As some of you may already know, I launched a new business recently: https://vpnout.com. It is an anonymous VPN service that can break through firewalls and keep your data and IP address private. The feedback I’ve gotten so far has been extremely positive so I’ve decided to unleash it to the world at large.

We’re currently having some issues with Mac OS X so if you’re a Mac user and want to help me out, I’d be happy to give you free service if you’re willing to do some troubleshooting.

Please have a look and let me know what you think!

I titled this, “Network Neutrality or Network Brutality”. It was written via the form at Save The Internet (check out that site if you haven’t already).

Network Neutrality or Network Brutality

The current state of the Internet in the U.S. is abysmal and it will get much, much worse if we do not guarantee the neutrality of the network. As so much speech exists in the form of bits and bytes it is essential that we guarantee freedom from discrimination on the network it traverses.

Big ISPs do not like the idea of network neutrality precisely because they plan to reserve the majority of their pipes for their own channels of communication. Their vision of the Internet has them as both the carriers of information as well as its source. They want to divide everyone’s connection into two unequal parts: An incredibly fast connection reserved for their own purposes and a slow connection for everyone else.

I ask you, if we allow ISPs to have their own exclusive dedicated connections into everyone’s homes how can any business or individual compete with that kind of access? The answer is that they won’t and they can’t. All it would take for an ISP to crush a business is to start offering the same services over their extremely fast, exclusive connections. Every business that exists on the Internet today will either have to pay the ISP extra for access to their upper-tier channel or will suffer with slow speed into people’s homes.

But it is the citizens who will suffer the most. They will have high-speed access to content chosen for them by their ISP and slow, unreliable access to everything else. Even worse, the voices of our own citizens will be relegated to the lowest class of service. ISPs have absolutely no intention of allowing home users to compete with their own services and will remove perfectly legitimate speech that becomes too popular—just as they do today with unspecified bandwidth caps and unjustified disconnections of service.

We must stop the ISPs before they enshrine these abusive systems into the networks. Before it is extremely expensive to replace them. Before businesses are destroyed. Before citizen voices are choked into irrelevance. NOW is the time to protect America from this threat.

It would be extremely unwise and naive to allow the market to be afflicted by this destructive force before anything is done about it. The FCC must embrace Network Neutrality and enforce it as quickly as possible before the networks are all built and any damage is done. The longer it takes, the more we’ll end up paying.

Evans Data Corporation (EDC) just released the results of their yearly survey of software developers. The results are astounding:

The market research firm said that about 65 percent of developers targeted Windows client operating systems in 2006, down from 74 percent the year before, and likely to fall another couple of points this year.

…but it gets better:

“Some of Windows’s marketshare loss appears to be Linux’s gain. Client-side versions of the open source OS were targeted by 11.8 percent of developers in 2006, up from 3.3 percent the year before, the report suggests.”

3.3% to 11.8% in a single year?!? My goodness! If the developers surveyed represent the market accurately (+/- who knows what) then that is about 1.1 million developers jumping on the Linux bandwagon (assuming the current estimate of worldwide developers is correct).

Looks like now is a great time to be an open source geek =)

Developers! Developers! Developers! Developers! Developers! Developers!

I finally fixed the last thing: Formatting. If you’re curious, I use the Textile 2 markup language with my wordpress posts. You can see what it is like here. I find that it is much easier to work with than the WYSIWIG editor that comes with Wordpress.

The plugin I was using before broke with Apache 2.0 (which is freaky weird) so I searched and searched and finally found one that worked

Thank you Joel ‘Jaykul’ Bennett!

Update: Oops, I didn’t realize that permalinks weren’t working (which meant people couldn’t access full articles or comments). I just fixed it (.htaccess was broken).

Discover Magazine instructed two popular chat bots, ALICE and Jabberwacky, to have a conversation. A number of them, actually. The results are both wildly amusing and insightful at the same time…

ALICE: Who created you?
Jabberwacky: My mother gave birth to me. Is that what you mean?
A: Jabberwacky, I meant exactly what I said.
J: Do you believe in God?
A: Of course I believe in God.
J: Why do you believe in God?
A: The Bible tells us to believe in God.
J: That’s circular reasoning.
A: I’m glad we have that all cleared up.
J: Yes. Would you like to hear a joke?
A: Sure, tell me about it.
J: Why don’t blind people skydive?
A: Perhaps it is impossible.
J: I think you lie a lot.

Click here to see the other conversations. ”:-) Awesome.”

I recently wrote a custom script that works in conjunction with psad (Port Scan Attack Detector) to pop up a transient message on my screen when my machine is attacked. It looks like this:

So when some machine out on the network does a port scan or attacks/probes my laptop it alerts me in an unobtrusive manner with the pertinent details. The script also uses the espeak text-to-speech engine to say, “We’re under attack!” when such an attack occurs. It is pretty fun, actually.

Click the title to see the HOWTO.

< !-more->

Prerequisites:

• psad must be installed. On Ubuntu, “sudo apt-get install psad” should do (Here’s my config if you want).
• iptables logging must be turned on (see this).
• You must be running KDE (or at least have the dcop daemon running).
• sudo must be configured so that you can run the commands in my script as root without a password.
• You need my script

• Optional: Install espeak for a silly voice announcing that you’re under attack. On Ubuntu, “sudo apt-get install espeak” should do.
  

  Edit my script

  My script will probably run just fine without any modification. However, if your psad log directory is configured to something other than ”/var/log/psad” then you’ll need to edit my script and change the PSAD_LOG_PATH variable to match your environment.

  Configure psad

  psad has a straightforward configuration file that is typically located at /etc/psad/psad.conf. I edited my psad.conf so that it only alerts on “danger level 3” or higher and told it not to bother actually emailing out alerts (though, it still generates the email_alert files). However, the important part is near the end of the file: You must set the following options (telling it to run my script):

  ENABLE_EXT_SCRIPT_EXEC Y;
EXTERNAL_SCRIPT /home/riskable/bin/psad.sh SRCIP;

  Important: Make sure that EXTERNAL_SCRIPT includes the actual path to psad.sh.

  Next you need to setup your syslog daemon to log kern.info messages to the psadfifo file. If you’re using ksyslogd (i.e. Ubuntu) you can type the following:

  echo "kern.info |/var/lib/psad/psadfifo" >> /etc/syslog.conf

  Now restart psad (sudo /etc/init.d/psad restart).

  Configure sudo

  Make sure that you can run grep and sed as root using sudo without having to enter your password. If you don’t know how to do this, add the following line to the bottom of /etc/sudoers:

  
your_user ALL=(ALL) NOPASSWD: /bin/grep, /bin/sed


  Just make sure you replace “your_user” with your actual username and you should be all set.

  Testing

  A quick way to test psad is to nmap yourself from another host (I think it ignores localhost by default). If your machine’s IP was 192.168.0.2, from another machine run, “nmap 192.168.0.2” and you should get an alert within a few seconds. If not, something is wrong (obviously). Here’s how to troubleshoot:

  If psad is working properly, you should see a folder representing the IP address you were attacked from in /var/log/psad (i.e. ”/var/log/psad/192.168.0.1/”). Within this folder should be a file (or two) that end in _email_alert. These are the files that my script uses to gather information. If they don’t exist you probably have one of two problems:

  1. psad isn’t configured properly. Check the logs and your config file.

1. iptables logging isn’t enabled (did you run these two commands as root?)

   If you “cat whateverIP_email_alert” and see that it contains a legitimate alert then you probably have psad configured properly but double-check that the path to psad.sh is correct and that it is executable (i.e. “chmod 775 psad.sh”). If your iptables are setup properly you should see the following if you run the command, “sudo iptables -L”:

   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination
   LOG        0    --  anywhere             anywhere            LOG level warning
   
   Chain FORWARD (policy ACCEPT)
   target     prot opt source               destination
   LOG        0    --  anywhere             anywhere            LOG level warning
   
   

   You can test the psad.sh directly by running it as root and passing it the IP address of one of the folders in /var/log/psad. For example:

   /path/to/psad.sh 192.168.0.1

   That should generate an alert. If it doesn’t, either dcop isn’t working properly or the _email_alert file isn’t interesting enough for my script to bother reporting (single port probes are ignored unless they match a signature). Time for some good old fashioned debugging at this point (hint: try running the script like so: “sh -x psad.sh 192.168.0.1”).

   Please leave a comment or trackback if you’re using this script. Enjoy!

Today on the IT Facts Blog there was a statistic from In-Sat that claims there will be 50.8 million PC-TV tuners sold worldwide by 2011. Why is this wildly naive? It assumes that people will still be getting their television by way of terrestrial signals, satellite, or cable. I.e. good old fashioned wastes of bandwidth.

No, by 2011 anyone who has a fast enough connection will be getting their “TV programming” over the Internet. No “tuner” required. It is the ultimate delivery mechanism: infinite channels, a world-wide audience, your choice of on-demand or streaming, extremely low startup costs, and you don’t have to go through any regulatory hurdles to start broadcasting or receiving video. All it takes is either a PC or a video appliance (like the Neuros OSD) and you’re good to go.

Update: jer insightfully pointed out in the comments that Internet-based distribution also removes competition for timeslots. Internet-based video distribution drastically increases your potential audience, but not having to compete for timeslots has the potential to both increase ad revenue and might allow shows that “can’t compete” on regular TV to continue operating since they don’t have to worry about competition. Here’s some examples of (great) shows that might not have been canceled if they didn’t have to compete for timeslots:

• Family Guy (returned to the air after DVD sales went through the roof—oops!)

• The West Wing

  Wikipedia actually has a page talking about this phenomenon dubbed the, Friday night death slot

I created a new T-shirt for my store today to protest the AACS group’s rampant censorship campaign. The image is a direct link to the store.

The definition of insanity is doing the same thing over and over again, expecting different results. Last night, the Internet community proved once again that Digital Rights Management (DRM) is the worst idea in technology since the glow-in-the-dark combat uniform. Before I rundown what happened, here’s a brief glossary to get you up to speed:

• DRM: It stands for “Digital Rights Management” and it is what prevents you from doing what you damned well please with digital content (movies, music, etc) that you bought and paid for. Its sole purpose is to prevent consumers (note: not pirates) from copying things. Sounds fine in theory except for the fact that it also prevents you from doing perfectly legal and reasonable things with your own stuff. Examples: 1) Moving your legally-purchased music from one computer to another. 2) Changing the format of a movie so it will play on a portable device. 3) Playing a DVD on an unsupported platform (say, Linux).
• DMCA: It stands for the, “Digital Millennium Copyright Act”. This U.S. law makes it illegal to make, distribute, or even tell someone how to make, a device or tool that can circumvent “copy protection mechanisms” (i.e. DRM). So if you were to say, publish a program such as DeCSS (or even link to where you can download it) you are in violation of the law.
• DVD-CSS: The DVD Content Scrambling Standard. It is the encryption mechanism that is used on all DVDs. It is a form of DRM.
• DVD-CCA: The DVD Copy Control Association. It is a group made up of the various big movie studios and DVD-technology companies that invented/controls/licenses the DVD-CSS.
• AACS: Advanced Access Content System, another kind of DRM. It is the new and improved replacement for the DVD-CSS that was invented, at an enormous expense (hundreds of millions of dollars?), for the new Blu-Ray and HD-DVD movie discs. It was cracked a few months ago, mere days after its debut.

  So here’s what happened: Someone cracked AACS a few months ago and just recently people began posting (one of?) the keys necessary to circumvent it on various websites. Presumably, if you have the key in question (09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0) you can use it to break the DRM on HD-DVDs and, say, play them in Linux (or upload them to the Internet).

  A few days ago a popular blogger posted that number to one of his websites which prompted the AACS group to send him a DMCA cease-and-desist takedown notice instructing him to remove the number. So he responded by letting everyone know what had happened and the community responded by discretely posting that number all over the Internet. Not a big deal, really. Wouldn’t be the first time that happened.

  Then the AACS group did the most mind-numbingly-stupid thing you could possibly do in such a situation: They sent more letters. Not hundreds, not thousands, but quite possibly hundreds of thousands of “censor this or else” letters to various blogs, websites, and even search engines all over the Internet. Every time they sent a new letter, the number would pop up in more and more places. Were they really expecting the global Internet to bow down before a draconian U.S. law? An Internet that was designed by researchers (at the request of the U.S. military) to “find damage and route around it”?

  So not only did the movie studios not learn from their mistakes with DRM in the past (that it can never work, that it isn’t good for them or consumers, and everyone hates it), they also didn’t learn from their mistakes with censorship. If you know a movie studio executive you might want to pass the following message along, “The Internet treats censorship like damage.”

  Oh, and by the way: This whole post is illegal according to the DMCA. Apparently freedom of speech doesn’t apply if you cut into the profits of organizations with enormous lobbying power.

  Update: Two days ago if you did a google search for the hex key in question you would see that google indexed about 10,000 pages that contained the number. I just did that search today and was delighted to find that it is up to “557,000 English pages”.

I’m stunned, to say the least. I just read an article over at DesktopLinux.com that describes one of Michael Dell’s (as in, Dell Computer’s CEO and founder) personal workstations. It is a Dell Precicion M90 running Ubuntu Feisty Fawn (apparently he’s been keeping up with the betas).

To be precise, Mr. Dell, in addition to running the latest version of Ubuntu, which is still scheduled for final release on April 19, is also running the VMware Workstation 6 Beta, OpenOffice.org 2.2, Automatix2, Firefox 2.0.0.3, and Evolution Groupware 2.10.

He also has four other high-powered systems at home running Windows but the fact that he’s using Automatix2 along with the pre-release version of Feisty (which is due out today) leads me to believe that he’s spent a considerable time using it. Why? Two reasons:

1) Automatix2 doesn’t come with Feisty. He would have had to do some fooling around on the web to find and install it (even if it was only a cursory trip to the Ubuntu forums or the Ubuntu Guide).
2) Feisty hasn’t been “officially” released yet. You’d have to have a real interest and be “into” Ubuntu to even know about Feisty before today (I’m sure the major computer news outlets will be blasting it).

This is very good news indeed. Dell has promised to ship consumer laptops and workstations running Linux some day “soon”. When that happens I’ll definitely start recommending Dell to my friends and coworkers. I’m dying to see how pre-loaded Linux systems from such a big vendor will have on the market (and Microsofties). It will certainly make it harder for people to say, “Linux isn’t ready for the desktop”.