… and quite possibly your own personal privacy? How has it come to this?
The truth is outing in small bits and pieces. It’s like a large sack of feces oozing from small rents in its skin. The Surveillance State is very reluctant to give up its game plan. Are people like Assange, Manning, Snowden, and others really the EVIL plotters and traitors that governments around the world are desperately trying to paint them up to be? As more and more of the reality of our current security/surveillance apparatus comes out in to the light of day for our shocked appraisal, can we see a pattern here? Are we being lied to by our governments? Nah… say it ain’t so, Joe.
Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under
robber barons than under omnipotent moral busybodies. The robber baron’s cruelty may sometimes sleep, his cupidity may at some point be
satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience.
~ C. S. Lewis
A few days ago, Ladar Levison of Lavabit did a brave thing.
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations.
Just today, Pamela Jones of Groklaw did a brave thing.
There is now no shield from forced exposure. Nothing in that parenthetical thought list is terrorism-related, but no one can feel protected enough from forced exposure any more to say anything the least bit like that to anyone in an email, particularly from the US out or to the US in, but really anywhere. You don’t expect a stranger to read your private communications to a friend. And once you know they can, what is there to say? Constricted and distracted. That’s it exactly. That’s how I feel.
Where will this end? These are brave people mentioned above who have decided to NOT participate in a system they can no longer believe in or recommend to others. This is one type of bravery. Another type is the Manning, Snowden, Assange type. And still another type will be those who will eventually rise up and do something about our world going so wrong on us. Really, folks… George Orwell didn’t have a clue. He had no idea of the technology that would be just around the corner to make his nightmarish world come true in spades!
Big Brother is watching you!
~ George Orwell
More seepage today from that sack of shit…
The Department of Homeland Security recently tested a crowd-scanning project called the Biometric Optical Surveillance System — or BOSS — after two years of government-financed development. Although the system is not ready for use, researchers say they are making significant advances on it. That alarms privacy advocates, who say that now is the time for the government to establish oversight rules and limits on how it will someday be used.
This better alarm more than just privacy advocates. It better damned well alarm YOU, dear reader. Put down your damned mobile device for a couple minutes. Get off Facebook for just a moment or two. Pick up a newspaper. Visit an online news site. Pay attention to what’s happening to your world right now, this minute. Do it for yourself. Do it for your children and grandchildren. Be aware and BEWARE. Understand where this is leading. Comprehend its ramifications for you and those you love and the world as a whole.
All that is necessary for evil to succeed is for good men to do nothing.
~ Edmund Burke
You can take this article anyway you like. Consider it a rant by some tech geek or silly blogger. Peruse it and giggle uncontrollably. Or, even better… don’t just look, SEE. Wake up. Don’t just heave and push your way into the chute like the rest of the sheeple. The choice is yours… while you still have a choice.
Yes, actually. There are ways to harden your ssh implementations that aren’t that difficult.
An example of a simple way to increase your security when using ssh is to utilize the public/private key security rather than using your remote system’s user passwords to access the device. By using RSA key pairs, you can initialize your remote connection without ever having to expose your remote login’s password to the transfer at all.
I recently reinstalled my Slackware on my main machine (It’s a long story for another time, maybe). One of the things I needed to do was to reestablish my ssh connections between the machines on my local network. I settled in this evening to do just that. I ended up having some laughable issues while attempting to get all my machines talking again. We won’t go there, though.
In the process of troubleshooting my issues with ssh, I ran across Noryungi‘s excellent how-to at the Slackware Documentation Project. This place is really shaping up, no thanks to me. I haven’t been too active there because of my other pursuits lately. However, the dedicated folks who contribute there on a regular basis are kicking ass!
Anyway, using this tutorial, I easily set all three of my machines to use RSA public/private key exchange to initiate my ssh connections. I don’t have to sling my user’s passwords around the Ether anymore. Now anyone sniffing packets will only see the public RSA key bouncing around.
Ain’t technology wonderful?
Well, back to studying tomorrow. My Cisco ICND2/CCNA examination is rapidly approaching. Gotta’ go study up on those pesky routing protocols before bedtime.
Maybe you should read this article from PhysOrg:
Researcher Jeremi Gosney, the founder and CEO of Stricture Consulting Group, was the thinker behind the hardware and software setup that could make 350 billion guesses per second. The result was that eight-character passwords could fall in hours; some passwords could be had in minutes.
Always entertaining, often enlightening. Read what Mr. Stallman has to say about Ubuntu’s new relationship with Amazon.
Ubuntu Spyware: What to Do?
One of the major advantages of free software is that the community protects users from malicious software. Now Ubuntu GNU/Linux has become a counterexample. What should we do?
Read the rest of this interesting article HERE.
Let me state right out in the open here that my knowledge of computer networking is lacking. I’m learning as I go.
For most of the time that I’ve used computers in my home, I’ve only had one machine going at any given time. This past year or so, though, I’ve gained two more systems in addition to my main system. I have a laptop and a shop system up and running now in my home. The laptop connects via Ethernet or wireless. The shop system, which is outside in my workshop connects via wireless 100% of the time.
The main OS on all three of these systems is Slackware. For a year now, I’ve been running back and forth with thumb drives or CDs filled with data to keep the systems in sync with one another; mostly my personal documents, music, and Mozilla settings. I occasionally use DropBox for small files, but it’s not feasible for larger stuff due to its slow upload speeds. Cloud computing ain’t never going to work as long as ISPs throttle upload speeds.
Anyway, back when I first got the laptop, I attempted to network it with my main system. I failed miserably and ended up throwing in the towel. You can read about that learning experience in this long thread at Scot’s Newsletter Forums – Bruno’s All Things Linux. You’ll see that quite a few folks there were trying to help the dunderhead get his systems linked. Well, I finally succeeded just this past weekend.
Sometimes, you just have to walk away from a problem for a while.
Here’s how I finally got it working using ssh:
- Make sure that the ssh daemon script is executable so that it will run at boot up
#chmod 755 /etc/rc.d/rc.sshd
- Modify the /etc/ssh/ssh_config as follows:
# Port 22
Port <your port choice>
# Protocol 2,1
*Either un-comment and change the default port setting and the protocol or just add a line, as I did.
The purpose of this is mostly for security. Changing the port to a port of your choosing enhances your “security by obscurity” chances. Changing to to Protocol 2 is recommended because there are security flaws in Protocol 1.
- Modify the /etc/ssh/sshd_config as follows:
Port <your port choice>
# The default requires explicit activation of protocol 1
- In your router’s Administration preferences (see your manufacturer’s instructions) you’ll need to set each device you plan on linking via ssh to use a static IP address. This has nothing to do with your ISP’s assigned IP address. This is just your home network we’re talking about here. The router assigns an IP to each device hooked to it. In order to ssh into remote devices, you’ll need to make sure the devices’ IP addresses don’t change (static).
That’s it. You are ssh’ing now, my friends.
It’s easy to access your remote machines now.
$ssh <username>@<device name>
The username is the name of the account that your are trying to access on the remote machine, say your wife Debbie’s account. The device name is the domain name of the device. Like this…
Once you enter the password for Debbie’s account, you’ll have access to her user data and privileges.
In Arch Linux, the process is a bit simpler. First, make sure you have openssh installed on your Arch system. You still need to modify the ssh_config and sshd_config files in a similar fashion, but the getting the daemon to run at boot time is as simple as just adding “ssh” to your /etc/rc.conf file.
You can manipulate (edit, backup, copy, etc.) files on remote machines using ssh from the command line. However, to transfer files between machines, you might want to use ftp. It’s easier, in my opinion. Personally, I use gFTP in Slackware and Arch for this. There are many other choices out there, though. Use whatever works best for you.
So, there you have it. My next project is going to be adding my printer to my router’s USB connection and setting it up as a network printer for all three of my systems.
This woman tells it like it is. Bravo, Carla!
The problem with all this cloud nonsense is it’s exactly that–nonsense. Hosted services are nothing new. What would be new and radical and transformative are attractive products reasonably-priced, and good customer service.
Hear! Hear! As most of my loyal readers know, I’m not fan of the cloud. It’s a large cistern of feces (for you less ejoomacated folks – a crock of shit). It’s just another way for some mega corp to bleed you of your hard earned $ by teasing you with wonderful cloud services. Yeah… right.
Carla speaks about cloud security:
Not only that, but is there anyone who can claim bragging rights to good security, and protecting customer’s data from intrusions? Anyone?
HAHA! Yeah… sure. It’s secure. Just trust us with all yer data. We’ll take care of it fer ya’. Yup! Remember Yuri?
Read the rest of Carla Schroder’s rant. It’s a good one.
Head In the Clouds?
More twaddle from the crotchety old geek, who needs to get with the program here. Or does he?
OK, here’s the scenario… Mr. Honor N. Integrity decides that he’s going to offer a service to folks. He prints up some flyers, places a few ads here and there, and rents a big safe that he has delivered to his new office in the strip mall on Mercantile St. You can’t miss him. He’s right in between Joanie’s Retro Punk Dress Shop and Bubba’s Jailhouse Tattoos.
So, what service is Mr. Integrity offering? Well, lemme tell ya’ about it. For a nominal fee, Mr. Integrity is going to take possession of your wallet or purse, your personal papers, your childrens’ personal papers, your partially finished draft of that really cool detective novel you’re writing, grandma’s will, and weird uncle bob’s tinfoil hat designs. He’s going to catalog them and store them in that big safe for safekeeping. You can have access to it any time, as long as the electronic lock on the safe isn’t being updated or oiled. Cool, huh? Yeah… right.
This, folks, is pretty much what the newest craze in the techie world is all about. It’s called cloud computing. What happens when you’re computing in the cloud? You’re sitting at home in front of what has basically devolved into a dumb terminal. All your applications, games, personal data, pictures, illegally ripped MP3s, copies of weird uncle bob’s tinfoil hat designs, etc. are stored on a server owned by Megaputer, Inc.*, a wholly owned subsidiary of ShadowSystems, LLC*, located in Bangladesh.
You’ve paid your yearly subscription fee for this service. You’ve read the TOS and EULAs. You have spoken with support tech “Steve” in New Delhi, India about the Super-Dooper Ver. 5.2 security system they have installed on their servers. You’re comfortable with all this. Good for you, you dummy. I bet you’re the same type who believes everything the doctor tells you without even the slightest need to question him.
Here you go… you sit if front of your system with the intention of banging out a couple chapters of that detective novel tonight. You’re at a really good part with lots of shooting and stuff. You fire up your dumb terminal and navigate using your Megaputer browser to your login screen so you can access YOUR STUFF. Oopsy! Page Not Found. Whaddya’ gonna’ do now, hmm? Call Steve in New Delhi, huh? OK. Steve tells you that the server is down for maintenance, but the real fact of the matter is that a 13 year old cracker named Yuri Titov has won a 1000 ruble bet with his buddy Vasily by breaking the Super-Dooper Ver 5.2 security system. COOL, huh? By the way, Yuri stole all your illegal MP3s and uncle Bob’s tinfoil hat designs. Hope you had those patented.
Sorry folks, computing in the clouds just ain’t for this old geek. I want MY STUFF on MY SYSTEM. Y’all are free to make your own choices.
Until next time… remember, doctors fork up too.
*These are fictitious companies created 100% within the warped mind of the author. Any resemblance to real companies like Google, IBM, or Microsoft is purely in YOUR own head.
Linux on the cloud: IBM, Novell, and Redhat – ComputerWorld
Cloud Computing – Infoworld