You’re Doing it Wrong – Page 27

If You’re Going To Spy On Us At Least Use The Data

Police have been in overdrive expanding their pervasive surveillance apparatus. They want camera, cell phone interceptor, and license plate scanner coverage throughout the country. Just to enjoy the privilege of driving we’re required to submit our personal information, including home address, to the Department of Motor Vehicles so it can print it on a piece of plastic that we have to hand a police when they pull us over so they can check if there are any outstanding warrants. I don’t approve of this widespread surveillance but I do ask that they at least use the data they collect to ensure they storm the correct house when they’re on one of their domestic dog hunting excursions:

Returning home from her Monday evening walk, Tama Colson rounded the corner into her subdivision and saw DeKalb County police cars.

Then she heard the gunshots — and her neighbors’ anguish.

“I hear Leah screaming, I see Chris walking out, ‘They just shot me, they just shot me, and they killed my dog’,” Colson said Tuesday. “So I got him to lay down, took my shirt off and rendered first aid. And Chris just kept saying, ‘Why did they shoot me? Why did they shoot my dog?’”

Those are the key questions in the fourth controversial police shooting in DeKalb County in less than two years — an incident in which, according to authorities, officers responding to a burglary call went to the wrong home, shot the unarmed homeowner, killed his dog and wounded one of their own.

Admittedly shooting two innocents and one violent criminal is a better ratio that the police usually walk away with in these situations. But shooting the homeowner and the dog was criminal and charges should be filed. I would say shooting the cop was, if nothing else, bad form but the police are supposed to help homeowners defend against invaders so the shooting officer was technically doing his job.

More importantly this entire mess shouldn’t have happened. There is no excuse for having both a pervasive surveillance apparatus and raiding the wrong address. When officers are sent on a domestic dog hunting excursion the address should be displayed on a very obvious map (one using small words and basic colors so the city’s finest can understand it). Upon arriving at the address a picture of the home should be sent back to headquarters and checked against photographs already in the database. Then the officers should check their cell phone interceptor to ensure the phone they have associated with the target is at the address.

Obviously I say this halfheartedly. I don’t believe the police should be spying on us. I’m merely illustrating just of how incompetent wrong address raids are when considering all of the data law enforcement agents have available to double check they have the right place.

A Crisis Of Faith

It may surprise you to know that several of my friends hold very strong Christian beliefs. Why would a devout Christian be friends with somebody like me? I have no idea. But they do and I appreciate it. What probably isn’t going to surprise you is to hear most of my Christian friends are anarchists. For many of them their views of anarchism are directly related to their faith. None of them work for the State because they will not server to masters.

Not all Christians are so devout though. The recent fiasco with the lady from Kentucky who was told to go pound sand by the Supreme Court is still working for the State of Kentucky and still refusing to issue marriage licenses to same-sex couples on the grounds of her faith:

MOREHEAD, Ky. — A county clerk in Kentucky who objects to same-sex marriage on religious grounds denied licenses to gay couples on Tuesday, saying she was acting “under God’s authority,” just hours after the Supreme Court refused to support her position.

In a raucous scene in this little town, two same-sex couples walked into the Rowan County Courthouse, trailed by television cameras and chanting protesters on both sides of the issue, only to be turned away by the county clerk, Kim Davis.

Perhaps it’s not my place to say but if your faith says same-sex marriage are a sin and the State commands you to issue a license to same-sex couples you should maybe consider alternative employment. How could somebody who claims to be such a devout Christian continue to work for an organization that commands them to sin? Wouldn’t that be like Jesus taking a job with Satan?

The State is the antithesis of the commandments against murder and theft. Not only does the State commit murder and theft but those are it standard operating procedures! How could a Christian willfully work for an organization entirely dependent on sin? It makes no sense! If this woman really had an issue with the State issuing same-sex marriage licenses she should quit and find some honest work.

You Keep Using That Word: Monopoly Edition

Monopoly is one of those words that gets thrown around too loosely. The word monopoly means, “exclusive control by one group of the means of producing or selling a commodity or service.” So monopoly actually defines a condition that only exists under government interventionism. But the word, like so many other words, has been twisted by the State. Today monopoly implies any company that has become extremely large. Case in point, Google:

BRUSSELS — European Union lawmakers have overwhelmingly backed a motion urging antitrust regulators to break up Google. The non-binding resolution approved Thursday by the European Parliament is the strongest public signal yet of Europe’s concern with the growing power of U.S. tech giants. The resolution is a largely symbolic protest vote without immediate impact. But it was approved with a large majority — 384 votes to 174, with 56 abstentions — showing widespread political backing. Andreas Schwab, German conservative lawmaker and co-sponsor of the bill, said it was a political signal to the European Commission, which is tasked with ensuring a level playing field for business across the 28-country bloc. “Monopolies in whatever market have never been useful, neither for consumers nor for the companies,” he said. Google declined to comment.

Google isn’t a monopoly. In fact it’s not even close to being one. Every single product and service it provides is also provided by others. I’m proof of this since I use very few Google products or services. Most of my searching is done using DuckDuckGo. My e-mail is handled by my server sitting in my dwelling. My phone is manufactured by Apple and runs iOS. None of my laptops are Chromebooks.

The only Google services I really utilize are Google Maps and YouTube. I use Google Maps because I find the alternatives provided by Microsoft and Apple lackluster and choose YouTube because it has more content I’m looking for than Vimeo. But in both cases you’ll notice I mentioned competitors that exist.

If you want an actual example of a monopoly look up Ma Systems. Ma Bell was a company that enjoyed a government granted monopoly over telecommunications. But outside of government intervention in the marketplace you’re going to be hard pressed to find an actual monopoly so you may want to stop throwing that word around so willy nilly.

The State Has Redundancies To Protect Itself

There’s a sentiment that the proper place to fight the State’s illegal activities is in the courtroom. Sometimes this strategy seems to play out but more often than not if one court rules against the State’s power another court will reverse the decision. In this way the court system acts as a redundancy for the State to preserve its power while maintaining the illusion the people hold the power. Take the National Security Agency’s (NSA) illegal domestic spying operating as an example. In 2013 its actions were ruled illegal by a court but after a lengthy appeal process a higher court has overruled that decision:

The Court of Appeals for the District of Columbia has overturned an injunction against the US government’s phone surveillance program. Today, the court handed down a decision in Klayman v. Obama, a lawsuit arguing that the NSA’s mass collection of phone records is unconstitutional. It found that there was not enough evidence that the lawsuit’s subjects were actually under surveillance, reversing a decision made in late 2013.

The court didn’t address whether the surveillance program was legal or constitutional. Instead, it concluded that the case’s subjects lacked standing to bring a complaint at all, because they were unable to demonstrate that they’d suffered harm. The secrecy of US surveillance programs has made it almost impossible to prove that a specific person or organization was subject to them, so Klayman and other recent cases have relied on leaked documents from Edward Snowden, particularly a court order requiring Verizon Business Services to hand over metadata on all its customers’ calls.

Isn’t it interesting how this court ruled that the plaintiff didn’t have a case because there wasn’t enough evidence to show they weren’t be spied on by a nationwide domestic surveillance apparatus? That’s a twist of logic if ever one existed. Let this be another lesson though. The state protects itself even against itself.

AT&T Demonstrates Why HTTPS Is Needed Everywhere

Ads have become a notable threat to computer security. While they are a fact of life for accessing content without paying directly for it you wouldn’t expect a company that you pay money to to infest your web experiences with ads. But some companies like to double dip. AT&T is one of those companies. In addition to getting customers to pay for hotspots AT&T is also maliciously inserting ads into websites visiting through its hotspots:

While traveling through Dulles Airport last week, I noticed an Internet oddity. The nearby AT&T hotspot was fairly fast—that was a pleasant surprise.

But the web had sprouted ads. Lots of them, in places they didn’t belong.

[…]

Curious, and waiting on a delayed flight, I started poking through web source. It took little time to spot the culprit: AT&T’s wifi hotspot was tampering with HTTP traffic.

The ad injection platform appears to be a service from RaGaPa, a small startup. Their video pitch features “MONETIZE YOUR NETWORK” over cascading dollar signs. (Seriously.)

When an HTML page loads over HTTP, the hotspot makes three edits. (HTTPS traffic is immune, since it’s end-to-end secure.)

First, the hotspot adds an advertising stylesheet.

[…]

Next, it injects a backup advertisement, in case a browser doesn’t support JavaScript. It appears that the hotspot intercepts /ragapa URLs and resolves them to advertising images.

[…]

Finally, the hotspot adds a pair of scripts for controlling advertisement loading and display.

The title of this post promised Hypertext Transfer Protocol Secure (HTTPS) so some may be wondering what HTTPS has to do with ad injection. Simply put, this kind of bullshit can’t happen when the connection between a client and the server is encrypted. A man in the middle, which AT&T is in this case, cannot see the contents of an encrypted communication and if attempts to make any sort of alteration the decryption process will fail.

You won’t see any AT&T injected ads on this blog because everything is secured with HTTPS (the insecure HTTP interface just 301 redirects to the HTTPS connection). If every website did this the business model being used by RaGaPa, the ad injection services being used by AT&T, would be a total failure.

Securing connections doesn’t just protect against eavesdropping. It also protects again altering the contents, which can be just as big of a problem if not an even bigger one. In fact content integrity is another reason why the “nothing to hide” crowd should be ignored in discussions of pervasive cryptography. Cryptography is about so much more than hiding content.

Correlation And Causality Are The Same Thing, Right?

Opponents of self-defense are becoming more desperate as they become more irrelevant. Advocates of self-defense have thoroughly crushed the claims of their ideological opposites over the years so you would think the issue would be put to rest. But it isn’t. Instead opponents of self-defense have been busily massaging data until it fits their narrative. Their latest exercise in massaging data was to look at the rate of firearm ownership and the number of officers killed per state:

Using a regression statistical analysis, the authors found that occupational homicide for law enforcement was correlated with higher rates of firearm ownership. The analysis controlled for the violent crime rate, which indicated that these higher rates of homicide couldn’t simply be attributed to more frequent violent crimes occurring in states with higher rates of gun ownership. Instead, higher rates of law enforcement homicides were associated with more frequent encounters with violent criminals and with more frequent exposure to situations where privately owned firearms were present.

However, there were limitations to this study related to the gun ownership rates. There is no standard measure of annual firearm ownership rates—while the Behavioral Risk Factor Surveillance System is widely considered to be the best measure available, questions about gun ownership were only included in the survey for three years: 2001, 2002, and 2004.

I think the first thing worth pointing out is there’s no way to know how accurate the study is because there is no standard measure of firearm ownership. The Behavioral Risk Factor Surveillance System is a survey so the answers are based on the information voluntarily divulged by participants. Firearm ownership, which the study has asked directly about, is something people are more likely to not volunteer information about.

The second thing that needs to be pointed out is that this study established a correlation:

The authors conclude that higher levels of private firearm ownership increase the likelihood that law enforcement officers will face life-threatening situations on the job. The authors state that a 10 percent increase in firearm ownership at the state level correlated to 10 additional law enforcement homicides over the 15-year period that was examined in this study.

Apparently the authors don’t understand that correlation does not imply causality. Correlation justifies further study of a phenomenon that appear related. But you shouldn’t state a conclusion based on a correlation. There are other possible explanations for a correlation between firearm ownership and the number of officers killed on the job. For example, officers being killed on the job may convince people to purchase firearms for self-defense. In that case a higher number of officer deaths could lead to a higher rate of firearm ownership.

So today’s lessons are, one, studies based on data of an unknown quality are questionable at best and, two, correlation does not imply causality.

Regel Theaters Searching Bags For Fun And Profit

I seldom go to movie theaters anymore and when I do it’s usually second-run theaters. Paying $15.00 or more to subject myself to sitting in a cramped, uncomfortable seat in a crowded theater fully of people playing with their brightly backlit smartphones for two hours doesn’t appeal to me. So Regel’s announcement that it will assume all paying customers are violent criminals doesn’t really impact me but you should probably know about it if you frequently go to theaters:

One of America’s largest cinema chains, Regal, is now searching bags of film-goers following several attacks on movie theatres across the US.

Regal’s updated policy says it wants customers and staff “to feel comfortable and safe” in its cinemas.

[…]

“Security issues have become a daily part of our lives in America,” Regal Entertainment Group’s admission policy now reads on the company’s website. The company has not yet commented publicly on the new regulations.

“To ensure the safety of our guests and employees, backpacks and bags of any kind are subject to inspection prior to admission,” it continues.

While this policy is being implemented under the guise of safety I think it has more to do with profits. Tickets aren’t the only thing expensive about going to a movie theater, the food and drink is also expensive. If you read Regel’s admittance policy you’ll see what is probably the real reason bag searches are now being performed:

Outside Food or Drink:
No outside food or drink is permitted in the theatre.

Because of the price of movie theater food and drinks a lot of people smuggle their own in. Accusing paying customers of smuggling in food and drinks probably won’t sit well but claiming the searches are for safety may sit well enough (after all, it works for sporting events).

Searching bags for weapons isn’t effective anyways. I (as well as most people I know) always carry my weapons on my person. My knives are in my pockets and my handgun is in a tuckable in-the-waistband holster. Carrying weapons in a bag that can be easily separated from my person is bad form.

So keep in mind if you’re going to go to a movie that Regel’s will treat you like a criminal in the hopes of making more money off of you.

Stop Playing With That Thing

If you use amateurs as your front line defense don’t be surprised when you get amateur results. An Oklahoma gun range has followed in the tradition of another asshole range owner by declaring their facility off limits to Muslims (How can they tell if somebody is Muslim by looking at them? Here’s the secret, “Muslim” is usually a code word for “brown person.”). Needless to say this has resulted in the range owner receiving various threats because issuing threats on the Internet is pretty much a risk-free method of demonstrating your disapproval. Hoping to share in the infamy spotlight a group of self-proclaimed patriots heeded the call, gunned up, and rushed to protect the gun range. One of the patriots demonstrated why you don’t want amateurs providing your security:

The gun fell out of the holster and discharged, with a bullet hitting the man in the wrist, Muskogee County Sheriff Charles Pearson said, according to KOTV and the Tulsa World newspaper. The man was expected to survive.

First of all let us set aside the silliness of the gun falling out of its holster and discharging on impact. Although I’m sure there are exceptionally shitty holsters out there I feel safe in saying a vast majority of them will retain a firearm enough to prevent it from falling out. In addition to that most firearms are now equipped with a drop safety to prevent exactly this kind of scenario.

What’s more likely is this patriot pulled out his gun to either play with it or shot it off, dropped it, and inadvertently pulled the trigger when he attempted to catch it.

Not let’s address the issue of security. The range owner claims that he’s been receiving death threats, which wouldn’t surprise me as making such threats is almost risk-free these days. When you receive death threats you have to decide whether you feel they are credible or not. If you don’t believe they’re credible you ignore the. If you do believe they are credible you take measures to protect yourself. Hiring guards is one such measure a person could take. But there’s a difference between one of these patriots, which are almost always mouthy but otherwise mostly harmless, and professionals. If the range owner felt the threats were legitimate he should have hired professional guards to protect his business. Professional guards aren’t as apt to make amateur mistakes like play with their firearm. And if an incident does occur they’re more likely to have the training necessary to deal with it.

I Can’t Imagine Why You Get Accused Of Racism

Like almost everything that involves itself with the Republican Party the Tea Party movement very quickly went to shit. Now the Tea Party is synonymous with neoconservative Christianity, which differs greatly from regular Christianity in that it focuses primarily on hatred. Two groups facing the brunt of the Tea Party’s wrath are immigrants and Muslims (the latter often being a member of the former). Quite often when a self-proclaimed Tea Partier goes on an anti-immigrant or anti-Muslim tirade they are accused of racism and act totally dumbfounded, shocked even, that such an accusation would be made against them! They quickly accuse the accuser of playing the race card because they can’t imagine how anybody could legitimately claim their words were being racist!

I’m a fan of helping out when I can so I’m going to take a moment to explain why so many people who make up the Tea Party movement are accused of racism. To illustrate my explanation I’m going to reference a brand new post on the Central Minnesota Tea Party’s page:

Morrison County to be the recipient of 1000 Islamic refugees from Somalia! All American communities like Willmar and St. Cloud have been inundated, now they have their sights set on this community. Please read and consider the following;

Notice how the article didn’t cite the 1,000 Islamic refugees number? That’s going to be a common theme here. Another common theme is going to be the almost exclusive focus on the refugee’s religion and place of origin, which happens to be the thing racists almost exclusively focus on. You might be able to see where the accusations of racism stem from.

Did you know that the health system in St. Cloud reported having over 18,000 Somalis in their data base and that St. Cloud Apollo High School with a Somali population of 50% has had hundreds of visits by the police? Not surprising, American students and teachers alike are leaving for other schools. With the threat of a law suit, Apollo High has had to install foot baths for its growing Somali students. Also, Counties south of St Cloud, where the STEM Program buses many of these refugees, the main bus company involved, quit their contracts because of chaos on the buses which involved Somali students.

What does it matter how many Somalis are in the St. Cloud health system database? Assuming the number is accurate, which isn’t a safe assumption since the number isn’t cited, it doesn’t tell us anything. Is this statistically significant for some reason? How does the number compare to the overall population of St. Cloud? Do we know most of these database entries aren’t due to new immigrants getting up to speed on vaccinations they likely didn’t receive in Somalia? It’s a vapid statement. The same goes for the uncited percent of Somalis in the St. Cloud Apollo High School and number of police visits. In fact every statement in this paragraph is made without any kind of backing. Making baseless, sinister accusations against a population of people based on where they’re from is the basic definition of racism. I think it’s pretty easy to see why Tea Party opponents make accusations of racism.

I was going go do a play by play of this entire article to illustrate why people accuse Tea Partiers of racism but I realized I’d be repeating myself. If you’re interested in the claims made go ahead and click on the link and read the post by “Admin” (hiding behind a default user name is probably wise when writing such drivel). A lot of accusations are made but none of them are backed up with citations. It’s basically paragraph after paragraph of “Admin” badmouthing Muslims and Somalis. So I’ll save a lot of typing and skip to the final part of interest:

Concerned citizens in St. Cloud were successful in preventing the building of a huge Mosque with a 50 foot high minaret which could have called Muslims to prayer starting at 5AM, and could have continued blasting away five times a day. Prevent this from happening to your community by; 1) NOT contributing to the following groups: Lutheran Social Services, Catholic Charities, World Relief Minnesota, Minnesota council of churches or UNICEF. 2) Make copies of this and pass it on.

Answer me this, why does a political organization care at all about whether or not a mosque was constructed? The only reason I could see one caring is if property rights were violated to prevent the mosque from being built (of course the Tea Partiers tend to oppose property rights so I could see them being OK if property rights were violated in this case). Otherwise there’s no political issue here at all. And while I admit that I’m not fully versed on the finer points of Islam I’m fairly certain minarets don’t make sound and therefore don’t “blast away five times a day.” Yes, I’m poking fun at the phrasing there. But the solution to somebody standing on a minaret and yelling prayers at 05:00 is to hold them to the same noise ordinances as everybody else. Done. It’s not that damn difficult.

Since there is no political reason for anybody in the Tea Party to comment on this mosque in any official capacity (generally posting on the website of an organization is considered “official capacity”) one can only assume a personal vendetta against Muslims, which is certainly a form of bigotry. Since the Muslims in question are apparently all Somalis, based on the tirade above this paragraph, it also comes off as racist.

The purpose of this post isn’t to accuse every Tea Partier of being racist so feel free to save me the, “Not all Tea Partiers are racist,” comments. I know that. My point is to illustrate why Tea Partiers are accused of racism. When posts such as this appear on a website for a local Tea Party group it’s very easy to accuse the group of racism.

Now I’m going to throw in a bonus. What can be done about this? If you are a Tea Partier and you believe the label is worth saving (although I can’t fathom why) then you need to speak out against this shit just like all those Muslims who are ignored by neoconservative Christians speak out against radical Islam. Boot these people from your meetings and official gathers (you can do that but utilizing that principle I mentioned earlier called “property right”). As long as you remain silent and let these people join your reindeer games you’re going to get accused of, at the very least, associating with racists.

Manufacturer Included Malware

When we buy a computer we are necessarily trusting the manufacturer to some extent. One of the things we trust the manufacturer to do is deliver a system free of malware. This trust isn’t always properly placed since many manufacturers include a lot of software that is indistinguishable from malware but we usually trust the manufacturer to not make that malware persistent. What happens when the manufacturer not only includes malware but also makes it so persistent that a clean installation of Windows won’t remove it?

Windows 8 and Windows 10 contain a surprising feature that many users will find unwelcome: PC OEMs can embed a Windows executable in their system firmware. Windows 8 and 10 will then extract this executable during boot time and run it automatically. In this way, the OEM can inject software onto a Windows machine even if the operating system was cleanly installed.

The good news is that most OEMs fortunately do not seem to take advantage of this feature. The bad news is that “most” is not “all.” Between October 2014 and April of this year, Lenovo used this feature to preinstall software onto certain Lenovo desktop and laptop systems, calling the feature the “Lenovo Service Engine.”

[…]

Making this rather worse is that LSE and/or OKO appear to be insecure. Security issues, including buffer overflows and insecure network connections, were reported to Lenovo and Microsoft by researcher Roel Schouwenberg in April. In response, Lenovo has stopped including LSE on new systems (the company says that systems built since June should be clean). It has provided firmware updates for affected laptops and issued instructions on how to disable the option on desktops and clean up the LSE files.

This is an example of a manufacturer using a legitimate feature for nefarious purposes. The feature, as far as Microsoft intended it, was meant to be an anti-theft measure:

And in its own awful way, it’s a feature that makes sense. The underlying mechanism is simple enough; the firmware constructs tables of system information when the machine boots. The operating system then examines these tables to, for example, learn what hardware is installed in the machine and how it is connected. This is all governed by a specification called ACPI, Advanced Configuration and Power Interface. Microsoft defined a new ACPI table, the Windows Platform Binary Table (WPBT), that contains information about a firmware-embedded executable. When it boots, Windows looks for a WPBT. If it finds one, it copies the executable onto the filesystem and runs it.

The primary purpose of WPBT is the automatic installation of anti-theft software. This kind of software typically does a couple of things that require online connectivity: it can phone home to check if it’s been reported stolen (and brick or otherwise disable itself if it has), and it can phone home to simply report where it is to aid recovery of lost or stolen hardware.

Instead Lenovo used it to ensure the pre-install software that comes with the laptop, which was insecure, would always be installed even if the user did a clean install with a Windows disc. That’s pretty scummy behavior. Fortunately Lenovo appears to have stopped doing this but trust, as far as I’m concerned, has already been breached.