micro, privacy, blogroll

Geoff Manaugh discusses the deception and misdirection of robot vision.

Starting with the recent Tesla crash caused by the car’s inability to discern the tractor against the bright sky, Geoff discusses how the spread of robots may force us to rebuild our environment – either to support their perceptual systems or hinder them. It’s an interesting idea to ponder, particularly within the context of the rise of drones. Readers of Daniel Suarez can sleep easier at night knowing that razorbacks can probably be defeated with a few mirrors and rubber.

One possible line of defense—among many, of course—would be to redesign your city, even down to the interior of your own home, such that machine vision is constantly confused there. You thus rebuild the world using light-absorbing fabrics and reflective ornament, installing projections and mirrors, screens and smoke. Or “stealth objects” and radar-baffling architectural geometries. A military robot wheeling its way into your home thus simply gets lost there, stuck in a labyrinth of perceptual convolution and reflection-implied rooms that don’t exist.

telephone, osint

Breaking News

In the past I’ve struggled to find a way to be alerted to breaking news, were “breaking news” is defined as things that matter1.

For some time, Scanner Radio Pro was my preferred solution. The Android application uses Broadcastify to stream feeds of police and EMS radio (among other sources). While a police scanner is always a good thing to have, the application is relevant here because of its notification support. It will push notifications when a channel has a certain number of users listening to it. The application default threshold is 3500 listeners for all channels, but it also allows you to configure per-channel thresholds. I set the threshold to 200 listeners for San Francisco police and EMS channels. I also have the threshold set to 200 for any station within 50 miles of my current location. Those two are redundant when I’m in San Francisco, but it means that if I’m travelling I’ll receive alerts for wherever I am, and I’ll be able to stay up to date on what’s happening back in the city.

The alerts simply tell me that a large number of people are listening to a certain channel, which indicates that something is probably going on in that location. It doesn’t tell me what is happening, but prompts me to figure that out for myself. When the shooting started in Dallas a couple weeks ago, I was alerted immediately that something was happening due to the unusually high number of people listening to the Dallas PD channel. When I saw that, I performed a quick search for Dallas news and discovered the reason.

I’ve had good success with these alerts. It has worked well for shootings like in Dallas. The alerts kept me informed of disruptions in the area this past winter when the Super Bowl was in town. Unfortunately, most of the Broadcastify feeds and listeners are US-focused, so it tends not to help with events outside of the country. There were no alerts for the attack in Nice, France.

More recently I’ve begun supplementing Scanner Radio Pro with the conveniently named Breaking News. They are basically a modern wire service, collating data from traditional news sources, social media channels like Twitter, and direct user submissions. Human editors manage the service, which does seem to take care of some of the cruft. Events are grouped into topics, and topics can be muted or subscribed to. Their mobile application supports push notifications for global major stories, as well as stories based on geographic proximity to the device’s current location.

I’ve noticed that the application does have an impact on my battery (even with the “battery saver” option enabled), but I think it’s worth it for the service provided. They provide alerts for a wider breadth of topics than the police scanner, and provide immediate context for the alert. If they provide an alert for an event that I don’t care about, I can mute the topic and never hear about it again. It’s rare that I need to do this, as they seem judicious in their use of push notifications.

Scanner Radio Pro and the Breaking News application live on the home screen of my phone in a directory labelled “Intelligence”. Along with applications like Flightradar24 and Marine Traffic (like Flightradar24 but for boats), they help provide context for and build awareness of the world around me.

Notes

  1. Not celebrities. Not sports.
books, micro

Currently reading Musashi by Eiji Yoshikawa.

The book presents a fictionalized portrait of the life of Miyamoto Musashi. It is an epic novel, exploring the development of many of the concepts and themes which Musashi codified at the end of his life in The Book of Five Rings.

Musashi Miyamoto with two Bokken

micro, defense

I don't always do jits.

But when I do, I shank the other guy first. Spending the weekend with Cecil for IAJJ.

Train

crypto, privacy

Cryptographic Identity

Despite its shortcomings, I think PGP is still one of the better ways to verify a person’s identity. Because of this – and because I use my PGP key daily1 – I make an effort to properly secure my private key. Verifying a PGP key is a fairly straightforward process for fellow PGP users, and my hope is that anyone who does verify my key can maintain a high confidence in its signature.

However, I also use other cryptographic channels to communicate – XMPP/OTR and Signal chief among them. I consider these keys more transient than PGP. The OTR keys on my computer are backed up because it takes no effort to do so, but I have no qualms about creating new ones if I feel like it. I don’t bother to port the same keys to other devices, like my phone. My Signal key is guaranteed to change anytime I rebuild or replace my phone. Given the nature of these keys and how I handle them, I don’t expect others to put the same amount of effort into verifying their fingerprints.

The solution to this is to maintain a simple text file, signed via PGP, containing the fingerprints of my other keys. With a copy of the file and a trusted copy of my public PGP key, anyone can verify my identity on other networks or communication channels. If a key is replaced, I simply add the new fingerprint to the file, sign it and distribute. Contacts download the file, check its signature, and thus easily trust the new fingerprint without additional rigmarole.

The first examples of this that I saw were from Yan and Tom Lowenthal. I thought it seemed like a great idea and began to maintain a file with a list of examples whenever I stumbled across then, with a note that I should do that someday2.

Today I decided to stop procrastinating on this and create my own identity file. It is located at pig-monkey.com/id.txt. The file, along with the rest of this website, is in git so that changes to it may be tracked over time.

Inspired by some of the examples I had collected, I added a couple pieces of related information to the file. The section on PGP key signing should provide others some context for what it means when they see my signature on a different key. Even if no one cares, I found it useful to enunciate the policy simply to clear up my own thinking about what the different certification levels should mean. Finally, the section on key management gives others a rough idea about how I manage my key, which should help them to maintain their confidence in it. If I verify that someone’s identity and fingerprint match their key, I will have high confidence in its signature initially. But if I know that the person keeps their secret key on their daily driver machine without any additional effort to protect it, my confidence in it will degrade over time. Less so if I know that they take great care and handling in their key’s protection.

A file like this should also provide a good mechanism for creating a transition and revocation statement for my PGP key, should the need arise. One hopes that it does not.

Notes

  1. Realistically, I use PGP multiple times per hour when I'm on my computer.
  2. Since I began my list, Keybase has become a thing. It addresses a similar problem, although seems to promote using services like Twitter as the root of trust. Assuming that you want to stubbornly stick with a PGP key as the root of trust, I don't see the advantage of using Keybase for this problem, except that it offers a centralized lookup repository.
micro, privacy, finance

Lately I've had trouble finding prepaid debit cards in denominations greater than $50.

It’s 2016, and stuffing cash in an envelope and mailing it to a small island nation is sometimes still the best way to move money with some degree of privacy.

This is not the cyberpunk dystopia I was promised.

micro, linux, hardware

I treat myself to a new laptop every three or four years.

A few weeks ago I bought a Lenovo Thinkpad X260, replacing the T430s that has been my daily driver since 2012. I’m a big fan of the simplicity, ruggedness and modularity of Thinkpads. It used to be that one of the only downsides to Thinkpads were the terrible screens, but that has been addressed by the X260’s FHD display. The high resolution let me move from the 14” display of the T430s to the 12.5” display of the X260 without feeling like I’ve lost anything, but with an obvious gain in portability. The X260 is a great machine to put Linux on, which Spark helps me to do with no effort and a minimum expenditure of time.

Thinkpad X260

survival, edc

A Bug Out Stuff Sack

I have a pretty thorough setup with my every day carry. Between the level 1 items on my body and the level 2 items in my pack, I have all the tools that I think I may need. This limits the need for a bug out bag in my environment. Were I packing a bag to support running away from a disaster, it would largely duplicate what I carry every day. The difference is in shelter. Specifically, clothing.

Bug Out Stuff Sack

For the past few years, I’ve kept a bug out stuff sack instead of a bug out bag. The stuff sack contains clothes, which gives me what I need to leave in a hurry regardless of what I’m currently wearing. I keep a pair of merino wool boxer briefs, merino wool long underwear, a lightweight merino wool long sleeve shirt, quick-drying nylon pants, a Buff, merino wool and nylon blend socks, and a cotton bandana. The two non-clothing items in the stuff sack are a Tru-Nord compass and a silk escape map.

The map is from SplashMaps in the UK. It is a print of the OpenStreetMap for the San Francisco bay area at 1:40000 scale.

Conspicuously absent from the contents of the stuff sack is any sort of foul-weather gear. I don’t venture outside without a hardshell jacket in my pack, even here in drought-stricken California. I also generally will have some sort of insulating layer already in my pack, making that an uncessary addition to the stuff sack.

The stuff sack I went with is a Sea To Summit 8L Big River. This is a much heavier stuff sack than any of those I use backpacking. When I was deciding on the stuff sack for this project, I knew I wanted something that I would be comfortable running outside of a pack. The 420 denier nylon on the Big River is more abrasion resistant than any of my cuben or sil-nylon stuff sacks, and the Big River also includes Hypalon lash points on either side of the bag to assist when securing it. When I’m carrying a larger pack, like the FAST Pack EDC, these points are moot since I can just toss the stuff sack into the pack on the way out the door. However, if I’m using something smaller, like the FAST Pack Litespeed, the pack may already be close to full. With the Big River I’m able to quickly and easily lash the stuff sack to the bottom of the pack, without taking time rearranging the inside of the pack in an attempt to make more room.

Bug Out Stuff Sack

The stuff sack hangs on a hook on my wall, immediately next to the door. My pack and footwear stay underneath on the floor when I’m home. Keeping these items in the same spot means that I can grab them and be out the door in a short count of seconds. Also hanging in this area are my gloves and helmet, which are necessary when leaving on a bike (certainly the best bug out vehicle for a city). I also leave a hat, insulating jacket, and rain jacket hanging in this area. These items should already be in my pack, but leaving duplicates here allows me to easily grab them on my way out if needed. The last item in this area, hanging on the same hook as the stuff sack, is a small bag with documents that I may want when leaving in a hurry.

I keep a stuff sack at my desk at work with all the same things in it. Since I only have one of the silk maps from SplashMaps, the stuff sack at work instead has a few USGS quads of the area printed on glow in the dark onion skin paper. I buy these from zdw on eBay.