Month: June 2018

Living in an Idiocracy

Sometimes I consider renaming my blog to Living in an Idiocracy. I continue to be amazed, or really dismayed, at the lack of basic intelligence held by my fellow Americans. The problem is that the idiocy doens’t stop at inconsequential matters, it involves matters of significant consequence as well:

The most important safety feature on your car isn’t its airbag or even the seat belts—it’s the tires. This should be obvious; those four round black things are the only part of the vehicle to actually touch the road, after all. Sadly, most American drivers fail to take care of their tires, with 35 percent of drivers not able to tell if their tires are bald. When you consider that the National Highway Traffic Safety Administration found that vehicles with worn out tires were three times more likely to end up in a crash, you can see the problem.

Checking to see if your tires have a safe amount of tread on them isn’t difficult. Tires include a convenient built-in mechanism to determining your tires’ tread depth. Tread depth gauges can also be acquired for a song and if even that is too expensive for you, you can use something like a coin to determine if your tires need to be replaced.

The fact that motorists can get a license without learning that their tires need to be replaced periodically is astounding to me. How can somebody get through 16 years of their life without having known somebody who got the tires on their vehicle replaced and at least developed the curiosity to ask why they replaced their tires? The level of ignorance seems to require a willful commitment.

Honestly, if advocates of mass transit want a catchphrase for their campaigns they could do worse than, “Mass transit. Because you’re too stupid to be trusted with your own vehicle.”

Prison Nations Are Expensive

The concept of justice in this country doesn’t involve trying to make victims as whole as possible, it involves locking offenders in secure storage faculties for arbitrarily defined spans of time. Seeing justice in this way has numerous downsides. One of those downsides is that the justice system becomes expensive. Couple the expense of a storage-based justice system with a list of laws so long that no single individual can ever hope to memorize it entirely and you end up with a financial crisis:

Gov. Jerry Brown’s spending plan for the fiscal year that starts July 1 includes a record $11.4 billion for the corrections department while also predicting that there will be 11,500 fewer inmates in four years because voters in November approved earlier releases for many inmates.

[…]

The price for each inmate has doubled since 2005, even as court orders related to overcrowding have reduced the population by about one-quarter. Salaries and benefits for prison guards and medical providers drove much of the increase.

The result is a per-inmate cost that is the nation’s highest — and $2,000 above tuition, fees, room and board, and other expenses to attend Harvard.

If California wants to spend billions of dollars for nothing of value, I can think of some alternatives that would at least have some kind of positive quality.

The only positive thing that I can say about a storage-based justice system is that it eventually bankrupts any government that implements it. Unfortunately, the bankruptcy doesn’t happen until a lot of misery has been created both in the victims because no real attempt has been made to make them whole again and the prisoners who spend years sitting in a cage doing nothing of value to anybody.

Civitates Foederatae Americae Delendae Sunt

Since I’m on the topic of perspective, let’s take a moment to consider the current crisis, immigrant children being held in concentration camps:

Reporters and Democratic lawmakers have been allowed inside a detention centre that lies at the heart of a growing storm over a new US policy separating migrant children from their parents.

Authorities did not allow photos or videos to be taken inside the centre, but US Customs and Border Protection later released several images. Former First Lady Laura Bush has compared it to the internment camps used for Japanese-Americans during World War Two. A Democratic congressman who visited the site said it was “nothing short of a prison”.

If you listen to many partisans, you may be lead to believe that Trump is personally kidnapping these children to put them in concentration camps. The first red flag in this article should be that photos were not allowed. Why should that be a read flag? Because it raises an awkward question, from where have all of the pictures of these concentration camps come? Awkward questions often have awkward answers:

There’s also precedent for warehousing immigrant children at military bases. In 2014, Obama temporarily held kids at an emergency shelter at Lackland AFB in San Antonio — a development that Ted Cruz and Greg Abbott were appalled by at the time. The photo at the top of this story — of Central American kids at a Border Patrol processing center — has been repeatedly mistaken as a recent, Trump-era image. In fact, it’s from 2014, during the Central American refugee surge.

Many of the pictures being passed around supposedly from current concentration camps full of children are actually from concentration camps full of children that existed under the previous president. Yes, you read correctly, concentration camps that existed under Obama.

If it wasn’t for humanity’s wonderful feature referred to as cognitive dissonance, this news might shake some partisain’s political faith in their party. Fortunately for them, cognitive dissonance will guard most of them from having to accept this difficult information. However, all of us should keep in mind that human rights abuse is nothing new for the United States of America.

From kidnapping Native American children and forcing them to abandon their heritage and language under the guide of civilizing and educating them to interring Japanese Americans during World War II for no other reason than their descent to the continuous abuse of black individuals from slavery to Jim Crow laws to the drug war, there hasn’t been a single instance in the United States’ history where the federal government wasn’t abusing large swaths of people.

None of the human rights abuses being perpetrated under Trump are new or without precedence. Moreover, if voting could fix this, as most partisans either outright claim or imply, this issue would have been fixed already.

If you’re actually looking for a solution to the human rights abuses perpetrated by the United States government, there is only one solution.

Civitates Foederatae Americae delendae sunt!

Romanes Eunt Domus

A United States court decided that one cannot consent to a cop who is conversing with you through a commonly unserviceable translation utility:

Imagine you’re driving in a foreign country and a police officer stops you on the road. You don’t speak the cop’s language and they don’t speak yours, so a halting exchange ensues using a laptop and Google Translate. You’re not always sure what the officer is asking, and you end up agreeing to something you didn’t quite understand, and are arrested.

Translating human language is difficult, which is why it still remains a common target for satire. Anybody who has used Google Translate for a language about which they’re even moderately knowledgeable knows that it has severe limitations. While it can oftentimes provide you the gist of whatever is being translated, it’s a far cry from accurate. If you want to see this in action, translate something from one language to another then take the result and translate it back to the original language. The meaning may be preserved the first time, although even that’s unlikely, but if you keep doing this for a few iterations you’ll end up with some hilarious nonsensical arrangement of letters.

Needless to say, if a cop is using Google Translate to communicate that they’re arresting you, you have abundant evidence with which to argue that you had no idea what the officer was trying to communicate to you.

Perspective

I’m of the opinion that you can despise somebody but not despise everything single thing that they do. For example, I despise Adolf Hitler. Adolf Hitler drank water. Does that mean I despise drinking water? Of course not. Likewise, I despise Donald Trump. Donald Trump is making inroads with North Korea that could lead to a reduction in hostilities if not outright peace. Does that mean I despise peace? Of course not.

Unfortunately, this attitude, albeit quite simple, still qualifies as rather nuanced by modern standards. Many people, especially those who have given themselves over entirely to a binary political spectrum, are unable to deal with even minor nuances so even some former peaceniks have begun screaming about the evils of making peace with North Korea for the sole reason of who is making that peace. This has lead to some rather unexpected propaganda. Case in point, Engadget, a website that posts articles almost exclusively about technology products, felt the need to pen an article that can be summed up as, “North Korea is evil! It cannot be trusted! We can’t make peace with it!” The argument put forward by the article, like the attitude that lead to the writing of the article, is built on the lack of being able to understand nuance.

The first part I’m going to pick out isn’t an argument but an attempt to frame North Korea as an evil nation who did terrible things to Americans. What it fails to do is take perspective into account:

North and South Korea have been divided since 1945; for a short period Russia occupied the North while the US occupied the south; during the war, China aided the north and the US aided the south (we lost 54,246 lives, and 7,704 American soldiers are still unaccounted for). The Korean War ended with an armistice agreement but no peace settlement, so technically the war has never ended. American military remains in the south as part of a mutual defense treaty.

North Korea killed 54,246 Americans! See how evil it is! What’s missing is the other side of the equation. You see, the Korean War was, as the name implies, a war. In war soldiers on both sides tend to die. As it turns out, a lot of North Koreans died:

In a 1984 interview, Air Force General Curtis LeMay, head of the Strategic Air Command during the Korean War, claimed U.S. bombs “killed off 20 percent of the population” and “targeted everything that moved in North Korea.” These acts, largely ignored by the U.S. collective memory, have deeply contributed to Pyongyang’s contempt for the U.S. and especially its ongoing military presence on the Korean Peninsula.

If an estimated 20 percent of the North Korean population wasn’t enough, many North Korean cities, including Pyongyang, ceased to exist.

I don’t say this to give North Korea a pass on the regime’s abuses. The North Korean government is an absolutely brutal one. However, to only give one side of the story is propaganda, not accurate history. Understanding the conflict requires analyzing all sides of the war, not just the American side.

Now that the outright propaganda of the article has been addressed, let’s consider the argument against making peace with North Korea:

Fast forward to 1963, and the world finds out that the North has begun building a nuclear reactor. Then a nuclear weapons program in the 1980s. The first time North Korea committed to denuclearization was 1992’s Joint Declaration of the Denuclearization of the Korean Peninsula — though historically, nuclear inspectors have been barred from surveying North Korean facilities.

North Korea entered the Joint Declaration of the Denuclearization and failed to abide by the agreement! How can we trust a regime that has broken its promises in the past? But why did North Korea fail to abide by its side of the agreement? Fortunately, I’ve read The Dead Hand by David Hoffman. Part of it touched on the history of nuclear weapons in North Korea and the agreement that was made between it and the United States. As with any agreement, this agreement involved concessions from both sides. One of the concessions made by the United Stats was a commitment to provide North Korea with two light water nuclear reactors. However, after the agreement was made, as is so often the case in the United States, the rules changed:

Soon after the agreement was signed, U.S. Congress control changed to the Republican Party, who did not support the agreement.[19][20] Some Republican Senators were strongly against the agreement, regarding it as appeasement.[21][22] Initially, U.S. Department of Defense emergency funds not under Congress’ control were used to fund the transitional oil supplies under the agreement,[23] together with international funding. From 1996 Congress provided funding, though not always sufficient amounts.

The United States didn’t abide by its part of the agreement. Normally when one side fails to uphold its end of an agreement, the other side is not expected to uphold its part. Apparently North Korea was supposed to uphold its end even though it didn’t receive what was promised to it.

Once again the issue wasn’t the upstanding United States being snuffed by wicked North Korea. The issue was two belligerents continuing to be belligerent. This is not to say that North Korea was the good guy or an innocent victim, it’s to point out that the United States wasn’t an angel.

The Science is Settled… Until It’s Not

I’m a skeptical man by nature but I tend to be more skeptical of what are traditionally labeled soft sciences such as psychology and sociology. My stronger than average skepticism stems from several factors.

First, and probably most importantly, experiments in these fields can’t isolate variables. When you’re experimenting on humans, one variable is the life experiences of the subjects of your experiment. Different people have different life experiences, which can lead them to act differently under the same circumstances.

Second, the subject of experiments in fields like psychology tend to act differently when they’re the subject of an experiment. This tendency isn’t unique to humans. Ravens and chimpanzees act differently when they know that they’re being watched.

Third, most experiments involving human subjects suffer from selection bias. Professors have a ready pool of humans to experiment on, western undergrads, and utilize them for most experiments. Anybody with even the most basic observation skills will notice that undergrad students tend to behave differently than, say, elderly individuals.

Now I have a fourth reason for my skepticism. It turns out that the findings of many psychological experiments are, to put it nicely, rather dubious:

The Zimbardo prison experiment is not the only classic study that has been recently scrutinized, reevaluated, or outright exposed as a fraud. Recently, science journalist Gina Perry found that the infamous “Robbers Cave“ experiment in the 1950s — in which young boys at summer camp were essentially manipulated into joining warring factions — was a do-over from a failed previous version of an experiment, which the scientists never mentioned in an academic paper. That’s a glaring omission. It’s wrong to throw out data that refutes your hypothesis and only publicize data that supports it.

Perry has also revealed inconsistencies in another major early work in psychology: the Milgram electroshock test, in which participants were told by an authority figure to deliver seemingly lethal doses of electricity to an unseen hapless soul. Her investigations show some evidence of researchers going off the study script and possibly coercing participants to deliver the desired results. (Somewhat ironically, the new revelations about the prison experiment also show the power an authority figure — in this case Zimbardo himself and his “warden” — has in manipulating others to be cruel.)

The problem of manipulation isn’t unique amongst so-called soft sciences. The scientific method generally assumes that the experimenter is unbiased but what happens when the experimenter wants a specific outcome? Oftentimes, they can setup the experiment or manipulate the results in such a way that they can create their desired outcome. This is especially easily to do when the subjects of an experiment are manipulable humans. A little coercion can result in desired behavior.

I’m happy that these issues are finally being scrutinized more thoroughly. But I’m curious what the fallout will be. Science has become a religion to many people. People tend to react negatively when they learn that their priests have been lying to them and that their gods are not actually gods. Part of my worries that the backlash of this scrutiny could be a reflexive opposition to science by the masses but then the other part of me remembers that most fans of science aren’t actually scientifically minded anyways.

Just Drug ‘Em

The Minneapolis Police Department (MPD) can’t keep itself away from controversy. Fortunately, the latest controversy doesn’t involve another unarmed person being gunned down. Instead it involves people being drugged against their will, oftentimes without any crimes being committed:

Minneapolis police officers have repeatedly requested over the past three years that Hennepin County medical responders sedate people using the powerful tranquilizer ketamine, at times over the protests of those being drugged, and in some cases when no apparent crime was committed, a city report shows.

[…]

The number of documented ketamine injections during Minneapolis police calls increased from three in 2012 to 62 last year, the report found, including four uses on the same person. On May 18, around the time the draft report was completed, Minneapolis police Cmdr. Todd Sauvageau issued a departmental order saying that officers “shall never suggest or demand EMS Personnel ‘sedated’ a subject. This is a decision that needs to be clearly made by EMS Personnel, not MPD Officers.”

This story involves two groups of bad actors. The first group is the usual suspects, MPD officers. The second group are the Emergency Medical Services (EMS) personnel who administer the drugs simply because an MPD officer asked them.

Not surprisingly, both MPD and the EMS people involved have issued statements that absolve themselves of responsibility. MPD at least tried to smooth things over by announced that it has put a new policy in place. While new department policies seldom change actual behavior, it’s a step better than the shut up slaves statement given by Hennepin EMS Medical Director Jeffrey Ho:

The draft report prompted sharply different reactions among local officials. A statement included in the report from Hennepin EMS Medical Director Jeffrey Ho and Minnesota Poison Control System Medical Director Jon Cole dismissed the findings of the report as a “reckless use of anecdotes and partial snapshots of interactions with police, and incomplete information and statistics to draw uninformed and incorrect conclusions.”

“This draft report will prevent the saving of lives by promoting the concept of allowing people to exhaust themselves to death,” Cole and Ho wrote.

Pro tip: if you’re going to claim that a report is based on anecdotal and partial information and are in a position to provide the information that supports your claim, you should release that information. Failing to do so makes it look like your statement is nothing more than an attempt to cover your ass.

The fact that MPD requested the sedation of a subject isn’t the real red flag of this story. There are circumstances where sedating somebody is the best option for everybody involved, including the suspect. However, the rapid increase in the number of sedations is a red flag. Going from three in 2012 to 62 in 2017 is a drastic increase in just five years. Statements from officials and policy changes aren’t going to answer the important question of why was there such a dramatic increase?

Avoid E-Mail for Security Communications

The Pretty Good Privacy (PGP) protocol was created to provide a means to securely communicate via e-mail. Unfortunately, it was a bandage applied to a protocol that has only increased significantly in complexity since PGP was released. The ad-hoc nature of PGP combined with the increasing complexity of e-mail itself has lead to rather unfortunate implementation failures that have left PGP users vulnerable. A newly released attack enables attackers to spoof PGP signatures:

Digital signatures are used to prove the source of an encrypted message, data backup, or software update. Typically, the source must use a private encryption key to cause an application to show that a message or file is signed. But a series of vulnerabilities dubbed SigSpoof makes it possible in certain cases for attackers to fake signatures with nothing more than someone’s public key or key ID, both of which are often published online. The spoofed email shown at the top of this post can’t be detected as malicious without doing forensic analysis that’s beyond the ability of many users.

[…]

The spoofing works by hiding metadata in an encrypted email or other message in a way that causes applications to treat it as if it were the result of a signature-verification operation. Applications such as Enigmail and GPGTools then cause email clients such as Thunderbird or Apple Mail to falsely show that an email was cryptographically signed by someone chosen by the attacker. All that’s required to spoof a signature is to have a public key or key ID.

The good news is that many PGP plugins have been updated to patch this vulnerability. The bad news is that this is the second major vulnerability found in PGP in the span of about a month. It’s likely that other major vulnerabilities will be discovered in the near future since the protocol appears to be receiving a lot of attention.

PGP is suffering from the same fate as most attempts to bolt security onto insecure protocols. This is why I urge people to utilize secure communication technology that was designed from the start to be secure and has been audited. While there are no guarantees in life, protocols that were designed from the ground up with security in mind tend to fair better than protocols that were bolted on after the fact. Of course designs can be garbage, which is where an audit comes in. The reason you want to rely on a secure communication tool only after it has been audited is because an audit by an independent third-party can verify that the tool is well designed and provides effective security. And audit isn’t a magic bullet, unfortunately those don’t exist, but it allows you to be reasonably sure that the tool you’re using isn’t complete garbage.

When Your Smart Lock Isn’t Smart

My biggest gripe with so-called smart products is that they tend to not be very smart. For example, the idea of a padlock that can be unlocked with your phone isn’t a bad idea in of itself. It would certainly be convenient since most people carry a smartphone these days. However, if it’s designed by people who paid no attention to security, the lock quickly because convenient for unauthorized parties as well:

Yes. The only thing we need to unlock the lock is to know the BLE MAC address. The BLE MAC address that is broadcast by the lock.

I was so astounded by how bad the security was that I ordered another and emailed Tapplock to check the lock and app were genuine.

I scripted the attack up to scan for Tapplocks and unlock them. You can just walk up to any Tapplock and unlock it in under 2s. It requires no skill or knowledge to do this.

I wish that this was one of those findings that is so rare that it’s newsworthy. Unfortunately, a total lack of interest in security seems to be a defining characteristic for developers of “smart” products. While this lack of awareness isn’t unexpected for a company developing, say, a smart thermostat (after all, I wouldn’t expect somebody who is knowledgeable about thermostats to necessarily be an expert in security as well), it’s an entirely different matter when the product being developed is itself a security product.

The problem with this attack is how trivial it is to perform. The author of the article notes that they’re porting the script they developed to unlock these “smart” locks to Android. Once the attack is available for smartphones, anybody can potentially unlock any of these locks with a literal tap of a button. This makes them even easier to bypass than those cheap Masterlock padlocks that are notorious for being insecure.