Posts tagged “technology”.

Privacy and Security in the Digital Age

I came across an article on Wired.com (no affiliation) today that struck a cord. It’s Time to Drop the ‘Expectation of Privacy’ Test is the title of the article. And after reading and thinking about it for some time I’ve come to a few conclusions.

  1. Government can’t save us from ourselves.
  2. People are stupid.
  3. People with power are dangerous.
  4. Lawyers and Politicians are people and they have power.

OK, I’ll confess, I knew this all along but the discussion of privacy in the Digital Age gave me an excuse to highlight these truisms.

What’s wrong?

In this equation it’s assumed, security + privacy = null. And security and privacy are both defined as perfect — perfectly secure and perfectly private. The assumptions of the arguments always go unstated, but the argument has been spiraling out of control because these variable haven’t been defined properly. What is a reasonable expectation of security? What is a reasonable expectation of privacy?

Security

Let’s first tackle the question “What is a reasonable expectation of security?”. As I stated above, I feel our problem with balancing security and privacy comes from our unreasonable wants, desires, and needs for perfect security. We are blinded by some Utopian dream-world where there is no crime and people do not die from the misdeeds of others. I hate to be the one to harsh your mellow, but that will not come to pass during this evolutionary stage of our species. We will have to be very different, physically and emotionally — so different, I imagine we’ll be a new species by then, another branch of the evolutionary tree — before we see this particular, violence-free, utopian, future.

The question remains. And as I write this I struggle with the answer, can reasonable security be defined by body count? Can we say a reasonable expectation of security be that no more people die in terrorist acts than die on the roadways in car accidents? Or do we look at it by incident? Can we say that our reasonable expectation of security is that no more than one terrorist act take place within the borders of a state per year? Every two year? Every five years?

Now I see the dilemma. As a species we have probably lived in communities for safety for too long. The world is just not safe and no matter what we do, we will never make it a perfect place where one will not be harmed by the actions of another. People die all the time. People die going to the grocery. People die going fishing. The government can not give you eternal life. The government can not make you perfectly safe. It is true that the government can do some things to help insure you’re not mugged, raped or murdered. I’ve seen it happen. A cop on every street corner in the 80’s made NYC streets safer. Streets are public and public implies the lack of privacy.

I personally like the idea of the body count criteria. I also like correlating terror-deaths with traffic-deaths. Sure, the horror of 9/11 was that most of the people who died, died at their desks at work. They thought they should be safe at work. But if you look at traffic fatalities, you can die on the interstate driving to work. You should be safe in your car, right? But traffic deaths we’re not outraged over. Probably because of the lack of intent to do harm. Negligence comes close to producing those feelings of outrage; drunk drivers come to mind for example. But still, 2000 dead on our roadways, no problem. 2000 dead and six months or more of constant media attention and we all collectively scream that we can’t have that now, can we?

Privacy

I agree that there shouldn’t be a test for privacy, it should be defined and guaranteed by our legislature. How would you define privacy though? The most basic communication occurs between just two people. Any personal communication between two people is definitely private communication no matter what circumstances or setting it happens in. If I’m talking to a girl I just met at a bar, our conversation is private. If I’m talking to a friend in the park, our conversation is private. If I’m talking to a stranger at a hot dog stand, our conversation is private. Could the conversation be overheard by a third party, yes. If that third party was a representative of the government, should that information overheard be admissible in court? No. Here I make the distinction between knowing, and officially acting on that knowledge.

But there are so many ways that two people can communicate: speech, sign language, e-mail, SMS text messaging, cell phone, fax, POTS land line phones, IP telephony, etc. Do we define all cases and methods of communication or do we just simply say that the conversation taking place was between two people and cannot be listened in on without a warrant? Warrants can no longer specifically be for ‘wire taps’, or for opening e-mail, or any other specific thing. There needs to be a new warrant in the digital age. One that allows the government agent to listen to a particular person, no matter what the setting, no matter what the method of communication. A digital-age-warrant. An official court document stating that this individual’s right to privacy has been temporarily remanded (a specific and short time frame) for the greater good of the society. I am all for letting law enforcement do it’s job, but I’d also like some checks and balances. Tell me again, who watches the watchmen?

Congress is the answer

Now I see how laws grow to volumes. I haven’t even covered conversations of small groups. Declarations of privacy, e.g. “Don’t tell anyone, but…” “This is just between us…” and the plethora of unthought of situations and circumstances. All of what we do as a species is communicate in one form or another. I don’t write laws for a living, so here I think I’ll leave that up to the people who do. Congress must act to protect our privacy. Congress must act to make our privacy a right. We should guarantee this as an amendment to our constitution. It is such a basic human right that many of us assume it is somehow guaranteed already.

Privacy must be paramount. Liberty must prevail. If you want to be secure, the government can put you in a small room, give you cable TV and Internet service, feed you three square meals a day, and let you exercise in the yard once every third day — it’s called prison.

The government can not ensure your protection. Surprisingly, the entity who has the most control over your safety and well being is you. Do you want to not feel like a sheep or lemming in public? Train yourself in self defense. Are you fearful that an attacker might use a weapon against you? Train with firearms and get a concealed carry permit. Take control of your life. Be the master of your own destiny.

Those who would sacrifice liberty for security deserve neither. -Benjamin Franklin

Script it

I had another IcyDock, firewire, external, drive enclosure fail again. So instead of throwing good money after bad, I instead acquired a NAS (network attached storage) device. Specifically, I got a Synology DS211J from Amazon with reward points on my credit card. Yes, I paid $0 for it and it’s the best money I never spent.

The NAS, which I named NASty, holds two SATA drives and has a host of RAID configurations available. I have two 2TB drives mirrored, split into three Volumes, with access controls, users, passwords, and a smorgasbord of applications, not the least of is a VPN server so I can access my files remotely when I’m away from home. On one Volume I moved all of my Music, and set iTunes to look on the remote drive for my music database. Which is good for sharing my music through the house, but was causing me some pain and mental anguish on my laptop when I forgot to first ‘mount’ the drive before opening iTunes.

When opening iTunes prematurely, as the case is, my podcasts would download to the local drive and I would have to clean it up manually to get it back onto the NAS and have it recognized in the iTunes program. Annoying. So, I thought to myself, I should script it so the NAS music share mounts first, then iTunes opens. So… I programmed an iTunes Launcher for my new setup.

-- iTunes Launcher
-- for use with a music database stored on a remote NAS

-- define our Function to check if an application is running
on appIsRunning(appName)
	tell application "System Events" to (name of processes) contains appName
end appIsRunning

-- check for the existence of our music share
try
	alias "/Volumes/music"
on error
	-- if the share doesn't exist mount it
	tell application "Finder"
		mount volume "music" on server "NASty" in AppleTalk zone¬
			"*" as user name "music-user" with password "pass-word"
		-- not my username nor my password… 
	end tell
end try

-- Test to see if our mount is really there.
tell application "Finder" 
	if not (exists POSIX file "/Volumes/music/itunes/.NAStyIsMounted") then
		display alert "NASty Music Share not Mounted!" as critical giving up after 90
		return
	end if
end tell

-- Is iTunes running 
if appIsRunning("iTunes") then
	-- if so, do nothing
else
	-- otherwise start iTunes
	launch application "iTunes"
end if

-- bring iTunes window to the foreground
tell application "iTunes"
	activate
	tell window 1
		if not visible then set visible to true
	end tell
end tell

So just a tiny little script that checks to see if the music share is mounted already. If not, I mount it. I then make sure it mounted, if I can’t see the hidden file on the share I go OLD SCHOOL and ABEND. Otherwise I continue and check to see if iTunes is running. If not, I start it. And to finish up, now that I know iTunes is running, I bring it to the front.

I saved the script as an application. I changed the icon from the default AppleScript icon to a custom icon. Then I dropped the Launcher program onto my dock. So now I not only have a graphical reminder on my dock, but I removed the iTunes icon so I can’t accidentally open just the program without mounting the share first.

Amazingly, it works like a charm.

Managing spam with google

If you use google to manage your personal domain email I have worked out a hack to have the best spam filter possible.  This article is all about unsolicited junk email and stopping it dead.

Why

I have an irrational need to make sure I get all my email.  So, if I’m e-vited to the latest social event in our neighborhood (wine tasting, happy hour, etc.) but they misspelled my user name, I still want to get the e-vitation. (If they misspell the domain name, sadly there’s not much I can do.) So, in google mail I set up a “catch all” which means that if google doesn’t find a valid user account to deliver the mail message to, it will drop the message into the designated “catch all” user account instead of bouncing it back to the sender as undeliverable.  That’s great for never missing an invitation to drink alcohol with friends, but that’s horrible for trying to manage spam messages.  Spammers no longer have to guess a valid user name, they can send it anywhere to my domain and it’ll wind up in my SPAM folder.  Which isn’t so bad, but I hate SPAM folders.

I hate SPAM folders because I feel the need to go through them to see if legitimate messages were placed in there on accident.  The thought of missing that wine-tasting e-vitation because it had one too many links in the message is personally disquieting.  When you get thousands of SPAM messages a week, searching for that one party invitation is very time consuming, tedious, and really annoying.  So I gave myself a goal, “Minimize the chances of missing an email while also minimizing the amount of spam that made it into the SPAM folder.”

Lofty goal, huh?  I know, I’m going to tackle hunger and world peace next week.

So, I own my own domain.  When you send a message to a user at wiredsage.com, it comes to my email account no matter what the user name was.  Minimizing missed messages isn’t quite that easy, because they can still get delivered, categorized as spam, and lost in the plethora of junk mail waiting to be deleted never to be seen by human eyes.  I had to figure out a way of killing spam before it got to the SPAM folder in google.

White-List, Are you Human, Black-List?

You might be thinking to yourself, what they need is a “white-list” or a list of people who would never send you spam and would always send you good email. With the proliferation of malware, lots of people who would have been on a “white-list” of mine have in the past sent me crap.  Plus, what about the person I don’t know?  The person that is sending me a legitimate job offer, the job offer of my dreams.  I want that email to come right to my Inbox without delay.  So not only is this not a great solution, it’s not offered by google.

I’ve seen some hosting companies send an auto-reply message to the sender, ask them to visit a website, and complete a captcha (validating that you are human), before allowing the email message to be delivered.  That stops spam pretty much in it’s tracks.  It can be defeated though.  I’ve seen spammers use third world data entry workers to complete captchas in other situations before.   And could you imagine a recruiter sending out a bulk email message, about the best tech job ever to be published to a list of highly qualified potential applicants, going through all that crap to deliver one email to one potential employee.  Opportunity only knocks once.  This is not only overkill, it’s also not offered by google.

What I really needed was a “black list”.  A filter that said, if the email meets this criteria, return it to sender as undeliverable.  Ideally, I would be able to use regular expressions on any email field, header, or the body of the message.  I would be able to count how many links were in the email, I would be able to compare the senders to my contact list, I could count the number or recipients were in the message, to create a robust set of rules which would allow me to decide, “this message was too spammy to accept”.  Now note that I want to bounce the messages and return them to sender with an error for the one in a million emails that weren’t spam.  Well, guess what?  Google doesn’t offer this either.

What to do?

I wondered if I could do anything, so I investigated.  In computer lingo I hacked.  I was looking for a way to use the existing infrastructure provided by google in a non-intended way to get my desired result.  So I hacked… and hacked… and hacked…

I found that if you disable an account, the email is then bounced back to the sender as undeliverable.  I also found that you could apply aliases to a user account.  So I made a user called junkmail-01 and gave it a name of “junkmail filter”.  I then opened up my SPAM folder and looked at all the TO: fields to get the email addresses that were being spammed.  I took those usernames out of the SPAM folder and made them aliases to junkmail-01.  I then tried to send email to those email addresses.  Bounced mail.  I had found my black-list.

How it works

Now when I go to a site shopping, like geeks.com, and they want my email address I give them geeks.com@wiredsage.com.  Then if they sell or lose my email address and I start getting emails for “natural male enhancement” I just have to add “geeks.com” as an alias to my junkmail-01 user and I will get no more mail from them ever again.  Well, they betrayed my trust, they don’t deserve to communicate with me.  If I absolutely still need to get email from them, I update the username they have on file to something like “geeks.com-2@wiredsage.com” and then I know how many times they lost my email address and whether I want to trust them with my credit card information in the future.

Junkmail-01?

You might be wondering, why junkmail-01?  Why not just junkmail?  Well, google only allows you to add 20 or so aliases to a user account.  I’ve gone beyond 20 blacklisted email addresses.  So, you just add another user, junkmail-02, disable the account, and start adding more aliases.

The Result

This is very effective because I’m filtering on the destination address, not the source address.  So no matter what bot network is sending the spam, or what domain the spam originates from, if it’s destined for the blacklisted account, it gets bounced.  Every once in a very long while I get a spam message in my SPAM folder in my catch-all account.  I then have to login to the domain management portion of google mail and add an alias to the highest numbered junkmail account.  To stop it from happening again.  I see it as an effective strategy for managing spam with the existing tools google provides.

Closing Thoughts

I think this is a sweet hack.  But it is just that, a hack.  I would love for google to come out with a regular expression based rule filter for their email.

MacBook Meltdown

I sit at an “L” shaped desk in my home office; to my left is my personal mac book pro, in front of me is my work PC. I was working feverishly this afternoon when I smelled something burning. Specifically, I smelled plastic burning. I jumped up from my desk panicked that my house was on fire.

I dashed out of my office headed for the closest of two fire extinguishers we keep in the house when I realized with a shock that I no longer smelled the burning plastic out in the hallway. Relieved that it wasn’t the pre-wired Christmas tree melting downstairs I bolted back into my office, feared an electrical fire, and frantically worried over what action I could take if it were the wiring in the walls.

I entered my office and sniffed the air in front of me like a bloodhound. It came from my desk. Then I saw wafts of faint grey smoke which rose over the back of my MacBook Pro. I moved all the wires away from my computer. I quickly disconnected the power cord, Firewire 800, and USB wires that were plugged into the device; fearing a short circuit I inspected each wire.  The wires were fine, not warm at all and still a smell like burning nylon persisted. I picked up the computer and sniffed it. Immediately I knew something inside my MacBook Pro had melted.

I opened a window, turned on the overhead fan, and aired out the room. The smell dissipated quickly. I realized I felt a little light headed; that too quickly passed.  With the power cord unplugged, the laptop only running on battery power, everything seemed fine.  I immediately started a backup of my data.  I’ve heard horror stories about Apple support replacing whole devices and not restoring data — that wasn’t going to happen to me.  I then looked for the support number and called Apple Care.

My Apple Care phone experience was extremely pleasant. My computer is under warranty and they scheduled an appointment for me to meet a technician at the local Apple Store in town. While I was on hold, on a whim, I plugged the power cord back into my computer.  I immediately smelled the burning plastic again, and unplugged it promptly.

So, some time in the not too distant future an Apple technician will crack open my laptop and either see a stray bit of plastic that got too close to something hot, or identify a faulty part and replace it.  Either way, I think my next Apple purchase will be Apple Care for my MacBook Pro.

Download all of Facebook ???

So, I was looking for old Facebook entries today to figure out when I did certain things (video project related). I tried clicking all the “See Older Posts…”, “see more…”, and “view all XX comments…” links to expand the page so I could dump it to a PDF file. Ha! I got to the end of all my posts; but, while trying to expand all the comments Facebook jumped me to another page and I had nothing. I said to myself, “Self, there aught to be a better way right? I should be able to see all my old posts… I should be able to search all my old posts. Heck, I should be able to download all my stuff from Facebook!”

Well, looks like someone else thought of that too. Just last month, October 6th, Facebook gave it’s users the option to download EVERYTHING associated with their Facebook account. Every post made to your WALL, all your photos, all your videos, all the comments on your photos and videos, your profile, your events, your messages, even a list of all your friends. I found this after a short and sweet Google search.

Yes, you know me! I did it right away! When you click, “Download my Information” it tells you it’s going to take a while. They send an email to the email address Facebook has on record when the ZIP file is ready for download. Don’t be alarmed. I’ve been on Facebook for close to a year now and my ZIP archive of everything was 762 Megabytes. It took about an hour or two to compile everything and on my broadband connection, it took 10 minutes to download. After I downloaded it, I UN-ZIPPED it, wondering what I’d find.

What did I find? I found the most useable archive of information I could have imagined. Extremely well done. There were several directories, one of which was HTML. Jumping in there and clicking on Wall.html got me to a local copy of all my Facebook information in one easy, searchable, HTML file! But then what did I really expect from web developers? They stuck with what they knew. They did what they do best. I was extremely impressed.

Actually, re-reading and editing this post I said to myself, “Self, they should have put a readme.txt or an index.html in the top directory.” And when I checked, both files were there. I just immediately went digging to see what was under the hood and wound up at the same place via a different path.

So what? So, you should download all your information to really conceptualize what Facebook knows about you. It’s easy, it’s informative, and it’s really cool to have a copy for yourself.