushcraft books. Selco Begovic's books.amazon.com/dp/B0CSZ55N9J
amazon.com/gp/product/B08…
amazon.com/gp/product/151…

By the way, I intentionally wrote this thread to apply to urban, suburban, exurban, and rural environments. You will need to have the wherewithal to understand where, when, how, and why to adjust and adapt this to your particular circumstances.

Also, I left out an extremely important set of things: Planning and intel. You need to know how to do, and then you need to routinely conduct, an area study. You need to build the skills necessary to gather intel, and the network that will allow you to do so. You need to develop plans (primary, contingency, emergency) for what you and yours will do in the event of various scenarios, both natural and man-made. And you need to drill them regularly.