Petition to the White House on Strong Encryptoin

Recently, I signed a petition to the White House asking the President to publicly affirm his support for strong encryption. The official response was:

Thank you for signing the petition on strong encryption and speaking out on this important national debate. As the President has said, “There’s no scenario in which we don’t want really strong encryption.” It is critical that the government, the private sector, and other experts regularly engage to understand the impacts of encryption on national security, public health and safety, economic competitiveness, privacy, cybersecurity, and human rights around the world.

This conversation about encryption is also part of a broader conversation about what we, as a nation, can do to fight terrorism as it evolves online. That is why, in his address to the nation on Sunday, the President reiterated the Administration’s call for America’s technology community and law enforcement and counter-terrorism officials to work together to fight terrorism. American technologists have a unique perspective that makes them essential in finding new ways to combat it. They are the best and most creative in the world, and we need them to bring their expertise, innovation, and creativity to bear against the threat of terrorism.

This week, administration officials will sit down with the creators of this petition to hear directly from them about their priorities and concerns.

We also want to hear from you. Share your comments and questions here, and we’ll report back after the meeting.

This is a critical conversation, and we want to hear from as many voices as we can.

Thanks again for your participation in We the People.

Ed Felten
Deputy U.S. Chief Technology Officer

Michael Daniel
Special Assistant to the President and Cybersecurity Coordinator

This was my response:

My concerns regarding strong encryption are largely captured by the recently published “Keys Under Doormats” paper by Harold Abelson, et. al from MIT. I agree with their three main points that requiring a backdoor/weakening encryption is counter to the current trend in making the Internet more secure, adds complexity, and increases the potential for security breaches.

Encryption is an important tool to increase the security of data. With recent security breaches, such as the one from the Office of Personnel Management and other private companies, it’s evident that we as an industry and as a nation need to improve our security technology, not weaken it.

I recognize the claim by law enforcement that encryption is frustrating them. As “Keys Under Doormats” suggests however, there are many practical and technological reasons why weakening encryption is not the answer. I’d like to provide an additional moral one. As a Navy and Afghanistan veteran, I volunteered to serve this country because I believe in the core American values. By weakening our encryption technologies, we would not only cause damage to our our digital protection systems but we would compromise our core believe in freedom out of an understandable, but largely sensational, feeling of fear.

udev rule for OpenOCD

If you are debugging a board using the Atmel ICE debugger with OpenOCD, you may want a udev rule so you don’t have to run commands as root.

This was the incantation that worked for me. I added the file /etc/udev/rules.d/42-openocd.rules with the following contents:

ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2141", ACTION=="add", MODE="0666", GROUP="plugdev"
KERNEL=="hidraw*", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2111", MODE="666", GROUP="plugdev"

Then, reload your rules with:

sudo udevadm control --reload-rules

Unplug and plug back in the debugger and you should be able to enjoy non-root debugging.

Emacs systemd service

Since upgrading to Ubuntu 15.04, I’ve been living with systemd. I’ve been a Debian user mainly and was wary of the doom-and-gloom comments about systemd but actually, I’ve been a bit impressed with it so far. One thing that is undeniably easier with systemd is writing what System V init sytems called init scripts. In systemd they are known as service files.

Anyway, I usually run emacs as daemon and I had the idea that emacs could run as a systemd service! Immediately I fell into the trap that Umberto Eco describes:

there are two laws no human being can escape: the first idea that comes into a person’s mind will be the most obvious one; and, having had an obvious idea, nobody ever thinks that others may have had the same idea before.

So yes, there plenty of systmed emacs service files out there, but this one is mine.

[Unit]
Description=Emacs daemon
After=syslog.target network.target

[Service]
Type=forking
ExecStart=/usr/bin/emacs --daemon
ExecStop=/usr/bin/emacsclient --eval "(progn (setq kill-emacs-hook 'nil) (kill-emacs))"
Restart=always
Environment=SSH_AUTH_SOCK=/run/user/1000/keyring/ssh GPG_AGENT_INFO=/run/user/1000/keyring/gpg:0:1
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target

The main difference from my config is that I’ve added the GPG_AGENT_INFO data so that emacs can uses GPG agent. I run keychain so my ssh-agent and gpg-agent are launched at login. There are probably nicer ways to pass the environment variables. This only works if you user ID is 1000, which it most likely will be if you are the first user. Just check the output of id -u and change the 1000 to whatever it says and it will probably work.

Lastly, I run this service as a user so I put the file in ~/.config/systemd/user/emacs.service and then did:

systemctl --user enable emacs.service   
systemctl --user start emacs.service

I use emacsclient to connect to the server, which I’ve aliased to just e, so I’ll type e -nc to open a new instance for example.

discerptor, n.

A person who pulls something apart; a person who divides or separates something.

Pronunciation:

Brit. /dɪˈsəːptə/ , U.S. /dᵻˈsərptər/
Etymology: Probably partly < post-classical Latin discerptor person who separates something (1748 in the passage translated in quot. 1854; already in 14th cent. in sense ’adversary’), and partly directly < classical Latin discerpt-, past participial stem of discerpere discerp v. + -or suffix.(Show Less)

Now rare.

Source OED.

List of books that I’ve started but want to finish

  • The Glass Cage, Nicholas Carr
  • Armada, Ernest Cline
  • The Internet is not the Answer, Andrew Keen
  • Future Crimes, Marc Goodman
  • Hieroglyph: Stories and Visions for a Better Future, Ed Finn and Kathlyn Cramer
  • Hacker, Hoaxer, Whistle-Blower, Spy, Gabriella Coleman
  • The Age of Cryptocurrency, Paul Vigna
  • Seveneves, Neal Stephenson
  • Station Eleven, Emily St. John Mandel
  • The Story of Alice, Robert Douglas-Fairhurst
  • Surveillance after Snowden, Lyon
  • No Future for You: Salvos from The Baffler, John Summers, ed.
  • In Xanadu, William Dalrymple
  • Infinite Jest, David Foster Wallace
  • Countdown to Zeroday, Kim Zettler
  • Trigger Warning, Neil Gaiman

From, The Novel in Analog: Joshua Cohen’s Book of Numbers

As Cohen’s work reminds us, printed books are mostly private pleasures, lonely ones even. Unlike so much media today, they don’t target, watch, or measure us; they don’t flatter us with personalized stories based on accumulated data profiles (not yet, at least). But even as this essentially analog quality has convinced us that novels are doomed to be political dead zones, it has become one of their newfound attractions. “If you’re reading this on a screen, fuck off,” goes Book of Numbers’ opening line.

nomnomnom — regularly eat your cookies from Chromium

Cookies on websites both suck and are incredibly useful. They are useful because it’s convenient to not have to re-enter usernames and other stateful pieces of data. They suck because cookies are used to track you and they remember things that the website considers useful but you may not.

By the way, if you don’t have the EFF’s Privacy Badger extension installed, go install it. Privacy badger does care.

Let’s say you like to read the NYTimes but you may find that the 10 article limit per month to be a bit restrictive. After all, you go to your local library and read the gray lady there but sometimes well, you also re-read them online. But instead of reading the article you receive a bunch of indistinguishable-from-malware popups about reading more than 10 articles per month. How to get rid of them?

Well, you can just go clear your cookies in Chrome/Chromium. But chrome stores cookies in a SQLite database so you could make a script to go into the database, and remove offending entries. If you were to go and do that, say on Linux, you might end up with a SQL file like this:

delete from cookies where host_key LIKE '%nytimes%';

If that file was called nomnomnom.sql, you could have a script called nomnomnom.sql that did

#!/bin/bash 
CHROME_COOKIES=~/.config/chromium/Default/Cookies
sqlite3 $CHROME_COOKIES < ~/bin/nomnomnom.sql

Then you could add this to your crontab to say, get rid of the nytimes cookies everyday. As an example.