The Real Problem in the Encryption Wars

The Washington Post has an interesting take on the on-going encryption wars. Daniel Weitzner, a former White House deputy chief technology officer for Internet policy, has an op-ed in which he lays out the usual arguments against backdoors in encryption applications. The interesting part, though, is that he says that even if it were possible to safely add such backdoors, it wouldn’t solve the problem.

The problem, he says, is that the government has lost the trust of its citizens. Through abuse and overreach they have forfeited any reasonable expectation that the government can

  1. be trusted to conduct surveillance in a nonintrusive way, restricting their activities to matters of national security
  2. safely manage the keys to the hypothetical backdoor

Their failure, so far, on both of these items are manifest and obvious to anyone bothering to look. What reason do we have to expect that things would improve if crypto-Tinker Bell suddenly delivered the government’s yearned for backdoor?

As things stand now, not much reason on either of the two items. Weitzner says that to address item 1, the government much embrace transparency and oversight. Even if that were to happen, it still leaves the second problem. Can we trust the government to safeguard the exceptional access they are asking for? The seemingly never ending stream of embarrassing breakins to government systems doesn’t give us much reason for confidence.

The answer remains what it has been. We must resist every government effort to bull their way into our private affairs. If they think a crime has been committed let them get a warrant and demand the user unlock the communication. Anything else is just an open season fishing license.

Posted in General | Tagged | Leave a comment

The TOR Attack

Fusion has a lengthy and informative report on the recent TOR attack. To some extent, the TOR project dropped the ball and failed to understand the seriousness of what they were seeing. The real villains, though, appear to be two Carnegie Mellon researchers.

One of the weaknesses of the TOR system is that it’s possible for someone with malevolent intent to participate in network by providing one or more relay nodes. Usually, these attacks focus on the exit nodes because the data is unencrypted as it leaves the TOR network. This attack used intermediate nodes so even though the suspicious activity was detected by the network monitoring system, it was initially ignored because the TOR team believed that a successful attack must involve the exit nodes.

By the time the TOR team realized the seriousness of the situation, the damage was done. The story became more disturbing when the FBI arrested several dark net operators and boasted that they had broken the TOR protocol with the help of some university researchers. There’s lot of circumstantial evidence pointing to the involvement of Carnegie Mellon’s Software Engineering Institute (SEI) a government funded entity. As the TOR project pointed out, once the government became aware that the SEI had deanonymized IP addresses they were sure to ask for them and the SEI would have been obligated to provide them.

How would the government have known? It turns out that the researchers were scheduled to give a talk at the Black Hat Conference and had submitted their paper. At the last moment the talk was withdrawn citing confidentiality concerns.

After all this became known, CMU, the FBI, and the researchers behaved exactly as you would expect someone caught with their hands in the cookie jar to react. They issued carefully worded denials and then refused to say more citing, again, confidentiality.

There are huge ethical concerns involved and the academic community is up in arms about what happened. TOR has even questioned whether the research had IRB (Institutional Review Board) approval. Regardless, it’s clear that many innocent people got caught up in the attack and perhaps have had their safety put at risk.

TOR is said to be pondering their legal remedies including suing CMU for hacking their network. Whether they would prevail given the courts’ current schizophrenic approach to security issues is open to question but they may be able to use discovery to prise out the truth about CMU’s involvement and their collaboration with the government.

Read the Fusion article to see what the TOR project has done to fix the problem. If you’re a TOR user, now would be a good time to send them a few dollars so they can beef up their resources and prevent another incident like this.

Posted in General | Tagged | Leave a comment

How to Fix a Stuck Emacs

A very handy tip from Wilfred Hughes:

Emacs 24.5, on OS X at least, sometimes hangs for no apparent reason. I’ve used this tip several times to get things unhung.

UPDATE: I forgot to add that on OS X you have to either use the -i option or specify Emacs (note capital letter) as the process name.

Posted in General | Tagged | 15 Comments

SBCL 1.3.1 Released

The latest release of Steel Bank Common Lisp, version 1.3.1, was released on November 27. This month’s release contains 7 enhancements, including SB_THREAD for ARM64, and a bunch of bug fixes. See the NEWS page for details.

As usual, I compiled from source without incident. I ran the regression tests and got invalid exit codes for two obscure tests. As I’ve said before, these usually get cleaned up in a release or two. If you’re on Linux, you probably won’t get these errors.

I can’t say enough for SBCL. It has continuous development by dedicated maintainers, monthly releases, and complete source code. It’s free software and supports many platforms. If you’re looking for a first-rate Common Lisp environment, give it a try.

Posted in General | Tagged , | Leave a comment

The First Rule for Using Org

I’ve seen lots of pointers lately to this message from Carsten Dominik on the use of Org mode and managing its perceived complexity. At the end of the message he says

What people miss when they are new to Org-mode is this:

Don’t try to set up the “final” task managing system from the start. Because you have no idea yet what your system should look like. Don’t set up many TODO states and logging initially, before you actually have a feeling for what you working flow is. Don’t define a context tag “@computer” just because David Allen has one, even though you are sitting at a computer all the time anyway! Start by creating and managing a small TODO list and then develop your own system as the needs arises. I wrote Org-mode to enable this development process.

This is excellent advice; advice I failed to heed when I first started using Org. I had read Bernt Hansen’s excellent Org Mode — Organize Your Life In Plain Text! and was really impressed. Being new and ignorant and unaware of Carsten’s advice, I jumped right in and duplicated much of Bernt’s configuration. The result was that my agenda configuration was perfect for Bernt’s work flow but not for mine. As a result, I made almost no use of the agenda capabilities of Org.

Years later, I realized that I could perform many of the tasks I was doing manually by defining some capture templates and custom agenda reports so I threw out the unused templates and reports and started over adding just the ones my workflow required. The result was a huge increase in my productivity and the ability to find old items easily.

Many of these templates and reports are concerned with managing Irreal and are still evolving. As I find ways of automating tasks or making it easier to track blog post ideas, I add a template or report to my configuration. Likewise, when I find I’m no longer using part of the configuration, I get rid of it. That’s the point: don’t worry about adding a template or report until you need it. Adjust your configuration to your workflow, not the other way around.

Posted in General | Tagged , | 1 Comment

Smartphone Scolds

Here at Irreal, we’ve been grumpy for some time about the seemingly never-ending onslaught of articles and television pieces about the evils of smartphones. There are the academics, desperate for a publication cred., claiming that using cellphones causes young brains to turn into cement and set. There are the social scientists constantly telling us the smartphones are destroying our ability to communicate with each other, destroying families and maybe the human race. And, of course, there are the talking heads needing to fill a 90-second slot until the next advertisement.

It’s apparently become too much for the Macalope too. In his usual hilarious way he takes on the anti-smartphone Luddites by pointing out that—among other things—the whole point of smartphones is communication. Communication with friends, acquaintances, and loved ones. Just because we prefer to text with our absent sister instead of listening to crazy Great-uncle Ed expound again on the Illuminati doesn’t mean that we’re somehow impoverishing our lives.

One of the worst aspects is the hypocrisy. That hypocrisy is perfectly captured in a scene from the television series Blue Bloods. In it, the Police Commissioner is talking to his granddaughter when the granddaughter’s cell phone beeps. “Turn it off,” he says. “But what if it’s important?” she asks. “Choose,” he says. At that moment his cellphone rings and, of course, he has to answer it because he’s the Police Commissioner and it might be important.

That’s how it is with the smartphone scolds. Those psychologists have to keep their cellphones on during Thanksgiving dinner because patients. Those reporters have to keep theirs on too because breaking news. In other words, they’re important and you aren’t so turn off your phone and listen to Great-uncle Ed while they check to see if World War III has broken out.

It’s always been this way, of course. Television, according the day’s experts, most certainly foretold the end of the family. And don’t even get me started about Rock and Roll. Every new thing is seen as a sure sign of the Apocalypse. The proper response is to ignore the doomsayers and text your pal Joey to see if his Thanksgiving dinner is going as badly as yours.

Posted in General | Tagged | Leave a comment

How The Paris Terrorists Really Operated

Yesterday I wrote about Clare Foges’ ludicrously dishonest op-ed in the Telegraph. Meanwhile, the Wall Street Journal has a more sober article that describes how the terrorists really operated. Here’s a nice summary by Mike Rundle

No super-secret encryption transmitted on Play Stations just a bunch of people going about their business using their own names and documents. Most were European citizens traveling legally with their own passports. They rented the vehicles used in the attacks, again legally, using legitimate driver’s licenses.

Most disturbingly, many of the terrorists were already on watch lists but were nevertheless able to operate openly without detection. Yet, somehow, this is all Snowden’s and Apple’s fault. Or maybe it’s just that our governments are lying to us. Again.

Posted in General | Tagged | Leave a comment

The Dumbest Op-Ed of the Year

The UK’s Telegraph has published what is certainly the year’s most ignorant and dishonest op-ed. Clare Foges, until recently PM David Cameron’s chief speechwriter, weighs in on the encryption wars and calls out Apple and Google for putting profit before public safety.

The dishonesty of the article starts with the Telegraph’s failure to mention that fact that Foges is Cameron’s ex-speechwriter. That fact, ipso facto, doesn’t affect the validity of her arguments but honest articles always mention such connections so that readers can evaluate the writer’s preconceptions and vested interests.

The ignorance lays over the entire piece smothering it with a thick coat of fail. The worst bit of ignorance is her insistence that Apple and the others could, if they wanted, provide a safe “back door” but don’t do so because they’re more interested in profit. Left unsaid, is the fact that every knowledgeable cryptographer agrees that it can’t be done. That includes cryptographers who are independent of the commercial sector and can’t be said to have a profit motive.

To me, the most infuriating part of the op-ed is Foges’ failure to see government’s culpability in what she sees as a crisis. Before Snowden—yes, really, it’s all his fault—the government could get a warrant and the bad guys were caught. Even accepting that fairy tale, that’s not what was going on. Instead, government abused terms, used secret courts, and questionable interpretations of laws to snoop on everyone’s communications. They did that because they wouldn’t have been able to get legitimate warrants.

Trust us, Foges says, but the government has repeatedly lied and abused the powers we gave it. Why in the world would we trust it? Now, when people fight back and demand to be left alone in the absence of reasonable evidence of wrong doing, the government whines that we want Isis to win and that Apple, Google, and other tech companies care only about filthy lucre and are willing to sell out the public’s safety to get it.

The op-ed, as I said, is full of errors. Rather than list them here, I’ll point you to this righteous takedown from Techdirt. It’s a thorough fisking of an article that is almost too dumb to merit the effort.

UPDATE: be → we

Posted in General | Tagged | 5 Comments

The Truth About Open Offices

I’ve written many times about the foolishness and destructiveness of open plan offices. Here is a pithy summary of the truth about such plans. If you want to know why they are so beloved of management, take a look at the last two facts.

If you want to know how harmful they are, look at all the other facts. As usual, the oft stated rationale of “increased communication” isn’t supported by the facts. Sadly, there is probably little you can do to stop such plans once the bean counters see how much cheaper they are but perhaps the 100% loss in productivity will give them pause. Perhaps.

Posted in General | Tagged | Leave a comment

Emacs for the CEO

Back when Josh Stella was coding, he lived in Emacs. Like many of us, he performed most of his everyday tasks—mail, calendar, documents, coding—from within Emacs. Decades later, he’d become the CEO/co-founder of Luminal and had left Emacs behind.

Like many developers—even former developers—he hates context switching, and that’s what he found himself doing as he moved from application to application as he went about his day to day duties as a CEO. Each application had it’s own UI and its own set of shortcut keys. Recently, he decided to revisit Emacs and to try to do as many of his daily tasks as possible from within Emacs.

Stella describes his new set up and writes about why other CEOs might want to try Emacs too. It’s not for everyone, he admits, but if you’re the right sort of person, Emacs can revolutionize your work flow and make you more efficient and happier. None of that will come as a surprise to us Emacsers, of course, but I wonder how many CEOs without a technical background will be willing to climb up the learning curve to get those benefits.

To make that climb a bit easier, Stella spends some time describing how to install Emacs and goes over some of the basic navigation. If you’re looking for reasons why a non-technical person might want to try Emacs, Stella’s post is an excellent place to start.

Posted in General | Tagged | 4 Comments