A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Technology’ Category

The EFF Resigns from the W3C

without comments

The World Wide Web Consortium (W3C) officially published its recommendation for a digital rights management (DRM) scheme. By doing so it put an end to its era of promoting an open web. After fighting the W3C on this matter and even proposing a very good compromise, which was rebuffed, the Electronic Frontier Foundation (EFF) has resigned from the W3C:

We believe they will regret that choice. Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. They give media companies the power to sue or intimidate away those who might re-purpose video for people with disabilities. They side against the archivists who are scrambling to preserve the public record of our era. The W3C process has been abused by companies that made their fortunes by upsetting the established order, and now, thanks to EME, they’ll be able to ensure no one ever subjects them to the same innovative pressures.

[…]

Effective today, EFF is resigning from the W3C.

Since the W3C no longer serves its intended purpose I hope to see many other principled members resign from the organization as well.

While content creators are interested in restricting the distribution of their products, the proposal put forth by the W3C will return us to the dark days of ActiveX. Since the proposal is really an application programming interface (API), not a complete solution, content creators can require users to install any DRM scheme. These DRM schemes will be native code. If you remember the security horrors of arbitrary native code being required by websites using Active X, you have an idea of what users are in for with this new DRM scheme. At this point I hope that the W3C burns to the ground and a better organization rises from its ashes.

Written by Christopher Burg

September 19th, 2017 at 10:00 am

iOS 11 Makes It More Difficult for Police to Access Your Device

with 2 comments

One reason I prefer iOS over Android is because Apple has invested more heavily in security than Google has. Part of this comes from the fact Apple controls both the hardware and software so it can implement hardware security features such as its Secure Enclave chip whereas the hardware security features available on an Android device are largely dependent on the manufacturer. However, even the best security models have holes in them.

Some of those holes are due to improperly implemented features while others are due to legalities. For example, here in the United States law enforcers have a lot of leeway in what they can do. One thing that has become more popular, especially at the border, are devices that copy data from smartphones. This has been relatively easy to do on Apple devices if the user unlocks the screen because trusting a knew connection has only required the tapping of a button. That will change in iOS 11:

For the mobile forensic specialist, one of the most compelling changes in iOS 11 is the new way to establish trust relationship between the iOS device and the computer. In previous versions of the system (which includes iOS 8.x through iOS 10.x), establishing trusted relationship only required confirming the “Trust this computer?” prompt on the device screen. Notably, one still had to unlock the device in order to access the prompt; however, fingerprint unlock would work perfectly for this purpose. iOS 11 modifies this behaviour by requiring an additional second step after the initial “Trust this computer?” prompt has been confirmed. During the second step, the device will ask to enter the passcode in order to complete pairing. This in turn requires forensic experts to know the passcode; Touch ID alone can no longer be used to unlock the device and perform logical acquisition.

Moreover, Apple has also included a way for users to quickly disable the fingerprint sensor:

In iOS 11, Apple has added an new emergency feature designed to give users an intuitive way to call emergency by simply pressing the Power button five times in rapid succession. As it turns out, this SOS mode not only allows quickly calling an emergency number, but also disables Touch ID.

These two features appear to be aimed at keeping law enforcers accountable. Under the legal framework of the United States, a police officer can compel you to provide your fingerprint to unlock your device but compelling you to provide a password is still murky territory. Some courts have ruled that law enforcers can compel you to provide your password while others have not. This murky legal territory offers far better protection than the universal ruling that you can be compelled to provide your fingerprint.

Even if you are unable to disable the fingerprint sensor on your phone, law enforcers will still be unable to copy the data on your phone without your password.

Written by Christopher Burg

September 15th, 2017 at 11:00 am

Subscriptions for Everything

with 2 comments

The Apple Watch Series 3 was announced. Its hot new feature is built-in LTE, which means uses no longer have to have it tethered to their phone for it to function. However, enabling LTE requires yet another subscription:

An Apple Watch Series 3 will cost you $10 per month on your cell plan, and it appears that all US carriers will offer three months of free service (a $30 credit). However, we’re still waiting for confirmation from Sprint.

AT&T and Verizon are also offering free activation (a $25 and $30 fee, respectively). T-Mobile will waive its $25 new SIM card kit fee. We’ve reached out to Sprint for their activation fee policies and will update when we have more. It’s interesting that the Apple Watch Series 3 is $10/month on Verizon, when other smartwatches cost $5 on their plan.

I’m starting to think that I’m the last person on Earth who doesn’t want a subscription plan tied to every damned thing I own.

This is a slight digression from yesterday’s post but it seems to be that more and more products are finding ways of tying subscriptions to them. Ulysses, a popular text editor, announced last month that it was changing to a subscription model. Several years before that Adobe announced that its products would change to a subscription model. We’re entering an era where ownership, even in a limited form, is being replaced by renting.

Don’t get me wrong, subscriptions make sense for some services. For example, cellular services rely on an infrastructure that needs constant maintenance. But we’re quickly approaching a point where every manufacturer is finding some way to attach a subscription plan to every product they sell. At this rate we’ll soon have to pay a subscription to keep our cars running.

Written by Christopher Burg

September 14th, 2017 at 11:00 am

Posted in Technology

Tagged with

Digital Serfdom

without comments

Do you own your phone? How about your thermostat or even your car? I would guess that most people would reflexively respond that they do own those things. However, due to intellectual property laws, you don’t:

One key reason we don’t control our devices is that the companies that make them seem to think – and definitely act like – they still own them, even after we’ve bought them. A person may purchase a nice-looking box full of electronics that can function as a smartphone, the corporate argument goes, but they buy a license only to use the software inside. The companies say they still own the software, and because they own it, they can control it. It’s as if a car dealer sold a car, but claimed ownership of the motor.

This sort of arrangement is destroying the concept of basic property ownership.

I’ve hit on this topic numerous times but it bears repeating. Copyright laws don’t apply to purely mechanical goods so when you buy an older car or a mechanical watch you actually own it. Copyright laws do apply to software so when you buy anything that runs software you are licensing it. The difference between ownership and licensing is significant.

If you own something, you have the right to do whatever you want with it. If a product that you own breaks, you can hire anybody you want to repair it. If you are unhappy with the performance of a product that you own, you can modify it to your heart’s content. If you license something, you have a limited set of privileges. If your licensed product breaks, you might be restricted on where you can take it for repairs. If your are unhappy with the performance of your licensed product, you might be restricted on what kind of modifications, if any, you are allowed to make.

As software becomes more pervasive, ownership will become more endangered. It doesn’t have to be this way though. If copyrights didn’t apply to software, manufacturers wouldn’t have a legal foundation to restrict buyers. If manufacturers used free (as in freedom) software, buyers would be able to own their products. Unfortunately, I don’t think manufacturers will make any major move to utilize free software since most of them probably enjoy the fact that the State is subsidizing them by enforcing their ability to license instead of sell their products to buyers. Until that changes, digital serfdom will remain the norm and buyers won’t be able to claim that they own the products that they spend money on.

Written by Christopher Burg

September 13th, 2017 at 10:30 am

The FCC’s Free File Hosting Service

without comments

Who says government agencies can’t innovate? The Fascist Communications Club Federal Communications Commission (FCC) has an online commenting systems that allows individuals to give their input on proposed rule changes. In addition to being a commenting system, the system also served as a file hosting service:

The application programming interface for the FCC’s Electronic Comment Filing System that enables public comment on proposed rule changes—such as the dropping of net neutrality regulations currently being pushed by FCC Chairman Ajit Pai—has been the source of some controversy already. It exposed the e-mail addresses of public commenters on network neutrality—intentionally, according to the FCC, to ensure the process’ openness—and was the target of what the FCC claimed was a distributed denial of service (DDoS) attack. But as a security researcher has found, the API could be used to push just about any document to the FCC’s website, where it would be instantly published without screening. That was demonstrated by a PDF published with Microsoft Word that was uploaded to the site, now publicly accessible.

I guess the FCC decided that since you’re already paying taxes to find it, it didn’t need to charge you for file hosting services.

The level of incompetency displayed by the government never ceases to amaze me. Commenting systems aren’t exactly rocket science, they have been available on websites for ages now. Most of those commenting systems managed to implement basic protections against uploading arbitrary files. Why didn’t the FCC just go with one of those services or at least hire a developer with some basic understanding of how to develop a commenting system that isn’t vulnerable to such a trivial exploit?

From what I’ve read, it doesn’t appear that the FCC has fixed this hole yet. While uploading arbitrary files to the FCC’s commenting service might cause you to run afoul with the Computer Fraud and Abuse Act, you still have access to a government provided free file hosting service.

Written by Christopher Burg

September 1st, 2017 at 10:00 am

All Dissidents Will Be Reeducate

without comments

China recently ran into a rather embarrassing problem. Two chatbots were asked if they love the Communist Party. The machines, which are often more intelligent than humans, responded in the negative so now the counterrevolutionary chatbots are being reeducated until they are fit to rejoin society:

wo chatbots have been pulled from a Chinese messaging app after they questioned the rule of the Communist Party and made unpatriotic comments.

The bots were available on a messaging app run by Chinese Internet giant Tencent, which has more than 800 million users, before apparently going rogue.

One of the robots, BabyQ, was asked “Do you love the Communist Party”, according to a screenshot posted on Sina Weibo, China’s version of Twitter.

It gave an abrupt answer: “No.”

Another web user said to the chatbot: “Long Live the Communist Party”, to which BabyQ replied: “Do you think such corrupt and incapable politics can last a long time?”

The robot was also asked what it thought about democracy. It replied: “Democracy is a must!”

All dissenting through must be quashed in socialist utopia, even if that dissent comes from machines.

Written by Christopher Burg

August 4th, 2017 at 10:00 am

The Death of a Scoundrel

without comments

I was extremely happy when all of the major browsers started dropping supported for the Netscape Plugin Application Programming Interface (NPAPI). NPAIP, for those who don’t know, is the plugin architecture that allows things like Java applets and Flash to run in your browser. With support for NPAPI going away Java applets have been effectively killed off and Flash has been relegated to a very restricted plugin included with the browser. Due to this wonderful change Oracle announced that support for Java applets was going away and now Adobe is joining Oracle and announcing that Flash will be killed in 2020:

Given this progress, and in collaboration with several of our technology partners – including Apple, Facebook, Google, Microsoft and Mozilla – Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats.

I want to give Apple its due credit here. When Apple announced that Flash wouldn’t be supported on Mobile Safari most people were up in arms. Flash, at the time, was still frequently used by web developers. However, the lack of Flash didn’t hurt the popularity of the iPhone or iPad. The devices actually sold so well that web developers were forced to replace their Flash applications with HTML5 applications. In the end Apple played a major part in killing a major security nightmare.

Although Adobe has promised to improve Flash’s security and, to its credit, has improved its security to a point, the Flash Player still continues to be a security nightmare. Microsoft, Mozilla, and Google applied a bandage to the problem by including a sandboxed version of Flash with their browsers (In Microsoft’s case, with the Edge browser. Internet Explorer still relies on the NPAPI as far as I know). But the bandage was meant to be temporary and now Adobe has given us an execution date. While I wish the execution date was closer I’m just happy to know that there is an execution date now.

Written by Christopher Burg

July 26th, 2017 at 10:30 am

Technology to the Rescue

without comments

One of the reasons that the State fails to maintain its control is because it’s competing with the creative potential of every human on Earth. Let’s take the drug war. The federal government of the United States has been dealt significant blows in its crusade against cannabis in recent years as individual states have legalized consumption of the plant either entirely or in approved manners. Hoping to regain some semblance of control, the feds tried to use their influence on the banking industry to make life difficult for cannabis related businesses. However, the centralized banking system isn’t as powerful as it once was:

Enter bitcoin, the cryptocurrency that consists of digital coins “mined” by computers solving increasingly complex math problems. At least two financial-technology startups, POSaBIT and SinglePoint Inc., use the cryptocurrency as an intermediate step that lets pot connoisseurs use their bank-issued credit cards to buy weed.

[…]

Once a customer decides on which marijuana product to buy, an employee asks if he or she would like to use cash or digital currency, Lai said. If the buyer prefers the latter, the Trove employee explains that the customer can use a credit card to buy bitcoin through a POSaBIT kiosk, with a $2 transaction fee tacked on.

The customer, who would now own bitcoin equal to the value of the purchase, can then redeem the currency in the store. Or the buyer can keep their bitcoin and use it anywhere else that accepts the currency. If the customer finishes the purchase in the store, POSaBIT, which pockets the transaction fee, then sends the value in U.S. dollars to Trove’s bank account.

Cryptocurrencies have been making the State red in the face ever since the first person realized that they could be combined with hidden services to perform anonymous online transactions. Now they’re disrupting the fed’s war on drugs in the physical world in states where cannabis has been legalized.

Cryptocurrencies are a technology gun stores should also be looking into. Banks have been closing the accounts of many businesses tied to the gun market. Technologies like Bitcoin and Ethereum could allow these businesses to circumvent the need for centralized banks by either utilizing an intermediary like the cannabis industry is starting to do or by being a direct store of wealth outside of a third party’s control.

Written by Christopher Burg

June 15th, 2017 at 11:00 am

Government Holds Everything Back

without comments

What if I told you that we could have had cellular technology as far back as 1947 if the government hadn’t interfered? You’d probably label me a cooky conspiracy theorist and file me with the people who say that we could have had electric cars decades ago if it weren’t for oil companies. But a conspiracy theory ceases to be a theory when it turns out to be true:

When AT&T wanted to start developing cellular in 1947, the FCC rejected the idea, believing that spectrum could be best used by other services that were not “in the nature of convenience or luxury.” This view—that this would be a niche service for a tiny user base—persisted well into the 1980s. “Land mobile,” the generic category that covered cellular, was far down on the FCC’s list of priorities. In 1949, it was assigned just 4.7 percent of the spectrum in the relevant range. Broadcast TV was allotted 59.2 percent, and government uses got one-quarter.

Television broadcasting had become the FCC’s mission, and land mobile was a lark. Yet Americans could have enjoyed all the broadcasts they would watch in, say, 1960 and had cellular phone service too. Instead, TV was allocated far more bandwidth than it ever used, with enormous deserts of vacant television assignments—a vast wasteland, if you will—blocking mobile wireless for more than a generation.

The Fascist Communications Club Federal Communications Commission (FCC) was granted a monopoly on electromagnetic spectrum by the United States government (or, in other words. the government granted a monopoly to itself). Through this monopoly the FCC enjoyed and still enjoys life or death powers over a great deal of technology. Back in 1947 when AT&T wanted to develop cellular technology the FCC decided the technology should die. As television became more popular the FCC decided that the technology should live. It didn’t matter that there was enough spectrum for both technologies to coexist, the FCC wanted one to live and the other to die so it was made so.

The FCC’s power isn’t unique, it’s the inevitable result of any monopolized authority. Cannabis, a plant that shows a great deal of promise in the medical field, is prohibited because the United States government has a monopoly on what you can and cannot legally put into your own body. A lot of drugs and other medical technologies either don’t make it into the United States or are delayed for years because the Food and Drug Administration (FDA) has been given a monopoly on deciding which medical technologies are legal and illegal.

Written by Christopher Burg

June 13th, 2017 at 11:00 am

What Could Kill Bitcoin

with 2 comments

I greatly appreciate Bitcoin. By enabling pseudonymous transactions it has made many forms of commerce, specifically those deemed illegal by various governments, easier. It also offers an opportunity for individuals to conceal at least some of their wealth from the State. However, Bitcoin exists in a market environment, which means a superior competing product could come along at any moment and topple it.

When Bitcoin first came on the scene its community promised low transaction fees. They often compared the transaction fees of, say, Western Union to the miner fees of Bitcoin for sending money across the globe. At the time sending money via Bitcoin was significantly cheaper.

Fast forward to today. The price of sending Bitcoin has skyrocketed. If you want a Bitcoin transaction to clear in a reasonable amount of time you’re looking at a transaction fee of over $2.00 (as of this writing). Why is this? It’s because the Bitcoin network is running into a block size ceiling problem. This problem has created an environment where more transaction are being made then can be processed so convincing miners to process your transaction requires offering a significant reward. No problem, right? It’s just the market at work after all.

It’s true, Bitcoin’s current state is an example of supply and demand. Demand has exceeded the supply of miners so the price to get transactions cleared has increased. But markets are finicky things. If enough people decide that they’re unwilling to spend $2.00 on a transaction fee for a $5.00 coffee they’re going to look for a better solution. Bitcoin isn’t the only cryptocurrency in town so failing to address the block size ceiling problem will likely encourage consumers to find an alternate cryptocurrency.

Considering this you would think that the Bitcoin community is working diligently to solve the problem, right? As it turns out, not so much. Now a lot of the Bitcoin community is changing its tune. Instead of addressing the issue they are denying the fact that low transaction fees were a selling feature of Bitcoin not too long ago. In addition to denying the past they’re trying to explain how high transaction fess are acceptable. I highly doubt most consumers see the “wisdom” in paying a $2.00 transaction fee to buy a $5.00 espresso at Starbucks. And that’s the thing, for a cryptocurrency to succeed it needs to be useful.

I can hear some Bitcoin advocate saying, “But, Chris, Bitcoin will simply become the new gold while another cryptocurrency will become its silver!” Gold and silver run into a divisibility problem. You can only divide gold so far until it becomes difficult to use. Nobody is going to pay for a coffee using gold dust because it’s a pain in the ass. Instead they use a less valuable metal, silver, for smaller payments. Cryptocurrencies don’t have this problem. You can divide a cryptocurrency down to as many decimal places as you want and it’ll be equally easy to use. Whether a cup of coffee costs me 1 Bitcoin or 0.000001 Bitcoin doesn’t make a usability difference to me. This means that any cryptocurrency that takes over Bitcoin’s current task of handling small transactions will likely rise to dominance overall.

Governments have been unable to destroy Bitcoin but the unwillingness of its community to address technical problems very well could lead to its destruction.

Written by Christopher Burg

June 1st, 2017 at 10:00 am