We’ve seen lots of fancy “making of” videos from blacksmiths making awesome metal weapons. But it turns out that with a mix of frozen water and layered toilet paper, you can make a sword that can also smash helpless fruits – at least until the sun comes out and melts it.
via The Awesomer
The Toilet Paper and Ice Sword
If Apple loses, your home could be the next thing that’s unlocked
In a recent interview about Apple’s ongoing legal battle with the Department of Justice, Tim Cook said that our smartphones have more information about us and our families than any other device we own. He’s right. And if the FBI is able to compel Apple or any company to circumvent a phone’s encryption, it would tap into a wealth of information. But it’s not just the tiny computers in our pocket we need to be concerned about. Your home and car tech could also be affected by the ruling if law enforcement deems it necessary.
Look around your home, office or car. How many microphones, cameras or sensors are pointed at you right now? Even if these devices are not connected to a service or server, they’re probably still there watching and listening. Hopefully the manufacturers did their jobs and all those eyes and ears are encrypted. But, if Apple is forced to help the FBI get into that iPhone, even that encryption won’t matter.
The Internet of Things have been a target of security researchers (and rightfully so), but that’s forced companies to make it a priority to secure these devices. Which is paramount because they record an incredible amount of information about you and your family. Cameras like the Nest Cam track who comes in and out of your home. Microphones embedded in devices like the Amazon Echo and smart TVs let you check the weather, change channels and order items with your voice.
James Arlen, director of risk for Leviathan Security Group is concerned with how that information will be used. "There is absolutely an issue. The world of consumer IoT – including wearables, cars and ‘things that live in my house’ – is the product of companies that are for the most part hoovering up huge gulps of personal data," he told Engadget.
Both Amazon and Nest encrypt the data sent from their devices. Yet, if the Department of Justice gets its way, that’s just a minor inconvenience for law enforcement if you’re suspected of a crime.
Cars are just as connected as homes. Cameras and mics litter the interior of new vehicles. Voice control, gestures, even backup cameras could be sources of evidence against suspects, their friends and families. Like the makers of connected home items, automakers are doing their best to keep your data secure.
"We believe customers own their data. We are stewards of data, and we commit to protecting it," Ford spokesperson Christin Baker told Engadget. But what’s the point, when an order from a judge can set all digital eyes on you for potentially even minor infractions.
If your first reaction is, "I’m not a terrorist, there’s no need to for me to worry," realize it’s not just the FBI that wants to circumvent encryption. Manhattan district attorney Cyrus R. Vance Jr says the city has 175 iPhones with passcodes it wants to access. All the DA needs is a judge willing to make Apple unlock those devices.
Judges hold the power to set legal precedent. The reason to open a device or system could vary from region to region. In one state, a major felony could be what’s needed to unlock a piece of hardware. In another, it could be a misdemeanor.
We’ve drenched ourselves in technology to enhance our lives. It’s not 100 percent secure and we know it. We know hackers are out there trying their best to get into our stuff. But those are the bad guys. The government is supposed to be the good guys. When they start circumventing encryption, our homes and cars are no longer the safe havens we enjoy today and that’s frightening.
via Engadget
If Apple loses, your home could be the next thing that’s unlocked
We Read Apple’s 65 Page Filing Calling Bullshit On The Justice Department, So You Don’t Have To
Apple didn’t need to reply until tomorrow, but has now released its Motion to Vacate the magistrate judge’s order from last week, compelling Apple to create a new operating system that undermines a couple of key security features, so that the FBI could then brute force the passcode on Syed Farook’s work iPhone. It’s clearly a bit of a rush job as there are a few typos (and things like incorrect page numbers in the table of contents). However, it’s not too surprising to see the crux of Apple’s argument. In summary it’s:
- The 1789 All Writs Act doesn’t apply at all to this situation for a whole long list of reasons that most of this filing will explain.
- Even if it does, the order is an unconstitutional violation of the First Amendment (freedom of expression) and the Fifth Amendment (due process).
I really do recommend reading the 65 page filing (it goes fast!). But on the assumption that you have more of a life than we do, let’s dig in and detail what Apple’s argument is. The brief is quite well written (other than the typos) in making the issues pretty clear:
This is not a case about one isolated iPhone. Rather, this case is about the Department of Justice and the FBI seeking through the courts a dangerous power that Congress and the American people have withheld: the ability to force companies like Apple to undermine the basic security and privacy interests of hundreds of millions of individuals around the globe. The government demands that Apple create a back door to defeat the encryption on the iPhone, making its users’ most confidential and personal information vulnerable to hackers, identity thieves, hostile foreign agents, and unwarranted government surveillance. The All Writs Act, first enacted in 1789 and on which the government bases its entire case, “does not give the district court a roving commission” to conscript and commandeer Apple in this manner. Plum Creek Lumber Co. v. Hutton, 608 F.2d 1283, 1289 (9th Cir. 1979). In fact, no court has ever authorized what the government now seeks, no law supports such unlimited and sweeping use of the judicial process, and the Constitution forbids it.
The motion also notes the importance of strong encryption in keeping people safe and secure:
Since the dawn of the computer age, there have been malicious people dedicated to breaching security and stealing stored personal information. Indeed, the government itself falls victim to hackers, cyber-criminals, and foreign agents on a regular basis, most famously when foreign hackers breached Office of Personnel Management databases and gained access to personnel records, affecting over 22 million current and former federal workers and family members. In the face of this daily siege, Apple is dedicated to enhancing the security of its devices, so that when customers use an iPhone, they can feel confident that their most private personal information—financial records and credit card information, health information, location data, calendars, personal and political beliefs, family photographs, information about their children—will be safe and secure. To this end, Apple uses encryption to protect its customers from cyber-attack and works hard to improve security with every software release because the threats are becoming more frequent and sophisticated. Beginning with iOS 8, Apple added additional security features that incorporate the passcode into the encryption system. It is these protections that the government now seeks to roll back by judicial decree.
And the filing makes it clear that the government is lying in claiming that this is all just about this phone:
The government says: “Just this once” and “Just this phone.” But the government knows those statements are not true; indeed the government has filed multiple other applications for similar orders, some of which are pending in other courts.2 And as news of this Court’s order broke last week, state and local officials publicly declared their intent to use the proposed operating system to open hundreds of other seized devices—in cases having nothing to do with terrorism. If this order is permitted to stand, it will only be a matter of days before some other prosecutor, in some other important case, before some other judge, seeks a similar order using this case as precedent. Once the floodgates open, they cannot be closed, and the device security that Apple has worked so tirelessly to achieve will be unwound without so much as a congressional vote. As Tim Cook, Apple’s CEO, recently noted: “Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks—from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”
There’s a footnote in the middle of that which points to Manhattan DA Cyrus Vance already talking about why he supports the FBI, and how he has 155 to 160 phones that he wants to force Apple to help unlock.
Apple also details how accepting the government’s interpretation of the All Writs Act here could easily extend in absolutely crazy ways:
Finally, given the government’s boundless interpretation of the All Writs Act, it is hard to conceive of any limits on the orders the government could obtain in the future. For example, if Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user? Nothing.
Apple also doesn’t pull any punches on how the FBI itself messed things up:
Unfortunately, the FBI, without consulting Apple or reviewing its public guidance regarding iOS, changed the iCloud password associated with one of the attacker’s accounts, foreclosing the possibility of the phone initiating an automatic iCloud back-up of its data to a known Wi-Fi network… which could have obviated the need to unlock the phone and thus for the extraordinary order the government now seeks.21 Had the FBI consulted Apple first, this litigation may not have been necessary.
Apple’s filing also does a good job debunking the DOJ’s ridiculous "this is no burden, because it’s just software and Apple writes software" argument:
The compromised operating system that the government demands would require significant resources and effort to develop. Although it is difficult to estimate, because it has never been done before, the design, creation, validation, and deployment of the software likely would necessitate six to ten Apple engineers and employees dedicating a very substantial portion of their time for a minimum of two weeks, and likely as many as four weeks…. Members of the team would include engineers from Apple’s core operating system group, a quality assurance engineer, a project manager, and either a document writer or a tool writer…. No operating system currently exists that can accomplish what the government wants, and any effort to create one will require that Apple write new code, not just disable existing code functionality…. Rather, Apple will need to design and implement untested functionality in order to allow the capability to enter passcodes into the device electronically in the manner that the government describes…. In addition, Apple would need to either develop and prepare detailed documentation for the above protocol to enable the FBI to build a brute-force tool that is able to interface with the device to input passcode attempts, or design, develop and prepare documentation for such a tool itself…. Further, if the tool is utilized remotely (rather than at a secure Apple facility), Apple will also have to develop procedures to encrypt, validate, and input into the device communications from the FBI…. This entire development process would need to be logged and recorded in case Apple’s methodology is ever questioned, for example in court by a defense lawyer for anyone charged in relation to the crime….
Once created, the operating system would need to go through Apple’s quality assurance and security testing process…. Apple’s software ecosystem is incredibly complicated, and changing one feature of an operating system often has ancillary or unanticipated consequences…. Thus, quality assurance and security testing would require that the new operating system be tested on multiple devices and validated before being deployed…. Apple would have to undertake additional testing efforts to confirm and validate that running this newly developed operating system to bypass the device’s security features will not inadvertently destroy or alter any user data…. To the extent problems are identified (which is almost always the case), solutions would need to be developed and re-coded, and testing would begin anew…. As with the development process, the entire quality assurance and security testing process would need to be logged, recorded, and preserved…. Once the new custom operating system is created and validated, it would need to be deployed on to the subject device, which would need to be done at an Apple facility…. And if the new operating system has to be destroyed and recreated each time a new order is issued, the burden will multiply.
From there we dig into the meat of the filing: that the All Writs Act doesn’t apply.
The All Writs Act (or the “Act”) does not provide the judiciary with the boundless and unbridled power the government asks this Court to exercise. The Act is intended to enable the federal courts to fill in gaps in the law so they can exercise the authority they already possess by virtue of the express powers granted to them by the Constitution and Congress; it does not grant the courts free-wheeling authority to change the substantive law, resolve policy disputes, or exercise new powers that Congress has not afforded them. Accordingly, the Ninth Circuit has squarely rejected the notion that “the district court has such wide-ranging inherent powers that it can impose a duty on a private party when Congress has failed to impose one. To so rule would be to usurp the legislative function and to improperly extend the limited federal court jurisdiction.”
Congress has never authorized judges to compel innocent third parties to provide decryption services to the FBI. Indeed, Congress has expressly withheld that authority in other contexts, and this issue is currently the subject of a raging national policy debate among members of Congress, the President, the FBI Director, and state and local prosecutors. Moreover, federal courts themselves have never recognized an inherent authority to order non-parties to become de facto government agents in ongoing criminal investigations. Because the Order is not grounded in any duly enacted rule or statute, and goes well beyond the very limited powers afforded by Article III of the Constitution and the All Writs Act, it must be vacated.
In short, Apple is leaning heavily on the idea that CALEA pre-empts the All Writs Act here, and that CALEA explicitly says that companies can’t be forced into helping to decrypt encrypted content. Beyond that, Apple is claiming that it’s "too far removed" from the case for the All Writs Act to apply and mocks the idea (put forth by the DOJ) that because Apple licenses its software instead of selling it, that makes it okay:
Apple is no more connected to this phone than General Motors is to a company car used by a fraudster on his daily commute. Moreover, that Apple’s software is “licensed, not sold,”…, is “a total red herring,” as Judge Orenstein already concluded…. A licensing agreement no more connects Apple to the underlying events than a sale. The license does not permit Apple to invade or control the private data of its customers. It merely limits customers’ use and redistribution of Apple’s software. Indeed, the government’s position has no limits and, if accepted, would eviscerate the “remoteness” factor entirely, as any company that offers products or services to consumers could be conscripted to assist with an investigation, no matter how attenuated their connection to the criminal activity. This is not, and never has been, the law.
From there, Apple attacks the argument that there is no undue burden on Apple if it’s forced to build this system, which Apple calls GovtOS. It starts out by noting that the idea that Apple can just create the software for this one phone and delete it appears nonsensical when put in context:
Moreover, the government’s flawed suggestion to delete the program and erase every trace of the activity would not lessen the burden, it would actually increase it since there are hundreds of demands to create and utilize the software waiting in the wings….. If Apple creates new software to open a back door, other federal and state prosecutors—and other governments and agencies—will repeatedly seek orders compelling Apple to use the software to open the back door for tens of thousands of iPhones. Indeed, Manhattan District Attorney Cyrus Vance, Jr., has made clear that the federal and state governments want access to every phone in a criminal investigation…. [Charlie Rose, Television Interview of Cyrus Vance (Feb. 18, 2016)] (Vance stating “absolutely” that he “want[s] access to all those phones that [he thinks] are crucial in a criminal proceeding”). This enormously intrusive burden—building everything up and tearing it down for each demand by law enforcement—lacks any support in the cases relied on by the government, nor do such cases exist.
The alternative—keeping and maintaining the compromised operating system and everything related to it—imposes a different but no less significant burden, i.e., forcing Apple to take on the task of unfailingly securing against disclosure or misappropriation the development and testing environments, equipment, codebase, documentation, and any other materials relating to the compromised operating system…. Given the millions of iPhones in use and the value of the data on them, criminals, terrorists, and hackers will no doubt view the code as a major prize and can be expected to go to considerable lengths to steal it, risking the security, safety, and privacy of customers whose lives are chronicled on their phones. Indeed, as the Supreme Court has recognized, “[t]he term ‘cell phone’ is itself misleading shorthand; . . . these devices are in fact minicomputers” that “could just as easily be called cameras, video players, rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps, or newspapers.”…By forcing Apple to write code to compromise its encryption defenses, the Order would impose substantial burdens not just on Apple, but on the public at large. And in the meantime, nimble and technologically savvy criminals will continue to use other encryption technologies, while the law-abiding public endures these threats to their security and personal liberties—an especially perverse form of unilateral disarmament in the war on terror and crime.
That last point is key. Criminals will still use other forms of encryption, while forcing Apple to do this harms everyone else by putting them more at risk.
Here Apple goes even deeper in questioning what are the limits to the All Writs Act:
For example, under the same legal theories advocated by the government here, the government could argue that it should be permitted to force citizens to do all manner of things “necessary” to assist it in enforcing the laws, like compelling a pharmaceutical company against its will to produce drugs needed to carry out a lethal injection in furtherance of a lawfully issued death warrant, or requiring a journalist to plant a false story in order to help lure out a fugitive, or forcing a software company to insert malicious code in its autoupdate process that makes it easier for the government to conduct court-ordered surveillance.
Next, Apple calls bullshit on the DOJ’s claim that it absolutely needs Apple’s help here. First, the FBI messed things up with the whole resetting iCloud password thing, and then what about the NSA? Why can’t the NSA just hack in? That’s what the following is saying in a more legalistic way:
… the government has failed to demonstrate that the requested order was absolutely necessary to effectuate the search warrant, including that it exhausted all other avenues for recovering information. Indeed, the FBI foreclosed one such avenue when, without consulting Apple or reviewing its public guidance regarding iOS, the government changed the iCloud password associated with an attacker’s account, thereby preventing the phone from initiating an automatic iCloud back-up…. Moreover, the government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks. See… (Judge Orenstein asking the government “to make a representation for purposes of the All Writs Act” as to whether the “entire Government,” including the “intelligence community,” did or did not have the capability to decrypt an iPhone, and the government responding that “federal prosecutors don’t have an obligation to consult the intelligence community in order to investigate crime”).
From there, we move onto the Constitutional arguments, which the court might not even address if it decides the All Writs Act doesn’t apply. But, here, Apple starts with the First Amendment concerns of "compelled" speech.
Under well-settled law, computer code is treated as speech within the meaning of the First Amendment…. The Supreme Court has made clear that where, as here, the government seeks to compel speech, such action triggers First Amendment protections….. Compelled speech is a content-based restriction subject to exacting scrutiny… and so may only be upheld if it is narrowly tailored to obtain a compelling state interest….
The government cannot meet this standard here. Apple does not question the government’s legitimate and worthy interest in investigating and prosecuting terrorists, but here the government has produced nothing more than speculation that this iPhone might contain potentially relevant information… It is well known that terrorists and other criminals use highly sophisticated encryption techniques and readily available software applications, making it likely that any information on the phone lies behind several other layers of non-Apple encryption….
This argument feels a bit weakly supported. Then there’s the Fifth Amendment argument, concerning due process:
In addition to violating the First Amendment, the government’s requested order, by conscripting a private party with an extraordinarily attenuated connection to the crime to do the government’s bidding in a way that is statutorily unauthorized, highly burdensome, and contrary to the party’s core principles, violates Apple’s substantive due process right to be free from “‘arbitrary deprivation of [its] liberty by government.’”
Again, this feels a bit weakly developed, but not surprisingly so. Apple is betting heavily that its main argument, concerning the All Writs Act not applying, will win the day (which seems to have a strong likelihood of being true). The Constitutional arguments are just being thrown in there so that they’re in the case at this stage, and can then be raised on appeal, should it get to that level.
I imagine the DOJ will respond to this before long as well, so stay tuned (we certainly will).
Permalink | Comments | Email This Story
via Techdirt.
We Read Apple’s 65 Page Filing Calling Bullshit On The Justice Department, So You Don’t Have To
How to Make a 118 Gigabyte Floppy Drive
Before you call fake, know that both you and this custom built computer are being tricked in two very clever ways.
Those of us who had to deal with floppies will recall that a standard 3.5-inch disc only had about 1.4mb storage after being formatted. However, the metal shutter is exactly the right size to house an SD card. That’s where the increased storage comes from.
As to how a floppy drive is able to read an SD card, that’s where the computer gets tricked. The connector that normally links the floppy drive to rest of the computer has almost identical pin spacing to your average SD, so the unused pins were removed and the remaining ones bent upward to meet the SD once it’s inside the drive, like so:
For more about the build process watch the teardown video, or browse the other photos of its construction.
[Imgur]
All the Special Key Combinations that Change Your Mac’s Startup
The startup sound is a Mac’s way of letting you know everything is okay, but sometimes, things go bad and you need to boot into a different mode then usual. Mac’s have a bunch of options for this, and all they require is that you hold down a keyboard shortcut at boot.
To boot into one of these modes, press and hold these key combinations immediately after you turn on your Mac. Keep holding them until your Mac boots into the mode you need. Here are the key combinations and what you’d use them for:
- Shift: Starts your Mac in safe mode. This helps you troubleshoot because it only loads the minimum necessary kernels at boot then disables startup items, user-installed fonts, font caches, kernel caches, and other system cache files.
- Option: This loads up the startup manager where you can pick between different hard drives or discs to boot into. If you need to boot from a hard drive different than your primary one, or you’re booting into Boot Camp, this is the key you push.
- C: Boots from a bootable CD, DVD, or USB. This is useful when you’re installing a new operating system.
- D or Option+D: Starts the Apple Hardware Test on pre-2013 Macs or Apple Diagnostics on newer Macs. Both are meant to help troubleshoot hardware issues.
- N or Option+N: Starts up from a Netboot server. Most average users will never need to use this as it’s meant for running OS X off a network instead of a hard drive or disc drive.
- Command+R: Starts up in Recovery mode. If you have problems with your hard drive, OS X Recovery allows you to restore your Mac from a backup, verify and repair your disc, check your internet connection, or reinstall OS X.
- Command+Option+R: Starts up the internet version of Recovery mode, which works the same as regular Recovery mode, but is online.
- Command+Option+P+R: This resets the NVRAM. NVRAM stores information about speaker volume, screen resolution, startup disk selection, and recent kernel panic information. If you’re having issues with sound or video, it’s usually a good idea to reset the NVRAM before panicking.
- Command+S: Starts up in single-user mode. This is meant mostly for developers and IT as a means to troubleshoot startup issues and basically drops you into the command line where you can run tests without worrying about the GUI in OS X.
- Command+V: Starts up in verbose mode. Verbose mode is similar to single-user mode but is meant more as a way to watch what a computer is doing to help with troubleshooting.
- T: Starts your Mac in target disk mode. This is a useful way to share files between two Macs when one of them is broken or the display isn’t working.
- Eject button, F12, mouse button, or trackpad button: Force eject an optical disk.
With all those options, you should be able to troubleshoot your way through some of a Mac’s worst problems.
Contact the author at thorin@lifehacker.com.
via Lifehacker
All the Special Key Combinations that Change Your Mac’s Startup
Unpoppable Bubble Wrap Coasters
It’s human nature to want to pop the little bubbles in bubble wrap. So there’s nothing quite as sadistic as what maker Peter Brown did – by submerging bubble wrap in crystal clear resin and making frustrating coasters that can never be popped. Oh the humanity!
via The Awesomer
Unpoppable Bubble Wrap Coasters
Relive the Thrills and Horrors of Windows 98 Right in Your Browser
Most of us remember the glory days of Windows 98. Now you can relive them on a less-shitty computer, thanks to several thousand lines of brilliant Javascript.
Copy.sh is an emulator that runs inside your browser and effectively is the Windows 98 OS, unlike some other webapps that merely look and feel like old-school windows. The project took four years to write, and more importantly, it comes with Minesweeper!
There are options to boot from a CD or floppy disc image, which presumably means someone with a little tech savvy could play Tribes or Half Life 1 in a browser! Hell, a good number of games from that era are abandonware at this point. That said, I did try to get Rollercoaster Tycoon running without any success.
The browser works too, sort of. When I tried to see what Gizmodo looked like on Internet Explorer, copy.sh went dead for a good two minutes before showing me this message:
Maybe that’s the Inception-level grossness of using a browser inside a browser causing the emulator to break, but it was also a nostalgic microcosm of just how much easier the act of using a computer has gotten in the past 20 years.
via Gizmodo
Relive the Thrills and Horrors of Windows 98 Right in Your Browser
Tim Cook Won’t Budge on the FBI’s Demands, Says It Would Be ‘Bad for America’
In his first major interview since taking a stand against the FBI, Tim Cook will be on ABC News this evening, making the case for encryption and the importance of protecting Apple users’ privacy.
Cook was interviewed by ABC’s David Muir in what looks like his office at Apple’s HQ. In the short clip posted online today, Cook reiterates Apple’s firm stance against creating a “master key” to unlock the iPhone of the San Bernardino shooter:
This is not something we would create. This would be bad for America. It would also set a precedent that I believe many people in America would be offended by.
Muir then asks if Cook is worried that he might somehow be able to stop a future terrorist attack by unlocking the phone. Cook replies:
David, some things are hard and some things are right. And some things are both. This is one of those things.
Interestingly enough, this is all very similar to what Cook said in 2014 in an interview with Charlie Rose, long before any of this had happened:
We’re not reading your email. We’re not reading your iMessage. If the government laid a subpoena on us to get your iMessage, we can’t provide it. It’s encrypted and we don’t have the key. We would never do that. They would have to cart us out in a box before we would do that.
The segment is on ABC News tonight at 6:30 ET.
[ABC News]
Top image: ABC News
Contact the author at alissa@gizmodo.com and follow her at @awalkerinLA
via Gizmodo
Tim Cook Won’t Budge on the FBI’s Demands, Says It Would Be ‘Bad for America’
Casually Explained: Computers
Casually Explained talks about the basics of a personal computer, particularly its fundamental hardware components. While he’s not into high-end speakers, liquid cooling or fancy cases, his power supply game is on point.
via The Awesomer
Casually Explained: Computers