Browsed by
Month: July 2015

Public Key

Public Key

The problem with technology strong enough for crypto-geeks is, only crypto-geeks will want to use it.  I complained about this before, here.  In response I got introduced to… which is not the answer to this problem for your mom. Just look at it.

I guess I should be signing stuff, but I've never been sure what to sign. Maybe if I post my private key, I can crowdsource my decisions about what to sign.
xkcd for 2015-07-20

mouseover text: I guess I should be signing stuff, but I’ve never been sure what to sign. Maybe if I post my private key, I can crowdsource my decisions about what to sign.



Is It Possible to Get Off Facebook?

Is It Possible to Get Off Facebook?

I am about to try again to get off Facebook.

I have checked out most of the major social media sites — sorry, but I cannot even imagine liking Pinterest — and I have found all but Google+ lacking in major ways.

At the time I wrote this post, I had been deactivated for some months on Facebook.  Shortly thereafter, I got involved in the Ride For Pride, and also as a volunteer for the Recovering From Religion hotline.  Ride For Pride was clearly going to be difficult without a Facebook presence… but not impossible.  But  Recovering From Religion told me flat out, I needed to be on Facebook.  So, reluctantly, I reactivated my Facebook account.

Knowing that study after study shows that Facebook is no positive force in almost anyone’s life, I did what I could to minimize its effects.  I whitewalled.  I locked down my privacy and sharing settings to the bare minimum.  To keep Facebook’s evil javascript and tracking cookies out of my business, I configured my system with a separate browser install into which I isolated my Facebook presence.  All my Facebook activity in this browser.  Everything else — but NO Facebook — in that browser.

I forbade my “regular”, non-Facebook browser from storing any Facebook cookies or executing any Facebook scripts.  I had to do this because of the dozens of times a week I seem to get tricked.  It’s like being Rickrolled but you get taken to Facebook pages when you don’t expect to be.  I’d rather get Rickrolled, thanks anyway.  I find it truly obnoxious how many small businesses think they don’t need a web page, but a Facebook page will do.

photo by Jack Anthony
There’s a house under that kudzu

So here I go again, trying to extricate myself from this kudzu patch of the Internet.  As soon as I can get some kind of workaround into place for Recovering From Religion, I will be out of there.  Again.

Maybe I will make it a year, this time.

Back Doors are for Bad Guys

Back Doors are for Bad Guys

The UK Prime Minister, David Cameron, says he’s going to ban strong encryption within his country. Somehow this is going to make everyone safe from terrorists. I have some questions:

  • Are terrorists the ones who will abide by such a law, first and foremost?
  • Is it your intention to shut down all  e-Commerce in the UK?
  • How will it improve the welfare of British citizens to have the UK cut off from the rest of the Internet?

When that notoriously left-wing publication, Forbes, caught up with Internet security expert Bruce Schneier for his reaction, he was uncharacteristically hyperbolic: “My immediate reaction was disbelief, followed by confusion and despair.”  It makes no sense even to try this, according to Schneier.

Technically, there is no such thing as a “backdoor to law enforcement.” Backdoor access is a technical requirement, and limiting access to law enforcement is a policy requirement. As an engineer, I cannot design a system that works differently in the presence of a particular badge or a signed piece of paper. I have two options. I can design a secure system that has no backdoor access, meaning neither criminals nor foreign intelligence agencies nor domestic police can get at the data. Or I can design a system that has backdoor access, meaning they all can.

So try, and join the rogues’ gallery of China, Iran, Syria, Pakistan, Russia, Kazakhstan, and Belarus, who have all tried to censor the Internet and have all failed.

Cameron and Xi Jinping, censorship BFFs

It is worth remembering that the internet was designed beginning in the 1960s as a project of the Advanced Research Projects Administration, a DoD agency.  The original idea was to have a digital communications network with enough redundancy and resiliency that nuclear strikes would not disable it, merely slow it down.

The millions of routers that run the Internet are designed to have a primary way to get the next unit of data where it needs to go, and one or more backup ways if the primary fails (yes that’s a vast oversimplification).  More to the point, there is no truly central controller.  Every node in the network shares routing information and rules on how to apply it with every other node.  To kill “the Internet” you would have to kill so many nodes, you might as well be planning to end civilization.

Network architect John Gilmore pointed out an interesting consequence of this design.  He said, “The Net interprets censorship as damage and routes around it.”

Cameron’s try at the Great Firewall has the stated goal of making us safer from terrorists.  This objective is so far beyond the reach of his proposal as to be simply ludicrous.   The real result would either be as porous as China’s and the rest, or would take his country to the information-economy status of North Korea.  In any case, Cameron, or someone advising him, must know this.

So which one is the one that he wants?