Rants

How Nest, designed to keep intruders out of people’s homes, effectively allowed hackers to get in [Washington Post]

This article from the Washington Post is a truckload of bullshit for a few reasons.

1) The author of the article does not understand the definition of “hacking”, or in this case “security hacking”.

If someone logs into one of your online accounts, such as your Nest account, because you use a shitty password or you use the same password over-and-over again on many websites, that is not security hacking.

Hacking is the process of gaining access to a protected system through the exploitation of bugs or other system vulnerabilities. Simply obtaining someone’s account password and then logging into their account is not hacking. It is certainly unauthorized access of an account, but it cannot be called hacking.

2) Nest provides two-factor authentication for their accounts

“Software designed to help people break into websites and devices has gotten so easy to use that it’s practically child’s play, and many companies, including Nest, have effectively chosen to let some hackers slip through the cracks rather than impose an array of inconvenient countermeasures that could detract from their users’ experience and ultimately alienate their customers.”

BULLSHIT. That quote is complete and utter bullshit.

Nest has allowed its users to turn on two-factor authentication for their accounts since early 2017. One could easily argue that Nest was late to the game in providing this feature, but to say that Nest has “effectively chosen to let some hackers slip through the cracks” is a straight lie. Once you turn on two-factor authentication for your Nest account, no one can access your Nest account unless they also physically steal your phone. What more do you want? A Nest employee to visit your home to physically verify your identity???

3) The login process is not examined when companies try to reduce friction for their users

“Nest could make it more difficult for hackers to break into Nest cameras, for instance, by making the log-in process more cumbersome. But doing so would introduce what Silicon Valley calls “friction” — anything that can slow down or stand in the way of someone using a product.”

This author does not understand how “friction” is considered by companies when they design their products. Companies want to avoid friction when it impacts their bottom line. Friction encountered when logging into your account does not, for the most part, affect any company’s bottom line. Sure, you need to be able to access your account, but as long as you’re able to login, almost every company will consider their login process acceptable.

Companies only want to avoid friction for their users when it impacts their money. Checkout processes, search features, and product detail pages are some of the areas where companies invest their resources in reducing friction. They want it to be as easy as possible to give them money or engage in the activities that generate revenue, such as seeing more ads as you use Facebook. Login processes are not part of this thinking. Account creation processes are, but once you are a user you’ve already been captured. The company does not need to spend its time thinking about how you login to your account once you are a user. As long as you can login, the company is satisfied.

This author seems to believe that companies are responsible for the ignorance and stupidity of its users. Following this same line of thinking, car manufacturers are responsible for all of the accidents caused by the drivers of its cars, knife manufacturers are responsible for the injuries and deaths caused by the users of its knives, and water utility companies are responsible for all the drownings of its water users. This line of thinking is unreasonable and senseless. If I am robbed while walking down the street, I don’t blame some company for failing to protect me. Rather, I blame myself for failing to take the necessary measures to prevent or minimize the possibility of a robbery. I am responsible for my own security. Companies cannot be held responsible for the world of stupidity that its users engage in, such as using the same passwords all over the internet.

This article is obviously a hit-piece designed to portray Nest in a negative light, but whatever the author’s intentions, it is irresponsible journalism to lie to readers about the facts which describe Nest’s login process and account security features.

You wouldn’t drive a vehicle without first learning how to drive it. You wouldn’t purchase a pet without first learning how to take care of it. You wouldn’t travel to a country without first researching what it’s like to visit. The exact same lesson applies to the internet: Do not go registering online accounts without first understanding what the fuck you are doing.

Vallejo’s police chief has decided to retire at the rather young age of 50. His retirement pension: ~$19,000 per month for the rest of his life, which is over $200,000 per year.

If that’s not disgusting enough, because he unexpectedly announced his retirement without allowing the city council to find another chief, the city is forced to re-hire him as interim chief while he is at the same time collecting his $19,000/month retirement pension. Of course he’ll be paid for this interim work at the rate of roughly $20,000 per month. This means that the police chief will earn $39,000 per month, half of which he gets for doing jack shit.

I’d say this is absolutely wrong, but I have to remember that I live in the United States where nothing is holier than a police officer. All praise the men in blue.

Vallejo police chief will walk away with a pension worth about $19,000 a month. But wait, there’s more … [SF Chronicle]

While Trump rages from time to time about leakers and whistleblowers, it was the Obama Administration who prosecuted them. In fact, do not forget that the Obama Administration used the Espionage Act to go after journalists more times than all other administrations in the history of our country. Of the 13 people who have been prosecuted under the Espionage Act, 8 occurred under the Obama Administration.

Thanks to some complex, garbage legal language, some cops from Fresno, California who stole over $225,000 while executing a search warrant are being protected from a lawsuit filed by the people they robbed.

What does this mean? Well, the corrupt cops get to keep all of the money they stole and they will suffer zero negative consequences for their actions. There will be no investigation into their actions. Because they were police offices, they are above the law.

In the United States, police are the holiest form of human being. It is as simple as that.

California Cops Who Allegedly Stole Over $225,000 Can’t Be Sued, Federal Court Rules [Forbes]