On the political

Fight ProtectIP/SOPA

Thursday, October 27, 2011 

I am a constituent and I urge you to reject the Internet Blacklist Bills (PROTECT IP Act in the Senate and the Stop Online Piracy Act in the House).

This bill is deeply, deeply flawed and fails completely to live up to the fundamental constitutional basis for copyright: “to promote the progress of science and the useful arts.”

I am deeply concerned by the danger these bills pose to Internet security, free speech online, and innovation. The Internet Blacklist Legislation is dangerous and short-sighted, and I urge you to join Senator Wyden and other members of Congress in opposing it.

If this bill passes, those entire “middle class” of moderately successful collaborative and user-generated sites will be driven out of the internet. The 1% sites like Google or Facebook can afford tier one lawyers to protect themselves from the prima facia unconstitutionality of this absurdly ill-considered bill, but the vast 99% can’t afford the legal resources or the infrastructure resources this bill mandates and they will vanish, hobbling the internet as the most fruitful incubator of science and the useful arts so far created.

Promote science and the useful arts by blocking ProtectIP/SOPA.

Posted at 16:19:49 UTC

Category: Negativepolitics

Phew. Now Jeff can buy another jet.

Tuesday, October 4, 2011 

As you may have heard, California Governor Jerry Brown has signed legislation repealing the law that had forced us to terminate our California Associates. We are pleased to invite all California Associates whose accounts were closed due to the prior legislation to re-enroll in the Associates Program.

Best Regards,

The Amazon Associates Team

I first read this as Amazon giving up and quietly reinstating their associates program and thus paying the sales tax they owe.  Alas, not the case.  I guess California vs. Amazon, Amazon wins.

Posted at 21:41:15 UTC

Category: Negativepolitics

Will G+ Eat RSS, or Insist on Sole Ownership?

Thursday, July 21, 2011 

Weird: I have yet to find a way to import an RSS feed into G+. This is one of those things that significantly undermines Google’s “your data” cred. Anyone know of a way to do it? I haven’t found an “import RSS feed into your feed” the way facebook kinda does and the wordpress/facebook plugin does.

I’m a very strong believer in “he who owns the hardware, owns the data,” so, for example, posting this on G+ means that this text is Google’s (note, this was originally published on G+, then I stole it back!). And since it didn’t originate on my personal wordpress installation (free as in speech, free as in beer) running on my server at home (free as in speech, not absurdly expensive as in cheap beer), it isn’t mine.

My server also runs my mail server, my file server, my web server etc. all from my garage meaning that’s my data and my hardware and fully protected by law, while any data on Google’s server is effectively shared with every good and bad government in the world and my only legal recourse if it gets hacked or stolen or sold or given away or simply deleted is to… write an angry post on my blog and swear never to trust a cloud service again.

This is, obviously, exactly the same at FaceBook and every other cloud service. I use Facebook as a syndication service: I post on my own servers and syndicate via RSS to FaceBook, which becomes, in effect, the most frequently used RSS reader should people who haven’t gotten around to blocking me in their streams might find and by which perhaps occasionally be amused. This means I still own my data and my data has no particular dependence on FaceBook’s survival.

This post is visible only as long as Google wants it to be.  If Google changes the rules, I lose the data.  OK, I can download it – as long as they choose to let me, but it isn’t my data. When I post on my server then give FaceBook permission to republish the data, I control my data and they get only what I decide to give them. When I post this on Google and then ask “please, sir, may I recover my post for another use?” the power relationship is reversed: Google owns and controls everything and my rights and usage are only what they deign to offer me.

That almost everyone trusts the billionaire playboys who put king sized beds in their 767 party plane as “do no evilparagons of virtue is odd to me, but nothing better validates Erich Fromm’s thesis than the pseudo-religious idolatry of Google and Apple.  Still, even the True Believers should realize that the founders of these Great Empires are not truly immortal and that even if Google is doing no evil now, it will change hands and those that inherit every search you’ve ever done, every web page you’ve ever visited, every email you’ve ever sent, every phone call you’ve ever made or received, the audio of every message ever left for you, the GPS traces of every step you’ve ever taken, every text and chat and tweet might think, say, that Doing Good means something different than you think it does.  One should also remember the Socratic Paradox that renders tautological Google’s vaunted motto.

Unfortunately, at least so far, Google won’t let me use G+ to syndicate my data – they insist on owning it and dictating the terms by which I can access it. If I want to syndicate content through my G+ network, it seems I have to fully gift Google that content. I’m hoping there’s a tool to populate my “posts” from RSS so the canonical will remain on my server. Because it is the Right Thing To Do.

(Shhhh..  I’m going to copy and paste this into my own wordpress installation, even though I wrote it here on the G+ interface.  They probably won’t send me a DMCA takedown, but I do run the risk that they’ll hit me with a “duplicate content penalty” and set my page rank to 0 thus ensuring nobody ever finds my site again.  Ah, absolute power, so reassuring to remember that it is absolutely incorruptible.)

Posted at 11:47:35 UTC

Category: politicsself-publishingtechnology


Tuesday, June 28, 2011 

The Department of State is proposing a new questionnaire as a precondition of getting a US passport. If the applicant is a newborn it might not be too much of a burden, but for an adult it reads like it was written by George Orwell.

If you’re a grown up and considering getting a passport, you should check in at the comment site or just email GarciaAA@state.gov and let DoS know that their estimate of 45 minutes to gather the required information is probably off by a couple of years.

A few of the questions, which I swear I am not making up:

5. List your mother's residence one year before your birth:

6. List your mother's residence at the time of your birth:

7. List your mother's residence one year after your birth:

8. Mother's place of employment at the time of your birth:

- Dates of employment:

- Name of employer:

- Address of employer:

9. Did your mother receive pre-natal or post-natal medical care?

- Name of Doctor:

- Dates of appointments:

10. What type of document, if any, did your mother use to enter into the United States before your birth?

11. Please describe the circumstances of your birth including the names (as well as address and phone number, if available) of persons present or in attendance at your birth:

Section D

Please list all of your residences inside and outside of the United States starting with your birth until the present.

Section E

Please list all of your current and former places of employment in the United States and abroad.

Section G

I declare under penalty of perjury that all responses contained in this document are true and correct, to the best of my knowledge.

False statements made knowingly and willfully in passport applications or in affidavits or other supporting documents submitted therewith are
punishable by fine and/or imprisonment under the provisions of 18 U.S.C. 1001 and/or 18 U.S.C. 1542.

This is so far beyond idiotic, so completely utterly absurd, that I’m tempted to believe that someone is pulling a hoax in releasing the document to get people riled up, like claiming there will be death panels or some stupid fabricated outrage like that. I suppose filling in “I’m sorry, but my memory of the circumstances three months before I was a zygote is a little hazy these days” would at least be true and correct, but might not lead to quick issuance of a passport. It is not just the flabbergasting stupidity of asking questions that no adult could possibly answer, but questions that utterly irrelevant to providing a passport that is galling.  Dear DoS: derp?

Posted at 15:59:26 UTC

Category: Negativepoliticsreviewstravel

Welcome Home

Tuesday, February 15, 2011 

After flying out of dusty airports with bullet holes in the windows on time, after passing through gauntlets of guards for whom “ankle holster” is an acceptable excuse for setting off the metal detector – all of whom were pleasant, and a few ear protectors put on “habibe” terms, it is a bit of a shock to land in the US where DHS shouts at passengers angrily, despite having run zero risk of IEDs to get to work and potable water running out of their taps at home, and flights delayed by 30 minutes on the runway for bad traffic management, not rockets.

Appreciate it, people are still dying for it.

Posted at 06:54:24 UTC

Category: Milpolitics

Shipley is a Rock Star

Monday, February 14, 2011 

Who would’a thunk a little site like dis.org, the on-line clubhouse for a few bay area computer types, would make both the barracuda block list and the UAE block list. How cool is that?

If you’re not in the UAE: here’s the block list http://www.etisalat.ae/assets/document/blockcontent.pdf

And if you’re inappropriately blocked: http://www.etisalat.ae/index.jsp?type=proxy

shipley is a rockstar.jpg
Posted at 10:58:54 UTC

Category: oddpoliticstechnologyvanity sites

Proof! There is Yellow Cake In Iraq

Saturday, February 5, 2011 

Finally, conclusive evidence of the presence of whole trays of yellow cake in Iraq, and at extremely low prices, well within the reach of any organization.

Proof-yellow cake in Iraq.jpg
Posted at 06:37:46 UTC

Category: Milphotoplacespoliticstravel

Moar Privacy

Thursday, December 9, 2010 

I’m using an Ubuntu VM for private browsing, and like many people, I’m stuck using a mainstream OS for much of my work (Win7) due to software availability constraints. But some software works much better in a linux environment and Ubuntu is as pretty as OSX, free, and installs easily on generic x86 hardware.

It is also pretty straightforward to install an isolated and secure browsing instance using VirtualBox. It takes about 20G of hard disk and will use up at least 512K (better 1G) of your system RAM. If you want to run this sort of config, your laptop should have more than enough disk space and RAM to support the extra load without bogging, but it is a very solid solution.

Installing Ubuntu is easy – even easier with an application like VirtualBox – just install virtualbox, download the latest ubuntu ISO, and install from there. If you’re on bare metal, the easiest thing to do is burn a CD and install off that.

Ubuntu desktop comes with Firefox in the tool bar. Customizing for private browsing is a bit more involved.

My first steps are to install:

NoScript is an easy win. It is a bit of a pain to set up at first, but soon you add exceptions for all your favorite sites and while that isn’t great security practice, it is essential for sane browsing. NoScript is particularly helpful when browsing the wacky parts of the net and not getting exotic browsing diseases: it is your default dental dam. Be careful of allowing domains you don’t recognize – Google them first and make sure you understand why they need to run a script on your computer and that it is safe. A lot of sites use partners for things like video feeds, so if some function seems broken, you probably need to allow that particular domain. On the other hand, most of the off-site scripts are tracking or stats and you really don’t need to play along with them.

BetterPrivacy is a new one for me. I am very impressed that it found approximately 1.3 zillion (OK 266) different company flash cookies AFTER I had installed TACO and noscript etc. You bastards. I’m sure I can enjoy hulu without making my play history shared-available to every flash site I might visit. Always Sunny in Philadelphia marks me as a miscreant. I flush the flash cookies on starting silently (preferences).

TACO is a bit intrusive, but it seems to work to selectively block tracking and advertising cookies. At least the pop up is comforting. For private browsing, I’d set it to reject all classes of tracking cookies (change the preferences from default).

User Agent Switcher is useful when you’re deviating from the mainstream. Running Ubuntu pretty much flags you as a trouble maker or at least a dissident. Firefox maybe a bit less so, but you are indicating to advertisers that you don’t respect the expertise of those people far smarter than you who pre-installed IE (or Safari) to make your life easier. Set your user agent to IE 8 because the nail that sticks up gets pounded down.

Torbutton needs Tor to work. Tor provides really good privacy, but is a bit involved. The Tor Button Plugin for firefox makes it seem easier than it really is: you install it and click “use tor” and it looks like it is working but the first site you visit you get an proxy error because Tor isn’t actually running (DOH!).

To get Tor to work, you will have to open a terminal and do some command line fu before it will actually let you browse. Tor is also easier to install on Ubuntu than on Windows (at least for me, but as my browser history indicates I’m a bit of a miscreant dissident, so your mileage may vary).

Starting with these fine instructions.

sudu gedit /etc/apt/sources.list
deb http://deb.torproject.org/torproject.org lucid main
deb-src http://deb.torproject.org/torproject.org lucid main

Then run
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
sudo apt-get update
sudo apt-get upgrade
sudo apt-get update
sudo apt-get install tor tor-geoipdb

Install vidalia with the graphical ubuntu software center or with
sudo apt-get install vidalia

Tor expects Polipo. And vidalia makes launching and checking on Tor easier, so remove the startup scripts. (If Tor is running and you try to start it from vidalia, you get an uninformative error, vidalia has a “launch at startup” option, so let it run things.) Vidalia appears under the Applications->Network.

sudo update-rc.d -f tor remove

Polipo was installed with Tor, so configure it:
sudo gedit /etc/polipo/config

Clear the file (ctrl-a, delete)
paste in the contents of this file:

UPDATE: paste in the contents of this file:

(if the link above fails, search for “polipo.conf” to find the latest version)

I added the binary for polipo in Vidalia’s control panel, but that may be redundant (it lives in /usr/bin/polipo).

I had to reboot to get everything started.

And for private chats, consider OTR!

Posted at 17:45:45 UTC

Category: politicstechnology

Testing Privacy Tools

Saturday, December 4, 2010 

I was curious after posting some hints about how to protect your privacy to see how they worked.

Using EFF’s convenient panopticlick browser fingerprinting site. Panopticlick doesn’t use all the tricks available, such as measuring the time delta between your machine and a reference time, but it does a pretty good job. Most of my machines test as “completely unique,” which I find complementary but isn’t really all that good for not being tracked.

Personally I’m not too wound up about targeted marketing style uses of information. If I’m going to see ads I’d rather they be closer to my interests than not. But there are bad actors using the same information for more nefarious purposes and I’d rather see mistargeted ads than give the wrong person useful information.

Panopticlik noscript.jpg

Testing Panopticlick with scripts blocked (note TACO doesn’t help with browser fingerprinting, just cookie control) I cut my fingerprint to 12.32 bits from 20.29 bits, the additional data comes from fonts and plugins.

Note that EFF reports that 1:4.1 browsers have javascript disabled. Visitors to EFF are, I would assume, more likely to disable javascript than teh norm on teh interwebz, but that implies that javascript-based analytics packages like Google analytics miss about 25% of visitors.


It is also interesting to note that fingerprint scanners (fingerprints as on the ends of fingers) have false reject rates of about 0.5% and false acceptance rates of about 0.001%. Obviously they’re tuned that way to be 50x more likely to reject a legitimate user than to accept the wrong person and the algorithms are intrinsically fallible in both directions, so this is a necessary trade-off. Actual entropy measures in fingerprints are the subject of much debate. An estimate based on Pankanti‘s analysis computes a 5.5×10^59 chance of a collision or 193 bits of entropy but manufacturer published false acceptance rates of 0.001% are equivalent to 16.6 bits, less accurate than browser fingerprinting.

Posted at 06:44:41 UTC

Category: politicstechnology

Opting Out for Privacy

Friday, December 3, 2010 

There’s a great story at the wall street journal describing some of the techniques that are being used to track people on line that I found informative (as are the other articles listed in the series in the box below).  EFF is doing some good work on this; your browser configuration probably uniquely identifies you and thus every site you’ve ever visited (via data exchanges).  Unique information about you is worth about $0.00_1.  Collecting a few hundred million 1/10ths of a cent starts to add up and may end up raising your insurance premiums.

One of the more entertaining/disturbing tricks is to use “click jacking” to remotely enable a person’s webcam or microphone.  Is your computer or network running slowly? Maybe it is the video you’re inadvertently streaming back (and maybe you just have way too many tabs open…)

A few things you can do to improve your privacy include:

  • Opt out of Rapleaf. Rapleaf collects user information about you and ties it to your email address.  You have to opt out with each email address individually, which almost certainly confirms to them that all your email addresses belong to the same person.  You might want to use unique Tor sessions for each opt out if you don’t want them to get more information than they already have via the process.
  • Opt out at NAI. This is a one stop shop for the basic cookie tracking companies that are attempting to be semi-compliant with privacy requests.  If you enable javascript for the site (which would be disabled by default if you’re using scriptblocker) then you can opt out of all of them at once.  Presumably you have to return and opt out again every time a new company comes along.
  • Use Tor for anything sensitive.  If you care about privacy, learn about Tor.  It does slow browsing so you have to be very committed to use it for everything.  But the browser plug in makes it pretty easy to turn it on for easy browsing.
  • Don’t use IE for anything personal or important.
  • Run SpyBot Search and Destory regularly.  Spybot helps block BHOs and toolbars that seem to proliferate automagically and helps remove tracking cookies.  You’ll be amazed at how many are installed on your system.  I have used or not used TeaTimer.  I’m less excited about having a lot of background tools, even helpful ones than I used to be.  Spybot currently starts out looking for 1,359,854 different known spywares.  Yikes.
  • Check what people know about you:  Google will tell you, so will Yahoo.  Spooky.
  • Use firefox.  If for no other reason than the following plugins (personally, it is my favorite, but I know people who favor chrome or even rockmelt, but talk about tracking!)  Just don’t use IE.
  • Use the private browsing mode in your browser (CTRL-SHIFT-P in FireFox).  It’d be nice if you could enable non-private browsing on a whitelist basis for sites you either trust or have to trust.  We’ll get there eventually…
  • TACO should help block flash cookies.
  • Install noscript to block scripts by default.  You can add all your favorite sites as you go so things work.  It is a pain in the ass for a while, but security requires vigilance.
  • Install adblock plus.  It helps keep the cookies away.    It also reduces ad annoyance.  You can enable ads for your favorite sites so they can pay their colo fees.
  • Add HTTPS Everywhere from EFF. The more your connections to sites are encrypted, the less your ISP (and others) can see about what you’re doing while you’re there.  Your ISP still knows every site you visit, and probably sells that information, but if your sessions are encrypted they don’t see the actual text you type.  It also makes it harder for script kiddies to grab your passwords at the cafe.
Posted at 02:44:43 UTC

Category: politicstechnology