Software

Windows 10 Privacy Annihilator

Tuesday, August 4, 2015 

Why would Microsoft, a company whose revenue comes entirely from sales of Windows and Office, start giving Windows 10 away – not just giving it away, but foisting it on users with unbelievably annoying integrated advertisements in the menu of Win 7/8 that pop up endlessly and are tedious to remove and reinstall themselves constantly?

Have they just gone altruistic?  Decided that while they won’t make software free like speech, they’ll make it free like beer? Or is there something more nefarious going on? Something truly horrible, something that will basically screw over the entire windows-using population and sell them off like chattel to any bidder without consent or knowledge?

Of course, it is the latter.

Microsoft is a for-profit company and while their star has been waning lately and they’ve basically ceded the evil empire mantle to Apple, they desperately want to get into the game of stealing your private information and selling it to whoever is willing to pay.

So that’s what Windows 10 does.  It enables Microsoft to steal all of your information, every email, photo, or document you have on your computer and exfiltrate it silently to Microsoft’s servers, and to make it legal they have reserved the right to give it to whoever they want.  This isn’t just the information you stupidly gifted to Google by being dumb enough to use Gmail or ignorantly gifted to Apple by being idiotic enough to load into the iButt, but the files you think are private, on your computer, the ones you don’t upload.  Microsoft gets those.

Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary.

They’ll “access” your data and “disclose” it (meaning to a third party) whenever they have a good faith belief that doing so is necessary.  No warrant needed.  It is necessary for Microsoft to make a buck, so if a  buck is offered for your data, they’re gonna sell it.

If you install Windows 10, you lose. So don’t. If you need to upgrade your operating system, it is time to switch to something that preserves Free like speech: Linux Mint is probably the best choice.

If you’re forced to run Windows 10 for some reason and can’t upgrade to windows 7, then follow these instructions (and these) and remain vigilant, Microsoft’s new strategy is to steal your data and sell it via any backdoor they can sneak past you. Locking them down is going to be a lot of work and might not be possible so keep an eye out for your selfies showing up on pr0n sites: they pay for pix and once you install Windows 10, Microsoft has every right to sell yours.

 

Update: you can’t stop windows 10 from stealing your private data

That’s not quite true – if you never connect your computer to a network, it is very unlikely that Microsoft will be able to secretly exfiltrate your private data through the Windows 10 trojan.  However, it turns out that while the privacy settings do reduce the amount of data that gets sent back to Microsoft, they continue to steal your data even though you’ve told them not to.

Windows 10 is spyware.  It is not an operating system, it is Trojan malware masquerading as an operating system that’s true purpose is to steal your data so Microsoft can sell it without your consent.  If you install Windows 10, you are installing spyware.

Win 10 has apparently been installed 65 million times.  That’s more than 3x as many users’ most intimate, most private data stolen as by the Ashley Madison attack.  If you value privacy, if the idea that you might be denied a loan or insurance because of secret data stolen from your computer without your consent bothers you, if the idea of having evidence of your potential crimes shared with law enforcement without your knowledge and without a warrant worries you then do not install windows 10.  Ever.

Posted at 11:00:30 GMT-0700

Category: PrivacyTechnology

A Solution for Mosh Scrollback

Wednesday, July 22, 2015 

Mosh is a pretty good tool, almost indispensable when working in places with crappy internet. While it is designed to help with situations like “LTE on the beach,” it actually works very well in places where internet connectivity is genuinely bad: 1500msec RT, latency, 30% packet loss, and frequent drops in connectivity that last seconds to hours, otherwise known as most of the world. On a good day I lose an SSH connection randomly about every 3-6 hours but I’ve only ever lost a Mosh session when my system went down.

It does a lot of things, but two are key for my use: it syncs user input in the background while local echoing what you type so you can finish your command (and correct a typo) without waiting 1500msec for the remote echo to update; and it creates persistent connections that survive drop off of almost any type except killing the terminal application on one end or the other (anything between can die and when it recovers, you catch up). This means compiles finish and you actually get the output warnings…

…well…

…some of them. Because Mosh’s one giant, glaring, painful, almost debilitating weakness is that it doesn’t support scrollback. So compared to tmux or something else that you can reconnect to after your SSH session drops, you really lose screen content, which is a PITA when ls-ing a directory. I mean, it isn’t that much of an efficiency gain to have to type “ls | less” instead of just “ls” every time you want to see a directory.

I found a solution that works for me. I also use Tmux with Mosh because Tmux will survive a dead client and working with Windows client reboots are a fact of life (I know, sad, but there are some tools I still need on windows, hopefully not for much longer).

Tmux has a facility for creating a local log file, which I then “tail -f” using a separate SSH window. If the SSH client disconnects, no loss, I can pick up the log anytime. It is just mirroring everything that the mosh terminal is doing and the scroll bar scroll back works fine. And it is a raw text file, so you can pipe the output through grep to limit what’s displayed to something of interest and review the log asynchronously as, say, a build is progressing.

Although there are some nice advantages to this, when/if Mosh supports scrollback, it’ll be far more convenient having it in the same window, but for now this is the easiest solution I could come up with.

FreeBSD:

# portmaster sysutils/tmux
# portmaster net/mosh
# ee ~/.tmux.conf
-> bind-key H pipe-pane -o "exec cat >>$HOME/'#W-tmux.log'" \; display-message 'Logging enabled to $HOME/#W-tmux.log'
-> set -g history-limit 30000
Start a Mosh session (for example with

Mobaxterm 

on windows)
# tmux
# [CTRL]-b H
start SSH session (Mobaxterm or

Putty 

on windows)
# tail -f csh-tmux.log
("csh" will be the name of the mosh window - so really "(MoshWindowName)-tmux.log"

You can tmux the ssh session too and still have scrollback and then just reconnect into the same tail command, which preserves the whole scrollback. If you’re on a connection like I’m on, your scrollback logfile will drop off a couple of times a day, but you won’t lose your Mosh session, and it’ll be waiting for you when you’re reminded that you need to see those security warnings from the compile that just scrolled off the Mosh screen forever.

Posted at 00:57:12 GMT-0700

Category: FreeBSDHowToLinuxTechnology

Making Chrome Less Horrible

Saturday, June 13, 2015 

Google’s Chrome is  a useful tool to have around, but the security features have gotten out of hand and make it increasingly useless for real work without actually improving security.

After a brief rant about SSL, there’s a quick solution at the bottom of this post.

 

Chrome’s Idiotic SSL Handling Model

I don’t like Chrome nearly as much as Firefox,  but it does do some things better (I have a persistent annoyance with pfSense certificates that cause slow loading of the pfSense management page in FF, for example). Lately I’ve found that the Google+ script seems to kill firefox, so I use Chrome for logged-in Google activities.

But Chrome’s handling of certificates is abhorrent.  I’ve never seen anything so resolutely destructive to security and utility.  It is the most ill-considered, poorly implemented, counter-productive failure in UI design and security policy I’ve ever encountered.  It is hateful and obscene.  A disaster.  An abomination. The ill-conceived excrement of ignorant twits.  I’d be happy to share my unrestrained feelings privately.

It is a private network, you idiots

I’ve discussed the problem before, but the basic issues are that:

  • The certificate authority is NOT INVALID, Chrome just doesn’t recognize it because it is self-signed.  There is a difference, dimwits.
  • This is a private network (10.x.x.x or 192.168.x.x) and if you pulled your head out for a second and thought about it, white-listing private networks is obvious.  Why on earth would anyone pay the cert mafia for a private cert?  Every web-interfaced appliance in existence automatically generates a self-signed cert, and Chrome flags every one of them as a security risk INCORRECTLY.
  • A “valid” certificate merely means that one of the zillions of cert mafia organizations ripping people off by pretending to offer security has “verified” the “ownership” of a site before taking their money and issuing a certificate that placates browsers
  • Or a compromised certificate is being used.
  • Or a law enforcement certificate is being used.
  • Or the site has been hacked by criminals or some country’s law enforcement.
  • etc.

A “valid” certificate doesn’t mean nothing at all, but close to it.

So one might think it is harmless security theater, like a TSA checkpoint: it does no real harm and may have some deterrent value.  It is a necessary fiction to ensure people feel safe doing commerce on the internet.  If a few percent of people are reassured by firm warnings and are thus seduced into consummating their shopping carts, improving ad traffic quality and thus ensuring Google’s ad revenue continues to flow, ensuring their servers continue sucking up our data, what’s the harm?

The harm is that it makes it hard to secure a website.  SSL does two things: it pretends to verify that the website you connect to is the one you intended to connect to (but it does not do this) and it does actually serve to encrypt data between the browser and the server, making eavesdropping very difficult.  The latter useful function does not require verifying who owns the server, which can only be done with a web of trust model like perspectives or with centralized, authoritarian certificate management.

How to fix Chrome:

The damage is done. Millions of websites that could be encrypted are not because idiots writing browsers have made it very difficult for users to override inane, inaccurate, misleading browser warnings.  However, if you’re reading this, you can reduce the headache with a simple step (Thanks!):

Right click on the shortcut you use to launch Chrome and modify the launch command by adding the following “--ignore-certificate-errors

Unfuck chrome a bit.

Once you’ve done this, chrome will open with a warning:

zomg: ignore certificate errors? who doesn't anyway?

YAY.  Suffer my ass.

Java?  What happened to Java?

Bonus rant

Java sucks so bad.  It is the second worst abomination loosed on the internet, yet lots of systems use it for useful features, or try to.  There’s endless compatibility problems with JVM versions and there’s the absolutely idiotic horror of the recent security requirement that disables setting “medium” security completely no matter how hard you want to override it, which means you can’t ever update past JVM 7.  Ever.  Because 8 is utterly useless because they broke it completely thinking they’d protect you from man in the middle attacks on your own LAN.

However, even if you have frozen with the last moderately usable version of Java, you’ll find that since Chrome 42 (yeah, the 42nd major release of chrome. That numbering scheme is another frustratingly stupid move, but anyway, get off my lawn) Java just doesn’t run in chrome.  WTF?

Turns out Google, happy enough to push their own crappy products like Google+, won’t support Oracle’s crappy product any more.  As of 42 Java is disabled by default.  Apparently, after 45 it won’t ever work again.  I’d be happy to see Java die, but I have a lot of infrastructure that requires Java for KVM connections, camera management, and other equipment that foolishly embraced that horrible standard.  Anyhow, you can fix it until 45 comes along…

To enable Java in Chrome for a little while longer, you can follow these instructions to enable NPAPI for chrome <42 (which enables Java).  Type “chrome://flags/#enable-npapi” in the browser bar and click “enable.”

Enable NAPI

Posted at 13:24:37 GMT-0700

Category: HowToSecurityTechnology

Copying Text Without the Horrible Formatting

Saturday, August 16, 2014 

Have you ever copied some text off a web page or a document and then gone to paste it in another document or spreadsheet only to find some horribly formatted hypertext pasted in for some bizarre reason, then had to go through the hassle of trying to figure out how to remove the formatting?

Have you ever used Putty or another SSH client that automatically copies highlighted text to the copy buffer and allows pasting with a middle click and wished all programs were this smart?

Has anyone, ever, in the history of using a computer, WANTED to paste formatted text from a web page or drop some idiotic OLE object into their FrameMaker document?  I know I’ve never once wanted that to happen.

Tonight I had to copy a 100 or so mac addresses out of a DHCP list from the web interface of pfSense into an Excel table and each damn time I got stupid formatting and then had to select the cell, select the drop down menu for paste options, select paste as text, repeat.  Holy crap, what the hell were they thinking?  No clue.

None of the paste solutions recommended for Excel worked for me and OpenOffice/Libre were just as screwed up.  But I found some solutions for the copy side for Windows.  Some of the plugins should work on Linux.  If you’re using a Mac, The Steve has already decided how your work is permitted to look and the Apple goons will probably break your fingers if you try to modify formatting.

  • Auto Copy makes Chrome on windowz almost as efficient as a linux application! Copy as text, select to copy. Middle click to paste.  Dang. But it doesn’t seem to always remove formatting (select to copy works reliably though).
  • Copy as Plain text fixes this stupidity on Firefox.
  • UPDATE: Márton Anka is an awesome developer who writes some of the best code on the internet and his plugin PLAINCOPY, is an excellent solution.
  • Autocopy2 adds the incredibly useful select to copy to Firefox.  Once you get used to it, you’ll be frustrated with applications that don’t support it.
  • This edit to maker.ini will prefer pasting plain text (or now UTF8) over OLE2, eliminating that horror from FrameMaker.

It turns out there’s a universal solution for Windows.

  • PureText removes formatting from text on the clipboard and pastes it with an alternate key command (like Windows-V), so even copying from word documents to excel isn’t a horrible nightmare of tedium.

I haven’t yet figured out how to copy images from Firefox to Thunderbird without pasting it as a reference to the original image.  Pasting an HTML reference to remote content means the recipient either doesn’t see the image (because they don’t auto-load remote content or because they don’t have permission to load it or aren’t on-line when they read their mail) or Thunderbird makes a request to the referenced site to load the media creating a privacy violating log entry.  The most convenient solution I’ve found is to paste the image into irfanview first and then copy from there into Thunderbird.

Posted at 15:40:40 GMT-0700

Category: HowToTechnology

Xabber now uses Orbot: OTR+Tor

Sunday, November 3, 2013 

As of Sept 30 2013, Xabber added Orbot support. This is a huge win for chat security. (Gibberbot has done this for a long time, but it isn’t as user-friendly or pretty as Xabber and it is hard to convince people to use it).

The combination of Xabber and Orbot solves the three most critical problems in chat privacy: obscuring what you say via message encryption, obscuring who you’re talking to via transport encryption, and obscuring what servers to subpoena for at least the last information by onion routing. OTR solves the first and Tor fixes the last two (SSL solves the middle one too, though Tor has a fairly secure SSL ciphersuite, who knows what that random SSL-enabled chat server uses – “none?”)

There’s a fly in the ointment of all this crypto: we’ve recently learned a few entirely predictable (and predicted) things about how communications are monitored:

1) All communications are captured and stored indefinitely. Nothing is ephemeral; neither a phone conversation nor an email, nor the web sites you visit. It is all stored and indexed should somebody sometime in the future decide that your actions are immoral or illegal or insidious or insufficiently respectful this record may be used to prove your guilt or otherwise tag you for punishment; who knows what clever future algorithms will be used in concert with big data and cloud services to identify and segregate the optimal scapegoat population for whatever political crises is thus most expediently deflected. Therefore, when you encrypt a conversation it has to be safe not just against current cryptanalytic attacks, but against those that might emerge before the sins of the present are sufficiently in the past to exceed the limitations of whatever entity is enforcing whatever rules. A lifetime is probably a safe bet. YMMV.

2) Those that specialize in snooping at the national scale have tools that aren’t available to the academic community and there are cryptanalytic attacks of unknown efficacy against some or all of the current cryptographic protocols. I heard someone who should know better poo poo the idea that the NSA might have better cryptographers than the commercial world because the commercial world pays better, as if the obsessive brilliance that defines a world-class cryptographer is motivated by remuneration. Not.

But you can still do better than nothing while understanding that a vulnerability to the NSA isn’t likely to be an issue for many, though if PRISM access is already being disseminated downstream to the DEA, it is only a matter of time before politically affiliated hate groups are trolling emails looking for evidence of moral turpitude with which to tar the unfaithful. Any complacency that might be engendered by not being a terrorist may be short lived. Enjoy it while it lasts.

And thus (assuming you have an Android device) you can download Xabber and Orbot. Xabber supports real OTR, not the fake-we-stole-your-acronym-for-our-marketing-good-luck-suing-us “OTR” (they did, but that link is gone now) that Google hugger-muggers and caromshotts you into believing your chats are ephemeral with (of course they and all their intelligence and commercial data mining partners store your chats, they just make it harder for your SO to read your flirty transgressions). Real OTR is a fairly strong, cryptographically secured protocol that transparently and securely negotiates a cryptographic key to secure each chat, which you never know and which is lost forever when the chat is over. There’s no open community way to recover your chat (that is, the NSA might be able to but we can’t). Sure, your chat partner can screen shot or copy-pasta the chat, but if you trust the person you’re chatting with and you aren’t a target of the NSA or DEA, your chat is probably secure.

But there’s still a flaw. You’re probably using Google. So anyone can just go to Google and ask them who you were chatting with, for how long, and about how many words you exchanged. The content is lost, but there’s a lot of meta-data there to play with.

So don’t use gchat if you care about that. It isn’t that hard to set up a chat server.

But maybe you’re a little concerned that your ISP not know who you’re chatting with. Given that your ISP (at the local or national level) might have a bluecoat device and could easily be man-in-the-middling every user on their network simultaneously, you might have reason to doubt Google’s SSL connection. While OTR still protects the content of your chat, an inexpensive bluecoat device renders the meta information visible to whoever along your coms path has bought one. This is where Tor comes in. While Google will still know (you’re still using Google even after they lied to you about PRISM and said, in court, that nobody using Gmail has any reasonable expectation of privacy?) your ISP (commercial or national) is going to have a very hard time figuring out that you’re even talking to Google, let alone with whom. Even the fact that you’re using chat is obscured.

So give Xabber a try. Check out Orbot, the effortless way to run it over Tor. And look into alternatives to cloud providers for everything you do.

Posted at 08:50:47 GMT-0700

Category: FreeBSDSelf-publishingTechnology

Iraq Blocked For Many Android Apps

Sunday, March 3, 2013 

I’m not sure who decides what apps are blocked on a country by country basis, but an awful lot of apps are blocked in Iraq and it seems like more and more.

iraq_blocked_play_viber.JPG

OTT apps like Whatsapp and Viber sort of make sense. These apps are at war with the carriers, who claim the app is making money somehow on the backs of the carriers*, and they seem to be largely blocked from install in Iraq. One would imagine that was Asiacell’s doing, but I changed SIMs and that didn’t help.

Iraq_blocked_whatsapp.JPG

But then I noticed that weird apps like Angry Birds are not allowed in Iraq—apps that makes no sense for a carrier to block.  The advertising model actually works and ad-supported apps show (some) relevant, regional ads, as they should, in theory generating at least some revenue for the developers. Part of the problem may be that there’s no way for in-app payments to be processed out of Iraq and therefore developers of even “freemium” apps may choose to block their apps in the country reasoning that if they can’t make money, why let people use the app?

Iraq_blocked_angry_birds.JPG

If so, it seems short sighted: ultimately payment processing will be worked out and even if it isn’t, Iraqis are allowed to travel to countries where in-app payments do work. Establishing a beachhead in the market, even without revenue seems prudent. Blocking users who represent neither revenue nor cost seems arbitrarily punitive.

* The carrier’s business should be to transport bits agnostically.  They have no business caring what we do with our bits; no bit costs more than any other bit to carry.  If they can’t figure out how to make money carrying bits, they have no business being in the bit carrying business. When they whine about a business like WhatsApp or Viber or Free Conference Call or Skype or Google hurting their profits what they really mean is that these new businesses have obviated a parasitic business that was profitable due to a de facto monopoly over what people could do with their bit carrying business.

If the bit carriers were competent application layer developers, they’d have developed their own versions of these “OTT” applications.  But they’re not competent developers and so they have not and they’ve squandered the expertise and market control they once had and are now crying that they can’t even make the core bit carrying business work. This should not inspire sympathy or legislative support.
Dear telco, I will pay you a fair market price for carrying my bits.  You have no right to worry about what bits I choose to send after I’ve paid my bit toll.  If you can’t do that, we the people have every right to build our own information highways collectively without you.  And we probably should anyway.

Posted at 05:29:54 GMT-0700

Category: Cell phonesPlacesPoliticsTechnology

cyrus-sasl-saslauthd-2.1.26 auth_krb5.c compile error

Saturday, January 5, 2013 

Upgrading cyrus-sasl-saslauthd-2.1.25 to the current cyrus-sasl-saslauthd-2.1.26, I started to get auth_krb5.c compile errors that were terminating the compile like:

<command-line>: warning: this is the location of the previous definition
mv -f .deps/auth_getpwent.Tpo .deps/auth_getpwent.Po
cc -DHAVE_CONFIG_H
-DSASLAUTHD_CONF_FILE_DEFAULT=\"/usr/local/etc/saslauthd.conf\" -I. -I.
-I.. -I. -I./include -I./include -I./../include   -I/usr/local/include
-DKRB5_HEIMDAL -I/usr/local/include  -O3 -pipe -march=native
-DLDAP_DEPRECATED -fno-strict-aliasing -MT auth_krb5.o -MD -MP -MF
.deps/auth_krb5.Tpo -c -o auth_krb5.o auth_krb5.c
In file included from mechanisms.h:35,
                 from auth_krb5.c:51:
saslauthd.h:190:1: warning: "KRB5_HEIMDAL" redefined
<command-line>: warning: this is the location of the previous definition
auth_krb5.c: In function 'auth_krb5_init':
auth_krb5.c:105: warning: assignment discards qualifiers from pointer
target type
auth_krb5.c:106: warning: assignment discards qualifiers from pointer
target type
auth_krb5.c: In function 'auth_krb5':
auth_krb5.c:184: error: 'krb5_verify_opt' undeclared (first use in this
function)
auth_krb5.c:184: error: (Each undeclared identifier is reported only once
auth_krb5.c:184: error: for each function it appears in.)
auth_krb5.c:184: error: expected ';' before 'opt'
auth_krb5.c:233: error: 'opt' undeclared (first use in this function)
*** Error code 1

Stop in
/usr/ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.26/saslauthd.
*** Error code 1

Stop in
/usr/ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.26/saslauthd.
*** Error code 1

Stop in /usr/ports/security/cyrus-sasl2-saslauthd.

with some expert advice from the port maintainer, Hajimu UMEMOTO (what is not to love about BSD and open source?  Something goes wrong, the guy who knows everything about it tells you how to fix it right away).   He correctly ascertained that I had security/krb5 installed, a dependency of  openssh-portable.  Kerberos, HEIMDAL and GSSAPI occasionally have interactions, but his advice was to make with the directive KRB5_HOME=/usr/local. I put this into /etc/make.conf to make it permanent, deinstall/reinstalled security/krb5 and then cyrus-sasl-2.1.26 compiled perfectly.

Thanks Mr Umemoto!

Posted at 13:41:23 GMT-0700

Category: FreeBSDTechnology

Google APIs Suck

Friday, January 4, 2013 

Off-Site scripts are annoying and privacy invasive. They are a vector for malware, waste your computer’s resources, and generally add limited capability.  They’re a shortcut for developers but rarely add real value that can’t be replaced by locally-hosted, open-source scripts and always compromise your privacy (or the privacy of your site’s visitors).

To explain – I use noscript (as everyone should) with Firefox (it doesn’t work with Chrome: I might consider trusting Google’s browser for some mainstream websites when it does, but I don’t really like that Chrome logs every keystroke back to Google and I’m not sure why anyone would tolerate that).  NoScript enables me to give per-site permission to execute scripts.

The best sites don’t need any scripts to give me the information I need.  It is OK if the whizzy experience is degraded somewhat for security’s sake, as long as that is my choice. Offsite scripting can add useful functionality, but the visitor should be able to opt out.

Most sites use offsite scripting for privacy invasion – generally they have made a deal with some heinous data aggregator who’s business model is to compile dossiers of every petty interest and quirk you might personally have and sell them to whoever can make money off them: advertisers, insurance companies, potential employers, national governments, anyone who can pay.  In return for letting them scrounge your data off the site, they give the site operator some slick graphs (and who doesn’t love slick graphs). But you lose.  Or you block google analytics with noscript.  This was easy – block offsite scripts if you’re not using private browsing or switch to private browsing (and Chrome’s private browsing mode is probably fine) and enjoy the fully scripted experience.

But I’ve noticed recently a lot of sites are borrowing basic functionality from Google APIs.  Simple things, for which there are plenty of open source scripts to use like uploading images – this basic functionality is being sold to them in an easy to integrate form in exchange for your personal information: in effect, you’re paying for their code with your privacy. And you either have to temporarily allow Google APIs to execute scripts in your browser and suck up your personal information or you can’t use the site.

If you manage a website, remove as many calls as you can, including removing calls back to wordpress and fonts.  These are all data collection mechanisms that seem to make it easy in exchange for aggregating data on users.  I recommend three browser plugins to significantly improve privacy and reduce data collection.  They break some sites, but those sites are so privacy violating that you shouldn’t be visiting them anyway.

LocalCDN

Local CDN redirects CDN calls to locally cached copies, which improves performance and protects privacy.  CDNs make good money off your private data without your consent and the features they provide are easily replaced with local delivery.  This seems to have zero impact on browsing experience.

For firefox, you might try Decentraleyes.

Privacy Badger

EFF’s privacy badger is great.  It can be your only ad blocker if you, say, support ad-monetized content but just don’t want to be tracked.  EFF’s goal isn’t so much to end advertising but to give the user a tool to reject the more privacy invasive elements of such advertising or other mechanisms of tracking.  The “learning” mode is disabled by default because using it is, itself, trackable.

uBlock Origin

The ur-privacy plugin, uBlock Origin is by default fairly agressive in blocking and so not only protects privacy, but blocks scripts that slow your computer down, waste your costly energy doing free work for advertisers, and speeds up browsing.  It does, however, break some pages including things like logins and redirects, so become familiar with the mechanisms for selectively disabling blocking of scripts or sites that are important.

Posted at 07:34:36 GMT-0700

Category: PoliticsPrivacySecurityTechnology

Linux 342

Wednesday, August 15, 2007 

An IBM 342 with a ServeRAID 4lx is a fine machine, but getting Linux to install is less the effortless. Emacs!

2d238159.jpg

I’m trying to get zoneminder to work on this very nice IBM 342 with a serve raid card and some good drives and 3 video capture cards. The thing should be able to capture 12 streams of video simultaneously, or 6 at full 30FPS. But getting Linux variants to properly recognize the serveraid card is a challenge.

The Mandrake LiveCD install works great on IDE systems, no problem at all. But it doesn’t see the serveraid, so that one was out. Gentoo saw the serveraid card, and since video capture and real time analysis is one of those things that would be good to do fast, the gentoo optimization scheme seemed promising, but it wasn’t. Just a miserable series of failed compiles and fixes that went on endlessly.

So from there to Debian, which is very nice and since it is the parent of Ubuntu and there’s an Ubuntu package and Carolyn loves Ubuntu, that seemed worth a shot. It does see the Serveraid, but there seems to be a bug in the IPS.o driver which reared it’s irritating head during package installs causing hangs, even after I updated the firmware to 7.12.12.

So that was out. On to a distro officially supported by IBM: Suse. That installed great, easy no problem, detected all the ADCs on the capture cards and everything. Very easy to install, but there are some weird bugs with ffmpeg that hung the compile of Zoneminder. It descended into another endless series of patch and edit and retry effort to get through the compile….

Then I saw that Fedora 7 has an RPM in the main distro for ZoneMinder. It is officially supported by IBM and seems rock solid. So far the network install has gone well – the install CD is only 7.71 MB (!) and it seems tentatively promising… it’s on the “Starting install process” screen, which is supposed to take several minutes. As it may need a few GB of data, I’ll give it some time. Unfortunately Fedora doesn’t support CD installs and the 342 has a laptop style CD-ROM drive, so doing a DVD install is out of the question. Network installs are efficient if you only have to do them once, but the retry is all penalty download.

Posted at 15:05:15 GMT-0700

Category: Linux