Tag: Technology

Technological Advancements

The computer field interests me because it’s moving so damned fast. If every industry advanced as quickly as the computer market we’d probably have faster than light travel by now and could live for 500 years. I love seeing demonstrations of these advancements and the fact that an iPad 2 can beat a supercomputer from the 1990s makes for an excellent expression of such advancements.

Just think about that for a moment. In the span of roughly 20 years we’re now at the point where a handheld electronic device that costs hundreds of dollars surpasses the computing power of a massive supercomputer that listed for $17 million (the Cray-2 in this case). The human race is fucking awesome!

The Mises Institute Website is Available in Torrent Form

Do you have 211GB of hard drive space free? Do you want a collection of some of the greatest pieces of literature, audio, and video ever made on the subjects of liberty and Austrian economics? Well I just found out that the Mises Institute website is available in torrent form. The latest torrents can be found in this directory and include separate torrent files for books, journals, media, PDF documents, papers published in Reason, and one giant monster with everything.

This is one great thing about websites being published under the Creative Commons (the same license I use on this webpage), people are able to legally consume it in any form they damn well feel like. It also ensures that even if the Mises website is taken down all of their great information can live on.

iOS 4.3.3 is Out

Those of you with iOS devices should clear out your Internet tubes because you’re going to need them wide open for the next 666.2MB update that Apple has released to fix the recent tracking fiasco.

The only things listed in the changelog that Apple provides are corrections to the location caching functionality in iOS. Personally I’ve found this entire thing overblown simply because of the fact that nobody could demonstrate that the save location information was transmitted anywhere. Unlike TomTom iOS wasn’t sending the location data anywhere, it was only backing it up to whatever computer the device was synced with.

Beyond that the simple fact that cellular phones can track you solely as a side effect of this technology really made the potential threat held by iOS’s location data caching specialized. If the government needed a history of your locations they could get it easily by subpoenaing your phone company. The only real threat held by iOS’s caching was if somebody was able to get physical access to the system you sync your devices with and only so long as you don’t encrypt those backups (iTunes has the ability to encrypt your iOS backups).

Still it’s good to see Apple responded to this pretty quickly and now people can breath a sigh of relief… unless you’re using iOS 4 on an iPhone 3G then you’re just plain old fucked.

An IP Address Isn’t a Person

A common method used by copyright holders to sue file sharers is to file John Doe lawsuits against IP addresses. This type of lawsuit has always been on shaky ground in my opinion and it appears as through a District Judge has decided that shaky ground was falling apart:

A possible landmark ruling in one of the mass-BitTorrent lawsuits in the U.S. may spell the end of the “pay-up-or-else-schemes” that have targeted over 100,000 Internet users in the last year. District Court Judge Harold Baker has denied a copyright holder the right to subpoena the ISPs of alleged copyright infringers, because an IP-address does not equal a person.

This is a great ruling because of the simple fact that having somebody’s IP address is in no way proof that said person was actually committing a violation against copyright holders. For example if you have an unencrypted or weakly encrypted wireless network it would be trivial for somebody to connect to it and start downloading movies illegally. When the copyright holders get a list of IP addresses that downloaded said movie illegally yours would be one on the list. Thus the lawsuit would be failed against the IP address holder, yourself. As you can see though just because the IP address traces back to you doesn’t imply any proof that you committed the crime. In fact this exact scenario has played out before:

In the case VPR Internationale v. Does 1-1017, the judge denied the Canadian adult film company access to subpoena ISPs for the personal information connected to the IP-addresses of their subscribers. The reason? IP-addresses do not equal persons, and especially in ‘adult entertainment’ cases this could obstruct a ‘fair’ legal process.

Among other things Judge Baker cited a recent child porn case where the U.S. authorities raided the wrong people, because the real offenders were piggybacking on their Wi-Fi connections. Using this example, the judge claims that several of the defendants in VPR’s case may have nothing to do with the alleged offense either.

This ruling is just but I bet money that a long process of appeals will be going down until VPR Internationale is able to buy find a judge more sympathetic to their crusade cause. For now though it’s good to see there is at least one judge out there with some common sense on this issue.

My Take on TenFourFox

Not too long ago I mentioned TenFourFox, a port of FireFox 4 to the PowerPC. Last night I actually had time to load and try it out on my old PowerBook G4 and I must say I’m rather impressed.

Understand that the PowerPC G4 processor is pretty damned slow by today’s standard. Playing a Flash video while downloading e-mail generally turns the video into a slide show and makes any interaction with other processes a slow ordeal. Firefox 3 always ran a bit shitty on that system thus I wasn’t impressed. TenFourFox on the other hand ran pretty well for a modern piece of software ported to an ancient system. All my Firefox add-ons (NoScript, Certificate Patrol, LastPass, and Xmarks) work just find in TenFourFox and every webpage I visited appeared to render correctly. The browser’s performance wasn’t noticeably different than Safari’s which was a big plus. Overall I’m very impressed with what the team working on TenFourFox has managed to accomplish.

If You Have a Credit Card Tied to Sony’s PlayStation Network Cancel It

I haven’t commented on the serious security breech Sony is dealing with involving their PlayStation Network but I thought I’d toss out a warning. It appears as though whoever broke into Sony’s network was able to walk off with account information for 24.6 million of Sony’s customers. Sony has listed that following information is likely compromised:

name
address
e-mail address
birthdate
gender
phone number
login name
hashed password.

In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:

bank account number
customer name
account name
customer address.

That amount of personal information is perfect for malicious people wanting to perform targeted scams so watch yourself. Likewise if you have a debit or credit card tied to your PlayStation Network account call the bank that issued you the card and report it as stolen because it likely was.

TomTom Sending Customers’ GPS Data to Police

With the recent fiasco facing iOS and Android devices and their retention of location data it’s nice to know one company out there isn’t leaving speculation to chance but is openly admitting that they provide customer location data to government officials:

Dear TomTom customer,

Customers come first at TomTom.
When you use one of our products we ask for your permission to collect travel time information on
an anonymous basis. The vast majority of you do indeed grant us that permission. When you connect
your TomTom to a computer we aggregate this information and use it for a variety of applications,
most importantly to create high quality traffic information and to route you around traffic jams.

We also make this information available to local governments and authorities. It helps them to
better understand where congestion takes place, where to build new roads and how to make
roads safer.

We are actively promoting the use of this information because we believe we can help make roads
safer and less congested.

We are now aware that the police have used traffic information that you have helped to create to
place speed cameras at dangerous locations where the average speed is higher than the legally
allowed speed limit. We are aware a lot of our customers do not like the idea and we will look at
if we should allow this type of usage.

This is what we really do with the data:

  • We ask for your permission to collect historical data. You can opt in or opt out and can disable the data collection function at any time.
  • If you are using a LIVE device, you receive traffic information in real time and you automatically contribute to generating traffic information.
  • We make all traffic data anonymous. We can never trace it back to you or your device.
  • We turn anonymous data into traffic information to give you the fastest route available and route you through traffic jams in real time.
  • We are working with road authorities around the world to use anonymous traffic information to help make roads flow more efficiently and safer.
  • Our goal is to create a driver community capable of reducing traffic congestion for everyone.

Although they anonymize the data it’s still quite possible to retrieve who location data applies to. For instance you can use records of credit card translations, cell towers the person’s phone was connected to, cameras to find what car was where and when, etc. It would be possible to setup a system to tie this anonymized data to drivers and write them speeding tickets using that system as evidence.

That’s a theoretical problem, a real problem is the fact that the data is being used to setup police revenue sources such as speed cameras. A Dutch firm has openly admitted that they use TomTom customer data to setup speed traps. So this anonymized data is actually being used to cost you money for something that isn’t actually dangerous as currently implemented (in other words speed limits aren’t actually a safety limit but an arbitrarily selected number).

Anonymous collection and transmission of data is a threat with any device capable of determining a location and sending data. Cell phones are the best tracking devices on the planet as a side effect of how they work. But TomTom has openly admitted they send not just location data but data relating to customer travel times which is then given to government entities. This providing of data sets up a mechanism that could allow for government agencies automatically writing tickets or performing other actions that will cost you money. Personally I find that disgusting.

Let this also be a lesson to those who don’t actually read the end user license agreements of the devices and software they use.

More on Open WiFi Networks

A couple of days ago I mentioned my reasoning for not running an open WiFi network. Funny enough the Electronic Frontier Foundation (EFF) posted an article about why one should run an open WiFi network. As I said in my previous post on the matter I would like to run an open WiFi network so those who needed WiFi access could get it but I don’t want to deal with the fact anything an anonymous person accessed on my open network would appear as though I accessed it.

This has lead me to ponder a means of setting up an open WiFi network that could be publicly used while keeping my traffic secure, separate, and not having anything a third party does on my network reflect badly on myself. What follows is the solution I’ve thought up so far with no real concern yet for implementation.

Obviously I want my wireless traffic to be encrypted as I value my privacy. This is easy enough to do with good old WiFi Protected Access (WPA) using a strong key. Thus ideally I would have two access points, one open for third party use and one secured for my use. The other feature I would desire is keeping the publicly accessible network completely separate from my private network. This is easy enough to accomplish by using a gateway device with Virtual Local Area Network (VLAN) capabilities. I could setup one VLAN for the public network and another for my private network which would prevent the public network from talking to my private network.

The final and most difficult requirement is avoiding any legal ramifications that could be directed at me because of the web traffic generated by a third party. Like many network problems requiring anonymity I believe I’ve found my answer in the form of the Tor project. Tor is a network that can be used to anonymously access the Internet. Anonymity is achieved by encrypting all traffic and bouncing it between multiple nodes until that traffic reaches an exit point and is decrypted and sent to its destination. The benefit for me is the fact you can’t trace the source of any data going across the Tor network back to either its source or destination meaning anything accessed on my public network wouldn’t reflect on me.

What I would need to setup is a mechanism of ensuring all traffic that goes across my public network would be sent through the Tor network (not really the intended use of Tor I realize but alas it fits my needs here). I would want to set it up in a manner where inability to connect to the Tor network would disable the public network from reaching the Internet. This wouldn’t be difficult once I actually setup the Tor gateway system. There would likely be a problem of a slow connection as the Tor network isn’t speedy but honestly I don’t care, you get what you pay for. Likewise multiple peoples’ traffic would be going through a single Tor relay but again that’s not my problem nor is the fact I can’t control what happens at the Tor exit node my problem.

So this is my initial proposal for setting up a publicly accessible WiFi network without having to worry myself with personal security or the actions taken by those accessing my public network. I’ll probably investigate this a bit more and may even try to setup a trial and see how it turns out. Or I may instead do something else and leave this proposal untested and assume somebody will like the idea, implement it, and tell me how it worked out for them.

FBI To Remove Coreflood From Infected Computers

I’ll be honest and admit I’ve heard little about the botnet being referred to as Coreflood. Apparently it did something nasty enough to gain the attention of the Federal Bureau of Investigations (FBI) though:

Two weeks ago, the DOJ and the FBI obtained an unprecedented temporary restraining order that allowed them to seize five command-and-control (C&C) servers that managed Coreflood. Since then, the U.S. Marshal’s Service has operated substitute C&C servers that have disabled the bot on most infected PCs.

But that’s not the most interesting part of this story. It seems that the FBI have been able to identify the owners of some infected machines and are going to offer to uninstall the botnet software from those owner’s computers:

The FBI has also identified infected computers, and in some cases has linked names to the static IP addresses. Those are the PCs targeted for remote Coreflood eradication.

“While the proposed preliminary injunction is in effect, the Government also expects to uninstall Coreflood from the computers of Identifiable Victims who provide written consent,” said the DOJ in the memo.

I’m not sure how the written consent will be dispatched but I do have some advice if you should receive such a consent form. First of all turn it down, the last people you want in your system is the government. Thor knows that they’ll probably uninstall the botnet software but will also install something that monitors your network activity to “verify property removal.” Yes I’m actually that cynical but I trust nobody inside of my machines be it government officials or just regular people off of the street (although I’m inclined to trust the latter more).

The second thing you should do after burning that consent form is to wipe the machine and reinstall the operating system plus all available updates. Only one means exists to uninstall malicious software and ensure it’s actually gone, wiping the entire computer clean and starting from scratch. Software is incredibly complex and there is no way to know if every backdoor for a piece of malicious software has been removed. Do yourself a favor, if your system has been infected just start over. Anti-malware software can make an attempt to remove malicious software and may or may not be successful but you have no way of knowing.

It Took Them Long Enough

Remember roughly a year ago when Apple announced the iPhone 4 and that it would come in both black and white? Well Apple has finally released the white model. Yeah it took them almost a year to figure out how to take a black phone and turn is white. I guess that old phrase, “Once you go black you never go back.” holds some truth here.

I’m still waiting for people to buy this, Apple to announce the iPhone 42, and then those people who just bought the white iPhone 4 to whine that they got ripped off.