Tuesday, November 01, 2016

On the Topic of Private Email Servers

I would like to explain for the common people of the United States why it would make sense for someone to use a private email server setup on a laptop.  Much has been made by the Republican Party of HR Clinton’s choice to do so, with people calling her a traitor for doing so.  I have always found these accusations to be absurd.  Why?  Because there are valid and legitimate reasons why in the interest of national security someone in intelligence would want to have available and make use of a private email server.

I will explain to you why this is so based on solid technical expertise, and then ask you to form your own conclusions. I'm trying to provide enough technical information without dumbing things down, but I have attempted to simplify certain concepts.

My Credentials
This is based on my 25 years of expertise in software.  My expertise covers operating systems from Windows 3.1 to Windows 10, programming languages starting with C, C++, Java, and then C#, as well as experience programming at the network-stack level on operating systems.  Configuration of firewalls, design and configuration network architectures, network server configuration, and experience at multiple levels of network communications between computers.
I also have experience using Linux and have configured my own private email server before in Linux.  I have also had opportunity to work with, as a contractor, government and quasi-government organizations and law enforcement agencies, and have seen first hand how backward and antiquated their policies and  processes are, and the resultant technology is.  In addition to all of this, while I don’t work in the field of computer security, I keep up with all the articles on all the latest security issues, new viruses and hacks, exploits and so on, as a matter of my own ongoing continual professional development.

First Some Basics in Hacking
The one thing that is always essential in hacking is this: knowing the IP Address of the computer you are attempting to hack into.  All computers, when connected to the Internet, have a unique address that allows all communications to reach them.  Without this address, it is not possible for any internet messages or communications to reach that computer.  This address is unique each time the computer is plugged into a new network.  When your computer sends messages out, the computer on the other end (yes, there is always a computer on the other end) learns the IP address of your computer in order to send a response.  Your computer maintains a cache of IP addresses it knows and can connect to also.  This cache can be manipulated and modified locally by an administrator logged into each local computer.

How a “hacker” would spy on a computer?  A hacker has software that spies for them.  The hacker must tell it what IP address to spy on.  Without knowing the IP address to spy on, there is no possible way for the hacker to spy on that computer.

(There will be some that dispute this saying: “what about knowing the MAC address?”  But the fact is that the MAC address, which is generated by hardware on your computer and “technically” cannot be changed, is easily changed with various software packages that allow the IP Stack to spoof MAC addresses.  So that’s not a valid argument.)

In a nutshell your computer needs to know the IP address of any other computer it talks to, listens to, or spies on.  It is an absolute impossibility to spy on a computer otherwise.

How this works in real life:  You plug your computer into your internet at home or work.  (Or you turn on the Wifi.)  Your computer talks to a server that gives you an IP address.  At home this “server” is probably software running on your Wifi router or a device given to you by your Internet Provider.  Usually, in the office environment, or at home,  your server will give you the SAME IP address every time.  Keep that in mind.  It will be important to consider later.

Now that your computer has an IP address it can talk to other computers.  You’ve launched your web browser and it is trying to get to www.google.com.  Your computer still knows the IP address from www.google.com from the last time you used it.  Your browser sends a message to www.google.com saying essentially “show me your web page.”  The server at Google your computer is talking to thinks, “sure” and grabs your IP address and sends a web page back to your computer.  Your computer catches this message and displays that web page in your browser.

If you have an email client like mozilla, or outlook, or some other email client (rather than using email in a browser like gmail or hotmail), something similar happens when you launch that email software.  The email software is configured to know the name of your email server.  It sends out a message to it’s server: Give me the IP address of mail.mycompany.com.  It gets this IP address and now it can talk to that mail server.  It sends a message: give me all my new emails.  The server on the other end sees  your computer’s messages and starts sending all those mails to your computer’s IP address.

The computer's IP address is key to ALL such communications between computers.  Whether you are logging on in a chat window, or launching an online game, or going to a web page, or fetching your email, it always works the same way.  Your computer contacts some server by knowing its IP address, and that server replies to the IP address that contacted it.  Essentially all computers know nothing about one another except for their IP address!

One more important consideration.  As I mentioned before, when you plug in your laptop at home or at work, most likely you are always getting the same IP address.  But even more important is this: the important servers out there in the world ALWAYS have the same IP address.  The servers generally have to keep using the same IP address or else connections to them would not know where to find them.  Servers can sometimes change IP addresses but it is rare and infrequent because it causes disruptions in internet traffic.  It usually only happens when there is some major server upgrade at the company providing the servers.

How This Relates to Spying
Now that you’ve got the basic concepts of internet communications down, consider this:  because messages are traveling across the internet between computers it is possible to spy on those messages.  But your spy software has to know an IP address of what to spy on.

It is easy for hackers to create spy software and make it available for other hackers to download.  It is easy because all the internet traffic out there is public.  It is easy to spy on something that is public.  It would be much like setting up a video camera by the side of the road in order to keep track of all the cars that go by.  But there is an insane amount of data traveling around the internet.  It would not be possible even if a computer could capture everything to keep track of it all and sort it all out.  In fact, all the storage space of all the computers in the world would not be enough to store it all, because unique messages are generated constantly between computers, multiple computers by the millions requesting the same data, and so on.

The only way for a hacker to actually spy on any computer is to know that computer’s IP address.

Let that sink in for a while.  This is the most important thing I’m going to say here.  You really need to understand that.

So for example, spy agencies all over the world try to spy on key servers.  For example, probably every country in the world is attempting to spy on the traffic that goes to mail.nsa.gov (or whatever the mailserver for the NSA is called) or mail.irs.gov, and so on.  What prevents the spy agencies from being successful (theoretically) is that all these messages transmitted are encrypted.  When you use the https:// prefix before a web page, instead of just http:// your data is being sent encrypted.

But they are still able to capture that data.  Anyone can capture that data. They can capture it and then set their little armies of software engineers onto the task of cracking the encryption.

We have seen that every few years slightly harder levels of encryption are cracked, and so the encryption levels need to be increased again.  We see time and again various viruses or malwares taking advantage of exploits in these layers of encryption.  Encrypted traffic is not and can never be 100% safe.

So, let me back up to something I mentioned earlier.  When you are at home or the office and you plug in your laptop, it gets an IP address, but usually the same one it always gets.  Home and office networks are designed that way to make it quick to get on the internet.

But when you are in a public place: a library, a bookstore, a coffee shop, a hotel room, and so on, your computer gets a DIFFERENT IP address every time it plugs in.  There is no possible way to spy on a computer like that because the hacker’s spy software cannot possibly know your IP address, or what it will be from one time to another.

Let that sink in again, please.

Let me replay this all in the form of an analogy: let’s say at home I have a very secure room full of all my treasures.  A single key unlocks the door to this room.  Let’s say that somehow for the sake of argument the walls of this room are impenetrable.

If I put that key in a safe, all a person has to do is crack the safe and get the key to enter my treasure room.  But let’s say instead I have a giant bucket of 100,000 keys.  (Not every practical, really, but it illustrates my point.)   I know exactly what my special key looks like based on coloration and shape.  So I can just toss my key in that bucket and pull it out to open my secure room.  This is called security by obfuscation.  Depending on the circumstances it can be a much better form of security that security by a passcode.

In case I am not making my point, let me put it in more practical terms:  

If I fire up my email client on my laptop, that email client is going to connect to some email server at a static (non-changing) IP address on the internet and send and receive email.  This can be easily spied upon but it would be difficult to decrypt the data.  Difficult, but possible, because the data is being spied upon and captured (no way to avoid that as it travels over public conduits) it just needs to be decrypted.

If I have my own private email server running on my laptop, what would happen instead my client software would connect to my email server (without ever going out on the internet) and send and receive all my email.  But then that email wouldn’t really be transmitted across the internet until I plug that laptop in: at a coffee shop, hotel room, library, etc. When I do plug that laptop in, the email won’t be transmitted to mail.nsa.gov but instead transmitted to other individual email servers all over the world, and sometimes through various proxies.  Why?  Because I’m not using mail.nsa.gov to send my email, I’m sending it through my private email server.

Because my laptop is going to get a unique IP address the moment I plug it in at a coffee shop, there is no way to spy on this laptop.  Because the email server will send these emails to other emails servers all over the world, there is no way to spy on this email traffic either.  You cannot guess what email servers, routers, or other network infrastructure components will be used sending these emails.

And, if my email on my private server is also encrypted, this makes it even more impossible to spy upon.

Please Draw Your Own Conclusions
Now that you know more about the way the internet, computer communications, and email transmission works, I ask you to draw  your own conclusions.  Has one political party made a huge controversy about these things because of their own ignorance or deliberately with malice to try and tip the scales in an election?  Because I’m a good guy, and have worked for the government on contract before, and have personal knowledge about the level of sophistication in our government IT policies and infrastructure, I’m going to go with “stupid.” But you draw your own conclusions.

It could be that government policies were broken by someone using a private email server.  I have no idea.  The cops break the law every time they exceed the speed limit to go to an emergency, and yet I don’t care.  Our government internal policies and processes are dozens of years out of date, embroiled in red-tape, and so on.  Why should I be surprised when someone breaks them?

But in my opinion is it absolutely and with definite certainty not “betrayal” of our country.  And there are legitimate reasons why someone in government (especially someone responsible for national security) may wish to put a private email server on their computer.  

Thanks for reading and I hope you take this to heart.

Wednesday, March 23, 2016

To Bern or Not to Bern

To Bern or Not to Bern,
That is the question!

I've compiled a list of reasons people don't want to vote for Bernie Sanders so that I can provide some information systematically, rather than the random way conversations develop, often as gut reactions to informational posts, on Facebook and other social media.

A few caveats:  If I think there is plenty of evidence that your "reason to not vote for Bernie" is unfounded I will post what evidence I can.  But if I can see that we disagree fundamentally about some issue, well then I'll simply post that I disagree.

The purpose of this post is NOT to convince you to believe differently than you do.  You believe your way, I believe my way.  Let's leave it at that.

The purpose is to encourage those who DO believe in the things Bernie stands for (or some or most of them), but are reluctant to vote for him because they "don't think he has a chance."

After requesting people to tell me why they won't be voting for Bernie, I've come up with the following list.  Some of these are mine as I got a lot less input than I expected:

#1:  He's going to up our taxes!

(Related to that are:  "His economic ideas will ruin us" and "We can't afford socialized Health Care" and "We can't afford to send everyone to college".  I will make these sub-categories to #1.)

1a) His economic ideas will ruin us
I am no economics expert.  You know what, chances are neither are you.  The fact is that economics is like religion: you can believe what you want and find all sorts of evidence to support it.

The fact is there are plenty of economics experts at top universities, and some hired by magazines, news networks, etc. who believe Bernie's Sanders economics ideas are sound and will benefit our nation:




So, if you believe that the experts all say his plan will ruin us, you are wrong.  If you think you personally understand econmics better than an expert, go ahead and believe what you want.  But we have never seen "trickle down" economics trickle down!  If we have seen it trickle down, then tell me please why the rich keep getting richer and the poor, getting poorer.  And by the way, don't fret over the middle class.  "Rich" here means you make more than $250,000 a year... see below.

1b) We will have to pay more taxes!
Again most likely not true.  All of the money experts who have crunched the numbers can show on paper that he can pay for everything he says he wants to do without raising taxes on people unless they make more than a certain amount of money.  I've seen articles that put this figure as low as $190,000 and articles that put it around $250,000 a year.  

You wont be paying more taxes unless you make $250,000 a year!  Period.  So stop bitching and griping.  And if you're my friend and you actually make more than $250,000 a year, then guess what buddy:  next time we hang out you're buying.

Frankly if you make more than $250,000 a year you should be paying more taxes.  And the more you make after that, your tax rates should go up, not down.

Here are some of the financial experts who have crunched the figures and made those calculations:



Now, again, maybe you are better at crunching numbers than people who do it for a living.  Maybe you are better and making calculations and figuring out budgets than people who have all the facts about how much money the IRS rakes in every year and where it all goes.  But I defer to these experts, and what they are saying makes sense if you only open your eyes and look at what's out there in the world (plenty of countries not as wealthy as our country who DO take care of their elderly, their sick, their poor, etc.)  Yeah, try and convince me our wealthy nation cannot afford that?  Well, the only reason our wealthy nation cannot afford that is because our government steals from the poor and gives to the rich.

Time for that to end.

1c) We can't afford socialized Health Care

By this point I'm getting repetitive here.  You've heard people ask the questions:  how can Canada, most nations of Europe, most nations everywhere afford it then?  (Oh, maybe because they don't spend billions and billions of dollars on high-tech aircraft that don't work?)

You could also mean "we can't afford it" in the sense of: it will be a lot worse than privatized health care.  The fact is: privatized health care will continue to flourish in our country and the wealthy will be able to get what they want to pay for.  What we are talking about with "socializing health care" is giving the opportunity of health care to those who cannot afford to pay for it.

Under Obamacare:

  • people who could not get health care now can (I know many of them personally)
  • people who could only get crappy health care through stupid employers can sometimes get slightly better through Obamacare
  • people who get excellent health care from their employers continue to do so
  • the insurance companies and the medical supply companies are making record profits (I have friends who have a medical supply business and they have had to expand by a factor of about 5 to 10 times their previous size because of Obamacare)
  • the economy hasn't been ruined because of this

We can afford to continue to go in that direction, or having something similar to Obamacare but slightly better.

1d) We can't afford socialized Education

Basically, the same thing goes here as what  I said about health care.  How can all the other nations of the world afford to pay for college for their youth and we cannot?

Did you know that by making college unaffordable for millions of U.S. youth we are actually making it so that our country has to bring in immigrants to fill jobs here?  In the technology industry, for example, there are not enough U.S. students in universities in our country currently getting degrees in technology to fill more than about half of the job openings we will have when they graduate?


I personally know many young people who were perfectly capable of going to college in terms of grades, but ended up working full time someplace instead.  Or working full time and going to college part time.  Going to college part time is a bad idea as most people eventually quit and don't complete their educations due to the high stress and "life" getting in the way.

By not paying for our students to go to college we are giving all the other countries around the world an advantage to be economically and technologically superior to us.  We cannot afford to not pay for our young people's college educations.

#2:  Many Americans feel it is time to get elect a woman as president

This was offered as another reason not to vote for Sanders.

To be frank, can you not see what a silly notion that is?  Sure, if we elected a woman as president it would be "about time."  Same thing for electing a black man.  But to vote for Obama only because he is black, or for Hillary only because she's a woman:  that is beyond ridiculous in my thinking.

Perhaps it wouldn't be if all the candidates were "the same" in terms of ideology or being "a part of the system" and so forth, but they aren't.  There are acute differences in platform and ideology between Clinton and Sanders.  Vote ideology, people.

#3:  "He says it's more important to care and treat well the least among us, but it's ok to terminate unborn babies."

Sorry, I won't take the bait here to launch into a discussion of Abortion and Woman's Right to Choice.  There are already plenty of opinions on this and many of them fanatical in both directions.  You don't need mine.

I would like, however, to suggest thinking of this as an aspect of democracy rather than morality.  Is it legitimate for the government to make something illegal that the majority of people do not think should be illegal?  Of course, your religion has the right to consider something immoral.  But your government?   

Of course, how much government control there is of anything is a heated issue.  I'm generally against government control of things, unless it is the government taking care of its people:  roads, utility infrastructure, public safety and health, education: in my opinion these are all basic things the people of a nation needs in order to make that nation strong and successful.  I personally prefer not to see the government controlling much else.  We should have as free a society as possible.

But I can offer no specific notions, news articles, resources, etc. about #3 except to say that "treating the least among us well" is an unambiguous thing, whereas abortion is not, at least not in the eyes of the vast majority of citizens.  Unfortunately we are learning this election that even "treating the least among us well" is not a universally accepted standard in our country, but my hope is that when the dust settles we'll see the vulgarity of bullying, racism, sexism, etc. has but a tiny minority of adherents.

#4:  "He's not as entertaining as Trump."

Even though it seems silly, I'm taking this notion as seriously as the others.  Why?  Because in all my bar and coffee-shop hopping, and talking with random people and strangers and so on, I've actually found this to be the MAIN reason people like Trump.  They don't believe in any of the things he is saying.  But they like him because he's bold and entertaining.

That's a very unfortunate point of view, probably so common because of the way people have begun to love reality TV shows and are now getting fantasy (reality TV) confused with actual reality (what happens in the real world and politics.)  The only reason people think this is because they've never had to live through war and suffering and difficulty: never had to endure a nation where ideas like Trump's were prevalent.  We forget too soon the consequences of such people ruling our nations.  "Those who forget history, are doomed to repeat it."

.... And my favorite:
#5:  "He Cannot Possibly Win"

This is probably the most common reason I hear people saying they support Hilary over Sanders.

I mention to them that most of the young people in the U.S. between ages of 18 and 30 support Sanders, and those same young people can't stand Hilary.  And they always say the same thing to me:  "yeah, but historically those young people don't vote."

Well, this time around, I beg to differ.  Why?  Because they are turning out in droves to Caucus.  They are turning out in droves to rallies and other events.  They are getting involved in politics like they never have before.  Trust me:  if someone goes to rallies and caucuses, and other political events, they're going to vote.


Also, most of the polls that have been taken show Sanders beating Trump by a wide margin, and Hilary beating Trump just barely.


Not only "can he" win but he has a much better chance of winning than Hilary.  So if it is all about the "lesser of evils" for you this election, then even in that frame of mind, Sanders is your man.

More and more people are coming out and endorsing Bernie Sanders.  They are doing this because they not only believe in his platform, they believe he can win:



And more and more people are packing huge stadiums like NEVER in the history of presidential elections in the United States, to see and hear Bernie:



I think the "cannot possibly win" argument is only valid if you have become a complete fatalist about the U.S. governmental system, and if that's the case, I'm deeply sorry for you.

Bernie sanders can win, and he needs your vote at Caucus this Saturday, and in the general election to do it.