Discover more from hrbrmstr's Daily Drop
"China" Was Really A Euphemism For "Alabama" This Whole Time; Scraping Your Own Network: WebStor & Rumble; Monster Mars Quake
"China" Was Really A Euphemism For "Alabama" This Whole Time
This week, Riana Pfefferkorn, of Stanford Law School, posted an article arguing that the "gloves need to come off" with regard to the encryption debate, specifically in the United States, but really everywhere. While the Duck Duck Go (DDG) link in the previous sentence will lead you to a myriad of resources on this issue, but this post on "The Core of the Encryption Debate" by Clayton Rice summarizes the key points in this broad topic fairly well if you'd like to avoid doing a bunch of clicking and reading across some larger tomes.
Privacy lies at the heart of the Stanford article, specifically our individual and collective right to it. Last week we saw one branch of the U.S. government make a case that — because there is no specific right to privacy codified in the U.S. Constitution — we have no such inalienable entitlement.
One (of a few) message that stood out to me was:
“Crimes” are whatever a group of lawmakers at some point in time decide they are, and “criminals” are whoever law enforcement selectively decides to enforce those laws against…
If you’re an encryption advocate in the United States, it’s time to stop pretending that encryption’s protection against oppressive governments is only about Uighurs in Xinjiang or gay people in Uganda. Americans also need strong encryption to protect ourselves from our own domestic governments and their abominable laws. […] The threat is coming from inside the house. “China” was really a euphemism for “Alabama” this whole time. Encryption advocates in the U.S. just usually aren’t willing to say so.
It is fairly clear that, depending on where you live in the United States, something that you know you have the right to do, today, can quickly become an activity that, tomorrow, is suddenly against the law. This means you, who may not be even remotely near the definition of a "criminal", could easily fit that definition at the whim of lawmakers.
I'll remove the contentious issue in the article from the debate table in this post and mention another scenario that impacts any Mainer (I hail from Maine) who buys something across the border and doesn't give Maine the sales tax that's due. That's right, we are supposed to sit down with our digital calculators, cross reference a sales tax lookup table, and give Maine the tax owed or we are technically in violation of the law. While Maine has no "Tax Police" to go after individuals, it has strongarmed Amazon and numerous other internet retailers into automatically calculating and collecting the tax items we purchase from them.
But, I drive across the border all the time for goods and services, as do scores of other Mainers. What happens when there is a serious revenue crunch and Maine starts asking those providers for our purchase histories (which any store owner has unless you pay in cash and do not use a "loyalty" card) and starts sending tax bills? This is part of the same privacy and encryption debate, and why our right to privacy, along with the need for our data to be encrypted in transit and at rest.
Riana closes with an exhortation to encryption advocates, tech companies, and lawmakers. I'd argue they forgot one group: citizens. The convenience of the services provided by the various internet-connected glowing rectangles we use every day has made most of us lazy when it comes to privacy and encryption. I posit this must change, rapidly, if we're going to successfully navigate the current and future legal landscape.
Scraping Your Own Network: WebStor & Rumble
Web/network "scraping" isn't always about the whole of the content at the target we're pulling information from. Nor is it solely about yanking an HTML encoded data table and transforming it into something we can use for analyses. Sometimes this scraping is for metadata, but not like the kind mentioned in yesterday's edition.
WebStor is a "tool […] for quickly enumerating all websites across all of your organization's networks, storing their responses, and querying for known web technologies and versions, such as those with zero-day vulnerabilities." (
#protip: your smart home now qualifies as an "organization").
It is written in Python (don't hold that against it too much), and does require a bit of technical know how to get it up and running, but it will be a great learning exercise for how to work with schedulers, databases, and local networks, plus may just give you a solid education about vulnerabilities.
If you like the idea of having a better handle on what's running on your network but don't want to be systems architect, I highly suggest looking at Rumble Discovery. It's is inexpensive, very easy to use, secure, and quite cleverly implemented.
Monster Mars Quake
Given all the news items vying four our attention this year, you may have missed that NASA’s InSight Mars lander detected the largest quake ever observed on another planet: an estimated magnitude 5 temblor that occurred on May 4, 2022.
To-date, InSight has detected more than 1,313 quakes since landing on Mars in 2018. Prior to this magnitude 5 event, the largest previously recorded quake was back in 2021 with an estimated magnitude of 4.2.
The fact that we've managed to place all kinds of sensors on distant planets, and that these devices continue to provide insights and, often, surprises, gives me hope that we humans can also be clever enough to dig ourselves out of the impassioned binds we seem to regularly find ourselves in back here on our big blue marble.
Remember: be kind in the comments if you choose to engage. ☮