Category: Technology

Failing to Understand the Real Net Neutrality Problem

The Internet is up in arms over discussions of the Federal Communications Commission (FCC) endorsing tiered Internet access. Solutions are being offered by many but most of those solutions involve some variation of “We need the government to regulate itself in a way that’s favorable to the people instead of its corporate partners!” Such solutions are pointless. There is an article by Davis Morris making its way around the Internet that offers a slightly different solution:

With the announcement by the FCC that cable and telephone companies will be allowed to prioritize access to their customers only one option remains that can guarantee an open internet: owning the means of distribution.

This is what I’m talking about. It’s time that we the people stood up to the FCC and Internet Service Providers (ISP) by seizing their monopoly on distribution. Viva la revolución!

Thankfully an agency exists for this. Local government. Owning the means of distribution is a traditional function of local government.

Oh, my bad. I thought Mr. Morris was going to propose an actual solution not simply another variation of “We need the government to regulate itself!” The root of the net neutrality problem is the institution of government itself. So long as any central organization maintains ownership of the Internet infrastructure the threat of censorship, tiering, and other undesirable restrictions will loom over our heads. What happens if local government take ownership of the infrastructure? The large content providers, such as Comcast (Comcast plays both sides against the middle by being an ISP and a content provider), will simply buy the local governments just as it has bought the federal government.

Mr. Morris’ basic idea, that we need to own the means of distribution, is correct. But his method is wrong. To defeat net neutrality we must put the means of distribution in the peoples’ hands (I never thought I’d see the day that I started sounding like Karl Fucking Marx). I briefly describe the work I’m participating in to bring mesh networking to the Twin Cities. The nice part about mesh networks is that individuals can own the infrastructure. Each person can purchase and maintain as many mesh nodes as they desire and establish a system of federation with other node owners. In other words we need infrastructure anarchy.

Through this method we the people become the literal owners of the means of distribution. The biggest advantage of this is that buying off many people willing to operate mesh nodes is difficult since they are oftentimes motivated by the desire to maintain a free and open Internet. It’s people with such motivations that we want owning and maintaining the means of distribution.

Stop Using Internet Explorer and Upgrade Your Flash Player

Are you one of those people who still uses Internet Explorer as your primary browser? If you are you really need to stop. Seriously. Right fucking now:

Attackers are actively exploiting a previously unknown vulnerability in all supported versions of Internet Explorer that allows them to surreptitiously hijack vulnerable computers, Microsoft warned Sunday.

The zero-day code-execution hole in IE versions 6 through 11 represents a significant threat to the Internet security because there is currently no fix for the underlying bug, which affects an estimated 26 percent of the total browser market. It’s also the first severe vulnerability to target affect Windows XP users since Microsoft withdrew support for that aging OS earlier this month. Users who have the option of using an alternate browser should avoid all use of IE for the time being. Those who remain dependent on the Microsoft browser should immediately install EMET, Microsoft’s freely available toolkit that greatly extends the security of Windows systems.

Internet Explorer has a pretty expansive history of major security flaws. As far as I’m concerned it’s not a safe browser to use in any context. This problem is also worse for people still using Windows XP since Microsoft has finally dropped support for it. By the way, if you’re using Windows XP stop it. Running an operating system that no longer received security updates is asking for trouble.

Also, since I’m on the issue of security news, you also want to upgrade your Adobe Flash Player:

The attacks were hosted on the Syrian Ministry of Justice website at hxxp://jpic.gov.sy and were detected on seven computers located in Syria, leading to theories that the campaign targeted dissidents complaining about the government of President Bashar al-Assad, according to a blog post published Monday by researchers from antivirus provider Kaspersky Lab. The attacks exploited a previously unknown vulnerability in Flash when people used the Firefox browser to access a booby-trapped page. The attackers appear to be unrelated to those reported on Sunday who exploited a critical security bug in Internet Explorer, a Kaspersky representative told Ars.

While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776 and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well.

Flash is another dangerous plugin to have installed. Unfortunately there are still sites that necessitate the use of Flash. My tactic is to disable Flash in every browser except Firefox and use NoScript to block all Flash content I don’t expressly allow. This method does a good job of balancing usability and security in my opinion. Hopefully we will someday live in a world where Flash is no longer used.

Implantable Power Generator for Pacemakers

I subscribe to the idea that our lives are more greatly improved by technological advancements than diminished. For every nefarious use of technology that seems to be a dozen or more positive uses. We’ve effectively eliminated several diseases that once ravished our populations, put a man on the moon, enjoy speedy cooking via microwaves, can preserve food that would naturally spoil in a few days for months, and built devices that can generate power from sunlight. Adding to hour already impressive array of technological advancements is an implantable piezoelectric generator that can power a pacemaker:

(Phys.org) —Researchers from several institutions in the U.S. and one from China have together developed a piezoelectric device that when implanted in the body onto a constantly moving organ is able to produce enough electricity to run a pacemaker or other implantable device. In their paper published in Proceedings of the National Academy of Sciences, the team describes the nature of their device and how it might be used in the future.

The ramifications of this technology stretch far beyond just pacemakers. Any number of implantable devices could theoretically be powered by such a piezoelectric generator so long as the energy requirements were low enough. Imagine an implant for your optical nerves that could general a heads up display that only you could see or an implantable wireless communication device. As these piezoelectric generators improve they could provide more energy just as increases in power efficiency could give us implants that provide very nifty features without requiring great deals of energy.

The Future is Bright

My love-hate relationship with Google continues. On the one hand Google collects as much personal information about its customers as it can in order to sell it to advertisers. On the other hand Google develops some really interesting technology. Its latest endeavor are smart contact lenses:

SAN FRANCISCO — Google’s vision for wearable technology took another ambitious leap forward Thursday when the world’s largest Internet search company announced it is developing a smart contact lens.

The lens measures glucose in tears using a wireless chip and miniaturized glucose sensor. While at a very early stage, Google hopes the technology could help people manage diabetes better.

I have little interest in a lens that can measure glucose levels but I have a lot of interest in where this technology may lead. Someday this technology will likely lead to a contact lens version of Google Glass, that is to say a heads up display. Having a heads up display on contact lenses would offer a means of displaying information over your vision without requiring the use of goofy looking devices on your face. Furthermore it would allow you to conceal the fact that you have a heads up display over your vision, which may come in handy during boring business meetings.

I look forward to our technological future and all of the advantages it will bring and solving the disadvantages it will bring.

Even Your Automobile is Snitching on You

I enjoy the fact that we’re seeing some innovation in the long stagnant automobile market. But said innovation comes at a price. Every new feature that is capable of collecting data about your driving habits is a potential set of loose lips that can get you into trouble. The Vice President of Marketing and Sales at Ford let the cat out of the bag when he publicly announced that his company knows when you’re doing something illegal with your automobile:

Farley was trying to describe how much data Ford has on its customers, and illustrate the fact that the company uses very little of it in order to avoid raising privacy concerns: “We know everyone who breaks the law, we know when you’re doing it. We have GPS in your car, so we know what you’re doing. By the way, we don’t supply that data to anyone,” he told attendees.

His claim that that data isn’t given to anybody is a lie. If somebody holds data the government can issue a subpoena to take it or use the National Security Agency’s (NSA) surveillance apparatus to secretly take it. Furthermore, if Ford ever declares bankruptcy the data that it has collected on its customers will be sold at its asset auction.

The obvious solutions to this problem are to either forgo a new automobile or disable any new vehicle’s tracking and reporting capabilities. If the data is being collected it can be acquired by unauthorized parties. This fact is especially worrisome as the state continues its slow death spiral and beings desperately grasping at any opportunity to expropriate wealth from the people.

Acoustic Cryptanalysis

Can you extract an encryption key by listening to a computer? As it turns out you can:

Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.

It should be noted that GnuPG has fixed this vulnerability. But the method of attack described in this paper is fascinating to read. It also shows that technology still hasn’t surpassed human creativity.

How the State Prevents Progress

Amazon’s announcement that it was experimenting with delivery drones to get packages to customers quickly generated a lot of excitement. Fast package delivery is obviously something people want but, unfortunately, is something people can’t have. Why? For the same reason we can’t enjoy most technological advancements: the state. As it turns out Amazon couldn’t even test its drones in the United States because of Federal Aviation Administration (FAA) restrictions:

When Jeffrey P. Bezos revealed to CBS’s Charlie Rose that Amazon.com was planning for a fleet of whirring octocopters to deliver everyone’s next iPhone case, the video that went along with it showed a prototype drone rising lazily off the ground and floating across green, open fields to reach its destination. It could’ve been anywhere — sunny California, maybe, or somewhere near Seattle. But it was actually neither of those places. Turns out it wasn’t even in the United States.

Spokespeople for Amazon and the Federal Aviation Administration have confirmed that the company chose an international location for its concept video after FAA restrictions prevented them from shooting here. Exactly which lucky country got a cameo is still a mystery; neither official would talk specifics.

This kind of problem occurs more often than you might think. The United States is technologically behind in many areas including manufacturing, medical technology, and automotive technology. We linger behind other countries because many of the technologies are either illegal here or the costs of getting them approved to sell here are too high. But don’t despair, all hope is not lost. I’m sure if Amazon hands enough bundles of cash over to the right politicians and bureaucrats the FAA will be convinced to reconsider the current regulations. This is America, if you want to play you have to pay.

Fabricating Controversy

I’m always amused when non-technology publications attempt to write about technology. They either get the details laughably wrong or they try to drum up controversy over nothing. The Washington Post decided to post an example of the latter:

BROOKLINE, Mass. — Researcher Garth Bruen long has investigated the seamier corners of the Internet, but even he was shocked to discover Rapetube.org, a site urging users to share what it called “fantasy” videos of sexual attacks.

[…]

Sickened, Bruen tried to determine who operated the sites, a first step toward possibly having them shut down. But he quickly hit a wall: The contact information listed for Web sites increasingly is fictitious or intentionally masked by “privacy protection services” that offer ways around the transparency requirements built into the Internet for decades.

Oh. My. God. These pornography sites are so seedy and evil that they’re concealing their WHOIS information! They’re up to no good and this proves it! Except it doesn’t prove anything. Many domain owners utilize privacy services to conceal their personal information from WHOIS look ups. In fact I use such a service. If you do a WHOIS look up for this domain you’ll receive the following response:

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CHRISTOPHERBURG.COM
Registry Domain ID:
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2013-02-26 07:56:55
Creation Date: 2009-03-06 02:30:35
Registrar Registration Expiration Date: 2014-03-06 02:30:35
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller: Hover
Reseller: help@hover.com
Reseller: 416.538.5498
Reseller: http://help.hover.com
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registry Registrant ID:
Registrant Name: Contact Privacy Inc. Customer 0130416343
Registrant Organization: Contact Privacy Inc. Customer 0130416343
Registrant Street: 96 Mowat Ave
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M6K 3M1
Registrant Country: CA
Registrant Phone: +1.4165385457
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: christopherburg.com@contactprivacy.com
Registry Admin ID:
Admin Name: Contact Privacy Inc. Customer 0130416343
Admin Organization: Contact Privacy Inc. Customer 0130416343
Admin Street: 96 Mowat Ave
Admin City: Toronto
Admin State/Province: ON
Admin Postal Code: M6K 3M1
Admin Country: CA
Admin Phone: +1.4165385457
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: christopherburg.com@contactprivacy.com
Registry Tech ID:
Tech Name: Contact Privacy Inc. Customer 0130416343
Tech Organization: Contact Privacy Inc. Customer 0130416343
Tech Street: 96 Mowat Ave
Tech City: Toronto
Tech State/Province: ON
Tech Postal Code: M6K 3M1
Tech Country: CA
Tech Phone: +1.4165385457
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: christopherburg.com@contactprivacy.com
Name Server: NS1.HOVER.COM
Name Server: NS2.HOVER.COM
DNSSEC:

Am I doing something nefarious? No. I simply don’t want my personal address and phone number accessible to anybody with enough know how to type whois christopherburg.com into their command line. Pornographers most likely want the same protection because their business is seen by many in this country as dirty, immoral, and deserving of punishment. In fact this story affirms the value of a WHOIS privacy service. It’s talking about a man who is on a personal crusade against so-called violent pornography websites. While that’s not my particular kink I see no reason to harass pornographers creating fiction for those with more violent fantasies.

Media outlets always try to insinuate that those utilizing anonymity tools are up to no good. In reality most users of anonymity tools merely want to protect their privacy. Time and time again we see media outlets try to drum up controversy over onion routers, encrypted communications, and location hidden services. These attempts are desperate grasps for ratings by old media outlets that are incapable of changing with the times.

Boom or: How I Learned to Stop Worrying and Love the Bomb

I have a sick fascination with nuclear weapons. They symbolize both the creative potential of humanity as well as its destructive capability. The fact that no country has used nuclear weapons since the United States bombed Hiroshima and Nagasaki is also a testament to our species ability to exercise some amount of restraint in our pursuit of destruction. I came across a really interesting time lapse video of every nuclear weapon detonated in the world:

It really does look like a giant dick waving competition between the United States and the Soviet Union.

Healthcare.gov: Defenders of Internet Freedom Need Not Apply

Healthcare.gov has turned out to be quite a fiasco. During the first days of operation I tried to access the site and always received a 403 (unauthorized access) error. I assumed this error was being kicked out because of the site’s general instability. As it turns out, my Internet Protocol (IP) address has been added to Healthcare.gov’s list of banned IP addresses. The reason for this was made apparent on the tor-talk mailing list:

I’ve been running a Tor Relay (not an exit node) from my home for quite a while now, and up to this point have not encountered any issues accessing any sites. However, today I attempted to access https://www.healthcare.gov, and received a HTTP 403 response and a pretty standard 403 message. To test my hypothesis, I also tried accessing the site via the Tor network — and received the same message. In the meanwhile, a friend who does not operate a Tor relay was able to access the site. Could anyone else with a public relay confirm this issue — and if confirmed, would someone from the Tor Project be kind enough to contact the appropriate parties and explain why blocking Tor relays is a silly thing? I’d do it myself… but alas, I cannot reach the site to see who the appropriate parties would be 🙂
Thank you.

In February I setup a Tor relay on a Raspberry Pi, which has been running continuously ever since. The operators of Healthcare.gov have decided to ban any IP address operating a Tor relay, whether it is an exit or non-exit relay, from accessing the site.

It’s not uncommon for websites to block IP addresses operating Tor exit relay. Malicious individuals wanting to attack a site anonymously can and have used the Tor network. But I’m unaware of any website that has blocked IP addresses operating non-exit relays. There’s no reason for doing so since anonymized Tor traffic never exits from a non-exit relay. The only function non-exit relays have is to forward traffic from one node in the Tor network to another node.

The Affordable Care Act (ACA), and by extension Healthcare.gov, are as much political messages as they are laws. By blocking every IP address that is operating a Tor relay the message is effectively this: defenders of Internet freedom need not apply for health insurance. In all likelihood this decision, like most of the decisions revolving around Healthcare.gov, is the result of incompetence, not outright malice. But I also believe this problem is unlikely to be addressed since the current government (from Congress to the presidency to the appointed bureaucrats) has demonstrated an opposition to Internet anonymity.