Cyde Weys Musings

I just ran across a level of stupid so off the charts I had to immediately comment on it here lest my inaction unwittingly foster an environment tolerant of such stupidity. Allow me to quote from a post on Linuxforums:

When I say cd’d I mean I used the command cd, to change directory.
So for example say I downloaded and extracted the drivers to the desktop I would open a Konsole window and type:
sudo cd /home/sebmaster/desktop/[folder extracted to]/
(You probably dont need sudo but I have got into the habit of adding it before pretty much everything)

Those of you are familiar with GNU/Linux should see this heaping mound of stupidity for what it is immediately, and will likely find the following explanation superfluous. For the rest of you, here’s a detailed explanation.

There are two distinct nexuses (nexi?) of stupidity inherent in this quote. The first is the notion that sudo, a wrapper program that executes the program passed to it as an argument with root (adminstrator) privileges, will do anything with the change directory command. It won’t. Cd is a shell command; it is not a program. Sudo can’t even find it. The exact error message I get is “sudo: cd: command not found”. And even if cd was a program, using it in this way wouldn’t do anything, since the new working directory would be lost when the sudo subshell terminated. And even if that did work, it still wouldn’t be useful, because there’s no point in setting your working directory to a directory you don’t have access to anyway. You’re still going to need to use sudo with every subsequent command just to get access to those files, so the sudo cp is superfluous; just skip the cd altogether and use a qualified path to the files.

But that’s not even touching on the second (and greater) nexus of stupidity, which is the very-Windows-like mindset that everything should be run as administrator. Saying “You probably dont need sudo but I have got into the habit of adding it before pretty much everything” is like saying “You probably don’t need a live hand grenade but I have got into the habit of carrying one around with me everywhere I go.” Like a live hand grenade, sudo is potentially very dangerous, as the root account has total access to the system (so simple mistakes or security compromises become far worse than they would with mere user account permissions). The mantra to live by is: Never run anything as root unless it is absolutely necessary. As soon as I read that this faithful deliverer-of-the-stupid executes pretty much everything as root out of force of habit, I stood up from my computer, placed my hand over my face, and let out a very long, exasperated sigh. Why doesn’t he just su at the beginning of every terminal session and get it over with?

Oh wait, I probably shouldn’t have said that. He’s probably going to read that last bit, miss all the rest of the content in this post, and think that’s a good idea. “Hey, now I don’t even have to type sudo anymore, because everything I do is always as root!” Yes, even changing directories.

Five days ago, I noticed that the number of hits coming to this blog decreased drastically. Specifically, the WordPress.com Stats plugin showed that my incoming hits from search engines had decreased to nearly zero. And since Google is this blog’s front page, that represented a rather drastic drop in traffic. I was down to just the regulars, those faithful readers who either refresh this blog regularly or are subscribed to the RSS feed (you know who you are). I wondered if I had pissed off the Google gods, and tried to wrack my brain for any bad SEO juju I could have employed.

Two days later, my traffic still hadn’t improved. My visitor numbers were in the doldrums for three straight days. You can imagine how disheartening it is to spend a year and a half working on building up a blog, only to slip backwards by over a year’s worth in traffic numbers. I was starting to foster an irrational hatred of Google. Then I randomly ran across a new WordPress vulnerability in the wild thanks to a link on Reddit. Here’s the description from the linked blog post:

Many sites that are running WordPress blogs have been hacked by a very clever and hidden PHP Injection which is redirecting all requests from Google, MSN, Live, Altavista, Ask, Yahoo, and other search engines and redirecting it to ‘anyresults.net’ a site filled with pay-per-click ads and redirects to other landing pages. This is a very clever trick as visiting a web site either through a direct navigation type in or a bookmark does not display the problem. Only search engine visits are redirected and many site owners are delayed at discovering this problem until they notice huge dips in traffic or revenue stats.

Wow, did that ever sound familiar! And after a quick check, what do you know, my site had been hit by the 0-day WordPress vulnerability described in the linked post. The fix was very simple: remove the offending code from my wp-blog-header.php file. How in the hell it got in there is still unknown. Hopefully WordPress fixes this soon. In the mean time, I’m just keeping a very close eye on my visitor statistics, and I have a pre-exploit backup I can revert to if absolutely necessary. Very thankfully, my visitor numbers have returned to what they were from before the exploit, so it looks like I won’t face any permanent damage.

As you can imagine, I’m a bit peeved at the WordPress folks right now. I’ve complained about the security problems in their software before, and new problems are always being discovered. If you don’t keep on top of WordPress upgrades very regularly — or even if you do, as I have discovered — you can be hit with all sorts of bad stuff. It’s more proof of that ancient pearl of wisdom in computer science: truly secure programs are designed with security in mind from the ground up. You can’t possibly make a program secure by trying to play whack-a-mole with all of the security holes in insecure software. If security wasn’t front and center in your mind from the get go, you can’t fix it later on, as security drives major architecture decisions that are much harder to revisit in mature codebases than simply dashing out another stop-gap security patch.

It really pains me to see how easily we’re letting the terrorists win. We’ve done more damage to ourselves in reactionary blind fear than they ever did to us with their singular large successful attack on American soil. All it took was to have an opportunistic president in power willing to respond to the attack not in an appropriate way, but in the way that maximized his own power.

And so we have to deal with nonsense at the airport every day. It’s not making us safer, but it makes the less smart amongst us feel safer, and it also serves to keep Americans under a “healthy” level of fear. After all, you can be convinced to vote against your own interests if you’re scared out of your mind.

I read a good article in the Washington Post today called “Here’s How America Looks to the World” by Josef Joffe. He covers not only the nonsense that goes on in airports, but also the very real ways in which America is only hurting itself by making it harder for foreigners to visit. In turning into Fortress America, we’re dissuading many foreign tourists and students from coming here, and large international conventions are switching to places like Canada because it’s become so difficult for people to gain even temporary access to the United States.

This article is incredibly important, but unfortunately the Washington Post is one of those backwards newspaper sites that hides content behind a registration wall, so here’s the full text:

Read the rest of this entry »

Last week I traveled from Washington, D.C. to Hartford, Connecticut and then back again on a business trip. I’m also really annoyed at recent Transportation Security Administration (TSA) regulations prohibiting liquids in carry-on luggage, as it’s inconvenient to have to separate everything out into a clear plastic bag, and even then, the total amount you can carry is heavily limited (not even a normal sized tube of toothpaste, for instance). For a business traveler who’s only gone for four days and doesn’t want to risk losing anything in checked luggage, these restrictions are limiting. And they’re not making us safer by any means; it’s really just yet another way in which we’re letting the terrorists win by making us afraid.

So on the return trip, I decided to check out just how stringent the liquids regulations were. Would they really know if I tried to bring a tiny little bit of liquid through the scanner? So I grabbed a single 1 oz bottle of shampoo from the hotel and put it in my luggage, then confidently strode through security.
i
Unfortunately, they did pick up the shampoo, leading to a hand inspection of my luggage. I just played dumb, acting like I didn’t know both that it was even in there and also that it wasn’t allowed. The TSA woman, who wasn’t much older than I am, let me through with the shampoo immediately after finding it (I guess because I’m white and was wearing business attire, hardly the stereotypical terrorist). Funnily enough, the woman in front of me was stopped trying to take back half a dozen mini bottles of shampoo from a hotel. Obviously this kind of thing happens all the time at TSA scanning stations, while as far as we know, no one has ever tried to bring through liquid explosives.

So, yeah, the X-ray scanning machines are indeed good enough to pick up even a tiny bit of liquid, and if the TSA employee manning it is going their job “properly”, you will get your luggage searched. Having abandoned that avenue of search, I don’t know where to proceed next, as there’s no way to get through while wearing shoes or leaving a laptop in a bag (the one time I tried the latter, I ended up getting the laptop swabbed for traces of explosives). And I dare not try to bring a knife through security, both because I don’t want to be arrested and because I don’t want to lose a good knife.

One of the greatest strengths of the laptop, its portability, is also its greatest weakness, as you’ll realize if it’s ever stolen. Even if you maintain good physical security practices, like never letting your laptop out of your sight, there’s always the possibility it can be stolen. If nothing else, there’s the old armed robbery stick-up. And if that happens, all of your valuable personal data is in the hands of the bad guy — stored passwords, saved login sessions, proprietary company secrets, your naughty personal photos, etc. Having a laptop stolen can be worse in terms of your safety from identity theft than having your wallet stolen or your postal mail intercepted.

Luckily, there’s a simple solution to prevent all of this. It’s called TrueCrypt, and it’s Free Software. TrueCrypt supports file, volume, and system level encryption. I’m using system level encryption on my work laptop right now. What that means is that when you first turn on the laptop, you’re presented with a password entry prompt that must be successfully answered before any of the data on the disk can be decrypted. And after you’ve typed in your password, your system appears to be running the same as it always was, except that now all transactions to and from the hard drive are encrypted and decrypted on the fly. As soon as you turn off the computer, nothing on it can be accessed without entering the password again. Just set it up once and forget about it (except when turning on your computer, of course); you don’t have to worry about specifically making sure your data is safe because all of it always is.

Installing TrueCrypt was a breeze. I chose pretty secure settings and it still only took four hours to encrypt my whole drive. The hardest part is choosing and remembering a >=20 character passphrase. It being a passphrase is the key part — trying to remember twenty random characters is hard, but if they have some secret mnemonic meaning that only you know, it’s not bad. And that’s all there is to it. I haven’t noticed any degraded performance caused by TrueCrypt, and I can go on work travel secure in the knowledge that if anyone manages to steal my laptop, all they’ll end up with is the hardware, because there’s no way they’re getting any of the data off it. Unless they steal it while it’s on, of course. That’s what you would use file or volume level encryption for: protecting specific files so that they are only decrypted explicitly when you want them to be and they are safe at all other times, even when your laptop is turned on.

Of course, you can use TrueCrypt on your home desktop as well, but laptops are much more likely to be stolen, so it’s more important that they have TrueCrypt installed on them. If you are reading this and you have a laptop, install TrueCrypt right now. It’s simple to do and safeguarding your private data is worth the effort.

I’ve long had issues regarding Facebook and privacy. In November, I deactivating my Facebook account. It was mostly symbolic, as deactivating your account doesn’t actually do anything; the next time you login, it’s reactivated as if nothing had happened at all. But in the intervening period, I didn’t use Facebook once. Deactivating it was my first step towards getting rid of it completely. And now I’ve taken the next step.

Yesterday, I temporarily reactivated my Facebook account, but only to wipe out all of its contents (which is apparently the only way Facebook will then let you delete your account). It was kind of a sad experience. I had to remove all of my friends from my account and un-tag myself from all of my pictures. Luckily I hadn’t uploaded any of my own. It brought back a lot of memories of fun times from college that in all likelihood will never happen again, such as dorm parties. As I deleted friend after friend, I was stricken by the sad truth that I will never see the majority of these people again in my entire life. Deleting them from my Facebook account, which was severing the only link I had left with many of them, was symbolic and poignant. It had me moping around for a good hour afterwards.

Forget how mechanically hard Facebook makes it to quit (why can’t they have a simple “Delete my account” link like nearly every other site out there, MySpace included?). It’s even harder emotionally to quit. I was only able to do it because I value my privacy so highly, and I don’t like the thought of my personal data being at the whims of a company like Facebook which demonstrably does not value privacy. But the majority of people wouldn’t be able to quit, even if they were concerned with the privacy aspects. Facebook, like a symbiotic parasite, becomes an essential part of your life. It’s a black hole that sucks in many of your social interactions, that you can’t take with you when you leave. All of your messages, contacts, photographs, and other personal mementos stay behind. I regret ever joining.

That’s why Facebook is so insidious. If you must use it, use it only to contact your friends who are hard to contact via other means. But don’t use it for anything else. Use services that respect your rights and allow you to take your data with you. Don’t upload your photographs to Facebook just to show them to friends; use something better. Don’t send PMs via Facebook, send emails. You can always save emails with ease. I wish someone had told me this advice four years ago when I signed up with Facebook, as it would have saved me a lot of the grief I went through yesterday.

To those of you who are looking to quit Facebook but find the thought unfathomable, here is my advice: do it in stages. Use Facebook less and less, and make a conscious effort to transition everything you care about it off of it. Make sure to get non-Facebook contact information on all of your actual friends (IM usernames, email addresses, and cell phone numbers would be a good start). Transition your photographs off of Facebook into a web photo gallery that you are more in control of (something like Flickr or Photobucket would be a start, but hosting it on your own site would be ideal), then stop uploading new photos to Facebook altogether. Don’t use Facebook’s PM feature anymore; use SMS text messages, instant messages, or email instead. And then, finally, pick a date when you are going to leave Facebook for good and announce it on your Facebook profile, giving people time to reach you with any last essential contact information.

Then when the date comes, do the deed and never look back. I’m not going to say it’s easy. In fact, judging by my experience, I would say it’s immensely difficult. But that feeling you get when you’re finally free from Facebook, and all of your social interactions and personal information are yours again, makes it all worthwhile. I was sad yesterday, but I’m happy today, and so shall that feeling continue.

An English teacher working in China helped his girlfriend cheat on her assignments and exams. But then she dumped him, and so he told the university. The case is interesting on its own merits, especially because the ex-girlfriend stands to lose her student visa and may end up deported back to China. But what really caught my attention was this terrible misconception about digital data from the article:

“Fred D’Agostino, the Director of Studies, is investigating and I sent him copies of all the work I had done.

“All of this was in the form of forwarded emails which are all dated.” “I also sent him copies of the files I received via MSN messenger during the final exam and the corrected versions that I sent in return.

“Again, all are dated and timed and cannot be altered or modified in any way as this would show on the documents.”

Apparently this man is under the misconception that data cannot be altered, and the news reporter wasn’t technologically knowledgeable enough to know to point out this claim as nonsense.

All digital data is just composed of ones and zeros, and it can all easily be modified. These timestamps that “cannot be altered or modified in any way” actually can very easily be modified through the use of a simple hex editor, though of course there are non-free programs out there specifically for less technically-inclined people who want to “forge” timestamps. The timestamps in Microsoft Word or even filesystems (e.g. what date the file was last modified) are not cryptographically secure, and thus, they are meaningless. They can be edited with impunity, leaving no trace, and are (or should be) ineligible as evidence in any educated court of law.

Now, if these timestamps had been cryptographically secured, that is another thing entirely. One way to do this would be to have a central trusted authority that uses public-key cryptography to sign timestamps. Anyone could submit a file and have the central trusted authority concatenate it with a current timestamp and then sign it with the authority’s private key. Using the public key, anyone could verify that a timestamp was accurate, but because they wouldn’t have access to the private key, they wouldn’t be able to forge a timestamp. This timestamp authentication protocol would work so long as the central authority remained trusted. Of course, the downside is that if the central authority is ever compromised and someone obtains the private key, then all signed timestamps would become worthless, because any arbitrary timestamp could be signed with any document.

I’m sure there’s a better protocol to do this that wouldn’t retroactively destroy the validity of all past timestamps in the event of a compromise, I just can’t think of what it would be right now. But as you can see, any sort of cryptographically secure timestamp verification is much more complex than anything that Microsoft Word or any email systems are doing. I cannot even imagine the extra computing overhead that would be imposed by including cryptographically secure timestamping on every file and every email. Most people would not suffer such a thing for so few benefits.