My thanks as always to xkcd (P.S. Take a look at xkcd 533 and read the comment in the “mouseover” title popup. Then try not to laugh.)
2013 archive
Permanent link to this article: https://baldric.net/2013/10/02/another-good-reason-to-avoid-the-kindle/
Sep 25 2013
get your own nsa email account
Some enterprising chap, possibly called “Chris Fisher” if the whois record is correct, has registered the domain name nsa.org. He now appears to be selling email accounts on that domain. The accounts are quite pricey too at $142.00 considering that he is only giving 2 Gig of store. Mind you, his FAQ is quite honest. …
Permanent link to this article: https://baldric.net/2013/09/25/get-your-own-nsa-email-account/
Sep 23 2013
just for rob
Shortly after the launch of the new iPhone 5S, my old friend Rob emailed me trying to goad me into writing a post about it. After all, it was made by one of my least favourite companies and it contained a supposedly funky bit of kit in the shape of its fingerprint scanner. Rob pointed …
Permanent link to this article: https://baldric.net/2013/09/23/just-for-rob/
Sep 20 2013
that’s another password I have to change
Michael Horowitz has posted an interesting article over at Computer world. In it he points out that, by default, most android devices (tablets and ‘phones) routinely ‘phone home to Google to back up Wi-Fi passwords along with other assorted settings. Google sells this option as a convenience to help you regain settings after you upgrade …
Permanent link to this article: https://baldric.net/2013/09/20/thats-another-password-i-have-to-change/
Sep 20 2013
RSA says don’t use RSA
A report in wired today says that RSA Security [*] have released an advisory to developer customers noting that the Dual Elliptic Curve Deterministic Random Bit Generation (or Dual EC DRBG) algorithm (the one which is subject to speculation about NSA interference) is the default in one of its toolkits and strongly advised them to …
Permanent link to this article: https://baldric.net/2013/09/20/rsa-says-dont-use-rsa/
Sep 17 2013
Naughton’s ten tips
Back in July I commented on one of John Naughton’s “networker” columns in the Observer. Last Sunday, Naughton wrote another nice article titled “10 ways to keep your personal data safe from online snoopers”. Naughton begins the article by recalling that Tim Berners-Lee called the technology he devised a “web” of interrelated documents. He notes …
Permanent link to this article: https://baldric.net/2013/09/17/naughtons-ten-tips/
Sep 12 2013
add ssl to lighttpd server
For some time now I have protected all my own connections to trivia with an SSL connection. I do this to protect my user credentials when managing trivia’s content or configuration. In fact my server is configured to force any connection coming from my IP address to a secured SSL connection so that I cannot …
Permanent link to this article: https://baldric.net/2013/09/12/add-ssl-to-lighttpd-server/
Sep 11 2013
neil doesn’t get it
A couple of days ago I received an email from an old friend (let’s call him “Geoff”) which said: Following last Friday night discussion I have created a facebook page as a shared repository of our photos etc. I have kickstarted with most of mine. You can either make yourself a friend of this page …
Permanent link to this article: https://baldric.net/2013/09/11/neil-doesnt-get-it/
Sep 10 2013
tor node upgrade
I have switched my tor node to the experimental branch and it is now running version 0.2.4.17-rc. The huge load on the network seen since the botnet starting using it on about 19 August last has forced the tor project team to recommend that all relay operators move to the 0.2.4 branch (and this release …
Permanent link to this article: https://baldric.net/2013/09/10/tor-node-upgrade/
Aug 31 2013
totally not israel
Collin Anderson on tor-talk posted a nice graphic showing tor usage in the top 50 states since the appearance of the huge rise in the number of tor clients on the network. With the exception of Syria, the slopes of all those graphs looks much the same. But as a few people have noticed, the …
Permanent link to this article: https://baldric.net/2013/08/31/totally-not-israel/
Aug 31 2013
vnstat on my tor node
My last post showed the huge growth in the number of Tor clients since 19 August. Despite much speculation and discussion on the Tor email lists there is still, as yet, no definitive consensus on what is causing the rise. Many commentators seem to favour the botnet theory. Personally I’m still puzzled by the apparent …
Permanent link to this article: https://baldric.net/2013/08/31/vnstat-on-my-tor-node/
Aug 27 2013
tor users up
Along with the longer term upward trend in the usage in tor I noted below, there has now been a large, rapid rise in the number of connected tor clients in the last week or so. The tor usage statistics graphs show a dramatic doubling of daily connected clients (from around the 500,000 mark to …
Permanent link to this article: https://baldric.net/2013/08/27/tor-users-up/
Aug 25 2013
openPGP usage
Over at the the cypherpunks mail list, one Tony Arcieri posted a graphic showing an interesting rise in the number of OpenPGP keys registered on the SKS keyserver in the last month or so. The graphic comes from the SKS statistics page. The overall trend is clearly upwards, and has been for some time, but …
Permanent link to this article: https://baldric.net/2013/08/25/openpgp-usage/
Aug 23 2013
thank you citizen
Imagine Dave’s censorship (^W) surveillance program outsourced to G4S.
Permanent link to this article: https://baldric.net/2013/08/23/thank-you-citizen/
Aug 23 2013
untrusted dod certificate
Chris Williams over at El Reg posted a nice article about the kind of crypto best practice you need to follow if you care about privacy. The article questions the wisdom of using David Miranda as what Williams calls a “data mule” to carry physical electronic media (possibly) containing sensitive data through Heathrow and goes …
Permanent link to this article: https://baldric.net/2013/08/23/untrusted-dod-certificate/
Aug 22 2013
tor usage on the rise
A couple of weeks ago I noted that the release of tails 0.20 seemed to be popular – at least if the traffic on my mirrors was anything to go by. The statistics published by the Tor project itself show an interesting rise in (probable) Tor usage since June. The graphic shows that the number …
Permanent link to this article: https://baldric.net/2013/08/22/tor-usage-on-the-rise/
Aug 20 2013
aunty doesn’t get it
The BBC has today commented on the Guardian story about David Miranda’s detention for nearly nine hours at Heathrow under Schedule 7 of the UK Terrorism Act 2000. The BBC’s on-line report ends with a web feedback form asking: Have you been detained under schedule 7 of the Terrorism Act 2000 at a British airport, …
Permanent link to this article: https://baldric.net/2013/08/20/aunty-doesnt-get-it/
Aug 12 2013
porn over postie
I was browsing the RevK’s blog (originally brought to my attention by David) this morning and came across this gem. It would seem that some UK households have been receiving unsolicited pornographic DVDs through the post. As the RevK says: Well, obviously the Royal Mail need a default opt-in adult content filtering in place for …
Permanent link to this article: https://baldric.net/2013/08/12/porn-over-postie/
Aug 10 2013
tor users under attack
The Tor network does not just provide anonymous internet access, it also provides for so-called hidden services. These services are not visible outside the Tor network and are only reachable over Tor. The servers are given Tor specific addresses of the form “xyz123.onion” (actually, the addresses are a little more complicated than that because the …
Permanent link to this article: https://baldric.net/2013/08/10/tor-users-under-attack/
Aug 09 2013
lavabit dead
I run my own mail server for a number of reasons. And I rarely regret that decision. However, there have been occasions in the past when relying on a single mail provider (even when that provider is myself) has proven problematic. The first problem arose several years ago when the ISP which I use for …
Permanent link to this article: https://baldric.net/2013/08/09/lavabit-dead/
Aug 03 2013
security failure at digital ocean
This morning I received an email from Digital Ocean titled “Avoid Duplicate SSH Host Keys”. The email said: “If you have created an Ubuntu Droplet or snapshot prior to July 2nd, DigitalOcean recommends regenerating the SSH host keys. Droplets based on standard images now create unique SSH host keys.” (This, of course, implies that they …
Permanent link to this article: https://baldric.net/2013/08/03/security-failure-at-digital-ocean/
Jul 28 2013
repeat after me – snowden is not the story
John Naughton has an interesting column in his “networker” series in today’s Observer. In it he laments the fact that the majority of the world’s mainstream media seem more intent on reporting on Snowden the man than on what Snowden has revealed. He starts: “Repeat after me: Edward Snowden is not the story. The story …
Permanent link to this article: https://baldric.net/2013/07/28/repeat-after-me-snowden-is-not-the-story/
Jul 26 2013
soldier available cross magnet
I am in the process of changing passwords on a bunch of different systems/applications and have been pondering my algorithms, so to speak. Like my friend David, I have an internal model of varying password schemes which I can use in different places. This means that I can happily pick a password for a low …
Permanent link to this article: https://baldric.net/2013/07/26/soldier-available-cross-magnet/
Jul 26 2013
how not to hide
I have written several times in the past about the tedious crud which hits my blog spam filters. Of late I have seen an increase in spam which looks, at first sight, plausible comment, but on closer inspection turns out to have the usual links to sites flogging cheap copies of western luxury goods. A …
Permanent link to this article: https://baldric.net/2013/07/26/how-not-to-hide/