A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Technology’ tag

The Environmentally Friendly Internal Combustion Engine

without comments

Most environmentalists believe that the world’s worst polluter, the State, is the only way to save the environment. They scoff when you mention the environmentally friendly advances that have been made by market actors. Worse yet, they often disparage market advancements that have greatly improved the environment, such as the internal combustion engine:

The internal-combustion engine began improving the environment, however, long before global warming became a concern. Consider the fact that in 1900 a large percentage of the available horsepower really was horse power, or mule power, or ox power. As the power of the internal-combustion engine began to be substituted for animal power in the early 1900s, we began to substitute the emissions coming out of the tailpipes of cars and trucks for those coming out of the tailpipes of animals. The result was that the environment started becoming far cleaner and healthier.

Consider horse manure’s effect on the environment and health of New Yorkers in 1900. Robert Fogel, a Nobel Prize-winning economic historian, writes:

We complain a lot about air pollution today, but there were 200,000 horses in New York City, at the beginning of the 20th century defecating everywhere. And when you walked around in New York City, you were breathing pulverized horse manure—a much worse pollutant, than the exhausts of automobiles. Indeed in the United States, the automobile was considered the solution to the horse problem because pulverized horse manure carried a lot of deadly pathogens.

No serious person denies that photochemical smog from gas-powered vehicles is a health risk. It would be silly to do so. It would be even sillier, however, to deny Fogel’s observation that the air and water pollution from horse manure was a far greater health risk than the pollution from cars and trucks. Diseases such as cholera, typhoid, typhus, yellow fever, and diphtheria were responsible for the deaths of tens of thousands of Americans in the early twentieth century. As cars and trucks began replacing horses and other beasts of burden, these deaths began to decline dramatically. Medical improvements get some of the credit, but most of the credit during the early decades of the twentieth century goes to the reduced filth in the environment from animal waste.

People forget the past. Environmentalists, who often rant about how much more environmental damage humans are causing today than in the past, seem to have forgotten just how terrible living conditions were barely a century ago. Humanity’s agricultural knowledge was far more limited, which means farmers commonly practiced more damaging forms of agriculture. Horses were the primary mode of transportation, which introduced a great amount of biological contaminants to metropolitan areas. Trash was often discarded in place instead of collected and moved to a designated dump.

Our species has come a long ways in terms of environmentalism and not because of the State but because of rational self-interest. Having a cleaner environment benefits us so market forces have been hard at work reducing humanity’s environmental impact. This hard work continues today. Energy production continues to cause environmental damage. While the State has continued to hinder cleaner forms of energy production such as nuclear power plants, the market has been hard at work making more power efficient devices. Devices that use less energy reduce the load on power production facilities, which means less new facilities have to be built to meet demands. Mining is another activity that causes notable environmental damage and the market is once again responding. Apple has announced that it will rely on recycled materials instead of newly mined materials and other companies are likely to follow suit.

Environmentalists should be cheering the market, not condemning it.

Written by Christopher Burg

April 27th, 2017 at 10:30 am

License, Please

with one comment

Occupational licenses are sold to the public as a mechanism for protecting consumers from fraudulent providers. Licenses don’t actually provide such protections since they’re just pieces of paper. More importantly, they can actually reduce protections since their existence convinces people that actual protections, such as regular inspections by private independent inspection organizations, aren’t as necessary. So what purpose do occupational licenses server? They serve as a source of revenue for the State as well as a mechanism for it to lash out at its critics:

In September 2014, Mats Järlström, an electronics engineer living in Beaverton, Oregon, sent an email to the state’s engineering board. The email claimed that yellow traffic lights don’t last long enough, which “puts the public at risk.”

“I would like to present these facts for your review and comments,” he wrote.

This email resulted not with a meeting, but with a threat. The Oregon State Board of Examiners for Engineering and Land Surveying responded with this dystopian message:

“ORS 672.020(1) prohibits the practice of engineering in Oregon without registration … at a minimum, your use of the title ‘electronics engineer’ and the statement ‘I’m an engineer’ … create violations.”

In January of this year, Järlström was officially fined $500 by the state for the crime of “practicing engineering without being registered.”

How dare he practice engineering without a license? The audacity of this criminal scum!

You almost have to admire the vindictive nature of the State. An individual came forward offering information that could potentially lead to the correction of a bug in a system and the State slaps him with a fine for daring to question its authority. Welcome to America, the freest goddamn country on Earth!

Written by Christopher Burg

April 26th, 2017 at 10:00 am

The Benevolence of Government

without comments

Last year the government granted itself permission to widen the scope of warrants when any form of anonymity tools is involved in a case. This expansion, commonly referred to as Rule 41, allows government agents to acquire a warrant that authorizes them to remotely access any computer using, for example, Tor to conceal either its physical location or its users physical locations. Needless to say, the privacy community wasn’t thrilled when news of this expansion broke.

But the privacy community is, unfortunately, relatively small. The government doesn’t really care about it. It’s far more interested in convincing the masses that this expansion of power is a good thing. To demonstrate the value of this power the Federal Bureau of Investigations (FBI) requested and received a warrant to remotely access systems that were infected with a botnet so it could clean the malware:

Mass hacking seems to be all the rage currently. A vigilante hacker apparently slipped secure code into vulnerable cameras and other insecure networked objects in the “Internet of Things” so that bad guys can’t corral those devices into an army of zombie computers, like what happened with the record-breaking Mirai denial-of-service botnet. The Homeland Security Department issued alerts with instructions for fending off similar “Brickerbot malware,” so-named because it bricks IoT devices.

And perhaps most unusual, the FBI recently obtained a single warrant in Alaska to hack the computers of thousands of victims in a bid to free them from the global botnet, Kelihos.

[…]

The FBI sought the 30-day warrant to liberate victims through a new procedural rule change that took effect in December amid worries among privacy advocates that the update would open a new door for government abuse. But the first use of the amendments to Rule 41 of the Federal Rules of Criminal Procedure has assuaged fears, at least for the moment, because the feds used their power to kill a botnet.

How benevolent of the FBI!

This is, of course, a purely propagandistic move. Now when some pesky privacy advocate brings up the heinous nature of Rule 41 the federal government can point to this case and berate the advocate for wanting to help botnet operators. It’s a classic maneuver with a proven track record.

Written by Christopher Burg

April 25th, 2017 at 10:30 am

How to Save Yourself $400

without comments

How do you take a boring old consumer appliance like a juicer and spice it up? By putting a chip in it, of course! That is the philosophy behind most Internet of Things (IoT) products. But before you can toss a chip in you need to give the consumers a reason why having a chip in their appliance will literally revolutionize their Web 3.0 existences.

Juicero was yet another bad idea made possible by Silicon Valley venture capital. The idea was to take a regular juicer, make it not be a juicer, add Wi-Fi, and charge an arm and a leg for proprietary juice bags. Basically, it’s a juicer that doesn’t actually juice but includes a chip for Wi-Fi and DRM. But wait, there’s more! Not only does the product include a bunch of stupid features but it also costs an arm and a leg! However, some clever super elite hacker has already found a way to bypass the need for Juicero’s expensive appliance:

Doug Evans, the company’s founder, would compare himself with Steve Jobs in his pursuit of juicing perfection. He declared that his juice press wields four tons of force—“enough to lift two Teslas,” he said. Google’s venture capital arm and other backers poured about $120 million into the startup. Juicero sells the machine for $400, plus the cost of individual juice packs delivered weekly. Tech blogs have dubbed it a “Keurig for juice.”

But after the product hit the market, some investors were surprised to discover a much cheaper alternative: You can squeeze the Juicero bags with your bare hands.

Apparently the “Steve Jobs of juicing perfection” didn’t have the resources to hire somebody who could foresee consumers just squeezing the proprietary juice bags. While there are a lot of valid criticisms against Steve Jobs, it’s difficult to deny that he had a knack for hiring talented people. Doug Evens, on the other hand, apparently lacks that knack. But he did managed to sucker $120 million out of backers so his ability to make money is certainly there.

Adding Internet connectivity makes sense for a lot of products but many IoT companies don’t seem to be asking why it makes sense to add connectivity to their products. Instead, they seem to be adding connectivity to regular products for marketing reasons (it’s not just a juicier, it’s a smart juicer) so consumers will buy them in spite of the other limitations put into place to lock users into the manufacturer’s “platform.” Fortunately, clever people tend to find ways to bypass the platform lock-in and all of us can laugh at $120 million being flushed down the toilet.

Written by Christopher Burg

April 20th, 2017 at 10:00 am

Man Arrested for Hacking Without Hacking Anybody

without comments

One of the more bizarre concepts in the United States legal system is that one can go to jail for providing a means for other people to commit crimes. Take Taylor Huddleston, for example. He was arrested because he wrote some tools used by malicious hackers:

The visitors were from the FBI, and after a 90-minute search of his house, they left with his computers, only to return two months later with handcuffs. Now free on bond, Huddleston, 26, is scheduled to appear in a federal courtroom in Alexandria, Virginia on Friday for arraignment on federal charges of conspiracy and aiding and abetting computer intrusions.

Huddleston, though, isn’t a hacker. He’s the author of a remote administration tool, or RAT, called NanoCore that happens to be popular with hackers. NanoCore has been linked to intrusions in at least 10 countries, including an attack on Middle Eastern energy firms in 2015, and a massive phishing campaign last August in which the perpetrators posed as major oil and gas company. As Huddleston sees it, he’s a victim himself—hackers have been pirating his program for years and using it to commit crimes. But to the Justice Department, Huddleston is an accomplice to a spree of felonies.

Brian Krebs offered a bit more legal analysis than the Daily Beast article. If you’re wondering why the Federal Bureau of Investigations (FBI) went after Huddleston for writing a remote administration tool and not, say, TeamViewer, it’s because he advertised his product on a hacker forum:

Huddleston makes the case in Poulsen’s story that there’s a corporate-friendly double standard at work in the government’s charges, noting that malicious hackers have used commercial remote administration tools like TeamViewer and VNC for years, but the FBI doesn’t show up at their corporate headquarters with guns drawn.

But Nixon notes that RATs sold on Hackforums are extremely dangerous for the average person to use on his personal computer because there are past cases when RAT authors divert infected machines to their own botnet.

Now that you have the history of the case and the legal analysis, I’m going to provide the libertarian analysis.

Let’s assume the FBI’s accusation that Huddleston build a remote administration tool specifically for the malicious hacker market is true. Under libertarianism a crime doesn’t exist unless a victim exists so who were Huddleston’s victims? The people whose computers were hacked? While they were victims, they were victims of the malicious hackers, not Huddleston.

“But, Chris,” I hear some statist exclaim, “he built a tool used by hackers?!” That doesn’t matter. The existence of the tool itself is not a crime. A gun manufacturer isn’t charged with conspiracy and aiding and abetting a murderer when one of its guns is used by a murderer. An automobile manufacturer isn’t charged with conspiracy and aiding and abetting a bank robbery when one of its automobiles is used as a getaway car for a gang of bank robbers. So why are software tools treated differently?

I can hear our statist interrupting us again, “But, Chris, guns and automobiles have legitimate purposes! Hacker tools don’t!” First of all, that’s not true. Hacker tools have legitimate purposes. They’re often used by penetration testers. Second of all, that doesn’t matter. Every tool can be used for legitimate and illegitimate purposes. A gun can be used to defend an innocent life or to take one. An automobile can be used to drive to work or as a getaway vehicle for a crime. A remote administration tool can be used by a support technician to fix a user’s problem remotely or to configure a computer for botnet activities. Tools have no morality, only users do.

Under the arbitrary legal system us denizens of the United States suffer, manufacturers of certain tools can be charged for aiding and abetting criminals who used those tools while manufacturers of other tools can’t be. The only thing that determines whether a manufacturer can or can’t be charged is the opinion of a body of politicians. If they believe that the tools you manufacture have legitimate purposes, you might enjoy legal protections. If not, you might find yourself being arrested by the FBI because somebody used one of the tools you made to commit a crime. Under libertarian principles, a person can only be charged with a crime when a victim can be directly tied to their actions. What I can’t figure out is why most people seem to find an entirely arbitrary legal system more favorable than a consistent one.

Written by Christopher Burg

April 6th, 2017 at 11:00 am

The Internet of Things Means Not Owning Your Devices

without comments

Every consumer product can be made better by connecting it to the Internet, right? If you prefer licensing your products instead of owning them then that may be the case. However, if you’re like me and believe that you should own the products you buy, then that may not be the best idea.

A poor schmuck purchased an Internet connected garage door opener then later ran afoul with the company’s support has learned a valuable lesson about the difference between licensing and ownership:

Denis Grisak, the man behind the Internet-connected garage opener Garadget, is having a very bad week. Grisak and his Colorado-based company SoftComplex launched Garadget, a device built using Wi-Fi-based cloud connectivity from Particle, on Indiegogo earlier this year, hitting 209 percent of his launch goal in February. But this week, his response to an unhappy customer has gotten Garadget a totally different sort of attention.

On April 1, a customer who purchased Garadget on Amazon using the name R. Martin reported problems with the iPhone application that controls Garadget.

[…]

Grisak then responded by bricking Martin’s product remotely, posting on the support forum:

Martin,
The abusive language here and in your negative Amazon review, submitted minutes after experiencing a technical difficulty, only demonstrates your poor impulse control. I’m happy to provide the technical support to the customers on my Saturday night but I’m not going to tolerate any tantrums.

At this time your only option is return Garadget to Amazon for refund. Your unit ID 2f0036… will be denied server connection.

Welcome to the Internet of Things where any device can be remotely bricked by an angry service provider!

When it comes to Internet connected devices I ask two questions. First, is the device being provided by a company that has a good security track record? Second, what benefits would I derive from connecting that device to the Internet?

The first question is important to ask about any device that will be connected to the Internet because you don’t want your Internet connected coffee pot to become part of a botnet or act as a gateway for a malicious actor to access your network. While the second question is subjective, I believe it’s important to consider. Why, for example, would I want my garage door opener to connect to the Internet? I only want the garage door to open when I’m entering or leaving the garage. For me, there is no value in being able to open my garage door while I’m sitting at work. Furthermore, having to unlock my phone and open an app takes longer than pressing a button on a remote control attached to my vehicle’s visor. So an Internet connected garage door ends up being less convenient for me than a regular one. Answering the second question just saved me a potential security vulnerability in my network and the possibility of having my device bricked by a pissy provider (not to mention it probably saved me some money).

Written by Christopher Burg

April 6th, 2017 at 10:30 am

CryptoPartyMN Meeting Tonight

without comments

For those of you who don’t know, CryptoPartyMN is a group that focuses on teaching individuals how to utilize secure communication tools. We meet every other week and host a few hands-on workshops each year. With the sudden concern about privacy as it related to Internet Service Providers (ISP) tonight’s meeting will discuss Virtual Private Networks (VPN).

If you’re interested in learning about defending your privacy against your ISP please feel free to join us.

Written by Christopher Burg

April 4th, 2017 at 11:00 am

Posted in Events

Tagged with , ,

Private Solutions to Government Created Problems

without comments

Earlier this week the United States Congress decided to repeal privacy protection laws that it had previous put into place on Internet Service Providers (ISP). While a lot of people have been wasting their time begging their representatives masters with phone calls, e-mails, and petitions, private companies have begun announcing methods to actually protect their users’ privacy. In the latest example of this, Pornhub announced that it will turn on HTTPS across its entire site:

On April 4, both Pornhub and its sister site, YouPorn, will turn on HTTPS by default across the entirety of both sites. By doing so, they’ll make not just adult online entertainment more secure, but a sizable chunk of the internet itself.

The Pornhub announcement comes at an auspicious time. Congress this week affirmed the power of cable providers to sell user data, while as of a few weeks ago more than half the web had officially embraced HTTPS. Encryption doesn’t solve your ISP woes altogether—they’ll still know that you were on Pornhub—but it does make it much harder to know what exactly you’re looking at on there.

As the article points out, your ISP will still be able to tell that you accessed Pornhub, since Domain Name Server (DNS) lookups are generally not secured, but it won’t be able to see what content you’re accessing. As for DNS lookups, solutions are already being worked on to improve their security. Projects like DNSCrypt, which provides encrypted DNS lookups, are already available.

If you want to protect your privacy you can’t rely on the State’s regulations. First, the State is the worst offender when it comes to surveillance and the consequences of its surveillance are far worse. Sure, your ISP might sell some of your data but the State will send men with guns to your home to kidnap you and probably shoot your dog. Second, as this situation perfectly illustrates, government regulations are temporary. The government implemented the privacy regulations and then took them away. It may restore them again in the future but there’s no guarantee it won’t repeal them again. Any government solution is temporary at best.

Cryptography offers a permanent solution that can protect Internet users from both their snoopy ISP and government. HTTPS and DNSCrypt will continue to work regardless of the state of privacy regulations.

Written by Christopher Burg

March 31st, 2017 at 10:00 am

Incompetency Will Solve Everything

without comments

Computer security has become a hot topic, which I appreciate since it was almost completely ignored for such a long time. Unfortunately, as with any hot topic, politicians are forcing themselves into the conversation. Two members of Congress have come up with the wonderful idea of putting the Federal Communications Commission (FCC) in charge of regulating computer security:

Two Democrats in Congress are imploring FCC head Ajit Pai to address cybersecurity issues in the United States, arguing vulnerabilities in cellular networks infringe on citizens’ liberties and pose a “serious threat” to national security. Sen. Ron Wyden and Rep. Ted Lieu penned a letter to Pai laying out known issues in modern communications systems and asking the FCC to step in. However, that’s unlikely to happen.

Putting an agency of one of the single most incompetent organizations, one with networks that are supposedly too old to secure, on Earth in charge of computer security? What could go wrong!

This is the problem with letting people who are clueless about a subject talk seriously about regulating it. I’ll at least give Mr. Lieu some credit for having a degree that involves computers. But a computer science degree alone doesn’t make one an expert in computer security and, as far as I know, Mr. Lieu didn’t work in the industry so his knowledge on the subject, if he has any, is likely entirely theoretical.

But we live in a democracy, which means that whatever the plurality of voters, in this case members of Congress, say is literally law. It doesn’t matter how unqualified the voters are. It doesn’t matter how idiotic the idea being voted on is. The only thing that matters is whether the majority of voters say yay or nay.

Written by Christopher Burg

March 29th, 2017 at 10:30 am

Political Solutions Don’t Work

without comments

A lot of people here in the United States are flipping out because the rulers are voting to allow Internet Service Providers (ISP) to sell customer usage data:

A US House committee is set to vote today on whether to kill privacy rules that would prevent internet service providers (ISPs) from selling users’ web browsing histories and app usage histories to advertisers. Planned protections, proposed by the Federal Communications Commission (FCC) that would have forced ISPs to get people’s consent before hawking their data – are now at risk. Here’s why it matters.

It amazes me that more people seem to be upset about private companies selling their usage information for profit than providing their usage data to law enforcers so the wrath of the State’s judicial system can be brought upon them. Personally, I’m far more concerned about the latter than the former. But I digress.

This vote demonstrates the futility of political solutions. At one point the privacy laws were put into place by the State. The process of getting those laws put into place probably involved a lot of begging and kowtowing from the serfs. But Congress and the presidency have been shuffled around and the new masters disagree with what the former masters did so all of that begging and kowtowing was for nothing.

The problem with political solutions is that they’re temporary. Even if you can get the current Congress and president to pass laws that will solve your particular problems, it’s only a matter of time until Congress and the presidency changes hands and undoes the laws you begged so hard to have passed.

If you want a problem solved you have to solve it yourself. In the case of Internet privacy, the best defense against snoopy ISPs is to utilize a foreign Virtual Private Network (VPN) provider that respects your privacy and is in a country that is difficult for domestic law enforcement to coerce. Using a VPN will deprive your ISP, and by extent domestic law enforcement, of your usage data.

Written by Christopher Burg

March 28th, 2017 at 11:00 am