Lightbulbs With DRM Are Here

There’s a lot of love about this crazy future we live in but there are also some downright bizarre things. For example, how many of you thought your lightbulbs need some kind of mechanism to lock you into a particular manufacturer’s bulbs? Through the wonderful world of ZigBee-enabled bulbs Philips has made your dream a reality:

Philips just released firmware for the Philips Hue bridge that may permanently sever access to any “non-approved” ZigBee bulbs. We previously covered third party support in January 2015, when Philips indicated it was not blocked – and have since benefited.

The recent change seems to suggest any non-Philips bulbs from manufacturers such as Cree, GE, and Osram will not be supported in many situations, whereas “Friends of Hue” branded product are. At the time of publication, it’s unclear whether 3rd party bulbs will stop working immediately after the firmware update or if they may only become inaccessible after the bridge is reset. We’re also not sure if being “reset” means rebooted or factory reset. This appears to apply to both the round v1 bridge and square v2 HomeKit-compatible bridge after the latest firmware update is applied.

I’m not going to be a cranky curmudgeon and bitch about lightbulbs with new functionality. But I will bitch about how companies utilize new technology as a means of baiting and switching. Philips originally stated it would support third-party bulbs. I’m guessing the reason behind that was so it didn’t have to foot the entire bill to encourage adoption of ZigBee-enabled bulbs. Now it has changed the rules and locked out third-party manufacturers. In all likelihood this is because ZibBee-enabled bulbs are now sufficiently popular that Philips wants to enjoy all of the profits. It wouldn’t surprise me if somebody at Philips also assumed owners of third-party bulbs would rather purchase Philips’ hardware than lose the functionality offered by ZigBee-enabled bulbs.

There is an important lesson here. Never be entirely reliant on a third-party for your business. If, for example, you are utilizing a third-party’s software package for your hardware you should have an alternative standing buy in case you’re locked out. Were I one of these third-party manufacturers I would release an open source client on GitHub that works with any ZigBee-enabled bulb.

Why Magnetic Strips On Credit And Debit Cards Need To Die

I’ve been harping on backwards compatibility as it relates to computer security for a while but that’s not the only place backwards compatibility bites us in the ass. Let’s consider credit and debit cards.

Chip and pin cards have been the standard in Europe for ages now. The United States is finally thinking about getting onboard. But in true American tradition the move to improve credit and debit card security is being done in the dumbest way possible. First of all the United States is adopting chip and signature, not chip and pin. Second, and this is even worse, the old legacy system of magnetic strips is still being supported. Because of this constantly improving card skimmers are still a viable means of stealing credit and debit card information:

Virtually all European banks issue chip-and-PIN cards (also called Europay, Mastercard and Visa or EMV), which make it far more expensive for thieves to duplicate and profit from counterfeit cards. Even still, ATM skimming remains a problem for European banks mainly because several parts of the world — most notably the United States and countries in Asia and South America — have not yet adopted this standard.

For reasons of backward compatibility with ATMs that aren’t yet in line with EMV, many EMV-compliant cards issued by European banks also include a plain old magnetic stripe. The weakness here, of course, is that thieves can still steal card data from Europeans using skimmers on European ATMs, but they need not fabricate chip-and-PIN cards to withdrawal cash from the stolen accounts: They simply send the card data to co-conspirators in the United States who use it to fabricate new cards and to pull cash out of ATMs here, where the EMV standard is not yet in force.

This is another example of where a hard cutoff where all backwards compatibility is dropped should be implemented. So long as magnetic strips are still supported it’s trivial to steal credit and debit card numbers and use them to steal cash from people’s accounts.

Security, in general, does not lend itself well to backwards compatibility. Once a system is broken is should be dumped entirely. The credit card companies here in the United States should have required all banks to issue chip cards and all retailers to use readers that only support chip and PIN, Apple Pay, Android Pay, and other such modern payment methods. Instead everybody decided that the average American is too stupid to adapt to a new system and rewarded this perceived stupidity by continuing to support a completely broken standard. Because of that we’re all being put at unnecessary risk.

Bigotry By Any Other Name

To the cheers of neocon everywhere Donald Trump said he wanted to prohibit all Muslims from entering the United States. Those of us who would rather not see a future where we have to hide Muslims under our floorboards to prevent the Gestapo from finding them Trump’s announcement was much reviled. Hoping to capitalize on those of us who found Trump’s announcement disgusting, the Rand Rapid Response Rangers quickly moved in to promote their messiah. There’s just one problem though. Rand Paul also wants to use his collectivist beliefs to discriminate against an entire group:

Republican presidential candidate Sen. Rand Paul (R-KY) said Tuesday that rival Donald Trump’s call to ban Muslims from entering the country was a “mistake,” even though it was similar to a plan Paul already proposed to halt immigration from the Middle East.

Trump had said Monday that he wanted to implement a “total and complete shutdown” of Muslims entering the U.S. Paul was asked to respond to Trump’s statement during an interview with New Hampshire radio station WGIR.

“I think it’s a mistake to base immigration or moratoriums based on religion,” Paul said. “But you know, I’ve called for something similar, which is a moratorium based on high risk.”

When somebody proposes to discriminate against people based on religion everybody loses their head. But when somebody proposes to discriminate against people based on imaginary lines on a map everybody seems totally fine with it. Imaginary lines, like religion, tell us nothing about specific individuals. Prohibiting people from a specific country is no different than prohibiting people of a specific religion. Flags are no better indicators of a individual’s character than holy books.

Stupid Hurts

I take a great deal of solace in knowing that a lot of people are too stupid to successfully pull off any kind of meaningful attack:

WHEATFIELD, NY – The U.S. Attorney’s Office revealed new information Wednesday, regarding the investigation of a Wheatfield man accused of making and possessing homemade bombs.

The new information, was geared to persuade a federal judge that Michael O’Neill, should be detained in federal facility and not allowed to seek bail or bond.

O’Neill is accused of making at least seven bombs at his home. Two weeks ago, one of the explosives inadvertently went off inside the garage. O’Neill was the only one injured and was taken to ECMC where his left leg was amputated. He’s been there ever since.

Prosecutors are claiming Nazi, Confederacy, and Ku Klux Klan paraphernalia were found in his home, which they’re probably using to insinuate he’s a dangerous man but to me show he’s probably just an idiot. On the upside, if he did have any malicious intent it doesn’t matter since the only person he managed to hurt with his homemade bombs was himself.

Of course his survival ensures he is disqualified from receiving a Darwin Award.

The Unpayable Debt To Society

The United States has reached the logical conclusion of the tough on crime mentality. This country has become so tough on crime that even a wrongful conviction and ruin somebody’s life:

Simmons, at the time a contract systems analyst making $90 an hour, was arrested in Seattle’s University District in 2006 and charged with selling crack as well as resisting arrest. He was convicted of the drug-dealing charge and sentenced to a year in prison.

Three months after his conviction, though, the King County deputy whose testimony led to Simmons’ conviction, James Schrimpsher, was fired for dishonesty in a different drug case. That the deputy was being investigated for lying at the same time as Simmons’ trial had not been disclosed to Simmons’ attorneys.

Simmons insists he didn’t sell drugs and believes he was profiled. Save for a marijuana possession charge from the 1990s in Tennessee, he has no criminal convictions before or since. Regardless, he served the full prison term at the Washington Corrections Center in Shelton, plus a year of probation when he got out.

[…]

What’s alarming about Simmons’ story is that his drug-dealing conviction was eventually stricken from the record. He was retroactively exonerated in 2010 because the testimony that convicted him was no longer considered credible. Yet he struggles to get a job because the story stalks him on the Internet.

Based on the job offers Simmons has received he’s a very capable individual. What he was original charged with, selling crack, wasn’t even a crime (because crimes require victims). But now, even after he has been exonerated, he cannot get a job.

Sadly this is exactly what the tough on crime crowd wanted. In their pursuit of an impossible goal, a society free of crime, they demanded harsh punishments be issued. The politicians, always happy to take up the cause of fear mongering, acted on these pleas and passed harsher laws. When the new harsher punishments failed to bring about Nirvana the the cycle continued. Now we’re at a point when anybody who has been incarcerated, regardless of the offense, is nearly unemployable.

Punishing The People Because Of Terrorism

The San Bernardino attack is just another tragedy on a long list of tragedies exploited by the State. Again we’re seeing the tired claim by the political body that the people must be severely punished:

Obama said he will “urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice,” without going into details, and order a review of the visa waiver program that allowed one of the San Bernardino terrorists into the US. Obama also called on Congress to ban people on no-fly lists from buying guns. “What could possibly be the argument for allowing a terrorist suspect to buy a semi-automatic weapon?” he asked. “This is a matter of national security.”

Mr. Obama may not have gone into specifics but we know what he’s hinting at. “Making it harder for terrorists to use technology to escape from justice,” is a euphemism for prohibiting the use of effective cryptography. In other words the basic security tools every one of us relies on every day must be broken so the State can further expand it’s already too expansive surveillance apparatus.

Reviewing the visa program is a euphemism for finding more ways to restrict people from crossing the imaginary lines often referred to as borders. Anybody who has been paying attention to recent political maneuvering is aware that the State is becoming more interested in tightening the borders. Just remember that a secure border prevents tax cattle from leaving.

Finally the question, “What could possibly be the argument for allowing a terrorist suspect to buy a semi-automatic weapon,” is a euphemism for removing due process from decided who can and cannot own a firearm. Apparently having to go through the process of finding somebody guilty of a crime before they can be prohibited from owning a firearm is just too damn inconvenient.

Notice how each of these proposals requires punishing the entire population of almost 319 million for the actions of two individuals. Also notice how none of these proposals will do anything to curtail terrorism. Just because domestic companies can’t release tools that use effective cryptography doesn’t mean foreign entities can’t. According to the United States government the border is 102,514 miles long. Any thoughts of effective controlling over 100,000 miles of territory is nothing but a fantasy. Prohibiting more people from owning firearms only ensures attackers will be met with lighter resistance.

There are many ways of making a society more resilient to attacks. Punishing everybody in society whenever attack occurs is not one of them.

Cultures Cannot Own Ideas Either

Several of my friends have been passing around the story of the University of Ottawa cancelling a free yoga class because of concerns of cultural appropriation. I ignored it just as I ignore most culture war stories. Especially when the remedy to the cancellation is as simple as continuing the classes without official recognition from the university. But some valuable discussion did manage to rise from the ashes. Namely that ideas aren’t property and therefore cannot belong to anybody:

Yoga, whether you’re a fan of it or not, doesn’t exclusively belong to some group of people who share the same skin color or language or culture or religion — just as classical music or Western medicine or modern physics doesn’t belong to the Europeans. It, like all such ideas, is the common heritage of all mankind. That means of each and every one of us, even those of us who have a genetic background or culture that some people feel aggrieved at.

We (Indian, American, African, Oceanian, anyone else) are entitled to use it, to adapt it, to merge it with other ideas. There’s no improper “appropriation” here because there’s no “property” here in the first place.

After this the author does some backtracking and tries to justify patents and copyrights. His inconsistency towards the end of the article don’t invalidate the beginning of the article though. Ideas are not a finite resource that can be exclusively held by a single individual. You can copy an idea but that doesn’t deprive the originator of it so the act cannot be called theft.

Most instances where I’ve seen accusations of cultural appropriation made were when somebody was making use of an idea that originated in another culture. Sometimes the usage is malicious and meant to mock the culture but more often than not the usage is innocent. In the former case I think an accusation of the user being a jackass suffices and in the latter I think the usage should be encouraged. Adopting ideas from other cultures tends to have the effect of forwarding the adopter’s view of the culture they’re drawing from.

For example, I participate in Japanese martial arts and part of that involves adopting Japanese cultural ideas not directly related to the combat styles themselves. Several of those ideas are themselves adopted from Buddhism. Buddhism in Japan came from China, which adopted Buddhism from India where the religion originated. So I’ve adopted cultural ideas that were adopted from cultural ideas that were adopted from cultural ideas. If I am guilty of cultural appropriation, and I have been accused of it by one person, then I am merely continuing a trend of cultural appropriation that spans back into prehistory. With all of that said I feel as though I’m a better person because of it. My overall understanding of the world expanded because I adopted ideas from another culture.

I use myself as an example because I am the person I know best. But most people I know who had adopted ideas from other cultures have become better people because of it. A lot of people I know practice yoga and feel they are better because of it. Seeing their enjoyment of life increase leads me to believe they are correct. Many of my friends also practice various forms of meditation, which clearly do not have roots in European culture. Again they feel it has made them better people and I agree. In addition to becoming better people these friends of mine tend to have a more expansive worldview. That fuller worldview tends to make them less xenophobic and if there’s anything the world needs it’s less xenophobia.

The idea that one’s ability to adopt ideas from other cultures is dependent on what culture they were born into is another attempt at monopolizing ideas. Cultural appropriation belongs on the same shelf as copyrights and patents: fiction. While there are certainly valid grounds for criticizing people who adopt a cultural idea for the sole purpose of denigrating the culture they should be based on the person being an asshole. On the other hand people who adopt ideas from other cultures should be encouraged because it will only help expand their worldview and very well may help to different cultures come together. Above all though we should recognize that cultural ideas aren’t a special exception to the illegitimacy of intellectual property.

Immigrants, Jellybeans, And Fear Mongering

Even though evidence indicates the Paris attackers weren’t Syrian refugees a lot of assholes have been exploiting the tragedy to forward their xenophobic agenda. One such meme created by these xenophobes goes something like this:

If i gave you a bag of 50,000 jellybeans and told you 100 are poisonous, you wouldnt accept them right? Then why would we accept 50,000 refugees if some of them are bad?

This meme just goes to show, once again, that humans are naturally bad at risk assessment. The Foundation for Economic Freedom address this issue by pointing out some much scarier numbers:

I like jelly beans and numbers so I did a back of the envelope calculation. In the US there are about 15,000 murders per year. Most murderers kill only one person. Even serial killers kill only 2.8 people on average. Thus, 15,000 is also approximately the number of murderers in a year.*

[…]

The current US population is 322 million, so there are .0023 murderers per capita, or 2.33 murderers per 1,000, or 116 murderers per 50,000 people in the United States.

Put differently, about 116 American babies out of every 50,000 will grow up to murder someone. (Perhaps the NYMag should rerun its poll?). In contrast, only 100 of the 50,000 jelly beans were poisonous.

People tend to worry about situations where large numbers of people die at once more than situations where one or two people die even when the latter occurs frequently enough where the total number of dead is higher than the former. This is why a lot of people are scared to fly but think nothing about driving from home and work everyday.

Another problem people have with risk assessment is worrying about things they know nothing about more than things they understand well even if the latter is far more dangerous than the former. That is why many people are scared of allowing in Syrian refugees, a group of people they know little or nothing about, even though no terrorist acts have been perpetrated by a Syrian refugee in the United States and domestic terrorists have killed more people than Middle Eastern terrorists. In fact that brings up another interesting situation few people worry about:

WASHINGTON — In the 14 years since Al Qaeda carried out attacks on New York and the Pentagon, extremists have regularly executed smaller lethal assaults in the United States, explaining their motives in online manifestoes or social media rants.

But the breakdown of extremist ideologies behind those attacks may come as a surprise. Since Sept. 11, 2001, nearly twice as many people have been killed by white supremacists, antigovernment fanatics and other non-Muslim extremists than by radical Muslims: 48 have been killed by extremists who are not Muslim, including the recent mass killing in Charleston, S.C., compared with 26 by self-proclaimed jihadists, according to a count by New America, a Washington research center.

Overall, since 9/11, there have been 48 people killed by non-Muslim extremists. Meanwhile over 1,000 people have been killed by police this year alone. Yet most people would rate the threat of domestic extremists higher than the risks of domestic police. Why? Because few people actually know any domestic extremists and most people believe the vast majority of police officers are good guys.

I could play with numbers all day in an attempt to generate fear of anything I personally dislike. But I feel my time is more productively spent explaining risk assessment so those of you reading this can avoid falling into scary number traps.

New South Wales Bans Possessing Knowledge

3D printers have ensured gun control laws will continue to become less enforceable. How can a government enforce a ban on something anybody can download a schematic for and print in their own home? It can’t. But that’s not going to stop the government of New South Wales from trying:

Possessing files that can be used to 3D print firearms will soon be illegal in New South Wales after new legislation, passed last week by state parliament, comes into effect.

Among the provisions of the Firearms and Weapons Prohibition Legislation Amendment Bill 2015 (PDF) is an amendment to the Weapons Prohibition Act 1998 stating that a person “must not possess a digital blueprint for the manufacture of a firearm on a 3D printer or on an electronic milling machine.”

The maximum penalty is 14 years’ jail.

The provision does not apply to any person with a licence to manufacture firearms or the police.

‘Possession’ is defined as “possession of a computer or data storage device holding or containing the blueprint or of a document in which the blueprint is recorded” or “control of the blueprint held in a computer that is in the possession of another person (whether the computer is in this jurisdiction or outside this jurisdiction)”.

Enforcing this would require knowing every file on every person’s computer and knowing every purchase every person has made. Even banning 3D printers or requiring they be registered wouldn’t make this law enforceable because schematics exist for 3D printers that can print 3D printer parts and be built at home.

With that said, this is yet another law that should encourage people to utilize strong cryptographic tools. Ensure every data storage device you possess is encrypted. Only access websites through encrypted connections. And use anonymity tools like Tor to download any potentially illegal data (which is all data). Laws against possessing information requires the authorities be capable of finding out whether or not you’ve learned something. So long as you can conceal that from them they cannot enforce such prohibitions.

Dial 1-800-ISIS-HLP

The mainstream media has been hard at work trying to make extremely mundane things appear terrifying by pointing out Islamic State of Iraq and the Levant (ISIS) uses them. Take phone-based technical support. It’s something most of us have used at some point in our lives. The only things frightening about it are wait times, trying to explain to the poor sap reading from their script that you’ve already performed the basic trouble shooting steps, and having your call dropped when you miraculously get connected to the one competent support specialist in the entire company. But NBC News decided mundane technical support is something that could be made absolutely terrifying by combining it with ISIS:

NBC News has learned that ISIS is using a web-savvy new tactic to expand its global operational footprint — a 24-hour Jihadi Help Desk to help its foot soldiers spread its message worldwide, recruit followers and launch more attacks on foreign soil.

Counterterrorism analysts affiliated with the U.S. Army tell NBC News that the ISIS help desk, manned by a half-dozen senior operatives around the clock, was established with the express purpose of helping would-be jihadists use encryption and other secure communications in order to evade detection by law enforcement and intelligence authorities.

The relatively new development — which law enforcement and intel officials say has ramped up over the past year — is alarming because it allows potentially thousands of ISIS followers to move about and plan operations without any hint of activity showing up in their massive collection of signals intelligence.

Although I highly doubt the claim that this help desk system is a new development its existence doesn’t change anything. Information on using secure communications technology has been publicly available on the Internet for years. There are numerous well-written step-by-step guides that walk users through setting up and using tools for communicating securely. They’re used by victims of domestic abuse who need to contact help without their abuser knowing, political dissidents in countries ruled by ruthless regimes, buyers and sellers of prohibited goods in countries ruled by regimes willing to storm homes at oh dark thirty and shoot family pets over some plants, and many other at risk individuals.

But technology is amoral and serves both the good and the bad alike. A car can whisk you from home to work but it can also help a bank robber escape after a heist. A gun can allow a frail 80 year-old woman to defend herself against a physically fit 20 year-old rapist but it can also be used by a police officer to murder a cannabis user. Encryption is no different.

Fearing something mundane because an evil person or organization is using it is idiotic. Every technology we have developed has been used by both good and evil people. That will never change.