JaBbA's Hut

I've been using rsync over ssh to copy changed files from one linux host to a backup. This works fine for moving files in one direction, but not to synchronize files that may be changed on either host. It also required that I be logged on so my ssh-agent would provide the password for the ssh connection. This prevented automated synchronization. So I wanted to find a solution that would:

- Allow me to make changes on either host
- Run automatically
- Maintain security

The solution was unison and a few tricks with OpenSSH public key authentication. More after the break....

Arthur C. Clark, Scientist, Author, Visionary, died in Sri Lanka at the age of 90.

Rendezvous with Rama was the first "real" science fiction book I ever read. My mother had picked it up in an airport and I found it on a table. That was it, I was a science fiction fan from then on.

Later, I discovered Clarke's laws:

1. When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.
   
2. The only way of discovering the limits of the possible is to venture a little way past them into the impossible.
   
3. Any sufficiently advanced technology is indistinguishable from magic.
   

The world lost a great light today.

Bruce Schneier posted an article today on the false dichotomy between Security vs. Privacy:

If you set up the false dichotomy, of course people will choose security over privacy -- especially if you scare them first. But it's still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." It's also true that those who would give up privacy for security are likely to end up with neither.

The American people have been bombarded with so much fear and anxiety that they have stopped thinking. And, unfortunately, for many people that's the way they like it. But I take some heart from the freefall of Rudy "9-11" Guiliani in the Polls - given enough time, people finally started looking at something other than his constant fear speech, and didn't like what they saw. He miscalculated, thinking that the security message could last almost 2 years. It's not that people are beginning to wake up - I think it's more that they have become habituated to the constant drumbeat that they are able to look past it.

But Schneier's right - security comes before social issues like privacy on Maslow's Hierarchy of Needs. We have to get over the fear before we can worry about civil liberties - and that's what the government is counting on. But there is a way - and that is to get people to fear the loss of privacy. Unfortunately, balancing fear of government intrusion against complete paranoia is difficult - and it's much easier to make people fear a violent attack.

This may be why I'm attracted do Obama's message of hope. If we can look forward to a future where we don't see enemies all around us, we can be more cognizant of the importance of personal liberty. I am beginning to believe that Obama sees that future and wants to lead the country there.

JaBbA says check it out.

I don't know why it struck me, but if I could find a radio station that had a playlist like the random play function on my MP3 player, I'd probably listen to radio more. I just didn't feel like listening to NPR this morning on my ride in, so I set the player to random play, and it came up with this soundtrack for my morning:

(Nothing But) Flowers, Talking Heads
Now That I Can Dance, Funk Brothers
Hot Fun In The Summertime, Sly And The Family Stone
Little Wing, Stevie Ray Vaughan
Baba O'Reilly, The Who
She's A Rainbow, The Rolling Stones
Manic Depression, Jimi Hendrix
Anybody Seen My Baby, The Rolling Stones
Traveling Riverside Blues, Eric Clapton
Dead Flowers, The Rolling Stones

The newly-rebranded TruTV (nee CourtTV) is starting a new reality series, but instead of following Police Detectives, or Ghost Hunters, this time it's following a team of penentration testers!

This verite action series follows Tiger Team "a group of elite professionals hired to infiltrate major business and corporate interests with the objective of exposing weaknesses in the world's most sophisticated security systems, defeating criminals at their own game. Tiger Team is comprised of Security Audit Specialists Chris Nickerson, Luke McOmie and Ryan Jones who employ a variety of covert techniques - electronic, psychological and tactical - as they take on a new assignment in each episode."

The first show is December 25th at 11:30pm.


UPDATE TruTV now says it was a special, and will not be made into a series. I heard from someone who was working with the team that there was a lot they just couldn't show, so it was probably too difficult to make it a series. Nevertheless, the Car Dealership break-in is online at TruTV's website (important point - it's amazing what a skilled researcher can find out from someone's trash), and if you can find the Jewelry dealer show, it's a fantastic example of how social engineering and lack of user security awareness can lead to trouble.

Andrew Meyers, the UF student who was tasered while making a scene at a John Kerry speech, was holding a copy of Greg Palast's book Armed Madhouse, which he was using as his reference while challenging Kerry.

Palast's book makes a lot of people uncomfortable. It should, because it blows the lid off the American Political scene and it's refusal to deal with reality.

Apparently, however, there are people in a lot of places that don't want you to read Greg Palast. Including Websense, the web filtering company.

When you are on Palast's mailing list, links go to http://mailings.gregpalast.com. However, click on that link at work, and you get the following:




Illegal or Questionable? Is this censorship?

Greg Palast's report about the caging of voters in Florida and Ohio finally made it to U.S. TV - 3 years too late. The News magazine NOW on PBS finally showed his reporting. You can watch it online.

JaBbA says check it out.

Of course, there are real risks out there that we need to avoid.

The targeted emails warning of IRS Audits or overdue invoices are a perfect example. Executives receiving these quite alarming emails click on the attachments to find out what the problem is, and the bad guys now own their computers.

I've seen multiple examples of the IRS audit scam, all of which came to executives here at work. Someone's been doing their homework.

I'd suggest warning all executives of your companies about these emails.

Example, from SANS:

Proforma Invoice for "Company Name" (Attn: "Executive Name")

The Body of the email included this text

"Hello,

The Proforma Invoice is attached to this message. You can find the file
in the attachments area of your email software.

PS: The invoice also includes the cost for the services provided for the
second quarter of 2007.
Please read, evaluate and reply with any comments. Thanks."

Bruce Schneier has written another excellent article on the perception of risk:

...when faced with a very available and highly vivid event like 9/11 or the Virginia Tech shootings, we overreact. And when faced with all the salient related events, we assume causality. We pass the Patriot Act. We think if we give guns out to students, or maybe make it harder for students to get guns, we'll have solved the problem. We don't let our children go to playgrounds unsupervised. We stay out of the ocean because we read about a shark attack somewhere.

It's our brains again. We need to "do something," even if that something doesn't make sense; even if it is ineffective. And we need to do something directly related to the details of the actual event. So instead of implementing effective, but more general, security measures to reduce the risk of terrorism, we ban box cutters on airplanes. And we look back on the Virginia Tech massacre with 20-20 hindsight and recriminate ourselves about the things we *should have done.

He's written about risk, perception and "security theater" many times.

JaBbA says check it out.

(Yes, I know, I've been quiet. Maybe I'll get started again)

I attended Antioch College my freshman year. Why only one year is a long and not pretty story, but my year at Antioch was a good year.

This is the 4th time - it closed during the Civil War, in the 1880's for financial reasons, 1917-1918 and now.

Antioch is a unique place. In the 50s it was a place where professors blackballed for "anti-american" activities could find work. There are no letter grades, unless you request them. (All classes end up with a narrative evaluation).

from WOHIO TV:

Antioch College To Suspend Operations In 2008

YELLOW SPRINGS, Ohio -- Officials at Antioch College said it will close after the 2007-2008 school year while it searches for enough money to reopen.

The small school in Ohio has a history of social activism and civil disobedience.

It counts Coretta Scott King, "Twilight Zone" creator Rod Serling and evolutionary scientist Stephen Jay Gould among its graduates.

The college has a small, $30 million endowment and depends heavily on tuition revenue. But a student body that was 2,000 strong in the 1960s has dropped to around 400.

School spokeswoman Linda Sirk said the college hopes to find enough money to reopen in about 2012.

They missed Jorma Koukonen (Jefferson Airplane guitarist) and Leonard Nimoy.

Interview with Antioch's president at NPR

Microsoft just released an emergency patch for the ANI Vulnerability. The Internet Storm center has been condition yellow for 76 hours, longer than ever before, because of this vulnerability.

Don't wait for the regular update. go to http://update.microsoft.com/ and get it now. Really. I'll wait......

And be sure not to type 'microfost' by accident. That's one of the websites that was hacking people when they visited.

New Ohio Secretary of State Jennifer Brunner is taking Voting Rights seriously. And she's not letting the status quo get in the way of creating a voting system that people might actually trust:

Brunner Calls For Clean Slate In Cuyahoga County

Columbus, OH – March 19, 2007 – Pledging to restore trust to elections in Ohio amidst the myriad of challenges facing the Cuyahoga County Board of Elections, the state's chief election officer, Ohio Secretary of State Jennifer Brunner, has asked for the resignation of the four-member board, two Democrats and two Republicans, effective the close of business March 21, 2007.

“Cuyahoga County has historically faced challenges with its board of elections, but we are at a time when these challenges are so great that extraordinary measures are needed to improve the election process in the state's most populous county,� said Brunner.

[...]

“With maximum 18-month prison sentences being handed down to two Cuyahoga County election workers last week for their roles in the 2004 Presidential recount, the tremendous problems that surfaced in the May 2006 primary that delayed even the unofficial vote count for 5 days, and the uncertain future of this board as another Presidential election looms on the near horizon, it is incumbent on me as Secretary of State to provide the direction needed to get this troubled board on track. The voters of Cuyahoga County deserve it, the citizens of Ohio expect it, and the rest of the nation will be watching,� said Brunner.

[...]

Those who do not resign by Wednesday will face a complaint and public hearing to be conducted in Cleveland by the Secretary of State's office at a time and date to be determined. Under state law the Secretary of State may “summarily remove� board members for cause.

I love the phrase "summarily remove" when it comes to Bill Bennett. This is long overdue, and would NEVER have happened under Blackwell.

First, an explanation: Early in 2006, my son and I decided to start following the English Premier League. We each chose a team - he chose Arsenal because they had won a few times and because he really liked Thierry Henry. I chose Liverpool because Liverpool reminds me of Cleveland, and Craig Bellamy had just moved from Newcastle to Liverpool, supposedly because he had always wanted to play for the team he loved as a boy in Wales. Reminded me of how Clevelanders feel about the Browns.

So I've been following Liverpool fairly closely. Liverpool is involved in the Champions League tournament, which is the European Championship for club (as opposed to national) teams that earned their way in based upon the results from 2005-2006. Football (soccer) tournament games are usually determined by random draw, rather than seeding like American sports playoffs are.

So Liverpool gets the (it seemed) unfortunate draw of the defending champions Barcelona in the round of 16. Last week, the team went to Portugal to prepare for yesterday's match, the first of a home-and-away series (called a 'two-legged tie' in football parlance).

While there the team got very drunk at a karaoke bar. Bellamy, who has a history of getting drunk and getting in trouble, decides that his teammate Riise, a much more reserved Norwegian, should come up and sing. Riise thinks not. They get into a fight, and Bellamy eventually grabs a 9-iron and hits Riise's legs with it. Not a good idea.

Bellamy is fined $155,000 by the team and the soccer pundits assume that his career at Liverpool is over. Riise is fine, apparently he didn't hit him as hard as was first reported. Surprisingly, both Riise and Bellamy start the game.

So what happens?

Bellamy scores. As all Footballers do, he begins a completely over-the-top celebration. And he begins it by....

Pantomiming a golf swing. A complete stick-in-the-eye of the entire Footballing world.

More irony - Liverpool's winning goal is scored by Bellamy taking a rebound and feeding Riise at the top of the box, who puts the shot in.

When they're bad, they're very, very good

Someone has compromised the official Dolphin Stadium website and inserted malicious javascript into the header. DO NOT visit dolphinstadium.com and if you have any kind of filters block it immediately.

Screenshots can be found at Websense Security Labs

This isn't my writing. But it's too good to pass up:

"I hear the voices and I read the front page and I know the speculation,"
the president told reporters in the Rose Garden. "But I'm the decider and
decide what's best. And what's best is for Don Rumsfeld to remain as the
secretary of defense."


-------- George W. Bush.

Well, it took me awhile, but I finally realized what "I'm the decider,"
reminds me of. It sounds like something that a character in a Dr. Seuss
book might say. So with apologies to the late Mr. Geisel, here is some
idle speculation as to what else such a character might say:

By Roddy McCorley

I'm The Decider

I'm the decider.
I pick and I choose.
I pick among whats.
And choose among whos.
And as I decide
Each particular day,
The things I decide on
All turn out that way.
I decided on Freedom
For all of Iraq.
And now that we have it,
I'm not looking back.
I decided on tax cuts
That just help the wealthy.
And Medicare changes
That aren't really healthy.
And parklands and wetlands
Who needs all that stuff?
I decided that none
Would be more than enough!
I decided that schools
All in all are the best.
The less that they teach
And the more that they test.
I decided those wages
You need to get by,
Are much better spent
On some CEO guy.
I decided your Wade
Which was versing your Roe,
Is terribly awful
And just has to go.
I decided that levees
Are not really needed.
Now when hurricanes come
They can come unimpeded.
That old Constitution?
Well, I have decided-
As "just Goddamn paper"*
It should be derided.
I've decided gay marriage
Is icky and weird.
Above all other things,
It's the one to be feared.
And Cheney and Rummy
And Condi all know
That I'm the Decider -
They tell me it's so.
I'm the Decider
So watch what you say,
Or I may decide
To have you whisked away.
Or I'll tap your phones.
Your e-mail I'll read.
'cause I'm the Decider -
Like Jesus decreed.

* This is an exact Bush quote!