Thoughts on Bleeding Edge by Thomas Pynchon

Bleeding Edge is filled with 9/11 conspiracy theories, eccentric characters, and a wild alternative universe called the “Deep Web.”  It is very Pynchon; the only difference is that this universe is found through computers and not through hallucinogens like some of his other books.

This was the most comprehensible Pynchon book to me.  Probably because I was alive during 2001, I’ve lived in Manhattan, I am familiar with the techno-jargon, and I’ve at least heard of the exuberant tales of tech boom.  For those that are worrying that Pynchon is becoming more accessible, fear not as Jonathan Lethem writes in his review:

Thomas Pynchon is 76, and his refusal to develop a late style is practically infuriating.  The man’s wildly consistent: the only reason Bleeding Edge couldn’t have been published in 1973 is that the Internet, the Giuliani/Disney version of Times Square and the war on terror hadn’t come along yet.  This book, and Inherent Vice, make jubilant pendants on his mammoth enterprise, neon signposts to themes he took no trouble to hide in the first place.

But in the deep web of this book, lurks a darker message.  Bleeding Edge could not have been released at a more appropriate time.  At its core there is a struggle between those who want to get lost on the Internet and those who want to find them.

Continue reading “Thoughts on Bleeding Edge by Thomas Pynchon”

I do not consent

When I started at the Naval Academy in 1998, I never expected I’d be in a war.  Even after the attacks twelve years ago, I still never thought I would be a “boot on the ground.”  When I joined the submarine service and spent a long year studying the operations of nuclear reactors, I still never saw myself carrying a M4 in Afghanistan.  But in 2011, that is exactly where I found myself.

Continue reading “I do not consent”

Opportunity for public comment on NSA surveillance

The Office of the Director of National Intelligence (ODNI) is seeking public comment on:

how in light of advancements in communications technologies, the United States can employ its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust, and reducing the risk of unauthorized disclosure.

Thanks to the EFF for finding this opportunity.

This was my response:

Continue reading “Opportunity for public comment on NSA surveillance”

BeagleBone Tor

My BeagleBone Black (BBB) is now helping preserve Internet freedom by running a Tor relay. Tor is:

free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

For those new to Tor, the first step is to try the TorBrowser Bundle to help anonymize your traffic.  If this Tor thing feels a bit weird to you, know that normal people use Tor.

For those that want to help contribute to the freedom loving Internet, consider running a Tor relay on that nice 1GHz BBB.  Of course, you can run a relay from the Browser Bundle, but when your turn your computer off or close your laptop lid, your relay goes nighty-night too.  Plus the BBB is low-wattage so it won’t run up your electric bill as much while you help Tor grow.

The great Ladyada has an Onion Pi project which runs a Tor proxy and a wireless access point. It’s a very cool project but it’s not a relay AFAIK.  Also, if you want Tor to really work, you should use the Tor Browser Bundle.  So, these are directions for setting up a Tor relay, which helps others use Tor.

My BBB in the Adafruit Bone Box.
My BBB in the Adafruit Bone Box.

Continue reading “BeagleBone Tor”

Supporting Open Access research

I’ve started a small, graduate research project for my AI class that’s been stealing my attention lately. I’ll be data mining a large data set with the machine learning software Weka, to train the software how to predict prognosis (estimated survivability from diagnosis) of stage IV breast cancer patients. Weka seems to have an impressive array of machine learning tools, but most of my time is being spent converting data from one format to the other.  It feels a lot like moving sand from one pile to the other with tweezers.

This research, like all research, is incremental. Several researchers have done a similar study and fortunately their papers are available here, here, here, here and here. Having ready and open access to these papers is crucial for me to be able to learn past techniques and build upon them. I’m not expecting to cure cancer here, only to maybe add a little piece of information to the puzzle, if I’m lucky.

Now imagine an environment where those papers were blocked or were cost prohibitive to the point of being inaccessible. Continue reading “Supporting Open Access research”

Hello world from ChrUbuntu!

After following these instructions, my Chromebook is now running ChrUbuntu!  The install is fairly painless and the instructions worked for me without any modifications.  It took about 15 minutes for my Chromebook to switch into “developer mode,” but after running the script and a few reboots later, I can dual-boot into Linux!

Emacs on chrubuntu with some disk usage stats in the corner.
Emacs on ChrUbuntu with some disk usage stats in the corner.

Thanks to the great work over at that blog and to this motivated reader for posting some awesome links to some Linux on the Chromebook material!  At the moment, I just have the vanilla ChrUbuntu sources but per the comments there seems to be active community members trying to fix various issues.  Most notable is that the touchpad is less responsive than in ChromeOS… [Update 21JAN13: I’ve post a script to fix this issue here]

While I don’t support Canonical decision to leave in its surveillance search feature, ChrUbuntu seemed the easiest Linux distro to get up and running right now.  Plus, ChrUbuntu is based from Ubuntu 12.04 and I don’t think Canonical’s search appeared until 12.10.  Thankfully, thanks to the diligent work from the EFF (this is a great organization, I just re-upped my membership), they have a post on how to remove this “feature.”

My first apt-get was for Emacs of course, in which I’m happily typing away.  The Chromebook’s “search” key acts like a “super” key (Windows key) in ChrUbuntu so I found this post which shows how to switch it.  Once you get used to the ctrl key located to the left of the “a” key, it’s very hard to switch back…  I tried to get emacs24 but there were some issues.  For some reason, I couldn’t add the ppa for emacs24 to apt-get and when I tried to build by source there were a lot of missing depends on x-windows and various ncurses libraries.  So, I decided not to push it too far right now and be content with emacs 23 (which installed with apt-get just fine).

If you plan on using the Chromebook as a pure consumption device or if you never heard of Linux(?!) than ChromeOS may be fine for you.  But actually, if that’s the case, a tablet may be better because you probably don’t need a keyboard.  Otherwise, if you want to do *anything* else, try ChrUbuntu.  Firefox is the default browser, but it may be possible to install Chromium if you really want.  And if you have never tried Linux, the Chromebook is a well priced laptop, with which you can experiment.  Just be sure to understand what’s working and not before you make the plunge.

It’s the end of the olympics as we know it… and I feel fine

How did you find out that Ryan Lochte took gold in the 400 meter IM over Michael Phelps yesterday?  Did you read about in your paper this morning?  Did you watch it on NBC’s evening broadcast?  Or did you find out via some sort of online media (hopefully not my blog… 🙂 )?

Hopefully, this will be the last olympics ever that subscribes to a traditional broadcast pattern of waiting until prime-time to deliver the highlights for the day.  Obviously, there are time-zone issues at play, but it appears that NBC is actively blocking streaming online unless one is a cable television subscriber (in the U.S.).  I don’t subscribe to cable TV and I don’t see the point of cable TV anymore.  For TV shows, I watch Hulu, for movies: Netflix and Redbox, for news, I read the Philadelphia Inquirer via my Kindle and read Hacker News.  The only thing I’m missing is sports and I was o.k. with a YouTube style ad at the beginning of an olympics bite, but no.

The model is broken. Instead of trying to cram the day’s events into a commercial infested prime time package, stream the events online so that all those dressage fans can watch their horse prance away to hip-hop.  Oh, wait, you’re living in the U.K., that service is available via the BBC.  The olympics are one of the last truly equalizing events around, so why are they closed-source?  Lets have an open olympics!

So here’s how to get around it 🙂  Instead of subscribing to cable, subscribe to a VPN.  See, the website is filtering the live streams based on your IP address, which is mapped to a geographical region and more specifically to an ISP.  With a VPN, your IP address appears to the world as the IP address at the end of the “VPN-tunnel,” so if you pick a VPN in the U.K., guess what, the website can’t tell the difference between a physical computer in the U.K. and your virtual one!  Game on!  This trick is equally useful when trying to buy books from Amazon.de (for a German based VPN host).

Of course there are other good reasons to have a VPN anyway, the main one being protection on open wifi hotspots.  The VPN will protect all traffic over the open (read public readable) hotspot and the ISP.  Of course, so will SSL, but even with SSL, it’s still possible to discover to whom you’re talking.  For extra protection, add Tor to the mix and check out this awesome interactive chart from the EFF on Tor and HTTPS benefits.

So, here’s to the future of watching the olympics!  Thanks to these other great posts on spreading the word.

Travel hacking

This NY Times article has outstanding cradle-to-grave travel advice.  Some of these recommendations are a little too George Cloonely ala “Up in the Air” (there is a great Zach Galifianakis cameo in that movie) for me, but here are some of my favorites:

  • Tripit. Every email confirmation you receive, forward it directly to trip it and they build a consolidated itinerary.  Sharing with multiple travelers is an option as well.  The iPhone app is great and stores your trip offline as well.
  • Wikitravel.  Great site, but wi-fi and cellular are not quite ubiquitous, so WikiTravel is good for pre-trip research, but I still like taking the guide-book (on the Kindle).
  • Pack light.  This is probably the best recommendation in the article.  Packing light makes the trip more enjoyable because you are less encumbered (unless you have a bag of holding +1).  With dry fit clothing, two pairs of under garments will last a long time, assuming they are regularly washed.
  • Netbooks.  Not only is a netbook probably smaller than your other computer, but you should travel with minimal data, since the US has consistently ruled in the favor of warrantless searches at the border.  Thank you HOPE#9.
  • Arrive at the airport five hours early.  The security lines are unpredictable and when I try to cut it too close, it’s stressful.  So lately, I’ve been going early (not 5 hours early) and I read and otherwise thoroughly enjoy the wait.
  • X-ray screening.  First of all, the back-scatter machines don’t increase security, are expensive and the screening procedure is invasive.  Anyway, there is an art to going through the screen efficiently.  The key is to grab all the bins that you need at once.  Three if you have a laptop, two if you don’t.  Shoes/belt/wallet in one, laptop/electronics/deadly 3 oz containers in two, everything else in three.  If you grab one tray at a time it makes it awkward for the traveler behind you.

If you are an over-packer like I used to be, buy smaller luggage 🙂

HOPE #9

When one has a serendipitous day off in NYC there are several things one might go see / do.  The views on the top of the Rock and Empire are amazing, visiting the Brooklyn Brewery is fun and eating a Belgian Waffle in Central Park while reading a book purchased from the Strand kiosk is: legen-wait-for-it-dary.  But when I discovered that HOPE#9 was this weekend, I was all in!

Hackers on Planet Earth (HOPE) has been going on since 1994 and largely supported by 2600 Magazine, which I’ve been reading more regularly since it has been published on the Kindle.  This was the first HOPE that I attended, and while I only attended 7 of the 36 possible talks (assuming one can’t be in all three rooms at once, otherwise the number of distinct talks was over 100), I am definitely going to the next HOPE!  Not the “next hope“, that was in 2010, but the next HOPE in 2014…

Not the best view in the room… but it was standing room only in the Crimeware talk.

So, first lets dispel some myths.  Hackers are actually very friendly people.  I hadn’t preregistered, so when I went to buy my passport, a friendly fellow hacker sold me an extra one for a discount.  Then, walking around the mezzanine, where the lock picking labs, soldering station, and hammocks are located, a friendly patron pointed me to the right elevator.  Throughout the conference, people in suits, goth-like clothing t-shirts and flippie-floppies all sat together and listened to a range of topics.  In fact, I think the hacker community is one of the most inclusive groups that’s around.

But, I’m not a hacker anthropologist.  So, I attended the talks below (the links jump to the HOPE#9 abstract).

  1. Smartphone Penetration Testing Framework.  This set the stage for my HOPE experience.  On the stage, Georgia challenged the audience to hack her iPhone and within minutes, her iPhone would only display a picture of a cat.  Her point, that smartphones on your company network are a big risk, was well received.
  2. Technology to Change Society
  3. Lunch.  Two Hawaiian style pieces of Pizza from a nearby slice-shop.
  4. Crimeware Tools and Techniques of 2012: Past, Present, and Future.  The inside look at black-market tools, including automated credit-card shops.  Lets just say, if you jailbreak your phone, you should be really, really sure you know where that binary came from…
  5. Keynote from William Binney.  Think WIRED’s cover story on the NSA’s Utah operation a few months ago.
  6. Hacktivism, Tools, and the Arab Spring.
  7. Destroying Evidence Before It’s Evidence.  Given by an EFF lawyer. You should really know what anticipatory obstruction of justice is (US v. Wolff).
  8. Digital Security in Health Care Institutions.  Or how it’s possible to hack an implanted insulin pump to kill somebody (and why the company hasn’t fixed it yet).
  9. Why Browser Cryptography is Bad and How We Can Make It Great. [On Saturday] Talk on encrypted group chat given by the Crypto Cat founder.
  10. Protecting Your Data from the Cops.  Given by another great EFF lawyer. Among other topics, she discussed the application of the 5th amendment privilege to encryption situations.
Swag from HOPE#9. Yes, that’s a GNU and technically the glass is not from HOPE, it’s from Thinkgeek, but I thought it was apropos…

As you can see, in the short time I had to attend HOPE, it was jam-packed. But the talks go each day until midnight!  I also didn’t get a chance to try the Arduino lab or some of the other interactive demos.  It sounds like HOPE#9 was going as well as the other HOPEs and if that’s the case, you can see me at the next one.  Next time, I’ll try to stay for the entire weekend.

TLS False Start is dead

So for about a year and half, Chrome has been speeding up TLS / SSL connections by a mechanism called “TLS False Start.”  The performance improvements were impressive; False Start dropped connection times by 30% or just under 200 ms.  The details of TLS False start are described in this tech memo, but the basics are that the client starts sending application data immediately after the Change Cipher Spec and Finished messages, without waiting from the server.  This essentially removes one round trip across the network.  Actually, it’s quite clever since once the client has sent the Change Cipher Spec message, it has shifted over to the bulk encryption algorithm and finished the key exchange and doesn’t necessarily need to wait for the server to confirm.

However, the reasons for its demise are a bit comical and unfortunately False Start’s tragedy has much to do with a good protocol and restrictive implementations.   My favorite problem was that a major vendor of SSL Terminators (servers acting as the SSL / TLS endpoint, probably with hardware acceleration) has some sort of minor bug preventing the use of TLS False start.  The vendor refused to fix it.

One, fairly major, SSL terminator vendor refused to update to fix their False Start intolerance despite problems that their customers were having. I don’t believe that this was done in bad faith, but rather a case of something much more mundane along the lines of “the SSL guy left and nobody touches that code any more”. However, it did mean that there was no good answer for their customers who were experiencing problems.

I can see how this can happen and why the company wouldn’t want to fix it.  By the way, I’ll be returning to work in August… (no I don’t work for this vendor). 🙂

One of the frustrating aspect of protocol design is that there is a duality consisting of what the protocol says and the populous implementation.  Actually, its more of an oligarchy, where the most popular implementation sets the standard.

Well, you can still install HTTPS Everywhere in Chrome so that’s a good thing.  I highly recommend it.  Not only is supported by the EFF, a great organization, it’ll always attempt to use the https version of a website, making your web traffic more secure.

HTTPS Everywhere from the EFF

[UPDATE] For those with a Wireshark inclination, here are two captures of TLS False Start in action.

TLS False start in action on the client and server
False start on the client side only (chrome)