Thursday, December 8, 2016

You got no stinkin' privacy because the Courts do not understand the Internet

Good article on privacy, TOR, and the Court's ruling that using TOR does not give you a reasonable expectation of privacy (!):
First, let's discuss how the judge reasons that there's no expectation of privacy with Tor. This is a straightforward application if the Third Party Doctrine, that as soon as you give something to a third party, your privacy rights are lost. Since you give your IP address to Tor, you lose privacy rights over it. You don't have a reasonable expectation of privacy: yes, you have an expectation of privacy, but it's not a reasonable one, and thus it's not protected.

The same is true of all your other digital information. Your credit card receipts, phone metadata, email archive, and all the rest of things you want to keep private on the Internet are not (currently) covered by the Fourth Amendment.

If you are thinking this is bullcrap, then you'd be right. Everyone knows the Third Party Doctrine doesn't fit the Internet. We want these things to be private from the government, meaning, that they must get a warrant to access them. But it's going to take a clueful Supreme Court overturning past precedence or an armed revolution in order to change things.
The court ruled that since you have an IP address, Sumd00d on the 'net can get to you and so you have no reasonable expectation of privacy.  Ooooh kaaay.
As Orin Kerr's post points out:
Fourth Amendment law regulates how the government learns information, not what information it learns
In other words, it doesn't matter if the FBI is allowed to get your IP address, they still need a warrant to search your computer. If you've got public information in your house, the FBI still needs a warrant to enter your house in order to get it.
That seems right.  Your IP address must by definition be public on the 'net.  That doesn't mean that I want all my files on my computer browsable, duh.

But it gets worse - your computer is likely not connected to the Internet.  Instead, it's connected to an internal private network that is protected by a firewall (either a stinkin' big enterprise class firewall at work or your router/firewall at home).  Your private network uses a private IP address, by definition - this was defined in a technical spec (called "Request For Comment" in Internet Geek-speak) RFC 1918 "Address Allocation for Private Internets" - note to court and FBI G-Man: please pay attention to the work "Private" in that title.

But I digress.

The Court was ruling on the use of TOR, and basically said that since your computer uses IP (and responds to IP) there's no privacy.
Yes, the entry Tor node knows your IP address, but it doesn't know it belongs to you or is associated with your traffic. Yes, the exit Tor knows your traffic, but it doesn't know your IP address.

Technically, both your traffic and IP address are public (according to the Third Party Doctrine), but the private bit is the fact that the two are related. The "Tor network" isn't a single entity, but a protocol for how various different entities work together. No single entity in the Tor network sees your IP address combined with your activity or identity. Even when the FBI and NSA themselves run Tor nodes, they still can't piece it together. It is a private piece of information.
And quite frankly, one of the best arguments that the Courts won't provide oversight to Intel snooping is revealed in the fact that if things were as open and un-private as the Court said there isn't any need to attack the target computer with malware.  Of course, your data is private, and so the FBI has to pwn you, and to anyone with an expectation that the Fourth Amendment means what it says that's a search and the FBI should get a warrant.  Instead it's (legally) license to kill.

The punch line, of course, is all the lefties who didn't care about what the Federales were doing for the last 8 years will be appalled that the Trump Administration is probably going to totes keep on doing it, just to a different set up folks.  Now you know how we feel about the Second Amendment, where the argument has been "keep and bear arms" means that you can't have a firearm in your home and you certainly can't take it out with you, because reasons.

As a historical note, I posted years ago about how to hide yourself from NSA snooping.  It didn't rely on TOR, but probably won't work anyway.

If you think that I'm a bit paranoid, please keep in mind that I was trained to be that way by the finest minds in the Free World ...

Wednesday, December 7, 2016

The reason to stay late at the office on Friday

To install these.


How completely does Donald Trump own the media?

So completely that Piers Morgan nails it in a brilliant article:
‘Twitter helped win me the election,’ President-elect Donald Trump told me when we spoke two weeks ago.

He cited his extraordinary army of 16 million followers on the social media platform as one reason (he has almost as many on Facebook). Each follower represented a potential voter he could talk to directly on a daily, or hourly basis – in exactly the way he wanted.

The second reason, he said, was his ability to set the news cycle for a day with one solitary tweet.

He particularly loved the fact, as a businessman, that it costs him absolutely nothing; Twitter is the ultimate marketing tool.
This is perceptive and funny, but it's only the setup.  This is the serve:
Since the election, Trump has continued to set America ablaze with his tweets; from his calls for the musical Hamilton to be boycotted and flag-burning to be criminalised, to his angry attacks on Saturday Night Live, defense of his contentious phone call with Taiwan, and mockery of China’s hypocrisy.Each episode followed a familiar 10-part pattern:

1) Trump posts an inflammatory, highly opinionated tweet.
2) The media goes nuts.
3) Trump’s tweet then dominates the news all day.
4) The media demands he stops tweeting because it’s ‘un-presidential.’
5) Trump ignores them.
6) Conventional politicians demand he stops tweeting because it’s un-presidential.’
7) Trump ignores them too.
8) Trump wakes up next morning to every paper and cable news show talking about his tweet.
9) Trump chuckles to himself.
10) Trump tweets again.

Repeat.

LOL.  I'm not a Piers Morgan fan, but this is 100% dead on.  It's also funny, so make sure that you click through to read the whole thing.  It's odd that it takes the overseas press to figure this out - the fact that the domestic press is smart enough to figure it out but will absolutely not admit it says all you need to know about them.

Trump will keep beating them like a rented mule until they do.

Hat tip: American Digest.

Answer to a Question

Unknown asked in the comments if I had found a magazine for the Series 1 Colt Woodsman. I did. Brownell's has them. Still looking for grips I can afford.

Tuesday, December 6, 2016

Remember

The losses of December 7th, 1941 were only a pittance of the price that would eventually be paid to stop Nazi Germany and Imperial Japan. In the grand scheme, the losses appear as small numbers on a tally sheet.

On an individual basis, every one of the sailors and Marines on those ships were someone's son,  brother,  husband, uncle, friend. They were all, from where I stand now, young men with most of their lives in front of them.                 

Remember.




Only badasses need apply in Helsinki

Seen at the Helsinki airport.  Best.  Marketing.  Ever.


Makes me want to go to Helsinki in November, just to show how badass I am.

New Cybersecurity Commission report not so useful

Maybe even counter productive:
An Obama commission has publish a report on how to "Enhance Cybersecurity". It's promoted as having been written by neutral, bipartisan, technical experts. Instead, it's almost entirely dominated by special interests and the Democrat politics of the outgoing administration.

In this post, I'm going through a random list of some of the 53 "action items" proposed by the documents. I show how they are policy issues, not technical issues. Indeed, much of the time the technical details are warped to conform to special interests.
Washington loves Blue Ribbon commissions.  This is a Blue Ribbon commission.  But the recommendations come from people who don't understand security:
Action Item 1.3.1: The next Administration should require that all Internet-based federal government services provided directly to citizens require the use of appropriately strong authentication.
This would cost at least $100 per person, for 300 million people, or $30 billion. In other words, it'll cost more than Trump's wall with Mexico.

Hardware tokens are cheap. Blizzard (a popular gaming company) must deal with widespread account hacking from "gold sellers", and provides second factor authentication to its gamers for $6 each. But that ignores the enormous support costs involved. How does a person prove their identity to the government in order to get such a token? To replace a lost token? When old tokens break? What happens if somebody's token is stolen?

And that's the best case scenario.
I remember back in the 1990s when a major bank decided to issue a hardware password token device to each of their customers for use in online banking.  They spent millions of dollars to buy and deploy the devices, and then many times that on customer service call centers before quietly dropping the program.  The commission recommendation sounds good, but ignores the real world experiences that the industry has been through.

This is a long post which calls out many of issues where the commission just doesn't know what they're talking about.  But it's worse - sometimes the commission seems to know what it's doing just fine:
Action Item 1.3.3: The government should serve as a source to validate identity attributes to address online identity challenges.
In other words, they are advocating a cyber-dystopic police-state wet-dream where the government controls everyone's identity. We already see how this fails with Facebook's "real name" policy, where everyone from political activists in other countries to LGBTQ in this country get harassed for revealing their real names.

Anonymity and pseudonymity are precious rights on the Internet that we now enjoy -- rights endangered by the radical policies in this document. This document frequently claims to promote security "while protecting privacy". But the government doesn't protect privacy -- much of what we want from cybersecurity is to protect our privacy from government intrusion. This is nothing new, you've heard this privacy debate before. What I'm trying to show here is that the one-side view of privacy in this document demonstrates how it's dominated by special interests.
Because there's still a tiny corner of the 'net that hasn't been entirely monitored and subverted by the Intelligence Community.  Sorry, I'm way past the point of believing that security programs from the Fed.Gov are in my interest.

Hopefully the new Administration will toss this report in the circular file.

Monday, December 5, 2016

Christmas mojo

The Queen Of The World is in full Christmas decorating mode, and Castle Borepatch has been transformed into a Winter Wonderland.  She loves decorating, and I love that she loves to do it - the house really is a show piece.  We still need to put lights and ornaments on the tree, but will get to it presently.

But this is our first anniversary, and so lights will have to wait.  I look around at our cozy home and marvel at how one short year ago I was selling Camp Borepatch, we were packing to move, and snuck off to get hitched.  It's been quite a year, but it's led to, well, contentment - in a way that I haven't had in ages.

I'm quite a lucky man.

Oscar Peterson - The Christmas Waltz

A Christmas classic from the Maharaja of the keyboard.

Every story you will get from the Media about Donald Trump

Here's the format, just plug in the item du jour:
“Oh, I’m so concerned that Trump did {thing}, he is offending {SJW List Of Special Topic Folks} and damaging relationships with {Persons Du Jour}. I really hope he isn’t that {dumb | naive | uneducated | mean | incompetent | {insert other insult}}. How can we help him avoid offending {class list} again? Perhaps by {doing our agenda here}? He really doesn’t ‘get it’ about {tradition | OUR prior precedent | Progressive Norms} does he? Who can help him?”
It's Concern Trolling disguised as journalism, and it doesn't work anymore:
In large part, especially on CNN and MSNBC and even to some extent on Fox, they have adopted the role of Concern Troll In Chief, and frankly, my ‘concern’ is all worn out.
See, they have forgotten about Maslow’s Hierarchy of Needs. When one is worried about losing the house, not having a job for a year, how to pay back a $1/4 Million School Loan while working at Starbucks as a Barista with your Advanced SJW Degree, watching your sons and daughters go off to Iraq again perhaps to die, or just struggling to speak Spanish at the store so you can buy necessities (NOT hyperbole – I’ve done it twice in the last two weeks as the staff were all native Spanish speakers…); under those circumstances it just doesn’t make a God Damn Difference who’s phone call The Donald takes.
Basically, Dear Professional Concern Trolls: “Frankly, my Dear Troll, I just don’t give a damn.”
That sounds about right.  Until the Media rebuilds some trust with most of the country, this is going to be wildly ineffective.  For people who look down on everyone else in the country as "dumb hicks", this sure seems pretty dumb.

Why do we have bad security?

Because it costs a lot, and the rational decision is to have worse security than we'd like.  Visa gives fuel stations 3 more years to install credit card chip readers because of the cost of the program:
Avivah Litan, a fraud analyst with Gartner Inc., said the deadline shift wasn’t unexpected given how many U.S. fuel stations are behind on costly updates, noting that in some cases it can cost more than $10,000 per pump to accommodate chip card readers. The National Association of Convenience Stores estimates that station operators will spend approximately $30,000 per store to accommodate chip readers, and that the total cost to the fuel industry could exceed $4 billion. 
“Some of them you can just replace the payment module inside the pump, but the older pumps will need to be completely removed and replaced,” Litan said. “Gas stations and their unattended pumps have always been an easy target for thieves. The fraud usually migrates to the point of least resistance, and we’re seeing now the fraudsters really moving to targeting unattended stations that haven’t been upgraded.”
Credit card fraud from pull pumps is around 1% of all card fraud., which is about $16B world wide.  At $4B for the upgrade, mathematics says that fraud would need to be $400B a year for the expense to be justified.  What the delay will allow is for station owners to plan a technology refresh for their pumps (something that will be in the works anyway) and so the cost of the chip readers will be a minimal portion of the overall upgrade, rather than the whole thing.

This situation is actually quite a good view into the workings of the "security as risk management" approach.  Yes, the technology exists.  Yes, security will be better after this is implemented.  No, there's no way to justify the cost of an immediate upgrade.  Yes, there will be a cost to carry if you don't upgrade immediately.  No, that doesn't make an immediate upgrade the right decision.

Christmas in a Minor Key

Christmas used to be a big production event for us. With four boys growing up, we would have year after year traditions, piles of wrapped presents, the biggest tree we could get in the room, lights on the house, and an unending stream of cookies.

All those decorations sit in boxes in the attic. The oven sits unused. There will be no one coming home this year, just the two of us in a quiet house, and the ghosts of Christmas past.

The music in the Charlie Brown Christmas Special, like the song posted by Borepatch, is mostly in a minor key. A little plaintive. But in the end, it is about hope and finding Christmas in unexpected ways.

I was going to the range last week and she asked me to "look for a Charlie Brown tree". I found one on the back side of the berms and cut it with a machete. We put it in plastic flowerpot filled with rocks and she put tinsel on it. Our decorating for the year is complete.


It is in others ways that I continue to hope and believe in the coming of the Christ into the world.

Sunday, December 4, 2016

Christmas Time Is Here - Vince Guaraldi Trio (from A Charlie Brown Christmas)

This Christmas tree?  This one?  How about this one?  Check.

Bow saw?  Check.

Cut down tree?  Check.

Bring tree home, set up stand, set up tree, string lights?  Check, check, check, and check.

Things are beginning to look a bit like Christmas here at Castle Borepatch.  That means that things are beginning to sound a bit like Christmas.  I can't believe in all the years of posting Christmas music I've never done this one.  Those of you of a certain age will hum along with me.

Colt .22s

Colt made a John Moses Browning designed .22 semi-auto pistol for decades. It was called The Woodsman, mostly. Early models are now called pre-Woodman and there are later variants. I have one. It is the only gun I own that belonged to my grandfather and I am sure this is not my first post on this.

It comes up today because I was looking for a set of target grips with a thumbrest. It looks like I will have to have a go at making them. My Google-fu is weak and I have not found a set to purchase.

But once I was down the rabbit hole, I started looking for a spare magazine as well and stumbled onto Bob Rayburn's Colt Woodsman Page. Even if you have never held a Woodsman and have no interest in shelling out a grand or more on an antique .22 pistol, this site deserves a visit. Detailed information for the collector, historical data, and the real reason I am posting this, pictures and vignettes on some rare variants. That link takes you to the first picture in the first series.

I'm not a collector, I'm a shooter.  Collecting guns and then deciding they are too pretty, too rare, or too expensive to shoot strikes me as wrong. Too each their own, though, and I'm willing to spend some time on a cold rainy December afternoon looking at some interesting pieces of history.


Saturday, December 3, 2016

Friday, December 2, 2016

The reason for the electoral college

This is a pithy description of the difference between rural and urban areas to their inhabitants:
Moreover, this election shows the value of election by states. The tension nowadays is between big urban areas and rural areas. In the city, when workers lose their jobs due to immigration or trade, they can go down the street and get another job. In a rural area, when the factory shuts down, the town is devastated, and there are no other jobs to be had. The benefits of free trade are such that even Trump can't roll them back -- but as a nation we need to address the disproportionate impact changes have on rural communities. That rural communities can defend their interests is exactly why our Constitution is the way it is -- and why the President isn't chosen with a popular vote.

Something that old school leftists (say, from the 1920s through the 1950s) knew was that economic interests are the key determiner.  Since the 1960s, there has been an increasing emphasis on idealogical issues, to the detriment of economic ones.  This election has seen pocketbook issues return in a big way, and today's leftists are struggling to understand what's gone wrong with the world.  Any leftist from 1925 could tell them.

TL;DR: rural people aren't racist, they're just tired of getting economically screwed by leftists.

The revolt against the elites

Fred on the election:
The election was a referendum on Marie Antoinette’s court. It was the revolt of the unnoticed downtrodden, the financially sinking, the working classes rising against  privileged snots–but it was engineered by the elites. The glittering elect of course did not say “working class,” this being a  loaded phrase redolent of Marxism and of the Democratic Party of five decades back before it became a royal court. They spoke instead of disgruntled white men, racists, homophobes, sexists, and the Islamonauseated–phobic, I meant.
As with Fred, the analysis is both spot on as well as entertaining:
The privileged worked hard for Trump. Every time they described his people as uneducated white males, implicit dregs, they drove votes to Donald. And they so described the working class unceasingly.

It made him President. Good, bad, or indifferent, it is how he got in.

The privileged denigrated all whites unlike themselves. Then Hillary made her “deplorables” speech, confirming her contempt for half of America–those uneducated, shapeless, dull-witted proles in Flyover Land, obese, farting and belching, swilling Bud, watching  NASCAR for god’s sake  in awful trailers. And why not not sneer at them? Why did Hillary need their votes? Did not Rachel Maddow love her?

For Trump it was gold, pure gold. If he had written her speech, he could not have come up with a better line to destroy her. It was the purest product of the establishment’s hubris. She did it to herself. Sweet.
This is one of Fred's best.