This feed contains pages in the “security” category.
It’s not often you see something that manages to perpetuate stupid beliefs about gender at the same time as demonstrating yet another way to invade someone’s privacy with Javascript, but this article manages it. Apparently, it looks at your browser history and guesses whether you’re male or female based on the sites you’ve visited. Now, I’m not convinced that there’s a significant gender bias for most sites, and looking at the results it looks like a sizable proportion of them were wrong ("oh noes ur site thinkz im a gurl!!!!111"). It bugs me that people even bother, though.
What’s more concerning, as Simon points out, is that apparently any site that can use javascript (i.e., any site you don’t disable it for) can find out what sites you’ve been to just by creating a link and checking whether the CSS style is :visited. I think I’m going to have to install NoScript again, despite having to use Javascript for work…
Okay, a few things that I’ve heard about recently have pissed me off.
First, Bruce Schneier talks about security versus privacy, making the point that the dichotomy is a false one. He argues the point very well, but it’s something he quoted that inspires me to rant:
"Privacy no longer can mean anonymity," says Donald Kerr, principal deputy director of national intelligence. "Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information." Did you catch that? You’re expected to give up control of your privacy to others, who — presumably — get to decide how much of it you deserve. That’s what loss of liberty looks like.
Earlier in the article, Schneier uses the term "Orwellian" [1]; it’s this quote, though, to which the term could really be applied. Ignoring the poor grammar, what the director is doing is redefining a word to suit his (or rather, the US government’s) purposes. Orwell’s Nineteen Eighty-Four is scary not because it’s a depiction of a totalitarian regime, but because most of the inhabitants don’t even realise it is; the Party’s eventual goal is to make rebellion literally unthinkable, by altering the meanings of, or removing altogether, any words that might lead to "thoughtcrime". This is exactly the same: redefining "privacy" so that people don’t even realise they no longer have the rights they did in past decades. The hypothetical future regime will argue that its citizens still have the right to complete privacy, and that it respects its citizens rights in this regard (and, it is entirely possible, others), and it will be absolutely true, for a given value of "private".
Leading on from this is a debate I had with Carl and Ed regarding the police’s powers to investigate someone without evidence. It started as a discussion of TV licensing, in which the point was made that, if I didn’t have a TV, I wouldn’t allow the TV licensing people into my house to confirm the fact; rather, I’d expect them to have actual evidence that I’d committed a crime, and to get a warrant first (since, if they have evidence, a warrant should be easy to get). The discussion went on to random breath tests; I’d consider myself perfectly within my rights not to submit to one unless the police had actual reason to believe that I might be drunk. The problem is not that the invasions of privacy are particularly onerous, but that there’s a slippery slope; accepting one invasion of privacy makes it harder to justify your refusal to accept the next.
My final point is unrelated, but I’ve just finished reading Dawkins’ The God Delusion (review forthcoming). It hadn’t really occurred to me before (though I’ve certainly encountered enough in the past few weeks) that people actually believe that the Bible is literally true. Respecting other peoples’ beliefs is all well and good, but there comes a point where it’s necessary just to say "No! You’re wrong! Your beliefs are crazy, stop it now!". That point is usually the point when the leader of an extremely powerful nation claims that God talks to him and tells him what to do.
| [1] | I think it’s rather understating Orwell’s works that the word "Orwellian" has come to refer merely to a state that keeps its citizens under heavy surveillance; the surveillance in Nineteen Eighty-Four was far from the point, and it wasn’t even a feature of his other works. |
Gave a presentation for TermiSoc this evening (well, it’s just gone midnight as I write this…), on Unix (specifically GNU/Linux and FreeBSD) security.
It went pretty well, I thought, though I rushed it a bit, and wasn’t as prepared as I could’ve been (I spent much of the hour before the presentation, when I was hoping to prepare more, trying to get the projector to play nice with my laptop).
Source and PDF are, as usual, available here.
I’m puzzled as to why any GNU/Linux distribution (for desktops, at least) would bother installing a firewall. It’s trivial to just stop services listening on external interfaces, so why waste resources by having another process running to block them?
My recently-reinstalled (due to hard-drive problems that led to filesystem
corruption, the day after my warranty expired) Debian laptop had two open ports
until a few minutes ago. One, portmap, was I think installed by default, and
used to prompt about this. The other, ssh, I installed myself. I’ve disabled
portmap.
If nothing else, the vast majority of people either connect via dialup (in which case it’s likely that incoming ports are firewalled at the ISP) or broadband from behind a router–which is basically by definition a firewall. The only need for a software firewall on GNU/Linux or Unix desktops is when the computer connects directly to the cable or ADSL modem and there are ports you can’t close–maybe if you want to allow access to certain services from some but not all IPs. I still think that a hardware firewall is a better solution, though.
I realise Windows users do still need them, to catch errant trojans and viruses and whatnot. But frankly, that’s their problem.