Jeber’s

Aldous Huxley on Mind Control and Depopulation

A prescient and thought-provoking interview with Mike Wallace, as relevant now as it was then.

New surveillance program will turn military satellites on US

Related to my post on Army troops being deployed in the U.S. is this story, one that has to make any concerned citizen wonder what their government is planning.

spy satellite

An appropriations bill signed by President Bush last week allows the controversial National Applications Office to begin operating a stringently limited version of a program that would turn military spy satellites on the US, sharing imagery with other federal, state, and local government agencies. The government’s own watchdog agency, the Government Accountability Office, has warned in an unpublished report that the more expansive program in the offing lacks adequate safeguards to protect privacy and civil liberties.

For now, the law restricts the NAO to “activities substantially similar” to those carried out by the Civil Applications Committee, an interagency coordinating body formed in 1976 to give civilian agencies access to military satellites for scientific and disaster preparedness purposes, such as “monitoring volcanic activity, environmental and geological changes, hurricanes, and floods.” But as a draft charter for the Office makes clear, officials at the Department of Homeland Security hope to branch out from these traditional applications, providing assistance and information to domestic law enforcement agencies.

That doesn’t sit well with some members of Congess, who in a sharply worded letter earlier this year expressed concerns that the NAO “raises major issues under the Posse Comitatus Act” barring the military from performing law enforcement duties, and worried the program could be used to “gather domestic intelligence outside the rigorous protections of the law—and, ultimately, to share this intelligence with local law enforcement outside of constitutional parameters.”

Among the questions raised about the proposed program is whether it runs afoul of the Reconstruction Era statute that makes it a crime to use the armed forces to “execute the laws” within US borders. Tim Sparapani, senior legislative counsel with the American Civil Liberties Union, believes the new initiative to be “a prima facie violation of the Posse Comitatus Act—this is about using a military asset to do domestic law enforcement.” If law enforcement or immigration agencies need spy satellites, he argues, they should ask Congress to buy them some, rather than using the powerful eyes in the sky operated by the National Reconaissance Office for foreign-intelligence agencies not bound by domestic privacy constraints. “The military should never be used against the citizenry,” he argues. “Even if we’re talking about shooting pictures of people instead of shooting people, the principle remains the same.”

And what of Fourth Amendment concerns? Here, Sparapani says, the program enters “uncharted waters.” In a pair of 1986 decisions, the Supreme Court ruled that aerial observation by surveillance planes did not count as a Fourth Amendment “search.” If you grew your marijuana out in the open, the justices essentially concluded, you could not claim a “reasonable expectation of privacy” even if the crop wasn’t visible from the ground. But the court left open the question of whether the same logic would apply in the case of technology more esoteric than an airplane. And in 2001, the court concluded that a search warrant was needed to use infrared scanners to detect the heat signature from an indoor dope-growing operation. (Source)

When the government starts making major, unprecedented moves like this with no explanation, maybe it’s time to start getting a little paranoid.

More on the DNS problem

From the Internet Systems Consortium:

Summary:

A weakness in the DNS protocol may enable the poisoning of caching recursive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack.

Description:

Thanks to recent work by Dan Kaminsky of IOActive, ISC has become aware of a potential attack exploiting weaknesses in the DNS protocol itself. (Full details of the vulnerability will be explained by Kaminsky at the Black Hat conference on August 7th.) The weakness is inherent to the DNS protocol and not specific to any single implementation. The DNS protocol uses the Query ID field to match incoming responses to previously sent queries. The Query ID field is only 16 bits, which makes it an easy target to exploit in the particular spoofing scenario described by Kaminsky.

Impact:

ANYONE RUNNING BIND AS A CACHING RESOLVER IS AFFECTED.

Immediate action required:

IF YOU ARE RUNNING BIND AS A CACHING RESOLVER YOU NEED TO TAKE ACTION.

DNSSEC is the only definitive solution for this issue. Understanding that immediate DNSSEC deployment is not a realistic expectation, ISC is releasing patched versions of BIND that improve its resilience against this attack. The method used makes it harder to spoof answers to a resolver by expanding the range of UDP ports from which queries are sent, thereby increasing the variability of parameters in outgoing queries.

YOU ARE ADVISED TO INSTALL EITHER THE PATCHES (9.5.0-P1, 9.4.2-P1, 9.3.5-P1) OR THE NEW BETA RELEASES (9.5.1b1, 9.4.3b2) IMMEDIATELY.

The patches will have a noticeable impact on the performance of BIND caching resolvers with query rates at or above 10,000 queries per second. The beta releases include optimized code that will reduce the impact in performance to non-significant levels.

DNS administrators who operate these servers behind port-restricted firewalls are encouraged to review their firewall policies to allow this protocol-compliant behavior. Restricting the possible use of various UDP ports, for instance at the firewalls, in outgoing queries and the corresponding replies will result in decreased security for the DNS service.

Again, DNSSEC is the definitive solution to this type of attack. ISC strongly encourages DNS administrators to deploy DNSSEC as soon as possible to fully address this problem. DNS domain owners that want their data to be protected against spoofing to the end-user must sign their zones. ISP and Enterprise DNS administrators who provide caching recursive name servers to their users should enable DNSSEC validation.

DNSSEC Lookaside Validation (DLV), offered by ISC and others, is another DNSSEC deployment option.

Tech Support Tryouts

The website is down

I’ve mentioned my stints on the help desk for Gateway computers and D-Link products before.  While I tried to be conscientious, I did get a complaint that I was taking too much time on some of my calls.  It didn’t help to mention that I was trying to help the customer accomplish their goal so they wouldn’t have to call back.

On supervisor told me I was much more suited to an in-house IT environment.  After watching this video, I’m inclined to agree.

The Website is Down

Your future desktop

If you think we’ve exhausted all the good ideas for presenting content on your computer, watch this:

This Technology Will Blow Your Mind.. – Watch more funny videos here

Assaulting robots

Thank goodness the little guy was able to pull it together enough to accomplish his final goal.

New Whois Policy for Canada

As privacy and data protection commissioners began to express
reservations about the legality of requiring domain name
registrants to disclosure their personal information, CIRA proposed
a new policy in 2004. After two major public consultations,
mounting opposition from law enforcement about its loss of
“unfettered” access to whois data and years of operational delays,
CIRA last week began informing registrants that the new policy will
take effect on June 10, 2008.

Under the new policy, CIRA will continue to collect the same contact
information from registrants as under its current policy. However,
it will no longer require that such information be publicly
available through its whois directory. In its place, CIRA will only
require the public disclosure of limited technical information,
though individual registrants may voluntarily “opt-in” to providing
more personal information.

While the CIRA policy protects the privacy of individual
registrants, corporate or organizational registrants will typically
have their full information publicly disclosed. The policy
recognizes that corporate information does not raise specific
privacy concerns since corporate information does not constitute
personally identifiable information. Moreover, consumers may often
want to access corporate whois information when judging the
reliability of a website.

In order to ensure that domain name registrants can still be
contacted, CIRA has also established a unique message delivery
system. CIRA will allow the public to contact domain name
registrants without access to their personal information by
relaying the message through a Web-based submission form.

The Canadian changes may be long overdue, however, they also
instantly catapult the dot-ca into a global leadership position.
With more than a million Canadian domain name registrations, the
resolution of the whois issue ensures that the Canadian domain name
space is set for continued growth as it now features a “privacy
advantage” over other domains struggling to strike a similar
compromise.

From the Toronto Star

Domain name policy puts us in Internet vanguard
by Michael Geist

Mon 28 Apr 2008
Page: B02
Section: Business

Mass web attack grows, 520,000 webpages infected

The sophisticated mass infection that’s injecting attack code into hundreds of thousands of reputable web pages is growing and even infiltrated the website of the Department of Homeland Security.

While so-called SQL injections are nothing new, this latest attack, which we we reported earlier, is notable for its ability to infect huge numbers of pages using only a single string of text. At time of writing, Google searches here, here and here showed almost 520,000 pages containing the infection string, though the exact number changes almost constantly.

Other hacked sites include those belonging to the United Nations and the UK Civil Service.

The attack causes infected sites to redirect visitors to destinations that attempt to install malware on vulnerable machines. At time of writing, the malicious payloads attacked vulnerabilities that already have been patched. And in any case all three of the redirection sites were down, possibly because they were unable to handle the demand. But should the attackers get their hands on a newer exploit – say, one targeting a zero-day vulnerability in QuickTime – it would be relatively easy for them to swap out the payload.

One reason the infection has spread so widely is the attackers have managed to find a single attack string that seems to work on tens of thousands of different sites. Most web applications are custom -built for a particular site, so attackers likewise have to custom design attack parameters to exploit weakness. Not so here.

“These guys look like they’ve found a methodology to get a successful SQL injection generically across [many] websites,” said Jeremiah Grossman, CTO of WhiteHat Security, which helps companies secure web applications. “That right there is like a skeleton key.”

While the number of pages that have been infected is high, not all are able to launch an attack once a user visits them, according to Roger Thompson, chief research officer of anti-virus provider AVG.

“Very often they’re on a page but the stuff doesn’t actually fire when you get there,” he said. “This is not a cunning, premeditated task; it’s just a blast. They’re just planting the stuff where they can and the result is a lot of pages [that] don’t do anything.”

But webmasters should not be complacent about removing the injected code from their sites and fixing buggy web apps to make sure more don’t spring up.

“It’s the cleanup effort that’s just going to be monstrous,” said Grossman, who said affected companies will have to either remove each overwritten table record one at a time, or revert to a recent backup. “Either way, it’s going to take forever.”  (Source)

As our dependency on networked computers grows, our need to provide robust safeguards increases as well.  To be less than completely vigilant is to invite disaster.

A post script to the GoDaddy saga

GoDaddy – Thieves or Incompetents? Conclusion

GayTech

I’ve been seeing questions raised within the tech crowd regarding the absence of women in high tech.  One such conversation mentioned a tech conference that was scheduled to have 20 some odd speakers, only one of whom was a woman.

I’m not questioning the validity of that observation.  I agree that there are too few women in prominent positions within the community.  That’s not to say there aren’t women in the tech field.  They just aren’t often given as many opportunities as their fellow male counterparts to be highly visible and influential.

But it did get me thinking; is technology neutral on sexuality?  There’s certainly tech gadgets and applications geared toward men, women, children, tweens, just about every demographic one can imagine but one.  Gays.

Why are there no prominent gay voices within the tech field?  Is there any application or program that especially appeals to gays?  I know there are gay themed websites, but where are the gay entrepreneurs, the gay VCs, the proudly gay developers?  Is being gay of no consequence to technology?

Engineers explain cats

Social Productivity

I sense an increasing merge between social networking and productivity.

Tools like Zoho Office and Google Docs facilitate creation as well as collaboration. Zigtag and Shyftr add a social element to our bookmarks and RSS feeds.

What was once a solitary endeavor; write a blog post, bookmark a favorite website, eventually became a shared experience (think StumbleUpon) and now has evolved into a fully interactive social activity. Even boring old Micrsoft allows me to write a document in Office Live then collaborate with others on it.

Now it appears the potential downside to social productivity is being discussed on Friendfeed and Twitter, sites that are far more social than productive. Once we share our content does it remain ours or become the property of the web? How can we know when and where comments and feedback are posted? The conversation is at risk of becoming fragmented, spread around to too many places, sites we may not frequent. Do we have any control over what we send out to others? Do the concepts of licensing and intellectual property need to be re-evaluated?

Back in the “old days”, the social web and productivity were isolated. I could type a document in Word or chat on IRC, but the two never crossed paths. These days that boundary has been breached, well before we’ve clearly thought out how we want to engage in the cross-talk.

What are your concerns? Is social productivity a big step forward or a pointless step sideways?

Wi-Fi Mania

My local Von’s offers free Wi-Fi.  Any business that offers its customers free connectivity ought to be applauded, but…a grocery store?  Am I supposed to wedge my laptop into the child seat and surf the web as I try to decide between tuna and ham for my sandwiches?  Will I be tempted to send out a Twitter to garner opinions on which brand of toilet paper is superior?

Where I eat, where I might sit and enjoy a cup of coffee, where I stay for the night; yes, I will be thankful for the opportunity to wirelessly access the internet.  Where I buy my toothpaste, not so much.

The web is the world, writ electronically

Humans started to form societies as soon as we learned to communicate. Small groups of hunter-gatherers formed larger groups to ensure their survival. In order to coordinate their hunting parties, they had to develop a means of communication. Communication became the means of cooperation.

Look at the terminology I just used; communicate, coordinate, cooperate. The prefix co means together; joint; jointly; mutually. Co is the prefix that defines human society. As individuals, early man was nearly helpless. He had no fur, not very good teeth, relatively poor eyesight. He was near the bottom of the food chain. Yet collectively, humans survived, even prevailed against adversity.

Communication, the ability to share ideas, is what has enabled us to reach the 21st century without becoming extinct. Our means of communication have evolved from the written word to the printed page, from smoke signals to the telephone, from street singers to MP3s. And now we have the internet.

Even though it’s only a few decades old, the internet has begun to evolve, too. At first it was a simple repository of electronic pages; you had to know where to look to find what you needed. Hyperlinking gave this electronic library continuity, a means to get from one document to another. Soon this medium earned its title as the world wide web. Anyone anywhere with internet access could communicate with others from across the globe. The internet reduced the time it took to send a message from one pole to the other to a matter of seconds.

Just as early man had the entire world to himself, early users of the web felt like citizens of the planet. Eventually, though, just as mankind settled into towns and cities and states, electronic communication is becoming more localized. Ebay is a world market, Craigslist is a local one. Local communities are finding new ways to use the internet to stay in touch, to be politically active, to recruit volunteers. Just like society, the internet is becoming more and more community oriented. Just as you can be a member of the human race while at the same time be a member of your neighborhood, the internet will always be a global means of communication, but the true value of the medium is shifting toward those around you. Social networking is starting to focus more on the small scale, the local group. It’s not unprecedented; it’s exactly the way human society itself evolved.

The Whack-A-Mole Method of Ending Hate In Our Time

Originally submitted to David Farber’s Interesting People mailing list:

Clearly whatever it is that Dutch politician Geert Wilders wants to talk
about in his film is going to be the end of the internet. The news that
Network Solutions decided to pre-empt his use of a domain name registered
through them for the purpose of promoting his film need not be re-hashed
here.

However, before bemoaning yet another registrar freely deciding, as is its
right, with whom it chooses to do business, it’s important to look at the
big picture. No, it is not “censorship” for Network Solutions to decide how
it wants its services to be used. There are a number of internet registrars
all over the world, and as recently demonstrated with Enom having been
notified by the US State Department that, yes, the OFAC SDN list means
something, one might do well to select one’s registrar based in part on an
understanding of the legal climate where that registrar is located.

But, perhaps we might understand Network Solutions policy more clearly by
looking at domain names registered through NSI which freely promote killing
Muslims rather than merely making films about them. Take for example the
Liberation Tigers of Tamil Elam, affectionately the Tamil Tigers – a nearly
universally recognized terrorist group perhaps best known for the
assassination of Rajiv Gandhi, but which has engaged in far more numerous
outright massacres in predominately Muslim areas of Sri Lanka.

The Tamil Tigers maintain at least two, if not more, domain names through
Network Solutions – eelam.com and eelamweb.com. Here, one can learn the
answers to all of your frequently asked questions about ethnic cleansing
such as at: http://www.eelamweb.com/faq/ which states “Muslims have been
asked to leave the Tamil Eelam territory until the independence of Tamil
Eelam.” This polite request is normally made at gunpoint during operations
of the Tamil Tigers.

So, the takeaway from these two actions of Network Solutions: (1)
prohibiting an NSI domain name to be used to promote an anti-Muslim film,
and (2) permitting two NSI domain names to be used to promote the mass
eviction and murder of Muslims in Sri Lanka; indicates that one needs to
apply a balanced perspective of how NSI would like its domain name services
to be used, before making rash judgments of alleged “bias”. If the
continued operation of eelam.com and eelamweb.com is any indication, NSI’s
view would appear to be that Mr. Wilders just isn’t going far enough.

Next up, the Islamic Army of Iraq, and their Louisiana brigade, courtesy of
iaisite.info, registered through Directnic.

John Berryhill, Ph.d., Esq.

While humorous, Mr. Berryhill’s comment does raise a serious question. What is the role of a host in monitoring and controlling the content of sites that register through them? If AT&T gets its way, webhosts may soon be legally and financially liable for the content carrid on their networks. Can we trust private companies to decide what is available on the internet?

Internet company suspends politician’s website over Qur’an film

Have the terrorists won yet?

An American internet company has inactivated the website of a Dutch right-wing politician, who was planning to release a critical film about the Qur’an, the Islamic holy book, on the site.

Network Solutions announced late Saturday that it had suspended the site, www.fitnathemovie, as the company assesses whether it contravenes its “acceptable use policy.”

Politician Geert Wilders says he’s made a 15-minute film as a warning to the  West about the teachings of the Qur’an.

Wilders is a well-known anti-Islamist who has called for a stop to immigration from Muslim countries and a halt to the building of new mosques in his country.

Wilders has said he’s not against Muslims but against their faith. He has previously talked about the “tsunami of Islamization” in the Netherlands, which is home to about one million Muslims.

After being turned down by at least four broadcasters in the Netherlands, Wilders announced this week that he planned to release Fitna  —the Koranic term for “strife” — on March 31 over the internet.

“If need be, I will personally distribute DVDs,” Wilders told Dutch news agency ANP after hearing about the website’s inactivation.

On Saturday, about 2,000 protesters gathered in downtown Amsterdam to demonstrate against Wilders and his film.

Calling their protest ”Netherlands shows its colours,” demonstrators say they were upset over what they saw as a right-wing witch hunt against Muslims.

Dutch officials fear the movie could spark violent protests in Muslim countries, and have emergency evacuation plans in place for their citizens in those countries.

Prime Minister Jan Peter Balkenende has said he rejects Wilders’s views, but supports his freedom of speech.  (Source)

The Muslim terrorists  have done better than killing all the infidels, they’ve made us afraid.  In our fear, we will do what they couldn’t, destroy Western civilization from within.  In our fear we’ll restrict liberty, bypass Constitutional protections and permit our government to act in any way they see fit…just save us from the terrorists.  We once thought the greatest threat to our way of life were the Japanese, the Germans, the Muslims.  We were wrong.  The greatest threat we face is our own fear, our own impotence to provide security while at the same time maintaining our freedom.

Atheists and free thinkers on Twitter, FriendFeed

Twitter and FriendFeed are becoming popular ways for like-minded people to communicate and keep in touch.

So how many of you use those services? It would be cool to share our usernames and build a network of atheist and free thinking folk.  You may also want to check out Twhirl as a Twitter desktop client.

I’ll go first. I’m jeber on both services. Among my Twitter friends are several atheists and free thinkers. Add them as your friends. Let’s talk.

A baffling proposal to filter the Internet

Tim Wu, writing for Slate, asks;

Has AT&T Lost Its Mind?

Chances are that as you read this article, it is passing over part of AT&T’s network. That matters, because last week AT&T announced that it is seriously considering plans to examine all the traffic it carries for potential violations of U.S. intellectual property laws. The prospect of AT&T, already accused of spying on our telephone calls, now scanning every e-mail and download for outlawed content is way too totalitarian for my tastes. But the bizarre twist is that the proposal is such a bad idea that it would be not just a disservice to the public but probably a disaster for AT&T itself. If I were a shareholder, I’d want to know one thing: Has AT&T, after 122 years in business, simply lost its mind?

No one knows exactly what AT&T is proposing to build. But if the company means what it says, we’re looking at the beginnings of a private police state. That may sound like hyperbole, but what else do you call a system designed to monitor millions of people’s Internet consumption? That’s not just Orwellian; that’s Orwell.

The puzzle is how AT&T thinks that its proposal is anything other than corporate seppuku. First, should these proposals be adopted, my heart goes out to AT&T’s customer relations staff. Exactly what counts as copyright infringement can be a tough question for a Supreme Court justice, let alone whatever program AT&T writes to detect copyright infringement. Inevitably, AT&T will block legitimate materials (say, home videos it mistakes for Hollywood) and let some piracy through. Its filters will also inescapably degrade network performance. The filter AT&T will really need will be the one that blocks the giant flood of complaints and termination-of-service notices coming its way.

But the most serious problems for AT&T may be legal. Since the beginnings of the phone system, carriers have always wanted to avoid liability for what happens on their lines, be it a bank robbery or someone’s divorce. Hence the grand bargain of common carriage: The Bell company carried all conversations equally, and in exchange bore no liability for what people used the phone for. Fair deal.

AT&T’s new strategy reverses that position and exposes it to so much potential liability that adopting it would arguably violate AT&T’s fiduciary duty to its shareholders. Today, in its daily Internet operations, AT&T is shielded by a federal law that provides a powerful immunity to copyright infringement. The Bells know the law well: They wrote and pushed it through Congress in 1998, collectively spending six years and millions of dollars in lobbying fees to make sure there would be no liability for “Transitory Digital Network Communications”—content AT&T carries over the Internet. And that’s why the recording industry sued Napster and Grokster, not AT&T or Verizon, when the great music wars began in the early 2000s.

Here’s the kicker: To maintain that immunity, AT&T must transmit data “without selection of the material by the service provider” and “without modification of its content.” Once AT&T gets in the business of picking and choosing what content travels over its network, while the law is not entirely clear, it runs a serious risk of losing its all-important immunity. An Internet provider voluntarily giving up copyright immunity is like an astronaut on the moon taking off his space suit. As the world’s largest gatekeeper, AT&T would immediately become the world’s largest target for copyright infringement lawsuits.

On the technical side, if I were an AT&T engineer asked to implement this plan, I would resign immediately and look for work at Verizon. AT&T’s engineers are already trying to manage the feat of getting trillions of packets around the world at light speed. To begin examining those packets for illegal pictures of Britney Spears would be a nuisance, at best, and a threat to the whole Internet, at worst. Imagine if FedEx were forced to examine every parcel for drug paraphernalia: Next-day delivery would soon go up in smoke. Even China’s Internet, whose performance suffers greatly from its filtering, doesn’t go as far as what AT&T is proposing.

If this idea looks amazingly bad for AT&T, does the firm have an ingenious rationale for blocking content? “It’s about,” said AT&T last week, “making more content available to more people in more ways going forward.” Huh? That’s like saying that the goal of a mousetrap is producing more mice. If the quote makes any sense it all, perhaps it means that AT&T, the phone company, has aspirations to itself provide Internet content. Could it really be that AT&T’s master strategy is to try and become more like AOL circa 1996?

A different theory is that AT&T hopes that filtering out infringing material will help free up bandwidth on its network. What is so strange about this argument is that it suggests that AT&T wants people to use its product less. That’s like Exxon-Mobil complaining that SUVs are just buying up too much gas. It suggests that perhaps AT&T should try to improve its network to handle and charge for consumer demand, rather than spending money trying to control its consumers.

I just don’t get the business aspect, so perhaps the only explanation that makes any sense is a political one. It may be that AT&T so hates being under the current network neutrality mandate that it sees fighting piracy as a way to begin treating some content differently than others—discriminating—in a politically acceptable way. Or maybe AT&T thinks its new friends in the content industry will let them into Hollywood parties if they help fight piracy. Whatever the explanation, AT&T is choosing a scary, expensive, and risky way to make a point. It is also, so far, alone on this one among Internet service providers; the cable industry is probably licking its chops in anticipation of new customers. That’s why if this plan goes any further, and I were an AT&T shareholder, I’d have just one thought: SELL.