Slightly less Random Ramblings

July 1, 2016

Installing OpenWRT on a Cheap Laptop

Filed under: computing, Firewall, linux, OpenWRT, security — Tags: , , , , , , — Robert Wicks @ 4:20 pm

I got a deal ($125) on an Acer ES1-111M laptop. This class of laptop is intended to be a Windows-running equivalent to Google’s Chromebook. It came with 8GB of RAM and an embedded 32GB eMMC drive. I gave it to my daughter, until the shoddy trackpad made it too frustrating for her and I got her a newer and better laptop. I upgraded the onboard RAM to 8GB. I’ve run Windows 10 and Ubuntu on it, but I don’t really need another personal laptop. Considering the RAM, the light weight, the low temperature and power usage, along with onboard Gigabit Ethernet and a USB 3.0 port, I figured it might make a decent VPN gateway.

I first set it up as a router, which led to the discovery that the existing router in my house, a Buffalo WZR-HP-G300NH, was holding me back. I had a USB 3.0 Gigabit Ethernet dongle as the second interface for the laptop, and when I set up simple IP Masquerading on Ubuntu and pointed a computer at it, I found that my download speeds jumped from ~70Mb/s to ~170Mbs. That led me to look for a wife-friendly (i.e., free) way to improve things. My first choice was my favorite firewall software, OpenWRT. There is an x86 version which is developed alongside the embedded device versions I am so accustomed to using. I grabbed the ISO, then discovered the issue I’ve seen with other Linux distributions, it would not see the storage. Eventually, I installed it to a USB key, which was fine. Along the way, I upgraded to the trunk build and discovered that the OpenWRT which was running could now see the (unused) MMC storage. Perhaps it would now work.

Initially, I wrote an image to the eMMC storage, and booted, but it froze during the boot process. After a bit of tinkering, I found out that if you edit the grub entry so that root=/dev/mmcblk0p2 rather than UUID=-2, it would boot correctly. After booting, just mount /dev/mmcblk0p1 to /mnt, then edit /mnt/boot/grub/grub.cfg to change the UUID entry to /dev/mmcblk0p2, and everything works correctly. You will need to install kmod-usb-net-asix-ax88179 to use the USB Ethernet adaptor. From there, it’s a very normal OpenVPN setup.

March 18, 2016

The Process or the Product?

Filed under: crime, encryption, Police, Technology, terrorism — Tags: , , , , , — Robert Wicks @ 5:29 pm
codebook

Cipher for Telegraphic Correspondence — a code book used by Union General Joseph Hooker’s code clerk

When I was younger, I often heard people debating whether the state should attempt to ensure equality of opportunity for people or equality of outcome. This has generally focused on areas associated with race or gender. Libertarians have consistently maintained that equality of opportunity is all that the government should properly enforce. The most progressive people push for equality of outcome in some situations, though many will say that historical biases are being overcome, so it is meaningful equality of opportunity that they seek. It strikes me however, that the recent public confrontation between Apple and the FBI provides us with similar arguments being made.

The state has long had the recognized authority to seize property and search it with a warrant. Many of the discussions surrounding the iPhone in question mention that the government can issue orders to look through private property and that the iPhone in question is no different. I’ve seen comparisons, for example to breaking into a home and taking papers for examination.

This is where I think the parallels to civil rights situations can come into play. If the police take your papers, do they have the right to the intelligibility of those papers and effects, or simply to the effects themselves. That is, if the papers are in some language or code that they do not know, do they have the right to force someone to translate it or to teach them the language? In the cases of both plain English papers and the iPhone, they have the same opportunity to examine, but the lack of knowledge (of the pass code, password, or encryption key) may make the outcomes very different.

Another analogy I have seen is that of a safe. Imagine a safe with a completely impregnable lock. What does the state do? Well, there are ways to get into safes without using the lock. You could cut your way in, or blow it up. However, it is at least possible that these other methods may destroy something of value within the safe. Does the government have the right to force the  to come up with a method for opening the lock? Further, do they have the right to force  to only make locks which can be opened without the owner’s consent? In the case of the confiscated iPhone, there may well be ways to “open” the data without the owner’s consent, but those methods may destroy the information which is sought.

It is entirely possible that this case may have effects which reach outside of the world of technology. The most fundamental of notions being examined are whether the state is entitled to a process or a product? The process is the issuing of warrants and the collection of property. The seizure of property is no guarantee of specific uses of that property. And it is the specific uses that the state demands. Is it appropriate for the state to insist on a specific outcome for a policy or is it appropriate that an agreed upon process be followed? In the justice system, I have heard many times over the years that the purpose is to follow the process. Justice is the ideal outcome, but a particular outcome is not what the state promises citizens. It promises them a process. Yet, it appears as though the state is not satisfied to have the same situation in cases involving itself: it demands an outcome. As we move forward and various technologies are developed, this guarantee of outcome will necessarily create greater and greater burdens on hardware and software developers. It may be effectively illegal for a small independent developer to create an encrypted product, for example, because the day may come where each instance of a product will require some sort of individualized method for accessing whatever data is held within it. That implies a substantial data handling infrastructure which companies, and individuals, may soon be required to maintain.

 

January 19, 2016

A Trump Win Might Be a Boon for Apple

I just had a thought while chatting with some friends. What if Apple buys Tesla, and leverages the IP, along with moving iOS and even Mac production stateside? There has been plenty of speculation about them building cars or buying Tesla, and Donald Trump was recently reported to have said that he would make them move production back stateside. This might actually be something which would benefit Apple’s bottom line. I think they have enough IP protection to pull all of that off. And they’d have PR coups over even the American car manufacturers, which would place pressure on them to move more production back stateside. I really think, the more that I think about it, that Trump winning could make Apple more money than its ever made over a Presidential term. It could be absolutely massive. With IP, you can afford union wages, as the restricted competition means greatly increased profit margins. Considering the nationalist fervor which would accompany a Trump win, this might be a win for Apple as well.

April 6, 2015

Using SSH as a remotely accessible proxy server

Filed under: computing — Tags: , , — Robert Wicks @ 12:39 pm

I wanted to have a SOCKS proxy on my home network, but I didn’t want to have to install new software. Fortunately, autossh can be used for that purpose without much trouble. Just add to your /etc/rc.local:
autossh -M 0 -N -C -g -l root -D :1080 localhost

after setting up ssh keys to allow root to log in as itself via localhost with no password. This will cause your server to listen on port 1080, and any SOCKS client on your home network can just point to it. After that, you can force all outbound traffic through that proxy if you wish, and limit the direct access to the Internet for internal machines.

January 27, 2015

Autonomous Cars: Don’t Hold Your Breath

Filed under: cars, computing, economics, libertarianism, Police, statism — Tags: , , , , , — Robert Wicks @ 11:51 am

Driverless vehicles are all the rage all over the Internet. In October, Tesla announced an autopilot feature which, in addition to providing some useful driver assistance features, will also allow the car to park itself when on private property. Mercedes has had similar driver assistance features for some time. Of course, Google is famous for experimenting with fully autonomous cars for years and have been improving the technology steadily. I have every confidence in the engineering. The capability to make a reliable autonomous vehicle is nearly upon us and is a very reachable goal. However, that is not the determining factor in them becoming commonplace on the roads.

The proponents for autonomous cars largely come from the technologically sophisticated left. There are some significant potential efficiency and safety gains to be had from self-driving vehicles. The driver is the most unreliable part of a car. Driver behavior has a large impact on energy usage as well. Up to this point, there has not been much in the way of vocal opposition to driverless cars. There are concerns, yes. Perhaps they will make traffic worse. There are potential ethical dilemmas. But these are not serious impediments to adoption. The serious impediment to the adoption of autonomous cars is the state.

Some of the things being touted as benefits of autonomous cars are threats to some parties. Let’s look at safety. Assume an autonomous car obeys all traffic laws. What does that do to various governments who depend on ticketing revenue? Driving irregularities are a leading reason for traffic stops which allow for the detection of drug trafficking, which is another major source of revenue for local police departments. Will police departments and municipalities be onboard for technology which will potentially eliminate the majority of their revenues? I think not.

Assuming the limited testing of computer controlled cars is promising, what are likely reactions from governments? If a driverless car is really safer and more efficient, how long before anything else is banned? Look at technologies such as airbags and backup cameras. These things went from high-end features to mandatory ones within 3 car generations. How long before something which could save considerably more lives would be similarly mandated? And that would spark outrage among both car enthusiasts and the automakers who cater to those enthusiasts. Those are moneyed interests whose influence should not be underestimated.

I do not expect these reasons to be the explicit cases for banning or at least slowing the adoption of autonomous vehicles. They are too cynical to be digested by the public. There will be other reasons given. I’m sure many factions are chomping at the bit for the first fatality which is caused or at least exacerbated by some sort of failure or design flaw in an autonomous car. When that happens, it will be put to maximum use by political interests who have had to largely remain silent due to their somewhat unsavory motivations. I expect us to have autonomous vehicles. But not without a fight, and not when the technology is ready. Perhaps a generation after the technology is readily available, the political climate will have sufficiently changed to allow them to become commonplace, but I don’t expect them to be common on American roads for at least 20 years after we have fully operational, reliable, cost-effective prototypes. The state will probably not allow it to happen any sooner than that.

 

November 22, 2014

The cheapest way to get audio out of your XBox One

Filed under: Uncategorized — Tags: , , — Robert Wicks @ 12:15 pm

Get a Microsoft headset adapter, plug it into the controller you are *not* using and keep plugged in via USB, then turn on that controller as well as the wireless one you normally game on. At that point, you have normal analog audio which can be piped into your stereo, powered speakers, etc.

November 9, 2014

Green Shoots Among the EcoReds

Filed under: cars, economics, free market, the tragedy of the commons — Tags: , — Robert Wicks @ 12:02 pm

I have a new article up on Libertarian Forum on some observations of the evolving community of electric vehicle owners.

July 5, 2014

Using Tor and a VPN service for privacy

Filed under: encryption — Tags: , , , , — Robert Wicks @ 5:36 pm

In light of recent revelations that the government specifically targets for surveillance people who do searches for Tor, here is how I suggest you use Tor:

1) Get one of the VPN services, install it and verify that traffic is sent out by default over the tunnel.
2) Use this link to obtain Tor. Set it up so that it runs as a SOCKS proxy locally (the default way, but you can also install it without a browser as just a proxy
3) Keep the VPN and Tor services running all the time, with the kill switch feature such that if the VPN link goes down, the Internet shuts down.
4) Configure Firefox in private mode (about:config) permanently. Configure it to use the Tor proxy
5) Disable geolocation in all browsers
6) Leave everything else default.

What this means is that all your traffic goes onto the Internet at the remote proxy location. If you don’t torrent, you can even make that exit point in the USA, which may help you do stuff like banking or services which require that you access them from the USA. Or you can just switch VPN endpoints when you need to. Whenever you want to do something with stronger anonymity, run Firefox or the Tor browser. This will put you on the Tor network. By disabling geolocation, you gain some additional protection against Javascript, which is still on in Firefox (turn that off if you don’t need it, but I use Firefox in this was specifically in cases where I need a full-featured browser, but still run it through Tor. Note that Flash will actually bypass proxies, so it will go out through the VPN connection. As as additional safeguard to your anonymity, pay for the VPN service using bitcoin, and use an email anonymizing service such as Guerrilla Mail.

May 29, 2014

Stick with Truecrypt 7.1a and Wait for more Information

Filed under: encryption, security, software, Truecrypt — Tags: , , , , — Robert Wicks @ 8:57 am

Yesterday, The homepage for the popular full disk encryption solution, Truecrypt, changed to reflect the following:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

The page goes on to describe how to configure Bitlocker encryption and remove Truecrypt.

The message is very odd, as there were no indications of the project ending. Truecrypt does very specific things. It is not the sort of software which requires expansive numbers of new features. It works well with Windows 7, which is a huge part of the market. I have not attempted to use it on Windows 8, but Microsoft’s own page on it indicates that it works fine. My reasons for distrusting the new message, despite the fact that the issuer of that message has access to the correct keys to sign the TC release are:

  • There are no details of the security issues with Truecrypt.
    Assuming this message is actually from the same people who have been developing Truecrypt, they should have no problem at all clearly describing the nature of the vulnerabilities. They have more ability to do this, once those vulnerabilities are known, than anyone else. The lack of detail makes me suspicious.
  • The endorsement of Bitlocker flies in the face of the history of the project.
    The developers of Truecrypt have shown a consistent (and justified) pattern of paranoia. The sudden endorsement of a closed source security solution is a completely different (and worse) attitude towards security. Among the most suspicious aspects of this is the fact that TC has explicitly avoided dependence on the TPM module due to a lack of trust, yet the “solution” suggested by the homepage currently explicitly endorses using that functionality in moving to Bitlocker.
  • The new release appears to not actually correct bugs or improve functionality.
    7.2 appears to do nothing more than issue warnings and disable encryption. The users of Truecrypt tend to be a savvy lot. They have the skills to decrypt data should that become necessary. Issuing a version with the encryption function disabled is nonsensical.

May 17, 2014

A Chat on Cybersecurity

Filed under: encryption, Firewall, OpenVPN, OpenWRT, security, Truecrypt, Windows — Robert Wicks @ 5:47 pm

I was recently interviewed by Manuel Lora for Liberty.me on the topic of cybersecurity. You can listen to it here.

Older Posts »

Create a free website or blog at WordPress.com.

%d bloggers like this: