Categories
links

Five Senators Join the Fight to Learn Just How Bad Ring Really Is: “…if police want to request footage from a person’s front door in reference to a car break-in on that street, there is no need for police to verify that footage would be helpful to solving that incident, or whether the footage would even be used for that particular incident and not for other purposes. If a person agrees to share their footage with police, police then have that footage forever and can share it with whoever they want without oversight or restrictions. This means footage from your door, requested by local police to catch an alleged thief in the neighborhood, could end up being used by another law enforcement agency for a completely attenuated purpose, such as identifying someone for deportation—without your knowledge or direct consent.”

Categories
Uncategorized

Linkdump for April 12th through April 15th

Sometime between April 12th and April 15th, I thought this stuff was interesting. You might think so too!

Eclecticism is Now Secure (HTTPS)

Thanks to Dreamhost’s Let’s Encrypt initiative, plus a little nudging while setting up the iOS version of Ulysses, the (simple but very powerful) editor I’m using for writing posts here, my site is now HTTPS enabled.

For those who don’t know the terminology, all that means is that all traffic between my blog and your web browser is encrypted, and cannot be read by anyone who might intercept the data stream in transmission. You don’t have to do anything, it just happens automagically in the background.

While there’s nothing here that really requires the transmission to be encrypted — I don’t sell anything or have any reason to ask for sensitive information, which is the primary use case (and why HTTPS is used by financial institutions, shopping site, and so on) — I’m increasingly of the opinion that it’s just good practice to encrypt whenever possible.

Think of it like sending a physical letter to a friend via traditional snail mail; there might not be anything in the letter that needs to be kept private, but I’d still be pretty disturbed if I got a letter from someone and saw that the envelope had been opened so that someone else could read the contents.

Of course, with electronic communication, there’s no ripped envelope to let you know that someone’s taken a peek at what you’re saying or reading. Unsecure websites (or emails) are more like sending postcards: while for most people it’s pretty unlikely that anyone between the sender and receiver would be reading the postcard, it’s entirely possible that it could happen. Adding encryption means that not only is there an “envelope”, but it’s an envelope that can’t be opened by anyone but the receiver.

Good security isn’t paranoia. Just a good idea.

(Incidentally, I’m also set up with PGP encryption for my email, and would use it more often if I knew my contacts were similarly set up. Just contact me for my PGP public key if you’d like to securely email me (I’ll get it posted here eventually, I’m just finding bits and pieces of my site that need to be recreated after letting it lie fallow for so long, and that’s one).)

Close the Washington Monument

Bruce Schneier nails this.

From Schneier on Security: Close the Washington Monument:

Securing the Washington Monument from terrorism has turned out to be a surprisingly difficult job. The concrete fence around the building protects it from attacking vehicles, but there’s no visually appealing way to house the airport-level security mechanisms the National Park Service has decided are a must for visitors. It is considering several options, but I think we should close the monument entirely. Let it stand, empty and inaccessible, as a monument to our fears.

An empty Washington Monument would serve as a constant reminder to those on Capitol Hill that they are afraid of the terrorists and what they could do. They’re afraid that by speaking honestly about the impossibility of attaining absolute security or the inevitability of terrorism — or that some American ideals are worth maintaining even in the face of adversity — they will be branded as “soft on terror.” And they’re afraid that Americans would vote them out of office if another attack occurred. Perhaps they’re right, but what has happened to leaders who aren’t afraid? What has happened to “the only thing we have to fear is fear itself”?

An empty Washington Monument would symbolize our lawmakers’ inability to take that kind of stand — and their inability to truly lead.

[…]

Terrorism isn’t a crime against people or property. It’s a crime against our minds, using the death of innocents and destruction of property to make us fearful. Terrorists use the media to magnify their actions and further spread fear. And when we react out of fear, when we change our policy to make our country less open, the terrorists succeed — even if their attacks fail. But when we refuse to be terrorized, when we’re indomitable in the face of terror, the terrorists fail — even if their attacks succeed.

We can reopen the monument when every foiled or failed terrorist plot causes us to praise our security, instead of redoubling it. When the occasional terrorist attack succeeds, as it inevitably will, we accept it, as we accept the murder rate and automobile-related death rate; and redouble our efforts to remain a free and open society.

I’ve excerpted a fair chunk here (perhaps slightly more than is strictly appropriate), but there’s a good bit more at the source. You really should read the full thing.

Not Really a Surprise

Sad, but very true.

From elusis: (stix cartoon by eyeteeth of Small Pecul:

The thing is that nothing about this is new. Private citizens being arbitrarily singled out for intrusive searches and rough treatment by authority figures because of their appearance, their “attitude,” or just a momentary need for an endorphin rush by a small-minded bureaucrat? Welcome to the lives of people of color, the phenomenon of Driving While Black, the lives of women, of transpeople, of disabled people (oh hai, Canada!).

It is no accident that women have been complaining about being pulled out of line because of their big breasts, having their bodies commented on by TSA officials, and getting inappropriate touching when selected for pat-downs for nearly 10 years now, but just this week it went viral. It is no accident that CAIR identified Islamic head scarves (hijab) as an automatic trigger for extra screenings in January, but just this week it went viral. What was different?

Suddenly an able-bodied white man is the one who was complaining.

(via Bruce Schneier’s excellent roundup of recent TSA stories)

Fly Commando!

TSA Checkpoint A couple days ago, disgusted (as everyone should be) with the TSA’s current policy of sexual abuse at the screening stations (your choice: nude photos or sexual assault), I tweeted this:

After this http://djwudi.com/4fk and similar, I’m almost disappointed I’m not flying soon. I’d wear my kilt. Commando. Grope away, sucker!

It seems I’m not the only one who’s had this idea….

From TSA Opt-Out Day, Now with a Superfantastic New Twist! – Jeffrey Goldberg – National – The Atlantic:

It’s a one-word idea: Kilts. Think about it — if you’re a male, and you want to bollix-up the nonsensical airport security-industrial complex, one way to do so would be to wear a kilt. If nothing else, this will cause TSA employees to throw up their hands in disgust. If you want to go the extra extra mile, I suggest commando-style kilt-wearing. While it is probably illegal to fly without pants, I can’t imagine that it’s illegal to fly without underpants.  I If you are Scottish, or part Scottish, or know someone who is Scottish, or eat Scottish salmon, or enjoy Scotch, or have a vestigial affection for “Braveheart” despite Mel Gibson, you can plausibly claim some sort of multicultural diversity privilege — the term “True Scotsman” refers to soldiers who honor their tradition and heritage by wearing kilts without drawers underneath.

For the record, I always fly wearing a Utilikilt, and as with any time I wear a kilt, unless there’s some situation that demands otherwise, I generally do go commando. Hey, it’s comfortable, and under normal circumstances, there’s little to no likelihood that anyone’s going to be seeing anything they don’t want to. It’s never been a problem — quite the opposite, in fact, I usually just breeze through the metal detectors.

This past summer, though, as I was flying up to Anchorage from Seattle, I was pulled aside after going through the metal detector for a patdown. I was surprised, especially when the TSA screener told be that I was pulled aside specifically because I wore the kilt. My best guess is that because they can’t eyeball the shape of your upper legs as easily as when wearing pants, it’s marginally more likely that I could have something dangerous but non-metallic strapped to my upper/inner thigh. If that was the reasoning (they didn’t say), it does make me wonder if they regularly pull women wearing skirts aside for the extra pat-down, or if they reserve that treatment for men in skirts. Obviously, weirdos like us are far more likely to be dangerous.

The pat-down itself was about what I’d expect of a normal pat-down — thorough enough, with a quick run of the hands up my legs and under the kilt, but not so thorough that the screener knew whether or not I was commando. No fondling was involved, though there was a cursory brush-down of the front of the kilt that jostled things around a bit. A bit surprising, but at the time, I just shrugged it off.

No more of that, though. While I’m not flying anytime soon, if all of this ridiculousness is still going on when I do have to fly somewhere, I’m definitely opting out, and they just better do their jobs. If they’re determined to sexually assault me, then I’m at least going to get my money’s worth!

(via @jackwilliambell‘s retweet of @furf; image via BoingBoing via Oleg Volk)

Categories
tech

No more virus alerts

I got this e-mailed to me at work today:

Warning regarding new virus:
DO NOT OPEN “NEW PICTURES OF FAMILY”

Hi – This looks like a bad one that’s coming.
Forward this to others.
Please read and forward to everyone you know……

DO NOT OPEN “NEW PICTURES OF FAMILY” It is a virus that will erase your whole “C” drive. It will come to you in the form of an E-Mail from a familiar person. I repeat a friend sent it to me, but called & warned me before I opened it. He was not so lucky and now he can’t even start his computer!

Forward this to everyone in your address book. I would rather receive this 25 times than not at all.

Also: Intel announced that a new and very destructive virus was discovered recently. If you receive an email called “FAMILY PICTURES,” do not open it. Delete it right away! This virus removes all dynamic link libraries (.dll files) from your computer. Your computer will not be able to boot up.

Okay, let’s take a look at this, shall we?

Please read and forward to everyone you know…I would rather receive this 25 times than not at all.

Please do not blindly forward every ‘alert’, ‘warning’, or whatever else to “everyone you know.” I don’t know about you, but I would much rather not receive anything twenty-five times. There’s quite a few good reasons not to do this, most of which really shouldn’t need to be spelled out, but people persist in doing these things anyway. If everyone actually did pass something on to everyone they knew, then each of those people did the same, everyone would instantly be getting multiple copies of every alert out there in their e-mail box. Oh, wait…we already do get multiple copies of this junk, don’t we? Hmmm….

Check to see if the information is accurate. No, I don’t mean open a suspected virus to see if it crashes your system. This ‘alert’ describes a virus that comes as an e-mail with a certain subject line, and when opened, erases your entire C:/ drive. A second virus (with a very similar distribution method and subject line) is also detailed, only this one erases all .dll files on your hard drive.

The easiest way to check the validity of the claims is to go to Symantec‘s website. Symantec is the maker of the most popular anti-virus programs for both Windows and Macintosh computers, so it stands to reason that they would have a pretty good handle on any new virii (incidentally, as one of the more popular anti-virus programs is Norton’s Antivirus, the web address www.norton.com also points to Symantec’s site). Their site does currently show a high security alert for a new virus — W32.Nimda.A@mm — however, the listed symptoms and affects do not match either of the virii described in this e-mail. The closest listed virus to either of those in the e-mail is Trojan.ZeroBoot, which writes zeros over the boot sector of a drive — this will prevent a computer from booting, and to a novice computer user, could look like the entire C:/ drive has been wiped.

Intel announced that a new and very destructive virus was discovered recently.

Think about what the e-mail is telling you. Why would Intel — a chip-maker, most known for the 80×86 line of processors (from the 286 up to and including the P4) — be releasing information about a virus? A quick check of Intel’s press releases shows nothing detailing anything about a virus. In general, virus alerts are released by either very few people (like Symantec) that you can trust, or by every bleedin’ moron with a keyboard at his fingertips (like anybody with ‘l33t’, ‘haX0r’, ‘d00d’, ’69’, or ‘420’ in their e-mail address), which you should take with a grain of salt.

Buy and use one of the many Anti-Virus/Firewall/Security products from Symantec, or any other reputable software company. This will save a lot of problems and headaches in the long run — you won’t get hit with virii, and I won’t have to wade through mass e-mails about the virii that are loose.

If you think you’ve been hit with a virus: Contact Symantec and/or any decently savvy computer geek (i.e., someone who knows how to do more than click away at the World Wide Web) to see if there is information or a patch for your particular virus. Then go out, buy, and install one of the Anti-Virus/Firewall/Security products I mentioned above.

One last little thing: If you do ignore all the rest of my little diatribe…one little thing about my computers. I’m a Mac fan for many reasons. Like, for instance — no .dll files. No C:/ drive. And — while we’re not virus free — there are far, far fewer virii out there for us to contend with. Sending me your alerts does nothing but fill up my mailbox, waste bandwidth on the ‘net, and give me a minor annoyance to deal with, which I then relieve by ranting and raving on my website for the world to see.

Let’s avoid that next time.