[24 Million Americans Don’t Have Access to Broadband—Why Isn’t It an Election Issue? – Motherboard (https://motherboard.vice.com/en_us/article/d3kdmx/is-access-to-broadband-an-election-issue)

Yet few candidates, from local mayoral races all the way up to the Senate, provide lip service to the fact that millions of Americans still lack access to broadband, and even fewer flesh out a robust policy to address it. At a time when politics is more divisive than ever, basic issues such as access to the internet are being overshadowed by the massive ideological clashes happening across the country.

“If you were to ask people what issues they’re voting on, first and foremost they would say ‘pro-Trump or anti-Trump,’” said Susan Boser, the Democratic candidate seeking to replace Republican House Member Glenn Thompson in Pennsylvania. “Next would be guns and abortion, then the needs of the area, which are jobs and the opioid epidemic.”

Boser told me a lack of access to broadband is a huge problem in her district, which is a large, predominantly rural swath along the northwestern edge of the state; its largest town, Indiana, has a population of less than 15,000.

(Via Motherboard)

This is not an insignificant number of people even as a percentage of the population. And this issue has the added advantages of:

  • No political polarization
  • No impact on either moral, ethical, or religious issues

  • Good for the economy

  • Relatively easy to address and quickly if the community will is there

And yet …

In Tennessee, broadband access has faced progress and setbacks. Chattanooga found economic revival after building city-owned gigabit internet, but was quickly prohibited from expanding the network to surrounding communities because of a Telecom-backed state law. Efforts to fight those limits have failed, making it difficult for municipal internet providers to expand and offer services to smaller communities.

A Tennessee Democratic Party spokesperson told me the broadband battle is being drowned out by more contentious rhetoric.

“We’ve got a governor race with a highly contested Republican primary, so you’ve got all those candidates out there with television ads focused on immigration and other issues,” he told me over the phone. “That’s where voter attention is at the moment.”

So many people get wrapped up in causes they can’t hope to impact to the exclusion of local issue they can impact.

Also on:

[https://tidbits.com/2018/06/15/uk-travel-tips-giffgaff-for-cellular-and-apple-pay-for-transit/](UK Travel Tips: Giffgaff for Cellular and Apple Pay for Transit)

Apple Pay for Transit

The challenge of driving on the opposite side of the road was one thing when we were out on the motorways and around Stratford-Upon-Avon, but driving in London was insane, what with the traffic, squirrely little roads, trying to match Google Maps directions with difficult to find street signs, and more. We were happy to return our rental car right after arriving and planned to use London’s famed public transit system—the London Tube!—for the rest of the trip.

Relying on public transit systems as a tourist is often quite stressful, between the confusion of trying to figure out routes and figuring out the local payment systems and policies. Luckily, both Google Maps and Apple’s Maps did a good job of providing detailed directions that included walking routes when switching from a bus to the Tube, for instance. But payments were still a worry because there are all sorts of variables based on zones, time of day, age, and more.

The advice we’d been given by tech-savvy friends who had been to London recently was to just use Apple Pay. When you do that, TfL’s system tracks your usage throughout the day and charges you the lowest appropriate fare—taking into account daily caps that make the final amounts cheaper than day or week passes. (An alternative would have been to buy one of TfL’s contactless Oyster cards, add money to it, and then get it refunded when we left the country. Our friends did that for their young children, who didn’t have iPhones. Also, we could have used contactless credit cards, which are still rare in the US, if we’d had them.)

The physical process of paying with Apple Pay is brilliant—most of the time. There’s a yellow payment pad on gates in the Tube stations and at the front of buses. You invoke Apple Pay, authenticate, and then touch your device to the pad. (You’re supposed to be able to touch your device to the pad to invoke Apple Pay and then authenticate, but that didn’t work the one time I tried it.) The gates then open, or a light turns green, indicating you can proceed. For the Tube, you have to touch in when you enter the station and touch out when you leave; for buses, you just touch in when you board and don’t need to touch out.

If you want to use Apple Pay for public transit in London, there are a few quirks to keep in mind:

• Use a supported credit card. Our debit cards from our local credit union had no currency conversion fees, so we thought we’d use them with Apple Pay. However, it turned out that US debit cards generally aren’t accepted in the UK, so we had to set Apple Pay to use a different credit card. Make sure you have a few credit cards loaded into Apple Pay to be safe.

• Use the same device each time. To avoid higher fares for seemingly incomplete journeys and to take advantage of the daily capping, you have to touch in and touch out with the same device for all your trips in a day. In other words, settle on your iPhone or your Apple Watch, and don’t switch. We only used our iPhones because I’ve had more trouble in general with Apple Pay payments registering from the Apple Watch. (Although I’m sad that I didn’t try it one day when we had little travel planned.)

• Be patient and try again if necessary. We had a non-trivial number of failures, where Tristan and I would get through the gates, for instance, but the system would reject Tonya’s payment. Some of that was user error, as we all figured out how to use Apple Pay more fluidly, but other failures had no obvious cause. It might have been related to all three of us using the same credit card in too quick succession, but sometimes everything worked as expected. Apart from suffering dirty looks from other commuters who we were blocking, there was no problem with waiting briefly or trying another gate—it always worked in the end.

Regular readers know I enjoy a good contactless payment travel story. While not as frictionless as the Japan system(s), this seems workable for a visit.

Yikes! The World Cup spread to eight other countries this year?!?!?!

Apple Announces World Cup Content Coming to Siri, Apple TV, News, App Store, iBooks and More:

Apple’s personal assistant Siri has been updated with support for sports ahead of the World Cup in Brazil, Russia, Denmark, Finland, Malaysia, Turkey, Saudi Arabia, and Israel, Apple announced today.

(Via MacRumors: Mac News and Rumors – Front Page)

Of course not. This is just a poorly written lede. An alternate suggestion:

“Apple announced today that personal assistant Siri was updated with sports support in Brazil, Russia, Denmark, Finland, Malaysia, Turkey, Saudi Arabia, and Israel in advance of the World Cup.”

How to Describe Vulnerability Information?:

JPCERT/CC receives software vulnerability information from domestic and overseas reporters, then coordinates them in between the vendor/developer and the reporter. While there is a vulnerability reporting template, vulnerability itself is described in a free format. Reporter can describe about a vulnerability in a way they like. From a vulnerability coordinator’s perspective, the following are a few obstacles that we are facing:

1. It is necessary to “understand” the technical aspects

2. When the vulnerability description is written in your non-native language, it can be extremely difficult to comprehend

(Via JPCERT/CC Blog)

Read on for more. I support these activities, especially how to deal in multi-lingual ways.

Crappy IoT on the high seas: Holes punched in hull of maritime security:

Years-old security issues mostly stamped out in enterprise technology remain in maritime environments, leaving ships vulnerable to hacking, tracking and worse.

A demo at the Infosecurity Europe conference in London by Ken Munro and Iian Lewis of Pen Test Partners (PTP) demonstrated multiple methods to interrupt the shipping industry. Weak default passwords, failure to apply software updates and a lack of encryption enable a variety of attacks.

(Via The Register – Security)

Vulnerable ship systems: Many left exposed to hacking:

 

“Ship security is in its infancy – most of these types of issues were fixed years ago in mainstream IT systems,” Pen Test Partners’ Ken Munro says, and points out that the advent of always-on satellite connections has exposed shipping to hacking attacks.

 

 

(Via Help Net Security)

Maritime navigation hack has potential to wreak havoc in English channel:

 

As reported by the BBC, security researcher Ken Munro from Pen Test Partners has discovered that a ship navigation system called the Electronic Chart Display (Ecdis) can be compromised, potentially to disasterous effect.

 

Ecdis is a system commonly used in the shipping industry by crews to pinpoint their locations through GPS, to set directions, and as a replacement to pen-and-paper charts.

 

The system is also touted as a means to reduce the workload on navigators by automatically dealing with route planning, monitoring, and location updates.

 

However, Munro suggests that a vulnerability in the Ecdis navigation system could cause utter chaos in the English channel should threat actors choose to exploit it.

The vulnerability, when exploited, allows attackers to reconfigure the software to shift the recorded location of a ship’s GPS receiver by up to 300 meters.

 

 

(Via Latest Topic for ZDNet in security)

I’ve been talking with companies in this space about these types of issues. While Munro’s research is telling, this is not shocking.

It does very nicely illustrate the real values in good penetration testing: challenging assumptions, taking nothing for granted, and divorcing motive from threat.

For example, the 300 meter location discrepancy could have nothing to do with the shipping company or the ship itself. It could be used by a crypto mining concern looking to delay the arrival of new GPUs for a rival firm. This type of attack could be part of a larger series of attacks, subtile enough that further investigation would be unlikely (as opposed to the English Channel scenario in the ZDNet article), and could reap substantial benefits for the crypto mining concern.

I believe it to be a war of pretexts, a war in which the true motive is not distinctly avowed, but in which pretenses, after-thoughts, evasions and other methods are employed to put a case before the community which is not the true case.

DANIEL WEBSTER: Speech in Springfield, Mass., Sept. 29, 1847

The First Shinkansen:

 

I am a sucker for vintage industry promotion films, the kind of thing the third grade home room teacher would show as a treat on a dull Thursday afternoon. The soundtrack was warped, the film was scratched and patched and sometimes got stuck, but it was all fun.

Japanese rail fans love to post vintage photos and I came across this tweet with a fascinating video of the very first Shinkansen test car being pushed by a steam engine to the test site. It’s easy to forget how important the Shinkansen project was to Japan leading up to the 1964 Tokyo Olympics. Even if you do not understand Japanese you can sense the importance of it all from the film clip: scrubbed technicians performing their jobs, testing the infrastructure and of course watching that first Shinkansen train whoosh past at full speed.

It’s hard to believe that the Shinkansen project almost didn’t happen. I wonder how happy the project team felt when the first Shinkansen whooshed by. It must have been a great day. The future arrived at 250 km/h.

(Via Ata Distance)

The tweet Joel includes has the video of the train. I love this stuff.

With a bit of python, lynx, and tidy I was able to pull very clean plain text versions of my WordPress posts. The sparse HTML can be found at http://tokyogringo.myjp.net and the markdown text version can be found on my gopher site at gopher://sdf.org:70/0/users/tokyogringo/

How did I do it? This site has full text RSS for everyone’s enjoyment. No one has to actually visit https://www.prjorgensen.com in order to consume the high value content I generate. The feed contains everything needed for this plain text life. How to make use of it?

I fumbled through my first in a long time python script relying heavily on the very powerful feedparser module.

This Just In: python’s documentation is terse almost to the point of incomprehension While accurate, the documentation does not help beginning (and maybe middling) python coders get to solving problems. Oddly, the Reddits and StackExchange sites are also of limited utility as the answers there often point back to or copy the documentation.

Anyway, taking a very Unix approach I decided not to do everything in python. I know tidy for making valid HTML. I know lynx for terminal-based web browsing, and the ‘-dump’ option produces markdown versions of web pages.

Once I got the script to the point of providing the website data in a reliable and eventually parse-able way, then I turned to getting all my posts.

I cranked the RSS feed of prjorgensen.com up to 20,000 to make sure the feed briefly included all of my posts. I moved my parsing script to my MacBook Pro because I didn’t want to choke the sdf.org servers with my madness. I installed modules and localized the script to run on the MBP.

I ran the script. I checked my email. I then got up to … hmmm. The script finished in under two minutes. Suddenly I had all of my posts back to 2011 in both very clean HTML and in plain text. I synced them to their proper home. I reset my website feed back to a more reasonable number.

There are any number of improvements I can make:

  • My script does not grab images
  • I capture categories and tags from WordPress but don’t do anything useful with them
  • I need to include modifying my gophermap and my index.html (as appropriate)
  • A full text RSS feed of the plain HTML site
  • A full text RSS feed of the gopher site
  • Maybe use a static web site generator like Jekyll for the plain HTML site
  • Maybe use this for tokyogringo.com and PVCSec.com? If so, then I need to handle …
  • Media enclosures

Watch this space for the link to my script on GitHub. Which is here!

Private Transport Monopolies Will Be Bad for Everybody:

Last week the transportation rumor mill pumped out a story that ride-hailing company Lyft is acquiring Motivate, the bikeshare operator behind New York’s Citi Bike, San Francisco’s GoBike, and Chicago’s Divvy Bike. The deal, which was first reported late last week by The Information, is said to be in the range of $250 million.

I’m not sounding the alarm over a $250-million acquisition, but it is worth examining how consolidation in the private transportation sector will affect the public. After all, monopolies in agriculture and healthcare have led to higher pricing, artificial demand, and antitrust strategies like price-fixing.

(Via Motherboard)

More important, isn’t this a variation of the plot of Who Framed Roger Rabbit?

Censorship in the Age of Large Cloud Providers:

Whatever its current frustrations, Russia might well win in the long term. By demonstrating its willingness to suffer the temporary collateral damage of blocking major cloud providers, it prompted cloud providers to block another and more effective anti-censorship tactic, or at least accelerated the process. In April, Google and Amazon banned—and technically blocked—the practice of “domain fronting,” a trick anti-censorship tools use to get around Internet censors by pretending to be other kinds of traffic. Developers would use popular websites as a proxy, routing traffic to their own servers through another website—in this case Google.com—to fool censors into believing the traffic was intended for Google.com. The anonymous web-browsing tool Tor has used domain fronting since 2014. Signal, since 2016. Eliminating the capability is a boon to censors worldwide.

Tech giants have gotten embroiled in censorship battles for years. Sometimes they fight and sometimes they fold, but until now there have always been options. What this particular fight highlights is that internet freedom is increasingly in the hands of the world’s largest internet companies. And while freedom may have its advocates—the American Civil Liberties Union has tweeted its support for those companies, and some 12,000 people in Moscow protested against the Telegram ban—actions such as disallowing domain fronting illustrate that getting the big tech companies to sacrifice their near-term commercial interests will be an uphill battle. Apple has already removed anti-censorship apps from its Chinese app store.

In 1993, John Gilmore famously said that “The Internet interprets censorship as damage and routes around it.” That was technically true when he said it but only because the routing structure of the Internet was so distributed. As centralization increases, the Internet loses that robustness, and censorship by governments and companies becomes easier.

(Via Lawfare – Hard National Security Choices)

Siri Shortcuts Questions – WorkFlow Wednesday:

Siri Shortcuts isn’t even on the iOS 12 beta as of now. But I have a list of questions I want answered before I can ease off on my apprehensive attitude on this new addition to iOS.

1.) Is this app going to replace Workflow, or will it just be an addition?

2.) If this is replacing Workflow, will I be able to import my current workflows without sacrifice?

3.) How powerful will this app be for automation?

4.) Can I trigger this without Siri? For instance, as an action in the Share Sheet?

5.) Is there a limitation on how many actions happen in a single workflow?

6.) There seems to be some kind of scripting possible with Siri Shortcuts, but what kinds of scripting is available?

(Via Tablet Habit)

My questions exactly. The sparsity of details around how Siri Shortcuts will work made me wonder why so many Apple bloggers expressed such uncritical openness. My biggest issue is, of course, the fact that I don’t use Siri at all and have no desire to do so. To be fair, I have no desire to use any other “assistant”. What interest I may have had evaporated.