Category Archives: Trust

Better Credit Card Security

Posted on by
Reply

While talking with a friend, who is enduring some unpleasantness the conversation turned to issues with using credit cards to buy things, like food for example. That got me thinking, how would I design a really strong way to prevent data breaches?

Encrypt everything!

Well, perhaps not that, but hash everything. Here’s what I talked myself into, of course none of this is rational because nobody will effect a planetwide shift in payment processing based on what this yokel has to say, but still, here goes.

Issuing Bank sets up credit account, there are four key fields that are important for the classic transaction, name, number, expiration date, and CVV2. I think one could also establish a timebased one-time-password secret as well, it would operate like Google Authenticator functions. So you’d need a secret that the bank generated for their systems and the physical card too. You’d need a smart chip on the card so it could forward the TOTP code to the credit terminal at the point of sale.

The bank sets up a TOTP secret, so it’s named JQP Credit Card (or account number or whatever) and the secret is: 6B57078FB88A4DD73E447D2647DCEC7D04C3D887951BA6A2D8DBA294E0B60579. This number is forwarded to the credit card terminal. Right now it’s 726995, but in thirty seconds it’ll be something else. Since the credit card terminal and the bank share sync’ed time via time.nist.gov, there is no risk that there would be some sort of mismatch between the two.

The customer goes to the credit card terminal and swipes, a value is entered and a timestamp is recorded, all of this is already parts of a credit transaction. The terminal can read the name, expiration, CVV2, whatever from the magnetic stripe and the smart chip forwards the TOTP code, then the terminal assembles this into a EDI transaction:

JOHN/Q/PUBLIC#1111222233334444#1015#170#726995 and applies SHA256 to it, to create:

621d3dd5a66277a7ab3737f306728e3c4bc5f3cd20c8730c37cc61c6575de0ba

This is stored in a database and then forwarded to the bank with the timestamp, so it’ll look like this:

987654321#621d3dd5a66277a7ab3737f306728e3c4bc5f3cd20c8730c37cc61c6575de0ba#15.09#1426615839

So the bank will be presented with a Customer ID, SHA-256, they’ll have the total dollar amount, and they’ll have Epoch time, or the number of seconds from 00:00:00 UTC, January 1, 1970. This could be easily done by a Linux kernel by the output of date -j -f “%a %b %d %T %Z %Y” “date” “+%s”

The bank would then have everything they need, they’d have the secret key, which with the Epoch time from the transaction would give them the TOTP calculation, which would generate the answer 726995. Then they’d have the card details from the customer ID, the SHA-256, and the amount. They could then calculate the hash on their own:

621d3dd5a66277a7ab3737f306728e3c4bc5f3cd20c8730c37cc61c6575de0ba

And authorize the transaction.

Even if the card details were stolen by someone copying the numbers off the card, they wouldn’t get the TOTP secret. Plus the TOTP secret is changing every 30 seconds. If someone tried to run this transaction and guessed at the TOTP code, they’d generate this:
987654321#a1b714fba988632200c78a5b9021bca5b48f149b036aa901c03173f0f2de5399#15.09#14266158 and the bank would instantly detect this incorrect SHA hash and cancel the card and ship a new one.

This is rather involved but the practical upshot is, if a vendor kept these transactions in a database and someone stole the database to use for their own nefarious needs, the presence of the TOTP and SHA-256 would make the data in the database worthless because the TOTP has no predictable pattern if you don’t know the secret, and SHA-256 is very sensitive to even the smallest change in the input data that it’s hashing. This would free vendors, banks, and customers from risking PII leakage or identity theft.

I’ve also thought that this would be a great way to secure SSN’s as well for use with the government, they know your SSN and you know your SSN, so when communicating over a possibly compromised channel you can authenticate not with your SSN, but with the hash of your SSN.

John Q. Public, 123-45-6789 -> 01a54629efb952287e554eb23ef69c52097a75aecc0e3a93ca0855ab6d7a31a0

Geek Excursions: BitMessage

Posted on by
Reply

Along with my curiosity surrounding Bitcoin, there is a similar technology that has been released for public use called BitMessage. This system is a really neat way to securely communicate in a secure method that involves absolutely no trust whatsoever. It’s a completely decentralized email infrastructure and has captured a lot of my spare attention. BitMessage works a lot like how Bitcoin does, you can create email addresses on the fly, they are a long sequence of random characters that your system can display because you have both a public key and a private key. In a lot of ways BitMessage deals with the biggest problem surrounding PGP/GPG, which is key management. Nobody really wants to manage keys or use the system because it’s extra work. Plus even with PGP/GPG, your identity is written on your keys for everyone to see.

Getting started with BitMessage is a snap. First you need to download the BitMessage client, and you can get that at bitmessage.org. There’s a Windows and Mac client available, you can start it and be instantly attached to the BitMessage network, ready to create new “BitMessage Addresses” and throw them away just as easily. So, for example, you could reach me by sending me a BitMessage to this address: BM-2cWAk99gBxdAQAKYQGC5Gbskon21GdT29X. When you send a message using BitMessage, its to this address and from an address that your client makes, so the conversation occurs securely and since every node has a copy of the data it’s impossible to tell who is getting what information. I think an even more secure method would be to cross BitMessage with a PGP/GPG key. The only problem with a key like that is that classically PGP/GPG keys require that you include your email address as a subkey so that you can be identified by a human-readable email address when looking for your public key or when someone else is looking for it, to verify a signature for example. The PGP/GPG system doesn’t require an email address, you can of course create a public and private keypair using PGP/GPG and make the email address up from whole cloth, and instead just let people know the key ID that you want them to use. So technically if Alice wanted to secretly communicate with me, we could give each other our public keys to start and then use BitMessage as the messaging mule. I don’t see how any eavesdropper could make sense out of any of that data flow. It’s unclear what the contents are, the PGP/GPG encryption keeps the contents of the message secure, and BitMessage itself seriously obfuscates if not outright eliminates being able to tell where the messages are ultimately going to or coming from.

I have to admit that BitMessage is very user friendly and very handy to have. My only issue with it is that I don’t know anyone who uses it, but perhaps this blog post will change that. If you are interested in this bleeding-edge crypto/privacy software, I encourage you to chat me up on BitMessage for serious matters or for fun.

Geek Excursion: Cryptocurrencies

Posted on by
Reply

I’ve been thinking on and off about Bitcoin ever since it was written years ago. Right around the end of last month, in December I thought I would look into it again. Turns out the environment has grown considerably since the last time I looked at it, by leaps and bounds! I figured now would be a great time to dip my big toe into the stream, so I found an online exchange and pursued Bitcoin with them. This exchange was ExpressCoin and the purchase deal was mailing them a US Postal Money order, they’d cash it and then send me the Bitcoin equivalent. Since this was a conversion from Fiat money (in this case United States Dollars) to Bitcoin, the exchange rate was around $330 per Bitcoin. The $10 investment gave me 0.03120712 Bitcoin.

Right after that I started lurking on the Bitcoin subreddit on Reddit and discovered two other currencies, Litecoin and Dogecoin. Then just after that I discovered the Cryptocurrency Faucet websites, places where they hand out free money for proving that you’re human with a captcha, and the off chance that exposing you to advertising will pay for the money flowing out of the faucet.

I still think a great part of all these cryptocurrencies is still quite firmly fixed in the hobbyist framework, the enthusiasts are on the “bright” side of the currency and the speculators are on the “dark” side of the currency. All of these currencies that I’ve engaged with display pretty wild volatility in comparison with any linked Fiat. My buy-in rate was around $330 per Bitcoin, and now weeks later, that’s at $218.87 per Bitcoin. There seems to be two camps developing, the first camp is quite keen on ignoring the Fiat exchange rate and trying to ignite their currencies inside themselves. One of the most positive and tightly knit communities surrounds the Dogecoin. Seeing how the Dogecoin enthusiasts communicate and cope with their currencies volatility is a lesson in lighthearted, altruistic generosity. People who hold Doge appear to be very ready to donate it to other people as encouragement, sympathy, or even on a lark. As you go from Doge to Litecoin to Bitcoin you see a lot less of the pleasantries and a lot more of the cold hard business of currency work and trading.

I think one of the most fascinating parts of these new currencies is how everything is starting from the very beginning – including questions of trust and honor. Because all of these coins are decentralized and unregulated there is no capacity for a “chargeback” mechanism, and when this runs up against mechanisms in other currencies, like the Fiat, where there are “chargeback” mechanisms in place, you run the risk of being seriously defrauded. I completely understand the fear and the very careful progress that these cryptocurrency traders make, but it does speak volumes about just how awful and corrupt some people are. We don’t assume people are trustworthy and honorable, so we need many complicated structures in place to cope with the unknowns. This gap in honor is, I feel, a huge part of what these currencies should work on next. How do you measure honor? How do you establish trustworthiness? I got to thinking about it, and every time I think I have a solution I run into an edge case that blows my concept out of the waters. The only thing that I think might work is arranging honor and trustworthiness in a way similar to the “Web of Trust” that PGP and GPG cryptographic systems rely on to establish trust. PGP/GPG never really took off for mass adoption and that’s always been a very sad thing for me, but I really like the “Web of Trust” idea that they pioneered. That people can trust others when there is reputation on the line, backed by money perhaps, there would need to be some sort of contingency addressing on the line as well. So if Bob wants to establish his trustworthiness and his honor he puts his money on the line for it. But the problem with this is that someone who is not honorable could just come along and lie about Bob and take his money, sending you right back to the start again. It’s fascinating, that Bitcoin decentralized money, but we need to figure out how to decentralize trust as well.

The US Government has done its due diligence in preventing egregious misuse of the Bitcoin currency to be used for illegal purposes by attempting to regulate how centralized exchanges transfer Fiat into the cryptocurrencies. It seems that Bitcoin and all the others are very elegantly designed in so far that despite all these regulations there is a community of individuals willing to operate as nano-exchanges that help bring everything back to its decentralized and unregulated roots. Half of the fun of playing with cryptocurrencies is being at ground zero for all these fascinating developments and arguments and seeing how something so new develops and unfolds.

So far I’ve got some small parts of a Bitcoin, some small parts of a Litecoin, and gobs of Dogecoin. For myself, I am very interested in figuring out ways to secure the relationships between traders, working on terms of honor, trust, and faith. If anyone has ideas that they would like to share, please leave them in the comments below. I would really love a nice conversation about securing honor, trust, and faith between traders.

Apple Watch

Posted on by
Reply

On September 9th, 2014 Apple unveiled their iPhone 6, iPhone 6 Plus, Apple Pay and Apple Watch to the world. It was a really poorly kept secret that Apple was working on a wristwatch, so nobody was really surprised when Apple came out with their new designs. All we didn’t know what to what extent Apple was going to go with the technology.

They released more details on Apple Watch. The more I learned about the device the less I found myself thinking it was a good idea. There are so many places where this new watch is a problem.

Humans Have Limited Attention

We haven’t learned how to properly cope with the iPhone and now Apple is going to release an even more disruptive and attention-stealing device on the population. I’ve heard stories of crackdowns in Chicago where the police were pulling over people who were using their mobile devices while they should be driving their motor vehicles, and then learn that on the heels of the crackdown that the police recorded nearly everyone was breaking the law. Pulling over those people would have effectively shut down the entire highway! We just do not have the proper respect for all the technology in our lives, we cannot cope with these bright shiny attention-stealing devices while we are in command of an even larger device that requires our undivided attention at all times. So now Apple is going to put something even brighter and shinier on our wrists and we’re going to have what little attention that is left between our vehicles and our mobile devices divided again by this cleverness strapped to our wrists.

The tight integration between iPhones and Apple Watch will make our addictions to these devices even more challenging to master as well. Many people I know have a very hard time disconnecting from their devices anyways, now that there is an intimate extension of that device that we wear? I can only see this getting worse for those people who want others attention when we are all physically together. I’ve heard anecdotal stories where entire families sit in one room but nobody talks to anyone else because they are all besotted with their technology. What will this mean when the technology is always with us and on our wrists?

Haptics

The Apple Watch, a wearable device includes technology that includes haptics, or the sense of motion or vibration, both in the user interface with the light tap versus the deep press and the vibrating device buried deep into the watch itself. This will only worsen our abilities to control our attention and in itself is a place where we are going to have trouble. The watch can be paired to another watch and send heartbeats across the network, it’s Apple’s romantic notion of intimate communication. I can foresee a paired watch between a married couple and the husband feels his wifes pulse quicken, he worries that she’s having a stroke or a heart attack and rushes home to find a strange car in his driveway and a strange man in his bed. Cheating spouses is just the tip of the iceberg, this watch could be used to cheat in so many other places – cheat at the Casino with a complicated card-counting or odds-calculating routine piped into the players Apple Watch, or exam cheating by looking at the watch and seeing the letters for the answers appear as drawings on the Apple Watches screen.

How will these situations play out? For cheating spouses, there are the courts, so that’s rather a dull thing, but for the others I could see a new no-watch policy being extended to driving vehicles, entry into a casino, and standardized testing events like the SAT.

Nothing for the Sinister

The one thing that I noticed after discussing the Apple Watch with someone I know who is left-handed, that the device completely abandons functionality for the left-handed amongst us. It’s a hard choice Apple has made. Either you build a right-handed watch and a left-handed watch, or include handedness configurability in your design. It’s obvious after looking at the demo pieces that Apple has nothing set aside for the left-handed of us and have left a significant part of the population out in the cold. They could still use the device, but it will be much more awkward for them to actually use the device. I can see the detraction of non-handedness to be a compelling reason to not go ahead and purchase an Apple Watch.

Another Power Hungry Device

The Apple Watch is power hungry. It needs to charge nightly in order to continue to function. I find myself looking at the function of my wristwatch, a Seiko 5 Analog Automatic and immediately find what I have on the end of my arm, this watch, to be much more useful and compelling than this Apple Watch. My Seiko, if I care for it properly will never need winding as the mechanical automatic winder will never wear down or degrade or stop working. My motions feed the watch, and as long as I wear it every day, just living my life means that my watch will continue to count out seconds and sweep out the minutes and hours. My Seiko cannot do all the things that the Apple Watch can, but it can do the one thing a wristwatch should do very well and that is keep track of time. So far my Seiko has retained proper time for the few months I’ve had it. There is no technology in there that is synchronizing it to atomic time, and there is no need for that precision in my life. A watch that is bound to the power grid seems to be a risk to me, and since the most recent power outage, which for me was last night, the idea that my fancy Apple Watch could run down and just be a chunk of expensive metal and glass really concerns me.

Welcome to the Apple Silo, Penthouse Level

The Apple Watch creates an entire new floor to the Apple lifestyle silo. People are usually drawn in with a consumer device, like an iPod Nano or an iPhone, and then they are buying Macs and now the Apple Watch. I have to admit that Apple has a very good compelling company story, and they are leveraging this story magnificently well. They know that one Apple device usually turns into another, and before you know it you are knee-deep in the Apple Digital Lifestyle. The watch requires the iPhone to function, this is a very bold and possibly hazardous step for Apple to take. All the rest of their devices are independent devices, but this one, this Watch, is utterly dependent on an iPhone to function. I think this is the first fundamental break with the legacy of Steve Jobs and represents a really dangerous case for Apple. They are betting sales on pre-existing devices. That is either very ballsy or really stupid. This will only reinforce the cultural divide between people who flaunt this luxury versus people who do not. If you have an Apple Watch, then you necessarily have an iPhone. I can see this becoming a new and really upsetting hazard in big cities. Before it was a mystery what was plugged into a pair of headphones, it could have been anything from a cheap transistor radio, to a cassette Walkman to an iPod or iPhone. Now it’s really something quite different. If you see someone with an Apple Watch, you know that their iPhone isn’t far away. You are advertising that you have an iPhone to everyone who notices your watch. In small communities where theft and robbery isn’t a problem this won’t even show up on the map, but I foresee in bigger cities like Chicago and New York, that this will take on a new life all its own. A new spate of “Apple Watch” theft events. People getting mugged because of what they have on their wrists marks them out as being ripe for the plucking.

Price

The Apple Watch comes in three editions. There is the plain edition, the sports edition, and the luxury edition. The different editions put an embarrassing irony to the features that the phones are sold around, the replaceable wristbands most specifically. Why couldn’t it have just been one watch with different bands for different editions? Make the initial purchase for the core device and then let people swap out wristbands for the luxury components of the deal, if you want a canvas strap, a rubber one or a gold one, let those be options. Instead of that, there are three distinct Apple Watch varieties.

Then there is the price. $349 for the Apple Watch! In our society, what middle-class person would dangle such an expensive bit of technology on their wrists? Again I’m drawn back to my Seiko 5. The comparison of prices for what I need in a watch is all the reason enough to turn my back on the Apple Watch. My Seiko 5 cost me $70, that’s five times cheaper than the Apple Watch for a device that will never run out of power for as long as I don’t run out of power! It blew my mind, when I saw the price tag on the Apple Watch. I figured this could have been a jubilee celebration from Apple, they have billions of dollars buried in their company treasury, they could have made the Apple Watch a loss-leader for their iPhones, priced it at $70 and it would fly out the doors. Apple would lose money on each unit, but they’d make it up on the back side with all the cultural silo’ing that comes with using a device like an Apple Watch which necessitates an iPhone to go along with it.

Apple is betting that their Apple Watch will play as much as their iPads and iPhones did, selling millions of units. It may sell, and it very well may sell well, but I don’t think that $349 is worth this sort of technology. If it could do more, or if it was independent of the iPhone that might have helped, but it’s expensive, hazardous, and risky. I can’t see it really shining in sales numbers like the other devices did. Apple should have set it’s very lofty estimates for sales of the Apple Watch much lower. It’ll likely have the same sales numbers as the iPod Touch or iPod Nano.

I won’t be buying the Apple Watch. I have everything that I need already. The iPhone I have is enough, and my Seiko 5 does a magnificent job and you can’t beat the features or the price. I can’t imagine anyone I know actually going ahead and buying this thing, but we will see how that all pans out next year when it’s available for sale. This is going to be a hurdle that Apple doesn’t jump over gracefully.

The Graveyard of Good Ideas

Posted on by
1

Earlier today I wrote an email to one of my recruiters who is helping me find gainful employment as best as he can. During this composition it occurred to me that there is definite value in some of these “Really Big Ideas” that I have from time to time. I’ve written about this subject before, but this time I started to consider if there was any way to sell this skill that I have, and that it would be a good thing to write about it and perhaps doing so would ‘seed the clouds’ and maybe help me somehow in the future.

It’s an odd skill with an elusive name. What could it be called? It was something that I only started to understand myself late last year after my 38th birthday. There are a lot of things that go into this particular knack, there is brainstorming, mind-mapping, and extensive applications of imagination. I love the notion of a “Thought Palace” which I picked up from reading a lot of Sherlock Holmes stories and for me, it’s not as structural as it might have been for the protagonist of those stories but the metaphor really rings true for me. It all starts with a problem statement. As I look back on my life I find that this pattern has been with me for a very long time and it’s only recently that I’ve been able to put a finger on it and approach the task of devising what it actually is all about. These problems sometimes are very deep, and sometimes not; sometimes they are filled with deep personal importance and sometimes not. The procedure, if there could be something procedural to it tends to follow the same overall pattern, brainstorming leads to a froth of ideas, images, opening up like a sea of possibilities before me. My mental landscape is littered with all of this material, laying about in boxes and just resting on the metaphorical mental ground. This seems to work even if I don’t brainstorm first, but it seems to hasten the entire operation if I do. The key for me is to quite literally sleep on it. I keep the problem firmly in mind, I’ve got a field of mental raw material littered about my consciousness and then I turn my back on all of it. In a few days, and as oddly as it seems, during a relaxing hot shower or bath usually, the end product arrives in my mind. It is an unusual sensation, just standing under the flow of water and a tightly coiled spring appears in my mind and then uncoils. The problem stands solved before me, and all I have to do is write it all down. I know it will work, and there are indelible certainties that any rough spots couldn’t possibly be show-stoppers.

Examples of these great ideas then get written down. And here is the rub for me personally, that I’ve got what amounts to a rather full suburban graveyard filled with these marvelous and certain to be successful ideas. I have to write them out, and then bury them alive because they are too valuable to actually share. It comes down to idea ownership, to actually make good on all this work that I’ve done for people who never asked me to do the work in the first place. These ideas could be very lucrative to me personally and in my current stage of life, having any of these ideas get stolen and benefitting someone else chills me right to the core.

Some of these ideas I can characterize without having to expose them, because without copyright to protect all this work, I would be exposed, and I can’t stand that risk. The first one was the most elegant and most important to me personally. It took elements that I had picked up in the non-profit philanthropic space that I have been orbiting for the last fifteen years and synthesized a complete plan that could be put into action by any institution of higher learning which would have the effect of integrating admissions, student retention, development and advancement, and also directly harness young alumni engagement. During my time speaking to people in that sphere of influence in Austin Texas last November, I was asked many times especially about young alumni engagement, and it was all I could do to resist not sharing my great design. I can’t trust that my work would benefit me, so the only people I could share it with are my blood kin, who are the only people who would never betray me for greedy purposes. Once I did share my grand design with my kin, the response was very gratifying. It could be a really great way to “have your cake and eat it too” when it came to encouraging and keeping students in higher education and quite possibly also address the giant mountain of student debt that these students are accruing during their time studying in these institutions. The idea that a student could possibly walk away from their Bachelors of Arts and only have to pay $125 for the entire experience was something that took my breath away. The ability to start your life without being chained to a giant millstone of educational debt keeps this particular idea alive, deep underground in a coffin, but alive still.

Then most recently I had the opportunity to interview for a local “hypermarket” style company that has business throughout the region. Quite by accident while reading the background material I had assembled for this interview experience I accidentally began “priming the machine” and the day before my interview with the company I had another one of these spring-loaded epiphanies strike me square in the head. Again it came during a hot shower, and I found myself speed-talking through the entire package of work, as I find that sometimes self-talk helps me retain all the details, sometimes these ideas can evaporate like the memories of dreams. I discovered that I had everything, mental images of whiteboards, hardware lists, procedure binders, business plans, project visions, even so far as to create marketing and a jingle. It would have led the “Point Of Sale” experience to it’s most extreme limit in terms of speed and convenience. It could have been a Holy Grail for this particular company. Alas, the company did not want me for my baser skills and so the idea was boxed up and buried.

The humor of all of this is not lost on me. What a foolish thing, to be struck with amazing work that was totally unbidden, unexpected, and not-asked-for. I seriously doubt there are ways to even approach unveiling these ideas because they come from so far afield that it’s doubtful they are even standing in the same ballpark. What sort of communication channel exists where you can chat up a company and lay all this out on them all at once? It’s impossible without sounding like you are a lunatic crank. Nobody volunteers such work out of the blue, it just isn’t done. It’s a small bit of entertainment imagining a world where this sort of thing is if not expected not ruled out before it can begin. What would such a world look like? People like me who have what amounts to having accidental revelations just wandering in off the street and changing entire market segments and entire industries, blowing up higher education affordability problems and revolutionizing POS systems willy-nilly.

So that leads to the graveyard of good ideas. I wonder how many other people are out there who have similar experiences. How many other life-changing, utterly disruptive epiphanies are buried in shallow graves? Then I get to wondering if all of this is a flash in the pan or if it is like I suspect, a new talent of mine that will be with me for the rest of my life. How many more holes will I have to dig?

PAD 11-15-2013: Understanding of Evil

Posted on by
Reply

Write about evil: how you understand it (or don’t), what you think it means, or a way it’s manifested, either in the world at large or in your life.

Throughout my life I’ve been refining my faith and morality. There are a lot of systems in our world that you can toss in with if you wish and I don’t begrudge anyone their subscription to those models. For myself, I’ve found the best morality to be expressed in The Golden Rule. It’s from this particular framework that I draw my understanding of evil. The rule itself is simple: “Do unto others as you would have them do unto you.” and concludes there. No prohibitions, no strictures, no exceptions. I find this to be very similar to the Bantu concept of Ubuntu. To express your humanity in your relationships with others. I find this to be delightfully and elegantly terse. Nothing longwinded, nothing complicated to understand.

So then evil, it would be the opposite of good and good is defined by the rules of morality. In my case it would be to stray from the Golden Rule, to treat others without any concern for how they treat you. It’s really a matter of spiritual inequality, and I see it as a matter of the grossest ignorance. There are differing levels of evil, there’s the simple kind where people are selfish and ignorant about how their behavior impacts those around them, they spend their lives without any seriously close relationships because they simply cannot be trusted. They can’t form any bond beyond a power relationship and once that relationship is broken, they are shunned worse than if they were just strangers passing on the street. Then there is the more complex form of evil, the type with the full commission of the will. I think of Iago in Shakespeare’s Othello, especially when he settles as being the villain of the tale. It’s in the planning and plotting of evil acts that this form describes for me. I think one of the most poignant forms of evil, in the complex reckoning is that of betrayal. When you’ve invested in someone else, when you have done your level best according to your morality to treat them with Ubuntu, to behave according to the Golden Rule, when you imbue them with trust and hand a part of yourself to them with that trust and then they perform an evil act by ruining that trust and damaging you in the process, there are few true expressions of evil that rise above this. For me, it’s colored by the will. Being simply barbarous is a mindless evil, but when you apply a personal level of willpower and it’s between individuals then it takes on a more unique and deep sense than simply being a rampaging monster.

My understanding of evil is colored by my recent experiences with betrayal. I think that’s why I select betrayal as one of the pinnacle evils, because it cuts so deep. During that experience the sheer number of corrupted souls was breathtaking. It actually caused a crisis of faith, that people could be so wretched, so nasty, and so powerfully evil to another person. I have retained my optimism through these trials because not a day goes by when I can’t find one instance of people following the Golden Rule. So the awfulness in people isn’t pervasive, it’s localized. It’s this fact that helps me retain my faith in humanity.

Then we get to why evil is stupid. Not simply dumb, which indicates a kind of unknowing ignorance, but actively spurning the best option to pursue ends that are powered by selfishness or bigotry. There is an infinitely greater return on investment when everyone conducts themselves well, in my case, according to the Golden Rule. If you retain your moral center and act rightly, you find yourself cultivating the very best of yourself and others and applying that laser focused will towards whatever goal it is that you and in the workplace, your group, is striving after. The world rewards right action, it rewards honesty and goodness and selflessness and it punishes the evil, the selfish, the dishonest and the betrayers. It is not that a few small acts of evil will ruin your life, but that your behaviors of evil will eventually tint your reputation, in how others see you. It ruins relationships and severs connections and makes you less persuasive and powerful because of all of that. Generally those who have been wronged seek revenge but once they have proceeded through the stages of grief for what was done to them, they settle on a nebulous notion that a nameless and faceless force of the Universe will step in at some point to mete out justice. I quite enjoy the name the Hindu faith places on this force, Karma. For those that are wronged, the destination is simply having faith that Karma will eventually mete out the punishment that is right and appropriate. If nothing else, the understanding of this force, named Karma, offers consolation to the wronged. It also provides the wronged a balm which is far better than revenge, which just leads the victim to be exactly like their transgressors, turning the will of the victim against The Golden Rule, for example. That is why revenge is impossible. To satisfy this deep urge to mete out personal justice you break your own moral code and therefore you are no better than those who wronged you.

Those that are evil reap what they sow. They are eventually recognized as their corrupt souls shine through and they wear that mein as their relationships falter and flag. Evil serves nobody. It leaves both the victim and the perpetrator bereft, lesser than they were before and it does nothing to forward any purpose or goals that anyone has. In a certain Darwinian sense, evil does not serve evolutions design, it does not make you strong, it makes you weak, it lessens you. There is no path that evil illuminates which leads to success or strength. It only leads to a downward spiral of corruption and solitude. Instead of being a wholesome part of a greater whole, you are a malformed clattery piece that simply does not fit and eventually you will jog yourself off your pinion and fall on the floor to be swept up in the dustbin of time.

I have faith that those that wronged me, the betrayers that I have had the misfortune to know professionally will eventually reap what they have sown. It won’t be by my hand, but it will be by fate, or Karma, or whatever you call that force. Misfortune will surround them as they reduce themselves. In many ways, that’s what evil really is, it’s the path of reducing yourself, which goes against the natural order of expanding yourself. You are unwanted, unloved, shunned because you eventually wear your evil, the chains you forge in life you wear afterwards.

WIL WHEATON dot TUMBLR, So any journalist passing through London’s Heathrow has now been warned: do not take any documents with you. Britain is now a police state when it comes to journalists, just like Russia is.

Posted on by
Reply

WIL WHEATON dot TUMBLR, So any journalist passing through London’s Heathrow has now been warned: do not take any documents with you. Britain is now a police state when it comes to journalists, just like Russia is..

This post by Wil Wheaton is a really great reminder that when you are traveling, and I wouldn’t necessarily just put this as international to Britain but even when visiting the next town or crossing state lines even. Rights are being trampled everywhere you go, wether it be from a out-of-control cop, a bloodthirsty Sheriffs deputy or even a sticky-fingered TSA agent there is no lack of potential thugs, enemies, and thieves in your midst.

There are ways to secure your data and keep it handy as well. Store everything in an encrypted disk image or TrueCrypt archive on a cloud service like Dropbox or Google Drive and duplicate the same things in your memory sticks. If the thugs take your devices then you can rest assured that all you lost was the material itself, but no content.

I’m surprised that journalists and people who know journalists don’t all use GPG to secure their communications. I would think that if you were a whistleblower or had contact with a whistleblower that these little checkboxes would be foremost on your mind and already checked off.

You can’t trust any government, any cop, or any Vampire to keep their word. This goes for everyone as well, including your carrier and service providers. What should Verizon know? Shit. How about Dropbox? The same. Trust nobody and you’ll be safer than someone who trusted someone else. Trust is earned and right now, very very few people have it.

Encrypt Everything

Posted on by
Reply

Lavabit and Silent Circle have given up when it comes to providing encrypted email communications. Mega plans on providing something to cover the gap and in general the only real way to deal with privacy-in-email is end-to-end encryption. There was talk that at some point email might give way to writing letters and using the US Postal Service but there as well you’ve got Postmasters writing commands taped to mail about how everything has to be photocopied and stored – so even the US Postal Service is full of spies, the only thing the US Postal Service can be trusted to carry is junk mail.

What is the answer? Pretty Good Privacy. PGP, or rather, the non-Symantec version of it which is the GNU one, the GPG. If you really want to keep what you write private when you send it to someone else, the only way to do that is for everyone to have GPG installed on their email system so you can write email using their public key, which converts your email to cyphertext, secure from even the NSA’s prying eyes, and requires your recipient to unlock the message using their secret key, which they have.

I’ve been playing with PGP and GPG now for a very long time and I decided I would at least make a route available if anyone wanted to contact me with privacy intact – my public keys are on my blog, they are also on all the keyservers including the one hosted and run by MIT and the GPG Keyserver as well. To send me a private message via email all you need to do is get GPG, set it up, create your secret and public key, get my public key, use it to write me an email and only I’ll be able to read it. The NSA will just flag the encrypted contents for later analysis and thanks to AES–256, they’ll be hard pressed to get to the plaintext in your message.

That’s the way around all of this. GPG for everything. GPG public keys for email, for chat, for VPN, for files, and HTTP-in-GPG. Everything pumped through GPG. Since the government won’t stop spying on us, it’s our duty as citizens to secure our own effects against illegal search and siezure, and technology exists to do so.

Encrypt everything.

All Set Now

Posted on by
1

Beretta 92FS (left)

Earlier today, around 5pm in the afternoon I decided to swing by the Portage Barnes & Nobles Bookstore and get a snack and something to drink from the Cafe. I sat down with my Nook HD and was enjoying my drink and my snack and everything was going just fine until this one fellow came into the Cafe. He seemed like an average guy and I only briefly glanced at him, I half think because he was sitting adjacent to me and instinctually you just want to see who’s near you. I noticed that he was carrying a 9mm handgun in a holster attached to his belt. This was extraordinarily provocative and I couldn’t not notice it even though I tried.

I have talked at length about this very situation in a hypothetical sense with a loved one and I am fully aware of the Second Amendment to the US Constitution and I’m aware that Michigan has a fully respectable non-concealed carry law on the books. Nothing about this was a crime, illegal, or anything like that. It was however provocative, worrisome, and ultimately repellent.

This situation, now that I’ve been faced with it – and I’ve seen people carry weapons like these before, mostly state cops in their uniforms who stop at the bookstore Cafe for some coffee on their way along I–94, has created a new personal rule for me. None of this touches on honest police officers in their uniforms – it’s a part of their job and they have strict rules and extensive training on the conditions where they can access their sidearm. You don’t get bent at your appointed Gunslinger, Jake. But it has created a new rule for regular folk (or out of uniform police, carrying) that if I see that I will leave. I don’t have to remain anywhere I don’t feel safe, I have a car, I have feet, hell, I had my bike in my car. I could have pedaled away if the car wasn’t going to hack it. It isn’t against the law, and it wasn’t a crime, but it was definitely against my sense of safety and the risk was a bright throbbing red cloud around that gun.

How do you know that a situation won’t come up? Mistakes can be made. People can get weapons who shouldn’t have them and people can get permits to carry who really shouldn’t have them – how do you know? The uniform, or if not that, a displayed badge is enough to settle folk, but just a regular guy with a gun? It’s time to leave. So this is my new rule, it’s just for me and not necessarily for anyone else but if I see someone with a gun I will leave. I don’t have to be anywhere – my liberty guarantees me that and it’s all quite humdrum when you get right down to it. It doesn’t have to upset anyone, think of it as “I have to wash my hair” if it makes you feel any better. Just because people are allowed to do something doesn’t also mean that I have to stay where I do not feel safe. A bookstore is the last place where a gun should be, but that’s my personal opinion and the law is quite clear that the fellow carrying the weapon was in his rights to do such a thing, just as much as it was my right to get up and leave.

I know guns. I was trained by a competent marksman on how to handle various weapons and even how to load ammunition. I have read the Second Amendment and I know the law in Michigan. I would suggest that other people heed their surroundings with more consciousness and see people like the fellow I saw and do what they feel comfortable in doing. Each of us has to behave according to the dictates of our conscience and our morality. For me? Staying in a place where I don’t have to be (like the Barnes & Nobles Bookstore) makes it a snap. I just walk away calmly and quietly. I fully understand that the probability of gunplay is quite on the same level of being struck by lightning or winning the lottery, but what I know of a gun and what I know about the fragility of the human psyche – I’m all set now – Time to go.

I just wish there was a provision for private landowners, or in this case tenants of buildings like Barnes & Nobles to establish a Gun-Free Zone. Why have a gun in a bookstore? The people at a bookstore are not stupid, at least that’s the last thing one would expect, and they’ll likely be quiet introverted types who are averse to danger, risk, or doing something stupid. I look in the mirror for that. I know guns, I know people, and I know that the two really shouldn’t be mixed together – especially in public situations. How can you be sure that someone who has a permit to carry a weapon won’t have a spontaneous psychotic break, a stroke, or even temporal lobe epilepsy? What if they suddenly hallucinate danger? It comes down to risk. If you don’t care, then fine – but I do. People are a mess, on their own they are trouble, but with a gun? Now they are even worse trouble. Trouble waiting to happen.

And that’s what it comes down to. A gun is murder waiting to happen. What point is there in even having a weapon if you aren’t going to kill? It serves no other purpose, especially in a bookstore. You aren’t going to hunt a wild volume of Sherlock Holmes bargain book, it just sits there. It’s people you’ll be hunting instead. I often times wish I didn’t know, that I wasn’t so sensitive, that I could just get along and shrug and pay it no mind – but I just can’t.

So, I move along. All set now. Time to go.

photo by: storem

PAD 5/7/2013 – Key Takeaway

Posted on by
Reply

Give your newer sisters and brothers-in-WordPress one piece of advice based on your experiences blogging.

If you’re a new blogger, what’s one question you’d like to ask other bloggers?

The best advice I can give is to be honest but have control over what you say. Honesty is the best policy, as the old adage is fond of saying and it keeps blogging simple as you don’t need to remember any lies you’ve written in order to keep your blog internally consistent. However, honesty has it’s limits, and that has more to do with sharing and privacy. Depending on why you blog, sometimes you may find yourself wanting to write about something private. I think that assigning posts passwords is a great feature to WordPress and makes sharing securable.

Some things are worth talking about, writing about. Some things you share aren’t really meant for your coworkers of your employer and then the best policy here is to slap a password on the posts and keep them private from wandering eyes.

There are a lot of great reasons too, to blog independently from WordPress.com. Having control over your content, not having to worry about quotas or paying for extra services all make self-hosting with WordPress.org really worth it in the long run, especially with the right hosting provider. I’ve found a lot of the plugins that enrich the self-hosted option of WordPress.org makes the product really shine. Here are some things to look into if you think blogging may be for you:

1. Fixing your .htaccess file on your blog. This can be configured to restrict your blog from foreign browsers. I’ve decided to ban entire countries from reading my blog mostly because I don’t agree with their politics, and in the case of China, I’ve gotten quite tired of comment spam. By limiting incoming traffic from browsers using this file, you can preclude them from ever being a problem. Just because the Internet is global doesn’t mean that you should feel forced to respect that globality.

2. Blacklist & IP Filter – These two plugins help identify unwanted IP addresses that are unwanted on your blog and the plugin IP Filter helps you block those with more configurability than you can get with .htaccess.

3. Akismet and Jetpack really help protect and extend your blog. Every blog I host has these two plugins and once you get them configured properly they add so many wonderful features to your blog that it’s difficult to imagine using the blogs without them.

4. PhotoDropper – This plugin makes searching for and inserting pictures in your blog posts a cakewalk. It takes care of searching for the terms you want, only shows you Creative Commons licensed imagery so you don’t accidentally run afoul of image copyright holders and automatically includes credit lines to your posts to help respect the people who are sharing the imagery you are using on your blog. It’s about as turnkey as I’ve been able to find when it comes to finding and crediting blog pictures that I use to enrich my blog posts.

Beyond plugins it’s also worth it to mention AgileTortiose’s iOS app Drafts. This app makes writing anything, journal entires, emails, and blog posts a snap. You can update on any connected device until you are ready and the destination selector feature makes pushing your updates out to various service a snap. I journal with DayOne and I post to WordPress using Poster. Drafts has options for these other apps and a dizzying array of more just for the tapping.