A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Superdickery’ tag

We Have Spain’s Answer

without comments

Last week Catalonia declared independence. I noted that what happens next will depend on Spain’s response. If Spain decided to ignore Catalonia, the country would realize its independence. If Spain decided to put the boot down on the Catalans’ throats, civil war could erupt. Now we know which direction Spain wants to go:

A Spanish judge has jailed two key members of the Catalan independence movement.

Jordi Sánchez and Jordi Cuixart, who lead prominent separatist groups, are being held without bail while they are under investigation for sedition.

I’m sure this is going to go over well with the Catalans. But I also suspect that Spain is eager to egg the Catalans into a violent response so it has an excuse to send its shock troops in to cleanse the region of any and all dissidents (and non-dissidents that happen to look at the shock troops in the wrong manner).

Once again we see the futility of democracy. If a group of people decide to vote for an option that isn’t approved by their rulers, their “voice” (which is what I’m told votes are) is stifled and, if necessary, the people who voted the wrong way are violently dealt with. There are few cases that I can think of where secession has been accomplished through a ballot box.

Written by Christopher Burg

October 17th, 2017 at 11:00 am

A Grim Start to the Week

without comments

This week started on a low note as far as computer security is concerned. The first bit of new, which was also the least surprising, was that yet another vulnerability was discovered in Adobe’s Flash Player and was being actively exploited:

TORONTO (Reuters) – Adobe Systems Inc (ADBE.O) warned on Monday that hackers are exploiting vulnerabilities in its Flash multimedia software platform in web browsers, and the company urged users to quickly patch their systems to prevent such attacks.

[…]

Adobe said it had released a Flash security update to fix the problem, which affected Google’s Chrome and Microsoft’s Edge and Internet Explorer browsers as well as desktop versions.

If you’re in a position where you can’t possibly live without Flash, install the update. If you, like most people, can live without Flash, uninstall it if you haven’t already.

The next bit of bad security news was made possible by Infineon:

A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers.

The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it’s located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest.

This flaw impacts a lot of security devices including Estonia’s electronic identification cards, numerous Trusted Platform Modules (TPM), and YubiKeys shipped before June 6, 2017. In the case of YubiKeys, the flaw only impacts Rivest–Shamir–Adleman (RSA) keys generated on the devices themselves. Keys generated elsewhere and uploaded to the device should be fine (assuming they weren’t generated with a device that uses the flawed Infineon library). Moreover, other YubiKey functionality, such as Universal 2nd Factor (U2F) authentication, remains unaffected. If your computer has a TPM, check to see if there is a firmware update available for it. If you have an impacted YubiKey, Yubico has a replacement program.

The biggest security news though was the announcement of a new attack against Wi-Fi Protected Access (WPA), the security protocol used to secure wireless networks. The new attack, labeled key reinstallation attacks (KRACKs, get it? I wonder how long it took the researchers to come up with that one.), exploits a flaw in the WPA protocol itself:

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

Fortunately, KRACKs can be mitigated by backwards compatible client and router software updates. Microsoft already released a patch for Windows 10 on October 10th. macOS and iOS have features that make them more difficult to exploit but a complete fix is apparently in the pipeline. Google has stated that it will release a patch for Android starting with its Pixel devices. Whether or not your specific Android device will receive a patch and when will depend on the manufacturer. I suspect some manufacturers will be quick to release a patch while some won’t release a patch at all. Pay attention to which manufacturers release a patch in a timely manner. If a manufacturer doesn’t release a patch for this or doesn’t release it in a timely manner, avoid buying their devices in the future.

Written by Christopher Burg

October 17th, 2017 at 10:00 am

Updating the Propaganda

with 2 comments

The current administration, just like the previous administration, doesn’t like the fact that the plebs have the ability to keep secrets from it. When the previous administration pushed prohibit effective cryptography, it was met with a great deal of resistance. Hoping to avoid the same failure, the current administration is updating its propaganda. It’s not seeking to prohibit effective cryptography, it’s seeking to promote responsible cryptography:

A high-ranking Department of Justice official took aim at encryption of consumer products today, saying that encryption creates “law-free zones” and should be scaled back by Apple and other tech companies. Instead of encryption that can’t be broken, tech companies should implement “responsible encryption” that allows law enforcement to access data, he said.

“Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety,” Deputy Attorney General Rod Rosenstein said in a speech at the US Naval Academy today (transcript). “Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries.”

Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones? He just made effective cryptography sound even more awesome!

Once again this administration is telling the plebs that they have no right to privacy, which tends to go over about as well as a lead balloon with the plebs. Moreover, this recommendation is one way. Notice how under these proposals the plebs aren’t allowed to have any privacy from the government but the government gets to maintain its privacy from the plebs by having legal access to effective cryptography? If the United States government is supposed to be accountable to the people, then by the government’s logic the people should have a means of breaking the government’s encryption as well.

There are two facts about the United States of America. Anybody can sue anybody else for any reason and high ranking officials can make any demands they want. Just as many lawsuits get tossed out due to lack of merit, many demands from high ranking officials are technically impossible. “Responsible encryption,” to use the euphemism, is not technically possible. Encryption is either effective or ineffective. If there is an intentional weakness added to an encryption algorithm then it will be exploited by unintended actors, not just intended actors.

Written by Christopher Burg

October 13th, 2017 at 11:00 am

Why Government Licensing is a Bad Idea

without comments

Everybody seems to be a fan of government licensing until a politician they don’t like abuses it or threatens to abuse it. Donald Trump became upset with NBC because it reported that he said that he wanted a tenfold increase in nuclear weaponry. I wasn’t at the meeting so I can’t say one way or another whether he said that. However, in response to the report, Trump threatened to bring the weight of federal regulations down on NBC:

WASHINGTON — President Trump threatened on Wednesday to use the federal government’s power to license television airwaves to target NBC in response to a report by the network’s news division that he contemplated a dramatic increase in the nation’s nuclear arsenal.

In a story aired and posted online Wednesday morning, NBC reported that Mr. Trump said during a meeting in July that he wanted what amounted to a nearly tenfold increase in the nation’s nuclear weapons stockpile, stunning some members of his national security team. It was after this meeting that Secretary of State Rex W. Tillerson reportedly said Mr. Trump was a “moron.”

Mr. Trump objected to the report in a series of Twitter messages over the course of the day and threatened to use the authority of the federal government to retaliate.

Libel and slander are usually dealt with in court. Normally if somebody believes that they have grounds to retaliate over what somebody else said or wrote, the courts would be the place where they would take their case. But most of us aren’t high ranking members of the State. Those that are have access to other forms of retaliation that doesn’t involve potential roadblocks like juries. One such form of retaliation is licensing. If you’re involved in a business that is required to be licensed by a governmental body, pissing off any petty bureaucrat could result in your licensed being revoked without so much as a bench trial.

I’ve seen a lot of self-declared leftists decry Trump’s threat. A few of them have even recognized that this form of licensing can allow the government to violate the First Amendment. Unfortunately, I expect this recognition to disappear once one of their guys is in power again. At that point self-declared rightists will again recognize the dangers of government licensing and the cycle will continue. Until enough people can recognize the dangers of government licensing for longer than their opponent is in power we’ll never see this practice dismissed.

Written by Christopher Burg

October 12th, 2017 at 10:30 am

The End of Everything Good and Holy

without comments

It seems like every generation is destined to disparage the next generation. This is nothing new. Even the elderly Romans complained about how an easy life has made their successor soft. In the most recent entry of the new generation sucking we have an article wondering if smartphones have destroyed a generation:

Around 2012, I noticed abrupt shifts in teen behaviors and emotional states. The gentle slopes of the line graphs became steep mountains and sheer cliffs, and many of the distinctive characteristics of the Millennial generation began to disappear. In all my analyses of generational data—some reaching back to the 1930s—I had never seen anything like it.
The allure of independence, so powerful to previous generations, holds less sway over today’s teens.

[…]

What happened in 2012 to cause such dramatic shifts in behavior? It was after the Great Recession, which officially lasted from 2007 to 2009 and had a starker effect on Millennials trying to find a place in a sputtering economy. But it was exactly the moment when the proportion of Americans who owned a smartphone surpassed 50 percent.

The more I pored over yearly surveys of teen attitudes and behaviors, and the more I talked with young people like Athena, the clearer it became that theirs is a generation shaped by the smartphone and by the concomitant rise of social media. I call them iGen. Born between 1995 and 2012, members of this generation are growing up with smartphones, have an Instagram account before they start high school, and do not remember a time before the internet. The Millennials grew up with the web as well, but it wasn’t ever-present in their lives, at hand at all times, day and night. iGen’s oldest members were early adolescents when the iPhone was introduced, in 2007, and high-school students when the iPad entered the scene, in 2010. A 2017 survey of more than 5,000 American teens found that three out of four owned an iPhone.

Do you know what destroyed a generation? The printing press! When books stopped being written by hand by monks in monasteries, they become cheaper and more readily available. This lead to more people reading more frequently, which cause them to pass less attention to their social obligations.

That’s the same argument except it would have, and probably did, taken place in the 1440s.

Just as every generation is destined to disparage the next generation, every technological advancement that makes its way into the hands of consumers is destined to be accused of destroying the next generation. Television, video games, and computers were all accused of destroying a generation in recent times. The first generations the grew up with those technologies turned out fine just as the new generation will end up turning out fine. Adoption of new technologies are always disruptive to a point but it seems like humanity has a knack for discovering, rather rapidly, the positives and negative aspects and adopting the former while discarding or working around the latter. As today’s teenagers develop they too will discover the positives and negatives of smartphones and adjust themselves accordingly. Then they’ll be at an age where they can disparage their successors and whatever new technology is being adopted by them at the time.

Written by Christopher Burg

October 11th, 2017 at 11:00 am

Posted in Technology

Tagged with ,

What Happens When You Don’t Own Something

with 2 comments

The cloud is good. The cloud is holy. The cloud is our savior. If you listen to the marketing departments of online service providers and Internet of Things manufacturers, you’d be lead to believe that the cloud will soon cure cancer. While there can be advantages to moving services online there are also major disadvantages. The biggest disadvantage, in my opinion, is the fact that you don’t own anything that is dependent on an online service. People who bought the Canary security camera are learning this lesson the hard way:

Canary, a connected home security camera company, announced changes to its free service last week that went into effect on Tuesday. Under the new terms, non-paying users will no longer be able to freely access night mode on their cameras nor will they be able to record video for later viewing. Night mode is a feature that lets you set a schedule for your Canary camera to monitor your home while you sleep without sending notifications.

On top of that, all the videos the company previously recorded for free will be converted into 10-second clips called “video previews.” Essentially, important features are being taken away from users unless they’re willing to pay $9.99 a month.

People will likely blame this on greed but the real culprit is the lack of ownership. The Canary camera isn’t free but paying money to acquire one doesn’t mean you’re paying money to own it. In reality, you’re paying money for the privilege of paying a monthly fee to tie a camera to an online service. The terms of accessing that online service can change on a whim and, in this case, the change left people who decided not to pay the $9.99 per month fee with a paperweight that used to be a security camera (albeit a limited one).

The Internet of Things means never owning the devices you pay money for and if you don’t own it, you don’t control it.

Written by Christopher Burg

October 10th, 2017 at 10:30 am

With “Friends” Like These

with 2 comments

The National Rifle Association (NRA) has a history of supporting gun rights when its convenient but throwing gun rights under the buss when its politically expedient. That being the case, it probably came as no surprise that the organization expressed support for legal restrictions on bump stocks:

The National Rifle Association has called for “additional regulations” on bump-stocks, a rapid fire device used by the Las Vegas massacre gunman.

The group said: “Devices designed to allow semi-automatic rifles to function like fully-automatic rifles should be subject to additional regulations.”

It would have been nice if the NRA would have at least waited until the fight began before capitulating. Not surprisingly, the Republicans have expressed a willingness to implement such a restriction. Despite their rhetoric, like the NRA, Republicans have a tendency to support gun control whenever opposing it becomes politically inconvenient.

Written by Christopher Burg

October 9th, 2017 at 10:30 am

You Have a Right to an Attorney… Except When You Don’t

without comments

When somebody is arrested they’re given a Miranda warning, which, in addition to a few other things, informs the arrested individual that they have a right to an attorney. However, an individual’s right to an attorney, like every other right, is subject to change whenever it suits the State:

With its case falling apart, the prosecution did something drastic: It asked presiding Judge Andrew Hague to dismiss Rodriguez’s public defender on the grounds that it would not seek jail time. This meant Rodriguez was no longer entitled to a lawyer.

Since the vast majority of misdemeanor cases in Miami-Dade County do not end with a conviction (or subsequent jail time) the prosecutor’s decision not to seek jail time was a minor concession. The public defender objected, arguing that Florida law required Judge Hague to determine whether her removal would disadvantage Mr. Rodriguez. The judge ignored this request and discharged the lawyer.

On April 27, 2016, Rodriguez had his day in court, representing himself. Things did not go well. Rodriguez unwittingly waived his right to a jury trial after Judge Hague failed to explain what was happening. The prosecution’s case rested entirely on the testimony of the arresting officers. But because Rodriguez did not know how to follow up with the public defender’s requests for discovery and depositions, he was unprepared to challenge the officers’ testimony. To make matters worse, Judge Hague repeatedly and loudly berated Rodriguez for not knowing how to ask questions like a lawyer.

This case can be added to the stupidly long list of cases that demonstrate that the court system isn’t about justice.

Being a defendant or a prosecutor in a courtroom requires arcane knowledge. It’s not enough to argue your point, you have to argue it using the proper incantations. Failing to do so will bring the wrath of the man in the muumuu on you. He will declare your statement inadmissible. This is why representation is critical. You need a guy on your side who possesses the arcane knowledge of the courtroom. Without him, most people will be steamrolled by the other side.

Written by Christopher Burg

October 4th, 2017 at 10:30 am

Spain Apparently Wants Civil War

with one comment

The vote on secession in Catalonia has come and gone. The overwhelming majority of voters voted in favor of secession. However, in order to cast that vote they had to risk beatings from Spanish law enforcers:

The Catalan regional government is holding an emergency meeting to discuss the next steps towards declaring independence from Spain, a day after millions of Catalans voted in a tumultuous poll that left more than 800 people injured.

Preliminary results from Sunday’s vote showed that 90% of people cast their ballots in favour of independence, according to the Catalan government.

At least 844 people and 33 police were reported to have been hurt on Sunday after riot police stormed polling stations in a last-minute effort to stop the vote.

This vote wasn’t even binding and Spain’s law enforcers were willing to beat down over 800 people, which really shows Spain’s attitude towards Catalan independence. As far as Spain is concerned, the only way Catalonia is leaving is in a body bag. However, secession appears to be extremely popular in Catalonia so Spain is unlikely to succeed at keeping the people there under its boot indefinitely. If things continue down this road, Spain will eventually have to decide whether it will let Catalonia secede peacefully or require it engage in a civil war. I’m hoping for the former but based on Spain’s actions so far I fear the latter may be inevitable.

Written by Christopher Burg

October 3rd, 2017 at 10:30 am

Like You and Me, Only Better

without comments

You know how I periodically rant about law enforcers being above the law? The Star Tribune is running a multiple part series on Minneapolis law enforcers who have been convicted of criminal offenses but still hold their job:

They are among hundreds of sworn officers in Minnesota who were convicted of criminal offenses in the past two decades yet kept their state law enforcement licenses, according to public records examined by the Star Tribune. Dozens of them are still on the job with a badge, a gun and the public’s trust that they will uphold the law.

The cases reveal a state licensing system that is failing repeatedly to hold officers accountable for reckless, sometimes violent, conduct.

In Minnesota, doctors and lawyers can lose their professional licenses for conduct that is unethical or unprofessional — even if they never break a law. Yet law enforcement officers can stay on the job for years even when a judge or jury finds them guilty of criminal behavior.

As the article notes, people in many fields have their licenses taken for far less than being found guilty of a criminal offense. Furthermore, those individuals don’t even hold the same authority as a law enforcer. A doctor generally isn’t in a position to shoot or kidnap you and they certainly aren’t in a position to shoot your family pets.

Why are law enforcers given so much leeway? To answer that question, we need to point out the primary purpose of law enforcers. The primary purpose of law enforcers is not to serve and protect. They’re revenue generators for the State first and foremost. In order to encourage law enforcers to generate as much revenue as possible they are given a lot of privileges. Departments are often given a share of the loot their officers bring in. When a law enforcer is accused of wrongdoing they are given a paid vacation instead of being left unpaid during the duration of the investigation. Officers who commit an act of violence are usually treated more kindly than you or I would be under the same circumstances. It should come as no surprise that law enforcers are also allowed to continue generating revenue for the State even if they have been found guilty of the very crimes they are supposed to uphold.

Written by Christopher Burg

October 3rd, 2017 at 10:00 am