iMessage is kinda like PGP, with each iDevice having a public/private key. And then Apple stores your keyring for you. — @thegrugq

In order for end-to-end encryption to be worth anything, the encryption keys need to be known only to the two end-points. If the intermediary has the keys, then the encryption is meaningless. Apple claims end-to-end encryption for iMessages and FaceTime.

Here is a demonstration of the fact that the encryption keys used in iMessages are in fact available to Apple and stored on Apple’s servers:

I did this twice with the same results each time, but the first time I stopped the video before the final result (I got impatient). I repeated it all in order to have a single uncut video of the whole thing.

1. First, I logged out of my user account on my Mac and into the Guest Account.
2. Then, I created a brand-new Apple ID (twice, one for each video run) and signed into iMessages on my Mac in the Guest Account.
3. I put both my iPhone and my iPad into Airplane mode. At this point, exactly zero of my devices are signed into my (regular) iMessages account.
4. I then sent a message from my new Guest Account temporary Apple ID iMessages account to my regular Apple ID iMessages account. Messages did not report that my message was actually delivered, but it did display it in the conversation and did not show any errors.
5. I then logged out of the Guest Account, deleting all data from the session. At this point, none of my devices are signed into any iMessages account at all (regular or test or test2).
6. Finally, I turned off Airplane Mode on my iPad and then my iPhone.

If there were meaningful end-to-end encryption in the iMessages system, my iPad would be unable to receive the test message since at no point were there two “ends” connected to each other at all. No secret key exchange could have occurred. As you may have guessed, the test message arrived. How? Easy: Apple supplied the key to my iPad.

The sad result of this is that even if the message is actually encrypted, it is only unreadable to someone without the key. Apple has the key. They have to have had the key: they gave it to me in the first place. If Apple has the key, then the encryption is meaningless since Apple can just decrypt it without my permission and either read it or allow the NSA to read it.

Or, they could simply supply the key to the NSA and let the NSA do the decryption themselves. That way it would be entirely true that there technically exists end-to-end encryption, and that Apple would never supply cleartext message content to the NSA, and yet the NSA would still be able to read my super-secret text messages without a bump in the road.

Update: I just found an on-topic discussion from a professional journalist.

A friend was complaining to me about how she has some friends who don’t have Facebook, and some who do, and some who have email, and some who don’t have anything and can only be reached by snail mail or POTS or what have you. So I wrote this:

Why can’t people communicate without having to pick one walled garden or another? If you want to send a short, casual message: text/IM. (I hate that text and IM are different, but these days texting has nearly completely replaced IM so it’s academic.) If you want to send a longer or more formal message: email.

The problem is one you just mentioned: where to post pictures? They’re not necessarily messages, and it would be a little weird to send unsolicited photos to a whole bunch of people, but nevertheless many people would like to be able to see them given the opportunity. This is how Facebook took over the Internet. Many people today literally don’t get that Facebook is hard to deal with if you’re not only on Facebook. Why not? Those people are only on Facebook!

Blogging is of course the answer, but blogging is to complicated for most people. Facebook owns your blog (profile), and your aggregator (news feed), but they make it always work. You don’t have to think about blogging or aggregating. You don’t have to search. Facebook made things easy, so we all signed away our identities. I used to push people to join Facebook. I remember when Facebook finally opened to all Apple employees. I joined immediately. If offered value with little or no downside. I misjudged the downside. We all did. Only the crazies are willing to do anything about it. The rest of us are stuck between a walled garden and the Wild West.

The Amazon Web Services (AWS) Multi-Factor Authentication (MFA) setup process for the account creator requires a hardware dongle. However, the multiuser IAM setup allows MFA with either a hardware dongle or an app like Google Authenticator. Turns out, you can actually use Google Authenticator for the account owner too. Here’s how.

1. The trick is step one: turn on IAM multiuser support.

   Seriously. Even though this whole thing is about setting up MFA for the “real” Amazon account, not merely for sub-users, the trick is to turn on the ability to create sub-users. You don’t have to create any. Not even one. None at all.

2. The magic is step two: in the IAM console, click the button to turn on MFA for the “root” account. The “root” account is really your “real” Amazon account, the one you used to sign up for AWS in the first place.

3. Profit.

The trick here is to NOT use the MFA setup on the Security Credentials page, even though that’s exactly what we want. The trick is to pretend you’re creating a new user account, but then set up MFA for the root account which by the transitive property is actually your main “real” account.

Got all that?

I recently started using Evernote, but there’s no easy way to get a PDF saved there.

Evernote Web Clipper is great. The menu bar icon is great too. I use both, but how do I get a PDF? Do I have to save a PDF file and then drag it into Evernote? No!

Here’s a very simple (codeless) Print Plugin that adds “Save to Evernote” to the Print dialog box. Problem solved.

Aside: to integrate with Google Cloud Print, use this “Print to a Google Cloud Printer” plugin.

How To Install_: drop the plugin (after unzipping) into ~/Library/PDF Services. Notice the space between PDF and Services, also note the capitalization. If you’re not sure how to get there, or if it’s just not working for you, then try this alternative: Hit print somewhere, click the PDF menu in the bottom left of the print sheet, choose “Edit Menu”, hit the plus button, and choose the (unzipped) workflow from above.

To check if it worked, open any document and hit print. At the bottom left of the print sheet, there’s a PDF menu. It should contain a new Save to Evernote entry.

This post was originally drafted in March of 2011.

Criminal Prohibitions

I think it interesting to compare Murder with Nude Dancing. Doesn’t one have the right to die? If we assume arguendo that, for example, a terminally ill patient asks a someone for assistance in hastening death and also assume arguendo that there are absolutely no direct effects thereby, such as disposal expenses or emotional/psychological impact on family/friends (e.g., patient has no relatives and has already paid for cremation), may we thereby reach a homicide which is not Murder nor Manslaughter (in the common usage), yet is both unjustified (i.e., not self-defence) and unexcused (i.e., not accidental)? 

Murder

Murder (and Manslaughter), in my opinion, is rightly criminally outlawed since it has not only the direct effect of ending another’s life, nor only the secondary effects of emotional and psychological trauma on loved ones, nor only the secondary effects of the aftermath thereto (disposal, inheritance, &c.), but also the societal effect of instilling fear in the general public. A murder in the inner city strikes legitimate fear in the hearts of suburbanites who may never have been nor ever plan to go anywhere near the inner city. More strikingly, a murder in Boston has this effect in NYC or even LA. The mere fact that the murder occurred leads to reduction in the exercise of other persons’ legitimate rights, albeit not proximately so. Manslaughter, however, leads to a much lesser interference with other persons’ rights and is therefore rightly treated as a lesser, but still criminal, offence. 

Other activities, such as parking in a metered space without feeding the meter or littering, certainly do frustrate the exercise of other persons’ rights but not in the same way. Taking up a convenient parking space, e.g., without paying for use of the scarce resource does not create an environment where another may fear, and therefore avoid, e.g., traveling to the mall. It merely raises the cost of doing so (in that the other must park in a less desirable location, walk further, and expend time doing so). Such a cost increase may encourage the other to patronise another mall, but it certainly cannot be said to discourage leaving the home. 

Unlike unlawful parking, a murder encourages a general and debilitating fear. Note that I am not claiming that all of society is handicapped by every murder, but rather that the accumulation of murders promotes a cumulative effect of less lawful activity. A murder in the inner city not only discourages others from travelling there, which is certainly constituent of this cumulative effect, but it also discourages others from going out of their homes generally since it is possible, however unlikely, that murderers may travel to (or arise in!) the other’s very neighbourhood. 

Ignoring any theoretical deterrent effect, the criminalisation of Murder declares to society as a whole that any given individual is generally safe when out and interacting with the world. I assume arguendo that most persons would not murder one another if Murder were to be suddenly legal (in isolation from other elements of our society), e.g., for one day a year or some such. Certainly there are some people who are maladjusted just enough that such a legalisation would free them to act on their impulses when they otherwise wouldn’t, but I assume that there are relatively few of them. Furthermore, I expressly ignore this group. 

On this hypothetical murder-is-legal-for-one-day-only day, nearly the entire population will lock their doors and windows, arm themselves, and hide in their basements for the entire 24-hour period. No business would transact. No non-business would transact. Nobody would do anything at all for the entire day. Not even a gov’t mandate that people do continue about “normally” could get them out. Almost every single person would be more than happy to pay a fine or even be criminally convicted of a misdemeanour or, perhaps, even a felony, if doing such would save their lives. In fact, our society already excuses all persons from criminal liability when their action was directly to save their own life or that of another. 

We can see this effect very simply in the real world today simply by looking at the social and cultural life of persons in failed states or totalitarian regimes. Although they don’t exactly cower in fear in their basements, this is most likely because they both have no basements and that their fear is not particularised to one day a year. They do, however, avoid any and all activity which might expose them to persons who are not trusted to be safe. 

The declaration that Murder is wrong, is always enforced against all transgressors, always in favour of all victims, allows the general population to presume bodily safety as a general matter. This presumption may be rebutted under certain circumstances, e.g., when a suburbanite faces the prospect of traveling unaided into the inner city, but the presumption itself works to allow the suburbanite to believe himself safe even in unknown situations. Thus, he may walk into any business he pleases or travel on any carrier he pleases; he need not maintain body armour nor employ security guards. 

Such a declaration does not, itself, interfere with any other rights. Persons generally lack the right to interfere with the affairs of another and so the declaration that a particular interference is officially wrong is inconsequential as far as the theoretical scope of an individual’s positive rights. The declaration serves instead to psychologically guarantee not only that others lack the right to diminish one’s own positive rights, but that they lack the power to do so. 

Nude Dancing

When seen from this societal-effects viewpoint, Live Adult Entertainment is wholly distinct from Murder. Although both are declared morally wrong by the same sorts of moral philosophies (such as the Cristian religious tradition), they lack any similarity in their effect. Not even Jerry Falwell fears to leave his home upon learning that a strip club has opened in another state, in another city in the same state, or even his own city! He may avoid a particular part of town, but he may be expected to walk right up to (and presumably past) such an establishment when he has good reason to, for example to reach a nearby business or, perhaps, to protest against the strip club itself. 

Absent riot gear, no individual would travel to a location where one is likely to be shot in the head without consequence. With riot gear, very few would be willing to do so anyway. Nude Dancing is just in a different category. As such, it should not be regulable as Criminal. 

Euthanasia

How does euthanasia fit into this? Does the prohibition against euthanasia fill the same social need as the prohibition against violent murder? Does it fill the lesser but still criminal position of manslaughter? How does society improve by preventing people who are already dying from dying on their own terms? How does society improve by declaring that people may only die without assistance? (Remember, the prohibition on murder is useful as a declaration of a norm, not simply as an attempt to prevent actual deaths.)

So I’m sitting in the car and my iPhone finishes playing The Sound of Silence and moved on to the next. Only, it didn’t. I look down at my now silent iPhone, and it’s flipping through all the other songs on the playlist. Without playing them.

So I unlock the thing and open the music app. And it proceeds to clear the playlist, then clear the playlists. It just decided to delete all my music. In front of me.

😕

It’s fairly simple to put your iCloud documents into your Dropbox, accessible anywhere (including from other apps!)

1. Step one is to PICK ONE COMPUTER. Yes, you need a computer. It is vitally important that you PICK JUST ONE. Your iCloud documents will be available on all your computers, but you must pick only one to bridge iCloud and Dropbox.

   The computer you pick ought to be the one that is active the most. If you have a desktop and a laptop, pick the desktop unless it’s never on. iCloud will sync through this computer, so if this computer isn’t on and logged in (with Dropbox running), then iCloud won’t sync.

2. Step two is to make sure you are only doing this on one computer. Double check that you do NOT have another computer that has this set up for your iCloud and your Dropbox.

3. Launch Terminal and enter this:

   ln -s ../Library/Mobile Documents ~/Dropbox/iCloud
   

4. You will now have a folder (an alias aka symlink) in your Dropbox that will be sync’d via Dropbox to all your Dropboxen.

Yay!

iwillnotshavemyvagina:

Defining marriage as a union between a man and a woman only reinforces many gender roles I am uncomfortable with. Like the whole idea of a husband and his wife.

Is it weird to think of animal husbandry when I hear/see “husband”?

Anyway. My personal opinion is if the church* wants claim to marriage, then give them marriage. Only people wedded in churches/by clergy will be “married.” Big whoop. Everybody else gets a civil union/partnership. But a civil union and a marriage have to have the exact same benefits (because this is my opinion and I say so).

Then civil unions can be defined as legally recognized partnerships and marriage can be a title you get to slap on for doing it with religion. And if the Church doesn’t want to marry somebody, the church doesn’t have to. But they could.

I think this would also lead to some interesting tension (and potentially chaos) between various Christian denominations and individual churches.

Also it would be a nice reminder about the separation of church and state. There seems to be a lot of “Take back our Christian Nation!” talk lately. Maybe always. But I’m noticing a lot of it lately. Thanks 1956!!

*Church in the sense of separation of church and state, rather than just religions that have churches.

(Source: iwillnotshavemyvagina)

I use Google Apps as my e-mail service for gaelicWizard.net. Here’s why and what-for.

Gmail

Gmail is almost the best e-mail service ever. This is not actually saying much, though. Most e-mail systems merely replicate a directory tree. A directory tree is just not a good way of storing human-centric information. Gmail ditches this. The storage of e-mail is abstracted away. Gmail doesn’t talk about storing e-mail. Gmail talks about organising e-mail, using labels.

It also integrates certain little features that most e-mail clients ignore entirely, or support as an afterthought. One such example is threading. Gmail groups all messages into “conversations.” Always. Labels apply to conversations, not individual messages, so that you can’t forget to label them.

Unfortunately, Gmail lacks a few obvious features and at least one not-so-obvious,-but-would-be-wicked-useful-to-me feature. For example, Gmail’s filters can only match a very limited set of headers. Fortunately, list and delivered-to are included in that set. Unfortunately, most everything else isn’t.

Catch All

The killer feature for me would be, sadly, rather niche. I use Gmail’s catch-all feature in order to receive e-mail addressed to any address which end up at my domain. This means that I have absolute control over everyone who wants to send me e-mail.

Example: I sign up for Formspring. I tell them my e-mail address is John.Formspring@…. Then, if I ever receive a message addressed to that address which is not directly from Formspring, I would know that Formspring sold my e-mail address to spammers. Even better: I can block that entire e-mail address, and only the spammers and Formspring lose contact with me. (I should note that this has never happened with Formspring; its just an example.)

NeXTSTEP

Gmail does this. What I want Gmail to do is one step further. I want Gmail to filter based on the incoming address, automatically. I can set up filters, and I do, but I have to set up a filter manually for each incoming address. I want my e-mail system to automatically parse the delivered-to header, tokenise the domain-dependent portion, drop the “John”, and use the rest as a label.

I could achieve this with procmail(1), but I would need to route my e-mail through a system running procmail. That would mean no Gmail. I don’t want to lose all the other benefits of Gmail.