What the loss of the Internet Privacy Bill means to you and I.

Mar 30, 2017

It's probably popped up on your television screen that the Senate and then the House of Representatives voted earlier this week, 215 to 205, to repeal an Internet privacy bill passed last year.  In case you're curious, here's a full list of every Senator and Representative that voted to repeal the bill and how much they received specifically from the telecom lobby right before voting. (local mirror)  By the way, if you would like to contact those Senators (local mirror) or Representatives (local mirror) here's how you can do so... When the bill hits Trump's desk it's a foregone conclusion that he's going to sign it.  Some of the talking heads are expressing concern about this, while others are cheering that the removal of this regulation is an all-around win for the market, blah blah blah... but what does this actually mean for you?

First of all, if you're reading this, welcome to the Internet.  You're soaking in it.

Second of all, please read this blog post (local mirror) by the EFF.  Just a few years ago, a couple of very large ISPs (that you're probably a customer of) got caught doing things like monitoring your web searches and hijacking them with different results they were paid to insert and analyzing your net.traffic to figure out what advertisements to inject in realtime.  The bill that just got repealed put a stop to all of that.

I've spoken to a couple of people who expressed disbelief that such a thing was possible.  In point of fact, intercepting and meddling with communications traffic goes back a very long way.  In 1994 a bill called the Communications Assistance for Law Enforcement Act (CALEA) was passed and codified as 47 USC 1001-1010.  In a nutshell, what this law means is that manufacturers of just about every kind of network-side communications device, from the telephony switches that route your phone calls to the carrier class routers that make up the network core have surveillance capability built in.  In theory, only law enforcement agents with warrants are supposed to be able to use them.  In practice, they're used all the time by employees of the companies that own that equipment to silently troubleshoot problems before they get too out of hand, and yes, they get abused all the time for petty shit.  As you may have guessed already, the moment that CALEA-compliant equipment was deployed back in the day hackers immediately figured out how to use them more effectively than even the telecom companies and silently eavesdropping on people using that functionality was a common "This is how 1337 I am" stunt.  So, please keep in mind that this "monitor all the customers" infrastructure is going to be badly abused and constitutes one hell of a security risk.

CALEA is regularly updated as communications technology evolves, and now encompasses things like the backbone of the Net, Voice-over-IP telephony, cellular telephony and companies whose business it is happens to be running wireless hotspots.  As it so happens, much of this functionality is perfect for monitoring customers' traffic, analyzing it, and packaging it for sale as large bundles of anonymized information or as discrete dossiers, ala Cambridge Analytica.  Let me paint you a picture, based in part of how things worked before that bill was passed originally...

Click for the rest of the article...

Neologism: Jenkins Driven Development

Mar 18, 2017

JDD (Jenkins driven development) - noun - A development process in which the coder in question has one or two commits to the source code repository adding a feature or fixing a bug, followed by two or three dozen commits to fix things in the comments, unit tests, variable names, or some other such fiddly thing to coax the Jenkins server into actually running the unit tests to exercise the new code and hopefully integrate the new feature.  The primary usage of time by developers in DevOps environments.  The later commit messages usually consist of variations of "Does it work yet?", "WTF", "Dammit Jenkins", "Editing comments because Jenkins won't test the code", or other combinations of profanity and the equivalent of mumbling to oneself in frustration.

Special thanks to the anonymous cow-orker who came up with the term.

Book review: To Be A Machine

Mar 24, 2017

It seems like everybody is reviewing the book To Be A Machine: Adventures Among Cyborgs, Utopians, Hackers, and the Futurists Solving the Modest Problem of Death by Mark O'Connell, and most of the book reviews are, to be frank, kind of pants.  The mainstream book reviewers seem to have read only the first and last chapters and make light (at best) or a joke (at worst) of the life's work of people who are actually doing the work in some parts of the medical profession instead of just playing "Won't it be nice when..." on Slack channels and Facebook.  A lot of people in the transhumanist community seem to be panning it because it was written by an outsider who took the time to ask thoughtful, critical questions of people who don't seem used to being questioned.  If nothing else, being unused to being questioned poses a problem to the field as a whole because it means that mistakes are caught much later than they otherwise would be, plus it shows a blind spot of the existential risk research community.

Disclaimer: I'm briefly mentioned in the book near the end as some guy at a Transhuman Visions conference in 2014.  While yes, I have some skin in this game I completely forgot this guy was there, mostly because we spoke for maybe thirty seconds tops.  The pizza after the conference was pretty good, though.

Click for the rest of the article...

Neologism: Slackpathy

Mar 18, 2017

Slackpathy - noun - The phenomenon where conversations in a Slack channel are carried out using roughly 50% emoji or reaction gifs and 50% written natural language.  The term derives from the hypothesized phenomenon of telepaths sending entire thought-complexes to each other rather than streams of speech.

Signal boost: Help keep Lapis off the street!

Mar 20, 2017

I've been asked to signal boost this by AJ, one of the few people whom I would say in public that I trust.

Lapis, a friend of his, is a transwoman who is disabled and is also at this time homeless.  Lapis is undergoing a mental health crisis at this time and is actively seeking assistance.  However, the mental health system has judged that Lapis is not undergoing a sufficiently bad crisis to warrant hospitalization (which would mean getting her off the street).  As far as I know, Lapis is estranged from her family so they are not an option for assistance at this time.  To render assistance, AJ has gone into the red by sacrificing money he had saved up to get his car fixed to get Lapis into a motel for the next couple of days.  For family reasons, AJ isn't able to hook Lapis up with crash space.

If you can help out somehow, can you please donate a few dollars to this campaign and repost this message elsewhere to bring it to the attention of more people?  If you're not in a position to donate money, if you could hook Lapis up with crash space somewhere in the Portland area or if you can help AJ get his car repaired (in the event that he has to drive Lapis someplace), please contact me through one of the socnets I use or at one of the e-mail addresses associated with my PGP key and I'll pass word along.

Thank you.

Security nihilism: Never good enough.

Mar 11, 2017

In the last couple of years, a meme that's come to be known as security nihilism has appeared in the security community.  In a nutshell, because there is no such thing as perfect security, there is no security at all, so why bother?  Talking about layered security controls that reinforce each other is pointless because they always skip right to the end, which is the circumvention of the nth countermeasure and final defeat.  In the crypto community, cries of "Quantum computer!" are the equivalent of invoking Godwin's Law, leading to the end of all discourse, nevermind trying to separate the marketing hype from what's actually possible or the decade-odd of research into post-quantum cryptosystems.  This has lead to a certain amount of attrition in the community.  It is my considered opinion that this may be one of the main reasons why many so-called security practitioners don't actually bother doing anything, including not even installing patches.  No, I'm not speaking hyperbolically, I've witnessed this first-hand I'm sorry to say.

Click for the rest of the article...

The meme of EMP attack.

Mar 10, 2017

For the last couple of years, the meme of an EMP attack against the United States has been an integral part of the thoughtbase of the prepper community.  So the idea goes, the next major attack by a foreign power will involve not the bombing of a major city but bombardment with an electromagnetic pulse (local mirror, snapshot taken 20170310 @ 2030 hours PST8PDT).  Due to the fact that "electromagnetic" is kind of a loose term, sometimes they mean an actual magnetic field, sometimes they speak of a microwave burst (which means that you've got bigger problems than your electronics getting fried - humans are mostly water, after all), sometimes they mean RF, and sometimes they mean some other unspecified thing.  At any rate, the pulse emitted is enough to fry all major electronics, knock out the power grid, and generally return the country to a hunter-gatherer mode of existence for the forseeable future.  Just how this happens is never really explained but the answer can be determined with basic physics.  Electricity and magnetism are two sides of the same coin: Where you have one, you have the other.  Pass a powerful enough magnetic field through a long enough wire and it might generate enough voltage to blow out the components soldered to it.  Do that to enough electronic devices in the area, and all the equipment goes down.  Seems simple enough.

So, what's actually the score here?

Fifty-five years ago, the United States government wanted to find out what would happen if somebody popped off a nuke in space.  So, the initiated a project called Starfish Prime, in which they detonated a 1.4 megaton nuclear device 240 miles above the surface of the Earth, a distance which is on the low end of low earth orbit.  The detonation created an artificial aurora that was seen in the sky for thousands of kilometers around, in addition to scattering fallout in LEO and the upper atmosphere.  To be fair it was probably only a little fallout, relatively speaking, because it was only the remnants of the nuke itself and not the vaporized debris one would expect of a terrestrial detonation.  It was observed by the project's scientists that the orbital detonation generated an electromagnetic pulse that briefly disrupted electrical power on the ground hundreds of kilometers around where the center of the blast sphere was.  It was later discovered that Telstar-1, the first comsat launched into orbit, was damaged by the radiation.  In Hawaii, the power surges were such that street lights blew out, knocked out telephones, and caused radio blackouts.  Physicists later determined that the burst of electrons loosed by the detonation were trapped by the Earth's geomagnetic field and didn't return to a low-energy state for several months.  This had the net effect of interfering with radio propagation for about as long, making communications difficult.

Seems legit so far.

Click for the rest of the article...

Net Neutrality and you.

Mar 04, 2017

You may or may not have noticed amongst the blizzard of other stuff that's happened in the last two weeks that Donald Trump appointed Ajit Pai to the chairmanship of the Federal Communications Commission.  Pai has a history of being something of a contrarian; during his time as one of the five commissioners of the FCC, he repeatedly spoke against regulations that protected the consumer and was against diverse media ownership (since the 1980's, we went from 50 media companies to just six).  Time and again Pai's said that he was going to tear down regulation after regulation that the FCC was responsible for enforcing, and so far he has a track record of making that happen, albeit piece by piece and not all at once. 

But what does this mean?

Net Neutrality is the legal state in which every Internet Service Provider out there has to provide the same kind of service for all of its users to every online service out there.  In other words, the Net is treated like a basic utility, no different from water or electricity.  If a provider gets caught monkeying with its service to privilege some company over another, they can get fined.  A number of large service providers, including Comcast and AT&T, pledged publicaly that they'd adhere to the terms of Net Neutrality until a certain future date.  That's pretty much it.

Let's look at a world in which net.neutrality is a thing in the United States, which it still seems to be as of the time I wrote this article:

Click for the rest of the article...

Repelling invasions of Argentine ants.

Feb 28, 2017

In California, we periodically have problems with armies of Argentine ants invading houses at certain times of the year.  It doesn't matter how clean you keep your house or how carefully you maintain it, they'll still find a way in.  They're quite small and routinely squeeze through cracks less than 1mm in size, which is roughly the size of the gap between a baseboard and floor in most homes out here.  They invade (and I use that word carefully) in extremely large numbers, often in the hundreds; often your first sign is an inch-wide column of ants marching down a hallway.  They don't seem to care much for sweets, so they ignore things like cookie crumbs dropped on the floor.  The times of year they seem to make a break for the inside are when it's fairly cold outside (low to mid 50's Fahrenheit) or after a few continuous weeks of drought.  I'm not entirely sure what they look for during cold times (my guess is they're in it for the warmth), but I have observed them pass up food that's been left out and garbage during droughts and head straight for sources of moisture: Rinsed out bottles and cans, wet paper towels, and sinks.  They're certainly not afraid to make use of drainpipes to enter a house - I've caught them coming up through the overflows of sinks and the bathtub more times than I care to think about.

WARNING: This strategy is for houses that have neither children nor pets.  Liberally laying ant poison down in a house is dangerous to both, don't do it.  If you have children or pets in the house, you're out of luck.  I can't help you.  Call an exterminator.

Here's how I take care of this problem.  I don't want to shill for any particular product or manufacturer, but I do want to be specific enough that this blog post is useful.  I use wet ant baits (basically containers of liquid ant killer) and an insecticide powder that is primarily boric acid.  Read the ingredients, and get the biggest bottle you can because you're doing to go nuts with the stuff.

First up, figure out how long, roughly speaking, the ant phalanx is.  If you can break it into thirds or quarters (or, ye gods, fifths), do so by placing liquid ant bait equidistantly.  Make sure that you put each ant bait right on top of the column of ants so that they're sure to find it.  This is so that you kill more of the ants faster; you'll prevent them from advancing any farther into the house and you'll basically be executing multiple kills simultaneously.  Don't worry that you're wasting the stuff becuase you're not.  Second, figure out where they're coming in from.  You're probably going to have to get down on your hands and knees with a flashlight, and work backwards along the column of ants.  When you find it (and you'll undoubtedly be cursing the day you were born by that point), drop another liquid ant trap right in front of the entry point.  Then crack open that bottle of insecticide powder and wall off the entire area that they're coming in through.  Be sure to pen them in along with that last liquid ant bait you laid down.  You're going to make a mess.  You already have a metric fuckton of ants in your house.  This prevents any more ants from coming in: The ants that are sufficiently motivated to try to cross the line of insecticide are going to die in the attempt.  The ants that manage to keep coming in from outside are, as before, going to head right for the liquid ant bait and carry little droplets of the stuff back outside to the nest, which is going to chop down the ant population considerably.  Some of the ants will have a fine coating of insecticide powder on them, and they'll track it back through the walls of the house, and possibly back into the nest.  See how I got the stuff on top of the baseboard?  That's to keep them from climbing up the walls to avoid the insecticide (yes, they do that). While you're at it, take a look around for other large-ish gaps in the baseboards or walls and shoot some of the insecticide powder down inside of those, too.

Now, go do something else for a while.  I recommend getting out of the house for the rest of the day to take your mind off the situation.  You've no doubt spent an entire day coming up with creative new ways to swear, you need the break.

Some time during the next day, take another good look at the floor and see what kind of progress has been made.  If all's gone according to plan, there will no longer be a conga line of hundreds of ants marching across the floor because the carpet bombing of ant poison you've carried out will have taken care of them.  There should be lots of dead ants piled up around the liquid ant baits and lots of dead ants piled up in the insecticide powder you laid down.  If not, figure out where you need to reinforce (maybe there's a low-hanging cable that they're using to avoid the boric acid powder? (yes, I've seen them do that)) and cut 'em off.

When you've gone a day without ants taking over your house, sweep and mop the floors with ammonia solution.  This will remove the scent trails that ants use to self-organize.  After the floor's dry, put the liquid ant baits back in the same positions and lay a somewhat more thin line of boric acid powder across the entry point you found.

If they're coming up through sink overflows, get the liquid ant bait that comes in an oversized syringe, and just squirt it into the overflows.  It won't hurt you because water's supposed to go down those inlets if the sink's too full.  Be sure to coat as much of the inside surface as you can so the ants are sure to find it.  Individually, they're not terribly bright; en masse, they seem to opt for the path of least resistance.  If you put what they're looking for directly on top of them, they'll stop advancing because there will be a ready source right there.

What is Keybase good for, anyway?

Feb 23, 2017

UPDATE - 20170228 - Added more stuff I've discovered about KBFS.

A couple of years ago you probably heard about this thing called Keybase launching with a private beta, and it purported itself to be a new form of public key encryption for the masses, blah blah blah, whatever.. but what's this thing good for, exactly?  I mean, it was pretty easy to request an invite from the service and either never get one, or eventually receive an e-mail and promptly forget about it.  I've been using it off and on for a while, and I recently sat down to really mess around with it and get a sense for how it's changed and what it can do.  Plus, there's a fair amount of outdated or bad information floating around out there, and I wanted to do my part to set the record straight.

I'm not going to spend time explaining public key crypto because I wrote a pretty decent introduction to it that I give at cryptoparties.  Take a look at the PDF of the presentation; I tried to make it as painless as I could.  I want to keep this post focused on Keybase.

Click for the rest of the article...