Tuesday, May 29, 2012

A future letter to Eben Moglen - draft 001

I watched a talk by Eben Moglen, and was quite moved by it. I felt the need to warn him about the next curveball about to be thrown his way (at least as I see it).

This is draft 001... and needs a lot more work before I send it to him directly.

Hello Mr Moglen,

Thank you for your work on behalf of all of us, re: PGP, and your well thought out 1st draft about innovation under austerity.

In your talk about innovation, you describe a conversation in 1995 with Jamie Gorelick and Stewart Baker where he thows out this spoiler at you after your victory on PGP

"buy nobody here cares about anonymity, do they?"

Which lead to 20 years fighting about anonymity, which you say isn't going so well.

I hope to convince you that there is another spoiler waiting out there, and to give you some advanced warning about it, to be able to help head it off proactively.

I believe the next excuse to be used to curtail freedom will be security. Specifically, the inability of the user-centric default permissive environment of Linux, Windows, etc... to be secure. It is this weakness in security which will be used as an execuse to assert the need to manage all hardware which can be made to do general purpose computation.

There is a big cultural assumption amongst the slashdot crowd that Linux is somehow much more secure than Windows. Nothing could be futher from the truth. They both share the same flawed assumptions, albeit with significant differences in implementation. The assumption is that the user is the correct line for determining security decisions. It is not.

In the past, it was a quite sane demarcation line, because students generally ran the code then wrote, and you were worried about their behavior. In an age where nobody writes there own compilers and tool chains, we all have to trust code we didn't write.

Because we don't write the code, and because it can't be perfect, you can't predict its results. You should have a way to run it without having to trust it. There is no (easy) way to do this under Windows, or Linux, or anything else out besides some research OSs like Eros.

Virus scanners try to maintain a list of known bad programs. This doesn't work.

Linux fanboys will have you believe that the users are stupid, and if you lock things down, they won't be able to screw up the system. The user is blamed here... this is a false conclusion as well.

It is my belief that We need to push, as hard as possible, for the adoption of a security design which allows NOTHING by default, and limits running code to a list of positively stated capabilities, maintained in a per-process list. This framework can still support the access control lists, user names, etc.. we all need to feel comfortable, and to manage users, when appropriate. But this framework makes possible a new form of expression, which isn't even possible for the user to do if they don't have the tools provided.

If a user can run a program without having to trust it, they are free to experiment on it much the same way as we were free to try things out when DOS fit on a floppy disk, and you could write-protect it. You can directly limit the side-effects of any given instance of running code to the list of things you give it, and rest easy.

We need to make this world possible... sooner rather than later.

Thank you for your time and attention.

Friday, May 25, 2012

Seagate NAS - Not ready for prime time.

We purchased a 2TB Seagate Black Armor NAS for some things at work. It turns out to have some big issues.

2TB - advertising vs reality.
The device has 2 internal hard drives, each about 1 Terabyte in size. The default configuration as shipped is to mirror the drives (RAID 1), which means that you actually get a 1 TB storage device. If you span the disks (spread your data across both of them), you can get 2 Terabytes, but you geometrically increase the failure rate when doing so. You're better with a single 2 TB drive, which is NOT this device.

Global access - broken
In order to be able to access your files "from anywhere" you have to set up an account on the Seagate Global Access site.
The site took my username and password, and apparently remembers it, but won't let me log in.
It's the middle of a business day, and the support people are apparently out to lunch. (Returning at 1PM?)

This is not the type of 24x7 bulletproof option that we expected from the Seagate brand. We'll probably be returning this item.

Monday, May 07, 2012

Hardware Hacking - The Anderson Storm Door

My friend Steve had a problem with his storm door, the wind got hold of it, and the screws holding the top 2 hinges got stripped out.

Stripped holes - not enough thickness to really hold things properly.

When we were discussing projects we wanted to get done at PumpingStationOne, this was top of mind for Steve, as he had only recently installed the door, and wanted to fix it before the bottom hinges also became detached, possibly destroying the door. The main problem we figured was that the metal is just too thin to hold something via a thread, or sheet metal screw.

We then made these blocks out of 1/2 inch square T6061 aluminum alloy. They are sized to match the existing holes, and threaded at standard 6-32 size. These provide adequate grip for machine screws, and sufficient size to spread out the load avoiding more tearing of metal.

Steve shows off our well built fix.

Once we had the door off and on it's side, we made the holes wide enough to easily fit the bolts to our backstop, using a tapered reamer.

Next we had to figure out how to get these into the proper position. We ended up using a piece of threaded rod as a stick to maneuver the backstops into place.

The key to placement is to have the backstop ride on top of the stick into position, then use a flashlight and a longer bolt to pull it up into place. You want some easy to break tape in place at this point, which is why we used cheap "magic" tape.

Once you've got the backstop to it's desired left-right position, shine a light down one hole, using the other hole, and rotating the stick to get it lined up you should then be able to use the long bolt to get a few turns into the backstop block, and pull it up into position. Insert and tighten the bolt into the other hole, and then remove the long one and repeat with the other bolt.

We did the top and bottom hinges first, then did the closer to the middle sets. Here's a shot of a completed hinge which should hold forever.

We hope this helps someone else in a similar situation. Thanks for your time and attention.