Quotulatiousness

October 28, 2013

Mark Steyn on the Obamacare software

Filed under: Bureaucracy, Cancon, Government, Technology — Tags: , , , — Nicholas @ 07:22

Mark Steyn’s weekend column touched on some items of interest to aficionados of past government software fiascos:

The witness who coughed up the intriguing tidbit about Obamacare’s exemption from privacy protections was one Cheryl Campbell of something called CGI. This rang a vague bell with me. CGI is not a creative free spirit from Jersey City with an impressive mastery of Twitter, but a Canadian corporate behemoth. Indeed, CGI is so Canadian their name is French: Conseillers en Gestion et Informatique. Their most famous government project was for the Canadian Firearms Registry. The registry was estimated to cost in total $119 million, which would be offset by $117 million in fees. That’s a net cost of $2 million. Instead, by 2004 the CBC (Canada’s PBS) was reporting costs of some $2 billion — or a thousand times more expensive.

Yeah, yeah, I know, we’ve all had bathroom remodelers like that. But in this case the database had to register some 7 million long guns belonging to some two-and-a-half to three million Canadians. That works out to almost $300 per gun — or somewhat higher than the original estimate for processing a firearm registration of $4.60. Of those $300 gun registrations, Canada’s auditor general reported to parliament that much of the information was either duplicated or wrong in respect to basic information such as names and addresses.

Sound familiar?

Also, there was a 1-800 number, but it wasn’t any use.

Sound familiar?

So it was decided that the sclerotic database needed to be improved.

Sound familiar?

But it proved impossible to “improve” CFIS (the Canadian Firearms Information System). So CGI was hired to create an entirely new CFIS II, which would operate alongside CFIS I until the old system could be scrapped. CFIS II was supposed to go operational on January 9, 2003, but the January date got postponed to June, and 2003 to 2004, and $81 million was thrown at it before a new Conservative government scrapped the fiasco in 2007. Last year, the government of Ontario canceled another CGI registry that never saw the light of day — just for one disease, diabetes, and costing a mere $46 million.

But there’s always America! “We continue to view U.S. federal government as a significant growth opportunity,” declared CGI’s chief exec, in what would also make a fine epitaph for the republic. Pizza and Mountain Dew isn’t very Montreal, and on the evidence of three years of missed deadlines in Ontario and the four-year overrun on the firearms database CGI don’t sound like they’re pulling that many all-nighters. Was the government of the United States aware that CGI had been fired by the government of Canada and the government of Ontario (and the government of New Brunswick)? Nobody’s saying. But I doubt it would make much difference.

October 25, 2013

QotD: The dangers of reading internet comments

Filed under: Humour, Media, Quotations — Tags: , , — Nicholas @ 00:01

I joke — hilariously — but there is a serious issue here. At least, I assume there is. Frankly, I can’t remember, because I made the mistake of scrolling down to the reader comments about the visa story. Reading online comments is like letting someone punch your brain in the face with a fistful of stupid. If you doubt this, consider that I’ve been hit with the “fist of stupid” so many times, I now think brains have faces. Kudos, Internet.

Scott Feschuk, “Mexico is ‘really mad’ at us, and it is so a big whoop: Diplomacy should be more like ‘Mean Girls’”, Maclean’s, 2013-09-20

October 11, 2013

Creating an “air gap” for computer security

Filed under: Liberty, Technology — Tags: , , , , — Nicholas @ 12:13

Bruce Schneier explains why you’d want to do this … and how much of a pain it can be to set up and work with:

Since I started working with Snowden’s documents, I have been using a number of tools to try to stay secure from the NSA. The advice I shared included using Tor, preferring certain cryptography over others, and using public-domain encryption wherever possible.

I also recommended using an air gap, which physically isolates a computer or local network of computers from the Internet. (The name comes from the literal gap of air between the computer and the Internet; the word predates wireless networks.)

But this is more complicated than it sounds, and requires explanation.

Since we know that computers connected to the Internet are vulnerable to outside hacking, an air gap should protect against those attacks. There are a lot of systems that use — or should use — air gaps: classified military networks, nuclear power plant controls, medical equipment, avionics, and so on.

Osama Bin Laden used one. I hope human rights organizations in repressive countries are doing the same.

Air gaps might be conceptually simple, but they’re hard to maintain in practice. The truth is that nobody wants a computer that never receives files from the Internet and never sends files out into the Internet. What they want is a computer that’s not directly connected to the Internet, albeit with some secure way of moving files on and off.

He also provides a list of ten rules (or recommendations, I guess) you should follow if you want to set up an air-gapped machine of your own.

October 2, 2013

Bruce Schneier’s TEDx talk “The Battle for Power on the Internet”

Filed under: Media, Technology — Tags: , , , , — Nicholas @ 08:56

Published on 25 Sep 2013

Bruce Schneier gives us a glimpse of the future of the internet, and shares some of the context we should keep in mind, and the insights we need to understand, as we prepare for it. Learn more about Bruce Schneier at https://www.schneier.com and TEDxCambridge at http://www.tedxcambridge.com.

About TEDx, x = independently organized event
In the spirit of ideas worth spreading, TEDx is a program of local, self-organized events that bring people together to share a TED-like experience. At a TEDx event, TEDTalks video and live speakers combine to spark deep discussion and connection in a small group. These local, self-organized events are branded TEDx, where x = independently organized TED event. The TED Conference provides general guidance for the TEDx program, but individual TEDx events are self-organized.* (*Subject to certain rules and regulations)

Now we have the real reason for the decline in newspaper revenue

Filed under: Media, USA — Tags: , , , , — Nicholas @ 08:25

If you guessed “the internet” — particularly the internet sites that ate the classified ad business alive — you’re apparently wrong. The real culprit is … an amazingly old-fashioned racist and sexist stereotype:

For years, we’ve talked about the ridiculousness with which many old school journalists want to blame the internet (or, more specifically Google or Craigslist) for the troubles some in the industry have had lately. It is a ridiculous claim. Basically, newspapers have survived for years on a massive inefficiency in information. What newspapers did marginally well was bring together a local community of interest, take their attention, and then sell that attention. What many folks in the news business still can’t come to terms with is the fact that there are tons of other communities of attention out there now, so they can’t slide by on inefficiencies like they did in the past.

Either way, it’s always nice to see some in the industry recognize that blaming the internet is a mistake. However, Chris Powell, the managing editor for the Journal Inquirer in Connecticut’s choice of a different culprit doesn’t seem much more on target. Powell, who it appears, actually does have a journalism job (I can’t fathom how or why) published an opinion piece (found via Mark Hamilton and Mathew Ingram) that puts the blame squarely on… single mothers. Okay, not just any single mothers:

    Indeed, newspapers still can sell themselves to traditional households — two-parent families involved with their children, schools, churches, sports, civic groups, and such. But newspapers cannot sell themselves to households headed by single women who have several children by different fathers, survive on welfare stipends, can hardly speak or read English, move every few months to cheat their landlords, barely know what town they’re living in, and couldn’t afford a newspaper subscription even if they could read. And such households constitute a rising share of the population.

September 28, 2013

Google is “fighting stupid with stupid”

Filed under: Business, Law, Technology — Tags: , , , — Nicholas @ 11:54

In Maclean’s, Jesse Brown looks at the rather dangerous interpretation of how email works in a recent court decision:

Newsflash: Google scans your email! Whether you have a Gmail account or just send email to people who do, Gmail’s bots automatically read your messages, mostly for the purpose of creating targeted advertising. And if you were reading this in 2005, that might seem shocking.

Today, I think most Internet users understand how free webmail works and are okay with it. But a U.S. federal judge has ruled otherwise. Yesterday, U.S. District Judge Lucy H. Koh ruled that Google’s terms of service and privacy policies do not explicitly spell out that Google will “intercept” users’ email (here’s the ruling).

The word “intercept” is crucial here, because it may put Google in the crosshairs of State and Federal anti-wiretapping laws. After Judge Koh’s ruling, a class-action lawsuit against Google can proceed, whose plaintiffs seek remedies for themselves and for class groups including “all U.S. citizen non-Gmail users who have sent a message to a Gmail user and received a reply…”. Like they say in Vegas, go big or go home.

[…]

An algorithm that scans my messages for keywords like “vacation” in order to offer me cheap flights is not by any stretch of the imagination a wiretap.

But Google has taken a different tack in their defence. If, they’ve argued, what Gmail does qualifies as interception, than so does all email, since automated processing is needed just to send the stuff, whether or not advertising algorithms or anti-spam filters are in use. This logic can be extended, I suppose, to all data that passes through the Internet.

You might call it fighting stupid with stupid, but I think it’s a bold bluff: rule us illegal, Google warns the court, and be prepared to deem the Internet itself a wiretap violation.

September 25, 2013

Potential service interruption

Filed under: Administrivia — Tags: , — Nicholas @ 06:49

A while back, I mentioned that my hosting service was moving the site to a new server. Fortunately, this change appears to have happened without disrupting anything. Today, however, I had to make a DNS setting change that may take up to 24 hours to take effect. If you get a 404 message that the site is unreachable, try again in an hour or so and hopefully the new settings will be in place. Or, I could be worried over nothing and this will also be a transparent change from the users’ point of view (fingers crossed, anyway).

September 24, 2013

Reason.com banned from Reddit‘s /r/Politics subgroup

Filed under: Media, Politics — Tags: , , — Nicholas @ 13:35

Nick Gillespie is puzzled that Reddit users are no longer allowed to submit links to Reason:

So I’m left wondering exactly what we did to incur the wrath of TheRedditPope. Reddit penalizes sites and users that scrape articles from original sources, try to game the system by submitting only material in which they have an publishing interest, and don’t add much information or analysis. As several of the commenters in the thread note, Reason.com is the biggest libertarian news site on the web and whether folks agree or not with our take on a given topic, they can’t seriously accuse us of ripping off other sites or not shooting our mouths off with our own particular POVs on any given topics.

Consider the attempted post that brought the ban to our attention. The user who contacted us had apparently tried to submit this story: “Do-Nothing Congress? Americans Think Congress Passes Too Many Laws, Wrong Kinds of Legislation.” Click on the link and you’ll be taken to an extended analysis of information drawn from the latest Reason-Rupe Poll, an original quarterly survey of American voters that has garnered praise from all over the political spectrum and has been cited in all sorts of mainstream and alternative outlets. If the Reason poll — which is designed by Reason Foundation, the nonprofit that publishes this site, and is executed in the field by the same group that conducts Pew Research — and that post in particular don’t meet the threshold of original content that is news-rich and original, then nothing does.

I am a huge admirer of Reddit, even in the wake of recent revelations about the /r/Politics ban. As I wrote last year in a Reddit thread,

    Reddit is one of those rare sites that actually delivers on the potential of the Internet and Web to create a new way of creating community and distributing news, information, and culture that simply couldn’t exist in the past. Like wildly different sites ranging from slashdot to Arts & Letters Daily to Talking Points Memo to the late, lamented Suck, Reddit is precisely one of the reasons why cyberspace (or whatever you call it) continues to excite us and make plain old meatspace a little more tolerable.

September 19, 2013

Latest online piracy study shows the problem is Hollywood

Filed under: Business, Media — Tags: , , , — Nicholas @ 08:37

Techdirt‘s Mike Masnick shows that the data in the most recent study of online piracy (funded by NBC Universal) clearly shows that the real reason for piracy is Hollywood’s unwillingness or inability to learn:

While we already discussed the MPAA’s questionable new study trying to pin the blame for infringement on Google, MPAA member NBC Universal has released its “Digital Piracy Universe” study as well. This study was done by NetNames, the company formerly known as Envisional, which basically released a very similar study two and a half years ago. Matt Schruers, over at CCIA, does a nice job explaining some of the more questionable aspects of the methodology. However, we’d like to focus on something a bit more basic: the study’s own numbers don’t seem to support what NBC Universal seems to think it does. More specifically, as we noted with the last study, the results actually suggest piracy is Hollywood’s own damn fault. This isn’t just our interpretation either. The guy who wrote both studies, David Price, basically said the same thing right before SOPA died (he argued that the bills were a bad idea).

Once again, it’s not difficult to see why the problem is Hollywood’s with one simple chart:

Online piracy and Netflix

Basically, in the US, where Netflix has come up with a model that many people find to be reasonably priced and convenient enough, the rate of things like BitTorrent usage falls in comparison.

September 18, 2013

The NSA scandal is not about mere privacy

Filed under: Government, Liberty, USA — Tags: , , , , — Nicholas @ 08:19

Last week, Yochai Benkler posted this in the Guardian:

The spate of new NSA disclosures substantially raises the stakes of this debate. We now know that the intelligence establishment systematically undermines oversight by lying to both Congress and the courts. We know that the NSA infiltrates internet standard-setting processes to security protocols that make surveillance harder. We know that the NSA uses persuasion, subterfuge, and legal coercion to distort software and hardware product design by commercial companies.

We have learned that in pursuit of its bureaucratic mission to obtain signals intelligence in a pervasively networked world, the NSA has mounted a systematic campaign against the foundations of American power: constitutional checks and balances, technological leadership, and market entrepreneurship. The NSA scandal is no longer about privacy, or a particular violation of constitutional or legislative obligations. The American body politic is suffering a severe case of auto-immune disease: our defense system is attacking other critical systems of our body.

First, the lying. The National Intelligence University, based in Washington, DC, offers a certificate program called the denial and deception advanced studies program. That’s not a farcical sci-fi dystopia; it’s a real program about countering denial and deception by other countries. The repeated misrepresentations suggest that the intelligence establishment has come to see its civilian bosses as adversaries to be managed through denial and deception.

[…]

Second, the subversion. Last week, we learned that the NSA’s strategy to enhance its surveillance capabilities was to weaken internet security in general. The NSA infiltrated the social-professional standard-setting organizations on which the whole internet relies, from National Institute of Standards and Technology to the Internet Engineering Task Force itself, the very institutional foundation of the internet, to weaken the security standards. Moreover, the NSA combined persuasion and legal coercion to compromise the commercial systems and standards that offer the most basic security systems on which the entire internet runs. The NSA undermined the security of the SSL standard critical to online banking and shopping, VPN products central to secure corporate, research, and healthcare provider networks, and basic email utilities.

Serious people with grave expressions will argue that if we do not ruthlessly expand our intelligence capabilities, we will suffer terrorism and defeat. Whatever minor tweaks may be necessary, the argument goes, the core of the operation is absolutely necessary and people will die if we falter. But the question remains: how much of what we have is really necessary and effective, and how much is bureaucratic bloat resulting in the all-too-familiar dynamics of organizational self-aggrandizement and expansionism?

The “serious people” are appealing to our faith that national security is critical, in order to demand that we accept the particular organization of the Intelligence Church. Demand for blind faith adherence is unacceptable.

September 15, 2013

Bruce Schneier on what you can do to stay out of the NSA’s view

Filed under: Liberty, Technology — Tags: , , , , , — Nicholas @ 10:44

Other than going completely off the grid, you don’t have the ability to stay completely hidden, but there are some things you can do to decrease your visibility to the NSA:

With all this in mind, I have five pieces of advice:

  1. Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it’s work for them. The less obvious you are, the safer you are.
  2. Encrypt your communications. Use TLS. Use IPsec. Again, while it’s true that the NSA targets encrypted connections — and it may have explicit exploits against these protocols — you’re much better protected than if you communicate in the clear.
  3. Assume that while your computer can be compromised, it would take work and risk on the part of the NSA — so it probably isn’t. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the Internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my Internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it’s pretty good.
  4. Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It’s prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.
  5. Try to use public-domain encryption that has to be compatible with other implementations. For example, it’s harder for the NSA to backdoor TLS than BitLocker, because any vendor’s TLS has to be compatible with every other vendor’s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it’s far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

Since I started working with Snowden’s documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I’m not going to write about. There’s an undocumented encryption feature in my Password Safe program from the command line; I’ve been using that as well.

I understand that most of this is impossible for the typical Internet user. Even I don’t use all these tools for most everything I am working on. And I’m still primarily on Windows, unfortunately. Linux would be safer.

The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical. They’re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.

Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.

Reining-in the NSA … while it’s still even theoretically possible

Filed under: Government, Liberty, Technology, USA — Tags: , , — Nicholas @ 10:25

In TechDirt, Glyn Moody on the fleeting opportunity to rein-in the NSA:

In the wake of the continuing leaks about the NSA’s activities, most commentators are understandably still trying to get to grips with the enormity of what has been happening. But John Naughton, professor of the public understanding of technology at the UK’s Open University, tackles a very different question on his blog: what is likely to happen in the future, if things carry on as they are?

Naughton notes that the NSA’s mission statement includes the following phrase: “to gain a decision advantage for the Nation and our allies under all circumstances.” “Under all circumstances” means that as the Internet grows — and as we know, it is currently growing rapidly — so the NSA will naturally ask for resources to allow it to do tomorrow what it is doing today: monitoring more or less everything that happens online. Naughton then asks where that might lead if the political climate in the US remains sufficiently favorable to the NSA that it does, indeed, get those resources:

    The obvious conclusion therefore, is that unless some constraints on its growth materialise, the NSA will continue to expand. It currently has 35,000 employees. How many will it have in ten years’ time? Who can say: 50,000, maybe? Maybe even more? So we’re confronted with the likelihood of the growth of a bureaucratic monster.

    How will such a body be subjected to democratic oversight and control? Let me rephrase that: can such a monster be subjected to democratic control?

September 7, 2013

Maybe the conspiracy theorists just aren’t paranoid enough

Filed under: Government, Media, Technology, USA — Tags: , , , , — Nicholas @ 09:49

Bruce Schneier on the destruction of public trust in government agencies:

I’ve recently seen two articles speculating on the NSA’s capability, and practice, of spying on members of Congress and other elected officials. The evidence is all circumstantial and smacks of conspiracy thinking — and I have no idea whether any of it is true or not — but it’s a good illustration of what happens when trust in a public institution fails.

The NSA has repeatedly lied about the extent of its spying program. James R. Clapper, the director of national intelligence, has lied about it to Congress. Top-secret documents provided by Edward Snowden, and reported on by the Guardian and other newspapers, repeatedly show that the NSA’s surveillance systems are monitoring the communications of American citizens. The DEA has used this information to apprehend drug smugglers, then lied about it in court. The IRS has used this information to find tax cheats, then lied about it. It’s even been used to arrest a copyright violator. It seems that every time there is an allegation against the NSA, no matter how outlandish, it turns out to be true.

Guardian reporter Glenn Greenwald has been playing this well, dribbling the information out one scandal at a time. It’s looking more and more as if the NSA doesn’t know what Snowden took. It’s hard for someone to lie convincingly if he doesn’t know what the opposition actually knows.

All of this denying and lying results in us not trusting anything the NSA says, anything the president says about the NSA, or anything companies say about their involvement with the NSA. We know secrecy corrupts, and we see that corruption. There’s simply no credibility, and — the real problem — no way for us to verify anything these people might say.

September 6, 2013

Bruce Schneier on taking back the internet

Filed under: Liberty, Technology, USA — Tags: , , , , — Nicholas @ 08:51

From his article in yesterday’s Guardian:

This is not the internet the world needs, or the internet its creators envisioned. We need to take it back.

And by we, I mean the engineering community.

Yes, this is primarily a political problem, a policy matter that requires political intervention.

But this is also an engineering problem, and there are several things engineers can — and should — do.

One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order. If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don’t cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers.

We need to know how exactly how the NSA and other agencies are subverting routers, switches, the internet backbone, encryption technologies and cloud systems. I already have five stories from people like you, and I’ve just started collecting. I want 50. There’s safety in numbers, and this form of civil disobedience is the moral thing to do.

Two, we can design. We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.

We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems — these will be harder for the NSA to subvert.

The Internet Engineering Task Force, the group that defines the standards that make the internet run, has a meeting planned for early November in Vancouver. This group needs to dedicate its next meeting to this task. This is an emergency, and demands an emergency response.

Update: Glenn Greenwald retweeted this, saying it was “not really hard for a rational person to understand why this is newsworthy”.

Yahoo goes out of its way to lose more long-term users

Filed under: Business, Media, Technology — Tags: , — Nicholas @ 08:11

I moderate a few special interest groups on Yahoo Groups, and I’m subscribed to a couple of dozen others. There’s nothing flashy or exciting about the service: it’s been relatively stable for years, with few changes or disruptions. For most users, this has been ideal. This week Yahoo not only introduced a new logo, they also tossed a stink bomb into the placid Yahoo Groups with a new user interface called “Neo”. They apparently rolled out the changes to a few groups last month, but most users and list owner/moderators hadn’t been given any notice that the change was coming. The Register‘s Kelly Fiveash on the diabolical scheme to annoy long-term users of Yahoo Groups:

‘WTF! MORONS!’ Yahoo! Groups! redesign! traumatises! users!
‘Vile, unfriendly interface’ attacked by world+dog. But format stays

Yahoo! has told thousands of users who are complaining about the Purple Palace’s pisspoor redesign of its Groups service that it will not be rolled back to the old format — despite a huge outcry.

The Marissa Mayer-run company revamped Yahoo! Groups last week, but it was immediately inundated with unhappy netizens who grumbled that the overhaul was glitchy, difficult to navigate and “severely degraded”.

In response, Yahoo! told its users:

    We deeply value how much you, our users, care about Yahoo! Groups … we launched our first update to the Groups experience in several years and while these changes are an important step to building a more modern Groups experience, we recognise that this is a considerable change.

    We are listening to all of the community feedback and we are actively measuring user feedback so we can continuously make improvements.

But the complaints have continued to flood in since Yahoo! made the tweak by changing its “classic” (read: ancient) interface to one dubbed “neo” that appeared to have been quickly spewed on to the interwebs with little testing before going live.

And — while the company claimed it was listening closely to its users about the new look Yahoo! Groups — it has ignored pleas from thousands of people who want it to reverse the update.

For users who access Yahoo Groups through the website, the new design has completely befuddled many, hiding functions (and even group names) and making it far more difficult to search for older posts (you reportedly have to search by message number: no other searches are supported). Even for those who only receive email updates, the Neo redesign included odd and sometimes completely unreadable email formatting, broken links, and other highly irritating issues.

This is the real problem with “free” services: when things go wrong, as a user of the service, you don’t have much leverage to complain or to get things fixed.

« Newer PostsOlder Posts »

Powered by WordPress