Archive for the ‘Software’ Category
Very interesting article. Presumably at some point such diagnosis can be done via the internet using the webcam on your computer.
Lorenzo Franceschi-Bicchierai reports in Motherboard:
For months, government officials have railed against encryption technology that protects user data from being stolen by hackers but also makes it difficult for cops to access or intercept. On Tuesday, the tech industry is saying “enough.”
A letter signed by pretty much everyone in Silicon Valley, including Google, Apple, Yahoo, Twitter, and Facebook, as well as dozens of security and privacy experts and many civil liberties organizations, urges President Barack Obama to say no to any proposal that would force companies to weaken the security of their products so that law enforcement authorities can access customer data.
The plea comes after months of public debate over encryption, which was sparked when Apple announced that data on the new iPhone would be encrypted by default and that even the company wouldn’t be able to access to it. After that announcement, FBI Director James Comey has been urging companies to backtrack and give law enforcement a way in, because otherwise widespread encryption will “lead us all to a very dark place” where authorities can’t get key evidence when they need it.
Despite these complaints, the FBI and other government agencies have failed to put forward a concrete proposal that would give consumers strong encryption while also providing cops and feds a way in. Experts have accused the officials of asking for backdoors, which are intentional vulnerabilities designed to give access to otherwise secure systems, while officials have defended their requests saying they simply want legal “frontdoors.”
“Whether you call them ‘frontdoors’ or ‘backdoors,’ introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers,” the letter reads.
The letter goes on to argue that not only backdoors aren’t technically feasible, but they’re a bad idea because if the US gets them, then other government will feel legitimized to demand them too, which will “undermine human rights and information security around the globe.”
“The result will be an information environment riddled with vulnerabilities that could be exploited by even the most repressive or dangerous regimes,” the letter reads. “That’s not a future that the American people or the people of the world deserve.”
Another issue, the letter continues, is that it will hurt American companies operating abroad, as consumers and businesses will turn to other companies offering products that have stronger protections.
A White House spokesperson declined to comment.
The letter was sent by . . .
In Motherboard Eric Mill has an article of interest to those who use the internet:
In practice, the nonprofit plans to do this by gradually removing the ability for HTTP websites to use various web features. The Firefox developers are joined by the Chrome security team, who declared something similar in December.
Mozilla’s announcement has gotten a lot of attention, more than Chrome’s, and much of it negative. There have been various laments, but the most sincere and helpful one is Ben Klemens’ “HTTPS: the end of an era.”
But the Mozilla foundation’s HTTPS requirement is, to me, the real end of the DIY era. This is not a closed-source corporation, or a startup pushing its new tool, or the arrogant guy at the hackathon, but the Mozilla Foundation — ”Our mission is to promote openness, innovation & opportunity on the Web” — saying that if you are building web pages using tools from your desert island, without first filling in registration forms, then you are doing it wrong.
I understand the fear of raising the barriers to entry. As a child, I too fell in love with an internet made by everyone, and have spent my career, my volunteer work, and myhobbies trying to share what that love has taught me. I want children everywhere in the world to grow up feeling like the internet that permeates their lives is also in their service—a LEGO set in real life that you can buy with a week’s allowance.
Yet as an adult, I also understand that power for ordinary people is hard to come by and hard to keep. The path of least resistance for human society is for money to buy more money, and might to demand more might. Democracy is designed not so much to expand freedom as it is to give people tools to desperately hold onto the freedom they have.
Put another way: power has a way of flowing away from the varied, strange, beautiful little leaf nodes and into the unaccountable, unimaginative, ever-hungry center.
TCP/IP, DNS, and the web were each tremendous reversals of this trend, freely giving the means of production to all of us little leafs. It felt like the powers that be just didn’t realize what was happening until it was too late.
But when I look at the last few years, I see a very different web than the one I was introduced to:
- Verizon injects tracking headers into unencrypted traffic so it can sell your browsing activity to advertisers. This program started in 2012, after Verizon realized it “had a latent asset,” but wasn’t noticed until 2014.
- Other companies like Turn piggyback on Verizon’s tracking header to sell your data to even more people, because they “are trying to use the most persistent identifier that we can in order to do what we do,” says Turn’s chief privacy officer.
- Comcast injects ads into unencrypted traffic, because “it’s a courtesy, and it helps address some concerns that people might not be absolutely sure it’s on a hotspot from Comcast.”
- Andreas Gal (Mozilla’s CTO, in his personal capacity) has claimed that Yahoo and Bing “can acquire search traffic by working with large internet service providers” to harvest users’ Google search results to improve their own—and strongly implies that they used to do this before Google shut them out through encryption. Even if you support better competition against Google, I doubt you expected your ISP to make deals to sell your traffic to other corporations without your knowledge.
- The nation of India tried and failed to ban all of GitHub. HTTPS meant they couldn’t censor individual pages, and GitHub is too important to India’s tech sector for them to ban the whole thing.
And then there’s government surveillance. Still here, still real, and not getting better:
- The NSA scans just about everything that goes through the internet backbones and saves as much of it as possible, in collaboration with intelligence agencies around the world. This is called “upstream collection,” and the agency’s “posture” is to“collect it all.”
- The NSA’s upstream collection program, authorized under section 702 of the FISA Amendments Act, has not been reformed. It will not be reformed by the current draft of the USA Freedom Act, in fact was endorsed by the only government agencywhose job it is to review it, and the most meaningful court victory so far—while a wonderful and important precedent—addresses a separate program that only touches data about telephone calls.
- After the Charlie Hebdo attacks, France is now making bulk internet spying explicitly legal and giving its intelligence services vast powers to work with ISPs to surveil the network.
- The United Kingdom is likely to do something similar, after Cameron’s strong re-election means he can make good on his pledge to make all online communication subject to monitoring.
When I look at all these things, I see companies and government asserting themselves over their network. I see a network that is not just overseen, but actively hostile. I see an internet being steadily drained of its promise to “interpret censorship as damage.”
In short, I see power moving away from the leafs and devolving back into the center, where power has been used to living for thousands of years.
What animates me is knowing that we can actually change this dynamic by making strong encryption ubiquitous. We can force online surveillance to be as narrowly targeted and inconvenient as law enforcement was always meant to be. We can force ISPs to be the neutral commodity pipes they were always meant to be. On the web, that means HTTPS.
As problematic as the certificate authority (CA) system that underlies HTTPS may be, its relative centralization allows for one of the very few systems of encryption available today that Just Works for regular people. In many ways, it’s no different than registering a domain: you pay a nominal fee to a usually for-profit organization to participate in a mostly centralized system.
Richard Barnes, the author of Mozilla’s HTTP deprecation announcement and policy,responded to Ben, saying:
I’ve been using a plug-in called “HTTPS everywhere” for quite a while now, and when I provide links they are now almost always HTTPS links.
I’m sure the techs who failed to test adequately the update had no idea of the follow-on effects. So far we know of no deaths that resulted, if deaths had occurred—if some bad automatic update results in planes falling from the skies—would there be any legal accountability?
Jordan Pearson reports at Motherboard:
Dozens of American Airlines flights in Dallas, New York City, and Chicago, experienced unexpected delays yesterday when pilots’ iPads unexpectedly crashed. The reason for the widespread crashes was a buggy update to the app that pilots use for everything from flight planning to checking the weather.
Passengers on the affected flights reported witnessing pilots in distress after their iPads powered down without warning. “The pilot came on and said that his first mate’s iPad powered down unexpectedly, and his had too, and that the entire 737 fleet on American had experienced the same behavior,” Philip McRell, one passenger, told Quartz.
According to Michael Pound, a representative for Jeppesen, a Boeing subsidiary that built the in-flight app that American Airlines pilots use, an app update was to blame for the widespread glitches.
“The issue causing several flights to be delayed last night was traced [to] a navigation database update causing a duplicate chart to be in existence for one airport,” Pound told Motherboard in an email. “Pilots were given instructions for remedying the situation, which involved uninstalling and reinstalling the app. They were able to proceed normally afterward.” — American Airlines (@AmericanAir) April 29, 2015
American Airlines pilots traded their flight bags—stacks of paper documents like manuals and maps that can weigh up to 40 pounds each—for electronic versions in the form of iPad apps like Jeppesen’s Flightdeck Pro in 2013. Electronic Flight Bags, as they’re called, contain the same kinds of important information that was included in paper versions, with the added bonus of being updatable without having to kill trees.
Amateur pilots have also latched on to iPads and apps to manage their flights. Some, like Garmin Pilot, cost as little as $75 per year. . .
A good article on encrypting your computer’s hard drive—a sensible step if you ever take your computer across international borders, since all your data can be copied any time you cross a border, no reasonable suspicion required. Micah Lee writes in The Intercept:
Time and again, people are told there is one obvious way to mitigate privacy threats of all sorts, from mass government surveillance to pervasive online tracking to cybercriminals: Encryption. As President Obama put it earlier this year, speaking in between his administration’s attacks on encryption, “There’s no scenario in which we don’t want really strong encryption.” Even after helping expose all the ways the government can get its hands on your data, NSA whistleblower Edward Snowden still maintained, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”
But how can ordinary people get started using encryption? Encryption comes in many forms and is used at many different stages in the handling of digital information (you’re using it right now, perhaps without even realizing it, because your connection to this website is encrypted). When you’re trying to protect your privacy, it’s totally unclear how, exactly, to start using encryption. One obvious place to start, where the privacy benefits are high and the technical learning curve is low, is something called full disk encryption. Full disk encryption not only provides the type of strong encryption Snowden and Obama reference, but it’s built-in to all major operating systems, it’s the only way to protect your data in case your laptop gets lost or stolen, and it takes minimal effort to get started and use.
If you want to encrypt your hard disk and have it truly help protect your data, you shouldn’t just flip it on; you should know the basics of what disk encryption protects, what it doesn’t protect, and how to avoid common mistakes that could let an attacker easily bypass your encryption.
If you’re in a hurry, go ahead and skip to the bottom, where I explain, step-by-step, how to encrypt your disk for Windows, Mac OS X, and Linux. Then, when you have time, come back and read the important caveats preceding those instructions.
What disk encryption guards against
If someone gets physical access to your computer and you aren’t using disk encryption, they can very easily steal all of your files.
It doesn’t matter if you have a good password because the attacker can simply boot to a new operating system off of a USB stick, bypassing your password, to look at your files. Or they can remove your hard disk and put it in a different computer to gain access. All they need is a screwdriver, a second computer, and a $10 USB enclosure.
Computers have become an extension of our lives and private information continually piles up on our hard disks. Your computer probably contains work documents, photos and videos, password databases, web browser histories, and other scattered bits of information that doesn’t belong to anyone but you. Everyone should be running full-disk encryption on their laptops.
Encrypting your disk will protect you and your data in case your laptop falls into the wrong hands, whether because you accidentally left it somewhere, because your home or office was burglarized, or because it was seized by government agents at home or abroad.
It’s worth noting that no one has privacy rights when crossing borders. Even if you’re a U.S. citizen entering the United States, your Constitutional rights do not apply at the border, and border agents reserve the right to copy all of the files off of your computer or phone if they choose to. This is also true in Canada, and in other countries around the world. If you plan on traveling with electronic devices, disk encryption is the only way you have a chance at protecting your data if border agents insist on searching you. In some situations it might be in your best interest to cooperate and unlock your device, but in others it might not. Without disk encryption, the choice is made for you: the border agents get all your data.
What disk encryption is useless against
There’s a common misconception that encrypting your hard disk makes your computer secure, but this isn’t entirely true. In fact, disk encryption is only useful against attackers that have physical access to your computer. It doesn’t make your computer any harder to attack over a network. . .
I have mentioned FunBridge.com before: although you can play against other individuals on-line, you can also simply play against the computer (playing the other three hands). You bid, then you play—defense or as declarer, depending on the hand and the bid. You then get “points” by being compared to others who played the identical hand: the better your performance relative to theirs, the more points you get; the worse, the fewer.
My own points in the current series (you can always discard the record to date and start anew) range from +11 to -16 (don’t ask—and best not to play after a drink or two). My total right now is +15 and in this current series it’s been as high as +25. Previous series I would discard after reaching -75 or -100 points.
The interesting thing is, I’m doing much better now. It’s not from having studied, though my intentions in that regard were really excellent—of the very first rank, in fact. It’s simply from playing a LOT of hands, and allowing my adaptive unconscious to use its pattern recognition engine to figure it out.
Obviously, I can still improve a lot. It’s sobering to see your ranking against others who played the same hand be, say, 86 out of 97, but it’s exhilarating to see it as 3 out of 90 or 13 of 96—the two most recent hands. And sometimes I’m NUMBER ONE!!! At least for a while.
The thing that interests me, though, is how one can improve simply by playing a lot of games and seeing the (relative) result. It’s much the way in which one’s shaving technique improves over time simply by watching what you’re doing and seeing what results: the adaptive unconscious is quite powerful.
If you’ve not read Strangers to Ourselves: Discovering the Adaptive Unconscious, by Timothy Wilson, you really should. VERY interesting book.
And if you like card games, you should try Funbridge.com.