A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Technology’ tag

Open Source Software and Private Property

without comments

I’ve lamented periodically about the fact that consumers don’t own the software they “buy.” When you “buy” a piece of software, you’re usually entering into a license agreement, and an extremely one-sided agreement at that. However, there is respite from this onslaught against the concept of ownership and, ironically, it comes from a model that is usually claimed to be communistic by both its proponents and critics. That respite is open source software.

Open source software is the only software that you can seriously claim to own. While not all open source software licenses are equal, most of them do allow you to modify the code in whatever way you desire. With the source code in hand and the right to modify it at will, you can make whatever changes you want to an application. If a developer drops support for the application, you can either continue to support it yourself or hire a third-party to continue supporting it for you. If you’re not happy with a change a developer made, you can remove that change while still potentially including other added functionality that you did want. If the application is designed to be run on a server, you can host the application on your own server if you so desire.

In this way a movement that is usually considered communistic has done a better job of enabling private property rights over software than the model that is usually considered capitalistic.

Written by Christopher Burg

May 22nd, 2018 at 11:00 am

Posted in News You Need to Know

Tagged with

Hardware is Cheaper than Developer Time

without comments

Is your application performing poorly? Just throw more hardware at it! This attitude has become mainstream thanks to the widespread availability of cheap hardware and the high cost of developer time. Why pay a team of developers tens or hundreds of thousands of dollars to improve the performance of an application when you can buy a handful of relatively cheap servers and still be able to provide the performance your customers need?

What’s interesting about this equation is that consumers have been mostly shielded from it. However, when this equation does impact consumers, it usually raises some important questions:

Capcom will give Japanese Switch owners a chance to play last year’s Resident Evil 7 on the Switch later this week. But the port will only be playable as an online stream running on Capcom’s own servers, rather than a downloaded version that would run directly on the Switch’s relatively low-powered hardware.

[…]

But such a port would have required time and programming resources that Capcom might not have been willing to spare. With cloud streaming, on the other hand, getting the game onto the Switch is likely just a matter of setting up some servers to run the existing PC version, then writing a simple client to stream inputs and video/audio to and from the Switch. Streaming to the Switch means not having to compromise on graphical detail, but it could lead to stuttering and frame rate issues if the Internet connection isn’t absolutely solid.

Nintendo has been at a disadvantage for the last several console generations. Its consoles have been less powerful than its competitors, which has contributed to developers not porting games to Nintendo’s consoles. When games have been ported, developer time had to be invested in down scaling the game enough to run on the less powerful hardware.

With the widespread availability of high-speed Internet connectivity, an alternative strategy to porting a game directly has become possible. Instead of porting the game itself, the game can be run on more powerful hardware and the video can be streamed to the player. This would theoretically allow any game to run on almost any platform. A user could just as easily stream the game on their Switch as their phone.

But the universe abhors perfection so this strategy naturally has trade offs. The most obvious of these trade offs is latency. If the game is being run on a remote server, every button pressed by the player must be transmitted to that server. Even with a high-speed Internet connection that latency can be noticeable, especially for extremely fast paced games. But the more sinister trade off in my opinion is the fact that players can’t own the game since it exists exclusively on remote servers. At some point Capcom will decide that continuing to operate the Biohazard 7 servers is costing more money than the game is making. When that happens, the servers will be turned off and the players who paid for the game will no longer be able to play it.

I’ve lamented about the fact that consumers own fewer of the products they “buy.” The idea that paying a producer money for a product resulted in exclusive ownership has been replaced by the idea of licensing. You don’t purchase a tractor, you pay to license the software that runs on it and John Deere just happens to throw in the hardware for free. In the case of Biohazard 7, gamers aren’t buying the game, they’re paying for the privilege to stream the game for as long as Capcom allows.

Written by Christopher Burg

May 22nd, 2018 at 10:30 am

Posted in Technology

Tagged with

Tracking Your Pieces of Flair

without comments

Some people mistakenly believe that if they don’t carry a cell phone, government agents can’t track them. While cell phones are convenient tracking devices, they aren’t the only tool in the State’s toolbox. Law enforcers have been using license plate scanners for years now. Such scanners can track the whereabouts of every vehicle in the department’s territory. And since license plate scanners are technological devices, they are improving in capabilities:

On Tuesday, one of the largest LPR manufacturers, ELSAG, announced a major upgrade to “allow investigators to search by color, seven body types, 34 makes, and nine visual descriptors in addition to the standard plate number, location, and time.”

Plus, the company says, the software is now able to visually identity things like a “roof rack, spare tire, bumper sticker, or a ride-sharing company decal.”

Even obscuring or changing your license plate won’t work if you have, like so many Americans, covered your car in unique pieces of flair.

I’m sure some people, thinking that they’re very clever, have already come up with the strategy of not driving their vehicle. After all, if you don’t have a cell phone or a personal vehicle, the government can’t track you, right? Wrong again.

EFAIL

without comments

A vulnerability was announced yesterday that affects both OpenPGP and S/MIME encrypted e-mails. While this was initially being passed off as an apocalyptic discovery, I don’t think that it’s scope is quite as bad as many are claiming. First, like all good modern vulnerabilities, it has a name, EFAIL, and a dedicated website:

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

The weakness isn’t in the OpenPGP or S/MIME encryption algorithms themselves but in how mail clients interact with encrypted e-mails. If your e-mail client is configured to automatically decrypt encrypted e-mails and allows HTML content to be displayed, the encrypted potion of your e-mail could be exfiltrated by a malicious attacker.

I generally recommend against using e-mail for secure communications in any capacity. OpenPGP and S/MIME are bandages applied to an insecure protocol. Due to their nature as a bolted on feature added after the fact, they are unable to encrypt a lot of data in your e-mail (the only thing they can encrypt is the body). However, if you are going to use it, I generally recommend against allowing your client to automatically decrypt your encrypted e-mails. Instead at least require that your enter a password to decrypt your private key (this wouldn’t defend against this attack if your client is configured to display HTML e-mail content but it would prevent malicious e-mails from automatically exfiltrating encrypted content). Better yet, have your system setup in such a manner where you actually copy the encrypted contents of an e-mail into a separate decryption program, such as the OpenPGP command line tools, to view the secure contents. Finally, I would recommend disabling the ability to display HTML e-mails in your client if you are at all concerned about security.

If you perform the above practices, you can mitigate this attack… on your system. The real problem is, as always, other people’s systems. While you may perform the above practices, you can’t guarantee that everybody with whom you communicate will as well. If an attacker can exploit one party, they will generally get the e-mails sent by all parties. This is why I’d recommend using a communication tool that was designed to be secure from the beginning, such as Signal, over e-mail with OpenPGP or S/MIME. While tools like Signal aren’t bulletproof, they are designed to be secure by default, which makes them less susceptible to vulnerabilities created by an improper configuration.

Written by Christopher Burg

May 15th, 2018 at 11:00 am

Eight Percent of the Time It Works Every Time

without comments

The Transportation Security Agency (TSA) is the embodiment of government incompetence. It has failed 95 percent of red team exercises, which doesn’t bode well for the agency’s general ability to detect weapons before air travelers are able to enter the “secure” area of an airport. However, the United States doesn’t have a monopoly on government incompetence. The United Kingdom (UK) also has its own program that has a failure rate of 90 percent:

A British police agency is defending (this link is inoperable for the moment) its use of facial recognition technology at the June 2017 Champions League soccer final in Cardiff, Wales—among several other instances—saying that despite the system having a 92-percent false positive rate, “no one” has ever been arrested due to such an error.

Of course nobody has been arrested due to a false positive. When a system has a false positive rate of 92 percent it’s quickly ignored by whomever is monitoring it.

False positives can be just as dangerous as misses. While misses allow a target to avoid a detection system, false positives breed complacency that quickly allows false positives to turn into misses. If a law enforcer is relying on a system to detect suspects and it constantly tells him that it found a suspect but hasn’t actually found a suspect, the law enforcer quickly ignores any report from the system. When the system does correctly identify the suspect, there’s a good chance that the law enforcer monitoring it won’t even bother to look at the report to verify it. Instead they’ll just assume it’s another false positive and continue sipping their tea or whatever it is that UK law enforcers do most of the time.

Written by Christopher Burg

May 9th, 2018 at 10:00 am

The Subtle Ways Technology Shapes Our Lives

with 3 comments

Some schools in the United Kingdom have announced that they’re removing analog clocks because students are unable to read them:

Some U.K. schools are ditching analog clocks from test rooms because a generation of kids raised on digital clocks can’t read them and are getting stressed about time running out during tests, London’s Telegraph reports.

“The current generation aren’t as good at reading the traditional clock face as older generations,” Malcolm Trobe, deputy general secretary of the U.K.’s Association of School and College Leaders, told The Telegraph.

I, along with many other people, initially scoffed at this announcement. Teaching somebody how to read an analog clock takes a matter of minutes. On the other hand, as a few friends pointed out to me, the skill is almost entirely unnecessary today. Most of us carry a pocket computer that displays the current time. Those pocket computers usually display the time in the friendlier digital format. Since most people carry around a time telling device, public clocks are less important than they were. People who have a pocket computer that displays the time in a digital format don’t need to know how to read an analog clock.

This is just another subtle, albeit major, way that technology is shaping our lives. Another example is cursive writing. I learned how to write in cursive around second or third grade and continue the practice today because it’s faster than writing block letters. However, cursive is indecipherable to many younger individuals. Why? Because the ability to write quickly is less important in a world where computers are prevalent. It’s rare for me to be in a situation where I have to write something. Usually I can type it out on a computer or tap it into my phone. The generation that came after mine never knew a world where computers weren’t prevalent and the current generation is growing up with touchscreen devices (a technology I once saw in my youth, although in a very rudimentary form, and thought it was the coolest thing ever) that fit in their pockets and can automatically transform their spoken words into typed text or transmit it directly.

When I was in school, pocket calculators were already prevalent, which caused us students to ask our math teachers why we had to memorize so many mathematical operations. Our teachers responded that we wouldn’t always have a calculator with us. I can’t say that they were wrong. At the time I rarely carried a calculator with me. Pocket space was at a premium and I couldn’t carry every with me. Fast forward to today. I always have a calculator with me because it’s an app on my phone. My teachers’ response to my question, although true back then, is no longer true.

Remember paper maps and compasses? I do because I used to have to use them to navigate in unfamiliar areas. If I was in an unfamiliar city and needed to get somewhere, I had to either get out of my car and ask somebody for direction (which may or may not result in receiving good directions) or pull out a paper map to determine my current location, the location of my destination, and the best route to get there. I then used a compass to keep myself going in the right direction. Now I type my destination into my phone and let it guide me to my destination. In addition to being faster because it already knows where everything is, it can also provide me a better route because it also knows the current traffic conditions. Navigating with a map and compass is another skill that is largely irrelevant in a world of ubiquitous smartphones and cellular coverage.

Many of the skills that I learned were important at one time but are of little importance today. When I sit down to think about it, it’s fascinating how technology has changed my world in so many subtle ways. My skills of reading an analog clock, cursive writing, performing math in my head, and navigating with a map and compass are pretty much irrelevant. I wonder what other skills that I learned will be made less relevant by technology in the coming years.

Written by Christopher Burg

May 8th, 2018 at 11:00 am

Posted in Technology

Tagged with

Keep the Jazz Cabbage Illegal or Fido Gets It

with one comment

It’s amazing how far agents of the State will go to keep the War on (Some) Drugs going. The latest, and probably most petty, attempt to keep people on the side of continuing the drug war is to threaten dogs:

The training director of a police K-9 academy in Illinois claims that if the state legalizes recreational marijuana, it will have to euthanize all its pot-sniffing dogs, The Pantagraph reports.

Keep the jazz cabbage illegal or the dogs get it!

If cannabis was legalized tomorrow, all of the dogs that have been trained to sniff out the plant would cease to be useful to law enforcers. However, they wouldn’t cease to be useful entirely. This is something so obvious that even the Transportation Security Agency (TSA) understands it. The TSA puts dogs who have failed training up for adoption. While they may not be useful for sniffing out bombs, they can still provide an individual or family with companionship. There is no reason that drug dogs that are no longer useful to law enforcers can’t be put up for adoption as well. But I can see why an organization that makes its money off of training drug dogs to sniff out cannabis would pull out all of the stops to try to keep cannabis illegal.

Written by Christopher Burg

May 8th, 2018 at 10:00 am

Reliving the Good Old Days of Colonialism

without comments

Colonialism is dead, or is it? France seems to be trying to relive the good old days where it would plant a flag in a foreign land and claim it as its own:

A French-born American has now sued his home country because, he claims, the Ministry of Foreign Affairs has illegally seized a domain that he’s owned since 1994: France.com.

[…]

However, sometime around 2015, that very same ministry initiated a lawsuit in France in an attempt to wrest control of the France.com domain away from Frydman. Web.com locked the domain, and Frydman even roped in the Berkman Klein Center at Harvard Law School to intervene on his behalf.

By September 2017, the Paris Court of Appeals ruled that France.com was violating French trademark law. Armed with this ruling, lawyers representing the French state wrote to Web.com demanding that the domain be handed over.

I guess we can all take some solace in knowing that if this form of colonization turns out like the original, France will end up losing everything in the end.

This story is absurd on multiple levels. First, Jean-Noël Frydman has owned the domain for 23 years. I think it’s fair to say that if an entity doesn’t defend its trademark for 23 years, it should loses it. Second, it’s ridiculous for a nation that calls itself democratic to claim a trademark. The philosophy of democracy states that a government is ultimately owned by its people. That being the case, the people of France should be able to use the name, image, etc. of their country however they desire. Third, having a court French court rule on the matter is inappropriate because it can hardly be considered impartial in this case.

Ultimately, I think the biggest thing to be said about this story is that the court’s decision was really enabled by the centralized Domain Name System (DNS) on which the Internet currently depends. Courts are able to enforce their decision on matters such as this because there are centralized organizations that can be identified and coerced. If DNS records were managed by an anonymous decentralized mechanism, it would be far more difficult for decisions like this to be enforced.

Written by Christopher Burg

May 1st, 2018 at 11:00 am

Open Textbooks

without comments

I enjoy helping individuals educate themselves. In pursuit of this goal I try to find sources of free educational material and share them with as many people as possible. Recently I stumbled across the Open Culture website, which has a page listing freely available textbooks.

I haven’t had an opportunity to dig through all of the listed textbooks nor am I qualified to determine the accuracy of the material in many of the listed books. However, of the few textbooks I have perused, they appear to be good quality and were written by credentialed professors.

Feel free to go through the list and download anything that piques your interest.

Written by Christopher Burg

May 1st, 2018 at 10:30 am

It’s Not Your Phone, Pleb

without comments

The Fourth Amendment is often cited whenever a legal issue involving privacy arises. While I recognize that the “rights” listed in the Bill of Rights are actually temporary privileges that are revoked the second they become inconvenient to the government, I think that it’s worth taking a look at the language:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

What’s noteworthy in regards to this post is the fact that nowhere does the Fourth Amendment state that measures have to be taken to make information easily accessible to the government once a warrant is issued. This omission is noteworthy because a lot of the political debates revolving around computer security are argued as if the Fourth Amendment contains or implies such language:

Dubbed “Clear,” Ozzie’s idea was first detailed Wednesday in an article published in Wired and described in general terms last month.

[…]

  1. Apple and other manufacturers would generate a cryptographic keypair and would install the public key on every device and keep the private key in the same type of ultra-secure storage vault it uses to safeguard code-signing keys.
  2. The public key on the phone would be used to encrypt the PIN users set to unlock their devices. This encrypted PIN would then be stored on the device.
  3. In cases where “exceptional access” is justified, law enforcement officials would first obtain a search warrant that would allow them to place a device they have physical access over into some sort of recovery mode. This mode would (a) display the encrypted PIN and (b) effectively brick the phone in a way that would permanently prevent it from being used further or from data on it being erased.
  4. Law enforcement officials would send the encrypted PIN to the manufacturer. Once the manufacturer is certain the warrant is valid, it would use the private key stored in its secure vault to decrypt the PIN and provide it to the law enforcement officials.

This proposal, like all key escrow proposals, is based on the idea that law enforcers have some inherent right to easily access your data after a warrant is issued. This idea also implies that your phone is actually the property of the various bodies of government that exist in the United States and they are therefore able to dictate in what ways you may use it.

If we are to operate under the assumption that law enforcers have a right to easily access your data once a warrant is issued, we must necessarily admit that the “rights” outlines in the Fourth Amendment doesn’t exist since the language offers no such right to law enforcers.