General

Humanity in Times of Scarcity

NOTE: I wrote this essay in the Fall of 2019 with no intentions to publish it. The recent weeks made me think it was worth posting — though it is not entirely in line with this site’s subject matter.

 

Humanity in Times of Scarcity

I sit, sniffing the wafting scent of freshly-ground coffee while the baristas tend to the growing line of impatient commuters. They shift their weight from side to side. Some check their watches or phones, and the gentle bustle of a weekday morning grows into a hurried frenzy. It’s the eight-o-clock rush.

The lady at the till quietly states her order and reaches for her wallet. A ten-dollar bill escapes her purse and flutters to the dark tile floor. The man behind her picks up the unnoticed loss and politely returns it to her. They smile and she thanks him. With coffee in hand she makes for the door and another customer, who is just about to enter, holds the door for her while she makes her exit.

I watch the interaction take place and start pondering — the kind of pondering in search of underlying causes and hidden meanings. The kind of pondering a hapless writer uses as procrastination fodder.

It wasn’t chivalry that drove the customer to hold the door. Nor was it some extreme sense of justice and law-and-order that compelled the man to return the errant ten. It was simply a good thing to do. They were able to project themselves into the lady’s situation. They had empathy. Civility.

By its definition empathy is an act of thinking of others — to place one’s self in another’s shoes and see through their eyes. It is a trait without which we humans are reduced to the mad, cold calculus of life. Robots. We lose our humanity. A community ceases to exist without empathy because “why would one put time and effort to improve the well-being of others with little return on investment?” “Why would I plant a tree that I may never be able to enjoy the shade of?” “Why would I help build a bridge over a river when I own a boat?” “Why would I help build institutions that I have no intention or need of using?”

The inverse of empathy is selfishness and narcissism.

Continue reading

Standard
General, General Science, Robotics, Technical

Underwater ROV Project (Part 1)

Introduction

As as the tides ebb and flow so do my posts.

For the last 6 months I have been designing, sourcing parts for, and building an underwater “Remotely Operated Vehicle” (ROV). It started from a simple thought, “what should I do with my Raspberry Pi zero?” and turned into a multi-month, $400 expenditure that has taught me much about electronics and various kinds of fabrication.

Why an underwater ROV? Well, I live near the Pacific Ocean and spent 2 years writing control software for a competitive Autonomous Underwater Vehicle (AUV) team. Where an ROV needs a human controller (usually through a joystick) an AUV is fully autonomous and has no line going to shore or to a ship. It makes decisions “by itself”.

The ROV I am currently building has AUV capabilities but I have not written the software for it just yet. I plan to in the future.

I plan to chronicle my ROV’s construction and this is the first of a 2-part series on it.

Continue reading

Standard
General, Security, Privacy, Uncategorized

But…Shouldn’t Security Be Our Number 1 Priority?

Six executives fill the boardroom chairs and you seem to have chosen the only chair that lets loose a metallic shriek upon any movement. Ugh. But there is work to do. You are all here to solve a problem. A big problem. One of your organization’s IT solutions desperately needs replacement and you are here to provide a “security lens” on the discussions about to be had.

Things start out well enough. They go over the list of features that are required in the replacement product: what are deal-breakers? what could be left behind if required? pay tiers? support models? deployment plans and timelines? Things like that. The requirements are high level and you spend your time listening to the discussion but not really participating. Then the discussion turns towards compliance and security. Your ears perk up.

They start asking your type of questions: “What type of information do we need to store and how are we going to protect it?”, and the like — in not-so-many-words but you pick up the subtext. “Do we need to think about compliance?”
All eyes turn to you.

Continue reading

Standard
Programming, Security, Privacy, Technical

A Study in Password Generation and Validation

For those who would rather just read the code: https://github.com/calebshortt/pwanalysis

[Updated  April 16, 2019] I have included further results in an update at the bottom of this post.

 

Introduction

A study.

On many a dreary evening, once the sun sets beyond the Pacific and leaves only the gold and pink flakes of cloud and sky, I take to my studies — in the literal sense. On my desktop I maintain a growing number of “Studies” that pique my interest and encourage further research. When time permits I dive into one and if such a study bears fruit it will find its way upon these pages.

This study continues my obsession with passwords.

Firstly, I must ask you a question: Have you ever read through a password dump?

I do not mean to ask if you perused the listing then used it in some attack, but did you truly “digest” the list of passwords one by one? Did you consider their meaning or guess on the context in which they were conjured within the mind of one unsuspecting human and in which immensely intimate feelings and thoughts often manifest themselves? For who chooses a password with the thought that this very string of characters, words, symbols, and what-have-you would one day be revealed in its entirety to the world?

“*Gasp!* Plaintext?”, you balk, “But this is 2019!”. Perhaps you should ask Facebook what year it is.

I have found that passwords often reveal much more about an individual than the crude challenge-answer mechanisms utilized for authentication. If a user’s digital identity (i.e. username, etc.) is their public-facing persona then their password is often their private form. It was through my inspection of these password lists that I encountered three thoughts:

  • “Password language” is a language all it’s own and it DOES have loosely established, unspoken, syntax rules.
  • The frequency distribution of characters in passwords could be quite different to a spoken language frequency distribution.
  • The relationship between the personality of a user and their password is non-random (sounds obvious)

Continue reading

Standard
Programming, Security, Privacy, Technical

ShillBot: A Study in Identifying Reddit Trolls Through Machine Learning

For those who would rather just read the code: https://github.com/calebshortt/shillbot

 

Introduction

We’ve all been there. You’re browsing Reddit and see a post that you’re passionate about. You click the comment box and reach for the keyboard — but hesitate. Reddit’s reputation precedes it. You type anyways and punch out your thoughts. Submit.

*Bliip*

A comment already? You click the icon and read the most disproportionately-voracious response to a comment about cats you have ever seen. What a jerk! But you’re not going to play that game, and view the author’s previous posts and comments. Through your review a trend of tactless comments and inflationary responses bubbles to the surface. They’re a troll. You promptly ignore the comment.

Continue reading

Standard
General, Security, Privacy, Technical

A Hacker’s View of Passwords

Passwords You Say?

Passwords. The bastion of authentication. Defenders of data. Bane of those shadowy figures wearing hoods and ski masks in darkened basements whilst attacking your servers. Passwords protect your secrets, but how effective are they really?

Plenty of articles have been written on the short-comings of passwords — mainly around complexity, reuse, expiry, and how these additional “controls” may not truly solve the problems inherent to passwords. I will touch on these, but in the spirit of education I felt a duty to provide context and to answer the inevitable question one hears when they enact some new policy or control in the security world: “Why?”

I will start by saying that, in my humble opinion, passwords are here to stay — in one form or another. “What about biometrics?” you may ask — to which I will reply with another question: “What happens when your fingerprint is stolen?”. You can easily change a password. You can’t (easily) change your fingerprints. What about the tokens used in two-factor authentication? Couldn’t we simply just use those instead? Yes we could, but they can be lost or stolen, and can be expensive relative to a password. Economically speaking, we would have to see executives, as a whole, start taking security a lot more seriously if that is to happen.

So, for now, let us say that passwords will be with us for the foreseeable future. Maybe I’m wrong and some new technology will supplant passwords as the de facto standard — but for now they are here and we have to deal with them.

Now, Let us take a look at the current “state of the art” of passwords.

Continue reading

Standard
Programming, Security, Privacy, Technical

A Study in IDN Homograph Attack Detection

A Brief Introduction…

How well do you scrutinize the URLs that you click in a browser? Are you the wild type who click links before you read them? Or perhaps you are the cautious type — One of the careful number who hover over the link (without clicking), check the address that appears in the browser bar, and that it has a valid certificate (which might not mean so much as people think).

Let’s say that you are trying to get to ‘facebook.com’. You see a link and hover over it. The URL that appears in the browser bar says ‘facebook.com’. You click the link, but it takes you to a phishing site.

What happened? You checked the link. It said it was ‘facebook.com’!

Continue reading

Standard