Lawgier.net

The technical side of a french guy.

The CIA campaign to steal Apple's secrets

Jeremy Scahill and Josh Begley, from The Intercept:

Researchers working with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept. [...] By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

This isn't an unexpected revelation, with programs like XKeyScore and Prism, you could expect that the NSA or the CIA would target a company like Apple. What is more surprising is how they did it, and mostly one of the tool they used : XCode

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store. The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

You can expect the reaction of iOS and MacOS developers. This is from Marco Arment:

Unpatriotic? Absolutely. Terrorism? Maybe. But those don’t quite capture what this really is: war. The United States intelligence agencies are at war against all U.S. citizens. President Obama, “the Constitutional Law president,” not only lets it happen, but supports it. Edward Snowden continues to be much more of national hero and a true American patriot than the President. And I see no future Presidential candidates in either party who are likely to be any better. I’ve said it before: history will not be kind to Obama on this.

But this kind of policy doesn't lead to the CIA goal of making all of the information be easily readable by them:

As corporations increasingly integrate default encryption methods and companies like Apple incorporate their own indigenous encryption technologies into easy-to-use text, voice and video communication platforms, the U.S. and British governments are panicking. “Encryption threatens to lead all of us to a very dark place,” declared FBI Director James Comey in an October 2014 lecture at the Brookings Institution. Citing the recent moves by Apple to strengthen default encryption on its operating systems, and commitments by Google to incorporate such tools, Comey said, “This means the companies themselves won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, e-mail, and recordings stored within.”

What led to this situation is the previous attacks made by the U.S. Government to illegally access the private data of millions (Apple said on Monday that it has sold more than 700 millions iPhones) of people, making no distinction between U.S. Citizens & its allies, and "terrorists". The information that could previously be read when needed (a police investigation, a imminent threat to the National Security) by a simple warrant delivered by a judge now cannot be read at all, no matter what the urgency and the will of Apple.

“Encryption isn’t just a technical feature; it’s a marketing pitch,” Comey added. “But it will have very serious consequences for law enforcement and national security agencies at all levels. Sophisticated criminals will come to count on these means of evading detection. It’s the equivalent of a closet that can’t be opened. A safe that can’t be cracked.”

You can ask Tim Cook if that's what he wanted when he revealed the new security features in iOS 8. I'm sure you know his answer.

“Obama’s comments were dripping with hypocrisy,” says Trevor Timm, executive director of the Freedom of the Press Foundation. “Don’t get me wrong, his actual criticism of China for attempting to force tech companies to install backdoors was spot on — now if only he would apply what he said to his own government. Since he now knows backdooring encryption is a terrible policy that will damage cybersecurity, privacy, and the economy, why won’t he order the FBI and NSA to stop pushing for it as well?”
This is what seems to be a good advice.

New Field Notes : Two-Rivers Edition

Field Notes : Two-Rivers Edition
Field Notes just announced their new "Colors" quarterly edition for the spring : the Two-Rivers Edition. The biggest change from the usual is the number of variations : they are thousands of them, making your notebook quite unique.

We hand-set several designs using Hamilton’s collection of vintage type and ornaments. Hamilton then printed our designs in two random colors on a 1961 Heidelberg GT 13″×18″ windmill press. Randomizing the designs, papers, and colors resulted in thousands of variations. Further variations were introduced thanks to the nature of wood type, letterpress printing, and the music playing in the print shop during the 200+ hours on press.

The 3-packs are 9.95$ and limited to 3 per household.

If you haven't already brought them, be sure to do it quickly : As usual, there is only 25,000 packs available and they should go quickly.

Getting better at writing

When you are publishing a blog, the writing may not be the easiest thing to do. This is more true when you are not writing in your mother tongue. You may have an idea, and some things to say on it, but you maybe don't have the right words to express them in the best way.

This is a huge deal breaker, because mastering the language that you're speaking in is what makes your text stand-up compared to the others. So you're discouraged. You stop elaborating your ideas, and you end up not thinking about them at all. This is bad, because, then, you have nothing to publish on the website that you spend so many hours to make and polish, and you stop thinking about the things that you deal with everyday. You're not so smart anymore.

You can't just make insightful comments and analysis about complex topics on day one, and do this every day, 5 days a week. To be able to do these things, and to be relevant, you have to practice. To reach the level of someone like Ben Thompson, who succeeds to make a 10$ monthly subscription to his daily analysis on tech topics a huge bargain, you need to have some background, some practice. You need to know how all of those things works now to be able to predict on how they will work in the future.

All of this make me rethink how I work and how I write on the Internet. Because I'm too ambitious, and want to tackle complex topics, I find myself stuck when writing about them. For instance, after hearing Myke Hurley's new series “Behind the App” on Relay.fm, I tried to write about ads in podcasts; because I thought that they didn't work very well on this particular new show. But because I had to clearly explain my point of view to be taken seriously (and to not hurt the Relay.fm team, because I love what they are doing), and didn't managed to get something satisfying enough, I didn't published anything at all, even the arguments that I had and that I thought were good. And it wasn't the first time that it happened.

This has consequences on other things. After loving to write on Day One or my Field Notes about my day, or what happened during the weekend, I lost this joy, and I found myself not writing anything at all during several weeks, even when I had more time of doing so. And after saying that you needed practice to write good stories, you see how preoccupying this is.

So I need to be less ambitious. Write less about more topics. Going to the point more quickly. Improving myself. Maybe not being famous at all can be helpful, and can make my blog more of a playground, an experimental lab, where I can try new things, make some mistakes, learn new things and be more forgetful at me.

This is why you've seen some pictures decorating this post. I am a newbie when it comes to photography (as I am with writing), but since I have at my disposal my dad's DSLR (a Nikon D5200, if you're asking, not my choice), I can use it to learn and try new things, and make your experience of reading on the website more interesting, like on The Newsprint, Tools & Toys, …

Coinbase is shutting its Tip Button

Coinbase Blog :

Today we’re announcing that we’ve decided to shut down our bitcoin Tip Button. The project has seen some good usage since we launched it, with about 10,000 users accepting bitcoin tips across a variety of websites.

Well, it didn't lasted long (I'm removing all of them now).

Lawgier.net 2.0

Welcome to the new version of Lawgier.net.

After updating the website's logo, I decided to change its design. Inspired by other Squarespace blogs like Above Avalon (discovered via The Newsprint's Sunday Edition), I decided to go to a less centered view, and to put more things on the sides.

You'll find the navigation links on the left with the new logo, instead of being at the top, and a new side bar on the right with a list of the most recent posts, my Twitter feed and a search bar.

I think that this design improves the ergonomics of the website and brings the content at the front. There's less wasted space, and the content sits on the top, instead of being eclipsed by the massive logo and navigation bar. Now, on the splash screen, you'll be able to see what this website is about on the first glance, and start reading articles directly, instead of having to scroll on the page.

I still have a few quirks to iron out, like the quote's font (that I can't change because of a Squarespace bug), or making an About page, but I'm quite happy of the result, and I hope that you'll like it.