Superdickery – Page 23 – A Geek With Guns

The Job of a Politician Is to Whine about Productive People Not Being Productive Enough

The government of China recently attempted to bolster the Great Firewall of China by prohibiting virtual private network (VPN) software. This prohibition caused Apple to remove VPN clients from its App Store in China. Now two senators want to know why Apple didn’t do more to thwart this move by China:

Apple CEO Tim Cook wasn’t pleased about pulling VPN software from the company’s App Store in China, but this July, it happened anyway. As a result, many users who once counted on such software to dodge the country’s Great Firewall were left to their own devices (and we’ve explored the situation at length here). Now, senators Ted Cruz (R-TX) and Patrick Leahy (D-VT) have called on Cook in a letter to explain in detail how that process went down, out of concern that Apple is “enabling the Chinese government’s censorship and surveillance of the internet.”

The letter (which can be read in full here) poses 10 questions to the Apple CEO. It asks (among other things) whether Apple formally commented on the Chinese government’s Cybersecurity Law when it was presented as a first draft, whether Chinese authorities requested Apple removed the VPN apps, whether Apple has made any attempt to reintroduce said apps, and how many apps were removed in total. (A report from the BBC when the apps first disappeared put the count at around 60.)

Here’s what I want to know. What did Ted Cruz and Patrick Leahy do to stop the Chinese government from tightening its grip on the country’s Internet? As senators they have access to the full power of the United States government so I assume they wielded it against China when it announced plans to ban VPN software. Is my assumption incorrect? Are Cruz and Leahy demanding that Apple do something that they didn’t even though they were and are in a better position to do so? Say it ain’t so!

Once again we see that the job of a politician is to whine about productive people not being productive enough. I guarantee if Apple had pushed even harder against China’s VPN ban that Cruz and Leahy would have still been upset that the company didn’t do enough because there is no satisfying politicians. They’re parasites that’ll continue to take while providing nothing of value in return.

Spain’s Clever Plan to Thwart Catalan Secession

Spain has decided that it has had just about enough of the Catalans wanting to split. In response Spain has decided to take away the regions autonomy:

Spain is to start suspending Catalonia’s autonomy from Saturday, as the region’s leader threatens to declare independence.

The government said ministers would meet to activate Article 155 of the constitution, allowing it to take over running of the region.

Catalonia’s leader said the region’s parliament would vote on independence if Spain continued “repression”.

I’m sure this will convince the Catalans to stop striving for secession. After all, people who are actively trying to secede tend to respond really well when more of their rights are taken away from them.

It’s a Feature, Not a Bug

A judge recently discovered that there is no backup for the evidence database used by the New York Police Department (NYPD):

As part of an ongoing legal battle to get the New York City Police Department to track money police have grabbed in cash forfeitures, an attorney for the city told a Manhattan judge on October 17 that part of the reason the NYPD can’t comply with such requests is that the department’s evidence database has no backup. If the database servers that power NYPD’s Property and Evidence Tracking System (PETS)—designed and installed by Capgemini under a $25.5 million contract between 2009 and 2012—were to fail, all data on stored evidence would simply cease to exist.

[…]

Last year, NYPD’s Assistant Deputy Commissioner Robert Messner told the City Council’s public safety committee that “attempts to perform the types of searches envisioned in the bill will lead to system crashes and significant delays during the intake and release process.” The claim was key to the department’s refusal to provide the data accounting for the approximately $6 million seized in cash and property every year. As of 2013, according to the nonprofit group Bronx Defenders, the NYPD was carrying a balance sheet of more than $68 million in cash seized.

Convenient. In fact this is convenient enough for me to suspect that the lack of a backup is a feature, not a bug. Government agencies always seem to find a way to design a system in such a way that it is difficult for it to comply with data requests that could reveal embarrassing information about it. I’m sure NYPD would rather not have everybody knowing just how much cash it has stolen from people over the years. If there is especially corrupt activity going on in NYPD, which wouldn’t surprise me, being able to trash the entire evidence database would also be handy if a thorough investigation into the agency was started.

What’s Mine is Mine. What’s Yours is Mine Too.

The United States is a nation of laws and in a nation of laws everybody is equal under the law! If I had a dollar for every time somebody has said that to me, I’d own my own private sovereign island. But I don’t receive a dollar for every time somebody says that to me and everybody isn’t equal under the law here in the United States. If you’re an employee of the government, you have some special legal privileges. For example, if you work for the Internal Revenue Service (IRS), you can confiscate somebody’s property even if they haven’t been found guilty of a crime:

Oh Suk Kwon, who left South Korea for America in 1976, served as a fleet mechanic in the U.S. Army. After four years in the military, decades of working in an electrical plant and as an auto mechanic, after raising the kids and seeing them off to their adult lives, Kwon finally bought a gas station in Ellicott City in 2007. It meant everything to him.

Just a few years after he opened it, zealous government investigators fishing for criminals seized all of the station’s money on a hunch — and wiped the family out.

No, they weren’t money launderers or terrorists or mobsters or tax evaders. The government found no evidence of criminal activity.

But after the investigation ended, after the gas station went under, and Kwon’s wife died amid the stress of it all, after he moved from his neighborhood in shame and the Internal Revenue Service changed its policy so no other small business would get steamrolled this way — the agency won’t give Kwon his money back.

That’s $59,117.47 the IRS is holding on to.

I’ve mentioned the IRS’s use of laws against structuring, breaking up single deposits greater than $10,000 into multiple deposits under $10,000, to attack small businesses. Structuring laws were supposedly passed to thwart tax evaders but most individuals accused of structuring were doing it because a bank teller told them that if they didn’t break up their large deposits, they would have to fill out a bunch of additional paperwork. In other words, they were accused of a crime they didn’t even know existed.

But the IRS hasn’t given a shit about intent. The letter of the law has allowed the agency to confiscate money from small businesses (large businesses can afford a dedicated legal team and are therefore more of a hassle for the IRS to go after) so it has done exactly that. When it is later revealed that the accused individual was committing structuring because they were unaware of the law and were even advised to do so by their bank teller, the IRS points to the letter of the law to avoid having to give the back.

If everybody was equal under the law, the people could steal money from the IRS just as it steals money from them. But everybody isn’t equal under the law. The IRS and other government bodies can steal from you but you cannot steal from them.

We Have Spain’s Answer

Last week Catalonia declared independence. I noted that what happens next will depend on Spain’s response. If Spain decided to ignore Catalonia, the country would realize its independence. If Spain decided to put the boot down on the Catalans’ throats, civil war could erupt. Now we know which direction Spain wants to go:

A Spanish judge has jailed two key members of the Catalan independence movement.

Jordi Sánchez and Jordi Cuixart, who lead prominent separatist groups, are being held without bail while they are under investigation for sedition.

I’m sure this is going to go over well with the Catalans. But I also suspect that Spain is eager to egg the Catalans into a violent response so it has an excuse to send its shock troops in to cleanse the region of any and all dissidents (and non-dissidents that happen to look at the shock troops in the wrong manner).

Once again we see the futility of democracy. If a group of people decide to vote for an option that isn’t approved by their rulers, their “voice” (which is what I’m told votes are) is stifled and, if necessary, the people who voted the wrong way are violently dealt with. There are few cases that I can think of where secession has been accomplished through a ballot box.

A Grim Start to the Week

This week started on a low note as far as computer security is concerned. The first bit of new, which was also the least surprising, was that yet another vulnerability was discovered in Adobe’s Flash Player and was being actively exploited:

TORONTO (Reuters) – Adobe Systems Inc (ADBE.O) warned on Monday that hackers are exploiting vulnerabilities in its Flash multimedia software platform in web browsers, and the company urged users to quickly patch their systems to prevent such attacks.

[…]

Adobe said it had released a Flash security update to fix the problem, which affected Google’s Chrome and Microsoft’s Edge and Internet Explorer browsers as well as desktop versions.

If you’re in a position where you can’t possibly live without Flash, install the update. If you, like most people, can live without Flash, uninstall it if you haven’t already.

The next bit of bad security news was made possible by Infineon:

A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers.

The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it’s located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest.

This flaw impacts a lot of security devices including Estonia’s electronic identification cards, numerous Trusted Platform Modules (TPM), and YubiKeys shipped before June 6, 2017. In the case of YubiKeys, the flaw only impacts Rivest–Shamir–Adleman (RSA) keys generated on the devices themselves. Keys generated elsewhere and uploaded to the device should be fine (assuming they weren’t generated with a device that uses the flawed Infineon library). Moreover, other YubiKey functionality, such as Universal 2nd Factor (U2F) authentication, remains unaffected. If your computer has a TPM, check to see if there is a firmware update available for it. If you have an impacted YubiKey, Yubico has a replacement program.

The biggest security news though was the announcement of a new attack against Wi-Fi Protected Access (WPA), the security protocol used to secure wireless networks. The new attack, labeled key reinstallation attacks (KRACKs, get it? I wonder how long it took the researchers to come up with that one.), exploits a flaw in the WPA protocol itself:

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

Fortunately, KRACKs can be mitigated by backwards compatible client and router software updates. Microsoft already released a patch for Windows 10 on October 10th. macOS and iOS have features that make them more difficult to exploit but a complete fix is apparently in the pipeline. Google has stated that it will release a patch for Android starting with its Pixel devices. Whether or not your specific Android device will receive a patch and when will depend on the manufacturer. I suspect some manufacturers will be quick to release a patch while some won’t release a patch at all. Pay attention to which manufacturers release a patch in a timely manner. If a manufacturer doesn’t release a patch for this or doesn’t release it in a timely manner, avoid buying their devices in the future.

Updating the Propaganda

The current administration, just like the previous administration, doesn’t like the fact that the plebs have the ability to keep secrets from it. When the previous administration pushed prohibit effective cryptography, it was met with a great deal of resistance. Hoping to avoid the same failure, the current administration is updating its propaganda. It’s not seeking to prohibit effective cryptography, it’s seeking to promote responsible cryptography:

A high-ranking Department of Justice official took aim at encryption of consumer products today, saying that encryption creates “law-free zones” and should be scaled back by Apple and other tech companies. Instead of encryption that can’t be broken, tech companies should implement “responsible encryption” that allows law enforcement to access data, he said.

“Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety,” Deputy Attorney General Rod Rosenstein said in a speech at the US Naval Academy today (transcript). “Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries.”

Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones? He just made effective cryptography sound even more awesome!

Once again this administration is telling the plebs that they have no right to privacy, which tends to go over about as well as a lead balloon with the plebs. Moreover, this recommendation is one way. Notice how under these proposals the plebs aren’t allowed to have any privacy from the government but the government gets to maintain its privacy from the plebs by having legal access to effective cryptography? If the United States government is supposed to be accountable to the people, then by the government’s logic the people should have a means of breaking the government’s encryption as well.

There are two facts about the United States of America. Anybody can sue anybody else for any reason and high ranking officials can make any demands they want. Just as many lawsuits get tossed out due to lack of merit, many demands from high ranking officials are technically impossible. “Responsible encryption,” to use the euphemism, is not technically possible. Encryption is either effective or ineffective. If there is an intentional weakness added to an encryption algorithm then it will be exploited by unintended actors, not just intended actors.

Why Government Licensing is a Bad Idea

Everybody seems to be a fan of government licensing until a politician they don’t like abuses it or threatens to abuse it. Donald Trump became upset with NBC because it reported that he said that he wanted a tenfold increase in nuclear weaponry. I wasn’t at the meeting so I can’t say one way or another whether he said that. However, in response to the report, Trump threatened to bring the weight of federal regulations down on NBC:

WASHINGTON — President Trump threatened on Wednesday to use the federal government’s power to license television airwaves to target NBC in response to a report by the network’s news division that he contemplated a dramatic increase in the nation’s nuclear arsenal.

In a story aired and posted online Wednesday morning, NBC reported that Mr. Trump said during a meeting in July that he wanted what amounted to a nearly tenfold increase in the nation’s nuclear weapons stockpile, stunning some members of his national security team. It was after this meeting that Secretary of State Rex W. Tillerson reportedly said Mr. Trump was a “moron.”

Mr. Trump objected to the report in a series of Twitter messages over the course of the day and threatened to use the authority of the federal government to retaliate.

Libel and slander are usually dealt with in court. Normally if somebody believes that they have grounds to retaliate over what somebody else said or wrote, the courts would be the place where they would take their case. But most of us aren’t high ranking members of the State. Those that are have access to other forms of retaliation that doesn’t involve potential roadblocks like juries. One such form of retaliation is licensing. If you’re involved in a business that is required to be licensed by a governmental body, pissing off any petty bureaucrat could result in your licensed being revoked without so much as a bench trial.

I’ve seen a lot of self-declared leftists decry Trump’s threat. A few of them have even recognized that this form of licensing can allow the government to violate the First Amendment. Unfortunately, I expect this recognition to disappear once one of their guys is in power again. At that point self-declared rightists will again recognize the dangers of government licensing and the cycle will continue. Until enough people can recognize the dangers of government licensing for longer than their opponent is in power we’ll never see this practice dismissed.

The End of Everything Good and Holy

It seems like every generation is destined to disparage the next generation. This is nothing new. Even the elderly Romans complained about how an easy life has made their successor soft. In the most recent entry of the new generation sucking we have an article wondering if smartphones have destroyed a generation:

Around 2012, I noticed abrupt shifts in teen behaviors and emotional states. The gentle slopes of the line graphs became steep mountains and sheer cliffs, and many of the distinctive characteristics of the Millennial generation began to disappear. In all my analyses of generational data—some reaching back to the 1930s—I had never seen anything like it.
The allure of independence, so powerful to previous generations, holds less sway over today’s teens.

[…]

What happened in 2012 to cause such dramatic shifts in behavior? It was after the Great Recession, which officially lasted from 2007 to 2009 and had a starker effect on Millennials trying to find a place in a sputtering economy. But it was exactly the moment when the proportion of Americans who owned a smartphone surpassed 50 percent.

The more I pored over yearly surveys of teen attitudes and behaviors, and the more I talked with young people like Athena, the clearer it became that theirs is a generation shaped by the smartphone and by the concomitant rise of social media. I call them iGen. Born between 1995 and 2012, members of this generation are growing up with smartphones, have an Instagram account before they start high school, and do not remember a time before the internet. The Millennials grew up with the web as well, but it wasn’t ever-present in their lives, at hand at all times, day and night. iGen’s oldest members were early adolescents when the iPhone was introduced, in 2007, and high-school students when the iPad entered the scene, in 2010. A 2017 survey of more than 5,000 American teens found that three out of four owned an iPhone.

Do you know what destroyed a generation? The printing press! When books stopped being written by hand by monks in monasteries, they become cheaper and more readily available. This lead to more people reading more frequently, which cause them to pass less attention to their social obligations.

That’s the same argument except it would have, and probably did, taken place in the 1440s.

Just as every generation is destined to disparage the next generation, every technological advancement that makes its way into the hands of consumers is destined to be accused of destroying the next generation. Television, video games, and computers were all accused of destroying a generation in recent times. The first generations the grew up with those technologies turned out fine just as the new generation will end up turning out fine. Adoption of new technologies are always disruptive to a point but it seems like humanity has a knack for discovering, rather rapidly, the positives and negative aspects and adopting the former while discarding or working around the latter. As today’s teenagers develop they too will discover the positives and negatives of smartphones and adjust themselves accordingly. Then they’ll be at an age where they can disparage their successors and whatever new technology is being adopted by them at the time.

What Happens When You Don’t Own Something

The cloud is good. The cloud is holy. The cloud is our savior. If you listen to the marketing departments of online service providers and Internet of Things manufacturers, you’d be lead to believe that the cloud will soon cure cancer. While there can be advantages to moving services online there are also major disadvantages. The biggest disadvantage, in my opinion, is the fact that you don’t own anything that is dependent on an online service. People who bought the Canary security camera are learning this lesson the hard way:

Canary, a connected home security camera company, announced changes to its free service last week that went into effect on Tuesday. Under the new terms, non-paying users will no longer be able to freely access night mode on their cameras nor will they be able to record video for later viewing. Night mode is a feature that lets you set a schedule for your Canary camera to monitor your home while you sleep without sending notifications.

On top of that, all the videos the company previously recorded for free will be converted into 10-second clips called “video previews.” Essentially, important features are being taken away from users unless they’re willing to pay $9.99 a month.

People will likely blame this on greed but the real culprit is the lack of ownership. The Canary camera isn’t free but paying money to acquire one doesn’t mean you’re paying money to own it. In reality, you’re paying money for the privilege of paying a monthly fee to tie a camera to an online service. The terms of accessing that online service can change on a whim and, in this case, the change left people who decided not to pay the $9.99 per month fee with a paperweight that used to be a security camera (albeit a limited one).

The Internet of Things means never owning the devices you pay money for and if you don’t own it, you don’t control it.