Archive for May, 2014
Regulatory agencies have for a long time been the tool of choice for the executive branch when it wanted to target things it didn’t like but didn’t want to wait for approval by the legislative branch. The current head of the executive branch has made no attempt to conceal his distain for guns so it’s not surprising to see that he sicced his dogs on firearm sellers:
The administration is using an anti-credit card fraud effort dubbed Operation Choke Point to go after legitimate businesses it deems “high-risk,” says a staff report by the House Committee on Oversight and Government Reform.
Internal Justice Department documents show that Attorney General Eric Holder was informed that small businesses were being hurt by the operation as banks dropped them and exited entire lines of business deemed “high-risk” by the government, yet his department has continued to pursue the operation, the report says.
The Washington Times has reported that several gun retailers have been dropped by their banks as a result of the operation — the most recent being Powderhorn Outfitters, a sporting goods shop in Hyannis, Massachusetts, which was dropped last week by TD Bank after a 36-year business relationship.
And gun stores aren’t the only organizations being targeted by Operation Choke Point. The Washington Times included a convenient picture that covers other so-called high-risk businesses that have cause the Department of Justice’s ire:
It’s pretty ironic that surveillance equipment made it onto a government list of high-risk merchants but I digress. While many people are focusing on the gun store angle specifically I think the take away from this story is that giving the state regulatory power is dangerous. Whenever something bad happens the government always steps in and offers to regulate that bad thing. If the Democrats are in power then self-proclaimed Democrats take the government up on its offer. If the Republicans are in power then self-proclaimed Republicans take the government up on its offer (even though they claim to want a smaller government). Neither side stops to consider the fact that their party won’t be in power forever and when the party in power changes those new regulatory powers will be used in a different manner.
After Edward Snowden released his treasure trove of leaked data from the National Security Agency (NSA) many statists asked why he didn’t go through “proper” channels. Snowden said that he did raise concerns numerous times to no avail. It has been over a year since Snowden let us in on the NSA’s surveillance game and now the agency is claiming that Snowden never filed a complaint:
In response to claims by Edward Snowden that he raised concerns about NSA spying in emails sent to the spy agency’s legal office, the NSA released a statement and a copy of the only email it says it found from Snowden.
That email, the agency says, asked a question about legal authority and hierarchy but did not raise any concerns.
“NSA has now explained that they have found one e-mail inquiry by Edward Snowden to the Office of General Counsel asking for an explanation of some material that was in a training course he had just completed,” the NSA said in a statement. “The e-mail did not raise allegations or concerns about wrongdoing or abuse, but posed a legal question that the Office of General Counsel addressed. There was not additional follow-up noted.
“There are numerous avenues that Mr. Snowden could have used to raise other concerns or whistleblower allegations,” the statement continued. “We have searched for additional indications of outreach from him in those areas and to date have not discovered any engagements related to his claims.”
Let me get this straight. The NSA, one of the most unscrupulous agencies of the United States government (and that’s saying a lot, expects us it when it says Snowden never filed a complaint? I’m guessing that the NSA has been busy scrubbing all records of Snowden’s filed complaints just so it could claim that he never filed any.
But let’s assume he didn’t file any complaints, why does it matter? Anybody who has dealt with government bureaucracy knows that “proper channels” is synonymous with memory hole. It’s impossible to get anything done within a government agency by using the agency approved channels. The only way to get a government agency to change its ways is to create public outrage and even that isn’t a guarantee that anything will improve.
Misogyny, white privilege, masculinity, and America’s gun culture have all been blamed as the causes of the shooting in California. I figured at this point every social justice warrior cause would have been insinuated as the One True Cause but I figured wrong. As it turns out the quintessential rape culture hasn’t received any love yet. Fortunately one brave warrior has stood up and pointed out that the shooting was indeed caused by the nerd culture, which is synonymous with the rape culture! The best part about this article is that it makes a case based on insinuations derived from a fictional story:
Princess Leia was raped by Jabba the Hutt.
How many times, I don’t know, nor do I care to know the specifics. But these were the most brutal gangsters in all of the galaxy, the worst of the worst, and so she was. And it was soul-crushing and brutal and something that Leia never spoke of — not to her brother Luke Skywalker and not to her lover Han Solo. When it was all said and done, she was a shadow of her former self.
Although Leia’s rape may have happened off-screen, make no mistake, it happened. And after it was done, Leia was dressed in rags and chained to her rapist. She was nothing more than an object, a toy, for any and all to see.
And for many, if not most geeks today, this particular image of Leia is the quintessential image of geek sexiness and yet at heart it is the image of a rape fantasy.
I’m sure there are a few other things to blame but the media’s one week window of reporting is fast closing. Get your accusations out there now or you won’t get the big page hits!
Should security vulnerabilities be disclosed? What if they could be used to kill somebody? That’s a question Robert Graham recently asked on his blog:
Historically, we’ve dealt with vendor unresponsiveness through the process of “full disclosure”. If a vendor was unresponsive after we gave them a chance to first fix the bug, we simply published the bug (“drop 0day”), either on a mailing list, or during a talk at a hacker convention like DefCon. Only after full disclosure does the company take the problem seriously and fix it.
So let’s say I’ve found a pacemaker with an obvious BlueTooth backdoor that allows me to kill a person, and a year after notifying the vendor, they still ignore the problem, continuing to ship vulnerable pacemakers to customers. What should I do? If I do nothing, more and more such pacemakers will ship, endangering more lives. If I disclose the bug, then hackers may use it to kill some people.
The problem is that dropping a pacemaker 0day is so horrific that most people would readily agree it should be outlawed. But, at the same time, without the threat of 0day, vendors will ignore the problem.
As the article explains the lack of vendor responsiveness is major problem in the computer security field. Vendors often have the attitude that if a vulnerability isn’t widely know then it’s not dangerous. Of course they never stop to consider the fact that the person reporting the vulnerability found it so in all likelihood other people will find or have found it as well. And that lack of forethought will lead them to ignore the problem, which will ensure more people receive the vulnerable devices.
In this debate I’m a firm believer in, what Graham refers to as, coder’s rights. It’s unfortunate but often the only way to get a company to address a major security vulnerability is to attack its bottom line. The fact is any vulnerability in a medical device that could lead to human death would absolutely destroy the manufacturer’s reputation. Impending lawsuits would also do some financial damage.
Additionally there is the fact that concealing the vulnerability will often lead to continued product sales. That means a continuously growing number of people at risk of being killed by an exploit. By going public with the exploit the amount of potential damage can be limited.
But regardless of the side you sit on this debate is an interesting one.
One of my favorite security tools must now be added to my blacklist. Yesterday all hell broke loose as the TrueCrypt website had a rather dramatic update. It now redirects visitors to a SourceForge site that warns users to not use TrueCrypt anymore and to instead rely on the encryption features built into most operating systems. Needless to say this has caused quite a stir.
There are a lot of theories surrounding what really happened. Many people are claiming that the TrueCrypt website was hacked. If that is the case then the hack was really good. In addition to redirecting users to the SourceForce site the hackers would have also obtained the private key used by the TrueCrypt team to sign their releases as a new version of TrueCrypt, which was signed by the team’s key, was made available on the website. The hackers would have also had to write the newly released version of TrueCrypt, which removed all of the encryption capabilities (it’s basically a TrueCrypt partition decrypter now). While all of this isn’t outside the realm of possibility it would require either a great deal of sophistication or an insider.
Others have theorized that this reaction was due to the TrueCrypt team receiving either a National Security Letter (NSL) or being otherwise coerced by the state. This, in my opinion, is more likely than a hack. Lavabit shutdown rather than comply with the state’s demand to provide a means to decrypt user e-mail. It’s possible the TrueCrypt team decided to abandon its product rather than compromise it.
I also have a theory that, like all of the other theories circulating, has no evidence to back it up. For a while the primary focus of TrueCrypt has been booting Windows from an encrypted partition. This feature is not really possible on systems that utilize Secure Boot. Perhaps in a fit of frustration the TrueCrypt team decided to give up on future development because their pet feature was no longer viable. Or they may have decided the work to support other operating systems was no longer worth the effort since Windows, Linux, and OS X all have the ability to boot from an encrypted drive.
Regardless of the reason it’s fairly safe to recommend that people stop using TrueCrypt. This could very well be a very good hack but we don’t know and since we don’t know we have to assume that what the site says is legitimate and that TrueCrypt may have some major security flaws in it.
Gather around boys and girls, it’s time for serious Internet business. With everybody clamoring over themselves to blame the shooting in California on their personal pet peeve somebody has to say those four words that aren’t said enough. Shut the fuck up. Seriously. Everybody who is blaming the gun culture, mental illness, white privilege, misogyny, masculinity, and any other pet peeve for the shooting needs to knock it off.
I have firsthand experience of the aftermath of these accusations. Back in my day it was the shooting at Columbine and the blame was placed on guns, violent video games, quiet kids, and social misfits. That was basically the checklist of my life in high school at the time. And because that was the checklist of my life I went through a week of hell as the administrators of my school demonstrated that such a heinous act wouldn’t happen under their watch. And they demonstrated this by performing a witch hunt. Because of the finger pointing being during the aftermath of Columbine I was the witch.
After every shooting there are witch hunts. Usually they’re performed by community members and school administrators who want to bask in the spotlight as they demonstrate that they will go to any lengths to prevent such an incident from happening in their community. And witch hunts needs witches. Based on all of the pop sociology and psychology going around this time the witches will be anybody who happens to be a white male suffering from a mental illness that has been rejected by the women he’s asked out. If he has made an off color joke that could be construed as misogynistic that will just be further evidence that he’s a witch. After the witches have been identified their lives will be made a living hell for at least a week. They will be interrogated by school administrators and police officers. They will be accused of a crime they weren’t even planning to commit. In short their life will needlessly be turned into nightmare for no reason whatsoever.
Everybody who is pointing fingers is making the life of some unknown person hell. If you really feel as though you have to blame all of the world’s ills on your pet peeve at least wait until the event falls off of the media’s radar because then the threat of the witch hunts will have passed. But this finger pointing accomplishes nothing constructive and is plenty destructive. So knock it the fuck off.
In addition to California’s “weak” gun laws, mental illness, misogyny, and white privilege the shooting in California is now also the fault of America’s gun culture! But that’s not all! As an added bonus the shooting was also the product of toxic masculinity! As I said everybody is running as fast as they can towards this shooting to exploit it for their personal gain. I’ve not seen a flock of vulture this ravenous since Sandy Hook.
I’m still waiting for the article that blames this incident on Republican created “anarchy”. If anybody reading this comes across such an article please send it my way posthaste.
Remember how I said everybody was exploiting the recent shooting in California to push their personal agenda? Case in point:
Welp. Another young white guy has decided that his disillusionment with his life should become somebody else’s problem. On Saturday, 22-year-old Elliot Rodger (who, as many commenters have pointed out, had a white father and mother of Asian descent) went on a killing spree on the campus of University of California, Santa Barbara, murdering his three roommates, shooting women outside a sorority house, and hitting people with his car as he attempted to get away from police.
How many times must troubled young white men engage in these terroristic acts that make public space unsafe for everyone before we admit that white male privilege kills?
Emphasis mine. So our killer, who exploited California’s “weak” gun laws, was a mentally ill misogynist who was set off by his white privilege. I wonder when some neoliberal author will blame this whole event on Republican created “anarchy”.
Or if you’re in France fuck measuring altogether:
The French train operator SNCF has discovered that 2,000 new trains it ordered at a cost of 15bn euros ($20.5bn; £12.1bn) are too wide for many regional platforms.
The BBC’s Christian Fraser in Paris says that it is an embarrassing blunder that has so far cost the rail operator over 50m euros ($68.4m; £40.6m).
How does something like this happen? The concept of measuring things isn’t something that our species has only recently stumbled across. We’ve been measuring things for millennia. In fact it’s often one of the first things we do when we’re building something. The fact that nobody thought to take a tape measure to these new trains to determine whether or not they would actually fit in the terminals is almost beyond my ability to comprehend.
At this rate we won’t need to cryogenically freeze somebody for them to experience this:
Minneapolis is home of two extremely annoying groups: dumbass hipsters and control freaks. The former want to be special snowflakes and by doing so because conformists in the hipster culture while the latter want you to seek their personal approval for everything little thing you do.
Control freaks are interesting folk. They will go to pretty absurd lengths in their vain attempt to make the world how they believe it should be. Last night I had an unpleasant encounter with a control freak while riding the mean bike trails of Minneapolis. This person believed that everybody should ride bikes and he saw the barrier between reality and utopia being bicycle helmets. I know this because he bitched at me for my sin of wearing a helmet. In his twisted little world the act of wearing a bicycle helmet creates the appearance that bicycling is dangerous. By not wearing a helmet he believes bicycling would appear safer to non-bicyclists, which would convince them to become bicyclists.
This is one of the many reasons why I hate control freaks. No amount of dumbassery (you control freaks whining about how dumbassery isn’t a real world cannot see the middle finger that I’m holding up in your direction but know that it’s there) is beyond them if their crusade against those who dare do differently than them. Are not enough people riding bicycles? No problem, just have everybody put their lives at risk by not wearing a helmet so the activity appears to be safer! Because that will totally work.
Here’s the thing, I don’t care if you wear a helmet or not. I don’t even care if you ride a bike or not. Do whatever makes you happy in whatever manner makes you happy. But if asking people to put themselves in danger makes you happy I’m going to call you a dumbass.
As an unrelated side note I feel it is worth pointing out that the dumbass didn’t seem to notice the gun I was openly carrying. Unlike the boys over at Open Carry Texas I can open carry a gun without being an attention whore about it.