Tag: Technology

Fly, You Fools

In addition to creating fake terrorist attacks so it can claim glory by thwarting them, the Federal Bureau of Investigations (FBI) also spends its time chasing brilliant minds out of the country:

FBI agents are currently trying to subpoena one of Tor’s core software developers to testify in a criminal hacking investigation, CNNMoney has learned.

But the developer, who goes by the name Isis Agora Lovecruft, fears that federal agents will coerce her to undermine the Tor system — and expose Tor users around the world to potential spying.

That’s why, when FBI agents approached her and her family over Thanksgiving break last year, she immediately packed her suitcase and left the United States for Germany.

Because of the State’s lust for power, the United Police States of America are becoming more hostile towards individuals knowledgable in cryptography. The FBI went after Apple earlier this year because the company implemented strong cryptography so it’s not too surprising to see that the agency has been harassing a developer who works on an application that utilizes strong cryptography. Fortunately, she was smart enough to flee before the FBI got a hold of her so none of its goons were able to slap her with a secret order or any such nonsense.

What’s especially interesting about Isis’ case is that the FBI wouldn’t tell her or her lawyer the reason it wanted to talk to her. It even went so far as to tell her lawyer that if agents found her on the street they would interrogate her without his presence. That’s some shady shit. Isis apparently wasn’t entirely dense though and decided it was time to go while the going was good. As this country continues to expand its police state don’t be afraid to follow her example.

Linksys Won’t Lock Out Third-Party Firmware

The Federal Communications Commission (FCC), an agency that believes it has a monopoly on the naturally occurring electromagnetic spectrum, decreed that all Wi-Fi router manufacturers are now responsible for enforcing the agency’s restrictions on spectrum use. Any manufacturer that fails to be the enforcement arm of the FCC will face consequences (being a government agency must be nice, you can just force other people to do your work for you).

Most manufacturers have responded to this decree by taking measures that prevent users from loading third-party firmware of any sort. Such a response is unnecessary and goes beyond the demands of the FCC. Linksys, fortunately, is setting the bar higher and will not lock out third-party firmware entirely:

Next month, the FCC will start requiring manufacturers to prevent users from modifying the RF (radio frequency) parameters on Wi-Fi routers. Those rules were written to stop RF-modded devices from interfering with FAA Doppler weather radar systems. Despite the restrictions, the FCC stressed it was not advocating for device-makers to prevent all modifications or block the installation of third-party firmware.

[…]

Still, it’s a lot easier to lock down a device’s firmware than it is to prevent modifications to the radio module alone. Open source tech experts predicted that router manufacturers would take the easy way out by slamming the door shut on third-party firmware. And that’s exactly what happened. In March, TP-Link confirmed they were locking down the firmware in all Wi-Fi routers.

[…]

Instead of locking down everything, Linksys went the extra mile to ensure owners still had the option to install the firmware of their choice: “Newly sold Linksys WRT routers will store RF parameter data in a separate memory location in order to secure it from the firmware, the company says. That will allow users to keep loading open source firmware the same way they do now,” reports Ars Technica’s Josh Brodkin.

This is excellent news. Not only will it allow users to continue using their preferred firmware, it also sets a precedence for the industry. TP-Link, like many manufacturers, took the easy road. If every other manufacturer followed suit we’d be in a wash of shitty firmware (at least until bypasses for the firmware blocks were discovered). By saying it would still allow third-party firmware to be loaded on its devices, Linksys has maintained its value for many customers and may have convinced former users of other devices to buy its devices instead. Other manufacturers may find themselves having to follow Linksys’s path to prevent paying customers from going over to Linksys. By being a voice of reason, Linksys may end up saving Wi-Fi consumers from only having terrible firmware options.

I Guess Oracle Will Sue MariaDB Next

Oracle is still butthurt over the fact that it snapped up Java when it purchased Sun Microsystems and still hasn’t figured out how to make it profitable. Google on the other hand, managed to take the Java application programming interface (API) and use it for Android, which is turning the company a tidy profit. After getting its ass handed to it in court only to have a dimwitted judge reverse the decision, Oracle is pushing forward with its desperate attempt to get its hands on some of the wealth Google created. Oracle is now claiming that Google owes damages. Why? Apparently because it’s offering Android for free:

Catz also testified that Oracle’s Java licensing business was hurt by Android. Customers that used to buy licenses for Java, including Samsung, ZTE, Motorola, and others, don’t buy licenses from Oracle anymore. “They don’t take a license from us anymore, because they use Android, which is free,” she said.

Licensing contracts that used to be $40 million deals are now $1 million deals, Catz said. She gave the example of Amazon, which was formerly a customer but chose to go with Android for the Kindle Fire. When Amazon came out with its popular mid-range Kindle, the Paperwhite, the e-reader company chose to license Java only after Oracle offered a massive discount.

“In order to compete, we ended up giving a 97.5 percent discount for the Paperwhite,” she said, “because our competition was free.”

As for the mobile licensing business, since the launch of Android, it has performed “very, very poorly,” Catz said.

What’s next? Will Oracle sue the people behind MariaDB? For those who don’t know, MariaDB is a fork of MySQL, which is another product that Oracle acquired when it purchased Sun Microsystems. MariaDB, like the Android API, is a free product based on software Oracle acquired through its purchase of Sun Microsofts that could be taking market share from its expensive software!

Should manufacturers and developers of a product that’s sold directly for money be able to sue competitors who offer a free alternative? If you ask some antitrust supporters the answer is yes. But if you ask anybody with a brain the answer is no.

Consider Oracle’s situation. Android basically ate its lunch because nobody is buying its mobile Java software. Does that indicate that Google is somehow at fault because it made Android free? No. Such an assumption would imply that free products always win in the market when that isn’t the case. Sometimes a free product is so shitty that an expensive alternative still wins out. Consider Microsoft Windows. It’s still the most popular desktop operating system out there even though Linux, FreeBSD, OpenBSD, and a number of other free alternatives exist. Why? Because Windows offers features that consumers want and alternative don’t offer. Software compatibility, driver support, etc. are desirable features to many people. So desirable in fact that they’re willing to pay for them even though a free alternative exists. Without those features consumers see the free alternatives as so shitty that the savings associated with using them aren’t worth it. In spite of what the famous saying says, you actually can compete with free.

Android isn’t winning over mobile Java simply because it’s free. It’s winning because it offers features that consumers want. There is a massive software library available for Android that isn’t available for mobile Java. Google includes many desirable applications including clients for its popular Maps and Gmail services. Hardware developers want consumers to buy their phones so they tend to favor software that consumers want, which is part of the reason so many Android mobile devices exist while so few Windows ones do.

Google isn’t responsible for Oracle’s dwindling mobile Java profits, Oracle is for not making it a compelling product.

Updating Your Brand New Xbox One When It Refuses To Update

The new Doom finally convinced me to buy a new console. I debated between a PlayStation 4 and an Xbox One. In the end I settled on the Xbox One because I still don’t fully trust Sony (I may never get over the fact that they included malicious root kits on music CDs to enforce their idiotic copy protection and I’m still unhappy about them removing the Linux capabilities for the PlayStation 3) and I was able to buy a refurbished unit for $100.00 off (I’m cheap).

When I hooked up the Xbox One and powered it up for the first time it said it needed to download and apply an update before doing anything else. I let it download the update, since I couldn’t do anything with it until it finished updating, only for it to report that “There was a problem with the update.” That was the entirety of the error message and the only diagnostic option available was to test the network connection, which reported that everything was fine and I was connected to the Internet. I tried power cycling the device, disconnecting it from power for 30 seconds, and every other magical dance that Microsoft recommended on its useless trouble shooting site. Nothing would convince the Xbox to download and install the update it said it absolutely needed.

After a lot of fucking around I finally managed to update it. If you’re running into this problem you can give this strategy a try. Hopefully it saves you the hour and a half of fucking around I went through. What you will need is a USB flash drive formatted in NTFS (the Xbox One will not read the drive if it’s formatted in a variation of FAT because reasons) and some time to wait for the multi-gigabyte files to download.

Go to Microsoft’s site for downloading the Offline System Update Diagnostic Tool. Scroll down to the downloads. You’ll notice that they’re separated by OS versions. Since you cannot do anything on the Xbox One until the update is applies you can’t look up your OS version (nice catch-22). What you will want to do is download both OSUDT3 and OSUDT2.

When you have the files unzip them. Copy the contents of OSUDT3 to the root directory of the flash drive and connect the flash drive to the side USB port on the Xbox One. Hold down the controller sync button on the side and press the power button on the Xbox One (do not turn the Xbox One on with the controller otherwise this won’t work). Still holding down the sync button now press and hold the DVD eject button as well. You should hear the startup sound play twice. After that you can release the two buttons and the Xbox One should start applying the OSUDT3 update. Once that is finished the system will boot normally and you will return to the initial update screen that refuses to apply any updates.

Remove the flash drive, erase the OSUDT3 files from it, and copy the contents of the OSUDT2 zip file to the root directory of the flash drive. Insert the flash drive into the side USB port on the Xbox One and perform the above dance all over again. Once the update has applied your Xbox One should boot up and actually be something other than a useless brick.

As an aside, my initial impression of the Xbox One is less than stellar.

Fear Is The Last Refuge Of A Scoundrel

Stingray is a product name for an IMSI-catcher popular amongst law enforcers. Despite the devices being trivial enough that anybody can build one for $1,500, law enforcers have been desperate to keep the devices a secret. The Federal Bureau of Investigations (FBI), for example, would rather throw out cases than disclose its Stingray usage.

Here in Minnesota law enforcers are also busy keeping tight wraps on Stingray usage:

A Fox 9 Investigation has revealed that tracking warrants for a surveillance device called StingRay have routinely been kept sealed, despite a law requiring them to become public with 90 days.

The StingRay device is used by the Bureau of Criminal Apprehension about 60 times a year, said BCA Superintendent Drew Evans. Hennepin County Sheriff also had a StingRay, but a spokesperson said they discontinued it after using it only four times.

Why the secrecy? If you were expecting a detailed legal defense you’re going to be left wanting. The only defense law enforcers can muster is fear. Whenever a law enforcement department is pressed about the secrecy of Stingray devices they respond with the scariest case they can think of that involved the device

“This technology has been absolutely critical in locating some of Minnesota’s most violent criminals, more quickly than we ever were before,” Evans said.

Photo State of surveillance: StingRay warrants sealed despite changes in Minnesota law
Law enforcement used the technology last month when a disgruntled client allegedly gunned down a clerk at a St. Paul law firm and then went on the run. Police had the suspect’s cell phone and tracked him down.

[…]

“Just this week we were able to locate a level 3 sexual offender that was non-compliant, a suspect in a series of serial rapes, and a homicide suspect, this week alone,” he explained.

This usually satisfies journalists and the general public but shouldn’t. Whenever a law enforcer brings up a scary case where they used a Stingray device the immediate response should be, “So what?”

So what if the devices were used in secrecy to find a suspected murderer or a level three sex offender? Will these devices suddenly cease working if they’re subjected to the same oversight as any other law enforcement technology? Will they power off forever the minute a warrant is unsealed? No.

Law enforcers have no legal justification for keeping these devices secret, which is why they’re resorting to fear tactics. The question everybody should be asking is why they’re so desperate to keep these devices in the shadows. I theorize that there is a known weakness in the technology that would make them potentially inadmissible in court. What other reason could there be to go so far as to throw out individual cases rather than unseal warrants and release technical details about the devices? It’s not like the devices are a novel technology that nobody knows how to make or defend against.

Performing Denial Of Service Attacks Against Airliners Is Ridiculously Simple

How can you shutdown an airline service? By setting your Wi-Fi hotspot’s Service Set Identifier (SSID) to something quippy:

According to The West Australian, a passenger on QF481 spotted a Wi-Fi hotspot titled “Mobile Detonation Device” and advised a crew member. It wasn’t clear what mobile device it was linked to or where the device was located.

The crew member informed the captain, who then broadcast a message to passengers. Passenger John Vidler told the publication the pilot said the device needed to be located before the flight could depart.

If somebody put a bomb on board would they use Wi-Fi to detonate it? Probably not. That would require being in close proximity to the device whereas a cellular device, which are commonly used as remote detonators, allow the perpetrator to be somewhere else in the world. If a bomber did use a Wi-Fi detonator would they set it to broadcast an SSID that indicated it was a detonator? Most likely not. That would increase the chances of the device being discovered before it could be detonated. Holding the flight until the device was located was an overreaction.

In addition to being an overreaction it also gives individuals interested in interfering with airline service a cheap and effective means of accomplishing their goals. With little more than a Wi-Fi access point you can perform a denial of service attack against an airplane.

The War Against Privacy

If you read the erroneously named Bill of Rights (which is really a list of privileges, most of which have been revoked) you might be left with the mistaken impression that you have a right to privacy against the State. From the National Security Administration’s (NSA) dragnet surveillance to local police departments using cell phone interceptors, the State has been very busy proving this wrong. Not to be outdone by the law enforcement branches, the courts have been working hard to erode your privacy as well. The most recent instance of this is a proposed procedural change:

The Federal Rules of Criminal Procedure set the ground rules for federal criminal prosecutions. The rules cover everything from correcting clerical errors in a judgment to which holidays a court will be closed on—all the day-to-day procedural details that come with running a judicial system.

The key word here is “procedural.” By law, the rules and proposals are supposed to be procedural and must not change substantive rights.

[…]

But the amendment to Rule 41 isn’t procedural at all. It creates new avenues for government hacking that were never approved by Congress.

The proposal would grant a judge the ability to issue a warrant to remotely access, search, seize, or copy data when “the district where the media or information is located has been concealed through technological means” or when the media are on protected computers that have been “damaged without authorization and are located in five or more districts.” It would grant this authority to any judge in any district where activities related to the crime may have occurred.

In layman’s terms the change will grant judges the ability to authorize law enforcers to hack into any computer using Tor, I2P, a virtual private network (VPN), or any other method of protecting one’s privacy (the wording is quite vague and a good lawyer could probably stretch it to include individuals using a public Wi-Fi access point in a restaurant). The point being made with this rule proposal is clear, the State doesn’t believe you have any right to protect your privacy.

This should come as no surprise to anybody though. The State has long held that your right to privacy stops where its nosiness begins. You’re not allowed to legally possess funds the State isn’t aware of (financial reporting laws exist to enforce this), manufacture and sell firearms the State isn’t aware of, or be a human being the State isn’t aware of (registering newborn children for Social Security and requiring anybody entering or leaving the country to provide notice and receive approval from the State).

Government Incompetence Saves Us All

Conservatives always tell me that they want a competent government. The worst thing that could happen to a government is if it became competent. Today people around the world enjoy incompetent governments, which means their random decrees are not nearly as consequential as they could be:

A Brazilian judge has ordered (Google Translate) that all mobile phone providers in the country block WhatsApp traffic for 72 hours, beginning yesterday.

However, Brazilians are discovering that the ban only covers mobile carriers—so Brazilians still can use WhatsApp over Wi-Fi or a VPN connection over their mobile data plan.

Imagine if Brazil’s government was competent. The entire country could have been cutoff from a very popular means of communicating securely.

I’m a fan of incompetent government. So long as a government cannot effectively enforce the decrees it issues the amount of damage it can cause is limited (when compared to what the damage could be, I’m not claiming the damage is usually minor).

I’m Satoshi Nakamoto! No, I’m Satoshi Nakamoto!

The price of Bitcoin was getting a little wonky again, which meant that the media must be covering some story about it. This time around the media has learned the real identify of Satoshi Nakamoto!

Australian entrepreneur Craig Wright has publicly identified himself as Bitcoin creator Satoshi Nakamoto.

His admission follows years of speculation about who came up with the original ideas underlying the digital cash system.

Mr Wright has provided technical proof to back up his claim using coins known to be owned by Bitcoin’s creator.

Prominent members of the Bitcoin community and its core development team say they have confirmed his claims.

Mystery sovled, everybody go home! What’s that? Wright provided a technical proof? It’s based on a cryptographic signature? In that case I’m sure the experts are looking into his claim:

SUMMARY:

  1. Yes, this is a scam. Not maybe. Not possibly.
  2. Wright is pretending he has Satoshi’s signature on Sartre’s writing. That would mean he has the private key, and is likely to be Satoshi. What he actually has is Satoshi’s signature on parts of the public Blockchain, which of course means he doesn’t need the private key and he doesn’t need to be Satoshi. He just needs to make you think Satoshi signed something else besides the Blockchain — like Sartre. He doesn’t publish Sartre. He publishes 14% of one document. He then shows you a hash that’s supposed to summarize the entire document. This is a lie. It’s a hash extracted from the Blockchain itself. Ryan Castellucci (my engineer at White Ops and master of Bitcoin Fu) put an extractor here. Of course the Blockchain is totally public and of course has signatures from Satoshi, so Wright being able to lift a signature from here isn’t surprising at all.
  3. He probably would have gotten away with it if the signature itself wasn’t googlable by Redditors.
  4. I think Gavin et al are victims of another scam, and Wright’s done classic misdirection by generating different scams for different audiences.

Some congratulations should go to Wright — who will almost certainly claim this was a clever attempt to troll people so he doesn’t feel luck a schmuck for being too stupid to properly pull off a scam — for trolling so many people. Not only did the media get suckered but even members of the Bitcoin community fell for his scam hook, line, and sinker.

Sending The Wrong Messages

Any decent self-defense instructor will point out that the most important aspect in self-defense is situational awareness. If you are aware of your surrounds you have a far better chance of avoiding a fight entirely, which is the best form of self-defense.

The rise of mobile phones has seemingly hampered a great many people’s situational awareness. It’s not uncommon to see people walking around entirely unaware of their surroundings because their faces are looking down at their phones. This phenomenon has become so prevalent that one city is experimenting with crosswalk signals embedded in the ground:

Foreign visitors frequently wonder why crowds of Germans wait for traffic lights to turn green when there are no cars in sight.

That is why officials in the city of Augsburg became concerned when they noticed a new phenomenon: Pedestrians were so busy looking at their smartphones that they were ignoring traffic lights.

The city has attempted to solve that problem by installing new traffic lights embedded in the pavement — so that pedestrians constantly looking down at their phones won’t miss them.

Part of me thinks this sends the wrong message. When people are walking around they should be paying attention to their surroundings. Not only is it important from a self-defense aspect but it’s important for not running into other pedestrians.

I’m not stupid enough to assume you can convince people to stop looking at their phones when they’re walking around but there may be some middle ground that encourages people to not be looking down. A better solution may be be a focus on developing heads-up displays for people to wear so they can somewhat keep their eye on the sidewalk as they read through their messages.