Not Just Illegal, Criminal

Back in August, I wrote a post about Jennifer Granick’s outstanding article, My Dinner With NSA Director Keith Alexander, that appeared in Forbes. Now Granick is back with another great article that discusses the recent Privacy and Civil Liberties Oversight Board report on the NSA’s widespread surveillance. That report, as you’ve probably heard, concluded that the mass accumulation of telephone metadata was illegal.

Granick makes two excellent points. First, there is no need to make esoteric Fourth Amendment arguments. The surveillance is illegal on its face because, despite what the government keeps saying, it is not authorized by any statute and is, in fact specifically prohibited without such authorization. Once you hear that argument made, it’s perfectly obvious but I’ve never before heard anyone make it.

That insight surely hasn’t escaped those judges ruling in the government’s favor. That can only be described as an intentional ignoring of the law in the service of what they must think of as a greater good. The thing is, in the American democracy there aren’t many greater goods than the rule of law and equal justice.

When you read Granick’s article there won’t be any doubt in your mind that the NSA’s actions are illegal. Her second point, though, is the explosive one. If the phone companies are collecting and turning over to the NSA any information that they wouldn’t collect for their normal billing and if they weren’t provided a warrant showing the data is relevant to an investigation (which of course they haven’t been) then that action is criminal.

It’s too much to hope that anyone is going to go to jail for this behavior—look at James Clapper, after all—but it would be nice if those responsible felt there was more at sake than just a wrist slap from the courts telling them not to do it anymore. Perhaps if their own freedoms were at stake, they’d be a little more considerate of ours.

At any rate, if, like me, you’re concerned about what the NSA is doing you really must read Granick’s article. As I wrote before, she’s one of the few mainstream journalists who appears to understand the issues.

Posted in General | Tagged | Leave a comment

Passwords in 2013

PC World in reporting on the 25 worst passwords of 2013. As it does every year, Splashdata, a security firm, has compiled a list of the most common passwords culled from stolen password lists. Everything is depressingly normal. All our favorites are still there. The major difference this year is that 123456 has replaced password as the most common password. The two just switched places so they’re still the top two.

The people using these passwords are undoubtedly the same people who don’t get what all the fuss over the NSA is about. The universe will, of course, punish their stupidity in due time. The problem is that many of us conscientiously doing the right thing will be collateral damage.

In case you’re wondering, the only responsible password policy for 2014 is to use a password manager that generates long random strings for passwords and to protect your password database with a master password made up of multiple random words à la Diceware. Anything else is certain to fall to the crackers no matter how clever you try to be.

And for goodness sake, if you’re a developer implementing password functionality, get rid of the stupid restrictions on password length and legal characters. There really is no excuse for those restrictions. None.

Posted in General | Tagged | Leave a comment

The Government Gets Crazy Over Snowden

The latest meme being floated by the apologists for the NSA is that Edward Snowden must have been a spy who received aid from the Russians. Mike Rogers, chairman of the House Intelligence Committee, was busy pushing that theory on the news shows lately even though, admittedly, he didn’t have any evidence other than a gut feeling that it must be true. His senatorial counterpoint Dianne Feinstein opined that it was certainly possible and should be investigated. Put aside for the moment that there’s absolutely no evidence for this, the whole thing doesn’t even make sense.

Snowden, who is apparently back to being a screw up who could barely walk and chew gum—after being an evil genius after being a screw up—is said to be incapable of arranging his flight to Hong Kong and then Russia. Because, you know, when you have trouble chewing gum, you certainly wouldn’t be able to book reservations even with all those on-line sites. And if he was a Russian agent, why not quietly go to Russia, give them the documents and disappear? The whole theory is ridiculous and doesn’t stand even a second’s scrutiny.

What does Snowden have to say about all this? He terms the charges absurd. So now we have a they said, he said. Who to believe? It’s not that hard to decide. On the one hand, everything Edward Snowden has claimed has turned out to be true. On the other hand, almost everything the government has had to say on the matter, including the denials of Snowden’s claims, has turned out to be false.

So we have Snowden who has been proven correct in his claims against the government which has repeatedly lied, often replacing one lie with another when the first was shown to be false only to have the second lie exposed as well. It’s not hard to know who to believe.

Posted in General | Tagged | Leave a comment

The Insanity of Open Space Offices

Bodil Stokke tweets an excellent point on open space offices

I’ve written about this before and even then I thought the point was so obvious that it didn’t really need saying. Apparently, in this as in so many things, I was wrong.

Bodil’s tweet points to Paul Biggar’s post Silence is for the weak. In it he recounts how widespread this nonsense is. As Biggar points out, there’s plenty of relevant research on the matter and it’s not late breaking news that hasn’t had a chance to filter down to working managers yet. Twenty seven years ago DeMarco and Lister were already talking about these issues in their excellent Peopleware1

Listen again to Bodil: “Nothing is more hostile to developer productivity than the modern open plan office.” If you’re a manager and you’re running an open plan office, now would be a good time to rethink that decision. And for goodness sake, knock off the “team building/improve communication” nonsense. It’s malarkey and you know it.

Footnotes:

1

A book well worth reading even if you aren’t in management.

Posted in General | Tagged | Leave a comment

A Blank Canvas in Emacs

Some people, especially creative writers, like to write on a blank canvas without any distractions from their editor. Bastien Guerry, who we’ve discussed before and who’s sat on both sides of a Sacha Chua interview, has a nice post on how to set up a blank canvas with Emacs.

Bit by bit, he strips away all the extraneous information that Emacs puts on your screen so that you’re left with nothing but a blank screen on which to write. All the usual Emacs functionality is still there, of course, you’re just not being distracted by mode lines, titles, scroll bars, and all the rest.

Even if, like me, you don’t find the blank canvas idea compelling, Guerry’s post shows you how to adjust various elements of the Emacs display and you may find that you would like to implement one or more of them. The post is another reminder, if you need it, that Emacs is infinitely customizable and that you can have it your way.

Posted in General | Tagged | Leave a comment

Java and Security

With respect to Java, I’m pretty much in the same boat as Paul Graham: I’ve never used it but it does seem to have an unpleasant odor. One thing for sure, it’s a major exploit vector and, as a result, I have it disabled on my machines.

On the other hand, lots of people are writing tons of Java code that does useful things so it’s obviously a useful platform. One of the nice things about Java is its “write once” technology. An application, once written will run on an any platform. At least that’s the theory. Even if the actuality falls a bit short of that ideal, it’s still nice to be able to write applications that will—more or less—run on any supported platform.

Now, though, there’s news that should give everyone pause. eWeek is reporting that Java is the primary cause of 91% of cyber attacks. Think about that: nine in ten attacks target Java1. Of course, one could argue that if Java went away some other platform would take it’s place. Perhaps, but that doesn’t let Java off the hook.

There’s an awful lot of software written in Java and as I said above, it’s a useful platform. But there’s no excuse for the execrable state of the Java VM. The situation was bad when Sun was in charge and it doesn’t seem to have improved under Oracle’s aegis. Either Java gets those holes plugged or the platform will die.

Footnotes:

1

These are probably attacks against browser apps written in Java but it’s still shocking. I don’t know why anyone would have Java enabled in their browser.

Posted in General | Tagged | Leave a comment

An Empty Do

Back when I was first learning Lisp by reading Paul Graham’s Ansi Common Lisp, Graham mentioned that sometimes you can do useful work with a DO loop having an empty body. I thought that was pretty neat but I’ve never come across a case where it was the natural solution. That is until now. As part of a small project I’m working on, I needed to evaluate a polynomial. The efficient way to do that is to use Horner’s rule.

If you’re a mathematician, you can think of Horner’s rule as being a consequence of synthetic division or, if you’re a programmer, as an application of strength reduction. Taking the programmer’s point of view, we have

a0 + a1x + … + an-1xn-1 + anxn = a0 + x(a1 + x(a2 + … + x(an-1 + anx)….)

Here’s Horner’s rule in Common Lisp:

(defun horner (a x)
  "Evaluate the polynomial with coefficients in the array a at x."
  (if (= (length a) 1)
      (aref a 0)
      (do* ((k (1- (length a)) (1- k))
            (val (* (aref a k) x) (* (+ val (aref a k)) x)))
           ((<= k 1) (+ val (aref a 0))))))

Notice that the body of the DO is empty. That’s a pretty nice example; the implementation is natural and just what you’d write even if you’d never heard of the technique.

After I wrote that, I thought that you could do the same thing with a for loop in C. It turns out, though, that the semantics are just different enough that it doesn’t work—or at least I couldn’t make it work. The best I could do is

double horner ( double x, double *a, int deg )
{
    double val;
    int k;

    val = a[ deg ] * x;
    for ( k = deg - 1; k > 0; k-- )
        val = ( val + a[ k ] ) * x;
    return val + a[ 0 ];
}

You can see that they do the same thing in the same way but Lisp is wonderfully concise. Or, I suppose, horribly obscure depending on your point of view.

Update: Fixed formatting in polynomial strength reduction.

Posted in Programming | Tagged , | 1 Comment

How to Stay Safe on the Internet

Stephen Haunts has a nice post on remaining private on the Internet. It’s reminiscent of the Prism Break web page that I’ve written about previously. He talks about some of the utilities that you can use out of the box to help maintain your privacy.

Haunts discusses Tor, GnuPG, Tails, TrueCrypt, Silent Circle and other utilities that should be in your toolkit. Take a look at his post and, of course, the Prism-Break page. If we all started using these utilities, privacy in the Internet would increase and we’d all be better off. Except, of course, the NSA.

Posted in General | Tagged | Leave a comment

How is this Legal?

I’m in favor of stopping botnets and all but remotely deleting old copies of Tor from users’ machines? I don’t see how Microsoft avoids law suits and criminal complaints. They doubtless have some obscure terms-of-service item covering this but if I were a Microsoft user, I’d be an ex-Microsoft user as soon as I discovered they’d been mucking about with my machine.

Posted in General | Tagged | Leave a comment

Electric Indents

Bozhidar Batsov over at Emacs Redux has another post up in his series on features of the upcoming Emacs 24.4. This time, he writes about Emacs Auto-indentation. The feature was added in Emacs 24.1 but in version 24.4 it’s enabled by default and there are, apparently, some additional improvements.

As Batsov remarks, sometimes electric-indent-mode doesn’t play nicely with some other (usually third party) packages. Happily, Emacs 24.4 now has electric-indent-local-mode, which allows you to turn off electric-indent-mode for individual buffers. Thus, all one need do is

(add-hook 'some-package (lambda () (electric-indent-local-mode -1)))

for each some-package that has problems with electric-indent-mode. It’s a nice feature to be able to disable a global mode for individual buffers.

I’m really enjoying Batsov’s posts on the new features and look forward reading more.

Update: Dmitry Gutov has a great follow on post that explores electric-indent-mode in Emacs 24.4 a bit further.

Posted in General | Tagged | Leave a comment