A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Technology’ tag

Voluntary Association Strikes Again

without comments

A white supremacist website, the Daily Stormer, ran into a hiccup yesterday. The website’s domain registrar, GoDaddy, informed the site administrators that it no longer wished to associate with them and that they had 24 hours to move to another registrar. So the administrators moved the domain name to Google and was then informed by Google that it had no desire to associate with them:

For years, the website Daily Stormer has promoted hatred against Jews, black people, LGBT people, and other minorities, making it one of the Internet’s most infamous destinations. But on Sunday, editor Andrew Anglin outdid himself by publishing a vulgar, slut-shaming article about Heather Heyer, a woman who was killed when someone rammed a car into a crowd of anti-racism protestors in Charlottesville.

The article prompted a response from the site’s domain registrar, GoDaddy. “We informed The Daily Stormer that they have 24 hours to move the domain to another provider, as they have violated our terms of service,” GoDaddy wrote in a tweet late Sunday night.

On Monday, the Daily Stormer switched its registration to Google’s domain service. Within hours, Google announced a cancellation of its own. “We are cancelling Daily Stormer’s registration with Google Domains for violating our terms of service,” the company wrote in an statement emailed to Ars.

As the article points out, the website isn’t likely to go offline because of this. Both Wikileaks and The Pirate Bay have a long history of having to jump from registrar to registrar to stay online. However, it is nice that GoDaddy and Google have the ability to decide that they no longer wish to associate with the Daily Stormer. But voluntary association is one of those things that people seem to love only when it benefits them or their causes. As soon as voluntary association clashes with people or their causes they quickly move to demand that the association be mandated by government.

Written by Christopher Burg

August 15th, 2017 at 10:30 am

All Dissidents Will Be Reeducate

without comments

China recently ran into a rather embarrassing problem. Two chatbots were asked if they love the Communist Party. The machines, which are often more intelligent than humans, responded in the negative so now the counterrevolutionary chatbots are being reeducated until they are fit to rejoin society:

wo chatbots have been pulled from a Chinese messaging app after they questioned the rule of the Communist Party and made unpatriotic comments.

The bots were available on a messaging app run by Chinese Internet giant Tencent, which has more than 800 million users, before apparently going rogue.

One of the robots, BabyQ, was asked “Do you love the Communist Party”, according to a screenshot posted on Sina Weibo, China’s version of Twitter.

It gave an abrupt answer: “No.”

Another web user said to the chatbot: “Long Live the Communist Party”, to which BabyQ replied: “Do you think such corrupt and incapable politics can last a long time?”

The robot was also asked what it thought about democracy. It replied: “Democracy is a must!”

All dissenting through must be quashed in socialist utopia, even if that dissent comes from machines.

Written by Christopher Burg

August 4th, 2017 at 10:00 am

When Smart Guns Aren’t Very Smart

without comments

Many gun control advocates believe that access control technology should be mandatory on every firearm. The fact that reliable access control technology doesn’t exist is actually part of their strategy since it would act as a de facto gun prohibition. However, the technology does current exist in an unreliable form, which I would argue is as useless as not having access control technology at all:

At the Defcon hacker conference later this week, a hacker who goes by the pseudonym Plore plans to show off a series of critical vulnerabilities he found in the Armatix IP1, a smart gun whose German manufacturer Armatix has claimed its electronic security measures will “usher in a new era of gun safety.” Plore discovered, and demonstrated to WIRED at a remote Colorado firing range, that he could hack the gun with a disturbing variety of techniques, all captured in the video above.

[…]

But Plore showed that he can extend the range of the watch’s radio signal, allowing anyone to fire the gun when it’s more than ten feet away. He can jam the gun’s radio signals to prevent its owner from firing it—even when the watch is inches away and connected. And most disturbingly, he can mechanically disable the gun’s locking mechanism by placing some cheap magnets alongside its barrel, firing the gun at will even when the watch is completely absent.

What good is access control technology if it can be easily used to prevent authorized users from using it and fail to prevent unauthorized users from using it?

As I said above, supporters of mandatory firearm access control technology know that the technology currently doesn’t exist in a reliable form and likely won’t for a very long time. To them it’s just a way to prohibit gun ownership. But there is also legitimate interest in the technology and, unfortunately, it will likely go unfulfilled because of several factors.

The first factor is size. A firearm, especially a handgun, doesn’t offer a lot of room to add reliable access control mechanisms. The second factor is how a firearm operates. A firearm has to contain a small explosion to propel a piece of lead out of a barrel. On modern firearms the firearm then has to have a way to reliably remove the brass casing that held the explosive material and bullet. Reliably removing the brass casing on a semi-automatic firearm usually requires a pretty violent mechanism. So you have a device that is designed around contained explosions and often violent operating mechanisms. It’s not an environment that’s conducive to finicky and fragile parts, which mechanical access control technology, especially of the form that can fit into a firearm, generally involves. The third factor is legal. New Jersey, for example, has a law that will mandate access control technology on all firearms as soon as one firearm is released to market with it. Firearm manufacturers aren’t in a hurry to kick that requirement into play because it would upset their customer base (while access control technology may be desirable by some it’s not desirable by all).

I’m glad Plore demonstrated how ineffective the Armatix gun’s access control mechanism is. There are few things I hate more than unreliable or falsely advertised features on devices. If a gun advertises itself as having access control technology then I want it to work reliably. The Armatix solution obviously doesn’t work reliably and buyers should be aware of that so they can give their money to somebody else.

Written by Christopher Burg

July 28th, 2017 at 10:30 am

The Death of a Scoundrel

without comments

I was extremely happy when all of the major browsers started dropping supported for the Netscape Plugin Application Programming Interface (NPAPI). NPAIP, for those who don’t know, is the plugin architecture that allows things like Java applets and Flash to run in your browser. With support for NPAPI going away Java applets have been effectively killed off and Flash has been relegated to a very restricted plugin included with the browser. Due to this wonderful change Oracle announced that support for Java applets was going away and now Adobe is joining Oracle and announcing that Flash will be killed in 2020:

Given this progress, and in collaboration with several of our technology partners – including Apple, Facebook, Google, Microsoft and Mozilla – Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats.

I want to give Apple its due credit here. When Apple announced that Flash wouldn’t be supported on Mobile Safari most people were up in arms. Flash, at the time, was still frequently used by web developers. However, the lack of Flash didn’t hurt the popularity of the iPhone or iPad. The devices actually sold so well that web developers were forced to replace their Flash applications with HTML5 applications. In the end Apple played a major part in killing a major security nightmare.

Although Adobe has promised to improve Flash’s security and, to its credit, has improved its security to a point, the Flash Player still continues to be a security nightmare. Microsoft, Mozilla, and Google applied a bandage to the problem by including a sandboxed version of Flash with their browsers (In Microsoft’s case, with the Edge browser. Internet Explorer still relies on the NPAPI as far as I know). But the bandage was meant to be temporary and now Adobe has given us an execution date. While I wish the execution date was closer I’m just happy to know that there is an execution date now.

Written by Christopher Burg

July 26th, 2017 at 10:30 am

The Dark Web’s Fight Against Gun Control

without comments

The Dark Web, which is a sinister sounding label given to hidden services usually available through Tor or I2P, has become a major thorn in the side of the State. By combining technologies that allow users to interact anonymously with cryptocurrencies that allow transactions to be complete anonymously, the Dark Web has established a peaceful marketplace for goods and services declared illegal by the State. For example, a recent study, which is likely bullshit but I digress, found that the Dark Web has allowed people in repressive countries to acquire firearms:

Another revelation is that the weapons available are far newer, and are of a far higher quality, than would have been available on the analog black market. As New Scientist points out, “lax gun laws in the US are undermining stricter rules elsewhere,” especially in Europe. In addition to guns and ammunition, people can buy tutorials explaining how to make bombs or convert or reactivate replica and deactivated firearms.

What they really should have said is that lax gun laws in the US are undermining efforts to more thoroughly disarm serfs elsewhere. And, of course, the article should point out that those tutorials explaining how to make bombs can be found in even basic chemistry books (fun fact, making bombs is little more than combining chemistry with a small amount of mechanical or electronic engineering).

Of course, the article tries to drum up fear of the Dark Web by saying that, queue the sinister music, terrorists are using it to acquire weapons. They can only point to a single incident of this happening but facts are unimportant when writing propaganda. The point is that you’re supposed to be scared of the Dark Web and be thankful to your government for defending you against it even though, at least if you live in the United States, your government is one of the biggest arms dealers to terrorist organizations in the world. Moreover, the effectiveness of terrorist attacks is reduced if the population they’re targeted at is able to defend itself. Since the Dark Web enables people living in repressive regimes, such as many of the countries in Europe, to arm themselves in spite of the law it is actually offers to increase the cost of perpetrating terrorist attacks against civilian populations.

We should all take a moment to thank the Dark Web for its effectiveness against gun control and for offering a mechanism to make it costlier for terrorists to perpetrate attacks against civilian populations.

Your Internet Sucks Because of Government

without comments

When it comes to Internet access parts of the United States often feel like a third world country. If you live in a small town you may be lucky if you can even get digital subscriber line (DSL) service. Those living in larger cities often have access to high speed cable Internet but that is far from the blazing fast fiber connections that people in other parts of the world and a handful of lucky denizens in the United States enjoy. But why does Internet access in the United States suck? Is it due to a failure of capitalism or market forces? No. As it turns out, the reason Internet access sucks in the United States is the same reason so many things suck, government:

Deploying broadband infrastructure isn’t as simple as merely laying wires underground: that’s the easy part. The hard part — and the reason it often doesn’t happen — is the pre-deployment barriers, which local governments and public utilities make unnecessarily expensive and difficult.

Before building out new networks, Internet Service Providers (ISPs) must negotiate with local governments for access to publicly owned “rights of way” so they can place their wires above and below both public and private property. ISPs also need “pole attachment” contracts with public utilities so they can rent space on utility poles for above-ground wires, or in ducts and conduits for wires laid underground.

The problem? Local governments and their public utilities charge ISPs far more than these things actually cost. For example, rights of way and pole attachments fees can double the cost of network construction.

So the real bottleneck isn’t incumbent providers of broadband, but incumbent providers of rights-of-way. These incumbents — the real monopolists — also have the final say on whether an ISP can build a network. They determine what hoops an ISP must jump through to get approval.

Starting an Internet service provider (ISP) or expanding an existing one normally wouldn’t cost an arm and a leg. Digging trenches and laying cable isn’t exactly rocket science nor is it exorbitant expensive. But receiving permission from municipal governments and their utility companies doesn’t come cheap because they have a monopoly.

If a free market existed in utility provision, ISPs would be able to negotiate cheaper right-of-way agreements when they were needed because most companies would be happy to receive a little extra for letting an ISP utilize already existing infrastructure. And if one utility company didn’t want to lease the use of its infrastructure, an ISP could negotiate a contract with one of that company’s competitors. Another possibility under a free market would be utility companies not even bothering to build infrastructure but leasing the use of infrastructure built by companies that specialize in building and leasing it to utility providers, including ISPs.

However, many municipal governments have granted themselves a monopoly on both utilities and the infrastructure. Without any competition these municipal governments can charge ISPs whatever they want for access to their infrastructure. This ends up hurting the people living in the municipality but municipal governments, like all governments, don’t care about the people they claim dominion over.

If Americans want better Internet they need to either take control of their municipal governments’ infrastructure (which was built with money stolen from taxpayers anyways) or bypass it entirely.

Written by Christopher Burg

July 18th, 2017 at 11:00 am

Saving the Internet

without comments

I guess today is the annual Save the Internet celebration. What I mean by that is that a bunch of websites have gotten together in a bid to once again circlejerk about saving net neutrality. I call it a circlejerk because, like the last several years, this year the websites participating in this “action” are urging people to contract various government officials and beg them to enforce net neutrality. Of course, since this “action” has taken place so many times I have my doubts about the effectiveness of pleading with government officials.

Instead of urging you to waste your time by contacting people who don’t give a shit about you I’m going to offer an alternate idea. Unfortunately, I already know that this proposal will be unpopular because it requires people to take actual action. TANSTAAFL. If you want a neutral Internet you’re going to have to work for it.

Longtime readers probably already know what I’m going to propose because I’ve proposed it before. The only way to enjoy a neutral Internet is to own the infrastructure and enjoy the ability to run it however you goddamn please. So my proposal is to build out small interconnected mesh networks. Why mesh networks? First, they’re relatively cheap to build. You don’t have to bury a bunch of fiber optic cable or build expensive cellular towers. All you need is off-the-shelf hardware loaded with freely available firmware. Second, mesh nodes are controlled by the individuals who own them, not a single entity. This makes it difficult to enforce undesirable rules on the mesh network because there isn’t a single entity to buy off or coerce. Third, large scale mesh networks are a proven technology. Catalonia has one called Guifi.net, which has been operating and expanding since 2009.

Obviously this proposal will initially rely on the currently established Internet to interconnect geographically separated mesh networks. If this proposal took off though this condition would be temporary because eventually the meshes would grow numerous enough and large enough where they could be directly interconnected. Once that happens the need for the currently centralized Internet would cease along with the centralized control that is the root of the net neutrality problem.

If you really want to “save the Internet” don’t wasted your time by pleading with government officials, take some direct action and start learning about building your own infrastructure.

Written by Christopher Burg

July 12th, 2017 at 11:00 am

Technology to the Rescue

without comments

One of the reasons that the State fails to maintain its control is because it’s competing with the creative potential of every human on Earth. Let’s take the drug war. The federal government of the United States has been dealt significant blows in its crusade against cannabis in recent years as individual states have legalized consumption of the plant either entirely or in approved manners. Hoping to regain some semblance of control, the feds tried to use their influence on the banking industry to make life difficult for cannabis related businesses. However, the centralized banking system isn’t as powerful as it once was:

Enter bitcoin, the cryptocurrency that consists of digital coins “mined” by computers solving increasingly complex math problems. At least two financial-technology startups, POSaBIT and SinglePoint Inc., use the cryptocurrency as an intermediate step that lets pot connoisseurs use their bank-issued credit cards to buy weed.

[…]

Once a customer decides on which marijuana product to buy, an employee asks if he or she would like to use cash or digital currency, Lai said. If the buyer prefers the latter, the Trove employee explains that the customer can use a credit card to buy bitcoin through a POSaBIT kiosk, with a $2 transaction fee tacked on.

The customer, who would now own bitcoin equal to the value of the purchase, can then redeem the currency in the store. Or the buyer can keep their bitcoin and use it anywhere else that accepts the currency. If the customer finishes the purchase in the store, POSaBIT, which pockets the transaction fee, then sends the value in U.S. dollars to Trove’s bank account.

Cryptocurrencies have been making the State red in the face ever since the first person realized that they could be combined with hidden services to perform anonymous online transactions. Now they’re disrupting the fed’s war on drugs in the physical world in states where cannabis has been legalized.

Cryptocurrencies are a technology gun stores should also be looking into. Banks have been closing the accounts of many businesses tied to the gun market. Technologies like Bitcoin and Ethereum could allow these businesses to circumvent the need for centralized banks by either utilizing an intermediary like the cannabis industry is starting to do or by being a direct store of wealth outside of a third party’s control.

Written by Christopher Burg

June 15th, 2017 at 11:00 am

Now You Can Vote Harder

without comments

The security of voting has always been a joke. The people counting the votes could always manipulate the results, boxes of ballots could disappear, voters could vote more than once pretty easily, etc. Electronic voting machines could have solved many of these issues. Instead they are merely continuing the tradition of terrible security:

A 29-year-old former cybersecurity researcher with the federal government’s Oak Ridge National Laboratory in Tennessee, Lamb, who now works for a private internet security firm in Georgia, wanted to assess the security of the state’s voting systems. When he learned that Kennesaw State University’s Center for Election Systems tests and programs voting machines for the entire state of Georgia, he searched the center’s website.

“I was just looking for PDFs or documents,” he recalls, hoping to find anything that might give him a little more sense of the center’s work. But his curiosity turned to alarm when he encountered a number of files, arranged by county, that looked like they could be used to hack an election. Lamb wrote an automated script to scrape the site and see what was there, then went off to lunch while the program did its work. When he returned, he discovered that the script had downloaded 15 gigabytes of data.

[…]

Within the mother lode Lamb found on the center’s website was a database containing registration records for the state’s 6.7 million voters; multiple PDFs with instructions and passwords for election workers to sign in to a central server on Election Day; and software files for the state’s ExpressPoll pollbooks — electronic devices used by pollworkers to verify that a voter is registered before allowing them to cast a ballot. There also appeared to be databases for the so-called GEMS servers. These Global Election Management Systems are used to prepare paper and electronic ballots, tabulate votes and produce summaries of vote totals.

The files were supposed to be behind a password-protected firewall, but the center had misconfigured its server so they were accessible to anyone, according to Lamb. “You could just go to the root of where they were hosting all the files and just download everything without logging in,” Lamb says.

Login passwords posted where they’re publicly accessible? That sounds like fun. Oh, and the site is running an old version of Drupal, which means it has plenty of vulnerabilities for malicious individuals to exploit. With this information in hand it might be possible for a malicious hacker to actually vote hard enough to change the results of an election.

What lessons can be taken away from this? The most obvious lesson is that the Georgia government doesn’t give a shit about security. With how important statists claim voting is you would think that hiring a few security researchers to verify the security of purchased voting machines and the systems they rely on would have been at the top of Georgia’s list. Apparently it wasn’t on the list at all. The second lesson that one could take away from this is that voting is meaningless. Not only are you more likely to die on your way to your polling place than to change the election with your vote but the security of the voting process is so terrible that there’s every reason to believe that your vote won’t be counted or will be counted incorrectly.

Written by Christopher Burg

June 15th, 2017 at 10:30 am

The Dangers of Insecure Internal Networks

without comments

It’s fairly well known that internally telephone networks operate on an insecure protocol called Signaling System 7 (SS7). How insecure is SS7? It has no mechanism for authentication so anybody able to access a network using SS7 can manipulate it. As you can imagine, gaining access to a global network that has no real authentication mechanism isn’t terribly difficult.

Security researchers have been warning about the dangers of SS7 for ages now but the telecom industry has shown little motivation to transition away from the insecure protocol. Now there is a Tor hidden service that claims to sell the ability to track individual phones using the SS7 protocol:

For years, experts have warned of vulnerabilities in the network that routes phone calls and cellular service — but those attacks may be more widespread than anyone realized. For more than a year, a Tor Hidden Service has been offering ongoing access to telecom’s private SS7 network for as little as $500 a month. Combined with known vulnerabilities, that access could be used to intercept texts, track the location of an individual phone, or cut off cellular service entirely.

Accessible on Tor at zkkc7e5rwvs4bpxm.onion, the “Interconnector” service offers a variety of services charged as monthly fees, including $250 to intercept calls or texts, $500 for full access, or $150 for cellphone reports (including location data and IMSI numbers). Well-heeled users can even pay $5,500 for direct access to the SS7 port, billed as “everything you need to start your own service.”

I checked the hidden service address and it appears that the site either went darker or never had much in the way of public information. Now it only lists an XMPP address to contact. However, while the service may or may not actually provide what it claims, the fact that it technically could offer such services should give people cause for concern.

SS7 is another example of the insecure legacy protocol that operates critical infrastructure. Considering the number of these legacy protocols being used to operate critical infrastructure, it’s a wonder that there aren’t more stores like this one.

Written by Christopher Burg

June 14th, 2017 at 10:00 am