Who are you? Who who? Who who?

Posted on by

Lizzie pointed me to the Guardian’s interesting article on passport security—digital passports make it easier to pose as someone else. No need to steal someone’s passport when you can duplicate it and travel as someone else. Also interesting from a privacy angle: broadcasting passport data via RFID “up to a few meters […] depending on the chosen radio frequency and antenna design/size” (according to Wikipedia). But even if that length isn’t often repeatable, the reliable length is certainly long enough to stand next to someone whose passport data you’d like to gather.

Consider this scenario: A postman involved with organised crime knows he has a passport to deliver to your home. He already knows your name and address from the envelope. He can get your date of birth by several means, including credit-reference agencies or from the register of births, marriages and deaths (and, let’s face it, he delivers all your birthday cards anyway).

He knows the expiry date – 10 years from yesterday, give or take a day, when the passport was mailed to you. That leaves the nine-digit passport number. NO2ID says reports from its 30,000 members up and down the country are throwing up a number of similarities in the first four digits of the passport number, so that reduces the number of permutations, potentially leaving five purely random numbers to establish.

“If the rogue postman were to take your passport home, without opening the envelope he could put it against a reader and begin a ‘brute force’ attack in which your computer tries 12 different permutations every second until it has the right access codes,” says [thebunker.net‘s Kent] Laurie. “A five-digit number would take 23 hours to crack at the most. Once all those numbers were established, you could communicate with the RFID chip and steal all the information. And your passport could be delivered to you, unopened and just a day late.”

Thanks to Lizzie for the tip.

SFLC’s Bradley Kuhn says Microsoft’s patent pledge is “worse than useless”.

Posted on by

Bradley Kuhn, former Executive Director of the Free Software Foundation now Chief Technology Officer for the Software Freedom Law Center has published his take on the Microsoft patent pledge—useless to free software developers because of what they must do to qualify to use it at all, worse than useless for those who feel safe because of it. All cards on the table, I had Bradley Kuhn on my show and he was an excellent guest. I was also pleased to hear him speak at the University of Illinois on April 24, 2004 (read more about this talk) and I enjoyed dinner with him and the Free Software Society afterwards. This talk is Copyright Free Software Society, Urbana, Champaign. Verbatim copying, distribution and public performance of this entire speech recording is permitted in any medium provided this notice is preserved.

In short, the pledge applies precariously to developers who work in a vacuum: those who write original software in their spare time, receive no payment for it, and do not distribute it to anyone under the GNU GPL. It’s worse than useless, as this empty promise can create a false sense of security. Don’t be confused by the illusion of a truce; developers are no safer from Microsoft patents now than they were before. Instead, Microsoft has used this patent pledge to indicate that, in their view, the only good Free Software developer is an isolated, uncompensated, unimportant Free Software developer.

Why did Novell get involved with Microsoft and stand behind this? Is Novell simply so cash-poor that deals with Microsoft look good?

Read Kuhn’s complete essay here:

Continue reading

But that won’t stop them from citing Iraq as the most important thing in this election.

Posted on by

According to many on CommonDreams.org, this US mid-term election just passed was a referendum on Iraq, even if you had no genuine referenda on your ballot specifically asking about Iraq.

According to the AP/Edison exit poll, it would be more accurate to say this election was a referendum on the economy and the Iraq war weighed in at number 4 in the ranking below “Corruption” and “Terrorism”.

Sure, the money spent on the war adversely affects Americans and “Terrorism” could describe what the US is doing in Iraq, but Iraq was specifically mentioned yet didn’t rank at #1.

Also, since the Democrats didn’t offer anything for anti-war voters (who are now a majority in the US), it might be more fair to put the emphasis on the Republicans losing and the Democrats winning anything because America is a two-party country where independents and third parties only began to show up as challengers in some districts (Rich Whitney, Green party candidate for Illinois governor, had low double-digit support in early counts while the Democratic incumbent was hearing his Republican competitor concede the race to him). News reporters on TV last night said Whitney took more votes from the Republican candidate than the incumbent, which they said was odd.

When you’re trapped in a duopoly, the only other competition you’re allowed to hear from doesn’t have to offer you anything. You’ll be told to vote for them because “where else are you going to go?”. In two years it will be even more important to tell both corporate parties that you’ll leave them for independent and third party candidates.

When Microsoft and Novell work together where does software freedom go?

Posted on by

Miguel de Icaza wrote about the Novell-Microsoft deal and quoted a number of interesting points in his post for free software users.

The webcast is not available in any form free software users can play without installing something proprietary. Adobe Flash requires a proprietary plug-in (although work to fix this continues) and Windows Media requires Microsoft Windows and a proprietary program. If you can view either in a free software OS today it’s because you’ve installed proprietary software to do that job.

Quoting the Microsoft-Novell Q&A:

Under a patent cooperation agreement, Microsoft and Novell provide patent coverage for each others customers, giving customers peace of mind regarding patent issues.

Q: What does the patent agreement cover with regard to Mono and OpenOffice?

Yes, under the patent agreement, customers will receive coverage for Mono, Samba, and OpenOffice as well as .NET and Windows Server. All of these technologies will be improved upon during the five years of the agreement and there are some limits on the coverage that would be provided for future technologies added to these offerings. The collaboration framework we have put in place allows us to work on complex subjects such as this where intellectual property and innovation are important parts of the conversation.

In other words, most free software users get no coverage under this deal because they’re not Novell customers and they’re not Microsoft customers. What do the minority get here? Not much. Microsoft/Novell customers can’t spread their coverage as they spread the software. The agreement is incompatible with free software, like many other patent licenses are including Fraunhofer’s MP3 license. Microsoft and Novell are asking you to think of yourself instead of your community.

The specific mention of Mono, Samba, and OpenOffice.org tells us what programs’ functionality are in Microsoft’s sights for future patent litigation. This litigation can cover use as well as development because you are using patented algorithms merely by running patent-encumbered programs. In other words, merely by running these programs one becomes liable to lose a patent infringement lawsuit. Before you consider ditching free software, keep in mind that this is only Microsoft’s view of their patents. They can be wrong.

The “conversation” has nothing to do with “intellectual property” or “innovation” (which is often used to distract you from talking about your freedoms as a computer user). The subject at hand already has a name—software patents—and that name reminds us of previous conversations where we agree to work to abolish them.

Non-free media for a free software conference? Again?

Posted on by

Recently there was a symposium at Seneca College, Canada called the Free Software and Open Source Symposium (FSOSS). The name tells you what the speakers were supposed to address.

Unfortunately, and contrary to the name of the event, software freedom discussion is apparently not welcome and the recordings are needlessly encoded such that many free software users can’t play them.

See the updates and comments at the end of this post for some news on the struck portions of the post.

Continue reading

Anti-war movement? What anti-war movement?

Posted on by

Another Counterpuncher pointing out how distant some anti-war voices are from their words; Lance Selfa writes about the Progressive Democrats of America:

[T]he majority of liberal candidates the PDA backed in Democratic primaries lost to more conservative Democrats–many of them backed by the party establishment. Many of the winners–especially those, like Illinois candidate Tammy Duckworth, who were recruited and promoted by the Democratic Congressional Campaign Committee and its pro-war leader Rep. Rahm Emanuel–are pro-war themselves.

This has put the PDA in the same position as previous formations like it: working for the election of Democrats who not only don’t share their views on the war or health care, but are actually opposed to them. Yet in the interests of party unity and a broader outlook, the PDA has urged its members to work for these candidates.

Selfa doesn’t mention Cindy Sheehan, but I’m reminded that Sheehan is a member of the PDA Board and widely known as an anti-war voice (probably the one person credited with keeping the anti-war movement going on a national stage). But I have to wonder what does she really stand for? In her essay “Supporting Hillary” she told us that she “will not make the mistake of supporting another pro-war Democrat for president again: As I won’t support a pro-war Republican.”.

PDA supports Democratic Party candidates. But the Democrats are the loudest voices against progressive candidates, telling voters how voters are wasting their vote on third-party or independent candidacies, excluding third-party and independent candidates from debates; in short, encouraging voters to forgo their values and adopt the values of the corporations that fund the Democratic Party.

If you give them the opportunity, the Democrats and their agents (MoveOn.org, PDA, etc.) will sell your interests down the river. Don’t buy into the two-party trap.

No blogging allowed at “consumer generated media” conference

Posted on by

Boing Boing has the scoop:

The Nielsen Buzzmetrics conference on “Consumer Generated Media” (e.g., blogs, Flickr streams, youtubes, Wikipedia, etc) has a blanket prohibition on any reporting or blogging. Now, there’s nothing wrong with an off-the-record conference, I’ve attended and even helped run many of them. But the usual practice is to adopt the Chatham House Rule — no reporting on stuff that the speaker declares off-the-record, and no attributing any remarks without permission of the speaker. It’s pretty ironic for a “consumer generated media” conference to prohibit the creation of “consumer generated media.”

Although I do think there’s something wrong with an off-the-record conference particularly when people are invited who report things or simply enjoy their freedom of speech. The last sentence is telling (“But there’s an interesting parallel to the standards meetings and UN treaty bodies I’ve attended on Internet [governance] — the less Internet access those meetings had, the more likely it was that the meeting had been called to destroy the Internet.”); it’s not for the speaker to decide whether they’re to be a part of “consumer generated media”, it’s for the person reporting to decide. If you don’t want your comments to be repeated, don’t tell them to people you can’t trust to keep your secret. Certainly don’t hold a conference to air them.

Some issues are too important not to share; there are reasons why the high-ranking officials in government, for instance, have closed-door meetings to discuss the fate of democracy. I recall a similar problem writ small regarding secrecy at an ostensibly “community” radio station where I used to work. A number of important Board meetings were held in closed session (I was the only person to regularly attend these meetings as an audience member and I was regularly kicked out of the closed session discussion so often nobody else at the station heard the run-up to the closed session affair). Meeting minutes had insufficient detail to put together voting records even on open session votes. This Board defended Board-elected Board members (in other words, the Board was not fully accountable to the voting members) in the worst way by saying it helped keep control over the Board. Board meetings allotted far too little time to discuss matters of significance such as why ballots in one Board election were shipped out to an unnamed accountant, why the accountant’s unobserved vote tally was being taken seriously, and where those ballots ended up afterwards. I learned that not all paying members had received ballots in that election. Policies such as these are carefully constructed to maintain the appearance of fairness and democratic oversight while delivering neither.

So even though I disagree with the take Boing Boing presents here, I find the subsequent discussion of consumerism interesting and I wonder if they’re as sensitive to the self-contradiction they pose as I’m sure you will be if you read their post.

What of the “lousy way” of linking Soghoian to terrorism?

Posted on by

Following up on a previous post, Rep. Markey has admitted that he made a mistake in calling for Soghoian’s arrest:

On Friday I urged the Bush Administration to ”˜apprehend’ and shut down whoever had created a new website that enabled persons without a plane ticket to easily fake a boarding pass and use it to clear security, gain access to the boarding area and potentially to the cabin of a passenger plane. Subsequently I learned that the person responsible was a student at Indiana University, Christopher Soghoian, who intended no harm but, rather, intended to provide a public service by warning that this long-standing loophole could be easily exploited. The website has now apparently been shut down.

Under the circumstances, any legal consequences for this student must take into account his intent to perform a public service, to publicize a problem as a way of getting it fixed. He picked a lousy way of doing it, but he should not go to jail for his bad judgment. Better yet, the Department of Homeland Security should put him to work showing public officials how easily our security can be compromised.

It remains a fact that fake boarding passes can be easily created and the integration of terrorist watch lists with boarding security is still woefully inadequate. The best outcome of Mr. Soghoian’s ill-considered demonstration would be for the Department of Homeland Security to close these loopholes immediately.

Boing Boing quotes Avi Rubin saying Soghoian’s approach was a bad way to go about alerting people to the fact of no real security in Continental’s boarding passes (perhaps all airline boarding passes); Rubin called it “a real lapse in judgement [sic]“.

But there’s a huge problem here which isn’t being addressed by the comments thus far.

Rep. Markey has sufficient power in the US government to create a real problem for anyone by linking them to terrorism in the way he did Soghoian when he called for Soghoian’s arrest. The US government isn’t above holding people indefinitely, without charges, without representation, and torturing them. If we’re going to start challenging people’s speech on the basis of what might happen afterwards, I think Markey’s words and demonstrated US government behavior to date ought to weigh more heavily than someone possibly using a fake boarding pass to upgrade their seating from coach to first class (as Soghoian’s website suggested one could try doing with the website-generated boarding pass).

On the trouble of telling tweedledee they’re no better than tweedledum, or why you shouldn’t settle for a two-headed one-party country.

Posted on by

Jeff Taylor writes in Counterpunch:

The Bush administration has overreached. Years of incompetence, deceit, and hypocrisy have caught up with it, and the President’s lackeys in Congress are going to pay a price on Election Day. If Democrats take over the House and/or Senate, it will be by default. It will be because Republicans deserve to lose, not because Democrats deserve to win. In fact, both parties deserve to lose, but at the moment Republicans more richly deserve to lose. Also, with a two-party system there is no easy way for Americans to register their displeasure with the tweedledee party in power other than voting for the tweedledum party out of power.

When you lose competition, you lose leverage. The Democrats and Republicans know how and when to collude to frame a debate and survive. Please investigate write-in candidates, so-called “third party” candidates, and independents in all races. Take their candidacies seriously and tell the Democrat/Republican alternatives why your vote shouldn’t be taken for granted.