Friday, August 29, 2014

The Increasing Importance of Open Source Software

Ever since the NSA PRISM scandal broke headlines there's been a slew of debates concerning the legality and ethics of the program. Some people argue that this kind of mass data collection is required to combat terrorism while others say it's a massive violation of the 4th amendment. I won't be arguing whether what the NSA is doing is right or wrong, rather I would like to write about one way the NSA is able to do this kind of massive data collection and how we can protect ourselves from it.

The vast majority of desktop and laptop computers today run Microsoft Windows. Windows is a proprietary, closed-source operating system designed by Microsoft. It allows users to run applications designed to run on Windows. Since Windows is a proprietary closed-source operating system nobody, except the developers, knows the exact specifics of what it does. If Microsoft wanted they could write code which sends all user data back to their servers or code that allows them access to any machine running Windows. This is what would be known as a backdoor and ever since the NSA PRISM scandal broke I have been inclined to believe that Windows has an NSA backdoor. If this is true, then this means the NSA has complete access to the data on any computer that runs windows. In fact, recently the Chinese Government banned Windows 8 from being installed on any government computers due to concerns over potential NSA backdoors.

So how can someone protect themselves from such a threat to their privacy? I think the best way to protect yourself is to run open-source software. Open-source software is any software where the source code is freely available to everyone. Any programmer can look at the code and examine it line by line for any potential backdoors. And while this does not guarantee that there are no backdoors I would say that the potential for a backdoor is much lower in such software.

One piece of software I have recently started using is Linux. Linux is a free, open-source operating system. It is developed by hundreds of people as a community effort for an operating system that is free, open-source and not controlled by one large corporation. Anyone can download a distro of linux and install it on their computer for free. This culture of open-source software continues within the linux operating system. Many of the applications written for linux are themselves open-source. In addition, another one of the biggest benefits of this software is that it is free. So you don't have to pay Microsoft $200 just to use your computer.

While we battle the NSA in the courts over the legality of this mass spying, the NSA continues to record all of our private data. The role of open-source software has become as important as ever. We can no longer trust corporation such as Microsoft or Apple to protect our data. If we wish to protect our privacy we need open-source software. While I doubt this blog post will convince anyone that they need to switch to linux I hope this at least gets some people to question whether they can really trust a massive corporation like Microsoft or Apple with their private data. However, if this blog has inspired you to try using an open-source operating system such as linux I would recommend starting with a user friendly linux distro such as Ubuntu or Fedora (which I wrote this blog post in).

Worried About Government Surveillance? Don't Be!

I've been hearing a lot of people complaining about the NSA lately. Many have suddenly become infatuated with the topic of privacy, and more annoyingly, self-proclaimed experts on the subject matter. I ask where was everyone when the Patriot Act was enacted? How about the Foreign Intelligence Surveillance Act (FISA) of 1978, and the Wiretap Act of 1968? The truth, I think, is that almost no one cared until the media hit everyone in the face with Edward Snowden's "revelations" in June 2013. While I do respect Snowden for his actions, he only confirmed what many had already suspected for a long time.

The majority of the people I know supposedly concerned about their (online) privacy are friends with me on Facebook. The irony here is like something out of a fairytale - they claim to be concerned about government surveillance, but knowingly and freely submit their personal details to a business that makes a large amount of money by selling and reselling that data (as well as willingly cooperating with law enforcement on occasion). Those that don't have a Facebook profile will still more often than not have an active email address with Google, Microsoft, or Yahoo. While Google and the others claim they value your privacy, you can rest assured each of them will bow down to a court order to at least some degree. I won't even begin to mention the immense amount of data that your Android-based smartphone and/or iPhone is known to collect and transmit [http://arstechnica.com/security/2014/07/undocumented-ios-functions-allow-monitoring-of-personal-data-expert-says/].

To hit a little closer to home, let's talk about your place of work or study. It's very likely that you have an email address with that organization, and also just as likely that you browse the web or otherwise utilize the internet from their location. Forget what's going on way upstream - think about what is immediately available to your local IT staff! As a remote systems administrator for quite a few companies, I can attest to the fact that I would quite easily be able to view all of the emails of all of the employers and employees if the situation ever arises - and without the individual(s) ever knowing. In addition, it's fairly trivial to intercept and read a large amount of HTTP traffic that either enters or egresses the premises. SSL/TLS (HTTPS) can make things somewhat more difficult, but is quite easily subverted when one has access to a particular organization's entire infrastructure. To add a note about unencrypted traffic, such traffic can very easily be intercepted (without anyone noticing) via the trivial process of ARP spoofing by anyone on almost any local network, anywhere.

The solution to all of this has multiple layers, and differs depending on who and how you ask. The popular suggestions include learning to use, and subsequently using PGP or GPG encryption when sending emails to others (preferably using a mail server that you have personally provisioned and configured). For web browsing, the popular recommendation is to browse material that you would like to keep private only from home, and perhaps to purchase a subscription to a foreign VPN service (or use Tor). Furthermore, if dealing with highly sensitive data, some will suggest not using Microsoft Windows or Mac OS X altogether (instead suggesting mostly open source alternatives like distributions built on top of the Linux kernel or FreeBSD). The problem with all of this is that, in most cases, it makes life significantly more difficult - and when something is difficult, most people are reluctant to do or use it. Assuming you take all of these precautions and more, you still have to deal with the problem of going outside... just think of all of the surveillance cameras you encounter each day!

One of the biggest problems that still remains is that of metadata. Whether you are calling a friend, emailing them, or otherwise communicating with them electronically, there is an entire class of data that describes the situation. Even if you are able to encrypt your entire conversation, the number you called, the time you called it, where you called it from, what phone number you called from, and the time you spent speaking with them all remains in plaintext on the cell tower indefinitely. [A fantastic talk by Matt Blaze at the HOPE X conference in New York City in July 2014 covered this subject pretty nicely.] Purchasing a VPN? You're leaving a trace that you purchased one with a particular provider - you had better hope that provider does not keep logs/cannot be compelled to submit evidence against you!

The good news is that the government/NSA is just not as worried about the individual as most would like to/been led to think. The NSA probably will not care that you posted something inflammatory against them (or anyone else for that matter) - but your employer and those close to you might. While the NSA has the current spotlight, never forget how much information you give to a multitude of other organizations. If you care about privacy, worry about that first!

How Should We Handle Sexism in Computer Science?

    A couple weeks ago, I was scrolling through my twitter feed and noticed an interesting post linked from Medium.com. To summarize the post from my point of view, it is a simple Medium article that is revealing some of the sexism that occurs in the the hacker community. It shows us this by displaying censored comments that were from a hacker community post on Facebook. These posts were insulting, as they focused on the female programmer's appearance, and not about the actual competition these women were taking part in. Most importantly, since these comments are being made, it makes it harder for female students to feel that they should want to be part of the Computer Science community. 

    The point of my post is not to directly solve the problem of sexism in Computer Science, but what should we do when these sort of comments appear? Or how should we handle these situations when they occur in an actual hacker event or competition? 

    In my opinion, I feel that these comments should not be censored. Since Facebook is a social network that allows people to post whatever they please, I do not see any reason on why they should be granted the privilege to hide behind the black lines that were placed above their names and photos. If these comments were made through email or SMS or some other private form of communication, then I feel it would be inappropriate to use their full names or photos. If these comments were uncensored, the message from the text of the article would not be any different. It would still be an unbiased point of view that is just trying to make sure everyone is aware these comments happen and that they are holding back both the hacker community and the Computer Science community as a whole. 

    With most careful situations like this one, it is important to stay away from creating any articles that are directly attacking the people who make these rude comments. It is not about attempting to get "even" with these people, it is simply to make sure they know they are in the wrong. Along with them being corrected, I think it is important that other female and male programmers see how they are not alone with being bothered by rude comments inside of the Computer Science community. 

    When these sort of comments happen in real life, I think the only reasonable way to deal with these comments is to ignore the people who make them and make sure they do not get any positive feedback for their actions. I would imagine most people already do this, but there will always be groups of people who will stick together and enjoy these sort of comments being made. Slowly yet surely, the more people who are moving away from being rude to other programmers, the closer we are to repairing this problem. 

     It may seem weird that I am claiming to give them attention online but ignore them in public, but I feel that is the best way to spread the message without giving them the attention they desire. Thanks to social media, we have a way of posting our thoughts on any subject we please and we can take our time to make sure they are true to our opinions and beliefs. 

Thursday, August 28, 2014

How confidential is your data?

In this day and age, almost everyone uses the internet for one reason or another, be it posting pictures or status updates on Facebook, watching movies on Netflix, or purchasing things through eBay. We collectively provide great amounts of data, to these services, which are stored on servers around the world. While most of this data includes things we post on public profiles, some of the data contains information that we do not want people to see, such as home addresses, social security numbers, and intimate details of our lives. Although we, as a whole, tend to trust the websites that we provide this data to, thinking that through their massive security systems they are able to protect it, we cannot be certain about the confidentiality of our data. The recent attack on JPMorgan Chase and other banks by hackers is a great example of the insecurity that exists in our data and the motives behind stealing it.
JPMorgan Chase and at least four other banks were attacked by organized hackers this past month. As an article mentions, the hackers stole gigabytes of data which included checking and savings account information. In addition to that, the hackers most likely stole information such as names, social security numbers, and addresses of the people linked to those accounts. This information can be sold on the deep web, a part of the internet not many regular users see, or used by hackers to steal someone’s money or even identity. This attack is only one of the many attacks that have stolen customer’s information. Late last year, Target was struck by hackers that stole credit and debit card data from 40 million accounts. Attacks like these show the vulnerability of data on even the most protected servers by the biggest companies in the world.
There are many different motives for stealing user information, most of them being financial. However, one motive in the article, although not yet proven, seems particularly interesting. “A security firm in Dallas, called iSight Partners, that provides intelligence on online threats has warned companies that they should be prepared for cyberattacks from Russia in retaliation for Western economic sanctions” due to the current situation in Russia and Ukraine. This goes to show that there is a great relationship between computers and society. While two countries are relatively at peace, computers provide a means of positive interaction, such as communication, purchase of exotic products, and travel. On the other hand, computers may cause negative impacts between societies as shown by the JPMorgan Chase cyberattack.
In conclusion, our data is not entirely safe under and circumstances. Also, our society and our economy are intertwined with financial institutions and the internet. Thus, it is not likely that we will stop providing our personal information to the many companies whose services we use daily. Although there is not much we, or at least those not working for cyber security, can do in terms of corporate internet security, we can keep an eye on our financial accounts for unauthorized purchases and sign up for identity theft protection in case our personal information is ever stolen. 

http://www.nytimes.com/2014/08/28/technology/hackers-target-banks-including-jpmorgan.html?hp&action=click&pgtype=Homepage&version=HpSum&module=second-column-region%C2%AEion=top-news&WT.nav=top-news&_r=1
http://money.cnn.com/2013/12/22/news/companies/target-credit-card-hack/

Monday, December 9, 2013

Technology, what's to come?

What is your view on technology and how fast it is growing? If you take a look at your surroundings, you’re bound to see a piece of technology. From a digital clock to a high-functioning laptop, technology is very much involved in our everyday lives. How far has technology advanced though and will it continue to improve? I say that we have only seen a glimpse of what technology can really do.
                When the first computer came out decades ago it took up an entire room and had the functions of a modern day dollar store battery. When the first mobile phone came out years ago, it was the size of brick, but after just a few years we now have phones that are almost paper-thin. Yes, the list of how much technology has changed and improved is a long one indeed, and the great thing about it all is that it keeps breaking the boundaries. Even when you think something has reached the best it can be whether it’s the newest operating system or the graphic qualities that a video game can provide, technology will always overtake their previous designs, given an adequate amount of time.
                With the way technology has progressed, it has become a crutch for us without us even realizing it. Many individuals would find it hard to do daily activities if they were stripped of their current technology. An architect who only specialized in designing buildings via a computer program might find their work stagnant if the program was taken from them and they were told to finish a building design using a pencil and paper, what would have taken an hour to complete might now take day to finish. We are not dependent on technology though, it helps further us. We’ve been able to explore areas that had been in the dark for years (top of mountains, underwater depths, space). We’re constantly making smarter technology as well such as the google self-driving car that will take us securely from point A to point B.

                Before you know it, technology that is shown in hit tv shows and movie will become a reality. A fully-functioning Millennium Falcon from “Star Wars” could be built in a few years; technology such as teleportation is currently being studied in Japan who knows what the technological will be like in a few years. One thing that will remain consistent is the easy to use user interface. No matter how much technology advance, it would be pointless if a regular consumer is unable to use it. Technology is meant to evolve around us, no point in making a high-processing computer if the regular everyday user is unable to work around it. The day technology stops growing is when we ourselves are unable to keep up with it, which will never happen.

Video Games: An extra life

Video games, they’ve been around for a short time, but they have grown exponentially from small beginnings to become a prominent force in marketing and entertainment industries. You may be a hard core fan of video games, might consider yourself just a casual player, or you might not even play video games at all, no matter who you are, you realize that they exist and have gain a lot of popularity in the world. No longer are videos game just a “guy’s only” market, video games have been crafted to appeal to audience of various ages and gender. I honestly believe that anyone can enjoy a video game as long as they find one that fits their interests which shouldn’t be hard with all the genres of games there are: shooting, fighting, action, adventure, puzzles, racing and role-playing the list goes on and on.
                While many look towards video games as a source of entertainment, there is one concept that many tend to overlook and that is the amount human interaction that is on a game’s user interface that allows the game to be displayed and show action. Simple commands in a video such as “press “A” to jump and “move the analog stick” to move your character may not seem like much, but the player is essentially giving life to what once was a motionless object. By playing a video game, you essential take on the role of a character where you are in control of their actions and they are prompted they should  do to make the story progress by inputted button commands that you, the player, have chosen. You control the character, you are responsible for if they live or die in the game, how far they get in the story, and how far their skills can be improved.

                I’m not attempting to say that you basically end up nurturing characters in a video game, what I mean to say is that you become them. I love “The Legend of Zelda” video games series, you become a young male who is unaware of their astonishing destiny which involves a lot of self-growth, adventuring, facing one’s fear, solving mysteries, and overall becoming stronger after countless trials in order to bring peace and defeat maleficent forces. When I play as the hero from the Zelda series, I like to disconnect myself from reality and attempt to see thing through his life in the video game because that is where all my attention is focused, it starts to feel as though I’m living a separate life from the one I’m used to now of going to school and trying not to go broke. In no way am I trying to say that I view video games as a way to escape the harsh trials that life throws on your path, what I mean to say is that video games offer the players an “extra life”. An “extra life”, a life where if only for a few hours a day, you can forget about you current life and live a life that would only appear in your dreams. You can be a pirate, ninja, assassin, hero, villain, soldier, doctor, lawyer, explorer and so much more in a video game. Video games and technology are shaping themselves in a way where it allows the user an opportunity to see and live a life that would not normally be presented to them while still maintaining a hold of what their current reality is, life is great, but lives in video games aren’t half-bad either!

Computers, the unappreciated art palette

Art is commonly associated with paintings, sculptures, music and performance crafted by human hands. I’ll be the first to admit that then when I first thought of art that I would not associate it with computers. When one thinks of computers they think of technology, analytical solutions, expressionless and raw data. Yet, I quickly came to realize how wrong that perception is, the computer can serve as a wonderful art palette for expressing oneself and their creativity. Computers have actually assisted in the progression of art and greatly expanded its range of expression.
                In today’s current age, digital media is ever expanding and along with its expansion so is the idea of digital art continuing to grow. Using computers, many artists have been able to craft digital artwork. What’s great about a computer is that it can help create things to add to your art by helping you craft specific colors that you desire that would be difficult to mix correctly in real life, and if you do a mistake on digital art, you are easily able to undo the error with the touch of a button and leave continue on with your work unaffected. Using a computer, the artist is able to quickly publish their digital artwork to the general public, whoever has Internet connection would be able to see the artwork, the Internet essentially becomes the world’s largest art museum. Of course, computers are not just limited to digital artwork; they possess many more tools to express artistic freedom. Using the latest music technology, it is possible to draft up music on computers, no longer is one restricted to playing a physical instrument, with a few keystrokes a computer becomes any musical instrument that you desire. Even using of the simplest functions that computers have, the typing function, is able to bring art to life. Poets and storytellers use computers to type out their literary works, proofread them, and publish them on websites where works of literature are promoted and praised.

                Deviantart, Fanfiction and Soundcloud are some the leading websites in which various art forms are displayed prominently. Digitizing artwork is something that is slowly gaining popularity. In Barnes and Nobles, they advertise towards their customers to purchase electronic copies instead of paperback novels by selling the electronic version at a lower price. You may also buy digital copies of published artwork to have on your computer. I personally prefer digital copies of art; it provides a better sense of security. Your favorite book, cd or even drawing may get damaged, but a digital copy remains safe and intact, safely stored online. With the progression of technology, we may one day wake up to world where art is displaced and preserved in a digital format while physical copies are only maintained if one wants to reminisce at antiques and admire a format of what was once used so prominently around the world.