The Australian Department of Defence, Intelligence and Security division, has produced a particularly good walkthrough for hardening the iOS environment (.pdf). I’d recommend it to the curious and for system administrators who are interested in evaluating/contrasting their own iOS deployments.
Valve’s Handbook for New Employees has made its way to the Internet. While such handbooks are normally incredibly dull – I mean, really, who hasn’t almost fallen asleep or committed suicide to escape reading one? – Valve’s is excellent.
It lays out corporate culture, modes of engaging with other employees, identifying tasks worth doing, and how the company actually functions. It doesn’t take itself too seriously and is scattered with jokes. Valve has, effectively, created a whimsical and useful document that embraces employees. Employers could learn from what Valve has done.
I’ve used Google Apps for years and absolutely despise the new UI changes. Jason Crawford has some suggestions about undoing some of the horror. If you use Gmail, and hate the changes as I do, his walkthrough will likely be of interest.
While not related strictly to technology, Forbes has a good breakdown of why Kobe beef that is sold outside of Japan is (effectively) never the famed Kobe beef that myths are written about. It’s a good, direct, blunt piece. The kind of journalism I think we can, and want to, all support.
It (re)raises important questions that implicate technology. Wireless technologies are sometimes called “4G” but this is only true under revised ITU regulations. Originally 4G technologies were meant to be transformative – they referred predominantly to LTE and beyond – but this was revised in 2010 to refer to “3G technologies substantially better in performance and capability than earlier 3G technologies.”
Similar legal issues arise around the definition of public domain: with different international bodies possessing different copyright terms, the variance could lead to jurisdictional disputes around what is(n’t) public domain. Such disputes may lead to the removal of content if it happens to be stored or accessible in nations with the more onerous copyright terms.
These are just two areas where ‘labelling’ is important. In all three cases – beef, wireless speeds, and copyright – it’s legal terms that enable variable terminology associated with common goods. For consumers in a globalized world, who are often unable to spend the time to track down the ‘truth’ behind the labels, such labels can be incredibly confusing. We can do better, and we should do better, and find a means of rectifying confusions that arise from domestic labelling.
Bruce Schneier, talking about the social and economic threats to the Internet’s infrastructure
Brian Snow, the (now) ex Technical Director of the NSA’s Information Assurance Directorate, speaking on Cybersecurity. Actual talk begins at 2:10.
A group of my colleagues and I are always on the hunt for affordable, easy-to-use, secure drive encryption tools that can be deployed to non-technically savvy individuals. The most recent piece of software we’ve come across is LaCie’s Public-Private encryption which, as far as I can tell, is a pretty front-end for TrueCrypt.
I’ve reached out to the company in the hopes of learning what, if anything, they’ve done in making TrueCrypt a tiny bit easier for people to use. TrueCrypt is one of the more secure means of protecting data. LaCie’s software itself is free – available here – and runs on any USB drive, so you can use the software without having to purchase anything from the company. The only deficit that I’ve come across thus far is that you can only create 4GB partitions; this means that if you want to encrypt everything on an 8GB drive then you’ll need to establish two separate partitions.
I’ll be updating this site once/if I hear back from the company.
When your government behaves in such a way that innocent citizens are forced to act as a spies to keep safe, then it’s evident that something has gone terribly awry. Laura Poitras, an American citizen and journalist, now lives like a spy: under the constant pressure of potential government harassment and surveillance of herself, her sources, and anyone that is particularly close to her.
Her crime? Being an award winning filmmaker who has produced films addressing the negative impacts of American imperialism abroad.
Glenn Greenwald has a terrific piece that unpacks what it means to be a prominent journalist, activist, or simple government contrarian who is willing to take entirely legal actions against the American state. Actions like speaking up or otherwise exercising basic civil rights. I won’t lie: it’s a long piece, probably not something you can skim in 2-3 minutes. But if you only read one thing that holds your attention for 10-15 minutes today, go read Glenn’s piece. It’s eye opening.
As a teaser:
In many instances, DHS agents also detain and interrogate her in the foreign airport before her return, on one trip telling her that she would be barred from boarding her flight back home, only to let her board at the last minute. When she arrived at JFK Airport on Thanksgiving weekend of 2010, she was told by one DHS agent — after she asserted her privileges as a journalist to refuse to answer questions about the individuals with whom she met on her trip — that he “finds it very suspicious that you’re not willing to help your country by answering our questions.” They sometimes keep her detained for three to four hours (all while telling her that she will be released more quickly if she answers all their questions and consents to full searches).
Poitras is now forced to take extreme steps — ones that hamper her ability to do her work — to ensure that she can engage in her journalism and produce her films without the U.S. Government intruding into everything she is doing. She now avoids traveling with any electronic devices. She uses alternative methods to deliver the most sensitive parts of her work — raw film and interview notes — to secure locations. She spends substantial time and resources protecting her computers with encryption and password defenses. Especially when she is in the U.S., she avoids talking on the phone about her work, particularly to sources. And she simply will not edit her films at her home out of fear — obviously well-grounded — that government agents will attempt to search and seize the raw footage.
A major challenge facing Canada’s “new” mobile companies is this: how can they extend network coverage across Canada to increase the utility of their product offerings? One way they address the challenge involves entering roaming agreements with incumbent carriers. As Wind Mobile is finding out, Rogers Communications is willing to both do the least possible to enable roaming and fight at the CRTC to maintain this minimal standard.
Specifically, from The Telecom Blog we find that
…Wind Mobile complained again to the CRTC stating that Rogers continues to discriminate against its roaming customers. Though RIM managed to muster support from the Consumer Association of Canada, the CRTC has ruled again in favor of Rogers. The upstart carrier claims that currently there’s no way for Wind subscribers to continue a live call when they hop onto Rogers network. The call is dropped and the subscribers are forced to redial.
Though Wind has been lobbying hard to get seamless roaming onto the Rogers network, the CRTC declined the request stating that “in view of its determination that RCP had not granted itself a preference, it would be inappropriate to deal with the issue of mandating seamless call transition.”
Needless to say, these are the actions of an incumbent doing what it can to limit the appeal of competitors’ products. The reason that Rogers wasn’t found to have granted itself a preference was because Rogers hadn’t rejigged their network in response to the roaming agreement: Rogers simply made the decision not to make technical improvements that would enable seamless live call transitions.
Much of the issue around transitions, and other telecom-related battles between incumbents and competitors in Canada, stem from the CRTC’s basic position that the Canadian telecommunications market should be directed by facilities-based competition. In other words, the position is (generally stated!) that competitors are recognized as temporarily needing access to incumbent networks when they first incorporate, but that the same competitors should build out their own infrastructure over time.
This CRTC’s preferred mode of competition is incredibly expensive and is arguably redundant; structural separation is postulated as one means of addressing the issue, as are spectrum sharing, and improved infrastructure sharing agreements that are driven by federal institutions’ fiats. Regardless of the particular solution you favour – if you see a problem as existing, in the first place! – something should be done to better enable new competitors in Canada. The CRTC theoretically attempts to promote market competition so that services are less costly for Canadians while simultaneously ensuring that offered services are of high quality and are efficient. Where something so basic as call transitions isn’t addressed, one has to wonder whether some federal institution shouldn’t be a lot more involved than they are in enabling competition in Canada’s mobile marketplace.
For years, researchers have warned that the systems that run critical infrastructure have systemic and serious code-based vulnerabilities. Unfortunately, governments have tended to use such warnings as a platform to raise ‘cyber-warfare’ arguments. Many such arguments are thinly-disguised efforts to assert more substantive government surveillance and control over citizens’ rights and expressions of freedom. Few of these arguments genuinely address the concerns researchers raise.
In the face of governmental lacklustre efforts to secure infrastructure, researchers have disclosed critical vulnerabilities in many of the systems responsible for manufacturing facilities, water and waste management plants, oil and gas refineries and pipelines, and chemical production plants. What’s incredibly depressing is this:
The exploits take advantage of the fact that the Modicon Quantum PLC doesn’t require a computer that is communicating with it to authenticate itself or any commands it sends to the PLC—essentially trusting any computer that can talk to the PLC. Without such protection, an unauthorized party with network access can send the device malicious commands to seize control of it, or simply send a “stop” command to halt the system from operating.
These kinds of ‘attacks’ or ‘exploits’ are possible because the most basic security precautions are not integrated into the logic controllers running such infrastructure. On the one hand this makes sense: many PLCs and the infrastructure they are embedded in were created and deployed prior to ‘the Internet’ being what it is today. On the other, however, one has to ask: if the money spent on security theatre at airports had been invested in hardening actual PLCs and other infrastructure, where would critical infrastructure security be today?
Excited Pixels