Tag: Technology

Dey Tuk Er Jurbs

While I understand economics isn’t everybody’s favorite subject of study it’s also not rocket science either (although if you look at some of the magical formulas concocted by Keynesians you might think it is). There is no reason why people today should still believe the myth that automation leads to unemployment. But people still believe it:

The Associated Press has a three-part series on one of the biggest questions business and society will face in coming years.

Are we prepared for a world where 50 to 75 percent of workers are unemployed?

It seems like a ridiculous question, but it’s something economists and technologists say we seriously need to think about. It’s just math.

If you believe this then do yourself a huge favor and read Hazlitt’s Economics in One Lesson. Chapter seven, title The Curse of Machinery, buries this myth under six well deserved feet of ground.

Back when the industrial revolution was in full swing people often cursed automation as the killer of jobs. Then computers came to the market and they were going to render us all unemployed. Now we’re all supposed to be afraid of the job killing robots. In the end every supposed killer of jobs has failed to render everybody unemployed. Instead the employment market changed. People are still needed to do things that machines cannot. Even if we do reach a point where a vast majority of work is performed by robots it will only mean that goods and services will be so incredibly cheap that people will have to perform very little work to afford them. It will also mean that labor will become more specialized and therefore more expensive so an individual could live a very comfortable existence by only working a handful of hours a week, month, or year.

The robots may render specific jobs obsolete but they won’t render everybody unemployed. That’s just history.

You May Not Be Free But Encryption Works

The feds have been throwing a hissy fit since Apple and Google both announced that device encryption will be enabled by default on all of their mobile devices. Members of the Department of Justice have even gone so far as to imply that Apple (and, likely, Google) are marketing their devices to criminals and will ultimately be responsible for the death of a child (when all else fails just think of the children). But many people still wonder if these public tantrums are just for show. Do the feds have magical super-quantum-hyperdrive-computers that can crack any form of encryption ever?

Further evidence indicates they do not. Courts documents have been found showing how desperate the feds are getting in order to break device encryption:

OAKLAND, CA—Newly discovered court documents from two federal criminal cases in New York and California that remain otherwise sealed suggest that the Department of Justice (DOJ) is pursuing an unusual legal strategy to compel cellphone makers to assist investigations.

In both cases, the seized phones—one of which is an iPhone 5S—are encrypted and cannot be cracked by federal authorities. Prosecutors have now invoked the All Writs Act, an 18th-century federal law that simply allows courts to issue a writ, or order, which compels a person or company to do something.

A magical piece of paper that can compel you to do work for the state? Obviously we live in the freest country on Earth! While this story is further evidence that we’re little more than serfs in the eyes of the state it also shows that encryption works.

I know a lot of conspiracy theorists believe that the feds have magical computers that can break any form of encryption by utilizing subspace frequencies or some sort of bullshit like that. If that is true then the state must either be trying to keep it hush hush by not utilizing it (which would make it useless) or it costs a small fortune to operate (which makes it almost useless) because coercing people with the court system is terribly inefficient. So I think these court documents are a good indication that device encryption works pretty well and that’s reassuring.

Obviously rubber-hose cryptanalysis, which issuing legal threats is certainly a form of, is very effective so the question will become whether or not Apple is technically capable of bypassing the iPhone 5S’s encryption. Hopefully it is not.

GPGTools on OS X Yosemite

I finally upgrade my main system to OS X Yosemite. Why didn’t I upgrade it earlier? Because GPGTools, which I use for secure e-mail communications, wasn’t compatible with the new version of Mail. However the great team working on GPGTools released a beta earlier this month of a compatible version of their tools.

I’m happy to report that the beta works quite well (at least as far as my testing is concerned). One thing to keep in my is that the GPGTools team is going to charge for the final release of this updated tool. I have no problem with this because they do excellent work and have committed themselves to keeping the tool set open source. But Thunderbird and the Enigmail plugin are still free, which is something you may want to consider.

When the Cloud is More Secure

I’ve annoyed a great many electrons explaining how to free yourself from “the cloud” (online services controlled by the likes of Microsoft, Yahoo!, and Google). The reason I advocate individuals use self-hosted services is because it’s more difficult for creepers like the National Security Agency (NSA) to collect all of your data. As an anarchist the state is one of the most common malicious attackers in my threat models. But after gaining some experience helping somebody deal with a surveillance happy significant other I’ve finally had to consider other threat models. Namely models involving local threats. This is where “the cloud” comes in.

Consider a domestic abuse situation. The threat is likely going to be somebody who lives with you and therefore has physical access to your devices. Physical access is the death knell of any security setup (although with encrypted data storage the difficult of exploitation, assuming the threat isn’t using rubber hose cryptanalysis, has greatly increased) so what can you do? Move your data to “the cloud” and access it with anonymizing tools.

The last part is very important. If you access your “cloud” data from your normal machine using the standard tools there will be records left all over the place. However, if you use something like a Tails boot disk, which doesn’t write anything to any storage media by default and pumps all Internet traffic through Tor to render local network monitoring tools impotent, there will be very little evidence of you having created or access any data (although Tor doesn’t hide the fact that you’re using Tor, which is something to keep in mind if your network is being monitored locally).

In a situation where the data you create could agitate your threat it’s best to make sure that data is hidden. I haven’t really had time to go over the finer details of this threat model so what I’m writing here is simply a very brief introduction to something I’ve had to consider recently. Much more work is necessary on my part and I will try to post updates of what I come up with in the hopes it can help other people.

Encrypt Your Hard Drive

Modern versions of Windows, Linux, and Mac OS all have built-in utilities to completely encrypt the contents of your hard drives. Use these tools. Many people don’t encrypt their drives because they believe they have nothing to hide. But encryption your drive also protects against individuals altering the contents on your drive. This can be very valuable.

While an operating system will attempt to prevent unauthorized users from altering files or installing software when it has been booted by it will be rendered powerless if another method is used to boot the system, such as a boot disk. An encrypted hard drive, on the other hand, cannot be written to (any alteration of the encrypted data will appear to be garbage when you attempt to decrypt the drive) unless it is decrypted with the appropriate key.

That means an encrypted disk will prevent an attacker with physical access from installing software keyloggers, rootkits, and other potentially troublesome forms of malicious software.

I spent a decent portion of last night helping somebody deal with this scenario. As a related side note if you suspect your jealous and/or abusive significant other of having installed surveillance software on your system feel free to contact me. I will provide what assistance I can and I won’t charge a dime.

3D Printing a Better Future

3D printers are moving towards a world where goods can be readily manufactured at home instead of relying on centralized supply chains. A lot of people in the first world don’t understand the ramifications of this technology but in the third world the advantages of 3D printers are becoming quite obvious:

A growing number of people are bringing the maker spirit to off-the-grid and underdeveloped regions across the globe. It’s part of an effort to create technologically self-sufficient communities, while bringing a little economic uplift in the process.

Nonprofit organizations like Field Ready and for-profit businesses such as re3D have already brought 3D printers to underdeveloped economies. In Haiti, Field Ready’s Eric James and Dara Dotz are working on 3D printing on-demand birthing kits, including umbilical clamps. As Dotz told me, Field Ready is also encouraging small scale manufacturing of agricultural tools via 3D printing.

“We’re working on printing simple things like oxygen splitters for oxygen tanks, which link the tank to the patient,” Dotz said. “Small clinics just can’t get [these] medical products and equipment, which bigger hospitals can buy in bulk at a discount. You can also wait six months to three years to get your equipment, and then there can be a lot of corruption with that as well.”

3D printers have two advantages that I really cherish. First they decentralize manufacturing, which makes controlling can and can’t be manufactured difficult for the state. Second they allow people to store raw resources and use them to make needed tools when (or near when) they’re needed. Keeping a stock of every tool you may need is generally more difficult than keeping stock of spools of plastic wire.

The first world probably won’t see these advantages in action for some time but the third world, as is often the case, is seeing the effects of innovation in the present.

At Least One ISP Trying to Prevent Customers from Using Encrypted Communications

Once again the centralized nature of today’s Internet is biting us in the ass. In addition to Internet Service Providers (ISP) already throttling traffic we now have one wireless provider actively preventing its customers from using STARTTLS:

But the second example Golden Frog provides is much scarier and much more pernicious, and it has received almost no attention.

In the second instance, Golden Frog shows that a wireless broadband Internet access provider is interfering with its users’ ability to encrypt their SMTP email traffic. This broadband provider is overwriting the content of users’ communications and actively blocking STARTTLS encryption. This is a man-in-the-middle attack that prevents customers from using the applications of their choosing and directly prevents users from protecting their privacy.

[…]

This is scary. If ISPs are actively trying to block the use of encryption, it shows how they might seek to block the use of VPNs and other important security protection measures, leaving all of us less safe. Golden Frog provides more details of what’s happening in this case:

Golden Frog performed tests using one mobile wireless company’s data service, by manually typing the SMTP commands and requests, and monitoring the responses from the email server in issue. It appears that this particular mobile wireless provider is intercepting the server’s banner message and modifying it in-transit from something like “220 [servername] ESMTP Postfix” to “200 ********************.” The mobile wireless provider is further modifying the server’s response to a client command that lists the extended features supported by the server. The mobile wireless provider modifies the server’s “250-STARTTLS” response (which informs the client of the server’s capacity to enable encryption). The Internet access provider changes it to “250-XXXXXXXA.” Since the client does not receive the proper acknowledgement that STARTTLS is supported by the server, it does not attempt to turn on encryption. If the client nonetheless attempts to use the STARTTLS command, the mobile wireless provider intercepts the client’s commands to the server and changes it too. When it detects the STARTTLS command being sent from the client to the server, the mobile wireless provider modifies the command to “XXXXXXXX.” The server does not understand this command and therefore sends an error message to the client.

As Golden Frog points out, this is “conceptually similar” to the way in which Comcast was throttling BitTorrent back in 2007 via packet reset headers, which kicked off much of the last round of net neutrality concerns. The differences here are that this isn’t about blocking BitTorrent, but encryption, and it’s a mobile internet access provider, rather than a wired one. This last point is important, since even the last net neutrality rules did not apply to wireless broadband, and the FCC is still debating if it should apply any new rules to wireless.

The article is arguing from a net neutrality angle but I see this as a technical issue. This is only made possible because Internet access is centrally controlled and end-to-end encryption wasn’t in the original design. Decentralizing Internet access would be a major win because it would prevent any single organization from weakening Internet security by blocking encrypted traffic. And if end-to-end encryption was in the originally design (which, I understand, was not technically feasible at the time) this wouldn’t be possible because blocking encrypted communications would block any communications.

Net neutrality will not save us. After all the government, especially the National Security Agency (NSA), probably has a literal hard-on for this idea. Again I reiterate that the only way to save the Internet is to wrestle control over it away from the state and its corporate partners that are providing our Internet access. I will again point out that mesh networks are a pretty neat idea for accomplishing exactly this. Instead of howling for the government to step in and save us from itself I believe we should be investing our energies in trying to decentralize Internet access as much as possible.

What Authors Come Up With When They Understand Neither Technology or Guns

Most gun owners know that journalists employed by major media outlets have a notorious lack of understanding of guns. Their ignorance, as many people working in the computer field know, doesn’t just apply to guns through. When it comes to technology they are more often than not entirely clueless. So when guns and technology are combined in one article the only expectation should be totally stupidity and that’s what we have here:

Broadcast for Safe Firearms draws on the idea that if computers are now reliable enough for cars, medicine and fly-by-wire aircraft, they are probably reliable enough to provide a framework to cut down mass shootings.

The idea isn’t brand-new, as the authors note. Their addition to the research is to propose what they call a “context-aware system in the firearm” that can draw on information from sensors in the environment to make safety decisions.

In other words, instead of enforcing “safe environment” rules by way of checkpoints where guns are not permitted (on airplanes, in consulates and embassies and so on), “we propose to address these safety areas within the firearm itself”. The gun would negotiate its operations by communicating with the safety area transmitter.

If the author understood guns and technology he would know to call bullshit on this research immediately. It’s an unworkable idea. The first thing going against it is that it relies on a central authority to distribute the access control lists to each individual firearm. That means any firearm will only be as capable as the central authority allows it to be. It also means that there is one point of failure, which is never desirable. Another thing going against this idea is that it relies on wireless communications to enable or disable firearms. Wireless communication is an amazing technology but we still haven’t mastered foolproof communication. Something as simple as a concrete wall can block a wireless signal meaning many buildings suffer very spotty wireless coverage. Additionally the access control mechanism is easily defeated by those shielded carrying bags.

It’s also worth noting that this mechanism, like most gun control schemes, relies on controlling the design of a very simple mechanical device. How, exactly, does one integrate this technology in already existing firearms and prevent individuals with 3D printers or computer numerical control (CNC) machines from building firearms without this technology included?

Obama Urges FCC to Allow ISPs to Charge by the Byte

Net neutrality is back in the limelight again thanks to one idiotic senator and one idiotic president. First there is Ted Cruz, who seems entirely unaware of how the Internet currently works:

Cruz spokeswoman Amanda Carpenter echoed the senator in her own tweet, writing, “Net neutrality puts gov’t in charge of determining pricing, terms of service, and what products can be delivered. Sound like Obamacare much?”

The Internet in this country already moves at the speed of government thanks to the regulatory atmosphere that gives a handful of Internet Service Providers (ISP) a practical monopoly on providing Internet access. And Cruz’s spokeswoman isn’t much smarter since net neutrality doesn’t put the government in charge of pricing, terms of service, or what products can be offered. It’s just a fancy term for the status quo, which is all traffic being treated with equal priority. What would give the government control over such matters is if we went with what the government considers net neutrality, which is an even more heavily regulated market than the one that already exists.

But the Republicans weren’t the only ones to field an idiot to speak about the Internet this week. The Democrats fielded none other than Obama:

President Obama today urged the Federal Communications Commission (FCC) to reclassify broadband service as a utility and to impose rules that prevent Internet service providers from blocking and throttling traffic or prioritizing Web services in exchange for payment. Obama also said utility rules should apply both to home Internet service and mobile broadband.

Treat the Internet like a utility? That’s just urging ISPs to charge customers by the byte instead of charging by access speed. Furthermore it would give local governments more power to further monopolize Internet access. Many municipalities already grant one or two companies control over utilities such as water and electricity. Case in point, the government of Minneapolis has granted monopoly electricity contracts to Xcel Energy and monopoly natural gas contracts to Centerpoint Energy. Imagine if the Internet becomes a utility. Then municipal governments such as Minneapolis could grant monopoly contracts to the likes of Comcast. Not only would you potentially be paying by the byte but you probably wouldn’t even have the almost nonexistent choice between ISPs that you have today.

So long as rely on the state to solve this problem we’re going to get fucked hard. The only long-term solution is to decentralize Internet access provision. That’s why I’ve been working on mesh networking initiatives. Mesh networks provide a decentralized network that would be very difficult for the state to regulate if designed correctly. I’m sure other options exist for decoupling the Internet from the state and I would love to hear about them.

If You’re Going to Run an Illegal Business Don’t Hire a Fed

The big news floating around the darknet community is that the Federal Bureau of Investigations (FBI) managed to shutdown Silk Road 2.0. When the news first broke there was a lot of speculation about how the FBI managed to do this. Many people theorized that the FBI has managed to break Tor’s hidden service functionality in such a way that it can identify the location of servers. As it turns out the FBI’s method was much more mundane:

The complaint describes how federal agents infiltrated Silk Road 2.0 from the very start, after an undercover agent working for Homeland Security investigators managed to infiltrate the support staff involved in the administration of the Silk Road 2.0 website.

“On or about October 7, 2013, the HSI-UC [the Homeland Security Investigations undercover agent] was invited to join a newly created discussion forum on the Tor network, concerning the potential creation of a replacement for the Silk Road 1.0 website,” the complaint recounts. “The next day, on or about October 8, 2013, the persons operating the forum gave the HSI‐UC moderator privileges, enabling the HSI‐UC to access areas of the forum available only to forum staff. The forum would later become the discussion forum associated with the Silk Road 2.0 website.”

The complaint also explains how the feds located and copied data from the Silk Road 2.0 servers. “In May 2014, the FBI identified a server located in a foreign country that was believed to be hosting the Silk Road 2.0 website at the time. On or about May 30, 2014, law enforcement personnel from that country imaged the Silk Road 2.0 Server and conducted a forensic analysis of it . Based on posts made to the SR2 Forum, complaining of service outages at the time the imaging was conducted, I know that once the Silk Road 2.0 server was taken offline for imaging, the Silk Road 2.0 website went offline as well, thus confirming that the server was used to host the Silk Road 2.0 website.”

The FBI didn’t utilize anything fancy, it relied on old fashioned investigative work. First it infiltrated an agent into the Silk Road 2.0 team and then it obtained the cooperation of foreign law enforcers to obtain an image of the server and looked to see if complaints of downtime corresponded to the server being taken down for imaging.

The takeaway from this is that keeping a hidden service truly hidden is difficult, especially when your adversary has the resources of government law enforcers on its side. That doesn’t mean it’s impossible but you have to know exactly what you’re doing.

As an agorist I’m a huge fan of “black” market businesses so long as they don’t involved initiating force against people. Silk Road was a great business that not only managed to siphon funds away from the state and render its drug prohibition irrelevant but it also made the drug trade safer by separating customers from sellers with a nice barrier of anonymity. While Silk Road 2.0 shutting down is rather sad it’s not the end of the world since another hidden service will rise to replace it. Hopefully the new online drug market will learn lessons from this case and make themselves even more difficult to shutdown.