November 2007

Animal Rights Activists Forced to Hand Over Encryption Keys

Bruce Schneier has a story in his security blog entitled "Animal Rights Activists Forced to Hand Over Encryption Keys". The story concerns the use of anti-terrorism legislation (in the UK, though the US Patriot Act has similar provisions) to force the disclosure of encryption keys. This is clearly either an abuse of the law, or an extension of the definition of terrorism. Both situations have occurred here as well.

While you might think there is nothing wrong with this - if you have nothing to hide you have nothing to fear - you have to think it through. The reality is you do have something to hide, and you do have something to fear.

Let's make the situation personal. My neighbor forgets to take their crazy meds, and calls the police. They hit the magic keywords, and the cops/FBI/Secret Service/SWAT show up at my door (at 3am with a no-knock warrant, and miraculously don't kill me since I own guns). All my toys are of course confiscated, never to be seen again. If you read my blog, you know that we encrypt personal data. Without a subpoena, I would not normally release the keys and passwords to access that data. With the current laws, no subpoena is needed; the information can be demanded.

Of all the horrible things that have happened in the above scenario, why is this a problem? I haven't done anything wrong, so I have nothing to worry about, right? Well, the data we encrypt is mostly financial in nature. Account access codes, web site signons, etc. Also included are important documents: wills, medical data, social security numbers, etc. In other words, everything needed to clean us out financially and steal our identities to put us forever in debt. A subpoena provides an audit trail and a chain of evidence. A demand does not.

The authorities don't give a rats ass about us as people; we're just suspects in an investigation in the above fictitious scenario. When they leave our personal information on their desks at night to be copied by the cleaning crew and emailed out of the country, it's just job security to them. We have nothing to prove to the banks and the courts that the misdeeds were the result of criminal negligence in the chain of evidence. We have no one to sue to recover from our losses; we may even be prohibited from telling anyone - including the courts - about the situation!

In addition, if you think you are not breaking any laws, think again. It is almost impossible - and has been for hundreds of years - to live your life without breaking a law. As soon as you are involved in the legal system, you will be convicted of something. Recently, a law professor analyzed his activities under the current copyright laws and found he was infringing at a rate of over $12M/day - all without downloading music, movies, TV shows or books. He was just doing what most people would consider "normal" activities.

This is the power we have given those that govern us. History tells us that every time government has been given power, it has found a way to abuse it. Why do we keep doing it? Maybe people are just masochistic by nature. Maybe we just want discipline from government operating in loco parentis, even if it's arbitrary, so we can pretend we're still children and avoid the fear and responsibility of being adults.

What a sad little species we are.

Local political news involves Google and the EFF

I was reading our local paper (online) and came across this story involving local misdeeds in our township. The story involves some shady deal with the sale of property (not interesting).

But the real story is that the township is being criticized by a blogger - and the township wants to know who they really are. Since the blog is on a Google service, the town has issued a subpoena to Google to have them disclose the information. Google, so far, has said no. The EFF has gotten involved to protect the blogger, and to force the subpoena to be quashed.

What's amazing to me is that the township could even have considered the request. How is being critical of local government - after 108 officials in the county have been arrested by the FBI for corruption - grounds for forcing the elimination of first amendment protection? Their action speaks volumes; they don't need anyone to criticize them, they do a good job all by themselves.

Update: It looks like the story has made the big time, reaching an internationally known web site, Slashdot. Of all the things Manalapan, NJ could be known for, now the only thing people will remember is this story. Great.

Back from the dead

You might remember Barbara's post about Andre the Giant caterpillar. I thought I'd give you a quick update... Shortly after we put him in the bug box, it seemed he had died. He became unresponsive to gentle prodding, and stiffened up. However, since bugs are hard to read - especially those that morph into moths and butterflies - I didn't throw him out. I left him in the bug box in the garage. The other day I checked on him, and he has pupated! His species normally burrows underground for the winter while metamorphosing so I guess his "apparent death" was a normal part of the process.

Speaking of apparent death, my older brother Jay's laptop became badly infected after receiving an email (even with the useless Norton AV running). It wouldn't boot, even in safe mode (blue screen). When he went to reinstall Windows, he realized that it would take more effort than he was willing to put in to hunt down all the drivers (he no longer has the OEM CD). In a week or so, I'll be installing Linux for him - his first time with a Linux machine. He uses the machine for the basic tasks - email, web, documents, multimedia, simple games - so honestly any OS would do fine. Might as well use the free one with the highest security...

Upgrade Completed

The upgrade completed successfully, and the primary server is now back online. I took the opportuninty to make some additional changes before actually starting the upgrade (about 2.5 hours):

1. I vacuumed the dust from the case, and cleaned each of the fans (two case fans, two power supply fans, a video card fan and a CPU fan).
2. I upgraded the storage by removing the two internal 80GB drives, swapping in two of the 160GB drives from the external units. The internal RAID1 array is now 2x160GB (instead of the old 2x80GB).
3. I disconnected the floppy drive. I haven't used it in years, and this way it won't draw power. I would have removed the drive, but I don't have a blank for the case.
4. I recabled the DVD and one of the disk drives to the motherboard IDE. previously, one of the drives was on an ATA100 PCI card, while the motherboard provides ATA133. In addition to improving the disk performance slightly, this also allowed me to remove the IDE PCI card since it was no longer used - an additional power savings.
5. I updated the BIOS to reflect the above changes.
6. I re-arranged the data to take advantage of the increased RAID space, which also changes (simplifies) the backup architecture.

The actual "installation" involved:

1. The installation of the new system software. This was actually the fastest part of the process (about 15 minutes)
2. I applied maintenance, which took about 30 minutes, including a reboot to install the new kernel.
3. I waited an hour for the RAID array to complete resync. While this isn't strictly necessary, I'd rather not proceed until I know the array is happy. I used the time to clean-up and install the old 80GB drives in the two external USB 2.0/Firewire enclosures.
4. Updated the passwd, shadow, group and gshadow files to add the user accounts to the system. I do this manually to maintain the UID and GID values the same as they were previously (for file ownership).
5. Restore the user data and select configuration data from backup.
6. Some services and scripts required new configuration, as hard drive naming has changed in this release (/dev/hdX -> /dev/sdX).

If you run ito any issues, let me know...

Server upgrade

On Saturday, 11/24, I'll be upgrading the server to Fedora 8. I ran a test switchover to the static backup server today, and everything looks ready to go. I'll post again after the upgrade and switch back to the production server.

Happy Thanksgiving!

Mail

It's been a long while since we had email associated with our domain (mace@monetafamily.org, barbara@monetafamily.org). Initially, I had the email for the domain on this server. Then our cable company blocked port 25, making the use of a personal email server impossible. Then the cable company allowed you to set up an email server, but it would cost $15/month to go to the next tier of Internet service. I could also have purchased email from my domain hosting company for $18/year, but that was just auto-forwarded.

Then along came Google Apps and changed everything. If you are an individual or small business, Google Apps manages the email infrastructure for you, and gives you 100 free email addresses for your domain. The process, while a little confusing, is straightforward if you know how DNS and email work. From start to finish it took about 2 hours, though it was mostly waiting for updates to DNS to propagate.

You get web mail (Google GMail), the usual POP/IMAP/SMTP support in order to use a client on your PC, email forwarding, vacation auto-response, etc. In addition, they've also added Blackberry push email using a free application for the PDA to satisfy CrackBerry addicts. Of course, all the usual Google functionality comes with it too - Google Docs, Google Calendar, etc. Now how much would you pay? It's still free!

Yes, I know Google is fast becoming the back-end for the Internet, and the potential for evil is huge. So far at least, they've been doing a good job living up to their "do no evil" corporate motto. If that changes, I'll rethink my decision. For now, Google rocks!

It's about time!

Amazon is reporting that the $399 ASUS EeePC Linux sub-notebook is its number one best selling item in the computer category. The other stores that carry it - Best Buy, Newegg, Buy.com, ZipZoomFly, etc. - are selling out their stock each time they take delivery - sometimes the same day.

Walmart started selling a $200 Linux desktop, both online and in 600 stores. The online site sold out in 48 hours, and the stores were out of stock in a week.

Hmm, I detect a stirring in the force.

Quote of the day

"When you're born on this planet you get tickets to a freak show; when you're born in America you're front row center. " -- Klydethegreater, via DIGG

HexBug

My sister, Rochelle, gave us a HexBug, a little robot that walks, avoids obstacles, and responds to sound.

Back in 1977, Barbara and I went to a computer show in Philadelphia at the convention center (computer shows were a big deal back then). One of the highlights of the show was a competition called the Byte Micro Maze Mouse. A self contained computer attempted to navigate a simple maze, before its on-board battery died. None of the competitors completed the maze successfully. Each "mouse" cost well over $1000 (in 1977 dollars) and required months of development by a major engineering school. Some tried to implement an algorithm called the "traveling salesman" but most used a simpler "stay right" or "stay left" algorithm. Here's a picture of one of the competitors from 1977 (the base is about five inches in diameter; click the image for a larger picture):

The toy bug uses the "stay right" algorithm, it fits in the palm of your hand, and its battery lasts long enough to successfully complete that maze from 1977. Just a little perspective on the engineering of "simple" devices.

Bar Mitzvah

Today was our nephew Hunter's Bar Mitzvah. Hunter is the son of my brother Les and his wife Rochelle. Some snaps and videos from the event are in the gallery.

Pie!

Yesterday we had a Mrs. Smith's blueberry pie. Today we had a Sara Lee raspberry pie. Barbara noticed that the crust on the Sara Lee pie stuck to the pan, while the crust on the Mrs. Smith's pie did not stick. That lead to the inevitable...

"Sara Lee is stuck-up, while Mrs. Smith is easily unglued" -- Me

Barbara nearly snorted a sample of the raspberry pie in my general direction, so it was deemed blog worthy. No we don't eat pie every day. We haven't had any in months, so it was just time. Pie time. Eastern pie time. Pie savings time. Eastern pie light savings time. Ohhh. I'm going to be sick... Look! More pie!

Egads, indeed

If there's still one thing you have to admire about the U.S., it's that if we're going to do something we're going to go all the way. We don't just play with fascism, we embrace it, legislate it, and probably soon, worship it.

Just one president ago, the idea that a corporation could dictate federal funding to universities to sustain its dying business model would have been inconceivable. [Thanks, Mike]

Four down

Four machines (two x86 and two ppc) have been upgraded; no problems. Barring any show stoppers coming out of the woodwork, the weekend of 11/24 I'll be upgrading the server. The web site will be available in a static (read-only) form during the upgrade, served by the backup machine (my laptop).

The Green Lantern Tux has nothing to do with this. I just thought he looked cool. What? He does!  

Upgrades

I'm in the process of upgrading the remaining machines (five in total) to Fedora 8. I completed the first upgrade on a Mac Powerbook (PPC processor based).

This upgrade highlighted the advantage of using Linux for me. No matter what the architecture of the machine everything stays the same. You don't need to learn OS X to use a Mac - and yes, there's a steep learning curve on a Mac for anything nontrivial - and you don't need to learn Windows XP/Vista on a PC. Learn one thing, and it just works everywhere.

I noted a slight improvement in performance when I updated my laptop. When I updated the older, slower Powerbook, the improvement was much more noticeable. In addition to greater performance, Fedora 8 reduces power consumption considerably by incorporating system-wide reductions in "wakeups". This lets the machine enter and stay in a low power state longer. In addition Intel's powertop utility is provided. It analyzes your system and makes tuning recommendations to further reduce power consumption. Good stuff. Want to be "green"? Use Linux.

I have two more machines to upgrade, and once that's all stable I'll tackle the server.

Quote of the day

Richter: "You steal men's souls, and make them your slaves!"

Dracula: "The same could be said of all religions..."

A presence in the room

In playing around with Bluetooth, I came across the hcitool command, which is installed by default in Fedora 8. One of the functions allows you to get the signal level of the connection to a Bluetooth device. The signal level is a function of the distance the device is from the receiver. It didn't take much effort to create a script that determines when I'm close to the machine. As I learned from my previous project dealing with wireless devices, getting the error handling right is the biggest part of the job.

Now, when I walk into the room, my laptop wakes from its low power state, and greets me with "Hello Mace". When I leave the room, it automatically returns to its low power state. It's sort of cool and spooky at the same time.

Drivers

It's been a long time since I connected something to a Linux system and it didn't work. Out of the box, Linux now supports more hardware than any other OS. But on Linux, all drivers are included - no CD drivers to install.

But that's not enough. New hardware is being made all the time. Some hardware still doesn't work or isn't supported by the mainline kernel.

As I mentioned in a previous post, the Linux kernel development team has offered to create the drivers for hardware, add them to the kernel and maintain them, even if the specifications are under nondisclosure (as long as the resulting driver is under a compatible open source license). For free.

And now, the current status...

More than three hundred (!!!) kernel developers have been lined up for new driver development. Both one-page and two-page marketing documents have been created to inform hardware manufacturers. Thousands (!!!) of existing drivers that were never submitted for inclusion into the kernel for one reason or another are being hunted down and updated for inclusion.

The scale of this is amazing to me. Going from nothing to having six platoons of developers lined up and coordinating in six months is pretty scary . I think back to the days at AT&T VM/CMS. We had what, fifteen kernel (CP) developers? Oh, I should mention... for those 300 developers, there's only one manager. Maybe that's why they actually get some work done? Forget your management seminars, and your team leader training. If you want to know how to crank out product, look at the open source development model.

Quote of the day

"Yesterday, I got my feet washed by Sparkles!" -- Barbara

Out of Area - for good

Our local political campaign is apparently a war of telephone calls. About ten times a day, I've been getting automated calls extolling the virtues of one candidate and vilifying another. I no longer care who is who, they are all shit for brains for thinking this tsunami of harassing calls will motivate a vote either way.

Today I got tired of being interrupted by "Out of Area" calls (all these political calls come in the same way). They did actually motivate me - to write some code. Now, an out of area call will be automatically answered and hung up on. I'm sorry if anyone is trying to call me from an actual "Out of Area" trunk, but that's life. If they know me, they know my cell phone number. If they don't like it, they can call their representatives - and tell them to stop with all the calls!