Content from 2018-05
A Fun Experiment
I mostly seem to hang out with coders. It seems that the people with whom I most frequently interact are computer scientists or software developers. I don’t really know why, other than they are the only people crazy enough to use Riot for their day-to-day communications and chatroom facility. For this reason, I’m surrounded by programming with little to no comprehension of what is going on the majority of the time. Attempts to explain even the most basic things to me usually end up with me staring blankly and nodding my head hoping that nobody realises I’m the idiot in the room.
Let’s Clear Up Some FUD
At the moment, information on this flaw is scarce, so as always it’s best to wait until the paper is published (which EFF says will be done at 07:00 UTC on May 15th). However, there are some things we can clear up from the start.
I have lived a Windows-free life for a good long while now, using the OS only at work and leaving my home setup free of Microsoft’s influence. However, with the upcoming shift to Windows 10 in my place of work (which I will be helping to develop) and my need to study PowerShell and Hyper-V for my 70-410 exam, I decided to bite the bullet and once again load Windows 10 Professional on to my machine. This is nothing more than a brain dump of my experience on returning. Let it be known that I do not hate Windows as many Linux enthusiasts do; indeed, I’ve been very impressed with many of the advances that Microsoft has been making across their product lines. However, my experiences with it have been patchy at best.
My team recently moved away from a (frankly old and creaking) ManageEngine ServiceDesk solution to JIRA for our Helpdesk. This has been met mostly with dismay by the majority of my team, so much so that I am one of the only people in the office still excited about the upgrade. As always, there were teething issues during the initial upgrade, but a few months on everything is more or less stable and we have lots of ideas for how to evolve the product. So why do the rest of the team still bemoan the product so much?
A few years ago, I'd have been shocked to see the sort of vulnerabilities I see announced these days once a year, let alone once a month. But the rise of cybersecurity as a respected industry has led to the big companies such as Microsoft, Apple, Canonical, etc. pulling up their socks and crushing vulnerabilities in a timely manner. This is all great, except for those of us whose job it is to deploy these fixes.
AntiVirus is a necessary evil. With the world more connected than ever before, every device needs protection and tools to allow administrators oversight. Currently, the AV I work with is Sophos; cloud-based solution for Windows, Mac, and Linux. When I was working on the frontline, I quickly became aware that Sophos did not deploy during imaging as it had initially done, nor could it easily be pushed out via SCCM. We spent a long time going around to each freshly imaged machine and loading Sophos on, rebooting the machine, and logging tickets to have its policy applied. This did not sit right with me, so upon my move to the systems team I decided to have a crack at simplifying the process.
I'm a systems administrator by trade (or as I often find myself writing, a “systemd administrator” since that cancerous piece of bloatware consumes most of my troubleshooting life). It is, therefore, perhaps unsurprising that I like having control over the devices in my home. I refuse to use Apple devices apart from the one I have to use for work, I allow only GNU/Linux devices to be used on our home WiFi, and while my rooted Android phone is still somewhat lacking in end-user control, I plan to replace it with the Librem 5 when it launches.
It would be terribly naïve of me to presume that other people were so preoccupied with device control as myself. My partner, for example, is the sort of person who simply wants her computer to get out of her way when she’s using it. The slightest hint of maintenance or troubleshooting is enough to make her throw the machine down in anger and find any excuse not to continue with what she was doing. I believe that a lot of people are like this, and it is what has given rise to this wave of “easy tech”, or technology with which the user has little interaction and no ability to troubleshoot. This is a terrible thing.
No Access? No answers.
This little rant of mine was inspired in part by this article about Amazon’s Alexa and her recent spout of the giggles. For those of you who are not members and therefore cannot get past the paywalls, here is the part that piqued my interest:
You’ll just have to take [Amazon’s] explanation of misheard commands at face value: None of the processing is done client-side, there is no way for third parties to look at how Alexa devices really work, to poke around in the guts and discover causes and effects.
~ Brian Feldman
End users seem to be infatuated with devices like Alexa and Google’s Home devices. My aunt has not only got one for herself but has also inflicted one on my wholly disinterested grandmother. Quite literally, everybody and their grandma seems to have one. It’s become one of those “must-have” gadgets for which everybody clambers on Cyber Monday and Black Friday and you can see why: it allows users to interact with services they already know and love but with an even greater degree of laziness than a laptop or smartphone already affords.
There’s something very sci-fi about the idea of walking into your home and being able to turn things on and off with a simple command, about being able to talk to your very own robot butler about today’s headlines and weather. People are excited by future things, and that is why Amazon’s Alexa and her ability to order you food with a simple grunt is so appealing to so many.
But Alexa and her ilk are also sci-fi in a much darker way. I’m not talking about the fact that they suck up data like a sentient drug-addicted vacuum snorts coke at a 70s night. I’m not even talking about the notion that these devices might somehow become intelligent and launch a Skynet-style attack on humanity. My problem is far more practical: I cannot fix it when it breaks.
Amazon produced a statement claiming that the problem was the Echo devices incorrectly hearing themselves being commanded to laugh. “We are disabling the short utterance ‘Alexa, laugh.’ We are also changing Alexa’s response from simply laughter to ‘Sure, I can laugh’ followed by laughter,” the company said in a statement.
Amazon’s reported fix for the problem seems reasonable enough. Alexa is simply mishearing you, so we’ll change that command and make it so that she issues a warning when she’s about to laugh like a child in an 80s horror movie. For most users, this will satisfy. But I have to ask the question: how do I know that this is what the problem was? We now know that Alexa was reportedly mishearing commands such as “lamp” and “light” as “laugh”. And if my command history did not include any of these, or I simply did not have any connected devices like these, and it still laughed then how could I go about finding the solution?
When my computers break (which they frequently do, usually due to my actions) I have a fairly good shot at finding out what is wrong. Log files are easily accessed and read, Googling around usually brings me some sort of solution. At the end of the day, even on a Windows machine I can typically find some sort of log which will tell me exactly what happened just before the whole system fell over. Even if it’s a stupid piece of software, something will get logged. But with this new range of devices, so imprisoned by the companies which manufacture them, access is getting more and more limited for the end-user.
Take, as an example, the iPhone. While Android definitely dominates in terms of numbers, iOS remains the gold standard for many. Now, I use one of these accursed things for work and it goes wrong **constantly****. Usually, it’s something simple like WiFi dropping off every time I lock the phone then taking around 30 seconds to reconnect. If it were an Android, I could look in the system logs to find out why this was happening, but with iOS devices, I would need to own a Mac to do this. Vendor lock-in is becoming a severe issue, and devices like Google Home and Amazon Alexa, which do all of their processing server-side, present an even greater level of vendor-control and user-cuckoldry than ever before.
Insist on Control
As I said before, I know many people for whom the idea of having more involvement with their computers and the maintenance of them is a horrifying thought. After all, computers are complicated and confusing, so the less you have to do with them the better, right? Absolutely not. Here’s my unpopular opinion upon which I’m certain I will expand at a later date: computers should be hard to use. These devices should require some investment of time to come to grips with, just like using any power tool should require the wearing of correct safety equipment and following best practices. If users are stupid we are going to be in a whole heap of trouble as computers start to take over our lives more and more.
Home computers and smartphones are immensely powerful machines with which an individual can potentially do a great deal, but unfortunately most people have given away all control in favour of having a simpler time. But this attitude is incredibly wasteful. If you spend a certain amount of money on a device, you should get your money’s worth from it. Similarly, if you’re using any device for anything personal or professional, the only person who should be controlling it and interacting with your data is you.
If you have no idea how a machine works, and you have no way of fixing a problem or even finding out what the problem is or relates to, then you have wasted your money. You have bought yourself an expensive trash can and, in the end, it doesn’t even really belong to you. Sure, it sits in your house and you think it’s doing what you ask it to, but in reality you don’t know what its capabilities are nor do you know what its limitations are. That is a very sad fact.
This blog covers antivirus, apple, av, azure, blog, centos, chat, chrome, code, coding, communication, computer, control, distro, efail, electronic, elementary, emacs, email, federation, free software, fun, funkwhale, gnu, gnupg, guix, guixsd, gutenberg, hkep, hong kong, intel, internet, intune, jira, linux, lisp, mac, mail, markdown, mastodon, matrix, meltdown, microsoft, moodle, music, new year, open source, pc, perl, personal, pgp, program, programming, rant, rust, sccm, security, site, social, songs, sophoe, spectre, sphinx, surveillance, sysadmin, t2, teams, tech, update, website, windows, wordpress, work, writing