Is Tor Permanently Broken?

Tor-logo-2011-flat.svgFederal law enforcement seems to have decided that anonymizing networks are public enemy number one. They’ve racked up some impressive wins in taking down drug-trading market Silk Road, notorious child pornography site Lolita City, and now have managed to bring down Doxbin, a site famous for disclosing sensitive personal information. The world is a better place without those sites, but the ways in which the feds have gone about taking them down makes me think we’re paying too great a price for those wins. Is it possible that they have almost single-handedly destroyed the last great anonymizing tool of the Internet?

Tor was designed as a system of proxies to mask the true source of any request for data. It also encrypts all data in transit in order to prevent any eavesdropping along the way. The design depends on lots of different nodes owned by different parties in order to maintain that anonymity. If anyone gained control of a majority of the nodes, they would be in a position to de-anonymize every user. Even with a large number of nodes, it would still be possible to unmask targeted users with enough persistence.

Now ask yourself one question: who has the resources and determination to attempt to wrest control of enough network nodes to destroy its anonymizing potential?

As we can see above, that can accomplish some good things. Unfortunately, it also means that anyone who gets on the bad side of the US government without breaking any laws now can’t depend on the most important anonymizing tool available today. Evidence exists that this may already be the case, but the feds have kept very quiet about that capability. It’s also not inconceivable that another state actor may attempt to gain access to that de-anonymizing capability without having to build the infrastructure themselves. That puts reporters, whistleblowers, and human rights activists in sometimes mortal danger.

You have to ask yourself if catching the occasional drug runner, child porn collector, or hitman is worth putting millions of lives at risk in totalitarian countries. I hope you’ll agree with me that it is not, especially since those bad guys have been caught without putting the good guys at risk.

Posted in Geek | Tagged , , | Leave a comment

Barefoot Children

Dirty SneakersToday was my morning to get Liam ready for school. He came in and woke us up before the alarm went off (which almost never happens) and was well before there was any hint of daylight. This left us with a lot of time this morning for him to actually eat his breakfast before we had to leave (which almost never happens), so I was scrambling to make a quick sandwich before we had to bolt to the bus stop. The new bus stop is a lot further than walking distance for a kindergartener (about a mile), so we drive him there.

So imagine my shock and surprise when we arrived at the bus stop and I open the car door to realize that I had entirely forgotten to put on his shoes. And, naturally, he hadn’t thought to say a word about it as I put on his coat and loaded him in the car. After briefly contemplating sending him to school with no shoes (parent of the year material, I know), I drove back home resigned to driving Liam to school.

Except when I got home, I couldn’t for the life of me find his shoes. I checked every room in the house, even in our bedroom. I woke up Shauna so she could help me search for them. Then I had the thought to check the backyard.

And yes, they were in the backyard. In the dirt. And filled with dirt. Apparently Liam had taken his shoes off in the one part of the yard that isn’t grass and used them as improvised shovels.

And yes, I took him to school in dirty shoes. Want to make something of it?

Posted in Liam | Tagged , | Leave a comment

Let’s have a chat about gaming

broken controllerSome of you gamers are really ruining it for the rest of us. You’ve threatened a game developer into fleeing her home for no discernable reason, you’ve overreacted to a clear breach of journalistic ethics with rape threats, and now you’ve caused a YouTube personality to cancel a talk at a university by threatening to shoot a whole bunch of unrelated people. Unfortunately, most of you don’t even realize that you’ve gone entirely off the rails with crazy, and you’re only enabling the worst elements of “the other side”.

Background on Anita Sarkeesian and Zoe Quinn

For those who are unaware of what’s going on, allow me to provide some background. Anita Sarkeesian is a feminist who runs a YouTube series on how women are portrayed in video games. She often makes good points, though she does have a tendency to occasionally overreach and elicit an eyeroll or two. This series has drawn out a bunch of self-described “social justice warriors” (or SJWs) who have made it their mission to prove beyond any shadow of a doubt that every single “gamer” (which is as ill-defined as you imagine it is) is exposed as a racist, misogynist, bigot, and all-around nogoodnik. Unsurprisingly, this hasn’t sat well with the vast majority of gamers (like me) who are none of these things, but you know as well as I do that political movements love their broad brushes over dealing in nuance.

Continue reading

Posted in Geek | Tagged , , , , , , | 1 Comment

There’s no such thing as safe sext

from Flickr user Jhaymesisviphotography

from Flickr user Jhaymesisviphotography

Put down your pitchforks, your social justice warrior shrieking about “slut-shaming”, and your righteous indignation about, well, everything. It’s time to have a much-needed expounding upon my call to take more responsibility for the security of your personal data. The impetus is this article from the Salt Lake Tribune showing some very disturbing security practices amongst teenagers.

Teens taking dumb risks is nothing new. They’ve been doing it since, well, forever. Often, though, most of those mistakes wouldn’t end up being a permanent record. Now we have the Internet which will forget nothing about you. And yes, that includes those racy pictures that that one special person pinky swore to never, EVER show another living soul.

Continue reading

Posted in Geek | Tagged , , , , | Leave a comment

Notes on Duck Eggs

We’ve been fortunate enough since moving to Cedar City to come upon a near unlimited supply of duck eggs. In exchange for about 1.5 gallons of fruit and veggie scraps, we get about a dozen eggs per week for our fridge. While these can be somewhat interchangeable with chicken eggs (they’re much larger), the increased fat and protein content creates some unique cooking advantages and challenges.

Scrambled: These form curds very slowly, even under high heat. This is perfect for making light and fluffy scrambled eggs that aren’t completely dried out. Note that scrambling takes a lot more effort since the yolks do not break apart as easily.

Omelet: What makes for good scrambled eggs makes for lackluster omelets. Even with an extended cooking period, the eggs don’t solidify enough to hold together and you end up with a VERY crumbly mess.

Fried: The whites cook relatively quickly, but the yolks take a longer time. This makes over easy and over medium eggs a lot easier to accomplish without using really low heat or watching them like a hawk. The hard-to-break folks mean you won’t end up making accidental scrambled eggs.

Poached: Since the whites cook very quickly, you don’t need to worry about adding vinegar or having those unattractive stringy bits of cooked white everywhere. The slow-to-cook yolks mean they won’t overcook.

We haven’t yet done any baking attempts with them to see how they perform. I’m also going to guess that because of the wide delta between when the whites are done and when the yolks are done, any kind of boiled egg is going to be iffy.

Got any suggestions on how to use duck eggs? Sound off in the comments.

Posted in Food | Tagged | Leave a comment

Prepaid Showdown: T-Mobile vs Cricket

Cricket Wireless LogoOnce we got relocated to Cedar City, we found a major problem: T-Mobile’s service makes Sprint look good. I suppose this is to be expected. Despite great performance in SLC, Las Vegas, Sacramento, and Boston, getting any kind of usable T-Mobile data connection in a rural area (such as CA-99, I-80, and Lake Tahoe) was almost impossible. Even switching to a T-Mobile plan that included roaming didn’t help. In an effort to get some kind of usable cell service, we had to give Cricket a shot.

The performance difference has been quite notable. I was often getting only 2G EDGE or 3G HSPA+ signals from T-Mobile, but the towers were so saturated that using data was almost impossible. Cricket piggybacks onto AT&T’s network and delivers 4G LTE across almost all of Cedar City and into parts of Enoch. More importantly, the connection has been consistently more reliable out here. We also got service at the house we’re looking to buy whereas T-Mobile had no signal. Both carriers will drop down to 2G speeds when the 4G data is used up, so we don’t have to worry about losing data access entirely in a heavy month.

That said, there’s a tradeoff. In SLC, Cricket actually performs notably worse than T-Mobile. It’s still usable, but the LTE coverage and the speeds are nowhere near as good. I did testing across Sandy, Draper, South Jordan, and Murray in areas where T-Mobile hadn’t given me any trouble. Given that we’re unlikely to spend a lot of time in a major metro area, this isn’t a big deal, especially since the connections still work. We’re also unable to stick with the cheap $30 plan that T-Mobile offers, instead having to jump to $45 and get less data (3GB instead of 5GB). Since we’ll be spending most of our time on WiFi anyway, that’s not as big of a deal. Cricket even includes an app that automatically connects you to available WiFi hotspots that they have partnerships with.

This experience has only strengthened my resolve to stay with prepaid carriers over postpaid. Had we been in a contract with T-Mobile, we would have had to spend two years hoping that the data connections would finally improve to a point where we could use our phones. If they do get their act together and improve service in Cedar City, we can always switch back. If Cricket ever starts acting up, I’m free to try out any other prepaid carriers. And even with having to go to a higher cost plan, we’re still saving a small fortune off of traditional postpaid plans where they subsidize your phone.

If you’re still postpaid, why haven’t you switched yet?

Posted in Geek | Tagged , , , , , | 2 Comments

Google just did an end-run around your mobile phone company

Google-Hangouts-logoI’ve been a user and fan of Google Voice since it was still GrandCentral. From its humble beginnings of a “phone number for life” to ring your other phones to full desktop calling and texting, it’s been an indispensable product for my daily use. Two days ago, Google finally merged the functions of Voice into Hangouts, its messaging product. What they’ve done is something more disruptive to the mobile phone industry than anything any other company has done in recent memory.

Consider this: if you use the calling and texting features of Hangouts, all of your calls and texts are free to everyone in the US and Canada. If you do international calling, they have rates as low as a penny per minute to many major cities. Just like that, Google has completely destroyed the idea of paying for either minutes or texts. This may explain why so many carriers have been restricting data plans.

But Google isn’t just giving you a way to run out your cap. They’ve also effectively equipped every single Android phone with WiFi calling and texting without any carrier-specific modifications. If you live in an area where the service is good, you can grab T-Mobile’s $30 prepaid plan and use only Hangouts for calling and texting. Even when the 4G allotment runs out, they still give you unlimited 2G/3G data after that. Cell service has never been cheaper.

While everyone salivates over the idea of larger iPhones, a smartwatch with no well-defined purpose, and payments with your phone that don’t eliminate the pain point of carrying a card, Google has basically forced mobile operators into a situation where their cash cows, calling and texting, have been killed in a back alley. Now they’re all dumb pipe operators, just giving you a chunk of wireless data to use as you see fit. You could even use a WiFi-only device with no cell plan at all and do most of what a cell phone can where you have coverage. That level of disruption is far larger than anything coming from Cupertino’s Reality Distortion Field™.

Posted in Geek | Tagged , , , | 3 Comments

You have to take responsibility for your own personal security

Icloud_logoFriends, let’s have a little chat. Most of you have probably already heard about the iCloud compromise that sent hundreds of nude pictures of female celebrities racing across the Internet (including a few less-than-legal ones snapped before they turned 18). As a crime, it’s not really all that different from voyeurism and should be treated as such. Other than the trolls who think they have a right to get their jollies at anyone else’s expense, I don’t think you’ll find a lot of pushback on this position.

Where you will see a lot of pushback is when you start talking about how a user should have handled their personal security more effectively. For some reason, suggesting that a smarter, more proactive, more defensive posture in regards to your personal data would have been a good way to reduce the odds of being caught up in a compromise gets you slapped with ugly accusations of “blaming the victim”. Despite Apple also being a victim here (it was, after all, their system that got broken into), there’s no shortage of advice on telling them how they could have avoided the problem or at least discouraged all but the most determined attackers. There seems to be one heck of a double standard going on here concerning who we are and are not allowed to dole out security advice to.

All that aside, it’s quite the spectacle to see how Apple failed to protect users’ data. While they offer two-factor authentication on most other services, iCloud is conspicuously absent from that list. There’s also some solid evidence that Apple did not implement basic security features like tarpits and failed login controls (which lock accounts for a period of time after a number of unsuccessful attempts). Combined with tools that allowed brute force attempts to crack the passwords of select accounts and a mutation of a law enforcement tool that allows siphoning data from a phone, it was a matter of when, not if, these accounts would be compromised.

Even had Apple done everything right (and you can probably bet that will now change sooner rather than later), it still presents a very attractive target. Most smartphone users are not sophisticated. You grab your phone and just start using it, probably with whatever default settings it came with. If Apple, Google, Microsoft, or whoever said “hey, setup this backup”, you’d probably do it without considering what that entails. All of your pictures, videos, text messages, emails… backed up conveniently in a single location that is a tantalizing trove of personal data that someone might want to get access to. If you’re a famous person, you basically have a big, red bullseye on all of your digital assets.

If you want to take pictures of yourself naked, you’re absolutely without your right to do so. You’re absolutely a victim if someone steals and publishes them for any reason whatsoever. You do, however, need to be mindful that once you’ve created that data, you need to properly secure it to reduce your chances of it being stolen. Don’t back it up to a shared hosted solution like iCloud, DropBox, or Google Drive unless you’re encrypted the data first. Delete anything you don’t actually want to save. Employ remote wipe options for your phone (available on both Apple and Google products) so that the loss of a phone won’t expose that data. And maybe, just maybe, consider that not creating any media that you would be mortified to have out in the wild.

Every company will experience breaches now, even the ones that generally follow good security practices. Are you being smart with your data before you’re the next one in the crosshairs?

Posted in Geek | Tagged , | 1 Comment

First World Problem: MC Frontalot vs Weird Al Yankovic

Uh oh. Weird Al Yankovic has a new album leaking out and it looks like we now have competition for song about first world problems. Seriously.

Here’s MC Frontalot’s version:

And now Weird Al’s (updated with the official music video):

Same subject, very different takes.

So who did it better? Sound off in the comments.

Posted in Entertainment | Tagged , , , | 5 Comments

Switching it all: From the HTC Evo 4G LTE on Sprint to the LG Nexus 5 on T-Mobile

After many, many years of loyalty to Sprint, Shauna and I broke ranks and jumped ship to T-Mobile when our contract was up. After just a week of being on a new handset with a new carrier, I can see what a world of difference it makes to not only change the hardware, but also change the carrier supporting it. Here’s why I changed and how it has worked out so far. Continue reading

Posted in Geek | Tagged , , , , | 1 Comment