Archive for December, 2006

5 hours' work, wasted

Monday, December 11th, 2006

For the sake of 10 minutes. Because Mrs Elbeno insisted that I turn off the computer NOW and go to bed last night, and /tmp gets cleared on boot. Grrr. If you’re reading this, Mrs Elbeno, I’m never listening to you again over such matters!

Wii gubbins

Sunday, December 10th, 2006

5183 7827 7354 6715

I’m pro level at tennis! And advancing rapidly with the bowling (high score 197). Golf I haven’t touched yet, baseball is fun but takes too long, and boxing is a bit hit and miss (har) for me.

the yearly mail merge

Thursday, December 7th, 2006

Yule is almost here and Mrs Elbeno and I have been writing the letter, which means that once again I get to figure out how to do a mail merge from the address book spreadsheet to a sheet of labels. And every year it changes slightly. This year it was quite easy though, despite the documentation being questionable (it told me to click on menu options and dialogs I didn't have).

The only tricky part of the affair this year is the same as always: how to attempt to munge everything into a common format that fits on a label, when there are so many different address types. USA, UK, Europe, Japan, Australia, single line and multi-line addresses, zip codes, post codes, states, counties… but as long as it all fits on a label and all the info is there, I'm going to trust the mail to deliver it.

The other thing that caught my eye this morning was an essay by Cory Doctorow about How Vista Lets Microsoft Lock Users In. I'm not looking forward to this upgrade at work, which will doubtless come sooner or later. I've said it before and I'll say it again: if you want what you write/draw/compose/otherwise create today still to be freely viewable/usable to you in 10 years' time, don't use Microsoft products.

a thought experiment

Monday, December 4th, 2006

I followed the story of Christopher Soghoian with interest over the last few months. As you'll recall, he is the security researcher who put a fake Northwest Airlines boarding pass generator on the web, and was subsequently visited by the FBI. There are two amazing parts to this story, for me: first, that the FBI visited him twice before confiscating all his computers, and second, that he has actually got his computer equipment back.

After the first FBI visit, he didn't sleep at home that night, and returned to find his home ransacked by the FBI on their second visit. This got me to thinking: what steps could one take to prevent the FBI accessing ones property (i.e. data on hard drives, not necessarily the physical items themselves)? I've thought of several ideas. If you're going to safeguard the physical hard drive, it should be an external one so that you have plausible deniability when you allow the FBI to take your PC and its normal boot drive.

1) Hide it onsite. Not really an idea that is likely to work, unless you have a really good hiding place.

2) Upload it to the web somewhere and let everyone mirror it. The Linus approach. Well it would certainly safeguard the data, and Soghoian could probably have done it without much consequence if he'd thought ahead. This option only works if you don't mind everyone (including the FBI) getting your data.

3) Hide it offsite. A storage facility? A bank safe-deposit box might be an interesting way to go. But odds are you're being followed by the FBI, and this would just slow them down rather than prevent them accessing the data. In the case of a safe-deposit box, it might slow them quite a lot though.

4) Mail it to a trusted party. Again, you have the problem that the FBI can probably intercept the mail before it leaves the mailbox or post office. But if you can get around that, this method would probably work. There is the problem that the FBI could be investigating your friends, too. So you might want to mail it to someone at the ACLU/EFF/press.

5) Encrypted file system. This is coming to everyone soon with the next version of Windows, I hear. But this isn't ultimately a good solution. They could probably throw you in jail for refusing to supply the key(s).

6) Steganographic file system. This is a bit more promising. But I'm not sure of the state of the art regarding things like StegFS and whether this would really fool the FBI. You face the problem of possible interrogation for the key(s).

7) The most interesting option, I think, in this thought experiment, is the possibility that the FBI won't find the data on your PC because it was never there. Imagine using the Internet as your storage device. I don't mean in the normal way that one uploads files via ftp or whatever. I mean things like using remote email queues as storage. One can imagine a program that works as follows:

Given the existence of a sensitive piece of information, rather than store it on the HDD, send it in an email addressed to me@<local ip address>. Send it first to any old external email server. That server will try to forward it back to you. But here's the clever bit. Your local mail program (controlled by the secret-storage software) doesn't accept it; instead you issue some non-fatal error in the 400 range. The remote mail server puts the mail in its queue for retransmission. It will retry periodically, eventually giving up in probably around a week if it can't deliver. Your secret-storage program can simply refresh the transmission each week, effectively using the Internet email system as a storage device. When you want to get to your data, you simply accept the email. There may be a time lapse between when you want to get at the data and the next retry cycle of the remote mail server, a bit like when you want to take money out of a savings account – that's the small price you pay for this security. Although even this might be overcome by appropriate manipulation at the TCP level (your mail server only half accepting the connection, then completing the acceptance when you want the data).

When the FBI comes to take your stuff, you (or they) turn off the power – which kills the mail reception program and destroys all traces of your data (it doesn't exist on the hard drive). And even if they were to turn it back on back in FBI HQ, the IP address will have changed. The FBI has no knowledge of which email server has your data, and in a few days, your data will expire.

Book sale haul

Saturday, December 2nd, 2006

Today was (is) the quarterly Culver City Library book sale. $15 got us:

The Eleventh Hour by Graeme Base
How The Grinch Stole Christmas by Dr. Seuss
Click Clack Moo: Cows That Type by Doreen Cronin
3 Hardy Boys Books: The House on the Cliff (2), Hunting for Hidden Gold (5), The Mystery of Cabin Island (8)
Cryptonomicon by Neal Stephenson
The Armchair Universe: An Exploration of Computer Worlds by A.K. Dewdney
The Turing Omnibus: 61 Excursions in Computer Science by A.K. Dewdney
The World According to Garp by John Irving
Prolog Programming for Artificial Intelligence by I. Bratko
Fast Food Nation by Eric Schlosser
King Solomon’s Mines by H. Rider Haggard
Moby Dick by Herman Melville
Idoru by William Gibson
John Betjeman’s Collected Poems