Encryption, backdoors and spies, oh my!

Since the Paris terrorist attack and then the San Bernardino shootings (which now are confirmed to be an internationally inspired terrorist attack by a US lifetime resident and citizen) there has been much discussion among talking heads on screen and in print about needing to be able to eavesdrop on all communications. Many pundits, candidates, and congressmen have jumped all over this bandwagon, calling for more surveillance and calling for means to access any encrypted communication. Many of these same advocates for eavesdropping are ardent supporters of the 2nd Amendment, but forget about the rights for the people to communicate, assemble, and be protected from unreasonable searches and seizures (1st and 4th Amendments). However, putting aside the legal issues and politics that are wrapped up in the issue, this is technically a very bad idea.

First, let’s consider encryption alone, without considering some sort of backdoor or key escrow. Encrypted communication has been with us as long as there has been writing, and really, it’s been with us as long as there has been spoken language. Fundamentally, it’s communication that can’t be deciphered due to some sort of obfuscation. This can manifest itself as something intelligible only to the communicating parties such as a jumble of letters or symbols, or some common words (spoken or written) to which is ascribed a common, secret meaning known only to the communicating parties. The common thread here is that there is some shared knowledge that can be used by the communicating parties to extract the hidden meaning, either a shared secret or knowledge of the location of a message. Cryptography is an old art, dating back several thousand years (see also this article for more history). There are a myriad of non-digital ways to hide information, and a quick overview of the Wikipedia article on Steganography can be quite illuminating to the uninitiated, although computers have opened up many new avenues for the practices. Classic encryption took the form of a shared secret (a word, phrase, words on pages of a book, etc.) that could be used to encrypt and decrypt the coded message. Innovative ways of doing this, and in particular changing the shared key, made such messages very secure. In the digital world, this is called symmetric key cryptography.

Widespread use of computers has created many types of communications where information needs to be shared, but also protected, and this brought about the rise of public key cryptography (a pair of algorithmically related keys) and digital signatures as a means of solving the shared secret conundrum. A fundamental point that you should take away, however, is that in the digital world, encryption, whether with a shared secret or a public keys, it boils down to algorithms implemented in computer code. This is embedded in tools you use every day on your computer. Whenever you see a “lock” or other security symbol in the URL display of your browser, you are seeing the results of these algorithms implementing public key encryption. There are many algorithms for cryptography throughout cyberspace that are in the public domain and can be used by anyone. A quick trip to Google will show you this. Likewise, many derivative works exist that are not cataloged. Herein lies the first lesson. The US does not “own” cryptography, or algorithms, and there are many freely available algorithms and code implementations of those algorithms that are beyond the reach of US laws. Efforts to constrain or to weaken encryption will not affect those who want to hide their communications. Just as toolkits are available for the propagation of computer malware (another interesting story!), toolkits for encryption are available and will remain available regardless of legislation. To paraphrase a saying of supporters of 2nd Amendment rights, “when encryption is outlawed, only outlaws will have encryption.”

We have seen this week a revelation that Juniper Networks found at least one “backdoor” in their router/firewall operating system, that had been there since at least 2012. What was the source of this intrusion? Probably nation-state hackers. Who?  Good question. Why? Putting such code in network appliances gives, as the article says, the ability for the owner of the exploit to access resources behind the firewall, the ultimate target. So, how are these thoughts connected? If there is a backdoor in a network appliance, it can allow someone to bypass controls. The fact that this exploit went unnoticed for years speaks to the difficulty of checking for such intrusions. Likewise, if there was a backdoor engineered into an encryption system, as is promulgated on various fronts today, it would be vulnerable to misuse and unauthorized access.  This would impact the security and privacy of legitimate users who are using the encryption system. Would it improve security? I think not, as those who are really concerned about eavesdropping on their conversations will take additional measures, such as using internationally sourced tools (or tools written by a trusted colleague), or by simply obfuscating the messages that are carried by the communication system.  We have a backdoor to access the communications path, but we can’t see anything (at least prospectively) other than innocuous communication (remember steganography?). The value of a backdoor in encryption systems in preventing terrorist attacks is thus minimal, and the breakdown in the privacy of communications for others is significant.

Conversely, focusing not on the content, but rather the patterns of communication (the so-called metadata) or observing other external phenomena does have value. If someone is communicating with known terrorists or in places frequented by such individuals, that can and should raise a red flag. Then, traditional methods of surveillance can then be employed, including bypassing the encryption challenge by placing “taps” (malware) on a suspect’s devices and thus viewing the decrypted messages. That still leaves the challenge of obfuscated messages, but it is more useful. Much can be learned by observations of patterns and metadata. A classic example is determining the likelihood of imminent military action by observing the number of evening pizza deliveries to the Pentagon.

In summary, encryption has been with us since the beginning of communication. Computers are tools used in encrypting messages, but have not changed the fact that those planning activities where they want secret communications have many channels available to them. Sophisticated actors will layer protections on their communications, and simple backdoors to our personal devices or encryption tools will not pierce that veil. If backdoors are in place, we run the very significant risk that those backdoors will be used by actors other than the intended “official” users, and we have thus compromised the security of all and gained little or none in return.


Watch OS 2 fixes fixes my wrist detection error

I’ve been a happy Apple Watch user since I got mine on June 1st. While there were limitations in the apps, the promise of exciting functionality was there. It quickly became indispensable. I found texting to be a killer app, and I used the fitness tracker daily. I found a tide table app that’s perfect for helping with coastal fishing and boating. However, three weeks ago, the wrist detection process stopped working. I tried all the  “home remedies” I could Google up, to no avail. I wiped and reloaded, I stood on my head while putting it on my wrist–not really, but you get the idea. I had to turn off wrist detection as one thing it did was stop workout tracking when it locked after 15 seconds. Turning off wrist detection also turned off Apple Pay (not that I’ve used it more than twice, to buy coffee at McDonald’s). I thought about sending it in for replacement (the hive mind was split between software errors and sensor errors) but decided to wait for the OS 2 update, betting that it was a software error (or a deep config setting that the wipe did not update). So, after a nearly 2 week delay in the release of the OS, it was available today, and I’m pleased to say wrist detection is working perfectly again.

Now I’m looking forward to OS 2 apps!

More adventures with Nest products

I wrote here in July that I’d installed a Nest Protect and was very pleased with it, and ordered another. The second one works just fine, and replaced the other legacy detector in the house, but I did have some configuration problems getting it to work.  I could not get the second one to talk to the first. This gave me an opportunity to contact the excellent (English speaking!) tech support group at Nest. I got a quick and comprehensive answer to my problem (essentially, I had to do a “reset” on the second Protect to cleanly restart the configuration process). The two systems are communicating fine, and both are working as designed.  The downstairs unit continues to carry the load, as its location next to the kitchen means that it picks up smoke from broiling and frying.  We continue to appreciate the polite “heads up” feature. I also like the “path light” feature; we use it differently on the two systems, with it set as an “always on” nightlight upstairs, but only as a “walk by” feature on the downstairs unit.

nest thermostat

Today, I added in a Nest Thermostat to the mix.  Installation was simple (I did check the configuration before I ordered the unit). Configuration took 15-20 minutes as you connect it to the network, it downloads a couple of software updates, and then go thru system configuration and testing. The house has three HVAC systems, and the one I replaced was the only unit without a digital thermostat. I could have gotten a digital thermostat for much less, and a programmable one for perhaps half the cost of the Nest.  However, my experiences with programmable thermostats are that most of the time they don’t get programmed, and the idea of the “self programming” Nest is intriguing.  How well will it work with other units controlled by dumb thermostats?  Is it going to be worth replacing one or more of the others? I don’t know, but it was a good place to start. The room that it’s in is the main room in the house, and it’s challenging from a thermal perspective. It has large windows facing due west, and it picks up a lot of solar gain.  Good in the winter, less so in the cooling season. So, this will be a continuing saga. Stay tuned!

Continuing reflections on TV cord-cutting

Its been a week since I put up a TV antennae at the beach house and dropped the Time Warner Cable subscription back to Internet only. Faithful readers of this blog know that it’s now been 4 years (July 2011) since I put up an antennae on the Chapel Hill house and dropped Uverse. I used the same configuration at Emerald Isle as in Chapel Hill – a ChannelMaster 4228HD antennae and a ChannelMaster 7777 preamp. This has been a while in coming, but with TWC raising rates once again, it was time to jump. We’d been paying $105 for non-digital cable and standard 15×1 Internet. TWC said the new rate would be $130, and would require a digital converter on each set. Enough! Internet only is $45 plus tax, so say $50. That’s $80/mo, or nearly $1000/yr for basic cable. Do we watch that much? Nope.

In fairness, we do pay for multiple streaming services, but we can use those in Chapel Hill or EI. Since we were already paying for these, it’s moot. We subscribe to Netflix, HBO NOW (for Game of Thrones), SlingTV (for ESPN). These are about $45/mo. We have a TiVo in Chapel Hill for $15/mo, so that’s $60 total, but it’s flexible and portable.

Putting up the antennae/amp is about $200, plus cabling, which can be done for under $50. At $80 /mo savings, that’s a 3 month payback.

Technically it’s easy, and you can feed all the TVs in your house using the old splitter in the TWC box on your house. If you have only one TV, an internal antennae for $50 can work, but for several sets, you need to feed the distribution system.

For reception, at EI, I’m picking up stations 50-70 miles away with clarity. WITN, WNCT, WCTI, WUNK and others.

So, if cable is getting you down, there’s an alternative!

Technology meets the smoke detector

We needed a new smoke detector. I was tired of having to unplug the current one every time we fried fish 😉 so I thought I’d shop around some and see what features are there. I also wanted to see how these “connected” detectors worked so that you could get an alert if not home. Kidde has an interesting device that listens for the sound of standard detectors and then can communicate with you remotely. I then looked at the Nest Protect (2nd generation, and now $30 cheaper than before they had to disable the “Nest Wave”), and it had some nice features and was the same price as the Kidde device. One appealing feature was that in addition to remote notification, it had the “I’m going to alarm, is this really a problem?” mode (they call it the burned popcorn feature). Also sounded like “frying fish” mode!

So, I ordered a Nest Protect (wired) and set it up. Then cooked Cajun Mackerel, yummy! Sure enough, while cooking the 2nd filet (the stove is less than 10 feet from the detector), the Nest Protect says in a nice voice, “I’m going to alarm, and it will be loud. Do you want to silence?” I did, and it quieted down. It keeps a log of events, it tests itself, it interfaces with and alerts your phone, it can be a nightlight, and it’s very friendly. If there is more than one on your network, it tells you the location of the problem in clear language, with all broadcasting (so say the docs). OK, sure, it generates data and sends it to the mothership to make the magic happen. But if I want the conveniences of technology that’s a price I pay.

I like it so much I ordered a second one to replace the other detector in the house. I’ll follow up with more info as I get the next one online.

Reflections on the Apple Watch

Much ink (metaphorical and physical) has been spilled with regards to Apple’s first wearable device. I won’t attempt to write a comprehensive article, as those are best found in the various trade journals where folks are focused on such endeavors. My contribution here is just my “n=1” sample of myself.

I ordered my Watch (the 42mm Sport model with a black band) on April 10th, so where around mid-morning. Since orders went live at 3am EDT, I knew I’d be well back in the queue, and sure enough, my ship date said “June.” That was OK, though, as I was inspecting my eyelids at 3am and didn’t want to try to get in the first tranche of shipments. I was thrilled, then, to get the notice on May 29th that my Watch was on the move! I got one of the most interesting UPS tracking displays I’d ever seen, as I watched it move from China to the US on its way to Chapel Hill.

It arrived around mid-day on Monday June 1st, and I was eager to give it a try. Alas I had meetings for most of the afternoon. I did carve out a few minutes to unbox the Watch and begin the setup process, so I could play when I got off my WebEx’s. The box was heavy and odd-shaped for a watch (long) but I remembered reading about this and the way they came with the band flat. I pulled out, skipped the setup documentation, and fumbled for the power button. As there are only two choices, it was a short search. Voila! An Apple, the symbol of a booting iDevice! I went thru the setup screens, told it to load all the apps matching those that I had on my iPhone, and it worked for a while while I did the same. It occurred to me that the battery charge might be low, but it wasn’t complaining and I didn’t see at first how to find the charge level.

When my calls were done, it was playtime! So I started pushing, twisting and poking. I’d read that the interface was not intuitive but it seemed logical to me. I tried apps, set watch faces, and started to make it mine. Ok, I did cheat. I couldn’t figure out how to find the battery charge. Google. Oh, doh! Glances, and a swipe thru the options. Ok, I couldn’t figure out how to change the world clock time on a clock face. Google. Oh, doh! Just select the widget and then spin the crown wheel to select. Overall, things really did work the way I expected. 

It’s now been about 30 hours since I got the Watch. What do I think? Very cool. Feels good on my arm. I’ve not worn a watch in years, but it’s light and unobtrusive. Battery life? I’ve been playing with it a lot today, and it’s been over 14 hours since I took it off the charger. Battery indicator says 52%, so that’s not an issue. What can you do with it? It does tell time very effectively! It lights up the face when you raise your arm to look. It alerts for text messages, and the voice recognition for reply is better than expected. I’ve made a phone call, ignored a call, and sent several texts. I’ve read a lot of email previews. The Gmail app works nicely with the alerts and has a lot of flexibility , and you can archive messages and remove them from your inbox. Apple’s mail app works well, too, but the way Gmail segments your mailbox lets me control which messages appear on the Watch better. The biggest shortcoming I’ve seen so far is the inability to respond to email, even with a canned phrase. I understand the design decision but I hope this gets updated to add reply functionality. I’ve not tried the exercise app yet, but will do so. MotionX GPS has a nice app that I know I’ll use. I like the timers and stopwatches. The activity monitor will encourage movement and fitness. The weather apps are handy. I’ve added my credit cards for Apple Pay but have not had a chance to use it yet. My phone is a 5S so I’d not been able to participate in Apple Pay and I’m looking forward to it. I like the news alerts from the NYTimes and others. The presentation remote control apps for Keynote and PowerPoint will be useful; I have a projector dongle for my phone, and it’s handy to have a remote to drive the presentation from the phone. 

The bottom line there is a lot you can do with the Watch. I’m eagerly looking forward to new apps and software updates as the ecosystem matures.

White Bass 2015

I practiced some defensive calendaring today (which is pretty bad for a retired dude, but the part-time job can create some schedule challenges 😉 ), marked off the afternoon, and drove about 20 miles from my house to where the Haw River runs into Jordan Lake (central NC). The spring weather was spectacular, with temperatures in the low 80’s and blue skies. It’s “yellow season” with the pine pollen every and spring busting out all over. My goal was to catch some white bass on their spring spawning run up the river.


Haw River View

I got to the Robeson Creek canoe landing about 1:30PM, after taking care of a few things in the “office” during the morning. I rigged up, and headed down the trail from the parking lot. I crossed Robeson Creek, and walked upstream past the end of the impoundment to the running water. There were a few fishermen around, mostly with buckets they were hoping to fill, and I walked upstream to a pool that had worked for me in the past.

The water was pleasantly cool and perfect for wet wading.  The water level was low, and the river was clear.  If the water had been high or stained, this wouldn’t work, as the Haw is like wading on greasy bowling balls.  It’s a big river, and if the water is up, it gets too deep pretty quickly. I cast a black sparkle wooly bugger a few times, but I wasn’t feeling the love with that fly. I put on a white Shenks’s streamer, and immediately hooked up with a nice little white bass. These guys can put quite a bend in the rod, especially when they leverage the current.


Haw River White Bass


I fished for about two hours, an hour in one place, and then moving upstream to another spot for another hour.  I caught about 15 white bass, several small largemouth bass, a few sunfish, and one nice black crappie (below). All fish were on the same white Shenk’s streamer. All the white bass were medium-sized males.  I didn’t see any of the larger females; they’ve not come up the river yet.

Nice black crappie

Nice black crappie

About 4PM, I decided I’d had a great day, the bite had slowed, and I headed for shore and the trail back. Got back home before 5PM, in time to sit on the porch with my wife and a glass of wine.  Not a bad day!

Another day at Clearwater

Two days of fishing in the last three?  Wow! Sam and I met at Camp Clearwater today to try for winter-stocked trout (too warm here in the NC piedmont for a natural population). This is such civilized fishing.  Leisurely morning at home, walk the dogs, breakfast with the wife, newspaper, coffee, and then drive less than 15 minutes to get there. Since the gate opens at 9AM and there were only 6 rods scheduled, no need to rush 🙂 .

I met Sam in the parking lot at ~9:20 and compared notes on flies to try. The last time we’d ben out, the key was small midges (#18 or #20) as droppers below a dry as an indicator, primarily. We decided we’d stick with that, and the telemetry from the Lake Master was that this would be effective. It worked, but was slow, technical fishing. Trout were madly jumping all over the lake, sometimes hitting the dry indicator, most times nudging the dropper, but were devilishly hard to hook, especially on long casts, and then hard to keep on the hook. I managed to land several over the course of the day, most hitting a “Sweet Thang” tied by Sam, a tiny #20 bead head with a brown wire-wrapped body. Hell, I can hardly see ’em much less tie ’em!


Clearwater Rainbow

At one point, Sam and I were casting from a long dock, with another angler between us. We were both catching fish, and he was getting skunked.  Sam passed him a Sweet Thang and he got two in short order. Keeping with the osprey theme from my post last Friday, as we stood on the dock, we watched an osprey grab a trout from lake and head to a nearby tree. It hit the water with a giant splash and I first thought a mondo trout had jumped until I saw the osprey.

I caught a few on my dry indicator, a #16 CDC emerger, but mostly, they’d clobber it but miss the hookup.

It was a nice day, pleasantly warm, in contrast to our recent chilly weather.  Nice fellowship with our fellow fishermen and the Lake Master. A good way to spend the day.


Shad, ospreys, and eagles

Osprey eating a shad

Osprey eating a shad


St. Patrick’s Day, this past Tuesday, was beautiful with blue skies and temperatures in the upper 70’s. Was that the day that I made my annual trek to Weldon for the shad run?  Nope! Sam and I waited until Friday the 20th, with temps starting in the 30’s and topping out about 50, with some drizzle and thick clouds. However, it was the best day for the two of us to get together so we loaded up the canoe on the old red truck for the 2 hour trip.

We didn’t rush due to the cold and rain…rain which was pulling out to the northeast. We timed our drive well, and the rain was finished by the time we arrived. We paddled across the river to our usual spot, but things didn’t look too promising, as we were virtually the only folks at the landing — never a good sign with something like the shad run, where people fishing means the fish are in. However, onward! We beached the canoe and clambered over the rocks to the top of the “Little River,” where the flow splits 90/10, with the small flow being the “Little River.” The water was quite chilly (49F) as I wet-waded through crotch-deep water to our favorite fishing rocks 🙂 . Invigorating!

Well, to say fishing was slow was an understatement.  However, I did manage a half dozen Hickory Shad, and besides, the camaraderie made the trip worthwhile, regardless of what we caught.

Hickory Shad

Hickory Shad

All the fish I caught were on a single orange fly…orange chenille body, orange bucktail wing, with some gold crystal flash added for good measure. This particular fly had bead chain eyes rather than the weighted eyes I usually use, and that may have made a difference but I think it really was more just putting the fly in front of a fish, and I had a better day of that than Sam.

We saw a number of ospreys during the day, mostly as fishless as us 🙂 but one did catch a fish just a bit down the river from us, and it flew into a nearby tree to eat the shad while we fished. We also saw a bald eagle, also clutching a shad, on the far side of the river. In the past, we’ve seen wild turkeys fly by, but none today.

All in all, a great day of fishing, so-so catching, good bird watching, and great fellowship.

I still like ChromeOS but I also like my new MacBook Air


Those who happen by this blog know that I like Google’s ChromeOS. I’ve got two Chromebooks, and have written a number of posts about ChromeOS. However, there are a handful of things that I need to do that I just can’t do well on a Chromebook. One of the main things is the ability to run Cisco’s WebEx software. Support for ChromeOS has been “coming” for a long time and given that I spend a lot of my day in WebEx meetings, this has been an annoyance. My employer (N2N Services) uses this as its standard, and I found myself sitting with a Chromebook and connected to the WebEx on my iPhone. Also, while Google Docs is great, roundtrip fidelity with Microsoft Office docs is still an issue. Microsoft’s online offerings are getting much better, but are not there yet.  I use KeePass for passwords, and there’s not a version that works with ChromeOS. FTP/SFTP are possible with web-based tools like NetFTP, but kludgy. SSH works with an app, but is kludgy. The Chrome shell is OK for a few things, but want to run cURL? Nope. Can’t run Skype. But, I love the quick boot & online or SSD storage, and the small light form factor. So, I decided to get a MacBook Air.

I’ve got an iMac at home so I’m quite conversant with OS X. But which Air to buy. Yes, I know that refresh time is coming up, but you can drive yourself crazy with that. I decided to get the entry level 11.6″ 4GB RAM/128GB SSD model. I was a bit concerned about the RAM, but after 24 hours of using this, I can say that this is one sweet laptop. The screen size is like my Chromebooks, so no issue there. Boot is very fast, but then again, I don’t boot my Macs often anyway, and return from sleep is instantaneous. Very nice build quality and keyboard. Beautiful screen, even if it’s not as hires as the 13″ MBA. I wondered if I’d regret not going with the 256GB SSD, but after loading everything I want, I still have 85GB or so free. I’ve not had any issues with the RAM, and honestly, I guess swapping to SSD is going to be pretty fast. The weight at 2.38 pounds is nice. The difference between 2.38 and 2.96 on the MBA 13″ is one of the main reasons I went with the MBA 11″.  I’m going to work hard to keep most stuff in the cloud and not on the MBA, and to not try to overload it with things like Xcode 😉 . There’s a sweet spot here with the MBA!

So, yes, I still like ChromeOS and think it’s a great solution for many things…but it’s just not quite flexible enough…yet…