Technology – Page 16 – A Geek With Guns

Meet California’s New Slave Tracker

License plate scanners have become all the rage in the slave tracking market. But what if you eliminated the need for scanners by making the license plates themselves broadcast their current location? That’s a feature now being rolled out in California:

California’s dramatic new license plate is hitting the streets — a digital display board that allows changeable messages controlled by the driver or remotely by fleet managers.

The new plates use the same computer technology as Kindle eBook readers, along with a wireless communication system.

[…]

If the car is stolen, the plate’s manufacturer says the plate can tell the owner and police exactly where the car is or at least where the license plate is if it has been detached.

Of course if the license plate can tell law enforcers where it is if the car to which it’s attached is reported stolen, it can tell law enforcers where it is when the car isn’t reported stolen as well. In addition to broadcasting their location, these license plates can likely provide other valuable information. For example, they can probably determine how fast you’re driving (a simple calculation if you have real time location information). If that information is tied with the location information, law enforcers can determine remotely whether or not you’re speeding and potentially issue you a ticket. Likewise, if you park somewhere, the license plate could provide law enforcers information about how long the vehicle has been stopped. If, for example, the vehicle is parked in a two hour spot, a parking ticket can be issued if the car has been stopped for two hours and one second.

Fortunately, this is currently a pilot program. During this pilot I doubt the license plates will be used for anything nefarious. But if this pilot program is successful, it will give the government of California an excuse to make these license plates mandatory. After that they will likely be used to expropriate additional wealth from drivers by being used as automated traffic and parking citation dispensers.

When the Government Is Big, Private Businesses Want to Do Business with the Government

I find that a lot of people don’t think their positions through very thoroughly. For example, I know a lot of people who advocate for a large, powerful government but then become upset when they read stories like this:

SEATTLE — In late 2016, Amazon introduced a new online service that could help identify faces and other objects in images, offering it to anyone at a low cost through its giant cloud computing division, Amazon Web Services.

Not long after, it began pitching the technology to law enforcement agencies, saying the program could aid criminal investigations by recognizing suspects in photos and videos. It used a couple of early customers, like the Orlando Police Department in Florida and the Washington County Sheriff’s Office in Oregon, to encourage other officials to sign up.

See this capitalist shit? This is why we need socialism, comrades!

The supreme irony here is that most of the people I mentioned above fail to realize that the very thing they advocate for, a larger and powerful government, is what convinces businesses to pursue government contracts. It’s true that Amazon is operating on the capitalist principle of seeking profit. However, in a country where the government is large and powerful the most profitable contracts are often government contracts. If the governments in the United States were weak and poor, Amazon would have no interest in pursuing contracts with them. But they’re powerful and wealthy so Amazon, like everybody else, wants a piece of the pie.

Open Source Software and Private Property

I’ve lamented periodically about the fact that consumers don’t own the software they “buy.” When you “buy” a piece of software, you’re usually entering into a license agreement, and an extremely one-sided agreement at that. However, there is respite from this onslaught against the concept of ownership and, ironically, it comes from a model that is usually claimed to be communistic by both its proponents and critics. That respite is open source software.

Open source software is the only software that you can seriously claim to own. While not all open source software licenses are equal, most of them do allow you to modify the code in whatever way you desire. With the source code in hand and the right to modify it at will, you can make whatever changes you want to an application. If a developer drops support for the application, you can either continue to support it yourself or hire a third-party to continue supporting it for you. If you’re not happy with a change a developer made, you can remove that change while still potentially including other added functionality that you did want. If the application is designed to be run on a server, you can host the application on your own server if you so desire.

In this way a movement that is usually considered communistic has done a better job of enabling private property rights over software than the model that is usually considered capitalistic.

Hardware is Cheaper than Developer Time

Is your application performing poorly? Just throw more hardware at it! This attitude has become mainstream thanks to the widespread availability of cheap hardware and the high cost of developer time. Why pay a team of developers tens or hundreds of thousands of dollars to improve the performance of an application when you can buy a handful of relatively cheap servers and still be able to provide the performance your customers need?

What’s interesting about this equation is that consumers have been mostly shielded from it. However, when this equation does impact consumers, it usually raises some important questions:

Capcom will give Japanese Switch owners a chance to play last year’s Resident Evil 7 on the Switch later this week. But the port will only be playable as an online stream running on Capcom’s own servers, rather than a downloaded version that would run directly on the Switch’s relatively low-powered hardware.

[…]

But such a port would have required time and programming resources that Capcom might not have been willing to spare. With cloud streaming, on the other hand, getting the game onto the Switch is likely just a matter of setting up some servers to run the existing PC version, then writing a simple client to stream inputs and video/audio to and from the Switch. Streaming to the Switch means not having to compromise on graphical detail, but it could lead to stuttering and frame rate issues if the Internet connection isn’t absolutely solid.

Nintendo has been at a disadvantage for the last several console generations. Its consoles have been less powerful than its competitors, which has contributed to developers not porting games to Nintendo’s consoles. When games have been ported, developer time had to be invested in down scaling the game enough to run on the less powerful hardware.

With the widespread availability of high-speed Internet connectivity, an alternative strategy to porting a game directly has become possible. Instead of porting the game itself, the game can be run on more powerful hardware and the video can be streamed to the player. This would theoretically allow any game to run on almost any platform. A user could just as easily stream the game on their Switch as their phone.

But the universe abhors perfection so this strategy naturally has trade offs. The most obvious of these trade offs is latency. If the game is being run on a remote server, every button pressed by the player must be transmitted to that server. Even with a high-speed Internet connection that latency can be noticeable, especially for extremely fast paced games. But the more sinister trade off in my opinion is the fact that players can’t own the game since it exists exclusively on remote servers. At some point Capcom will decide that continuing to operate the Biohazard 7 servers is costing more money than the game is making. When that happens, the servers will be turned off and the players who paid for the game will no longer be able to play it.

I’ve lamented about the fact that consumers own fewer of the products they “buy.” The idea that paying a producer money for a product resulted in exclusive ownership has been replaced by the idea of licensing. You don’t purchase a tractor, you pay to license the software that runs on it and John Deere just happens to throw in the hardware for free. In the case of Biohazard 7, gamers aren’t buying the game, they’re paying for the privilege to stream the game for as long as Capcom allows.

Tracking Your Pieces of Flair

Some people mistakenly believe that if they don’t carry a cell phone, government agents can’t track them. While cell phones are convenient tracking devices, they aren’t the only tool in the State’s toolbox. Law enforcers have been using license plate scanners for years now. Such scanners can track the whereabouts of every vehicle in the department’s territory. And since license plate scanners are technological devices, they are improving in capabilities:

On Tuesday, one of the largest LPR manufacturers, ELSAG, announced a major upgrade to “allow investigators to search by color, seven body types, 34 makes, and nine visual descriptors in addition to the standard plate number, location, and time.”

Plus, the company says, the software is now able to visually identity things like a “roof rack, spare tire, bumper sticker, or a ride-sharing company decal.”

Even obscuring or changing your license plate won’t work if you have, like so many Americans, covered your car in unique pieces of flair.

I’m sure some people, thinking that they’re very clever, have already come up with the strategy of not driving their vehicle. After all, if you don’t have a cell phone or a personal vehicle, the government can’t track you, right? Wrong again.

EFAIL

A vulnerability was announced yesterday that affects both OpenPGP and S/MIME encrypted e-mails. While this was initially being passed off as an apocalyptic discovery, I don’t think that it’s scope is quite as bad as many are claiming. First, like all good modern vulnerabilities, it has a name, EFAIL, and a dedicated website:

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

The weakness isn’t in the OpenPGP or S/MIME encryption algorithms themselves but in how mail clients interact with encrypted e-mails. If your e-mail client is configured to automatically decrypt encrypted e-mails and allows HTML content to be displayed, the encrypted potion of your e-mail could be exfiltrated by a malicious attacker.

I generally recommend against using e-mail for secure communications in any capacity. OpenPGP and S/MIME are bandages applied to an insecure protocol. Due to their nature as a bolted on feature added after the fact, they are unable to encrypt a lot of data in your e-mail (the only thing they can encrypt is the body). However, if you are going to use it, I generally recommend against allowing your client to automatically decrypt your encrypted e-mails. Instead at least require that your enter a password to decrypt your private key (this wouldn’t defend against this attack if your client is configured to display HTML e-mail content but it would prevent malicious e-mails from automatically exfiltrating encrypted content). Better yet, have your system setup in such a manner where you actually copy the encrypted contents of an e-mail into a separate decryption program, such as the OpenPGP command line tools, to view the secure contents. Finally, I would recommend disabling the ability to display HTML e-mails in your client if you are at all concerned about security.

If you perform the above practices, you can mitigate this attack… on your system. The real problem is, as always, other people’s systems. While you may perform the above practices, you can’t guarantee that everybody with whom you communicate will as well. If an attacker can exploit one party, they will generally get the e-mails sent by all parties. This is why I’d recommend using a communication tool that was designed to be secure from the beginning, such as Signal, over e-mail with OpenPGP or S/MIME. While tools like Signal aren’t bulletproof, they are designed to be secure by default, which makes them less susceptible to vulnerabilities created by an improper configuration.

Eight Percent of the Time It Works Every Time

The Transportation Security Agency (TSA) is the embodiment of government incompetence. It has failed 95 percent of red team exercises, which doesn’t bode well for the agency’s general ability to detect weapons before air travelers are able to enter the “secure” area of an airport. However, the United States doesn’t have a monopoly on government incompetence. The United Kingdom (UK) also has its own program that has a failure rate of 90 percent:

A British police agency is defending (this link is inoperable for the moment) its use of facial recognition technology at the June 2017 Champions League soccer final in Cardiff, Wales—among several other instances—saying that despite the system having a 92-percent false positive rate, “no one” has ever been arrested due to such an error.

Of course nobody has been arrested due to a false positive. When a system has a false positive rate of 92 percent it’s quickly ignored by whomever is monitoring it.

False positives can be just as dangerous as misses. While misses allow a target to avoid a detection system, false positives breed complacency that quickly allows false positives to turn into misses. If a law enforcer is relying on a system to detect suspects and it constantly tells him that it found a suspect but hasn’t actually found a suspect, the law enforcer quickly ignores any report from the system. When the system does correctly identify the suspect, there’s a good chance that the law enforcer monitoring it won’t even bother to look at the report to verify it. Instead they’ll just assume it’s another false positive and continue sipping their tea or whatever it is that UK law enforcers do most of the time.

The Subtle Ways Technology Shapes Our Lives

Some schools in the United Kingdom have announced that they’re removing analog clocks because students are unable to read them:

Some U.K. schools are ditching analog clocks from test rooms because a generation of kids raised on digital clocks can’t read them and are getting stressed about time running out during tests, London’s Telegraph reports.

“The current generation aren’t as good at reading the traditional clock face as older generations,” Malcolm Trobe, deputy general secretary of the U.K.’s Association of School and College Leaders, told The Telegraph.

I, along with many other people, initially scoffed at this announcement. Teaching somebody how to read an analog clock takes a matter of minutes. On the other hand, as a few friends pointed out to me, the skill is almost entirely unnecessary today. Most of us carry a pocket computer that displays the current time. Those pocket computers usually display the time in the friendlier digital format. Since most people carry around a time telling device, public clocks are less important than they were. People who have a pocket computer that displays the time in a digital format don’t need to know how to read an analog clock.

This is just another subtle, albeit major, way that technology is shaping our lives. Another example is cursive writing. I learned how to write in cursive around second or third grade and continue the practice today because it’s faster than writing block letters. However, cursive is indecipherable to many younger individuals. Why? Because the ability to write quickly is less important in a world where computers are prevalent. It’s rare for me to be in a situation where I have to write something. Usually I can type it out on a computer or tap it into my phone. The generation that came after mine never knew a world where computers weren’t prevalent and the current generation is growing up with touchscreen devices (a technology I once saw in my youth, although in a very rudimentary form, and thought it was the coolest thing ever) that fit in their pockets and can automatically transform their spoken words into typed text or transmit it directly.

When I was in school, pocket calculators were already prevalent, which caused us students to ask our math teachers why we had to memorize so many mathematical operations. Our teachers responded that we wouldn’t always have a calculator with us. I can’t say that they were wrong. At the time I rarely carried a calculator with me. Pocket space was at a premium and I couldn’t carry every with me. Fast forward to today. I always have a calculator with me because it’s an app on my phone. My teachers’ response to my question, although true back then, is no longer true.

Remember paper maps and compasses? I do because I used to have to use them to navigate in unfamiliar areas. If I was in an unfamiliar city and needed to get somewhere, I had to either get out of my car and ask somebody for direction (which may or may not result in receiving good directions) or pull out a paper map to determine my current location, the location of my destination, and the best route to get there. I then used a compass to keep myself going in the right direction. Now I type my destination into my phone and let it guide me to my destination. In addition to being faster because it already knows where everything is, it can also provide me a better route because it also knows the current traffic conditions. Navigating with a map and compass is another skill that is largely irrelevant in a world of ubiquitous smartphones and cellular coverage.

Many of the skills that I learned were important at one time but are of little importance today. When I sit down to think about it, it’s fascinating how technology has changed my world in so many subtle ways. My skills of reading an analog clock, cursive writing, performing math in my head, and navigating with a map and compass are pretty much irrelevant. I wonder what other skills that I learned will be made less relevant by technology in the coming years.

Keep the Jazz Cabbage Illegal or Fido Gets It

It’s amazing how far agents of the State will go to keep the War on (Some) Drugs going. The latest, and probably most petty, attempt to keep people on the side of continuing the drug war is to threaten dogs:

The training director of a police K-9 academy in Illinois claims that if the state legalizes recreational marijuana, it will have to euthanize all its pot-sniffing dogs, The Pantagraph reports.

Keep the jazz cabbage illegal or the dogs get it!

If cannabis was legalized tomorrow, all of the dogs that have been trained to sniff out the plant would cease to be useful to law enforcers. However, they wouldn’t cease to be useful entirely. This is something so obvious that even the Transportation Security Agency (TSA) understands it. The TSA puts dogs who have failed training up for adoption. While they may not be useful for sniffing out bombs, they can still provide an individual or family with companionship. There is no reason that drug dogs that are no longer useful to law enforcers can’t be put up for adoption as well. But I can see why an organization that makes its money off of training drug dogs to sniff out cannabis would pull out all of the stops to try to keep cannabis illegal.

Reliving the Good Old Days of Colonialism

Colonialism is dead, or is it? France seems to be trying to relive the good old days where it would plant a flag in a foreign land and claim it as its own:

A French-born American has now sued his home country because, he claims, the Ministry of Foreign Affairs has illegally seized a domain that he’s owned since 1994: France.com.

[…]

However, sometime around 2015, that very same ministry initiated a lawsuit in France in an attempt to wrest control of the France.com domain away from Frydman. Web.com locked the domain, and Frydman even roped in the Berkman Klein Center at Harvard Law School to intervene on his behalf.

By September 2017, the Paris Court of Appeals ruled that France.com was violating French trademark law. Armed with this ruling, lawyers representing the French state wrote to Web.com demanding that the domain be handed over.

I guess we can all take some solace in knowing that if this form of colonization turns out like the original, France will end up losing everything in the end.

This story is absurd on multiple levels. First, Jean-Noël Frydman has owned the domain for 23 years. I think it’s fair to say that if an entity doesn’t defend its trademark for 23 years, it should loses it. Second, it’s ridiculous for a nation that calls itself democratic to claim a trademark. The philosophy of democracy states that a government is ultimately owned by its people. That being the case, the people of France should be able to use the name, image, etc. of their country however they desire. Third, having a court French court rule on the matter is inappropriate because it can hardly be considered impartial in this case.

Ultimately, I think the biggest thing to be said about this story is that the court’s decision was really enabled by the centralized Domain Name System (DNS) on which the Internet currently depends. Courts are able to enforce their decision on matters such as this because there are centralized organizations that can be identified and coerced. If DNS records were managed by an anonymous decentralized mechanism, it would be far more difficult for decisions like this to be enforced.