Tag: You’re Doing it Wrong

I’m Satoshi Nakamoto! No, I’m Satoshi Nakamoto!

The price of Bitcoin was getting a little wonky again, which meant that the media must be covering some story about it. This time around the media has learned the real identify of Satoshi Nakamoto!

Australian entrepreneur Craig Wright has publicly identified himself as Bitcoin creator Satoshi Nakamoto.

His admission follows years of speculation about who came up with the original ideas underlying the digital cash system.

Mr Wright has provided technical proof to back up his claim using coins known to be owned by Bitcoin’s creator.

Prominent members of the Bitcoin community and its core development team say they have confirmed his claims.

Mystery sovled, everybody go home! What’s that? Wright provided a technical proof? It’s based on a cryptographic signature? In that case I’m sure the experts are looking into his claim:

SUMMARY:

  1. Yes, this is a scam. Not maybe. Not possibly.
  2. Wright is pretending he has Satoshi’s signature on Sartre’s writing. That would mean he has the private key, and is likely to be Satoshi. What he actually has is Satoshi’s signature on parts of the public Blockchain, which of course means he doesn’t need the private key and he doesn’t need to be Satoshi. He just needs to make you think Satoshi signed something else besides the Blockchain — like Sartre. He doesn’t publish Sartre. He publishes 14% of one document. He then shows you a hash that’s supposed to summarize the entire document. This is a lie. It’s a hash extracted from the Blockchain itself. Ryan Castellucci (my engineer at White Ops and master of Bitcoin Fu) put an extractor here. Of course the Blockchain is totally public and of course has signatures from Satoshi, so Wright being able to lift a signature from here isn’t surprising at all.
  3. He probably would have gotten away with it if the signature itself wasn’t googlable by Redditors.
  4. I think Gavin et al are victims of another scam, and Wright’s done classic misdirection by generating different scams for different audiences.

Some congratulations should go to Wright — who will almost certainly claim this was a clever attempt to troll people so he doesn’t feel luck a schmuck for being too stupid to properly pull off a scam — for trolling so many people. Not only did the media get suckered but even members of the Bitcoin community fell for his scam hook, line, and sinker.

Sending The Wrong Messages

Any decent self-defense instructor will point out that the most important aspect in self-defense is situational awareness. If you are aware of your surrounds you have a far better chance of avoiding a fight entirely, which is the best form of self-defense.

The rise of mobile phones has seemingly hampered a great many people’s situational awareness. It’s not uncommon to see people walking around entirely unaware of their surroundings because their faces are looking down at their phones. This phenomenon has become so prevalent that one city is experimenting with crosswalk signals embedded in the ground:

Foreign visitors frequently wonder why crowds of Germans wait for traffic lights to turn green when there are no cars in sight.

That is why officials in the city of Augsburg became concerned when they noticed a new phenomenon: Pedestrians were so busy looking at their smartphones that they were ignoring traffic lights.

The city has attempted to solve that problem by installing new traffic lights embedded in the pavement — so that pedestrians constantly looking down at their phones won’t miss them.

Part of me thinks this sends the wrong message. When people are walking around they should be paying attention to their surroundings. Not only is it important from a self-defense aspect but it’s important for not running into other pedestrians.

I’m not stupid enough to assume you can convince people to stop looking at their phones when they’re walking around but there may be some middle ground that encourages people to not be looking down. A better solution may be be a focus on developing heads-up displays for people to wear so they can somewhat keep their eye on the sidewalk as they read through their messages.

Berning The Middle East Down

One thing that marks this presidential election is the complete absence of a mainstream anti-war candidate. In 2008 and 2012 Ron Paul was the predominant anti-war candidate for the Republicans and Obama pretended to be anti-war in his 2008 campaign. But this year not a single major candidate is even pretending to be anti-war. When I point this out somebody inevitably brings up Bernie Sanders but even he isn’t hiding his murderous desires:

QUESTION: Senator Sanders, you said that you think that the U.S. airstrikes are authorized under current law, but does that mean that the U.S. military can lawfully strike ISIS-affiliated groups in any country around the world?

SANDERS: No, it does not mean that. I hope, by the way, that we will have an authorization passed by the Congress, and I am prepared to support that authorization if it is tight enough so I am satisfied that we do not get into a never-ending perpetual war in the Middle East. That I will do everything I can to avoid.

(APPLAUSE)

But the President, no President, has the ability willy-nilly to be dropping bombs or using drones any place he wants.

HAYES: The current authorization which you cite in what Miguel just quoted which is the authorization to use military force after 9/11. That has led to the kill list. This President — literally, there is a kill list. There is a list of people that the U.S. government wants to kill, and it goes about doing it. Would you keep the kill list as President of the United States?

SANDERS: Look. Terrorism is a very serious issue. There are people out there who want to kill Americans, who want to attack this country, and I think we have a lot of right to defend ourselves. I think as Miguel said, though, it has to be done in a constitutional, legal way.

HAYES: Do you think what’s being done now is constitutional and legal?

SANDERS: In general I do, yes.

So he’s hoping, as president, he’ll receive authorization to continue doing what Bush and Obama have already been doing. But even more concerning is his support of the kill list.

I’ve discussed the kill list several times but I’ll summarize the problem with it for the benefit of newer readers. The names that appear on the kill list aren’t people who have been found guilty through due process. In fact we only know a little bit about the secret criteria used to justify adding names to the list and that information only came from an unauthorized leak. Sanders believes murdering foreigners without due process is both constitutional and legal.

To put this as diplomatically as I can, fuck Sanders. Anybody who claims he’s an anti-war candidate is either a liar or ignorant.

Yet Another Reason Why Democracy Sucks

Democracy has been deified in our society and any dissent is treated as high treason. But I’m here to tell you that democracy sucks.

Democracy is built on the idea that whatever a majority of a voting body decides is somehow just. But what happens when the majority of a voting body decides your so-called rights are mere privileges and furthermore have deemed you no longer need those privileges?

A survey commissioned by the BBC suggests that 63 per cent of UK university students believe the National Union of Students (NUS) is right to have a “no-platform” policy, whereby individuals or groups with opinions deemed to be offensive can be banned from speaking on student union premises.

More than half (54 per cent) of students surveyed also thought the policy should be actively enforced against people who could be found intimidating.

The National Union of Students (NUS) is a democratic organization and a majority of the designated voting body decided to allow censorship on campus student unions. With that simple majority vote, which is also backed up by a majority of surveyed university students, anybody deemed to be supporting an offensive platform is barred from speaking at a location that their tax dollars may very well have funded.

Freedom of speech is a concept used to protect the minority from government censorship. But democracy is a concept that relies on the idea that the will of the majority is correct. The two concepts are opposed to one another because a democracy is oppositional to the minority.

Dropping 10 Megabyte Cyberwarheads

I’ve been busy finishing up and editing my short story for the Agorist Writers Workshop so I don’t have much for you today… except stupidity.

The idiots that command the State have tried once again to use war as an analogy for hacking and it sounds just as stupid this time as it has every time before:

Defense Secretary Ashton B. Carter is among those who have publicly discussed the new mission, but only in broad terms, and this month the deputy secretary of defense, Robert O. Work, was more colorful in describing the effort.

“We are dropping cyberbombs,” Mr. Work said. “We have never done that before.”

Cyberbombs? Why not cyberclusterbombs? Isn’t the United States government dedicated to wiping out CyberISIS? How many megabytes are these cyberwarheads anyways? I hope we’re not using too little data to get the jobs done!

It’s hard to come up with new jokes at the State’s expense. The people working within it end up taking all of my good material by actually doing what I planned to joke about them doing.

Banning The Boogeyman

Does the boogeyman exist? Most people would say he doesn’t. But some might point out that there’s no way to prove with absolute certainty that he doesn’t exist. Technically that would be a true statement. However, few people would change the way they live their lives based on the infinitesimal possibility that the boogeyman may exist.

The arguments in favor of these bathroom restriction bills sounds an awful lot like arguments in favor of creating laws to ban the boogeyman. Most of the arguments in favor of these bills are based on the hypothetical threat that a cisgender male will pretend to be a transwoman to gain entry into the women’s restroom for the purpose of committing sexual assault.

I call the threat hypothetical because there hasn’t been a notable number of such crimes being perpetrated. In fact I’ve only found one instance of such a crime and it occurred in Canada and only after this debate started making headlines (which is important to note because it’s quite possible the perpetrator wouldn’t have attempted to use such an excuse had the politicians not been waging this war). That’s two less incidents than the number of Republicans arrested for misconduct in bathrooms.

The arguments in favor of these bathroom bills are no more valid than arguments in favor of passing legislation to ban the boogeyman. Both are built on a foundation of unfounded fear mongering.

What gets me is the hypocrisy of some of the proponents of these bills. Some of the people supporting these bathroom bills on the grounds of a hypothetical threat were also the ones arguing against restricting people from carrying firearms on the grounds that the anti-gunners’ hypothetical threats were never been realized. If hypothetical threats aren’t a valid foundation to build laws off of for one thing then they shouldn’t be valid for anything.

FBI Found Nothing Significant On Farook’s iPhone

After all that fuss over Farook’s iPhone the Federal Bureau of Investigations (FBI) finally managed to unlock it without conscripting Apple. So did the agency find information that will allow them to arrest the next terrorists before they can attack? Did the phone contain the secret to destroying the Islamic State? No and no. It turns out, as most people expected, there wasn’t anything significant on the phone:

A law enforcement source tells CBS News that so far nothing of real significance has been found on the San Bernardino terrorist’s iPhone, which was unlocked by the FBI last month without the help of Apple.

It was stressed that the FBI continues to analyze the information on the cellphone seized in the investigation, senior investigative producer Pat Milton reports.

All that hullabaloo over nothing. This is a reoccurring trend with the State. It makes a big stink about something to justify a demand for additional powers. Eventually it’s revealed that reason it needed the additional power was nothing more than fear mongering. Why anybody takes the State seriously is beyond me.

Free Apps Aren’t Free But Dumb Phones Won’t Protect Your Privacy

I have a sort of love/hate relationship with John McAfee. The man has a crazy history and isn’t so far up his own ass not to recognize it and poke fun at it. He’s also a very nonjudgemental person, which I appreciate. With the exception of Vermin Supreme, I think McAfee is currently the best person running for president. However, his views on security seem to be stuck in the previous decade at times. This wouldn’t be so bad but he seems to take any opportunity to speak on the subject and his statements are often taken as fact by many. Take the recent video of him posted by Business Insider:

It opens strong. McAfee refutes something that’s been a pet peeve of mine for a while, the mistaken belief that there’s such a thing as free. TANSTAAFL, there ain’t no such thing as a free lunch, is a principle I wish everybody learned in school. If an app or service is free then you’re the product and the app only exists to extract salable information from you.

McAfee also discusses the surveillance threat that smartphones pose, which should receive more airtime. But then he follows up with a ridiculous statement. He says that he uses dumb phones when he wants to communicate privately. I hear a lot of people spout this nonsense and it’s quickly becoming another pet peeve of mine.

Because smartphones have the builtin ability to easily install applications the threat of malware exists. In fact there have been several cases of malware making their way into both Google and Apple’s app stores. That doesn’t make smartphones less secure than dumb phones though.

The biggest weakness in dumb phones as far as privacy is concerned is their complete inability to encrypt communications. Dumb phones rely on standard cellular protocols for making both phone calls and sending text messages. In both cases the only encryption that exists is between the devices and the cell towers. And the encryption there is weak enough that any jackass with a IMSI-catcher render it meaningless. Furthermore, because the data is available in plaintext phone for the phone companies, the data is like collected by the National Security Agency (NSA) and is always available to law enforcers via a court order.

The second biggest weakness in dumb phones is the general lack of software updates. Dumb phones still run software, which means they can still have security vulnerabilities and are therefore also vulnerable to malware. How often do dumb phone manufacturers update software? Rarely, which means security vulnerabilities remain unpatched for extensive periods of time and oftentimes indefinitely.

Smart phones can address both of these weaknesses. Encrypted communications are available to most smart phone manufacturers. Apple includes iMessage, which utilizes end-to-end encryption. Signal and WhatsApp, two application that also utilize end-to-end encryption, are available for both iOS and Android (WhatsApp is available for Windows Phone as well). Unless your communications are end-to-end encrypted they are not private. With smartphones you can have private communications, with dumb phones you cannot.

Smart phone manufacturers also address the problem of security vulnerabilities by releasing periodic software updates (although access to timely updates can vary from manufacturer to manufacturer for Android users). When a vulnerability is discovered it usually doesn’t remain unpatched forever.

When you communicate using a smartphone there is the risk of being surveilled. When you communicate with a dumb phone there is a guarantee of being surveilled.

As I said, I like a lot of things about McAfee. But much of the security advice he gives is flawed. Don’t make the mistake of assuming he’s correct on security issues just because he was involved in the antivirus industry ages ago.

How The Government Protects Your Data

Although I oppose both public and private surveillance I especially loathe public surveillance. Any form of surveillance results in data about you being stored and oftentimes that data ends up leaking to unauthorized parties. When the data is leaked from a private entity’s database I at least have some recourse. If, for example, Google leaks my personal information to unauthorized parties I can choose not to use the service again. The State is another beast entirely.

When the State leaks your personal information your only recourse is to vote harder, which is the same as saying your only recourse is to shut up and take it. This complete lack of consequences for failing to implement proper security is why the State continues to ignore security:

FRANKFORT, Ky. (AP) — Federal investigators found significant cybersecurity weaknesses in the health insurance websites of California, Kentucky and Vermont that could enable hackers to get their hands on sensitive personal information about hundreds of thousands of people, The Associated Press has learned. And some of those flaws have yet to be fixed.

[…]

The GAO report examined the three states’ systems from October 2013 to March 2015 and released an abbreviated, public version of its findings last month without identifying the states. On Thursday, the GAO revealed the states’ names in response to a Freedom of Information request from the AP.

According to the GAO, one state did not encrypt passwords, potentially making it easy for hackers to gain access to individual accounts. One state did not properly use a filter to block hostile attempts to visit the website. And one state did not use the proper encryption on its servers, making it easier for hackers to get in. The report did not say which state had what problem.

Today encrypting passwords is something even beginning web developers understand is necessary (even if they often fail to property encrypt passwords). Most content management systems do this by default and most web development frameworks do this if you use their builtin user management features. The fact a state paid developers to implement their health insurance exchange and didn’t require encrypted passwords is ridiculous.

Filtering hostile attempts to visit websites is a very subjective statement. What constitutes a hostile attempt to visit a website? Some websites try to block all Tor users under the assumption that Tor has no legitimate uses, a viewpoint I strongly disagree with. Other websites utilize blacklists that contain IP addresses of supposedly hostile devices. These blacklists can be very hit or miss and often block legitimate devices. Without knowing what the Government Accountability Office (GOA) considered effective filtering I’ll refrain from commenting.

I’m also not entirely sure what GOA means by using property encryption on servers. Usually I’d assume it meant a lack of HTTP connections secured by TLS. But that doesn’t necessarily impact a malicious hackers ability to get into a web server. But it’s not uncommon for government websites to either not implement TLS or implement it improperly, which puts user data at risk.

But what happens next? If we were talking about websites operated by private entities I’d believe the next step would be fixing the security holes. Since the websites are operated by government entities though it’s anybody’s guess what will happen next. There will certainly be hearings where politicians will try to point the finger at somebody for these security failures but finger pointing doesn’t fix the problem and governments have a long history of never actually fixing problems.

If You Can Rig The Lottery Only Do It Once

Most fraudsters are caught because they’re a combination of shortsighted and greedy. Take this block for example:

A lottery vendor for years manipulated drawings to enrich himself and associates by installing software code that allowed him to predict winning numbers on specific days of the year, Iowa investigators alleged Wednesday.

Authorities called the newly obtained forensic evidence a breakthrough in the investigation of alleged jackpot-fixing scheme by Eddie Tipton, former security director of the Multi-State Lottery Association. A jury convicted him last year of rigging a $16.5 million jackpot, and he’s awaiting trial on charges linking him to prizes in Colorado, Wisconsin, Oklahoma and Kansas.

Assuming Mr. Tipton is actually guilty, he will join the ranks of fraudsters who were in a position and had the ability to execute a great self-enriching scam and were caught because they pulled it more than once.

The odds of winning the lottery are astronomical so winning more than once raises all sorts of red flags. If you’re in a position to manipulate the lottery, only do it once. You can usually get away with winning once. But when you start winning in your home state, the neighboring state, and three states away people begin to get suspicious. And if your friends seem to be winning as well there’s going to be an investigation.

People like to attribute these scams purely to greed. If greed was the only factor in these scams the culprits would walk away after they accomplished their initial mission. After all, if you get caught you don’t get to keep the money so a truly greedy person will take the cash and run. These scams are usually uncovered because the culprits are both greedy and shortsighted. They fail to properly assess the risks involved in their scams and therefore continue to perpetrate them again and again. Eventually their “luck” becomes suspicious and their scam is uncovered.