A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Technology’ tag

A Security Issue Is Still a Security Issue Even If It’s a Hit Job

with one comment

A series of flaws were revealed in AMD’s line of processors. The aftermath of these kinds of revelations usually involves a lot of people trying to assess the impact and threat. Can the flaws be exploited remotely? If they can be exploited remotely, is there a way to detect if a system has been exploited? What actions can be taken to mitigate these flaws? Instead of the usual assessment, the aftermath of this revelation has been dominated by people claiming that this revelation was actually a hit job secretly instigated by Intel and individuals wanting to manipulate AMD’s stock price:

Here’s a histrionic quote for you: “AMD must cease the sale of Ryzen and EPYC chips in the interest of public safety.”

That’s a real quote from Viceroy Research’s deranged, apoplectic report on CTS Labs’ security allegations against AMD’s Ryzen architecture. The big story today seemed to mirror Meltdown, except for AMD: CTS Labs, a research company supposedly started in 2017, has launched a report declaring glaring security flaws for AMD’s processors. By and large, the biggest flaw revolves around the user installing bad microcode.

There are roots in legitimacy here, but as we dug deep into the origins of the companies involved in this new hit piece on AMD, we found peculiar financial connections that make us question the motive behind the reportage.

The goal here is to research whether the hysterical whitepapers — hysterical as in “crazy,” not “funny” — have any weight to them, and where these previously unknown companies come from.

A lot of people seem to have lost sight of the fact that just because a revelation is a hit job (which I’m not saying this revelation is) doesn’t mean that the revealed exploit isn’t a legitimate exploit. Even if CTS Labs is a company secretly created by Intel for the specific purpose of wrecking AMD’s reputation, the revealed exploits need to be assessed and, if they’re found to be legitimate exploits, addressed.

Written by Christopher Burg

March 15th, 2018 at 10:00 am

You Can’t Take the Sky from Me

with 2 comments

Swarm Technologies applied to the Federal Communications Commission Fascist Communications Club (FCC) for permission to launch a handful of satellites. The FCC denied the company’s application. But the United States doesn’t have a monopoly on spaceflight so Swarm Technologies shopped around and was able to get its satellites into the air thanks to India. Now the FCC is claiming that it owns all of space:

One company might not have been willing to take “no” for an answer, however. IEEE Spectrum has discovered that the FCC accused startup Swarm Technologies of launching four of its tiny SpaceBEE (Basic Electronic Elements) communication cubesats without obtaining the necessary approvals — in effect, it would be the first satellite maker to go rogue.

The FCC denied Swarm’s application to launch its satellites in December 2017 on the grounds that they posed a safety hazard to other spacecraft orbiting Earth. That apparently wasn’t a deterrent, as the SpaceBEEs appear to have launched aboard one of India’s Polar Satellite Launch Vehicles on January 12th (you’re looking at the rocket above). Needless to say, that left officials fuming. The FCC revoked Swarm’s approval for a subsequent mission that would have taken place this April, citing an “apparent unauthorized launch and operation” of the four satellites.

The fact that the FCC revoked Swarm Technology’s approval for future missions is especially funny since the company demonstrated that it didn’t need FCC approval to get its satellites into space. But doing so probably fed some petty bureaucrat’s power trip and that’s all government approval is capable of doing in a global economy.

The world has become more connected. It’s trivial to communication with people on the other side of the globe in real time. Traveling across oceans takes a matter of hours, not days or weeks. If the government of a region is standing in your way, you can shop around for a region that will allow you to do what you want to do and transport whatever you need to that region. If worst comes to worst, a company can move itself entirely to a friendlier region.

Written by Christopher Burg

March 13th, 2018 at 11:00 am

What Do You Do for Money, Honey

without comments

There ain’t no such thing as a free lunch. In this new App Store economy where users are often unwilling to pay even $5.00 for an application, developers have been looking for ways to make ends meet. In-app advertising was one model that was tried but the payoff tended to be subpar. Many game developers shifted to a model based on convincing players to make a bunch of in-app purchases. While that model has been very profitable for game developers, it has been hard to make that model work in non-game applications. Now some developers are experimenting with embedding crypto-currency miners in their software:

The app is Calendar 2, a scheduling app that aims to include more features than the Calendar app that Apple bundles with macOS. In recent days, Calendar 2 developer Qbix endowed it with code that mines the digital coin known as Monero. The xmr-stack miner isn’t supposed to run unless users specifically approve it in a dialog that says the mining will be in exchange for turning on a set of premium features. If users approve the arrangement, the miner will then run. Users can bypass this default action by selecting an option to keep the premium features turned off or to pay a fee to turn on the premium features.

I actually like what Qbix is doing. Users are given options for using advanced features. They can either make a one time payment of $17.99, a monthly payment of $0.99, or allow the application to mine Monero in the background. If the user doens’t like any of those options, the advanced features are disabled but the users are otherwise free to use the application.

Two of the biggest problems I have with the advertising model that powers much of the Internet and some applications are the lack of transparency and the lack of options. Websites and applications that collect user information to provide to advertisers often don’t disclose that they’re collecting information or, even if they do, what kind of information they’re collecting. Moreover, users seldom have the option of paying the developer to disable the data collection. Displaying advertisements also introduces a major malware vector. Numerous advertising networks have been highjacked into serving malware to users. Crypto-currency miners don’t require collecting user information and are harder to turn into malware vectors than advertising networks. The cost is electricity consumption due to high CPU usage, which is why I still appreciate developers who provide an option to pay to disable their crypto-currency miners.

Written by Christopher Burg

March 13th, 2018 at 10:00 am

Just Ban Bump Fire Stocks, That’ll Make Them Go Away

without comments

Politicians have been quick to descend on the corpse in Florida to push their gun control agenda. A flurry of gun control bills have been introduced throughout the United States. Many of these bills are a hodgepodge of restrictions that gun control advocates have been drooling over but have lacked the body count necessary to make a strong emotional appeal. One of these restrictions is a ban on bump fire stocks. Why would a ban on bump fire stocks be introduced after a shooting that didn’t involve a bump fire stock? Because there is a tragedy to exploit and everything on the wish list is introduced.

But a ban on bump fire stocks is meaningless at this point because anybody with a 3D printer can fabricate one:

My Google search of “3D printed bump fire stock” revealed exactly what I expected: a YouTube video of the test firing of a 3D printed bump-fire stock, which was posted by SilkyDionysus4 in April of this year. On October 10, 2017, gun rights advocate, The Jack News, published an article called “Here’s How to 3D Print Your Own Bump Stock Before Congress Bans Them. The article links to a collection of FOSSCAD digital blueprints for a variety of AR-15 parts, including a bump-fire stock.

We live in an age where firearm prohibitions are pointless. Although manufacturing firearms and firearm accessories has always been doable by anybody with a modest shop and a decent amount of knowledge, technology has advanced to the point where even individuals without a shop or a decent amount of knowledge can manufacturer firearms and firearm accessories. 3D printers can print up any number of firearm accessories. Products like the Ghost Gunner allow individuals to finish 80% receivers without any metal working skills.

And it’s not just firearms, prohibiting anything has become pointless. The same technology that enables individuals to easily manufacture firearms and firearm accessories also allows them to manufacturer almost anything else. I’ll reiterate once again that laws are irrelevant and the only thing keeping individuals safe the choice of other individuals to not to bring harm against them.

Written by Christopher Burg

February 28th, 2018 at 10:30 am

The Beginning of the End for Unsecured Websites

without comments

Chrome looks to be the first browser that is going to call a spade a spade. Starting in July 2018, Chrome will list all websites that aren’t utilizing HTTPS as unsecured:

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

I think Let’s Encrypt was the catalyst that made this decision possible. Before Let’s Encrypt was released, acquiring and managing TLS certificates could be a painful experience. What made matters worse is that the entire process had to be redone whenever the acquired TLS certificates expired. Let’s Encrypt turned that oftentimes annoying and expensive process into an easy command. This made it feasible for even amateur website administrators to implement HTTPS.

The Internet is slowly moving to a more secure model. HTTPS not only prevents third parties from seeing your web traffic but, maybe even more importantly, it also prevents third parties from altering your web traffic.

Written by Christopher Burg

February 16th, 2018 at 10:00 am

Finding Alternatives to Advertisements

without comments

People often make the mistake that many webpages are free but there ain’t no such thing as a free lunch. Most websites still use the age old monetization technique of displaying advertisements. However, advertisements quickly evolved from relatively safe static imagines. They started becoming more annoying. Imagines turned into animations. Animations turned into full video that also played sound. These “enhancements” also requires clients to run code. Needless to say, users started getting annoyed and their annoyance lead to the creation of browser plugins that block advertisements.

Online advertising has turned into an arms race. Website visitors use an ad blocker, advertisers create a method to bypass ad blockers, visitors upgrade their ad blockers to bypass the bypass, and so on. This is leading a lot of people to question whether the online advertisement model can remain feasible. Fortunately, some websites that rely on online advertisements have begun experimenting with alternative revenue sources. Salon, for example, recently launched an experiment where visitors blocking advertisements are given the option to run cryptocurrency mining code in their browser:

Salon.com has a new, cryptocurrency-driven strategy for making money when readers block ads. If you want to read Salon without seeing ads, you can do so—as long as you let the website use your spare computing power to mine some coins.

If you visit Salon with an ad blocker enabled, you might see a pop-up that asks you to disable the ad blocker or “Block ads by allowing Salon to use your unused computing power.”

A lot of people are pissed about this but I, possibly for the first time ever, actually agree with what Salon is doing.

Unlike a lot of sites that are experimenting with running cryptocurrency mining code in visitors’ browsers, Salon is being entirely transparent about doing so. If you visit the site with an ad blocker enabled, you are presented with a very clear option to either disable your ad blocker or run cryptocurrency mining code. If you choose the latter, your computer’s fans will likely kick on as your processor ramps up.

I doubt browser based cryptocurrency mining will be a viable alternative to online advertising. Cryptocurrency mining, as the linked article shows, requires a lot of processing power. On a desktop that isn’t much of a concern. On a laptop or other battery powered device, that increased processor usage will drain the battery quickly. With more computing being done on battery powered devices, anything that noticeably reduces battery life will likely anger visitors. But I’m happy that websites are finally exploring alternatives to advertisements. It’s clear that visitors aren’t happy with the current state of the online advertising model. If website operators want to continue being profitable, they need to find a way to raise money that their visitors find acceptable.

Written by Christopher Burg

February 15th, 2018 at 10:30 am

Postliterate America

without comments

A few science fiction novels explore the concept of a postliterate society. In a postliterate society, reading and writing have been predominantly or entirely replaced by multimedia. Could the United States be transitioning into a postliterate society? The question may have been absurd to ask just a few years ago but I think there is reason today to give the question serious consideration:

I’ll make this short: The thing you’re doing now, reading prose on a screen, is going out of fashion.

We’re taking stock of the internet right now, with writers who cover the digital world cataloging some of the most consequential currents shaping it. If you probe those currents and look ahead to the coming year online, one truth becomes clear. The defining narrative of our online moment concerns the decline of text, and the exploding reach and power of audio and video.

Writing has been the predominant method of recording information since, at least, the fourth millennium BC when cuneiform first emerged (but for all we know there could have been an even older writing system that hasn’t been discovered yet). This shouldn’t surprise anybody. Writing systems have many advantages but one of their biggest advantages is versatility. You can scratch written information into a wet piece of clay, chisel it into stone, mark it on a piece of paper with ink, or record it to a hard drive. Whether you have access to no technology, modern technology, or anything in between, you can write information.

The biggest limitation of alternative forms of recording information such as pictures, audio, and video has been the cost of creating and consuming them. Only in the last century have photo cameras, audio recorders, video cameras, and televisions become widely available. And only only in very recent times have computers powerful enough and software advanced enough to enable individuals to easily create and consume media become widely available. Thanks to those advancements we live in a society where postliteracy is a possibility.

For the cost of even a low spec smartphone any individual can create a video and upload it to YouTube. For a little more money any individual can acquire a computer powerful enough for them to do based video editing. As with computing power, video editing software continues to become cheaper. It also continues to become easier to use and more featureful, which is why so many people are able to harness the power of artificial intelligence to make fake porn videos.

This widespread availability of media creation and consumption technology has already had a tremendous impact. You can find instructional videos online for almost anything you could want to do. Do you want to fix a running toilet? A quick YouTube search will show you tons of videos walking you through how to fix one. Do you want to learn proper squatting form? Once again, a quick YouTube search will result in tons of videos of professional and amateur weight lifters explaining and showing how to properly squat. But the explosion of media hasn’t stopped at instructional videos.

Most political discussion online seem to involve memes, images with a bit of text bolted on. At one time creating and viewing even the simplest of memes was no simple feat. Today there are free websites that allow you to upload a picture and enter some text and it will spit out and even host your meme. In a few seconds you can create and then share your meme with the world without investing anything more than your time.

I’m not saying the United States is a postliterate society at this point but I believe the foundation necessary for such a transition exists and there is evidence to suggest that such a shift could be taking place. Think back to math class when you asked your teacher why you had to learn multiplication tables when you had a calculator that could multiply for you. Your teacher likely said that you wouldn’t always have a calculator with you. Today anybody with a smartphone in their pocket also has a calculator. Soon the same question that has been so often asked about multiplication tables could be often asked about reading and writing. It’s an interesting thing to ponder.

Written by Christopher Burg

February 13th, 2018 at 11:00 am

Posted in Technology

Tagged with

Technology Isn’t the Problem, You Are

without comments

Earlier this year several of Apple’s investors tried to pressure the company into working to combat iPhone addiction. This proposal makes sense, right? After all, Apple has created an addicting product so shouldn’t it take responsibility for its creation? No on both accounts. Why? Because Apple isn’t at fault, its users who have become addicted to its devices are:

I know intimately that if we want to achieve tech-life balance, people must start taking responsibility for their choices. No one is forcing consumers to buy an iPhone, use Facebook, stare at Twitch, masturbate to porn or any of the other millions of things you can do with technology. Every single one of those actions is a choice we make, and if there is one lesson from addiction treatment that everyone should hear it is that it is nearly impossible to help someone who doesn’t want help.

Apple isn’t forcing you to buy or use an iPhone. In fact, unlike government, no technology company is forcing you to use its product. Just like alcohol, you have a choice whether or not you use an iPhone, Facebook, Twitter, or any number of other technology products. If you’re an alcoholic, then you need to take responsibility for your actions. Likewise, if you’re addicted to a technology product, then you have to take responsibility for your actions.

Addiction isn’t a legal or technological problem. An addict will find ways to work around any external controls that are placed on them. Heroine addicts manage to get their fix even though their drug of choice is illegal. iPhone addicts will turn off or bypass any technological controls that Apple puts into place. Breaking an addiction requires an addict to first admit that they have a problem and then to personally take actions to break their addiction. The choice to overcome an addiction needs to be made by an addict, not by an outside party.

Written by Christopher Burg

February 6th, 2018 at 10:30 am

If Your Device Relies on the Cloud, You Don’t Own It

without comments

Towards the end of 2016 Pebble announced that much of it had been acquired by Fitbit. Since Pebble wasn’t doing well financially, news of it being acquired wasn’t surprising. However, Pebble fans had hoped that Fitbit was planning to continue the Pebble line. As is often the case with acquisitions, Fitbit was primarily interested in Pebble’s intellectual property, not its product portfolio. As part of the acquisition Fitbit promised to keep Pebble’s online services running for a while. Yesterday Fitbit announced the date it would be shutting down those services:

But for those who want nothing to do with Fitbit OS development and only care about how long their Pebbles will last, this news is bittersweet. According to Fitbit’s announcement, Pebble devices will continue to work after June 30, but these features will stop working: the Pebble app store, the Pebble forum, voice recognition features, SMS and email replies, timeline pins from third-party apps (although calendar pins will still function), and the CloudPebble development tool.

Pebble fans have been unhappy with the acquisition every since Fitbit announced that it was planning to shutdown Pebble’s online services. However, I think Fitbit was actually pretty decent about the entire thing since it left the online services running for as long as it did and even allowed Pebble developers to push some firmware updates to allowed existing Pebble devices to continue operating in some capacity without the online services. Unfortunately, even with those firmware changes, a lot of Pebble functionality will be crippled once Fitbit turns off the old Pebble servers.

So the lesson people should take away from this is that proprietary devices that rely on proprietary online services aren’t owned property, they’re temporarily licensed products. At any moment the manufacturer can decide to turn off the online services, which will effectively brick or reduce the functionality of the devices that rely on those services. Had the Pebble been an open source product the option would have at least existed for the community to develop new firmware and alternate online services to keep their Pebbles running.

Written by Christopher Burg

January 25th, 2018 at 10:00 am

Posted in Technology

Tagged with

Decentralized the Internet

without comments

I’m glad to see that other people are beginning to understand the need to decentralized the Internet:

Net neutrality as a principle of the federal government will soon be dead, but the protections are wildly popular among the American people and are integral to the internet as we know it. Rather than putting such a core tenet of the internet in the hands of politicians, whose whims and interests change with their donors, net neutrality must be protected by a populist revolution in the ownership of internet infrastructure and networks.

In short, we must end our reliance on big telecom monopolies and build decentralized, affordable, locally owned internet infrastructure. The great news is this is currently possible in most parts of the United States.

I’ve been saying this for years. If you want a feature like net neutrality, you have to control the infrastructure. Personally, I’d like to see a decentralized Internet that encrypts all traffic by default for both confidentiality and anonymity purposes. What people are calling net neutrality would be enforced by default on such a network because nobody could see the traffic to throttle or block it. However, it would come at a performance cost (TANSTAAFL).

One thing is certain, begging the Federal Communications Commission Fascist Communications Club (FCC) to enforce net neutrality isn’t a longterm solution as we’re seeing today. Under the Obama administration net neutrality was enforced by the FCC. Under the Trump administration it looks like it won’t be enforced. When the next administration comes into power it could go either way. Begging Congress isn’t any better because what one Congress passes a future Congress can eliminate.

Written by Christopher Burg

December 8th, 2017 at 11:00 am