The Daily Parker

Politics, Weather, Photography, and the Dog

Institutional failure in Internet security

Security guru Bruce Schneier has two essays in the Guardian this week. The first explains how the US government betrayed the Internet:

By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards.

I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better. The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others. We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations.

Unfortunately, this is going play directly into the hands of totalitarian governments that want to control their country's internet for even more extreme forms of surveillance. We need to figure out how to prevent that, too. We need to avoid the mistakes of the International Telecommunications Union, which has become a forum to legitimize bad government behavior, and create truly international governance that can't be dominated or abused by any one country.

He followed up today with a guide to staying secure against the NSA:

1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.

2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you're much better protected than if you communicate in the clear.

There are three other points, all pretty simple.

Quis custodiet robote?

Bruce Schneier thinks the NSA's plan to fire 90% of its sysadmins and replace them with automation has a flaw:

Does anyone know a sysadmin anywhere who believes it's possible to automate 90% of his job? Or who thinks any such automation will actually improve security?

[NSA Director Kieth Alexander is] stuck. Computerized systems require trusted people to administer them. And any agency with all that computing power is going to need thousands of sysadmins. Some of them are going to be whistleblowers.

Leaking secret information is the civil disobedience of our age. Alexander has to get used to it.

The agency's leaks have also forced the president's hand by opening up our security apparatus to public scrutiny—which he may have wanted to do anyway.

Unexpectedly productive weekend

Yes, I know the weather's beautiful in Chicago this weekend, but sometimes you just have to run with things. So that's what I did the last day and a half.

A few things collided in my head yesterday morning, and this afternoon my computing landscape looks completely different.

First, for a couple of weeks I've led my company's efforts to consolidate and upgrade our tools. That means I've seen a few head-to-head comparisons between FogBugz, Atlassian tools, and a couple other products.

Second, in the process of moving this blog to Orchard, I've had some, ah, challenges getting Mercurial and Git to play nicely together. Orchard just switched to Git, and promptly broke Hg-Git, forcing contributors to enlist in Git directly.

Third, my remote Mercurial repositories are sitting out on an Azure VM with no automation around them. Every time I want to add a remote repository I have to remote into the VM and add it to the file system. Or just use my last remaining server, which, still, requires cloning and copying.

Fourth, even though it was doing a lot more when I created it a year ago, right now it's got just a few things running on it: The Daily Parker, Hired Wrist, my FogBugz instance, and two extinct sites that I keep up because I'm a good Internet citizen: the Inner Drive blog and a party site I did ten years ago.

Fifth, that damn VM costs me about $65 a month, because I built a small instance so I'd have adequate space and power. Well, serving 10,000 page views per day takes about as much computational power as the average phone has these days, so its CPU never ticks over 5%. Microsoft has an "extra small" size that costs 83% less than "small" and is only 50% less powerful.

Finally, on Friday my company's MSDN benefits renewed for another year, one benefit being $200 of Azure credits every month.

I put all this together and thought to myself, "Self, why am I spending $65 a month on a virtual machine that has nothing on it but a few personal websites and makes me maintain my own source repository and issue tracker?"

Then yesterday morning came along, and these things happened:

  1. I signed up for Atlassian's tools, Bitbucket (which supports both Git and Mercurial) and JIRA. The first month is free; after, the combination costs $20 a month for up to 10 users.
  2. I learned how to use JIRA. I don't mean I added a couple of cases and poked around with the default workflow; I mean I figured out how to set up projects, permissions, notifications, email routing, and on and on, almost to the extent I know FogBugz, which I've used for six years.
  3. I wrote a utility in C# to export my FogBugz data to JIRA, and then exported all of my active projects with their archives (about 2,000 cases).
  4. I moved the VM to my MSDN subscription. This means I copied the virtual hard disk (VHD) underpinning my VM to the other subscription and set up a new VM using the same disk over there. This also isn't trivial; it took over two hours.
  5. I changed all the DNS entries pointing to the old VM so they'd point to the new VM.
  6. Somewhere during all that time, I took Parker on a couple of long walks for about 2½ hours.

At each point in the process, I only planned to do a small proof-of-concept that somehow became a completed task. Really that wasn't my intention. In fact, yesterday I'd intended to pick up my drycleaning, but somehow I went from 10am to 5pm without knowing how much time had gone by. I haven't experienced flow in a while so I didn't recognize it at the time. Parker, good dog he is, let me go until about 5:30 before insisting he had to go outside.

I guess the last day and a half was an apotheosis of sorts. Fourteen months ago, I had a data center in my living room; today I've not only got everything in the Cloud, but I'm no longer wasting valuable hours messing around configuring things.

Oh, and I also just bought a 2 TB portable drive for $130, making my 512 GB NAS completely redundant. One fewer thing using electricity in my house...

Update: I forgot to include the code I whipped up to create .csv export files from FogBugz.

The national security state

Security guru Bruce Schneier warns about the lack of trust resulting from revelations about NSA domestic spying:

Both government agencies and corporations have cloaked themselves in so much secrecy that it's impossible to verify anything they say; revelation after revelation demonstrates that they've been lying to us regularly and tell the truth only when there's no alternative.

There's much more to come. Right now, the press has published only a tiny percentage of the documents Snowden took with him. And Snowden's files are only a tiny percentage of the number of secrets our government is keeping, awaiting the next whistle-blower.

Ronald Reagan once said "trust but verify." That works only if we can verify. In a world where everyone lies to us all the time, we have no choice but to trust blindly, and we have no reason to believe that anyone is worthy of blind trust. It's no wonder that most people are ignoring the story; it's just too much cognitive dissonance to try to cope with it.

Meanwhile, at the Wall Street Journal, Ted Koppel has an op-ed warning about our over-reactions to terrorism:

[O]nly 18 months [after 9/11], with the invasion of Iraq in 2003, ... the U.S. began to inflict upon itself a degree of damage that no external power could have achieved. Even bin Laden must have been astounded. He had, it has been reported, hoped that the U.S. would be drawn into a ground war in Afghanistan, that graveyard to so many foreign armies. But Iraq! In the end, the war left 4,500 American soldiers dead and 32,000 wounded. It cost well in excess of a trillion dollars—every penny of which was borrowed money.

Saddam was killed, it's true, and the world is a better place for it. What prior U.S. administrations understood, however, was Saddam's value as a regional counterweight to Iran. It is hard to look at Iraq today and find that the U.S. gained much for its sacrifices there. Nor, as we seek to untangle ourselves from Afghanistan, can U.S. achievements there be seen as much of a bargain for the price paid in blood and treasure.

At home, the U.S. has constructed an antiterrorism enterprise so immense, so costly and so inexorably interwoven with the defense establishment, police and intelligence agencies, communications systems, and with social media, travel networks and their attendant security apparatus, that the idea of downsizing, let alone disbanding such a construct, is an exercise in futility.

Do you feel safer now?

Microsoft ID age-verification hell

Our company needs a specific Microsoft account, not attached to a specific employee, to be the "Account Holder" for our Azure subscriptions.

Azure only allows one and only one account holder, you see, and more than one person needs access to the billing information for these accounts. Setting up a specific account for that purpose solves that problem.

So, I went ahead and set up an email account for our putative Azure administrator, and then went to the Live ID signup process. It asked me for my "birthdate." Figuring, what the hell?, I entered the birthdate of the company.

That got me here:

Annoying, but fine, I get why they do this.

So I got all the way through the process, including giving them a credit card to prove I'm real, and then I got this:

By the way, those screen-shots are from the third attempt, including one giving them a different credit card.

I have sent a message to Microsoft customer support, but haven't gotten an acknowledgement yet. I think I'm just going to cancel the account and start over.

Update: Yes, killing the account and starting over (by denying the email verification step) worked. So why couldn't the average pre-teen figure this out too? This has to be one of the dumber things companies do.

Edward Snowden's dead-man's switch

Security guru Bruce Schneier suggests Snowden might not have considered all the likely outcomes:

Edward Snowden has set up a dead man's switch. He's distributed encrypted copies of his document trove to various people, and has set up some sort of automatic system to distribute the key, should something happen to him.

Dead man's switches have a long history, both for safety (the machinery automatically stops if the operator's hand goes slack) and security reasons. WikiLeaks did the same thing with the State Department cables.

I'm not sure he's thought this through, though. I would be more worried that someone would kill me in order to get the documents released than I would be that someone would kill me to prevent the documents from being released. Any real-world situation involves multiple adversaries, and it's important to keep all of them in mind when designing a security system.

Possibly spending a few years at the Moscow airport might be his safest option. But then again, his whole strategy seemed flawed from the start.

Why I'm going to play less Words With Friends

I like keeping in touch with friends on Facebook. I also enjoy playing Scrabble. Soon-to-be-Internet-flameout Zynga has a Scrabble-like game called Words With Friends that many of my friends play. Right now I've got about 10 games going.

For the past week or so, Zynga has been shoving entire 30-second commercials between my turns. That is, I play a word, and I either spend the next 35 seconds or so with my computer muted and the Facebook window hidden, or I leave Words With Friends entirely. Since the advertisements all seem to be for cleaning products and—I kid you not—something to make my yeast infection go away, I'm leaving the game a lot more often.

Today I was finally annoyed enough to complain to Zynga on their player support page. It turns out, many, many people are complaining. Everyone seems to agree: we all understand that Zynga has to make some money, so we all understand we're going to see ads. But 30-second TV spots? After every move? No. That has to stop.

So here I was, about to post my own complaint, and I got this:

No, Zynga, you may not have access to my friends just so I can post a complaint. Anyway, you already have access to my friends through Facebook, because I had to consent to that to play the game—so why remind me?

Clarifying my last post

Overnight, a commenter from Ireland took issue with my last post. I responded directly, but I thought my response might be worth repeating. I'm not sure I stated my point clearly enough: I wasn't actually discussing Snowden's leak; I'm saying we can't have an adult discussion about the leak any more, because he screwed up the end game.

The anonymous commenter wrote, inter alia:

Einstein fled. So did Hedy Lamar. So did thousands of others - including many who aided Germany's enemies. Were they cowards? Is the Dali Lama a coward?

It's interesting, I've just finished a history of inter-war Berlin, so I have some insight into Einstein's and Lamar's flights from Germany. The commenter essentially suggests that the U.S. has degenerated to the point where a plurality of voters are considering giving power to a group of armed thugs who have publicly and repeatedly announced plans to commit genocide.

Lamar, Einstein, the Dalai Lama—these people were persecuted for who they were, not for what they had done. Their departures from their home countries reflected their beliefs (correctly, it turns out) that their governments weren't worth preserving, that disobedience had no hope of changing anything, that they'd given up hope. Well, I haven't given up.

The commenter also pointed out:

Multiple nations collaborated to aid Snowden's journey. They did so in spite of huge amounts of US pressure. American soft power is an incredibly important thing if America wants to push her agenda - and this incident shows how damaged it is. Mass spying and deception has consequences.

Exactly right. And that's why I say Snowden scored an own goal.

We need to have an open and vociferous debate in the U.S. about the trade-offs between security and liberty, and Snowden could have done a lot to open up that discussion. Instead he ran, and that's all anyone will ever say about him. He conceded the argument on irrelevant grounds.

I agree that Manning and Schwartz deserved better. So did Mandela. But take a look at the example Ellsberg set. Snowden, if he'd been less narcissistic, might have done a lot of good for the country. It's really a shame.

Edward Snowden scores an own-goal

Someday, when a far-future Gibson writes about this time in the American Republic, he'll have a paragraph about Edward Snowden. I've got a fantasy in which the future historian remarks on Snowden sounding the alarm against unprecedented government and private collusion against personal privacy, and how his leak sparked a re-evaluation of the relationships between convenience and security, and between government and industry.

But I've actually got a degree in history, and I can tell you that the future Gibson will probably write about how Snowden's cowardice gave those who crave security over liberty the greatest gift they could have gotten. (The same study of history, by the way, leads me to the conclusion that this happy circumstance really does come from Snowden and not from some shadowy conspiracy. Never mistake incompetence for malice.)

I don't have a lot to say, other than Snowden's flight to Venezuela by way of Russia and China allows the people who value security over liberty to claim that Snowden was an enemy of the state, so we shouldn't pay any attention to his message. Have American security services over-reached? Do we have less privacy than ever before? Does this give a future politician the tools to take the United States from a republic to a dictatorship? Yes to all three. But no one will be thinking about that any more.

For the record: I don't think we have any immediate worries. I don't know what the consequences of these disclosures will actually be; no one does. And I'm not scraping together all the gold I can find so I can make a midnight passage to Canada.

I am saying only this: Edward Snowden is an idiot. King went to jail. Mandela went to jail. Hell, Ellsberg was willing to go to jail, but he at least had the pulse of the public before stepping forward.

The thought has occurred to others, I'm sure: Snowden could have done a lot more good as a confidential source, or as a man of conviction, than he can do as a defector.

Oh, and Ed: good luck enjoying your freedom in Venezuela. There's a reason we have chilly relations with the Venezuelan government, and it's not entirely about oil.

Slammin' SAML

After a lot of really difficult work and evaluating a half-dozen 3rd-party libraries, I've finally gotten a round-trip between a local ASP.NET application and SalesForce. This is the first victory in two big battles against the SalesForce integration model I've been fighting for the last two weeks.

The next hurdle will be to get the SalesForce API to accept my application's SAML assertion after the user is authenticated. I really have no idea how to do that yet—and no one I've spoken with knows, either.

Still, this was a good way to end a long work-week. And soon: pizza.