In a blog post, cryptographer Matthew Green summarized the technical problems
with this GCHQ proposal. Basically, making this backdoor work requires not only changing the cloud computers that oversee communications, but it also means changing the client program
on everyone’s phone and computer. And that change makes all of those systems less secure. Levy and Robinson make a big deal of the fact that their backdoor would only be targeted
against specific individuals and their communications, but it’s still a general backdoor that could be
used against anybody.
The basic problem is that a backdoor is a technical capability — a vulnerability — that is available to anyone who knows about it and has access to it. Surrounding that vulnerability
is a procedural system that tries to limit access to that capability. Computers, especially internet-connected computers, are inherently hackable, limiting the effectiveness of any
procedures. The best defense is to not have the vulnerability at all.
…
Lest we ever forget why security backdoors, however weasely well-worded, are a terrible idea, we’ve got Schneier calling them out. Spooks in democratic nations the
world over keep coming up with “innovative” suggestions like this one from GCHQ but they keep solving the same problem, the technical problem of key distribution or
key weakening or whatever it is that they want to achieve this week, without solving the actual underlying problem which is that any weakness introduced to a secure
system, even a weakness that was created outwardly for the benefit of the “good guys”, can and eventually will be used by the “bad guys” too.
Furthermore: any known weakness introduced into a system for the purpose of helping the “good guys” will result in the distrust of that system by the people they’re trying to
catch. It’s pretty trivial for criminals, foreign agents and terrorists to switch from networks that their enemies have rooted to networks that they (presumably) haven’t, which tends to
mean a drift towards open-source security systems. Ultimately, any backdoor that gets used in a country with transparent judicial processes becomes effectively public
knowledge, and ceases to be useful for the “good guys” any more. Only the non-criminals suffer, in the long run.
With each tap, a small electrical current passes from the screen to her hand. Because electricity flows easily through human bodies, sensors on the phone register a change in voltage
wherever her thumb presses against the screen. But the world is messy, and the phone senses random fluctuations in voltage across the rest of the screen, too, so an algorithm
determines the biggest, thumbiest-looking voltage fluctuations and assumes that’s where she intended to press.
Figure 0. Capacitive touch.
So she starts tap-tap-tapping on the keyboard, one letter at a time.
I-spacebar-l-o-v-e-spacebar-y-o-u.
…
I’ve long been a fan of “full story” examinations of how technology works. This one looks and the sending and receipt of an SMS text message from concept through touchscreen, encoding
and transmission, decoding and display. It’s good to be reminded that whatever technology you build, even a “basic” Arduino project, a “simple” website or a “throwaway” mobile app,
you’re standing on the shoulders of giants. Your work sits atop decades or more of infrastructure, standards, electronics and research.
Sometimes it feels pretty fragile. But mostly it feels like magic.
If you’re reading this post via my blog and using a desktop computer, try opening your browser’s debug console (don’t worry; I’ll wait). If you don’t know how, here’s instructions for Firefox and instructions for Chrome. Other browsers may vary. You ought to see something like this in your
debugger:
The debug console is designed to be used by web developers so that they can write Javascript code right in their browser as well as to investigate any problems with the code run by a
web page. The web page itself can also output to the console, which is usually used for what I call “hello-based debugging”: printing out messages throughout a process so that the flow
and progress can be monitored by the developer without having to do “proper” debugging. And it gets used by some web pages to deliver secret messages to any of the site users who open
their debugger.
Facebook writes to the console a “stop” message, advising against using the console unless you know what you’re doing in an attempt to stop people making themselves victims of
console-based social engineering attacks.
Principally, though, the console is designed for textual content and nothing else. That said, both Firefox and Chrome’s consoles permit the use of CSS to style blocks of debug output by using the %c escape sequence. For example, I could style some of a message with italic text:
>> console.log('I have some %citalic %ctext', 'font-style:
italic;', ''); I have someitalictext
Using CSS directives like background, then, it’s easy
to see how one could embed an image into the console, and that’s been done before. Instead, though, I wanted to use
the lessons I’d learned developing PicInHTML 8¾ years ago to use text and CSS
(only) to render a colour picture to the console. First, I created my template image – a hackergotchi of me and an accompanying
speech bubble, shrunk to a tiny size and posterised to reduce the number of colours used and saved as a PNG.
The image appears “squashed” to compensate for console monospace letters not being “square”.
Next, I wrote a quick Ruby program, consolepic.rb, to do the hard work. It analyses each pixel of the image
and for each distinct colour assigns to a variable the CSS code used to set the background colour to that colour. It looks for
“strings” of like pixels and combines them into one, and then outputs the Javascript necessary to write out all of the above. Finally, I made a few hand-tweaks to insert the text into
the speech bubble.
The resulting output weighs in at 31.6kB – about a quarter of the size of the custom Javascript on the frontend of my site and so quite a
bit larger than I’d have liked and significantly less-efficient than the image itself, even base64-encoded for embedding directly into the code, but that really wasn’t the
point of the exercise, was it? (I’m pretty sure there’s significant room for improvement from a performance perspective…)
What it achieved was an interesting experiment into what can be achieved with Javascript, CSS, the browser console, and a little
imagination. An experiment that can live here on my site, for anybody who looks in the direction of their debugger, for the foreseeable future (or until I get bored of it). Anybody with
any more-exotic/silly ideas about what this technique could be used for is welcome to let me know!
Update: 17 April 2019 – fun though this was, it wasn’t worth continuing to deliver an additional 25% Javascript payload to every
visitor just for this, so I’ve stopped it for now. You can still read the source code (and even manually run it in the console) if you like.
And I have other ideas for fun things to do with the console, so keep an eye out for that…
An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.
…
I’m pretty impressed with this resource. It’s a little US-centric and I would have put the suggestions into a different order, but many of the ideas on it are very good and are
presented in a way that makes them accessible to a wide audience.
During that time I’ve repeatedly tried to contact CO both through this site and through Go Active Oxfordshire (to report this as probably-missing and to volunteer to help with its
future maintenance if they want to bring it back to life), but never received a response.
I strongly suspect that this cache is abandoned by the organisation that set it up. I’m reaching out to them today, one last time, but if they don’t respond then I suggest that this be
considered for archiving by an administrator.
Came past here the other day while some work was being done on the island. The entire area around the GZ has been torn-up and it seems likely that the cache has been muggled and that
the area might no-longer be suitable for a cache. :-(
Summary: if an idealised weight slides into another, bouncing it off a wall then back into itself, how many times will the two collide? If the two weights are the same then the answer
is 3: the first collision imparts all of the force of the first into the second, the second collision is the second bouncing off the wall, and the third imparts the force from the
second back into the first. If the second weight weighs ten times as much as the first, the answer turns out to be 31. One hundred times as much, and there are 314 bounces. One thousand
times, and there are 3,141. Ten thousand times, and there are 31,415… spot the pattern? The number of bounces are the digits of pi.
Why? This is mindblowing. And this video doesn’t answer the question (completely): it only poses it. But I’ll be looking forward to the next episode’s explanation…
Brian and Nick are back for the first time in, like, forever. Do you remember what happened before this? It was The Faux
Pas, two years ago. And before that? And before that? And before that? The short of it is that it’s been a long time since your mom’s butthole was just fine.
It’s my birthday on YYYY-01-08 (Birthday geohash achievement, here I
come!), and even though I have to go into work (boo!), I note that my graticule’s geohashpoint falls only about a kilometre and a half of a diversion from my usual cycle route to work.
The A4260 and A34 are basically a deathtrap for cyclists, so depending on conditions and traffic I’ll probably divert via the Oxford Canal towpath from Kidlington to Peartree, park up
near Peartree Services, and then finish on foot. And then go to work, I guess.
Expedition
Success! A relatively easy (but sometimes scary: the traffic’s a bit nuts on some of the major roads that provided the shortest route) journey to the hashpoint area, followed by a
slightly-scary crossing of the road to the hashpoint, which turned out to be right by the crash barriers at the central reservation. The crash barriers provided a great place to tie a
“The Internet Was Here” sign.
On my way away from the hashpoint, at 09:19, I hid a geocache: (“2019-01-08 51 -1, 09:19”, OK049E, GC827X6). The geocache is of the “puzzle” variety – the person looking for it is likely to discover geohashing (if they haven’t already) as part of their research into
the secret location of the cache.
There’s lots of ugliness in the world right now, so I think it’s important to share these photos of what happened when my friend Marvin called me & said: “I’m getting married &
we can only invite 100 people. You didn’t make the cut. But you can come if you come as a drunk clown.”
(1) There’s not a lot of story to tell, but for anyone who wants some DRUNK CLOWN AT THE WEDDING backstory:
Marvin had a vision of a drunk clown crashing his wedding. It’s all he ever wanted. Laura was on board. That’s the kind of perfect-for-each-other weirdos they are.
(2) I arrived in a regular suit. I had the clown outfit, face paint, shavingg stuff (I had a full beard & needed to shave for the make-up) and
two 40oz’s (Marvin asked for a drunk clown, so I was giving him a D*R*U*N*K clown) in a bag I hid in a bathroom next to the ceremony.
(3) I only knew a handful of people at the wedding. Didn’t know Marvin or Laura’s families. More importantly, they didn’t know me. Which made
me the perfect surprise drunk clown.
(4) I didn’t want them to recognize me when I showed up as a clown — the idea was to make it feel like an actual drunk clown had crashed the
festivities — so I didn’t mingle much.
(5) As soon as the ceremony was over, people were directed to another area for a wine reception. I slipped away to the bathroom with @AimieRocks, who was helping with my make-up. I shaved off the beard, did my face, got into the clown suit, and
pounded one of the 40oz’s.
Total lightweight here. I was hammered pretty quickly. I’m a method actor, so I drank half the other 40oz too. Then I stumbled over to the wine reception.
(7) I barged in, marched over to Laura’s mom, grabbed her wine, downed it, then handed the empty glass back to her. CONFUSION. MILD CHAOS.
WHO IS THIS DRUNK CLOWN?
(8) I accidentally shattered a few wine glasses, but I gotta say I brought a real JOVIAL DRUNK CLOWN vibe to the whole affair, so people
embraced me pretty quickly, even though I kept drinking their wine.
(9) Except for Laura’s dad, who called for security to escort me out. She had to tell him that I was AN OFFICIAL MEMBER OF THE WEDDING PARTY.
Best Man ☑️
Maid of Honor ☑️
Drunk Clown ☑️
(10) At some point, we must have gone into the vineyard to take those photos in the original tweet up above, but honestly I was so drunk that
I don’t remember taking them.
Anyway, I told you there wasn’t much backstory. It was an awesome wedding. <end>
ADDENDUM: just found this photo & it made me laugh. This is after security was called off, after everyone found out I wasn’t a DRUNK CLOWN STRANGER but a DRUNK CLOWN FRIEND. And
everyone’s just…so…completely…CHILL. Just like, “whatevs,” as I drink more.
(12) OMG okay so I guess I have to make a SECOND ADDENDUM because @AimieRocks just emailed me some more photos from the wedding. Adding them to this thread…
(13) What I wore to the wedding ceremony. (That’s not my hat, that’s @AimieRocks‘s hat, I’m *not* a hat person but wearing it made me feel like Diane Keaton.) Posting these photos so you can see the beard I
had before my clown transformation. I shaved that thing off SO QUICKLY.
(14) DRUNK WEDDING CLOWN, A PORTRAIT. I hate beer so much, but I had to get in character and I feel like drunk wedding clowns drink beer???
I’ve barely had any of the beer and already a little drunk in this photo. We didn’t leave the bathroom until after I finished that bottle.
(15) Last three photos. I love how Laura’s pretending not to know me in that first one. The kissing photo is with another good college friend,
Michal. I have no idea who I’m talking to in that third photo. <end addendum> xx
Marvin just joined twitter to tell me that’s his mom I’m hugging in the third photo in this tweet. I’M SORRY, MARVIN. But welcome to twitter. xo
(17) ADDENDUM #3: @MarvinSolomon8 just texted me the name of their
wedding photographer. Shoutout to SAMUEL POTTER PHOTOGRAPHY in Paso Robles. Here’s his website:
He took the three vineyard photos & obviously has a great eye. THANK YOU SAMUEL POTTER.
I was at a party this afternoon and an old friend introduced me to his wife, then told her: “honey, this is the drunk clown I told you about.”
Someone messaged me asking if they could interview me about the drunk clown stuff for a TV show & we’re about to skype. I texted my mom and asked “how do I look?” This is her
reply. WHAT DOES THIS EVEN MEAN??? IS THAT A GOOD THING OR A BAD THING??? WHAT ARE YOU TELLING ME, MOM???
My grandma’s been in the hospital with bad shingles & infection. It’s been a scary, stressful week, & she’s been in bad pain. But she’s getting A LOT better. And thankfully she
just got moved to rehab facility.
My mom just texted me this photo she took of grandma’s new room.
A friend just texted that he’s showing these drunk wedding clown photos to his family tomorrow and I hope it brings them all closer together.
Dropped by to perform routine maintenance to discover that this cache has been partially muggled: the lifting mechanism has been cut and the pencils have been removed. However the cache
itself is otherwise functional. As a stop-gap the cache is temporarily hidden BEHIND the tree (rather the hoisted up it); I’ll look into a proper fix as soon as I’m able.
Dropped by to perform routine maintenance to discover that this cache has been partially muggled: the lifting mechanism has been cut and the pencils have been removed. However the cache
itself is otherwise functional. As a stop-gap the cache is temporarily hidden BEHIND the tree (rather the hoisted up it); I’ll look into a proper fix as soon as I’m able.
(1) There’s not a lot of story to tell, but for anyone who wants some DRUNK CLOWN AT THE WEDDING backstory:
(2) I arrived in a regular suit. I had the clown outfit, face paint, shavingg stuff (I had a full beard & needed to shave for the make-up) and two 40oz’s (Marvin asked for a drunk clown, so I was giving him a D*R*U*N*K clown) in a bag I hid in a bathroom next to the ceremony.
(3) I only knew a handful of people at the wedding. Didn’t know Marvin or Laura’s families. More importantly, they didn’t know me. Which made me the perfect surprise drunk clown.
(4) I didn’t want them to recognize me when I showed up as a clown — the idea was to make it feel like an actual drunk clown had crashed the festivities — so I didn’t mingle much.
(5) As soon as the ceremony was over, people were directed to another area for a wine reception. I slipped away to the bathroom with @AimieRocks, who was helping with my make-up. I shaved off the beard, did my face, got into the clown suit, and pounded one of the 40oz’s.
Total lightweight here. I was hammered pretty quickly. I’m a method actor, so I drank half the other 40oz too. Then I stumbled over to the wine reception.
(7) I barged in, marched over to Laura’s mom, grabbed her wine, downed it, then handed the empty glass back to her. CONFUSION. MILD CHAOS.
(8) I accidentally shattered a few wine glasses, but I gotta say I brought a real JOVIAL DRUNK CLOWN vibe to the whole affair, so people embraced me pretty quickly, even though I kept drinking their wine.(9) Except for Laura’s dad, who called for security to escort me out. She had to tell him that I was AN OFFICIAL MEMBER OF THE WEDDING PARTY.
(12) OMG okay so I guess I have to make a SECOND ADDENDUM because @AimieRocks just emailed me some more photos from the wedding. Adding them to this thread…(13) What I wore to the wedding ceremony. (That’s not my hat, that’s @AimieRocks‘s hat, I’m *not* a hat person but wearing it made me feel like Diane Keaton.) Posting these photos so you can see the beard I had before my clown transformation. I shaved that thing off SO QUICKLY.
(14) DRUNK WEDDING CLOWN, A PORTRAIT. I hate beer so much, but I had to get in character and I feel like drunk wedding clowns drink beer??? I’ve barely had any of the beer and already a little drunk in this photo. We didn’t leave the bathroom until after I finished that bottle.
(15) Last three photos. I love how Laura’s pretending not to know me in that first one. The kissing photo is with another good college friend, Michal. I have no idea who I’m talking to in that third photo. <end addendum> xx
Marvin just joined twitter to tell me that’s his mom I’m hugging in the third photo in this tweet. I’M SORRY, MARVIN. But welcome to twitter. xo
My grandma’s been in the hospital with bad shingles & infection. It’s been a scary, stressful week, & she’s been in bad pain. But she’s getting A LOT better. And thankfully she just got moved to rehab facility.
A friend just texted that he’s showing these drunk wedding clown photos to his family tomorrow and I hope it brings them all closer together.
