Domain: oblomovka.com
Stories and comments across the archive that link to oblomovka.com.
Comments · 13
-
Re:Ok you've got my attentionHere is a better explanation of what happened by Danny O'Brien (http://twitter.com/mala)
---- posted in verbatim for
/. proof ----Theres been a lot of alarming but rather brief statements in the past few days about Haystack, the anti-censorship software connected with the Iranian Green Movement. Austin Heap, the co-creator of Haystack and co-founder of parent non-profit, the Censorship Research Center, stated that it had halted ongoing testing of Haystack in Iran; EFF made a short announcement urging people to stop using the client software; the Washington Post wrote about unnamed engineers who said that lax security in the Haystack program could hurt users in Iran.
A few smart people asked the obvious, unanswered question here: What exactly happened? With all that light and fury, there is little public info about why the worlds view of Haystack should switch from it being a step forward for activists working in repressive environments that provides completely uncensored access to the internet from Iran while simultaneously protecting the users identity to being something that no-one should consider using.
Obviously, some security flaw in Haystack had become apparent, but why was the flaw not more widely documented? And why now?
As someone who knows a bit of the back story, Ill give as much information as I can. Firstly, let me say I am frustrated that I cannot provide all the details. After all, I believe the problem with Haystack all along has been due to explanations denied, either because its creators avoided them, or because those who publicized it failed to demand one. I hope I can convey why we still have one more incomplete explanation to attach to Haystacks name.
(Those whod like to read the broader context for what follows should look to the discussions on the Liberation Technology mailing list. Its an open and public mailing list, but it with moderated subscriptions and with the archives locked for subscribers only. Im hoping to get permission to publish the core of the Haystack discussion more publicly.)
First, the question that I get asked most often: why make such a fuss, when the word on the street is that a year on from its original announcement, the Haystack service was almost completely nonexistant, restricted to only a few test users, all of whom were in continuous contact with its creators?
One of the things that the external investigators of Haystack, led by Jacob Appelbaum and Evgeny Morozov, learned in the past few days is that there were more users of Haystack software than Haystacks creators knew about. Despite the lack of a public executable for examination, versions of the Haystack binary were being passed around, just like unofficial copies of Windows (or videos of Iranian political violence) get passed around. Copying: its how the Internet works.
We were also told that Haystack had a centralized, server-based model for providing the final leg of the censorship circumvention. We were assured that Haystack had a high granularity of control over usage. Surely those servers could control rogue copies, and ensure that bootleg Haystacks were exc
-
Since the article is mostly content-free
Here are some links:
http://neteffect.foreignpolicy.com/posts/2010/09/09/one_week_inside_the_haystackhttp://jilliancyork.com/2010/09/13/haystack-and-media-irresponsibility/
http://calixte.tumblr.com/post/1120185415/no-more-haystack - Lead Developers resignation Letter
http://www.oblomovka.com/wp/2010/09/14/haystack-vs-how-the-internet-works/
-
Re:Sense of humor...
Actually, they are probably doing this for additional leverage if they choose to litigate. Recall the "Anti-Spam Haiku" - a copywrighted poem inserted into email headers to provide grounds for legal action if spooofed. More here: http://www.oblomovka.com/writing/habeas:_the_anti
s pam_haiku.php3 -
Yes, they had consultants. I was one of them.
I first got a mail from Graham Linehan back in August of last year (he'd been given my details by Cory Doctorow - okay, not much more namedropping, I promise) and I jumped at the chance to help out - Father Ted and Big Train are two of my favourite-ever TV comedies.
He sent the scripts and I eventually sent a couple of notes back with a couple of minor corrections, but I really didn't need to do much at all; the humour in the show comes from really good character comedy, and the IT aspect is (quite rightly, IMHO) just a sideline thing. Roy and Moss bear slightly more resemblance to real-world sysadmins than Ted and Dougal do to real-world priests, but only slightly. As with Ted, the joy is in exggerating the silliness of the situations.
It was in building the set that the fun really started, and I need to get Sean to participate in the thread here as I recommended him for the job of gathering as much fun techie crap as possible as well as looking after the on-set PCs. Having visited the set once, I can tell you he did a fantastic job. There are so many wonderful little references and rare bits of kit lurking in the messes (British geeks in particular are in for a treat). Plus, thanks to Danny, there are EFF stickers everywhere.
Make sure to tape/TiVo/torrent it - it's a great show, fun and silly, with lots of easter-egg treats for geeks. -
The network effect
The value of LJ is in the network; the possibility of using social-network data to authenticate users and have private posts without all of the readers needing a separate password for your blog. The true value of this is in restoring the private register (which is present in private conversations in real life, but absent in anything placed on the world-accessible, searchable web).
The problem is that each site has its own set of users and accounts used for such authentication. Thus there is little value in signing up for any service but the one all your friends are on, and the dominant service (i.e., LJ itself) is the one most likely to have people you know on it. If that goes (or is compromised), social networks will be fragmented into (a) those who stay behind with the new SixApart service, (b) those who go to DeadJournal, (c) those who go to GreatestJournal, and (d) those who say "sod this", switch off the computer and get a real life. -
Re:What?Any idea how many or which ports/services you need to have open on a remote UNIX (i.e., Solaris) client to run, say a shell script this way?
If you are referring to "using VNC" when you say "this way", you need 5900+N open, where N is the VNC server you're running, open to run it natively.
Alternately you can tunnel it over, for instance, ssh, and then you only need 22 open.
To be really sneaky, you can tunnel SSH over DNS, in which case you need 53/UDP open. (PPT slides: http://www.doxpara.com/bo2004.ppt).
Verdict: If you have an open port, you can run whatever you like to it.
-
linkageIf you were wondering what this is all about... Annalee Newitz (with two N's) is the author of a regular print-media column called "Techsploitation", of which this story was an example. More on that: http://www.techsploitation.com/writing/ http://www.alternet.org/alsoby.html?Author=2188 More about CodeCon: http://en.wikipedia.org/wiki/CodeCon http://www.codecon.org/2004/ http://www.oblomovka.com/search.php3?q=%3Cspan%20
c lass= http://www.financialcryptography.com/mt/archives/0 00050.html The Schmoo Hacker Group: "The Shmoo Group is a non-profit think-tank comprised of security professionals from around the world who donate their free time and energy to information security research and development." http://www.shmoo.com/ Wi-Fi Remains a Work in Progress A latte, a Wi-Fi link and a hacker Wireless network worries? Get a dog! "Need To Know" (a zine in fixed-width font, the way god intended the net): http://www.ntk.net/ Ken Schalk, yo-yo hacker, is the author of Vesta: "Vesta is an advanced system for source code control, versioning, configuration management, and building. It is an alternative to CVS+make." http://freshmeat.net/projects/vesta/ http://sourceforge.net/project/shownotes.php?relea se_id=156198 Sparky's http://www.milkycat.com/toiletree.htm Jonathan Moore evidentally did a bunch of wifi networking down in Santa Cruz, and is the author of the MobileMesh software http://wiki.haven.sh/index.php/WikiWikiWan Jonathan Moore's CodeCon presentation was about: "Hacking Social Networks part II (Don't search private data)" http://more.theory.org/archives/000110.html#more Science Magazine is put out by the AAAS, and does great in-depth coverage of general science (and insanely detailed minutia about biology): http://www.sciencemag.org/ Placebos http://placebo.nih.gov/ Oh, and about "GenToo 2004": http://www.gentoo.org/news/20031203-news.xmlHeh... note the email address Annalee Newitz is using here... she evidentally creates a new mail alias for every column: sugarpill@techsploitation.com
Ah, slash ids pushing a billion and whining about what a sewer it's become...
-
Power Your Computer by Exercise Bike
There's an organization working on stationary bike-powered computers with Internet access for rural areas without electricity. I see no reason the same concept can't be used to save power costs and keep in shape on this side of the pond.
-
Re:Who initiated?It's my understanding that it was initiated by the locals, who asked for access to information and knowledge about stuff like crop prices.
I wrote a bit about this in my Irish Times article on the project:
Farmers will be able to monitor the price of crops in the town markets, negotiate group purchases with the other villages, and make business deals without having to spend days travelling away from the farm. And families will be able to make direct contact for the first time with the Laotian Diaspora - relatives who've left the war-torn area to earn money in the capital of the country, and beyond.
Cheap technology like this, dropped into the very poorest of countries, may provide a chance for these nations to leapfrog into the digital revolution.
Of course, there'll always be someone who'll argue that providing this kind of technology to the least developed countries of the world is missing the point: that we should, as Bill Gates said recently, be spending our money instead on medical and food projects. And, of course, everyone involved in the Jhai project suggests we should do that too. But it's notable that it was the rural villagers themselves who asked for ways to communicate and gain knowledge, not the foundation.
Info about donating via Paypal here. -
Re:Who initiated?It's my understanding that it was initiated by the locals, who asked for access to information and knowledge about stuff like crop prices.
I wrote a bit about this in my Irish Times article on the project:
Farmers will be able to monitor the price of crops in the town markets, negotiate group purchases with the other villages, and make business deals without having to spend days travelling away from the farm. And families will be able to make direct contact for the first time with the Laotian Diaspora - relatives who've left the war-torn area to earn money in the capital of the country, and beyond.
Cheap technology like this, dropped into the very poorest of countries, may provide a chance for these nations to leapfrog into the digital revolution.
Of course, there'll always be someone who'll argue that providing this kind of technology to the least developed countries of the world is missing the point: that we should, as Bill Gates said recently, be spending our money instead on medical and food projects. And, of course, everyone involved in the Jhai project suggests we should do that too. But it's notable that it was the rural villagers themselves who asked for ways to communicate and gain knowledge, not the foundation.
Info about donating via Paypal here. -
Re:Yay, more drive-by spam.
Actually, the scum of the network aren't taking advantage of wireless networks. There are, as we speak, no reports of drive-by spamming in the wild. The article you reference claims to have such evidence, but it was a ZDNet journalist distorting what he heard from an expert. I know, I asked the expert.
I'm not saying drive-by spamming is not a theoretical possibility; I'd argue that there are a number of reasons why you won't see it in widespread use. Firstly, it's no harder to create a throwaway AOL account and spam from there. Secondly, one of the reasons why spamming is so prevalent is because it's entirely anonymous: sitting in front of someone's house hoping they don't spot you streaming through their network simply isn't. A lot of people really hate spammers; it's easy for spammers to laugh at their hatred from their own homes. It's a lot harder when they're sitting in a car, hoping you're not going to leap out with a baseball bat and explain a few things to them.
I understand your concerns about this hypothetical behaviour. But as someone who runs an open network, regularly uses other's open networks, and realises that security is more than just throwing up some foo around the LAN perimeter and hoping no-one gets through, I think it's a distraction from the real problems we have now. -
Re:I'm afraid to Slashdot a great site, but...
-
Re:I'm afraid to Slashdot a great site, but...