Fri 31st Dec 2010 @ 01:20 2010: Solaris 10 SMF Manifests

I did mention this when I launched it in July, but here is another plug to the newer, better-presented version of the Solaris SMF Generator using the current sgpit.com website design by Ascent Creative.

It still does the same thing - it creates all the files that you need for a typical SMF service under Solaris 10, it is just a little bit better presented than before.

Share and enjoy!

Wed 22nd Dec 2010 @ 17:29 2010: My blackberry is not working

Excellent Ronnie Corbett sketch about technology. Almost up there with fork handles.

http://www.youtube.com/watch?v=kAG39jKi0lI

Wed 15th Dec 2010 @ 00:39 2010: Allegations regarding OpenBSD IPSEC

http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 is a post from Theo De Raadt, the main OpenBSD developer (OpenBSD's claim to fame is that it has had Only two remote holes in the default install). The email alleges that the IPSEC (IP Security) stack in OpenBSD includes some back-door(s) knowingly inserted by the US FBI. The confessor's NDA with the FBI has recently expired, which apparently allows him to confess the subversion. If so, that differs from my understanding of the UK Official Secrets Act, but so be it. He has alleged, on the OpenBSD mailing list, that

"the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express
purpose of monitoring the site to site VPN encryption system
implemented by EOUSA, the parent organization to the FBI. Jason
Wright and several other developers were responsible for those
backdoors, and you would be well advised to review any and all code
commits by Wright as well as the other developers he worked with
originating from NETSEC."

Thu 9th Dec 2010 @ 00:43 2010: Wikileaks

I would like to have had the time to delve into the details of this more than I have been able to, but Ross Anderson at Cambridge University makes an excellent point, which I feel I must repost. When access to citizens' data is subject to security constraints, such as the NHS Spine project, which allows ~800,000 NHS staff unfettered access to our personal health records, the government tells us not to worry, because they can be trusted. When an intelligence analyst working on the US/Iran issue can leak totally unrelated cables to Wikileaks, the US government considers that to be a crime - possibly even resulting in execution.

From a technical perspective, these NHS Spine and the US Cable issues are the same - the technology exists to prevent one user of the system from accessing parts of the system that they do not have authority to access, but has not been used. Those who understand how computer systems work, have been telling governments about these flaws for many years. I personally am still struggling to get my daughter's school to understand that they do not need to take her fingerprints in order for her to be able to access library books.



All the way from governments fingerprinting schoolchildren as a routine task, through assuming that general availability of citizens' health data is not an issue, is at conflict with the current US posturing that it is not acceptable for sensitive data, treated with similarly lax security measures, to be leaked to the public that those governments serve.

If the US, or any other government, want communications to be private, it is their responsibility to ensure that they are encrypted and demonstrably private, and can not be leaked. The NSA themselves have worked on various technologies, from 3DES to SALinux, in acknowledgment of this fact. Such restrictions were apparently not applied to these most recently leaked cables, which indicates that the US Government were happy for these (often arrogant) missives to be shared more widely.

It is difficult to accuse someone of robbing your house when you have left all of the doors and windows open. Technically, they should not have done it, but in practice, that is not how things work.