In the last couple of years, a meme that's come to be known as security nihilism has appeared in the security community. In a nutshell, because there is no such thing as perfect security, there is no security at all, so why bother? Talking about layered security controls that reinforce each other is pointless because they always skip right to the end, which is the circumvention of the nth countermeasure and final defeat. In the crypto community, cries of "Quantum computer!" are the equivalent of invoking Godwin's Law, leading to the end of all discourse, nevermind trying to separate the marketing hype from what's actually possible or the decade-odd of research into post-quantum cryptosystems. This has lead to a certain amount of attrition in the community. It is my considered opinion that this may be one of the main reasons why many so-called security practitioners don't actually bother doing anything, including not even installing patches. No, I'm not speaking hyperbolically, I've witnessed this first-hand I'm sorry to say.Click for the rest of the article...
For the last couple of years, the meme of an EMP attack against the United States has been an integral part of the thoughtbase of the prepper community. So the idea goes, the next major attack by a foreign power will involve not the bombing of a major city but bombardment with an electromagnetic pulse (local mirror, snapshot taken 20170310 @ 2030 hours PST8PDT). Due to the fact that "electromagnetic" is kind of a loose term, sometimes they mean an actual magnetic field, sometimes they speak of a microwave burst (which means that you've got bigger problems than your electronics getting fried - humans are mostly water, after all), sometimes they mean RF, and sometimes they mean some other unspecified thing. At any rate, the pulse emitted is enough to fry all major electronics, knock out the power grid, and generally return the country to a hunter-gatherer mode of existence for the forseeable future. Just how this happens is never really explained but the answer can be determined with basic physics. Electricity and magnetism are two sides of the same coin: Where you have one, you have the other. Pass a powerful enough magnetic field through a long enough wire and it might generate enough voltage to blow out the components soldered to it. Do that to enough electronic devices in the area, and all the equipment goes down. Seems simple enough.
So, what's actually the score here?
Fifty-five years ago, the United States government wanted to find out what would happen if somebody popped off a nuke in space. So, the initiated a project called Starfish Prime, in which they detonated a 1.4 megaton nuclear device 240 miles above the surface of the Earth, a distance which is on the low end of low earth orbit. The detonation created an artificial aurora that was seen in the sky for thousands of kilometers around, in addition to scattering fallout in LEO and the upper atmosphere. To be fair it was probably only a little fallout, relatively speaking, because it was only the remnants of the nuke itself and not the vaporized debris one would expect of a terrestrial detonation. It was observed by the project's scientists that the orbital detonation generated an electromagnetic pulse that briefly disrupted electrical power on the ground hundreds of kilometers around where the center of the blast sphere was. It was later discovered that Telstar-1, the first comsat launched into orbit, was damaged by the radiation. In Hawaii, the power surges were such that street lights blew out, knocked out telephones, and caused radio blackouts. Physicists later determined that the burst of electrons loosed by the detonation were trapped by the Earth's geomagnetic field and didn't return to a low-energy state for several months. This had the net effect of interfering with radio propagation for about as long, making communications difficult.
Seems legit so far.Click for the rest of the article...
You may or may not have noticed amongst the blizzard of other stuff that's happened in the last two weeks that Donald Trump appointed Ajit Pai to the chairmanship of the Federal Communications Commission. Pai has a history of being something of a contrarian; during his time as one of the five commissioners of the FCC, he repeatedly spoke against regulations that protected the consumer and was against diverse media ownership (since the 1980's, we went from 50 media companies to just six). Time and again Pai's said that he was going to tear down regulation after regulation that the FCC was responsible for enforcing, and so far he has a track record of making that happen, albeit piece by piece and not all at once.
But what does this mean?
Net Neutrality is the legal state in which every Internet Service Provider out there has to provide the same kind of service for all of its users to every online service out there. In other words, the Net is treated like a basic utility, no different from water or electricity. If a provider gets caught monkeying with its service to privilege some company over another, they can get fined. A number of large service providers, including Comcast and AT&T, pledged publicaly that they'd adhere to the terms of Net Neutrality until a certain future date. That's pretty much it.
Let's look at a world in which net.neutrality is a thing in the United States, which it still seems to be as of the time I wrote this article:Click for the rest of the article...
In California, we periodically have problems with armies of Argentine ants invading houses at certain times of the year. It doesn't matter how clean you keep your house or how carefully you maintain it, they'll still find a way in. They're quite small and routinely squeeze through cracks less than 1mm in size, which is roughly the size of the gap between a baseboard and floor in most homes out here. They invade (and I use that word carefully) in extremely large numbers, often in the hundreds; often your first sign is an inch-wide column of ants marching down a hallway. They don't seem to care much for sweets, so they ignore things like cookie crumbs dropped on the floor. The times of year they seem to make a break for the inside are when it's fairly cold outside (low to mid 50's Fahrenheit) or after a few continuous weeks of drought. I'm not entirely sure what they look for during cold times (my guess is they're in it for the warmth), but I have observed them pass up food that's been left out and garbage during droughts and head straight for sources of moisture: Rinsed out bottles and cans, wet paper towels, and sinks. They're certainly not afraid to make use of drainpipes to enter a house - I've caught them coming up through the overflows of sinks and the bathtub more times than I care to think about.
WARNING: This strategy is for houses that have neither children nor pets. Liberally laying ant poison down in a house is dangerous to both, don't do it. If you have children or pets in the house, you're out of luck. I can't help you. Call an exterminator.
Here's how I take care of this problem. I don't want to shill for any particular product or manufacturer, but I do want to be specific enough that this blog post is useful. I use wet ant baits (basically containers of liquid ant killer) and an insecticide powder that is primarily boric acid. Read the ingredients, and get the biggest bottle you can because you're doing to go nuts with the stuff.
First up, figure out how long, roughly speaking, the ant phalanx is. If you can break it into thirds or quarters (or, ye gods, fifths), do so by placing liquid ant bait equidistantly. Make sure that you put each ant bait right on top of the column of ants so that they're sure to find it. This is so that you kill more of the ants faster; you'll prevent them from advancing any farther into the house and you'll basically be executing multiple kills simultaneously. Don't worry that you're wasting the stuff becuase you're not. Second, figure out where they're coming in from. You're probably going to have to get down on your hands and knees with a flashlight, and work backwards along the column of ants. When you find it (and you'll undoubtedly be cursing the day you were born by that point), drop another liquid ant trap right in front of the entry point. Then crack open that bottle of insecticide powder and wall off the entire area that they're coming in through. Be sure to pen them in along with that last liquid ant bait you laid down. You're going to make a mess. You already have a metric fuckton of ants in your house. This prevents any more ants from coming in: The ants that are sufficiently motivated to try to cross the line of insecticide are going to die in the attempt. The ants that manage to keep coming in from outside are, as before, going to head right for the liquid ant bait and carry little droplets of the stuff back outside to the nest, which is going to chop down the ant population considerably. Some of the ants will have a fine coating of insecticide powder on them, and they'll track it back through the walls of the house, and possibly back into the nest. See how I got the stuff on top of the baseboard? That's to keep them from climbing up the walls to avoid the insecticide (yes, they do that). While you're at it, take a look around for other large-ish gaps in the baseboards or walls and shoot some of the insecticide powder down inside of those, too.
Now, go do something else for a while. I recommend getting out of the house for the rest of the day to take your mind off the situation. You've no doubt spent an entire day coming up with creative new ways to swear, you need the break.
Some time during the next day, take another good look at the floor and see what kind of progress has been made. If all's gone according to plan, there will no longer be a conga line of hundreds of ants marching across the floor because the carpet bombing of ant poison you've carried out will have taken care of them. There should be lots of dead ants piled up around the liquid ant baits and lots of dead ants piled up in the insecticide powder you laid down. If not, figure out where you need to reinforce (maybe there's a low-hanging cable that they're using to avoid the boric acid powder? (yes, I've seen them do that)) and cut 'em off.
When you've gone a day without ants taking over your house, sweep and mop the floors with ammonia solution. This will remove the scent trails that ants use to self-organize. After the floor's dry, put the liquid ant baits back in the same positions and lay a somewhat more thin line of boric acid powder across the entry point you found.
If they're coming up through sink overflows, get the liquid ant bait that comes in an oversized syringe, and just squirt it into the overflows. It won't hurt you because water's supposed to go down those inlets if the sink's too full. Be sure to coat as much of the inside surface as you can so the ants are sure to find it. Individually, they're not terribly bright; en masse, they seem to opt for the path of least resistance. If you put what they're looking for directly on top of them, they'll stop advancing because there will be a ready source right there.
UPDATE - 20170228 - Added more stuff I've discovered about KBFS.
A couple of years ago you probably heard about this thing called Keybase launching with a private beta, and it purported itself to be a new form of public key encryption for the masses, blah blah blah, whatever.. but what's this thing good for, exactly? I mean, it was pretty easy to request an invite from the service and either never get one, or eventually receive an e-mail and promptly forget about it. I've been using it off and on for a while, and I recently sat down to really mess around with it and get a sense for how it's changed and what it can do. Plus, there's a fair amount of outdated or bad information floating around out there, and I wanted to do my part to set the record straight.
I'm not going to spend time explaining public key crypto because I wrote a pretty decent introduction to it that I give at cryptoparties. Take a look at the PDF of the presentation; I tried to make it as painless as I could. I want to keep this post focused on Keybase.Click for the rest of the article...
I've mentioned once or twice that I have a media box at home running Kodi on top of Arch Linux. Once you've got your media drives registered and indexed, it's pretty easy to use. Save for the clock in the upper right-hand corner of the display, which almost never seems to coincide with the timezone set when you install Arch. So I don't forget again, and to try to fix the problem of skillions of worthless threads on the Kodi forums, here's how you fix it from inside of Kodi when it's running:
- System -> Settings
- Appearance menu
- International tab
- Timezone Country
- Pick the country you live in
- Pick the timezone you're in
- You're done.
My day job sent me to BSidesSF at the DNA Lounge this year. If you've never been to one before (and this was my first, due to unforseen circumstances some years ago), they're a loosely connected group of security conferences under the BSides name organized along the lines of an unconference. This is to say that the dynamic of "presenter and audience" is not the primary goal of a BSides, getting people together to talk about what's going on and what they're doing is the point. In other words, birds-of-a-feather gatherings among attendees (usually over a beer) are the accepted and encouraged mode of conference participation. Of course, there was also a lockpicking village and a small number of vendors.
There were also more people in attendence at the DNA than I've seen in a long time. This meant more background noise and sensory interference than I was prepared for. Hasufin (who was also attending) had to rescue me on one occasion, pull me down the block, and drop me off in a coffee shop to recuperate. I also found it very helpful to go for a brief stroll the let my sensory threshold return to normal.
After the cut, my best attempt at depicting what all of that noise looked like. It wasn't pleasant.Click for the rest of the article...
I've mentioned in the past that I've been bumping around on the edges of the synthwave community for a couple of years now in various ways. A couple of weeks ago I got a ping on Twitter from an artist performing under the handle Vampire Step-Dad. During the course of conversation he mentioned that he'd put together an EP called A Night In the Life of..., and would I be interested in giving it a listen?
I'm always down for some new music, and said that I'd write a review of his work from a synaesthete's perspective.
So, here we go.Click for the rest of the article...
I'm still alive. No, I didn't party too much on my birthday. Just about all of last week consisted of twelve hour days of nothing but meetings with several times the number of people I'm accustomed to handling simultaneously. Additionally, I was working on a music review for Vampire Step-Dad, which required a pair of studio grade noise-cancelling headphones and listening to tracks repeatedly. I seem to have given myself a case of sensory overload, because now I feel numb all over... I also attended Pantheacon last weekend, which did a number on me. I realize that I could (and should) have holed up in my hotel room with a pair of earplugs in to recuperate, and there was no shortage of signs on Saturday morning that I should have done so. Signs, I hasten to add, that I disregarded in a perhaps inadvisable attempt to push my capabilities a bit farther than normal.
Minor repairs are required for parts of my exocortex as a result of pushing myself too far.
I have a timed post or two set to go up this week, but I'll be spending as much time as I can offline to recuperate.
Here's the original link to the memorandum, which is dated 25 January 2017.
Here's my local mirror of the same document.
- "It implements new policy designed to deter illegal immigration and facilitate the detection. apprehension. detention. and removal of aliens who have no lawful authority to enter or remain in the United States."
- "Additional agents are needed to ensure operational control of the border. Accordingly, the Commissioner of CBP shall immediately begin the process of hiring 5,000 additional Border Patrol agents and to take all actions necessary to ensure that such agents enter on duty and are assigned to appropriate duty stations as soon as practicable."
- "Section 287(g) of the Immigration and Nationality Act authorizes me to enter into an agreement with a state or political subdivision thereof, for the purpose of authorizing qualified officers or employees of the state or subdivision to perform the functions of an immigration officer."
- "... I am directing the Director of ICE to engage with all willing and qualified law enforcement jurisdictions for the purpose of entering into agreements under section 287(g) of the INA. Additionally, I am directing the Commissioner of CBP and the Director of ICE to immediately engage with the Governors of the States adjacent to the land border with Mexico and those States adjoining such border States for the purpose of entering into agreements under section 287(g) of the INA to authorize qualified members of the State National Guard, while such members are not in federal service, or qualified members of a state militia or state defense force under the command of the Governor, to perform the functions of an immigration officer in relation to the investigation, apprehension, and detention of aliens in the United States."
Has this memo been implemented yet? No.
Is it true that the White House did not draft such an order? No. Here it is, with appropriate citations. It exists and was timestamped late January of 2017, but it's not operational yet.