Friday, January 31, 2014

Please Try These At Home

Inspired by my friend Paradox Olbers, here's my first annual list of security stuff that I recommend that you do.  I will help you if you need help finding and setting your preferences.

I follow all of these recommendations myself.  In each tool, I enable all of the protections.  I suggest that you do so as well.  That will cause a very few slimy web sites to not work very well.   You might have to list them as exceptions to the rules.  The privacy and security rules should be strict.  Complain to those sites.  Not working correctly with modern security has become completely unacceptable.

Web browsers: use only Firefox or Iron (Google's Chrome minus privacy leaks)
If your web browser is not Free (as in Freedom) Software or at least Open Source, they are hiding something.  If you can't audit it or have it audited, it is not safe.  Period.  You've heard me say this before.  The community-developed Free Software web browsers are actually better than the stuff that came with your computer---which can't be trusted. 
On those more secure platforms install:
  • HTTPS Everywhere to turn normal web connections into secure ones.  This is from the Electronic Freedom Foundation, AKA the good guys.
  • Adblock Plus to completely remove most advertising from your web experience.  Ads can be deceptive, with simulated popups that look like real warning messages from your computer.  Just say goodbye to all of them.  Turn on the feature that blocks Adobe Flash until/unless you click on the movie to start it playing.  Flash shouldn't be allowed to run unattended. 
  • Ghostery is a tool that blocks the invisible trackers, monitors, beacons and other  spyware that popular websites use or tolerate.  Crank it up to 11.  There is no reason to put up with any of this stuff.  Turn on the popup that shows you all the spyware that it found and blocked per page.   You will probably turn this feature off after a while.   I leave on.  It's pretty appalling, all this stuff that is hidden under most web pages.  It invades your privacy by tracking you and it slows the entire web down.  Slowing down the internet is bad.  That's damage.  We have to route around it.
If you have extremely good and pressing reasons that require you to use a commercial operating system, you need to plug the holes they left in.  Get a top-quality antivirus/anti-spyware package (Kaspersky, Norton, AVG) and keep it updated.  I don't consider that sufficient but I do consider it mandatory.

For Windows there's a free (as in price) version of AVG:
AVG Free Edition 64-bit
AVG Free Edition 32-bit

Don't use the same password on more than one web site.  Don't use overly simple passwords.  Follow the guidelines that each site will tell you, they are right to ask for better passwords.

Following these recommendations is not going to create peace in our time, but it will improve your security online.

People who sell or buy web advertising will say my stance is antisocial.  Tough.  Nobody ever said they were entitled to revenue streams.  This isn't censorship.  Content producers will claim that they will go out of business if you don't view the ads.  Tough.  If they reviewed all their ads, and insured your privacy, there would be no problem, but hey want to leave their pages full of messy invisible scripts and other stuff that you don't have control over.  Except that now you do have control.

I need you to know that you have that control.

Thursday, January 30, 2014

Everyone is Equal and the Mail Must Go Through

That is the message that is the internet.

This is my rant, that I know is very much in the vein of Marshal McLluhan's "The Medium is the Message."  Wikipedia's take on this work seems a bit off to me and I won't link to it.  McLuhan was saying that the ultimate message of a medium is the medium itself.  Broadcast radio or television is a few-to-all message.  "The few of us decide what we provide to everyone."

The message that is contained in the very lowest layers, the autonomic system, of the internet is this: "Everyone is equal and the mail must go through." This was "an accident, really" because it was needed during the Cold War.  Parts of the network might get blown up and the surviving parts would have to cooperate and reroute things so that messages could get through.  This is serving us very well today because servers are always crashing and companies go out of business, but the mail goes through.  Massachusetts moment: a lot of this autonomic layer was created near Fresh Pond in Cambridge at BBN.  A bit later at BBN, at my first real job, I troubleshot some of the very first internet routers.

You probably connect to the internet through a cable company or a phone company.  These companies are trying to extort money from popular internet sites because "we provide the customers to you."  They want to slow down your connections to video sites that they don't own, unless they pay the extortion money, etc.  They want to block access to whatever they want to or whatever the government (UK, China, US) dictates.  This is what the "Network Neutrality" legal fight is about.  There is no real question here at all.  "Everyone is equal and the mail must go through."  No tampering.  No reading everybody's mail.  No extortion.  These companies must understand that they are providing a utility like water or electricity or we have to replace them and they will just die.  "The mail must go through."  I tell you: one antenna per housetop, no access companies at all.  The technology is ready. 

I cannot tell you how deeply this is written on my bones.

John Gilmore famously said "The Net interprets censorship as damage and routes around it."  He was preaching to the choir, so I'll interpret.  If all of the mail, everyone's mail, everyone's opinion, is not getting through, well, the internet is broken.  We will wake up and re-route around the problem.

The internet does not consist of machines.  It's made up of people.'s_law The people who feel this most deeply are the people of my age who were exposed to the message before the public implications of that message were even understood.  For us, we'll carry it on our backs if we have to; the mail must go through.  You'll see gals and guys of my age, all the way down to pre-teens, running around with wires and antennas yelling things like "Maybe we can route through Cleveland!" and "What about Canada?"

I think the long term future of the internet is secure, but there are going to be huge ugly legal and political battles.  Nations and major corporations and business models will die.  The message that is the internet is not the message of corporate interests.  It is not compatible with a top-down government.  I think it will get very ugly.

Internet people think about the very long term.  Electricity might become scarce so some are raising pigeons: It works.  Today, avian data transfer speed is increasing at three times the rate of increase in electronic internet speeds.

Monday, January 20, 2014

Cat urine vs. Digital Piano, Round 2

Formerly-Feral-Fergus peed into my digital piano before settling down into his new home.

Round one was adjudicated as being won by the cat pee because the rubber-boot key contacts would not sit straight when the circuit board was slid over them from the end of the action.

You can see pee-induced corrosion and the way that the boots are not all happily slotted-in.  They have to be un-stressed in order to move freely.
This shows the skews caused by trying to slide the tight-fitting circuit-board under the rubber boots.  The boots are molded in long strips.   There are three sections in the bass half of the keyboard.  The contacts are graphite that is somehow applied to the bottom of the dents of the boots.  Strike force is calculated by measuring the time between two switch events.  If you look closely you can see two dents in each boot.

This instrument has a great deal of spill resistance in that the switching is capacitive and not based on making electrical contact.  If it weren't for the fact that the urine crystalized, I think there would have been no problem.   It still worked while it was wet.

I put one of the hammers on top of the keybed so you can see it.  The hammers strike up through the slots from below and pass into the body of the key.  They don't actually strike the keytop, though.

If you look carefully at the hammers, you'll see a round opening with a bushing.  That's completely unused in this instrument.  At first I thought it was a feature for a different action using these same hammers, but after removing most of them manually, I've figured it out.  That bushing takes a rod.  The rod is a tool that allow you to install or remove a bunch, maybe all, of the bushings in one operation.

Wish me luck.  I like this instrument.  It's a GEM (General Music, Italy) PRP-800.  The GEM instruments had something to them that I can only call a traditional Italian craftsmanship.  They didn't have a lot of glitzy features, and they didn't compete on technical specifications.  They just have a musicality and responsiveness that's often lacking in sample-based instruments.

Saturday, January 4, 2014

Word for today: Panopticon. It's where the NSA has put you.

Edward Snowden and the Universal Panopticon

Edward Snowden is a great patriot and American hero of the current era.  I am supremely glad that I'm only at most two (and really only one) link removed from someone who has collected all the Snowden documents and is studying them.  I would spend too much time screaming and throwing things were I to be doing it myself.

The UK is now going after the editors of the Guardian.   I wrote the following in response to Marty Hiller's post that links to a petition about that:

 I'm going to be very grouchy and extremely worried (more so than I am now) unless a lot of senior people go to jail for significant time. It's not as though this was not deliberate policy. "Ignorance of the law is no excuse" and it's not as if people were ignorant. Reimplementing the Internet from scratch isn't going to be easy, but it's a simple technical problem. Simple fully open modern best practices would fix almost everything. But I'm not spending effort there. That solution stands or falls on getting "Grandma Sally" and the teens and tweens to use it. That's the real problem. That and the fact that the telcos will spend billions to fight being put back into their box of providing only packet-forwarding. I wouldn't even let them see routing information. There's no reason that can't be encrypted with the public key of a trusted, auditable DNS/routing service. This is going to be extremely ugly because the telcos will buy law as they usually do. And, no system is idiot-proof and disinformation about how to be secure will weaken almost anything I can think up.

Writing for a different audience, I should strengthen that and explain myself a bit further.  The NSA knows where every single cell phone in the world is, all the time, unless they are switched off.  I wouldn't trust the off switch, if I were you.  So, the NSA knows who your political associates are.  Any information that's available to the government is available for abuse.  Remember J. Edgar Hoover's little hobby of helping out presidents he liked?

I imply in the above that I'd accept simple encryption of packet headers (the internet is a packet network, information travels in packets and the packet routing header is like the address on a letter that you send via the Post Office).   When I say encryption I'm talking about negotiated dynamically switched pluggable ciphers with keys that are secure against being broken for the foreseeable future.  I'm talking about chaffing and winnowing on top of that and using all the obsolete fields in the headers in arcane ways.  (I've done this.)  I'm not sure if foreseeable should include Turing-complete (fully functional) quantum computers.  It would be good if we could stay ahead of those things.  They are still looking almost impossible to build, but some day the NSA will spend enough billions, and the week after that there'll be cheap counterfeit-but-working chips for sale on the street in Shanghai.   Praying that that won't happen isn't going to do much good if it is physically achievable.   Look at the books by David Deutsch for a glimpse of what physicists think is possible.  "The Fabric of Reality" is a good place to start.  Deutsch is a physicist at Oxford.  He's not a New Age guy.

I got an offer a couple of weeks ago to be the CTO of a firm that intends to "make the internet safe."   They've got a pile of academic research that they assume you'll be impressed by.  It doesn't matter for one second what their technology is.  It relies on getting "Aunt Sally", her friends, and all the teens and tweens of the world to drop the real Facebook and Twitter and G+ and SoundCloud, to go with their replacements in something like an opt-in  web-of-trust world.  Okay, so none of their friends is's SAFE isn't it?   Just how safe was your behavior when you were a teen?  Besides, that web-of-trust world will last just as long as it takes someone's idiot uncle to add "that annoying guy at the office" to his trusted circles just to shut the guy up.

If we fix the obvious problem with the NSA tapping everything all time in the only way that will really work, most of the big telephone and networking and cablevision companies are going to die.  If they can't see what you're watching, they don't have any information to sell.  Solutions that involve trusting the government to clean house and remain clean-and-sober, are absurd.  The only thing that can possibly work is an infrastructure that's inherently secure.  We can do that.  I know smart people who are working on the technical side right now.

Having a free, perfect, solution won't work.   Aunt Sally needs to prefer that solution and go cold-turkey on Facebook.

The best infrastructure imaginable will still allow your child to give his address or phone number (maybe via evading pattern-matchers) to a predator in a chat room.   That's why Eli Yudkowsky thinks we have to create trustworthy godlike artificial intelligences).   I'm almost more afraid of that solution than I am of the alternative that he's afraid of.

This next decade is going to be interesting, in the traditional Chinese sense of "interesting."