Saturday, September 28, 2013
Friday, September 27, 2013
In Keene, New Hampshire the Spirit of Robin Hood lives on and has begun to spread. A group of Voluntaryists, Libertarians, Anarchists, and generally friendly people have been walking the city streets spreading good cheer and having fun at the same time by feeding parking meters that are about to expire, thus depriving the government of an opportunity to rob/extort money from the good people of Keene. Take a minute to watch their excellent introductory video. It's well worth watching.
Now some of you may think that they are guilty of committing a crime- that the city is somehow entitled to collect a fine from those parking violators. For those people, the Robin Hood of Keene make an excellent point. They state that the people and the merchants pay taxes for the roads and the parking areas, the meters for those parking areas, and the salaries of the meter maids who then collect more money for parking and still even more from the parking violators. When is it enough?
If what these people are doing is a crime, then I'd like to present this video, which was John Hickenlooper's campaign ad from 2003, when he was running for Mayor of Denver.
Please take another 30 seconds to watch this.
Thursday, September 19, 2013
Once again, we see that government is NOT concerned with your safety, the safety of the public, logic, or reason. They are only concerned with maximizing the amount of money they can steal from you through extortion and increasing their power.
This is an extremely good video on the subject and quite entertaining also. I highly suggest that everyone take the time to watch it.
Sunday, September 15, 2013
Friday, September 13, 2013
Every Veterans Day, Memorial Day, Pearl Harbor Day, as well as every September 11th and every other occasion, we are reminded to always give thanks to the men and women in uniform who fought and died in order to secure our freedom. The government spends millions of dollars (of your money) to build memorials and advertise this message of soldiers providing for and securing your freedom.
Yet, at the same time we see that our government is not very concerned at all with our freedom. The United States holds the largest prison population on earth - by a long shot. Despite having only 5% of the world's population, 25% of all the world's prisoners are in the United States. Nearly 200,000 pages of federal laws dictate our behavior, and our jurisprudence operates under the premise that "ignorance is no excuse" for violating any of these laws. Each January 1st, every American is subjected to over 40,000 new laws - that's a lot to try to keep track of. Couple this with the massive NSA spying programs, warrant-less searches and seizures, DEA spying programs, and militarization of our police and you see that liberty is not anywhere on the government's agenda.
Every aspect of our lives is regulated and governed by bureaucrats, legislators, and an alphabet soup of government agencies at local, county, state, and federal levels.
So why does the government keep spending money telling us about how our military secures and defends our freedom?
The military operates under the command of the same people who heap these burdensome laws that continue to enslave us further and further. The reason the government tells us that the military gives us freedom is because THEY are the military. They control the military - the military works for the politicians. Now, this is where many people will get upset and beg to disagree, stating that the military works to uphold the Constitution, etc. However, the Constitution states that the military operates under the civil power and that the President of the United States is the Commander in Chief of the Armed Forces. Alright, well the "civil power".. that's the People right? Yes, the People through their representatives in Congress. Yep, the politicians!
Few would argue that the government gives us freedom. Yet at the same time, they will argue that the soldiers fought and died for our freedom. These two statements are contradictory. If we owe our freedom to our soldiers, then we owe that same freedom to the politicians who command the soldiers.
On July 4, 1776, the Colonial Congress sent a letter to King George III declaring their independence from Britain. King George sent his armies against his own people to attempt to bring them back into subjugation to his crown. The Colonialists ended up fighting against their soldiers in order to secure their freedom. Freedom did not come from soldiers. It came from farmers, merchants, blacksmiths, brewers, and tradesmen. The soldier was their to take away the freedom of the people, not to give it to them.
Throughout history, the soldier's role has always been to deprive people of freedom. It is only through the government's use of Newspeak that the idea of a soldier providing the people with Liberty could ever remotely be considered.
Reading this, I'm sure most readers will be appalled and angry with my words. If you are one of these, ask yourself if your emotional reaction is due to logic and reason? Or is it due to the fact that this goes against everything you have been conditioned to believe?
The founding fathers spoke of a standing army as the biggest affront to liberty (aside from a central bank). Who is right? The Ad Council and Veteran's organizations who venerate our standing army or the founders who warned us against it?
U.S. 'backed plan to launch chemical weapon attack on Syria and blame it on Assad's regime'
- Leaked emails from defense contractor refers to chemical weapons saying'the idea is approved by Washington'
- Obama issued warning to Syrian president Bashar al-Assad last month that use of chemical warfare was 'totally unacceptable'
Thursday, September 12, 2013
9.04.2013, 15:11 PM
California county votes to secede from state
The Siskiyou County Board of Supervisors voted 4-1 on Tuesday for a declaration of secession from the state of California.
These are uncivil times in Northern California.
The Siskiyou County Board of Supervisors voted 4-1 on Tuesday in favor of a declaration of secession from the state.
Citing a lack of representation in the California legislature, as well as new annual fees for fire service to the county’s remote, rural areas, the board passed the declaration in front of approximately 100 residents, most of whom voiced support for the measure.
"I haven't had one contact in regard to this issue that's in opposition," Supervisor Michael Kobseff told the Redding Record Searchlight.
RELATED: SECESSION PETITIONS GAIN STEAM
Many in attendance also said they planned to try and drum up support in neighboring counties in Northern California and Southern Oregon to form a new state called Jefferson.
In Humboldt County, Supervisor Rex Bohn, seems to be on board with the secession plan.
Many residents in rural Northern California want to form a new state called Jefferson with surrounding counties.
Many residents in rural Northern California want to form a new state called Jefferson with surrounding counties.
"I was one of the people who thinks the state of Jefferson wasn't a bad idea," Bohn told the Record Searchlight. "There has been a total lack of respect of our water rights and the fire fee. Those things may not be important to the rest of the state, but it's important to us."
The idea for the formation of a new state called Jefferson stems back to the 1940s, when local residents pressed the California legislature to improve the local roads in the remote northern regions of the state.
RELATED: ‘NORTH COLORADO’ RESIDENTS WANT TO CREATE 51ST STATE
The area is also decidedly more conservative than much of the state.
"Many proposed laws are unconstitutional and deny us our God-given rights," Gabe Garrison of Happy Camp said at the meeting. "We need our own state so we can make laws that fit our way of life."
Supervisor Ed Valenzuela, the lone supervisor to vote against secession, said he could not support the measure because he had taken a vow to uphold the state constitution.
"I signed on to work within the system I know," he said. "I don't like it, I don't agree with it all the time, but ... I did sign up for that and I will continue to do so."
For now, the board of supervisor’s vote is unlikely to have much actual bearing on California’s future because the move to secede would need to be passed by the state legislature and by Congress.
Tuesday, September 10, 2013
Monday, September 9, 2013
Sunday, September 8, 2013
Building a PGP web of trust that people will actually use
There are two basic ways to solve the problem - first, all users can register with a central authority who vouches for their identity. This is the model used by SSL certificates, and it's worse than useless. Despite the illusion of security they provide, certificate authorities are routinely subverted by governments and other types of criminals, and there is little that a user can do to avoid this weakness inherent to a centralized model.
The web of trust concept is based on the idea of decentralized trust and social networks. Instead of trusting Verisign to validate identities, you validate the identities of the people you know and export this information to a public database. Then you rely on you friends to vouch for the people they know, and those friends to vouch still more people, and so on until you can create a trust chain between any two arbitrary identities.
This approach avoids the inherent problems of central authorities, but in practice virtually nobody uses it outside the open source software community, and even there it is hit or miss. The rest of this articles is going to discuss two reasons for the failure to deploy this technology, and how to solve them. First, the problems:
- The software tools are hard to use, even for experts. As as result, even people who understand how important it is usually don't bother.
- Usability failures of privacy software should be regarded as possessing the same degree of severity as algorithmic or code failures, because there is no difference in practice between a message that is sent in cleartext because encryption was too hard and one that was decrypted by an adversary due to an implementation flaw.
- The definition of "identity" in a cryptographic sense does not directly map to how our brains naturally process it, and this impedance mismatch has never been addressed successfully.
- Most users of personal encryption can't explain what they are actually verifying when they sign another person's public key.
What is Identity?The stereotypical way that PGP users build out the WoT is via a key signing party. A group of people who meet in person, typically at a software conference, and exchange public keys. They they sign the public keys they collect and (hopefully) remember to upload those signatures to key servers where they can be used by others. The amount of identity verification that is applied is highly inconsistent. Some people might verify the government-issued ID card of the person handing them a key (or a key fingerprint), others might just blindly sign anything that gets handed to them. Most frequently of all, however, is that the key signing party never happens at all.
If we assume the purpose of a WoT is to unambiguously and unimpeachably map public keys to human beings, there are two ways in which the typical key signing party fails.
- The mere presentation of a public key or a key fingerprint does not prove the person delivering it actually controls the associated private key. The only way to such ownership may be proved is if the person can sign data on the spot which could not have been predicted ahead of time.
- Government issued ID cards are useless when it comes to what we actually mean when we talk about about identity. For example, I could meet someone at a key signing party with a valid government-issued ID card containing the name "Linus Torvalds". In principle, I could meet an arbitrarily high number of unique people all sharing that same name. They won't all be the Linus Torvalds, though.
The signatures that form the basis of the existing WoT are thus useless because they don't certify the right data - the data that forms the basis for how we actually understand identity. Before we can have an effective WoT, one that normal people are willing to use, we first need a well-defined method of representing identity that matches our intuitive understanding.
Getting Identity Right
We also need to take advantage of mobile computing technology. Secure key exchange has to occur through tamperproof channels, and there's no way to achieve that in practice except in person. 22 years ago nobody had a smartphone and not many had laptops, but now enough people own smartphones that our key exchange protocols can rely on their capabilities.
The rest of this proposal assumes that we can trust the hardware we own. This is a known-false assumption, and an urgent problem, but solving it is something that will have to be handled via other efforts.
Given a more through understanding of the nature of identity, and with the understanding that the protocol must prioritize usability at least as much as cryptographic integrity, let's approach the problem by building an enjoyable social networking game that just happens to build a secure WoT as a side effect.
Imagine a social networking site called "iMet". The way it works is that users register on this account, and fill out facts about themselves. The facts could be serious like the kind you'd put on LinkedIn, or frivolous like most Facebook posts. Users "friend" other users by meeting them in person and using a smartphone app to certify. They are then presented with a list of facts about the person they just met which can be answered as true, false, or unsure. Their scores go up based on the number of people they met, and the accuracy of their answers. Users can also compete with their friends for obtaining the shortest path to famous or otherwise noteworthy people. Properly implemented, this application sufficiently fun and compelling such that people would participate for its own sake, without needing to care about cryptography.
Behind the scenes, however, these interactions can be leveraged to build a secure WoT. When users "iMeet" with their smartphones they are actually performing a secure key exchange over NFC or camera/QR code, whichever is available and most convenient.
The specific facts are represented as text strings. When users answer questions about other users, their clients sign a (key id, string, ACK/NACK, date) tuple. These tuples are publicly searchable and can be used by PGP clients for WoT calculations.
Usability detailsAnyone who has ever tried to put user-supplied information into a database knows that regular people are terrible at structuring data. This protocol allows for user-supplied arbitrary text strings, but an actual implementation should go to great lengths to sanitize their inputs first. For example, the UI should ask for common facts, such as birth date, and format them in an agreed-upon way.
Another problem is that most people don't understand the difference between time-variant and time-invariant facts. My date of birth is time-invariant. Most of the other facts which form my identity are not. The text strings should be formatted in a way that time-variant facts can be sanely represented and verified. The UI should not accept a "street address" fact without an associated date range. When I certify my friend's street address, by default my signature should be interpreted to mean "true as of the date of the signature", unless I specify otherwise. Clients who are parsing the public database must be able to intelligently handle the time element of truth.
- Cheating by manually creating signatures without actually meeting in person: is this an actual problem, and if so, how could it be fixed?
- Distribution of data: Will there be just one site handling all this data, or will it be distributed somehow?
- If there are multiple providers, how to you make sure data is globally available?
- If there is a single provider, how do you prevent the CA failure mode?
What do we do with it?
- Encrypted communications
- Personal clouds
- Website logins