Archive for May, 2006

Diversity post

Wednesday, May 31st, 2006

Just an observation here, but I’m noticing a lot of focus on the past. While it’s important to know your history, if you dwell too much on the past, it’s hard to move forward (or maybe it’s just me).

From Hitler to slavery to the Great Depression, I’m seeing a lot of references to the distant past. I’m willing to bet that most of it happened before any of our lifetimes. Rather than focusing on past atrocities, a larger focus should be on present-day atrocities.

For instance, slave trade out of Africa happened way before African slaves were brought to the U.S. (link here) Slave trade has been abolished in the U.S. and Europe since the 19th century. In fact, African nations demanded an apology from European nations and the U.S. for past slavery. Most nations didn’t apologize, but for the wrong reasons in my opinion. Their reasons were monetary. My reasoning would be that slave trade is still practiced in Africa today. And not slave trade of adults, mainly children. So wouldn’t it be sort of hypocritical to demand an apology for something that happened over 200 years ago, but yet that country still practices slavery?

My whole point is rather than focusing on the past and what we truly can’t change or do a whole lot about, shouldn’t we all focus on present-day to help prevent future atrocities? Does anyone think we can move on if we don’t stop focusing on things that none of us were a part of? An argument could be made that some of us are slightly affected by it because our parents or grandparents were a part of an era affected by segregation, but that was a different time. We don’t have bathrooms for seperate races any longer. We don’t have schools for set up for seperate races either. We all have an equal opportunity to make it as long as we’re willing to work for it – today.

Quote of the week: May 29th

Monday, May 29th, 2006

DRM ‘manages access’ in the same way that jail ‘manages freedom.’

A proposed legal remedy for reporting vulnerabilities

Sunday, May 28th, 2006

I can’t help but think that with the risk of negative consequences from informing someone incompetent, selfish, or insecure of a vulnerability that there needs to be some sort of safe harbor provision in laws in the case of reporting a vulnerability.

For example: If you stumble upon (or more proactively find) a vulnerability, if you send details of the vulnerability, the actions you took to find it, the exact steps you took whilst exploiting it; and you only performed reasonably minimal actions whilst in the exploited state to confirm that the vulnerability was real, then informing the target of the vulnerability with this information renders you immune from prosecution.

Would this work?

Right now, if the company in question is likely to sue or prosecute or persecute you for revealing the fact that the emperor has no clothes, then let them stew. I’m sure that someone with less honorable intentions will come along and find it just as easily, and then you can sit by and chuckle as their website/customer database/company is destroyed by a very small shell script.

Of course, this isn’t the moral thing to do – to let a company die when you could have helped, but it’s obviously not what they want.

Technology meets a cowboy

Tuesday, May 23rd, 2006

A West Texas cowboy was herding his cattle in a remote pasture when suddenly a Brand new BMW advanced out of a dust cloud towards him. The driver, a young man in a Brioni suit, Gucci shoes, Ray Ban sunglasses and YSL tie, leans out the window and asks the cowboy, “If I tell you exactly how many cows and calves you have in your herd, will you give me a calf?”

The cowboy looks at the man, obviously a yuppie, then looks at his peacefully grazing herd and calmly answers, “Sure, Why not?” The yuppie parks his car, whips out his Dell notebook computer, connects it to his AT&T cell phone, and surfs to a NASA page on the Internet, where he calls up a GPS satellite navigation system to get an exact fix on his location which he then feeds to another NASA satellite that scans the area in an ultra-high-resolution photo. The young man opens the digital photo in Adobe Photoshop and exports it to an image processing facility in Hamburg, Germany. Within seconds, he receives an email on his Palm Pilot that the image has been processed and the data stored. He then accesses a MS-SQL database through an ODBC connected excel spreadsheet with email on his Blackberry and, after a few minutes, receives a response. Finally, he prints out a full color, 150 page report on his Hi-tech, miniaturized HP Laser Jet printer and finally turns to the cowboy and says, “You have exactly 1586 cows and calves.”

“That’s right. Well, I guess you can take one of my calves,” says the cowboy. He watches the young man select one of the animals and looks on amused as the young man stuffs it into the trunk of his car.

Then the cowboy says to the young man, “Hey, if I can tell you exactly what your business is, will you give me back my calf?”

The young man thinks about it for a second and then says, “Okay, why not?”

“You’re a consultant for the Federal Government,” says the cowboy.

“Wow! That’s correct,” says the yuppie, “but how did you guess that?”

“No guessing required,” answered the cowboy. “You showed up here even though nobody called you; you want to get paid for an answer I already knew, to a question I never asked. You tried to show me how much smarter than me you are; and you don’t know a damn thing about Cattle…now give me back my dog.”

Wired news releases NSA/AT&T whistleblower’s evidence

Monday, May 22nd, 2006

Original article here.

This is to serve as a mirror in case the Wired article gets “taken down”:

Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation’s class-action lawsuit against the telecommunications company, which alleges that AT&T cooperated in an illegal National Security Agency domestic surveillance program.

In a public statement Klein issued last month, he described the NSA’s visit to an AT&T office. In an older, less-public statement recently acquired by Wired News, Klein goes into additional details of his discovery of an alleged surveillance operation in an AT&T building in San Francisco.

Klein supports his claim by attaching excerpts of three internal company documents: a Dec. 10, 2002, manual titled “Study Group 3, LGX/Splitter Wiring, San Francisco,” a Jan. 13, 2003, document titled “SIMS, Splitter Cut-In and Test Procedure” and a second “Cut-In and Test Procedure” dated Jan. 24, 2003.

Here we present Klein’s statement in its entirety, with inline links to all of the document excerpts where he cited them. You can also download the complete file here (pdf). The full AT&T documents are filed under seal in federal court in San Francisco.

AT&T’s Implementation of NSA Spying on American Citizens

31 December 2005

I wrote the following document in 2004 when it became clear to me that AT&T, at the behest of the National Security Agency, had illegally installed secret computer gear designed to spy on internet traffic. At the time I thought this was an outgrowth of the notorious Total Information Awareness program, which was attacked by defenders of civil liberties. But now it’s been revealed by The New York Times that the spying program is vastly bigger and was directly authorized by President Bush, as he himself has now admitted, in flagrant violation of specific statutes and constitutional protections for civil liberties. I am presenting this information to facilitate the dismantling of this dangerous Orwellian project.
AT&T Deploys Government Spy Gear on WorldNet Network

— 16 January, 2004

In 2003 AT&T built “secret rooms” hidden deep in the bowels of its central offices in various cities, housing computer gear for a government spy operation which taps into the company’s popular WorldNet service and the entire internet. These installations enable the government to look at every individual message on the internet and analyze exactly what people are doing. Documents showing the hardwire installation in San Francisco suggest that there are similar locations being installed in numerous other cities.

The physical arrangement, the timing of its construction, the government-imposed secrecy surrounding it and other factors all strongly suggest that its origins are rooted in the Defense Department’s Total Information Awareness (TIA) program which brought forth vigorous protests from defenders of constitutionally protected civil liberties last year:

“As the director of the effort, Vice Adm. John M. Poindexter, has described the system in Pentagon documents and in speeches, it will provide intelligence analysts and law enforcement officials with instant access to information from internet mail and calling records to credit card and banking transactions and travel documents, without a search warrant.” The New York Times, 9 November 2002

To mollify critics, the Defense Advanced Research Projects Agency (Darpa) spokesmen have repeatedly asserted that they are only conducting “research” using “artificial synthetic data” or information from “normal DOD intelligence channels” and hence there are “no U.S. citizen privacy implications” (Department of Defense, Office of the Inspector General report on TIA, December 12, 2003). They also changed the name of the program to “Terrorism Information Awareness” to make it more politically palatable. But feeling the heat, Congress made a big show of allegedly cutting off funding for TIA in late 2003, and the political fallout resulted in Adm. Poindexter’s abrupt resignation last August. However, the fine print reveals that Congress eliminated funding only for “the majority of the TIA components,” allowing several “components” to continue (DOD, ibid). The essential hardware elements of a TIA-type spy program are being surreptitiously slipped into “real world” telecommunications offices.

In San Francisco the “secret room” is Room 641A at 611 Folsom Street, the site of a large SBC phone building, three floors of which are occupied by AT&T. High-speed fiber-optic circuits come in on the 8th floor and run down to the 7th floor where they connect to routers for AT&T’s WorldNet service, part of the latter’s vital “Common Backbone.” In order to snoop on these circuits, a special cabinet was installed and cabled to the “secret room” on the 6th floor to monitor the information going through the circuits. (The location code of the cabinet is 070177.04, which denotes the 7th floor, aisle 177 and bay 04.) The “secret room” itself is roughly 24-by-48 feet, containing perhaps a dozen cabinets including such equipment as Sun servers and two Juniper routers, plus an industrial-size air conditioner.

The normal work force of unionized technicians in the office are forbidden to enter the “secret room,” which has a special combination lock on the main door. The telltale sign of an illicit government spy operation is the fact that only people with security clearance from the National Security Agency can enter this room. In practice this has meant that only one management-level technician works in there. Ironically, the one who set up the room was laid off in late 2003 in one of the company’s endless “downsizings,” but he was quickly replaced by another.

Plans for the “secret room” were fully drawn up by December 2002, curiously only four months after Darpa started awarding contracts for TIA. One 60-page document, identified as coming from “AT&T Labs Connectivity & Net Services” and authored by the labs’ consultant Mathew F. Casamassima, is titled Study Group 3, LGX/Splitter Wiring, San Francisco and dated 12/10/02. This document addresses the special problem of trying to spy on fiber-optic circuits. Unlike copper wire circuits which emit electromagnetic fields that can be tapped into without disturbing the circuits, fiber-optic circuits do not “leak” their light signals. In order to monitor such communications, one has to physically cut into the fiber somehow and divert a portion of the light signal to see the information.

This problem is solved with “splitters” which literally split off a percentage of the light signal so it can be examined. This is the purpose of the special cabinet referred to above: Circuits are connected into it, the light signal is split into two signals, one of which is diverted to the “secret room.” The cabinet is totally unnecessary for the circuit to perform — in fact it introduces problems since the signal level is reduced by the splitter — its only purpose is to enable a third party to examine the data flowing between sender and recipient on the internet.

The above-referenced document includes a diagram showing the splitting of the light signal, a portion of which is diverted to “SG3 Secure Room,” i.e., the so-called “Study Group” spy room. Another page headlined “Cabinet Naming” lists not only the “splitter” cabinet but also the equipment installed in the “SG3” room, including various Sun devices, and Juniper M40e and M160 “backbone” routers. PDF file 4 shows one of many tables detailing the connections between the “splitter” cabinet on the 7th floor (location 070177.04) and a cabinet in the “secret room” on the 6th floor (location 060903.01). Since the San Francisco “secret room” is numbered 3, the implication is that there are at least several more in other cities (Seattle, San Jose, Los Angeles and San Diego are some of the rumored locations), which likely are spread across the United States.

One of the devices in the “Cabinet Naming” list is particularly revealing as to the purpose of the “secret room”: a Narus STA 6400. Narus is a 7-year-old company which, because of its particular niche, appeals not only to businessmen (it is backed by AT&T, JP Morgan and Intel, among others) but also to police, military and intelligence officials. Last November 13-14, for instance, Narus was the “Lead Sponsor” for a technical conference held in McLean, Virginia, titled “Intelligence Support Systems for Lawful Interception and Internet Surveillance.” Police officials, FBI and DEA agents, and major telecommunications companies eager to cash in on the “war on terror” had gathered in the hometown of the CIA to discuss their special problems. Among the attendees were AT&T, BellSouth, MCI, Sprint and Verizon. Narus founder, Dr. Ori Cohen, gave a keynote speech. So what does the Narus STA 6400 do?

“The (Narus) STA Platform consists of standalone traffic analyzers that collect network and customer usage information in real time directly from the message…. These analyzers sit on the message pipe into the ISP (internet service provider) cloud rather than tap into each router or ISP device” (Telecommunications magazine, April 2000). A Narus press release (1 Dec., 1999) also boasts that its Semantic Traffic Analysis (STA) technology “captures comprehensive customer usage data … and transforms it into actionable information…. (It) is the only technology that provides complete visibility for all internet applications.”

To implement this scheme, WorldNet’s high-speed data circuits already in service had to be rerouted to go through the special “splitter” cabinet. This was addressed in another document of 44 pages from AT&T Labs, titled SIMS, Splitter Cut-In and Test Procedure, dated 01/13/03. “SIMS” is an unexplained reference to the secret room. Part of this reads as follows:

“A WMS (work) Ticket will be issued by the AT&T Bridgeton Network Operation Center (NOC) to charge time for performing the work described in this procedure document….
“This procedure covers the steps required to insert optical splitters into select live Common Backbone (CBB) OC3, OC12 and OC48 optical circuits.”

The NOC referred to is in Bridgeton, Missouri, and controls WorldNet operations. (As a sign that government spying goes hand-in-hand with union-busting, the entire (Communication Workers of America) Local 6377 which had jurisdiction over the Bridgeton NOC was wiped out in early 2002 when AT&T fired the union work force and later rehired them as nonunion “management” employees.) The cut-in work was performed in 2003, and since then new circuits are connected through the “splitter” cabinet.

Another Cut-In and Test Procedure document dated January 24, 2003, provides diagrams of how AT&T Core Network circuits were to be run through the “splitter” cabinet. One page lists the circuit IDs of key Peering Links which were “cut-in” in February 2003, including ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, AboveNet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet and Mae West. By the way, Mae West is one of two key internet nodal points in the United States (the other, Mae East, is in Vienna, Virginia). It’s not just WorldNet customers who are being spied on — it’s the entire internet.

The next logical question is, what central command is collecting the data sent by the various “secret rooms”? One can only make educated guesses, but perhaps the answer was inadvertently given in the DOD Inspector General’s report (cited above):

“For testing TIA capabilities, Darpa and the U.S. Army Intelligence and Security Command (INSCOM) created an operational research and development environment that uses real-time feedback. The main node of TIA is located at INSCOM (in Fort Belvoir, Virginia)….”

Among the agencies participating or planning to participate in the INSCOM “testing” are the “National Security Agency, the Defense Intelligence Agency, the Central Intelligence Agency, the DOD Counterintelligence Field Activity, the U.S. Strategic Command, the Special Operations Command, the Joint Forces Command and the Joint Warfare Analysis Center.” There are also “discussions” going on to bring in “non-DOD federal agencies” such as the FBI.

This is the infrastructure for an Orwellian police state. It must be shut down!

Klein Evidence 1

Monday, May 22nd, 2006

Original article here.

This is to serve as a mirror in case the Wired article gets “taken down”:

Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation’s class-action lawsuit that alleges the telecommunications company cooperated in an illegal National Security Agency domestic surveillance program.

These four pages, excerpted by Klein from a 60-page document, allegedly describe AT&T’s efforts to install splitters on internet fiber-optic cables at the company’s San Francisco switching center. Page 2 describes the splitter and lists the equipment at the receiving end of the purportedly tapped lines. Page 3 is a diagram depicting the alleged tap, and Page 4 details connections between the splitter cabinet and what Klein calls a “secret room” housing the equipment.

“Since the San Francisco ‘secret room’ is numbered 3, the implication is that there are at least several more in other cities (Seattle, San Jose, Los Angeles and San Diego are some of the rumored locations), which likely are spread across the U.S.,” Klein wrote.

Page 1 || Page 2 || Page 3 || Page 4

Klein Evidence 2

Monday, May 22nd, 2006

Original article here.

This is to serve as a mirror in case the Wired article gets “taken down”:

Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation’s class-action lawsuit that alleges the telecommunications company cooperated in an illegal National Security Agency domestic surveillance program.

These two pages, excerpted by Klein from a 44-page document, purportedly show AT&T re-rerouting its high-speed data circuits through the splitter cabinet that performs the physics of the alleged wiretaps. The work was apparently overseen by AT&T’s Network Operations Center in Bridgeton, Missouri. “‘SIMS’ is an unexplained reference to the secret room” in which the equipment was stored, Klein wrote.

Page 1 || Page 2

Klein Evidence 3

Monday, May 22nd, 2006

Original article here.

This is to serve as a mirror in case the Wired article gets “taken down”:

Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation’s class-action lawsuit that alleges the telecommunications company cooperated in an illegal National Security Agency domestic surveillance program.

These two pages, excerpted by Klein from another “Cut-In and Test Procedure” document, further illustrate AT&T’s re-rerouting of its high-speed data circuits for surveillance, according to Klein.

Page 1 diagrams the new connection through the splitter cabinet, and Page 2 shows the company phasing in fiber-optic splitters on high-speed links connecting AT&T’s WorldNet to other ISPs, “including ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, Abovenet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet, and Mae West,” Klein wrote. “It’s not just WorldNet customers who are being spied on.”

Page 1 || Page 2

How to do RPM in Ubuntu Linux

Monday, May 22nd, 2006

Why anyone would want to use RPM in a Debian-based system is beyond me, but if apt-get or dpkg isn’t your cup of tea, have at it:

Alternative 1 (dirty, two steps):

$ sudo apt-get install rpm
$ sudo rpm –force-all -ivh PACKAGE.rpm

Alternative 2 (cleaner, four steps):

$ sudo apt-get install rpm alien fakeroot
$ fakeroot alien PACKAGE.rpm
$ sudo dpkg -i package.deb
$ sudo apt-get -f install # will install any dependencies

Media consumption seeing a shift

Thursday, May 18th, 2006

Article here.

“The bill provides no support for net neutrality. The bill does, however, include a provision to authorize the FCC to outlaw digital receivers that record broadcasts. The article states that those receivers would be replaced with devices that treat anything with an audio broadcast flag as copy-protected.”

It seems to me that if the MPAA and RIAA had their way, we wouldn’t listen to music or watch tv at all. At least not in the manner to which we’ve become accustomed.

Why would I bother buying an expensive recorder if it couldn’t record all of the content I might like to record? Why would I watch tv or listen to the radio if I couldn’t later share the experience with friends and family?

And I’m less likely to watch tv in the first place if I can’t share a funny clip with friends later. Take the Simpsons, for example. Say I want to replay a clip of Homer doing something stupid for a friend. But if the MPAA has their way, I wouldn’t be able to do this. Hell, I haven’t even had cable or satellite (or even a pair of bunny-ears) since July of 2004. I have a broadband connection and have access to news sites if I need to see the news, so I’m not missing anything. TV just doesn’t matter much to me any more.

Or take talk radio. Say I’m riding along listening to talk radio when a traffic situation caused me to focus on the road. So naturally, I lost a little bit of context and I’d like to rewind the radio to catch what I missed. Of course, you can’t do this now with a car stereo, nor will you ever if the RIAA has their way.

I’ve noticed that my media consumption habits have changed. It used to be that I would buy several CD’s a year; I don’t think I’ve bought one in the last two years. Yes, I suppose I could easily bypass the copy protection, but why bother. If the record label is such a jerk that they attempt to keep control of what I now rightfully own, then they can keep their shiny plastic and I’ll keep my money. No sense in encouraging scumbags anyway.

And why would I bother paying Hollywood for movies that I won’t be able to enjoy in the future? I have a ton of decaying VHS tapes which I won’t be able to play 10 years from now. And of course, with the DRM on DVDs and thanks to the DMCA, when DVDs are obsolete, you will lose your investment. At least my I could copy VHS to DVD. But how long would that last when the next generation players enforce DRM?

So I’ve kind of given up on Hollywood and Big Music. It seems that they’ve become to wrapped up in their own hubris to realize that crippling content doesn’t add to the value of the product. And yet, their stockholders continue to buy the old mantra, “Piracy is killing our business…” It’s not piracy – it’s lack of value. Why would a consumer buy something they legally can’t own? The **AAs haven’t figured out the American vision of entertainment is much different from their own. Americans:

1. Want to own what they’ve legally purchased
2. Consider ownership to be something perpetual, not “for a limited time”
3. Like to share their culture (tv, movies, music) with others.
4. Like to watch good movies and hear good songs again and again.

By contrast, the RIAA and MPAA envision this model of consumer enjoyment:

1. The consumer pays for the content, but the RIAA/MPAA still owns it.
2. The consumer pays every time they enjoy the content.
3. The consumer re-purchases the content any time the RIAA/MPAA decide a format change is necessary.
4. The consumer only owns the content until it interferes with the profit made by the studio. Witness the industry’s attempts to thwart re-selling used CD’s.

So, even those of us who would be otherwise honest must face a decision:

* We play by the RIAA/MPAA playbook and pay continuously for content we’ve already bought, or
* Forget the RIAA/MPAA and find a different mode of entertainment.

So, is tv relevant anymore? Not when I can’t enjoy it. Same for music and video – I’m enjoying public domain works now and independent stuff that I glean from the Net. Yes, I can afford to pay for my content, but why would I pay if I can’t own it anyway?

The RIAA/MPAA can’t seem to understand that individual ownership and the rights that come with it are a fundamental part of selling content. If you don’t want to give up control, don’t sell the content.