David Gessel

Power Adventures In Iraq

Friday, December 12, 2014 

Plugging things in here is always an adventure. Most of the outlets are the horrible giant British style so they have interlocked grounds, but most appliances are European style, so plugging things in means either using something to jam open the ground interlock, breaking the interlock tabs with force, or dispensing with the plug entirely and just stuffing bare wires in the holes.

When using the latter method, it turns out the British plugs are actually kind of useful because toggling the ground tab with a screwdriver uses the interlocks to bind the wires in place.  You just hope the ground pin is wired to ground, not hot.  Usually it just isn’t wired to anything.

Most appliances and power strips here come from China and are the sort of manufacture China was famous in the US for about 30 years ago: taking something out of the package usually breaks it.  The wires inside are so thin it is amazing they survive and grounds are never, ever actually connected.  I have cables that on the inside have a ground insulator but no ground conductor inside the insulator.  Awesome!

But we just rewired the new villa and even though the ground isn’t wired (of course), the outlets are new and seem like they’re decent quality.  And we even got British style plugs to dispense with the highly problematic and very melt-prone plug adapters.  All seemed good until….

Uh oh.  Maybe it just needed to create a little vent….

 

Nope.  Melt down.  Good thing these have a built-in fuse…  (which is still fine, though encrusted in melted plastic).

Posted at 15:27:24 GMT-0700

Category: photoTechnologyTravel

Regional Energy Drink

Monday, December 1, 2014 

I’ve run across this energy drink in dramatic packaging.  Energy drinks aren’t really my thing, but I thought I’d try it: slightly orange tasting fizzy water, mildly sweet with that slightly weird energy drink taste.  But the bottle is fun:

Bomba Bottle Image

It is made in Austria and seems to be distributed more to the East than the West, at least as far as my travels have indicated.  I have seen it in a lot of Middle-Eastern markets, but not in many European ones.

The lid release mechanism is kind of thematically clever.

Bomba Pull Top Image

I suspect this would be a particularly problematic beverage to forget in your carry-on luggage.

Posted at 18:29:45 GMT-0700

Category: FunnyNeutralOddphotoReviews

Speaker Build

Friday, November 28, 2014 

In December of 2002 (really, 2002, 12 years ago (OMG, >20 years ago)), I decided that the crappy former Sony self-amplified speakers with blown amplifiers that I had wired into my stereo as surround speakers really didn’t sound very good as they were, by then, 7 years old and the holes in the plastic housing where the adjustment knobs once protruded were covered by aging gaffers tape.

At least it was stylish black tape.

I saw on ebay a set of “Boston Acoustics” woofers and tweeters back in the time when ebay prices could be surprisingly good.  Boston Acoustics was a well-respected company at the time making fairly decent speakers.  36 woofers and 24 tweeters for $131 including shipping.  About 100 lbs of drivers.  And thus began the execution of a fun little project.

 

Design Phase: 2003-2011

I didn’t have enough data to design speaker enclosures around them, but about a year later (in 2003), I found this site, which had a process for calculating standard speaker properties with instruments I have (frequency generator, oscilloscope, etc.)  I used the weighted diaphragm method.

WOOFER: PN 304-1150001-00 22 JUL 2000
80MM CONE DIA = 8CM
FS  = 58HZ
RE  = 3.04 OHMS
QMS = 1.629
QES = 0.26
QTS = 0.224
CMS = 0.001222
VAS = 4.322 (LITERS) 264 CUBIC INCHES
EBP = 177.8

NOMINAL COIL RESISTANCE @ 385HZ (MID LINEAR BAND) 3.19 OHMS
NOMINAL COIL INDUCTANCE (@ 1KHZ) 0.448 MHENRY
TWEETER: PN 304-050001-00 16 OCT 2000
35MM CONE DIA
FS  = 269HZ
RE  = 3.29 OHMS
QMS = 5.66
QES = 1.838
QTS = 1.387
CMS = 0.0006
VAS = 0.0778 (LITERS)
EBP = 86.7

NOMINAL COIL RESISTANCE @ 930HZ (MID LINEAR BAND) 3.471 OHMS
NOMINAL COIL INDUCTANCE (@ 1KHZ) 0.153 MHENRY

Awesome.  I could specify a cross over and begin designing a cabinet.  A few years went by…

In January of 2009 I found a good crossover at AllElectronics.  It was a half decent match and since it was designed for 8 ohm woofers, I could put two of my 4 ohm drivers in series and get to about the right impedance for better power handling (less risk of clipping at higher volumes and lower distortion as the driver travel is cut in half, split between the two).

https://web.archive.org/web/20120904083243/http://www.allelectronics.com:80/make-a-store/item/XVR-21/2-WAY-CROSSOVER-INFINITY/1.html
CROSS OVER FREQUENCY 
3800HZ CROSSOVER
LOW-PASS: 18DB, 8 OHM
HIGH-PASS: 18DB, 4 OHM

Eventually I got around to calculating the enclosure parameters.  I’m not sure when I did that, but sometime between 2009 and 2011.  I found a site with a nice script for calculating a vented enclosure with dual woofers, just like I wanted and got the following parameters:

TARGET VOLUME 1.78 LITERS = 108 CUBIC INCHES

DRIVER VOLUME (80MM) = 26.25 CUBIC INCHES = 0.43 LITERS
CROSS OVER VOLUME = 2.93 CUBIC INCHES = 0.05 LITERS
SUM = 0.91 LITERS
1" PVC PORT TUBE: OD = 2.68CM, ID = 2.1CM = 3.46 CM^2
PORT LENGTH = 10.48CM = 4.126"


WIDTH = 12.613 = 4.829"
HEIGHT = 20.408 = 7.82"
DEPTH = 7.795 = 3"

In 2011 I got around to designing the enclosure in CAD:

There was no way to fit the crossover inside the enclosure as the drivers have massive, magnetically shielded drivers, so they got mounted on the outside.  The speakers were designed for inside mounting (as opposed to flange mounting) so I opted to radius the opening to provide some horn-loading.

I also, over the course of the project, bought some necessary tools to be prepared for eventually doing the work: a nice Hitachi plunge router and a set of cheap router bits to form the radii and hole saws of the right size for the drivers and PVC port tubes.

Build Phase (2014)

This fall, Oct 9 2014, everything was ready and the time was right.  The drivers had aged just the appropriate 14 years since manufacture and were in the peak of their flavor.

I started by cutting down some PVC tubes to make the speaker ports and converting some PVC caps into the tweeter enclosure.  My first experiment with recycled shelf wood for the tweeter mounting plate failed: the walls got a bit thin and it was clear that decent plywood would make life easier.  I used the shelf wood for the rest of the speaker: it was salvaged from my building, which was built in the 1930s and is probably almost 100 years old.  The plywood came with the building as well, but was from the woodworker who owned it before me.

I got to use my router after so many years of contemplation to shape the faceplates, fabricated from some fairly nice A-grade plywood I had lying around.

Once I got the boxes glued up, I installed the wiring and soldered the drivers in.  The wood parts were glued together with waterproof glue while the tweeters and plastic parts were installed with two component clear epoxy.  The low frequency drivers had screw mounting holes, so I used those in case I have to replace them, you know, from cranking the tunage.

I lightly sanded the wood to preserve the salvage wood character (actually no power sander and after 12 years, I wasn’t going to sand my way to clean wood by hand) then treated them with some polyurethane I found left behind by the woodworker that owned the building before I did.  So that was at least 18 years old.  At least.

I supported the speakers over the edge of the table to align the drivers in the holes from below.

The finished assembly looked more or less like I predicted:

Testing

The speakers sound objectively quite nice, but I was curious about the frequency response.  To test them I used the pink noise generator in Audacity to generate 5.1 6 channel pink noise files which I copied over to the HTPC to play back through my amp.  This introduces the amp’s frequency response, which is unlikely to be particularly good, and room characteristics, which are certainly not anechoic.

Then I recorded the results per speaker on a 24/96 Tascam DR-2d recorder, which also introduces some frequency response issues, and imported the audio files back into Audacity (and the original pink noise file), plotted the spectrum with 65536 poles, and exported the text files into excel for analysis.

Audacity’s pink noise looks like this:

Pink_Noise_Spectrum

It’s pretty good – a bit off plan below 10 Hz and the random noise gets a bit wider as the frequency increases, but it is pretty much what it should be.

First, I tested one of my vintage ADS L980 studio monitors.  I bought my L980s in high school in about 1984 and have used them ever since.  In college I blew a few drivers (you know, cranking tunage) but they were all replaced with OEM drivers at the Tweeter store (New England memories).  They haven’t been used very hard since, but the testing process uncovered damage to one of my tweeters, which I fixed before proceeding.

ADS L980 Spectrum

The ADS L980 has very solid response in the low frequency end with a nicely manufactured 12″ woofer and good high end with their fancy woven tweeter.  A 3 way speaker, there are inevitably some complexities to the frequency response.

I also tested my Klipsch KSC-C1 Center Channel speaker (purchased in 2002 on ebay for $44.10) to see what that looked like:

It isn’t too bad, but clearly weaker in the low frequency, despite moderate sized dual woofers and with a bit of a spike in the high frequency that maybe is designed in for TV and is perhaps just an artifact of the horn loaded tweeter. It is a two way design and so has a fairly smooth frequency response in the mid-range, which is good for the voice program that a center speaker mostly carries.

And how about those new ones?

New Speaker Spectrum

Well… not great, a little more variability than one would hope, and (of course) weak below about 100Hz.  I’m a little surprised the tweeters aren’t a little stronger over about 15kHz, though while that might have stood out to me in 1984, it doesn’t now.  Overall the response is quite good for relatively inexpensive drivers, the low frequency response, in particular, is far better than I expected given the small drivers.  The high frequency is a bit spiky, but quite acceptable sounding.

And they sound far, far better than the poor hacked apart Sony speakers they replaced.

Raw Data

The drawings I fabricated from and the raw data from my tests are in the files linked below:

Speaker Design Files (pdf)

Pink Noise Tests (xlsx)

Posted at 21:05:03 GMT-0700

Category: AudioFabricationHowTophotoTechnology

SSL for Authentication Sucks

Wednesday, November 26, 2014 

One of the most horrible mistakes made in the early days of the internet was to use SSL (an “HTTPS” connection) for both securing a connection with encryption and verifying that the server you reach matches the URL you entered.

Encryption is necessary so you can’t be spied on by anyone running wireshark on the same hotspot you’re on, something that happens all the time, every day, to everyone connecting to public wifi, which means just about everyone just about any time they take a wifi device out of the house.  It is pretty certain that you – you yourself – have thwarted cybercrime attempts thanks to SSL, not just once but perhaps dozens of times a day, depending on how often you go to Starbucks.

The second purpose, attempting to guarantee that the website you reached is served by the owner of the domain name as verified by some random company you’ve never heard of is an attempt to thwart so-called “Man in the Middle” (MITM) and DNS poisoning attacks.  While these are also fairly easy (especially the latter), they’re both relatively uncommon and the “fix” doesn’t work anyway.

In practice, the “fix” can be detrimental because it gives a false sense of security to that sliver of the population that knows enough to be aware that the browser bar ever shows a green lock or any other indicator of browser trust and not aware enough to realize that the indicator is a lie. It is beyond idiotic that our browsers make a big show of this charade of identity verification with great colorful warnings of non-compliance whenever detected to order to force everyone to pay off the cert mafia and join in the protection racket of pretending that their sites are verified.

I’ve written before why this is counterproductive, but the basic problems is that browsers ship with a set of “root” certificates1You can review a list of the certificates of trusted Certificate Authorities here. Note that the list includes state-agency certificates from countries with controversial human rights records. that they trust for no good reason at all except that there’s a massive payola racket and if you’re a certificate issuer with a distributed accepted CA certificate you can print money by charging people absurd fees for executing a script on your server which, at zero cost to the operator, “signs” their certificate request (oh please, please great cert authority sign my request) so that browsers will accept it without warning.  It isn’t like they actually have the owner of the site come in to their office, show ID, and verify they are who they say they are.  Nobody does that except CACert; which is a free service and, surprise, their root cert is not included in any shipping browser.

Users then will typically “trust” that the site they’re connecting to is actually the one they expected when they typed in a URL.  Except they didn’t type a URL, they clicked on a link and they really have no idea where there browser is going and will not read the URL in the browser bar anyway and bankomurica.com is just as valid as bankofamerica.com, so the typical user has no clue where the browser thinks it is going and a perfectly legit, valid cert can be presented for a confusing (or not really so much) URL.  Typosquatters and pranksters have exploited this very successfully and have proven beyond any doubt that pretending that a URL is an unambiguous identifier is foolish and so too, therefore, is proving that the connection between the browser and the URL hasn’t been hijacked.

Further, law enforcement in most countries require that service providers ensure that it is possible to surreptitiously intercept communications on the web: that is do the exact thing we’re sold that a “valid” certificate makes “impossible.” In practice they get what are called “lawful intercept” certificates which are a bit like fireman’s key that doesn’t compromise your security because only a fireman would ever, ever have one..  Countries change hands and so do these.  If you think you’re a state-level target and certificate signing has any value, you’re actually putting your life at risk.  This is an immense disservice because there will be some people at risk, under surveillance, who will actually pay attention to the green bar and think it means they are safe.  It does not.  They may die.  Really.

Commercial certs can cost thousands of dollars a year and they provide absolutely zero value to the site visitor except making the browser warnings go away so they can visit the site without dismissing meaningless and annoying warnings.  There is absolutely no additional value to the site operator for a commercial cert over a completely free self-signed cert except to make the browser warnings go away for their visitors.  The only entity that benefits from this is the certificate vendor from the fees they charge site operators and for the browser vendor for whatever fees are associated with including their certificates in the browser installer.  You, the internet user, just lose out because small sites don’t use encryption because they can’t afford certs or the hassle and so your security is compromised to make other people rich.

There are far better tools2The hierarchical security model that browsers currently use, referencing a certificate authority, does work well for top-down organizations like companies or the military (oddly, the US Military’s root certificates aren’t included in browsers).  In such a situation, it makes sense for a central authority to dictate what sources are trusted.  It just does not make sense in an unstructured public environment where the “authority” is unknown and their vouch means nothing.  that use a “Web Of Trust” model that was pioneered by PGP back in the early 1990s that actually does have some meaning and is used by CACert, meaning CACert certificates actually have some meaning when they indicate that the site you’re visiting is the one indicated by the URL, but since CACert doesn’t charge and therefore can’t afford to buy into the cert mafia, their root certs are not included in browsers, so you have to install it yourself.

The result is that a small website operator has four options:

  • Give up on security and expose all the content that moves between their server and their visitors to anyone snooping or logging,
  • Use a self-signed cert3If you’re running your own web services, for example a web-interface to your wifi router or a server or some other device with a web interface, it will probably use a self-signed cert and you’ve probably gotten used to clicking through the warnings, which at least diminishes the blackmail value of the browser warnings as people get used to ignoring them.  Installing certificates in Firefox is pretty easy.  It is a major hassle in Chrome or IE (because Chrome, awesome work Google, great job, uses IE’s certificate store, at least on Windows). Self-signed certs are used everywhere in IT management, almost all web-interfaced equipment uses them.   IBM has a fairly concise description of how to install the certs.  Firefox wins.  to encrypt traffic that will generate all sorts of browser warnings for their visitors in an attempt to extort money from them,
  • Use one of the free SSL certificate services that become increasingly annoying to keep up to date and provide absolutely zero authentication value but will encrypt traffic without generating warnings,
  • Use CACert and ask users to be smart enough to install the CACert root certificate and thus actually encrypt and reasonably securely prove ownership.

And, of course, agitate for rationality: Perspectives and the CACert root should ship with every browser install.

Footnotes

Footnotes
1 You can review a list of the certificates of trusted Certificate Authorities here. Note that the list includes state-agency certificates from countries with controversial human rights records.
2 The hierarchical security model that browsers currently use, referencing a certificate authority, does work well for top-down organizations like companies or the military (oddly, the US Military’s root certificates aren’t included in browsers).  In such a situation, it makes sense for a central authority to dictate what sources are trusted.  It just does not make sense in an unstructured public environment where the “authority” is unknown and their vouch means nothing.
3 If you’re running your own web services, for example a web-interface to your wifi router or a server or some other device with a web interface, it will probably use a self-signed cert and you’ve probably gotten used to clicking through the warnings, which at least diminishes the blackmail value of the browser warnings as people get used to ignoring them.  Installing certificates in Firefox is pretty easy.  It is a major hassle in Chrome or IE (because Chrome, awesome work Google, great job, uses IE’s certificate store, at least on Windows). Self-signed certs are used everywhere in IT management, almost all web-interfaced equipment uses them.   IBM has a fairly concise description of how to install the certs.  Firefox wins.
Posted at 15:50:20 GMT-0700

Category: SecurityTechnology

Copying Text Without the Horrible Formatting

Saturday, August 16, 2014 

Have you ever copied some text off a web page or a document and then gone to paste it in another document or spreadsheet only to find some horribly formatted hypertext pasted in for some bizarre reason, then had to go through the hassle of trying to figure out how to remove the formatting?

Have you ever used Putty or another SSH client that automatically copies highlighted text to the copy buffer and allows pasting with a middle click and wished all programs were this smart?

Has anyone, ever, in the history of using a computer, WANTED to paste formatted text from a web page or drop some idiotic OLE object into their FrameMaker document?  I know I’ve never once wanted that to happen.

Tonight I had to copy a 100 or so mac addresses out of a DHCP list from the web interface of pfSense into an Excel table and each damn time I got stupid formatting and then had to select the cell, select the drop down menu for paste options, select paste as text, repeat.  Holy crap, what the hell were they thinking?  No clue.

None of the paste solutions recommended for Excel worked for me and OpenOffice/Libre were just as screwed up.  But I found some solutions for the copy side for Windows.  Some of the plugins should work on Linux.  If you’re using a Mac, The Steve has already decided how your work is permitted to look and the Apple goons will probably break your fingers if you try to modify formatting.

  • Auto Copy makes Chrome on windowz almost as efficient as a linux application! Copy as text, select to copy. Middle click to paste.  Dang. But it doesn’t seem to always remove formatting (select to copy works reliably though).
  • Copy as Plain text fixes this stupidity on Firefox.
  • UPDATE: Márton Anka is an awesome developer who writes some of the best code on the internet and his plugin PLAINCOPY, is an excellent solution.
  • Autocopy2 adds the incredibly useful select to copy to Firefox.  Once you get used to it, you’ll be frustrated with applications that don’t support it.
  • This edit to maker.ini will prefer pasting plain text (or now UTF8) over OLE2, eliminating that horror from FrameMaker.

It turns out there’s a universal solution for Windows.

  • PureText removes formatting from text on the clipboard and pastes it with an alternate key command (like Windows-V), so even copying from word documents to excel isn’t a horrible nightmare of tedium.

I haven’t yet figured out how to copy images from Firefox to Thunderbird without pasting it as a reference to the original image.  Pasting an HTML reference to remote content means the recipient either doesn’t see the image (because they don’t auto-load remote content or because they don’t have permission to load it or aren’t on-line when they read their mail) or Thunderbird makes a request to the referenced site to load the media creating a privacy violating log entry.  The most convenient solution I’ve found is to paste the image into irfanview first and then copy from there into Thunderbird.

Posted at 15:40:40 GMT-0700

Category: HowToTechnology

What’s Right About PGP

Thursday, August 14, 2014 

Occasionally you find the crankypants commentary about the “problems” with PGP. These commentaries are invariably written by people who fail to recognize the use modality that PGP is meant to address.

PGP is a cryptographic tool that is, genuinely, annoying to use in most current implementations (though I find the APG extension to the K9 mail app on the android as easy or easier to use than the former Enigmail implementation for Thunderbird, since replaced by a less fully featured native implementation.)  The purpose of PGP is to encrypt the contents of mail messages sent between correspondents.  Characteristics of these messages are that they have more than ephemeral value (you might need to reference them again in the future) and that the correspondents are not attempting to hide the fact that they correspond.

It is intrinsic to the capabilities of the tool that it does not serve to hide with whom you are communicating (there are tools for doing this, but they involve additional complexity) and all messages encrypted with a single key can be decrypted with that key. As such keys are typically protected by a password the user must remember. It is a sufficiently accurate simplification of the process to consider the messages themselves protected by a password that the owner of the messages must remember and might possibly be forced to divulge as the fundamental limit on the security of the messages so protected. There are different tools for different purposes that exchange ephemeral keys that the user doesn’t ever know, aren’t protected by a mnemonic password, and therefore can never be forced to divulge).

These rants against PGP annoy me because PGP is an excellent tool that is marred by minor usability problems. Energy expended on ignorantly dismissing the tool is energy that could be better spent improving it.  By far the most important use cases for the vast majority of users that have any real reason to consider cryptography are only addressed by PGP.  I make such a claim based on the following:

  • Most business and important correspondence is conducted by email and despite the hyperventilation of some ignorant children, will remain so for the foreseeable future.
  • Important correspondence, more or less by definition, has a useful shelf life of more than one read and generally serves as a durable (and legally admissible) record.
  • There are people who have legitimate reasons to obfuscate their correspondents: email, even PGP encrypted email, is not a suitable tool for this task.
  • There are people who have legitimate reason to communicate messages that must not be permanently recorded and for which either the value of the communication is ephemeral or the risk is so great that destroying the archive is a reasonable trade-off: email, even with PGP, is not a suitable tool for this task.
  • There’s some noise in the rant about not being sufficient to protect against NSA targeted intercept or thwarting NSA data archiving, which makes an implicit claim that the author has some solution that might provide such protection to end users. I consider such claims tantamount to homicide.  If someone is targeted by state-level surveillance, they can’t use a Turing-complete device (any computer device) to communicate information that puts them at risk; any suggestion to the contrary is dangerous misinformation.

Current implementations of PGP have flaws:

  • For some reason, mail clients still don’t prompt for the import or generation of PGP keys whenever a new account is set up.  That’s somewhat pathetic.
  • For some reason, address books integrated into mail clients don’t have a field for the public key of the associate.  This is a bizarre omission that necessitates add-on key management plug-ins that just make the process more complicated.
  • It is somewhat complicated by IMAP, but no client stores encrypted messages locally in unencrypted form (by default, Thunderbird can do this now), which makes them difficult to search and reduces their value as an archival record.  This has trivial security value: your storage device is, of course, encrypted or exposing your email should your device be lost is likely to be the least of your problems.

PGP is, despite these shortcomings, one of the most important cryptographic tools available.

Awesome properties of PGP keys no other cryptographic system can touch

PGP keys are (like all cryptographic keys in use by any system) long strings of seemingly random data.  The more seemingly random, the better.  They are, by that very nature, nonmnemonic.  Public key cryptosystems, like PGP, have an awesome, incredibly useful characteristic that you can publish your public key (a long, random string of numbers) and someone you’ve never met can encrypt a message using that public key and only your private key can decrypt it: a random stranger can initiate crytopgraphically secure communication spontaneously.

Conversely, you can “sign” data with your “private key” and anyone can verify that you signed it by decrypting it with your public key (or more precisely a short mathematical summary of your message).  This is so secure, it is a federally accepted signature mechanism.

There’s a hypothesized attack called a Man In The Middle attack (often abbreviated “MITM”) that exploits the fact these keys aren’t really human readable (you can, but they’re so long you won’t) whereby an attacker (traditionally the much maligned Eve) intercepts messages between two parties (traditionally the secretive Alice and Bob), pretending to be Bob whilst communicating with Alice and pretending to be Alice whilst communicating with Bob.  By substituting her keys for Alice’s and Bob’s, both Bob and Alice inadvertently send messages that Eve can decrypt and she “simply” forwards Bob’s to Alice using Alice’s public key and vice versa so they decrypt as expected, despite coming from the evil Eve.

Eve must, however, be able to intercept all of Alice and Bob’s communication or her attack may be discovered when the keys change, which is not practical in the real world on an ongoing basis (but, ironically, is easier with ephemeral keys). Pretending to be someone famous is easier and could be more valuable as people you don’t know might send you unsolicited private correspondence intended for the famous person: the cure is widely disseminating key “fingerprints” to make the discovery of false keys very hard to prevent.  And if you expect people to blindly send you high-priority information with your public key, you have an obligation to mitigate the risk of a false recipient.

Occasionally it is hypothesized that this attack compromises the utility of PGP; it is a shortcoming of all cryptographic systems that the keys are not human readable if they are even marginally secure.  It is intrinsic to a public key infrastructure that the public keys must be exchanged.  It is therefore axiomatic that a PKI-based cryptographic system will be predicated on mechanisms to exchange nonmnemonic key information. And hidden key exchange, as implemented by OTR or other ephemeral key systems makes MITM attacks harder to detect.

While it is true that elliptic curve PKI algorithms achieve equivalent security with shorter keys, they are still far too long to be mnemonic.  One might nominally equivalence a 4k RSA key with a 0.5k elliptic curve key, a non-trivial factor of 8 reduction with some significance to algorithmic efficiency, but no practical difference in human readability.  Migrating to elliptic curves is on the roadmap for PGP (with GPG 2.1, now in beta) and should be expedited.

PGP Key management is a little annoying

Actually, it  isn’t so much PGP that makes this true, but rather the fact that mail clients haven’t integrated PGP into the client.  That Gmail and Yahoo mail will soon be integrating PGP into their mail clients is a huge step in the right direction even if integrating encryption into a webmail client is kind of pointless since the user is already clearly utterly unconcerned with privacy at all if they’re gifting Google or Yahoo their correspondence.  Why people who should know better still use Gmail is a mystery to me.  When people who care about data security use a gmail address it is like passing the temperance preacher passed out drunk in the gutter.  With every single message sent.  Even so, this is a step in the right direction by some good people at Google.

It is tragic that Mozilla has back-burnered Thunderbird, but on the plus side they don’t screw up the interface with pointless changes to justify otherwise irrelevant UX designers as does every idiotic change in Firefox with each release.  Hopefully the remaining community will rally around full integration of PGP following the astonishingly ironic lead of the privacy exploiting industry.

If keys were integrated into address books in every client and every corporate LDAP server, it would go a long way toward solving the valid annoyances with PGP key management; however, in my experience key management is never the sticking point, it is either key generation or the hassle of trying to deal with data rendered opaque and nearly useless by residual encryption of the data once it has reached me.

Forward Secrecy has a place.  It isn’t email.

A complaint levied against PGP that proves beyond any doubt that the complainant doesn’t understand the use case of PGP is that it doesn’t incorporate forward secrecy.  Forward secrecy is a consequence of a cryptosystem that negotiates a new key for each message thread which is not shared with the users and which the system doesn’t store.  By doing this, the correspondents cannot be forced to reveal the keys to decrypt the contents of stored or captured messages since they don’t know them.  Which also means they can’t access the contents of their stored messages because they’re encrypted with keys they don’t know.  You can’t read your own messages.  There are messaging modalities where such a “feature” isn’t crippling, but email isn’t one of them; sexting perhaps, but not email.

Indeed, the biggest, most annoying, most discouraging problem with PGP is that clients do not insert the unencrypted message into the local message store after decrypting it.  This forces the user to decrypt the message again each time they need to reference it, if they can ever find it again.  One of the problems with this is you can’t search encrypted messages without decrypting them.  No open source client I’m aware of has faced this debilitating failure of use awareness, though Symantec’s PGP desktop does (so it is solvable).  Being naive about message use wouldn’t have been surprising for the first few months of GPG’s general use, but that this failure persists after decades is somewhat shocking and frustrating.  It is my belief that the geekiness of most PGP interfaces has so limited use that most people (myself included) aren’t crippled by not being able to find PGP encrypted mail because we get so little of it.  If even a small percentage of our mail was encrypted, not ever being able to find it again would be a disaster and we’d stop using encryption.

This is really annoying because messages have the frequently intolerable drawbacks of being ephemeral without the cryptographic value of forward secrecy.

Email is normally used as a messaging modality of record.  It is the way in which we exchange contemplative comments and data that exceeds a sentence or so.  This capability remains important to almost all collaborative efforts and reducing messaging complexity to chat bubbles cripples cognitive complexity.  The record thus created has archival value and is a fundamental requirement in many environments.  Maximizing the availability, searchability, and ease of recall of this archive is essential.  Indeed, even short form communication (“chat” in various forms), which is typically amenable to forward secrecy because of the generally low content value thus communicated, should have the option of PGP encryption instead of just OTR in order to create a secure but archival communications channel.

A modest proposal

I’ve been using PGP since the mid 1990s.  I have a key from early correspondence on PGP from 1997 and mine is from 1998.  Yet while I have about 2,967 contacts in my address book I have only 139 keys in my GPG keyring.  An adoption rate of 4.7% for encrypted email isn’t exactly a wild success.  I don’t think the problems are challenging and while I very much appreciate the emergence of cryptographically secure communications modalities such as OTR for chat and ZRTP for voice, I’ve been waiting for decades for easy-to-use secure email.  And yet, when people ask me to help them set up encrypted email, I generally tell them it is complicated, I’m willing to help them out, but they probably won’t end up using it.  Over the years, a few relatively easy to fix issues have retarded even my own use:

  • The fact that users have to find and install a somewhat complex plugin to handle encryption is daunting to the vast majority of users.  Enigmail is complicated enough that it is unusable without in-person walk-through support for most users.  Even phone support doesn’t get most people through setup. Basic GPG key generation and management should be built into the mail client.  Every time one sets up a new account, you should have to opt out of setting up a public key and there’s no reason for any options by default other than entering a password to protect the private key.
  • Key fields should be built into the address book of every mail client by default.  Any mail client that doesn’t support a public key field should be shamed and ridiculed.  That’s all of them until Gmail releases end-to-end as a default feature, though that may never happen as that breaks Google’s advertising model.  Remember, Google pays all their developers and buys them all lunch solely by selling your private data to advertisers.  That is their entire business model. They do not consider this “evil,” but you might.
  • I have no idea why my received encrypted mail is stored encrypted on my encrypted hard disk along with hundreds of thousands of unencrypted messages and tens of thousands of unencrypted documents.  Like any sensible person who takes a digital device out of the house (or leaves it unprotected in the house), I encrypt my local storage to protect those messages and documents from theft and exploitation.  My encrypted email messages are merely data cruft I can’t make much use of since I can’t search for them.  That’s idiotic and cripples the most important use modality of email: the persistent record. Any mail client should permanently decrypt the local message store unless the user specifically requests a message be stored encrypted, an option that should be the same for a message that arrived encrypted or unencrypted as the client could encrypt mail with the user’s public key on arrival without requiring a password or access to the private key.
  • Once we solve the client storage failure and make encrypted email useful for something other than sending attachments (which you can save, ZOMG, in unencrypted form) and feeling clever for having gotten the magic decoder ring to work, then it would make sense to modify mail servers to encrypt all unencrypted incoming mail with the user’s public key, which mitigates a huge risk in having a mail server accessible on the internet: that the historical store of data there contained is remotely compromised.  This protects data at rest (data which is often, but not assuredly, already protected in transit by encrypted transport protocols using ephemeral keys with forward security.)  End-to-End encryption using shared public keys is still optimal, but leaving the mail store unencrypted at rest is an easily solved at rest security failure while protection in transit is largely solved (and would be quickly if gmail bounced any SMTP connection not protected by TLS 1.2+.)

Fixing the obvious usability flaws in encrypted email are fairly easy.  Public key cryptography in the form of PGP/GPG is an incredibly powerful and tremendously useful tool that has been hindered in uptake by limitations of perception and by overly stringent use cases that have created onerous limitations.  Adjusting the use model to match requirements would make PGP far more useful and far easier to convince people to use.

Phil Zimmerman’s essay “why I wrote PGP” applies today as much as it did in 1991:

What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he’s hiding.

It has been more than 30 years and never has the need for universally encrypted mail been more obvious.  It is time to integrate PGP into all mail clients.

 

Posted at 14:39:09 GMT-0700

Category: FreeBSDLinuxTechnology

Memcached doesn’t compile with -O3

Friday, June 20, 2014 

Most of the ports in FreeBSD compile just fine with -O3, and why not use it?  Not like compile time is a real constraint and one of the features of FreeBSD is that it is actually optimized for the hardware it runs on, rather than being generic, opaque code.

But memcached don’t play that game.  The easy thing to do is modify /etc/make.conf on error, then fix it back after recompiling, but that gets tedious.  The following edit to /etc/make.conf automates the process:

.if empty(.CURDIR:M/usr/ports/databases/memcached*)
CFLAGS= -O3 -pipe -march=native -mtune=native
.endif

.if (.CURDIR:M/usr/ports/databases/memcached*)
CFLAGS= -O2 -pipe -march=native -mtune=native
.endif
Posted at 13:23:41 GMT-0700

Category: FreeBSD

Burnt Outlet

Saturday, March 8, 2014 

Occasionally electrical systems here just catch on fire for no apparent
reason.

burnt_outlet.jpg
Posted at 07:39:27 GMT-0700

Category: OddPlacesTechnology

Wow. “4G”

Friday, December 27, 2013 

This is on T-Mobile USA’s Global Internet.  It is actually a pretty good deal, but note it is massively throttled.

Screenshot_2013-12-30-12-41-45.jpg
Posted at 04:43:35 GMT-0700

Category: Cell phonesPlacesTechnologyTravel

Cactus Farmer

Wednesday, December 25, 2013 

Just a few years back, when I was in 3rd or 4th Grade, my brother and I went to visit David and Jesse Lenat at their Cactus Farm. While we were exploring the green houses, their dad, Richard, gave my brother and I each a cactus to take home.

Mine lived in a small pot near a window through the rest of grade school and high school and then my mom cared for it through college. It grew into a little cluster of pencil thin, green, spiky pads over the years.

After I graduated, moved to California and got an apartment in SF; I was home for Christmas one year and took one of the pads wrapped in tissue to California. It grew well there and now produces big, bright yellow flowers every year.

This Christmas, I stuffed two tiny buds into glass bottles and brought them to Iraq and planted in the yard with one of the cat’s help (paw in the background).

20131223_122142.jpg
Posted at 03:01:17 GMT-0700

Category: CatsGeopostphotoPlaces

« Older Entries Newer Entries »