Dianne Feinstein should resign

Here’s a nice opinion piece. By the Christian Science Monitor, no less.

I concur.

Dianne Feinstein has a history of getting policy around cryptography and security utterly and disastrously wrong. She backed the regressive ITAR regulations banning export of strong crypto (which had the actual — and intentional — effect of reducing security of software in the US). She backed the Clipper Chip program in the 1990s, claiming a need for “balance” by mandating that US citizens use only government-approved cryptography (the Clipper protocol contained serious flaws which were exposed a few months after the specification was published). She backs the FISA secret courts. She has refused to investigate wrongdoings by the NSA and other intelligence communities, or to investigate the clear and blatant lying by government officials about surveillance programs to congress (last I checked perjury was still a pretty serious offense; Senator Feinstein is apparently just fine with it).

She has so clearly demonstrated her incompetence and misservice to her constituents and to the US at large that we should be done with her. Dianne Feinstein is a danger to our collective security, and she should either step down, or be removed from the Senate Intelligence Committee.

Attending a modern political debate


Don’t use pine for your sign handle. Instead, find some good ash or hickory, the kind they use to turn out good quality baseball bats and axe handles. For the sign itself, a thicker gauge of sheet steel is best. Steel is heavier but lots more durable than cardboard or aluminum, and it takes and gives a beating. Steel also carries a nice, sharp edge that is unparalleled when you need to make an effective argument, and it will get your message across even if you can’t spell worth a damn.

Get a real pair of boots, okay? You may be into hi-top sneakers or loafers, but a good pair of steel-toed work boots will do wonders for your confidence. Just knowing that you can kick the shit out of someone who’s holding onto a weak or immoral position will have you unconciously holding your head high, your shoulders back, and wishing that you’d sprung for the fifty dollar truncheon instead of the one from the bargain bin.

Speaking of truncheons: Rubber-coated, steel core and integrated lanyard. That’s all you need. If you have something that takes batteries, that’s a goddamned flashlight and you’re going to look awfully silly trying to make your point once the D-cells have flown across the room because you forgot to Lok-Tite the cap. Use the right tool for the job.

That super-sized, cherry-red can of Obliterator! brand pepper spray indicates that you are a nOOb. Watch the old timers; they choose their targets with economy, generating maximum outrage and news footage with a few well-placed shots. You honestly don’t need more than a couple of ounces, and even a little of the cheap stuff goes a long way. Try some on yourself if you don’t believe me.

It’s amazing how many people will fight to the death for their right to remain indifferent.

Feinstein wants to ban crypto again

Senator Dianne Feinstein is introducing a bill that attempts to ban the use of strong cryptography in the US. Link.

She supported crypto bans in the 1990s. I was a constituent of hers then, wrote her with my concerns, and her canned reply was a basic “FU, we need balance, blah blah.”

Now she’s at it again.

Q: Feinstein is a lying and puppeted sack of crap, one of the worst things to happen to civil liberties since J Edgar Hoover, and can’t leave office soon enough. Discuss.

Oh yeah, call your senator. Do that.

Yeah, pretty much done with GoDaddy

While I’m sure y’all are nice folks at GoDaddy, I think you get what you pay for in this industry. And I’m willing to pay a little more to get better service. Like, a web server infrastructure that doesn’t randomly throw 403 errors (sometimes for days). And something that won’t utterly collapse if I get noticed by HN or Reddit. (Collapsing is understandable, but I expect the hosting system to at least put up a good fight).

So I’m shopping around for a better provider. I don’t need much: WordPress (maybe), and shell access. And a reasonable expectation that the company will be around some years hence. That’s about it.

Any recommendations?

Documentation is for the weak

I spent several hours reading some “documentation” today for a certain component of an enterprise product. Actually what I was doing was a repeated loop of the following:

  • Go to a page with a promising-looking title (e.g., The Fuckwidget Survival Guide)
  • Read some of the marketing-class vacuous bullshittery there, with a table of contents consisting of:
    • Overview of Fuckwidget
    • Introduction to Fuckwidget
    • Fuckwidget Operations Guide Overview
    • Fuckwidget Migration Patterns
    • Fuckwidget Introduction [didn’t we do that one already?]
    • Using Fuckwidget
    • Fuckwidget Infrastructure Templates
    • Fuckwidget for Beginners
    • Executive Guide to Fuckwidget
    • Fuckwidget Tutorial for Knuckledraggers and Mouthbreathers [didn’t we just do that one?]
    • Let’s Do Fuckwidget! (plus a crayon drawing of a cat by some VP’s kid)
    • Make Fuckwidget work for you with this One Weird Trick!
    • 10 Things You Didn’t Know about Fuckwidget
    • Fuckwidget FAQ

“Oh ho!” I whoop, and click on the promising-looking FAQ, and like a hall of mirrors I’d find myself in a document pretty much the same, but slightly different. Repeat for hours. Every time the documentation was about to admit a tidbit of actual, useful info, there was a link, and the link led to even more bullshittery.


  1. Cry out “God in heaven, does any of this crap lead to any actual information about how you set up and use Fuckwidget?”
  2. Wait for an answer.
  3. No answer from God. He must be using Fuckwidget Message Queues for incoming prayers, it would explain a lot.
  4. Do another web search for “real fuckwidget documentation dear lord let it all end now” and start over.

This is an actual picture and probable copyright violation [ask me if I care] from some of that “documentation” –


I think there’s a bug here, where they left out the part where you’re supposed to feed the security policy to a magic goat, whereupon magic shit happens that materializes into a security policy. Frankly I don’t think that anyone will be able to prove my little repurposing above, since I’m probably the first person to ever get far enough into the maze to find it.

Can we analyze this bit of art? Is it useful at all, to anyone? Well, yes, it turns out:

  1. Once upon a time there was a documentation team, on contract and paid by the hour by a large, soulless corporation that confuses quantity for quality.
  2. This team knew a good deal when they saw one, and sat in their seats and typed like crazed monkeys for as many hours as they could bill. They wrote introductions and overviews and guides and planning thingies and checklists and templates and any number of click-here-do-this-click-that instructionoids of the kind you find on really sketchy “How do I use a can-opener?” sites. The result was a massive collection of pages with a remarkable lack of useful information. And this was absolutely intentional, because:
  3. When the stone had been completely wrung dry and the documentation team could extract no more hours, the large corporation shipped the documentation out to users, and:
  4. The doc writers went back home and wrote a real reference and are happy to sell it to you for hard cash. It’s probably really popular on Amazon. I do not have the heart to search for it.

I think if I sat down for a couple of hours I could distill the documentation for this product down to about three pages, starting with an introduction like:

Hi. We know why you’re reading this, and we’re real sorry. It may help you to know that all of the suffering you are about to endure is the same suffering we went through. Of course, we had the advantage of access to the original team, so maybe we didn’t suffer quite as much. On the other hand, it may bring a smile to your face that the feedback we provided to the developers and managers was in some cases sufficiently convincing so as to ensure they will never be repeating the mistakes they made on this project. They’ll never woik in dis bidness again.

In the end, I kind-of got Fuckwidgets working. I wrote a wiki page for my coworkers with some “click here, do this-and-that” type instructions, and I feel filthy.

Bullshit triumphs when a good man does nothing.

No brainer

“If I didn’t do that, I oughta be fired,” Comey [current director of the FBI] told the panel during his live testimony. [He was talking about asking the courts for crypto backdoor powers, when Congress has explicitly considered and then rejected them]

Uh . . . okay. That can probably be arranged.


Thought experiment: The US Government definitely has the technical ability to take an older iPhone, decap the chips in it and extract whatever keys they need. This capability is just too juicy for a government agency to have left undeveloped.  The FBI is almost certainly lying about their inability to crack that 5c (okay, they might need help from a certain other agency).

But the FBI probably sees this as win-win for them:

  • Apple refuses to unlock the phone. Regardless of whether Tim Cook goes to jail for contempt of court, or Apple wins in an eventual Supreme Court challenge, we should expect grandstanding legislation attempting to ban effective security on personal devices. “Apple is helping terrorists” and so forth.
  • Apple unlocks the phone. Now we have a flood of requests, world-wide, for similar unlocks.

It’s not about the phone. It’s all about the corner they think they have Apple (and the whole information industry) in.

A series of FOIA requests about how badly 5s security has been broken by the spook world would be pretty interesting. Classic FOIA stalling tactics would not help the government’s case.

[edit: It’s a iPhone 5c, not a 5s]

The Force Awakens [spoiler-free]

A friend of mine remarks, “Worth waiting 32 years for.” Shame we had to wait that long for the 4th movie, though.

Ultimately they’ll make more money by having done a good movie than by selling plushies of things, or cups for sugar water. Lucas should have tossed the marketeers responsible for Return of the Jedi (and the subsequent Ewok merchandise) out on their ears.

[What’s that? Other movies? Oh, back in the day there might have been some hacks filming crap overseas, where copyright laws are loosely enforced — junk films like Star Crash and Battle Beyond the Stars are inevitable when someone is making a buck, I’m afraid:

“It’ll be just like Star Wars.”

“Okay. Who are the actors?”

“Nobody you’ve heard of. Don’t worry, they’re cheap and generic enough that we can just repurpose those action figures from your last film.”

“What about the merch?”

“We took a tour of the sweatshops and found a bunch of stale garbage just lying there in warehouses. Tons of it. I’m sure they can make more.”

“Okay, tell the writers to add a bunch of screen-time for that plushie with the floppy ears.”

“Won’t the fans be upset?”

“Who gives a shit? They can buy the cups just like everyone else.”]

I’m happy to report that The Force Awakens is a quality act.


SCOTUS on secret courts

Now that we’re no longer under the Big Thumb of bulk surveillance [1] it’s a good time to reflect on the legal mumbo-jumbo being used to justify it. Wait. That was used. That’s all in the past now, and I’m happy that the US government has promised not to do any more bad things, will keep the moral high ground in situations of ambiguity, and realize that the government is the servant of the people and not the other way around. [2]

The recent legislation has added some “advocates” but it’s still not really a court; the folks they’re adding don’t have any real power. The proceedings remain secret and divorced from any meaningful oversight or appeals. It’s not a recipe that’s worked out before.

This is worth reading:


I’ll call out:

In the seminal case on the role of federal courts, the Supreme Court ruled: “A case or controversy, in order that the judicial power of the United States may be exercised thereon, implies the existence of present or possible adverse parties whose contentions are submitted to the court for adjudication.”23 The absence of a genuine “case or controvery” means that the FISA Court is not a genuine Article III court, but is instead simply a part of the executive branch. The deprivation of property by such a court in secret proceedings justified by secret orders and constitutional rulings is the antithesis of the Due Process of Law guaranteed by the Fifth Amendment.

That case was in 1793.

Just because the administration has appointed a judge to do whatever it is that a FISA judge does doesn’t mean it’s a court. Apparently the judges take turns, and often “serve” from their homes, at all hours. So if a judge is in the bathroom taking a crap on the constitution while telling the NSA it’s okay to build even bigger data centers, it’s still not a court, no matter how big the piece of crap is.

I think I mixed a metaphor, but I don’t particularly care.


[1] Do I even need to have a snarky footnote about how likely that really is?

[2] /snark/