Happy birthday to…you all!

Posted on by
Reply

Today is my birthday! Unfortunately, I’m spending it at home in front of my computer rather than out celebrating, because I’m in the middle of a very nasty allergy attack and I feel miserable.

However, I’d like someone to have a good time, and it might as well be you. So, in honor fo my birthday, I’ve created a coupon to let people download my BDSM novel Nineteen Weeks from Smashwords for a discount!

Nineteen Weeks is a story that takes the tropes of a conventional bodice-ripper romance and turns them all on their head. It follows Amy, a housewife to a successful lawyer, who discovers him cheating on her and decides to turn the tables by taking control of her husband…and his mistress. And it’s been getting a bunch of lovely five-star reviews on Amazon.

Anyway, for the next month, you can download it at a discount by using coupon code VE87E. Enjoy! And if you like it, please consider leaving a review on Goodreads or Amazon!

Update #6 on the sex toy you can feel

Posted on by
Reply

Whew! Lots of things going on in the world of high-tech sex.

I’ve been hard at work on the second-generation prototype of the sex toy you can feel. The first-generation prototype was intended as a proof of concept rather than a usable sex toy; the sensors I was using were large and bulky, and made the strapon impractical to have sex with.

The second-stage prototype features a new and more powerful wearable computer, a larger number of much smaller sensors (each about as thick as a sheet of paper), and a completely redesigned vaginal insert. The new prototype took a while to assemble–mad science is hard!

Today, we reached a milestone. For the first time, one person (we will call her “Experimental Volunteer A”) had sex with another person (who we will call “Experimental Volunteer B”) with the prototype. Aside from a few minor design glitches which will be solved with the third-generation prototype, the sex went smoothly and was a great success. Experimental Volunteer A was able to feel the dildo moving inside Experimental Volunteer B, and there was much screaming, giggling, and moaning. A great time was had by all involved.

One of the areas of focus for the near to mid term future will be doing some research on the neural density of the inside of the vagina. I haven’t been able to locate anything in the literature that talks about this. It’s going to be one of the design factors in how many neurostim electrodes the final device will have, as there’s little point in having a number of outputs that exceeds the wearer’s ability to differentiate between them. We may end up having to do some research to find this out.

We’ve also received word that the patent application is in the hands of the US Patent Office, so at this point we’re able to say “Patent Applied For.” Patent applied for! When the PTO publishes the application, we’ll be able to say Patent Pending.

I’ve already started to take the things I’ve learned from today’s experiment to make some design changes to the third-stage prototype.

Want to keep up with developments? Here’s a handy list of blog posts about it:
First post
Update 1
Update 2
Update 3
Update 4
Update 5
Update 6

The Lads from Cyprus: Analysis of an Organized Hacking Gang

Posted on by
Reply

I get, as readers of this blog will know, a lot of spam. I’ve been using the same email address for decades (my AOL address since 1992, my own domain address since 1996), so I’ve had plenty of time to get on a lot of spam lists.

Recently, I started to see a whole series of very similar spam messages, all variations on the same message (“Hot Lady Wants You to F*ck Her,” “Invited to H00kup”) and all advertising redirectors on hacked Web sites. I’ve received a ton of these spam messages–about 75 in the last three weeks alone, with more coming every day.

The spam messages all spamvertise malicious redirectors that are placed on hacked Web sites. The redirectors all go to a destination that says “This is NOT a dating site! WARNING! You will see nude photos. Please be discreet.”

There’s a lot of hacking activity going on. Every spam message points to a different hacked site, all of which redirect to a whole network of identical landing sites. This, then, is the work of an organized, deliberate hacker or (more likely) group of hackers, likely using automated tools to hack vulnerable Web sites and plant the malicious redirectors.

Curious, I decided to go down the rabbit hole, to see what I could find out. I started collecting the spam emails, tracking how often they came in, what URLs they spamvertised, and where those URLs redirected to.

I discovered an organized gang of hackers and fraudsters operating out of a series of companies organized in Cyprus, who had built a large network of hacked sites and were using the hacked sites to funnel traffic into a fake dating site that attempts to get rather a large amount of money from marks it cons into signing up.

I followed the link from one of the spam messages, a site called hypnotherapyandnlp.co.uk. This site had been hacked to have a redirection script placed on it that redirected me to juicy-hotgirls69.com which in turn redirected me to naughty-juicygirls.com, where I was asked a simple series of questions.

*** WARNING *** WARNING *** WARNING ***

The URLs mentioned in this post are live as of the time of writing this. I recommend you do not visit them if you don’t know what you’re doing. The URLs are compromised sites or sites owned by people who compromise Web sites. They may attempt other malicious actions.

The site naughty-juicygirls-com is registered to an outfit calling itself Tralox Overseas Limited, which lists its business address as

Mitsis Building 1, Stasinou Avenue
Nicosia, Cyprus

I answered the questions and filled out a signup form on naughty-juicygirls-com, and was taken to yet another site, sexmyamateurass.com. This site attempted to get me to enter a credit card number–purely to confirm my age, doncha know. At least that’s what the text on the left side of the Web page claimed. But what the left side giveth, the right side taketh away; text on the right side of the screen told me I’d be signing up for a “VIP membership” that would automatically renew at $49.95 per month.

The site at sexmyamateurass.com is also registered in Cyprus. It is registered to a company calling itself Canderstone Limited, whose address is given as

Peiraios 30, 3016
Limassol, Cyprus

If you are foolish enough to agree to give them a credit card number, totally just for age verification (and recurring membership fees of $49.95 per month), your credit card is sent to a Web site called statusfee.com. This site is also registered to Canderstone Limited in Cyprus.

From there, you’re taken to yet another site, megafuckbook.com. This claims to be a dating site, though as fraudulent dating sites go, it’s pretty transparent. Within fifteen seconds of being redirected to megafuckbook.com I received notification that a woman had sent me an email–which, naturally, I would need to pay money to see.

and ten seconds after that, I got a chat request, supposedly from a woman near me:

megafuckbook.com is registered, unsurprisingly, to Tralox Overseas Limited.

This is par for the course for Web sites that prey on lonely and desperate men. The employees of such sites keep stables of fake profiles, often hundreds of them, and message new users with the intent to entice them to pay for the service. I’ve known folks who’ve worked for such sites.

So, it’s an ordinary and common fraud, atypical only in that the people who own the fraudulent site are aggressive computer hackers who compromise large numbers of sites and ten send out barrages of spam containing links to redirectors on the hacked sites.

I took a look at the Web host responsible for megafuckbook.com. It’s hosted on a Web hosting company called RackCo. RackCo looks to be a Virginia company that’s basically Yet Another Managed Hosting Provider, nothing particularly interesting about them. However, a quick check at Spamcop did turn up something interesting: Rackco is specifically not interested in hearing complaints about megafuckbook.com.

So what’s happened is a group of folks operating out of Cyprus are running aphony, and very expensive, dating Web site. They are aggressively hacking large numbers of other sites, which they use as a redirection network. They spam their redirection network to funnel people into the fake dating site. The ISP hosting the fake dating site has explicitly said it refuses to hear spam complaints regarding the fake dating site.

The overall system looks like this:

So this is a group of sleazy operators in the sleazy fake dating sphere, who have crossed over from sleazy to outright criminal activity in using hacking to compromise Web sites and enlist them as traffic redirectors.

People often ask me, “what’s the big deal if I don’t stay on top of security for my little WordPress site? There’s nothing on it. I only get three visitors a month, and one of them is my mom. Why would anyone want to hack me?”

The answer is “people don’t hack you to get whatever’s on your site. They hack you so they can use your site for their own purposes–placing illegal content on your site, hosting phish pages on your site, planting malware on your site, putting redirectors on your site which they can then use in spam campaigns. It’s not about you. Obscurity doesn’t matter.”

Secure your Web sites. If you have a presence on the Web, it’s on you to prevent operators like these from hijacking you.

I have reached out to Rackco to see if they’re willing to explain why they host this site and refuse to accept spam reports about it. I’ll update this blog post if I get a reply.

Two Chaosbunnies in the Desert: Disaster in Black Rock Desert and Reconnecting with my Roots

Posted on by
Reply
Part 1 of this saga is here. Part 7 of this saga is here.
Part 2 of this saga is here. Part 8 of this saga is here.
Part 3 of this saga is here. Part 9 of this saga is here.
Part 4 of this saga is here. Part 10 of this saga is here.
Part 5 of this saga is here. Part 11 of this saga is here.
Part 6 of this saga is here. Part 12 of this saga is here.

In ther North American continent is a state called Nevada. In that state is a desert. This desert has the rather ominous name of Black Rock Desert, and it’s noteworthy for two things: rich hippies who get together once a year to have sex, do drugs, and build implausible things; and for being one of the most inhospitable places North America has to offer. The latter fact may bear some relationship to the former, as it is, I gather, only sex and drugs that make the place bearable.

In the 1800s, people came to this place in search of riches. Most of them found only pain. Some of them found lead, and presumably also pain.

In my various attempts to research ghost towns online, I came across a reference to Leadville, an abandoned mining town high in the mountains in Black Rock Desert, not too far from Gerlach. Google Earth showed the place quite plainly, and it seemed interesting, so with considerable optimism we set off two chaosbunnies in a 1992 Ford van.

Black Rock Desert is, as it turns out, no place for two chaosbunnies in a 1992 Ford van.

I told Siri to navigate us to the ruins, having given up on Google Maps, which had plainly shown it knows fuckall about turn-of-the-century mining roads. We headed down a long, straight paved road into the desert, me driving, Bunny drinking tea.

“Turn here,” Siri said. There was a conspicuous lack of place to turn–nothing but straight road and fence. I turned around.

“Turn here,” Siri said. The road onto which we were supposed to turn continued in its stubborn failure to exist.

“Turn here,” Siri insisted.

“Maybe Siri doesn’t know where we are,” Bunny suggested.

I kept going. Eventually, after quite a lot of faffing, we discovered the road Siri expected us to turn on, about half a mile from where Siri thought it was.

I say “road.” Of course, I jest. The thing we ended up turning onto was less road than two narrow rutted tracks through desert wasteland. Still, we’d managed to take the Adventure Van into some unlikely places before, so off we went.

And went. And went. And went. The road trail rutted track was narrow enough and rough enough that we were forced to move at about five miles an hour or else risk breaking an axle, and the remains of Leadville was some considerable distance into high desert. We drive along for an hour or two, and started heading up, the road trail rutted track hugging the edge of a mountain that rose abruptly from the desert floor.

We didn’t realize we were playing a game with the desert–a game the desert was determined to win.

We continued climbing, up and up, until we just…didn’t any more.

The van didn’t break down, precisely. The engine kept revving, but the van simply stopped moving. The tires didn’t spin, the van just…stopped. Even in low gear, the engine turned but the wheels didn’t.

I shut off the engine to keep from burning up the transmission, which would have left us well and truly buggered. The road kept getting steeper ahead of us, leaving the inescapable conclusion that we were not going to be visiting Leadville.

We both got out, Bunny looking perhaps a bit more grumpy than I.

From our vantage point, we could see the “road” we’d driven in on. I say “road” in scare quotes because, while it was much more a road than the one leading to Susanville, it still wasn’t what any reasonable person would describe as a proper road at all, though there certainly was quite a lot of it.

That left us with the not inconsiderable task of getting back down. You know that scene near the beginning of the movie Serenity, where the spaceship Serentiy is making reentry and part of the heat shield falls off, and Mal says “just get us on the ground” and Wash responds with “That part’ll happen pretty definitely”? It was a bit like that. I knew we could get the van off the mountain; I just hoped we could do it without arriving in disassociated condition.

My first thought was to put the van in reverse and back down the mountain. I knew turning around was a non-starter, what with the narrowness of the road and the steep cliff on the side and all, but, thought I, that’s why they invented reverse, right?

The desert had other ideas.

The ground was soft and the incline was steep and we were carrying luggage on a rack sticking out the back of the van, and these things all conspired to cause the back of the van to dig into the ground as soon as I tried backing it up.

So with forward, backward, and turning around all off the table as options, that left little choice save “pray for a miracle,” “learn to fly,” “unload all of our gear from the van, take the luggage rack off the back, and try again,” and “wait out here to die.”

Bunny and I aren’t particularly inclined toward miracles, we’d opted to take the van and leave the X-wing fighter at home, and Bunny seemed to have very strong feelings about not dying out in the middle of the desert, so with some resignation and a bit of grumbling, we started unloading the van. Half an hour later, we’d offloaded hundreds of pounds of stuff and carried it down the mountain a bit to where the road, such as it was, widened enough to, with a bit of maneuvering. we thought er could turn the van around, provided we didn’t have a morbid fear of death.

That just left backing the van down the road without tipping off the side and arriving at ground level in disassociated condition. I will save you the descriptions of the white-knuckle bits of that endeavor, as there are plenty of white-knuckle bits still to come in future installments of this story, and instead just say that by dint of much agony and a few close brushes with an untimely demise, we were able to get the Adventure Van back down off the mountain, loaded up once more with gear, and pointed in more or less the right direction, whereupon we left the desert the same way we came in: slowly, and with great concern over the possibility of a broken axle.

Back on the road again, we beat a retreat from the desert. As we left the boundaries of Black Rock Desert, I squinted off into the distance. “Is that water?” I said. Bunny made a skeptical noise. I stopped the van and got out to look. It looked a bit like water, maybe, but it seemed…I don’t know, dryer somehow.

It was, as it turns out, salt, not water. There is collectively not enough water in this picture to drown a gnat.

Final score: Black Rock Desert 1, chaosbunnies in an ancient Ford van 0.

We set off down the road, wallowing in the misery of our defeat and drinking tea. As the sun set, we made camp on the side of the road, still wallowing in the misery of our defeat. Bunny made pasta to go with our wallowing, and we resolved to make it to Bodie, the next (and last) ghost town on our itinerary, the following day.

The following morning, we were up bright and early before noon, and headed off toward California. The day was clear, and the promise of success loomed in–

“Hey, what’s that?” I said.

“Looks like a billboard, maybe?” Bunny said.

“No, I don’t think so,” I said. “Is that–?”

I pulled over. It was.

For those of you born after the advent of the Internet and broadband, there was once a thing called a “drive in.” Imagine a movie theater–no, not like that, a theater with only one screen. Outside. With a big parking lot in front of it. You would drive your car there and sit in it while you watched the movie. A little speaker about the same size and quality of a fast-food drive-through speaker was mounted at each parking space, but we people didn’t care because you didn’t go to a drive-in to watch the movie, you went to a drive-in to make out and/or have sex in the back of the car while a movie played somewhere in your general vicinity.

Changing demographics have not been kind to the drive-in industry.

We got out and poked around a bit. When this drive-in was abandoned, it happened all at once, it seemed.

Drive-ins had a small shack where the projection equipment was housed, and where the employees made popcorn. Before the movie started out, people in silly hats would come to your car and ask if you wanted popcorn. Then they’d run to the projection shack, make your popcorn, take it out to you, and let you get on with having sex.

We picked our way across a a field littered with broken glass and bits of rebar and electrical cable to the projection shack, which was an absolute catastrophe.

In a previous life, I was once a movie theater projectionist (at a regular theater, not a drive-in). To be fair, the projection booth I worked in wasn’t really a whole lot more tidy or organized than this.

I felt weirdly nostalgic, picking through the rubble of the projection booth. There was a fine layer of dust over everything, so it didn’t look like anyone visited frequently. Not even the local greasers with their pompadours and their muscle cars seem like they can be arsed to come out here all that often.

The concession stand was separated from the projection booth by a wall that ran down the length of the projection shack, without a door through it; the projection booth had its own door, and you couldn’t go from the concession stand to the projection booth. This seems to be typical from what I remember of my movie theater days. The projectionist occupies the most lofty stratum of the theater employee hierarchy, and the booth is his castle; riffraff like ticket sellers and concession workers aren’t permitted in his domain.

There was one lonely piece of graffiti in the concession stand, scrawled without any genuine effort at artistic merit on what was left of the popcorn machine. Honestly, the neighborhood truants, delinquents, and hoodlums really seemed to be phoning it in.

We made our way back to the van and headed off toward Bodie, which would prove to be the shining jewel of the trip. I have much to say about Bodie, and many many pictures. Those will wait for the next installment.

Survey: Amazon erotica

Posted on by
Reply

A while back, Amazon, under pressure from some of the more Puritanical factions of US society, changed the way they handle search results.

Amazon has long been popular with people who self-publish books, because it offers powerful tools to self-published authors and an enormous storefront where authors can reach their readers. This system has shaken up the publishing industry and allowed a lot more writers to reach a lot more people–something I think is awesome.

I am one of those authors. I publish erotica under the pseudonym William Vitelli. And I noticed something strange: I woke up one day to find that, overnight, I’d gone from making about $2800/month from Amazon sales to making less than $100.

Amazon has made changes to the way self-published erotica appears in its search results. Many, but not all, self-published books no longer appear in Amazon search results, even if you type the name of the book or its author exactly. The books are still listed for sale, but you have to know the Amazon URL to find them.

It’s hard to say how the new search results work. This removal from the results seems, unsurprisingly, to target niche erotica. Some books seem to appear for some users but not others, irrespective of search settings. Some books just don’t show up at all.

Many Amazon self-published erotica authors have been badly hit by this; I’ve seen people saying online that they’ve seen their Amazon royalties drop by thousands of dollars a month.

That suggests to me there are people who want to buy erotica who aren’t finding what they want, and authors who want to sell erotica who aren’t able to do so.

So I started thinking, what if I set up a Web site that lists Amazon erotica, including books that don’t appear in Amazon search results, and crowdsource the database? I’m thinking of a system that would allow users to suggest books that might otherwise be hard to find, and search tools that would let users look for what they want. The site would then give links to the books on Amazon.

The site would, the way I’m thinking of it, also allow users to review and rate books in the database.

So I’m turning to you, O people of the Internet. What do you think? Do you read erotica? Do you buy erotica on Amazon? Has the change in Amazon search policy affected you? Would you use a site that was a searchable database of erotic books on Amazon?

Let me know what you think! I’ve set up a Survey Monkey survey. You can find it at

https://www.surveymonkey.com/r/QC59CPH

It’s quite short–only 9 questions–and I’d be quite grateful if you could help me out by taking it, and/or recommending it to other people.

Thank you all very much!

“Does my butt look big in this?” Some more thoughts on honesty in communication

Posted on by
Reply

“Does my butt look big in this?”

I am a fan of the idea of honesty. This is no secret. I’ve written before about why I think lies, even supposedly harmless “little white lies,” are destructive. (tl;dr: They teach people not to listen to the good things we say, and to dismiss compliments and positive things as white lies, while making negative things stick more.)

Inevitably, every time I write something like this or I say this at a workshop or lecture I’m giving, someone always, always says “but what if my girlfriend asks if her butt looks big in this dress? I shouldn’t tell the truth then, right?”

And I say “honesty in communication works both ways. It is wrong to give dishonest answers. It is also wrong to ask dishonest questions.”

Far more often than not, “does my butt look big in this?” is a dishonest question.

Questions like this are not requests for information. They are passive, indirect requests for validation. They are an indirect way of saying “I am feeling insecure. I want you to tell me that you think I’m attractive.” And, of course, they’re harmful and destructive ways of seeking that validation, because if you say “no, your butt looks awesome in that,” the other person is just going to dismiss it as a white lie. The answer doesn’t meet the need for validation, because on some level, the person you’re talking to won’t believe you. We’re all conditioned to know that other people are likely to prefer white lies to honesty, usually under the guise of sparing our feelings.

And if you say “yes, that’s unflattering,” well, not only have you not offered the hoped-for validation, you’ve confirmed the other person’s deepest fear. These questions are lose-lose: affirmations aren’t believed, unpleasant answers cut deep.

“Does my butt look big in this?” It’s the most obvious example of an indirect request for validation masquerading as a question, but we ask dishonest questions that are less obvious all the time. Whenever we ask a question expecting to hear a certain answer that validates us, that’s a dishonest question.

Honesty is just as important in the questions we ask as in the answers we offer. Dishonest questions are just as harmful as dishonest answers. Indeed, they might be even more harmful, because they set the other person up for failure.

I don’t believe they’re always a deliberate setup. It can be difficult to tease out all the threads woven into the way we communicate. Sometimes, we ask questions that we believe are honest, but then become upset when the answer doesn’t validate us. Sometimes, we tell ourselves we want an honest opinion while secretly longing for the answer that feels best.

But dishonest questions are not fair. They put other people into a difficult bind that offers no easy way out. At best, they are a sign of chinks in our own sense of self; at worst, they’re manipulative, immature, or both.

I am a fan of honesty in communication. I would like, therefore, to propose an idea: If you ask a question, be prepared for an answer that surprises you. If you’re not prepared for that, it’s probably a dishonest question. If you ask a question and then blame the other person for giving an answer that doesn’t follow the script in your head, it’s definitely a dishonest question.

Relationships do not thrive when everyone is reading from the same playbook of dishonesty, they thrive when people are straight with each other and ask for their needs to be met directly rather than indirectly.

How, then, do we deal with our ordinary human need for reassurance and validation? I propose a solution: direct communication. I’d like to propose that we strive for relationships where we feel safe to say,”I’m feeling insecure about thus-and-such, and I would like your validation.” I think that looking within ourselves to understand what we really want, and doing whatever may be in our power to ask only honest questions and to advocate for our needs directly, is a gift we can offer our partner. By offering this gift, we avoid putting our partner in a position where they must either compromise their integrity or hurt us.

I would also like to propose the suggestion that by answering questions honestly, instead of telling white lies, we are offering a gift to our partner: the gift of integrity. This gift allows the people in our lives to believe us more fully, and not dismiss the positive things we say.

Honesty works both ways. We can, and I believe we should, seek to ask honest questions as well as answer questions honestly.

Two Chaosbunnies in the Desert: Creepy Motel

Posted on by
Reply
Part 1 of this saga is here. Part 7 of this saga is here.
Part 2 of this saga is here. Part 8 of this saga is here.
Part 3 of this saga is here. Part 9 of this saga is here.
Part 4 of this saga is here. Part 10 of this saga is here.
Part 5 of this saga is here. Part 11 of this saga is here.
Part 6 of this saga is here. Part 12 of this saga is here.

“Hey! Pull over!” Bunny said.

We were in the third–or was it the fourth?–day of the Faffing: wandering around more or less aimlessly, not finding any genuine ghost towns but still having great success photographing the many and varied ruins that dot the Pacific Northwest like acne on a geeky kid’s the day before the high school yearbook photo.

We were driving along a long, boring stretch of road in–god, I can’t even remember what state we were in. Possibly Oregon. Or maybe California. Weeks on the road will do that to you.

“Hey! Pull over!” My ears pricked up. Maxine had become quite adept by this point at spotting interesting things from the road, and she rarely disappointed.

We pulled into an utterly deserted parking lot, gravel crunching under the wheels of the Adventure Van. The sign said Juniper Lodge Motel and Restaurant. The creepiness of the surroundings said photographic gold mine.

We hopped out (get it? Hopped out?) and cautiously poked around. The first thing Bunny found was a portable toilet of the kind you usually see in the backs of campers and RVs, that looked a bit like someone had been cooking meth or something else equally unpleasant in it. I won’t disturb you with a photo, because I didn’t take one (if I had, it would be exactly the sort of thing I might like to share, so consider yourselves lucky, O gentle readers).

The Juniper Lodge Motel had been built as three long, low buildings on three sides of a square, with the road making the fourth side. I’m guessing the gas station used to be in the middle, perhaps, though it seems that would be a rather unpleasant arrangement for one who was wishing to sleep while all night long, people pulled in to get gas.

We cautiously entered the first building, wary of collapsing ceilings, snakes, and drug-crazed gangsters, all of which seemed like they might be a distinct possibility. All we found were ruins.

The bar and restaurant–at least I’m assuming that’s what this was–looked like something straight out of a nightmare horror movie, perhaps a movie called Freddy Krueger Visits the 1977 Guide to Interior Design Bar of the Year or something. That orange! Those beams! That fake wood paneling!

Someone had been there before us, which showed that fears of drug-crazed, machete-wielding gang members perhaps weren’t so far off base as all that.

The rooms were spacious, once upon a time, even if perhaps I might not have chosen that particular texture for the fake wall paneling, if it had been up to me.

The building to the right as you face the motel from the road, where the office once was, had reached a quite spectacular level of decay, one that made us fear for our safety dare we even to venture within. Much of the floor was gone, revealing that the building wasn’t precisely built on what one would call a “foundation” in any traditional sense of the word.

Photos taken, we set off again. We had, at this point, a new Plan. It was a Plan ambitious in its audacity, that would take us into Black Rock Desert questing after a…well, that will have to wait until next time.

Some thoughts on changing the world

Posted on by
Reply

“My vote doesn’t matter.” This is a common call of the North American White-Chested Citizen, particularly prominent during election years.

This isn’t really a post about political participation, except that it kind of is. Bear with me.

There are rather a lot of human beings on the planet–almost seven and a half billion of us, at last count. That’s quite a big number. Even the smallest of actions, when combined across seven and a half billion people, can make for an enormous impact.

Problem is, each one of those seven and a half billion people individually feels they are not responsible for the cumulative impact of their actions. No raindrop feels responsible for the flood.

Back when I was a kid, I remember my father telling me to save money by turning off the lights when I wasn’t using them. I recall arguing the point with him, to the extent that I got a copy of the power bill, figured out what we were paying for electricity, then sat down and did the math about how much it would cost for me to leave the light on in my room all the time.

It turns out it really wasn’t much. The cost of lighting isn’t that great–one light bulb is barely a rounding error in the bill even if you leave it on all the time. Other things–the water heater, the refrigerator, the stove, the air conditioner–totally swamp the contribution made by that lowly light bulb.

He was unconvinced, but I think it had more to do with him not accepting the math than him not accepting the argument. Light bulbs are easily visible sources of power consumption. The water heater? Not so much.

So I went about my life for many years thereafter, not really caring if I turn the lights off or not, because they’re a drop in the bucket. Compared to other things I do, the energy I use for lighting is insignificant.

As CFL and LED lighting has become more common, I’ve cared even less.

But here’s the thing: It’s not just me.

See this? This is not you. You are not a unique and special snowflake, except that you kind of are.

I mean, yes, you are unique in all the world’s billions. Yes, there has never been and never will be anyone else like you again. And yes, there really is nobody else who brings what you bring to the table. So in that sense, you are a snowflake.

But all snowflakes have six sides. There are consistent and repeatable similarities between people. Whatever chain of reasoning you use to arrive at some conclusion, there are other people who use that exact same line of reasoning to reach exactly the same conclusion. So when you tell yourself “My vote doesn’t matter,” there are millions of other people–people who might vote the same way you do were they to vote–who say the same thing for the same reason. When you rationalize leaving the lights on because the amount of electricity consumed by a light bulb is so small, millions of other people reach the same conclusion for the same reasons.

Which means it isn’t just you. You represent a multitude. You follow in the footsteps of many others, and they follow in yours. The road you take to arrive at whatever you arrive at is walked by more people than just you.

And that means if you want to make fully informed and rational decisions–decisions that account for all the variables and arrive at rational, logically sound conclusions–you have to account for the fact that you don’t exist in a vacuum–that whatever chain of logic you use to get where you’re going, other people will too. You need to account for the fact that it’s not just you, that the inevitable reality of being a person among billions of others is that whatever choices you make, you make in the company of millions of others for the same reasons.

So, that means weighing the consequences of your actions as though it isn’t just you. The vote you cast, or don’t? The lights you leave on? Your choices are bigger than you think. They’re amplified enormously by the simple iteration of your reasoning applied across vast numbers of others. Think of the consequences of your choices in terms of millions, not just one.

No raindrop believes it is responsible for the flood. Each raindrop thinks “what difference do I make?”

I have resolved to stop leaving the light on.

The Strange Allure of the Superhero

Posted on by
Reply

Superheroes seem a uniquely American creation. There’s no other society I know of that’s invented the superhero as it exists in American society (Ulysses and Beowulf were heroic and larger than life, to be sure, but don’t really fit the superhero mold), and our love affair with all things superhero has made Marvel Comics one of the most enduring box office success stories outside of Star Wars.

Iron Man. Captain America. The Avengers. Deadpool, the funniest movie I’ve seen so far that involves multiple decapitations. The American moviegoing public is all about the superhero these days. That means the American entertainment industry is all about the superhero, and by extension, the world is all about the superhero, American cultural hegemony being what it is.

And doesn’t that seem just a little bit…weird to you? It does to me.

Superhero stories are the height of implausibility. Man gets bitten by radioactive spider, becomes crusading vigilante with superpowers. Man gets zapped with gamma rays and becomes, not dead, but crusading vigilante with superpowers. Man arrives from another planet to become crusading vigilante with superpowers. Man loses parents in a dark alley, spends vast fortune to be crusading vigilante with superpowers. Crusading vigilante with superpowers faces escalating series of evil embodiments with superpowers, bent on destroying the city the country the world the universe.

The stories are hokey, the characters hackneyed, the plots contrived and predictable. Why are they so damn popular?

Enter Captain America, stage left.

In the book Captain America and the Crusade against Evil: The Dilemma of Zealous Nationalism, Robert Jewett and John Shelton Lawrence argue, convincingly, that the superhero is the expression of American religious mythology. Captain America was the first modern superhero, after all, and they argue that Captain America is the embodiment of the American ideal: a heroic figure, above the law and answerable to nobody, doing God’s work by defeating the forces of absolute evil through any means necessary.

This is the way the United States likes to see itself: invulnerable, invincible, morally pure, the vanquisher of all that is unjust, uniquely blessed by God, wielder of the holy sword of redeeming violence that cleanses the world.

And like the comic-book superhero, the United States must operate outside the law to redeem the world and purge it of evil. Superheroes aren’t concerned with Miranda rights or due process. The existence of the superhero trope is, by its nature, a vote of no confidence in the normal processes of justice and law. The superhero comes along to save us because the law is incapable of doing so, too feeble or too corrupt to stop the encroachment of evil. If the superhero must beat people up or dangle them off a balcony to save the world, so be it. If the United States must torture suspected terrorists, so be it. Only such purifying violence can bring about righteous victory.

People argue, of course, about what the “appropriate” use of torture is and what the acceptable level of violence is; a guy I know has, with a straight face, made the argument that if you’re willing to shoot someone and you think that’s okay, surely it must be okay to hurt him as well (by which logic, anything becomes okay–rape, dismemberment, mutilation–to someone you’re willing to kill). The underlying logic beneath all these arguments is that we, the forces of right and good, are entitled to commit acts of violence upon the wicked, and no laws or treaties matter. Ours is a morally pure end, we are sanctioned by God, and we must do whatever it takes to purify the unjust and the iniquitous through cleansing violence.

They argue in the book that this idea is rooted deep in the Puritan Christian history of the United States. Our ancestors came here because they wanted a place where they could build a paradise on earth, and if creating that righteous place in God’s name required wrenching the land from the natives by violence and had to be maintained through violence, so be it. The God of the Bible (yes, both books, not just the Old Testament) is completely fine with the violent application of holy zeal.

This thread of zealous nationalism, they argue, is still part of the fabric of American civil religion today, so deeply woven into the way we see ourselves that even people of no particular religious faith still accept its premises. We are good. They are evil. Law is weak and corrupt. The application of violence by the forces of good is the only way to bring about the destruction of evil. Those forces of good are above any law, answerable to none save God, and cleansing violence is always just.

The book makes a good argument, and I think there’s a lot of truth in it.

But it misses something.

The appeal of the superhero is not just that it validates our image as a morally pure country wielding the divine sword of redemptive violence against the wicked and evil. There’s another part of it, too.

Superheroes are, by their nature, an adolescent power fantasy. The invulnerable superhero, with superpowers and the ability to do whatever he wants, is the daydream of the person who feels disempowered and weak. Superman is bulletproof! And can fly! And see through walls! Batman is rich! He gets all the cool toys and beats up bad guys! The appeal of superheroes is deeply rooted in revenge fantasies and desire for power. Superheroes don’t have to take shit from anyone, and they have, like, totally awesome powers, man!

The prevalence of the superhero trope in social entertainment, then, shows a widespread underlying feeling of helplessness and disempowerment. The world is a scary place, and a lot of people–ironically, people in the most powerful nation the world has ever seen–feel disempowered. Terrorists want to blow us up! Other countries don’t like us! I can’t get a girlfriend! Boy, Iron Man would sure fix all that up. He can go get those terrorists where they live, and he gets hot girls, too! The superhero becomes an expression of the ego, a desire for power and control. The superhero has meaning and purpose. The superhero may brood–there’s a reason superheroes tend to act like angsty teenagers when they’re not smashing in the faces of bad guys–but ultimately, the superhero has a mission and that mission gives him clarity. The superhero applies power to solve his problem, and in so doing saves the day.

So on the one hand, we have the American monomyth: the United States is the agent of good and right, wielding violence to vanquish evil and bring about redemption of the world, transcending mere law to do so. On the other hand, we have the superhero as adolescent fantasy fulfillment, intoxicating because he offers an escape from our own helplessness. Put those two things together, and it creates the perfect soil for growing atrocity. We see ourselves simultaneously as hero and victim, all-powerful and powerless, the bringer of holy violence and the victim of malign evil.

The implications of that particular mix are quite frightening, I believe. The nation that believes itself simultaneously powerless and also called upon to deliver the world from evil through the instrument of violence is a very dangerous thing.

Apple vs the FBI: Whoever wins, it’s a mess

Posted on by
Reply

Apple and the FBI. It’s the Rock ‘Em Sock ‘Em Robots fight that the movie Alien vs Predator should have been, but unlike Alien vs Predator, this one so far has failed to disappoint.

On one side, we have a giant tech megacorp that makes cellphones. Also other stuff, I hear, but these days mostly cellphones. On the other, we have the full force and might of the United States Government, in the form of the Federal Bureau of Investigation. In between, we have: Terrorists! Encryption! Civil liberties! Donald Trump spouting off!

The Internet is filled with conversations about the spat, much of which are either not technically correct or overtly technical. It’s my goal here to try to explain a very complex situation in a way that doesn’t require a high level of technical mastery. However, this is a technical issue, so there will be some geeky bits.

The Background

Last year, a couple of assholes named Syed Rizwan Farook and Tashfeen Malik decided they were going to express religion of peace by blowing away a bunch of people in San Bernardino, California. They decided, you see, that something something holy war something martyr God, and something something kill people whatever…I don’t know or particularly care about the details, and they’re not really relevant here. So far, so boring: some yahoos think there’s an invisible dude in the sky who wants them to kill some other people, it all ends in tears–a story that’s been playing out with minor unimportant variations since the dawn of civilization. The FBI investigated and decided they were “homegrown extremists” (no idea if they were organic or GMO-free) and not affiliated with any other terrorist groups or cells.

This is the part where things get interesting.

During the investigation, the FBI discovered that the yahoos had Android smartphones, which they destroyed prior to going on their rampage of murderous idiocy, and that one of them had an iPhone 5C provided by the company he worked for.

This is the logic board from an iPhone 5c. Like all iPhones, the user data on an iPhone 5c is encrypted. You need to unlock the phone in order to get at its contents. By default, the phone is locked with a 4-digit numeric code. If you don’t enter the code, the phone’s contents remain encrypted.

You can’t just read the information from the phone’s flash memory, because it’s encrypted. The FBI wants to read the contents of the phone, for reasons that aren’t clear to me (if there was anything sensitive on it, it’s hard to imagine he wouldn’t have smashed the phone before running off to kill people who had nothing to do with whatever grudge he imagined his invisible sky-man carried, like he did with his other phones), but whatever.

The FBI tried to read the phone’s contents, and discovered that the iPhone is actually rather secure. If you want to know the full details of how secure, there’s a PDF on Apple’s iPhone security here.

So they went to Apple.

This is where things get really interesting, and a lot of the conversation about the situation gets some important facts wrong.

The Problem

The iPhone’s files and such are encrypted. This is not simple home-grown encryption, either; it’s military-grade 256-bit AES encryption. It can not be defeated by any known attack. All the world’s computers combined would take about a billion years to brute-force the encryption, which is a bit more time than the FBI prefers to spend on this.

Now, there are some important things to understand here.

One is that nobody can break the encryption, not even Apple. Apple has no secret back doors or master passkeys to get at the contents of a locked phone, and that’s not (exactly) what the FBI is asking them to do.

The other is that the four-digit code you type into an iPhone is not the encryption key. The encryption key is made up of a secret, random number embedded into each phone at the moment of manufacture, combined with the passcode you set by means of some arcane mathematics that are beyond the scope of this blog post. Apple does not know the encryption key; they do not have a way to set the unique hardware number, and in any event it’s all tangled up with the passcode the user enters in order to create the encryption key anyway.

So here’s where things sit: The phone’s contents are encrypted. The FBI wants access to the phone for whatever reason. Apple can’t decrypt the phone. So what’s the deal?

The Tussle

The fact that the phone in question is an iPhone 5c is really, really important. If it had been a 5S or a 6, it wouldn’t matter, because Apple made a change in the inner workings of the later phones to prevent it from being asked to do precisely what it’s being asked to do.

So, here’s how it works.

iPhones run an operating system called iOS. iOS is digitally signed; that means Apple has a secret encryption key it embeds into iOS. The phone carries a special, immutable boot ROM that contains the decryption code for this key. If it starts to boot and sees an operating system not signed by Apple, or if the operating system is tampered with in any way, the phone refuses to boot. (This is different from and not related to jailbreaking an iPhone. Even a jailbroken phone will not boot a copy of iOS not signed by Apple.)

What does that mean? It means nobody on earth–literally–can make an operating system the phone will boot, except for Apple. If the FBI or anyone else tries to modify the iOS boot loader, the phone will not boot. Only Apple knows the key needed to change the iOS boot loader.

Now, a few other things you need to know about how an iPhone works.

If you type the wrong passcode into an iPhone, the phone lets you try again. If you get it wrong again, the phone lets you try again, but after that, things start getting harder. The phone starts introducing a delay before you can try again. That delay gets longer and longer the more you enter the wrong code. By the ninth time you enter the wrong code, the phone refuses to allow you to try again until an hour has passed.

There are 10,000 different possible combinations of four digits. If you can only try one per hour, it will take you more than a year to try them all. Good luck trying to brute force the passcode!

There’s another complication too. If you get it wrong 10 times, the phone wipes itself.

Here’s where the 5c thing gets important.

Starting with the iPhone 5S, Apple introduced the “Secure Enclave.” The Secure Enclave is a special chip (well, actually, it’s a special section of the processor chip) that has its own memory. It’s basically a tiny, highly secure, tamper-resistant computer.

The Secure Enclave keeps the phone’s decryption key in its own special memory and talks to the phone over a special-purposes, encrypted communication link. The rest of the phone does not know, or have access to, any information stored in the Secure Enclave.

When you enter the passcode, the phone sends the passcode to the Secure Enclave. The Secure Enclave says “yes” or “no” about whether the right code was entered. If the right code was entered, the Secure Enclave decrypts the phone. If it wasn’t, the Secure Enclave refuses to do so. It also starts a timer. While the timer is running, the Secure Enclave refuses to process any more passcode requests. That timer runs for longer and longer as you keep entering the wrong code. If you enter the wrong code 10 times, the Secure Enclave wipes the encryption key from its own memory and that’s it, you’re done. Trying to get at the phone’s contents after that means you’ll be banging away at it until the stars burn out.

But… This is not an iPhone 5S or later, it’s a 5c!

On the 5c, the time delay and wiping the phone are not handled by the Secure Enclave, they’re handled by the operating system. The operating system enforces the longer and longer delay and the operating system wipes the phone if you enter the wrong code 10 times.

The Secure Enclave is a bit of hardware that can’t be tampered with. But the operating system can be changed. So if you have an older iPhone, you could, in theory, put a different version of iOS on it. A special version, with the timer and the phone wipe disabled.

Except, oh no you can’t, because the phone will not run an operating system that isn’t signed by Apple.

So the FBI wants Apple to create a new version of iOS. A modified version that has no time delay if you get a wrong passcode and no phone wipe. And then they want Apple to sign it and put that new version of iOS onto the phone.

This will not give them the contents of the phone. What it will do is let them try passcode after passcode as fast as possible until they break in. Without a phone wipe, they can keep trying as many times as it takes. Without a delay, they can try all 10,000 combinations in days or weeks instead of years.

Of course, there’s an added wrinkle to all this. The FBI already has a copy of the phone’s data.

iPhones come with a subscription to Apple’s cloud service, iCloud. iPhone users can choose to have their data backed up to iCloud. The backup feature was turned on on this phone. The FBI asked for, and got, a copy of the phone’s data backed up on iCloud.

Unfortunately, the copy they got is out of date. They screwed up and asked the company that owns the phone to change the iCloud password in order to have a look at what was there. The company complied. The FBI looked at the iCloud backup. Then they turned on the iPhone. The iPhone couldn’t make a new backup to the cloud…because the password had been changed. The FBI thinks it’s possible there’s information on the phone that’s newer than the information in the cloud backup. They’re not sure, though, because…they can’t get into the phone.

The Rationalization

If an iPhone were a safety deposit box and Apple had the key, the government would normally just issue a subpoena for Apple to produce the key, assuming they didn’t just take a blowtorch to the box and be done with it.

But that’s not what the government has done here. They can’t subpoena Apple to produce the encryption key or the passcode because Apple does not have and can not get the encryption key or the passcode, and Apple has no magic backdoor.

So instead, they’ve turned to the All Writs Act of 1789, a law signed by this dude.

The All Writs Act is a law that allows the government to issue “all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” Essentially, it lets Federal courts issue orders to private citizens in order to accomplish legal ends. A writ was originally a written order given by a monarch to a citizen compelling the citizen to do something. The way it’s used in the All Writs Act, it’s an order from a court compelling a citizen to do something.

Like, for example, write a new operating system. Because the court says so.

The All Writs Act was signed into law before the Bill of Rights existed. The Bill of Rights would seem to put some limits, at least, on what the government can order people to do. In this case, the FBI thinks that ordering a company to write a piece of software is within those limits.

It should be noted that this isn’t a matter of commenting out a few lines of code and hitting “compile.” There are, for good reason, legal guidelines that must be followed when writing investigatory forensic software. These legal guidelines are necessary to preserve the chain of evidence and show in court that the software didn’t modify the information on the device being investigated. The standards are fairly complex and are outlined on this page on the Digital Forensic Investigator Web site.

Basically, the gist of it is the software must be documented, must be subject to peer review, must be tested on target devices similar to the device being investigated to show that it works and won’t corrupt, delete, or modify information, and must pass independent judicial review of its reliability.

So basically, the FBI is asking Apple to go to considerable trouble to build a new operating system, test it, document it, submit it for examination, and load it onto an iPhone 5c, for the purpose of allowing the FBI to keep trying all 10,000 possible passcodes until they finally unlock it. They’re using a law written before the Bill of Rights existed that authorizes Federal courts to issue orders to private citizens to do this. Basically, the All Writs Act says “the government can order people to do any legal thing.” It has zero to say on the subject of what constitutes a “legal thing.”

The Real Battle

The FBI wants Apple to create a new version of its operating system, with certain key security features disabled, and load it onto the phone so that its passcode can be brute-force hacked and the contents read. They’re not asking Apple to decrypt the phone; Apple can’t do that. They’re not asking Apple to provide the passcode; Apple can’t do that either. They’re asking for a new operating system.

Would this new operating system allow them to get at any locked phone? No, it would not. iPhone 5s and later models have these security features in hardware, etched in silicon on the Secure Enclave. A new operating system can’t change that.

So what’s the big deal? Is Apple coddling terrorists, like the FBI director implies and Donald Trump spouts all over Twitter from his iPhone?

No. As with an argument between two lovers that ultimately ends in divorce, this fight is’t really about the stuff this fight is about. This fight isn’t about a work phone that used to belong to a terrorist asshole and probably contains fuckall of interest to the FBI. The terrorism angle is a convenient excuse, because the word “terrorism” is kind of magic spell that causes a whole lot of people (including, bizarrely, conservatives whose entire political philosophy is built on the foundation of distrusting the government) to take leave of their senses and do whatever they’re told.

But this fight isn’t about this phone.

Washington is afraid of encryption. Much as gun lovers and survivalists love to think Washington is afraid of their guns (which is laughable in its absurdity–the military has way more guns than you do, Tex), Washington is afraid of encryption.

This fight has been a very long time coming. The government has always hated and feared encryption, even as it has invested tremendous resources in making encryption better.

In the early 90s, the US passed laws banning export of encryption products. I still own a T-shirt that was legally classified as a “munition” back then, and that you could be arrested on Federal charges for wearing outside the US or showing to foreign nationals, because it’s printed with source code for encryption software. Finally, in 1996, Bill Clinton scrapped laws against exporting encryption software, largely because they were hurting US businesses overseas, and besides, the Russians already had strong crypto because–surprise!–they had mathematicians too.

The fear of the Russkies has faded into nothing–there’s an entire generation now old enough to read this blog post that grew up with the Cold War being something you read about in history books, not something you lived through. Now, the bogeyman du jour is terrorists, or maybe pedophiles, or hell, why not both?

Police don’t like locked phones and encrypted comms, and Congress has been wrestling with what to do about that for years.

The government has mulled banning strong encryption. Not just the US government, but every government. China wants to ban it. France just debated banning it. India is planning to ban it. The UK wants to ban it. Congress has considered banning it no fewer than three times in the last two years.

The arguments are always always the same: If people can talk without the government listening, the terrorists win. Or the pedophiles win. Or the pedophile terrorists win. Law enforcement can’t do its job without being able to see what’s on your smartphone, because reasons.

Apple argues that if the government succeeds in ordering it to write a new version of iOS to help them get onto this phone, they will feel free to order it to write other software for them as well. Write us software to let us turn on this suspect’s cell phone camera and microphone remotely! Write us software to make copies of this suspect’s email! No legal principle exists that would limit the authority of the government’s ability to order Apple to do things like this.

And that’s a nice, cuddly government filled with the milk of human kindness, like the US government believes the US government is. If Apple has the ability to do these things and can be compelled to do so, the Chinese will really like that. Apple argues that if the FBI succeeds, it will basically have to create a whole new software department–call it the Department of Undermining Our Security Department–to handle the flood of orders coming in to write custom software to disable this or that or the other security feature. And they might be right.

The government says nobody else will get this hacked iOS version (or versions, if other requests start rolling in). Apple says that’s naive. Hard to say what’s scarier, the FBI with rogue Apple-signed iOS software, the Chinese with rogue Apple-signed iOS software, or rogue Apple-signed iOS software leaking into the hands of organized crime.

There’s also the very real possibility that if the government has success here, sooner or later it will realize that a terrorist using an iPhone 6 will still be able to secure a phone in a way that neither Apple nor the government can do anything about, and start calling on Apple (and other companies) to weaken their encryption. The Secure Enclave with its hardware timer and self-vaporizing key is pretty damn secure. What happens if the government decides to tell Apple to tone things down a bit for the iPhone 7? That’s not impossible, and if Apple can be forced to write a new operating system to help law enforcement, changing the design of their chips to help law enforcement is a doddle.

Encryption is math. Math is math; math doesn’t care about bad guys or good guys or legal oversight. If there is a way to slip past an encryption method, that way works for everyone, good guys and bad guys alike, because math is math and math doesn’t care. If it works for the FBI, it works for Igor in the Russian mafia as well.

So that’s what’s going on, and that’s what’s at stake. It’s a problem that doesn’t readily boil down to sound bites or Tweets, and that means, I fear, that the public won’t really understand what’s happening until it’s been decided for them.