Applied Crypto Hardening

I spend a lot of time urging people to utilize available cryptographic tools to secure their data. While I also admit that using cryptographic tools is less convenient that not and involves a learning curve, I believe that everybody has a duty to take their online self-defense into their own hands. To this end a group of people have gotten together and written a white paper that helps individuals utilized cryptographic features in popular software packages:

This whitepaper arose out of the need for system administrators to have an updated, solid, well researched and thought-through guide for configuring SSL, PGP, SSH and other cryptographic tools in the post-Snowden age. Triggered by the NSA leaks in the summer of 2013, many system administrators and IT security specialists saw the need to strengthen their encryption settings. This guide is specifically written for these system administrators.

Initiated by Aaron Kaplan (CERT.at) and Adi Kriegisch (VRVis), a group of specialists, cryptographers and sysadmins from CERTs, academia and the private sector joined forces to write such a concise, short guide.

This project aims at creating a simple, copy & paste-able HOWTO for secure crypto settings of the most common services (webservers, mail, ssh, etc.). It is completely open sourced, every step in the creation of this guide is public, discussed on a public mailing list and any changes to the text are documented in a publicly readable version control system.

The document itself can be downloaded here [PDF]. I haven’t read through the entire guide but it is obviously still being written as there are quite a few omissions. But what is there is good information albeit information devoid of theory, which is OK, you have to start somewhere and enabling these features without fully understanding them is still better than not enabling them at all.

United States Prohibiting Coursera from Accepting Syrians, Sudanese, Iranian, and Cuban Students

When it’s not bombing children in the Middle East the United Stats is busy finding other ways to make the people in that region, and Cuba, suffer. It’s latest strike against people it doesn’t approve of comes in the form of restricting their access to education. Coursera is an online classroom where students from all around the world can learn all sorts of wonderful new things. Well not all around the world. The United States has prohibited Corsera from teaching students in certain countries:

Dear All, I write this email under protest and with a considerable degree of anger and sadness. Few things illustrate the bone-headedness, short-sightedness, and sheer chauvinism of the political structure of the United States better than the extent to which its ideologues are willing to go to score cheap domestic political points with narrow interests in the pursuit of a sanctions regime that has clearly run its course.

You might remember the Apple ad from a few years back, in which the company proudly announced that their machines were now so powerful that they fell under export restrictions: “For the first time in history a personal computer has been classified as a weapon by the US government …”

http://www.youtube.com/watch?v=t4dDuocAXTY

Well, that was a tongue in cheek quip at their Wintel competitors, but a few years after that same company decided that also an iPad apparently could now a weapon, in a rather cowardly anticipatory cow-tow to an ever expanding and aggressive sanctions regime, when they stopped selling any of their products to anyone who happened to SPEAK Persian in their stores (the company has since lifted that idiotic policy):

http://www.bbc.co.uk/news/world-us-canada-18545003

But you will now be interested to hear that also my course (and anything else Coursera offers) has been classified, if not a weapon that could be misused, then at least a “service” and as such must not fall into the hands of anybody happening to live in the countries that the United States government doesn’t like. I have thus been informed that my students in Cuba, Syria, Sudan and my homeland will no longer be able to access this course. I leave it to you to ponder whether this course is indeed a weapon and if so against what and what possible benefit the average American citizen could possibly derive from restricting access to it.

Be this as it may, I invite those students affected to use services such as hola.org or VPN routers to circumvent these restrictions.

Let me reiterate that I am appalled at this decision. Please note that no-one at Coursera likely had a choice in this matter!

At any rate, rest assured that these are not the values of the University of Copenhagen, of its Faculty of Law, and most assuredly not mine!

Let me end on a personal note: as a recipient of a McCloy Scholarship created to foster trans-Atlantic friendship and as someone who spent some of his most formative years in the United States, I have to admit that I am worried about the path this country is descending to. Blocking teaching (and medicine) from people whose government one doesn’t like is a fallback into the darkest hours of the last century. As my teacher at MIT, Prof. Stephen Van Evera would have told the people responsible for this: your mothers would not be proud of you today.

Your instructor,

Prof. Dr. Ebrahim Afsah
Faculty of Law
University of Copenhagen

You have to love the United States government. It does everything it possibly can to make the people of countries it doesn’t like suffer. Between sanctions that prevent sanitary and medical supplies from improving the cleanliness and health of the average person to the bombing of wedding parties the United States is working 24/7 to inflict as much pain on the average Middle Easterner and Cuban as possible. Why would it does this you may ask? I’m not entirely sure. But I assume that much of its decision is fueled by its desire to extract natural resources from the region and extraction processes are easier when there’s nobody alive to resist your efforts.

Still, this is another disgusting act by a disgusting government.

It’s All He Knows

We all know that the Republican Party (GOP) has a problem with its candidates saying really stupid shit. Part of the issue may be that those candidates have poor anger management skills. People are known to make really stupid comments when they’re upset, which may explain why this GOP candidates went off of the rails on a reporter:

Rep. Michael Grimm (R-NY) was caught on tape last night going off on a local reporter who asked him a question that he was not expecting and did not want to answer.

The shocking footage shows Grimm threatening the NY1 reporter, telling him, “If you ever do that to me again, I’ll throw you off this f***ing balcony.”

He then told the reporter, “You’re not man enough, I’ll break you in half. Like a boy.”

Nobody should be surprised by this outburst. First of all we know the GOP has a problem with the words that come out of its candidates’ mouths. But they’re also politicians, which means violence is the only thing they know. Their entire job is to make decrees that take the form of “Obey this or else.” The “or else” is always a threat of violence. In fact the only thing that surprised me about Mr. Grimm’s outburst was that he was so direct with his threat of violence. Most politicians hide behind an office, reams of paper, and legalese to make their threats. Perhaps we would be better off if more politicians displayed Mr. Grimm’s honesty.

Another Bad Idea By Amy Klobuchar

I have to agree with Techdirt, whenever Klobuchar presents legislation involving technology everybody “should run screaming for the hills.” Her history on technology-related bills makes it obvious that she doesn’t actually understand the technology she’s attempting to legislate. Her latest attempt at infusing the state with our technology is a bill that would require mobile phone manufacturers to include a kill switch that can be remotely actives in all of their phones:

Her latest move is to propose a bill that would mandate a kill switch in all mobile phones that could be activated remotely. The idea, here, is that this would allow those who had their phones stolen to disable them, rendering them (sorta) useless. It seems that, as with the other bills discussed above, Senator Klobuchar introduces these with the best of intentions, but with no clue about how technology works, or the likely “unintended” consequences of such things.

This legislation mandates what Apple is already doing, include a mechanism for iOS customers to render a device unusable should it get stolen. If this feature isn’t already included in Android and Windows Mobile I’m sure it will be soon. But the choice of including such a kill switch should be made by the manufacturer because, get this, some customers don’t want a remotely activated kill switch in their communication device. Such a feature could easily be abused. How easy would it be for a police force to call up a mobile phone manufacturer and tell them to disable all of their customers’ phones in an area where a protest is taking place?

Remote kill switches, like everything else in the universe, have positives and negatives. For some people the positives outweigh the negatives and they seek a devices with a remote kill switch. The opposite is true for other people, which causes them to seek out a device that doesn’t have a remote kill switch. I know it’s difficult for a statist to understand that the human race isn’t like an ant colony. Each person is an individual who had different wants and needs. Some of us want to order a giant rib eye steak and some of us want to order a salad. The choice should be left to the individual making it not mandated by some asshole in a marble building.

Another Republican Says Something Stupid

While I don’t waste my time watching some dude in a marble building give a speech I do like to read about highlights of stupid shit politicians say. When it comes to stupid shit the Republican Party (GOP) has a much longer track record. The Democrat Party seems to be able to better muzzle its candidates. That means the Democrats enjoy a better public image whereas the GOP get to explain away shit like this:

Patterson also proposed a fix to Detroit’s financial problems: Turn the city into a reservation for Native Americans.

“I made a prediction a long time ago, and it’s come to pass. I said, ‘What we’re gonna do is turn Detroit into an Indian reservation, where we herd all the Indians into the city, build a fence around it, and then throw in the blankets and the corn.’”

Obviously the GOP went into damage control mode and tried to claim that the person who interviewed Patterson had an agenda. Agenda or not, saying something a idiotic as turning Detroit into an Indian reservation, building a wall around it, and tossing in blankets and corn isn’t going to turn out well. There’s no reason to say such a thing because any potential benefit you derive from it will certainly pale in comparison to the amount of ammunition you hand your political opponents.

If you’re a politician then you should know enough to keep your statements unoffensive. Failing to do so only leads to your opponents using it to make you look like an ass. The GOP would do well to hire some public relations coaches for its candidates so it can avoid having to explain away stupid statements like the one Patterson made.

The State of the Union

Yesterday some dude donned a suit, stood in a marble building, and gave a speech. Judging from both my Facebook and Twitter feeds he said some things that really irked Republicans off and made Democrats feel giddy. I didn’t watch it. During the time the speech was going on I managed to finish a kettle bell workout, practice some martial arts, and read a few chapters from Sprint Wind: The Story of the Japanese Martial Arts.

Between the workout, practice, and reading I felt pretty fantastic after the speech. My friends who sunk their time into watching the speech didn’t feel so great afterward (except from my Democrat friends). Once again foregoing politics for self-improvement paid off. I think I will continue my anti-politics policy and reap the health benefits it offers.

Implantable Power Generator for Pacemakers

I subscribe to the idea that our lives are more greatly improved by technological advancements than diminished. For every nefarious use of technology that seems to be a dozen or more positive uses. We’ve effectively eliminated several diseases that once ravished our populations, put a man on the moon, enjoy speedy cooking via microwaves, can preserve food that would naturally spoil in a few days for months, and built devices that can generate power from sunlight. Adding to hour already impressive array of technological advancements is an implantable piezoelectric generator that can power a pacemaker:

(Phys.org) —Researchers from several institutions in the U.S. and one from China have together developed a piezoelectric device that when implanted in the body onto a constantly moving organ is able to produce enough electricity to run a pacemaker or other implantable device. In their paper published in Proceedings of the National Academy of Sciences, the team describes the nature of their device and how it might be used in the future.

The ramifications of this technology stretch far beyond just pacemakers. Any number of implantable devices could theoretically be powered by such a piezoelectric generator so long as the energy requirements were low enough. Imagine an implant for your optical nerves that could general a heads up display that only you could see or an implantable wireless communication device. As these piezoelectric generators improve they could provide more energy just as increases in power efficiency could give us implants that provide very nifty features without requiring great deals of energy.

The Conveniences of Our Modern World

The conveniences of this modern world never ceases to amaze me. I have access to the collected knowledge of man via a computer that fits in my pocket, can complete a 30 mile drive in 30 minutes or less, can purchase any number of fruits and vegetables from around the world from most grocery stores, and can now get an exorcism via Skype:

SCOTTSDALE, AZ – The practice of exorcism isn’t anything new. It’s been around for thousands of years.

But thanks to the age of technology a Scottsdale reverend says he is getting a chance to help people possessed by demons, all over the world.

[…]

In the age of electronics, exorcisms are done over Skype.

I wonder if he can exorcise demons from my computer. That would hold real value for me.

Land Speed Record for Zero to Godwin

I may have found the record time for zero to Godwin in a print publication. According to Tom Perkins of Kleiner Perkins the war against the “one percent” is very similar to the Holocaust:

Writing from the epicenter of progressive thought, San Francisco, I would call attention to the parallels of fascist Nazi Germany to its war on its “one percent,” namely its Jews, to the progressive war on the American one percent, namely the “rich.”

I can kind of see his point so long as you ignore the parts of the Jewish prosecution where the Jews were forced to live in ghettos, loaded onto cattle cars, forced to perform hard labor while they’re starved, and gassed by the millions.

I do understand what Perkins is trying to say but he really sucks at saying it. His implication is that we’re at the beginning of the persecution of the “one percent” and people are failing to see it just as people failed to see the persecution of the Jews in Nazi Germany. But the persecution of the Jews in Nazi Germany holds significant emotional pain and comparing events to it can’t be done lightly. Perkins analogy falls apart as soon as you consider the “one percent” have the political system in their pocket whereas the Jews of Nazi Germany didn’t. That difference isn’t insignificant.