Thursday, April 29, 2010

I get Corrected as Elham Al-Qasimi returns from North Pole



In a previous post here at FilterBlogs titled "I think this is Important" I re-posted an interesting and I thought important article from BoingBoing.

Written by Lisa Katayama

Elham Al-Qasimi en route to become first Arab woman on solo mission to the North Pole

Posted: 22 Apr 2010 01:09 PM PDT

home-04.jpeg

Later I had some questions about my post and edited it a bit, then I left a comment under the article in BoingBoing that made some assertions. The successful polar trekker herself, Elham Al-Qasimi corrected me there.

Here's the comment thread:

(Read the rest...)

There's the whole story now, I think.



mh

Wednesday, April 28, 2010

Popular "This Week on A Translation of WireTap with host Jonathan Goldstein" killed by Digital Millennium Copyright Act

Update: May 9th 2010 - I've done a little more research and found that the new audio page format is as open source as any there before - in fact you can copy and paste the whole show and the blurb and publish it as easy as pie.

To wit:
The World on a String







This week on WireTap, Howard teaches Jonathan how to say "Yes" to life. Should Jonathan be more spontaneous? Yes. Should he climb more trees? Yes. Should he give that mangy, rabies infested alley cat a hug? Yes!

So one less worry in your life - that CBC is preparing to destroy the commons - they are not. But the battle to keep podcasts of WireTap up at this site continues; another player has been taken down and I've put another one up (that's 4 players used so far).

Enjoy all my takes and podcasts of the shows by clicking on FilterBlogs "WireTap" label at the bottom of each post.


Free Range Content


It is my opinion that because this blog is an Ad Free website no copyright restrictions should apply here. The CBC legal department probably would offer a different opinion. They use the word 'clip' a lot over there. Here, I was providing a portal to listen the the entire WireTap show. Thus-ly this blog - in a strict interpretation of The Digital Millennium Copyright Act, 1998 (DMCA) - was in violation.

The CBC recently changed their mp3 player and podcast source Odeo - so when the players disappeared from my "This Week on A Translation of WireTap with host Jonathan Goldstein" series of posts last week, I understood one or two things had happened, either:

  1. Odeo's business model was in violation of DMCA, forcing CBC to change their mp3 server and player... (Odeo site says, "Odeo will be down for maintenance and site improvements. We will restore service as soon as possible. Sorry for the inconvenience.")
  2. CBC has asked Google to Take Down my 'whole show' mp3 players.
  3. Or both.

On Monday April 26th I replaced the Odeo mp3 players with Google mp3 players.

This week the players were again Taken Down. This means CBC's Legal Department sees offering the whole show as a player embed here as a copyright violation - and have asked Blogger to Take them Down.

Because Blogger will keep pulling down new players almost immediately (took one day this last time), it is now impossible to continue to bring you these FilterBlogs embeds of the show.

CBC Going 'NewsCorp' On Us?



As well, it looks like CBC is moving all their audio content to a new non-open source player. As of now, each shows podcast address are still available both at the WireTap Podcast page, and at the WireTap Audio page - however, they are sequestering the address inside a flash object that then (I think), asks another server for the address of the podcast. So now the CBC is ready, if they wish, to Take Down Podcast pages of any show and leave only the Audio pages - thus making embeds of any CBC content impossible, by anyone.

The Open Source Team here at FilterBlogs (me) continues to work diligently to keep these publicly paid-for productions 'Free Range Content'. I (we) will eventually find a work around.


The Ethics of Sharing



To check my ethical position here, I asked myself,

'What if a network I despise for their business practices, a for profit business like say, CTV took Johnathan's show and started making a list of the show week by week in podcast form?'

I would hate that. I would want the CRTC to go after CTV and make them stop, and delete all the shows. But it's not because I dislike CTV, it's because they would be selling ads to go on that WireTap page - they would be making a profit off of Jonathan Goldstein's work with out paying Johnathan.

FilterBlogs is a non-profit blog that exists towards the public good. I am building a network of people with similar interests, and in this one case, around 'WireTap with host Jonathan Goldstein'. As the new media map takes shape networks like this one may have become an important ecosystem, a support structure to both the particular show and CBC Radio as a whole.

The CBC through they're Lawyer-ing department are getting caught in a downward spiraling whirl-pool where always preparing for the worst is infecting the corporate mindset and potentially blinding them collectively from perceiving that the flowering of new web applications, and the Internet Operating System that is forming as a result, is an epoch changing opportunity to connect the CBC better than ever to the country - and to the world.

The folks in the CBC's copyright department are victims of their lawyer-ing meme - they cannot escape themselves - poor things.

Technology will leave these copyright enforcers, and every client they represent in a "dust bin" of the history technological progress.

(bangs shoe on podium)

Bye...! :)


Please see Michael Geist's website (University of Ottawa, Canada Research Chair at the in Internet and E-commerce Law) for info and actions you can take to defend your Internet Civil Rights and help keep the web open.

CBC using iCopyright, from CBC public affairs blog.

Be sure to see FilterBlogs "TakeDowns" Tag.



mh

Monday, April 26, 2010

Cartoon-arama



Randall Munroe creates XKCD (there's a link in the sidebar).
"iPad"


He often inspires my cartooning side... When I get inspired I make some cartoons over at The New Yorker Cartoon Kit page.





Zachary Kanin’s “Heaven Help Us” Cartoon Kit entries accepted until May 16th 2010.

The backdrop and many irreverent characters and props are provided; you just drag and drop the icons you want, re size them, place them, write a caption and save to create your own LOL Cartoon.

Five winners are selected each month and are presented in a slide show for the gratification of your uproarious ego (and to make people laugh).


The New Yorker Cartoon Kit home page.



mh

This Week on A Translation of WireTap with host Jonathan Goldstein


Or, how to 'long tail' a phone conversation you're eavesdropping on but can't hang up the receiver because they'd hear the click and find out.


Podcast of the April 24th 2010 show, "The World on a String".



This Week on A Translation of WireTap with host Jonathan Goldstein - is happiness all in our heads?

In a place where all our needs are satisfied, has happiness become unachievable? With no essential struggle now necessary for life or liberty is the pursuit of happiness now just an existential game? Are the prisons of our minds the only prisons that really matter?

What of the oppressed amongst us? Is our happiness also offering a helping hand to those stuck in boxes of their own making?

What of those who will not free themselves? Is freedom from unhappiness a responsibility to imprison those who will not free themselves? Perhaps torture... Should we torture those who will not be free, until they admit they are happy?

Or perhaps happiness is the freedom to choose a life path - and it's consequences.

(translations may vary according to province)


For more on this see Filterblogs not so funny post, Quebec Liberals Importing 'La Grande Noirceur' from an Intolerant Europe.


Image of Jonathan Goldstein, courtesy 'The Romantic' Blog.

Feed courtesy of CBC Radio One, WireTap podcast page.

Thanks to podbean.com for the player.



mh

Friday, April 23, 2010

I think this is Important

Update 04/27/10: After a little research I found some additions to this story were necessary (they are in parentheses).


Written by Lisa Katayama

Elham Al-Qasimi en route to become first Arab woman on solo mission to the North Pole

Posted: 22 Apr 2010 01:09 PM PDT

home-04.jpeg This is Elham Al-Qasimi. She is a 26-year old from Dubai who is currently en route to the North Pole. Elham is on a solo mission to get there over three weeks on cross country skis — if successful, she will be the first Arab woman to do so. Her endeavor is a bit too aggressively sponsored for my liking (every other photo of her seems to show the brand name of her skis, her gloves, her Land Rover beanie) but I am nonetheless rooting for her success, and excited to see a local hero defy traditional female roles to do something totally empowering and out of the box. You can track her progress via her journal; she's also @polarbent on Twitter.

---------------------------------------------



Somehow this doesn't fit with anything going on in the world right now. It's like Amelia Earhart heading out around the world in that plane with the world on the verge of the second great war.

Is it legal for Dubai women to even drive cars? (Yes)

It's surreal.

She's already on her way? Why didn't I hear about this? Has any one ever trekked to either of the poles alone - successfully? (Yes, it happens all the time - and she not alone.)

Link to BoingBoing article with lots of comments.


I took this right out of the BoingBoing gmail feed - cut and paste - no edits. Just to see if it could be done - and because like the title says...



mh

Facebook's "Instant Personalization" aggregates User Data to Producers and Marketers

Your "In" as the default setting. Option "Out" button clearly pointed to - this time.

Librarian by Day's Bobbi L. Newman has already produced the quintessential 'How-to' for Facebook's most recent changes to your privacy settings.



Yesterday (April 22, 2010) she published:

"Protect Your Privacy Opt Out of Facebook’s New Instant Personalization – Yes You Have to Opt Out"


What's happening is Facebook is monetizing your data and your connections by making a machine that builds a map of your behavior and sells that customized data stream to the big players in content production and advertising.

I won't mention any brands here but you know, the big national advertisers and the networks and production houses that produce most television and motion picture - and government.

This is near the middle of the beginning of the end of the Internets age of innocence. :0

Or something.

Yuk!

TV gone - soon I'll have to buy a Linux OS, so I can block all this sh*t by default.


Read Write Web has a nice piece on this development, "The Facebook Backlash Has Begun..." Written by Mike Melanson, April 23, 2010.

It poo-poos all the hysteria about privacy - I agree.



Link to Bruce Schneier's Crypto-Gram Newsletter this month (April 15 2010): "Privacy and Control".


Bruce Schneier's take put into words better than I have been able to, my feelings on these issues. Privacy is what our parents did to protect themselves Schneier says. This generation understands that it is control of your information that counts now.

Laws that determine what authorities can and cannot use against you in court - and under what circumstances - are not yet well defined. But there is so much value in sharing your information online that people are willing to take the chance - that the data will get lost in all the volume (that time is disappearing) or by using aliases. This is folly, all you do online can be traced.

The issue is to control your information. To have control of your information you need to have a copy of it in your hands.- not in the 'cloud' - not on Google's server, or worse, not in the data sucking Facebook server.

No software that I am aware of collects all the writing, photos, recordings, links, programs PC users run into a data base of 'you'. Enterprise software has the technology. The open source movement needs to build a PC sized one -.a byte by byte back up of all your data default directed to an encrypted file.


One thing I noticed during the eastern seaboard power outage of 2003 - all your data is accessible to you - until it isn't. Shut down the major servers and the whole thing gets very unresponsive. Shut down all the power on the continent -- go get the fork turn it over - your info isn't yours anymore.



mh

Thursday, April 15, 2010

Citizen Lab describes "Espionage 2.0" around GhostNet Investigation

Update: April 20, 2010
I've been in a bit of a bubble on this story, working only from original sources. The New York Times Published a nice piece April 5th 2010: "Researchers Trace Data Theft to Intruders in China" - By John Markoff and David Barboza.


"Espionage 2.0"

"My point in publishing these articles in FilterBlogs is to make people aware that powerful entities are threatening their Internet Civil Rights - rights that are in the process of being defined through legal precedent in courts of law. Using sophisticated tools to access information on the web that they are not legally entitled to see, governments, corporations and powerful organized crime syndicates are undermining the very rule of law that is in place partly, to define what our rights will be."

Two days after I published an opinion piece on Cyber Security issues - "BotNets: Sophisticated attacks likely Corporate, Government Espionage" (April 4th 2010) - the "Information Warfare Monitor" released a major scientific paper - SHADOWS IN THE CLOUD: Investigating Cyber Espionage 2.0 - an overview of the characteristics of the cyber espionage ring they named, "GhostNet".

Espionage 2.0. I like that - explains it perfectly.

(The report) "..is the product of an eight month, collaborative activity between the Information Warfare Monitor (Citizen Lab and SecDev) and the Shadowserver Foundation."



The people who contributed to the research (from Shadows in the Cloud):

"Steven Adair is a security researcher with the Shadowserver Foundation. He frequently analyzes malware, tracks botnets, and deals with cyber attacks of all kinds with a special emphasis on those linked to cyber espionage.

"Ron Deibert is Director of the Citizen Lab at the Munk School of Global Affairs, University of Toronto. He is a co-founder and principal investigator of the OpenNet Initiative and Information Warfare Monitor. He is Vice President, Policy and Outreach, Psiphon Inc., and a principal with the SecDev Group.

"Rafal Rohozinski is CEO of the SecDev Group and Psiphon Inc. He is a co-founder and principal investigator of the OpenNet Initiative and Information Warfare Monitor, and a senior research advisor at the Citizen Lab, Munk School of Global Affairs, University of Toronto.

"Nart Villeneuve is the Chief Security Officer at the SecDev Group, Director of Operations of Psiphon Inc. and a senior SecDev research fellow at the Citizen Lab at the Munk School of Global Affairs, University of Toronto where he focuses on electronic surveillance, targeted malware and politically motivated digital attacks.

"Greg Walton conducted and coordinated the primary field-based research for the Shadow investigation in His Holiness the Dalai Lama’s Office and the Tibetan Government-in-Exile in Dharamsala, India. Greg is a SecDev
Group associate and editor of the Information Warfare Monitor website. He is the SecDev Fellow at the Citizen Lab at the Munk School of Global Affairs, University of Toronto."

In my earlier piece I asked why a source quoted in a article by Brian Krebs "Cyber Attacks Target Pro-Tibet Groups" (Washington Post 2008/03/21), chose to remain anonymous. Between the lines I surmised the source might be working for China's enemies and was spreading disinformation. Greg Walton was apparently that source. He must have chosen to remain anonymous because the investigation was not complete.

Turns out many in the mass media automatically implied or outright stated that GhostNet was a Chinese government operation. I saw this in almost all the coverage on this story and it's understandable; journalists first question is usually "Who benefits?" The obvious answer in this case was the Chinese - but I thought it was very important to have proof before saying, or implying it. To mislead the public and the media in these highly organized professional espionage operations 'false flags' are placed, because they know what the first question asked will be.

Ron Deibert, Director, the Citizen Lab, Munk School of Global Affairs, University of Toronto is careful when he writes in the forward of 'Shadows...',
"We have no evidence in this report of the involvement of the People’s Republic of China (PRC) or any other government in the Shadow network. But an important question to be entertained is whether the PRC will take action to shut the Shadow network down."


An Overview

From the introduction:

"Shadows in the Cloud documents a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer network systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries."


The following is the Synopsis of the report.

Summary of Main Findings

Complex cyber espionage network - Documented evidence of a cyber espionage network that compromised government, business, and academic computer systems in India, the Office of the Dalai Lama, and the United Nations. Numerous other institutions, including the Embassy of Pakistan in the United States, were also compromised. Some of these institutions can be positively identified, while others cannot.

Theft of classified and sensitive documents - Recovery and analysis of exfiltrated data, including one document that appears to be encrypted diplomatic correspondence, two documents marked “SECRET”, six as “RESTRICTED”, and five as “CONFIDENTIAL”. These documents are identified as belonging to the Indian government. However, we do not have direct evidence that they were stolen from Indian government computers and they may have been compromised as a result of being copied onto personal computers. The recovered documents also include 1,500 letters sent from the Dalai Lama’s office between January and November 2009. The profile of documents recovered suggests that the attackers targeted specific systems and profiles of users.

Evidence of collateral compromise - A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan. This data was voluntarily provided to the Indian missions by nationals of 13 countries as part of the regular visa application process. In a context like Afghanistan, this finding points to the complex nature of the information security challenge where risks to individuals (or operational security) can occur as a result of a data
compromise on secure systems operated by trusted partners.

Command-and-control infrastructure that leverages cloud-based social media services - Documentation of a complex and tiered command and control infrastructure, designed to maintain persistence. The infrastructure made use of freely available social media systems that include Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo! Mail. This top layer directed compromised computers to accounts on free web hosting services, and as the free hosting servers were disabled, to a stable core of command and control servers located in the PRC.

Links to Chinese hacking community - Evidence of links between the Shadow network and two individuals living in Chengdu, PRC to the underground hacking community in the PRC.

My point in publishing these articles in FilterBlogs is to make people aware that powerful entities are threatening their Internet Civil Rights - rights that are in the process of being defined through legal precedent in courts of law. Using sophisticated tools to access information on the web that they are not legally entitled to see, governments, corporations and powerful organized crime syndicates are undermining the very rule of law that is in place partly, to define what our rights will be.

As it looks like this particular GhostNet Botnet system is a product of the Chinese government (we shall see if they do anything to dismantle it, towards their obligation under international agreements), be assured that other governments are there too. The United States is the undisputed leader in computing technology globally - perhaps two generations ahead of where the Chinese are - better cloaked Botnets than GhostNet are undoubtedly functioning in cyber space, deployed by both governments and private entities..


Links:

From Citizen Lab web site, posted on the 6th of April, 2010: "New IWM Report: Shadows in the Cloud" (links to the news conference, three interviews at CBC and and the report).


Here's an embed of the report in it's entirety, via Scribd. - the document dissemination application:
SHADOWS IN THE CLOUD: Investigating Cyber Espionage 2.0



To get a pdf copy for yourself go to Scribd.com, sign up (it's free), then go to "SHADOWS-IN-THE-CLOUD-Investigating-Cyber-Espionage-2-0", and click the download button at the top-left of the page.



mh

Wednesday, April 14, 2010

Water Cooler Talk #2

The second in my Talking Water Coolers series...



The New Yorker "Bad Business" Cartoon Kit Contest ends April 18th.

Is this funny? Why??

The New Yorker Cartoon Kit page.

The backdrop and many irreverent characters and props are provided, this month by professional cartoonist P. C. Vey; you just drag and drop the icons you want, resize and place them, then write a caption and save to create your own LOL Cartoon.

Five winners are selected each month and are presented in a slide show for the gratification of your uproarious ego (and to make people laugh).

See "Water Cooler Talk" (#1)



mh

Sunday, April 4, 2010

BotNets: Sophisticated attacks likely Corporate, Government Espionage

After some articles are put to bed at FilterBlogs they get a Posthumous Longtail Aperitif (PLA) - links to related articles published after my original post.

PLA April 16 2010. Update on this Published here at FilterBlogs: Citizen Lab describes "Espionage 2.0" around GhostNet Investigation.

PLA April 06 2010. CBC.ca "Hackers not linked to China's government: researcher



Governments exist in a world of laws and treaties. Appearing to act with-in these agreements has a high value for them. Corporations exist with-in similar matrices.

In the attacks described below the public should be aware that a 'false flag' attack (an attack vertice that is meant to distract you from the real target) can be worked into these complex programmes in order to obscure the real target of the attack. When governments and corporations conduct cyber warfare (*which they do not*) maintenance of plausible deniability is very important to them.

We've seen several examples of sophisticated attacks in the last three years;


Google-Gate (2010)

(From a search of the term Google-Gate on both Google and Bing the term seems to be monopolized by right wing conspiracy nutters afraid of the future. These 'fraidy cats' think Google is the "Beast", a reference to the Bible's Book of Revelations that predicts an end times. The Republican allied "tea-potters" think this is coming in 2012. As the original reference is the Republican wiretapping of the Democratic Party headquarters at the Watergate Hotel in 1972, I'm re-appropriating it here for the moderates.)


Most news sources have assumed China tried to access Google's corporate secretes in an attack in December 2009. But a read of Google's original blog post on the matter makes it clear that the sophisticated attack had many vectors. The only thing that appears certain, which is interesting in itself, is that the attack originated in China (a false flag?).

From the Google Blog:

A new approach to China
1/12/2010 03:00:00 PM

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

The next day (12/13/09) CNET reported several sources in the intelligence community made the Chinese Government link appear more solid by saying they had information that the route of the attack was definitely (sort of) the Chinese government.

(my emphasis)
Google did not specify how it knows the attacks originated in China and did not outright blame the Chinese government. Sources said it is typically difficult to find evidence specifically leading back to Chinese officials in computer attacks. Google must have some solid evidence for it to take such drastic action and risk losing millions of dollars in revenue from the Internet's largest market.
Researchers who have investigated these attacks said they were traced to China several ways and that they share characteristics with previous attacks linked to the Chinese government. The attacks used command-and-control servers based in Taiwan that are commonly used by or on the behalf of the Chinese government, according to iDefense. "The IP addresses used to launch the attacks are known to be associated with previous attacks from groups that are either directly employed agents of the Chinese state or amateur hackers that are proxies for them that have attacked other U.S. companies in the past," said Eli Jellenc, head of international cyberintelligence at iDefense.

It seems to me that the popular press is laying the blame at the feet of the Chinese Government was precipitous, perhaps propelled by Google's decision to get out of the censorship agreement they have with the Chinese, and now the news that they are moving their Google.cn Search offices to Hong Kong (CNet news, March 22 2010).

One has to ask though if they we're going to do this anyway. Google is in last place in the search engine market in China and it doesn't look like that's about to change.

Tricia Wang, a Ph.D. student in the Sociology Department at UC San Diego writing in her blog, Cultural Bytes, offers a unique look at Google's failings in China, from her position as an ethnography reasurcher in China. The piece is titled, "My Suggestions for Making Google’s Services More Relevant for Non-Elite Chinese Users (involves some ethnography!)"

There are, however, other explanations that do lie within Google’s control in which they have failed to execute. The 3 main factors are: achieving brand recognition, creating a successful marketing campaign, and understanding usage contexts of non-elite internet users. Google should hold themselves accountable for these factors.

Google has failed at brand recognition. They have not been successful at making their services relevant for the average Chinese internet user nor have they made it easy for people to recognize, say, or even type in their name on a keyboard.

Read the rest...


I think there are forces in America ranging from isolationist to empirist - and the military industrial complex (a special interest group that crosses political boandries, it's systemic - see Eisenhower MIC speech) - who have vested interests in demonizing China at the moment. Since these forces have nothing to lose (there's no downside as most of the facts will remain unknown), felt they could chime in here against China with no comeupance.

The same goes for the Obama Administration that is trying to straddle the two interests. When Secretary of State Hillary Clinton read the riot act to China (Link: www.state.gov/ "Remarks on Internet Freedom", January 21, 2010.) her speech was full of rhetoric about the open web but no included no action. It was an opportunity for the administration to look good to key parts of their support demographic by doing something - with out having to actually do anything at all.


GhostNet 2008

1) The so called "GhostNet" (Citizen Lab at the University of Toronto link) that seemed to target email accounts of Tibetan Dissident's. From washingtonpost.com March 21, 2008 by Staff Writer Brian Krebs, "Cyber Attacks Target Pro-Tibet Groups":

Alison Reynolds, director of the Tibet Support Network, said organizations affiliated with her group are receiving on average 20 e-mail virus attacks daily. Increasingly, she said, the contents of the messages suggest that someone on one or more of the member groups' mailing lists has an e-mail account or computer that has already been compromised.
On March 18, as protests in Tibet intensified, a technology specialist working with Reynolds's group sent a message to members warning them to expect a sharp increase in e-mail and other cyber attacks against groups rallying the international community against China's crackdown.

(I find it interesting that the 'technology specialist' didn't take credit here but instead chose to remain anonymous. Perhaps volunteering for a non-profit is part of a job he has with one of the top cyber security groups on the planet.)


BotNet (2009)

Late last year Ottawa's Defence Intelligence uncovered a "BotNet" matrix they named "Mariposa" (referring to it's Barcelona central hub). A BotNet is a series of infected computers that, at the controllers command, can operate in tandem to compromise security on computers, and even install the hieght of snooping software a "Key Loggers" that allow the deployer to see everything you do in real time (from your online banking password to what area of a photograph you zoom in on with your photo editing software - EVERYTHING) .

I can't word it any better than Defence Intelligence's sum-up, at their site:

What is a Botnet?
A botnet is a collection of compromised computers that are directly under the control of a single malicious entity. Computers become compromised once malicious software is installed on them. This malicious software, or malware, is engineered specifically to gain access to and maintain control over the victim machine. Anti-virus companies label this malware as a virus, worm, or a trojan, but these designations are useless when considering the behaviour and capability of a botnet. Modern day malware evolves to become whatever is needed by its controller and is not limited by the boundaries of anti-virus labels.
Once the malware is on the system it seeks communication with its controlling entity. With communication established, any compromised machine can be capable of carrying out any order issued by the botnet controller and any data on the compromised machine can be extracted for use, sale or distribution by the attacker.
© 2008-2010 Network Defence Intelligence Inc.

According to an email from my ISP - sent to the manager of the account that connects me to the internet - an infected computer on our wireless connection moved 18,000 MB of data on March 23, 2010 between 4:50 and 5:00 PM (our daily average is 3,500 MB/day).

We all checked our computers for Malware and my room-mate found two Trojan horses buried on his browsers backup file.

In this time of economic and political uncertainty we're seeing an increase in Internet warfare both between states and corporations. This is also a function of the advance of the technology and as such I've decided to open up completely. This my seem counter intuitive to some people, but here's a good example of how being 'always on' works to my benefit. I can prove where I was on and what I was doing on March 23, 2010 between 4:50 and 5:00 PM.

According to my Google Dashboard application "Web History" this is what I was doing when the Trojan moved all that data.





I was composing an idea for a comment on an Andy Oram piece at O'Reilly Radar.

(click images to see O'Reilly Radar pages)



Image of Tricia Wang from her web site.



mh

Saturday, April 3, 2010

The Leslieviller, The Leslieville Residents Association and the Leslieville TTC Barn by the Lake



My application to join the local chat room "The Leslieviller" was approved, so this morning I jumped right in on the fooferah about the name chosen by the new neighbourhood political action group "The Leslieville Residents Association".




Not sure what all the fuss over the name is about at The Leslieviller, but many Lesvillians posting at the site don't think "The Leslieville Residents Association" represents them.

In my post there I suggested that they join - then it will. ;)


The Issues

The Leslieville Residents Association formed after a badly advertised public consultation process by the City of Toronto about the new TTC barns at Lakeshore Boulevard and Leslie Street somehow organically gathered a critical mass of citizenry. At a loud and fractious meeting on Eastern Avenue in February, many people said they had only heard about the plan six days before. People felt like the city was sneaking around behind their backs.

With 100 of the 207 new light rail street cars the city is buying set to rumble down Leslie Street after each rush hour - on their way to their sheds - area residents were wondering why they didn't get a more of a public heads up from the city on this.

A week later at a local church, a meeting took place where The Leslieville Residents Association was formed specifically to represent the community in talks with planners that might make changes to the plan. That meeting is scheduled for this week: Thursday, 6:30 - 9:00 PM, April 8th at 895 Eastern Avenue (same place as the first TTC 'open house').

TTC Notice of new public meeting (yes, pdf file)



The Divisions?

This neighbourhood is experiencing a gentrification at the present time, in no small degree because of the tearing down of the eastern end of the Gardiner Expressway. Many new residents don't want some lefty group claiming to represent everyone de-railing the cities lake front renewal plan.

Perhaps they can't see the greater picture:

The Leslieville Residents Association undoubtedly includes citizens who helped stop Walmart a few years ago (Wake Up WalMart Blog). Perhaps there are some left over disagreements around the vision people have of Leslieville's future. The cities Box Store vision for Lakeshore and Leslie reflected a car centric view of city planning from the 1950's -1970's which was rejected by the neighbourhood. This vision that was very bad for Lesslieville which became a forgotten, dirty neighbourhood under the freeway. I think Leslieville Residents Association just wants to make sure the city doesn't impose another top down vision like that on the community again. Another car centric vision that resulted in a neighbourhood divided from the great lake by a noisy, stinky Gardiner Expressway.

I hope the new development is worked so that it opens up the Great Lake Ontario to the neighbourhood, a potentially magnificent lakeside community development that allows residents to walk, cycle or drive (through neighbourhood streets) down to the great parks being developed there.

This will correct a great wrong, a highway along the lake edge that divided this lake front neighbourhood from one of the largest fresh water lakes on the planet, for three generations.


Some Solutions?

It seems to me like it's standard operating procedure in the political bureaucracy and planning departments of the city to - instead of embracing the new communications tools of Web 2.0 and engaging the people - continue in the old vein that always seems to look like they're trying to sneak stuff past stakeholders while we aren't looking.

(ask any politician or bureaucrat, it is not possible for special interests to trump the peoples choice)

The inaccessible City of Toronto website is partly to blame - all the documentation of the public consultation on this case are nicely laid out there, but if you didn't know it was happening - why would you look? Everyone knows that going to the City of Toronto's website for anything requires a great investment of time - or in real English - a waste of time. It is the opposite of user friendly, it hides things really well.

The city should have used the TTC bus stop shelters in the area to advertise a brand-able set of keywords that gets you to the page at the cities website. Instead, the web page is buried inside a section called "Get Involved" (how many tens of thousand things can one 'get involved' with through City Hall I wonder?). Plus the document is titled in a very bureaucratic way - good for insiders - impossible to guess while Googling: "New Light Rail Vehicle (LRV) Maintenance & Storage Facility".

How's that for keywords?

Instead I suggest "Leslieville + TTC + Barn". And you arrive at that, by using social networking tools - like Twitter or Facebook or The Leslieviller chat feature - at the beginning of the consultation process; the community will tell you what the keywords are - and they'll love you for asking!



mh

Ben Harper and Relentless7 - Looking for a New Sound



Could Canada's Matthew Good Band be the sound they're looking for?

I listened to this Austin City Limits presentation of Ben Harper and Relentless7 on PBS's WNED TV Buffalo last night.

Image from the October 10, 2009 premier of Ben Harper and Relentlee7 on "Austin City Limits"
In an interview near the end of the hour long concert Ben Harper talks about how the band formed. He said he was looking for a sound he'd twigged onto, and this band came the closest to the feel he was looking for.

I like it, I don't know much about Ben Harper but what I heard were a lot of tonal and subject references to Canada's Matthew Good Band.

This is the link to the Ben Harper and Relentless7 concert on Austin City Limits at pbs.org/video (sorry, no embed available).


Below are two examples of Matthew Good Band, courtesy Google Video:

(WARNING: the production and content of these works of art WILL make you cry - have tissues available)


Apparations (1997)
(Update 2014/08/15 - Well here's a good example of why you should download everything you care about - I tried to update this video - which has been taken down by Google Video (Google Video doesn't exist anymore due to DMCA) ... So I searched it - it doesn't exist - this is the brilliant video about the Exec in Vancouver who orders a prostitute and commits suicide - and a janitor character, played by Matthew Good, who sees the consequences, via the ubiquitous video surveillance in the office tower. A real piece of art - a decade ahead of our understanding of the surveillance state that Edward Snowden revealed... .)
(Update II - Found the audio for this - but the film work of art, that was obviously the band's co-production, doesn't exist as far as I can find. Suicide in the first stanza... .)



Strange Days (2000)
(Update 2014/08/15 - same as above except this video is about a homeless person who plays the angle character in a story about how money creates vanity, which leads to hedonism, which leads to the angel's death.)
(Update II - found it - but I'll leave the above because it'll go down I expect, with some money-hungry play once agsin soon.)



Image from the Austin City Limits broadcast courtesy Eric Stroller Blog.

Ben Harper and Relentless7 website

Ben Harper and Relentless7 on Austin City Limits (pbs.org/video).

Matthew Good Band website.



mh

Thursday, April 1, 2010

Water Cooler Talk



Sometimes the work day is a little too predictable...



The New Yorker "Bad Business" Cartoon Kit Contest ends April 18th.

I submitted this today. I like it. What do you think?

The New Yorker Cartoon Kit page.

The backdrop and many irreverent characters and props are provided, this month by professional cartoonist P. C. Vey; you just drag and drop the icons you want, resize and place them, then write a caption and save to create your own LOL Cartoon.

Five winners are selected each month and are presented in a slide show for the gratification of your uproarious ego (and to make people laugh).



mh

Flavouring Vegetable Proteins in third week of Recalls across North America

(Update: 04/01/10 11:06 AM. A little more sleep-enhanced research this morning reveals this is actually the beginning of week five of the Hydrolysed Vegetable Proteins recall. I made changes to this post that include the first weeks recalls starting March 2, 2010)


In these types of cases, involving basic food ingredients like flavourings - as with the earlier peanut oil and gluten recalls - pathogens can end up in thousands of different brand name products. It's hard to know what to do.


The latest crisis



Below is a picture of the beginning of a list of products that have been recalled by the Canadian Food Inspection Agency because they contain HYDROLYZED VEGETABLE PROTEINS which come from specific plants in the United States, and which are probably contaminated with Salmonella Bacteria. As you can see by the scroll bar at the top right, it's a long list.



To see the whole list go to The Canadian Food Inspection Agency.

Salmonella can make you very sick and in special cases, like people who are already ill or the very young, or the very old it can cause death.

The symptoms of Salmonella poisoning are diarrhea, fever, vomiting, and abdominal cramps. Symptoms last from 4 to 7 days. An extended bout of diarrhea can become fatal to otherwise healthy individuals.

HYDROLYZED VEGETABLE PROTEINS are in EVERYTHING. They're used as a medium to spray on stir in natural and artificial flavourings in junk food. It's in snack foods big time, and in seasonings you use cooking at home.

In these types of cases, involving basic ingredients like flavourings - pathogens can end up in thousands of different brand name products - and it hard to read those tiny lists with all those five syllable words.

A history of Crisis



This is much like the salmonella peanut products crisis that was with us for most of 2009. From the Wikipedia article, "Salmonellosis":

..Peanut Corporation of America (PCA), and urged people to postpone eating commercially-prepared or manufactured peanut butter-containing products and institutionally-served peanut butter.[10] Salmonella was reported to be found in 46 states in the United States in at least 3,862 peanut butter-based products such as crackers, energy bars, and peanut butter cookies from at least 343 food companies. Dog treats were affected as well. At least 691 people in more than 46 states became sick, and the Salmonella claimed at least nine lives as of March 25.[11][12][13][14][15]

Peanut butter and peanut paste manufactured by PCA were distributed to hundreds of firms for use as an ingredient in thousands of different products, such as cookies, crackers, cereal, candy and ice cream, all of which were recalled. Some products were also sold directly to consumers in retail outlets like dollar stores[10]


Earlier, in 2007, melamine (that stuff they make kitchen counter tops out of) got into glutamate stocks which are used as thickeners for all kinds of foods. In America's experience the crisis killed or adversely effected the quality of life of millions of family pets. From the Wikipedia article, "2007 pet food recalls":

By the end of March, veterinary organizations reported more than 100 pet deaths amongst nearly 500 cases of kidney failure,[1] with one online database self-reporting as many as 3,600 deaths as of 11 April.[2][3] The U.S. Food and Drug Administration has received reports of several thousand cats and dogs who have died after eating contaminated food, but have only confirmed 14 cases in part because there is no centralized government records database of animal sickness or death in the United States as there are with humans (such as the Centers for Disease Control).[4][5] As a result, many sources speculate that the actual number of affected pets may never be known and experts are concerned that the actual death toll could potentially reach into the thousands.[6][7]

Through the quick action (or a cover up), the FDA prevented the melamine tainted glutens from getting into the human food supply chain. So things like soups, TV dinners, or those instant gravies you buy that makes giving a Thanks Giving turkey dinner easer, were not affected.

What to do?



In this case, the HYDROLYZED VEGETABLE PROTEINS salmonella contamination, there are potentially millions of places the tainted flavouring could end up. You can't check every snack food - so just don't eat snack food until:
  • The government traces the contamination point and fixes it.
  • All the recalls have been properly carried out.
This is going to be a bigger problem than usual - the public should be on guard about the results of these recalls - they are voluntarily carried out by the stores and the manufacturers and the wholesalers. Although these type of voluntary recalls have worked in the past, this case is special - most foods that have a best before date maybe two months ahead - which ensures that after a short time all the recalled products are out of circulation - snack foods and instant foods on the other hand have best before dates sometimes years down the road.

So until this is resolved, carefully check the best before dates and ingredient lists against the CFIA recall lists on stuff like;
  • black pepper
  • chips
  • cheesy puffs
  • flavoured corn chips
  • tortilla chips
  • soup mixes
  • flavoured seeds & nuts
  • seasoned popcorn
  • all chip dips
  • flavoured pretzels
  • flavoured onion rings
  • flavoured rice cakes
  • all purpose vegetable seasoning
  • seasonings you use at home to cook with

The take home message: Flavouring BAD. Try spices and herbs - grow your own in a flower pot or your back yard - this is going to last for some time.

..and get on Canadian Food Inspection Agencies email notification list - the list will expand daily like it has for the last four weeks.

The recall started on March 2, 2010. Here's a copy and paste of the first four notices from the CFIA.

From the CFIA list of related updates (my emphasis):

# 2010-03-07 - Various Foods Containing Hydrolysed Vegetable Proteins (HVP) Recalled by Basic Food Flavors Inc. May Contain Salmonella Bacteria
# 2010-03-03 - Tim's Cascade Snacks Recalls 'Hawaiian® Kettle Style Potato Chips - Sweet Maui Onion' and 'Hawaiian - Sweet Maui Onion Rings' Because of Possible Health Risk
# 2010-03-02 - HAWAIIAN KETTLE STYLE POTATO CHIPS, SWEET MAUI ONION, may contain Salmonella bacteria
# 2010-03-02 - Certain T. MARZETTI brand veggie dips may contain salmonella bacteria

Note it took five days for the FDA and CFIA to isolate the problem to Hydrolysed Vegetable Proteins. Over the next couple of days the FDA and the CFIA tracked the problem down to two wholesalers of flavourings:
  • Basic Food Flavors Inc.
  • Mincing Overseas Spice Company
The list of companies that these two wholesalers ship to must be immense, I can't count all the brands listed so far. You should go and take note of your favourite brands that are on the list.

This next screen shot represents pretty effectively the expanding list.



The CFIA has the complete list of related alerts, by date issued, and with links to the press releases starting 03/02/10.

To sign up to get automatic Recall and Allergy notifications to your email via the CFIA.

The FDA recall data base has a much better user interface, you can search brand or generic names within a subject heading (like Hydrolysed Vegetable Proteins recall).

It's US consumer market place, so you won't recognize some brands and the manufacturers of those brands may not ship into Canada. To get info on the Canadian situation you have to go to the CFIA website.

At the FDA site I typed in "Humpty Dumpty Potato Chips" - just to try it out - no recall.

Next I tried "Potato Chips" and got this (cut and paste):

--------------------------------------------

Searched for 'Potato Chips' in Hydrolyzed Vegetable Protein Containing Products Recalls.
Sort by date / Sort by relevance

List of Snack and Snack Mix Products from Brand Hawaiian

... Kettle Style Potato Chips - Sweet Maui Onion, Tim's Cascade Snacks, 1 ounce bags,
Code dates: MAR 09 10 up to and including JUN 07 10, 1159400116, http://www.fda ...
www.accessdata.fda.gov/.../scripts/HVPCP/brand_list.cfm?brand=Hawaiian&cat=Snack%20and%20Snack%20Mix - 24k - Cached

[MS EXCEL] Sheet1

... 10, Soup/Soup Mix and Dip/Dip Mix, Great Value, Ranch Chip Dip, T ... 13, Snack and Snack
Mix, Hawaiian, Kettle Style Potato Chips - Sweet Maui Onion, Tim's Cascade ...
www.accessdata.fda.gov/scripts/HVPCP/HydrolyzedVegetableProteinProductsList2010.xls - Text Version
[ More results from www.accessdata.fda.gov/scripts/HVPCP ]

--------------------------------------------

Every time I go to a us.gov site, they get better; at gov.ca - well, it's functional...



mh