More Fun than Watching Election Results

Form what I gathered on Facebook, most people were watching the election results last night. I decided to have fun instead.

Korpiklaani, one of my favorite folk metal bands, played at the Varsity in Minneapolis last night. They played a fun show and, being Finnish, didn’t waste our time by talking about American politics. I couldn’t have asked for a better election night.

Lockdown

I’ve always treated mobile devices differently than desktops and laptops. Part of this is because mobile devices tend to be restrictive. Most mobile devices are closed platforms that don’t allow you to load a different operation system. And while you can load custom firmware on a few mobile devices, it often requires some hackery. It appears as though I jumped ship at the proper time though because Apple is bringing the restrictive nature of iOS to its desktops and laptops:

Apple’s MacBook Pro laptops have become increasingly unfriendly with Linux in recent years while their Mac Mini computers have generally continued working out okay with most Linux distributions due to not having to worry about multiple GPUs, keyboards/touchpads, and other Apple hardware that often proves problematic with the Linux kernel. But now with the latest Mac Mini systems employing Apple’s T2 security chip, they took are likely to crush any Linux dreams.

[…]

Update 2: It looks like even if disabling the Secure Boot functionality, the T2 chip is reportedly still blocking operating systems aside from macOS and Windows 10.

I know a lot of people have expressed the feeling that buying an Apple computer and installing Linux on it is rather foolish. After all, you can buy a computer for far less that is fully supported by Linux (Linux support on Apple computers has always been a bit hit or miss). I mostly agree with that attitude. However, there comes a time in every Mac’s life where Apple drops support for it in macOS. While it’s possible to coax macOS onto a lot of unsupported Macs, there are also quite a few older Macs where installing a modern version of macOS is impossible. In such cases Linux offers an option to continue using the hardware with an operating system that has current security updates.

I prefer to repurpose old computers rather than throw them away. Having the option to install Linux on older Macs has always been a desirable option to me. For me losing that ability severely limits the functional lifetime of a Mac. Moreover, I worry that the limitations put into place by the T2 chip will make installing future versions of macOS on these machines impossible when they fall out of support.

Secure Boot functionality is a good security measure. However, Secure Boot on a vast majority of PCs can be disabled (in fact Microsoft requires that Secure Boot can be disabled for logo-certificate). Even if you don’t disable it, many Linux distributions have signed bootloaders that work with Secure Boot (unfortunately, even these signed bootloaders don’t work on Apple computers with a T2 chip). So it is possible to provide boot-time security while supporting third-party operating systems. Apple is simply choosing not to do so.

Meet the Modern Military

The United States military has a problem. OK, it has a lot of problems, but the problem I’m specifically referring to is the trend as of late of acquiring unfinished or flawed technology. From a $1 trillion jet that doesn’t seem capable of doing anything well to stealthy destroyers with flawed engines to fancy new aircraft carriers with nonfunctional munition elevators:

The $13 billion Gerald R. Ford aircraft carrier, the U.S. Navy’s costliest warship, was delivered last year without elevators needed to lift bombs from below deck magazines for loading on fighter jets.

Previously undisclosed problems with the 11 elevators for the ship built by Huntington Ingalls Industries Inc. add to long-standing reliability and technical problems with two other core systems — the electromagnetic system to launch planes and the arresting gear to catch them when they land.

The Advanced Weapons Elevators, which are moved by magnets rather than cables, were supposed to be installed by the vessel’s original delivery date in May 2017. Instead, final installation was delayed by problems including four instances of unsafe “uncommanded movements” since 2015, according to the Navy.

I guess when the deck is used to launch $1 trillion jets that don’t function reliably, getting munitions to the desk isn’t terribly important.

The modern United States military is addicted to high-tech bells and whistles. While those bells and whistles look great on paper, they are often plagued with problems in real world testing and on the battlefield.

At the rate things are going the United States’ military will win the war for its enemies.

Your Vote Matters

After the last election the Democrats were throwing a fit over supposed Russian interference with the presidential election (funny how politicians here get bent out of shape when somebody interferes with their elections). Implied in the accusation is that an extremely sophisticated enemy such as a state actor is necessary to interfere with a United States election. However, the security of many election machines and election-related sites is so bad that an 11-year-old can break into them:

An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said.

Thousands of adult hackers attend the convention annually, while this year a group of children attempted to hack 13 imitation websites linked to voting in presidential battleground states.

The boy, who was identified by DEFCON officials as Emmett Brewer, accessed a replica of the Florida secretary of state’s website. He was one of about 50 children between the ages of 8 and 16 who were taking part in the so-called “DEFCON Voting Machine Hacking Village,” a portion of which allowed kids the chance to manipulate party names, candidate names and vote count totals.

Florida’s website isn’t an isolated incident. The entire infrastructure supporting elections here in the United States is a mess:

Even though most states have moved away from voting equipment that does not produce a paper trail, when experts talk about “voting systems,” that phrase encompasses the entire process of voting: how citizens register, how they find their polling places, how they check in, how they cast their ballots and, ultimately, how they find out who won.

Much of that process is digital.

“This is the problem we always have in computer security — basically nobody has ever built a secure computer. That’s the reality,” Schneier said. “I want to build a robust system that is secure despite the fact that computers have vulnerabilities, rather than pretend that they don’t because no one has found them yet. And people will find them — whether it’s nation-states or teenagers on a weekend.”

And before you think that you’re state is smart for not using voting machines, you should be aware that computers are involved in various steps of any modern voting process. Minnesota, for example, uses paper ballots but they’re fed into an electronic machine. Results from local ballot counts are transmitted electronically. Those results are then eventually transmitted electronically to media sources and from there to the masses.

If you go to cast your ballot today, know that there is no reason to believe that it will matter. There are far too many pieces of the voting infrastructure that are vulnerable to the machinations of 11-year-olds.

Ensuring Your Fellow Cultists Attend Worship Services

As with any religious cult, the clergy of the state are always coming up with new ways to ensure that their flock are attending worship services. One of the most common tactics religious cults use to ensure worshipers attend services is peer pressure. When one cultist notices that another was absent from service, they will often “check-in” on them. To make this easier, the clergy of the state have made service attendance records publicly available. Some innovative worshipers decided to tie the publicly available attendance records to an app to make it easier for worshipers to chide their fellows who fail to attend services:

It’s easy enough to say you’re going to the polls, but nobody is really tracking whether you cast your ballot — until now. Two new political apps, VoteWithMe and OutVote, will help you see if your friends voted and what their party affiliations are. Both apps were designed to help you encourage your friends and family to vote in the upcoming midterm election, as first reported by The New York Times.

How your friends voted in previous elections remains secret, but their voting histories are not. The two apps take information from public government records and make it more easily accessible. Now, instead of having to look up each of your friends to see if they’ve voted, you only need to sync your phone contacts.

I, of course, will be labeled by an infidel by these apps, which is fine by me.

In addition to streamlining peer pressure, these apps will also streamline the upcoming ideological purge by making party affiliation publicly available. No longer will you have to wonder whether your fellow cultist voted the right way. If they’re affiliated with the wrong sect, you can demonstrate your devotion to your sect through some good old fashioned propaganda of the deed!

Spending Money to Make Money

You know the old saying, you have to spend money to make money? It’s especially true in politics:

Weapons makers are moving last-minute money to the Democratic congressman in line to chair the defense industry’s key House committee, as he is under assault from a fellow Democrat, who is attacking his pro-war record just ahead of a rare intra-party general election.

[…]

Sensing an opportunity to influence the race and the potential future committee chair, major weapons contractors have given the lawmaker last-minute campaign support. Lobbyists and executives associated with General Dynamics, one of the largest weapons makers in the world, have given over $10,000 in recent weeks, in addition to the $9,500 from the company over the last quarter.

In just the last week of October, Teresa Carlson, an Amazon industry executive overseeing the company’s bid for a $10 billion military IT contract, gave $1,000; Bechtel, which managed Iraq reconstruction contracts, gave $1,000; Rolls-Royce, which manufactures parts for a variety of military jets, including a model of the controversial F-35, gave $3,500; and Phebe Novakovic, the chief executive of General Dynamics, gave $2,700.

If you’re going to the polls tomorrow, remember that your vote is meaningless. Your options will consist of a list of curated politicians who might disagree on minor details but all agree that the government must continue to oppress you. Moreover, consider your politician’s position. If they have to weigh the value of the single filled in oval on a piece of paper that you offer versus thousands or millions of dollars in campaign contributions, who do you think they’ll choose to appease?

Rule Are for Thee, Not for Me

Senator Ron Wyden has had enough of consumers’ privacy being violated and has decided to do something:

The Senator’s proposal would dramatically beef up Federal Trade Commission authority and funding to crack down on privacy violations, let consumers opt out of having their sensitive personal data collected and sold, and impose harsh new penalties on a massive data monetization industry that has for years claimed that self-regulation is all that’s necessary to protect consumer privacy.

Wyden’s bill proposes that companies whose revenue exceeds $1 billion per year—or warehouse data on more than 50 million consumers or consumer devices—submit “annual data protection reports” to the government detailing all steps taken to protect the security and privacy of consumers’ personal information.

The proposed legislation would also levy penalties up to 20 years in prison and $5 million in fines for executives who knowingly mislead the FTC in these reports. The FTC’s authority over such matters is currently limited—one of the reasons telecom giants have been eager to move oversight of their industry from the Federal Communications Commission to the FTC.

I read through his proposal [PDF]. Strangely enough the proposal doesn’t mention any punishments or penalties for politicians or other government agents who violate people’s privacy.

Rules are for thee, not for me, ya fuckin’ plebs.

When it comes to surveillance my primary concern is government surveillance. The main reason I’m concerned about private surveillance is because it can turn into government surveillance (either by payment or by a subpoena). If that weren’t the case, I’d be far less concerned because, unlike government surveillance, I can opt out of private surveillance. Moreover, if private surveillance couldn’t turn into government surveillance, a company seeing me do something it didn’t like wouldn’t result in men with guns busting down my door at oh dark thirty to either kidnap or murder me. So any legislation that doesn’t curtail government surveillance is, in my opinion, worthless.