A Life For Itself

Tag: twitter

  • Five Things – 2 August 2020

    Twitter Hackers Caught

    There’s a scene at the beginning of “Ocean’s Eleven,” where Danny Ocean and Rusty Ryan are trying to talk Ruben Tishkoff into joining them in their planned casino robbery caper. Ruben is hesitant at first, but is happy to join in once Danny and Rusty explain that they’re planning to rob the casinos of Ruben’s nemesis, Terry Benedict, who had recently bought Ruben’s hotels from under him and was planning to demolish them “to make way for some gaudy monstrosity.”

    Despite the good feelings engendered by Ruben’s joining the plan, he makes an important warning. Stealing from Terry Benedict like this is especially dangerous. “At the end of this, he better not know you’re involved, not know your names, or think you’re dead, because he’ll kill you, then he’ll go to work on you.”

    Since the movie is older than at least one of them, almost as old as the other two involved, I guess the young men who pulled off the Twitter hack had never seen it, or at least that scene. And perhaps nobody told them leave their names fully out of online activities like that. And that means anywhere along the lines.

    What’s the point of using a “hacker alias,” a VPN, TOR, an airgapped machine, Kali Linux, or any of that other stuff, if you’re going to use your real name on your bitcoin account that you use to receive stolen Bitcoin?

    I only ask because that’s apparently how guys in the caper got caught. They’re described as the middlemen, but, if you’re the kind of person who involves themselves in such activities, you’ve probably taken a lot of other precautions, such as the ones listed above, to protect your identity, as much as possible. They might even use burners phones and such. But if you’re going to be receiving stolen bitcoin, why on Earth would you receive it in such a way that can be tied back to you? There are ways to transact with Bitcoin anonymously and I was surprised to hear that this is how law enforcement was lead to the two.

    In Ocean’s Thirteen, when discussing that film’s caper, the specialist Roman Nagel asks Danny and Rusty possibly the most important question of any caper, “what’s your exit strategy?”

    These guys must not have given much thought to theirs. Now, they’re facing multiple felonies.

    President bans TikTok

    The other night, Twitter was ablaze with the news that the President of the United States planned to ban the short-form video content creation app, TikTok. If you’ve been living under a rock or perhaps spend the majority of your social media time on Facebook and therefore don’t know what’s going on, TikTok has been controversial because it is owned by a Chinese company with ties to its government and the app has come to be considered to be spyware. India’s government has banned TikTok, but they’ve also been having other issues with China this year.

    This, and perhaps other issues (like, really, who even knows?) have prompted the President to make the move to ban the app in the United States. But, if the comments on Twitter are any indication, there might be some trouble enforcing that.

    As a baseline, the government would need Google and Apple to remove the app from their app stores “in the U.S.” Even so, the moment the app is removed from those locations, what’s stopping someone from hopping on a VPN and changing their location to another country, like say, Canada, which has not banned the app, and getting the app?

    It’s possible on both Android and iOS without rooting, and it’s super easy on Android.

    But even so, for those who might be unable or unwilling to do that much, there are alternative app stores out there. And even if one does not trust those, what’s stopping people from going to other websites and getting the app(s)? It’s pretty easy to sideload an Android app. And while it doesn’t seem as easy to me to do the same on iOS, it’s possible. A quick web search will reveal a bunch of possible ways to do so.

    As this tweet says, pretty much nothing sort of the government building a “Great Firewall” is going to stop the app from coming into the country. They’d have to enlist every ISP, including cell phone companies and home Internet providers. Would they do it by blocking the DNS of known places where the app might be? Still, people can use DNS in other countries and even Cloudflare, whose 1.1.1.1 DNS service is encrypted. VPN providers have their own DNS servers, so if someone connected to a VPN, if that VPN provider were outside of the country, then they’ve already circumvented things. They’d have to ban VPN services.

    Then, what’s stopping someone two people, one inside the US and one outside, away from known VPN services, from setting up their own site-to-site VPN and just sharing the app between themselves?

    All of that aside, it’s being reported that Microsoft could buy the American arm of TikTok and I guess that, along with making sure the apps aren’t like … spying on people, will could make this issue go away? Hopefully, the kids will take their lessons on Internet privacy seriously, regardless of what happens.

    MLB Still Going

    Pleasantly surprised is a good way to describe how I feel about this MLB season, so far. Despite coronavirus diagnoses on several teams, MLB is pushing through. Now, Rob Manfred has told the union that too may more players testing positive would mean he’ll have to shut it down, and has told their television partners to get ready for that possible eventuality, but so far, they’re pressing on. And the O’s are near the top of the AL East. I do want baseball, not because I have this sense that it’ll be providing “normalcy.” Normalcy would be the season starting early spring when it’s cooler and fans would be in the stands and no fan noise would be piped in. But, baseball does bring me joy like few other things in my life, so I’m happy to have it. But, if the health situation becomes unmanageable, then it’s time to shut it down.

    NFL Better Pay Attention to MLB

    The NFL needs to be paying as much attention to how things go with MLB. In fact, while I’m pretty sure they’d never do this, were I in control of the NFL, I’d have done my best to have health and operations officials from my league working closely with some counterpart in MLB to monitor the situations and the decisions being made, to relay that information and to help us make better decisions moving forward.

    The two leagues are in similar situations, in that they both decided to contest games in each team’s home stadium. However, while no fans are present in MLB games, the NFL has decided to leave the question of fan capacity, ultimately up to teams and local governments. The Ravens announced several weeks ago that M&T Bank Stadium would have a capacity of no more than 14,000 fans (PSL holders were given priority ticket purchase rights since they wouldn’t all be technically able to use their PSLs this season), but ultimately, the decision is up to the City of Baltimore to decide whether that number of fans will be allowed into the ballpark, or fewer, or none at all.

    The challenge of preventing a breakout in any team’s locker room is magnified for the NFL, as NFL rosters are basically double the size of MLB rosters this season. NFL teams pretty much always have more coaches than the typical MLB team. More players play in closer quarters on every single play in any game, than in MLB. The NBA and WNBA have distanced players sitting on the bench, so it’ll be interesting to see how the NFL deals with that particular issue because there are a lot more players along the sidelines at any time during an NFL game than there are in any basketball game.

    It’s a logistical challenge and I think the NFL should have decided upon sequestering players, officials, and such in one or more places across the country and I’m surprised they did not. The NFL had lots of time to think about it. They planned and executed a physically distanced, and quite fun, in my opinion, draft in a relatively brief time.

    Now, on the chance that both the MLB and NFL seasons successfully complete, I do hope the O’s and Ravens do end up on top. I usually do, obviously, being from Baltimore and having been a fan for such a long time, but want to see the win for Mo. Baltimore superfan and child cancer patient, Mo Gaba, passed away this past week. I don’t think I’ve ever seen such an outpouring of love or care or concern for anybody in the Baltimore sports community. Tweets came from current and former Baltimore players. Even whole sportscasts have been dedicated to him and his memory. Understandably so. He didn’t just love Baltimore sports, but that was part of his love of life. In spite of all of the challenges he faced. I never met him, but like so many of us, was touched by him and his story. The Orioles put him into their Hall of Fame hours before he passed and I hope that gave him peace and joy in his final hours. I’m glad the O’s and Ravens, and others, did so much for him, rallied around him. These are my home town teams, but we’re also part of a community that I’m grateful to be part of. At least one championship would be a great tribute to a life lived briefly but bravely.

    Isaias

    Tropical Storm Warnings have gone up in this area, and we’re hours from the forecast arrival of Isaias. Hopefully it will be just a Tropical Storm when it arrives in this area. From the looks of it, the storm will be here with us from sometime late Monday night through Tuesday afternoon/evening. It’s done quite a bit of damage down in Puerto Rico and the Dominican Republic, but thankfully lost some intensity last night and was downgraded. But tropical cyclones are anything but fully predictable, so we’ll have to wait and see how things turn out.

    Baltimore City is offering free sandbags for local residents on a first-come, first-served basis.

    Providing these bags is a great service, but I think in future storms, this needs to be done on the basis of living near one of the City’s waterways. The City has neighborhoods that flood almost regularly, like Canton and Fells Point and ones right next to the Patapsco like Cherry Hill and Westport. Those neighborhoods, and ones like Clipper Mill, which sits in the Jones Falls valley, and Mount Washington, are the most at risk when a storm threatens to rain hard and consistently for hours. There are also other smaller waterways, which can become hazardous during a huge rain event. These are the places the city needs to focus on, as well as areas with poor drainage. The City knows about these issues and can focus resources better itself than relying on citizens, who might come from neighborhoods at less risk, and come more out of fear than out of a sense preparedness. With the pandemic going on, city agencies like schools (yeah, yeah, I know how it runs and how its funded, but it serves Baltimore children and it’s located in Baltimore) have faced logistical issues in serving people. The last thing we need is people unnecessarily showing up places for something they probably don’t need. Hopefully, the City will correct this and do a better job in the future. This isn’t a condemnation, but advice, as I know that Baltimore, like pretty much everywhere else, is under unprecedented pressures at this time. Whatever happens in the next couple of days, I hope that we make it through, as unscathed as possible because the logistics around sheltering people during the pandemic would be a major challenge. I know the City has many good people working for it, but again, there’s a big strain going on.

  • Five Things – 26 July 2020

    I haven’t been blogging through the pandemic, nor through the recent social movement. I have lots of thoughts on why that is, and I may put some out there about that at another time, but one of the reasons is that I’ve been working mostly on new plays. I’ve been working on my latest full length and off, and on, a ten-minute play based on my most recently completed full-length. Or, perhaps that’s just an excuse.

    But not blogging or writing much of anything else, and feeling the urge again, is the main reason I decided to come back and blog again, at least weekly.

    I’m going to do my best to blog weekly, one or two items from the tech world, one or two from the arts world, and maybe one or two personal things. We’ll see how it goes.

    Instagram Fake, the Twitter Breach, and Social Trust

    A couple of weeks ago, I found out somebody had created a fake Instagram account using my name and my picture. Apparently, it had been created some time in June and I only found out because I was tagged in a post by a third account that roots out such fake accounts (big ups to them for this.) This was pretty surprising because I’m not a known name or anything, not yet. I didn’t think there was any value to impersonating somebody without much social visibility or trust or good will built up. At least not outside of people I personally know.

    And yet, there was the fake. Along with the new profile picture I’d most recently posted, this time, across all of my social media accounts, as my Gravatar, et. al. The account creator had lifted the verbiage from my Twitter profile, albeit without linking to this website or to my Keybase identity, both of which would have immediately exposed them as a fake. Not that posting on Instagram in different languages, not found on this site or in my other social media accounts, helped to establish any credibility any. Nor did not posting anything about Baltimore, which is one of my things.

    I reported the account and for a few days, it was still there. A friend of mine told me she’d gone through the same experience and had to send Instagram a picture of herself, holding a piece of identification. Fortunately, by the time I found my passport –I’d decided that was the ID I’d use instead of my license– and was about to take the picture, Instagram had already removed the offending account.

    I’m glad I didn’t have to go through the extra steps and all and while Instagram never notified me of the steps they took (which it says they’ll do when you report an account impersonating you), I would have liked to know if they decided that the offending account was truly the fake because I have these small measures of social trust posted online, e.g. my Keybase account and this website. I honestly thought about going live as proof that my account was the real one because while the offending account could certainly have downloaded any video out of my account and uploaded into theirs, Instagram would have at least known how the video was created –streamed directly into their service– and known that I’d made it and the copycat had not.

    Hopefully the Keybase account is good enough for at least techies to trust. At least it probably was before Zoom’s acquisition of Keybase. It may have been in this case. The offending account didn’t offer any form of social proof that they were me.

    Whether it’s Keybase or not, these forms of social trust are going to become more crucial in the future. Especially looking at the recent Twitter hack.

    As I mentioned before, my Keybase proof is in my Twitter profile. However, had I been a victim of the recent breach on that service, that would not have mattered, since the hackers had access to the service’s administrative console. They could have deleted any references to my Keybase proof. So, while there is some social trust in verified Twitter accounts, that trust now greatly rests on not just the user becoming verified, but also on practices like Twitter admins posting sensitive passwords with wide access in locations like Slack channels.

    I know this is a sensitive issue, especially inside the privacy community, and adopting specific means of identity verification, even like Keybase, is going to be difficult. But for the larger Internet, some kind of alternate means to say “this is the person you believe you’re communicating with” will probably become more important as we learn more about how some social networks operate.  Nothing compulsory, but a place where people can more reasonably trust that they’re communicating with the people they think they’re communicating with.

    In the meantime, I still have my Keybase account and it’s here:

    https://keybase.io/kesschristopher

    And remember, if an account online displays this proof, but the Keybase profile doesn’t point back to it, then it’s likely not me.  And you can come here to see if an online account says it’s me, but you have concerns.

    Thin Clients for the Masses

    I love thin clients, as quite a few folks I’ve worked with, will tell you. Not that they did. Most of the people that I asked, and even a bunch more that I never asked, and who volunteered this information, partly due to one frustration or another, did not. At least not the ones at the office, moreso the Wyse Winterms than the HP thin clients we eventually moved to, running Windows XP. At least, initially.

    Some of the same people did not like Chromebooks when they first came out, either.

    And now, coming next year, Microsoft will be releasing an Azure powered cloud PC. DaaS, Desktop as a service. Essentially a thin client. Probably for a subscription fee.

    According to Mary Jo Foley at ZDNet, Windows loaded on a machine’s local storage, as we know it now, won’t be going away any time soon. But, what will be coming sounds like something that businesses, large and small, as well as some freelancers, will be interested in.

    For instance, say you’re a small nonprofit and you own a lot of legacy equipment and perhaps have an Office 365 subscription, but take advantage SaaS apps for functions like accounting and such, this may be more attractive than, say, buying a bunch of new PCs at once.

    Maybe you’re a large enterprise and you want to hand out laptops to users but don’t want them to be used off of your corporate network. Assuming Microsoft baked in IP address filtering into the service, it could prevent machines from booting anywhere but on the corporate network.

    Perhaps, down the line, you buy yourself a new Apple-silicon based Mac, but need access to a Windows desktop. Last I checked, the situation with software makers like VMWare and Parallels was unclear (even though Parallels will let you run Windows on a Chromebook in the future). This may end up being another case for Windows AAS.

    There may be lots of use cases in the corporate world.

    Depending on cost, I can certainly see some in the education world adopting this model. If there’s a need for certain software, yes. I’d imagine a company like nComputing, whose legacy equipment I’ve supported in an educational setting, developing hardware specifically for this Windows use case. And because of the pandemic, with public support for distance education at the K-12 level growing, being able to deliver a (more than likely) familiar Windows experience may have some value, as systems further refine their distance learning strategies.

    Hopefully, this news, coupled with Chromebooks still being popular as learning devices, larger conversations can be had about the digital divide, especially in places like Baltimore. Baltimore City Public Schools System (BCPSS) and the City of Baltimore, along with some local nonprofits, have been distributing Chromebooks to help with distance learning, often times disadvantaged areas. The problem has been that Chromebooks need to be connected to the Internet (I’m writing this on my original HP Chromebook 14) to reach their full functionality and the City has addressed this by distributing WiFi hotspots. But even with that, there have been complaints about the bandwidth and data amounts provided by the service being inadequate for the online instruction being offered as well as the availability of the devices to begin with.

    If companies are offering these tools and local school systems where there are inequalities of access, want to leverage these systems, there need to be real solutions for delivery. The value of systems like DaaS and hybrids like Chromebooks is predicated upon reliable, high speed Internet.

    Will I want to run out and get one of these Windows cloud PCs? If you have a .edu email address to share with me, then yes.

    Also, speaking of my coworkers, I told some years ago that desktop support as a job would be going away one day “in the not too distant future.” Well, if you’re a company running Windows, either in a data center or from the cloud, you have less need of someone to support desktops there in your office. Managed service providers, as long as those are around, will need people to support desktops remotely and sometimes in the office (seen that in action, personally), but even that should change some, the more that Microsoft moves things towards the cloud. It won’t happen in the spring or even perhaps for a few years, but if Microsoft can choose between allowing you to pay once for local Windows desktop or month-to-month for a Windows cloud subscription, I wonder which it will choose.

    TaaS – Theatre as a Service

    With the pandemic, theatre has moved online. I’ve seen more tweets and FB posts about theatres, large and small, here and there, offering one kind of performance or another, online. One playwright I’m friends with on Facebook has had weekly readings of his work for the last few weeks now. Broadway itself isn’t moving back into in-person performance until some time next spring. So, in the meantime, if you’re into theatre, you have to know how to work Zoom (which you probably do by now), Facebook, or YouTube. Theatre has become, hopefully for the time being, at least here in the US, a virtual service. Theatre as a service, if you will.

    I’m part of the fun too, as my latest ten-minute play, “Milton Avenue,” will be part of a group of readings by local Baltimore playwrights by Rapid Lemon, a local production company.

    Baseball

    Baseball came back the other night. It was surreal to hear all of this talk of MLB’s opening night while it’s hot and muggy out. We’re supposed to be seeing the top teams start to pull away going into August. But MLB is giving it a go, still, albeit without fans present. I don’t think any fans will see any MLB in person anywhere in 2020, assuming the league even makes it to the end of the season, which I’m struggling to see happening, at least not the way it started.

    I only say that because I’m less certain they’ll make it, than I am say, of the NBA and WNBA making it through their continuation and “full” seasons respectively. As it was reported, Juan Soto missed the other night’s Yankees/Nationals opener because he had been diagnosed with Covid-19. That test was administered on Tuesday, before that day’s Orioles/Nationals preseason game, in which Soto played. So, he had to have played while positive. And even as of the other night, all I heard in the media was that Soto had tested positive, but no word about his teammates. But he played around his teammates and around the Orioles. And this weekend, his teammates played around the Yankees. And this weekend, the O’s have played the Red Sox. And are supposed to be playing the Marlins tomorrow, with four players having tested positive.

    At least the NBA and WNBA are playing in bubbles with strict protocols about players entering and exiting the environment. They apparently tested completely free of the virus the other day. The bubble and the wubble have worked.  MLB is already stumbling. I am hoping for the best as I love baseball and while I’ve enjoyed KBO, staying up until 4 or 5 AM to watch it, has been tough (I like to watch sports live). Having said that, NC Dinos is my KBO team. I like their uniforms.

    Breathe, You Are Alive

    In the 2000s, I encountered the work of the Vietnamese Zen Monk, Thich Nhat Hanh. I’ve enjoyed and found great wisdom in his teachings. One of my favorite ideas I’ve picked up from him is the phrase, “breathe, you are alive.” It’s the title of one of his many books.

    When in times of distress or upset, I learned to come back to my own breath. Come back to that center. And not to just breathe, but to feel it deeply and ground myself in my breath, in my body. I learned to feel gratitude for the breath because it was a reminder that yes, I was still here. And if I’m still here, I can feel better, think better, do better.

    How scary it feels to know there’s a virus running rampant still, whose main activity is taking away the breath. And whose long-term effects aren’t known.

    Mask up. Be safe.  Remember to come back to the breath.