A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘You’re Doing it Wrong’ tag

Potentially Most Worthless Form of Protest Ever

with one comment

When a bunch of triggered snowflake conservatives started burning their Nike products to protest the company’s decision to make Colin Kaepernick its mascot, I foolishly asked if there a more useless way to protest a company than destroying your own property? The question was meant to be rhetorical but a trigger snowflake liberal stepped up to the plate to prove that there are more useless forms of protest through his act of protesting by shooting himself in the arm:

Mark J. Bird, 69, was charged last month with discharging a gun within a prohibited structure, carrying a concealed weapon without a permit and possessing a dangerous weapon on school property, court records show. He was found bleeding from a self-inflicted gunshot wound to his arm about 8:15 a.m. on Aug. 28 outside a bathroom in the Charleston campus K building.

[…]

One college employee told police that he held Bird’s hand to calm him down as others tried to stop the bleeding. While waiting for authorities to arrive, Bird said he had shot himself in protest of President Donald Trump, police noted in their report. The report did not elaborate.

I’m sure Trump is all broken up over the fact that some college professor, whom he would probably tear apart on Twitter if he was even vaguely aware of his existence, from Las Vegas decided to shoot himself in the arm with a .22 pistol. I expect Trump to announce his resignation this week due to the power of this professor’s protest.

The real icing on the cake though was this:

Inside the bathroom, campus police found a $100 bill taped to a mirror along with a note that said, “For the janitor,” according to Bird’s arrest report. On the floor of the restroom was a black-and-white, .22-caliber pistol and one spent shell casing.

$100 to clean up blood? Obviously this professor has no idea how expensive it is to cleanup a scene contaminated with blood. You don’t just run a mop across it and call it a day. The scene has to be sterilized because human blood can carry some really nasty shit.

I will probably regret this but I’ll ask anyways, is there a more useless way to protest than shooting one’s self in the arm with a small caliber handgun?

Written by Christopher Burg

September 13th, 2018 at 10:00 am

Don’t Trust Snoops

without comments

Software that allows family members to spy on one another is big business. But how far can you trust a company that specializes in enabling abusers to keep a constant eye on their victims? Not surprisingly, such companies can’t be trusted very much:

mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Oops.

I can’t say that I’m terribly surprised by this. Companies that make software aimed at allowing family members to spy on one another already have, at least in my opinion, a pretty flexible moral framework. I wouldn’t be surprised if all of the data collected by mSpy was stored in plaintext in order to make it easily accessible to other buyers.

Written by Christopher Burg

September 11th, 2018 at 11:00 am

Why Connecting Things to the Internet Doesn’t Give Me Warm Fuzzies

without comments

The tend in seemingly every market is to take features that function perfectly well without an Internet connection and make them dependent on an Internet connection. Let’s consider two old automobile features: remote door unlocking and engine starting. Most modern vehicles have the former and many now come equipped with the latter. These features are usually activated by a remote control that is attached to your key chain and have a decent range (the remote for my very basic vehicle can reliably start the engine through several walls). Tesla decided that such a basic feature wasn’t good enough for its high-tech cars and instead tied those features to the Internet. Needless to say, the inevitable happened:

Tesla’s fleet network connection is currently down, which means that owners of the EV brand of cars aren’t able to sign into the mobile app. Unfortunately, this means that they can’t remote start or remote unlock their cars, and they’re also unable to monitor their car’s charging status.

In all fairness, this isn’t an issue unique to Tesla. Any product that makes features dependent on an Internet connection will run into a service outages at one point or another. Your “smart” coffee maker’s service will eventually go down, which will force you to walk over and press the brew button like a goddamn barbarian instead of kicking off the brew cycle from an app as you continue lying in bed.

When these Internet dependent features really bite you in the ass though is when the service provider goes out of business, especially if the product itself cannot operate without the Internet service. There are a lot of current “smart” devices that will soon end up in a landfill not because they mechanically failed but because their service provider went bankrupt. While the features that became unavailable when Tesla’s service went down weren’t critical for the functionality of the vehicle, no longer being able to remotely unlock doors, start the engine, or check the charging status would really degrade the overall user experience of the company’s vehicles.

Written by Christopher Burg

August 31st, 2018 at 10:30 am

Don’t Believe Everything You Read on the Internet… or in a Book

without comments

The Internet is a platform for everybody, and I mean everybody. From scientists to conspiracy theorists. From medical professionals to witch doctors. From professional chefs to idiots who don’t know that the ingredients they’re recommending are toxic:

Holmgren’s idealized Little House lifestyle led to online fame and eventually helped her land a book deal. Which is fine. Holmgren’s Tales from a Forager’s Kitchen: The Ultimate Field Guide to Evoke Curiosity and Wonderment with More Than 80 Recipes and Foraging Tips hit shelves earlier this year. And amazingly, she had more to say than would fit in that subtitle—upon its release, Holmgren and her forest-find-decorated home were featured in publications like the Star Tribune.

Here’s the problem: Forager’s Kitchen also includes recipes that use raw morel mushrooms. There’s a smoothie in there made with raw elderberries.

Both of which are toxic if served uncooked.

The Internet gave Holmgren a platform and according to Shitty Pages she has risen through the ranks and is now an “Instagram influencer” (whatever the fuck that is). Thanks to fame that the Internet enabled her to accrue, she was able to publish a physical book. It just so happens that following the advice in her book could lead to some discomfort. So, yeah, thanks Internet!

I’m rather sad that this book is being recalled. I think a lot of people would benefit from direct experience in not believing every idiot thing that they read.

Written by Christopher Burg

August 16th, 2018 at 10:00 am

Nothing But the Best

with one comment

What’s the worst that could happen if the programmer for your pacemaker accepts software updates that aren’t digitally signed or delivered via a security connection? It could accept a malicious software update that when pushed to your pacemaker could literally kill you. With stakes so high you might expect the manufacturer of such a device to have a vested interest in fixing it. After all, people keeling over dead because you didn’t implement basic security features on your product isn’t going to make for good headlines. But it turns out that that isn’t the case:

At the Black Hat security conference in Las Vegas, researchers Billy Rios and Jonathan Butts said they first alerted medical device maker Medtronic to the hacking vulnerabilities in January 2017. So far, they said, the proof-of-concept attacks they developed still work. The duo on Thursday demonstrated one hack that compromised a CareLink 2090 programmer, a device doctors use to control pacemakers after they’re implanted in patients.

Because updates for the programmer aren’t delivered over an encrypted HTTPS connection and firmware isn’t digitally signed, the researchers were able to force it to run malicious firmware that would be hard for most doctors to detect. From there, the researchers said, the compromised machine could cause implanted pacemakers to make life-threatening changes in therapies, such as increasing the number of shocks delivered to patients.

Killing people through computer hacks has been a mainstay of Hollywood for a long time. When Hollywood first used that plot point, it was unlikely. Today software is integrated into so many critical systems that that plot point is feasible. Security needs to be taken far more seriously, especially by manufacturers to develop such critical products.

Written by Christopher Burg

August 10th, 2018 at 10:00 am

Altering the Deal

without comments

I’ve never understood the business model of relying entirely on one other company for revenue. It might sound like a good idea at first, especially if the other company is being especially generous, but if the other company changes the deal, you’re shit out of luck:

Apple is shutting down an App Store affiliate program that shared a small percentage of revenue generated by third-party links to purchase apps or in-app content.

[…]

Apple’s decision comes as a sucker punch to outlets like mobile gaming news and reviews site TouchArcade, which has long relied on the App Store affiliate program for a significant chunk of its revenue. As TouchArcade editor Eli Hodapp writes in a despairing post, the loss of the “reliable” affiliate revenue stream could very well kill the site, which will now lean more heavily on Patreon donations and Amazon affiliate links to stay afloat.

“I genuinely have no idea what TouchArcade is going to do,” Hodapp writes. “It’s hard to read this in any other way than ‘We went from seeing a microscopic amount of value in third-party editorial to, we now see no value.’ … I don’t know how the takeaway from this move can be seen as anything other than Apple extending a massive middle finger to sites like TouchArcade, AppShopper, and many others who have spent the last decade evangelizing the App Store and iOS gaming.”

Maybe deciding what TouchArcade will do if Apple cancels its affiliate program is something that should have been considered earlier. Especially since not too long ago Apple changed the terms of its affiliate program to reduce the amount of money affiliates received.

Threat modeling isn’t an exercise that should be performed exclusively by a company’s security team. Security threats are just one kind of threat that businesses face. Loss of revenue sources is another threat that must be considered.

Written by Christopher Burg

August 3rd, 2018 at 10:00 am

Incoherent Screeching

with one comment

Shortly after Cody Wilson won his day in court the gun control crowd started screeching incoherently. Failing to understand the reality of the situation, which is their modus operandi, they started demanding that judges, politicians, and anybody else involved in the government stop the distribution of files for printing firearms on 3D prints. The latest futile attempt to stop Wilson was made by several attorneys and a federal judge in Seattle:

A federal judge in Seattle has issued a temporary restraining order to stop the release of blueprints to make untraceable and undetectable 3D-printed plastic guns.

Eight Democratic attorneys general filed a lawsuit Monday seeking to block the federal government’s settlement with the company that makes the plans available online. They also sought a restraining order, arguing the 3D guns would be a safety risk.

A judge issued a restraining order? Oh no, whatever shall we do? I guess those 3D printer files are lost to the world now. Game over.

I wonder if these gun control fanatics are actually stupid enough to believe that. While a judge may issue a restraining order that prevents Defense Distributed, Wilson’s company, from offering the files they are still available via the most censorship resilient website on the Internet, The Pirate Bay. If you know anything about the history of The Pirate Bay, you know that there is no way in hell that any judged in the United States will get those files removed from that site. Even if they could do that, those files are being hosted by a number of people so anybody with the magnet link can still get the files. The genie is out of the bottle.

The Question to Stop 3D Guns

with one comment

You find some wonderful words of wisdom on Twitter:

If we don’t scream and yell, any person will be able to start printing 3D guns this Wednesday, August 1st.

As opposed to what we can print now, which are apparently only 2D guns!

Jeff sessions can stop this.

Oh, my sweet summer child.

Written by Christopher Burg

July 31st, 2018 at 10:00 am

Please Sir, Could You Spare Some Wi-Fi

without comments

If you’re caught burgling a house, claiming that you just wanted to use the Wi-Fi network is as good of an attempt to talk your way out of jail time as any:

A 60-something couple in Palo Alto got an unpleasant surprise on Sunday when they woke up in the middle of the night to find a masked intruder in their bedroom. He said he wanted to use the couple’s Wi-Fi network.

[…]

Remarkably, this wasn’t the suspect’s only legally dubious attempt to get Wi-Fi access that weekend. Just before midnight the previous night, police say, the same young man was found prowling around outside another Palo Alto home. When the house’s residents came out and confronted him, he “asked to use their Wi-Fi network because he was out of data.”

He should have said that he just wanted to use the bathroom.

Written by Christopher Burg

July 27th, 2018 at 10:30 am

Whoopsie

without comments

There are some jobs that are so critical that many people believe they must be performed by government agents. One of those jobs is protecting radioactive material. But what happens when you give an important job to an organization that historically sucks at everything? Exactly what you expect:

Two workers from the Department of Energy’s Idaho National Laboratory lost an undisclosed amount of plutonium and cesium from a rental car parked overnight in a San Antonio, Texas, hotel parking lot in a neighborhood known for car break-ins and other crimes, according to an article published Monday by the Center for Public Integrity.

The loss of the highly radioactive material occurred in March 2017 and was discovered when the two workers awoke the next morning to find the window of their Ford Expedition had been smashed. Missing were radiation detectors and small samples of plutonium and cesium used to calibrate them.

The best part? This isn’t the first time government agents have lost plutonium:

The missing plutonium and cesium join the ever-growing amount of MUF—short for material unaccounted for—that has resulted from thefts or losses over the years. In 2009, the Energy Department’s inspector general took account of radioactive materials the military loaned to US academic researchers, government agencies, or commercial firms. The conclusion: despite being listed until 2004 as securely stored, one pound of plutonium and 45 pounds of highly enriched uranium were missing.

Who needs a uranium enrichment program when you can just take what the United States has already produced?

This news shouldn’t surprise anybody. The Bureau of Alcohol, Tobacco, Firearms, and Explosives has a history of losing guns, the Pentagon has a history of losing money, and the Department of Health and Human Service has a history of losing children. The federal government flat out sucks at keeping track of anything left in its care.

Written by Christopher Burg

July 18th, 2018 at 10:30 am