Month: April 2017

Personal: An Emotional Postmortem

Posted on Updated on

This post is deeply personal and is being shared publicly only to allay concerns and miscommunication with my peer group since 2015. Content is unfiltered and may not contain appropriate warnings.

What happened?

In late 2015, I separated from long-term previous roommates, whom will not be named here. The emotional trauma of that separation, contributed to by repeated miscommunication and an aura of suspicion and defensiveness, caused me to have a prolonged, low-grade emotional breakdown that concluded one year later.

This postmortem is to give insight into what happened to me, why I acted as I did, and why I chose to separate myself from my friends as I did, so I can move on with my life and give closure to friends both current and former.

Why are you (the author) choosing to talk about this now?

Because people are still understandably afraid of me after I emotionally collapsed inwards and pulled away from most people I care for. I’ve tried writing this several times before and could not explain it succinctly or well (at current tally, I have over a dozen separate drafts in WordPress alone over the past 12 months).

Emotional issues, especially those of trauma and mental health, even those of temporary emotional breakdown, are difficult to discuss openly without inviting attacks or eroding one’s own credibility.

I feel it necessary I discuss this to help rebuild trust with people I care for. Having one open central document seems like the most efficient method of doing so.

What caused you to emotionally break down?

Extreme suspicion and anger directed towards me in a situation that was extremely socially precarious and, in many ways, toxic. Tension had already been building prior to this occurrence.

After I had been given multiple assurances that I might be moving into a new home with my previous roommates in 2015, a single individual of that collective triangulated me by telling me otherwise, then repeatedly silenced my concerns and dissent.

This led to an extremely unhealthy dynamic of escalating tensions that led to me fleeing my home temporarily (in August of 2015) to relieve social and emotional pressure. This person’s influence also led to my being suddenly and forcefully ejected from an arrangement I believed I was a part of (I would thereafter fall back to my original plan, moving into a house with a different good friend of mine) and a flotilla of rumors about what had transpired. Many of these rumors and speculation centered on my alleged attempts to emotionally harm my then friends, which were and remain flatly untrue.

Several months and one house purchase later, after a long hiatus and separation from friends to let the matter cool, I was invited to attend mutual gatherings of friends whom I had not seen for some time due to the complexity of these issues. To allay potential upcoming social friction, I chose to approach the same individual that had triangulated me before in good faith, to apologize for my part and to own up to my own poor behavior.

This apology backfired. I attempted unsuccessfully thereafter to approach the friends running the gather for advice. When this too backfired due to ongoing unaddressed suspicions from the community, I fled that community — and subsequently emotionally broke down on Twitter, causing friends to (understandably) distance themselves from me further.

Why did you go into hiding?

At this point, I chose to part with my entire community and contingent of mutual friends to give myself space and emotional bandwidth, as well as to distance myself from alleged rumors that I was attempting to cause harm. Full separation seemed to be the best and only course of action here, as any action or inaction on my part could easily be misinterpreted as proof of alleged wrongdoings that I, myself, did not even have full information on.

This was not easy. After assessing the situation at the time, I chose to make this change public. I also chose to provide a private account of what happened to mutual friends, so they could better understand what I was dealing with.

However, I failed to respect just how much I had pushed myself and how much I could emotionally handle. Without the support of my community, with two therapists themselves utterly paralyzed by the complexity of this issue, and with multiple barriers to effectively using a private account, I chose to unpack this issue publicly on Twitter to relieve mounting emotional pressure. This led to my being — understandably! — called out for making the matter public, and directly led to my subsequent temporary resignation from the service for the entire month of September (2016).

Since that time, I have pulled back considerably from most of my friends and chosen to not speak about the matter at all, until I could do so in a manner that was effective. I feel that I have recovered enough emotional stamina to be able to do so here.

Did you really try to [harm anyone’s relationship, take advantage for personal gain, or add rumor here]?

No. In fact, the very allegation is what caused me to back off so much and give people space away from me.

How could this have been handled better?

I’m not entirely sure. More experienced counsel and a process to have handled this within my community would have helped tremendously.

I used every tool I had available to privately and professionally handle this situation. I certainly should not have disclosed it publicly on Twitter — though please understand that the disclosure is an outgrowth of several key communication and procedural failures leading up to what eventually became public.

I choose not to address what could have been done better by other people here. That is their own personal business.

Please forgive me for pulling back so far after accusations of bad faith were leveled at me. To not interfere with an ongoing romantic relationship I was accused of straining, I found it best to sever all ties to prevent any allegations of meddling.

Most importantly: the presumption of good faith was and still is needed. I am terrible at explaining all this, terrible at drama, terrible at complex social relationships, terrible at managing the individual emotional anxieties of a chaotic community, and terrible at emotionally handling being thrown into a triangle dynamic that broke longstanding friendships I cared deeply about. Please understand that I am true to my word and sincerely want my friends to succeed.


For reading this. I’m sure this does not make a whole lot of sense to people not involved, but to those that are, understand that I did my very best here to navigate one of the most socially treacherous situations I have experienced to date.

Please understand, despite all appearances from having pulled away and isolated myself, that I do care. I did not want to make things worse. This is why I chose to step away.

I sincerely apologize to anyone that I scared or made fearful, both for the lead-up and for having publicly emotionally broken down last year. I really did try to do my best. I’m sorry.

With that said, I’m not going anywhere. If any of this is helpful or needs further discussion, please feel free to contact me privately — on Twitter, on Discord, or on Telegram if you already have that contact. If you do not, please feel free to ask for my private contact on public Twitter.

Thank you again for reading.

A Layperson’s Guide to the Trump-Russia Scandal

Posted on Updated on

Content warning: politics, for pretty obvious reasons.

First, some boilerplate: The primary audience for this article is US citizens that desire a synopsis of what is happening in government, as well as for friends looking in from other countries that would like a succinct summary of what is happening in the US, up to this point. For day-by-day reading, I recommend sources like WTF Just Happened Today for a sourced accounting of what we know so far.

Please note that I am not a lawyer, nor do I have any specialized prior or current expertise or knowledge beyond being technically literate and employed in the civilian software industry in the United States. The views and interpretations that follow are my own, do not reflect those of my employers past or present, and are based upon evidence available to anyone. Where possible, links are provided.

Due to its highly mutable nature, Wikipedia is not used in any source for this document.

Welcome to what is likely the biggest political scandal in modern US history. It seems as if every day, some new shred of evidence or metaphorical shoe drops more damning than the last. The evidence is dizzying, almost impossible to keep in context even for American citizens following it daily, and this is before considering the scale of the disinformation campaign being levied both domestically and abroad to muddy its understanding and distort truth.

What follows is my understanding of the information reported so far, according to public documentation available to US citizens and sourcing provided by moderate news agencies in the United States (such as articles from the New York Times and the Washington Post), erring on the side of left-leaning. This does not include far-left or far-right sourcing, nor does it include anything with “alt” in its title, as most “alternative” sources of media cannot be used to cleanly separate conspiracy theory from fact — and in many cases, exist to promote conspiracy theories and misinformation.

Let’s get right to it:

What is the central issue of the Trump-Russia scandal?

The Trump-Russia scandal, often called “Trumpgate” or “Russiagate” due a popular obsession with and striking similarity to the Richard Nixon Watergate scandal, emerged as a result of the hacking of and subsequent leaks from the Democratic National Committee and John Podesta’s private email account during the 2016 US presidential election. In collaboration with the private security firm CrowdStrike, US intelligence officials determined that Russia was responsible for these hacks with “high confidence”, with a Russian affiliated pseudonym known as Guccifer 2.0 taking responsibility for part of the attack.

What is known is that during the election, these leaks were incredibly damaging to the Democratic presidential campaign of Hillary Rodham Clinton, primary opponent to the far-right Republican businessman Donald John Trump. It is widely reported that these leaks contributed to her shocking electoral college loss during the election, despite having a popular vote lead of approximately 2.5 million votes.

At issue IS NOT whether these hacks occurred, nor whether they were the result of state-sponsored actors from Russia; this information has since been widely corroborated by multiple intelligence agencies and private information security and intelligence firms, both domestic to the United States and abroad under Five Eyes surveillance.

At issue IS whether the 2016 Trump campaign knowingly abetted, financially supported, and itself colluded with the same state actors from Russia to swing the 2016 presidential election. Doing so would place them in jeopardy of multiple felonies, though notably not treason as strictly defined, in addition to placing a current sitting president in jeopardy of impeachment and debasing the legitimacy of the 2016 presidential election.

This is especially salient because during the lead-up to the 1972 US presidential election, a similar scheme was carried out by Richard Nixon to bug the Democratic National Committee at the Watergate hotel, leading to his eventual impeachment, as evidence was revealed over the next two years. If proven, this would be the same caliber of scandal, but with the unprecedented additions of modern technology, allegedly laundered financial emoluments, and alleged collusion with a foreign power by a sitting US president and his administration. And this does not speak for the multitude of domestic and private abuses of power waged on the American people over the past 86 days.

The United States Constitution, the US’ central document upon which its government institutions and laws are established, does not define what to do in these cases. While it does specify the terms of impeachment and a chain of command for who should become president under these circumstances, the constitution neither specifies the terms for a new election nor what to do when an entire administration of its Executive branch is subsequently criminally held accountable.

What is a leak, a strategic leak, and how does the press verify them?

A leak in the context of this article is a typically-anonymous release of classified, potentially incriminating, or damaging information without authorization. An example of a leak would be the 1972 release of privileged information on the Nixon campaign by the pseudonymous informant “Deep Throat” (believed today to be W. Mark Felt). This was pivotal to the eventual impeachment and subsequent resignation of Richard Nixon.

strategic leak is a leak with a strategic agenda. In the above example and sourcing, the strategy was proclaimed to be to “‘protect the office’ of the presidency and ‘effect a change in its conduct before all was lost.'”

Strategic leaks do not necessarily need to occur for whistleblower purposes or purposes that protect the public good. It is widely assumed, for example, that Donald J. Trump may have leaked two pages of his own 2005 tax returns in an effort to discredit the ongoing investigation. Wikileaks was also claimed just yesterday to be a “non-state hostile intelligence service often abetted by state actors like Russia” by CIA Director Mike Pompeo, despite his own support of the service one year prior.

The press generally uses these leaks as starting points for broader investigative journalism. Depending on the news outlet, these are scrutinized to varying degrees, including attempts to verify the credibility of document sourcing, cited evidence, and supporting evidence brought to light by the presence of new information. In general, the more evidence, the better, with anonymity neither crediting nor discrediting the veracity of the evidence presented.

We can thus understand that a leak is not itself factual evidence. It is up to the verifiable evidence presented within that leak, the procedures under which that evidence is carefully scrutinized by its recipient, and any supporting evidence that it brings to light to determine the efficacy and veracity of the data presented. In a real sense, this means news agencies must act as scientists to verify the factual basis for evidence presented to them — with varying degrees of success.

An additional impact of a leak is it is an ipso facto declassification of that information. Especially if the information is highly classified or typically never seen by the public (such as the FISA warrant on Carter Page), this has the impact of making the information public and, thus, potentially admissible to legal proceedings that follow.

What is open-source intelligence (OSINT)?

Open-source intelligence is information derived from publicly available sources. This is the information you find in Google, find in the library, and find in reading online publications and social media like Twitter.

This article only uses these open materials, both because I do not have access to any privileged information, and because so much of this information has been placed in the public eye in a very short period of time.

The Christopher Steele Dossier

One of the largest and most controversial developments in the Trump-Russia scandal came in January with the release of a 35-page dossier to BuzzFeed News by the former MI6 intelligence officer Christopher Steele.  Also known as the “golden showers” dossier for its salacious personal information about Trump himself, this dossier implicates multiple individuals of the Trump campaign as having colluded with Russia. Many of the claims present in the dossier have yet to be publicly substantiated, despite at least one key claim having been reportedly verified by US officials and circumstantial evidence supporting its claims about a 19.5% sale of Rosneft.

In the ensuing mêlée of leaks that followed parallel to this dossier, it was discovered that Trump national security advisor Michael Flynn had discussed sanctions with Russian ambassador Sergey Kislyak before the Trump campaign took office. This quickly led to his resignation, as well as a broader inquiry into meetings with Kislyak by other members of the Trump campaign (useful infographic here).

The Steele dossier and the leaks subsequently following it blew the entire investigation of the Trump campaign open between January 10th and February 13th of 2017, notably surrounding Trump’s January 20th inauguration. Damaging leaks would continue in subsequent months, up to and inclusive of the present day (and presumably, into the days and weeks that follow this summary article).

Who are the key players implicated in the Trump-Russia scandal?

Ignoring Donald J. Trump himself (whose connections are cited at the end), the key players in the scandal follow. Because an incredible amount of information continues to come out about this scandal daily, these are covered in alphabetical (instead of chronological) order:

  • Michael Flynn, now-former National Security Advisor
  • J.D. Gordon, former foreign policy advisor and Pentagon spokesman, and former national security advisor to the Trump campaign
  • Jared Kushner, son-in-law (married to Ivanka Trump) and senior advisor to Trump
  • Paul Manafort, former campaign manager for the 2016 Trump campaign
  • Carter Page, oil industry consultant and former Trump advisor
  • Wilbur Ross, former US investor and politician, now US Secretary of Commerce
  • Jeff Sessions, former politician and lawyer, now US Attorney General (who lied under oath at his own confirmation hearing)
  • Roger Stone, Republican lobbyist with alleged private contacts to Guccifer 2.0
  • Rex Tillerson, former ExxonMobil chairman and CEO, now US Secretary of State
  • Donald Trump, Jr., son of the president and one of the trustees of the Trump estate

You can find an approximate list of their involvement in the ongoing scandal here.

Other notable names adjacent to the scandal that you may also hear (appearing in no particular order):

In short: it’s a fucking mess.

What about Donald Trump?

In addition to all of the links cited above, it was recently discovered that Paul Manafort received $13 million in loans from two of Trump’s businesses after Manafort’s ties to Ukrainian money laundering emerged. This would potentially place this payment by Trump in violation of the Foreign Corrupt Practices Act, with Manafort later registering as an agent of a foreign power.

This places criminal proceedings onto a stack of already voluminous evidence for impeachment before Trump even took office. It also establishes a direct link between Trump himself and aiding and abetting the hacking of the 2016 election, given Manafort’s involvement in the Trump side of the 2016 hacking (as alleged in the Steele dossier).

Needless to say, if proof of the relevant Steele dossier claims is established, it would mean that the Trump campaign itself, including Trump himself, were directly involved in the 2016 DNC and Podesta hack.

And for all of the reasons listed above: that’s a pretty big deal.

What motivated this scandal? (OR: why did this insanity happen in the first place?)

In extreme brevity: money and power.

While speculation rages about the palace intrigue of connections and factions in the ongoing scandal and its investigation, nearly all ties point back to the US side being corrupted by financial self-interest and consolidation of power. On the Russian side, the motivation appears to be destabilization of Western order to further its own political agenda, including protecting its interests as a petrostate.

And these are only the motivations observed or speculated so far: it’s very likely additional motivators will be found as the investigation continues.

What about Vice President Mike Pence?

Of all of the individuals involved in the scandal, almost nothing is said of Pence. However, given his direct involvement in the Trump campaign and his decisions to confirm many of the individuals listed above, charges of conspiracy are very likely.

Given the illegitimacy of the 2016 election should any of the above evidence turns into indictments or convictions, his political career is also likely to be over when the Trump-Russia scandal breaks, regardless of whether any criminal charges stick.

What about Hillary, Bernie, Stein, or [your favorite candidate here]?

I’m not touching that with a 100 foot pole.

Regardless of which running candidate was your favorite, I would argue that the Trump-Russia scandal overshadows the entire election proceedings. What if scenarios about other candidates are of far less importance at the present time.

Why are you (the author) writing this?

Mostly, to keep my own facts and evidence straight and so I can save the energy of explaining this individually to friends and family. If you find this post useful, feel free to share it widely.

Note that I’m putting myself at risk here if this administration outpaces attempts to hold it accountable. Should that occur, further attempts to suppress the truth are likely. Exercise extreme caution if this post disappears from the public Internet before the ongoing scandal concludes.


To you for reading this, and also to the many, many, many investigative journalists and other individuals sharing these articles on social media.  The strongest resistance begins with championing corroborated facts and evidence that get us as close to the truth as possible. Thank you to everyone out there fighting the good fight.

Edit: the original version of this post erroneously stated the leaked tax return pages as originating from 2015. They are from 2005.

How to: escape LiveJournal

Posted on Updated on

A few months ago, LiveJournal moved its main servers to Russia. Its community noticed. Now, they’ve changed their ToS in ways that will probably make you rethink keeping a blog with them.

One of the easiest ways to get off the platform is to migrate to Dreamwidth. Some, however, may desire to take the extra step of archiving their content offline, be it to keep a backup, enable easier searching, or just plain not risk their data with a new owner.

For this, I recommend ljdump, which still seems to be maintained and is very simple to use. Note that you will need to download Python. Basic proficiency on the command line to use this tool is helpful, though a GUI is also available on the project’s Github page.

Alternatively, you can also use simpler tools from the command line if you feel so inclined. Wget is a good option (ie, wget –mirror, but may be a bit cumbersome for users that want a friendlier tool, especially for getting the cookies necessary to log in for private comments.

Here are some additional archiving resources (helpfully linked by siderea):

PS: I have chosen to delete my personal LiveJournal account as of today, as I ceased posting to it some time ago. You can find its old content over on Dreamwidth.

The blog you are currently reading, of course, is where I will continue to post new content.

A Quick Primer on the recent FCC Ruling Clusterfuck

Posted on Updated on

Disclaimer: while I am a software engineer variably-employed in computer security, I am not a lawyer. Please take any legal opinions posted here with a grain of salt. Avoid anything legally hazardous without speaking with a lawyer. This document also represents my own personal views, instead of those of my employer, et cetera.

Note, especially for non-US citizens: the Federal Communications Commission (FCC) and Federal Trade Commission (FTC) are separate US federal agencies. These are not used interchangeably.

Yesterday, our 45th president approved Senate Joint Resolution 34, repealing last year’s FCC order for consumer privacy for broadband and other telecommunications services that themselves followed this 2015 ruling. These documents are a lot to take in, and there is an incredible amount of misinformation about their impact, so let’s break down what this means.

The 2016 FCC order, which would not have been in effect until later this year, would have resolved an open legal question in common carrier law. Specifically, when the FCC began treating broadband and other Internet service providers as “more like telephone networks [that] could be regulated as ‘common carriers'”, it created a situation in which the FTC no longer had jurisdiction to govern the companies that now received this designation. As FTC lawyers would later state, this problem is “especially severe in the area of consumer data privacy”, as this created a vacuum within which previous rules around privacy did not apply.

In other words, by getting common carrier designation, service providers such as AT&T, Xfinity, Spectrum, and Verizon were suddenly able to work around FTC laws previously governing their sharing of private consumer information. The now-rejected 2016 order would have explicitly covered by late 2017:

  • Financial information
  • Health information
  • Social Security numbers
  • Precise geo-location information
  • Information pertaining to children
  • Content of communications
  • Web browsing history
  • Application usage history, and the functional equivalents of web browsing history or application usage history
  • VoIP and other voice service call data

Needless to say, this is a big deal. Not just because these service providers will now lack explicit guidance and regulation in an area of legal ambiguity, but also because they can share subsets of this information for marketing and profit motivation today. The removal of this 2016 order also shelves any attempts companies would have made for compliance before the deadline, and in some cases, may actively encourage these providers to become worse.

The main problems with having these data available for paid sharing and marketing purposes — even if you believe you have “nothing to hide” — are twofold. First, these data are being collected in ways that may be sensitive to attack or breach across a very large attack surface (and thus, subject to breach from a large number of service providers). Second, many of these data can be used for identity theft, real-world stalking behavior, or as we are learning with a growing body of evidence, used to help swing a presidential election through propaganda tailored to individual consumer biases. And these are just top-of-mind scenarios of potential abuse.

If you especially care about any of these outcomes, here are a few things you can do about it:

  1. At a minimum, follow this guide by Matt Kiser. Setting up two-factor, using separate passwords per service, always using HTTPS (or just plain TLS), and blocking third party content and ads solves most of the problem of background collection of your information. As noted in the guide, you can do much more. Tune as necessary.
  2. Request your own records. While it is unclear how ISPs will implement their own data sharing procedures in the FTC vacuum, you can request these records from many other businesses today to get an idea of what they might look like. (Note: this is a 2010 article containing dead links, so you may need to search for the correct ones).
  3. Set up a credit freeze to preemptively protect yourself from identity theft.
    • The positive: this makes it substantially more difficult to turn leaked personally identifying information into a credit disaster.
    • The downside: secondary verification to obtain credit is a pain, often requiring paying a small fee and a pin to have the freeze temporarily lifted.

Note that in addition to the big three (Experian, Equifax, and TransUnion), Innovis is a fourth bureau also worth freezing. While you’re at it, you may want to also opt out of prescreened credit to save yourself on junk mail.

Many people have proposed that this change means you must also set up a VPN if you live in the United States. This is flatly untrue, and in many cases can cause more harm than good if the VPN service you choose has worse data hygiene or sharing policies than your home ISP. However, having these options available in the event they are needed is exceptionally handy, especially if you are concerned about passive collection of DNS traffic or if things get worse than they are today.

Should you opt to set up a VPN for general use or in case of emergencies, I strongly recommend first reading this short primer by the EFF. With the possible exception of Tor, steer clear of free providers: as they say, when the service is free, the product is typically you.

I’ve chosen NordVPN for the time being, based on their low cost, generally favorable reviews, large server presence, strong privacy, use of OpenVPN, excellent configuration guides (including router guides), and ability to accept Bitcoin. But as always (and especially as this guide ages), make your own decisions based upon your own needs.

Typically, VPN providers will give you a client that runs from your desktop computer, laptop, or phone automatically. This is handy if you have a very small number of devices that you wish to connect, and is in many cases the easiest option to start using a new provider on a personal machine.

However, for connecting a large number of devices or providing the connection to an entire household, I recommend buying a cheap wireless router that supports DD-WRT (FTP containing most recent builds from 2017). Doing so allows you to connect devices to the VPN “on the fly”, while performing configuration only once.

In my case, I set this up in a few hours using a WRT54G v2.0 that I bought from a thrift store for $5. For most, a similar setup is viable as a weekend project with very little financial investment.

If you do opt to go this route, make sure to carefully read the installation guides and make sure that your router has enough available storage space for DD-WRT’s VPN build, which will come with OpenVPN preinstalled. Setup is typically GUI-driven, and once you have DD-WRT set up, setting up a VPN tunnel can be as easy as following a guide depending on your provider.

Comments are disabled, but please let me know on Twitter if this guide helped you or if you have any questions or comments.