Posts

Thursday Morning: Two Too Good

I would post this video every week if I could get away with it. It’s a favorite in my household where three of us play string instruments. I’ve blown out speakers cranking these guys up as far as I can (shhh…don’t tell the dude in charge of speaker maintenance here).

You’ll note this post is pushed down the page as Marcy’s last two posts about #AppleVsFBI (here and here) have been picked up by several news outlets. Let’s let new readers have the rail for a bit.

NC and GA state legislatures wreaking bigoted havoc
Regressive bills allowing open practice of anti-LGBT bigotry have been working their way through states’ legislatures in the wake of Burwell v. Hobby Lobby Stores, Inc. Indiana and Arizona are two examples where bills using a template based on the federal Religious Freedom Restoration Act (RFRA) have been passed. Arizona’s governor Jan Brewer made an unusually rational move and vetoed the bill. Indiana did not, and many organizations protested until an amendment was passed modifying SB 101‘s worst component.

Georgia’s legislature passed their own spin on RFRA, The Free Exercise Protection Act; the bill is now in the hands of Gov. Nathan Deal, who has until the first week of May to sign it into law. The state has an emerging film and TV production industry, home to popular shows like AMC’s The Walking Dead. Disney and its subsidiary Marvel yesterday announced they would yank production out of Georgia if Gov. Deal signed the bill. AMC followed suit and announced it too would pull out of Georgia. Other corporations with business interests in GA, like The Dow Chemical Company, are also unhappy. How many more companies will it take before Deal wises up and vetoes the bill or demands amendment?

Sadly, North Carolina’s GOP-led legislature rushed through a bill yesterday with a slightly different spin — like a proof-of-concept for the rest of the states where RFRA bills have been unable to gain traction while avoiding the potential for boycotting leveraged against the governor. Anti-transgender fear-mongering was used to force HB2-Public Facilities Privacy & Security Act through while avoiding “religious freedom” as a promotional feature. It was signed into law yesterday by NC’s jackass governor, Pat McCrory, who tweeted,

Ordinance defied common sense, allowing men to use women’s bathroom/locker room for instance. That’s why I signed bipartisan bill to stop it.

I signed bipartisan legislation to stop the breach of basic privacy and etiquette, ensure privacy in bathrooms and locker rooms.

Except that HB2 not only overturns local ordinances protecting LGBT persons, it prevents transpersons from using the facilities appropriate to their transgender, and it allows businesses to post notices they will not serve groups. Welcome back, Jim Fucking Crow.

The bill was not truly bipartisan, either. Although 14 idiotic state house Democrats voted for the bill, the entire Democratic state senate caucus walked out in protest rather than vote on the bill at all. Methinks NC Dem Party discipline needs a little work, and state house members need a little less bigotry.

Speaking of which, DNC was typically ineffectual, offering a bunch of jargon instead of straight talk about NC’s discrimination. Are there any groups at all the DNC under its current leadership will really extend any effort except for corporations?

The speed at which the bill passed through NC’s legislature during an “emergency” session — because making sure the body parts align with the identity on the bathroom door is an emergency! — may have prevented the state’s largest employers from responding appropriately. Let’s see if NC’s largest employers, including University of North Carolina, Time Warner Cable, Duke Energy, Bank of America, Wells Fargo, Merrill Lynch, and the many sci-tech companies of Research Triangle, will wise up and demand an end to the ignorance and bigotry of Public Facilities Privacy & Security Act.

Finished digging out here after a late season snow storm, now serving up a hot dish brunch casserole made with a mess of oddments.

  • Diebold buys German competitor Wincor Nixdorf (Bloomberg) — wonder how this industry shakes out as mobile payment systems become more popular and more widely accepted.
  • Speaking of mobile payment systems: Apple Pay expected to expand to apps and websites before Christmas shopping season (FastCompany) — expected to take a bite out of PayPal’s market share, but if transactions are conducted online, this could eat into other payment processing systems. Need the importance of encryption be pointed out yet again, too?
  • Apple’s new, smaller iPhone SE available for pre-orders today (BusinessInsider) — also iPad Pro. Already hearing strong interest from a lot of women about the smaller phone; they’ve been unhappy with the increasing size of iPhones.
  • Nielsen TV ratings data will begin tracking streaming equipment brands (FastCompany) — their data will be based on 40,000 households, though. Apparently sales of streaming equipment like Apple TV, Chromecast, Roku aren’t granular enough for firms acquiring content consumption data. Wonder how long before Nielsen itself is replaced by network sniffing?
  • Related? Funny how Iran is the focus of the first, but not mentioned in the second:
  • AI-written novel survives first round in Japanese literature contest (DigitalTrends) — and you thought it was just the news that was generated by robots.

That’s a wrap, catch you tomorrow morning!

Tuesday Morning: Été Frappé

[graphic: Map of Belgian attacks 22MAR2016 for Le Monde via Eric Beziat]

[graphic: Map of Belgian attacks 22MAR2016 for Le Monde via Eric Beziat]

Whatever I was going to write today has been beaten into submission by current events.

Woke up to news about alleged terror attacks in Belgium — social media was a mess, a deluge of information with little organization. Best I can tell from French language news outlets including Le Monde, the first attack was at 8:00 a.m. local time at the Zaventem Airport just outside Brussels. The second attack occurred at the metro station Maelbeek at 9:11 a.m. Both attacks appeared use bombs, unlike the Paris attack this past year — two at the airport, one at the metro. Reports indicate 15 deaths and 55 seriously injured so far.

A third explosion reported in the city at a different location in the city of Brussels has been attributed to the controlled detonation of a suspicious package after the second attack.

In the time gap between the two attacks, one might suppose many law enforcement and military would have gone to the airport to respond to the first attack. Was there synchronization by planned schedule, or was there coordination by communication?

However, communications may have been difficult as telecom networks were quickly flooded. How soon were the telecom networks overloaded? Or were the networks throttled for observation? We may not ever know.

It’s worth reexamining what Marcy wrote about the communications found after Paris attack (here and here). It may be relevant if the same practices were used by the attackers in Brussels.

Important to note that Paris terror attack suspect Salah Abdeslam was arrested March 18 in a raid in Brussels. He is believed to have transported several of the attackers to the Stade de France just before the November 13 attack. Abdeslam may have been one of several suspects who fled from another earlier raid during which another suspect was killed.

Still working on the order issued late yesterday vacating today’s planned hearing on #AppleVsFBI. The order is here.

UPDATE — 9:30 a.m. EST — Marcy will be posting in a bit about the #AppleVsFBI hearing that wasn’t.

Another interesting story that broke in France today: French Supreme Court affirmed a previous lower court decision which ruled legal the wiretapping of former president Nicolas Sarkozy. Sarkozy has been under investigation for various forms of influence peddling since 2010, including receipt of campaign funds from Libya’s Muammar Gaddafi in 2007.

UPDATE — 1:00 p.m. EST/5:00 p.m. London/6:00 p.m. Brussels, Paris —

Now into the post-emergency recovery stage — all manner of political functionaries and talking heads have offered their two bits on this morning’s attacks. Three days of mourning have been declared in Belgium. Pictures of the alleged bombers at the airport taken by security video camera have now been published. The airport attackers detonated their weapons in the pre-security check-in area. 34 deaths have now been reported as a result of the attacks for which ISIS has now claimed responsibility. Across the Channel, the UK remains on alert for multiple attacks after last week’s raid in Brussels; UK travelers have been discouraged from traveling to Brussels.

Timeline (via Agence France-Presse)

22 mars Peu après 09h00/22 March Shortly after 9:00 a.m.
Explosion dans la station de métro Maelbeek.
Explosion in the Maelbeek metro station.

22 mars 08h00/22 March 8:00 a.m.
Deux explosions a l’aeroport. Possible kamikaze.
Two explosions at the airport. Possible suicide bomber.

21 mars/21 March
[Suspect] Najim Laachraoui, dont l’ADN a été retrouvé sur des explosifs, identifié et activement recherché.
Najim Laachraoui, whose DNA was found on explosives, identified and actively sought.

18 mars/18 March
Salah Abdeslam arête à Molenbeek.
Abdeslam Salah arrested in Molenbeek.

15 mars/15 March
Fusillade, quartier Forest – Mohammed Belkaid, lié aux auteurs de attentats de Paris du 13 novembre est tué. Empreintes de Salah Abdeslam retrouvées.
Shooting, Forest district – Mohamed Belkaid, linked to Paris attack planners of November 13, killed. Footprints of Salah Abdeslam found.

Are the Authorities Confusing a PRISM Problem with an Encryption Problem?

CNN has its own version of updated reporting from the Paris attack. It provides a completely predictable detail inexplicably not included in the weekend’s big NYT story: that the one phone with any content on it — as distinct from a pure burner — had Telegram loaded on it.

Several hours earlier, at 2:14 p.m., while they were still at the Alfortville hotel, the Bataclan attackers had downloaded the encryption messaging app Telegram onto their Samsung smart phone, according to police reports. No recovered content from the messaging app is mentioned in the French police documents, suggesting there were likely communications by the Bataclan attackers that will never be recovered.

As well as offering end-to-end encryption, the Telegram messaging app offers an option for users to “self-destruct” messages. At 4:39 p.m. on November 13, one of the attackers downloaded detailed floor plans of the Bataclan venue onto the Samsung phone and conducted online searches for the American rock band playing there that night, the Eagles of Death Metal.

I predicted as much in my post on that NYT story.

My suspicion is that, as had been reported, rather than emails ISIS relied on Telegram, but used in such a fashion that would make it less useful on burner phones (“secret” Telegram chat are device specific, meaning you’d need a persistent phone number to use that function). But if these terrorists did use Telegram, they probably eluded authorities not because of encryption, but because it’s fairly easy to make such chats temporary (again, using the secret function). Without Telegram being part of PRISM, the NSA would have had to obtain the metadata for chats via other means, and by the time they IDed the phones of interest, there may have been no metadata left.

If ISIS’ use of Telegram (which was publicly acknowledged when Telegram shut down a bunch of ISIS channels in the wake of the attack) is what anonymous sources keep insisting is an encryption problem, then it suggests the problem is being misportrayed as an encryption one.

True, Telegram does offer the option of end to end encryption for its messaging. There are questions about its encryption (though thus far it hasn’t been broken publicly). So it does offer users the ability to carry out secret chats and to then destroy them, which may be where the concern about all the “scoured” “email” in the NYT piece comes from, the assumption these terrorists have used Telegram but deleted those messages.

But as the Grugq points out, it’s a noisy app in other ways that the NSA should be able to exploit.

Contact Theft

When registering an account with Telegram, the app helpfully uploads the entire Contacts database to Telegram’s servers (optional on iOS). This allows Telegram to build a huge social network map of all the users and how they know each other. It is extremely difficult to remain anonymous while using Telegram because the social network of everyone you communicate with is known to them (and whomever has pwned their servers).

Contact books are extremely valuable information. We know that the NSA went to great lengths to steal them from instant messenger services. On mobile the contact lists are even more important because they are very frequently linked to real world identities.

Voluminous Metadata

Anything using a mobile phone exposes a wide range of metadata. In addition to all the notification flows through Apple and Google’s messaging services, there is the IP traffic flows to/from those servers, and the data on the Telegram servers. If I were a gambling man, I’d bet those servers have been compromised by nation state intelligence services and all that data is being dumped regularly.

This metadata would expose who talked with who, at what time, where they were located (via IP address), how much was said, etc. There is a huge amount of information in those flows that would more than compensate for lacking access to the content (even if, big assumption, the crypto is solid).

He spends particular time on Telegram’s Secret chat function (the one that allows a person to destroy a chat). But he doesn’t talk about how that might play into the extensive use of burners that we’ve seen from ISIS. Secret chats are device specific (that is, they can be sent only to a numbered device, not an account). That would make the function very hard to integrate with disciplined burner use, because the whole point of burners is not to have persistent telephone numbers. How will a terrorist remember the new number he wants to associate with a Telegram secret chat? Write it on a piece of paper?

In other words, it seems you could use one (disciplined burners) or another (full use of Telegram with persistent phones), the latter of which would provide its own kind of intelligence. It may well be ISIS does merge these two uses, but if so we shouldn’t expect to see Telegram on their true burner phones. Plus, assuming the bearer of the phone speaks that dialect the Belgians were struggling to translate, voice calls on burners would be just as useful as transient use of Telegram.

But that’s probably not the real problem for authorities. In fact, if known terrorists had been using, say, WhatsApp rather than Telegram for such encrypted chats, authorities might have had more information on their network than they do now. That’s because WhatsApp metadata would be available under PRISM, whereas to get Telegram data, non-German authorities are going to have to go steal it.

If that supposition is correct, it would suggest that the US should drop all efforts to make Apple phones’ encryption weaker. So long as it has the presumed best security (notwithstanding the iMessage vulnerability just identified by researchers at Johns Hopkins), people from around the world will choose it, ensuring that the world’s best SIGINT agency could have ready access. If Telegram is perceived as being better — or even being close, given the location — people of all sorts will prefer that.

That won’t give you the content, in either case (even if you had the Moroccan translators you needed to translate, if that indeed remained a problem for authorities). But you’re better off having readily accessible metadata than losing it entirely.

Monday Morning: Synthesized Brain

When you need a break this hectic Monday morning, take five minutes and watch ANA from Factory Fifteen. I’m intrigued by the props and set — how much is CGI, and how much is actual production line? What company allowed this production company access to their equipment?

Though snappy and visually engaging, the story’s not realistic — yet. But much of the equipment on the production line is very close to that used in manufacturing today. And just as depicted in this short film, the weakest link is the human.

Worth keeping in mind this week as we plow deeper into the conflict at the intersection of humans and devices. Speaking of which…

Apple-heavy week ahead

  • Hearing in California tomorrow in front of Judge Sheri Pym over the San Bernardino’s shooter’s iPhone. Be sure to read Marcy’s take on the hearing and witnesses.
  • WLTX of Columbia SC posted a timeline of #AppleVsFBI events — unfortunately, it starts on February 16 with Judge Pym’s order to Apple.
  • NYT reported last week that Apple employees may quit if Apple is ordered to cooperate and write security-undermining code. But is this a deliverable in itself? The article offered an incredible amount of detail about Apple’s operations; if employees quit, any entities observing the technology company will know even more. Has this shakedown been designed to yield information about Apple’s operations, while risking corporate and personal security?
  • Apple will release information about new products today at a media event. The buzz may be less about the new products than the hearing tomorrow.
  • An iPhone 6 bursting into flames during a flight to Hawaii didn’t help Apple. One might wonder why this particular phone flamed out so spectacularly as it’s a relatively new device.

HEADS UP TECH USERS

  • Kindle users: Amazon is forcing a mandatory update across all its older Kindle reader devices. Deadline: TOMORROW MARCH 22 — after that date, users will have to manually update devices and download books via PC and not over the internet.
  • Tweetdeck users: Owner Twitter will kill the Windows app on April 15th. After that time, Windows-based users will need to use a browser. Can’t blame Twitter–it’s ridiculously expensive to write and service so many apps when the same devices usually have a browser.
  • Android users: 1) Protect your privacy and security by checking these settings; 2) Check this setting, stat, to prevent unauthorized access.
  • Nexus users: Make sure you have the latest patch issued last week. All other Android users should nag their equipment makers for their version of the same patch.

Before the machines complete their occupation of our world…

  • Nice read on law emerging with the rise of robots. Too bad none of them really incorporate Asimov’s Three Laws of Robotics. (The Atlantic)
  • Want to bet the overlords will argue workers should be paid less because they don’t have to work as hard wearing an exoskeleton — like these at Panasonic? (By the way, DARPA, that’s yet another commercially-developed exoskeleton near release; where’s yours/ours?) (Mashable)
  • Artificial intelligence already pitted against humans by those bloody banksters. Watch this video and ask yourself if this guy from Global Capital Acquisitions realizes there are humans at the nodes of the investment network whose lives are affected by his blah-blah-blah-babbling about artificial intelligence. STG he could be a machine himself. (Bloomberg)
  • Myths about AI busted – another solid read. Combined with the preceding Bloomberg bankster video it reinforces AI threat awareness. (Gizmodo)

After watching that video at Bloomberg, I think we’re a lot closer to ANA than we realized. Watch your backs — Monday is certainly gaining on you, if robots aren’t.

Friday Morning: F for Free and Favorite

Congratulations! You made it to another Friday! The end of the week means jazz here, until I run out of genres. This Friday I’m not covering a genre, though. I’m pointing you to one of the most surprising and utterly awesome gifts jazz lovers and historians could get.

1,000 hours of free jazz, ready to download.

Holy mackerel! I almost fainted when @OpenCulture tweeted last week about David W. Niven’s collection shared with the public at Archive.org. Just as amazing is Niven’s commentary, providing context we would never otherwise have about each piece.

I’ll embed some Louis Armstrong at the bottom of this post to get your weekend started. Mark this collection as one of my favorite things ever.

Malware discovered, targeting non-jailbroken Apple iOS devices in China
This is the second China-specific malware that researchers at Palo Alto Networks have found this year. Gee, why China?

UK’s Labour Party wankers want ‘Snoopers’ Charter’ because Snowden
Just the wankers, mind you, though it’s hard to tell which MPs were the wankers as Labour and SNP sat on their hands during the vote for the Investigatory Powers Bill (IPB), not wanting to appear obstructive. Fondly called the ‘Snoopers’ Charter,’ the bill replaces Regulation of Investigatory Powers Act (RIPA) and passed in the House of Commons on its second reading. The bill allows the UK government to amass all Internet Connection Records (ICRs) for a year’s time, including telecommunications connections. Restrictions on which government entities have access to these records and for what purpose is muddy at best, and the cost of collecting and storing these records will be borne by the network service providers who in turn will need to raise their rates. Sane people understand the IPB as passed is atrocious. The bill would not have passed the second reading at all had all of Labour and the SNP voted against it, but a number of wankers argue Edward Snowden is reason enough to dragnet the entire UK’s internet activity — which makes no sense whatsoever, based on the bill’s current formulation. The ‘Snoopers’ Charter’ now enters the Committee Stage, where it’s hoped somebody catches a cluestick and puts the brakes on this current iteration of government panopticon.

U.S. National Highway Traffic Safety Administration and FBI warn about automobile hacking
Hmm. A little late to the party after at least four different vulnerabilities were revealed over the last year, but better late than never. Rather annoying the public needs to be on guard against automakers’ naiveté/stupidity/hubris.

Google’s parent Alphabet selling its robot division Boston Dynamics
Remember the creepy four-legged robot ‘Big Dog’? It and its developer are up for grabs. Google (before it became Alphabet) bought Boston Dynamics in 2013, but now finds the firm doesn’t fit its strategy. Worth noting differences in reaction to the news:

The tone of the MIT Review piece — technology’s coolness is sufficient rationale for its creation and existence — offers interesting insight, explaining how awful technology ends up commercialized in spite of its lack of fitness.

Let’s call it a week and get on with our weekend. Have a good one!

Thursday Morning: A Little Green Around The Gills

Happy St. Patrick’s Day to those of you who observe this opportunity to drink beer (tinted green or otherwise) and eat boiled dinner and wear green! We’ll know the hardcore among you tomorrow by your hangovers.

Folks overseas don’t understand how St. Patrick’s Day blew up to the same proportions as other holidays like Halloween, blaming it on American commercialization. But the holiday as observed in the U.S., like Halloween, has roots in immigration. Four to five million Irish immigrated to the U.S.; their descendants here are nearly 40 million today, roughly seven times the number of actual Irish in Ireland now. With this many Irish-Americans, even a tepid observation of St. Patrick’s Day here would be visible abroad.

In addition to all things green, we’ll be watching this week’s second #FlintWaterCrisis hearing. Representatives Chaffetz and Cummings can go all shouty on Michigan’s OneLawyeredUpNerd Governor Rick Snyder and EPA’s Gina McCarthy though I have my doubts anything new will emerge. (And you’ll see me get really angry if Rep. SlackerForMichigan Tim Walberg shows up to merely make face on camera. Useless helicoptering.)

Unlike Tuesday, I hope like hell somebody brings up Legionnaire’s cases and deaths in Flint after the cut-over of Flint’s water to Flint River. Thousands of children may have been permanently poisoned by lead, but people sickened and died because of this complete failure of government-as-a-business.

I can’t stress this enough: There were fatalities in Flint because of the water.

Hearing details – set a reminder now:

Thursday 17-MAR — 9:00 AM — Gov. Snyder (R-MI) & EPA Head McCarthy: House Hearing on Flint, MI Water Crisis (est 3 hours, on C-SPAN3)   Link to House Oversight Committee calendar entry

You can find my timeline on Flint’s water here — as noted Tuesday, it’s a work in progress and still needs more entries.

Moving on…

Apple leaves Amazon for Google’s cloud service
Wait, what?! File under ‘Wow, I didn’t know!’ because I really though Apple housed all its cloud services under its own roof. I mean, I’ve written about data farms before, pointed to a new Apple location. I didn’t know Apple had outsourced some of its iCloud to Amazon.

Which makes Senator Ron Wyden’s remarks about asking the NSA with regard to the San Bernardino shooter’s iPhone even more interesting.

No wonder Apple is moving to Google, considering Amazon’s relationship with certain government agencies as a cloud service provider. Some of Apple’s data will remain with Amazon for now; we might wonder if this is content like iTunes versus users’ data. Keep your eyes open for future Apple cloud migrations.

US Navy sailors’ electronic devices combed for data by Iran
Gee, encrypted devices and communications sure are handy when members of the military are taken into custody by other countries. Too bad the Navy’s devices weren’t as secure as desired when Iran’s navy detained an American vessel in January this year. To be fair, we don’t know what all was obtained, if any of the data was usable. But if the devices were fully encrypted, Iran probably wouldn’t have said anything.

American Express’ customers’ data breached — in 2013
Looks like a select number of AmEx customers will receive a data breach notice with this explanation:

We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.

The breach happened on December 7, 2013, well into the Christmas shopping season, but we’re just finding out now? “Third party service” means “not our fault” — which may explain why AmEx shareholders (NASDAQ:AXP) haven’t been notified of a potential risk to stock value as yet. Who/what was the third party service? Where’s their notification to public and shareholders?

I need to brew some coffee and limber up before the hearing on Flint, track down my foam footballs and baseballs to throw at the TV while Gov. Snyder goes on about how sorry he is and how he’s going to fix Flint’s water crisis. Oh, and find an emesis basin. See you here tomorrow morning!

Wednesday Morning: Place Your Bets

About 11:00 a.m. EST today President Obama will announce his nominee to the Supreme Court to fill Antonin Scalia’s seat on the bench.

Apart from Sri Srinivasan, widely mentioned as the likely nominee, who is a possible candidate? Share your guess and then place your bets on Most-Likely Nominee and offer odds on a recess appointment.

Heads up: Your browsing could put you at risk of ransomware
I suppose the news that really big and popular sites were afflicted by ransomware within the last week explains why I had yet another Adobe-brand update pushed at me. Sites affected included The New York Times, the BBC, MSN, and AOL, along with others running a compromised ad network serving ransomware.

PSA: Make sure all your data files are backed up off your PC, and have access to software to rebuild your machine, in case your device is held for ransom.

#AppleVsFBI: Apple filing in California yesterday
Funny how different the characterizations of the 26-page filing. Here’s two:

  • The Guardian (emphasis mine):

    Apple’s lawyers tried to lower the temperature in the company’s fight with the US government on Tuesday, telling a federal judge that America’s Justice Department is well-meaning but wrong in its privacy standoff with the iPhone maker.

  • Forensic scientist Jonathan Ździarski: “Here, Apple is saying, ‘If it pleases the court, tell the FBI to go fuck themselves.'”

Zika virus: even uglier than expected

Stray cats, rounded up…

  • DARPA appeals to Maker/DIY/geek-nerd types, asks them to weaponize everyday devices (IEEE Spectrum) — I find this incredibly creepy; why is DARPA doing this, if the point is to prevent harm to the public from consumer products? Why not FTC/FCC/DOE instead of the military? And what happens to the feckless DIYer who accidentally hurts someone in the course of trying this stuff at home? Will DARPA indemnify them? Or are these informal adjuncts supposed to assume liability though they are doing military and law enforcement research? And what about the participants — will their identities be “harvested” for unspecified use in the future? So much stupid.
  • US transport secretary Anthony Foxx says, “It’s not a surprise that at some point there would be a crash of any technology that’s on the road,” (The Guardian) — in regards to the recent crash of a Google self-driving car with a bus. If it’s not a surprise, why are these on the road so soon? Don’t argue humans crash; these driverless vehicles are supposed to be BETTER than humans, and the public’s roadways shouldn’t be corporate laboratories.
  • PA man charged with phishing celeb women to gain access to their personal photos and videos (The Guardian) — Oddly, he’s not charged with distribution of the celebs’ pics in what became known as ‘The Fappening.’ A perfect example of the kind of crime which would be made easier and more widespread if Apple’s security was weakened — and law enforcement struggles with tackling it now.

That’s a wrap, for now, furballs all cleaned out of the holding bins. See you tomorrow morning!

Monday Morning: Feeling Rather Mussorgsky

It’s not even 7:00 a.m. here as I start to write this post, and the day is already frantic — like Mussorgsky’s Night on Bald Mountain. I don’t expect a placid ending to the first day of this week, either.

Strap in, lock and load.

Volkswagen on a roll — downhill, fast

  • A former employee who worked at the Michigan-based Volkswagen Group of America’s data processing center filed suit for wrongful termination. The employee lost their job after warning against data deletion after the U.S. Department of Justice ordered VW to halt normal data deletion processes to preserve potential evidence. Michigan is an at-will state, meaning employees can be fired for any reason at any time if they do not have a contract. However, employers may not fire workers in retaliation for refusing to do illegal acts or for reporting violations of health and safety code. Not a sketchy situation at all…this case might be an opportunity for discovery.
  • VW cutting jobs back home in Germany, with administrative roles taking the biggest hit. At the same time, VW says it intends to hire more software and technology personnel as it shifts away from traditional automotive technology. Huh — not a move I would expect when VW clearly hasn’t a handle on electronic vehicle technology.
  • Car sales are up 6.3 percent in the EU, but VW-brand car sales are off 4 percent. Ford and GM’s Opel picked up what VW lost in terms of sales.

Asking oranges from Apple

  • USDOJ hint-hints with little subtlety it will demand Apple’s source code. By subtlety, I mean a footnote shaped like a cudgel in its response to #AppleVsFBI:

    The FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature.

    The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple programmers.

    You can read Marcy’s take on the USDOJ’s Lavabit gambit for more.

  • The mega-sized tech companies who support Apple are now doubling down on encryption. Couldn’t see that coming, huh?
  • Some speculate WhatsApp as a communications technology may be the next focus of law enforcement in wake of #AppleVsFBI.
  • John Oliver does a Deep Dive into #AppleVsFBI — amusing take, but Oliver and his writing team have far too simplistic a take on this case. It’s not just that FBI wants a ‘master key,’ or that the FBI relies on All Writs to make its demand on Apple. It’s about forcing a company to create something entirely new, and something that’s not intrinsically part of its product.

Another energy industry executive dead
Josh Comstock, CEO of C&J Energy Services in Houston, Texas, died unexpectedly on Friday. He passed away in his sleep at age 46. Comstock was a supporter of NHRA drag racing. His company, which provided hydraulic fracturing (fracking) services, lost considerable value over the last year with the sharp drop in oil prices and field development.

Oil dudes are under a lot of stress these days.

And it being a Monday, so are we. Relax when you can, gang. I’m clocking out.

Friday Morning: Lovely

We made it to Friday! Yay! And that means another jazz genre. This week it’s shibuya-kei, a sub-genre/fusion born of Japanese jazz. Our sample today is by Kenji Ozawa. Note how damned perky it is, blending jazz elements with pop and synthpop. Its cuteness might also be described as kawaii, but that’s a whole ‘nother topic.

Some other shibuya-kei artists you might want to try are Paris Match (Metro), Aira Mitsuki (Butterly), Maki Nomiya (Shibuya-kei Standards), Takako Minekawa (Plash), and Kensuke Shiina (Luv Bungalow).

Get your mellow on and jazz your Friday up.

Urgent: Update Adobe Flash immediately if you apply patches manually
Go to this Security Bulletin link at Adobe for details. The update fixes 23 vulnerabilities, one or more of which are being used in exploits now though information about attacks are not being disclosed yet. And yes, this past Tuesday was Patch Tuesday, but either this zero-day problem in Flash was not known then, or a solution had not yet been completed, or…whatever. Just make sure you check all your updates, with this Adobe Flash patch at the top of the list.

USDOJ doing its PR thing on #AppleVsFBI
After reports this week that FBI director James Comey was a political liability in the case against Apple, U.S. Attorney General Loretta Lynch appeared on Stephen Colbert’s The Late Show to make the case for Apple writing code as requested by USDOJ. She said,

“First of all, we’re not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone. We’re asking them to do what their customer wants. The real owner of the phone is the county, the employer, of one of the terrorists who is dead,”

Right. And my iPhone-owning kid wants a ham sandwich — will Apple write an app on demand for that, just because my kid’s the owner of the iPhone?

Look, nearly all software is licensed — the San Bernardino shooter’s iPhone may be property of the county that employed him, but the iOS software is property of Apple. Maybe Lynch needs a ham sandwich, too, a little boost in blood sugar to grok this point.

Volkswagen’s Terrible, No Good, Very Bad Week continues

  • Looks like VW’s U.S. CEO Michael Horn bailed out because he butted heads with the Holzkopfs in German leadership (Jalopnik)
  • By butting heads, that is to say, Horn dislikes the idea of jail time (Forbes) — though naming executives is pro forma on such lawsuits, if Horn was only in his role for roughly 18 months and this fraud goes back 8-9 years, AND Germany’s executive team disagreed with Horn’s proposal for U.S. dealers and vehicle owners, he’s reasonably twitchy about sticking around.
  • VW updated its emissions standards defeat code after its existence was revealed (Forbes) — wanna’ bet it was a software patch?

Stray cats and dogs

  • White House wants +20M more Americans on broadband (DailyDot) — Under ConnectALL initiative, a new subsidy program will help low income citizens get online with broadband access.
  • Pew Research study shows 15% of Americans still not online (Pew Research Center) — Rural, low income, minority, elderly are most likely not to have internet access; they’re the same target group as proposed federal ConnectALL program.
  • But good luck with broadband speed or cable TV content if HBO-TWC-Charter continue to scuffle over the TWC-Charter merger (AdAge) — Yet another example of the fundamental conflict between content makers and internet providers; internet providers should focus on the quality of their internet service, not on the content in the ‘series of tubes’ they supply.`

And just for giggles, note the Irish economy has expanded at fastest rate since 2000. Gee, I wonder what would happen to the Irish economy if major tech companies like Apple moved to Ireland?

I’m out of here — have a great weekend!

Thursday Morning: Things Are Gonna’ Change

After Tuesday’s primaries and last night’s Democratic candidates’ debate, surely something will change in messaging and outreach.

And surely something will change on the other side of the aisle given the continued rampage of ‘Someone With Tiny Hands.”

Calls to mind an animated movie popular with my kids a few years ago.

Moving on…

Volkswagen and the Terrible, Horrible, No Good, Very Bad Week

  • USDOJ subpoenaed VW under recent banking law (CNBC) — This is the first such application of the Financial Institutions Reform, Recovery and Enforcement Act (Firrea) since it was signed into law in 1989 in response to the savings and loan scandal. The law was used to target bank fraud in subprime mortgages after the 2008 financial crisis. (Caveat: that link at CNBC autoplays video. Bad practice, CNBC very bad.)
  • VW’s US CEO Michael Horn departs with marked haste (Bloomberg) — Huh. Interesting timing, that. A subpoena and an exit inside 48 hours? The phrases “mutual agreement” and “leave to pursue other opportunities” are very telling. IMO, Volkswagen Group’s response to the scandal has been lackluster to obstructionist, and Horn might not want to be the automaker’s sin eater here in the U.S.
  • Not looking good in Germany for VW, either, as prosecutors expand their investigation (Business Insider) — 17 employees now under scrutiny, up from six.
  • VW’s South Korean offices raided (Reuters) — Wondered when South Korea would catch up after all the recenty happy-happy about clean diesel passenger vehicle sales.

I feel like I’m telling a child Santa Claus is a lie and the Easter Bunny doesn’t exist, but it’s important to this scandal to grasp this point: There is no clean diesel technology. There is no clean diesel technology coming any time soon. Invoke a little Marcus Aurelius here and look at this situation and its essential nature, by asking why VW cheated and lied and did so for so long.

Because there is no clean diesel technology.

And the clock is tick-tick-ticking — the court case in California gave VW 30 days to come up with a technical solution. Mark your calendar for March 24, people.

A – Apple, B – Bollocks, C – Cannot…

Panopticonic POV

  • Defense Department used surveillance drones over U.S. for a decade (USA Today) — All legit, though, nothing to see here, move along. Disregard the incomplete list of flights, just trust.
  • What will happen when your neighbors can buy a StingRay on the cheap to listen in on your cellphone calls? (Bloomberg) — Worse thought: what if they’ve already built one?
  • If you’re a commercial trucker, chances are anybody can track you (Naked Security) — Read this, especially the pointers at the bottom of the article. (Personal tip from me: If you’re a female trucker, use a gender neutral name or initials in the workplace. Insist your employer respects this practice.)

That’s enough damage for one day. Things have got to change.