Self-Defense Comes to Puerto Rico

The Second Amendment Foundation (SAF), whose site now requires enabling JavaScript to view textual content and therefore pisses me off to the point where I really considered not linking to them, notes that a court ruling in Puerto Rico has eliminated the island nation’s firearm registry and licensing requirements to purchase and carry a firearm:

As of now, according to Sandra Barreras with Ladies of the Second Amendment (LSA), the group that brought the lawsuit, “there is no regulation to purchase or carry (and) all purchases will be handled in accordance with federal firearms regulations.” LSA is affiliated with SAF through the International Association for the Protection of Civilian Arms Rights (IAPCAR).

The class-action lawsuit challenged various articles in Puerto Rico’s gun law, which the court declared unconstitutional. Because of the ruling, Barreras said, Puerto Ricans may now carry openly or concealed without a permit, and they do not need to obtain a permit before purchasing a firearm.

This was a class action lawsuit involving more than 850 individual plaintiffs, she reported to SAF offices. The news was greeted with delight, especially because in reaching its decision, the court cited the Heller and McDonald Supreme Court cases, and the recent ruling in Palmer v. District of Columbia. Both the McDonald and Palmer cases were won by SAF.

It’s nice to hear some positive self-defense news coming from outside of the United States proper. I also find the amount of resources the state will stick into keeping the people under its rule from having an effective means of self-defense telling. Instead of simply abolishing the registry and licensing requirement as soon as somebody stated an objection the government of Puerto Rico enforced the laws and even invested resources into making an argument for keeping them in its own courts (when you can’t convince yourself registries and licenses are necessary then they truly aren’t). That really shows just how much states prefer their victims to be unable to fight back against both itself and any of its ilk (that is to say non-state robbers, attackers, and murders).

History of Crypto War I

In its zeal to preserve the power to spy on its citizens members of the United States government have begun pushing to prohibit civilians from using strong cryptography. While proponents of this prohibition try to scare you with words such as terrorists, drug cartels, and pedophiles let’s take a moment to remember the last time this war was waged:

Encryption is a method by which two parties can communicate securely. Although it has been used for centuries by the military and intelligence communities to send sensitive messages, the debate over the public’s right to use encryption began after the discovery of “public key cryptography” in 1976. In a seminal paper on the subject, two researchers named Whitfield Diffie and Martin Hellman demonstrated how ordinary individuals and businesses could securely communicate data over modern communications networks, challenging the government’s longstanding domestic monopoly on the use of electronic ciphers and its ability to prevent encryption from spreading around the world. By the late 1970s, individuals within the U.S. government were already discussing how to solve the “problem” of the growing individual and commercial use of strong encryption. War was coming.

The act that truly launched the Crypto Wars was the White House’s introduction of the “Clipper Chip” in 1993. The Clipper Chip was a state-of-the-art microchip developed by government engineers which could be inserted into consumer hardware telephones, providing the public with strong cryptographic tools without sacrificing the ability of law enforcement and intelligence agencies to access unencrypted versions of those communications. The technology relied on a system of “key escrow,” in which a copy of each chip’s unique encryption key would be stored by the government. Although White House officials mobilized both political and technical allies in support of the proposal, it faced immediate backlash from technical experts, privacy advocates, and industry leaders, who were concerned about the security and economic impact of the technology in addition to obvious civil liberties concerns. As the battle wore on throughout 1993 and into 1994, leaders from across the political spectrum joined the fray, supported by a broad coalition that opposed the Clipper Chip. When computer scientist Matt Blaze discovered a flaw in the system in May 1994, it proved to be the final death blow: the Clipper Chip was dead.

The battlefield today reflects the battlefield of Crypto War I. Members of the government are again arguing that all civilian cryptography should be weakened by mandating the use of key escrow that allows the government to gain access to any device at any time. As with the last war, where the government proposed Clipper Chip was proven to be completely insecure, this war must be looked at through the eye of government security practices or, more specifically, lack of security practices. It was only last week that we learned some of the government’s networks are not secure, which lead to the leaking of every federal employee’s personal information. How long do you think it would take before a hack of a government network lead to the leaking of every escrow key? I’d imagine it would take less than a week. After that happened every device would be rendered entirely insecure by anybody who downloaded the leaked escrow keys.

What everybody should take away from this is that the government is willing to put each and every one of us at risk just so it can maintain the power to spy on use with impunity. But its failure to win Crypto War I proved that the world wouldn’t come to an end if the government couldn’t spy on us with impunity. Since Crypto War I the power of law enforcement agents to acquire evidence of wrongdoing (according to the state) didn’t suddenly stop, terrorist attacks didn’t suddenly become a nightly occurrence, and children being abducted by pedophiles didn’t suddenly become a fact of everyday life.

Crypto War II is likely inevitable but it can be won just as the last one was. The first step to victory is not allowing yourself to be suckered by government lies.

Uber Wants Defenseless Drivers and Passengers

I’ve watched ride sharing companies Uber and Lyft with a great deal of interest. The idea of having a system where vehicle owners can connect with people wanting ride to the benefit of both appeals to me. But I’ve always been put off by both services’ centralized nature. Centralized systems are too easy for the state to regulate or shutdown and lend themselves too well to the central authority placing every stricter rules on the users. Uber has decided to flex its centralized power by banning both drivers and passengers from carrying firearms while using its service:

Uber Technologies says it is banning firearms of any kind during rides arranged through the Uber platform, and drivers or riders who violate the rule may lose access to the platform. The rules also apply to Uber’s affiliates.

The company said Friday it changed its firearms policy on June 10 to make sure riders and drivers feel comfortable. In a statement, Uber said it made the change after reviewing feedback from both passengers and Uber drivers. Previously it had deferred to local law on the issue.

I could point out concealed means concealed and that Uber doesn’t have an legal authority so carrying while using its service isn’t criminal. But I firmly believe if a company doesn’t want to do business with me then I don’t want to do business with it. I’m also of the opinion that it should be up to the driver, the person who owns the vehicle after all, to decide what they do and do not want to allow in their vehicle. A decentralized ride sharing service would allows drivers to make such decisions.

This announcement is rather ironic though. Whereas most companies that announce gun prohibitions don’t have a history involving firearms Uber does. One of its drivers actually prevented a mass shooting:

A group of people had been walking in front of the driver around 11:50 p.m. Friday in the 2900 block of North Milwaukee Avenue when Everardo Custodio, 22, began firing into the crowd, Quinn said.

The driver pulled out a handgun and fired six shots at Custodio, hitting him several times, according to court records. Responding officers found Custodio lying on the ground, bleeding, Quinn said. No other injuries were reported.

With this new policy Uber is effectively saying it would have preferred if more people had died in that incident. I don’t want to do business with a company that doesn’t want to do business with me and I certainly don’t want to do business with a company that would rather people die than its drivers and passengers be armed.

Ladies and Gentlemen, This is Your Newspaper of Record

The New York Times is considered a newspaper of record. That is to say it’s editorial staff is considered professional and authoritative. Consider that point when you read this story:

Avian flu, which first appeared in the United States in December, has devastated the nation’s turkey and laying hen flocks, though it seems to be abating with the arrival of higher temperatures, as specialists had predicted. But barns still stand idle, as egg and turkey producers weigh the risks that the outbreak will pick up again in the fall.

The U.S.D.A. predicts that egg production this year will be down by roughly 341 million dozen, or about 4 percent from last year, Mr. Shagam said. “We do expect to see prices come down from this high but still be at record highs for the year,” he said.

What does that mean? An average wholesale price of $1.60 to $1.66 for a dozen New York large eggs, which would break the record high of $1.42 a dozen set in 2014.

No run on the grocery store has been apparent, at least not by consumers.

To summarize the article, avian flu has knocked back egg production so prices have increased and since prices have increased consumer demand has gone down. What really gets me about this article isn’t the fact that it’s pointing out the bloody obvious or that it took so many words to do so. No, what really gets me is that the author treats this like some kind of goddamn revelation. Who would have ever though that increasing prices decreases demand? This will change everything!

Considering the New York Times gives Paul Krugman space to write his seemingly unending flow of economic bullshit I’m not surprised its other staff members are equally ignorant of economics. I also understand that we’ve been told by the state that the only way to deal with shortages are price controls coupled with rationing. Allowing markets to shake themselves out has been labeled a pipe dream that evil anarchists say to scare the statists into disobeying their masters. But when staff members at your newspaper of record believe this very basic economic principle is even newsworthy then you really have to shake your head at the sorry state of economic knowledge in this country.

The Sorry State of E-Mail

As I briefly mentioned last week I’ve been spending time setting up a new e-mail server. For years I’ve been using OS X Server to run my e-mail server because it was easy to setup. But there are a lot of things I dislike about OS X Server. The biggest problem was with the change from 10.6 to 10.7. With that update OS X Server went from being a fairly serious piece of server software that a small business could use to being almost completely broken. Apple slowly improved things in later released of OS X but its server software remains amateur hour. Another thing that I dislike about OS X Server is how unstable it becomes the moment you open a config file and make some manual changes. The graphical tool really doesn’t like that but it also don’t give you the options necessary to fine tune your security settings.

My e-mail server has grown up and now runs on CentOS. I’ve tried to tighten up security as much as possible but I’ve quickly learned how sorry of a state e-mail is in. One of my goals was to disable broken Transport Layer Security (TLS) settings. However this presents a sizable problem because there are a lot of improperly configured e-mail servers out there. Unlike web servers where you can usually safely assume clients will be able to establish a connection with a sever using properly configured TLS no such assumptions can be made with e-mail servers. Some e-mail servers don’t support any version of TLS or Secure Socket Layer (SSL) and those that do often have invalid (expired, self-signed, etc.) certificates. In other words you can’t disable unsecured connections without being unable to communicate with a large number of e-mail servers out there. Let me just say that as much as I hate how everybody uses Google because it makes the government’s surveillance apparatus cheaper to implement I appreciate that the company actually has properly configured e-mail servers.

Another problem with securing e-mail servers is that they rely on the STARTTLS protocol. I say this is a problem because the first part of establishing a secure connection via STARTTLS is asking the server if it supports it through an unsecured connection. This has allowed certain unscrupulous Internet service providers (ISPs) to intercept and edit out the mention of STARTTLS support from a server’s reply, which causes the client to revert to an unsecured connection for the entire communication. This wouldn’t be a problem if we could safely assume all e-mail servers support TLS because then you could configure servers to only use TLS.

What’s the answer? Ultimately I would say it is to move away from e-mail as we currently know it. But that’s easier said than done so I will continue to strong urge people to utilize Pretty Good Privacy (PGP) to encrypt and sign their e-mails. Even if a PGP encrypted e-mail is transmitted over an unsecured connection the amount of data a snoop can collect on you is far less (but since PGP can only really encrypt the contents of the e-mail a great deal of metadata is still available to anybody observing the communication between e-mail servers).

I also urge people to learn how to setup their own e-mail servers and to do it. Ars Technica and Sealed Abstract have good guides on how to setup a pretty secure e-mail server. However there is the problem that many ISPs block the ports used by e-mail server on their residential packages. So implementing an e-mail server out of your home could require getting a business account (as well as a static Internet protocol (IP) address). A slightly less optimal (because your e-mail won’t be stored on a system you physically control) option of setting up your e-mail server on a third-party host is a way to bypass this problem. Unless people stop relying on improperly configured e-mail servers there isn’t a lot of hope for salvaging e-mail as a form of secure communication (this should give people involved in professions that require confidentiality, such as lawyers, a great deal of concern).

Many people will probably become discouraged after reading this post and tell themselves that securing themselves is impossible. That’s not what you should take away from this post. What you should take away from this post is that the problem requires us to roll up our sleeves, further our knowledge, and fix it ourselves. Securing e-mail isn’t hopeless, it just requires us to actually do something about it. For my part I am willing to answer questions you have regarding setting up an e-mail server. Admittedly I won’t know the answer to every question but I will do my best to provide you with the knowledge you need to secure yourself.

Is Your App a Benedict Arnold

Most smartphone users rely on apps to access much of their online data. This can be problematic though since many app developers have little or no knowledge about security. A research project has unveiled a number of Android apps, many of which are developed by companies with deep enough pockets to hire dedicated security personnel, that communicate user credentials over plaintext:

Researchers have unearthed dozens of Android apps in the official Google Play store that expose user passwords because the apps fail to properly implement HTTPS encryption during logins or don’t use it at all.

The roster of faulty apps have more than 200 million collective downloads from Google Play and have remained vulnerable even after developers were alerted to the defects. The apps include the official titles from the National Basketball Association, the dating service, the Safeway supermarket chain, and the PizzaHut restaurant chain. They were uncovered by AppBugs, a developer of a free Android app that spots dangerous apps installed on users’ handsets.

By communicating your credentials over plaintext these apps are betraying your account security to anybody listening on the network. What makes this particular problem especially worrisome is that it’s difficult for the average user to detect. How many users are going to connect their phone to their wireless network, open up Wireshark, and ensure all of their apps are communicating over HTTPS?

Developers should be expected to understand HTTPS if they’re communicating user credentials back to a server. But the real source of this problem is the fact plaintext is still allowed at all. We’re well beyond the point where HTTP should be deprecated, in fact Mozilla is planning to do exactly that, in favor of HTTPS only. If HTTP is no longer allowed then we don’t have to worry about apps communicating data over it (we still have to worry about improperly configured HTTPS but that’s something we have to worry about currently).

Monday Metal: Calling the Gods by Civilization One

This week we’re going with a power metal band from the heavier side of the spectrum. Civilization One is a fairly new band, founded in 2006, that manages to add in a heavier sound that is common from newer power metal bands. Also harkening back to power metal bands of old it seems that Civilization One has adopted the strategy of waiting forever between album releases (their debut album was released in 2007 and their second album was released in 2012). The band has a pretty good sound to it:

OpenBazaar Will Kill Us All

Mainstream economists are obsessed with control. Unlike the Austrian tradition, which correctly states that there is no way to control economies, mainstream economists believe that an ideal economy, whatever that is, can be had if a strong enough centralized power forces people to obey the correct plan. This obsession leads them to see doom and gloom in the strangest of places. Consider OpenBazaar. OpenBazaar is a decentralized commerce platform that allows anybody to buy and sell goods online without going through a middleman such as Amazon or eBay. Sounds empowering, doesn’t it? Not according to mainstream economists. To them the idea of OpenBazaar undermines the control they worship and is therefore a threat to humanity:

While Hoffman could be right that OpenBazaar will revolutionize online commerce, its business model could also potentially threaten America’s tech industry. The wild and uncontrollable nature of OpenBazaar’s technology, especially if it winds up being used to facilitate terrorism, could push authorities to launch a broad crackdown on other technologies as well that law enforcement considers an impediment to its work.

And if the potential harm from a marketplace seems limited to you, consider what could happen from the combination of this type of technology with Artificial Intelligence. As AI evolves, even tech visionaries like Microsoft founder Bill Gates and Tesla chief Elon Musk have expressed concern over the ability of humans to control the outcome, especially if machines are eventually able to ‘think’ autonomously. Now apply OpenBazaar’s decentralized and police-resistant model to this and you have a recipe for disaster: machines with free will and the ability to communicate with each other under the human radar. Maybe an Isaac Asimov-inspired fantasy at one time, this is hardly an impossible scenario anymore given the rapid pace of technological development.

You have to admire how he states OpenBazaar could hurt the technology industry and immediately turn around and explain how it could greatly enhance the technology industry by helping artificial intelligence (AI) advance (although, again due to an obsession with power, he sees the advancement of AI as extremely dangerous).

This article shows just how insane of an obsession with power mainstream economists possess. Anything that could be potentially disruptive, which all technology can be, is seen as a threat. Computers were originally feared by many mainstream economists because they stood to replace a lot of human labor. In fact this attitude is still alive. Light bulbs probably had numerous mainstream economists shitting their pants because they would replace the candle.

Here we have a platform that enabled individuals to buy and sell goods without having to go through a middleman or front the expense of running their own commerce front end. It could allow some little old lady in the backwoods of Alabama to sell the excellent arts and crafts she’s known locally for. A manufacturer or parts for old automobiles who only sold locally could setup an online presence and sell to anybody in the world. There is so much potential for this kind of platform but mainstream economists don’t see it because the potential derives from an ability to bypass controls.

Let us also not forget the cost of control. Silk Road was revolutionary not because it allowed people to buy and sell illicit drugs but because it protected people participating in voluntary trade from violent law enforcers. It made the illicit drug trade much safer for everybody involved because the biggest threat to somebody buying or selling illicit drugs is a group of heavily armed trigger happy cops kicking down their door at oh dark thirty in the hopes of finding a little baggy of pot and a dog to shoot (not necessarily in that order). The control mainstream economists worship requires violence and tools that protect people from that violence stand to make the world a safer place. That’s why I don’t believe tools like OpenBazaar are a danger to society. If anything they stand to save a lot of peaceful people from the truncheon of the state.

Darwin in Action

How do you check to see if one of your firearms is loaded? If you answered, Put it against my head and pull the trigger,” you may want to reconsider your life:

MIMS, Fla. — Police say a man who was checking to see if a bullet was still in the chamber of a pistol has died after he put the gun to his head and pulled the trigger, accidentally shooting himself.

Authorities say 49-year-old Charles Cooper shot himself at 1:50 a.m. Sunday during a weekend fishing trip and a cookout in Mims.

I have a hard time considering that accidental. Accidents usually imply the actor wasn’t purposely taking action to cause the result. Our brilliant specimen here pretty deliberately put the gun to his head. It probably won’t surprise anybody to hear that alcohol was likely involved. Once again it’s worth noting that alcohol and firearms, or any other weapon for that matter, don’t mix well.

With that said I believe he should be awarded nn achievement in excellence for saving future generations from his prodigy.

Like Vultures to a Corpse

One of the hardest things to stomach after a shooting, besides the event itself, is the way politicians swoop in to exploit the situation for political gain. Before anybody has even had a chance to breathe we are subjected to politicians getting on screen and blaming the event on whatever hot button issue they’ve been pushing. Obama, for example, decided to take a moment to remind the country that he’s been pushing for stronger gun restrictions:

President Barack Obama on Thursday expressed profound “sadness and anger” at the Charleston church shooting as well as deeply personal frustration that America’s political climate makes it virtually impossible for now to tighten restrictions on who can buy firearms.

“We don’t have all the facts, but we do know that once again, innocent people were killed in part because someone who wanted to inflict harm had no trouble getting their hands on a gun,” Obama said in the White House briefing room, Vice President Joe Biden standing at his side.

Thanks a lot, jackass.

But Obama wasn’t the only politicians exploiting this tragedy. Everybody’s favorite religious zealot, Rick Santorum, was compelled, probably by the voice of “Jesus” that he constantly hears in his head, to talk about religious liberty:

Presidential candidate and former Sen. Rick Santorum (R-PA) on Thursday called the attack by a white gunman on a historic black church in Charleston, S.C. part of a broader assault on “religious liberty” in America.

“It’s obviously a crime of hate. Again, we don’t know the rationale, but what other rationale could there be?” Santorum said on the New York radio station AM 970.

This is why nobody likes you, Rick.

I swear America has found a way to politicize everything goddamn topic and event in existence. If a skyscraper full of people collapsed tomorrow every politician would be be on camera within the hour arguing why it was caused by their pet political issue. They’re all a bunch of vultures. Actually, scratch that. Vultures serve a valuable role in the environment. Politicians don’t even do that.