Stupidity is not security – not even in Singapore

 Computer Security, Internet, Politics  No Responses »
Jun 092016
 

Dictatorships can be wonderful places, so long as they are led by competent dictators.

The problem with dictatorships is that when the dictators go bonkers, there are no corrective mechanisms. No process to replace them or make them change their ways.

And now I wonder if the same fate may be in the future of Singapore, described by some as the “wealthiest non-democracy”.

The Ministry of Information and the Arts

To be sure, Singapore is formally democratic, with a multi-party legislature. But really, it is a one-party state that has enacted repressive legislation that require citizens engaging in political discussion to register with the government, and forbids the assembly of four or more people without police permission.

Nonetheless, Singapore’s government enjoyed widespread public support for decades because they were competent. Competence is the best way for a government, democratic or otherwise, to earn the consent of the governed, and Singapore’s government certainly excelled on this front.

But I am beginning to wonder if this golden era is coming to an end, now that it has been announced that Singapore’s government plans to take all government computers off the Internet in an attempt to improve security.

The boneheaded stupidity of this announcement is mind-boggling.

For starters, you don’t just take a computer “off the Internet”. So long as it is connected to something that is connected to something else… just because you cannot use Google or visit Facebook does not mean that the bad guys cannot access your machine.

It will also undoubtedly make the Singapore government a lot less efficient. Knowledge workers (and government workers overwhelmingly qualify as knowledge workers) these days use the Internet as an essential resource. It could be something as simple as someone checking proper usage of a rare English expression, or something as complex as a government scientist accessing relevant literature in manuscript repositories or open access journals. Depriving government workers of these resources in order to improve security is just beyond stupid.

In the past, Singapore’s government was not known to make stupid decisions. But what happens when they start going down that road? In a true democracy, stupid governments tend to end up being replaced (which does not automatically guarantee an improvement, to be sure, but over time, natural selection tends to work.) Here, the government may dig in and protect its right to be stupid by invoking national security.

Time will tell. I root for sanity to prevail.

 Posted by at 1:45 pm

An expert in… what?

 Internet, Personal, Physics, Religion  2 Responses »
Jun 022016
 

This morning, Quora surprised me with this:

Say what?

I have written a grand total of three Quora answers related to the Quran (or Koran, which is the spelling I prefer). Two of these were just quoting St. Augustine of Hippo, an early Christian saint who advised Christians not to confuse the Book of Genesis with science; the third was about a poll from a few years back that showed that in the United States, atheists/agnostics know more about religion than religious folk from any denomination.

As to string theory, I try to avoid the topic because I don’t know enough about it. Still, 15 of my answers on related topics (particle physics, cosmology) were apparently also categorized under the String Theory label.

But I fail to see how my contributions make me an expert on either Islam or String Theory.

 Posted by at 11:18 am

Most viewed in multiple universes

 Internet, Personal  3 Responses »
Apr 292016
 

When you contribute on Quora as I do, Quora may reward you by declaring you a “most viewed writer” in select topics.

What I didn’t realize is that Quora’s powers reach not only beyond planet Earth, but also beyond the boundaries of our physical universe.

A few months ago, Quora declared me most viewed not just in this universe but in parallel universes:

But if you thought this cannot be topped, here is the latest: I am now a most viewed writer in the whole multiverse!

Wow. I really feel special.

 Posted by at 11:13 am

Bleeping script kiddies

 Computer Security, Internet, Personal  No Responses »
Apr 152016
 

Not for the first time, one of my Joomla! sites was attacked by a script kiddie using a botnet.

The attack is a primitive brute force attack, trying to guess the administrator password of the site.

The frustrating thing is that the kiddie uses a botnet, accessing the site from several hundred remote computers at once.

A standard, run-of-the-mill defense mechanism that I installed works, as it counts failed password attempts and blocks the offending IP address after a predetermined number of consecutive failures.

Unfortunately, it all consumes significant resources. The Joomla! system wakes up, consults the MySQL database, renders the login page and then later, the rejection page from PHP… when several hundred such requests arrive simultaneously, they bring my little server to its knees.

I tried as a solution a network-level block on the offending IP addresses, but there were just too many: the requests kept coming, and I became concerned that I’d have an excessively large kernel table that might break the server in other ways.

So now I implemented something I’ve been meaning to do for some time: ensuring that administrative content is only accessible from my internal network. Anyone accessing it from the outside just gets a static error page, which can be sent with minimal resource consumption.

Now my server is happy. If only I didn’t need to waste several hours of an otherwise fine morning because of this nonsense. I swear, one of these days I’ll find one of these script kiddies in person and break his nose or something.

 Posted by at 11:50 am

Please don’t ask me to disable my ad blocker

 Commerce, Computer Security, Internet, Personal  No Responses »
Apr 102016
 

I’ve been encountering an increasing number of Web sites lately that asked me to disable my ad blocker. They promise, in return, fewer ads.

And with that promise, they demonstrate that they completely and utterly miss the point.

I don’t want fewer ads. I don’t mind ads. I understand that for news Web sites, ads are an essential source of revenue. I don’t resent that. I even click on ads that I find interesting or relevant.

So why do I use an ad blocker, then?

In one word: security.

Malicious ads showed up even on some of the most respectable Web sites. Ad networks have no incentive to vet ads for security, so all too often, they only remove them after the fact, after someone complained. And like a whack-a-mole game, the malicious advertiser is back in no time under another name, with another ad.

And then there are those ads that pop up with an autostart video, with blaring sound in the middle of the night, with the poor user (that would be me) scrambling to find which browser tab, which animation is responsible for the late night cacophony.

Indeed, it was one of these incidents that prompted me to call it quits on ads and install an ad blocker.

So sorry folks, if you are preventing me from accessing your content because of my ad blocker, I just go elsewhere.

That is, until and unless you can offer credible assurance that the ads on your site are safe. I don’t care how many there are. It’s self-limiting anyway: advertisers won’t pay top dollar for an ad on a site that is saturated with ads. What I need to know is that the ads on your site won’t ruin my day one way or another.

 Posted by at 9:19 am

Emergency alert nonsense

 Canada, Communication, Politics, Television  No Responses »
Mar 202016
 

Recently, it was proudly announced that Canada now has a state-of-the-art emergency preparedness system, with the participation of major telecommunication companies like Bell or Rogers.

The problem… well, here is an example of the problem:

This is what was on my television screen a little earlier this afternoon, in place of CNN, for something like a full minute or so.

And not just in place of CNN. In place of every channel. Even if I was trying to watch a recorded show on the PVR.

What’s wrong with it, you ask? Well, I live in Ottawa. That is more than 400 kilometers from Toronto, and the last time I checked, a 1997 Toyota Camry is not a hypersonic jet aircraft.

But even if the abduction happened next door… I don’t mean to be heartless, but this kind of dramatic alert is something I would expect to see if World War 3 was imminent, or if my city (not Toronto!) was about to be hit by an F5 hurricane. Not in case of a domestic abduction (which, in the vast majority of cases, is just a family member like an estranged father, taking a child without permission.)

The last time this happened, I wrote to the CRTC, who told me that it’s not their responsibility (even though they were the ones who mandated it!) but that of provincial agencies and the telecommunication companies that implement the system.

Today, I wrote to Rogers. I do not expect a meaningful reply*.

As if I didn’t already have enough incentives to cut the cable.

*Update: A day after I sent my e-mail complaint to Rogers, a gentleman by the name of Aaron called me from the “President’s office”. He very patiently listened to me as we discussed not just the emergency alert system but also other issues related to the digital transition, the cost and limited choice of decoder equipment, and other topics. We spent more than 20 minutes on the phone. I still don’t expect anything meaningful to happen, but I appreciated it that my complaint was taken somewhat seriously.

 Posted by at 6:06 pm

ASCII weather forecast

 Internet, Weather and Climate  No Responses »
Feb 212016
 

Last night, when I almost managed to kill my server, I was playing with a service that I just discovered: Weather forecast in ASCII.

Well, almost ASCII. UTF-8 characters, to be precise. (And it was while messing with those xterm settings that I managed to enter a command using the wrong syntax.)

Still, it’s a nicely formatted three-day forecast suitable for text terminals. And it has pretty thorough world coverage.

I just hope the forecast holds up for Tuesday, as I’ll have quite a few errands to run that day and I’d prefer not to get stuck in a snowstorm.

 Posted by at 9:24 am

Evaporating black holes and arXiv policies

 Internet, Physics  2 Responses »
Jan 282016
 

There is an interesting paper out there by Guerreiro and Monteiro, published a few months ago in Physics Letters A. It is about evaporating black holes. The author’s main assertion is that because of Hawking radiation, not even an infalling ray of light can ever cross the event horizon: rather, the event horizon evaporates faster than the light ray could reach it, neatly solving a bunch of issues and paradoxes associated with black holes and quantum physics, such as the problems with unitarity and information loss.

I find this idea intriguing and very appealing to my intuition about black holes. I just read the paper and I cannot spot any obvious errors. I am left wondering if the authors appreciated that the Vaydia metric is not a vacuum metric (indeed, it is easy to prove that a spherically symmetric time-dependent solution of Einstein’s field equations cannot be a vacuum solution; there will always be a radial momentum field, carrying matter out of or into the black hole) but it has no bearing on their conclusions I believe.

Now it’s a good question why I am only seeing a paper that is of great interest to me more than six months after its publication. The reason is that although the paper appeared in a pre-eminent journal, it was rejected by the manuscript archive, arxiv.org. This is deeply troubling. The paper is certainly not obviously wrong. It is not plagiarized. Its topic is entirely appropriate to the arXiv subject field to which it was submitted. It is not a duplicate, nor did the authors previously abuse arXiv’s submission system. Yet this paper was rejected. And the most troubling bit is that we do not know why; the rejection policy of arXiv is not only arbitrary, it seems, but also lacks transparency.

This manuscript archive is immensely valuable to researchers. It is one of the greatest inventions of the Internet era. I feel nothing but gratitude towards the people who established and maintain this repository. Nonetheless, I do not believe that such an opaque and seemingly arbitrary rejection policy is justifiable. I hope that this will be remedied and that arXiv’s administrators will take the necessary steps to ensure that in the future, rejections are based on sound criteria and the decisions are transparently explained.

 Posted by at 5:51 pm

Travel, security and end-to-end encryption

 Computer Security, Internet  No Responses »
May 152015
 

Whenever I travel, I think a lot about Internet security. For purely selfish reasons: I do not wish to become a victim of cybercrime or unnecessarily expose my own systems to attacks.

The easiest way to achieve end-to-end encryption is through a virtual private network (VPN). Whenever possible, I connect to my own router’s VPN service here in Ottawa before doing anything else on the Interwebs. The connection from my router to the final destination is still subject to intercept, but at least my connection from whatever foreign country I am in to my own network is secure.

A VPN has numerous other advantages, not the least of which is the fact that to the outside world, I appear to have an Ottawa-based IP address; this allows me, for instance, to use my Netflix subscription even in countries where Netflix is not normally available.

The downside of the VPN is that I am limited by the outgoing bandwidth of my own connections. But in practice, this does not appear to be a serious limitation. (I was able to watch Breaking Bad episodes just fine while in Abu Dhabi.)

Unfortunately, a VPN is not always possible, as some providers, for reasons known only to them, block VPNs. (I can think of a few workarounds, but I have not yet implemented any of them.) Even in this case, I remain at least partially protected. I have set up my mail server such that both incoming (IMAP) and outgoing (SMTP) connections are fully encrypted. This way, not only are my messages secure, but (and this was my main concern) I also avoid leaking sensitive password information to an eavesdropper.

When it comes to Web sites, I use secure (HTTPS) connections whenever possible, even for “mundane” stuff like innocent Google searches. I also use SSH if necessary, to connect to my servers. These days, SSH is an absolute must; the use of Telnet is just an invitation for disaster.

But of course the biggest security risk while one is on the road is the use of a public Wi-Fi network anywhere. Connecting to an HTTP (not HTTPS) server through a public Wi-Fi network and logging in with your password may not be the exact equivalent of telegraphing your password to the whole wide world, but it comes pretty darn close. Tools that can be used to scan for Wi-Fi networks and analyze the data are readily available not just for laptops but even for smartphones.

Once an open Wi-Fi network is identified, “sniffing” all packets becomes a trivial exercise, with downloadable tools that are readily available. Which is why it is incomprehensible to me why, in this day and age, most providers (e.g., hotels, airports) that actually do require users to log in use an unsecure network and just intercept the user’s first Web query to present a login page instead, when the technology to provide a properly secured Wi-Fi network has long been available.

In the future, no doubt I’ll have to take even stronger measures to maintain data security. For instance, the simple PPTP VPN technology in my router has known vulnerabilities. Today, it may take several hours on a dedicated high-end workstation to crack its encryption keys; the same task may be accomplished in minutes or less on tomorrow’s smartphones.

So there really are two lessons here: First, any security is bettern than no security, as it makes it that much harder for an attacker to do harm, and most attackers will just move on to find lower hanging fruit. Second, no measure should give you a false sense of security: by implementing reasonable security measures, you are raising the bar higher, but it will never defeat a determined attacker.

 Posted by at 2:46 pm

Android trouble

 Communication, Computers, Personal  No Responses »
Mar 312015
 

Last evening, I decided to update my rooted Samsung Galaxy S3 smartphone.

I did not expect to stay awake for much of the night, struggling to revive a “bricked” phone.

In the end, though, all is well: my phone is alive and once again, for the first time since the 4.3 update, it is both rooted and encrypted.

 Posted by at 5:18 pm

What exactly does LinkedIn know about you?

 Internet, Personal  No Responses »
Mar 312015
 

Social networking sites know a lot about you, and LinkedIn is no exception.

The other day, I noticed a cute tool (for all I know, it was around for years; I don’t visit LinkedIn that often) that graphically summarizes my LinkedIn connections. Here it is:

I was a bit surprised by the number of connections I seem to have from the San Francisco Bay area. I am also wondering about the correct interpretation of the Seniority plot. If you have a lot of senior connections, is it because of your own seniority, or is it because these were all your would-be bosses, but you were never able to find a good position and form good relationships with co-workers?

Then again, as far as I can determine, others may not even be able to view this graphic. That is, unless you are silly enough to post it to your blog for the world to see! Oh… what?!

 Posted by at 5:06 pm

Putin’s Ministry of Truth

 Film, Internet, Politics  No Responses »
Mar 272015
 

In an interview with Radio Free Europe, a former employee reveals what is a de facto Orwellian Ministry of Truth operated by Putin’s regime in Russia.

In St. Petersburg’s Internet Research center, professional Internet trolls are employed who post comments on various social media sites. The operation is sophisticated: employees play different roles, creating an impression of genuine debate in which, of course, the government line always prevails. Their activities sometimes become surreal, described as a parody of Orwell’s novel. But wait a cotton-picking minute… wasn’t it Orwell’s novel that was supposed to be the parody? What a strange world we live in.

 Posted by at 10:49 am

Why I refused a nice request from a bunch of kids

 Computer Security, Internet  No Responses »
Mar 252015
 

Curse my suspicious nature.

Here I am, reading a very nice letter from a volunteer who is asking me to share a link on my calculator museum Web site to cheer up some kids:

rachel1

And then, instead of doing as I was asked to do, I turned to Google. Somehow, this message just didn’t smell entirely kosher. The article to which I was supposed to link also appeared rather sterile, more like an uninspired homework assignment, with several factual errors. So I started searching. It didn’t take very long until I found this gem:

Then, searching some more, I came across this:

Or how about this one:

Looks like Ms. Martin has been a busy lady.

So no, I don’t think I’d be adding any links today.

 Posted by at 7:33 pm

Emmy Noether’s birthday

 History, Internet, Physics  No Responses »
Mar 232015
 

Emmy Noether… not exactly a household name, at least outside of the community of theoretical physicists and mathematicians.

Which is why I was so surprised today when I noticed Google’s March 23 Doodle: a commemoration of Emmy Noether’s 133rd birthday.

Wow. I mean, thank you, Google. What a nice and deserving tribute to one of my heroes.

 Posted by at 11:36 pm

Upgrading, upgrading, upgrading…

 Computer Security, Internet, Personal  No Responses »
Mar 142015
 

I hate software upgrades.

It is one of the least productive ways to use one’s time. I am talking about upgrades that are more or less mandatory, when a manufacturer ends support of an older version. So especially if the software in question is exposed to the outside world, upgrading is not optional: the security risk associated with using an unsupported, obsolete version is quite significant.

Today, I was forced to upgrade all my Web sites that use the Joomla content management system, as support for Joomla 2.5 ended in December, 2014.

Joomla-Logo

What can I say. It was not fun. I am using some custom components and some homebrew solutions, and it took the better part of the day to get through everything and resolve all compatibility issues.

And I gained absolutely nothing. My Web sites look exactly like they did yesterday (apart from things that might  be broken as a result of the upgrade, that is.) I just wasted a few precious hours of my life.

Did I mention that I hate software upgrades?

 Posted by at 7:30 pm

Noisy Web sites

 Internet  2 Responses »
Mar 052015
 

300px-Audio-volume-high.svgNotice to Web advertisers: If you stick a video on a Web page that starts with blaring noise in the middle of the night, the only thing you accomplish is that I close the bleeping page in a mad panic, and I make sure never to visit it again.

Moments ago, this is what happened when I visited a page on the Montreal Gazette’s Web site, trying to read an article, only to have a car commercial start without any interaction on my part, at maximum volume.

I don’t know what car was being advertised. I don’t even care. I just swore and scrambled to click the Close button.

This is unpleasant even during the day, insanely annoying late at night when you worry about waking up family members, for instance.

I hope that one day, the idiots who believe this form of advertising is appropriate will all have their eardrums pierced in a most painful manner by excessive noise.

It appears though that I am not alone: there is a study suggesting that such loud ads are bad for business.

As for me, against my better judgment, I just decided to install AdBlock Plus on Chrome. Let’s see if it works as advertised.

 Posted by at 2:06 pm

Dear CRTC: Hands off the Internet please

 Canada, Internet, Television  No Responses »
Sep 232014
 

Dear CRTC: Please stop trying to protect us poor Canadians from evil companies like Netflix.

Video-on-demand is not broadcasting. The Internet is not the public airwaves. You have no business trying to bully companies just because they threaten the livelihood of lumbering, decrepit behemoths like Rogers.

I am a Rogers Cable subscriber. I have been a Rogers Cable subscriber ever since they purchased Ottawa Cablevision more than two decades ago.

What am I getting from Rogers? Here are a few examples:

  • Inept, sometimes openly contemptuous customer service (like, what kind of a backward moron am I for still wanting to use analog cable without a settop box?);
  • Technically substandard service (programs interrupted by local commercials that are inserted at the wrong time, substandard signal quality on some analog channels; an analog video frame that is reduced in size by a ratio of 59/60 for no apparent reason);
  • Overpriced, obsolete hardware and no opportunity to use non-Rogers equipment, e.g., with a subscriber identity card;
  • Unnecessary encryption on all digital channels (including local channels), which makes it impossible to use a TV without a settop box.

And you wonder why I am contemplating “cutting the cord”?

Instead of blaming Netflix, perhaps you can have a conversation with Rogers about addressing issues that alienate their customers. If you are not willing to do that, fine, then let the free market do its thing. But take your dirty regulatory paws off the Canadian Internet, please.

 Posted by at 10:18 am

Mailing lists and digests

 Internet  No Responses »
Aug 142014
 

Electronic mailing lists are a somewhat old-fashioned way to let a group of people stay in touch and communicate about a topic of interest.

Many mailing lists these days offer a “digest” service: instead of sending out each message individually to the list recipient, they receive one message a day, a week, or some other set interval, containing all the traffic from the mailing list during that time period.

Tonight, on a mailing list to which I subscribe, I saw yet another request to delete the original message from any replies, for the benefit of digest readers. I have seen such requests many times in the past, and every time I come across one, I get rather annoyed.

Including the original message is of course redundant for “digest” readers, as they probably have a copy of the original message right there, as part of the same digest. But for non-digest readers, including the original saves the time it takes to look up the earlier message.

In other words, what these helpful volunteer “list police” folks are really saying amounts to this: If you are one of those idiots who actually bothers to read messages individually, your time is less valuable than the time of those who already decided that the list is not worth that much attention in the first place.

Why, thank you for putting me in my place.

 Posted by at 10:49 pm

Firefox or Chrome? Firefox for now…

 Computers, Internet  No Responses »
Jun 212014
 

Having been annoyed by a Firefox crash a few weeks ago, I decided to give Google’s Chrome browser a serious try on my Windows desktop. I am, after all, using Chrome on my Android phone and tablet, so I figured I might as well swear allegiance to our Google overlords on my desktop as well…

But it’s not going to happen, not just yet. Yesterday, after I managed to close a tab in Chrome by accident one too many times, I Googled for ways to disable the “X” in tabs other than the active tab… only to find that Google years ago declared that they don’t consider this a problem and they would not solve it. Indeed, I find Chrome’s customization features rather limited compared to what is available in Firefox under about:config.

So, I switched back. I shall be using Firefox for the time being. I am still keeping Chrome on standby, just in case Mozilla goes berserk (their recent UI changes were not exactly welcome with open arms by much of the user community, myself included; who knows what new insanity awaits us in the pipeline.)

And, it seems that I am not alone.

 Posted by at 3:28 pm
 Older Entries  Newer Entries