Archive for the 'Software' Category

Whatever shall we do without the slave master?! How will we EAT?!?

Friday, November 9th, 2007

An absurd piece of shortsighted nonsense from BBQ, bemoaning the fact that WBOOG(2) Radiohead’s fans didnt fall overthemselvs like Ron Paul supports to pour money into their account in exchange for their new set of recordings (formerly called an ‘Album’):

“Radiohead have been bankrolled by their former label for the last 15 years,” said Michael Laskow, chief executive of Taxi, a company that helps bands get signed to record labels.

“They’ve built a fanbase in the millions with their label, and now they’re able to cash in on that fan base with none of the income or profit going to the label this time around.”

“How will new artists be able to use this model if they haven’t built a fan base in the millions?” he added.

[…]

BBQ

Yes indeed.

I will tell you how they will use this model and make millions.

They will do it like this. Mia Rose has literally millions of fans all over the world, gained simply by posting her music on YouTube.

This is how artists will promote themselves in the future, and they will make more than a living out of it, by selling merchandise related to themselves and their music, and through licensing.

We are in the middle of a transition period between the Soviet era of music manufacture and distribution and ‘teh internets’ era; the era of dematerialized frictionless distribution, the era of music as a service, not a product.

Only the buggy whip selling computer illiterate, evil paternalist losers at the BBC whine about this new era.

But you know this!

Citizens turn to Blackberry in the face of government spying

Tuesday, October 9th, 2007

By Chad Skelton
CanWest News Service
Vancouver Sun
October 08, 2007

VANCOUVER — Police often say organized crime in B.C. is big business. So perhaps it was only a matter of time before gangsters adopted the device of choice among corporate workaholics: the BlackBerry.

It has become so popular among B.C. gang members that an internal RCMP “threat assessment” on organized crime produced this year devotes an entire section to the device.

“It’s something we’ve seen increasing over the last three to four years,” Staff Sgt. Bruce Imrie, head of the RCMP’s Vancouver Integrated Technological Crime Unit, said in an interview. And that poses a big challenge for law enforcement, because encryption and security features make the devices much harder to wiretap than land lines or cellphones.

“The BlackBerry (server) was created with corporate data security in mind,” states the RCMP report, obtained by The Vancouver Sun through the Access to Information Act. “Until recently, this system was only affordable by companies such as Telus, CIBC, and the like; they are now more affordable and it is easy for individuals to set-up a network.”

Imrie confirmed when police get a warrant for a criminal’s BlackBerry messages it can be difficult to intercept them.

“The use of BlackBerries may allow them to circumvent lawful access … (with) the encryption involved in the transmission,” said Imrie.

Even when police confiscate a criminal’s actual BlackBerry, he said, cracking its password to view the messages stored on it can be a challenge.

BlackBerries are most popular among a gang’s highest-ranking members, said Imrie.

“Your general street-level criminal doing organized shoplifting is not as likely to have a BlackBerry as your high-end drug trafficker,” he said. “(And) depending on the sophistication of the criminal organization, the use of the BlackBerry seems to increase.”

However, as BlackBerries become more affordable, that distinction is starting to blur, he said, with the devices becoming more prevalent among all types of criminals.

RCMP Insp. Gary Shinkaruk, head of biker gang investigations in B.C., said BlackBerries are “extremely common” among the criminals his unit investigates.

“For a lot of groups, it’s standard practice,” he said.

Research In Motion, the Canadian company that makes the BlackBerry, did not respond to a request from The Sun to comment on its security measures.

However in June, Scott Totzke, RIM’s vice-president of global security, told The Times of London that its encryption is virtually unbreakable.

“Every message that is sent via a BlackBerry is broken up into 2Kb (kilobyte) packets of information, each of which is given a 256-bit key by the BlackBerry server,” said Totzke. “That means to release the contents of a 10Kb e-mail, a person would have to crack five separate keys, and each one would take about as long as it would for the sun to burn out – billion of years.”

The 500-page RCMP report, titled the Integrated Threat Assessment on Organized Crime, is produced each year.

The copy released to The Sun was heavily edited, with the RCMP deleting many sections for security reasons.

Canada.com

Privacy will be the exclusive reserve of the rich and the ‘criminal’, like we said before.

This is of course, only one sort of private network that anyone can set up, and Asterisk is even simpler and more stealthy. A group of people requiring telephone privacy would, for example, set up an asterisk server somewhere, and then distribute handsets to all the members of the group. Once this is done, the following features become available:

  • free phone calls to any member
  • unbreakable encryption
  • no traffic analysis, because no one even knows that a phone call is in progress
  • phone calls from any open wireless access point, so no cellular network triangulation

Since the plaintext and ciphertext of calls are not stored anywhere, this is a better solution for everyone since there is no ‘evidence’ left behind for anyone to trawl through or try to decrypt. If anything at all is found, only a server and some handsets will turn up and no trace that even a single call was made.

It doesn’t take much imagination to substitute the words ‘gangster’ and ‘criminal’ for ‘you’ and ‘me’. If you want to keep the contents of your email private, there are ways to do it right out of the box.

Will we finally see a surge in the use of GPG/PGP? Only time will tell. What is for certain is that there are more people who are thinking about there privacy than ever before, and some of them are taking steps to protect themselves.

FireGPG: Use GPG with Gmail!

Saturday, April 7th, 2007

FireGPG is a Firefox extension under GPL which brings an interface to encrypt, decrypt, sign or verify the signature of a text in any web page using GnuPG.

[…]

http://firegpg.tuxfamily.org/index.php?page=home&lang=en

Its about time.

If you use this with Gmail, no matter what happens, no one can read your email on the server. Not that Google will do that of course.

Quite why Google didnt do this themselves is a good question. They have the expertise, and the understanding to do it. Certainly the Bad Guys® would discourage them from releasing a tool like this to all Gmail users; it would mean email messages going dark to ECHELON, and then the sky falling.

An idiot writes

Monday, March 26th, 2007

If you have 2 decades experience that a product is rubbish, should anyone care that you get frustrated after buying a new version and it turns out to be rubbish? Yet Again.

Dear Bill Gates

First, the apology. Having complained here on 6 February that your new Vista operating system was driving me bonkers, it would have been polite to give you an update before now.

gates203_afp.jpgAnd had I been a little less self-obsessed, I would have commiserated with you for the wobble in your share price a few weeks ago when your chief executive warned that Wall Street’s estimates of revenues from Vista in the coming year were over the top (though analysts still expect Vista to generate comfortably over $15bn of sales in the year from June 2007).

15 billion dollars for a broken, pointless product that doesn’t meet any user expectations. There’s one born every minute, and Bill Gates has persuaded them all to buy Windoze.

But in delaying my progress report, I gave you the benefit of the doubt. I assumed that Vista would soon become compatible with the assorted tools of my trade, so I could write you a belated note of congratulation.

In fact my Vista experience has gone from bad to worse. One of your engineers has informed me that my HP iPAQ PocketPC will never be compatible with Vista, even though the software it runs is Microsoft software. Hey ho. That’s an expensive and serviceable bit of kit written off prematurely.

Hey Ho?!! Bleet bleet.

Your engineer has however held out the tantalising prospect that Olympus may produce new drivers such that I would eventually be able to transfer sound files from my digital voice recorder to my new Vista laptop. But so far, those drivers are proving a bit elusive and my digital recorder may also become redundant.

Fool me once, shame on you. Fool me twice, shame on me. Fool me repeatedly over decades, expose me as a lobotomised sheep with blinkers and an addiction to being fooled.

But as economists say, there’s no point in obsessing over spilt milk. However, here’s what almost sent me over the edge this weekend.

I installed Office XP on my new laptop, and have been puzzled and irked that Outlook will not save sign-on passwords. It means I have to type in my passwords every time I check my e-mail accounts for new mail.

For weeks I’ve been investigating possible fixes to this annoying glitch. But yesterday I came across an explanation from someone called the Microsoft AppCompat Guy, on Microsoft’s discussion forum for “General Windows Vista Development Issues”.

This is what AppCompat Guy says: “This was a difficult deliberate choice. During the development of Vista, it was discovered that the password storage algorithm used by Outlook was too weak to protect your data from future, potential attacks. Both the security and application compatibility teams decided that protecting your data outweighed the inconvenience of having to retype your passwords. As the appcompat representative, I can assure you this was not a decision we took lightly… ”

vista203_pa.jpgSo just to be clear, Microsoft has created a new operating system that isn’t properly compatible with a best-selling, still perfectly useable version of its own software. Which of course provides quite a powerful incentive for me to spend up to £99.99 on upgrading to Microsoft Outlook 2007 – except that in my current mood, I’d rather stick pins in my eyes.

“quite a powerful incentive for me to spend up to £99.99 on upgrading to Microsoft Outlook 2007”

WHAT!??!?! After paying for a broken product (for no good reason) which mothballs your perfectly good hardware, you are willing to pay MORE money in the vain hope that it will be OK in the end. Baa!

Ladies and gentlemen, this is “Robert Peston, the BBC’s business editor. This blog is my regular take on the business stories and issues that matter.” Would you trust this man to make a single good busines edition, when he repeatedly proves himself to be an imbecile, incapable of rational business thought in his personal spending habits, cannot evaluate product cost vs benefit, and does not appear to have looked at alternatives. And then wants to apologise for having slightly bad thoughts about the product.

Here he goes again:

In a way you’re to be congratulated. Vista should provide a significant boost to Microsoft’s cash flow, from sales of the basic operating system and sales of new versions of other Microsoft software, like Outlook, that are presumably designed to work brilliantly with it. Also there’ll be incremental revenue for the whole computer industry, as customers like me are forced to replace accessories like my HP PDA, which has been Vista’d into obsolescence.

NOBODY has ‘forced’ him to replace his version of XP with Vista. Nobody has forced him to use windows at all. It is only the fault of him (and millions like him) who are M$addicts, too stupified to see the alternatives.

To put it in personal terms, the £650 I spent to replace a dead laptop may lead me to spend a further £400 or so, just so that I can continue to do with my laptop what I expect to be able to do with it.

All of which sounds like good news for you and the IT industry in general.

Except that I’m left with the uneasy feeling that I’ve been ever-so-elegantly mugged. Presumably there’s no connection between your recent sales downgrade and what you might call the negative goodwill generated for customers like me.

Hasta la vista, as they say

That ‘negative goodwill’ has got him spending over 1000 quid on stuff he doesn’t need, and probably won’t work as he requires.

What a business! Never underestimate the stupidity of the general public. Or of BBQ editors, by the look of it.

Adderuppa Now Testing

Tuesday, March 20th, 2007

Adderuppa, a new app to help you keep track of time is now online: www.adderuppa.com. While its being tested out, you can try it for free. Please let us know what you think of it!

Low Cost Non Biometric VISA Verification

Sunday, February 18th, 2007

Currently, when travellers arrive in the UK from third world countries, they have their VISAs inspected by staff equipped with loupes. The VISA is in the form of a printed sticker with embedded security features.

The staff with loupes are looking for forged VISA stickers. They have no way of checking wether or not any particular VISA is genuine or not.

The processing of these passengers takes considerably longer than it should, because two procedures are being carried out, and there is a prolonged questioning session that takes place.

To make everything work better this is what you need to do.

1) The questioning of a passenger’s travel plans should take place in the country of origin, before the VISA is issued.

2) When a VISA is issued, the physical stamp should be stuck inside the passport. It should then be entered into an online application, so that when the passenger arrives in the UK, the Immigration Officer scans the stamp, and the record is retrieved. She can then compare the online record with the sticker in the passport.

Each VISA record is digitally signed with the PGP key of the VISA issuing station and officer that certified this person. This eliminates the problem of someone somewhere gaining access and inserting false entries into the database.

If someone tries to fly into the UK on a forged VISA, the record will not exist in the database. No need for loupes or long queues. If the record is not in the DB, it must be a fake. As long as the VISA is issued correctly, one swipe of the passport will be enough to see if the person’s VISA is in order.

A very simple LAMP powered application could do this. Every Embassy in the world could be connected to the system with commodity equipment and some relatively simple software. You could ether get all the Embassies to run their own web-servers that are queried in realtime, or you could have all of the Embassies upload to a monolithic server in Whitehall. You know which one I would prefer. See below.

Why on earth this has not been done should not be a surprise to anyone; HMG knows nothing about IT, and the people who do don’t want to sell a cheap, efficient system like this to anyone because they will not make any money out of it.

A project like this should really be done in house, on Open Source software. It is not rocket science, does not not involve new developing new algorithms or systems, is non invasive, proportional and fool proof. It is about time that IT was taken seriously by HMG. It is not absurd to imagine that every British Embassy has its own IT officer, in charge of running the Embassy website, since so many services are done on the web. It also means that there is no single point of failure bringing the entire UK VISA down.

Naturally, it has not been done. Instead, the staff are getting new clothes.

Putting the Immigration Staff into uniforms is not going to solve any problems. It is in fact, a sign of weakness and impotence.

Astonishing.

UK Laws now online?

Wednesday, January 10th, 2007

The UK Statute Law Database

The UK Statute Law Database (SLD) is the official revised edition of the primary legislation of the United Kingdom made available online. For more information about SLD and what it contains see Help

Statute Law Database

I remember reading a post on Blogdial maybe two years ago to the effect of this, putting all laws online for the public to see. This database has been online since late December and it’s a good START… and as much as they trumpet its success, there is still a problem:

Where’s the interaction?

Where’s the Wiki? Why can’t I add comments? How come we can’t vote on the laws in a digg-like fashion? Why aren’t challenges to the laws posted? Because none of this is any good when a list of many of the horrible laws that are in effect cannot be questioned and challenged within the powerful internet forum – does the gov’t think the public is just going to say “oh it’s really powerful to be able to look at my laws! Now I really now how to be good!” People want INTERACTION and EFFECT. Not just a list.
So while it’s nice that all the statutes are linked together, and are updated to reflect not-yet-enacted legislation, replete with amendments… without the “citizen-input” this program is incomplete. Nice though, to see a non-commercial copyright use program. Though I fail to see why commercial reproduction of the laws requires licensing… though that’s something I don’t quite have the time to fully look at.
I still have in my mind an idea for a citizen-made public wiki-type thing for all the laws in Canada… if only I had the capital and the programming chops. Maybe one day!

Greetings from Edmonton, in the middle of the first blizzard of the year. Stay warm, peeps.

Travellers warned over US laptop seizures

Tuesday, November 7th, 2006

Customs may want to hold onto your laptop for weeks or months after US customs powers are extended

Business travellers to the US now face indefinite confiscation of laptops and other mobile devices, with the powers of American customs authorities appearing to have been extended.

Concern was expressed by many this summer after an appeal judgement delivered by a San Francisco courthouse making it legal for US customs agents and immigration officials to conduct detailed scans of laptop hard drives and browser caches on an entirely random basis.

Now the problem has apparently escalated, with a number of reported cases of laptops being randomly seized by agents and held for a matter of months, with no warrant necessary or probable cause required.

No plans are thought to exist at present to grant similar powers to European border officials, but the US laws affect any nationality seeking entry into that country.

The issue has been one of the major topics of a conference in Barcelona this week held by the Association of Corporate Travel Executives.

Research by the body, which numbers around 2,500 members worldwide, shows that almost 90 per cent of its members were not aware that US customs officials have the authority to examine the contents of laptops, and even seize them for a period of time, without giving a reason.

“The information that US government officials have the right to examine, download, or even seize business travellers’ laptops came as a surprise to the majority of our members,” said the association’s executive director Susan Gurley.

“The common belief is that there is a right to the privacy of one’s computer. Yet it appears that there is none.”

The association also found that 87 per cent of members were, once aware of possible search and confiscation, less likely to carry confidential business or personal information on laptops when travelling.

The problem for many executives is the highly classified nature of the data on their laptops. Having this data out of their possession and in unknown hands could leave them in breach of legislation like the Data Protection Act or Sarbanes Oxley, both of which mandate strictly how data should be guarded and stored.

There is also, naturally, the issue of on-the-spot convenience for people often in a hurry for legitimate reasons.

“It’s not like a bag, that takes a couple of minutes to go through,” said Quocirca analyst Rob Bamforth. “What happens if the data is encrypted for quite legitimate reasons – what is that going to say to a suspicious official?”

[…]

IT PRo

And so, all of these people at the Barcelona conference will now be thinking, “Thank God we are having this conference in Barcelona and not New York!”.

These measures of course, are simple corporate espionage being carried out by the state on behalf of american corporations…ooops, thats the same thing isn’t it?.

No doubt that the old trrrrsm chestnut will be rolled out again to justify this insanity, and of course, that chestnut is full of crap. Anyone wanting to get data ‘through customs’ will FTP it, and not carry it on a laptop. The very idea of smuggling data on a laptop is completely absurd; almost as absurd as confiscating a laptop at an airport.

What this will do, as we have said before, is put even more people off of going to the usa. That country will become culturally isolated, and rightly so, since they have abandoned the yellow brick road of the righteous and diverted to the filthy dirt track of fascism.

What other countries do this sort of thing? Sudan for one. So, the american government has as much common sense as the Sudanese government. Great!

Thanks to the BLOGDIAL lurker ‘Calcium Fluoride’ for the heads up.

Vendors in search of a solution

Friday, October 27th, 2006

Just as individual identity is fundamental to our face-to-face interactions, digital identity is fundamental to our interactions in the online world. Unfortunately, many of the challenges associated with the Internet stem from the lack of widely deployed, easily understood, and secure identity solutions. This should come as no surprise. After all, the Internet was designed for sharing information, not for securely identifying users and protecting personal data. However, the rapid proliferation of online theft and deception and the widespread misuse of personal information are threatening to erode public trust in the Internet and thus limit its growth and potential.

Microsoft believes that no single identity management system will emerge and that efforts should instead be directed toward developing an overarching framework that connects different identity systems and sets out standards and protocols for ensuring the privacy and security of online interactions. Microsoft calls this concept the Identity Metasystem. The Identity Metasystem is not a specific product or solution, but rather an interoperable architecture that allows Internet users to use context-specific identities in their various online interactions.

PDF

M$ has released a new paper ‘The Identity Metasystem: Towards a Privacy-Compliant Solution to the Challenges of Digital Identity’. The above is from the summary. This paper is flawed from the outset; the ‘problem’ of identity on the web is a vendor looking for a solution.

individual identity is fundamental to our face-to-face interactions, digital identity is fundamental to our interactions in the online world

This is not true. When I buy a newspaper from a street vendor, he doesn’t need to know anything about me to sell me an Evening Standard. When I buy a bouquet of flowers from a shop in the high street, the shop keeper doesn’t need to know who I am and where I live, or anything else about me. All they have to know is that my money is good. They can then deliver the flowers to wherever I say it should go. The second part of that quoted sentence, “digital identity is fundamental to our interactions in the online world” is simply wrong, for reasons I give below.

many of the challenges associated with the Internet stem from the lack of widely deployed, easily understood, and secure identity solutions.

This is not true; the problem is, as I say below, one of buggy whip manufacturers trying to sell their wares to bicycle makers. Poor analogy!

the rapid proliferation of online theft

Is caused by this misapplication of existing systems and a misunderstanding of what is actually required for an online purchase.

Microsoft believes that no single identity management system will emerge and that efforts should instead be directed toward developing an overarching framework that connects different identity systems and sets out standards and protocols for ensuring the privacy and security of online interactions. Microsoft calls this concept the Identity Metasystem.

Identity management systems are not needed. The onus needs to be swung back onto the user. Identity management systems will eventually be replaced by light systems where the users ‘identity’ is owned by the user. These bad, antiquated systems will eventually collapse like MS Passport collapsed, when the solution that solves the problem correctly is launched.

Identity, like cash, needs to be owned by the user, and it needs to be cash like, and not card like. The problems of CC fraud are caused by old style services trying to shoehorn ’70s style payment systems into a twentieth century shoe. The way forward is to literally let people own their identities, i.e., in systems that do not rely on you revealing who you ‘really are’ to get things done, but which rely on you managing your identity in a cash like manner. I have said this before on BLOGDIAL; your data has an actual monetary value and should be treated as a valuable thing, like precious metals etc.

Skype payments (and all payment systems like it) are a good example of a cash like identity system; they are light, limited in their exposure of user info, and the onus is on the user to protect a single piece of information; her login.

Skype doesn’t care who you ‘really are’ in order for you to spend Skype money (when they roll this out); its up to you to protect your user name and password, just like it is your responsibility to look after your wallet in your pocket when you are in the street. Oyster, for all its flaws (following people around) is the same. When you buy an anonymous Oyster card, no one will care who you are when you go and buy a Mars bar with it in a shop. Who you ‘really are’ is irrelevant to all transactions both online and offline; this is the paradigm (re) shift that identity system vendors resist but which has been in place for generations. It is only now that it is possible to know everything about someone when they grocery shop that companies are clamoring for ways to actually do this and harvest this data. It has never been needed and will be rejected wholesale when people cotton on (again) to how bad these systems really are for people and society.

You can buy with Skype money, have goods delivered to any address that you like, and be completely anonymous while taking full advantage of e-commerce. This is the way that identity should be managed; in light, not heavy systems, that are cash-like, where the onus on security is pushed (or released) back to the consumer. Chaumian e-cash did this beautifully; you should look it up as an example of how identity can and should be managed.

Biometrics, ID cards, iris scans and every other vendor created snake oil product to ‘secure’ identity and e-commerce is just that, Snake Oil. Twenty first century thinking and systems are what is needed and are what will eventually take over. Over zealous, pointless, vendor driven ‘solutions’ are detected as damage by ‘the internets’ and economics, and both of these will be automatically routed around, circumvented, defeated and replaced by systems that are both better and beneficial.

One thing is for sure, Microsoft will not be the vendor to come up with it. It will be someone like Skype, or its decedents that does it; some outfit that is light, decentralized, focussed and unfettered, unlike M$, which is encumbered, lethargic, immobile and who has been playing catch up since Netscape. It will not be Google either, as we have seen from the YouTube buy out. Whoever does it, this solution will change everything overnight. It will destroy the old (and wrong) ideas about identity, and then we will enter ‘The Third Bubble’.

Blogging From Textmate

Saturday, June 24th, 2006

Textmate gets better and better every release
Read the rest of this entry »

LastFM meets Friendster?

Tuesday, June 20th, 2006

MOG

Sort of like a social-networking version of LastFM, without the awesome radio angle. It purports to “link people together” by the contents of their music folder, but this is also something LastFM does (though in a slightly different way). Regardless, I’m trying this out. Sucking is a definitely possibility.
Unfortunately the little database-builder app that it comes with is SLOW, and will probably take 50 hours to scour my 12000+ files. Why the hell does it have to use Gracenote? Just check the ID3 tags! This is not off to a good start.

Observations, criticisms, etc definitely required.

Computer illiterate journalism at The Times: “Encryption….Bad”!

Monday, June 12th, 2006

Police seek new powers to prevent paedophiles hiding data

By Richard Ford, Home Correspondent

THE Government is proposing new penalties to stop terrorists and other criminals using technology that prevents police accessing information on a suspect’s computer.

Terrorists do not use encryption to hide their data. This is a lie. This is why the laptop that was aledgedly found by security forces was able to be read. Remember the ‘terrorists using steganography’ hysteria from a few years ago? Read it:

The rumors about terrorists using steganography started first in the daily newspaper USA Today on February 5, 2001.

The articles are still available online, and were titled “Terrorist instructions hidden online”, and the same day, “Terror groups hide behind Web encryption”. In July of the same year, the information looked even more precise: “Militants wire Web with links to jihad”.

A citation from the USA Today article: “Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com“. These rumors were cited many times – without ever showing any actual proof – by other media worldwide, especially after the terrorist attack of 9/11.

For example, the Italian newspaper Corriere della Sera reported that an Al Qaeda cell which had been captured at the Via Quaranta mosque in Milan had had pornographic images on their computers, and that these images had been used to hide secret messages (but no other Italian paper ever covered the story).

The USA Today articles were written by veteran foreign correspondent Jack Kelley, who in 2004 was fired after allegations emerged that he had fabricated stories and invented sources.

In October 2001, the New York Times published an article claiming that al-Qaeda had used steganographic techniques to encode messages into images, and then transported these via email and possibly via USENET to prepare and execute the September 11, 2001 Terrorist Attack.

Despite being dismissed by security experts [3][4], the story has been widely repeated and resurfaces frequently. It was noted that the story apparently originated with a press release from “iomart” [5], a vendor of steganalysis software. No corroborating evidence has been produced by any other source.

Moreover, a captured al-Qaeda training manual makes no mention of this method of steganography. The chapter on communications in the al-Qaeda manual acknowledges the technical superiority of US security services, and generally advocates low-technology forms of covert communication.

The chapter on “codes and ciphers” places considerable emphasis on using invisible inks in traditional paper letters, plus simple ciphers such as simple substitution with nulls; computerized image steganography is not mentioned.

Nevertheless public efforts were mounted to detect the presence of steganographic information in images on the web (especially on eBay, which had been mentioned in the New York Times article).

To date these scans have examined millions of images without detecting any steganographic content (see “Detecting Steganographic Content on the Internet” under external links), other than test images used to test the system, and instructional images on web sites about steganography. […]

http://en.wikipedia.org/wiki/Steganography

And there you have it. This story is yet another lie trolled out by brainless journalists with nothing to write on a slow day. There is no counter argument, no real information, just rabid whipping up.

Senior police officers have warned ministers that their investigations into serious crime are being thwarted by safety technology, which conceals data held on computers. Terrorists and paedophiles are using devices available on the internet for as little as £20 to keep data on their computers hidden from the authorities.

This is proof that the journalist who wrote this doesn’t know what he is talking about, and did not take the time to consult someone who does know what they are talking about.

No one with a single brain cell uses ‘devices available on the internet for as little as £20’ this is a lie. Everyone who encrypts their data does so with free software tools like PGP. None of these people are terrorists.

The encryption technology is being used by “terrorists and criminals to facilitate and conceal evidence of their unlawful conduct so as to evade detection or prosecution”, according to a Home Office consultation paper.

This is another lie. If the police have reason to think that a crime has been committed, they will not need new powers to demand the keys to decrypt someones photos in order to catch them. All they need to do is to clandestinely break into the users house and install keystroke capture dongles or software on the criminals machine. They will then be able to capture any password that they need to decrypt the criminals files.

This would mean that law abiding citizens will not be penalized for putting their email into an envelope, or encrypting their laptop drives to prevent data theft should the laptop go missing.

The people who wite these consultaiton papers and the unqualified journalists who unquestioningly report the stories are computer illiterate to a man. It is absolutely sickening.

Encryption enables plain text to be turned into a non- readable form. The person who receives the encrypted text uses a “key”, or password, to return it to its original form. By refusing to disclose that to police, suspects can conceal any criminal behaviour.

No, by encrypting your information you can keep anyone from getting to it. This has nothing to do with ‘concealing criminal behaviour’. Once again, if the police have enough evidence to go to a man’s house and confiscate his computer, they should have enough evidnce to arrest and charge him. Chicken and egg anyone?

The consultation paper said: “Over the last two to three years, investigators have begun encountering encrypted and protected data with increasing frequency.”

What were the methods of encryption? Without this information, it is hearsay and computer illiterate nonsense. For all we know they may have come across password protected word files, and interpreted this as ‘encryption’. Reports without details are totally useless, except if your aim is to whip up hysteria.

The Home Office is planning to introduce powers that will require a person to turn encrypted information into a readable form, and is proposing harsher penalties for those suspected of child sex abuse.

If I am correct, we already have the dreadful RIPA could it be that this journalist is talking about the introduction of clause three?

Under the current law a person suspected of possessing indecent photographs of children faces only two years in prison for failing to disclose to police the key to encrypted material. But they could spend up to ten years in prison for possessing the indecent image.

Police say that the low maximum jail term for failing to hand over the key provides an incentive to plead guilty to that offence as, with early release, the suspect could be free after a year.

If the police already have a reason to suspect someone is guilty of this heinous crime, they should put in place an operation to intercept the perpetrators computer in a state that will allow them to read everything, ie, by logging his keystrokes in advance of any raid. The stupidity of these people is staggering, but not at all surprising; look at what just happened to those two poor saps who had their house turned over and one of them shot for no reason at all? How can we expect these keystone kops to be able to use keystroke loggers and surveillance equipment to catch bad guys? We cant. But what we can expect is more miscarriages of justice as they bumble their way into the 21st Century, and the last thing we need to do is give them more power than they can handle.

David Davis, the Shadow Home Secretary, said that he welcomed the consultation paper on increasing the sentence. He said: “What the criminal is trying to do by using this encryption is to avoid the full sentence. In essence, the failure to provide the encryption key is an admission of guilt.”

Computer illiteracy – its not just for labour anymore!

Honestly, the tories are still as thick as shit, and its a great pity and a big PITA that we have to support them thanks to the NIR.

Ray Wyre, a child protection expert, said: “If people really intend to get away with it then the move to encryption was always going to be the next issue for the police and government”.

This is nonsense. This moronic journalist should have consulted a COMPUTER AND ENCRYPTION EXPERT not a child abuse expert, since this paper is about encryption and not child abuse. How totally pathetic!

He said that police used software known as Encase, which allowed them to look at images on the computer, but with encryption they are unable to access the data. “In technology the offender has always been ahead of the police.

Take a look at the first google result for ‘Encase‘ (clearly a distortion of ‘In Case’). It costs $425. What the HELL are they doing using crappy software like this? Its is astonishing; you mean to say that they do not have a single person on their staff that can mount a windoze drive under linux and then run a simple perl script to sort all the files into directories for inspection? Is it really that hard? And just imagine, these are the guys who will be bringing evidence against totally innocent people!

“Encryption is a problem for the police because, if you cannot access the data, you cannot find out the extent of a person’s criminality or the danger they pose to society.”

So, the secure wipe features of the many free tools out there should be immediately outlawed, since a perpetrator could use this to completely erase evidence from their drives. Oh, I’m sorry, you’ve never heard of secure erase!

Margaret Moran, the Labour MP for Luton South, cautioned that the development of encryption would provide further opportunities for criminals. She told MPs when the Sexual Offences Act was being debated: “The concern is that the advent of strong encryption technologies gives criminals the opportunity to hide their criminal activities or to conceal other evidence.

Here comes new labour, same as the old labour.

“If a paedophile has on his computer files, e-mail messages, pictures or other material that discloses a serious sexual offence against a child — an offence for which he knows he could face a prison term of ten years or more — he could encrypt the lot and, if investigated by police, simply refuse to hand over the key to decrypt the files, thus making unavailable evidence of a serious offence.”

If one of these monsters has been sending email, the police should have been collecting the evidence while it was in transit, or by posing as monsters (of that type) so that they can have the evidence delivered to them directly. How stupid people like Margaret Moron are, how deep is the well from which they draw their stupidity?

Until the internet was invented, encryption was rarely used by the public. Encryption garbles data using irreversible mathematical functions. It is the encoding of data so that it cannot be read by anyone who does not know the password that decodes it. […]

http://www.timesonline.co.uk/article/0,,29389-2221574,00.html

Didnt he just say this? Clearly this is a cut and paste article done whilst rushing off to lunch. Bad journalism. Bad journalist.

You seem to be using Tor!

Thursday, June 1st, 2006

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor’s hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization.

Groups such as Indymedia recommend Tor for safeguarding their members’ online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) are supporting Tor’s development as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company’s patent lawyers?

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

The variety of people who use Tor is actually part of what makes it so secure. Tor hides you among the other users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected.

Why we need Tor

Using Tor protects you against a common form of Internet surveillance known as “traffic analysis.” Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests. This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are. For example, if you’re travelling abroad and you connect to your employer’s computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.

How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that’s an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you’re doing and, possibly, what you’re saying. That’s because it focuses on the header, which discloses source, destination, size, timing, and so on.

A basic problem for the privacy minded is that the recipient of your communications can see that you sent it by looking at headers. So can authorized intermediaries like Internet service providers, and sometimes unauthorized intermediaries as well. A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, looking at headers.

But there are also more powerful kinds of traffic analysis. Some attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers.

The solution: a distributed, anonymous network

Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you—and then periodically erasing your footprints. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the data came from or where it’s going. […]

Running Tor

http://tor.eff.org/

When you use Tor, your ISP cannot record where you have been surfing. That means that any legislation any government passes mandating the storage of your internet usage is rendered moot.

You need to download this and run it as a server when you are not using your bandwidth. A MUCH better use of your CPU/Pipe than searching for coals in Newcastle with SETI@home was.

Like I always say; complaining is good, but there comes a point when you have to stop complaining and take action. Someone has taken the time to create Tor, now all you need to do to assert your rights is to download the software and use it.

Your privacy is restored.

You did’nt even have to shoot a gun.

GPGmail on the way

Tuesday, May 16th, 2006

Google is not evil. It knows that the NSA and every other arm of uncle sham is gunning for its user data. Part of Google’s soultion to this problem is to remove its ability to read Gmail that is sitting on its servers. GPGmail will provide this solution.

GPGmail is Public Key Crypto that executes in your browser. Your keypairs are stored on your machine. All Gmail users will have effortless military grade Public Key encryption, the public key exchange being handled seamlessly by Gmail.

This means that anyone using Gmail to send or recieve email from another Gmail user will have their email encryped by default. Google will no longer be able to deliver plaintext email to whoever demands it, warrant or no warrant.

Revenue from contextual ads will continue; the users session still displays plaintext email. the new Gmail uses special anonymous routers to provide the ads while not revealing the identity of the user or his complete plaintext. Your email is broken up into pieces and each of these pieces is sent to a different ad server over SSL to retrieve the contextual ad.

In one stroke, the NSA is denied access to billions of emails and millions of users.

Google does good once again!

gpg flaw

Wednesday, March 22nd, 2006

GnuPG does not detect injection of unsigned data
================================================
(released 2006-03-09, CVE-2006-0049)

Summary
=======

In the aftermath of the false positive signature verfication bug
(announced 2006-02-15) more thorough testing of the fix has been done
and another vulnerability has been detected.

[…]

Impact:
=======

Signature verification of non-detached signatures may give a positive
result but when extracting the signed data, this data may be prepended
or appended with extra data not covered by the signature. Thus it is
possible for an attacker to take any signed message and inject extra
arbitrary data.

Detached signatures (a separate signature file) are not affected.

All versions of gnupg prior to 1.4.2.2 are affected.

[…]

GPG [announce]

Those of you using earlier versions of GPG will no doubt want to upgrade.

More extreme coolness from LastFM

Wednesday, March 15th, 2006

LastFM increases its coolness and raises the bar with charts you can make from your account to put into your site, like this:

pulled right from my profile, and available in many different flavours:

Cool-ness!

More ‘pat on the head’ tech writing at BBQ

Friday, March 10th, 2006

A BBQ misleader says:

Media are becoming democratised, and a global conversation is emerging.

Note how the word ‘democracy’ is used in this context; as a force for good, shifting power from the center to the masses.

This is of course, totally wrong.

Media are becoming Anarchized. Democracy is second tier to very epitome of centralized power, the dictatorship; what is happening on the web is that anyone can do whatever they like, without any group consensus or control. That is Anarchy, not Democracy, and it’s a good thing.

There is no ‘global conversation’ this is just new labour doubletalk.

The democratisation of media is also, fundamentally, about the people we once called mere consumers. Their role is evolving from a passive one to something much more interactive, but they are blessed (or cursed, depending on one’s viewpoint) with an unprecedented variety of voices and services.

How can a thing that brings you every possible point of view be a bad thing? If you are a paternalist with access to BBQ as a platform it is a VERY bad thing, because your voice is diminished, and your words ridiculed as everyone can see that the emperor has no clothes, just as I am doing right now. Note how he says that consumers ‘role’ is evolving from passive to interactive, and not active. Interactive means consuming BBQI. It means consuming full stop. Blogging, using Google News..its all about being active. Interactive means passive. And of course, that is what these patricians want; passive consumption in another arena.

The democratisation of media creation, distribution and access does not necessarily foretell that traditional media are dinosaurs of a new variety. If we are fortunate, we’ll end up with a more diverse media ecosystem in which many forms – including the traditional organisations – can thrive.

Why would be fortunate for us? It would be fortunate for YOU because you will keep your artificially created position. It would be bad for everyone else, because we would be compelled to continue consumption of the lies spread by BBQ, as this country is turned into a mini Soviet Union, and embarks on another insane war.

For my part, the most exciting aspect of this change is in the emerging conversation.

‘For your part’ means, “please adopt my catchphrase”. No Sale.

Ill leave it to you to read the rest of it; it is contradictory to say the least. Each example he gives in a list of the “…most important tools in today’s evolving media sphere.” – blogs, wikis, podcasts, web mashups – are all things in which people are being active and not passive. People are being active by creating these resources and they are being active by turning away from BBQ as their sole source of information. Note also how he calls this the ‘evolving media sphere’ making a connection with what he is involved with ‘the media’ and what he is being superceeded by, the blogosphere, the web and software developers.

http://news.bbc.co.uk/1/hi/technology/4789852.stm