A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘You’re Doing it Right’ tag

Reduced Competition

without comments

Pat Robertson appealed to the people of the United States to overlook the Saudis’ minor transgression of butchering a journalist because a $100 billion weapons sale was on the table. Not only does it appear as though those weapons sales will continue but there may actually be more! One of the United States’ competitors has announced its intention of pulling out of future arms deal with Saudi Arabia:

BERLIN — In a move that could put further pressure on President Trump to stop arms sales to Saudi Arabia, German Chancellor Angela Merkel announced Sunday evening that her government would not approve new arms exports to the kingdom until further notice.

If the United States can exploit Germany’s decision, it could ensure that Germany never gets another arms deal with Saudi Arabia. That would put the United States one step closer to being the despotic regime’s sole arms dealer! U-S-A! U-S-A! U-S-A!

Written by Christopher Burg

October 23rd, 2018 at 10:00 am

Posted in Politics

Tagged with ,

The End of TLS 1.0 and 1.1

with one comment

Every major browser developer has announced that they will drop support for Transport Layer Security (TLS) 1.0 and 1.1 by 2020:

Apple, Google, Microsoft, and Mozilla have announced a unified plan to deprecate the use of TLS 1.0 and 1.1 early in 2020.

TLS (Transport Layer Security) is used to secure connections on the Web. TLS is essential to the Web, providing the ability to form connections that are confidential, authenticated, and tamper-proof. This has made it a big focus of security research, and over the years, a number of bugs that had significant security implications have been found in the protocol. Revisions have been published to address these flaws.

Waiting until 2020 gives website administrators plenty of time to upgrade their sites, which is why I’ll be rolling my eyes when the cutoff date arrives and a bunch of administrators whine about the major browsers “breaking” their websites.

Every time browser developers announced years ahead of time that support will be dropped for some archaic standard, there always seems to be a slew of websites, include many major websites, that continue relying on the dropped standard after the cutoff date.

Written by Christopher Burg

October 17th, 2018 at 11:00 am

The First Candidate with a Convincing Argument

without comments

John McAfee is the first presidential candidate for this election cycle with a valid argument for electing him:

.@VerminSupreme and myself at the 2016 Libertarian National Convention. If that one chance in a trillion that I could be elected president actually happens, I will stand down and be replaced by him. Vermin would be the best president ever.

This looks like a winning team to me:

Written by Christopher Burg

October 12th, 2018 at 10:30 am

Posted in Politics

Tagged with ,

The Power of Not Voting

without comments

People like to talk about the power of voting but few bother to mention the power of not voting:

BUCHAREST (Reuters) – A referendum to change Romania’s constitution to prevent same sex couples from securing the right to marry failed to draw enough voters to validate the result on Sunday, after a campaign that led to a rise in hate speech against the gay community.

[…]

Dozens of human rights groups had said a successful referendum would embolden further attempts to chip away at the rights of minority groups and push Romania onto a populist, authoritarian track.

They have encouraged people to boycott the ballot, with several companies and popular musicians and artists following. A library chain even offered a book discount over the weekend for those who wanted to stay in and read rather than vote.

If voter turnout had been higher, the referendum may have passed. Since not enough people bothered to show up to validate the results, the referendum couldn’t pass.

Governments that describe themselves as democratic prefer to make it appear as though their power is endorse by “the people.” That means that they like to see high voter turnout. If a vast majority of people go to the polls during an election, a government can argue that it enjoys the endorsement of the majority of “the people.” If almost nobody shows up during an election, a government has a much tougher time making that claim.

Written by Christopher Burg

October 9th, 2018 at 10:00 am

Properly Warning Users About Business Model Changes

without comments

I have an update from my previous article about how the developers of GPGTools botched their changeover from offering a free software suite to a paid software suite. It appears that they listened to those of us who criticized them for not properly notifying their users that the latest update will change the business model because this is the new update notification:

That’s how you properly inform your users about business model changes.

Written by Christopher Burg

October 3rd, 2018 at 10:00 am

Cloudflare Makes Tor Use More Bearable

without comments

One of the biggest annoyances of using the Tor Browser is that so many sites that rely on Cloudflare services throw up CAPTCHA challenges before allowing you to view content. Yesterday Cloudflare announced a change to its service that should make life more bearable for Tor users:

Cloudflare launched today a new service named the “Cloudflare Onion Service” that can distinguish between bots and legitimate Tor traffic. The main advantage of this new service is that Tor users will see far less, or even no CAPTCHAs when accessing a Cloudflare-protected website via the Tor Browser.

The new Cloudflare Onion Service needed the Tor team to make “a small tweak in the Tor binary,” hence it will only work with recent versions of the Tor Browser –the Tor Browser 8.0 and the new Tor Browser for Android, both launched earlier this month.

Hallelujah!

Written by Christopher Burg

September 21st, 2018 at 10:00 am

The Power of Public Shaming

without comments

Every major security breach is followed by calls for politicians to enact more stringent regulations. When I see people demanding additional government regulations I like to point out that there is a list of alternative solutions that can yield far better results (especially since regulations, being a product of government, are extremely rigid and slow to change, which makes them a solution ill-suited to fast moving markets). One of those solutions is public shaming. It turns out that public shaming is often a viable solution to security issues:

See the theme? Crazy statements made by representatives of the companies involved. The last one from Betfair is a great example and the entire thread is worth a read. What it boiled down to was the account arguing with a journalist (pro tip: avoid arguing being a dick to those in a position to write publicly about you!) that no, you didn’t just need a username and birth date to reset the account password. Eventually, it got to the point where Betfair advised that providing this information to someone else would be a breach of their terms. Now, keeping in mind that the username is your email address and that many among us like cake and presents and other birthday celebratory patterns, it’s reasonable to say that this was a ludicrous statement. Further, I propose that this is a perfect case where shaming is not only due, but necessary. So I wrote a blog post..

Shortly after that blog post, three things happened and the first was that it got press. The Register wrote about it. Venture Beat wrote about it. Many other discussions were held in the public forum with all concluding the same thing: this process sucked. Secondly, it got fixed. No longer was a mere email address and birthday sufficient to reset the account, you actually had to demonstrate that you controlled the email address! And finally, something else happened that convinced me of the value of shaming in this fashion:

A couple of months later, I delivered the opening keynote at OWASP’s AppSec conference in Amsterdam. After the talk, a bunch of people came up to say g’day and many other nice things. And then, after the crowd died down, a bloke came up and handed me his card – “Betfair Security”. Ah shit. But the hesitation quickly passed as he proceeded to thank me for the coverage. You see, they knew this process sucked – any reasonable person with half an idea about security did – but the internal security team alone telling management this was not cool wasn’t enough to drive change.

As I mentioned above, regulations tend to be rigid and slow to change. Public shaming on the other hand is often almost instantaneous. It seldom takes long for a company tweet that makes an outrageous security claim to be bombarded with criticism. Within minutes there are retweets by people mocking the statement, replies from people explaining why the claim is outrageous, and journalists writing about how outrageous the claim is. That public outrage, unlike C-SPAN, quickly reaches the public at large. Once the public becomes aware of the company’s claim and why it’s bad, the company has to being worrying about losing customers and by extent profits.

Written by Christopher Burg

September 19th, 2018 at 10:00 am

Airport Law Enforcers Arrest Actual Criminals

without comments

Readers, I have a rare story for you today. Airport Law enforcers at the Minneapolis-St. Paul International Airport actually arrested honest to gods criminals:

A federal air marshal “flashed a gun in flight,” prompting police to remove him from the plane upon arrival at the Twin Cities airport and handcuff him on the tarmac along with a fellow marshal, authorities said Tuesday.

It would be nice if this was the beginning of a trend where local law enforcers make the lives of Transportation Security Administration (TSA) personnel as miserable as they make the lives of air travelers. Sadly, I doubt this is the case.

As for the air marshals, they were likely verifying the hair color of a passenger who was caught staring at a noisy child in a cold and penetrating manner during a previous flight.

Written by Christopher Burg

August 22nd, 2018 at 10:30 am

I Love Living in a Post Gun Control World

with one comment

I would like to take a moment to say that I really love living in a world where gun control is no longer enforceable:

Gun rights activist groups found a way around the temporary halting of 3D-printed gun blueprints by publishing another set of blueprints on a new website Tuesday, which they say is activity protected under the First Amendment.

“Through CodeIsFreeSpeech.com, we intend to encourage people to consider new and different aspects of our nation’s marketplace of ideas – even if some government officials disagree with our views or dislike our content – because information is code, code is free speech, and free speech is freedom,” reads a statement on the site, which was created by a variety of groups including the Firearms Policy Coalition and the Firearms Policy Foundation.

I couldn’t help but laugh at the phrase, “temporarily halting.” Nothing was halted by that court ruling. All of the 3D printer files were available well before that court ruling was made and continued to remain available afterwards. That should have been the first sign that gun control can no longer be enforced. But seeing websites appear that overtly defy the court order should be a wake up call for everybody that gun control is dead.

The debate about gun control is over (it has actually been over for quite some time). Every organization and individual who is fighting for gun control is fighting a battle that they have already lost.

Written by Christopher Burg

August 2nd, 2018 at 11:00 am

Free Research

with 2 comments

I’m beginning to think that Elon Musk posts seemingly zany shit on Twitter in order to trick people into studying his problems for him for free:

SpaceX CEO Elon Musk attracted a bit of attention when he suggested that we could get there simply by nuking Mars’ poles, liberating the ice (both water and carbon dioxide ices) into the atmosphere. When asked about the prospects for the plan, a scientist said, “Whether it would really work, I don’t think anyone has worked up the physics in enough detail to say it would.” Now, a couple of planetary scientists have accepted the challenge of working up the physics, and they have bad news for Musk.

I imagine Musk sitting at home and saying to himself, “I wonder if we could nuke that water on Mars to release it into the atmosphere?” As he sits there pondering the question he realizes that he doesn’t have the physics or chemistry knowledge to figure out whether that plan is feasible. After mentally going over the physicists and chemists he does have in house he decides that they’re working on more valuable research at the moment. Finally he decides that he can just get other people to research the problem for free, logs onto Twitter, and posts that he wants to nuke the water on Mars. A few minutes later a team of curious physicists and chemists decide to run the numbers then, realizing that Musk’s idea isn’t feasible, rush to social media to say, “See? See? Mr. Billionaire is wrong!” After seeing the report Musk leans back in his chair, sips his scotch, and smirks at the thought that he has received the answer to his question without spending even a single dime.

Written by Christopher Burg

August 1st, 2018 at 10:00 am