Private School

When thinking about personal digital security, I would disagree with some of the information that I have been hearing in the media and in casual conversation, but there are a lot of points that are absolutely correct.

One of the points that I totally agree with is that everyone needs to understand the issues with their security, to understand exactly how much of a sitting duck you are when you groggily connect to that juicy free public wifi and start up your music streaming, your chat sessions, and start logging into any number of other places (including your bank) online with laughably weak passwords.

I’ve demonstrated on many occasions how the average laptop-toting public will do these things exactly. If they think of security at all, they assume that if they can’t see someone looking at their screen or watching them type that nobody sees what you are doing. This reminds me of the “Ravenous Bugblatter Beast of Traal” in The Hitchhiker’s Guide. [If you cover your eyes, this keeps anyone else from seeing you.]

If you are on an open network and your communications are in the clear, anyone else connected to that network can read your communications.

Would anyone be interested in some discussion of basic personal digital security? I wouldn’t create a slew of “how to hack the planet” posts, because not only do those walkthroughs exist, but anyone interested in that would already understand the basic concepts of security they would be circumventing.

I do have to say that the Snowden files and the other interesting news blurbs about federal snooping are not a surprise at all. When the Homeland Security Act was being proffered, all of these issues were being hotly debated among everyone I knew at the time in IT, and especially in security. We all foresaw the egregious over-application of this law and the wild shenanigans that it would put into place, what it would cost in dollars, what it would cost in time, and what it would cost in loss of freedom.

Thought exercise: Think of any time you have been on or near an airplane since 2002. How much extra time, effort, money, and stress was involved than the same flight in, say, 1999? Now, for all the airport reconfiguration, all the DHS staff and equipment, all the footwear removal and body scans, all of it on all flights everywhere… How has it helped?

The NSA (a rogue agency)that, if you remember, never existed in the first place (roight.)

Edward Snowden Speaks at SXSWi
If you didn’t see the talk, the ACLU has published a copy Here on YouTube

Accusations of

In the sxsw video, they mentioned some good basic tools (some of which I happen to be using at the moment). If you wanted to read about them or get copies, I’ll helpfully point you in the right direction to learn:

Your iPad can also be an E-book reader! Yay!

The first thing I saw this morning when I was looking at tech news was this article:

E-book apps for the iPad

The iPad is already more or less an e-book reader and web tablet, but because of it’s proprietary bending, we see immediate development work in order to enable it to handle Kindle and Nook proprietary formats, as well as to enable instant and user-friendly sales for Amazon and Barnes & Noble.

I think it’s funny that because of the lack of a true standard and due to various competing DRM practices, once you have spent gobs of cash on your new tablet reader hardware, you will need to immediately download apps that will allow it to also become an e-book reader, or an e-book reader.

Still, between the two designated devices, I still lean toward the Nook. I big reason for this is the longevity factor based on little things like having a replaceable battery and being an Android-based device.

I used a Sony PDA years ago as more or less an e-book reader, and it worked out really well. At the time, I was able to convert several of my textbooks to PDF easily, and some were even forward-thinking enough to provide a standard PDF of the text in the purchase of the textbook. I loved having a backpack’s worth of books available in the palm of my hand, being able to read my assigned chapters one-handed while on transit on the way to and from work each day, and being able to both highlight and make annotations. It made the commute productive, and after getting home, was able to streamline time on research papers and workgroup discussions because I’d already got the reading in.

When between classes, I was able to use the PDA similarly for extracurricular reading. At the time, it was the Harry Potter series, some older Asimov titles, and a load of CS journals.

If I’d had to wrestle with DRM with each of these, I don’t know how I would have had the time at all. Between getting notations synced, getting different titles moved back and forth, and keeping up with all I was working on at the time, the headaches that I hear people struggling with as a symptom of DRM would have been way too much.

In the Zone

When writing code and “in the zone” where the syntax seems to flow effortlessly and a second and third terminal screen show loads of data flitting by exactly as expected, I sometimes imagine the workstation on a giant turntable a la the 80s drummer in MTV videos, and a couple of dancers gettin’ down like this:

The rock star life of a developer, right? or maybe it’s more along the lines of Delusions of Grandeur…. n’est-ce pas?

Wrangling Another Gremlin (WAG)

Being someone who “works with computers,” Family and friends quite often fling random personal hardware into my lap to “fix when you have some spare time.”

This is one of those spare times.

I’ve seen the patient (a late model Dell Inspiron, well apportioned with several hardware options, no signs of abuse or even heavy use) several time now for systems issues.

First it wasn’t showing local drives and had some permissions issues installing any new software, even if you logged in as an admin. There was a small trojan that had dropped a reg key to keep itself from getting uninstalled. I corrected the reg key, put some basic adware/junk filters in place, installed the software in question and returned it, advising a full backup of personal data and a dirty install of windows.

When the patient returned with complaints involving spyware blocking prompts, I thought that the basic crap filter had been left a bit sensitive. Signing on, I found a huge mess.

Starting with the usual review of startup processes, killing off of regular user clutter, I found the gremlin…

The now-famous trojan, Antivirus Home 2009 has been updated, and the patient is singing the Fake AV Blues. Loudly. From the back fence.

Our botnet buddies have included some familiar features, but have ramped things up. The install has become very worm-like. It has the usual home base, but any CPL “uninstall” or use of any of the usual removal tools in your tool belt will make it very defensive.

Even after killing off all of its processes, renaming its executables, and cleaning the tempspace, it sees mbam, spybot, and the stinger, kills them off, puts its OWN fly-by installer in place of the exe of the tool, and hides another install of itself using what looks like randomized names.

I ended up doing a manual kill, very similar to the list found at syschat, but with several new ones added to the list, including:

A load of registry entries that I should have logged, as they were all serial based.
_scui.cpl in a secondary location
lots of copies of a binary batch file, with names like asox, avaxo, tufija
reg files named ylifat, etc
inf files named like xehiger
and lots of copies of the same .dat file in all of the locations mentioned at syschat, but with names like jabocixevu, jihomuri, sevotif

After getting the polyps knocked down, I did a restart, then removed the installs and stubs of all the detect and protect tools because they are all suspect at this point.

Rebooting again, things look much better. For the first couple of minutes. Then a notifier bubble shows up from the task tray with a fake “malware detection” notification. Downloading and installing a fresh mbam install and running it kicks off a new install of antivirus 2010.

Back to square one.

VD Epoch 13

This year is the only time that VD will be coupled with the Unix epoch rolling to sequential number. Of course, the two are a few hours apart, but hey, any excuse to celebrate dorky geek trivia *and* being a more-or-less willing target for a heavily-armed, floating infant deserves a nod.

For the geek-deficient, here’s the executive overview:The epoch for Unix systems is 1/1/1970. To these systems, this date is the beginning of our current time. When you request today’s date, the create date of a file, or the last access date of a file, the system has that info stored as the number of seconds since midnight January 1, 1970. For the most part, this number is reformatted to the date style you are used to reading in your part of the world. Programmers, analysts, and administrators often use the raw number to do faster calculations of dates without t trouble of programming around things like leap years and daylight savings shenanigans. Yesterday evening, the number reached a sequential pattern. It’s like noticing that your car’s odometer has rolled to all 2’s (like mine did a few weeks ago)

Besides that, yesterday was Friday the 13th, and we have another Friday the 13th next month.
The new Friday the 13th movie was released last night. It’s supposed to be a remake of the first three in the series, so there should be lots of room for serious cheese. Hopefully, it will have some good scary, gory parts, and probably some t&a and drugs, but definitely a lotta cheese.

Oh, and on this VD, the floral industry would like to once again thank you all for creating an incredible demand for out-of-season product. They grow them artificially in greenhouses on another continent and ship them in at a premium, and them charge a premium to you. Thanks for looking out for the planet there. What if next year, everyone buys something local and in-season? Think of the transportation savings. Even more than that, think of how much fresher the flowers will be, since they won’t have spent so much of their little bloomin’ lives in a shipping crate. And you would be helping the economy in your own neighborhood.

That said, I’m going to share a non-mushy VD sentiment.
Cyanide and Happiness, a daily webcomic
Well, I suppose it’s non-mushy. I didn’t actually poke at it to find out.

Watching the Wildlife

“Keeping track of Tux…”

Today marks the fourth anniversary of the LinuxTracker! This occasion reminds me of exactly how far things have come in open source.

I remember reading about this new “Linux” in 1991 that anyone worldwide could contribute to, and thinking of how that would change things. I spent time poring over the supported hardware list and went to the site, hoping to be able to download a copy within a few days in order to try it out the following week. This was at a time when dialup was the standard, and you might have ISDN (downloads @ 128k! Blistering!) at your work if you were lucky. I was the only one supporting all of the UNIX-based clients at work at the time, and I had three minicomputers with variants like SCO and AIX and I had been working in UNIX environments for years at this point. The prospect of a UNIX environment on a desktop machine for my own use and configuration, that was free to use, and had source available for modifying and contributing sounded like a geek’s fondest -ehm- pipe dream. The other techs I was working with at the time agreed. They were doing DOS and Windows support with me, and were excited at the notion.

The rumblings of Richard Stallman‘s ideology were becoming concrete. Of course, even today, Linux is not the HURD that he often wrote about, but it’s the closest tangible thing to it.

/Fast forward/ — a few years ago, the landscape had evolved, businesses rely on Linux variants in the server room, several Linux distributions are in common use, and new ones seem to pop up on a monthly basis. F/OSS is available and more than viable on any platform. It is common practice (especially in universities) to create a mirror download point so that if the distribution’s main site is down or unavailable, you can still get it, and hopefully, can find a mirror that’s in your same region of the world.

This was after the RIAA and MPAA started cracking down on peer-to-peer file sharing. More advanced users had started using bittorrent as a better method of downloading and sharing. The torrents are very tiny files that your torrent client uses to find and update a tracker. Once you connect to the tracker and get assigned to a swarm, the downloads are much more effectively, because the shares are data packets of the file/files, rather than a whole file. This makes torrents better for large files like video and, hey, even ISO images of Linux distributions. LinuxTracker was born to take advantage of this. A distributed network of linux users and enthusiasts helping anyone who is interested to download open source software. These are all legal torrents. The writers of all of the software you will find there did the work pro bono, and want anyone interested to be able to get a copy. It’s really a beautiful thing.

The look and feel of the site have changed a bit over the last four years, but the list of available torrents is impressive, the homepage always showing the latest additions and updates. There is a burgeoning community here composed of daily linux users at levels from ‘curious’ to ‘admin’, always willing to help out.

The remainder of the month is being celebrated with almost daily giveaways to registered users from a wide assortment of tech-related sponsors. The consistent growth of the site and community is wonderful, and seeding the torrents is a very simple contribution that *anyone* can make to the FOSS community, regardless of technical ability.

the Zune

I’ve said it before, and I’ll say it again, Microsoft’s Zune is FAIL.

In the wee hours of this morning, all of the 30gb model Zune music players hit a system glitch. A power cycle will not clear it. There are some reports that opening the unit and pulling the battery cables off the connector will clear the situation, but a lot of users won’t be comfortable with that.
This comes after the lowering of the price of the Zunes, and immediately after Apple stated that in 2009, the prices for macbooks and ipods will be dropping.
Not exactly good timing for this kind of news.

Don’t get me wrong. I wouldn’t carry an ipod, either. I’ve been using mp3 players for much, much longer than there has been an “ipod” at all, when all mp3 players were referred to as, well, “mp3 players”. I have been getting some really excellent mileage out of the small, flash memory-based ones that can now be bought for very little scratch, and for that reason, you aren’t afraid of a system fail (if it ever did happen), and you aren’t terribly worried about it if you happen to leave it in sight somewhere, and you don’t really mind wearing it when doing housework, yardwork, or even working out.

These days, they all seem to have a lot of the same features: an FM tuner, alarm clock album cycling, true random play, FM recording via schedule, etc. It really comes down to the interface on the device and the capacity, and if you follow it at all, you know that memory costs next to nothing now. The last round of flash-based mp3 players I got (maybe eight months ago) all have microSD slots, which allow for massive expansion, and allow you to swap out your stock of tunes and podcasts on the run.

To everyone with a 30GB Zune: Your music player has passed its “freshness date” Return it to the manufacturer and ask for an upgrade.

Facebook apps

I’ve been getting back in touch with a bunch of long-lost people lately on Facebook, which is the time that Social Media is at its very best.

I’ve been running into some issues lately with several apps (not just this one) where some of the basic functionality just does not work with Opera.

Facebook's apps are so fail, they have a standard warning text.
Facebook's apps are so fail, they have a standard warning text.

I’ve been using the Opera browser as my primary for about six or eight months, and it’s like riding a rocket, but things like that are ridiculous. Opera is more standards-compliant than any other browser, and you run into things like this. First guesses would be shoddy programming by apps developers, but I’m also starting to wonder if maybe it’s something in the FB API, since there is a standard display message about it.
It might have to do with the widget framework that they were harrowing to developers. It might be worth writing an FB app just to try to hit the Opera barrier.

Have any suggestions for an FB app? Leave ’em in the comments!