Category: Internet matters

Posts about the internet

Moving from GoDaddy to DreamHost

For the last few years, sindark.com has been hosted with GoDaddy – a firm I chose because they were inexpensive and seemed to have a decent reputation. Since then, I have had a number of problems with them. As a result, I decided not to extend my hosting contract with them, and to shift this site over to DreamHost, another hosting provider.

Non-technical people thinking of moving sites, be warned. It is not a painless process. In my case, it involved an awful lot of messing around in command prompts and hair pulling.

The trickiest thing is moving the MySQL databases that actually store WordPress posts and comments. For databases that are small, you can use a web interface to upload them to DreamHost. For larger databases, you need to export the old MySQL file, download it, upload it to your root folder on DreamHost via FTP, login to their server using ssh, create an empty database using their web interface, and then execute a command like this:

mysql -h mysql.examplesite.com -u exampleusername -pexamplepassword newdatabasename < olddatabasefile.sql

While I am sure that is all no big deal for some savvier tech types out there, the whole process was frustrating and a bit scary for me.

Please let me know if you are encountering any problems with the new setup. I know that – for some mysterious reason – photos of the day won’t load in Opera Mobile.

The first rule of the internet

Against a sophisticated attacker, nothing connected to the internet is secure. Not your GMail account, not your Facebook account, not your website, not your home computer (especially if you are using WiFi), not industrial facilities, not governments.

While this may not absolutely always hold, I am increasingly convinced that the right way to treat the internet is to act as if this is so. If there is some information you absolutely want to keep private, keep it in a form that is not linked to the internet. Dig out an old computer for non-networked use or, better yet, use paper. Accept that anything you put online, even in a private email, could end up on display to the entire world.

People can certainly do a lot to protect themselves from what are essentially untargeted attacks. The people who run botnets just need control of random computers, and their attack methods are good enough to breach security on your average system. If security in yours is significantly better than average, you are probably at little risk from such annoyances. Everything changes, however, when the attacker has resources and expertise at their disposal, and they have you for a specific target. Organizations like governments, corporations, and organized crime groups have these resources, and attack techniques are always spreading to less sophisticated operators. As they say at the NSA, “Attacks always get better; they never get worse.”

Similarly, it is safest to assume that there is no mechanism that you can use to secure a non-networked computer from a sophisticated attacker. You can use encryption, but chances are they will be able to pull the passphrase from somewhere or find some workaround. If that passphrase is short, it can be defeated using brute force dictionary attacks. If it is stored anywhere on your computer, phone, or the internet, it can be found.

If you want secure encryption, use something like random.org to generate a random alphanumeric string with as many bits of data as the encryption you are using (there is little point in using 256-bit AES with a weak key like ‘AnteLope2841’. You need a key like:

xxDTAJjghYCb7YFm8zcV6YYhmgmvmNxE.

Once you have a strong key, write it down on paper, keep it locked up, and never use it for anything other than decrypting that one file.

GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency

Richard Aldrich’s excellent GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency contributes significantly to the public understanding of the role secret intelligence agencies have played in world affairs and the domestic politics of Britain and elsewhere. From the codebreaking of the second world war to the frightening mass surveillance and data mining of the modern era, Aldrich provides a consistently interesting and informative account. Technical details on signals intelligence (SIGINT) techniques are relatively few, but the book contains a lot of new and interesting information running quite close to the present day.

GCHQ’s history

The Government Communication Headquarters (GCHQ) is Britain’s version of America’s National Security Agency (NSA) or Canada’s Communication Security Establishment (CSE). They are primarily the governments interceptors and decrypters of communications: from the telemetry data from the missile tests of foreign powers to (increasingly) the electronic records tracking the communication and behaviour of all ordinary citizens. Aldrich covers the history of GCHQ from the second world war virtually up to the present day: with long sections on the U.S.-U.K. intelligence alliance; the Cold War; progressing intelligence technologies; overseas listening stations and decolonization; terrorism; secrecy, the media, and oversight by politicians and the public; the post-Cold War era; and the modern day.

Aldrich describes an extraordinary number of cases of allies spying on one another: from the United States and United Kingdom during the interwar and WWII periods to India bugging Tony Blair’s hotel room during a Prime Ministerial visit to the considerable espionage conducted by the U.S. and U.K. against the United Nations Security Council and Secretariat in the lead-up to the 2003 Iraq War. It is safe to assume that everybody is spying on everybody all the time. Indeed, in the later chapters, GCHQ describes how private organizations and organized crime groups are increasingly getting into the game. For instance, he alleges that British banks have paid out billions of Pounds to hackers who have gotten into their systems and blackmailed them.

GCHQ also documents the collusion between private companies and espionage organizations, going back at least to the telegraph and earliest submarine cables. Right from the beginning, the owners and operators of these communication links secretly passed along data to intelligence organizations, which was used for purposes of diplomatic and military espionage, as well as to gain economic advantage through industrial espionage. Aldrich also describes how private companies have been made to build back doors into their products so that organizations like GCHQ and the NSA can crack the communications of people using them. This applied to manufacturers of cryptographic equipment in neutral countries like Switzerland during the Cold War.

Aldrich also argues that the Data Encryption Standard (DES) was intentionally weakened to allow NSA snooping, though I have read elsewhere that the NSA actually used its expertise to strengthen the algorithm. Aldrich does a good job of describing one deep tension in the current mandate of GCHQ: on one hand, it is increasingly encouraged to help private British companies like banks secure their computer and communication systems. At the same time, it tries to preserve back doors and insecure communication methods in products used by others, so as not to undermine its own espionage mandate. Similarly, Aldrich talks on a number of occasions about the tension between using intelligence information and protecting the sources and methods used to acquire it. While it may be especially damning to condemn the dubious actions of a foreign power using their own intercepted and decrypted communication, doing so inevitably informs them that you are reading their traffic. Something similar is true when it comes to using surreptitiously acquired information to prosecute criminal trials.

GCHQ contains lots of information on the spotty record of the world’s intelligence services, when it comes to predicting major events. He describes many situations where policy-makers were caught by surprise, because their spy services didn’t pass along warning. These include the Yom Kippur War, the overthrow of the Shah of Iran, the Soviet invasion of Czechoslovakia, the fall of the Berlin Wall, and others. Aldrich also describes the Iraq-WMD fiasco, what it shows about the analysis of intelligence services, and what some of its broader political ramifications were.

At many points, Aldrich identifies how GCHQ and the NSA are by far the most costly intelligence services of the U.K. and U.S. respectively. The NSA dwarfs the CIA, just as GCHQ dwarfs MI5 and MI6 in staffing and resources. This is reflective of the special importance placed on intercepted communications by policy-makers. It is arguably also demonstrative of how GCHQ has been able to use the deep secrecy of its work to evade government scrutiny and secure considerable material support.

GCHQ’s present

The last section of Aldrich’s book is positively frightening. He describes how the fear of terrorism has driven a massive increase in technical surveillance – certainly within the U.K. but very likely elsewhere as well. He describes how a 2006 European law requires telephone and internet companies to retain comprehensive records of the communications of their customers for ten years, and how the government is planning to store their own copy of the information for data mining purposes. Aldrich explains:

The answer [to why the government wants its own copy of the data] is ‘data mining’, the use of computers to comb through unimaginable amounts of information looking for patterns and statistical relationships. This practice now constitutes the most insidious threat to personal liberty. What makes surveillance different in the age of ubiquitous computer and the mobile phone is that our data is never thrown away. Machines routinely store millions of details about our everyday lives, and at some point in the future it will be possible to bring these all together and search them.

Aldrich quotes a disturbing warning from the retiring Director of Public Prosecutions, Sir Ken Macdonald GC. Macdonald warns that powers are being irreversibly granted to the state, and that “we may end up living with something we can’t bear.”

Personally, I think all this is much more dangerous than terrorism. If the choice is between tolerating a few terrorist attacks per year and building up a gigantic secret alliance between government and private companies, designed to track all the details of the lives of individuals, I would prefer the terrorism. After all, terrorist groups are weak outlaw organizations with limited resources. The state, by contrast, is massive, potent, permanent, and not always subject to effective oversight. Our fear of a few bands of fanatics (collectively far less dangerous than smoking or car crashes) is driving us into giving the state unparalleled ability to monitor everybody.

The book is similar in purpose to Matthew Aid’s The Secret Sentry: The Untold History of the National Security Agency, though I think Aldrich’s book is significantly better. I recommend the entire book to history buffs and those with an interest in intelligence or the Anglo-American alliance. The last section – on the growing power of the state in response to terrorism – I recommend to everybody.

Essential Mac apps

One thing doing a clean install of your operating system does is remind you of which bits of software are most essential – the ones you can’t go long without missing.

Here’s the order in which I re-populated my Mac’s application folder:

  1. Starcraft II – the game that prompted the whole process
  2. iPhoto – for storage of digital ‘negatives’
  3. Quicksilver – application launcher and superior alternative to Spotlight
  4. TextMate – excellent text editor and coding tool
  5. Firefox – better than Safari, especially with AdBlock
  6. Skype – to keep in touch with phoneless friends

I will make note of when I install other vital apps, like Fetch (FTP program) and the indispensable Photoshop.

One distinctly nice thing about Mac OS is that, because I used Time Machine to backup and restore my user profiles, all my application preferences were preserved.

Instant message only passwords

Most email providers now provide instant message (IM) functionality as well. GMail has GTalk, Microsoft’s Hotmail has MSN Messenger, and so forth.

GMail accounts, in particular, are likely to contain large amounts of sensitive information. As such, it is worrisome to turn over one’s email address and password to something like a mobile phone app, so as to be able to use GTalk on the move.

I was reminded of this recently when I tried to login to Facebook Chat via Nimbuzz, an IM app for Nokia’s Symbian OS. When I tried to set up my Facebook account, Facebook warned me of how Nimbuzz would be able to access a huge heap of information about me and all of my friends. I don’t know anything about the company that makes this software: how good their security practices are, whose legal jurisdiction they fall under, how many voyeuristic employees have access to their login credential database, etc.

To reduce the level of risk associated with IM clients, I suggest that companies like Google allow users to set two passwords: one that allows access to their whole account, and another that only allows you to log into it for purposes of instant messaging. That way, if the makers of an IM client turn out to be evil or incompetent, the scope of the damage is constrained.

Intelligence claims

There have been a few passages from Richard Aldrich’s GCHQ: The Uncensored Story Of Britain’s Most Secret Intelligence Agency that have struck me as especially worthy of discussion, so far.

Spying as a stabilizer

Discussing the 1960s, Aldrich argues that improved intelligence from signals intelligence (SIGINT) and satellite sources “made the international system more stable” and “contributed to a collective calming of nerves”:

Indeed, during the 1960s the penetration of the NATO registries by Eastern Bloc spies was so complete that the Warsaw Pact had no choice but to conclude that the intentions of Western countries were genuinely defensive and benign.

Previously, we discussed some of the major problems with spies. In this book, Aldrich brings up a partial counterpoint. Countries tend to consider secretly intercepted communications to be a highly credible source of information. If a country tells you it is planning to do Thing X for Reason Y, there are all sorts of reasons why they could be deceiving you. If you secretly overhear the same plan within their internal discussions, you have more reason to think that it will go forward and that the reasons behind it are genuine.

Revolutionaries and symbolic violence

Discussing the actions of the Turkish People’s Liberation Army (TPLA) and Turkish People’s Liberation Front (TPLF) during the 1970s, Aldrich says:

Both consisted of middle-class intellectuals who regarded themselves as a revolutionary vanguard. Like many revolutionary leaders, they suffered from a ‘Che Guevara complex’, believing that symbolic acts of violence could trigger a wider social revolution. Che Guevara had come to grief in 1967 during a futile attempt to stir the revolutionary consciousness of Bolivia, and was captured and shot by a police team, advised by the CIA. Turkey’s would-be revolutionaries would soon suffer a similar fate.

The TPLA and TPLF figure into Aldrich’s story because of their targeting of intelligence facilities: initially accidentally, and later intentionally.

How far ahead are the spooks?

The codebreaking success of the Allies against the Germans and Japanese during the second world war was kept secret until the 1970s. Most of the documents about codebreaking being declassified now extend up to the 1970s. Because of such secrecy, it is impossible to know what technologies and capabilities organizations like America’s NSA, Britain’s CGHQ, and Canada’s CSE have today.

Describing the early 1970s, Aldrich explains how the microwave relays used by the telephone system beam signals into space accidentally, because of the curvature of the Earth. Forty years ago, the United States was already using satellites to intercept that spillover. Furthermore, they were already using computers to scan for keywords in phone, fax, and telex messages.

As early as 1969, the British and Americans had a system in place somewhat akin to what Google Alerts do today: tell it what keywords you are interested in, and it can pull related content out from the torrent of daily traffic. You can’t help but wonder what they are able to do now: whether the increased volume of communication has overwhelmed their capability to do such filtering effectively, or whether advances in secret techniques and technologies mean that they have even more potent methods for intercepting and processing the world’s commercial, diplomatic, and interpersonal communication.

Penetrating the secrecy

Aldrich also describes the investigative journalism of people like Duncan Campbell and James Bamford – people who used open sources to reveal the true function of GCHQ for the first time. Aldrich claims that their actions “confirmed a fundamental truth: that there are no secrets, only lazy researchers”.

Some recent journalistic undertakings – such as the excellent ‘Top Secret America’ – do lend credence to that view.

It Gets Better

I think people living in places like Vancouver, Toronto, and Ottawa sometimes get a distorted sense of how much anti-gay hostility still exists in the world. Gay people living in more conservative areas still face a substantial amount of discrimination, bullying, and condemnation. Dealing with that must be especially difficult for young people, who don’t yet have access to the kind of resources, networks, and self-sufficiency they will acquire with time.

As such, I think Dan Savage’s ‘It Gets Better‘ initiative deserves praise. The project consists of videos arguing that the lives of gay teens will improve, with the specific aim of discouraging people from committing suicide. Savage says the project seeks to “speak directly to LGBT kids about surviving bullying and going on to lead rewarding lives filled with joy, family, and love. We didn’t need anyone’s permission to tell them — it gets better”.

Groups that have contributed include Google employees and other individuals and organizations. There is also an active Facebook page.

Tony Fouhse’s photography

Tony Fouhse is an Ottawa photographer doing great work in a range of fields, from commercial advertising to artistic portraits of Ottawa crack cocaine addicts. He has a Flash-based website (sorry, owners of iPads and new MacBook Airs) and a weekly blog.

His work was discussed in the Photojournalism and Documentary Photography I am taking through the School of Photographic Arts: Ottawa. It makes me want to undertake some more involved photographic projects, rather than just taking advantage of what there is to photograph in the general vicinity of my home.

Netflix streaming in Canada

I used to be a subscriber to Zip.ca, a DVD by mail service. I decided to give it up for a trio of reasons:

  • Since I couldn’t really choose the order in which I received films, I often got ones I wasn’t in the mood to see
  • The service was fairly expensive
  • I received a number of scratched and unplayable discs

Now, I am trying the new video streaming service offered in Canada by Netflix.

By far the biggest problem is selection. There are some fairly obscure television shows like Blackadder and League of Gentlemen, but no Simpsons, Seinfeld, Arrested Development, Sopranos, 24, Mythbusters, etc. The same goes for movies. I start searching for high quality films I have been meaning to see, and rarely find what I am looking for. With the Netflix streaming service, you watch what is available rather than what you want. Some of what is available is certainly decent – such as the first three seasons of Mad Men – but it definitely doesn’t have the same scope of options as the iTunes store or Zip.ca.

That said, Netflix streaming is quite cheap. It only costs $8 a month, which probably explains how popular it has become:

According to Sandvine, a network management company that studies Internet traffic patterns, 10 percent of Canadian Internet users visited Netflix.com in the week after the service launched. And they weren’t just visiting—they were signing up and watching a lot of movies. Netflix videos quickly came to dominate broadband lines across Canada, with Netflix subscribers’ bandwidth usage doubling that of YouTube users. At peak hours (around 9 p.m.) the service accounted for more than 90 percent of the traffic on one Canadian broadband network.

My sense is that Netflix streaming is really competing with free streaming sites. Against them, it has a number of advantages. The interface is fairly good, and it is unlikely to be laden with malware. There aren’t heaps of broken links to be dealt with. Also, there are no daily time limits for use.

Given how much bandwidth Netflix is eating up, it seems likely that there will be an outcry from internet service providers (including those rendered more powerful by a recent CRTC decision). Netflix itself will likely face pressure to pay ISPs, while users are likely to find themselves hit with extra charges for bandwidth usage.

Free Sophos for Mac

Despite what some people seem to think, Macs are vulnerable to malware. Apple even built limited antivirus capabilities into Snow Leopard.

At the moment, Sophos Antivirus is giving away their Apple version. It could be useful for avoiding the (relatively few) bits of malicious Mac software. Also, for avoiding passing along infected attachments to friends.