HTPC Ubuntu 10.10 Upgrade
Yesterday i started upgrading the HTPC to Ubuntu 10.10. I was having some problems with audio (no doubt related to pulseaudio....) and i had a bunch of updates waiting to be installed that i didn't dare install. I have this nagging feeling that every time i do an apt-get upgrade, something breaks in XBMC. Might just be a feeling. Might not. Anyway. I started with a clean install of 10.10, installing propietary codecs and updates from the web during the install. After the installation, i tried to remove pulseaudio. I did an apt-get remove --purge pulseaudio, which still left some libraries like libpulse0 and others. I tried removing them by hand, but that resulted in some dependency-errors. Further trying to remove that resulted in me not having a stable gnome desktop to log into. It started GDM, but after that i just got returned to the login window. I did an apt-get install ubuntu-desktop, and a reboot, which fixed the problem. Then again apt-get remove pulseaudio, and left it at that.
After that i added a few PPA's to keep my Nvidia and ALSA-drivers current. Alsa works better with XBMC, handling both Dolby Digital, DTS, as well as MP3 and other stereo audio. The latest Nvidia drivers have not always been problem-free, but i decided to give them a try. The PPA's i added were from this, and this site, and the complete commands were:
/ some dependencies first / sudo apt-get install dkms python-software-properties sudo reboot / after the reboot install the nvidia drivers / sudo add-apt-repository ppa:ubuntu-x-swat/x-updates sudo apt-get update sudo apt-get install nvidia-current nvidia-settings /installing the audio drivers/ sudo add-apt-repository ppa:ubuntu-audio-dev/ppa sudo apt-get update sudo apt-get install linux-alsa-driver-modules-$(uname -r) sudo add-apt-repository ppa:ricotz/unstable sudo apt-get update sudo apt-get install linux-sound-base alsa-base alsa-utils
After this, i rebooted, and ran sudo alsamixer. This starts a console-based mixer-application, that you can use to un-mute required outputs. Sometimes tihs is needed to get audio out at all, if you're using for instance HDMI (i haven't tried this), or say some analog output.
Then i added the XBMC ppa, which allows me to install the latest version.
/ some dependencies / sudo apt-get install python-software-properties pkg-config sudo add-apt-repository ppa:team-xbmc sudo apt-get update / and the actual xbmc packages / sudo apt-get install xbmc xbmc-standalone
Finally, starting XBMC produced an error that i didn't have the required packages for hardware acceleration installed. I downloaded the libvdpau package, which cleared the problem.
XBMC seemed really well configured at this point already, because sound worked out of the box (thank you and goodbye pulse, and thank you alsa). Also, video acceleration was configured correctly out of the box. This is a stark difference to some of the old old versions of XBMC i had once installed.
I tried some playback already, but not in the living room with the amplifier and TV, so that's up for later today. The current setup i have is:
- Samsung 40B535 40" LCD television
- Harman/Kardon AVR-235 amplifier
- HTPC
- Silverstone HTPC-case, incl. 120W power supply (model Lascala SST-LC19S-R) - Current price 173€
- ASUS AT3N7A-I motherboard with an Intel Atom processor (dual core 1,6 GHz), Nvidia ION chipset/graphics - Current price 155€
- 2GB DDR2 memory - Current price 28€
- 1 TB Western Digital Green hard drive - Current price 58€
- Totally 414€ with current prices
- Connectivity
- HTPC -> TV with HDMI
- HTPC -> Amplifier with SPDIF (optical cable)
- Wireless Logitech mouse with the Universal Nano Receiver (model M215, red)
- Wireless Logitech keyboard (an older Logitech Comfort)
- Network: 1Gbit through an HP Procurve 1400-series switch
Things to note here. The price of the entire thing hasn't gone down much in a year or so, which is pretty curious. You can get better ION motherboards now, so that's probably something i'd change. Maybe with WLAN or more i/o ports? Perhaps. The case i am pleased with, though it could be entirely passive. The ION/Atom combo, plus the mechanical hard drive create a lot of heat, and i think that this set couldn't run without the CPU fan.
I would also switch to a bigger HD, since the amount of media has exploded. A 2TB drive is like 10 bucks more, or so. 3TB drives have just been released, though they are still rather expensive.
A remote control would be nice, but i've yet to spend any time researching that. I'm pretty good with just the mouse so far. I don't need that far of an integration to the living room. It's still a computer to me, and not an appliance.
The final afterthought goes toward a Blu-ray drive. The case fits a slim Blu-ray drive. The price of such a device is like 100-200€ depending on the model (i'm not sure they all fit?). I've read many positive reports that say Blu-Rays work just fine with Ubuntu + XBMC, but i have no first-hand experience. I may go this route, or i may just stick with the PS3, which seems like a great player.
Vendor Fandom
Why is it that people are so god damn in love with their favorite vendors? Is advertising to blame? Are geeks inherently just stubborn motherfuckers? Probably. Let's do a quick dive into this issue.
At work, i often find that people are stuck with one brand, one OS or one technological solution for one reason or another. I'm pretty much agnostic. I like to have the solution that works best for the problem. There are people at every company (i'm willing to wager) who are in a position to make decisions, and who make those decisions based purely on "what they think is right". Objectivity is simply not on the menu. Shit, i know a few people myself.
Sure, for like random Joe-Bob on the corner you can use your own biased opinion to say "Go out and buy X, it's good". But when you are working in a corporate environment, your own opinion can weigh in, but your personal fandom toward a specific solution or vendor, which are usually unfounded, should not be a deciding factor.
I'm guilty as charged: I used to think Cisco is the go-to solution for anything network related. Or EMC for storage solutions. What we should do is, look at the problem at hand: what does the client need done, and what's the budget. Then look at the solutions available using those as parameters. Then use past experience, peer reviews and other metrics to come to a more final conclusion. The process is often shortened to "I like Solaris, so we'll offer a Solaris based solution", even if it is not the best, performance- or feature-wise. The client comes to you, expecting that you have the necessary know-how to bring them the best solution. After all, that's why they came to you, and didn't do it themselves. So when you come up with your solution, and the client doesn't know better, he'll go for the solution because you said so. The question remains: Why did you say so?
A lot of other things factor in of course. How will the devices / solutions be supported? Does the service provider have the necessary people with the needed know-how to use the equipment being sold? Is it the most cost-effective solution, while still providing the minimum requirement? Decisionmaking is a process that can be very personified. One guy gives the go-ahead. He might be the IT-manager, or some senior sysadmin that people trust. I say that in most cases that trust should be evaluated. Especially the people who have been in the IT industry a long time tend to get really bogged down with what they like, discarding all other metrics when they make decisions. They are the guys who get the job done, sure, but what are the long-term costs of their input?
The other option is perhaps worse, where decisionmaking becomes this huge process, involving dozens of people, meetings, commitees, etc. But a simple review of what is being done, before someone hits the "Order!" or "Sell!" button could save the service provider and the client from a lot of trouble down the line.
The problem lies perhaps in organizational structure. The sales guys want to sell, because their salary is dependant on the deals the close. They don't have the technical knowhow. They ask the technical guys. The technical guys tend to be biased for the wrong reasons. In internal processes, the final go-ahead comes from the IT-manager, or equivalent person, who can overrule or veto any suggestion or decision made further down the line. Often to the dismay of everyone else. He's not the one who has to support the devices or products down the line. He just gives the final go-ahead.
Ok this is a very disorganized post, i realize this. But you may be able to dig out somewhat of a point that i'm trying to get across here. Pay attention to the decisions around you, and at least sometimes stop and ask why something is being done. Our industry is in one giant hurry to go somewhere, so perhaps stopping every now and then wouldn't be such a bad idea?
My review and thoughts on The Social Network
Alright, so on to other things from my previous "serious" posts. I finally rented The Social Network yesterday (on DVD no less. They were out of Blu-Rays. How passé). It was kind of a hard movie to get hold of. It seems a lot of people have been renting it recently.
The movie runs about two hours, but it felt a lot longer, for some reason. It basically tells "the story" of Mark Zuckerberg, the founder of Facebook, and the worlds youngest billionaire. I haven't read too much about the movie, so i'm not sure to which degree it represents the true story of facebook. In any case, i found myself laughing at times, but on the other hand, feeling very sad for the Mark character. Whether he is a douche in real life.. who knows? A few people maybe. I'm guessing a lot of NDA's have been signed, people have moved on and so on.
The technology in the movie is fairly accurate. The movie fires off with a bunch of tech-talk with Mark downloading images off Harvard univesity websites, and doing some scripting to grab other images. It felt authentic, and i didn't see any "in your face"-problems with the stuff that was happening on screen. Mark used a laptop with KDE, which was cool. It wasn't MovieOS 3.1 or something. He used editors to write code. He talked about Mozilla. Apache. MySQL. It was fun to watch for once; not having to cringe everytime the geek character opens his yapper.
The Mark Zuckerberg in the movie is portrayed as an obsessive, almost manic character. He talks fast, and i can see the thought-patterns forming in his head before he speaks the line. He sort of plays chess with whomever he is talking to, anticipating the underlying meaning (sometimes incorrectly, mostly not) and answering the underlying question, as opposed to the one asked. He is portrayed as verbally humiliating many people with his witty rhetorics. It's fun to watch. I could somehow relate to the character. I often find discussions boring, and people to be very hypocritical and careful when they are talking. It's boring to try to decipher what people are actually trying to say. Why can't we all just say what we mean, instead of what we think the other guy wants to hear? If you want to be a dick, be so to my face, and don't try to hide behind quick quips and facetious smiles. People see through those, you know?
I found myself out of breath many times, because of the speed at which the Mark character is talking. His mind works like a parallel processor, and it's fun to watch. His manerisms get him into a lot of trouble with other people, which is kind of the premise of the movie. "Make 500 million friends, but end up with a few enemies in the process too".
The character portrayed by Justin Timberlake was easily the second best in the movie. He played Sean Parker, co-inventor of Napster and various other internet ventures. Not to be confused with Shawn Fanning, also inventor of Napster, but entirely a different guy. The real life Parker has commented that he is nothing like the character in the movie, and that it is entirely a work of fiction. He does own 7% of Facebook, apparently, so he has been involved, but he commented that he wishes his life was as cool as it was portrayed in the movie. The Parker-character is an obvious comic relief, but also kind of an antagonist, a money-grabbing opportunist, drug user and troublemaker. I still found myself liking the portrayal a lot, and i think more highly of Timberlake having seen this movie. A great role.
All in all, it makes a good point. If you have certain characteristics, you are not easy to approach. You may be the most skilled hacker in the world, but if your people-skills suck, you'll die alone. Rich, but alone. The question is, do you want to live your dream, or be someone you're not? Facebook has over 500 million members. What started out as an "exclusive" invite only club, is now a common household name. And at the center of this company, valued at 25 billion dollars, is Mark Zuckerberg. Perhaps a lonely guy with more money than he can ever hope to use. Maybe he has lots of friends, and is nothing like the movie portrays him as? I think he's the sort of distant guy, who you hear talk about, you see in pictures, but who you never truly know. Kind of the personification of the American, capitalist dream. But still too distant to make out. A modern enigma.
The HBGary incident, reviewed and revised
After a more thorough review, the previous writeup i did on this incident had to be redacted. The course of events was incorrect, as it was merely assumptions on my part, based on the data i had read. Mail exchange between me and Jussi Jaakonaho forced a rethink of the whole issue, and hence, this rewrite.
It should be noted that very few parties have a full and accurate account of what went on, and this is still just a version of the events.
I will start by making a list of parties and persons involved:
- HBGary - An American security company. Owns approx. 15% of HBGary Federal. CEO - Greg Hoglund, President - Penny Leavy
- HBGary Federal - An American security company (a 2009 spinoff of HBGary) that deals with the federal government. CEO - Aaron Barr
- rootkit.com - Not directly affiliated site, hosting a community of people discussing rootkits and security issues. Connection to HBGary is through CEO Greg Hoglund, also affiliated with rootkit.com. The site is not an official project of HBGary or HBGary Federal, though Greg is the founder of the site, and it is hosted by HBGary due to this fact.
- Greg Hoglund - CEO at HBGary, affiliated with rootkit.com
- Penny Leavy - President at HBGary
- Aaron Barr - Security researcher and CEO of HBGary Federal
- Ted Vera - COO at HBGary Federal
- Jussi Jaakonaho - affiliated with rootkit.com, used to reset Hoglunds account and confirm current root password. Not affiliated with HBGary.
The sequence, as far as chronology is unclear, but here is a list of events, possibly in rough chronolgical order:
- Aaron Barr claims he has infiltrated Anonymous and has identities of organizers, leaders and founders. Discusses research with Financial Times, which acts as a trigger for Anonymous.
- Anonymous breaks into HBGary Federal server through SQL injection, gains accounts and emails of key figures.
- Either separately or as a consequence of, an HBGary tech support system is compromised
- Anonymous uses account of Aaron Barr, who had administrative privileges to HBGary e-mail systems to access further data
- Anonymous takes control numerous online presences of key HBGary and HBGary Federal executives and employees. Aaron Barr's Twitter, Ted Vera's Linkedin (now offline, he was renamed Colossal Faggot)
- At some point, Greg Hoglunds e-mail is also compromised and used to send e-mail to rootkit.com administrator, Jussi Jaakonaho, to reset Hoglunds account, and confirm root password. Link
- Rootkit.com is compromised, supposed password lists are leaked, sql database dumped
- At some point, HBGary Federal site is defaced, taken offline along with HBGary.com. HBGary later put back online with a short post on the events. HBGary Federal remains offline, as does rootkit.com
An important distinction to my earlier analysis is that rootkit.com was not the starting point of the attack, it would at least seem. This is because before the rootkit.com attack, Greg Hoglunds mail was already compromised, as evident in this "log", also referenced earlier. Through this account, anonymous supposedly had knowledge of the previous and current root passwords at rootkit.com, and used the account as a platform to reset hoglunds account at rootkit.com, thereby gaining access, and root on the server. My previous supposition was that accounts found on rootkit.com were used to gain access to other sites (such as other HBGary and HBGary Federal servers). Although it is probable that accounts found on rootkit.com were tried on various other sites, no details have emerged over such usage. Rootkit.com was simply a footnote, with the simple connection of Greg Hoglund.
Anonymous, along with many reports seem to not understand the connection between HBGary and the spinoff, HBGary Federal. They are separate, though related (as evidenced by the IRC logs, see lines 2755 and 629, as well as HBGary main site) companies. Aaron Barr was working on his own researching anonymous, though knowledge of his research existed with HBGary as well. Anonymous, acting fast and wide, attacked both companies, as well as rootkit.com.
While rootkit.com is only fleetingly connected, i am mentioning it because of the local connection. The admin at rootkit.com used to reset the account of Greg Hoglund at the server, and to confirm the current root password is, admittedly, from Finland. The "research" done on his current employment status was poorly done, irrelevant, and therefore best left unmentioned, and was also included only as a local curiosity.
I will also address the fact that the anonymous who emailed Jussi is claimed to be a 16 year old girl known under the alias `k and kayla. There is, of course, no way of confirming this as fact, and I chose to include this because it is a funny footnote, if true.
As a fellow administrator, i have to also say that it's quite hard to blame Jussi. The e-mail originated from Gregs e-mail, and i know for a fact, even though it is bad security practice to discuss passwords in emails, this happens on a daily basis in our industry. If the identity of Greg Hoglund could have been confirmed at this point, rootkit.com may have gone unscathed. I don't have to stress the usage and importance of pgp, or ssh keys on servers, or good password policies in general, it's a topic for another post.
Final thoughts
I still hold to my point that Aaron Barr's demise was well deserved. If you do shoddy research and try to profit from that, you deserve to burn publicly. I also can't say i have a strong sense of empathy towards HBGary or HBGary federal, as they have known about the research. HBGary Federal has shown it is not to be trusted with federal issues, or tax payers money, as the research it's CEO has produced was nothing short of bullshit. Had this methodology spread to the federal government, the results may have been costly, and grossly inaccurate. Granted, there was collateral damage, but in the wide world, money is what talks. When a company such as HBGary or HBGary Federal gets plastered all over the news, and loses potentially millions, people tend to listen. This goes for the DDOS attacks on VISA, Mastercard and others last year. Big names, big losses, big headlines.
As an aside, Krebs on Security has a writeup of the events, but i'm left unclear as to how many of HBGary's systems were compromised initially. Krebs quotes Greg Hoglund, who says that a system containing tech support for HBGary was compromised, as well as a web server used by HBGary Federal. The order of those compromises is not immediately clear, so one can only speculate as to whether one led to the other, or whether they were independent compromises.
The sheer misunderstanding of the "structure" of Anonymous is still prevalent in the media. I feel that the structure of Anonymous is grossly over-estimated. The arrests made so far have shown little to no effect in the actions of anonymous. The group is perhaps best described as a mob.. or a flash mob. An idea that people can stand behind. A form of neo-anarchism that anyone can join without an understanding of the technology, the issues or the ideology. Even the ideology is a curious concept as it chances as many times as the gasoline price at my local gas station.
Having been a bystander at 4chan and of the anonymous movement, i'm led to believe that there is very little in the way of organisers, leaders or founders. It just sort of came together. Sure, the IRC channel has Ops to keep the order and the peace, but they can hardly be concluded to be leaders or organisers of the group, not that there is such a thing. Barrs research contains gross inaccuracies, if it is indeed what anonymous released in the form of a pdf. Nicknames from the IRC-channel (which is completely public and requires no "infiltration") were matched with nicknames used on Facebook for instance, in many case implicating completely unrelated people.This was said to be the main concern of anonymous, as voiced a number of times in the IRC logs referred to earlier. The list was so inaccurate, that anonymous supposedly sent it in to the FBI, to prove a point.
Also what is curious is that many people, that do have Op and seem to be "running things" on the IRC side of things were left completely un-identified in the "research". This includes people who have not even made an effort into being anonymous, such as "press guy" Barret Brown, or joepie91. It also includes clear jokes, such as Guy Fawkes from London.
As a final, final thought, i would like to discuss the importance of research and sourcing, and the difficulty of online "journalism" (though i don't view myself as such). Inaccuracies spread like wildfire. Content put online never comes back down. People and names get mixed up very easily, as online, anyone can be anyone. This is implied for both the personaliteis discussed here, and the personalities discussed in Barr's "research". Sourcing becomes a difficult thing in such sensitive issues, and this has been an important lesson for me as well; to strive to do even better research in the future. The problem is companies usually want to keep breaches a secret, and "attackers" like to add FUD and propaganda to their side of the story. Thus, forming a coherent picture of any event becomes challenging.So, as this has obviously been a lesson for many parties and many issues, including myself, i do hope people actually learn from this. I sure have.
Random & The HBGary Federal stuff – redacted for now
I was recently contacted by Jussi, who stated that i have things backwards. I have redacted the post, and i'm trying to find out the real course of events, if i indeed got things the wrong way.
My goal is not to publish faulty information, and as i stated, this post was an analysis by me, of how i thought the events unfolded.
Ah frack it.. Google cache was faster.
Random & The HBGary Federal stuff
Disclaimer - This was an earlier post, with a lot of speculation on my part, in regards to the HBGary hack by Anonymous. After more thorough research, a revised post was released here. Please refer to this if you are looking for a hopefully more accurate account
So the last few days, weeks, whatever have been a bit quiet. So i'll just take this time off and talk about some of the issues i've been thinking about.
First of all, i need to get rid of a bunch of hardware, so if you need anything like memory, or servers (without their harddrives), or regular desktop machines.. or i suppose i might even have a few smaller lcd screens, hit me up with a comment or an email. I'll post a better list later, but here's some of the stuff:
- Two HP DL380 tower servers, i don't have the specs on hand, one was i think a dual processor and the other single. RAM included
- An IBM xSeries tower server, which is actually pretty compact and not too loud, but also, it's not very fast
- Various desktop towers
- RAM: DDR1, DDR2 (1GB and smaller sticks), and various DDR1 and DDR2 SO-DIMMs for laptops
- I may also be selling two 17" LCD screens
- Various expansion cards and what-have-you
I'd also be interested in finding a pair of 2GB non-ECC DDR2 for my desktop, since running multiple virtual machines is putting a strain on my current 6GB configuration.
Currently i'm on an Oracle 11g course, which lasts five days. I'm not really going to be a database guy, and frankly i'm not too interested in this either. I do it from a pure carreer perspective, and because i know that we have a lack of Oracle knowledgeable people where i work.
Also, this morning i realized we live in a world where few clocks ever tell the same time. Waking up, eating breakfast and walking to the train station, i was confronted with at least 8 different versions of what the time currently was. Bewildering.
Anonymous owns HBGary and HBGary Federal
Disclaimer - This was an earlier post, with a lot of speculation on my part, in regards to the HBGary hack by Anonymous. After more thorough research, a revised post was released here. Please refer to this if you are looking for a hopefully more accurate account
And i don't mean they bought the fuckers. So here's the story as i've been able to patch it together: HBGary Federal (a separate corporate entity working under the HBGary name, providing infosec research and such for government) CEO and Co(?)-owner Aaron Barr decided he was going to blow this whole anonymous case wide open. Now as i've discussed in multiple posts, this stems from the clear stupidity and thick-headedness of people, refusing to understand what and how anonymous works. Barr had the brilliant idea of "infiltrating" the anonymous networks (err.. i mean the public irc-channels at anonops.ru #anonops #anonymous #reporters etc.) and find out as much as he could about the leadership of anonymous. He then compiled in data from various social networks, simply taking a persons IRC identity or other available data, and connecting it to mostly random people using the same nicknames or such on Facebook, for instance. You should now be able to see how faulty his methodology is to begin with. He then boasted that he has the identities of most of anonymous' leadership and organisers. He made up roles and titles for various people, like "co-founder of anonymous". Anonymous caught wind of this, and decided to have a look at the list.
Supposedly 16 year old female hacker 'kayla', known on the IRC channel as `k, social-engineered an admin at rootkit.com, Jussi Jaakonaho (who is also a chief researcher at Nokia, incidentally) pretending to be Greg Hoglund, CEO at the main company HBGary. Note that HBGary is not directly affiliated with HBGary Federal, though it carries a 15% share of HBGary Federal in the form of investments. Through Jussi, she was able to get root access to the servers at rootkit.com. From there the problems escalated, and while i don't have the full details, i suspect credentials or data found on rootkit.com were used to compromise Barr's account on HBGary Federal, and numerous other locations, such as Twitter.
The result was an onslaught of defacement and luls from Anonymous, as they downloaded over 50 000 internal e-mails from HBGary and HBGary Federal employees and executives. These were subsequently published as a torrent, which can be found with little to no trouble. To add insult to injury, Anonymous sent the "brilliantly" collected (and false) data that Barr was supposedly going to sell to the FBI (as evidenced by an 11 AM meeting on monday 7th February found in his e-mails) to the FBI for free. Barr claims he was never going to sell the data, or that he was going to redact the names, but that's really irrelevant at this point. He also claims it was only for research purposes, but internal emails show he was clearly going to profit in a business sense either directly through selling the data/research or through PR he would have gotten for "exposing" the "leaders" of Anonymous. All of which is total and utter bullshit. Most of the people on the list have little or no affiliation to anonymous, and could have gotten into serious trouble had this data not come out in time.
Barr's twitter account was owned, adding "raging homogay" to his about-box, and posting various lewd comments on his feed. His new Twitter avatar is also a variation of a classic 4chan meme, "Forever Alone", modified to "Forever Barrlone". You should really check it out, it's quite funny if you are into this whole meme business. Also read all the tweets from the past few days, as they provide some insight into what went on.
Ted Vera's (COO / President at HBGary) Linked in profile was also defaced to change his name to Colossal Faggot, though i doubt it's still out there. Google cache might still have it, plus i suppose screenshots exist.
All in all i can't say i give a flying fuck about any of these people or their respective companies. If you are in the security business, and particulary in the business of selling research and data to the federal government (thank god it's not mine), then you need to be competetent and know what the hell it is you are doing. If you are an incompetent asswipe, then bad things may happen to you. You don't deserve your job, your bonuses, your cushy little office and the notion of job security. You deserve to go back to school, admit your failures and start over. Though that might be a bit hard at this point, seeing as i would find it very unlikely that the likes of Barr would ever be hired to do anything with computers ever again.
Anonymous has stated they have in ther posession more emails that are as of yet unpublished, and they have had negotiations with the owner and CEO of HBGary as to the next steps in this whole debacle . The IRC logs of that are quite .. a read. Anonymous demanded that for the rest of the data to stay secret (this is called extortion), they need to see Aaron Barr stripped of his job, and all future investments to HBGary Federal. Also they requested that all such funds instead be diverted to the Bradley Manning defense fund, the EFF and other such causes. HBGary is in the process of thinking about things.
Quite a thing to see the CEO of a multi-million dollar company on IRC, begging these anonymous types not to release more mails, as they would cause millions in damage. "Think about what this will do to your reputation", HBGary urged. Anonymous replied with "What reputation, and why should we care?"
It has to be rather bewildering for your average corporate type to face an adversary that does not care for the traditional things. Reputation is irrelevant. Possible consequences, irrelevant. Legal threats, irrelevant. Sure, you can (and they have) caught a number of people associated with anonymous, but there are tens, maybe hundreds of thousands of people ready to take their place, if they feel like it will get them the laugh of the day.
I'll end with another paraphrasing from the IRC logs, where one Anonymous stated, after just saying he knows this will cost HBGary millions, and that he doesn't care, that he will now go play Fallout.
Oh and one more thing...
I have to really hand it to both Greg Hoglund, and especially Penny Leavy, who is president of HBGary. She took time out of a nightmarish day, to go on IRC and talk to anonymous. She tried to talk to these people, and she tried to grasp the concepts. Aaron Barr however, who also appeared on the channel under the alias CogAnon, was less than courteous. He talked trash and left without answering any questions, clinging to the one sentence he thinks will save him: "I did it all for research". That's like pissing on an angry mob, who has already burned down your house, broken your car and kidnapped your cat.
Brand Bias
This is by no means a new phenomena or anything, but it caught my eye.. or ear i should say, when i was listening to the latest episode of the Linux Action Show (Season 15, episode 3). There was a mention of the curious Apple-bias that many tech sites seem to have; the one mentioned was Tech Crunch. They recently made an article on how many percent of smartphone users are using the latest version of their software. For apple, the number was ~90%, and for android this was 0.4%. Yes. But see for Android the rules were not the same, no. IOS, the apple smartphone OS, has had numerous versions of the 4.x series (which were all included in the 90%), and android has had many under 2.x. But Tech Crunch (which, i know, is a group edited site, so content is perhaps not always of the highest quality) decided that they would compare to Android phones using 2.3 Gingerbread. Which isn't really fair, if apple gets an entire whole series of releases under 4.x and Android gets one specific version with no variance. Oh well, i guess apple just rules because their users are almost all on the latest version then.
This is a widespread phenomena. Anything Apple does is toted as revolutionary, even if it has been done and re-done thousands of times before. They release the iPad which is a crippled piece of shit, and then wait a year and soon they will release the iPad2, to the amazement of all, and it will be the best thing out there because they added an SD card slot and the ability to make video phone calls or something. That's some dank shit right there guys. Apple also called out Android tablets as being nothing but oversized smartphones (this was during CES, which saw the release of multiple Android-tablets), and that their OS is not designed for tablet use. Sure, Android tablets have so far been mostly crap and slow, but then, at least we have choice, and hardware that isn't locked down. Android 3.0 will be geared towards tablets, so there is development here too. And if the iPad isn't a crippled oversized iPhone then i don't know what is.
Engadget has been pretty good at not freaking out about apple stuff, but they do their share too. Gizmodo obviously is another one who just licks the honey-dew sweat off the balls of Apple. There are too many sites to mention that ride that ugly train.
It should be noted that i am typing this on a MacBook Pro, which my employer got for me, at my request. I also had an iPhone 3GS, which i swapped out after about 6 months of use, because i thought it did not deliver what i wanted. I picked the Galaxy S simply because of its features, not because it has a shiny apple on the back of it.The main reasons for choosing an Android phone today is that you get an exchangeable battery, SD card slot, the freedom to choose what applications and most importantly, what carrier you use. Carrier lock-in is perhaps the stupidest invention of the 21st century, and it should be fought whereever it appears. When you buy a device, make sure you own it, and not the manufacturer or carrier.
Yes, the iPhone is exceedingly easy to use, and if you live in a country that has working cellular networks (unlike the US), it'll work great for the basic user. But i can't imagine any advanced user wanting to use an iPhone, simply because the platform is controlled by Apple so tightly. Apple recently even went as far as to change the screws on their flagship hardware (like the iPhone 4), so that you couldn't open the phone as easily as before. Ofcourse, Ifixit now sells the screwdriver and kit to change the mangled freedom-hating screws to regular philips head screws for 9.95. If you still own an iPhone, and you want to keep owning the hardware you paid for, and for instance, change the battery (which is not possible without opening up the device entirely), get that kit from ifixit. The same goes for the Macbook Air, and i think the newer Macbook Pro's. This is just rude behavior, and they had to know that people would open the phones anyway. So why go through the trouble? I wonder how many millions it cost to replace the screws, and what benefit they thought they got out of it?
I also have to hand it to Apple. They have the best marketing team ever. Never fire those guys, they are pure gold. No other company in the history of man has such overhyped crap that everyone seems to want. On top of that, they cost a shit-ton, are completely locked down and behind the curve in features. And again i stress that i picked an iPhone out of my free will, i just didn't like the way it made me feel locked down. You can argue all you like about jailbreaks and unlocks, but the fact is, it's your phone. But with Apple, that's just not the case. You don't own your own phone.
Christian tradition disappearing in Finland
I say, good on you!
There's discussion in the Finnish media about tradition (read: christian tradition) disappearing in our schools. Some schools are downright outlawing songs and plays that portray christian values. Funny by the way, how the word christian, no capital C, is listed as misspelled in WordPress / Chrome.
This whole issue just makes me angry. And to top things off, one of our tabloid "news" "papers" have started a poll, where people can vote to either keep or abandon these christian traditions. At this time, something like 34 000 people have voted, which isn't a lot. They should have added boobs. Or something. And now the headline is "Removal of christmas traditions causes minor citizen uproar!". Free advertisement over an issue they have no control over, and that the majority doesn't really give a shit about. Good work.
Basically songs that come from christian hertitage, anything containing jesus, god, angels and other christian bullshit, are being removed from Finnish schools. Christmas celebrations are in no way affected, but the issue is that "tradition" is being trampled.
So my question is, do we need religion to have tradition? Do we need the bible to have morals? Scarily, i've heard that an atheist cannot have morals, because the bible, the word of god, is the only source that teaches morals to people.
I think not. We can still celebrate, and have all kinds of fun without religious context! It's like people want to continue old traditions just to continue them. How many people in Finland are actually Christians? I mean people who pray, go to church and read the bible? Not too many people i would wager. So what's the fuzz?
"My Daddy and his Daddy before him always dropped bricks on their cocks. So you, my son, will continue to do the same thing!"
-"But why Dad, why?
"Because it's always been done that way. Now get ready, here it comes!"
Wikileaks and the revenge of Anonymous
Let's get a few things straight. Anonymous is not an organized group. It's a bunch of people, mostly hailing from the online forum 4chan, who are out to do anything they damn well please. They are seldom politically motivated, and usually just do whatever feels like fun at the time. They do not have a leader. If Anonymous posts something, it's just.. a guy. A regular person acting as the voice of this internet flash-mob, if you can call it that.
Basically how it goes is: Someone thinks something needs to be done. They make a post on 4chan, and if this person is successful in rousing enough interest, something happens. This is a pure game of luck. Most of the time, people will call you names, and tell you to go have intercourse with your mother, or a goat. But sometimes, you can get enough people, critical mass, and then get them to do something.
Various things 4chan "anonymous" has done in the past, include: Posting threats on the door of a Swedish forum operator (a forum which allows the posting of child pornography) and videotape the proceedings, to placing pubic-hair inside various (mostly Scientology related) religious books in bookstores around New York. Now, this random "Eye of Sauron" has turned it's gaze upon those who seek to harm wikileaks.
Operation Payback is the name of this particular set of fun. Some anonymous created a tool called LOIC (low orbit ion cannon), which works on all platforms and makes participating in a distributed denial of service attack so easy, that you hardly need any skill at all. This is not hacking and most people using LOIC have no idea of what they are doing. Basically it has a nice GUI which allows you to type in a target website or IP, and then hit "Fire!", to start attacking the host. Just like in the movies. So far they have targeted the Swedish Justice department, taking down their site for a good while, disrupting mastercard.com, and even causing payment verification to fail according to some reports. Visa.com was next, after they announced their block of wikileaks. Amazon was on the menu today.
Basically it's just people doing stuff that seems fun. Like people demonstrating without really knowing what or who they are demonstrating for. They see it as fun, being a part of something bigger. Again: It's very vaguely co-ordinated, and a group of Anonymous can disperse as quickly as they gathered. Next week maybe they will paint penises on bus stops. Who knows.
I'm not quite sure these DDOS attacks are a good thing. First of all they are not hackers. They are script kiddies at most, and i would bet even they would be insulted if these people were given that name. Yes. I think Visa, and Mastercard, Amazon and Paypal, Easydns, and a number of other companies need to think very carefully about what they do, if they intend to keep their clients.
I do realize the government can do really scary things, especially the US government. But you need to keep in mind that the people of this world will not look at your cowardly actions for much longer. You need to draw lines, agreed. But do so across the board. And once you go down the path of censorship, there is no turning back. If you do choose that path, go all the way. But don't block one site, and leave others, like Paypal, still accepting donations for foundations supported by the Ku Klux Clan, an inherently evil racist group. You can't donate to promote freedom of speech, but you can donate to support racism and hate.
Am i the only one who does not find any sense in this?
The other half of me thinks that the attacks on these companies serve no purpose, and are no better than the people opposing wikileaks. Isn't preventing these sites from being accessed the same damn thing? Preventing these companies from exercising their own brand of freedom of speech? Though they have acted cowardly, and clearly under duress, do they deserve the same treatment. I haven't decided. But i do think there is an inherent "Lulz"-factor in all of this. Visa denies donations to wikileaks, and they are taken down, costing them money as well. While i don't condone clearly illegal activities (both those against wikileaks, and the companies mentioned), i don't feel sorry for them either. You reap what you sow.
Somehow there is a curious sense of justice and irony to all of this, dontcha' think?
Wikileaks and The Coming Revolution
God damn it! I kind of promised myself i wouldn't write this post, but i'll do it anyway!
So the topic of the past few weeks for anyone who has even tried to follow the news, has of course, been wikileaks. For those box-dwellers among you, Wikileaks is simly a site that accepts "leaked" information sent to them by anyone. The recent hubbub started when US Private First Class Bradley Manning (currently in prison) sent in what would later be called the "Collateral Murder" video. This video shows a US helicopter gunning down innocent people, among them, two children (who survived with serious injuries), and two Reuters Journalists, who did not survive the attack.
This leak did not go over well with the US government, and the game was on.
So the next big releases concerned "war journals" from Afghanistan and Iraq, detailing many of the reported incidents of casualties and other such events. In them, we can find out how many friendly-fire incidents there have been, and how many civilians have died since 9/11. Someone equated this to one 9/11-event every 8 months. And where are the memorial events for these people? Observances of silence? Haven't heard anything so far (no pun intended).
The thing that broke the proverbial camel's back was what has become known as "Cablegate". The release of over 250 000 variously classified US embassy communiques. Basically messages sent between various State leaders, US embassies around the world, and the US state-department.
Wikileaks reportedly received these from Pfc. Bradley Manning, though this isn't entirely certain, as far as i know. Wikileaks are releasing the cables in small increments, to give justice to the material being released. So far, around 1000 documents have been released. Which means there is a lot to go, and a lot of embarrassing moments various politicians.
The response so far has been US pressure against sites and service providers, such as Amazon, Paypal, Mastercard and Visa. I'll go into more detail later on. Basically they are thinking pretty one-dimensionally. Stop wikileaks.org, and stop the problem, right? Wrong. There are as of this writing over one thousand mirrors, providing the same content. Even though the US government is known for being pretty fucking stupid, they cannot seriously be this naïve. Once information enters the internet, it can never be taken out again. Ever.
So how did the US government think to stop this problem. Here are a few examples:
- Probably coercing Mastercard and Visa to stop taking donations to wikileaks. Wikileaks has lost a lot of money over this issue. Visa and Mastercard are both citing Terms of Service violations, but they have been vague at best, since there is still no idea of any law that Wikileaks might have broken *anywhere*. They are distributing already leaked material. Once it was leaked, it ceased to be private, and therefore, the only guilty party so far, is the person or persons who exfiltrated the data from "Secret" US government networks, such as SIPRNET.
- Secret in t his case meaning that about 3 million people worldwide have been granted access to the same data.
- Probably coercing Paypal to kill Wikileaks' account, and so deprive them of funds that people would have donated through paypal, which i previously thought was a pretty decent company. Not anymore.
- Note, that while wikileaks is in breach of Terms of Service, you can still donate money to such admirable organizations as the Ku Klux Clan through paypal. So get those dollars flowing people!
- Forcing Amazon to stop hosting wikileaks.org in their cloud service. Of course, the DDOSing of wikileaks.org placed significant stress on Amazon's infrastructure, but again, citing TOS violations are pretty funny.
- I can't even being to list all the similar items either on sale, or hosted at Amazon, providing equally "damaging" information, but Wikileaks was apparently different. Or then you just wanted to play nice with the Government bullies.
- Forcing various DNS service providers from hosting wikileaks DNS records, therefore making you unable to access wikileaks.org by name.
- This as we have seen is -- uh -- very effective. Over a thousand mirrors have cropped up so far, offering the same exact site as the now downed wikileaks.org. Also if a DNS server is removed, you can still access a site by its IP-address, unless they take more drastic measures, such as DDOSsing sites (such as wikileaks.ch, which is down from having to serve excessive requests). Speculation suggests the attackers are affiliated with the US government, who are waging a desperate and inane war against an "enemy" they do not comprehend.
- Telling various government agencies and institutions that accessing wikileaks or any of the published cables is illegal or against regulations. These include at least the state department, military institutions (like soldiers overseas fighting for this very country). Rumors are even abound that schools are suggesting or prohibiting students from discussing or writing essays on the subject. I will repeat that these are unsubstantiated rumors.
So where do things stand now? Julian Assange, the "leader" of wikileaks is now in Brittish Custody, and soon to be turned over to Swedish authorities for trial on two alledged sex-crimes he committed. Now, while most media sources speak of rape, this is not the case. Is a journalist someone who does not check their facts? I think not. Rape has never been the charge. In stead, the crimes is that when two people agree to consensual sex in Sweden, and during intercourse, your condom breaks, the woman can sue you. Two women did. Two very interesting women. One may or may not have CIA ties. The other, a noted feminist, studied an article on how to take legal revenge on men before suing Julian.
As soon as news of the arrest came out, talk of extradition to the US appeared. Curious. A bunch of idiots have suggested he might be tried for treason, and various other ludicrous crimes. How can a non-US citizen be accused of treason? Well, in works by various other idiots, is now a revamping of the old espionage law, that would give US authorities the leverage they need to prosecute pretty much... anyone anywhere for spying and causing harm to US interests. I have no doubt in my mind that the Swedish authorities will hand him over just gladly, bending over to the will of the US government. If Julian is extradited, which is very likely to happen (if he isn't assassinated first), he will probably never see the light of day again.
While my sympathies are with Julian and his family, taking him out of the equation will not affect Wikileaks in any way. In fact, it will only re-envigorate the cause. He would become a de-facto martyr for this "cause", if you can call it that. Wikileaks will live on as long as the people decide it will. And there is no amount of government hoo-haa they can pull out of their ass that will change any of that. If they want to do something, i suggest owning up to the diplomatic disasters they themselves have created over the last few decades. The age of diplomatic secrecy and fucking the people of this world in the ass is over. As in nature, either you adapt, or you die. In this case, we can't lose. Either governments will change to face this new reality, or they will crumble like a deck of cards.
Next in line is an exposé on the corrupted world of US banking! Rumors say it's Bank of America that is being targeted, with some 5 gigabytes of data leaked from the hard drive of a bank executive, supposedly revealing a culture of corruption, fraud and worse. I say go for it. If it costs us a re-collapse of the global economy, i say bring it. I am not afraid.
The world is in need of a decent shakeup.