Lenovo Yet Again

From Irreal’s You Can’t Make This Stuff Up department we have news of Lenovo once again secreting malware on their computers. This time it’s on the top-of-the-line Thinkpad model widely assumed to be immune from this nonsense.

I know lots of people who swear by their Thinkpads and insist none of this matters because they run Linux on them anyway. Cory Doctorow, in the BoingBoing piece linked above, says he goes even further and replaces the hard drive with an SSD drive.

Those attitudes miss a couple of points, I think. First, why would you want to deal with a company with a proven track record of abusing their customers and putting those customers’ security at risk? If nothing else, getting caught 3 times in a year is evidence of incompetence and a refusal to deal with those responsible for it. Second, and more important, they’re coming for you next. Up till now Lenovo has concentrated on targeting Windows systems but it’s only a matter of time before some bright bulb realizes that the stuff really worth stealing is going to be on a Linux system.

When that happens, all your “but I’m running Linux” is out the window. Lenovo controls the hardware and can arrange for whatever backdoors it likes. As I wrote the last time Lenovo did this, they can, and did, put malware in the firmware where it’s hard to detect and hard to eliminate. Unless you’re prepared to take a microscope to the chips on your system, you’d be well advised to look elsewhere for your hardware.

I appreciate that if you’re not an Apple user, Lenovo has the best hardware available and that the alternatives may not be as good, but maybe you should give Dell, HP, or one of the others a second look.

Posted in General | Tagged | 2 Comments

Cory Doctorow on Ad Blocking

Over at The Guardian, Cory Doctorow has an excellent article on ad blocking and the future of Internet advertising. He makes a point that I haven’t seen before: it’s only a matter of time until one of the big data brokers suffers a breach and leaks compromising information on millions of people on a scale that will dwarf the Dolly Madison and even the OPM leaks. Most people aren’t worried about that because they’re not aware of the detailed dossiers about them that data brokers collect. They may not have your fingerprints the way the OPM does but they’ve got just about everything else.

Given that fact and the related performance and bandwidth problems that adtech is delivering to our machines everyday, it’s no wonder that more and more people are taking actions to stop it. Some are so disgusted they just install an ad blocker and stop everything. Others, like me, try to be a bit more discriminating and just block the trackers. Either way, it’s bad news for advertisers and publishers.

What to do? Doctorow says the answer is simple but hard. We have to find a way for advertisers and publishers to deal directly with each other without the intermediary ad brokers. For reasons that Doctorow explains in the piece, that’s harder than it sounds.

It’s a good article with lots of background on the problem and some suggestions for moving forward. It’s well worth reading.

Posted in General | Tagged | Leave a comment

Seven Years of Reproducible Research

Christophe Pouzat has posted the slides from his talk Seven Years of Reproducible Research: From R / Sweave to Org. As the title suggests, the talk covers Pouzat’s evolution from using R and Sweave for reproducible research to using Org mode and Babel.

It’s clear that Org/Babel is the better solution for most researchers. Instead of being restricted to just R and LaTeX, Org/Babel lets you use a simple markup language that can be exported to many different formats. Instead of being restricted to R, you can use whatever language is most appropriate and even mix several languages in a single Org file.

If you’re a researcher interested in reproducible research—and if you’re not, you should be—Org/Babel offers an easy way to get started and practice reproducible research on a continuing basis. Of course, you will have to learn Emacs but, the wailing from hipsters notwithstanding, a basic fluency with Emacs requires an investment of an hour or so. Once you start using it, you’ll find yourself learning more and more of its features. The time savings you’ll earn from Org/Babel for writing up your research—even if you don’t use reproducible research—will more than repay the modest investment in effort required to get started.

Spend three or four minutes reading Pouzat’s slides and see if you don’t agree. It really will make your life better.

Posted in General | Tagged , | 1 Comment

What We Really Mean

Like all great humor, it’s funny because it’s so true:

Posted in General | Tagged | Leave a comment

Still Not Paranoid?

Perhaps this will help. Remember yesterday when I wrote about the MI5’s Andrew Parker assuring us that “MI5 is not about “browsing the lives” of the public? Here’s what they do when they think no one’s watching: The Intercept reports that the KARMA POLICE program aimed to record the website browsing habits of “every visible user on the Internet.” KARMA POLICE was designed to provide the government with “either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet.” In other words, browsing the lives of the public was exactly what they were up to1.

KARMA POLICE started in 2007-2008 so this is a long standing program having nothing to do with ISIS or current terrorist problems. Their explicitly stated intent was to create the world’s biggest surveillance engine. Read The Intercept’s report about the extent of that surveillance and see if it doesn’t make you want to grab a pitchfork and follow the torches.

There is a dark cloud on their horizon, though: encryption.

“The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011.

“Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”

Remember this the next time your government starts talking about children and kidnap victims as the reason they need to compromise encryption. Here from their own mouths is the real reason.

Footnotes:

1

Strictly speaking, KARMA POLICE is a GCHQ program and GCHQ is a sister organization to MI5. Raise your hand if you think that makes Parker’s statement any less dishonest.

Posted in General | Tagged | Leave a comment

Turing Complete Documents

I thought this was pretty funny until I realized it applies to my beloved Org mode too.

Posted in General | Tagged , , | 2 Comments

Browsing Users’ Lives

Andrew Parker, head of MI5 and Britain’s representative of the international cabal of nosey Parkers1 who wish to scrutinize every bit of our on-line activities—for our own good, of course—is complaining to the BBC about how hard it is to monitor everyone’s comings and goings on the Internet. Although he doesn’t use the words “going dark,” it’s the same nonsense that the FBI is pushing here in the United States.

Normally, this wouldn’t be worth remarking on but Mr. Parker assures the BBC that “MI5 [is] not about “browsing the lives” of the public.” He also says that technology companies have an ethical duty to cooperate with the government on encryption. The idea that governments are not “browsing the lives of the public” is ridiculous on its face. They are, in fact, doing just that as Edward Snowden’s revelations demonstrate.

All this, as I mentioned the other day, reminds me of the recent contretemps over ad blocking. Mr Parker and his colleagues here in the U.S. are asking us to trust them. But why should we? They’ve demonstrated over and over again that they will abuse any powers we give them, using tortured interpretations of existing legislation to justify wholesale surveillance of citizens’ Internet and phone activities. Now, like the advertisers, they are whining that people are fighting back with strong encryption and other measures to safeguard their privacy.

And like the advertisers, Mr. Parker and his colleagues are arguing that it’s unethical to resist their surveillance and that tech companies should help them make that resistance impossible. But, really, this wouldn’t be happening if they hadn’t abused their authority to begin with. Their current difficulties with encryption are not on the technology companies; they’re on them.

Footnotes:

1

Oh the irony!

Posted in General | Tagged | Leave a comment

You Can’t Make This Stuff Up

Posted in General | Tagged | Leave a comment

The Scope of the Interactive Declaration

One of the very useful things I learned from Xah Lee’s Emacs tutorials is that almost any code can be attached to the Emacs Interactive declaration. The only rule is that the code must return a list of values for the parameters of the function that includes the Interactive declaration.

Marcin Borkowski, mbork, demonstrates this idea with a solution to this problem:

How can we implement an Interactive declaration for a function of two
parameters where the prompt for the second parameter includes the
value of the first parameter?

Take a look at Borkowski’s post to get an idea of the power of this idea. Most of us just use the standard interpretive format-like string input to Interactive but there’s a lot more power available to those who know how to use it.

Posted in General | Tagged | 1 Comment

How to be a Real Language

Posted in General | Tagged , | 3 Comments