May 2016 – Page 2 – A Geek With Guns

Airport Security Isn’t The Only Security The TSA Sucks At

The Transportation Security Administration (TSA) sucks at providing airport security. But the agency isn’t a one trick pony. Demonstrating its commitment to excellence — at sucking — the TSA is working hard to make its computer security just as good as its airport security:

The report centers on the the way TSA (mis)handles security around the data management system which connects airport screening equipment to centralized servers. It’s called the Security Technology Integrated Program (STIP), and TSA has been screwing it up security-wise since at least 2012.

In essence, TSA employees haven’t been implementing STIP properly — that is, when they’ve been implementing it at all.

STIP manages data from devices we see while going through security lines at airports, namely explosive detection systems, x-ray and imaging machines, and credential authentication.

[…]

In addition to unpatched software and a lack of physical security that allowed non-TSA airport employees access to IT systems, the auditors found overheated server rooms and computers using unsupported systems — and much more.

The observed “lack of an established disaster recovery capability” noted by the OIG is particularly scary. If a data center was taken out by natural disaster, passenger screening and baggage info would be rendered inaccessible.

Not only that, but there was no security incident report process in place, and there was “little employee oversight in maintaining IT systems.” And, auditors were not pleased at all that non-TSA IT contractors maintained full admin control over STIP servers at airports.

At what point do we write the TSA off as a failed experiment? I know, it’s a government agency, it’ll never go away. But the fact that the TSA continues to fail at everything and is allowed to continue existing really demonstrates why the market is superior to the State. Were the TSA forced to compete in a market environment it would have been bankrupted and its assets would have been sold to entrepreneurs who might be able to put them to use.

It’s time to ask the million dollar question. What will happen now? One of the reason government agencies fail to improve their practices is because there’s no motivation to do so. A government agency can’t go bankrupt and very rarely do failures lead to disciplinary action. In the very few cases where disciplinary action does happen it’s usually something trivial such as asking the current head of the agency to retire will full benefits.

Meanwhile air travelers will still be required to submit to the TSA, which not only means going through security theater but now potentially means having their personal information, such as images from the slave scanners, leaked to unauthorized parties.

Mossberg To Courts: Muh Intellectual Property

Drop-in triggers are nothing new. There are approximately one bajillion drop-in triggers available for AR pattern rifles and some rifles, like the Tavor, are designed around drop-in trigger packs. The fact that everybody and their grandmother manufacturers drop-in triggers hasn’t stopped Mossberg from suing basically everybody because it believes a patent it purchased some time ago grants it a monopoly on the bloody obvious:

In another instance of the firearms industry feeding on it’s own, it appears that Mossberg is exercising it’s control on the original Chip McCormick patent (US 7,293,385 B2), that it acquired a while ago, and bringing lawsuits against a number of manufacturers of drop in triggers.

Mossberg currently licenses the design to the new CMC company, who has apparently decided to get Mossberg to go after their competition, i.e. anyone making drop in triggers.

This is an example of patent trolling. Mossberg didn’t invent drop-in triggers, it purchased a patent covering their design. It also conveniently waited to file a lawsuit until after numerous manufacturers were making drop-in triggers, which coincidentally allows Mossberg to reap more wealth than it could have if it filed a lawsuit the moment somebody violated the patent. Then there is the fact that the patent is absurd. The idea of packaging up the components of a trigger so it can be easily inserted into a firearm isn’t novel or innovative. It’s bloody obvious.

I can only hope that a court renders this patent invalid and Mossberg is forced to pay the attorney fees for all of the companies it’s trying to exploit.

Monday Metal: Promised Land By Samael

Being Able To Lookup Your Neighbor’s Income Online Is A Terrible Idea

Statists come up with the dumbest ideas. One of latest stupid statist ideas is the idea that Norway’s practice of posting everybody’s tax returns online is a good idea:

But maybe the demand that Trump post his returns doesn’t go far enough. Maybe everyone’s tax returns should be a matter of public record. It sounds nuts, but in Norway, Sweden, and Finland, it’s the law, and it works. Norway’s been putting out records since 1814; in Sweden, they’ve been public since 1903.

Public tax returns help reduce gender and racial pay disparities, make labor markets more efficient, encourage workers to bargain for higher pay, prevent tax evasion, and create a rich font of data for economists and other researchers. The US ought to give the idea a try.

Why should anybody have any right to privacy at all? We might as well just put our medical records, voting records, and any other type of records online for everybody to see! And fuck those people who want to have control over their personal information. They’re obviously hiding something.

If you read the article you will discover that the author is a jealous individual trying to disguise that jealousy as pragmatism. He starts off by arguing that making tax return information publicly available would improve the job market. This claim is backed up by a great deal of statist nonsense such as imply that markets require perfect information (they don’t) and claiming that it’s impossible for employees to find out what their fellows at other companies are making if tax return records or private (apparently it never occurred to the author that you can just ask). But he eventually get’s to his real point:

Another thing about pay transparency: It makes it harder to evade your taxes. Adding scrutiny from not only the tax collection agency but your neighbors and competitors makes it tougher to fudge your reported income.

Making tax returns publicly available makes it easier for the State to steal wealth to fund its law enforcers, war machine, economic protectionism, and other atrocities. This is ultimately what every statist’s opposition to privacy boils down to. As believers in the One True State, they want to make it as difficult as possible for anybody who opposes their political god. Are private tax returns making it harder for their political god to steal? Make the records public! Is end-to-end cryptography making it harder for their political god to keep the citizenry in line? Restrict effective cryptography! Are anonymizing services allowing people to peacefully cell illicit goods? Ban anonymizing services!

This is why privacy is so important. The State and its worshippers want to know as much about you as possible. That way they can better know what you have so they can steal it and identify dissidents so they can crush them. Know that when somebody advocates that privacy must be curtailed they’re necessarily arguing that the State must be further empowered. Also know that the empowerment of the State always comes at the expense of individual freedom.

Fly, You Fools

In addition to creating fake terrorist attacks so it can claim glory by thwarting them, the Federal Bureau of Investigations (FBI) also spends its time chasing brilliant minds out of the country:

FBI agents are currently trying to subpoena one of Tor’s core software developers to testify in a criminal hacking investigation, CNNMoney has learned.

But the developer, who goes by the name Isis Agora Lovecruft, fears that federal agents will coerce her to undermine the Tor system — and expose Tor users around the world to potential spying.

That’s why, when FBI agents approached her and her family over Thanksgiving break last year, she immediately packed her suitcase and left the United States for Germany.

Because of the State’s lust for power, the United Police States of America are becoming more hostile towards individuals knowledgable in cryptography. The FBI went after Apple earlier this year because the company implemented strong cryptography so it’s not too surprising to see that the agency has been harassing a developer who works on an application that utilizes strong cryptography. Fortunately, she was smart enough to flee before the FBI got a hold of her so none of its goons were able to slap her with a secret order or any such nonsense.

What’s especially interesting about Isis’ case is that the FBI wouldn’t tell her or her lawyer the reason it wanted to talk to her. It even went so far as to tell her lawyer that if agents found her on the street they would interrogate her without his presence. That’s some shady shit. Isis apparently wasn’t entirely dense though and decided it was time to go while the going was good. As this country continues to expand its police state don’t be afraid to follow her example.

Linksys Won’t Lock Out Third-Party Firmware

The Federal Communications Commission (FCC), an agency that believes it has a monopoly on the naturally occurring electromagnetic spectrum, decreed that all Wi-Fi router manufacturers are now responsible for enforcing the agency’s restrictions on spectrum use. Any manufacturer that fails to be the enforcement arm of the FCC will face consequences (being a government agency must be nice, you can just force other people to do your work for you).

Most manufacturers have responded to this decree by taking measures that prevent users from loading third-party firmware of any sort. Such a response is unnecessary and goes beyond the demands of the FCC. Linksys, fortunately, is setting the bar higher and will not lock out third-party firmware entirely:

Next month, the FCC will start requiring manufacturers to prevent users from modifying the RF (radio frequency) parameters on Wi-Fi routers. Those rules were written to stop RF-modded devices from interfering with FAA Doppler weather radar systems. Despite the restrictions, the FCC stressed it was not advocating for device-makers to prevent all modifications or block the installation of third-party firmware.

[…]

Still, it’s a lot easier to lock down a device’s firmware than it is to prevent modifications to the radio module alone. Open source tech experts predicted that router manufacturers would take the easy way out by slamming the door shut on third-party firmware. And that’s exactly what happened. In March, TP-Link confirmed they were locking down the firmware in all Wi-Fi routers.

[…]

Instead of locking down everything, Linksys went the extra mile to ensure owners still had the option to install the firmware of their choice: “Newly sold Linksys WRT routers will store RF parameter data in a separate memory location in order to secure it from the firmware, the company says. That will allow users to keep loading open source firmware the same way they do now,” reports Ars Technica’s Josh Brodkin.

This is excellent news. Not only will it allow users to continue using their preferred firmware, it also sets a precedence for the industry. TP-Link, like many manufacturers, took the easy road. If every other manufacturer followed suit we’d be in a wash of shitty firmware (at least until bypasses for the firmware blocks were discovered). By saying it would still allow third-party firmware to be loaded on its devices, Linksys has maintained its value for many customers and may have convinced former users of other devices to buy its devices instead. Other manufacturers may find themselves having to follow Linksys’s path to prevent paying customers from going over to Linksys. By being a voice of reason, Linksys may end up saving Wi-Fi consumers from only having terrible firmware options.

Why Does The TSA Suck? It’s Your Fault You Stupid Slave!

The Transportation Security Administration (TSA) has been receiving a lot of well deserved flak in recent months. Security theater lines have been growing and now the TSA recommends air travelers show up two hours early to ensure they get through. It reminds me of the Department of Motor Vehicles (DMV). When wait times increase the agency doesn’t hire more staff or make its processes more efficient, it demands people take more time out of their day. This shouldn’t surprise anybody though. Nobody has the option of using a competitor to the TSA, DMV, or any other government agency so the agencies have no motivation to improve their service.

But the public is pissed, which means boring congressional hearings could be in the TSA’s future. Probably hoping to avoid going to yet another meeting where they have to pretend to pay attention while congress members pretend to provide oversight, the heads of the TSA are trying to find some reason for its failure that will satiate the public. I doubt the reason it’s giving will work though since it’s resorted to blaming everybody besides itself:

The comments reflect a statement released earlier this week after long lines were reported at Newark, JFK and LaGuardia airport security checkpoints. When asked about those long lines, the TSA essentially blamed you in a press release, specifically passengers who bring too many carry-on items:

There are several factors that have caused checkpoint lines to take longer to screen passengers… including more people traveling with carry-on bags, in many cases bringing more than the airline industry standard of one carry-on bag and one personal item per traveler;

Passenger preparedness can have a significant impact on wait times at security checkpoints nationwide…Individuals who come to the TSA checkpoint unprepared for a trip can have a negative impact on the time it takes to complete the screening process.”

Not surprisingly, it’s also blaming air passengers for not paying the agency its desired extortion fee:

In the past three years, the TSA and Congress cut the number of front-line screeners by 4,622 — or about 10 percent — on expectations that an expedited screening program called PreCheck would speed up the lines. However, not enough people enrolled for TSA to realize the anticipated efficiencies.

Perhaps the TSA should look inward. One of the biggest contributing factors to the length of security theater lines is likely the agency’s inconsistency. If you know what you have to do when you reach the checkpoint you can prepare ahead of time. For example, you might untie or entirely remove your shoes and take off your belt. You might also remove your liquids and laptop from your bags. When you arrive at the actual checkpoint you can efficiently put everything through the x-ray machine, opt out of the slave scanner, and be through as quickly as possible. But you can’t prepare yourself ahead of the checkpoint because you have no idea what you’ll be expected to do until some idiot with a badge is barking order at you.

If PreCheck is supposed to help reduce wait times and the TSA is actually committed to reducing wait times the agency should make the program free. That would encourage more people to sign up for it. You can tell that the program is more about extorting the public than making wait times shorter but the simple fact that PreCheck isn’t free (and since the TSA is a government agency it doesn’t have to concern itself with making a profit so making the program free isn’t a big deal).

Businesses know that the customer is usually right. A private security provider knows that absurdly long wait times in line will reflect negatively on the venue that hired them, which may hinder their chances of getting another contract in the future. Because of that they are more motivated to make the screening process as efficient as possible. They don’t tell an angry venue owner that the wait times are due to the incompetence of the customers because that excuse isn’t going to fly. But the government doesn’t have customers, it citizens (which is a fancy term for people being preyed on by the State). That being the case, it has no problem blaming its own failures on its citizens.

The War On Drugs Breeds More Dangerous Drugs

Imodium may be the new over-the-counter scary drug but it appears that W-18 is the new illicit scary drug (which is in desperate name of a marketing department to give it a better name):

For the second time in a year, police in Alberta have uncovered a drug called W-18, a synthetic opioid that’s 100 times more powerful than fentanyl — and 10,000 more powerful than morphine.

Police in Edmonton announced Wednesday they seized four kilograms of the substance in powder form during a raid carried out in December during a fentanyl investigation. The powder was then sent to Health Canada, which confirmed on Tuesday that it was W-18.

Staff Sergeant Dave Knibbs told a press conference that this amount of powder could have produced hundreds of millions of W-18 pills.

A stronger substance that people can voluntarily put into their bodies? The horror!

In all seriousness though, W-18 is likely a more dangerous drug than fentanyl but it is also a byproduct of the war on drugs. The iron law of prohibition states that the potency of a prohibited substance increases along with the enforcement of the prohibition:

Super potent pot is not a market failure. It is simply the result of government prohibition. In fact, it is one of the best examples of the iron law of prohibition. When government enacts and enforces a prohibition it eliminates the free market which is then replaced by a black market. This typically changes everything about “the market.” It changes how the product is produced, how it is distributed and sold to consumers. It changes how the product is packaged and in particular, the product itself. The iron law of prohibition looks specifically at how prohibition makes drugs like alcohol and marijuana more potent. The key to the phenomenon is that law enforcement makes it more risky to make, sell, or consume the product. This encourages suppliers to concentrate the product to make it smaller and thus more potent. In this manner you get “more bang for the buck.”

During alcohol prohibition (1920-1933), alcohol consumption went from a beer, wine, and whiskey market to one of rotgut whiskey with little wine or beer available. The rotgut whiskey could be more than twice as potent of the normal whiskey that was produced both before and after prohibition. The product is then diluted at the point of consumption. During the 1920s all sorts of cocktails were invented to dilute the whiskey and to cover up for bad smells and tastes.

Therefore, the current high potency of marijuana is not a market phenomenon, nor is it a market failure. It is primarily driven by government’s prohibition and the odd incentives that this produces on the sellers’ side of the market. Under these conditions consumers may prefer higher potency marijuana, ceteris paribus, but it is not primarily a consumer driven phenomenon.

W-18 is the byproduct of stronger enforcement of opioid prohibitions. Since law enforcers are concentrating their efforts on opioids such as heroine and fentanyl the producers are responding by making a more concealable version (as the product is more potent less is needed for the desired effect) that is easier to transport under the watchful eye of the badged men with guns.

This is just another example of how the war on drugs has actually made the drug market more dangerous. In addition to adding the risk of men with guns kicking down the doors of drug users at oh dark thirty and shooting their family pets, the war on drugs has also made the substances themselves more dangerous by creating an environment that motivates producers to increase the potency. So long as the war on opioids continues we will see more potent forms. In a few years W-18 will likely become a footnote in history; just another less potent version of a new opioid. This trend will continue until the war on drugs is ended and producers are no longer encouraged to make ever increasingly potent substances.

I Guess Oracle Will Sue MariaDB Next

Oracle is still butthurt over the fact that it snapped up Java when it purchased Sun Microsystems and still hasn’t figured out how to make it profitable. Google on the other hand, managed to take the Java application programming interface (API) and use it for Android, which is turning the company a tidy profit. After getting its ass handed to it in court only to have a dimwitted judge reverse the decision, Oracle is pushing forward with its desperate attempt to get its hands on some of the wealth Google created. Oracle is now claiming that Google owes damages. Why? Apparently because it’s offering Android for free:

Catz also testified that Oracle’s Java licensing business was hurt by Android. Customers that used to buy licenses for Java, including Samsung, ZTE, Motorola, and others, don’t buy licenses from Oracle anymore. “They don’t take a license from us anymore, because they use Android, which is free,” she said.

Licensing contracts that used to be $40 million deals are now $1 million deals, Catz said. She gave the example of Amazon, which was formerly a customer but chose to go with Android for the Kindle Fire. When Amazon came out with its popular mid-range Kindle, the Paperwhite, the e-reader company chose to license Java only after Oracle offered a massive discount.

“In order to compete, we ended up giving a 97.5 percent discount for the Paperwhite,” she said, “because our competition was free.”

As for the mobile licensing business, since the launch of Android, it has performed “very, very poorly,” Catz said.

What’s next? Will Oracle sue the people behind MariaDB? For those who don’t know, MariaDB is a fork of MySQL, which is another product that Oracle acquired when it purchased Sun Microsystems. MariaDB, like the Android API, is a free product based on software Oracle acquired through its purchase of Sun Microsofts that could be taking market share from its expensive software!

Should manufacturers and developers of a product that’s sold directly for money be able to sue competitors who offer a free alternative? If you ask some antitrust supporters the answer is yes. But if you ask anybody with a brain the answer is no.

Consider Oracle’s situation. Android basically ate its lunch because nobody is buying its mobile Java software. Does that indicate that Google is somehow at fault because it made Android free? No. Such an assumption would imply that free products always win in the market when that isn’t the case. Sometimes a free product is so shitty that an expensive alternative still wins out. Consider Microsoft Windows. It’s still the most popular desktop operating system out there even though Linux, FreeBSD, OpenBSD, and a number of other free alternatives exist. Why? Because Windows offers features that consumers want and alternative don’t offer. Software compatibility, driver support, etc. are desirable features to many people. So desirable in fact that they’re willing to pay for them even though a free alternative exists. Without those features consumers see the free alternatives as so shitty that the savings associated with using them aren’t worth it. In spite of what the famous saying says, you actually can compete with free.

Android isn’t winning over mobile Java simply because it’s free. It’s winning because it offers features that consumers want. There is a massive software library available for Android that isn’t available for mobile Java. Google includes many desirable applications including clients for its popular Maps and Gmail services. Hardware developers want consumers to buy their phones so they tend to favor software that consumers want, which is part of the reason so many Android mobile devices exist while so few Windows ones do.

Google isn’t responsible for Oracle’s dwindling mobile Java profits, Oracle is for not making it a compelling product.

The Ignorant Stupidity That Is America

They say ignorance makes people fearful. If that’s the case the United States must be one of the most ignorant countries on Earth. People here in the United States like to talk a big game but it seems like most of them are scared of their own shadows. This is made most obvious when people fight against any attempt to defang the State. If you mention cutting military or law enforcement budgets you’ll suddenly find yourself surrounded by people saying, “But then the child molesting hacker terrorists will get us!”

This fear has becoming especially ridiculous amongst airline passengers. 15 years after 9/11 and airline passengers are still seeing terrorists in every seat. Does the person next to you speak a language that sounds Middle Easter? They’re a terrorist! Is the person next to you writing Arabic numerals? They’re also a terrorist:

Menzio said he was flying from Philadelphia to Syracuse on Thursday night and was solving a differential equation related to a speech he was set to give at Queen’s University in Ontario, Canada. He said the woman sitting next to him passed a note to a flight attendant and the plane headed back to the gate. Menzio, who is Italian and has curly, dark hair, said the pilot then asked for a word and he was questioned by an official.

“I thought they were trying to get clues about her illness,” he told The Associated Press in an email. “Instead, they tell me that the woman was concerned that I was a terrorist because I was writing strage things on a pad of paper.”

I guess the should have used Roman numerals. In all seriousness though, the fact that the woman sitting next to him saw a terrorist when she couldn’t make sense of what he was writing shows just how fearful this society has become. It’s even more absurd that the flight attendant who she passed the note to didn’t ignore the concern outright. Without any evidence the flight attendant called the badged men with guns to the plane to harass a passenger. Further adding to the absurdity was the security guards not dismissing the call for lack of evidence. But they were likely afraid of losing their jobs if the reporting passenger or flight attendant told the press that they reported a suspected terrorist and the security team failed to respond. And the media would certainly take the angle of lazy security guards putting passengers at risk of a terrorist attack over the angle of the security team acting in a reasonable manner when no evidence of wrongdoing is presented.