What were they thinking?

The Clinton email scandal continues to deteriorate. Most people following the issue will be aware of the review by the inspector general which was released yesterday. In part it said:

Two staff in S/ES-IRM reported to the OIG that, in late 2010, they each discussed their concerns about Secretary Clinton’s use of a personal email account in separate meetings with the then-Director of S/ES-IRM. In one meeting, one staff member raised concerns that information sent and received on Secretary Clinton’s account could contain Federal records that needed to be preserved in order to satisfy Federal recordkeeping requirements. According to the staff member, the Director stated that the Secretary’s personal system had been reviewed and approved by Department legal staff and that the matter was not to be discussed any further. As previously noted, OIG found no evidence that staff in the Office of the Legal Adviser reviewed or approved Secretary Clinton’s personal system. According to the other S/ES-IRM staff member who raised concerns abut the server, the Director stated that the mission of S/ES-IRM is to support the Secretary and instructed the staff never to speak of the Secretary’s personal email system again.

Emphasis added.

Ms.Clinton has also publically stated it was reviewed and approved. There are lots of other damning items in the review. And we haven’t even seen the results of the FBI investigation yet. Interesting time are ahead for “Crooked Clinton”.

But unless you “have your finger on the pulse” of some other sources you wouldn’t know that some really mindboggling stupid computer security practices were in place at the Clinton residence:

According to historic Internet address maps stored by San Mateo, Calif. based Farsight Security, among the handful of Internet addresses historically assigned to the domain “clintonemail.com” was the numeric address 24.187.234.188. The subdomain attached to that Internet address was….wait for it…. “printer.clintonemail.com“.

Ronald Guilmette, a private security researcher in California who prompted me to look up this information, said printing things to an Internet-based printer set up this way might have made the printer data vulnerable to eavesdropping.

“Whoever set up their home network like that was a security idiot, and it’s a dumb thing to do,” Guilmette said. “Not just because any idiot on the Internet can just waste all your toner. Some of these printers have simple vulnerabilities that leave them easy to be hacked into.”

More importantly, any emails or other documents that the Clintons decided to print would be sent out over the Internet — however briefly — before going back to the printer. And that data may have been sniffable by other customers of the same ISP, Guilmette said.

“People are getting all upset saying hackers could have broken into her server, but what I’m saying is that people could have gotten confidential documents easily without breaking into anything,” Guilmette said. “So Mrs. Clinton is sitting there, tap-tap-tapping on her computer and decides to print something out. A clever Chinese hacker could have figured out, ‘Hey, I should get my own Internet address on the same block as the Clinton’s server and just sniff the local network traffic for printer files.’”

I repeat, “Whoever set up their home network like that was a security idiot…”. It’s stupid to route your printer traffic via an outside network unless you are only printing the most vanilla of materials and need for people in the outside world to use your printer. Clinton had material on her email server that was highly classified. If she used the printer in this way it’s difficult to imagine that her printer traffic was not intercepted by unauthorized people. This is, in part, because whoever created the amazingly insecure system, essentially, advertised it to the public with the public subdomain records.

People need to go to jail over this.

Our country is in the best of hands.

Windows phone just got killed

As if there was any doubt this should settle the issue:

Microsoft is bowing out of building its own phones for consumers. After dramatically scaling back its Lumia devices last year, Microsoft hammered the final nail in the coffin today with an additional $950 million write off and 1,850 more job losses. Microsoft’s Lumia devices still account for more than 95 percent of all Windows phones sold, but a lack of new devices means sales and Windows Phone market share have declined sharply over the past year. Windows Phone is dead, and phone makers aren’t interested in reviving it.

I need to start porting my apps (Field Ballistics and As the Crow Flies) to the iPhone or Android so when my current phone dies I’ll still be able to use them with my new phone.

Use the known cure, not security theater

Via Bruce Schneier we have this extremely timely and fascinating article, The Evolving Challenges for Explosive Detection in the Aviation Sector and Beyond:

Another misnomer propagated largely in the press is that these type of explosives threats are not detectable with currently deployed technologies. This is false. The latest generation ETDs, when used in combination with the latest X-ray technologies, are generally excellent at detecting TNT, plasticized explosives such as C-4, PETN (Detasheet), and Semtex. This powerful combination of technologies should catch these explosives threats, even if it were concealed in the electronics of a laptop, because ETD swabs can detect minute amounts of residue.

Even an amateur chemist doesn’t have to think about this topic much to come up with explosives that are undetectable with the latest generation of explosive trace detection (ETD) equipment. As near as I can tell things I pointed out nearly nine years ago are still vulnerabilities.

The OIG also reported last summer that tests of the screening system showed that 95 percent of attempts to smuggle weapons through U.S. checkpoints were successful.

This has actually gotten worse since they started prohibiting weapons on board over 40 years ago. They should just give up on this and let passengers defend the cabin.

The reality of our current war on terrorism is that the costs are inversely correlated. Terrorists can use inexpensive but highly effective means to attack high-value and highly protected targets, forcing governments to take stricter and more costly measures to provide protection. Their model scales while ours becomes more difficult to sustain. Until we are successful in changing the paradigm in which cheap terrorism is effective terrorism, we need to be prepared to continue to invest in technologies and processes that make it more difficult for them to succeed.

Emphasis added. I agree with this. We must change the paradigm. We currently have nothing but security theater.

We are spending trillions of dollars and have nothing of substance to show for it. Those resources could, and should, have been spend in some serious elimination of terrorists rather than attempting to make it incrementally difficult for them at exponential costs to us. We have the resources and technology to make it exponentially expensive for them at incremental cost for us. We have a ruthless enemy who is willing to murder untold numbers of innocent people. We dealt with cultures like this in WWII and fundamentally changed their mindset to make the culture more tolerant to people who were different from them. These intolerant, evil, enemies are now tolerant, functional, members of a world society. It’s time to treat our current enemy with the known cure for evil.

I’m skeptical of computer overlords

This is an interesting idea:

For too long we have watched as automation has cost us blue-collar jobs. Automating government, and getting rid of the politicians and lawyers is something I could really get behind. For a while, there would be an increase in embezzlement, ponzi schemes, cons, thefts, and other non-confrontational crime, as the politicians and lawyers sought out new employment consistent with their psychologies, but once they were all behind bars, the world would be a considerably better place.

But there are a lot of other things to consider as well. Government is power. And people with pay a lot to have access to that power. Detecting the existence of and finding the source of corruption in a computer system may be far more difficult than when you are dealing with people.

Open source and independently operated systems may mitigate the risks. I’ll have to think about this some more… A LOT more.

Quote of the day—Margaret Hamilton

Due to an error in the checklist manual, the rendezvous radar switch was placed in the wrong position. This caused it to send erroneous signals to the computer. The result was that the computer was being asked to perform all of its normal functions for landing while receiving an extra load of spurious data which used up 15% of its time. The computer (or rather the software in it) was smart enough to recognize that it was being asked to perform more tasks than it should be performing. It then sent out an alarm, which meant to the astronaut, “I’m overloaded with more tasks than I should be doing at this time and I’m going to keep only the more important tasks; i.e., the ones needed for landing.” …Actually, the computer was programmed to do more than recognize error conditions. A complete set of recovery programs was incorporated into the software. The software’s action, in this case, was to eliminate lower priority tasks and re-establish the more important ones…If the computer hadn’t recognized this problem and taken recovery action, I doubt if Apollo 11 would have been the successful moon landing it was.

MargaretHamilton1MargaretHamilton2

Margaret Hamilton
December 25, 2014
Margaret Hamilton, the Engineer Who Took the Apollo to the Moon
[H/T to Roberta X.

The quote above is just a small part of a great story about Hamilton. I like software, I like space exploration, I like smart women. I loved the story.

Thanks Roberta.—Joe]

Quote of the day—Rob Perkins

If you don’t have explicit material displayed full-screen on your monitor, that’s how we know you’re not working.

Rob Perkins
May 12, 2016
Psssst: This Website Is Guaranteed to Make You Better at Sex
[Hmmm… Helping more women have more orgasms. And here I thought my current job was just about as good as it gets.—Joe]

Quote of the day—Sebastian

I’m becoming more convinced that free people need a frontier, because without one, eventually, the meddlers, swindlers, and sycophants of the world catch-up to us.

Sebastian
April 25, 2016
Science Nerd Post: Reactionless Drive
[I’m in general agreement but things will have to get a lot worse here before living on a distant rock under a dome with a huge portion of your economic output consumed just to stay alive. And without an industrial base to produce medicine, electronics, vehicles, buildings, I can’t see it being able to be independent and have anything approaching the quality of life we have here.

If there were a terraformed planet with a population of a million or more with incredibly accessible natural resources I could see it being plausible. But it becomes a chicken and egg problem. Terraforming and industry building robots might be the answer. I remain a skeptic for now and believe the better, at least short-term, option is to fix things on our existing rock.—Joe]

ZORE X, a high tech gun lock

I received an email the other day:

Hello Joe.

My name Is Yachdav. I’m part of an Israeli team that developed a unique gun lock called ZORE X.

Our bullet shaped lock prevents the gun from being charged and when unlocked it ejects by just charging the gun. It also notifies the gun owner if someone tampers with their gun. Is this something you’d write / post about?
We believe ZORE X will save many lives by both preventing unauthorized use of guns and at the same time making guns more accessible for their gun owners when they need them.

This is our website: http://zore.life/
This is 1 minute a video showing our lock: http://zore.life/youtube

I’m attaching some material about us. I’d be happy to send you more information about ZORE if you’d like.

Thank you very much,

Yachdav

I watched the video and was bit annoyed with the falling brass without primers from the simulated gunfire but my only real concern was battery life and how they handle the dead battery situation. I read their FAQ and found:

What if my battery runs out, will my gun disable with no way of opening it?

No.

  1. Your battery will last for more than a year.
  2. Three months before your battery drains, ZØRE will send you notifications, reminding you to change your battery.
  3. One month before the battery drains, when unlocking ZØRE, it will not allow you to re-lock without changing the battery.
  4. In addition, you are able to set your ZØRE to open automatically before draining out.
  5. If your battery drains out nonetheless, you are able to connect an external battery to give it power, enabling you to dial your code and open it.

And:

What if someone removes the battery from my ZORE?

That is impossible – as long as your gun is locked, no one can remove the battery from your ZORE. The battery is only accessible when ZORE is open.
The battery is accessible only when ZØRE is open. Therefore, when your gun is locked, no one can take the battery out of your ZØRE.

All my concerns about “smart guns” (this isn’t really a smart gun, but it achieves some of the worthy goals of them) were well addressed except for the potential to have them become government mandated. I liked the phone app that tells you if someone has moved (probably accelerometer based, it doesn’t use GPS) your gun. The app also allows you to unlock the gun remotely and helps you train to get to your gun and unlock it quickly.

It would appear to be a good solution for many situations.

Update: I received another email after they read my blog post above. Here is most of the email:

It is important for me to say that the option of government mandating it is something we gave a lot of thought to.

We wanted to make sure there’s no [way] to force anyone to use it – that’s how we came to the conclusion we must separate the lock from the gun itself (or from the magazine – anything that’s involved in actually using the gun).

We’re a company that strongly believes in freedom – and ZORE X’s market is people who make the choice of locking their gun, enabling them a reliable and fast to remove solution. For those who don’t lock their gun – ZORE X is irrelevant. We are making a notification-only device that might be relevant for some of those people – but we intentionally avoided making a products that could [not] bring with it any type of legislation.

I’m attaching pictures of the ZORE Watchdog.

Thanks again,
Yachdav
clip_image002clip_image004clip_image006

Update the software on your Apple device

Just setting the clock on your Apple device to January 1, 1970 will permanently brick it. And it overheats as it dies…

By setting up your own time server and Wi-Fi hotspot it can be done remotely to most Apple devices that come within range.

Update your Apple device software. Or, considering using it to fry an egg on as it’s last functional activity.

Consolation prize

This is very, very cool:

Russian billionaire Yuri Milner plans to spend $100 million over the next few years to begin developing the technology needed to build a giant laser array to propel swarms of postage stamp-size spacecraft off on 20-year-long interstellar flights to Alpha Centauri, the nearest star to the sun, the internet investor announced Tuesday.

The tiny 1-gram nanocraft, or “StarChips,” would be equipped with small, ultra-thin light sails and accelerated, one at a time, to 20 percent the speed of light by a powerful half-mile-wide array of ground-based lasers, boosting them to a cruise velocity of some 37,200 miles per second in a few minutes.

From that point on, the tiny spacecraft would sail on their own across the immense 4.3-light-year — 25-trillion-mile — gulf, flying through the Alpha Centauri system about 20 years after launch. Each surviving “spacecraft on a chip” would snap pictures and beam the data back to Earth using tiny on-board lasers, the faint signals arriving four years later.

The G-forces are very high and that would make scaling it up to be a manned starship a huge challenge:

The collimated beam hitting the sail of a nanocraft would accelerate it to cruise velocity in about two minutes, he said, briefly subjecting the craft to 60,000 times the force of Earth’s gravity

When Neil Armstrong landed on the moon in 1969 I expected I would be alive to see colonies on the moon and perhaps even visit the moon myself. That seems very unlikely at this point. But it’s plausible that I will be alive to see the pictures taken from within a million miles from Alpha Centauri. That’s something I didn’t imagine and is a certain amount of consolation.

Quote of the day—Jan Koum

I think this is politicians, in some ways, using these terrible acts to advance their agendas. If the White House thinks that Twitter can solve their ISIS problem, they’ve got (a lot of problems).

Jan Koum
April 4, 2016
Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People
[Yes. And the same is true of gun control, a lot of banking laws, tax law, and probably 1000 or more other things. WhatsApp is just exploiting a small chink in the armor.

Government back doors to communications violates The Jews in the Attic Test. WhatsApp intent is to keep communication private. This is no small task. I’m certain it is private from your local police force, snoopy neighbors, and most employers. But if a billion people use it that is a very juicy target for nation states. Such a high value target will justify an enormous expenditure of resources to break it. I expect it is only a matter of time before it is broken. But that doesn’t mean that it will stay broken or that gaining access to each conversation isn’t very expensive and cost prohibitive except in extremely important situations.

That said, I have WhatsApp installed on my phone.—Joe]

3D printer tech

I found this (H/T to Anonymous Conservative) interesting:

the only 3D printing systems in the world capable of automatically reinforcing engineering plastics to aluminum levels of performance and beyond, right on your desktop.

Aluminum levels of performance? That probably doesn’t include all parameters and all grades of aluminum but I could imagine it being good enough for a gun barrel accurately shooting hundreds of rounds of low speed, soft lead bullets before needing to be replaced. And if the gun was made correctly replacing the barrel could be quick and easy.

Speer Gold Dot Short Barrel expansion test

I recently hand loaded some 180 grain “Gold Dot® Short Barrel®” rounds in .40 S&W. Yesterday I did the promised “chronograph and water jug testing”. Here are the results:

Powder: 3.9 grains of Bullseye
Primer: WSP
OAL: 1.132

10 shots over the chronograph from 10 feet away.

Minimum velocity: 814 fps
Maximum velocity: 864 fps
Mean velocity: 838.1 fps
Standard deviation: 15.5 fps
Power Factor: 150.86

The water filled milk jug test was to determine if the bullets would expand at this relatively low velocity. The 0.401 bullet expanded to just under 0.6 and retained nearly 99% of it’s mass:

IMG_5327Cropped

WP_20160306_15_14_58_ProCroppedIMG_5324Cropped

IMG_5322Cropped

This is very good.

Brother Doug was a little worried that with the lower velocity perhaps a non-expanding bullet would be better for self defense because of the better penetration. Would it penetrate deep enough to “do the job”? I didn’t have any ordinance gelatin but my guess is that it penetrates just fine. They fully traversed three one gallon milk jugs filled with water. This is just under 18 inches of water.

I didn’t expect it would penetrate that far and for my first shot I only used two jugs for depth and put one on each side of the rear jug in case the bullet didn’t go straight after hitting the first jug:

IMG_5297

It fully penetrated the two jugs and I was unable to find the bullet in the berm.

The second time I changed the configuration to just three jugs lined up in a row:

IMG_5302Cropped

Again the bullet penetrated all the jugs but I found the bullet just sitting on the ground behind the jugs.

Quote of the day—Matthew Green (@matthew_d_green)

If the US government dictating iPhone encryption design sounds ok to you, ask yourself how you’ll feel when China demands the same.

Matthew Green (@matthew_d_green)
Tweeted on February 17, 2016
[H/T to Tyler Durden.

Of course, as I posted before, Lyndon Johnson once said:

You do not examine legislation in the light of the benefits it will convey if properly administered, but in the light of the wrongs it would do and the harms it would cause if improperly administered.

The problem being that it is difficult for many people to see the “unintended consequences” in foresight. If there is the possibility of a good outcome they will focus on that. In a lot of ways it’s like gun control. “People might be safer if guns are banned because the bad guys won’t have guns to commit crimes with.” Overlooking that the good guys won’t have guns to defend against the bad guys with.

The gun control analogy is an even a better fit when you remember that at one time the U.S. government insisted encryption was a “munition” and was mostly banned from export. It would seem to me that if the Second Amendment were well respected by Congress and the courts then a good lawyer could make the case government resistant encryption is protected by the Second Amendment as much or more so than it is by the First Amendment.—Joe]

Speer Gold Dot Short Barrel

As I mentioned a couple times before Speer makes a self-defense bullet intended for lower velocity loadings. They call it “Gold Dot® Short Barrel®”. I needed these for handgun students with difficulty handling factory loads. I loaded 301 rounds (I purchased three 100 round boxes and ended up with 301 bullets) over 3.9 grains of Bullseye and delivered 100 rounds to one of my students last Saturday.

Here is what the 180 grain bullets look like in .40 S&W:

IMG_5293

IMG_5295

I’m expecting a velocity of about 850 fps at the muzzle with my STI DVC (5 inch barrel). This compares to about 1025 fps with 180 grain Winchester Rangers out of the same gun. The difference in recoil is significant.

I’ll run them over a chronograph and do some water jug testing (only valid for simple expansion testing) the first chance I get.

Quote of the day—Tim Cook

The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

Tim Cook
February 16, 2016
A Message to Our Customers
[Such a concession to the government would fail The Jews In The Attic Test. No further discussion is required.—Joe]

Code practice oscillator

Roberta just posted about telegraph keys and coincidently I ran across this as I was continuing to unpack boxes that hadn’t been touched in 20 or 30 years:

CodePracticeOscillator

The battery is new and that is all it took to make it functional. It’s a code practice oscillator that Brother Doug and/or I built back in the late 60’s or early 70’s. Once upon a time we put in a half-hearted effort to learn Morse Code but neither of us succeeded at learning the skill.

This will be interesting

Cosmic breakthrough: Physicists detect gravitational waves from violent black-hole merger:

Scientists announced Thursday that, after decades of effort, they have succeeded in detecting gravitational waves from the violent merging of two black holes in deep space. The detection was hailed as a triumph for a controversial, exquisitely crafted, billion-dollar physics experiment and as confirmation of a key prediction of Albert Einstein’s General Theory of Relativity.

It will also inaugurate a new era of astronomy in which gravitational waves are tools for studying the most mysterious and exotic objects in the universe, scientists declared at a euphoric news briefing at the National Press Club in Washington.

“Ladies and gentlemen, we have detected gravitational waves. We did it!” declared David Reitze, the executive director of the Laser Interferometer Gravitational-wave Observatory (LIGO), drawing applause from an  audience that included many of the luminaries of the physics world. The briefing was watched around the world by physicists who have long waited for such a detection.

I’m hoping this will lead to the development of “warp drive”.