> To use Touch ID you will also have to create a passcode as a backup. Only that passcode can unlock the phone if the phone is either rebooted (example full battery drain) or hasn’t been unlocked for 48 hours. This is a genius feature that is meant to set a time limit for criminals if try to find a way to circumvent the fingerprint scanner.
This makes Touch ID just about the most secure method out there. Additionally it would seem to make it near impossible for police to compel you to unlock your phone. All you have to do is power it off, or have your lawyer buy you 48 hours, and then you can see the passcode which is legally much harder to be forced to hand over. Neither should be too hard.
The more I read about this Touch ID system the more I love it.
Get yourself ready for iOS 7 and install this little gem. All the app does it takes an existing picture and adds iOS 7 style blur. I thought it was gimmicky at first, but truly (as someone who has been using iOS 7 for a while now) it is needed for the home screen background.
The lighter font weight on the app names makes busy backgrounds distracting, but solid colors are boring. With Blur I have created some great little background images.
> Despite emphatic predictions of waning business prospects, some of the big Internet companies that the former National Security Agency contractor showed to be closely involved in gathering data on people overseas – such as Google Inc. and Facebook Inc. – say privately that they have felt little if any impact on their businesses.
> Insiders at companies that offer remote computing services known as cloud computing, including Amazon and Microsoft Corp, also say they are seeing no fallout.
The argument is that because there has been no measurable business impact that people were wrong to predict bad things for US companies. Menn has effectively jumped the gun here. There’s a few things to understand about “businesses”:
1. They are incredibly slow to move. Even when IT has been given the directive to “get us off these NSA services” it could take a year or more to do so. IT has to test and try out many services, look into migration, send reports to management, management has to decide on if the cost is worth it, think about it more, ask IT a question that takes a month for IT to get back to management on because the current email server just shit itself… You get the point. Things don’t happen fast in this world — they still use BlackBerries at some companies after all.
2. There are very few, if any, better solutions to existing tools. It’s hard to replace Google Apps, Amazon cloud computing, or whatever Microsoft sells people. It really is. Think about it like this: if you are an all Windows company, how long would it *actually* take to switch to Macs everywhere? That would be a massive undertaking, and there is already a (hopefully) viable solution to switch too. Now imagine instead of Windows to Mac, you are going Windows to Linux — that’s closer to what we are talking about. It is a massive undertaking for most companies.
3. For the great majority of companies that use U.S. companies the privacy impact of the NSA and GCHQ programs are not *yet* of great concern because so far the only bad thing to happen is some bad PR for the NSA. Until there is a real privacy breach, until Snowden or another leaker posts actual data the NSA is storing from a big company — until then there is likely no user demand for companies to change. It’s likely that most privacy conscious companies are looking into other solutions so that *when* push comes to shove they can move quickly.
So yes, there is a huge potential risk of lost business globally for these U.S. service providers, but it won’t happen immediately. This will be a slow change — not an overnight action. That is where the danger really is, because when change is slow, sometimes you don’t realize you needed to react at all.
I am not kidding at all when I say this: this app really makes me smile. If you follow me on App.net you have seen my “artwork” from this app already. The screenshots say it all, but the grins don’t come until you start using the app. No, I am serious.
I really hate shopping for undergarments of any sort — be it socks, boxers, or undershirts — it’s all a gamble that rarely pays off. It seems to me that the market is pretty well set by one factor: price. You either pay $19 an item, or you pay $19 for a *pack* of that item.
The thing is, it’s really fucking hard to find out if any of these items are good before you buy them. I don’t mind splurging and buying a set of undershirts at $19 a pop if I know two things:
1. They are going to be great.
2. They are going to last at least two years.
I’d buy ten and call it a day. The problem is, unlike gadgets, no one really talks about this stuff — well no one that I know. I’ve bought some undershirts that I have seen recommended on sites here and there, typically they are over priced and shitty — a clear indication to me that they were compensated for talking about the products.
For the past three and a half years I have been wearing v-neck, white, undershirts. Prior to that I went with crew neck — I was uneducated, clearly. I have yet to find a really great v-neck undershirt, but that doesn’t mean I can’t share with you what I *have* found thus far. Please keep in mind that this isn’t me wearing these shirts once, and reviewing them. No I have worn each brand of these shirts (and still wear most of them) for over 6 months each. During the tests these shirts have been washed and dried countless times — I am speaking about them then on the level of what they will be like after the “new” wears off.
## Ribbed Tee
We start our adventure with the oh-so-popular [ribbed-tee brand of v-neck undershirts][1]. These are the shirts that look like what is commonly called, in the U.S. at least, a “wife-beater”. They hug your body, and are ribbed (amazing right?).
RibbedTee
I hate these shirts, so let’s list out why:
– They are pricey, at $20. UPDATE: Sorry it was $20 for a two pack, or $10 each.
– They fall apart. I bought three and within 3 months two had hems that came apart. That’s a 66.667% failure rate. ((Science!))
– They are too short. I am 6′-3″ and most of that is in my torso. I need Large-Talls in almost everything — but most undershirts still work because they are typically made to be long. These shirts are so short I can’t even tuck them in. I don’t have much of a gut, but there is no way in hell I would be caught wearing just this shirt.
– The sleeve holes are too tight. You know, they give your armpits wedgies.
Frayed cuff.
That’s the bad, and it’s pretty bad. The good though:
– I like the ribbed nature because they cling to your body well and let your dress shirt flow a little better.
– They hold their shape incredibly well (when they don’t come unstitched).
– They stay nice and bright white.
Overall: don’t buy these.
## UnderArmor
When I found out [UnderArmor made undershirts I was stoked][2]. I thought they would be great, but `meh` is what I found. Here’s what I don’t like about these:
Under Armour
– They are really pricey — $25 each.
– They always seem to get that static cling crap going on.
– They gray up. By that I mean they are no longer white, see this picture for a comparison. Yuck.
– Because of the type of fabric, and this is a big issue, they tend to allow your shirt to come untucked a lot easier. I can’t stand how my shirt seems to glide in and out of my pants when I wear these undershirts. They must be made for that super hip guy that wears v-neck undershirts but never tucks anything in (that’s a thing, right?).
What I like about these shirts:
– They hold their shape really well.
– They feel like angels wrapped on my body.
– I assume they are some kind of armor that protects me from things.
Overall: save your money.
##### Now Things Get Stupid
The above two brands are really easy to talk about, they have very clear versions that I can point you to. But the next shirts I am about to talk about, are, um, probably ones that are going to be harder to find the exact version of for one, and easily mistaken for other ones. I point this out, as yet another example of how much these undershirt makers hate their customers. I’M LOOKING AT YOU JORDAN.
## Jockey, Blue Labeled…
Jockey
[These are easily the best shirts][3] of the lot.
What I like:
– They held their shape well.
– They stayed very white over the course of a 6 month test.
– The v is not too deep, or too shallow.
What I didn’t like:
– Too short.
– Minimal wrinkling of the cuffs, particularly around the waist band section.
Overall: good buy if you are not freakishly tall.
## Hanes with Red Labels…
[These may be the worst of the lot][4]. I bought these in a store, so who knows what specific model they are/were, the link here is my best guess. There’s nothing I liked, instead here are the issues I found:
Piece of crap.
– Too short.
– Too boxy.
– An amorphous blob holds its shape better.
– Discolored after only a few months.
– Lots more.
These shirts suck a lot.
Overall: I’d rather use Windows… 3.1.1
##### Tall
OK, so my main complaint with most of these shirts is that they are far too short for me. It never once occurred to me that Tall sizes were made in undershirts, but (no shit) they are. Man I feel dumb. I have ordered a [couple][5] of [tall][6] versions and will report back after I have had a few months to test them.
### Final Thoughts
If you can buy standard clothes off the rack, your best bet (that I have tried) is the Jockey’s that I mentioned above. For reference, here is an awe inspiring shot of the shirts so you can see color change in a side by side comparison.
From left to right: RibbedTee, Piece of crap, Jockey, Under Armour.[1]: http://ribbedtee.com/store/product/classic-fit-white-v-neck-undershirt/
[2]: http://www.underarmour.com/shop/us/en/mens-the-original-ua-fitted-vneck-undershirt/pid1230361-100
[3]: http://www.amazon.com/exec/obidos/ASIN/B002ZMOZAC/ref=nosim&tag=brooksreview-20
[4]: http://www.amazon.com/exec/obidos/ASIN/B00ACIFB90/ref=nosim&tag=brooksreview-20
[5]: http://www.amazon.com/exec/obidos/ASIN/B007IRM1NM/ref=nosim&tag=brooksreview-20
[6]: http://www.amazon.com/exec/obidos/ASIN/B00CEH0MSM/ref=nosim&tag=brooksreview-20
John Moltz takes a more in-depth look at Elementary OS for Macworld. I really like the vision behind Elementary and think it is worth keeping an eye on.
[Andrea Peterson reporting on remarks by former NSA and CIA director, Michael Hayden][1]:
> “We built it here, and it was quintessentially American,” he said, adding that partially due to that, much of traffic goes through American servers where the government “takes a picture of it for intelligence purposes.”
> Many (probably most) of these Android phones and tablets are phoning home to Google, backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords.
Excuse me while I cycle my WiFi passwords. Oh, and this isn’t some anti-Google post, so it is well worth the read.
[Dave Pell reacting to the new iPhone TouchID system (fingerprint scanner)][1]:
> In order to give us the promise of more security, companies will want to know even more about us. It feels like we’ve passed a point of no return. So much about us is stored in the cloud (our finances, our communication, our social lives) that we can’t turn back. The only way to protect what you’ve shared so far is to share some more. Protect your data with a password. Protect the password with some secret, personal questions. Protect all of that with your fingerprint or your heartbeat. Before long, you’ll have to give a DNA swab to access a collection photos you took yourself. It’s a trend worth watching. The last decade was about sharing. The next decade will be about protecting.
Pell’s thoughts are cogent, and while we know little about the day-to-day operation of Apple’s new Touch ID — there has thankfully been a mostly healthy debate around the workings of the device.
[Rich Mogull over at TidBITS has a very evenly written and well explained take][2] on Touch ID and how it works — I suggest you read it before we go any further.
[Cory Doctorow over at Boing Boing has this to say][3] (in response absurd reports that fingers are now going to get cut off):
> This is the paradox of biometric authentication. The biometric characteristics of your retinas, fingerprints, hand geometry, gait, and DNA are actually pretty easy to come by without your knowledge or consent.
He’s right, not only do we drip this information everywhere we go, we can’t ever change it. But I believe it is a wrong-headed assumption to assume that this is any more problematic than any passcode.
While you could lift my finger print from a pane of glass, who’s to say how time consuming it might be (and expensive) to create a copy of my finger which would allow you into my phone. Add to that: you also need possession of my phone. Then, if you get both of those, you would need your finger replica to work the first time so that I don’t remote wipe the device before you get a chance to read my data.
It would actually be *easier* to just cut off my finger (not that I advocate that). What would also be easier would be to take the zoom lens on a camera, follow me for 30 minutes and snag my four digit passcode — but that’s not inflammatory enough to drive blog post traffic, so…
[Over on Motherboard][4], Patrick McGuire makes the case that we have no reason to trust Apple that there is no NSA backdoor into the encrypted A7 chipset to get our fingerprint. I agree, there is no reason to trust Apple on this, but *yet again* I have to argue that this seems like more work (and risk of exposure) than the reward is.
To assume that the NSA is secretly working with Apple, or hacking iPhones, to get fingerprint data is also to assume that this would be the easiest way to get that information. Logically, thanks to Doctorow, we know that simply is not the case. Do you have a passport? Have you been arrested? Worked with children? Gotten a security clearance? Real Estate broker in Washington State? Then the NSA *has* your fingerprint already.
It’s stupid to assume the NSA would spend that much time to try and get fingerprint data when a good spy could covertly get it (spies they already have trained and paid for), or even just calling the local cops and asking them to pick up the suspect for a random reason.
Just use some logic here people.
***
Now, for something [actually troubling from Marcia Hofmann][5]:
> But if we move toward authentication systems based solely on physical tokens or biometrics — things we have or things we are, rather than things we remember — the government could demand that we produce them without implicating anything we know. Which would make it less likely that a valid privilege against self-incrimination would apply.
Essentially, the government has a harder time to compel you to give up a password, or combination, but it looks as though forcing you to use your finger to unlock something would not violate your rights.
This compels me to once again urge *all* apps to provide an option for passcode locks on the app. If your app contains content created by the user of the device, give us the option to add another layer of protection on that data. Then if compelled to unlock our phones, we can’t necessarily be compelled to turn over the passcodes for each app. All the government gets then is out contacts and call log — both of which they likely already got from the NSA.
It’s just that they don’t open them in the way that you think they do. WNC InfoSec has a post from *vintsurf* [about something he caught Dropbox doing with Word documents][1]:
> All .doc embedded HoneyDocs appear to have been accessed…from different Amazon EC-2 instance IPs.
Essentially what he found was that every time a *new* Word document is uploaded, it is opened on an Amazon server in libreoffice — it appears to only be opened once. Ok, so before we get too riled up we need to look at reasonable explanations for this behavior.
The most reasonable explanation is that this is done to render a preview of the file for the web interface. And that makes a lot of sense. [Hacker News][2] seems to agree with this notion as well.
Two weeks ago I would have given Dropbox the benefit of the doubt that, yes, this is likely *just* to render previews and that I was OK with that.
But this isn’t two weeks ago.
I have no reason to trust Dropbox — to trust that the NSA hasn’t subverted their systems some how. That’s unfortunate for Dropbox, and for me.
Dropbox has always held the encryption keys for user files, and has repeatedly said there is a vigorous security system in place to keep prying eyes from our files. Since making those statements here are a few things we know to be fact:
1. The NSA probably has a more vigorous security system in place, and Snowden stole so many documents that the NSA isn’t even sure what he has.
2. Dropbox clearly allows Amazon instances access to user files. At the very least to render previews.
3. The NSA is known to weaken cryptography and get backdoors installed for them, and there is simply no way to verify that this hasn’t happened at Dropbox *or* Amazon.
4. We know that Dropbox was/is a target for NSA’s PRISM program — there’s little reason to doubt that the NSA places a high value on getting access to user files stored in the cloud.
So, in light of all of this, as of 10:54am PT I cancelled my Dropbox account. I didn’t just stop using it this time, I deleted it.
For now the biggest bottle neck will be 1Password syncing, but more on that in a later post. *([You can see some of my alternative Dropbox solutions here][3].)*
I highly suggest you either get rid of your Dropbox account or encrypt every file on it that you wouldn’t want getting leaked into the public domain.
> The Seattle Seahawks announced Wednesday that undercover cops dressed as San Francisco 49ers fans will patrol CenturyLink Field to deal with unruly fans during Sunday night’s seismic NFC West matchup.
Not yet, because it gets even more stupid:
> Fans who are found breaking the code will be kicked out of the stadium and forced to take a four-hour online course if they want to return in the future.
Now that’s some stupid shit.
1. How do you even monitor this?
2. Are you going to be scanning IDs with the tickets to let people in?
3. Good luck with that.
The title of the latest Guardian report by [Glenn Greenwald, Laura Poitras and Ewen MacAskill and sourced by Edward Snowden][1], would rightfully seem to say everything in the headline. That’s what I thought when I saw it, but that headline severely downplays how damning this latest article truly is.
Let’s get to some block quoting, as the title says, this is centering around a non-legally binding sharing agreement entered into between the U.S. and Israel. Here’s what is (essentially) shared:
> According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications. “NSA routinely sends ISNU the Israeli Sigint National Unit minimized and unminimized raw collection”, it says.
What’s important about that is the wording “minimized”. That’s what the NSA refers to as stripping information about non-targets and U.S. citizens. So effectively the U.S. is handing over raw data, without going through it first, to another country.
Ok, Ben, but that’s what the headline says and I am bored with this NSA crap. I’m bored with it too, but, it’s still important (like reading loan documentation).
It’s important because when you go through it you find out about stuff like the fact that the NSA may also be spying on the U.S. Government and elected officials, ((Cited in same article.)) but just asks that if Israel gets any info relating to U.S. Government officials that they, *you know*, delete it and pretend they never saw it.
##### Welcome to the Circle of Trust
Which is noble, but then you read (in the same article), this:
> In another top-secret document seen by the Guardian, dated 2008, a senior NSA official points out that Israel aggressively spies on the US. “On the one hand, the Israelis are extraordinarily good Sigint partners for us, but on the other, they target us to learn our positions on Middle East problems,” the official says. “A NIE [National Intelligence Estimate]() ranked them as the third most aggressive intelligence service against the US.”
So Israel is one of the top countries that spies on the U.S., and early in the article we learned that Israel is a top-three country for the U.S. to spy on, but hey — why not just share the raw data the NSA is snatched up with them?
I’m not done…
> In its statement, the NSA said: “We are not going to comment on any specific information sharing arrangements, or the authority under which any such information is collected. The fact that intelligence services work together under specific and regulated conditions mutually strengthens the security of both nations.
I think they forgot to add: by willfully infringing on the constitutional rights of U.S. citizens, while also turning over intelligence on innocent people to a foreign government. But hey, *terrorism*.
> A TSA office near LAX was evacuated Wednesday afternoon after it received a suspicious package, believed to have been mailed by an ex-screener arrested for allegedly threatening the airport, according to the FBI.
I wasn’t going to link to this, but right before tossing it aside I caught the really funny part. You see the headline makes it sound like the TSA has been getting some naughty packages, and the above quote attributes the latest to an ex-TSA employee. That’s pretty bad, but really whatever. What makes this story great is the next paragraph:
> The delivery to the Century Boulevard offices marks the third suspicious package attributed to Nna Alpha Onuoha, 29, officials said.
You see, this *same* ex-TSA employee has sent all three of the packages. *Insert your own joke about how good the TSA is at screening employees, here.*
There are two really great things about the iPhone 5S that I can’t wait to have:
1. The new camera. Like every iPhone before it, the camera is much improved. This go around I think it is going to start giving cameras like the GX1 a run for their money. The new autofocus, flash, and burst modes are the kind of features you just don’t get out of a camera that compact.
2. The Touch ID systems lack of cloud storage. That is, the fact that the system works without transmitting your fingerprint to *any* server is a huge win for security. I’m personally not too worried about this system as my fingerprints have to be in “the system” in order for me to be a commercial broker.
There are undoubtedly tons of nice additions, but the two above are the ones that I am most excited about.
Anthony Drendel on adding in-app purchases to Sunstroke:
> Up until July 2013, I had been treating Gone East LLC (my software development company) as a hobby. I had a full-time job that was paying the bills. Consequently, I didn’t much care about earning a decent salary from my app sales. At the beginning of July my contract with my previous employer expired, and I decided to make a change and try to make a living off of my software development.
He has added a $5 in-app purchase to buy unlimited searches (these are persistent, updated, searches that one should think of as smart folders and not searches). It’s a great add to what is easily the best RSS iPhone app out there. If you don’t use Fever, Sunstroke is probably one of the top three reasons to use Fever.
So while you are waiting to spend $500, go spend $5 on this app, or the in-app purchase, or both.
[Editorially has officially launched today.][1] I have been in on the beta of Editorially for quite a while, but really don’t know much about their product roadmap. So now the doors are open, and if you want to give it a go you can sign up and do just that.
For those that don’t know Editorially, it is an online writing app, where you can invite others to checkout, modify, comment on, and discuss your writing.
It’s a great tool for writing with other people.
I’ve been using it with my editor James for quite a while now and it has been great. I love being able to pop a document on there, still work on it privately, and then invite him to it. I can add a comment about the overall document, or highlight a specific section that I want him to see.
There’s still a lot missing and a lot that *could* be added to make this a great tool. Right now, it is the best tool I have found for working with an editor and I am, overall, happy with it. Now that the doors are open, I will also be adding it to the workflow for my day job for collaborating on long documents — it’s just leaps and bounds better than “track changes”.
[Marcel Rosenbach, Laura Poitras and Holger Stark](http://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-921161.html):
> According to the documents, it set up task forces for the leading smartphone manufacturers and operating systems. Specialized teams began intensively studying Apple’s iPhone and its iOS operating system, as well as Google’s Android mobile operating system. Another team worked on ways to attack BlackBerry, which had been seen as an impregnable fortress until then.
> The material contains no indications of large-scale spying on smartphone users, and yet the documents leave no doubt that if the intelligence service defines a smartphone as a target, it will find a way to gain access to its information.
First, let’s acknowledge how refreshing it is that *so far* the reports are that this is only being used for targeted individuals and not just randomly grabbing up all data. The iPhone is mentioned in this article, but from my reading of the article is seems as though iPhones are targeted through backups.
Not, as you might suspect, through iCloud backups, but backups on a user computers. This seems like a dubious assertion to me, because before iCloud backups even *I* wasn’t regularly backing up my iPhone. It would be my guess that iCloud backups are just as, if not more, vulnerable.
More telling is the hack into BlackBerry’s as it looks to be pretty far reaching — and may be the nail in the coffin for BlackBerry. It appears the NSA has a pretty good handle on the “secure” communication device, I can’t imagine it is a good day for Canada’s *only* company. ((Joking, or am I?))
No, actually, the most disturbing part of this report is this bit:
> In three consecutive transparencies, the authors of the presentation draw a comparison with “1984,” George Orwell’s classic novel about a surveillance state, revealing the agency’s current view of smartphones and their users. “Who knew in 1984 that this would be Big Brother …” the authors ask, in reference to a photo of Apple co-founder Steve Jobs. And commenting on photos of enthusiastic Apple customers and iPhone users, the NSA writes: “… and the zombies would be paying customers?”
The touting of creating a 1984 like state is very unsettling and is very telling. This is how these agencies view themselves: as the watchers. They were created to keep us safe, but see themselves as helicopter parents.
On a lighter note, the idea that these agencies can hack iPhones, but still use transparencies is, well, both confusing and ridiculous.
