Zeroday 01100100011010010

I started developing a random idea over the holidays but never finished it. I’m releasing its description here with the hope that someone will steal and then implement it :)

a hybrid social media platform using rss feeds, twitter style messaging and public, private, and group key pair cryptography. it also solves the paradox of eventual decryption through the use of one time pads and very precise randomization.

secre.ts enables the user to share cryptographically protected messaging to allow use over untrusted publicly accessible networks like the Internet.

As a messaging solution secre.ts produces the greatest assets of email like services with the most secure traits of a virtual private network connection. vpn solutions are fragile connections and cumbersome on both bandwidth and the processor. secre.ts hybrid approach consumes processor but the messages are broadcast in public so connectivity is hugely increased and bandwidth isn’t impacted because the messages are received in cleartext.

Text from the Broadcast Commission

STATEMENT BY THE BROADCASTING COMMISSION ON ACTIONS AND RECENT DIRECTIVES RELATING TO BROADCAST MEDIA CONTENT
The Commission assures the public that it continues to actively work with broadcast licensees, the Minister of Information, the Media Association of Jamaica, the Jamaica Association of Community Cable Operators, the Entertainment Fraternity and other stakeholders to bring a halt to the deluge of inappropriate content on the airwaves. The public will have already seen and should continue to expect strong disciplinary action against those who fail to cooperate and comply with the broadcasting regulations.

The Commission has examined a number of songs, popularly referred to as “daggering songs”. “Daggering” is a colloquial term or phrase used in dancehall culture as a reference to hardcore sex or what is popularly referred to as “dry” sex, or the activities of persons engaged in the public simulation of various sexual acts and positions. The Commission has found these recordings to be explicitly sexual and violent, contrary to the provisions of Regulation 30(d) and Regulation 30(l) of the Television and Sound Broadcasting Regulations which state:

30. No licensee shall permit to be transmitted –

(d) any indecent or profane matter, so, however, that any broadcast to which regulation 26 relates shall be deemed not to be indecent; Reg. 30(d)
(l) any portrayal of violence which offends against good taste, decency or public morality. Reg. 30(l)

This content also offends against the tenets of the Children’s Code for Programming. Consequently, the following directive has been issued to Broadcasters:

DIRECTIVE TO LICENCEES
1. There shall not be transmitted through radio or television or cable services, any recording, live song or music video which promotes the act of ‘daggering’, or which makes reference to, or is otherwise suggestive of ‘daggering’.
2. There shall not be transmitted through radio or television or cable services, any audio recording, song or music video which employs editing
techniques of ‘bleeping’ or ‘beeping’ of its original lyrical content.
3. Programme managers and station owners or operators are hereby required to take immediate steps to prevent transmission of any recorded material relating to ‘daggering’ or which fall into the category of edited musical content using techniques of ‘bleeping’ or ‘beeping’.

CHANGES TO THE BROADCASTING REGULATIONS
The Commission has already recommended to government important changes to the law governing broadcasting and which are intended to be tabled in Parliament soon. The changes include:

• The introduction of financial sanctions for breaches of the regulations. Ensuring that the compilation of music charts is in accordance with an approved methodology.
• Maintaining playlists and programme logs of music played for examination by the Commission and accredited rights agencies.
• Evidence of approval of music sheets and playlists by station management before any song or video is transmitted.
• The arrangements for inclusion of local cable channels within the group of directly regulated operators, further to recent changes in the Broadcasting and Radio Re-Diffusion Act.

EXPANDED CITIZEN-BASED MONITORING
The Commission recognizes the critical role that citizens can and should play in monitoring the numerous radio and television channels that exist. In this regard, the Commission encourages continued submission of complaints about problematic content on electronic media. As a response to the increase in broadcasting and cable outlets, the Commission itself will be establishing islandwide Citizen based Media Monitors to assist in more comprehensive and effective monitoring of radio and television output. The media monitors will be drawn from diverse age groups, communities and organizations across the country. The Commission is also accepting volunteers.

CONTACTING THE COMMISSION
Members of the public are encouraged to support the Commission in monitoring the airwaves and reporting any breach of the directive or otherwise transmission of inappropriate content.

The Broadcasting Commission may be contacted at 1-888-99-CABLE (22253). Email messages can also be sent to  info at broadcom.org to report complaints or to seek additional information.

SIGNED: BROADCASTING COMMISSION

Youtube remixes now have links to amazon and itunes to purchase the songs. This is a great monetization strategy for youtube as well who has a snickering Hulu making money on the content which they, and only they, can negotiate (hulu is a joint project of Fox and NBC)

hulu is smart in that they are finally figuring out they can monetize their back catalogs with advertising revenue if only they made it easily available (no drm, etc). granted it only streams but this is a decent tradeoff for legal content on the internet. And this is from someone who absolutely abhors sitting through commercials or viewing 80% of advertising.

hulu officials have belittled youtube in trade publications [citation needed] because they don’t believe user created content can be monetized. I have a feeling they will be proven wrong in the next 24-36 months. as remixing becomes legitimized in both legal and social contexts the sheer amount of content created by unleashed masses with personal computers will start to eclipse the major studios.

more open source

* pine for email
* firefox for web
* gimp for photo editing
* audacity for audio editing
* more ruby
* more mysql

more cloud apps

* blip.tv for media storage
* less stagnet account on flickr
* more rss feeds

more mobile

* Twitter on mobile only
* IM on mobile only [edit: way too hard]
* increased IM on mobile
* email on mobile ReadOnly
* increase social app posts from mobile -> {flickr,youtube,blip.tv}

more social
* more irc
* more flickr posts with geotag

no drm
* none

My powerbook is in the third year of its life and as such has begun falling apart on a regular basis. I’ve had the laptop in for repair at least five times this year alone. Every time I bring my laptop in Apple employees ask me the same question.

“What is your administrator password?”

The first time I heard this question I thought he was joking. Apple is not kidding. They have offered every excuse imaginable for this practice but none have come close to convincing me to hand over my password. Sometimes the technicians would even try to intimidate me by saying that they might not be able to continue the repair if I refuse. One technician even tried to charge me an additional $100 for the installation of OS X for failing to divulge my password. The claim was that he had to perform additional work since I refused to cooperate.

This is official Apple policy and it needs to stop.

Consumers should *never* be asked for their passwords. It is a practice that defies logic to anyone that is trained in security. Given the state of the art in live OS distros there is absolutely no reason that Apple should ever need access to consumers files for hardware repairs anyway. It isn’t as if technicians haven’t been caught pilfering files from users in the past.

When bringing Apple computers in for repairs users should do the following until this is resolved:

1) Create a clone of the boot drive
2) Secure erase the contents of the drive
3) Install a fresh copy of the OS
4) Reimage the drive once you receive your computer back

This adds all kinds of time overhead to a process which already sets the consumer back however Apple still believes this is a valid way to treat their customers.

I’ve been working on some DNS resolution code for a while now. It is multithreaded using event machine. The resolution code is wrapped in a begin/rescue statement yet it still errors out occasionally with the following error that I have never been able to rescue.
/usr/lib/ruby/gems/1.8/gems/dnsruby-1.1/lib/Dnsruby/select_thread.rb:147:in `select': time interval must be positive (ArgumentError)
from /usr/lib/ruby/gems/1.8/gems/dnsruby-1.1/lib/Dnsruby/select_thread.rb:147:in `do_select'
from /usr/lib/ruby/gems/1.8/gems/dnsruby-1.1/lib/Dnsruby/select_thread.rb:62:in `initialize'
from /usr/lib/ruby/gems/1.8/gems/dnsruby-1.1/lib/Dnsruby/select_thread.rb:61:in `initialize'
from /usr/lib/ruby/1.8/thread.rb:135:in `synchronize'
from /usr/lib/ruby/gems/1.8/gems/dnsruby-1.1/lib/Dnsruby/select_thread.rb:48:in `initialize'
from /usr/lib/ruby/gems/1.8/gems/activesupport-2.0.2/lib/active_support/inflector.rb:257:in `new'
from /usr/lib/ruby/1.8/singleton.rb:95:in `instance'
from /usr/lib/ruby/gems/1.8/gems/dnsruby-1.1/lib/Dnsruby/Resolver.rb:806:in `send_async'
... 11 levels...
from ./stats_common.rb:66:in `resolve_block'
from ./stats_common.rb:64:in `resolve_block'
from ./resolve_urls.rb:16:in `resolve_urls'
from stats_engine.rb:44


I hope this purported FBI flyer is a fake. I hope that the FBI doesn’t actually define domestic terrorism as:

groups or individuals operating entirely inside the US attempting to influence the US government or population to effect political or social change by engaging in criminal activity.

My understanding of what made terrorists a special class of criminal was that they used violent tactics and had no regard for civilian casualties. It seems wrong that non violent attempts to influence the government are considered domestic terrorism. Even if they are criminal.

For instance, wouldn’t lobbyists who crossed the line be considered domestic terrorists? Their very job description is to influence the government. If they bribe a congressmen can we detain them for terrorism now?

EDIT: I’m pretty sure this is a hoax now. The definitions I’m finding online for domestic terrorist all include the use of violence.

e.g.

Domestic terrorism is the unlawful use, or threatened use, of force or violence by a group or individual based and operating entirely within the United States, Puerto Rico, or other US territories without foreign direction committed against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof in furtherance of political or social objectives.

While looking over logs for a server of mine I decided to write some code that would help me deter someone sniffing my server for weaknesses. The first thing I decided to write was a robots.txt file that had a few different qualities.
1) It would never end
2) It would not bog down the CPU
3) It would not repeat
4) It would be a valid robots.txt file

At the time I was using PHP for another project and so it was already configured on my server. I reused a password generation function and stuck it in a time delayed infinite loop. Then I changed the .txt handler on the server to be PHP.

while (true):
$newpath = randpass();
print "Disallow: /$newpath\n";
usleep(6000);
endwhile;


Use of application “Scrabulous” has been restricted

We’re sorry, but this application is not available to you. Please visit the Application Directory to find other applications.

Some of the projects I am working on require that I gather data about particular addresses on the Internet. One method I’ve been experimenting with is scapy’s traceroute function which allows for neat graphing  secdev.org]. One can also combine two arbitrary traceroutes for graphing as simply as:


traceroute1, unans = traceroute([1.2.3.4])
traceroute2, unans = traceroute([5.6.7.8])
combined_traceroutes = traceroute1 + traceroute2


So for me the next logical step was to start storing all the traceroutes in a database so I could combine two or more at will and see interesting things. Not only could I see differences in different paths but I could even see changes of a single path over time! I fought with scapy for a while and finally realized that the export_object and save_object functions are wrappers for cPickle. I’m not entirely familiar with Pickle so I’ve had to do some reading on the topic. So far it does not look promising. No one has come up with a solution for this just yet although there are some promising recipes in the O’Reilly “Python Cookbook” which touch on this subject in a more abstract way. ["Using the cPickle Module on classes and Instances"]

I’ll document some of the errors in case someone else decides to try this and wants to save some time:

>>> export_object(trace)
Traceback (most recent call last):
File "", line 1, in
File "scapy.py", line 867, in export_object
print base64.encodestring gzip.zlib.compress(cPickle.dumps(obj,2),9))
PicklingError: Can't pickle : attribute lookup __builtin__.function failed