Data security with OS X Mavericks

11 April 2014 § Leave a Comment

If Mavericks’s implementation of Filevault 2 has any use, I can’t see it. Before I had installed Mavericks, I had used FileVault 2 to encrypt my laptp’s hard drive, and I recently decided to start using it again. I chose a suitably long and obscure password that I could easily remember and enter and pushed “encrypt.” Great, right? Feeling a little safer, I happily coded away (with a good bit of web surfing, to be sure).

Leaving the back doors unlocked, on purpose

On the next restart, the password entry screen for FileVault 2 didn’t appear. Formerly, a blue-grey screen would appear with a text entry field, which could only be bypassed with the FileVault 2 password. I checked everywhere I could think of for an option to require the Filevault 2 password on boot. I’ll save everyone the trouble of looking. Mavericks prevents this. I haven’t been able to find a way to change this behavior. This renders FileVault 2 of little use. There are well-known ways of resetting or by bypassing passwords for administrator users; since Mavericks allows administrators to bypass the FileVault 2 password field, this means that it provides no real protection. I can’t think of a scenario in which FileVault 2 can provide any meaningful protection for any disk that can be booted. I haven’t experimented yet with a disk used purely for data storage. Based on my recollection of the old FileVault 2, I would expect that the disk wouldn’t mount without the FileVault 2 password. I am pretty sure even a root user cannot mount a FileVault-2-encrypted disk without the password.

Defeating the exploits

There is a way to defeat one of the exploits that allows bypassing the login screen. Booting in single user mode gives immediate access to terminal prompt—as root. I can’t think of a more foolish idea. This is unfathomable. Clearly this open back door is intended as a mechanism for IT support, the Genius Bar, for instance, to perform heroic recovery efforts in case a user has forgotten his or her passowrd or damaged the OS so that it can’t get past even the earliest stages of the boot procedure. To defeat this, the boot procedure can be configured to require a password for root access. This isn’t especially difficult, or, if done conscientiously, risky.

Defeating the other exploit, which uses Apple utilities to reset administrator users’ passwords or bypass them entirely, requires extreme measures: so far as I can tell, it requires that a hardware-level PRAM password be set. Mistakes setting the hardware-level password can be fatal, requiring the machine to be sent back to Apple. Forgetting the password will have similar consequences.

If you want to scare yourself silly, you can read about these exploits, which are well-documented.

Conclusions about FileVault 2

I conclude that FileVault 2 encryption only makes sense for a boot disk in Mavericks if the PRAM password is set and the boot process is configured so that root access requires a password. The root-access password is needed in case someone who knows the PRAM password attempts to start the machine in single-user mode.

How good is it?

If these measures are taken, what level of security is acheived? The disk will be safe from people like students who want to access their grades on a professor’s laptop; thieves who lift the mac and want to access personal data before selling the machine; or someone who finds a misplaced laptop with patient data or other confidential documents.

Now that quantum computers exist, commonly used encryption algorithms, notably the RSA algorithm, can easily be defeated. Physicist and cryptographer Alistair Kay explains:

from the moment the first quantum computer is turned on, all messages previously encoded with RSA will be readable. Any secrets that need to remain so after that moment, whether it comes in 10 years or next week, should not trust RSA now.

This permits access for university researchers, well-funded intelligence services such as everyone’s favorite, the NSA, and major multinational corporations. Quantum computing is expensive and requires rare expertise! If the US government wanted access to a machine protected in the manner I am suggesting, it would be simpler than using a quantum computer to compel Apple to access the PRAM password. I doubt that this is illegal under laws like the USA Patriot Act. No doubt the user him- or herself would be interrogated—low tech and probably effective!

The picture is a little rosier if the would-be snoops do not have access to quantum computing. Even top-grade decryption algorithms running on a cluster would probably still take a days or weeks to crack a good password. If the disk is removed and accessed on a machine booted from a different disk, if FileVault 2 behaves as it did in its pre-Mavericks state , the Filevault 2 password is needed.

 What’s the use of a password anyhow?

The reason to use a password is to restrict access to the email account, system user, confidential information, etc. Making it available to people that can’t be trusted defeats this purpose entirely. Almost every password-accessible user account online has a “forgot password” utility which provides the user and the user alone with the ability to reset his or her password. Even the system administrator is not permitted access.

Don’t forget the password. Write it down and put it in a safety deposit box. Make it memorable. Don’t share it. Otherwise, don’t bother using one in the first place. And by all means, and now I am talking to you, Apple, don’t make an OS that renders passwords useless!

New study provides precisely no evidence whatever for innate ideas

4 June 2011 § Leave a Comment

The headline of a recent press release by the Ecole Polytechnique Fédérale de Lausanne about a recent paper in PNAS (Perin R., Berger T.K., & Markram H: A synaptic organizing principle for cortical neuronal groups, p, 108 (12); link will download a PDF.),  reads “New evidence for innate ideas.” The kind of innate knowledge for which there is supposed to be new evidence is described as follows.

These clusters contain an estimated fifty neurons, on average. The scientists look at them as essential building blocks, which contain in themselves a kind of fundamental, innate knowledge – for example, representations of certain simple workings of the physical world. Acquired knowledge, such as memory, would involve combining these elementary building blocks at a higher level of the system. “This could explain why we all share similar perceptions of physical reality, while our memories reflect our individual experience”, explains Markram.

The “clusters” are “pyramidal neurons in the neocortex,” according to the article. The argument that the way these neurons develop is evidence that there are innate ideas is described.

When the scientists tested in vitro neuronal circuits from different rats, they all presented very similar characteristics. If the circuits had only been formed from the experiences lived by the different animals, the values should have diverged considerably from one individual to the next. Thus, the neuronal connectivity must in some way have been programmed in advance.

The argument is that we should expect different neuron clusters in different rats, because the rats had different experiences as the neurons developed. But what’s seen is that the neuron clusters do not differ from one another.

Hang on. Presumably we all have more or less the same “representations of certain simple workings of the physical world,” because everyone lives in three spatial dimensions and one temporal dimension, which always moves in the same direction; and the fundamental physical properties of medium-sized and large objects are the same everywhere. If something really big falls on something really small, the small thing will be crushed. I imagine the same is true for rats. I would think that rats live in a world poorer in diversity than we do. So it should be no surprise that the neurons that develop in response to the “simple workings of the physical world” develop the same in all the rats and probably all (normal) people as well.

The remarks about Locke are false, at least, within the discipline of philosophy. “Since John Lock [sic], about 400 years ago, research into how the brain learns and remembers has been guided by the belief that we start from a clean slate.” This is not true. Kant quite clearly indicated that he believed that there was some knowledge that we could not have learned through the five senses, but that we possess nonetheless. Querying the Stanford Internet Encyclopedia of Philosophy for nativism is a good place to start learning about the veritable flood of work on this subject in many disciplines.

Another point that’s important is that it most certainly does not follow from the claim that a trait is inherited that it is innate. “Innate” is fatally ambiguous, and should probably be retired. Paul Griffiths argues conclusively for this in a paper that’s available online (this links to a PDF file which will be downloaded immediately upon following it.).

Hannah J. Waters’s post on the duty to share

10 April 2011 § Leave a Comment

Hannah,

I started writing a response to your recent post about whether it is a duty to correct others in the domain of social media. The response grew and grew, so I decided to turn it into my own post. I hope that’s not a social media mistake similar to hijacking a thread on a mailing list. If that’s so, apologies, and in any case, thanks for such a provocative and insightful post.

I urge everyone to visit your blog at http://culturingscience.wordpress.com/ and to follow you on Twitter at @hannahjwaters.

As others have said, the person who refused to share was rude in the extreme. Instead of complaining that he didn’t want to give you his advice, he could have just given it, probably taking about the same amount of time. Or he might have posted a link or reference to a book. If he didn’t want to help, there’s nothing wrong with ignoring a request for more information.

Twitter is rife with misinformation. The idea that one ought to give a source for a quote or fact or check on whether it’s been reported correctly seems to have been forgotten completely. It’s a case of caveat lector: Twitter is a kind of massive bull session. I appreciate the presence of conscientious journalists such as Lizzie O’Leary (@Lizzieohreally), “budding Hildy Johnson.”

In fact, I think it is a duty to correct misinformation, at least some of the time. Here is the argument. Suppose someone has the goal of posting correct information on Twitter, the web, etc. There is a chance that this person will be wrong at some point, and would benefit from the help of others. So meeting the goal of posting correct information requires the help of others. But if someone refuses to help others, that person is making an exception for him or herself from the general practice of helping people. The person would benefit from accepting help and would probably accept it if offered, but refuses to act in kind, and if everyone did that, the aim of posting correct information would be defeated.

This is an excellent example of what philosophers call an “imperfect duty,” that is, a duty that requires someone to behave in a certain way some of the time, but not always, depending on how the person feels at the moment. It sounds like it might be an instance of the Golden Rule, but it isn’t. In the unlikely even that people want to hear more about this, I will be happy to share. :)

For instance, I take the NYC subway several times per day, most days. There is almost always someone who needs help carrying bags or a stroller up the stairs. I do help sometimes; sometimes I am just too rushed, or to tired, to really be of any help at all. Sometimes I don’t notice because I block out the chaos around me, so as to focus on making any progress at all through the station. Almost always, someone else helps the person. One time I will be that person and someone will stop to help me. So of course I am going to help someone now and again. So this is an imperfect duty because you are allowed from the point of view of duty to opt out if you don’t feel like following through. In contrast there are perfect duties such as not committing murder.

Visit http://plato.stanford.edu/entries/kant-moral/ (section 5) for more on this.

If I find a mistake in a Wikipedia article, or an ambiguous or unclear passage that would be excellent after a little editing, I will fix it. I think this is important because, like it or not, Wikipedia is the world’s encyclopedia. Most people do not have easy access to a library or any source of information that goes in depth. When I say “most people,” I mean most people in the entire world.

I like solving puzzles and thinking about writing and prose style, and I am curious about things generally—so why not share some information with someone if I have it, or increase my skills by shaping up Wikipedia prose?

If I had to start somewhere, it would be with the Huffington Post, which publishes uninformed tripe such as “A Kabbalistic View of Evolution,” the author of which does not seem to have even gone so far as having searched online for information about evolution. If he had done so, he probably would not have made many of the common mistakes about evolution that are corrected in many places online, such as UC Berkeley’s Understanding Evolution web site. It’s astonishing how many mistakes one person can make in such a short piece. Bloody hell. Which reminds me, I have to make sure the book reviews and articles at Evolution: Education and Outreach are moving along toward publication. Maybe someone will pick up an issue now and again. PS: our content will be free, after a one-year pay wall to non-subscribers.

Your critic’s response is instructive because it’s a good reminder that the wide net cast by social media brings in all kinds of people, some who won’t like you or what you are doing, and some who you won’t. An extra measure of tolerance is required as is a skin a little thicker than most people are used to having in their daily lives.

Your comment that the the Internet is becoming “a much more collective place” struck a nerve. There is a nice community of science bloggers and twitterers. I’d like to think I am contributing to that community. But there are some dangerous and alarming ways in which the Internet and the WWW in particular are closing down. Some parts of the Internet have always been the production of a collective. Usenet newsgroups and threaded mailing lists such as the TeX on OSX list, or the BibDesk users mailing list, are examples of this. It’s rare that a question goes unanswered for more than a day on these lists. Think of the arXiv repository.

In contrast, nowadays, .com sites are most frequently used: Facebook, Twitter, Google, flikr, Dropbox. What did people do before Google? They followed links from page to page or searched the news groups archive for a thread relevant to what he or she is interested in. The web and Internet generally were not navigable, unless one was prepared to rely on others’ choices about where to go. Yahoo! was a subject guide and index, its search engine being secondary. The .com sites exist for the purpose of accumulating capital for their owners, and if there is something useful to someone that comes out of the deal, all the better. The information these sites obtain from their users is enormously valuable, is not going to be shared with anyone, and no one knows what’s done with it.

I think that Malcom Gladwell has expressed similar thoughts in a recent New Yorker piece, but I haven’t read it.

It’s a phenomenon similar to the mass-production of organic food. I love Whole Foods, but it’s a corporate endeavor; to me, it’s the experience of going to a farmer’s market and eating what’s in season locally that’s important. Whole Foods has taken something I value and is now trying its best to sell it back to me at a profit. Facebook in particular seems to be creating a simulated WWW inside the the real WWW. “Finding someone online” has come to mean “looking for the person’s facebook page.”

I find it particularly alarming that the notion that Facebook or Twitter are reliable tools for conducting political mass action including coordinating protests or even military action seems to have been accepted by almost everyone with little or no suspicion. These corporations are beholden to no one. If it served Twitter or Facebook, either of these companies could easily make systematic changes to user data, or pass it along, or allow it to be monitored by anyone that will pay or otherwise contribute to the accumulation of capital.

Not so very long ago, there was quite literally a Federal case against Microsoft for restricting the user’s freedom to choose. The possession of user information and provision of services online by corporations does not seem to have provoked a similar reaction, among the general public, or on the part of government. Perhaps the reason for this is that there is no one who stands to make money from a successful lawsuit.

Perhaps WordPress.com is an exception. I don’t think WordPress.com is mining user data, but is refining the WordPress software, which reaps rewards for users such as myself who use it free of charge, and can change how it works in any way we want.

So I suppose my conclusion is, you really should consider it a duty to correct someone, or point to a resource if you think it might help other figure out something that someone said, or retweet a good tweet; and that giving away your knowledge and expertise for free is, paradoxically, valuable—not in monetary terms, but as a way of contributing to building an autonomous online community.

If there are any mistakes or ambiguities in this post I hope someone will let me know so I can correct them.

Where Am I?

You are currently browsing the Commentary category at The Shifting Balance of Factors.