Month: September 2023

Almost 2 years of gym work.

I believe I have the routine established by now and enjoy getting the dopamine fix. I had two goals when I began doing gym: one was to develop my physical capacity as in being able to walk longer, get some muscle tone and basically not collapsing after some moderate work at home. The second one was 100% vanity.

When you lose a boatload of weight, the skin does not retract neatly to cover your new physique, but a lot of it just hangs like and old oversized damp clothes. Exercise helps and in some cases a lot, but I have to come to the realization that some locations in my body will remain fugly no matter my better efforts.

I am proud on how my arms look and almost not having any of that hanging skin. My legs? Eh! not so much. My above-the-belly-button stomach is not doing bad, especially that I am torturing myself with abdominals after my hernia surgery. My lower belly? That is going to be either plastic surgery or one of them “sport performance compression shorts” which my wife jokingly (and admittedly truthfully) refers to “tactical girdle for men.”

And yes, I have at least a pair, but they do compress, and I have to keep going to the bathroom to pee.

The good news is that no naked selfies of me will be found in the Interwebs now or in the future.

New York City is F****ed

Video one:

And Video 2:

These videos have two things in common: They are about two-wheeled transportation and the migrants in question are Venezuelan. I can tell by their accent and slang they did not come from the best parts of their respective cities.

“Motorizado” in the Venezuelan slang means somebody who rides a motorcycle as basic mean of transportation, but it is more than that, it is a quasi-criminal culture. Is motorized ghetto behavior (Are you allowed to say ghetto anymore? Oh well) and they are a cancer impossible to remove in Venezuela.

I have posted some of their activities before:

 

Here it is raining, so they take over an overpass tunnel waiting for the storm to pas whil blocking all other traffic because, fuck you, we are Motorizados.

And the Government uses this mob culture to extend their grip on the population.

Motorizad0 Union (Chavistas)

And they do have the obligatory armed branch (Colectivos) in charge eliminate any counter revolutionary activity the government sees fit to suppress.

And the Motorizados are now settled in the Big Apple. That is going to be fun to watch.

 

Dear New York City: You are so fucked up.

 

Keeping Secrets

 

Today’s article is a heck of a ride. Buckle up, my friends. I’m sure some of you will agree with me, and others will not. Regardless, it’s an interesting and informative (and horrific) story that needs to be told, because I firmly believe it’s happening on many fronts. As with everything I write about, there are problems on both sides, and blame, and shame.

Virginia School Kept Teen Transition Secret

A Virginia high school student ran away from home and was sex-trafficked through multiple states — in part because her high school failed to tell the child’s parents she identified as a male and was relentlessly bullied for it, a suit alleges.

Anytime a media outlet starts with “sex trafficked through multiple states,” you know it’s going to be a shit show. I feel so bad for the child involved. There are so many failures in this, at so many levels, that it’s really difficult to lay it out. I’m going to try, though.

Read More

Malicious Compliance and Subpoenas

One of the dirty facts about technology is that it will always be used to abuse people.

Those wonderful field telephones? Yeah, they work just fine as a torture device.

The first photographs were interesting, but photography really took off when they started taking “pornographic” images.

The story is that the first really popular recordings were of women “talking dirty” or making “those sounds”.

The Internet is not really different, and before the internet, all the other methods used for transmitting data from computer to computer. As soon as the techies were able to actually visualize the data, they used it to send pornographic texts and images.

Unfortunately, one of the nasty types of filthy is child pornography. It exists on the Internet, and the good guys have been working to shut it down from day one.

I once owned an Internet Service Provider. A dial-up service. You would tell your computer to connect to the internet. It would call a modem at my service, and we would give you a temporary IP address for the duration of your call. Shortly after you disconnected, somebody else would dial in and get the same IP address.

When you connect to a remote computer over the internet, your computer has a unique, at that moment, IP address. That is how the remote computer knows where to send the responses.

When using certain security tools, you connect to a node. Your computer is now known to have connected to that particular node. That node then encrypts your incoming messages and sends it to another node in the secure network. At some point, your packet pops out of the secure network and goes to its final destination.

The remote computer then responds to your node by sending it back to the secure network, never knowing your IP address.

VPNs work similarly, but have other issues. The biggest of which is that there is a one-to-one mapping from your computer’s IP address to the address you are assigned while using the VPN. That mapping can be captured in logs.

How does this all relate to Subpoenas?

We got a couple from law-enforcement for records.

We did keep logs. I’m good at keeping logs. I use them to figure out who is doing things on my equipment and how that relates to over all services.

One of the cases was from Customs. The first thing it said was that we could not tell the target that we were going to be providing data. They then asked for all of our logs for an extended time period.

We told them, “No. You will provide enough information for us to do a targeted data retrieval.”

They then told us, “We are tracking child pornography.” I was all for that. I finally got them to give us specific time periods.

They wanted all the data for those periods. That is IP addresses to people.

We did our own analysis of those time periods, identified the one commonality, extracted that data, provided it to law enforcement.

We got back a “Thank You”. It made us feel good.

As a good service provider, I want to protect your data as much as possible. I do not allow law enforcement to go on fishing expeditions.

We also got a subpoena from the FBI. Again, they wanted all the records for an extended period. We contacted them and got nowhere. Our lawyers told us, “Give them what they asked for or go to jail.”

So we did. They had told us to “fax the logs” to them and gave us a toll-free fax number.

We pulled the data they were requesting. We randomized the order, so it was no longer in sequential order. This was then turned into PDFs. We applied a noise pattern to the PDFs, randomly flipped pages upside down, then hit the send button.

One of our modems called their fax and started talking FAX at it. Our software then proceeded to attempt to send 11,000+ pages of logs.

We got disconnected after about 200 pages. I reached out to the people at the FBI that were requesting the information and asked them what they wanted to do. They refused to answer.

So we told our computer to resend if it failed.

Five days later, they told us they no longer needed our logs.

In both cases, we went out of our way to:

  1. Make sure that the “request” we got from law enforcement was legit
  2. Make sure that the “request” was actually an order
  3. That the order legally required us to comply
  4. That the order was as limited in scope as it could be.
  5. That we did our utmost to protect our clients.

Liberty Safes done fucked up. They should have waited for a subpoena. Having gotten that subpoena, they should have responded and kept their mouths shut.

None of my safes or lock boxes have original combinations. For mechanical locks, this is good enough. The mechanical locks don’t have magic by passes. You can observe that yourself.

For keyed lock boxes, the locks have been replaced. The circular keys are fairly standard. I went to a locksmith in a different county and purchased replacement locks with cash.

That wasn’t paranoia. That was stupid on my part. I had lost the keys to my big lock boxes in a move and needed to get into them. I drilled the lock out, then was able to open them, since I destroyed the lock, I needed to replace them. Oh, the boxes were empty because we were moving them.

The locksmith I contacted was working out of a work truck that was close to me that day, he didn’t take credit cards, so I paid in cash.

I refuse to get biometric locks nor locks with electronic keypads. If they have biometric locks, then the courts can forcibly unlock them with you. Did you lock your phone with facial recognition? No problem, two burly cops hold you up, and they point your phone at you and “bing” it unlocks.

Did you use a fingerprint to lock your phone? Same thing, they just have to run your finger of the reader and they are in.

If it is electronic, then I have reliability concerns. And it suggests that there can be multiple allowed combinations. Many of the electronic pads come from the factory with an option for you to have multiple codes to unlock.

Now, this is a bit different from the High-end electronic locks. I’ve seen one where you spin the dial to generate enough electricity for you to then rotate the dial to enter the combination. The location of the numbers on the dial changes after each charge spin. Each time you enter a combination, it discharges.

This means that the owner can attempt to unlock it as many times as they need/want. The bad guy can’t use mechanical assistance.

Fuck DEFCON

Both on Twitter and in the comments of this blog have I seen the sentiment, “I hope DEFCON hack these locks.”

Fuck DEFCON.

I swear these people do more harm than good.

Yes, thete is value in a security company hiring hackers to test their products.

Having hobbiest hackers hacking stuff and then putting videos online, I think does more harm than good.

Everything comes at a price. The more secure something is, the more that security will cost.  Everyone has to decide what security they will accept at the price they’re willing to pay.

Perfection is the enemy of good enough.

Putting tips and tricks to compromise security systems online only puts at risk people who can’t afford the highest levels of security as the knowledge of how to hack it goes from esoteric to ubiquitous.

I don’t need DEFCON assholes figuring out how to open every Liberty safe and then posting that where every petty thief can find it.

Liberty or S&G might react by fixing that, but it puts the millions of people who already own Libery safes at risk.

 

Ronald Koons v. Attorney General New Jersey, ECF No. 107

Normally in one of these articles, I would be quoting their words, pointing out how horribly wrong the state is, how the state is cheating, lying or otherwise attempting to put their thumb on the scales of justice.

Not so today. The attorneys representing the Senate President and General Assembly Speaker do a good job of presenting their position.

INTRODUCTION

Senate President Nicholas P. Scutari and General Assembly Speaker Craig J. Coughlin (hereafter collectively “the Presiding Officers”) intervened in the action below. The Presiding Officers sought to present the perspective of the New Jersey Legislature in connection with its enactment of L. 2022, c. 131 (hereafter “Chapter 131”). As intervenors, the Presiding Officers fully participated in the preliminary injunction proceedings before the District Court. Presently, the Presiding Officers are appellees but are presenting argument on the side of the State Appellants.

By our opening brief to this Court, we presented three discreet legal arguments that are intended to supplement the principal arguments that are presented by the State Appellants. Our first argument addressed Plaintiffs’ challenge to Chapter 131’s designation of various “sensitive places” in which the carry of firearms is prohibited. Our second argument addressed Plaintiffs’ challenge to Chapter 131’s provision that generally requires gun-carry permit holders to procure liability insurance in connection with liability resulting from a gun incident. Our third argument addressed Plaintiffs’ entitlement to preliminary injunctive relief in light of the “harm to third parties” and “public interest” standards that are conditions precedent to the granting of such relief.

By this reply brief, we address and rebut Plaintiffs’ various contentions that were proffered against each of our three arguments.
ECF No. 107 Ronald Koons v. Attorney General New Jersey, No. 23-1900 (3d Cir.)

The form of these briefs is pretty set, a cover page that fully identifies the case and any cases that have been absorbed into this case, identification of the lawyers who are responsible for the document, theses are not always the person who wrote the brief, the person being represented, Table of Contents, Table of Citations/Authorities, introduction and optionally a summary of the argument, the arguments. That’s followed by other stuff, a conclusion and such.

In many of these briefs, the author uses the introduction and summary to make unsupported arguments and to attempt to set the stage for later misrepresentations.

This is the place where they attempt to put the ear bugs in place. The place where they give the judge(s) a limb to grab onto when they want to rule in a particular direction.

We saw all of that in the state’s official response. This brief doesn’t go down that path. It is very clean.

Read More