Archive for the ‘ Tech ’ Category

The case for privacy in the electronic age.

This is likely the finest case for electronic privacy I have encountered and is worth reading.

A Cypherpunk’s Manifesto

by Eric Hughes

Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world.

If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.

Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.

Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.

Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one’s identity with assurance when the default is anonymity requires the cryptographic signature.

We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor’s younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.

We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.

We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.

Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation’s border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.

For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one’s fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.

The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.


Eric Hughes <>

9 March 1993

Cloud here, cloud there…

You just cant get away from it these days. It is a constant tech media darling and every major tech service company is getting on board. I’m not necessarily completely against the concept but you must educate yourself on the terms of your service and what they really mean when participating. Be careful, the internet can be a dangerous place and I fear the “cloud” can be worse.

I came across a blog post this morning regarding the “cloud“. Admittedly, I didn’t read the whole post but I liked this comment by Jason Scott:

By the cloud, of course, I mean this idea that you have a local machine, a box running some OS, and a vital, distinct part of what you do and what you’re about or what you consider important to you is on other machines that you don’t run, don’t control, don’t buy, don’t administrate, and don’t really understand. These machines are connected via the internet, and if you have a company then these other machines are not machines run by your company, and if you’re a person they are giving it to you without you signing anything accompanied by cash or payment that says “and I mean it“.

Can I be clearer than that? It’s a sucker’s game. It’s a game suckers play. If you are playing it, you are a sucker.

P.S. Facebook IS the cloud too.

Dropbox – Terms of Service

Do you use Dropbox? Have you read their new recently changed TOS? The following quote is from their “Your Stuff & Your Privacy” section and seems to me to have some far reaching implications that could cause some users major legal trouble. Particularly the last sentence of the quote. Think about that and the stuff you have in your folders. Additionally, the bulk of the statement regarding granting them sublicenseable rights undoubtedly relates to them making your data visible to you and those you share your information with. I suspect that this is with the best of intentions and results in broad language recommended by lawyers but, it is not restricted in any way. So the result is that it matters not what their intentions for your “stuff” are. They can do what they want with it. Just imagine if Facebook buys Dropbox at some point.

My opinion is, be informed and be cautious. It’s ok to use these services but only once you understand the consequences of doing so.

We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service. You must ensure you have the rights you need to grant us that permission.

Cloudburst cont…

How anyone trusts these services to important information can only be chalked up to ignorance.

Distributed computing.

Distributed computing is very much just what it soulds like. There are a number of reasons to utilize such strategies but the most popular is to achieve a greater amount of data processing in a given amount of time. Back in December of 2008 I wrote about how I had participated in the SETI@home project and then subsequently switched to the Folding@home project. Both of the projects are excellent examples of distributed computing. What I find most interesting about these projects is that they are using the power of distributed computing to analyze data that has already been obtained, rather than producing new data. In the case of SETI, they are able to use various radio telescopes the gather data from distant space in huge quantities. That data is then divided into very small pieces for each distributed client to analyze. Similarly, Folding@home uses the power of distribution to run protein folding simulations for far longer that was previously practical. The Folding@home Wikipedia page has some facts about the amazing amount of processing power of the Folding volunteer network. It runs in the multiples faster than the most powerful single computer in the world.

Below is a video of a protein folding simulation.

This precisely the type of work that your computer can contribute to the Folding project if you download and run the client. Many of us have computers that sit powered on all day and most of that time they are idle or using only a fraction of their processing power. Why not put that power to good use for a good cause?

Vintage computing.

I’ve always enjoyed relics. My parents frequently went on antiquing trips when I was young and many of the places we visited provided intriguing looks into the past. I usually found the old tools, clocks, cameras and automobiles most interesting. I still do. I also like looking at old photographs for the same reason. Of course now that the computer age has enough time under its belt, it too can produce a certain nostalgia. I don’t remember how but a few weeks ago I came across this You Tube video of an early 1960’s acoustic modem and really enjoyed it. I think because of what it is, it ties the past so closely to the present in that it was designed to facilitate communication between distant machines, a ubiquitous part of our current existence.

Then, this week at the NJLinux LUG meeting in Union, we had a some guests from the MARCH that provided a coincidental correlation to my discovery of the modem video. As a result of our guests attending the meeting I learned some interesting facts about the early days of computing and some significant roles that the state of NJ played back then, particularly as it relates the research and development that took place at the Marconi stations in Belmar and New Brunswick. A great deal of that history can be found at the Info Age science and history learning center and museum. The LUG meeting also included some discussion of a number of historical moments in computing advancement from the early days of the large ENIAC type machines to mainframes then to minicomputers and microcomputers. Also at the meeting was a functioning Altair 8800 that we were lucky to see in operation. Much vintage computing information can be found at the MARCH site.

If you are at all interested in the vintage computer scene you may consider attending the VCFE 7 later in May.

FreedomBox project.

I like this. I particularly like the idea of this being able to form a mesh. In my opinion it will be the mesh network that we will eventually rely on for the free dissemination of information. There are many other projects out there that can be aggregated to form the mesh. I mentioned the mesh-potato in the past. There are also many consumer grade wireless routers that can be adapted to the mesh task with freely available custom firmware. I use the WRT54GL and Tomato at home now. Its brilliant.

Here are some other mesh network related sites:

Business FIOS at the office. Part II.

Our changeover from XO DSL for Verizon FiOS is now complete. We just ordered the cancellation of the DSL line yesterday so there is no turning back now. Our network topology with the DSL service was not what I would call ideal, particularly when it came to security and because of that it was quite an effort to get completely functional with the new design. We leased a block of 32 IP’s from the DSL provider and every device on our network had a public Class A address (I know, not cool), it’s just how I did it from the beginning 11 years ago. But I was able to keep everything secure with diligent firewall rules and reviews and by keeping all the systems up top date. I knew long ago that I should change this but it was one of those things that just remained on the back burner.

With the new FiOS package that we chose I went with leasing only 14 IP’s which obviously forced me into making the long needed change. We have approximately 30 network devices here at the office including the IP phones (they were not publicly adressed, thank you). So, logically I did what should have been don in the first place and put all of our network devices on a private network and left only the servers on the public IP’s. Needless to say this required the reconfiguration of all the desktops, printers, the scanner, switches and servers. The switch was the most involved as we had to reassign a number of ports and add an additional VLAN for the new private address network. A number of the servers were also converted to multihomed mode so that they would have a physical connection to both the public and private networks because they provide services to both. Additionally, we have 2 primary DNS servers here that provide name resolution for a number of domains including some that are not ours. The coordination of reconfiguring those servers and making the authoritative record changes was done carefully so as to avoid any downtime for web-services, they were completed on Monday this week.

As I mentioned in the previous post, we are using a Soekris Net5501 as our router and firewall. It runs BSD’s well regarded PF packet filtering software via pfSense and has more than enough processing power to allow our bandwidth to operate at full speed.
Our Sonic Wall SOHO 50 is now retired after almost 12 years in service. Proprietary it may have been but it ran like a champ. It’s so out-dated I can’t find a picture of it on the internet. We have the Soekris set up to provide NAT to the new private address LAN and then we set up a bridge from the WAN port to another port that provides the connectivity to all the new FiOS leased public IP’s. Its a mildly complicated configuration but once its going it is rock solid reliable.

I also mentioned in the earlier post that I was looking forward to the speed increase that would allow us to do offsite backups in a reasonable amount of time. That is working out great. We have about 330GB of current and archived data. It wouldn’t pay to start the offsite transfer from scratch so I made an initial transfer at the office and then took that drive to the offsite location. From then on all that needs to happen is to transfer the incremental updates. That amounts to a few GB at most a on any given day, only mere minutes now instead of hours.

It’s done.

Behold the Qube.

Back in the late 90’s when the WWW and the “Information Superhighway” were all over the news and everyone was getting an email address (remember Compuserve and Earthlink and AOL), Linux was also gaining traction because it provided so much of the back-end to the internet. A small group of engineers put their heads together and started the Cobalt company. Their history is available here. Their first product called the Qube 2700 shipped in March of 1998. It was soon upgraded to the Qube 2 and then later the the Cache Qube and Qube 3. There were also a few other products developed for the datacenter/ISP industry, those were the CacheRaq the NasRaq and a series of other Raq* devices. These were all 1U form factor, low power, low cost, rack ready appliances that allowed fast deployment of ISP type services to customers.

I can’t find the original order so I don’t know the exact date but I think it was around late 1999 that I ordered the Qube2. I have always enjoyed tech-gadgets and computers and I just loved these things from the moment I saw one. I set it up at the office in Hackensack where it was connected to our wicked-fast 768Kbps DSL line (now we have 25/25Mbps Fiber). It really had to be the coolest computer you could buy at the time, with its deep cobalt blue case and green Cylon style LED on the front and its diminutive footprint. And best of all it ran Linux. And second best of all it had an unusual 64bit 250Mhz MIPSel processor inside. It really was unique and so much fun to look at and use. I have a soft spot for that one too because it ran our site for years.

Cobalt Qube 2
Cobalt Qube 2
Cobalt Qube 2

I still have that Qube2 and two others that I have since obtained through eBay over the last 10 years. The most recent of which was practically a steal (for a fanboy). I was fortunate to happen upon an auction for a NIB Qube2 model in its original packaging, unopened plastic seal on the Qube2 and all the accessories and the original product sticker still intact on the box, all for $33.00. I’m still stoked about it.


Unfortunately these are obsolete and not good for much other that to serve as neat looking bookends and as conversation pieces. They indeed do still run and there is a community of enthusiasts as you can see from the links above. I have installed NetBSD 5.1 on two of them and that at least makes them current as far as the operating system goes but they are doggedly slow by todays standards and it can get tiresome trying to do anything productive on them. At this point I couldn’t see one serving much purpose other than perhaps for running a persistent instance of IRSSI under Gnu/screen or something similar. One of these days I think I will attempt to gut one of them and stuff a Nano/ITX system inside that will have all the comforts of modern hardware. They still look amazingly current.

SSH usage, multiple private keys.

There is no doubt that SSH stands as one of the greatest system administration tools ever. I use it many times a day manually and many more through scripts for sysadmin stuff. Sometimes, like today I needed to do something that I have never needed to do before. And of course SSH is capable.

Due to a new network topology at the office I needed to be able to have SSH source more that one private key for authenticating to a remote host. There is more that one way to do this. I used the first solution as it was the most basic.

In the ~/.ssh folder create a file named “config” and chmod it to 600. Add the following line: “IdentityFile ~/.ssh/id_rsa.keyA” and add a subsequent line for the other private keys you want to use. For example you can have “id_rsa.keyA” “id_rsa.keyB” and so on. Make sure that those references actually match the names of your private keyfiles, if not, rename them. Thats it. From now on, when you attempt an ssh key exchange, all those keys will be sourced.

The second solution is more refined. This is what your ~/.ssh/config file might look like for this method.
Host *.home
IdentityFile ~/.ssh/id_rsa.home
Host *.office
IdentityFile ~/.ssh/
Host *.wan
IdentityFile ~/.ssh/id_rsa.wan

In this case the host you are connecting to will determine the key that will be presented rather than presenting all keys like the first example.

Thanks to Karanbir Singh and his post for helping me with this.