Tagged: internet

The Gun That Fits On A Floppy Disk

Magnet Flag

The 3D printed gun is now a reality. I don't have access to a 3D printer - but I've downloaded the plans out of morbid curiosity.

While downloading the blueprints may not be illegal, any UK citizen who made and owned such a handgun could face arrest, according to the UK's Metropolitan Police.
BBC News

It may not the best weapon in the world - it has reliability and accuracy issues - and it may not be the cheapest - around £5,000 for a 3D printer to fabricate the thing. But it's certainly the most portable.

The total file size for the 3D models to build the weapon? 1,084,069 Bytes. Small enough to fit on a floppy disk.

Most of us send emails with larger attachments every day. Never mind that this gun evades metal detectors - spotting these scant few bytes in the gigabit flow of everyday life is nearly impossible.

There has been an attempt to pull the plans from the Internet. That can't work. Ever.

The way modern file distribution is done is decentralised. As long as you know the hash (the unique code calculated from the file's contents) you can download a file from a Peer-to-Peer network.

magnet:?xt=urn:btih:
6C4089AC6C134F1B2DFF18499658B228D9EB2657

That's short enough to memorise, turn into a song, print on a t-shirt, tattoo onto your flesh, or simply send in an SMS.

You can even split the hash up and represent it as a flag of many colours.

My neighbour has an HP LaserJet with an open WiFi connection. I can print anything I want through it. There's a limit to the amount of malicious damage one could do with paper and ink. But what happens when HP release a consumer grade 3D printer with their typically poor security defaults?

Anyone with a phone could walk down the street, upload to those printers a short alphanumeric string, and all of a sudden every house has an (unwanted) AK-47.

We can't wipe this knowledge off the Internet. We can't force every 3D printer to recognise every potentially malicious shape - nor convince it only to print from an "approved" list. We can't stop people of lax moral character from acquiring and using guns.

Do we accept a world where it is trivial to access powerful weaponry? Do we engineer a change in attitudes so that gun ownership is undesirable? Or do we use ham-fisted legislation to try to censor knowledge in a futile attempt to be seen to be "doing something"?

I think I know which one our rulers will choose - but is there a better solution?

Why Does Tucows Send Important Emails Which Look Like Phishing?

A few weeks ago, I received what I thought was a particularly inept phishing attack.

Subject: shkspr.mobi

***PLEASE NOTE THAT IF YOU DO NOT RESPOND TO THIS EMAIL YOU MAY RUN THE RISK
OF THIS NAME BEING ERRONEOUSLY DELETED - PLEASE ENSURE THAT YOU REPLY TO
THIS MESSAGE (VIA EMAIL) WITH REFERENCE TO THE ACCURACY OF THE WHOIS

INFORMATION***

Hello;

I'm writing to you from Tucows (Registrar for your domain). It has come to our attention that the WHOIS for this domain (see subject line) may not be accurate.

According to Section 18 of the Registrant Agreement you accepted when you registered the domain name, all information is to be current, complete and accurate.

(http://www.opensrs.com/docs/contracts/exhibita.htm)

18. INFORMATION. As part of the registration process, you are required to provide us certain information and to update us promptly as such information changes such that our records are current, complete and accurate. You are obliged to provide us the following information:

(a) Your name and postal address (or, if different, that of the domain name holder);
(b) The domain name being registered;
C the name, postal address, e-mail address, and voice and fax (if Available) telephone numbers of the administrative contact for the domain name;
(c) The name, postal address, e-mail address, and voice and fax (if
(d) Available) telephone numbers of the billing contact for the domain name; and
(e) The name, postal address, e-mail address, and voice and fax (if
(f) Available) telephone numbers of the technical contact for the domainname.

Any voluntary information we request is collected in order that we can continue to improve the products and services offered to you through your
Reseller.

As the Registrar, it is our responsibility to maintain the WHOIS and ensure that the information provided is up to date and accurate. We have received notification that information listed in the WHOIS for the domain name may be inaccurate. We are required, as per our ICANN obligations, to ensure that this is remedied. This is outlined in Section 20 of the Registration Agreement.

20. REVOCATION. We, in our sole discretion, reserve the right to deny, cancel, suspend, transfer or modify any domain name registration to correct a mistake, protect the integrity and stability of the company and any applicable registry, to comply with any applicable laws, government rules, or requirements, requests of law enforcement, in compliance with any dispute resolution process, or to avoid any liability, civil or criminal. You agree that we shall not be liable to you for loss or damages that may result from our refusal to register or cancel, suspend, transfer or modify your domain name registration.

Please ensure that the WHOIS information is updated no later than close of business on date Apri 1 2013 If you would like to further discuss this
issue, please do not hesitate to contact me.

Regards,

REDACTED | Compliance Officer |Tucows

Clearly Phishing, Right?

Let's see, this fired off all my spidey-senses for a phishing email.

  • BIG LEGAL WARNING TEXT
  • Poor grammar.
  • Numerous spelling errors ("Apri 1 2013"?)
  • Atrociously formatted
  • Vague threats.
  • I don't have any contractual relationship with Tucows.
  • Demands for personal information.

So, I ignored it. Turns out, that was a mistake!

Uh-Oh!

A few hours ago, I received this email:

Hello;

This is to inform you that to date I have not received any notification that any changes have been made to the Whois for this domain nor have you confirmed the accuracy of the whois.

As the agreement that you have with us states that "Your willful provision of inaccurate or unreliable information, your willful failure promptly to update information "

And

"the accuracy of contact details associated with the your registration shall constitute a material breach of this Agreement and be a basis for cancellation of the domain name"

And that we (Tucows) as per our obligation with ICANN are left with no other recourse than to cancel the above mentioned domain.

If you have any questions, please feel free to contact me.

And, with that, my domain disappeared from the Intertubes!

Quick!

I frantically placed an international phone call and spoke to one of Tucows's compliance officers. We quickly established that this wasn't a scam and that all I needed to do was drop them an email stating that my WHOIS info was correct.

I did so, and in mercifully short time my domain popped back up.

I pointed out to them that I was unaware that I had any relationship with them. "Should have read your contract," they replied huffily.
Even if I had, I responded, the emails clearly look like they're a scam. "No they don't," they said. And that was the end of the matter as far as Tucows was concerned.

How Would You React?

Why didn't I spot this was a genuine email? Would you know that this poorly typed jumble of legalese was a real threat to your website?

I remember Tucows back when it was "The Ultimate Collection of Windows Software" - a rather motley collection of dog-eared "shareware" back in the day. Since then, it has become one of the biggest domain providers on the planet.

Nevertheless, my contract is with VidaHost (Affiliate link, lovely company, use code "edent" for a discount). A search of their site doesn't show any mention of Tucows. A search of my various contracts contains nothing about them.

I'm a geek, and even I find the weird nature of domain name registrars confusing. What hope for the average punter?

With the rise in spam and phishing, it behoves companies to make sure that their communications don't inadvertently look like illegitimate scrawls from the Internet’s underbelly.

Tucows clearly suffers from a lack of quality control. If they're this sloppy with their important emails, imagine the state of the rest of the company.

Preparing for the Collapse of Digital Civilization

While visiting the USA, I came across a delightfully bizzare TV show - Doomsday Preppers.

For those who don't know, this pseudo-documentary follows the lives of certain... eccentric... families who believe that the end of civilization is coming and they better get busy preparing for that eventuality.

Whereas you and I might keep a bit of spare cash hidden away, along with some out-of-date cans of food, these guys go the whole hog. Vast basements packed with food, gallons of oil to run generators, bomb-proofing their buildings, and training with guns. Lots of guns.

It's easy to laugh at these folk - their paranoia seems completely off the scale compared with the likelihood of the threat. And yet - I find them admirable. Come the apocalypse, I would likely last all of five minutes - whereas the "preppers" could survive indefinitely. They have the resources, the training, the experience, and the mental fortitude which comes from relentless preparation for the collapse of their world.

Which, naturally, brings me on to Google Reader.

Whither Google Reader

Last week, Google announced that it was killing off its popular Reader product. Howls of anguish from the loyal users of Reader - it was as if someone had announced the collapse of civilization.

As we come to rely more and more on the Internet, it's becoming clear that there is a real threat posed by tying oneself to a 3rd party service. The Internet is famously designed to route around failures caused by a nuclear strike - but it cannot defend against a service being withdrawn or a company going bankrupt.

It's tempting to say that multi-billion dollar companies like Apple and Google will never disappear - but a quick look at history shows Nokia, Enron, Amstrad, Sega, and many more which have fallen from great heights until they are mere shells and no longer offer the services which many people once relied on.

See, for example, this article from 2007 - Will MySpace Ever Lose Its Monopoly.

Even if the company survives - and there are remarkably few 100+ year old companies - we are at the mercy of third party services being shut down - witness Ping, Mobile Me, Buzz, Wave, Reader, etc. etc. ad mortem.

There are two questions that we need to ask when considering whether to adopt a new service.

Firstly - can I export my data? Secondly - is there an alternative which I control and therefore isn't at risk of collapse?

Export

I like to pose this question to my photography friends - "What would you do if Yahoo! suddenly decided to delete all your Flickr photos?"
Some of them have backups - most faint at the thought of all their work vanishing.

Luckily, services like Google, Facebook, Flickr and Twitter offer users a way to export their data. This is something you should do regularly - because you may not get much notice that a service is disappearing.

FormSpring recently announced that they were shutting down. They said:

Sunday, March 31st will be the last day you’ll be able to ask questions or post content on Formspring. You’ll be able to export your responses from now through Monday, April 15th, after which the site and apps will go offline, and any content will be permanently deleted.

That's a month to grab your stuff and go. Are you on a long vacation? In hospital? In prison? Otherwise without Internet access? Tough - your data is toast.

Avoid

Now we come to the "digital preppers" section. What can you do to ensure you never need to rely on anyone else?

Here's my rough guide to how you can self host many of your essential digital services.

RSS Reading

Before Google Reader, we had RSS readers running on our computers. We can now recreate the Google Reader experience by running Tiny Tiny RSS on your server.
TT-RSS screenshot
TT-RSS is a web app just like Google Reader - it fetches your feeds, lets you read them, share them, save them, etc. The only difference is that it runs on your server rather than Google's.

It's open source - so it will keep working even long after the original coders have left the project.

Run this on your server and never worry about the bottom dropping out of your world.

Photo Sharing

The Open Photo Project is the perfect resilient replacement for Flickr and other image sharing services. Indeed, you can export your photos, tags, and comments from most major platforms. You can host your photos - and a community - on you very own server.

openphoto web-home

OpenPhoto also has smartphone apps and is open source.

Mapping

Google offer Maps - for now. There are other mapping providers out there, but they are all at risk of companies going bust or deciding that they no longer want to provide a service.

Enter OpenStreetMap - think of it as Wikipedia for maps. A crowd sourced map - continually updated, with mobile apps, navigation, and beautiful imagery.
OSM
There are multiple providers who use OSM as their back end. If you are really paranoid, you can download the entire planet's map. A mere 27GB (compressed). Not an insignificant download - but manageable. Subsequent downloads are much smaller.

File Storage and Sharing

This is where we start moving off the beaten path and head into the wilderness.
One of the lovely things about DropBox is that they provide a very simple way to synchronise multiple computers - complete with a range of apps for mobile phones.
newrsynclogo
Rsync is exactly the same as DropBox - only a lot more complicated. You can use it to keep multiple computers in sync with each other. When files change on one machine, those changes are securely pushed to another machine.

There are limitations - few mobile clients, and no easy way to share files with others, for example.

What Else?

There are a huge range of services we use which are operated under the capricious whims of distant companies. This is by no means an exhaustive list of every option available to you. What services do you use which you would like to see decentralised?

SamKnows Whitebox - Broadband Monitoring

Do you ever sign up for something, forget about it, then get pleasantly surprised when a parcel turns up at your door? No? Just me?

Last year, I noticed that the SamKnows website were looking for volunteers to take part in their European broadband survey. The product is the rather uninspiring named "Whitebox".

The SamKnows Whitebox is an industry-approved measuring device, designed to measure performance of your broadband connection. It has been developed to enable you to accurately measure the performance of your ISP.

The European Commission selected SamKnows in 2011 to measure broadband performance across all member states within the European Union.

It really is simple to set up - as my unboxing video video shows.

The box works by downloading approximately 3GB per month and uploading around 1GB. It senses when the wireless and wired connections are being used so as to make sure that the tests are fair and don't interrupt your browsing.

Technical Details

The box runs the GPL'd OpenWRT firmware. SamKnows haven't skimped on their obligations under the GPL - all the code can be found at https://files.samknows.com/~gpl/.

A quick nmap shows that the box is indeed running Linux. It has port 2222 open for the Dropbear SSH daemon. This fits in with their FAQ which says

By default the device does not allow any remote access to it. For troubleshooting we may ask you for permission to access the device via a secure SSH tunnel. This will not give us access to your home computers.

Reporting

I'm supposed to be getting 16Mbps on an ADSL2+ line (theoretical max of 24Mbps). I'm reasonably close to the exchange and all our local boxes have been upgraded for FTTC.

I'm reasonably pleased with the speeds I get, but I'd love to know how consistent they are. When I've got a slow YouTube video - is the problem with YouTube, my ISP, or my WiFi?

SamKnows have a fairly comprehensive testing suite and, after a month, I'll be able to view my report online and, eventually, via my smartphone.

This is a really welcome development for the ISP industry. After years of misleading adverts and dodgy speed provisioning, we may finally start to get some transparency.
SamKnows Whitebox

Why Didn't The Romans Invent The Internet?

In Terry Pratchett's book "Going Postal" he writes about the impact on the Discworld civilization of the semaphore tower. A new - but relatively basic - technology which revolutionises how people work, play, and interact. It changes the fortunes of the humble and the mighty. It is as useful for individuals as for nation states.

In our universe, the modern semaphore tower was first conceived by Robert Hooke in 1684. Yet it the optical telegraph didn't really exist until 1792 - over a hundred years later.

The basics of the optical telegraph are relatively simple. You stand in a tower and perform an action which can be seen by a person in another tower. That action is translated into a message, which can then be routed to another tower until it reaches its intended recipient.

What I find interesting is that there was nothing fundamentally to stop the Romans - or any other ancient civilization - from creating such a network. The Greeks experimented with it in 4BCE but it seems it never really caught on. Tower building is easy, as is flag waving or other mechanical forms of signalling. Their technology was certainly capable of building a proto-Internet. That would have had some profound changes to our history.

Rapid communication leads us to some interesting mathematical problems - namely encryption and compression. You want to make sure your message is secure from eavesdropping (including by the operators) and you want to send the message quickly. As a network becomes complex, you need to develop a routing protocol - explaining where the message has come from and where it needs to go. You need algorithms to determine the optimal path through a system.

Social changes come too. In Tom Standage's The Victorian Internet he talks about how the telegraph system disrupted commerce and society. The Victorian Internet was used to commit crimes, distribute suppressed information, manipulate markets, and to corrupt the youth. Not so very different from our own Internet!

Imagine what the world would be like if we'd had a 2,000 year head start on the principles of the Internet? Every day we see the efficiencies which a reliable communication network brings. Our knowledge of mathematics increases as we struggle to squeeze more information into limited channels. While rapid communication hasn't averted war - it has helped nation speak unto nation.

Consider the lonely alchemist who had to wait years to receive replies from far off lands - how much more quickly would science have progressed if people could instantly communicate their discoveries to an audience of their peers?

If the Romans had built a practical semaphore, not only would we all be speaking Latin, but our society would be a great deal more advanced. So why didn't they?

The main limiting factor, I think, is the lack of a decent telescope. Without the ability to see over great distances, communication towers have to be located relatively close to one another. That makes them more expensive - especially when a good horse can carry a message over a similar distance.

This is the story of technology in a nutshell. An amazing advancement is just beyond our grasp due to a minor inconvenience. A start-up fails because horses are cheaper and more reliable now. When Pheidippides can run 240Km in two days - why bother with the great expense of building towers and paying soldiers to staff them?

The future course of humanity delayed for want of a lens.

I'm sure history is littered with such examples. I'm not talking about the spurious claims of Ancient Egyptian flying saucers - or even strange artefacts like the Baghdad Battery. Electricity, it seems, was discovered and lost several times. In modern times, we saw the rise of powerful encryption techniques at Bletchley park - these were then suppressed by the UK Government and "lost" - they were then "invented" many years later by American mathematicians.

It is natural for people of the twentieth century to assume that our existing body of knowledge contains all the facts and processes which were within the ken of earlier men, plus the infinitely rich new content of modern science. A corollary of this assumption is that the prodigious enrichment of knowledge by the scientific research of the past three centuries-that is, since the time of Gilbert, Galileo, Harvey, and others-makes that part of knowledge which was attained by all preceding generations pale into insignificance.

But in truth both the assumption and its corollary are unwarranted. In the light of archaeology we can not doubt that the ancients knew a good many valuable and highly significant facts which nobody knows to-day. It goes without saying that the amount of this lost knowledge is beyond any one's power to estimate...

The Logical Significance of Rediscovered Knowledge
Daniel Sommer Robinson
The Journal of Philosophy
Vol. 22, No. 13 (Jun. 18, 1925), pp. 346-353

What are we missing now? What tiny changes would divert our destiny? It's hard to discover what we don't know we don't know, but there are a few that strike me as tantalizingly close. Some are mathematical, some technological, and some merely economical.

  • Public Key Trust. The way we deal with trust in the PKI sphere is broken. Is there a simple way to verify the identity of a public key?
  • Rapid and free transfer of money. At the moment, it's impossible to transfer a solitary cent commercially without incurring a prohibitive cost. What does the Internet look like when it's trivial to throw tuppence at a blogger?
  • Waste energy capture. Humans pump out a lot of energy, we generate heat and movement which dissapates into the environment. A kinetic watch will run for as long as its owner keeps moving - can we use that energy to power something more complex?
  • Self healing materials. Stronger material - like the lost Damascus Steel would be nice - but why can't our object grow and heal?
  • Cold Fusion. Or, at least, a way to generate power in such a way that energy security is no longer an issue.

I would love to believe that there is an old untranslated manuscript which teaches us the secrets of anti-gravity or telepathic communication. What I think is more likely is that we'll discover just how close humanity came to a major technological breakthrough - only to have lost our way.

I look back on the Romans and wonder what the world would now look like had they persevered with their ancient Internet. I'm sure the future will look back at us and whisper "if only..."