Month: December 2018

Great Claims Request Great Evidence

A couple of months ago Bloomberg made big waves with an article that claimed China had inserted hardware bugs into the server architecture of many major American companies, including Amazon and Apple. Doubts were immediately raised by a few people because the Bloomberg reporters weren’t reporting on a bugged board that they had seen, they merely cited claims made by anonymous sources (always a red flag in a news article). But the hack described, although complicated in nature, wasn’t outside of the realm of possibility. Moreover, Bloomberg isn’t a tabloid, the organization has some journalistic readability, so the threat was treated seriously.

Since the threat was being taken seriously, actual investigations were being performed by the companies named in the article. This is where the credibility of the article started to falter. Apple and Amazon both announced that after investigating the matter they no evidence that their systems were compromised. Finally the company specifically named as the manufacturer of the compromised servers announced that an independent audit found no evidence to support Bloomberg’s claims:

SAN FRANCISCO (Reuters) – Computer hardware maker Super Micro Computer Inc told customers on Tuesday that an outside investigations firm had found no evidence of any malicious hardware in its current or older-model motherboards.

In a letter to customers, the San Jose, California, company said it was not surprised by the result of the review it commissioned in October after a Bloomberg article reported that spies for the Chinese government had tainted Super Micro equipment to eavesdrop on its clients.

Could Apple, Amazon, and Super Micro all be lying about the findings of their investigations as some have insinuated? They certainly could be. But I subscribe to the idea that great claims require great evidence. Bloomberg has failed to produce any evidence to back its claims. If the hack described in its article was as pervasive as the article claimed, it should have been easy for the journalists to acquire or at least see one of these compromised boards. There is also the question of motivation.

Most reports indicated that China has had great success hacking systems the old fashioned way. One of the advantages to remote software hacks is that they leave behind little in the way of hard evidence. The evidence that is left behind can usually be plausibly denied by the Chinese government (it can claim that Chinese hackers unaffiliated with the government performed a hack for example). Why would China risk leaving behind physical evidence that is much harder to deny when it is having success with methods that are much easier to deny?

Unless Bloomberg can provide some evidence to support its claims, I think it’s fair to call bullshit on the article at this point.

Score One for the First Amendment

James Webb came across a law enforcer expropriating wealth from a motorist and did what any red blooded American would do, he cranked up NWA’s Fuck the Police. The officer, having no self awareness or sense of humor, cited Webb for violating the city’s noise ordinance. Instead of paying, Webb decided to take the matter to court. The jury quickly decided that the case was “>stupid and ruled in Webb’s favor:

A man facing jail time for blasting the song “F the Police” and allegedly violating Pontiac’s noise ordinance was found not guilty by a jury.

[…]

“The police officer’s reasoning was that he said this music was vulgar. And part of the vulgarity was that it used the F word, but we had on the video that the first man the officer had pulled over; the officer is dropping F-bombs with him. So why is it OK for this man to hear the F-word but not other people?” said Nicholas Somberg, who represented Webb in court.

Webb chose not to pay the fine for allegedly violating the noise ordinance and instead chose to take the case to trial. The jury took all of nine minutes to come back with a not guilty verdict.

Kudos to Webb for taking the citation to court rather than paying it. Kudos to the jury for only taking nine minutes to decide that the accusation against Webb was stupid. And kudos to the officer whose argument was based on the vulgarity of Webb’s music while he was on camera using vulgarities himself.

Score one for the freedom of expression.

The American Medical System

What do you get when you take a wonderful free market medical system and continuously inject a little more government into it? The American medical system:

Sorry, let me explain a hospital to you: we give you medical care, then we charge whatever the hell we want for it.

If you don’t like that, go fuck yourself and die.

Honestly, there’s no telling what you’ll pay today. Maybe $700. Maybe $70,000. It’s a fun surprise! Maybe you’ll go to the ER for five minutes, get no treatment, then we’ll charge you $5,000 for an ice pack and a bandage. Then your insurance company will be like, “This is nuts. We’re not paying this.” Who knows how hard you’ll get screwed? You will, in three months.

When I buy gas, books, groceries, a cell phone plan, computers, or anything else, the prices are clearly posted. I know what a gallon of gas costs before I buy it. I know what a gallon of milk and a carton of eggs costs before I buy them. But when I need anything involving the medical industry, I seldom have any idea what I’m going to be charged. If I ask, I won’t get a straight answer (unless I’m dealing with one of the handful of wonderful medical facilities that deals in cash but they’re still pretty hard to find). I’ll be told that it will depend on my insurer.

My insurer is an asshole. It has continued to increase my premiums and deductibles will reducing my services. I’m stuck with it though because I, like most Americans, get my insurance through my employer and my employer isn’t big enough to strong arm insurers into providing better packages. This was an entirely different situation before the passage of the Affordable Care Act (ACA), which mandated that every American do business with medical insurers and thus removed any motivation they had to provide a good product at a reasonable price. Before the ACA my insurance was pretty decent and if it hadn’t been decent, I could have found an individual plan that suited my needs.

The passage of the ACA was just one amongst decades worth of laws that slowly transformed the country’s free market medical system into the government controlled mess that won’t even clearly tell you what the product you’re buying costs. Unfortunately, most people subscribe to the idea that if something didn’t work then it wasn’t tried hard enough. If you ask most people how the medical system can be fixed, they’ll tell you, “More government!” Needless to say I’m not hopeful that I’ll be able to walk into a clinic and see a board that clearly advertises the prices being charged for offered services anytime soon.

Order of Operations

What do you do when a bunch of uppity plebs continue to protest even after your great and generous government was benevolent enough to removed the gas tax hike that sparked the protests? You begin laying the groundwork to justify bringing in the military. That’s what Finance Minister Bruno Le Maire is attempted to do by rewriting history a little bit:

The “yellow vest” protests have been “a catastrophe” for the French economy, the finance minister says.

He has his order of operations a bit backwards. It was the catastrophic economic policies implemented by the French government that sparked the protests. The gas tax was merely the straw the broke the camel’s back. But even funnier than his attempt to rewrite history is his attempt to redefine democracy:

Finance Minister Bruno Le Maire called the situation “a crisis” for both society and democracy.

Democracy is a method of government where the majority rules. What could be a more pure form of majority rules than the masses rising up and declaring their opposition to a government decree? These riots are direct democracy in action.

Who Needs Copy and Paste Anyways

WordPress 5.0 was rolled out on Friday and with it came the new Gutenberg Editor. I’m not a curmudgeon who’s unwilling to give new features a chance. However, I found myself wanting to disable Gutenberg within seconds of trying to use it. Why? Because I couldn’t get the stupid thing to accept pasted text.

Most of my posts involve linking to a story and posting an excerpt of the part on which I want to comment. Needless to say copy and paste is pretty bloody important for what I do. Moreover, copy and paste are two of the most basic operations for an editor. It turns out that I’m not the only one unhappy with Gutenberg. During my quick search to find a way to revert to WordPress’s previous editor I came across a WordPress plugin called Disable Gutenberg. It has over 20,000 active installations and a five star rating, which indicates that it does its job well and the job it does is in high demand.

My setup isn’t anything special. I use Firefox with a few basic add-ons (HTTPS Everywhere, Privacy Badger, uBlock Origin, Multi-Account Containers, Auto Tab Discard, and Bitwarden). This setup worker well with the previous WordPress editor. This leads me to believe that WordPress’s developers didn’t thoroughly test Gutenberg before releasing it. Failing to perform thorough testing before releasing a major update isn’t unique to WordPress though, it has become the standard operating procedure for technology companies.

When I see a new update for any piece of software I use, I become a bit wary. When I see that the update includes new features, I become downright nervous. More often than not new features are released half baked. The weeks (or months) following the release of a new feature are usually spent making it work properly or at least provide the same functionality as the feature it replaced. This is annoying to say the least. I would much rather see the technology industry move develop an attitude that saw reliability as a critical feature instead of an afterthought. But I doubt this will happen. Reliability is a difficult feature to sell to most consumers and the work needed to make a product reliable is boring.

Never Trust a Surveillance Company

The parliament of the United Kingdom (UK) decided to pull a Facebook on Facebook by collecting the company’s personal information. Not only did the parliament collect Facebook’s personal information but it’s now airing the company’s dirty laundry. There are a lot of interesting tidbits to be found within the documents posted by the parliament but one in particular shows Facebook’s ruthlessness when it comes to collecting your personal information:

The emails show Facebook’s growth team looking to call log data as a way to improve Facebook’s algorithms as well as to locate new contacts through the “People You May Know” feature. Notably, the project manager recognized it as “a pretty high-risk thing to do from a PR perspective,” but that risk seems to have been overwhelmed by the potential user growth.

Initially, the feature was intended to require users to opt in, typically through an in-app pop-up dialog box. But as developers looked for ways to get users signed up, it became clear that Android’s data permissions could be manipulated to automatically enroll users if the new feature was deployed in a certain way.

In another email chain, the group developing the feature seems to see the Android permissions screen as a point of unnecessary friction, to be avoided if possible. When testing revealed that call logs could be collected without a permissions dialog, that option seems to have been obviously preferable to developers.

“Based on our initial testing,” one developer wrote, “it seems that this would allow us to upgrade users without subjecting them to an Android permissions dialog at all.”

If you’re using Facebook on a Google operating system, you’re in the center of a surveillance Eiffel Tower, and I’m not talking about the monument!

The history of Android’s permission system has not been a happy one. Until fairly recently Android had an all or nothing model where you either had to grant an application all the permissions it asked for or you couldn’t use it. Not surprisingly this resulted in almost every app requesting every possible permission, which turned the permissions dialog into a formality. Android 6.0 changed the permission system to mirror iOS’s. When an app running on Android 6.0 or later wants to access a protected feature such as text messages, the user is presented with a dialog alerting them to the attempted access and asks if they want to allow it.

If you read the excerpts, you’ll see that Facebook was concerned about the kind of public relations nightmare asking for permission to access call and text message logs could bring. At first the company was planning to only request permission to access call logs, hoping it wouldn’t cause a ruckus. However, once somebody figured out a way to add the additional capabilities without triggering any new permission requests, Facebook moved forward with the plan. So we know for a fact that Facebook knew what it was doing was likely to piss off its users and was willing to use underhanded tactics to do it without getting caught.

You should never trust a company that profits by collecting your personal information to respect your privacy. In light of the information released by the UK’s parliament, this goes double for Facebook.

This Neopuritan Internet Is Weird

Just days after Tumblr announced that it will be committing corporate seppuku Facebook has announced that it too is joining the neopuritan revolution:

Facebook will now “restrict sexually explicit language”—because “some audiences within our global community may be sensitive to this type of content”—as well as talk about “partners who share sexual interests,” art featuring people posed provocatively, “sexualized slang,” and any “hints” or mentions of sexual “positions or fetish scenarios.”

[…]

The new Sexual Solicitation policy starts by stating that while Facebook wants to faciliate discussion “and draw attention to sexual violence and exploitation,” it “draw[s] the line…when content facilitates, encourages, or coordinates sexual encounters between adults.” Can we pause a moment to appreciate how weird it is that they lump those things together in the first place? Whatever the intent, it reads as if only content coding sex as exploitative, violent, and negative will be tolerated on the site, while even “encouraging” consensual adult sex is forbidden.

This is a rather odd attitude for a website that recently rolled out a dating service. Does Facebook seriously believe its dating service isn’t being used to facilitate, encourage, and coordinate sexual encounters between adults?

This neopuritan Internet is getting weird. Both Tumblr and Facebook have mechanisms that allow content to be walled off from the general public. These mechanisms serve as a good middle ground that allow users to post controversial content while protecting random passersby from seeing it. But instead of utilizing them, these two services are opting for a scorched Earth policy. It seems like a waste of money to pay developers to create mechanisms to hide controversial content form the public and not utilize them.

Getting Leadership Ousted in the Minneapolis Police Department

If officers executing unarmed individuals isn’t enough to get leaders in the Minneapolis Police Department (MPD) ousted, what is? Apparently Christmas decorations:

Just days after controversy erupted over a racist Christmas tree on display at the Minneapolis Police Department’s 4th Precinct, Chief Medaria Arradondo has assigned a new inspector to lead the north Minneapolis precinct.

Images of a Christmas tree decorated with beer cans, cigarettes and police tape spread quickly on social media Friday. It was condemned by members of the public, activists and Minneapolis City Council members, including Council Member Jeremiah Ellison, who represents the area. Ellison said it’s “the type of thing that always instills fear in the community.

We’ve learned something here. The value of an unarmed person is worth less in the eyes of the MPD than bad publicity generated by a Christmas tree. While that’s not exactly a happy thing to learn, at least we know.

Intellectual Property Laws are Ineffective

I’ve enjoyed pointing out the absurdities that the concept of intellectual property enables. Now I want to address the matter from a more pragmatic angle.

Gun rights activists like to point out the fact that gun control laws are ineffective and thus passing them is pointless. Advocates for drug legalization like to point out the fact that drug prohibitions are ineffective and should thus be repealed. Both are sound arguments. Investing resources into enforcing ineffective laws is a waste. Those resources would be better redirected at effective means of addressing problems. Many of the people who make those two arguments are surprisingly inconsistent with their logic when it comes to intellectual property laws though.

Intellectual property laws are ineffective. I can pirate almost any creative work right now with a few keystrokes thanks to numerous piracy websites. The most notorious of these sites is The Pirate Bay. Governments around the world have attempted to use intellectual property laws to shutdown The Pirate Bay for more than a decade but the site remains online. Even when governments are able to shutdown a piracy site, several new ones appear in their place. And those are clearnet sites whose server locations and operators are, for the most part, easily found. There is a whole world of “darknet” piracy sites hidden with Tor Hidden Service, I2P, and similar protocols.

Piracy can’t even be thwarted in the physical world. Everything from counterfeit designer clothing and fashion accessories to counterfeit electronics can be readily had. Even the government of the United States can’t reliably distinguish counterfeit components from authentic ones.

Advocates of intellectual property continue to claim that intellectual property laws protect inventors and authors of creative works but the evidence indicates otherwise.

Intellectual property is a fairly modern concept. Before it came into being inventors and authors came up with other strategies to protect their works. The same is still true today even with intellectual property laws on the books. Coca-Cola, for example, doesn’t have a patent on its formula. Instead it relies on keeping it a secret. Kentucky Fried Chicken relies on the same strategy. Many online content creators make a living on content that they release for free. How do they accomplish this? By urging their fans to support them through services like Patreon. For a fee Twitch viewers can subscribe to the channels of creators they enjoy to support them. YouTube allows creators to monetize videos through advertising. Many inventors and authors utilize crowdsourcing services such as Kickstarter to get paid upfront before releasing their latest product.

Netflix, Spotify, and iTunes Music have also demonstrated that piracy can be reduced by offering a product in a convenient package at a reasonable price. Why bother searching through various pirating sites for a song when you can pay $10 a month to Spotify or Apple to access a vast all-you-can-consume buffet of music? Your time is worth money after all and for many people $10 a month isn’t a lot of money.

None of these strategies would likely exist if intellectual property laws were effective. If gun control laws and drug prohibitions are argued to be pointless because they’re ineffective, then so should intellectual property laws.