Security decisions and free software

One of the reasons I only use free software is that it gives me more security.

Of course not all libre programs are secure but software freedom gives you more security as you can study the source code and edit/publish it the way you want. So if there’s a security vulnerability, you won’t be forced to wait for the original author to find and fix it.

You may be a programmer or security researcher and fix it yourself or pay someone to do it for you, based on your needs. Anyhow, it’s a perk of using free software.

But, another advantage I get from free software is that I can edit it so it won’t force me to be secure!

For example, I don’t like to change my password on a program running locally. If it wants to force me to do so, then I can modify the program to avoid it. It’s what I’m able to do because I get the four essential freedoms regarding that program.

As much as I appreciate the author of that program wanting to keep people secure, I believe people should also have a say in it. If I want to keep stuff less secure, intentionally, I should be able to.

There are some things to do and some precautions to take to make sure you have base minimum security and the rest is how you choose your actions based on your threat model. I appreciate programs reminding this to people and even taking the first steps in their own hands. It’s so useful for people with less understanding of how cybersecurity works.

Yet I believe there should be hints about threats but the users should be able to take everything, absolutely everything, in their hands if they want to.

Security should be implemented in programs by default. It shouldn’t be a luxury and it shouldn’t take technical skills for one to be secure digitally. Yet it shouldn’t be something that the user has no say in.

I believe free software fixes this problem by giving us the four essential freedoms we deserve. Our rights to use, study, modify, and share the program are there to make sure we own what we have and will be able to make it work the way we want it to work.

New opportunity

I just arrived to my old home. Home sweet home. I gave my business to my partner and I’ll start my new job as Project Control Specialist in few days.

Everything’s fine. I miss what I’ve built already. For three years, I’ve been working twelve hours a day, on average, to make what I’ve made and today I left it. I still own it but I won’t work at it anymore.

It was hard saying goodbye to people I’ve had the advantage of knowing and working with. It was harder to say goodbye to the family members I had there. Their tears broke my heart.

It’s a new journey ahead of me. A hard one, I guess, and I hope I get passed it successfully, learning new things both professionally and personally.

Wish me luck.

Social network temptation

I just surfed Mastodon’s site to choose an instance to sign up. Chose one that suits me and has open registration and few restrictions, and opened the link to read their terms of use. Then suddenly realized I’m like an alcoholic going back to alcohol. Closed the browser and came to write this post to remember I have a personal blog that I can publish anything on.

Canada to ban Flipper Zero!

On Thursday, the Canadian government said it has intention to “pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies.”

Funny, isn’t it? The Canadian government seems to not have any security expert to consult with. They don’t seem to understand how does the device works and don’t even understand how secure cars have been specially those produced since 1990s.

This attack requires a high-power transceiver that’s not capable with the Flipper Zero. These attacks are carried out using pricy off-the-shelf equipment and modifying it using a fair amount of expertise in radio frequency communications.

The Flipper Zero is also incapable of defeating keyless systems that rely on rolling codes, a protection that’s been in place since the 1990s that essentially transmits a different electronic key signal each time a key is pressed to lock or unlock a door.

To ban such device because it can (really can’t) open cars is just like to ban screwdrivers because they can open cars as well. Or ban kitchen knifes because they can kill people. Maybe the next step is to ban computers as whole because they can be used for illegal stuff too!

The Canadian government should address the real issue, which is to pressure car manufacturers into fixing their security flaws. Banning a device like Flipper Zero would only result in harming security enthusiast and taking away learning opportunities from them.

The device could be used to clone a hotel key card or change the TV channel in a bar, or open some garage doors but if a criminal knows how to use it, then the criminal surely knows how to build one from scratch so banning the device wouldn’t improve public security at all. If it does something, it just takes away opportunity from good guys who use it.

But the good news is that almost everything in Flipper Zero is free (as in freedom). So you can study the source code and reproduce the programs in use and build your own thing, thanks to the essential four software freedoms granted to people under a GNU General Public License, which is a copyleft license, meaning it will remain free software.

Apple (and other) VR headsets are proprietary tyrants

Apple recently released a product name Vision Pro. It uses a proprietary firmware named visionOS, developed by Apple. It’s a computer, basically, and has features such as a camera, microphone, and wireless connections.

It can be used in various ways but is not suggested to be used at all. The mixed reality headset seems truly interesting, I also am tempted to use it as it’s very fascinating, but, after all, it’s a proprietary tyrant.

Tivoized products are injustices to users. Specifically regarding to giant companies such as Apple, they can be very harmful to people. These headsets will track users and violate their privacy. As they use proprietary operating systems, they violate people’s right to operate freely. Software used in them is not libre and people won’t have any control over how they use their computers or how they do their computing.

These proprietary tyrants won’t allow people to install a different operating system on them. These devices have measures to block execution of anything other than the “approved” system versions. They won’t allow people to run any program that won’t please the producer of the regarded computers (devices) and will force the users behave as they wish because the user supposedly entered into a “contract” when they started using it.

These computers are hell when it comes to users. They simply violate any basic right of users whenever they can just to make more profit. I’m pretty sure we will hear many news in near future about how the giant corporations producing these computers are imposing various forms of censorship and are interfering with how people are using what they bought.

We will hear news about how these devices helped with putting people under surveillance and how people lost their ability to use them because the producers decided so.

The technology is fascinating, for real, but they are not worthy of privacy and other digital rights. These devices are not just harmful to our digital rights, but are also a danger to us in real life as violations of our digital rights, most of the times, will result in violation of our basic human rights in real world.

These devices are for mixed reality experience, which means one more step towards making us slaves to these giant corporations in real life.

Good listener

Lately, I’ve been hearing from my friends that I’m a good listener. That was surprising to me as I always try to keep up with chats and add to conversations, I never try to listen, I always try to add something. But, I came to realization that I’m a good a listener; good listener unconsciously.

I was listening to a repairman, who I was selling some electronic parts to, and he had a riveting story and I was fascinated by it. Then suddenly something hit me. I was listening to it without adding a word or interrupting him. I was a good listener to his story.

I listened to him without realizing how much time has passed and I didn’t even think about anything else. Didn’t try to convince him I know about anything, didn’t try to talk about similar situations I’ve experienced, and didn’t try to make a conversation. I just enjoyed his story, effortlessly.

I realized I’m a good listener because I love a good story. I can sit and listen to you for hours when you catch my attention with a compelling story.

I don’t trust giant companies

Take Proton for example. They advertise themselves as a “privacy by default” company. I used to admire their work and suggest them to people. I still suggest them to people who are in their first steps of reclaiming their privacy rights and moving away from Gmail and other proprietary dis-services.

But I don’t trust them anymore. I don’t know why but when a company grows to be large (relatively), serving hundreds of thousands, or possibly millions, of users, they lose my trust.

Something pokes me from inside and tells me that when they grow, they no longer work for my interest, but they work for their own benefit. When they become a giant, they become blind, they forget their initial mission and goals, and they do whatever they can to remain in business by all means, rather to work hard to protect their users.

Perhaps there are measures and hard work from their side to make sure they can’t violate our privacy even if they want to. The Proton case, for example, claims that they encrypt every inbox (or account) individually with our passwords as keys. Or they have an option to enable a second password on your account that further encrypts the account if I understand it right.

But that still doesn’t change my opinions regarding them. I understand that they perhaps do a lot to ensure that our data never ends up in the wrong hands (or any hands), but it’s still internet we’re talking about and it’s still us vs. a company that works for profit.

Of course that I may be wrong, but that’s how I feel about giant companies. I love this paranoia as it reminds me how much I still value my privacy and I haven’t get tired of protecting myself.

Ten Commandments in courthouse

The real reason that we can’t have the Ten Commandments in a courthouse: You cannot post “Thou shalt not steal”, “Thou shalt not commit adultery”, and “Thou shalt not lie” in a building full of lawyers, judges, and politicians. It creates a hostile work environment.

Anonymous

The quote is attributed to George Carlin on many web pages, yet it’s nowhere to be found on Carlin’s works.