Tor Best Practices

Posted on 2013-12-24 by jcs

Over at Digital Era there’s a nice post on Tor best practices. While the Tor protocol and software are reasonably secure, you can’t use them blindly. The most recent example of what happens when you do is demonstrated by Eldo Kim who used Tor and Guerrilla Mail to send a bomb threat to Harvard University. Kim sought to use the bomb scare to avoid taking a final. Unfortunately for him he used the Harvard WiFi network and his identity was discovered simply by checking who on the network was using Tor at the time the email was sent.

It wasn’t a weakness in Tor but Kim’s lack of operational security that caused his discovery. The post at Digital Era helps you avoid errors like Kim’s by explaining how best to use Tor and what practices are dangerous and should be avoided. One of those practices is to never use Tor from or near home. It’s too bad for Kim that he didn’t read that before sending his email.

Most of us aren’t using Tor to send bomb threats, of course, but it is used by many—journalists and activists come to mind—in conditions that could be life threatening if their identities were discovered. If you’re using Tor under conditions that could result in dire consequences should your identity be discovered, you should definitely take a look at the best practices post.

Posted in General | Tagged , | Leave a comment

Git Bisect

Posted on 2013-12-23 by jcs

Over at randyfay.com, Randy Fay has a great screencast on debugging with git bisect. If you’re not familiar with git’s bisect command, the idea is to find the git commit that introduced an error.

The process is basically a binary search. You have a commit with the error and find one without the error. Now you have the guilty commit bracketed and find it by dividing the commit space in half to find a new bracket end point, just as with a binary search. You could do that by hand, of course, but git partially automates the process with the bisect command.

The process is harder to describe than it is to do. Watch Fay’s screencast to see the bisect command in action. Fay uses git from the command line instead of magit or some other interface so you don’t have to be an Emacs user to profit from the video. If you are an Emacs user, magit has an interface to the bisect command so you can have the best of both worlds.

Posted in Programming | Tagged , | Leave a comment

A Talk with Linus

Posted on 2013-12-22 by jcs

In June of last year Linus Torvalds held a Q&A session at the Aalto Center for Entrepreneurship. It’s a far reaching and interesting talk. Torvalds talks about tool building, the beginning of Linux, how the project is run, why Linux has conquered every domain except the desktop, and many other topics.

Torvalds is an interesting guy and famously blunt in his assessments of people and things. This is the video where Torvalds gives his famous characterization of NVidia as the worst hardware company in the history of Linux. It’s at about the 50 minutes point if you can’t wait.

The video is about an hour and four minutes so plan accordingly. It’s long but worth your time. I found it fascinating.

Posted in General | Leave a comment

Phone Tracking

Posted on 2013-12-21 by jcs

Matt Blaze over at Exhaustive Search has an interesting post on how law enforcement agencies track phone calls. Blaze is discussing law enforcement targeting individuals in support of criminal investigations not the wholesale dragnet surveillance of the type that the NSA specializes in.

If you’re the type that likes cop shows you’re already familiar with some of these techniques. There’s what Blaze calls the retrospective methods that subpoena call detail records from the phone company. There’s also real time methods where the authorities capture call information as the calls happen. Again, many of these—such as pen registers—are part of popular culture and well known to devotees of police procedurals.

What’s more interesting are the lessor know methods such as tower dumps, 911 pings, and IMSI catchers. Blaze explains what these are and how they work.

While there is some controversy over a couple of these methods—especially the IMSI catchers—most people see these techniques as legitimate investigative tools unlike the highly controversial wholesale surveillance used by the NSA. Still, if you’re concerned about privacy and how the government might, legitimately or illegitimately, track your communications, you will find this post helpful.

Posted in General | Tagged , | Leave a comment

Two Stories on the NSA

Posted on 2013-12-20 by jcs

This week there were two stories that can’t make the NSA happy. In the first, Rick Falkvinge reports that Brazil, upset over NSA spying, ditched their plans to buy Boeing jets and went with Gripen instead. This despite the fact that the JAS 39 Gripen-NG jet is still a prototype and not yet in production. Gripen is a division of the Swedish company SAAB. The loss of the Brazilian contract will cost Boeing and America 4 billion dollars.

The second story concerns the meeting between President Obama and several tech leaders. Although the official purpose of the meeting was to discuss ways to improve healthcare.gov, the tech executives viewed it as an opportunity to express their dismay about NSA spying and the blowback that American tech companies are experiencing as a result. During the meeting, one of those executives, Zynga founder Mark Pincus, pressed Obama to grant Edward Snowden a pardon. The NSA, of course, considers Snowden the ultimate traitor deserving of the harshest of penalties.

Obama would not, of course, commit to a pardon but it is clear that more and more Americans—and not just us nerds—are coming to see Snowden as a hero deserving of a pardon and more. That’s a fact that’s got to give the NSA heartburn.

Posted in General | Tagged | Leave a comment

The Five Word Tech Horrors Meme

Posted on 2013-12-19 by jcs

Via Jean-Philippe Paradis, I was led to the Twitter meme/thread/hashtag #FiveWordTechHorrors. The idea is identify an especially egregious tech issue in five words. Some of my favorites:

  • It’s a standard, like Windows
  • We emailed you your password
  • Congress is drafting Internet legislation
  • I just fixed Lisp’s problem!
  • I made an infix reader-macro

Those are some that Paradis has retweeted but there’s a bunch more so be sure to follow the link. If you’re on Twitter, you may want to contribute. Fun for all.

Posted in General | Tagged | Leave a comment

The Real Edward Snowden

Posted on 2013-12-18 by jcs

When speaking of Edward Snowden, the government can’t seem to make up its mind. Sometimes he’s a high school dropout and misfit who couldn’t pass elementary computer classes and cheated on his NSA entrance exam. Other times he’s an evil genius who used extraordinary hacking skills to defeat the super-secure protections that prevented unauthorized access to NSA secrets. The characterization changes to fit the narrative of whatever story the government is trying to float at the time.

Now, Forbes has an article that tells us what one of Snowden’s colleagues at the NSA has to say about him. This colleague paints Snowden as very smart and talented, a “genius among geniuses.” One indication of that is that Snowden was offered, but turned down, a position in the elite Tailored Access Operations that develops exploits to access computers surreptitiously.

As to how Snowden was able to access all that data, the answer is simple: he was given access because he was so valuable and could do things others could not. His colleague explains that he was given virtually unlimited access to all of NSA’s data. He had no need to forge credentials, as the NSA has sometimes claimed, because he already had access. Of course, that fact doesn’t fit any narrative that the NSA would care to make public so this is the first we’re hearing of it.

Meanwhile, John Gruber of Daring Fireball also has something to say about Snowden: that it’s getting harder and harder to see Snowden as anything but a hero. That’s something that many of us have believed all along.

Posted in General | Leave a comment

NSA Phone Metadata Collection Ruled Illegal

Posted on 2013-12-17 by jcs

In a bit of good news a federal judge has ruled that the NSA’s collection of phonecall metadata violates the fourth amendent. This is by no means the end of the story. The ruling is at the District Court level and is sure to be appealed. Even the ruling was less than definitive. The judge wrote that the collection “quite likely violates the fourth amendment.”

Still, the judge found little evidence that the program was effective and completely dismissed the government’s contention that those filing had no standing. The standing issue is important because previous challenges to the program have been dismissed on the grounds that the complainants couldn’t prove they were being harmed. As a result of the Snowden revelations, it’s now clear that every American with a phone has standing so the issue will be heard on its merits rather than a hyperlegal technical argument.

It’s not as good as the Supreme Court dropping the hammer on this nonsense but it’s a start. The ruling addresses the weak points of the program: constitutionality, standing, and effectiveness. This can’t be letting the NSA mandarins sleep well.

Posted in General | Tagged | Leave a comment

A Problem with Magit

Posted on 2013-12-16 by jcs

Two or three weeks ago I noticed a problem with Magit. When I executed magit-status, I no longer got a list of the untracked files. That meant that I couldn’t add new files to a repository with Magit. The thing was if I switched to Eshell and called git directly, everything worked correctly. “Well, no problem,” I thought, “the latest commit must have broken something. They’ll get it fixed soon.” In the mean time, I just added the new files by calling git directly. But despite almost daily updates to Magit, the problem didn’t go away, so I asked DuckDuckGo what it knew about the problem. Answer: nothing. Nobody else was having the problem so it must be something local. I hadn’t changed anything in my init.el or messed with the Emacs or git configurations in any way so I decided to jump into the code to figure out where I was failing.

Initially I thought I would run the debugger but it was pretty clear from the code that the problem had to be in magit-insert-untracked-files, which in turn meant that magit-git-lines was failing. The magit-git-lines function just calls git with the specified parameters (via process-file) so it looked like git was failing but it worked fine when I called it with the same parameters that magit-insert-untracked-files was using.

There are two points to this post. Here’s the first: Because Emacs is a Lisp machine-like environment, I could make the same call to process-file that magit-git-lines was making by typing 【Meta+:】 and entering the call in the minibuffer. That call failed as expected but I was able to play with the parameters to git to see where the problem lay. The actual call that was failing was 

git --no-pager status --porcelain -u

and by eliminating the parameters one by one I discovered that it was the --porcelain parameter that was causing the problem. That parameter asks git to output the results in a machine-parsable format that is guaranteed to be backward compatible. Just what you need for an application like Magit.

It became pretty clear what the problem was. There must be an old version of git that didn’t implement the --porcelain option on my machine. I checked that by changing the parameter to the git call to --version and discovered it was calling version 1.6.5.7. When I called 

git --version

from Eshell, I got 1.8.3.4.

So here’s what happened. These days git is either included in the OS or gets loaded with Xcode but that didn’t use to happen so I built my own version and installed it in ~/bin, a directory where I keep my executables. Because I add ~/bin to (the head of) exec-path, Emacs was finding the old version. Eshell doesn’t use exec-path so it was finding the newer version. That brings me to the second point: I’m telling you all this in case you experience the same problem. Just get rid of the old git executables and you’ll be fine.

It’s worth reiterating the first point. The wonderful Emacs Lisp environment makes it easy to debug problems like this. You can just try executing code until you find where it’s failing. No recompiling, no reloading, just try it and see what happens. Think what it would be like solving this problem if it were a C program.

Posted in General | Tagged | 5 Comments

Obama and the NSA

Posted on 2013-12-15 by jcs

Over at The New Yorker, Ryan Lizza has a fascinating article on the history of the NSA’s latest extra-legal surveillance on Americans. These programs all started under the Bush administration as a reaction to 9-11 and, significantly, over the strenuous objections of senators Barack Obama and Joe Biden. Since assuming the presidency, Obama has been steadfast in his support of the NSA and its spying on Americans.

The article is lengthy but well worth your time. You’ll learn, among other things, how the FISA court nearly shut down some of the programs because of the NSA’s violation of the court’s restrictions and their deceptions to the court. The hero in this story is Senator Ron Wyden of Oregon who has fought this nonsense for years despite being legally forbidden to discuss the reasons for his concern.

Wyden is currently battling with his friend and fellow senator, Dianne Feinstein over how (or, indeed, whether) to rein in the NSA. Both have offered bills to “fix the problem” but Feinstein’s bill is generally considered ineffective and lets the NSA continue their spying. At this point, neither bill has the requisite 60 supporters to force a vote. In the meantime, Americans and non-Americans will have to get used to life under the microscope. The NSA has been clear in its desire to expand their programs.

Posted in General | Tagged | Leave a comment