136 stories

Free ebooks! Get 'em while they're hot!

2 Comments and 3 Shares

We interrupt this broadcast to announce ...

Empire Games came out a couple of weeks ago, right? And you might be thinking, "this is book seven in a universe, won't I be at a loss if I start here?" Well, Empire Games was written to be a new entrypoint into my Merchant Princes universe. But if you want to start from the real beginning, you need to read The Bloodline Feud, which is the revised omnibus edition of the first two books, reassembled into the original intended form.

And The Bloodline Feud is the Tor.com eBook club pick for the week of February 1st to 7th: if you click that link and sign up for the Tor.com newsletter, you can download a free copy in epub or mobi (Kindle) format. (Offer valid to USA and Canada residents; there is a dropdown menu that asks you to state your country.)

Read the whole story
23 days ago
Bought this a week ago and it was worth the price then- infinitely better value now.
Share this story
1 public comment
22 days ago
go read stross if you haven't
Earth, Sol system, Western spiral arm

Chelsea Manning’s 35-year sentence commuted by Obama

1 Comment and 2 Shares


Chelsea Manning, serving a 35-year term for leaking a cache of classified military documents to WikiLeaks, had her sentence commuted Tuesday by President Barack Obama. The president, with just days remaining in his presidency, said Manning can be freed on May 17 of this year instead of 2045.

The 29-year-old Army private was court-martialed in 2013 for forwarding a cache of classified documents to WikiLeaks. After being convicted of leaking more than 700,000 documents and video, Manning—then known as Bradley—announced that she is a transgender woman and would be going by the name Chelsea.

Manning has been both reviled and lauded for her 2010 document dump and has been in prison longer than any other convicted US leaker. In a military first, Manning was approved in 2015 for hormone therapy as part of transition-related care, nearly a year after she made demands for such treatment.

Read 13 remaining paragraphs | Comments

Read the whole story
37 days ago
Share this story
1 public comment
37 days ago
oh thank God
San Francisco, CA

Paul Ryan Says the GOP Will Vote to Defund Planned Parenthood

1 Comment and 2 Shares

During a news conference on Thursday, House Speaker Paul Ryan (R-Wis.) said the process to dismantle Obamacare will include stripping all federal funding for Planned Parenthood, but he did not provide much further detail.

His remarks come two days after a Republican-led House investigative panel released a report that recommended the health care provider be defunded. The investigative panel—created to examine allegations that Planned Parenthood was selling fetal tissue for profit—was then disbanded, because it was not reauthorized for a new Congress. Planned Parenthood was never found guilty of any wrongdoing at the state or federal level, despite multiple GOP-led investigations.

Democrats immediately denounced the move. "I just would like to speak individually to women across America: This is about respect for you, for your judgment about your personal decisions in terms of your reproductive needs, the size and timing of your family or the rest, not to be determined by the insurance company or by the Republican ideological right-wing caucus in the House of Representatives," said House Minority Leader Nancy Pelosi (D-Calif.). "So this is a very important occasion where we're pointing out very specifically what repeal of the [Affordable Care Act] will mean to women."

The measure to cut funding will appear in a special fast-track bill expected to pass Congress in February, during a session that allows legislation to bypass filibuster. The bill would need only a simple majority of senators to pass, rather than a 60-vote supermajority. Should the measure pass, according to the Washington Post, the largest women's health care organization in the country would lose 40 percent of its funding. Planned Parenthood received $528 million in federal funding in 2014, and the government is its largest single source of funding.

A federal law known as the Hyde Amendment forbids the use of any federal funds for abortions. The money Planned Parenthood receives is for preventative screenings, birth control, and general women's health care for their 2.5 million patients

Rep. Diane DeGette (D-Colo.) promised that Democrats would "stand against this with every fiber of our beings."

A similar measure passed the House and the Senate in 2015 but was repealed once it reached President Barack Obama's desk. Obama has long supported the preservation of Planned Parenthood's federal funding. In December, he issued a rule that barred states from withholding funds from Planned Parenthood based on the fact that they provide abortion care.

President-elect Donald Trump has indicated that he opposes continuing federal funding for Planned Parenthood, so a presidential veto would be unlikely. Similarly, Vice President-elect Mike Pence has been staunchly anti-abortion throughout his political career—he signed a measure to defund Planned Parenthood in Indiana during his tenure as governor, and he was successful in slashing funding for the provider in his state.

Reacting to Ryan's proposal, Cecile Richards, president of the Planned Parenthood Action fund, told reporters, "It's likely no accident that this attack was launched the day after Vice President-elect Mike Pence, a long-time opponent of Planned Parenthood, held a closed-door meeting with Speaker Ryan and the Republican leadership."

Read the whole story
49 days ago
Share this story

Ex-Cop Bobby Carillo Is Sad in Jail, So Judge Orders His Release

1 Comment

December 21, 2016 (fault Lines) — It might not seem like a big deal in the grand scheme of things: A cop and his crew throw a significant amount of tow jobs to a local towing company and the proprietor gives them a few cars in exchange. But when you take a closer look and find a conspiracy involving top and former brass in a police department, and the victims were all targeted because of their ethnicity and economic status, it becomes a big deal.

Now a judge has released the already lightly punished mastermind of this scheme from jail because he’s depressed and has lost a significant amount of weight according to his attorney.

King City, California is home to about 13,000 residents, 90 percent of which are Hispanic. It’s an agricultural center for tomatoes, strawberries, lettuce, dairy, pistachios, walnuts and almonds. It’s been called the “Salad Bowl of the World.”

People there are hard working and generally low-income, and apparently ripe for picking by King City police Sgt. Bobby Carrillo and his crew. Carrillo alone had more than 200 vehicles towed and impounded, of which 95 percent or more were handled by Brian Millers’ tow yard. Miller is the brother of then acting-Chief Bruce Miller, who was charged with accepting one of the towed cars as a bribe.

Carrillo was having the cars towed and impounded over minor infractions such as inoperative tail lamps, or even towed from their spot in front of the owner’s home over an expired registration tag. Then, when the owner was unable to bail his or her car out, Carrillo and Miller sold it and split the profits.

People were afraid to speak out because many of these agricultural workers are undocumented.

That was until the FBI came to town on a murder investigation and found no one willing to say anything except “we don’t trust cops, they take our cars and property and we can’t do anything about it.” Complaints like this prompted an investigation, and since Carrillo and cohorts weren’t even trying hard to hide their scheme, it wasn’t long before they found themselves impounded.

Judge Julie R. Culver, a former prosecutor and corporate attorney, was appointed to the bench in 2010 by then Governor Arnold Schwarzenegger. Carrillo was a veteran cop and, judging by his surname, he should be acutely aware of the hardships faced by poor Hispanic agricultural workers. Carrillo made the decision to become a predator, to seek out vulnerable people, to take their property and wreak havoc on their lives.

And now, Judge Culver gives him a break. After serving about two months of his already paltry sentence of one year in jail, the judge has granted a defense motion and he will be allowed to serve the remainder at home. Monterey County Deputy District Attorney Steve Somers doesn’t agree with the judge:

There are a lot of people who can make that same claim in the jail. And I don’t know how many of those would be released for the same reasons. When he was committing the crimes, he knew that if he was caught he would be put in jail and it would be very uncomfortable wherever he went because every officer knows that.

Jail is a horrible place. It’s easy to lose weight there because the food is barely nutritionally adequate, and tastes like crap. It’s prepared by fellow inmates who may or may not have had their training in an establishment sporting a Michelin star, or even a Zagat rating. (Mostly not.) The food is part of the punishment. Carrillo was in solitary confinement, likely for his own protection, because being a dirt bag with a badge who preys on his own community would make him quite unpopular with the non-badge-holding dirt bags that prey on their community and share the facility.

Yes, you would lose weight. Yes, you would become depressed. When your drinking water comes from an orifice on top of the exposed toilet in your cell, it’s depressing. You want to go home.

It’s a disgrace that this judge overlooked this former cop’s predatory nature and let him go home. Hopefully every criminal attorney with an inmate facing a year in Monterey County will now file a similar motion on behalf of their client so everyone can go home early.

The post Ex-Cop Bobby Carillo Is Sad in Jail, So Judge Orders His Release appeared first on Mimesis Law.

Read the whole story
65 days ago
Reminder that cops have more rights than you. Blue lives matter.
Share this story

Uber is now literally trying to murder me.

1 Comment and 5 Shares
Uber self-driving car running red light in SF
Uber launched a fleet of its much anticipated self-driving cars in San Francisco on Wednesday, and by late morning the effort already hit a bad-driver milestone: running a red light. [...]

Annie Gaus, a freelance writer and producer in San Francisco, tweeted Wednesday morning that she "Just passed a 'self-driving' Uber that lurched into the intersection on Van Ness [Avenue], on a red, nearly hitting my Lyft." [...] "It was close enough that both myself and the driver reacted and were like, 'Shit,'" she said. "It stopped suddenly and stayed like that, as you see in the photo."

SFPD traffic division unaware of self-driving Uber fleet on city streets

With Uber's self-driving cars now on the streets of San Francisco, the enforcement of traffic violations is in the hands of The City's Police Traffic Company, which was unaware Wednesday morning that the vehicles began roaming city streets that day. [...]

"I was unaware the cars have been released in the wild," said San Francisco Police Traffic Company Sgt. Will Murray. "Isn't that like the headless horsemen?"

"They are required to have someone seated in the front driver's portion of the vehicle," said Murray, who added that, "If they were committing flagrant violations, if they were not obeying the laws" then traffic officers will pull them over and ticket them.

He did not say if that had yet occurred or how one goes about ticketing a car driven by a computer.

Uber ordered to halt self-driving cars on SF streets

Uber's action is illegal, California DMV Deputy Director Brian G. Soublet wrote in a letter to Uber late Wednesday, which was also sent to press. Soublet added that the ride-hail behemoth was required to obtain an autonomous vehicle testing permit before operating self-driving vehicles on city streets.

"If Uber does not confirm immediately that it will stop its launch and seek a testing permit, DMV will initiate legal action," the DMV wrote, "including, but not limited to, seeking injunctive relief."

Uber Blames Its Drivers As More Reports Of Self-Driving Cars Running Red Lights Surface

Suggesting that this was more than first day jitters, KRON 4 got its hands on a set of photos that the channel says show an autonomous Uber driving through a red light on Harrison at 4th Street. The pictures were taken on Sunday morning, which means that the car was likely being used for testing or mapping purposes and did not carry a paying passenger. Still, it would suggest that the software piloting the autonomous vehicles had problems as recently as three days before the much publicized launch of the autonomous ride-hail service. That is, unless these incidents are all the result of human error -- a.k.a. Uber drivers.

"These incidents were due to human error," an Uber spokesperson told the Guardian about the both the Van Ness incident and the 3rd Street incident. "This is why we believe so much in making the roads safer by building self-driving Ubers. The drivers involved have been suspended while we continue to investigate."

Isn't that neat? It's the humans, not the un-permitted software, that is at fault according to Uber. Unfortunately, that argument likely won't sway the DMV.

So let's see...

The self-driving software is bad enough that they run red lights and make dangerous turns... but they have humans in the drivers' seat! Who are also so terrible at their jobs that they can't prevent the car from running red lights and must be fired.

I guess none of us are as incompetent as all of us? The software is so bad that it makes human drivers even worse?

The usual argument for self-driving cars is that they will be safer for everyone than human-piloted cars. If that hypothesis turns out to be true, then I'm all for them! One can even imagine a shiny Starfleet future where self-driving cars lead to the end of personal car ownership and dramatic emissions reduction. Enter the shimmering arc!

Uber, of course, does not give the slightest fractional shits about whether self-driving cars are safer or cleaner: they are interested in them because they are cheaper. Allow me to remind you of this bit from Fight Club:

I'm a recall coordinator. My job is to apply the formula. It's a story problem.

A new car built by my company leaves somewhere traveling at 60 miles per hour. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now: do we initiate a recall?

Take the number of vehicles in the field, (A), and multiply it by the probable rate of failure, (B), then multiply the result by the average out-of-court settlement, (C). A times B times C equals X... If X is less than the cost of a recall, we don't do one.

And now we get to the part where the Uber software, operating as designed, is now literally trying to murder me:

SF Bicycle Coalition: A Warning to People Who Bike: Self-Driving Ubers and Right Hook Turns

Before the surprise launch of Uber's autonomous vehicles on San Francisco streets this week, I rode in one. I can tell you firsthand: Those vehicles are not yet ready for our streets.

I was at one of the demonstrations covered in the SF Examiner, along with others who Uber hoped to impress with their new technology. None of us were told that just two days later, Uber would be releasing this technology on our streets on a large scale. I did tell Uber some things about the shortcomings of that technology, however.

In the ride I took through the streets of SoMa on Monday, the autonomous vehicle in "self-driving" mode as well as the one in front of it took an unsafe right-hook-style turn through a bike lane. Twice. This kind of turn is one featured in a 2013 blog post that is known to be one of the primary causes of collisions between cars and people who bike resulting in serious injury or fatality. It's also an unsafe practice that we address in all of the safety curriculum we offer to professional drivers, including the videos we consulted on for Uber as recently as this fall.

I told staff from Uber's policy and engineering teams about the safety hazards of their autonomous vehicle technology. They told me they would work on it. Then, two days later, they unleashed that technology on San Francisco's streets. Your streets.

Since yesterday, we have been told that "safety drivers" in these vehicles have been instructed to disengage from self-driving mode when approaching right turns on a street with a bike lane and that engineers are continuing to work on the problem. In the meantime, Uber is continuing to operate autonomous vehicles for passenger service in San Francisco.

There's no other way to put it: Launching autonomous vehicle technology before it's regulated and safe for our streets is unacceptable. If you support safe streets, please sign the petition to tell Uber to address this dangerous and illegal turning behavior immediately.

The people who wrote this software do not understand the traffic laws and programmed it with a set of rules that they figured was close enough. And then released them into the public.

"Disrupt transportation! Move fast, release early, and crush innocent people under two tons of fast-moving steel!"

I really can't express how unsettling it was today, riding my bicycle in traffic in the rain -- a time when San Francisco drivers are notoriously even less competent and more erratic than under normal conditions -- and wondering what fresh new hell of unpredictability I might encounter from poorly-behaving software in an alpha-test that I most assuredly did not click "Agree" on.

Fuck Uber.

Previously, previously, previously, previously, previously, previously, previously, previously, previously.

Read the whole story
70 days ago
Share this story
1 public comment
70 days ago

Too Cool for PGP

1 Share

Some kids are just too cool for school.

And some security experts are too cool for OpenPGP.

It's almost become a rite of passage for security folks: work in the trenches, build a reputation, climb the ivory tower, write a detailed epiphany about why you've given up on PGP. Suggest we all buy an iPhone and use Signal, start giving people phone numbers instead of e-mail addresses...

Wait, what?

Please take a moment to go ask any young woman if she thinks giving random strangers her phone number will improve her security. I'll wait.


Of course, the experts are right about many things. OpenPGP is old and more recent tools with more modern designs have a lot going for them. But I still think they're mostly wrong.

The experts, by and large, have yet to offer any credible replacements for PGP. And when they suggest abandoning PGP, what they're really saying is we should give up on secure e-mail and just use something else. That doesn't fly. Many people have to use e-mail. E-mail is everywhere. Not improving the security of e-mail and instead expecting people to just use other tools (or go without), is the security elite proclaiming from their ivory tower: "Let them eat cake!"

Furthermore, if that "something else" also requires people use their phone number for everything... well, that's the messaging world's equivalent of the widely despised Facebook Real Name Policy. If you ever needed a clear example of why the lack of diversity (and empathy) in tech is a problem, there it is!

Compartmentalization, presenting different identities in different contexts, is a fundamental, necessary part of human behaviour. It's one of the basics. If you think taking that away and offering fancy crypto, forward secrecy, deniability instead is a win... well, I think your threat models need some work! You have failed and people will just keep on using insecure e-mail for their accounting, their work, their hobbies, their doctor visits and their interaction with local government. Because people know their needs better than you do.

But I digress.

The ridiculous phone number thing aside, I also take issue with the fact that when our opinionated experts do suggest replacements, the things they recommend are proprietary, centralized and controlled by for-profit companies. Some of them (mostly the underdogs) may be open source, but even the best of those use a centralized design and are hostile to federation. In pursuit of security and convenience (and, let's be honest, control, power and money), openness has been hung out to dry.

This is short-sighted at best.

These cool new apps may be secure today. But what about tomorrow? Odds are, they will be compromised by government mandate, blocked or shut down. Or just dead because messaging is a cut-throat business and the money runs out. Anyone remember ICQ? MSN? GChat? Sprinkling these new messaging apps in security pixie dust doesn't make them qualified to replace e-mail.

But what if I'm wrong? What if one of these businesses succeeds, e-mail dies and all our comms become dependent on proprietary protocols mediated by for-profit monopolies? Is that a problem?

Here, let me google that for you.

I really hope it doesn't happen.


Please, if you are at risk, if you have powerful adversaries, follow the advice of the cool kids. The experts are absolutely right when they say PGP is too confusing and messy today for most people to use safely. It takes training, practice and diligence.

So sure, get an iPhone if you can afford it. Use Signal or iMessage. Use Tor, carefully. For e-mail, create as many GMail accounts as you need to blend in with the crowd and not draw attention to yourself; their security team is the best in the world, let them protect you! Enable two-factor auth, use HTTPS.

But most importantly; if you can avoid digitizing incriminating information, do that. Rubber hose cryptanalysis is real and it's much easier to avoid creating data in the first place, than it is to keep it secure after the fact.

Mental Models and Deniability

A rule of thumb for creating usable software, is don't make me think.

What this means in practice, is software should match the mental models of its users as closely as possible. If it doesn't, users will inevitably make mistakes. If your tool is a security tool, those mistakes may compromise their security.

PGP in e-mail has failed this on many fronts. The lack of protection for message headers (the subject line) is one, as is pretty much anything to do with encryption keys (too much math). But it's not all bad! OpenPGP gets other things right, and actually corrects some of the things insecure e-mail gets wrong.

One of the most vexing things about e-mail, is people actually think e-mail is already secure. They just assume e-mail is like regular mail, in an opaque envelope that will prevent tampering and keep postal workers from reading it. Encryption and signatures bring e-mail closer to user expectations, which means if we can get it working smoothly, users won't have to think as much to make good security choices.

One thing people don't expect from e-mail, is deniability. Deniability means after a message has been delivered, it can no longer be strongly linked to the sender. It's like an anti-signature... which most sane people would consider a horrible misfeature in any communication system. Explicitly designing a system so people can disavow their statements and go back on their word? What is this, a system for assholes??

And yet, all the cool kids in the security world seem to want exactly that. They keep bringing up the lack of deniability (and forward secrecy) in PGP as if it were some sort of fatal flaw.

Why? Are security people all assholes? I don't think that's it.

I think they're quite enamoured with the elegant math, and really, really pissed off with certain Three Letter Agencies. There is good reason to believe major governments plan to, or already have been recording all our encrypted communications in the hope of being able to decrypt them later. Forward secrecy (deniability's more attractive twin sister) prevents that sort of thing. But OpenPGP doesn't need to provide forward secrecy to thwart mass surveillance. If we just use TLS (with the right ciphers) for SMTP, IMAP and web-mail then that does the job just fine.

So I agree forward secrecy in transit is a good thing. Let's do that!

Let's put our mail in secure envelopes, and let's also drive it from place to place in nice, secure vehicles. Users don't expect the cops to routinely stop the mailman and photocopy all the mail, so let's make sure that doesn't happen to e-mail either. Let the mental models be our guide.

But we don't need or want deniability. Deniability for individual messages is, quite simply, a horrible misfeature to be avoided. People already assume e-mail is on the record; trying to change that means going against their mental models and setting them up for failure in new and exciting ways. The fact that OpenPGP wasn't designed to empower assholes is a feature, not a bug.

(Yes, there are other arguments for forward secrecy and deniability. They are in my oh-so-humble opinion, mostly bunk. And this post is already too long...)

Making Progress

Anyway, like it or not, e-mail is important.

E-mail is the most successful open messaging standard we've got and OpenPGP is the best tech we have to secure our mail. OpenPGP may be dated and a bit clunky, but it's a hell of a lot better than nothing.

Folks like myself, implementors who are not cryptographers, have long been admonished to not invent our own crypto. Over and over again, we are told to use tried and tested solutions. OpenPGP is that. It may have baggage, it may not be perfect, but it is mature and it solves certain problems. Most of the flaws can be avoided and worked around. If the security community really wants us to use something else, you're going to have to step up and provide something a bit more tangible than rants on the Internet.

OpenPGP is also not standing still, OpenPGP is still developing. The community is well aware that the technology is flawed and needs work. An update to the standard is in the works and there are multiple projects working on improving both the security and usability side of things.

Mailpile is one such project, but we're in good company: PEP, LEAP, OpenKeychain for Android, Mailvelope, and more. Even Google and Yahoo are developing solutions based on OpenPGP. There's actually quite a lot going on!

As an industry, we should be supporting these efforts, not writing and promoting self indulgent posts on how we've given up and moved on.

Oh, and stay in school kids! It's worth it!

Read the whole story
73 days ago
Share this story
Next Page of Stories