A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Technology’ Category

Oftentimes Dumb is Better

without comments

The philosophy modern hardware manufacturers seem to predominantly follow is that any product can be improved by putting a chip in it. While it may be convenient to have speakers that can wirelessly connect to you phone and stream music from it, there is a significant downside to such a convenience, near future obsolesce:

But more important to me, the Nocs app — which you need to configure to use Wi-Fi networking and update firmware — hasn’t been updated since October 2014, meaning that the iOS app doesn’t work at all anymore, since Nocs never updated it with a 64-bit version. (There’s apparently an Android app, but reviews indicate that it seems to crash more often than not, so that probably isn’t a great solution, either.)

This would all be less of a problem if I had another way to use the speakers, but since I don’t have the Bluetooth model, I’m stuck with either Airplay or a 3.5mm cable (which isn’t super convenient to access, since they’re on a bookshelf). Plus, Airplay itself as a standard is on its way out, so even if the NS2 pair that I have work without any problems, they’ll be obsolete and incompatible with the new wave of speakers that will be out whenever Apple decides to finally release Airplay 2.

In this case the author has the fortune of being able to fallback to a standard 3.5mm headphone jack but many “smart” devices don’t include legacy support.

Dumb devices tend to have a longer shelf life than their smart brethren. This is because dumb device tend to operate on standards that have been around for decades. Speakers that attach to receivers using two copper cables have been around for decades and will likely be around for decades to come. What makes dumb speakers even better is that they’re modular. If a smart speaker becomes obsolete, you have to replace the whole speaker. If the receiver you plug your dumb speakers into becomes obsolete, you can replace the receiver while keeping your bitchin’ speakers.

There are a lot of legitimate reasons to add a chip to old products but there is also a trade off. In many cases, at least in my opinion, dumb devices enjoy enough advantages in shelf life that they remain superior to their smart brethren.

Written by Christopher Burg

April 17th, 2018 at 10:00 am

Posted in Technology

Tagged with

Embracing the Darknet

without comments

Big changes came to the Internet shortly after Congress passed the Stop Enabling Sex Traffickers Act (SESTA). SESTA, like most legislation, has a name that sounds good on the surface but actually conceals some heinous provisions. One of those major provisions is holding website owners criminally liable for user generated content. This resulted in some drastic changes to sites like Reddit and Craiglist:

So far, four subreddits related to sex have banned: Escorts, Male Escorts, Hookers, and SugarDaddy. None were what could accurately be described as advertising forums, though (to varying degrees) they may have helped connect some people who wound up in “mutually beneficial relationships.” The escort forums were largely used by sex workers to communicate with one another, according to Partridge. Meanwhile, the “hooker” subreddit “was mostly men being disgusting,” according to Roux, “but also was a place that sometimes had people answering educational questions in good faith.”

[…]

Reddit yesterday announced changes to its content policy, now forbidding “transactions for certain goods and services,” including “firearms, ammunition, or explosives” and “paid services involving physical sexual contact.” While some of the prohibited exchanges are illegal, many are not.

Yet they run close enough up against exchanges that could be illegal that it’s hard for a third-party like Reddit to differentiate. And the same goes for forums where sex workers post educational content, news, safety and legal advice. Without broad Section 230 protections, Reddit could be in serious financial and legal trouble if they make the wrong call.

The passage of SESTA set a precedence that will certainly expand. Today Section 230 protections can be revoked for user generated content about sex trafficking. Tomorrow it could be revoked for user generated content involving hate speech, explaining the chemistry and biology behind how prohibited drugs work, showing the mechanics of how a machine gun operates, and so on. User generated content is now a liability and will only become more of a liability as the precedence is expanded.

Will this rid the world of content about sex work, drugs, and guns? Of course not. It will merely push that content to anonymized servers, commonly referred to as the “darkweb.” As laws make hosting content on the non-anonymized Internet a legal hazard, Internet users will find that they need tools like I2P and the Tor Browser to access more and more of the content they desire. The upside to this is that it will lead to a tremendous increase in resources available to developers and operators of “darkweb” technologies. Eventually the laws passed to thwart unapproved behavior will again make restricting unapproved behavior all but impossible.

Written by Christopher Burg

March 27th, 2018 at 11:00 am

A Security Issue Is Still a Security Issue Even If It’s a Hit Job

with one comment

A series of flaws were revealed in AMD’s line of processors. The aftermath of these kinds of revelations usually involves a lot of people trying to assess the impact and threat. Can the flaws be exploited remotely? If they can be exploited remotely, is there a way to detect if a system has been exploited? What actions can be taken to mitigate these flaws? Instead of the usual assessment, the aftermath of this revelation has been dominated by people claiming that this revelation was actually a hit job secretly instigated by Intel and individuals wanting to manipulate AMD’s stock price:

Here’s a histrionic quote for you: “AMD must cease the sale of Ryzen and EPYC chips in the interest of public safety.”

That’s a real quote from Viceroy Research’s deranged, apoplectic report on CTS Labs’ security allegations against AMD’s Ryzen architecture. The big story today seemed to mirror Meltdown, except for AMD: CTS Labs, a research company supposedly started in 2017, has launched a report declaring glaring security flaws for AMD’s processors. By and large, the biggest flaw revolves around the user installing bad microcode.

There are roots in legitimacy here, but as we dug deep into the origins of the companies involved in this new hit piece on AMD, we found peculiar financial connections that make us question the motive behind the reportage.

The goal here is to research whether the hysterical whitepapers — hysterical as in “crazy,” not “funny” — have any weight to them, and where these previously unknown companies come from.

A lot of people seem to have lost sight of the fact that just because a revelation is a hit job (which I’m not saying this revelation is) doesn’t mean that the revealed exploit isn’t a legitimate exploit. Even if CTS Labs is a company secretly created by Intel for the specific purpose of wrecking AMD’s reputation, the revealed exploits need to be assessed and, if they’re found to be legitimate exploits, addressed.

Written by Christopher Burg

March 15th, 2018 at 10:00 am

Finding Alternatives to Advertisements

without comments

People often make the mistake that many webpages are free but there ain’t no such thing as a free lunch. Most websites still use the age old monetization technique of displaying advertisements. However, advertisements quickly evolved from relatively safe static imagines. They started becoming more annoying. Imagines turned into animations. Animations turned into full video that also played sound. These “enhancements” also requires clients to run code. Needless to say, users started getting annoyed and their annoyance lead to the creation of browser plugins that block advertisements.

Online advertising has turned into an arms race. Website visitors use an ad blocker, advertisers create a method to bypass ad blockers, visitors upgrade their ad blockers to bypass the bypass, and so on. This is leading a lot of people to question whether the online advertisement model can remain feasible. Fortunately, some websites that rely on online advertisements have begun experimenting with alternative revenue sources. Salon, for example, recently launched an experiment where visitors blocking advertisements are given the option to run cryptocurrency mining code in their browser:

Salon.com has a new, cryptocurrency-driven strategy for making money when readers block ads. If you want to read Salon without seeing ads, you can do so—as long as you let the website use your spare computing power to mine some coins.

If you visit Salon with an ad blocker enabled, you might see a pop-up that asks you to disable the ad blocker or “Block ads by allowing Salon to use your unused computing power.”

A lot of people are pissed about this but I, possibly for the first time ever, actually agree with what Salon is doing.

Unlike a lot of sites that are experimenting with running cryptocurrency mining code in visitors’ browsers, Salon is being entirely transparent about doing so. If you visit the site with an ad blocker enabled, you are presented with a very clear option to either disable your ad blocker or run cryptocurrency mining code. If you choose the latter, your computer’s fans will likely kick on as your processor ramps up.

I doubt browser based cryptocurrency mining will be a viable alternative to online advertising. Cryptocurrency mining, as the linked article shows, requires a lot of processing power. On a desktop that isn’t much of a concern. On a laptop or other battery powered device, that increased processor usage will drain the battery quickly. With more computing being done on battery powered devices, anything that noticeably reduces battery life will likely anger visitors. But I’m happy that websites are finally exploring alternatives to advertisements. It’s clear that visitors aren’t happy with the current state of the online advertising model. If website operators want to continue being profitable, they need to find a way to raise money that their visitors find acceptable.

Written by Christopher Burg

February 15th, 2018 at 10:30 am

Postliterate America

without comments

A few science fiction novels explore the concept of a postliterate society. In a postliterate society, reading and writing have been predominantly or entirely replaced by multimedia. Could the United States be transitioning into a postliterate society? The question may have been absurd to ask just a few years ago but I think there is reason today to give the question serious consideration:

I’ll make this short: The thing you’re doing now, reading prose on a screen, is going out of fashion.

We’re taking stock of the internet right now, with writers who cover the digital world cataloging some of the most consequential currents shaping it. If you probe those currents and look ahead to the coming year online, one truth becomes clear. The defining narrative of our online moment concerns the decline of text, and the exploding reach and power of audio and video.

Writing has been the predominant method of recording information since, at least, the fourth millennium BC when cuneiform first emerged (but for all we know there could have been an even older writing system that hasn’t been discovered yet). This shouldn’t surprise anybody. Writing systems have many advantages but one of their biggest advantages is versatility. You can scratch written information into a wet piece of clay, chisel it into stone, mark it on a piece of paper with ink, or record it to a hard drive. Whether you have access to no technology, modern technology, or anything in between, you can write information.

The biggest limitation of alternative forms of recording information such as pictures, audio, and video has been the cost of creating and consuming them. Only in the last century have photo cameras, audio recorders, video cameras, and televisions become widely available. And only only in very recent times have computers powerful enough and software advanced enough to enable individuals to easily create and consume media become widely available. Thanks to those advancements we live in a society where postliteracy is a possibility.

For the cost of even a low spec smartphone any individual can create a video and upload it to YouTube. For a little more money any individual can acquire a computer powerful enough for them to do based video editing. As with computing power, video editing software continues to become cheaper. It also continues to become easier to use and more featureful, which is why so many people are able to harness the power of artificial intelligence to make fake porn videos.

This widespread availability of media creation and consumption technology has already had a tremendous impact. You can find instructional videos online for almost anything you could want to do. Do you want to fix a running toilet? A quick YouTube search will show you tons of videos walking you through how to fix one. Do you want to learn proper squatting form? Once again, a quick YouTube search will result in tons of videos of professional and amateur weight lifters explaining and showing how to properly squat. But the explosion of media hasn’t stopped at instructional videos.

Most political discussion online seem to involve memes, images with a bit of text bolted on. At one time creating and viewing even the simplest of memes was no simple feat. Today there are free websites that allow you to upload a picture and enter some text and it will spit out and even host your meme. In a few seconds you can create and then share your meme with the world without investing anything more than your time.

I’m not saying the United States is a postliterate society at this point but I believe the foundation necessary for such a transition exists and there is evidence to suggest that such a shift could be taking place. Think back to math class when you asked your teacher why you had to learn multiplication tables when you had a calculator that could multiply for you. Your teacher likely said that you wouldn’t always have a calculator with you. Today anybody with a smartphone in their pocket also has a calculator. Soon the same question that has been so often asked about multiplication tables could be often asked about reading and writing. It’s an interesting thing to ponder.

Written by Christopher Burg

February 13th, 2018 at 11:00 am

Posted in Technology

Tagged with

Cellular Phones Aren’t the Only Way to Track People

with 3 comments

A lot of privacy advocates have a habit of developing tunnel vision. They’ll see an obvious privacy violation and fail to see dozens of others. For example, I know a lot of privacy advocates who have developed tunnel vision for cellular phones. Some of these individuals will even leave their cellular phone at home when traveling somewhere thinking that doing so will make invisible to surveillance. However, there is more than one way to track an individual’s movements. How many people who leave their cellular phones at home then immediately get into a uniquely identifiable vehicle?

The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians.

Every vehicle is legally required to have a uniquely identifiable license plate. Image recognition technology has advanced to the point where reading the unique identified on these plats is trivial. Now it’s trivial to create a vehicle tracking system with nothing more than strategically placed cameras that can talk to a central tracking system.

If you want to protect your privacy, you need to take public transportation, right? While this might seem like an obvious answer since public transportation mixes a lot of people together, most public transit systems include video surveillance and facial recognition is now at the point where uniquely identifying somebody’s face is pretty easy. Given enough surveillance cameras, it’s possible to track somebody walking in a city thanks to facial recognition technology.

Surveillance has always been a cat and mouse game. Right now the cat has some new tactics that give it an edge. In order to survive, the mouse must evolve too. The mouse won’t evolve if it succumbs to tunnel vision though.

Written by Christopher Burg

February 2nd, 2018 at 11:00 am

If Your Device Relies on the Cloud, You Don’t Own It

without comments

Towards the end of 2016 Pebble announced that much of it had been acquired by Fitbit. Since Pebble wasn’t doing well financially, news of it being acquired wasn’t surprising. However, Pebble fans had hoped that Fitbit was planning to continue the Pebble line. As is often the case with acquisitions, Fitbit was primarily interested in Pebble’s intellectual property, not its product portfolio. As part of the acquisition Fitbit promised to keep Pebble’s online services running for a while. Yesterday Fitbit announced the date it would be shutting down those services:

But for those who want nothing to do with Fitbit OS development and only care about how long their Pebbles will last, this news is bittersweet. According to Fitbit’s announcement, Pebble devices will continue to work after June 30, but these features will stop working: the Pebble app store, the Pebble forum, voice recognition features, SMS and email replies, timeline pins from third-party apps (although calendar pins will still function), and the CloudPebble development tool.

Pebble fans have been unhappy with the acquisition every since Fitbit announced that it was planning to shutdown Pebble’s online services. However, I think Fitbit was actually pretty decent about the entire thing since it left the online services running for as long as it did and even allowed Pebble developers to push some firmware updates to allowed existing Pebble devices to continue operating in some capacity without the online services. Unfortunately, even with those firmware changes, a lot of Pebble functionality will be crippled once Fitbit turns off the old Pebble servers.

So the lesson people should take away from this is that proprietary devices that rely on proprietary online services aren’t owned property, they’re temporarily licensed products. At any moment the manufacturer can decide to turn off the online services, which will effectively brick or reduce the functionality of the devices that rely on those services. Had the Pebble been an open source product the option would have at least existed for the community to develop new firmware and alternate online services to keep their Pebbles running.

Written by Christopher Burg

January 25th, 2018 at 10:00 am

Posted in Technology

Tagged with

Let’s Put a Remotely Accessible Computer in a Door Lock

without comments

Let’s put a remotely accessible computer in a door lock, what could possibly go wrong?

A HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers. Our understanding is Apple has rolled out a server-side fix that now prevent unauthorized access from occurring while limiting some functionality, and an update to iOS 11.2 coming next week will restore that full functionality.

The Internet of Things (IoT) introduces all sorts of new and interesting exploits. These exploits range from minor, such as your lights turn colors, to severe, such as having your doors unlock for an unauthorized person. Unfortunately, since software is already incredibly complex and becoming more so every day it’s unlikely we’ll see secure IoT devices anytime in the near future. Fortunately, it appears that Apple caught this vulnerability and was able to patch it before it was actively exploited.

Written by Christopher Burg

December 8th, 2017 at 10:00 am

Posted in Technology

Tagged with ,

There’s Hope for the Internet of Things

without comments

Granted, it’s not a lot of hope but it seems like some consumers are actually holding off on buying Internet of Things (IoT) products due to security concerns:

Consumers are uneasy about being watched, listened to, or tracked by devices they place in their homes, consulting firm Deloitte found in a new survey it released Wednesday. Thanks to such discomfort, consumer interest in connected home home technology lags behind their interest in other types of IoT devices, Deloitte found.

“Consumers are more open to, and interested in, the connected world,” the firm said in its report. Noting the concerns about smart home devices, it added: “But not all IoT is created equal.”

Nearly 40% of those who participated in the survey said they were concerned about connected-home devices tracking their usage. More than 40% said they were worried that such gadgets would expose too much about their daily lives.

IoT companies have been extremely lazy when it comes to implementing security, which is a huge problem when their devices provide surveillance capabilities. If enough consumers avoid purchasing insecure IoT devices, IoT companies will be forced to either improve the security of their devices or go into bankruptcy.

Apple has done a good job at easing consumer’s security concerns with its biometric authentication technology. When Touch ID was first introduced, a lot of people were concerned about their fingerprints being uploaded to the Internet. However, Apple was able to east these concerns by explaining how its Secure Enclave chip works and how users’ fingerprints never leave that secure chip. The same technology was used for Face ID. IoT companies can do the same thing by properly securing their products. If, for example, an Internet accessible home surveillance device encrypted all of the data it recorded with a key that only the users possessed, it could provide Internet accessible home surveillance capabilities without putting user data at risk of being accessed by unwanted personnel.

Written by Christopher Burg

November 16th, 2017 at 10:30 am

If Your Device Requires a “Cloud” Service, It’s Not Your Device

without comments

It’s time for a pop quiz. If you purchase a device and its basic functionality relies on a “cloud” service (somebody else’s computer), do you own it?

No, you don’t:

Bricking a device, which usually happens during firmware update gone wrong, is never a good thing. It’s even worse when companies do it to their devices intentionally. According to emails received by users, Logitech will be intentionally bricking all Harmony Link devices via a firmware update as of March 16th, 2018. The bad news was first reported by Bleeping Computer.

According to this Harmony Link review, the device cost $100.00 when it was released. For that $100.00 I’m sure there were a lot of consumers who mistakenly believed that they were buying the device when, in fact, they were merely renting it. Now the owner of those devices, Logitech, is going to turn them off.

Written by Christopher Burg

November 10th, 2017 at 10:00 am

Posted in Technology

Tagged with ,