Nov 25, 2015

How to Fix Everything

What do an iPhone, a tractor, and a printer have in common? They're all made by manufacturers who don't want you to repair those devices yourself.

I resolved that I wasn't going to make a habit out of reblogging or resharing, instead using this site as a platform for my own original content. But Vice:Motherboard's recent profile of iFixit is just too good not to share, especially in light of the article I posted on Monday, encouraging you to install more RAM into your older Macs.

For those who don't know, over the last decade, Apple has increasingly become a company bent on obfuscating the means, tools, and processes for taking apart and repair their devices. Anyone who lives in a major city knows that there's a whole cottage industry around town devoted to repairing broken iPhones and Androids. Companies like Apple, Samsung, and John Deere have resorted to all manner of dirty tricks to keep people from fixing their products: proprietary screws, excess glue, even customs crackdowns and DMCA lawsuits.

I've used iFixit's excellent guides on numerous occasions over the years to repair or upgrade my Apple devices. Kyle Wiens and iFixit explain how they use ingenuity and curiosity to stay a step ahead of Apple's efforts to stifle them. They extoll that we should live in a world where people are educated on the means to fix things. The alternative is a futuristic dystopia filled with artifacts whose inner workings are magical to us, and which are discarded as soon as they cease functioning for any reason.

Motherboard: How to Fix Everything

Nov 23, 2015

The Conspiracy to Slow Down Your Computer

One of my pet-peeves about the semi-tech-literate is their insistence on what I like to call, "The Conspiracy". The Conspiracy usually gets brought up by someone when I start talking with someone about technology and how it relates to consumerism. It goes something like this:
My phone/computer/laptop worked fine when I bought it four years ago, but now it's slow, and I use it for the same stuff that I did four years ago. Obviously, this is a conspiracy by Apple/Microsoft/Dell/Whoever to slow down my device in order to force me to buy a new one.
How exactly said tech company slows down their device is a variable matter. Either the software updates are rigged to work extra badly on old hardware, or there's some sort of secret switch that slows down the CPU, or some combination of the two, or something else.

Conspiracy theory in general gets my hackles up, but when it involves my area of expertise, it whips me into a frothing frenzy which is not conducive to calmly explaining what's wrong with the theory in a concise and measured manner. So, let's go over why your computer isn't as fast as it used to be.

Nov 18, 2015

Banning or Backdooring Encryption Will Break the Internet

It seems like every other day, a lawmaker from a major democratic country is set to introduce some legislation which would break the internet as we know it. While these laws and treaties may be well-intentioned (crafted in the name of "security" or "protecting artists"), they're being written by people who have a deep, DEEP ignorance of how the internet and technology actually works. Such people don't understand that the consequence of their laws, as written, could be the destruction of the web. Why didn't these lawmakers and law-enforcers actually consult with technologically knowledgeable professionals before going off half-cocked? This is like a government creating rules about how bridges are to be built without consulting a single engineer. It's not just stupid, it's dangerous.

But I digress... Today's existential threat to the internet: the banning of "strong encryption". I use quote-marks because, as you might imagine, this is a layperson's term that doesn't actually mean anything from a technical standpoint. For me to fully explain, we'll need to go back a couple of years.

In 2013, we learned from NSA whistleblower Edward Snowden that encryption works. While the NSA may be able to hack an endpoint device (your phone, computer, etc) and steal data from it, they can't intercept data in transit when a connection is encrypted. This annoys and frustrates intelligence agencies, who seem to feel that they should be able to access anything they want at will. As I stated in my September article, The Fallacy of the "Secret Master Key", FBI director Jim Comey publicly called for encryption backdoors for law enforcement as recently at this past July. Likewise, UK Prime Minister David Cameron wants to ban encryption unless there's a secret backdoor for the government.

Again, the purpose of my "Secret Master Key" article was to point out that the whole concept of "a backdoor that only the good guys can use" is totally flawed. Simply put, when a lock has a built-in "backdoor" for "the good guys", it's only a backdoor as long as it is kept secret. As soon as anyone - vandal hackers, criminals, and yes, terrorists - discover how to access the backdoor, or get a copy of the private key, the backdoor becomes a critical security vulnerability affecting a huge number of devices. Secrets are hard to keep, and so those kind of security leaks (like the leaked TSA keys) do and will happen.

In their draconian "Investigatory Powers Bill", the UK government has said that while they have no plan to ban encryption outright, they will require all encryption, including that used by banks, to be decipherable. In essence, it should have a backdoor - this makes encryption broken by design. Both malicious hackers and security researchers have a history of discovering massive security holes in software, which were created accidentally by programmers. Uncovering a security hole that everyone knows exists and which was purposefully built-in to software would undoubtedly be much more trivial to discover and exploit.

Yes, it's THIS dumb.

So you see, there is no such thing as "strong encryption", only "encryption that works", and "encryption that doesn't work" - That is neither understatement nor hyperbole. Mandating backdoors into encryption would be the most disastrous thing to ever happen to the internet. Period.

First and foremost, ordinary citizens would find themselves the victims of frequent monetary and identity theft. Without strong encryption, our online banking and credit card purchases are even more vulnerable to interception by hackers, putting our bank and credit card data into the hands of criminals. The same goes for enormous amounts of sensitive personal data - taxes, medical, insurance - currently submitted to governments and other privileged parties under SSL-encrypted HTTPS connections.

The private sector also relies heavily on encryption for day-to-day activities. As a systems administrator, I use SSH to access the systems I administrate from outside the office. Without reliable encryption technology, my administrative credentials could potentially be intercepted, and used to wreak havoc on our small business by a malicious party (data extortion is already a very real threat).

Putting small-to-medium businesses at a much greater risk of security breaches is one thing, but broken encryption would make it nearly impossible for massive networks like Facebook, Amazon, Apple, or Google to operate effectively. While neither I nor the average IT person knows much about the inner workings of such complex proprietary networks, it's difficult to imagine being able to administrate or even implement them without lots of encrypted connections. As it stands, SonyGoDaddy, and Apple have all suffered serious security breaches within the past few years. It's hard enough for a major enterprise to deal with IT security without their most important tool being deliberately hamstrung by the government.

But the most damning nail in the coffin for "reversible encryption" rhetoric comes from Kim Zetter over at Wired, who pointed out that while banning/backdooring encryption would cripple our infrastructure, it won't stop criminals from homebrewing their own encryption methods. Her article quotes Nate Cardozo of the Electronic Frontier Foundation:
“There’s no way of preventing a terrorist from installing a Russian [encryption] app or a Brasilian app ... The US or UK government could mandate [backdoors], but Open Whisper Systems is not going to put in a backdoor in their product period and neither is PGP. So as soon as a terrorist is sophisticated enough to know how to install that, any backdoor is going to be defeated.”
Imagine a world where door locks are outlawed, under the pretence that police or first responders need to be able to get anywhere quickly in an emergency. Crime would be rampant, theft would be commonplace. There would be no privacy, no security, and no safety.

This is exactly the kind of world you can expect to be facing. Kim Zettor's excellent Wired article, along with one by Trevor Timm at the Guardian, make the case that intelligence agencies throughout the world see the November 2015 Paris attacks as an opportunity to frighten the populace into banning/breaking encryption. It has become a familiar story: a distasteful attempt by authorities to exploit a terrible human tragedy as a springboard for a Machiavellian power-grab.

It's always tempting for some to make the argument that the righteous have nothing to hide - a fallacious axiom that is usually trotted out by advocates of mass surveillance. In the case of computer science, digital security, and IP networking, it is anathema. Without a guarantee of security, we won't be able to properly operate anything, and we will be more vulnerable to attack than ever.

Hopefully someone will point this out before lawmakers push blindly forward with their anti-encryption agenda. Yet, I have a pit in my stomach: stopping politicians from doing incredibly stupid things requires pushback from the voting public. Encryption isn't exactly a "sexy" topic, and I doubt the average person realizes how much their day-to-day life, their privacy and safety, depend on it.

I hope this article has helps people to understand the seriousness of this debate. Otherwise, we may very well let our own ignorance destroy the technologies we've come to depend on.

EDIT 2Forbes reports that the Information Technology Industry Council (ITI), whose membership is a who's-who of the tech industry (Apple, Google, Microsoft, Facebook, Symantec, etc) has released an open letter to President Obama explaining that what I've extolled here: backdooring encryption will break it. It's worth a read.

EDIT: For those of us who are a certain age, here's one last thought on "back doors":

image compiled using vector art by Leremy/Shutterstock

Nov 17, 2015

I Don't Fear Terrorism - I Fear YOUR Reaction to it

I remember, on Friday, seeing the first mention on my newsfeed that something bad was going down in Paris. Not long after, it became apparent that the city was the victim of some sort of terrorist attack.

My gut seized up. I mourned for the victims, felt sorry for the city of Paris. I was angry that some group of radicals keep running around hurting humanity like this. Mostly though: I was afraid, terrified. But I wasn't afraid of terrorists. I was afraid of what the world would be like after these attacks.

Four days after the attacks, and my fears are already being realized.

Nov 9, 2015


More writing is coming down the pipe, but I want to take a brief intermission...

This past year, I made a resolution to get back into writing, and to try and make a positive difference in the world. To that end, I combined two of my passions - politics and technology - and decided that the focus of this blog should be digital rights and security.

To say that the community has been incredibly supportive and welcoming would be an understatement. - a local organization whose goal is to protect Canada's open internet - has been kind enough to share several of my articles with their own social media community, and has given me a lot of positive encouragement. I got to meet several members of that organization this past weekend at Media Democracy Days 2015. That event itself was a real treat, including a keynote from CanadaLand host Jesse Brown, and several other prominent speakers.

The implacable copyfighter Cory Doctorow also shared my article about municipal archives on boingboing last week, which was a tremendous honour. My partner was also kind enough to share the article with the libraries and archives community, who have responded positively on social media.

This has all been tremendously humbling, and it's imbued me with a renewed desire to keep on writing about frontier technology issues as best I can.

So, thank you.

That's all for now. Stay tuned!

Nov 5, 2015

The TPP vs. YOU

Today, governments released the full, final text of the TPP.

It's bad. REALLY BAD. Even worse than we thought. Here are some highlights:

Copyright will be life of the artist plus seventy years. This is up from the current life-plus-fifty years in Canada. I explained in depth yesterday how this this will do enormous harm to Canadian institutions such as municipal archives and to the public domain.

Your ISP has to give your name to copyright holders if they ask. This is really, REALLY scary. I recently recalled to you my experience where my ISP screwed up and associated my name with the wrong account for Notice and Notice. Now, if a rights holder has "sufficient evidence" that you committed a copyright infringement, they can demand your subscriber information. We know what happens next, because US laws have given us a preview. The copyright holder will hand over your info to what constitutes the equivalent of a copyright-infringement collection agency, who will harass you endlessly, demanding payment and threatening further legal action. Those enforcers have already tried to use these tactics through the Notice and Notice system, with less ability to back up their threats. 

Nov 4, 2015

The TPP vs. Municipal Archives

Check back in about 70 years, okay?
Part of my mandate for this blog is helping people in my age demographic and younger to focus on digital issues which affect us, presently or in the near future. Recently, there's been a lot of talk about the titanic treaty known as the Trans-Pacific Partnership (or "TPP"). The TPP is utterly overwhelming: covering a myriad of things from dairy farmers to the internet. Like the (former!) Conservative government's omnibus budget bills, the expansive scope of the agreement makes the TPP very difficult to understand, dismantle, and most importantly, to debate.

One of the TPP areas of scope which is critical to discuss is the section on copyright. At this point, several notable bloggers* have covered the TPP's copyright extension provisions in great detail. But what do those provisions mean for you? Let's bring it down to the ground. For example: folks in my demographic seem to love seeing old-timey photos of their city. Here in Vancouver, exploring our retro-downtown through old photographs of various eras is practically an official pastime.

Oct 21, 2015

My Notice and Notice Horror Story

As I've stated before, I've never been a big illegal downloader. Besides being a touch paranoid and extremely "rules-conscious", I was also trained as a musician, which means I have opinions about artists getting remunerated for their work. So, in 2014, when Canada's new Notice and Notice system of copyright enforcement came into effect, I was ready to go - Netflix, iTunes, and Sunday night trips to a friend's house to watch Game of Thrones on HBO via her cable subscription.

Yes sir, all my ducks were in a row. Everything straight and narrow... or so I thought.

In March of 2015, I received a pair of copyright notices forwarded by my internet service provider (ISP). At the time, lots of Canadians were getting flooded with these notices. The notices claimed that, a month prior, I had downloaded a pair of films via BitTorrent. I hadn't downloaded the films, nor had I even heard of the films before. The next day, another notice came in, for a different title on a different date.

Data Localization - Why You Should Care

Data localization. Chances are, you don't know what that is, but it affects you in a big way.

Data localization is where, geographically, your data is stored. The database record which constitutes your Facebook profile, for example: where is the server that stores it located? Does Facebook have a local server farm in a Canadian city which stores the main record? Or is it part of a vast, replicating, distributed database, located mostly on servers hosted in American data centers?

You might shrug: "Why does it matter where the data is stored? Data is intangible. It's constantly flowing over the internet from one machine to another." Well, the reason it matter is legal jurisdiction.

Oct 14, 2015

My Polo

I do declare this day that I reclaim the POLO shirt from the domain of the DOUCHE.

My polo is not a Ralph Lauren. Nor is it Tommy Hilfiger, Lacoste, or HUGO BOSS. It is not a PGA officially-licensed product. It did not cost $125, plus tax.

My polo comes from American Eagle or Old Navy. Occasionally, it's a no-name brand from a department store. It cost $30 AT MOST, presuming I didn't buy it during a "3 for 1" sale.

I do not wear two different coloured polos at once, one over top of the other (Just use a God-damned undershirt, douchebags).