Technology – Page 14 – A Geek With Guns

Altering the Deal

I’ve never understood the business model of relying entirely on one other company for revenue. It might sound like a good idea at first, especially if the other company is being especially generous, but if the other company changes the deal, you’re shit out of luck:

Apple is shutting down an App Store affiliate program that shared a small percentage of revenue generated by third-party links to purchase apps or in-app content.

[…]

Apple’s decision comes as a sucker punch to outlets like mobile gaming news and reviews site TouchArcade, which has long relied on the App Store affiliate program for a significant chunk of its revenue. As TouchArcade editor Eli Hodapp writes in a despairing post, the loss of the “reliable” affiliate revenue stream could very well kill the site, which will now lean more heavily on Patreon donations and Amazon affiliate links to stay afloat.

“I genuinely have no idea what TouchArcade is going to do,” Hodapp writes. “It’s hard to read this in any other way than ‘We went from seeing a microscopic amount of value in third-party editorial to, we now see no value.’ … I don’t know how the takeaway from this move can be seen as anything other than Apple extending a massive middle finger to sites like TouchArcade, AppShopper, and many others who have spent the last decade evangelizing the App Store and iOS gaming.”

Maybe deciding what TouchArcade will do if Apple cancels its affiliate program is something that should have been considered earlier. Especially since not too long ago Apple changed the terms of its affiliate program to reduce the amount of money affiliates received.

Threat modeling isn’t an exercise that should be performed exclusively by a company’s security team. Security threats are just one kind of threat that businesses face. Loss of revenue sources is another threat that must be considered.

I Love Living in a Post Gun Control World

I would like to take a moment to say that I really love living in a world where gun control is no longer enforceable:

Gun rights activist groups found a way around the temporary halting of 3D-printed gun blueprints by publishing another set of blueprints on a new website Tuesday, which they say is activity protected under the First Amendment.

“Through CodeIsFreeSpeech.com, we intend to encourage people to consider new and different aspects of our nation’s marketplace of ideas – even if some government officials disagree with our views or dislike our content – because information is code, code is free speech, and free speech is freedom,” reads a statement on the site, which was created by a variety of groups including the Firearms Policy Coalition and the Firearms Policy Foundation.

I couldn’t help but laugh at the phrase, “temporarily halting.” Nothing was halted by that court ruling. All of the 3D printer files were available well before that court ruling was made and continued to remain available afterwards. That should have been the first sign that gun control can no longer be enforced. But seeing websites appear that overtly defy the court order should be a wake up call for everybody that gun control is dead.

The debate about gun control is over (it has actually been over for quite some time). Every organization and individual who is fighting for gun control is fighting a battle that they have already lost.

Incoherent Screeching

Shortly after Cody Wilson won his day in court the gun control crowd started screeching incoherently. Failing to understand the reality of the situation, which is their modus operandi, they started demanding that judges, politicians, and anybody else involved in the government stop the distribution of files for printing firearms on 3D prints. The latest futile attempt to stop Wilson was made by several attorneys and a federal judge in Seattle:

A federal judge in Seattle has issued a temporary restraining order to stop the release of blueprints to make untraceable and undetectable 3D-printed plastic guns.

Eight Democratic attorneys general filed a lawsuit Monday seeking to block the federal government’s settlement with the company that makes the plans available online. They also sought a restraining order, arguing the 3D guns would be a safety risk.

A judge issued a restraining order? Oh no, whatever shall we do? I guess those 3D printer files are lost to the world now. Game over.

I wonder if these gun control fanatics are actually stupid enough to believe that. While a judge may issue a restraining order that prevents Defense Distributed, Wilson’s company, from offering the files they are still available via the most censorship resilient website on the Internet, The Pirate Bay. If you know anything about the history of The Pirate Bay, you know that there is no way in hell that any judged in the United States will get those files removed from that site. Even if they could do that, those files are being hosted by a number of people so anybody with the magnet link can still get the files. The genie is out of the bottle.

Please Sir, Could You Spare Some Wi-Fi

If you’re caught burgling a house, claiming that you just wanted to use the Wi-Fi network is as good of an attempt to talk your way out of jail time as any:

A 60-something couple in Palo Alto got an unpleasant surprise on Sunday when they woke up in the middle of the night to find a masked intruder in their bedroom. He said he wanted to use the couple’s Wi-Fi network.

[…]

Remarkably, this wasn’t the suspect’s only legally dubious attempt to get Wi-Fi access that weekend. Just before midnight the previous night, police say, the same young man was found prowling around outside another Palo Alto home. When the house’s residents came out and confronted him, he “asked to use their Wi-Fi network because he was out of data.”

He should have said that he just wanted to use the bathroom.

Black Market Plastic Straws

I always thought that entering the black market would require selling drugs or guns. It turns out that I can just sell plastic straws:

A California coastal city has become the latest municipality to ban plastic straws, enacting what is potentially the strictest plastic prohibition in the country.

Santa Barbara earlier this month passed the ordinance authorizing hefty fines and even a possible jail sentence for violators who dole out plastic straws at restaurants, bars and other food establishments.

That lowers my initial capital costs significantly!

Ineffective Screeching

Everytown for Gun Safety is not happy about Cody Wilson’s recent court victory and have started a campaign asking its members to write Secretary Pompeo to encourage him to “stop the release of downloadable files that will allow people, including convicted felons and terrorists, to make untraceable guns on their 3D printers.”

Image courtesy of the Anarchopirateball Facebook page.

It’s fun watching a gun control organization screech ineffectively. There is literally no way that any government official can stop the release of something that has already been released. Cody Wilson didn’t sit on the files he used to print the original Liberator, he released them to the Internet and a lot of people, myself included, downloaded a copy. Even if Pompeo could issue a decree to make downloading and sharing the files illegal, it wouldn’t stop the file’s proliferation. As we’ve seen with other illegal content, namely pirated music and movies, laws have no power to stop illegal downloading. The battle against the spread of 3D printer files for firearms is a battle that cannot be won.

Optimism

The American Civil Liberties Union (ACLU), which finds its spine from time to time, is pointing out what it believes are limitations of Amazon’s facial recognition system:

The American Civil Liberties Union of Northern California said Thursday that in its new test of Amazon’s facial recognition system known as Rekognition, the software erroneously identified 28 members of Congress as people who have been arrested for a crime.

Emphasis mine.

The only flaw I see in Amazon’s facial recognition system is that it’s too optimistic. As the identified members of Congress are members of Congress they deserve to be arrested.

Don’t Be Evil

There seems to be a rule that startups appeal to and play by standards while those at the top disregard standards in order to toss wrenches into their competitors’ machinery. In Google’s early days it was a fan of standards. Now that it’s at the top of the pyramid, it seems like enthusiastic about them and has demonstrated a willingness to disregard them, usually when doing so appears to cause some issues for its competitors:

YouTube page load is 5x slower in Firefox and Edge than in Chrome because YouTube’s Polymer redesign relies on the deprecated Shadow DOM v0 API only implemented in Chrome.

Now that Google’s browser owns the market, it appears to be pulling the same stunt Microsoft when Internet Explorer was the dominant browser. By redesigning YouTube and having it rely on a deprecated API that is only currently supported in Chrome, Google has effectively made its browser appear faster than Firefox or Edge. Ends users who know nothing about such matters will only see that Chrome appears to load YouTube faster and use that criteria to declare it the best browser.

This is just the latest move in a series of moves that Google has taken that demonstrates that its old slogan, “Don’t be evil,” was meant only to develop goodwill with the community long enough to become the top dog. Now that it’s the top dog it’s more than happy to be evil.

One Reason for Social Media Sites to Avoid Censorship

Facebook, Google, Twitter, and other popular websites are being pressured to censor “undesirable” content (what qualifies as undesirable content differs from person to person). Proponents of censorship believe that some content (which seems to always been content that disagrees with their worldview) is far too dangerous to allow to be posted. Most of the large social media sites have responded to this pressure by implementing some kind of (usually half-assed) censorship system. What has been the result? The proponents bitch that the censorship isn’t severe enough:

Last week, Facebook invited some media outlets to an event to hear what the company plans on doing about misinformation disseminated on its platform.

But many journalists, including CNN’s Oliver Darcy, were left dissatisfied with Facebook’s response.

Facebook invited me to an event today where the company aimed to tout its commitment to fighting fake news and misinformation.

I asked them why InfoWars is still allowed on the platform.

I didn’t get a good answer.https://t.co/WwLgqa6vQ4

— Oliver Darcy (@oliverdarcy) July 12, 2018

In my opinion it’s hypocritical that an individual who works for a media organization that publishes a significant amount of false information bitching that another media organization that publishes a significant amount of false information isn’t being censored but opinions are like assholes, which is also why censorship is a difficult problem to tackle. Why is InfoWars (and for that matter, CNN) not being censored by Facebook? Because the opinion of Facebook’s CEO differs from that of Darcy:

Zuckerberg went on to explain that Facebook would examine sites that were flagged as “potential hoaxes”—in other words, limiting their spread across the site.

“Look, as abhorrent as some of this content can be, I do think that it gets down to this principle of giving people a voice,” he continued.

Zuckerberg has placed himself in a difficult place because he has implemented a censorship system on Facebook, which means he now has to fight in the quagmire that is public opinion on whether or not he’s censoring hard enough. The worst part is that there’s no winning that fight. One of the best arguments against a social media platform implementing a censorship program is that doing so opens them up to having to deal with everybody bitching that they’re not censorship the correct material or not censoring hard enough.

Another Bang Up Job

Legacy cellular protocols contained numerous gaping security holes, which is why attention was paid to security when Long-Term Evolution (LTE) was being designed. Unfortunately, one can pay attention to something and still ignore it or fuck it up:

The attacks work because of weaknesses built into the LTE standard itself. The most crucial weakness is a form of encryption that doesn’t protect the integrity of the data. The lack of data authentication makes it possible for an attacker to surreptitiously manipulate the IP addresses within an encrypted packet. Dubbed aLTEr, the researchers’ attack causes mobile devices to use a malicious domain name system server that, in turn, redirects the user to a malicious server masquerading as Hotmail. The other two weaknesses involve the way LTE maps users across a cellular network and leaks sensitive information about the data passing between base stations and end users.

Encrypting data is only one part of the puzzle. Once data is encrypted the integrity of the data must be protected as well. This is because encrypted data looks like gibberish until it is decrypted. The only way to know whether the encrypted data you’ve received hasn’t been tampered with is if some kind of cryptographic integrity verification has been implemented and used.

How can you protect yourself form this kind of attack? Using a Virtual Private Network (VPN) tunnel is probably your best bet. The OpenVPN protocol is used by numerous VPN providers that provide clients for both iOS and Android (as well as other major operating systems such as Windows, Linux, and macOS). OpenVPN, unlike LTE, verifies the integrity of encrypted data and rejects any data that appears to have been tampered with. While using a VPN tunnel may not prevent a malicious attacker from redirecting your LTE traffic, it will ensure that the attacker can’t see your data as a malicious VPN tunnel will fail to provide data that passes your client’s integrity checker and thus your client will cease receiving or transmitting data.