May 8, 2008

MS Word wants to open a port on your machine... wait what?

Even the most diehard TeXhead has moments when he needs to read some Word document. Tonight was such a night and I have Office 2004 on my machine for just such an eventuality (Please don't write in to tell me that I should run Pages. As I said, I don't want to run either of them, but I also don't want to deal with Pages/Word incompatibility.) Anyway, I boot up Word and the Leopard firewall asks me if I'd like to let Word listen for network connections. I go to click no and either manage to click it or raise some other window or something. The dialog disappears and when I check the firewall it sure does say to block MS Word. So, that's OK, I guess.

And then I get to thinking, "Why is Word opening up TCP listening ports anyway?" So, I run netstat -a | grep LISTEN and get: 

[49] /usr/sbin/netstat -a | grep LISTEN
tcp4       0      0  *.3369                 *.*                    LISTEN
...

Hmmm. What's 3369? Google doesn't know, so that's not good. I close Word and the port goes away and lsof confirms it's Word: 

[52] /usr/sbin/lsof -i TCP:3369

COMMAND  PID USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
Word    8198  ekr   16u  IPv4 0x6c4d66c      0t0  TCP *:3369 (LISTEN)

I shut down Word and my WiFi and restart it, but it's not listening now. Maybe I need the network on. Sure enough, I bring the WiFi back up and restart Word and now it's listening, but on a different port: 3828 this time. Stranger and stranger. Now ordinarily this would only be about a 4.0 freakout on a scale of 1 to 10, but it turns out that I only recently installed Office on this machine and was unaware of the following delightful property of MS AutoUpdate: it only installs one update at a time, no matter how many updates are pending. So, when you have 10-20 updates to install, and you're just letting update run itself, it takes forever to get uprev. The consequence of this is that I was loading random people's documents with some two year old (and vulnerable) version of Word. Who knows what malware I've had the joy of installing. This jacks things up to a freakout factor of about 6.2.

Next step: compare to another machine. It shows up on my other Mac, which is a little comforting, but of course that machine could be infected too. I double check with Hovav, who is about as paranoid as I am, and his copy of Office is is listening, but on some other random port. That's sort of comforting. This is starting to look a lot less like malware and a lot more like a feature of Word. A little more digging tells us the process name that is actually doing the listening. It's Word (as I knew) but with some wacky argument starting with -psn_0_.... Searching on this, we find out that I'm not the only person who has had this question.

If you close UDP 2222, then no other computers will know which TCP port your copy of word has chosen to listen to (in the 3000-3999 range), because that info is broadcasted in the UDP packets. The protocol is thus: Your copy of word spews it's serial number (encoded) and the TCP port it is listening on in a packed on UDP 2222. Other copies of word on the network get this packet and then respond the your copy of word on the specified TCP port if they have the same serial. Then one copy shuts down.

I guess it was malware after all. Outstanding!

Posted by ekr at 9:54 PM | Comments (7)

February 28, 2008

Yeah, that's going to work...

One of the main reasons to have a blog is to call a bad idea a bad idea. Here's one. Former FBI Agent Patrick J. Dempsey suggests:
It's obvious that the Internet requires some type of governance. But it is just as obvious that trying to establish this governance through the numerous legal systems might not be practical. The other possibility for governing the Internet, and, more specifically, the criminal activity that occurs on the Internet, would be to change the structure of the Internet. Although I don't support ideas like the "national firewalls" put in place by some countries, this type of solution does afford some level of control over Internet traffic flowing through said country.

However, knowing all the possibilities with disguising or "spoofing" one's information on the Web, I'm not sure that there is a way to truly "protect our borders" when it comes to the Internet. The solution might be to establish two Internets -- the current Internet and a new, more secure Internet where users would be required to register prior to gaining access. Once again, though, we're confronted with the issue of what would be the governing body that would manage the user registrations? Would it be an organization similar to the IANA (Internet Assigned Numbers Authority) or InterNIC that would manage user registrations on the "new" Internet, or do we need to establish an entirely new entity to manage a more secure Internet?

The problem with this idea is it's totally confused about the security problem with the Internet, which has a lot more to do with stupid users and insecure software than it does with failing to authenticate everyone with a modem.

Let's play this out: you set up your new secure Internet. There's already an Internet 2, so let's call it Internet 3 or I3. Anyway, we've got I3 up and running and before they'll give you a connection you have to give them your fingerprint, irisprint, a blood sample and the keys to your car. Of course, if if you want I3 to be useful, you have to let pretty much anyone on, so just like the Internet, I3 is full of hackers. And since your software isn't any more secure than it was before, you're still just as likely to have your machine compromised. Now, it's true that having positive identification for each user might forensics a tiny bit easier: once you've managed to track the user down to the account they initially logged in from, you know who to arrest. But of course, hackers use compromised machines as stepping stones, so tracking them down isn't easy, and of course it's not exactly difficult to steal people's account information and log in as them instead of yourself.

Even if we somehow were able to create an I3 without any hackers on it, it wouldn't stay that way for long. I3 is one big sterile area, so as soon as any significant number of compromises happen it's game over. Initially, I3 is going to be pretty lame, so people are going to use both the Internet and I3. And since the Internet is full of hackers and their machines are compromised and they're going to use the same machines for both the Internet and I3, it's not going to be long before plenty of I3 credentials are circulating in the hacker community. Creating isolated networks is really hard even when you're working in real high security environments. It's basically impossible when you're dealing with millions of people, many of whom are willing to run any random .exe file you send them.

Posted by ekr at 8:31 PM | Comments (4)

January 31, 2008

The TSA blog

In what is probably not the most astute PR move ever, the TSA has decided to start a blog. It's sort of weirdly earnest and self-justifying. For example:

There is no time to talk, to listen, to engage with each other. There isn't much opportunity for our Security Officers to explain the 'why,' of what we ask you to do at the checkpoint, just the 'what' needs to be done to clear security. The result is that the feedback and venting ends up circulating among passengers with no real opportunity for us to learn from you or vice versa. We get feedback verbally and non-verbally at the checkpoint and see a lot in the blogs, again without a real dialogue.

Our ambition is to provide here a forum for a lively, open discussion of TSA issues. While I and senior leadership of TSA will" participate in the discussion, we are turning the keyboard over to several hosts who represent what's best about TSA (its people). Our hosts aren't responsible for TSA's policies, nor will they have to defend them -- their job is to engage with you straight-up and take it from there. Our hosts will have access to senior leadership but will have very few editorial constraints. Our postings from the public will be reviewed to remove the destructive but not touch the critical or cranky.

Truth be told, they really haven't censored the comments much, and the comments thread on the first post seem to be split about 20/20/60 (this is just a rough estimate, it's not like I actually counted all of them) between:

Unsurprisingly, I don't see a lot of real engagement with the points being raised by commenters. It's mostly the same sort of vague defensiveness you see in the TSA's more formal communications with the public. For instance, this post wants to be a justification of the shoe policy:

It's not all about Richard Reid when it comes to the screening of shoes. Post all of your thoughts about shoes in this blog post. To learn more about how the shoe fits in with the TSA, check out our web page on "why we screen shoes". Then come back here and let's talk.

The article this is referring to is here and transitively these "recently declassified" (nothing like that to give the air of authenticity) photos of x-rays of shoes with explosives in them:

Wow, that's totally convincing, except for the fact that (1) you can get hard (machinable) explosives which you could form into the whole sole of the shoe, pretty much making this sort of contrast technique useless and (2) there are lots of ways to conceal the explosive (non-magnetic, remember) parts of a bomb on your body [*].

People of course point this out in the comments section, but the TSA people don't respond, so the whole exercise is kind of pointless. Do they really expect this to make anyone have a more positive opinion of TSA?

Posted by ekr at 9:15 PM | Comments (7)

January 30, 2008

How to control your permalinks in MT4

In the comments, Dave B. asks:
Can you share your solution, please? 'Not the world's most intuitive UI' is being _very_ polite! That change has smashed hundreds of my inbound links ... but damned if I can find the place to set the dirify defaults ... :-(

Glad you asked.

Go to "Design | Templates | Archive Templates | Individual Entry Archive". At the bottom is a pulldown labelled "Archive Mapping". It's probably set to yyyy/mm/entry-basename.html. Apparently this is a schematic representation of the names. If you change it to yyyy/mm/entry_basename.html (note substitution of underscore for hyphen) you'll get underscorified permalinks. Totally intuitive, eh?

Posted by ekr at 7:16 AM | Comments (1)

December 28, 2007

8 grams of lithium-what?

Schneier notes the TSA's new rules about lithium ion batteries. Here's their overall policy:
The following quantity limits apply to both your spare and installed batteries. The limits are expressed in grams of “equivalent lithium content.” 8 grams of equivalent lithium content is approximately 100 watt-hours. 25 grams is approximately 300 watt-hours:
  • Under the new rules, you can bring batteries with up to 8-gram equivalent lithium content. All lithium ion batteries in cell phones are below 8 gram equivalent lithium content. Nearly all laptop computers also are below this quantity threshold.
  • You can also bring up to two spare batteries with an aggregate equivalent lithium content of up to 25 grams, in addition to any batteries that fall below the 8-gram threshold. Examples of two types of lithium ion batteries with equivalent lithium content over 8 grams but below 25 are shown below.
  • For a lithium metal battery, whether installed in a device or carried as a spare, the limit on lithium content is 2 grams of lithium metal per battery. Almost all consumer-type lithium metal batteries are below 2 grams of lithium metal. But if you are unsure, contact the manufacturer!

This seems like it will be a lot of fun. I'm really looking forward to watching TSA reps try to figure out whether a given device has over 8-gram equivalents of lithium in it, let alone trying to add up the watt hours in various devices to decide if they are over 300 (note that 8 grams is claimed to be about 100 watt-hours, so what if you have 302 watt-hours, which is over 300, but probably less than 25 grams). This "contact the manufacturer" thing is pretty nuts. TSA needs to have a list to decide what they want to accept. Why don't they just publish it?

Another thing that's weird is that you can't have spare batteries in your checked luggage, but you are allowed to have such batteries installed in your devices. I'm sure my laptop will contain any fires or explosions. Outstanding!

Posted by ekr at 8:24 PM | Comments (5)

December 7, 2007

Forget net neutrality, how about hard drive neutrality?

You know, I never thought that I would never need to worry about hard drive neutrality. When I first heard about this I just sort of assumed it would be something vaguely sensible that people were overreacting to, but no, when you go to the site it sure seems to be true.
Due to unverifiable media license authentication, the following file types cannot be shared by different users using WD Anywhere Access.

If these file types are on a share on the WD My Book World Edition system and another user accesses the share, these file will not be displayed for sharing. Any other file types can be shared using WD Anywhere Access.

The list includes: MP3, AVI, WMA, AAC, etc. Outstanding!

Posted by ekr at 10:54 AM | Comments (3)

November 18, 2007

Curse you, xml2rfc!

As draft season is once again upon us, I am once again spending a lot of time with xml2rfc the unofficial official draft production tool of the IETF. Now, the party line at IETF is that we use ASCII and you can prepare documents in any tool you like, but here on Planet Earth, the combination of nroff bit rot (or at least mind rot) and increasingly stringent formatting requirements has made it a real PITA to do documents in any tool other than xml2rfc. This does not mean that xml2rfc is a joy to use.

Before I go on with my litany of complaint, I want to head off at the pass the usual response one hears a this point. Two responses, actually: (1) nobody is making you use it and (2) it's open source software, if you don't like how it behaves, then you can fix it. The first objection is literally true but as a practical matter false. First, everyone else uses it so if you want to collaborate you pretty much have to. Second, as I said earlier, the fact that everyone else uses it means that the IETF has felt free to impose increasingly stringent tests on submitted documents to the point where if you use any other document production system, each time you want to submit a new document you end up spending a lot of time figuring out how to get it through whatever submission filters have been imposed this week. Finally, and most importantly, if you submit your draft to the RFC Editor in XML (you do want your document published as an RFC, right?) they will edit it in XML and so when you want to do a bis version, you have all their copy edits incorporated. On the other hand, if you give them plaintext, then you end up either having to edit their incredibly crufty nroff source or backport all their copy edit changes into your original source format, whatever that was.

The second response, of course, is insane. I just want to write documents and shouldn't have to be an XML hacker, let alone a tcl hacker (I did mention that xml2rfc is written in tcl, right?) to get that task done. "Go fix it yourself" is a fine mantra for tools that are truly optional, but not for those which are increasingly becoming the de facto standard.

OK, back to my theme. As the name suggests, to write something in xml2rfc you start with an XML document in a particular format and the run it through xml2rfc to produce ASCII or HTML or whatever (though ASCII is the normative format). The document looks like this: 

<?xml version="1.0" encoding="UTF-8"?>
<!-- edited with XMLSPY v5 rel. 3 U (http://www.xmlspy.com)
     by Daniel M Kohn (private) -->

<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
    <!ENTITY rfc2119 PUBLIC '' 
      'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
]>

<rfc category="std" ipr="full3978" docName="sample.txt">

<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>

<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>

    <front>
        <title>An Example</title>
        <author initials='A.Y' surname="Mous" fullname='Anon Y. Mous'>
            <organization/>
        </author>
        <date/>
        <abstract><t>An example.</t></abstract>
    </front>

    <middle>
        <section title="Requirements notation">
            <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
            "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
            and "OPTIONAL" in this document are to be interpreted as
            described in <xref target="RFC2119"/>.</t>
        </section>

        <section title="Security Considerations">
        <t>None.</t>
        </section>
    </middle>

    <back>
        <references title='Normative References'>&rfc2119;</references>
    </back>

</rfc>

Now, there's plenty of stuff to object to here, starting with the (false) notion that I want to be writing my document in XML in the first place. But what I want to talk about right now is how references/bibliographies are done.

Bibliography Locations
xml2rfc has three major reference handling modes:

You can mix and match these with some of the references being in each location.

Now, with RFCs and Internet-Drafts, as opposed to, say, scientific papers, Internet based references are unusually attractive.

For all these reasons, you'd think any sane person would use Internet-based references all the time and just use file-based and/or included references (which, btw, are hideous) when they had to reference something that wasn't online. Unfortunately, if you are that sane person, you're about to get screwed: as soon as you go offline (like you want to work on your document on a plane) things go pear-shaped in a really serious kind of way and you get an error that looks like this: 

xml2rfc: error: http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml: http package failed

Now, problem one (and a theme we'll come back to in a minute) is that you pretty much have to be a computer scientist to figure what this means. HTTP package failed? Maybe I need a new HTTP package? No, you're not on the Internet. But that's sort of forgivable, because only a computer scientist would be able to tolerate writing a document of any length in XML in the first place. And if you think about it for a minute, you can probably figure out what this means—though it's worth noting that the web page where I got this example from is none too clear on the fact that you're actually getting this reference from the Internet, and though you'd think the http:// would be a bit of a giveaway, it turns out that XML people routinely use un-dereferenceable URLs to identify resources, so there's no guarantee that just because something starts with http://, you actually can retrieve it.

Problem two is that in most cases you've built this document before and have just made some trivial change and want to rebuild. Most of the references were present when you rebuilt the document two hours ago before you got on the plane. xml2rfc could have simply cached them at that time and use the local cached copy when disconnected until it has time to check cache validity. Unfortunately, it doesn't, so all your references break as soon as you go offline.

Now, this would all be just annoying except for the fact that that error I showed you above is all xml2rfc gives you when you try to build a document with unresolvable references. Even one unresolvable reference means that it won't process your document at all, so if you change one paragraph, leave the references alone, and want to see what it looks like, too bad! You're SOL! At this point your only choice is to go through and stub out all the unresolvable references so that xml2rfc doesn't freak out, and since they appear all over the document this is a lot of work, and even more work when you have to unstub them when you actually want to build the document. By contrast, in a system like LaTeX/bibtex, you just end up with 

[?]
at the reference site in the text and empty biblio entries at the end.

The consequence of all this stuff is that people who want to work offline end up using one of the other two reference styles, where there's a local copy. And if you want to collaborate with anyone else, you all either have to have a copy of the entire bibliography strategy gets pretty tedious (did I mention it's scattered across one file for each reference, though there may be some poorly documented or undocumented way to fix that) so you end up just cutting and pasting the bibliography information into the main working file, which, did I mention, is hideous? In the document I'm working on now, over 20% of the lines in the file are devoted to bibliography. But at least it's self-contained.

I can't help myself: here's a typical bibliography entry, cut right out of my document: 

      <reference anchor="I-D.garcia-p2psip-dns-sd-bootstrapping">
        <front>
          <title>P2PSIP bootstrapping using DNS-SD</title>

          <author fullname="Gustavo Garcia" initials="G" surname="Garcia">
            <organization></organization>
          </author>

          <date day="25" month="October" year="2007" />

          <abstract>
            <t>This document describes a DNS-based bootstrap mechanism to
            discover the initial peer or peers needed to join a P2PSIP
            Overlay. The document specifies the use of DNS Service Discovery
            (DNS-SD) and the format of the required resource records to
            support the discovery of P2PSIP peers. This mechanism can be
            applied in scenarios with DNS servers or combined with multicast
            DNS to fulfill different proposed P2PSIP use cases.</t>
          </abstract>
        </front>

        <seriesInfo name="Internet-Draft"
                    value="draft-garcia-p2psip-dns-sd-bootstrapping-00" />

        <format target="http://www.ietf.org/internet-drafts/draft-garcia-p2psip-dns-sd-bootstrapping-00.txt"
                type="TXT" />
      </reference>

And here's the reference entry it actually produces: 

   [I-D.garcia-p2psip-dns-sd-bootstrapping]
              Garcia, G., "P2PSIP bootstrapping using DNS-SD",
              draft-garcia-p2psip-dns-sd-bootstrapping-00 (work in
              progress), October 2007.

Now, ask yourself the following question: why, exactly, does this biblio entry need to contain the abstract?!?! The URL is also included, though not used here, but that's so xml2rfc can make clickable links in an HTML version. I guess putting the abstract in the reference would let some future JavaScript weenie pop up the abstract if you hover over the reference. That would sure be useful! The real answer, of course, is that that was what was in the file we sucked down from the Internet and we're sure as heck not going to edit it, lest we break the XML.

Bibliography Errors
So, what happens if you screw up stuffing in some reference, which, since there are three places to do this, happens depressingly often. Let's see what happens if we screw up one of these.

First, let's delete the reference from the body of the document. This produces the following result: 

xml2rfc: warning: no <xref> in <rfc> targets
<reference anchor='RFC2119'> around input line 10

Now, this isn't so bad. Once you translate the xmlese, it says that there's a reference anchor (i.e., something you can reference) for RFC 2119 that isn't targeted by an xref (i.e., a reference in the text.) So, this is a superfluous bibliography entry. Also, the good news is that in this case it will still make the document.

Now, let's put that back and try removing the 

&rfc2119;
marker at the end. That produces this error: 
xml2rfc: error: can't read "xref(RFC2119)": no such element in array around input line 35

Uh... yeah.

So, what this means, literally, is that there's some array (xref?) doesn't contain the element "RFC2119". If you think like a computer programmer as opposed to someone who just wants to produce documents, you might guess that you're reference to RFC2119 doesn't point anywhere. But how do I populate that array. Well, if you go back to the example, you can probably figure out how to fix this, which is good, because you have to fix it if you want the document to build past the point of the first undefined reference!

Finally we come to the piece de resistance: what happens if you don't put in the entity declaration at the top? You get this: 

xml2rfc: error: not expecting pcdata in <references> element around input line 4
1 in "internally-preprocessed XML"

Syntax:
    41:<references title="Normative References">
    40:<back>
    8:<rfc category="std" ipr="full3978" docName="sample.txt">

"Not expecting pcdata"? What the fuck does that mean?

Luckily, you have me to translate for you. What this means is that the string &rfc2119; in the references section is an entity reference, but because you haven't defined the entity, the parser treats it as character data (PCDATA), which isn't permitted at this location in the XML document by the DTD. Hence, "not expecting pcdata". Useful, right?

As if that weren't bad enough, even once you've decoded this error message it doesn't tell you which entity you've forgotten to define. Sure, there's a line number, 41, and here's line 41: 

<references title='Normative References'>&rfc2119;</references>
So far so good, but unfortunately the line number here is that of the <references> element, not of the offending missing entity. Put as many valid references in there as you want and you still get the same line number. In order to figure out the offending entity, you either need to match up the front and the back of the documents or progressively cut references out of the back till the error goes away.1

The basic reason you're getting this error instead of something useful like "Go include a <!ENTITY rfc2119 ... production, at the top of the file, you dummy" is that this part of the references system is done purely using XML mechanisms, so you get an XML failure before some better error handling mechanism comes into play. This isn't the only time xml2rfc does this to you either, it's just the most offensive.

And that, children, is how the Internet standards sausage gets made. Outstanding!

1. Apparently you can use other tools to diagnose this too, but xml2rfc won't help you out.

Posted by ekr at 10:10 AM | Comments (3)

October 23, 2007

Information wants to make you look foolish

Abdallah Higazy, an Egyptian living in the US, was arrested shortly after 9/11 because an air-to-air/air-to-ground radio was allegedly found in his room. He was suspected of somehow being involved in 9/11 or similar attacks and the FBI interrogated him. Higazy denied possession of the radio and the FBI (understandably) didn't take his word for it. Higazy asked to take a polygraph and, well, I'll let the court tell it:
Higazy alleges that during the polygraph, Templeton told him that he should cooperate, and explained that if Higazy did not cooperate, the FBI would make his brother "live in scrutiny" and would "make sure that Egyptian security gives [his] family hell." Templeton later admitted that he knew how the Egyptian security forces operated: "that they had a security service, that their laws are different than ours, that they are probably allowed to do things in that country where they don't advise people of their rights, they don't — yeah, probably about torture, sure."

Higazy later said, "I knew that I couldn't prove my innocence, and I knew that my family was in danger." He explained that "[t]he only thing that went through my head was oh, my God, I am screwed and my family's in danger. If I say this device is mine, I'm screwed and my family is going to be safe. If I say this device is not mine, I'm screwed and my family's in danger. And Agent Templeton made it quite clear that cooperate had to mean saying something else other than this device is not mine."

Higazy explained why he feared for his family:

The Egyptian government has very little tolerance for anybody who is --they're suspicious of being a terrorist. To give you an idea, Saddam's security force--as they later on were called his henchmen--a lot of them learned their methods and techniques in Egypt; torture, rape, some stuff would be even too sick to . . . . My father is 67. My mother is 61. I have a brother who developed arthritis at 19. He still has it today. When the word 'torture' comes at least for my brother, I mean, all they have to do is really just press on one of these knuckles. I couldn't imagine them doing anything to my sister.
And Higazy added:
[L]et's just say a lot of people in Egypt would stay away from a family that they know or they believe or even rumored to have anything to do with terrorists and by the same token, some people who actually could be --might try to get to them and somebody might actually make a connection. I wasn't going to risk that. I wasn't going to risk that, so I thought to myself what could I say that he would believe. What could I say that's convincing? And I said okay.
Transcription from Psychsound.

OK, so Higazy confesses, or, rather, the FBI coerced a confession out of him. I should mention at this point that his confession is a bit fishy:

Higazy then gave Templeton a series of explanations as to how he obtained the radio. First, he admitted that he stole the radio from J&R, an electronics store. Then he recanted this story, and explained that he found it near J&R. Higazy next denied ever seeing or possessing the radio. Templeton allegedly banged on the table and screamed at Higazy: "You lied to me again! This is what? How many lies?" Higazy then lied again, this time telling Templeton that he found the radio on the other side of the Brooklyn Bridge. Higazy recalled that Templeton "turned so red I thought he was going to hit me." Templeton accused Higazy of being a liar, and said that he would "tell Agent Sullivan in my expert opinion you are a terrorist." Finally, Higazy told Templeton that he had stolen the radio from the Egyptian military and had used it to eavesdrop on telephone conversations.

Now, this is inherently kind of fishy: air traffic control is analog VHF radio (in the 100-140 MHz range). This doesn't correspond to any telephony frequency of which I'm aware: cell phones are (1) at much higher frequencies, 800 MHz, 1900 MHz, etc. (2) almost all digital at this point. Landline cordless phones are also generally at higher frequencies. The frequencies that telcos use for microwave backhaul are all much higher as well. I'd also be pretty surprised if they're not digital. Some, though not all of them, of them are also digital. [corrected after more research -- EKR]. This isn't to say, of course, that one couldn't make a radio that would receive all these frequencies, but it's not something that one would expect to find in a typical air-ground transceiver, like say this one, which works on some fixed set of analog frequency bands. You'd be talking about a more generic scanning tool. So, the claim that he used this radio to listen in on telephone calls seems pretty hard to believe. And, of course, if you do believe that, it's a lot less of a national security issue than someone communicating with hijackers. Anyway, the FBI arrested Higazy.

At this point, it won't surprise you to discover that Higazy appears to have been totally freaking innocent, and luckily for him, that was discovered:

Three days later, on January 14, 2002, an airline pilot, who had been staying on the 50th floor of the Millenium Hotel returned to the hotel to reclaim his property. After inspecting his items, the pilot informed the hotel staff that his transceiver was missing. Millenium immediately contacted the FBI, which then verified that what was thought to be Higazy's transceiver was in fact the pilot's and that the pilot had not had any interaction with Higazy. The FBI re- interviewed Ferry, who revised his original account, this time explaining that the radio was found on a table in Higazy's room and not in the safe. The government withdrew its complaint against Higazy, who was released on January 16, 2002, after thirty-four days in custody. In a letter to Judge Maas, the government conceded:
The owner of the aviation radio had no interaction with Mr. Higazy. It is still unclear, therefore, how the radio was transferred from the room on the 50th Floor to Mr. Higazy's room on the 51st floor. Employees of the hotel have indicated that, although the hotel has been closed since September 11th, a number of people entered the room in which Mr. Higazy had been staying at different times between September 11th and the day on which the radio was found.

Higazy sued Templeton. The District Court granted summary judgement to Templeton on the grounds of qualified immunity. The 5th Circuit reversed. Here's where things get really interesting: the 5th Circuit's original opinion contained the above quote about how Templeton, uh, convinced Higazy to confess. Shortly thereafter, the court took down the opinion. How Appealing was already hosting a copy and the clerk of the court actually called to ask him to take it down; he refused. Subsequently, the court posted a new opinion replacing the description with:

This opinion has been redacted because portions of the record are under seal. For the purposes of the summary judgment motion, Templeton did not contest that Higazy's statements were coerced.

I'm not a lawyer, but I must admit to being a little puzzled as to why this is an appropriate matter to seal. If Templeton hadn't worked for the FBI and threatened a confession out of someone would that be sealable? If not, doesn't the public have a pretty significant interest in knowing what their law enforcement officials do? Whatever the reason, once you've made the mistake of posting this to a web site somewhere, trying to take it back just makes you look stupid.

Posted by ekr at 8:33 AM | Comments (1)

October 15, 2007

POTS on crack

A friend sent me this rant from an unsatisfied VoIP user:
I also have had problems with instabilty of the soft client as currently configured. My soft client just stops working or crashes entirely and won't close. So I end up killing it in Task Manager. Sometimes I can relaunch it. Usually I have to reboot.

That's not to say that you would have the same experience. While the system is not beta, my deployment is still part of a pilot, the purpose of which is to shake out such things. In my case the problem could be the soft client. Or something to do with Windows. Or a conflict with another application.

My favorite crash appears in the image below. This is my phone on crack. The outline of the soft client appears, but with a Microsoft Word document inside it. That happened while I was on a call. How do you hang up a call when you see can't see the controls? Fortunately, my head set has a button on it to hang up without relying on the soft client. But I had to reboot the machine to get the soft client - and my phone service - back runnning again. That's a pain in the neck.

In case you care, it's the Siemens client he's using.

Posted by ekr at 9:59 PM | Comments (1)

August 31, 2007

Good thing I don't bank at Bank of India

Computerworld reports that the Bank of India Web site was attacked and seeded with a rather excessive amount of malware:
Although the bank's site had been scoured of all malware by Friday morning, it's currently offline. "This site is under temporary maintenance and will be available after 09:00 IST on 1.09.07," a prominent message currently reads.

Researchers at Sunbelt Software Inc. first posted details of the hack yesterday afternoon after finding rogue code embedded in the site's HTML. That code, actually an IFRAME exploit, silently redirected users to a hacker server, which pushed 22 different pieces of malware onto vulnerable PCs. By Sunbelt's tally, the malware included one worm, three rootkits, five Trojan downloaders, and several password stealers. "The biggest issue is the sheer volume of malware we've had to analyze," said Alex Eckelberry, Sunbelt's CEO, in a blog posting yesterday.

I guess if something's worth doing it's worth doing right. Outstanding!

Posted by ekr at 9:42 PM

March 27, 2007

If OBL can buy a used car, the terrorists have won

One of the innovative new homeland security programs to prevent terrorism is the Office of Foreign Asset Control's Special Designated Nationals List (warning: long). Unfortunately, like the No Fly List, it appears to not be quite as specific as one would like:
Tom Kubbany is neither a terrorist nor a drug trafficker, has average credit and has owned homes in the past, so the Northern California mental-health worker was baffled when his mortgage broker said lenders were not interested in him. Reviewing his loan file, he discovered something shocking. At the top of his credit report was an OFAC alert provided by credit bureau TransUnion that showed that his middle name, Hassan, is an alias for Ali Saddam Hussein, purportedly a "son of Saddam Hussein."

The record is not clear on whether Ali Saddam Hussein was a Hussein offspring, but the OFAC list stated he was born in 1980 or 1983. Kubbany was born in Detroit in 1949.

Under OFAC guidance, the date discrepancy signals a false match. Still, Kubbany said, the broker decided not to proceed. "She just talked with a bunch of lenders over the phone and they said, 'No,' " he said. "So we said, 'The heck with it. We'll just go somewhere else.' "

...

Saad Ali Muhammad is an African American who was born in Chicago, Illinois, and converted to Islam in 1980. When he tried to buy a used car from a Chevrolet dealership three years ago, a salesman ran his credit report and at the top saw a reference to "OFAC search," followed by the names of terrorists including Osama bin Laden. The only apparent connection was the name Muhammad. The credit report, also by TransUnion, did not explain what OFAC was or what the credit report user should do with the information. Muhammad wrote to TransUnion and filed a complaint with a state human rights agency, but the alert remains on his report, said Sinnar.

There's an inherent tension in any blacklist mechanism in that it's very susceptible to false negatives, both because the databases are inherently messy and because you don't want some terrorist bypassing your carefully (or not so carefully) gathered blacklist by spelling his name "Osama bin Liden". But the fuzzier the matching the more likely it is that some poor loser gets branded a terrorist. Obviously, any testing procedure has this problem, but since the inherent accuracy of blacklists is so low, you basically have to choose between two unappealing alternatives. And since the penalties for doing business with someone on the prohibited list are so severe (up to $10 million and 10-30 years in prison!) it's unsurprising that financial institutions err on the side of caution.

I do wonder whether Hector Garcia-Molina has any trouble here... 

"JOHN 40" (a.k.a. GARCIA MOLINA, Gener; a.k.a. "GUTIERREZ, Jhon";
a.k.a. "HERNANDEZ, John"; a.k.a. "JHON 40"; a.k.a. "JOHNNY 40");
DOB 23 Aug 1963; POB San Martin, Meta, Colombia; Cedula No.
17353242 (Colombia) (individual) [SDNTK]

I'm also glad I'm not named "Mike": 

"MIKE" (a.k.a. RODRIGUEZ OREJUELA, Miguel Angel; a.k.a. "DOCTOR
M.R.O."; a.k.a. "EL SENOR"; a.k.a. "MANOLO"; a.k.a. "MANUEL";
a.k.a. "MAURO"; a.k.a. "PAT"; a.k.a. "PATRICIA"; a.k.a. "PATRICIO";
a.k.a. "PATTY"), Casa No. 19, Avenida Lago, Ciudad Jardin, Cali,
Colombia; DOB 23 Nov 43; alt. DOB 15 Aug 43; Cedula No. 6095803
(Colombia) (individual) [SDNT]

Outstanding!

Posted by ekr at 11:09 PM | Comments (4)

December 19, 2006

We're taking away your sudafed, but here's something that doesn't work

As you may have noticed, it's become quite inconvenient to get pseudoephedrine. Luckily, Pfizer has rolled out a replacement, Sudafed PE, containing phenylephrine, a common topical nasal decongestant Not so luckily, there's no good evidence that it works as an oral decongestant, and substantial reason to think it doesn't, as indicated in this review by Ronald Eccles (þ Robert Cohen via Radley Balko) :
The aim of this review was to investigate the rationale for replacing the nasal decongestant pseudoephedrine (PDE) with phenylephrine (PE) as a means of controlling the illicit production of methamphetamine. A literature search was conducted in electronic databases and use of textbooks. Restrictions have been placed on the sale of PDE in the USA in an attempt to control the illicit production of methamphetamine. This has caused a switch from PDE to PE in many common cold and cough medicines. PE is a poor substitute for PDE as an orally administered decongestant as it is extensively metabolized in the gut and its efficacy as a decongestant is unproven.

Pseudoephedrine, by the way, does work. Outstanding!

Posted by ekr at 9:10 PM | Comments (2)

December 17, 2006

Bringing democracy and justice to Iraq

The Times runs the story of Donald Vance, a US contractor in Iraq who was an informant for the FBI and then was captured when the company he worked for was raided:
The detainee was Donald Vance, a 29-year-old Navy veteran from Chicago who went to Iraq as a security contractor. He wound up as a whistle-blower, passing information to the F.B.I. about suspicious activities at the Iraqi security firm where he worked, including what he said was possible illegal weapons trading.

But when American soldiers raided the company at his urging, Mr. Vance and another American who worked there were detained as suspects by the military, which was unaware that Mr. Vance was an informer, according to officials and military documents.

...

Nathan Ertel, the American held with Mr. Vance, brought away military records that shed further light on the detention camp and its secretive tribunals. Those records include a legal memorandum explicitly denying detainees the right to a lawyer at detention hearings to determine whether they should be released or held indefinitely, perhaps for prosecution.

The story told through those records and interviews illuminates the haphazard system of detention and prosecution that has evolved in Iraq, where detainees are often held for long periods without charges or legal representation, and where the authorities struggle to sort through the endless stream of detainees to identify those who pose real threats.

"Even Saddam Hussein had more legal counsel than I ever had", said Mr. Vance, who said he planned to sue the former defense secretary, Donald H. Rumsfeld, on grounds that his constitutional rights had been violated. "While we were detained, we wrote a letter to the camp commandant stating that the same democratic ideals we are trying to instill in the fledgling democratic country of Iraq, from simple due process to the Magna Carta, we are absolutely, positively refusing to follow ourselves."

A spokeswoman for the Pentagons detention operations in Iraq, First Lt. Lea Ann Fracasso, said in written answers to questions that the men had been treated fair and humanely, and that there was no record of either man complaining about their treatment.

She said officials did not reach Mr. Vances contact at the F.B.I. until he had been in custody for three weeks. Even so, she said, officials determined that he posed a threat and decided to continue holding him. He was released two months later, Lieutenant Fracasso said, based on a subsequent re-examination of his case, and his stated plans to leave Iraq.

...

The military has never explained why it continued to consider Mr. Vance a security threat, except to say that officials decided to release him after further review of his case.

In case it's not obvious, this is why the ordinary criminal justice system doesn't allow people to be held indefinitely without access to counsel or habeas corpus hearings. If your job is to catch and detain security threats, you don't have a lot of incentive to let people if you aren't totally sure about them. For that matter, you don't have a lot of incentive to sort out who's a security threat and who's not. The point of an adversarial system is to institutionalize that kind of incentive. Of course, in this particular case the suspect is an American citizen so he had family who could make a fuss (though as you can see above, it's not entirely clear why Mr. Vance was released, I imagine bad PR is something even the American military cares about.) I suspect that having your average Iraqi family upset about the fact that their son is being held incommunicado probably isn't quite as effective.

Outstanding!

Posted by ekr at 10:03 PM

December 11, 2006

Thanks Amazon and Google!

If you're a phisher your basic strategy is to convince the victim that he's talking to some site he regularly does business with. Now, you can't control the user's experience when he's talking to the legit site so what you do instead is make the experience you provide as much like the legit site as possible, hence tools for mirroring the site you're impersonating. If you're a potential victim of impersonation, you want to get the user into the habit of not trusting indicia that the phishers can easily indicate. To that end, you might want to tell your users not to click on URLs they receive in e-mail claiming to be from you. Unless, that is, you're Amazon: 
From: Amazon.com Customer Service 
Date: 11 Dec 2006 11:42:28 -0800
Subject: Payment for Your Amazon.com Order (#ORDER-NUMBER-HERE)
To: ekr@rtfm.com
Cc: payment-update@amazon.com

Greetings from Amazon.com.

We're writing to let you know that we are having difficulty processing your
Visa (exp. YYYY/MM).

We will try charging your credit card again shortly. It is not necessary to
place a new order, but you may want to review the payment information for
your order and make sure it is correct and current.

To do this:

1. Go to our home page (www.amazon.com) then click "Your Account" on the
top right menu.

2. Choose the option "Change payment method" (found under "View by Order"
in the "Where's My Stuff" box).

3. After you sign in, you will see all your current open orders. You can
click the "View or change order" button beside any order and make changes.

4. Click "Change" button in the "Payment Information" box beside "Payment
Method." At this point, you may review your current payment method, choose
a different payment method, or enter a new one.

Thanks for shopping at Amazon.com.

Sincerely,
Amazon.com Customer Service
http://www.amazon.com/

Please note: This e-mail was sent from a notification-only address that
cannot accept incoming e-mail. Please do not reply to this message.

Now, this mail has been sent in plaintext (i.e., text/plain) so there aren't any links. (Though you could of course get caught by cutting and pasting out of the message.) Unfortunately, Gmail decided to help me out and turned everything that looks like a domain name or URL into a link. Now, as it happens I had screwed up something with my credit card and this isn't a phishing message and, but it just as easily could have been. For extra credit, if you put a link to a different location in your message, Gmail will display it exactly like the links it auto-formats. Outstanding!

Posted by ekr at 8:41 PM

December 4, 2006

Good spyware?

In a post titled "Is there a simple way to make a pdf call home?" and filed in the category "good code", Larry Lessig asks:
Let's say you release a draft of a paper using PDF. But when people open the paper to read it, you'd like the PDF to check whether there's a more recent version available. If there is, you'd like it to indicate as much — somewhere. Obviously, you could always include a link that says "For the most current version, go here." But is there a way to say, "A more recent version of this document is available here."?

I'm sure a feature like that would never be abused!

Posted by ekr at 7:51 AM | Comments (2)