Latest posts.

SFFCU is the best

The San Francisco Fire Credit Union is the best financial institution.

Wow, pretty big assertion there, eh? Yeah, and I mean it.

Not only do they have decently competitive interest rates, are a credit union, help the community, but they also send their members OpenPGP encrypted documents.

Let that sink in.

Yep, my credit union sends me documents encrypted to my GPG key. Well, they did once so far. This alone makes them the best financial institution around.

Let me rephrase: as they are already on the good end of the spectrum for most if not all things that financial institutions do, the GPG thing just puts them past the goal post. That’s more than other professions that care about authenticity do.

The story:

I sent a check to a previous landlord to cover some cleaning expenses (loooooong story there), and when they cash that check my stress level would go a TON down (again, long story). It was a long time until the check cleared on my bank account; about a month after I sent it. I wasn’t too worried about that part. I did, however, want to see/have a record of the fully executed check, ie: the scans of your cleared checks. I went to look for them but they weren’t there, though it was listed in the transactions for my checking account.

I fired up the 24 hour web chat help (which is AWESOME) and spoke with a nice person who told me that apparently my previous landlord’s bank had typo’d the account number and the check first posted against the wrong account at SFFCU. They noticed it and moved it over to my account. Hence the not normal representation of the transaction in their banking portal.

I asked if I could get the scans of the check and they said sure, they can send them to me via email or snail mail. I told her email. And then she asked:

“Do you use a PC or a Mac? That determines how send the encrypted file.”

Well shoot, I thought. I replied:

“Unless it is simply a password protected PDF it probably won’t work on my Linux(sic) computer. It’s ok, you can just send them via the postal mail. But if it was something like GPG, then it would be fine.” (paraphrased from memory, I don’t have the log)

She said she’d see about GPG but she’ll send it via the postal mail either way. This was on Thursday.

On Friday afternoon I received an email with the subject: “SF Fire Credit Union documents you requested”

The body:

Here are the GPG encrypted files you requested.

These were encrypted with the “public” key that you have posted on your website, so no password is necessary. Please call us if you need further information to access these files.

Thank you!
redacted
Member Elations Consultant
SF Fire Credit Union

Attached were two files with the names DocumentFront.pdf.gpg and DocumentBack.pdf.gpg.

“This can’t be” I thought. A quick gpg -d later and, what the…. yes. Yes they did.

This amazing person at SFFCU took the time to A) look at my email address B) notice it uses my last name as the domain C) go to the domain D) go to my about page E) find the link to my gpg public key and F) encrypt the file to my key.

Yeah, all things that probably anyone reading my blog could do without thinking. But when was the last time your bank did this?

The response I got when I told my friends via IRC was pretty universal:

flattr this!

A new year, a new hair cut

Before
Before hair cut

After
New hair cut

Full set of photos on flickr.

flattr this!

End of year crowdfunding

And by crowdfunding, I mean giving to worthy non-profits.

Here is my short list of organizations I plan to give to in the next week or two (alphabetically):

So far that is 7 organizations.

What have I missed? Obviously The Wikimedia Foundation, but I always feel weird donating to the org that pays my salary.

(Also, boy do I wish I could donate without being bombarded by solicitations for more donations. Let me decide, please.)

flattr this!

The medical congressional financial industrial complex

This year, during open enrollment, Carrie and I are planning on changing health plans (Kaiser HSA -> BCBS PPO, so we can do some catching up on health stuff). All changes need to happen by December 20th, 2013 for the year 2014 (starting on Jan 1st).

In doing my due diligence, I read the pdfs that our health insurance brokerage provides us. These pdfs have this bold text on the first page:

THE EVIDENCE OF COVERAGE
AND PLAN CONTRACT SHOULD BE CONSULTED
FOR A DETAILED DESCRIPTION OF COVERAGE
BENEFITS AND LIMITATIONS.

And, as well all know, ALL CAPS means the lawyers really mean it.

So, let’s go find the “Evidence of Coverage and Plan Contract” document, shall we? Oh, sorry, I can only view the 2013 versions of those documents (not the 2014 version, which is what will govern the plan for the year 2014, obviously).

I emailed our brokerage agent about this, and this is the response I got:

The 2014 Evidence of Coverage booklets aren’t available yet. The carrier has 90 days from the Plan Year effective date to provide them; however, they usually come sooner (we’ll probably see them by the end of January). As soon as they are available, they’ll be posted.

Let me get this straight.

1) I must choose by Dec 20th, 2013
2) ALL OF THE INFORMATION I have on the plans say to consult the official plan contract as the summaries are not binding.
3) Those official plan contracts are not made available until at least the end of January.
4) The insurance companies aren’t legally required to provide them until 90 days after January 1st, 2014.
5) I must then preemptively agree to be bound by a contract which I have not yet seen and will not see until it is too late for me to change my decision.

How the hell is the a “meeting of the minds“? How the hell is this legal AND legally encouraged?

flattr this!

Privilege isn’t what you’re fighting

Thesis: Anyone can have impostor syndrome for any number of reasons. Privilege is orthogonal to how one feels about themselves.

Thesis2: Anyone can be depressed for any number of reasons. Privilege is not a deciding factor.

Summary: The trend to bash on “privilege” is ill targeted. Bash on people’s actions. Bash on their misconceptions. Bash on their hurtful words. But their privilege? That’s just tilting at windmills. “Privilege” will never go away AND it is not the cause of the thing you are fighting. The world is a bit more complex than that, thankfully.

[EDIT added at 2013-12-20T00:38:25+00:00]: The cause of the thing you’re fighting is the environment which gives rise to that privilege. Maybe I’m splitting hairs, but:
Please don’t attack my whiteness or maleness or (very) not poorness. But the fact that those things, a priori, give me a helping hand (whether I ask for it or not, or whether I even think about it or not) is not how a just society would work. Let’s fight that.

flattr this!

Usability of real things

#quickpost

I’m not a huge fan of the keyboad on the new Thinkpad x230 work got me. It’s a great computer otherwise, but it is true: the trajectory of the Thinkpad keyboard is going down hill.

Seriously, the PgUp and PgDn keys are reversed from what the intuitive choice. The fact that I can’t Fn+UpArrow to do PgUp is stupid (it was the behavior on my x200s). The row of Home/End/Insert/Delete doesn’t make any sense as well. And why is the Delete key bigger than Insert/Home/End? Are we a mac keyboard?!

Usability is apparently only for things on the screen, not the input devices. They are just supposed to look purty (eg: apple keyboards).

We put so much fucking time in to figuring out how much mental energy it takes to recognize an icon, but acknowledging the fact that our fingers are different lengths (as in, index is diff than middle): NEVER! Fuck ergonomics!

flattr this!

Emergency Message!

How I read the US Embassy in Iceland’s warning about the Chelsea Manning protests:

“Stay away if you’re a god-fearing American, cuz we’re recording everyone’s faces and will red-flag dem sumabitches faster than you can say ‘fourth amendment’, got that? Freedom ain’t free.”

flattr this!

Looking for: “The” “best” encryption guide

After a week of remodeling going on at the work office, I come back and find that my laptop is missing (we’ll just assume stolen at this point, really).

Right not I can’t do much but fret about what was wrong with its setup (the most wrong probably being the lack of full disk encryption because it was a work issue Dell XPS with Ubuntu preinstalled that I didn’t have the time to reinstall with Debian). All I can do now is hope that the people who stole it aren’t identity thieves as well. If you start to see random posts here, well….

What I need now, for when I get my replacement laptop, is a well thought out plan for how to do encryption/security right. What I’m thinking is:

  • For my GPG subkey I use for signing, do xyz
  • For my GPG subkey I use for personal encryption (password files etc), do zyx
  • For my GPG subkey I use for automatic personal encryption (backups), do yxz
  • For my ssh key I use for remote server access, do zxy
  • For my ssh key I use for automatic remote server access (backups), do yzx
  • etc

For all of these, the xyz could include things like “store on an encrypted volume usb key that never leaves home” or some such. In other words: I want to do this the right way. In the places I cut corners (ie: automatic backups) I know I’m cutting corners and thus those things have limited reach/use.

Dear helpful security crypto web: Where is that guide or set of guides?

EDIT:

I’ve started a wiki page to track my findings. Please email me or comment here if you have any suggestions!

flattr this!

Why cryptographic signatures isn’t the way to crytography adoption

#quickpost

I’ve been mulling around the idea of more wide-spread crytographic use. One thing that I see as sorely lacking in current popular/professional culture is verifiable electronic signatures. The Adobe stuff seems wrong to me every time I use it as an end user (read: see it on some pdf; I’ve never actually generated a signature with it).

But verifiable electronic signatures is something us geeks figured out a long time ago! So simple, really. Just get all those law firms and law schools to teach their lawyers and paralegals how to use GPG and BAM! a gigantic WOT for law system users. And then, businesses would start adopting it (since their lawyers use it) and then… and then….

But, it appears to me that lawyers don’t actually care about verifiable electronic(ly communicated) signatures. The recent court cases involving Prenda Law (copyright troll) are proof of that. It all comes down to some argument in a court room with a bunch of he said/she said. I think they must like it this way.

Does anyone reading this know of a lawyer (or someone represented by a lawyer) who has used GPG to sign a document and had that document used in the court of law?

So, that’s all to say that lawyers won’t be the way to getting more widespread use of crytographically secure digital signatures, even though they’re a great use case for them.

flattr this!

A culture of hate

Today I broke up my first playground bully fight as a dad. It involved blood (the bully drew blood on two others; mouth punches). They were probably around the age of 9.

I could have, and should have, stopped it before blood was drawn, but I didn’t know it was real and I dislike being “that dad” who checks in on kids who end up to be truthfully just playing; maybe I’ll have to be that guy more often now.

I will go to sleep tonight running through all the different potential scenarios and how I should have handled it; kicking myself.

It all brought back the horrible memories of being on the receiving end of that stuff. It’s also why I join TaeKwonDo at the age of 8 when I lived in Texas and became a 1st degree black belt in 2 years. But it’s also why, when I moved to Missouri and joined a much more fighting-oriented club that I quit (the teacher was a female kickboxer who routinely fought in male tournaments).

I like sparring, but I hate fighting.

As Carrie and I were putting Rowan down to sleep 30 minutes later (we were at the playground for a nice after dinner excursion) we talked about what happened, how it was affecting us, and then, generally, the culture of hate we live in.

I don’t know the root causes and I have no cures, but we all really sincerely terribly positively do need to work on reducing the hate around us. Without us all working on it, it won’t happen.

flattr this!