Tag: Technology

See What Lack of Regulations Get You

The personal electronics industry is considered to be one of the less regulated industries in the United States. While the government continues to meddle with emission requirements on automobiles, keeping monopoly control over wireless spectrum, and requires it’s sign off on every single item they randomly label as a drug they don’t do a hell of a lot in regulating personal electronics devices.

The fruits of less regulations can be seen by many aspects of personal electronics. Our electronics are becoming every smaller, more powerful, and an ever increasing number of devices are being made available for our purchasing pleasure. Another benefit is the fact that our devices are getting cheaper by the day. You know that super fast video card you purchased today for $400.00? In a few months it’ll be old business and the price will drop to $200.00. For those of us who don’t care about the latest and greatest in video cards we’ll be able to nab a perfectly serviceable card for half the price. For those who want the bleeding edge in graphics technology it’s there for the taking.

And for those who want an entire terabyte of data in their laptop they can have it for roughly $100.00. Don’t worry, I’m not shilling for Newegg on here since they don’t pay me to but I thought it was rather awesome that laptop drives with 1TB of capacity have dropped to the $100.00 range so quickly. Ever increasing capabilities for an ever decreasing price is a side-effect of less government regulation and should be celebrated by all. Just imagine what could be done for other markets if the government would simply pull its fingers out and let us, the consumers, decide on what should and shouldn’t be implemented.

The Coolest Flying Drone Out There

What if I told you there was an unmanned drone that was developed to fly around, sniff Wi-Fi networks, and eavesdrop on GSM phone conversations? You’d probably get angry and yet another device developed by Motherland Homeland Security to spy on the citizens of the United States. In this case your rage would be misdirected because this drone was developed by a private individual trying to raise awareness of the poor security found on many Wi-Fi and all GSM networks:

At the Black Hat and Defcon security conferences in Las Vegas next week, Mike Tassey and Richard Perkins plan to show the crowd of hackers a year’s worth of progress on their Wireless Aerial Surveillace Platform, or WASP, the second year Tassey and Perkins have displayed the 14-pound, six-foot long, six-foot wingspan unmanned aerial vehicle. The WASP, built from a retired Army target drone converted from a gasoline engine to electric batteries, is equipped with an HD camera, a cigarette-pack sized on-board Linux computer packed with network-hacking tools including the BackTrack testing toolset and a custom-built 340 million word dictionary for brute-force guessing of passwords, and eleven antennae.

“This is like Black Hat’s greatest hits,” Tassey says. “And it flies.”

On top of cracking wifi networks, the upgraded WASP now also performs a new trick: impersonating the GSM cell phone towers used by AT&T and T-Mobile to trick phones into connecting to the plane’s antenna rather than their carrier, allowing the drone to record conversations and text messages on a32 gigabytes of storage

How fucking cool (and scary) is that? Truth be told the security on many devices that we commonly use today is completely nonexistent. Last year there was a demonstration at Defcon showing that it’s very possible for an average person to get the equipment necessary to spy on people using GSM phones (CDMA, as far as I know, is still safe from non-government snoopers).

This is Why You Shouldn’t Rely on Third Party Services

There have been a few stories lately about people getting booted out of Google’s Google+ service. I haven’t covered it because I honestly don’t give a shit, that is until now. A Google likes to tie all of their services to your Google account it is possible for you to get booted from all of your Google services if they decided to kick you off of Google+, and that’s what apparently happened to one person:

Marcheschi had the last seven years of his digital life stored on various Google services, and he lost access to all of it two weeks ago when Google mysteriously killed his account and refused to tell him why.

Two days ago, as public pressure on Google to explain itself mounted, Marcheschi found out why. A Google bot that automatically scans Picasa for illegal images flagged something Marcheschi had posted as child pornography. And that was all she wrote – goodbye Gmail, Blogger, Calendar, Docs, photos, and all the rest.

It turns out that the image he posted, though admittedly disturbing, was not technically porn. In fact, he says his reason for posting the image – to a collection he curated called “The Evolution of Sex” — was to make a point about how you can post images of minors being sexualized without breaking any laws. (Marcheschi says Google deleted the image, he has no other copy, and doesn’t remember where he found it on the InterWebs, so there’s no way to judge for yourself.)

Luckily for Marcheschi, a Google human stepped in, determined that Dylan was not a kiddie porn merchant, and turned his account back on.

But what if something similar happened to you, and you weren’t so lucky?

What if you owned an Android phone, which uses your Google ID to access all kinds of data services, and Google killed your account? Would you have a brick in your pocket

Situations like this are why I’ve moved my needed services onto computers I personally control. In the case of Marcheschi an automated bot incorrectly flagged something he posted as illegal and killed his entire Google account. If you’re running an Android phone getting your entire account killed is basically a death sentence for your phone as well.

Android phones backup everything to Google’s services including the applications you’ve purchased, contacts, calendar events, e-mail, etc. You would lose all records of every application you purchased from the Android Market meaning you’d have to repurchase them all again. Basically you’d have to start from square one again as the phone is unable to make backups to local machines.

Relying heavily on third party services is a dangerous endeavor. If that services goes away or kicks you off you lose everything that was dependent on that service. This nice thing about my iPhone is that I can tie it to my self-hosted services meaning if Apple every killed my iTunes account I’d still have all of my personal information safely stored on my server safe and sound. This is why I want CalDAV and CardDAV support in Android so badly, at least then I wouldn’t have to rely on Google’s services to sync and keep my personal information.

Either way this should be a lesson as to why it’s best to do it yourself (not just in technology but in anything you possibly can).

Chiappa and RFID

It has been discovered that Chiappa is going to start adding radio-frequency identification (RFID) chips to their handguns for inventory and quality control purposes. RFID, like any technology, has good and bad uses. The Firearm Blog has a nice writeup on the whole situations including a press release from MKS Distributing which is rather snarky:

RFID Removal: For those still concerned you can simply remove the grip and remove the hot glued RFID from the frame in the grip area when (over a year from now) these begin to appear. Others may prefer to wrap the revolver and their head in aluminum foil, curl in a ball and watch reruns of Mel Gibson’s 1997 film, Conspiracy Theory. Well, that’s a plan too!

I smiled a little at the snarky remark and then shook my head as its obvious MKS Distributing doesn’t understand the very real concerns over implanting RFID chips into firearms. Although MKS Distributing claims the RFID chips can only be read a few inches a way that was proven to be completely incorrect at last year’s Defcon. RFID chips are very simple, thus they have no built-in security mechanisms meaning anybody with the right equipment can read them without your knowledge.

Combine this with the fact that obtaining RFID readers is pretty cheap these days and you can see a problem for people carrying concealed. Although I would rip these chips out the second I obtained a gun with embedded RFID chips, most people would not know to look for or pull out these blasted little identification chips. With simple equipment somebody would be able to read the RFID chip on your firearm and instantly know whether or not you were carrying a firearm. Part of the reason people carry concealed is because they don’t want anybody else to know they’re carrying. Often this is to make others feel more comfortable but another reason is to have the element of surprise should you ever have to pull it. Embedding RFID chips into firearms would give criminals a means of know whether or not you were armed and take appropriate actions.

Of course there is also the possibility of using the RFID chip to identify homes of gun owners (a person staking out your home could just drop an RFID reader in your area and see if they come across any hits). If a person has one gun (for instance if they’re carrying it out the door when leaving for work) it’s likely they have others which would make their home a desirable target for the would be thief. On top of that, if you left the reader in the area for a couple of weeks a potential thief could figure out when the homeowner is away so they could move in and rob the place without resistance.

Putting a passive remotely readable device into anything isn’t a great idea, but that idea becomes far worse when that object is a firearm. Personally I won’t support Chiappa as I feel that would be promoting this type of behavior but I also believe what MKS Distributing said is true, RFID chips will become far more prevalent in firearms down the line.

OS X Lion, Full Screen Applications, and Multiple Monitors

Full-screen mode in OS X Lion seems like a gimmick feature to me so I’ve basically ignored it. After a while I thought about the fact that many of the applications I run are opened on their own dedicated virtual desktop which is kind of like full-screen mode so I thought it would be worth experimenting with the gimmick.

My conclusion is that this feature is still a gimmick. Why? There is no support for multiple monitor setups. If you put an application in full-screen mode on a computer with multiple monitors hooked up the application will be displayed on the primary monitor while the second one will be greyed out. This part makes sense but when you put a second application in full-screen mode is basically creates a new virtual desktop with the application on the primary monitor and the second monitor greyed out. It would seem to me having an option to have the second full-screen application open on the second monitor that isn’t being used by the first full-screen application would make a whole lot of sense.

I’m really hoping VMWare Fusion doesn’t being utilizing Lion’s full-screen API because as it currently sits I can have a virtual machine in full-screen mode on one monitor and other applications on a second monitor.

My Top Android Gripes

Although I’ve switched over to an iPhone as my primary mobile communication device ever so often (usually when a new version of Android drops) I grab my Android handset and test it to see if any of my problems have been resolved. With the release of 2.3.5 for my Nexus S I decided to give Android another run through and I’ve found the following glaring problems:

Virtual Private Networking (VPN) still doesn’t work: How long as Android been out? Something approaching three years now I believe, and it still lacks functioning VPN capabilities. VPN isn’t exactly rocket science as Windows, Linux (which Android is bloody based off of), Mac OS, iOS, Palm OS, and WebOS all have functioning VPN capabilities. Why can’t Google get it working properly in their mobile OS?

No support for CalDAV or CardDAV: CalDAV and CardDAV are open standard protocols for remote calendaring and contact management. Once again I find that almost every other operating system on the planet, including iOS, have support for these two protocols. It seems trivial to me that a company the size of Google couldn’t just download an already completed CalDAV and CardDAV Linux client library and use it to add built-in support for both in Android.

No support for public-key identify certificates: I use self-signed certificates for my mail, calendar, address book, VPN, and HTTPS needs. Although Android has full support for IMAP (although using a separate e-mail client from their star GMail app) Android doesn’t have any way of importing identity certificates (which was a bitch I might add). Although I’ve been able to import my identify certificate Android seems unable to use it to identify TLS connections. When I connect to my IMAP server Android informs me that it can’t establish a chain of trust for for the server’s TLS certificate. Well the public key that establishes that chain of trust is right in the fucking certificate store, why not check there?

No method of encrypting data stored on the device: You know what’s nice about iOS? All of your data can be stored in an encrypted format meaning somebody can’t just grab the phone and download everything without knowing your password (it also makes wiping data from the phone quick as you can just erase the encryption keys). You know what’s not so nice about Android? There is no way to full encrypt everything stored on the phone. Once again full disk encryption isn’t exactly rocket science as Windows, OS X, and iOS all have that capability built-in.

I really want to like Android but Google makes it so damned difficult. If you’re willing to simply use Google’s service Android is decent (although you’re still fucked on the VPN side of things). But when you want to move off of Google’s services and use your own then Android becomes completely unusable. Why should Google care since they want people using their services? Simple, many businesses also need the very things I’ve mentioned. Without these capabilities Google is lacking the ability to make headway into many market sectors that Apple is currently moving into. In addition to that all the problems I’ve listed are gripes that people have posted in the Android support and development forums meaning I’m not the only one wanting these features.

On top of that I’m of the firm belief that a feature advertised in the operating system should work. Android has a preference pane to enter VPN settings and it has a preference pane to import certificates but neither feature works. It looks damn sloppy when your operating system advertises a feature that isn’t functional. Hell, it’s not just that these features aren’t functional, it’s that Android has been out for roughly three years and the features still aren’t functional.

Once again I’ve given Android a chance and found it lacking. I’ll patiently wait for the next Android release where I’ll start this cycle all over again and hope that some of these features are actually working then.

A Rather Pointless Endeavor

Sometimes I look at a newly announced product and simply ask, “Why?” This is rare for me because I recognize that there are many different people with many different needs but sometimes even that fact doesn’t explain the reason a product managed to see the light of day. Canon just announced a new device that is an amalgamation of a Bluetooth laser mouse and a 10-digit calculator.

You know what program all computers have on them? A calculator. It’s true, even your damned cell phone has a bloody calculator built in. Since our computers already have calculator programs included what do we want a mouse that also has a built-in calculator? I could think of a great many other, more useful, gadgets to include in a mouse.

I’ve Been Saying This About Bitcoin For a While

As I hang out with a large circle of liberty minded people the topic of Bitcoin comes up frequently. Generally there are two schools of thought when it comes to Bitcoin; the school that believes Bitcoin is our salvage from government controlled money and the school that thinks Bitcoin is a fad that will die out soon enough.

Although I find many things to like about Bitcoin anonymity isn’t one of them. People often tout Bitcoin as being anonymous and state that as a huge plus. The problem comes from the fact that every Bitcoin transaction ever made is forever stored in the Bitcoin network. This means if somebody is able to tie a Bitcoin wallet ID to a person they could begin the process of tying other walled IDs to people. This can be done pretty easily through data mining (or, if the first wallet ID was discovered through computer access, potentially looking through the user’s Bitcoin address book).

Well somebody finally did some experimentation and demonstrated what I’ve been saying:

Anonymity is not a prominent design goal of Bitcoin. However, Bitcoin is often referred to as being anonymous. We have performed a passive analysis of anonymity in the Bitcoin system using publicly available data and tools from network analysis. The results show that the actions of many users are far from anonymous. We note that several centralized services, e.g. exchanges, mixers and wallet services, have access to even more information should they wish to piece together users’ activity. We also point out that an active analysis, using say marked Bitcoins and collaborating users, could reveal even more details. The technical details are contained in a preprint on arXiv. We welcome any feedback or corrections regarding the paper.

Arguments about the merits of Bitcoin as a competing currency to currently government controlled monies are still relevant but please stop claiming the advantage of anonymity. If you want the most anonymity in your transactions use physical commodities. Any electronic currency system needs to ensure transactions are valid in order to prevent counterfeiting, and thus devaluation. The only way to do this is to know the entire history of each monetary unit which necessarily involves keeping records of every transaction. As transactions occur between individuals some method can always been used to tie a specific monetary unit to a particular person.

Physical commodities aren’t reproducible without physical effort which negates the need to have some kind of record of every transaction that commodity has been through.

OS X Lion Server Admin Tools

When I upgrade my machines to OS X Lion I noticed something of importance was missing, Server Admin Tools. For those who don’t know Server Admin Tools is a package of applications that works as a front-end for maintaining OS X Server installations. These tools aren’t necessary as you can managed everything from the command line if you desire but, being a naturally lazy person who isn’t too fond of manually editing a 500 line text file to change one little thing, I prefer using a quick graphical interface. The administration panel that is included with OS X Lion Server is a toy that doesn’t allow any real manual configuration so that’s out as far as I’m concerned.

Thankfully Apple has posted Server Admin Tools 10.7 on their website. Why the OS X Lion installer didn’t automatically include this or download it from the website when it was upgrading my system I’ll never understand. It wouldn’t be that difficult for the installer to see that I have Server Admin Tools installed and thus it should either upgrade those applications or leave them the Hell alone. Simply removing them wasn’t my idea of funny nor entertaining.

Either way if you’ve upgrade your system to OS X Lion and rely on Server Admin Tools you’re relegated to manually navigating to the website and downloading the installer package.

NoScript Awarded the $10,000 Dragon Research Group Security Innovation Grant

It’s likely you’ve heard to praise the awesome Firefox plugin that is NoScript. NoScript is the primary reason why I’m still running Firefox instead of Chrome. That’s why I’m glad that the plugin was awarded the Dragon Research Group Security Innovation grant which includes $10,000.

NoScript is kind of a Swiss Army knife in regards to Firefox plugins. The main purpose of the plugin is to block scripting on all domains that you haven’t specifically white listed. This not only improves security by preventing malicious scripts from running but it also makes the web a much nicer place to visit since it blocks those annoying pop-over ads that block the site until you dismiss them. I’m honestly at the point where I can’t even stand visiting many websites unless I block scripting on those domains.