The WikiLeaks Conspiracy ?

 Computing, Media, Politics  2 Responses »
Dec 082010
 

If anyone has been following the news closely over the last few days, they will be aware of the attempt that the Swedish authorities are making to extradite Julian Assange to face an assortment of sex charges including rape. Even by itself, there is enough suspicion about the timing of this given previous history of the charges to cause any neutral observer to wonder just what is going on here.

For those who have not dug into the details, the charges were first investigated in August 2010 and then dropped before being re-opened. All the while Julian Assange was either in Sweden, or willing to talk to the prosecutor although not prepared to travel to Sweden at his own expense. The escalation to a request for extradition was unfortunately timed happening at the same time as the latest WikiLeaks (linking to a mirror as the main site is mysteriously down) publications.

By itself it is just about enough to cause a sensible to person to say to themselves … “I wonder … Nah!”, but there are other things happening to WikiLeaks.

WikiLeaks appears to be under a continual distributed denial of service attack where many computers are used to send traffic to the WikiLeak servers. There are two sets of servers involved in hosting the WikiLeaks sites – the actual web servers themselves, and the DNS servers hosting the name.

In the case of the web servers, the servers were first moved to the Amazon cloud service in the middle of a denial of service attack – so Amazon can hardly complain about this as it was known about at the time. Yet after less than a week, the site was booted off the Amazon cloud without a public explanation. The suspicion is that political pressure was brought to bear especially given one of the earliest statements about the issue was from a certain Joseph Lieberman – a US Senator.

WikiLeaks then went to a French hosting company – OVH – who have stated that they will honour their contract. Presumably providing that the French courts do not insist that they terminate the contract, which is possible given that the case is under review.

Separately to this, the Wikileaks domain (or “name”) has itself been under attack. Large scale distributed denial of service attacks took place against the EveryDNS infrastructure servers that provide the name wikileaks.org, and every other name hosted by the same infrastructure. EveryDNS took the step of terminating their domain hosting. As of now, the domain wikileaks.org is not available via the DNS servers I run, indicating that either they have not found another hosting company for the name, or their alternative arrangements are under sufficiently serious attack.

Those are the technical attacks.

In addition, a number of financial companies have frozen WikiLeaks accounts preventing funds from being used, or donations being made – PayPal (who admit that their decision was influenced by the US Government) and Mastercard amongst them.

Add all the attacks together and you start to think that there is some kind of conspiracy behind all this – perhaps the US government is waging cyberwar against WikiLeaks. It is almost certain that they have this capability and there are indications that they are annoyed enough with WikiLeaks to do this.

However it is still more probable that this is a combination of :-

  1. Annoyed US (and possibly other) “hackers” making denial of service attacks against the WikiLeaks infrastructure and the associated infrastructure.
  2. Various commercial organisations deciding that it is too much hassle to “help” WikiLeaks and deciding to terminate their contracts.

Probably the harshest criticism should be directed at PayPal who have just said in a TV interview that they received advice from the US State Department that the WikiLeaks site was probably illegal under US law. Well the opinion of a government in a free society should not be enough to condem an organisation, and the directors of PayPal could deservedly be called chickenshit arse-lickers for their actions.

Perhaps you do not believe that WikiLeaks is in the right here. I’m not entirely sure myself – leaking US diplomatic cables is one thing, but perhaps publishing a list of potential targets the US government feels are critical to its security was a step too far. But there is a bigger issue here than “merely” WikiLeaks itself. We are seeing a situation where a website that has not been condemned for their actions in any court of law has been pushed around and to some extent off the Internet by the actions of a few – both people engaged in illegal activities (denial of service attacks) and people making commercial decisions (terminating contracts).

Imagine if you will, this website is something controversial in a country that is considered a pariah by most of the world – Iran perhaps; perhaps they publish allegations with evidence of widespread government crimes and corruption. Iran and supporters of Iran undertake to destroy that website with “cyberwarfare”. Wouldn’t we want that website to be protected in some way ? Perhaps you are thinking that Iran doesn’t have the resources to undertake such an attack; well think again. Many of the largest botnets capable of carrying out widespread denial of service attacks are under the control of organised criminals (spammers) who have less resources than any government – it takes little more than a spotty teenager in a basement to control tens of thousands of compromised machines and target whatever they like.

In such a situation, it would seem to make sense to provide a hosting service of last resort. Presumably a volunteer effort as it would have to be immune to commercial interests, and presumable massively parallel to ensure that there are many servers providing service so that a distributed denial of service attack would fail to hit everywhere.

Lastly, the US reaction to WikiLeaks seems to me to be a little over the top. And I am not talking about the lunatic fringe who are likely to jump and down screaming at the slightest criticism of the US, but at more respected figures. Some of the reactions verge on coming close to events such as the Fatwwā against Salman Rushdie way back in the 1980s.

For example :-

  • Jeffrey T Kuhner wrote in an editorial in the Washington Times that Julian Assange should be treated “the same way as other high-value terrorist targets” and be assassinated.
  • Gordon Liddy has suggested that Julian Assange should be added to a “kill list” of terrorists to be assassinated without trial.
  • Mitch McConnell has called Julian Assange a “high-tech terrorist”.
  • Newt Gingrich has stated “and Julian Assange is engaged in terrorism. He should be treated as an enemy combatant.”. Well it would be a start to treat any terrorist as an enemy combatant (the US doesn’t as enemy combatants have rights).

Calling for the assassination of Julian Assange is no better than a radical Islamist calling for the assassination of Salman Rushdie – we’re supposed to be better than the knuckle dragging fundamentalists frothing at the mouth. Seems that some in the US aren’t. A reminder to those people – we supposedly live in countries where the rule of law is supposed to be followed, and nobody has tried and convicted Julian Assange of anything in relation to WikiLeaks.

As for calling Julian Assange a terrorist, that is blatantly ridiculous. However annoyed you may be with him, none of his actions equate to driving a truck packed with explosives into a crowded shop entrance, or hijacking a plane and flying it into a large city killing thousands. Even if any information published by WikiLeaks has led to the death of anybody (and nobody has managed to demonstrate this – merely raised ill-founded concerns about the possibility), the responsibility for those deaths belongs to those carrying out the killings and not WikiLeaks. At most (in such circumstances), WikiLeaks might be guilty of incitement to murder – and in a much less obvious way than those calling for the head of Julian Assange to be delivered to them on a platter.

The US is beginning to look like the fool in all of this – their information security is a joke, and their reaction to their inability to keep secrets is to shoot the messenger in a way that makes them look no better than those rogue regimes they complain so much about.

The Move To ArchLinux

 Computing  No Responses »
Nov 202010
 

For some time now, I have been contemplating switching Linux distributions on my main workstation from Ubuntu to something a little less … user friendly ? Or perhaps that should be a little more Unix geek friendly. The distribution I chose was ArchLinux for a variety of reasons. If you come across this blog entry looking for a solution to a problem, it may be worth reading through in case the solution appears later on – this is long, and searches may “hit” on something later on.

First of all, let me point out there is really nothing wrong with Ubuntu for most users. It is a pretty useful distribution that is pretty good for the kind of users who have never compiled their own kernel. Nothing wrong with that, but it seems that Ubuntu is gradually becoming a little trickier to use for those of us who prefer to customise their desktop environment with something like Enlightenment – it seems that Ubuntu is really intended for those who want the Ubuntu way.

Nothing wrong with that, and I’m intending to keep running Ubuntu on my netbook. However I wanted a little more control for my main workstation. And what with an SSD to install as a new boot device, it seemed like a good time to try out ArchLinux especially as I could reboot into Ubuntu if things looked bad. As it happens I haven’t needed to do that! This blog entry is going to get quite long as a place to record my notes on getting ArchLinux to do the things I want, and will grow over time.

The Install

I downloaded the core install image rather than the net install image – not for any good reason as I have done test installs from the net install image and it works well. After installing the SSD into my workstation (stuck to the bottom of the case with duct tape – I should really get a 2.5->3.5″ disk tray), I changed the boot order of the disks in my BIOS to boot from the SSD first. This was perhaps not the best idea as it made things a little trickier later, but it’s workable if you are prepared to juggle disk names (both Linux ones and BIOS/Grub ones).

First for the boring bit :-

  1. Booted off the install CD
  2. Selected CD as source
  3. Set Europe/London as timezone
  4. Set hwclock as UTC
  5. Prep hard drives-
    1. Manually configure hard drives
    2. Partition /dev/sdc (the SSD – identified by the fact it was empty)
    3. Created 256Mb partition /dev/sdc1 (for /boot)
    4. Created partition with the rest of the space /dev/sdc2 as LVM
    5. Manually configure block devices
      1. By device name
      2. Created /boot on /dev/sdc1 as ext2
      3. /dev/sdc2 becomes Volume Group
      4. / as XFS (16G)
      5. /var as ResierFSS (4G)
      6. swap (4G) – Although I have a tendency to forget this one!
      7. /opt as XFS (4G)
      8. /tmp as ReiserFS (4G) – perhaps a bit too big.
  6. Select Packages
    1. Select Base + Development.
    2. Pick random additions that look like they might be useful (note that it may be necessary to pick all of the various mkinitcpio variations as I did that on the later attempts).
  7. Install Packages
  8. Configure System
    1. Select ‘vi’ as editor
    2. Made the following changes to rc.conf
      1. UseLVM=yes
      2. HOSTNAME=scrofula
      3. eth0=”eth0 10.0.0.18 netmask 255.255.0.0 broadcast 10.0.255.255′
      4. gateway=”default gw 10.0.0.254″
      5. ROUTES=(gateway)
    3. Made the following changes to mkinitcpio.conf
      1. BINARIES=”/sbin/lvm”. This shouldn’t be necessary, but at one point I ended up with a miniroot shell which was unable to mount the root filesystem and with no LVM present, I couldn’t see what was wrong! This error could be related to the raid problems detailed below, but adding this won’t cause any harm.
      2. HOOKS=”base udev autodetect scsi sata lvm2 filesystems”. Note that “raid” is suggested as necessary for software RAID; that turns out to be incorrect as discovered later. Although I needed software RAID to mount my /home, I left that for later after putting raid in here gave errors)
    4. Made the following changes to resolv.conf
      1. search inside.zonky.org
      2. nameserver 10.0.0.12
    5. Made the following changes to mirrorlist
      1. Select something from “Great Britain”.
    6. Set root password.
    7. Done
  9. Install Bootloader
    1. Grub
    2. Installed to /dev/sdc! This is because although the SSD is the third by address, it is also the first boot device in the BIOS.

This didn’t work the first time around. Firstly grub wasn’t setup properly as it wanted to boot the next stage from (hd2,0) which would be one of the hard disks rather than the SSD, as at this point the BIOS is still in charge (more or less). This was easily fixed on a temporary basis by editing the boot setting at the menu, and later on a more permanent basis by editing /boot/grub/menu.lst.

Secondly the first couple of times around, I found myself in what I term the “miniroot shell” which is the shell you get when the Linux install fails to mount the root filesystem. The only hint I had here was that a) it couldn’t mount the root filesystem, and b) the binary /bin/lvm was not present. On the third or fourth attempt (my notes aren’t sufficiently accurate) I managed to get past this stage by excluding the raid “hook” and including the /bin/lvm binary in the mkinitcpio configuration file.

It would seem that at some point ArchLinux has changed the “hook” name from raid to dmraid and some instructions out there still refer to the hook as “raid”. My fault for not checking closely enough with enough sources! But there’s no harm in the ArchLinux people configuring both names – probably just a case of setting up a hard link somewhere!

Post-Installation

With a distribution such as ArchLinux, the easy part is the installation; things get a bit trickier with the post-installation configuration. This is simply because to allow you to do things your way, it needs to leave things alone and let you do your stuff. In other words this lack of default configuration is a feature and not a bug!

The first thing to so after a core install (and probably a net install too) is to perform a full update :-

pacman -Suy

The “pacman” tool is of course the ArchLinux package management tool. This operation sits somewhere between a normal Ubuntu package upgrade and a full Ubuntu distribution upgrade. ArchLinux does not have distribution versions in the same way as Ubuntu – whilst the installation media is undoubtedly upgraded from time to time, once actually installed the command above will perform both upgrades to apply necessary fixes, and upgrade packages when new versions come out.

This can lead to some surprises from time to time of course, but there is also never quite the same level of shock that comes with a distribution upgrade.

In any case, I needed to run the command twice as pacman itself needed an upgrade.

After doing that, I set CONSOLEFONT in /etc/rc.conf to “sun12x22.psfu” to improve the appearance of the console, although there are another couple of fonts based on that font that may well be a better choice. Later I used the “consolefont” hook to set the console font at an earlier stage during the boot process – which is neater; however you should specify the font without the file extension – “sun12x22”, and of course add “consolefont” to the HOOKS variable in /etc/mkinitcpio.conf.

I also edited /boot/grub/menu.lst to change the line that specifies what kernel to load and it’s options :-

kernel /vmlinuz26 root=/dev/mapper/ssd-root ro vga=775

Specifically adding the “vga=775″ to the end of that. This makes the appearance of the console not quite so overwhelming on a 30” monitor!

Also added “dmraid” to the HOOKS variable in /etc/mkinitcpio.conf although reading more documentation hints that the right hook is actually “mdadm”. Run mkinitcpio -p kernel26 to update things.

Rebooted to verify that things are still working. Plus check that the CONSOLEFONT was ok, and that the old volume group:sys was visible.

Updated Spam Report

 Computing  No Responses »
Nov 182010
 

I have been running a script to do some basic statistics on the spam I receive for many years now, but I recently spotted that it wasn’t being updated. After having updated my workstation to ArchLinux, I spent a little time getting it to work again.

Incidentally the reason the spam report wasn’t being updated on the main website was that the script to collect it was trying to pick it up from a workstation that is now running OSX – it’s been that long since I checked it was working! However most of the time was spent getting it to work with Python 3, which has a few changes from Python 2 which makes very basic scripts likely to fail.

However it is now working again, so if you are still curious, you can read it here.

The Toshiba Folio 100 Android Slate

 Computing  4 Responses »
Nov 062010
 

Well it’s here! An android slate that is – something I’ve been after for quite a while. And it turns out to be a Toshiba Folio 100. Perhaps not the best picture, but at least it hasn’t been stolen :-

55585

Hardware Thoughts

Supposedly some people thinks it feels cheap, well I can say it doesn’t. Admittedly there is a fair amount of plastic involved in the case, which is perhaps where the thoughts come from but it’s pretty good plastic. Perhaps it compares a little unfavourably with the Apple iPad or iPhone4, but for a half plastic device it’s not bad at all. The back is textured plastic which is perhaps a slightly dated design feature, but it does mean the slate feels less likely to slip out of your hands – that iPhone experience of the slick metal and glass (for the iPhone4) and slick plastic (for earlier iPhones) feels good out of the box, but most people end up sticking it inside a case and the need to feel it securely in your hands is at least part of the reason for the case.

The back is slightly smaller than the front, which makes it look a tad slimmer than it really is, but the thinner edge makes it easier to hold onto the device. The 25cm screen sits within a larger area leaving a 2cm border around the device. Again a slightly dated design feature, but it does mean that when you hold it with your thumb on the top surface for a more secure grip, you don’t obscure any part of the screen.

The top of the bezel holds the tiny lens for the built-in webcam and a hole for the microphone. The right edge holds in order, a battery/power light, and a series of four touch sensitive buttons which are quite possibly just sensitive areas of the touchscreen – the LCD panel doesn’t extend to the edge of the device, but the glass of the touchscreen does. The top edge holds the only physical buttons – an on/off switch, and a volume control rocker switch. The on/off switch feels a little loose, which isn’t good, but the volume buttons seem to work fine.

Connectors can be found on the right edge and bottom edge with some covered by rubber covers. After having seen so many devices that recharge through a USB connection, it seems oddly old-fashioned that Toshiba have included a conventional powerbrick to plug into an old-style proprietary power-jack. This is one place where being dated is not good – why not use the USB ports for power like everyone else ?

Without commenting on the software (yet!), in use the device works pretty well. The screen is nice and clear; the touchscreen is pretty responsive and accurate although there’s always room for improvement. The only oddity is those touch sensitive buttons on the right – they sometimes seem reluctant to activate. Of course the screen is both reflective and subject to getting greasy fingerprints on it.

The Software

Before I start making any comments, please be aware of two things that may influence my comments :-

  1. I haven’t used an Android device before so I won’t be aware of how this device compares in use to other devices. Plus of course nobody (according to Google) is supposed to be using the current Android builds for tablets!
  2. My home Wifi network is especially flaky so some problems may have been down to this.

The Toshiba may be running Android 2.2 but it isn’t quite the full Google experience – there are no Google applications, and the real Android Marketplace isn’t there. Of course Toshiba has bundled in some applications to get started with, including it’s own Marketplace application, but it would be nice to have a choice. What is missing from the bundled applications is a map viewer (admittedly this would have to be manually driven given the lack of a GPS unit, but even so), and a game or two. It may also be sensible to have a more obvious “widget” on the home screen(s) to lead into a quick overview of the device. And please explain the different power lights in that quick overview!

The Marketplace. Well it looks fine at first glance, but is a little flaky in operation. It is subject to frequent crashes, and there doesn’t seem to be a whole lot in it – for instance where is the Kindle app? And what there is in there seems to be very haphazardly arranged with some rather startling choices of categories.

Ok, perhaps Toshiba have restricted apps to things that will work well on the Folio which would explain the limited numbers. Well, no. At least two of the apps I downloaded turned out to restrict themselves to a phone-sized display which looks very silly. I could understand that sort of thing on the main Android Marketplace as Android slates are so new, but in Toshiba’s “walled garden” ?

The photo above shows that at least some applications originally written for a phone-sized display work “correctly” on the larger screen of a slate, although perhaps resulting in a somewhat humorous result. Although I can imagine some people would find calculators with such big buttons useful. What Toshiba needs to do is :-

  1. Debug their marketplace app so it doesn’t crash (and doesn’t have so many issues with long lists of apps!).
  2. Restrict apps in their marketplace to those apps that work well on the Folio, and categorise them much more carefully.
  3. Allow the use of the standard Android Marketplace – perhaps with the addition of a quality warning screen. Or indeed with an option in the settings to allow it’s use.

Despite claims that this device supports Flash, the Youtube experience shows that it isn’t quite there yet – you get a screen saying you need to upgrade your version of Flash. There was a slip of paper put into the box telling me to check the Toshiba Multimedia website for a Flash download, which doesn’t seem to be there. But why can’t the Flash update be included into the standard update mechanism ? This all has the feel of a slightly rushed product. In some ways this is fair enough, providing that there are frequent updates online (through the “Toshiba Service Station”).

Over a few days, my initial impression of it being a little rushed have been reinforced – there after frequent crashes of the Toshiba applications, and the system has a habit of slowing down to a crawl from time to time. The only update that has been provided so far has been to the Toshiba Marketplace application – which didn’t come through the “Service Station” app, and that has made things worse. Now there are no applications available at all!

Apparently Dixons have gotten so many returns, that they are effectively refusing to sell any more (see the article from The Register). Toshiba needs to buck up it’s ideas pretty quickly here. Even if it is just an update to :-

  1. Provide the standard Marketplace application.
  2. Provide an option to remove all of the added Toshiba applications.
  3. Provide an explanation that the Toshiba branded applications are being temporarily removed for quality issues.

At the very least they need to send out a message either on the device itself, or via an email to urge customers to apologise, be patient and announce expected dates when updates will be provided.

Final Words

Well, even after the long awaited update the Toshiba software was still sub-standard. The best option for anyone who hasn’t lost patience and returned their Folio is a community-hacked up ROM.

 Older Entries  Newer Entries