Author: Christopher Burg

The Power of Public Shaming

Every major security breach is followed by calls for politicians to enact more stringent regulations. When I see people demanding additional government regulations I like to point out that there is a list of alternative solutions that can yield far better results (especially since regulations, being a product of government, are extremely rigid and slow to change, which makes them a solution ill-suited to fast moving markets). One of those solutions is public shaming. It turns out that public shaming is often a viable solution to security issues:

See the theme? Crazy statements made by representatives of the companies involved. The last one from Betfair is a great example and the entire thread is worth a read. What it boiled down to was the account arguing with a journalist (pro tip: avoid arguing being a dick to those in a position to write publicly about you!) that no, you didn’t just need a username and birth date to reset the account password. Eventually, it got to the point where Betfair advised that providing this information to someone else would be a breach of their terms. Now, keeping in mind that the username is your email address and that many among us like cake and presents and other birthday celebratory patterns, it’s reasonable to say that this was a ludicrous statement. Further, I propose that this is a perfect case where shaming is not only due, but necessary. So I wrote a blog post..

Shortly after that blog post, three things happened and the first was that it got press. The Register wrote about it. Venture Beat wrote about it. Many other discussions were held in the public forum with all concluding the same thing: this process sucked. Secondly, it got fixed. No longer was a mere email address and birthday sufficient to reset the account, you actually had to demonstrate that you controlled the email address! And finally, something else happened that convinced me of the value of shaming in this fashion:

A couple of months later, I delivered the opening keynote at OWASP’s AppSec conference in Amsterdam. After the talk, a bunch of people came up to say g’day and many other nice things. And then, after the crowd died down, a bloke came up and handed me his card – “Betfair Security”. Ah shit. But the hesitation quickly passed as he proceeded to thank me for the coverage. You see, they knew this process sucked – any reasonable person with half an idea about security did – but the internal security team alone telling management this was not cool wasn’t enough to drive change.

As I mentioned above, regulations tend to be rigid and slow to change. Public shaming on the other hand is often almost instantaneous. It seldom takes long for a company tweet that makes an outrageous security claim to be bombarded with criticism. Within minutes there are retweets by people mocking the statement, replies from people explaining why the claim is outrageous, and journalists writing about how outrageous the claim is. That public outrage, unlike C-SPAN, quickly reaches the public at large. Once the public becomes aware of the company’s claim and why it’s bad, the company has to being worrying about losing customers and by extent profits.

Gun Control Support Rating System

Read any article discussing gun ownership privileges (sometimes referred to as rights but rights are something you take and in most cases the discussion of gun ownership revolves around what privileges the government will grant) from the perspective of a gun control supporter and it will inevitably mention the zealous National Rifle Association (NRA) and it’s absolutist position against gun control. Obviously there is some confusion on this matter because the NRA has a long history of supporting gun control. To say that the organization is absolutist is nonsense.

Because I like to be helpful, I’ve decided to put together a quick and dirty three tier rating system for gun control support. I hope that it helps people writing articles in the future (because let’s face it, anybody who claim that the NRA is an absolutist when it comes to opposing gun control is a damn fool). Without further ado, here’s the rating system:

Tier 1: Supports the abolition of private gun ownership. Examples of this tier are Everytown for Gun Safety and the Brady Campaign.

Tier 2: Supports some restrictions to private gun ownership. Examples of this tier are the NRA and Gun Owners of America.

Tier 3: Opposes all forms of restrictions on private gun ownership. The best example of this tier is Cody Wilson and his company Defense Distributed.

Believing in Science

I’ve come across a lot of people who have said that people shouldn’t support politicians who don’t “believe in science.” That phrase always amuses me.

To believe is to accept that something is true. The scientific method is the antithesis of belief. Instead of accepting something as true, the scientific method postulates that all hypotheses be tested through experimentation. If experimentation doesn’t prove a hypothesis false, then there is some evidence to support it. But even then the hypothesis isn’t assumed to be true, it merely hasn’t been proven false. If a hypothesis hasn’t been proven false, the scientific method demands that further experimentation be performed. After rigorous experimentation a hypothesis may graduate to a scientific theory but even then it isn’t assumed to be true. A scientific theory is merely an explanation for observations in the natural world that has been repeatedly tested and verified. At any point in the future an experiment could show that the explanation isn’t correct.

One should not believe in the scientific method. One should treat the scientific method as a scientific theory, a tool that has proven useful through use but not necessarily the only useful tool. One should not believe what scientists have published. One should seek to recreate the results published by scientists. In other words, to truly subscribe to the scientific method one must be skeptical about all things, even the scientific method.

Buying Less for More

The Trump administration has decided to devalue your dollars even more by placing additional tariffs on Chinese goods:

The US is imposing new tariffs on $200bn (£150bn) of Chinese goods as it escalates its trade war with Beijing.

These will apply to almost 6,000 items, marking the biggest round of US tariffs so far.

Handbags, rice and textiles will be included, but some items expected to be targeted such as smart watches and high chairs have been excluded.

The Chinese commerce ministry said it had no choice but to retaliate but is yet to detail what action it will take.

The US taxes will take effect from 24 September, starting at 10% and increasing to 25% from the start of next year unless the two countries agree a deal.

The upside of trade wars is that they don’t start out as shooting wars. The downside of trade wars is that they’re a war on consumers. Every tariff means that consumers are stuck paying more for less. A bag of rice that costs $5.00 can suddenly cost $6.25 for no reason other than where it was produced. A cell phone that costs $500 can suddenly cost $625. What makes tariffs a real gut punch though is that since they’re usually calculated by the price of a good, they increase as inflation causes prices to increase. If that $500 cell pone begins to cost $600 due to inflation, the cost with the tariff tax included will be $750.

The only winner in a trade war is the government because it pockets the tariffs.

From Their Beloved to Their Bitter Enemy

Remember just a few weeks ago when the European Union passed the General Data Protection Regulation (GDPR) and became the beloved of Internet activists across the globe? In the wake of GDPR’s passage I saw a ton of European peasants claim that the passage of the law demonstrated that the European Union, unlike the United States government, actually represents and watches out for its people.

A rule I live by is if you see a government do something you like, stick around for a short while longer because it’ll soon do something you really don’t like. The European Union just proved this rule. Within a few short weeks it went from the beloved of Internet activists to their bitter enemy:

The EU has voted on copyright reform (again), with members of European Parliament this time voting in favor of the extremely controversial Articles 11 and 13. The 438 to 226 vote, described as “the worst possible outcome” by some quarters, could have significant repercussions on the way we use the internet.

The Copyright Directive, first proposed in 2016, is intended to bring the issue of copyright in line with the digital age. Articles 11 and 13 have caused particular controversy, with many heralding their adoption as the death of the internet. Article 11, also known as the “link tax”, would require online platforms such as Google and Facebook to pay media companies to link to their content, while Article 13, the “upload filter”, would force them to check all content uploaded to their sites and remove any copyrighted material. How this will affect regular internet users is still subject to debate, but it could seriously limit the variety of content available online — and it could pretty much spell the end of memes.

Excuse me for a minute while I laugh at all of the suckers who claimed that the European Union represents and watches out for its people.

The Internet started off as a strongly decentralized network. Eventually it turned into the highly centralized mess that we’re dealing with now. Soon it may return to its decentralized nature as international companies find themselves having to abandon regions because they cannot comply with all of the different legal frameworks. Google and Facebook make a lot of money off of Europe but do they make enough money to justify paying link taxes? Do small content hosting sites have the spare resources to scan every file that has been uploaded for copyrighted material?

Moreover, legislation like this will push more Internet traffic “underground.” As long ago as the Napster lawsuit it became obvious that people on the Internet weren’t going to comply with copyright laws. Instead when one system of bypassing copyright laws is destroyed by the State, another is created in its place. So sharing memes online, at least for European peasants, might require the Tor Browser in order to access hidden image sharing sites but they will continue to share memes.

Uncontrolled Release of Energy

Your smartphone has a rather sizable appetite for energy. To keep it running just for one day it needs a battery that is capable of storing a rather notable amount of energy. The same is true for your laptop, tablet, smartwatch, and any other sophisticated portable electronic device. For the most part we never think about the batteries that power our portable electronics until they degrade to such a point that we find ourselves recharging them more often than we’re comfortable with. But what happens when something besides the usual wear and tear goes wrong with our batteries? What happens if a battery decides to release its stored energy all at once? This is a problem plaguing companies that specialize in recycling electronics:

MADISON, Wis. — What happens to gadgets when you’re done with them? Too often, they explode.

As we enter new-gadget buying season, spare a moment to meet the people who end up handling your old stuff. Isauro Flores-Hernandez, who takes apart used smartphones and tablets for a living, keeps thick gloves, metal tongs and a red fireproof bin by his desk here at Cascade Asset Management, an electronics scrap processor. He uses them to whisk away devices with batteries that burst into flames when he opens them for recycling.

One corner of his desk is charred from an Apple iPhone that began smoking and then exploded after he opened it in 2016. Last year, his co-worker had to slide away an exploding iPad battery and evacuate the area while it burned out.

Due to their popularity, lithium-ion batteries are receiving a lot of attention at the moment but the problem of uncontrolled energy release isn’t unique to them. Anything capable of storing energy so that it can be released in a controlled manner can suffer a failure that causes the energy to be released in an uncontrolled manner. Consider the gas tank in your vehicle. Under normal operating conditions the energy stored in your gas tank is released in a controlled manner by your engine. But a crash can cause the energy to be released in an uncontrolled manner, which results in a fire or explosion.

Anything that can store a large quantity of energy should be treated with respect. If you’re repairing your smartphone or laptop, be careful around the battery. If you smell something odd coming from one of your battery-powered devices, put some distance between it and yourself (and anything that can catch fire and burn).

Marijuana You Say? Case Dismissed!

Do you remember the Dallas law enforcers that went to Botham Jean’s apartment to plant, err, find evidence to assassinate his character? This is probably going to come as a shock but they found something:

One of the warrants became a public record Thursday afternoon when it was returned to the judge who signed it. It was shortly after Jean’s funeral had ended. It listed several items found in Jean’s apartment, including a small amount of marijuana.

I can see the courtroom now. The officer’s defense attorney mentions that the search warrant resulted in the discovery of marijuana. The judge says, “Marijuana you say?” He then taps his gavel and says, “Case dismissed!”

Truth be told, the discovery of marijuana is irrelevant to the case at hand. Even if Officer Guyger was aware that Jean was in possession of cannabis, she had no warrant to enter the premise. Without a warrant or an invitation, which she never claimed to be given, she was in his dwelling unlawfully. But I’m sure the discovery of cannabis will give all of the boot lickers their much needed reason to defend Officer Guyger’s actions and that’s what the warrant was all about, assassinating Jean’s character.

Creating Justification After the Fact

Most of you have probably heard about Officer Amber Guyger, the Dallas law enforcer who entered Botham Jean’s apartment and summarily executed him. When I first heard about the story, Guyger was enjoying a paid vacation. That vacation ended when she was arrested after the story had spread across the Internet. However, she was still granted the professional courtesy of receiving a few days to craft her story. Even with a few days her story was pretty feeble though. She claimed that she mistook the man’s apartment for her own (apparently black men have a magical power where they can quickly remove all of your furnishings from an apartment and replace them with new furnishings) and only shot Jean after he failed to respond to verbal commands.

Now it appears as thought the department is extending a bit more professional courtesy by helping Guyger’s defense team find some kind of evidence with which to smear Jean’s character:

Now KXAS reports that the day after the shooting, a Dallas Police Department investigator obtained a warrant to search Jean’s apartment. The warrant, signed by 292nd District Court Judge Brandon Birmingham, says the police intended to look for “any contraband, such as narcotics,” that could “constitute[e] evidence of a criminal offense.”

If I entered another person’s apartment and gunned them down, I highly doubt that the local police department would extend me the courtesies of giving me a few days to craft my story and searching my victim’s apartment for evidence that could help my defense lawyer smear them. Those levels of courtesy are only granted to members of the brotherhood.

A Potential Agorist Business Opportunity

I initially hesitated to post this article because I didn’t want to face a bunch of agorists crowding into my brilliant underground business plan but after considering how many vape shops existed before the Fascist Drug Administration (FDA) initiated its first crackdown (seriously, it’s almost as if there were two on every street corner), I realized that there was plenty of room in the market for literally everybody. So if any agorists are looking for a hustle, the (FDA) may have an opportunity lined up for you:

The agency has hardly ignored the issue. It is reviewing more than a half million public comments as it mulls whether to restrict or even ban flavors in the liquid and is investigating youth marketing by Juul, which attracts young vapers with its nicotine-packed products, easily hidden USB size and alluring social media presence.

Vape juice is dead simple to make and the handful of ingredients necessary are dirt cheap. The process is so easy and the ingredients are so cheap that I never understood how vape shops remained in business. If the FDA outright banned flavored vape juice, it would create an underground market where anybody could play. Best of all, judging by the number of vape shops that used to exist, there is obviously a massive market.

I’m sure any “concerned individual” who reads this will think that I’m the devil incarnate because I’m openly advocating for the sale of a product that they view is the embodiment of all that is wrong with this world. But I don’t care what a bunch of teetotalers think. Inhaling flavored vape juice isn’t my thing but if somebody wants to do so, they should be free to do so. It’s your body so you can put whatever you want into it.