Move the Data.

No link. Just a simple suggestion. The number of stories of mainframe storage being compromised to steal identity data are very few, but it seems we’re hitting a once a month story of a laptop that got lapnapped. Thousands, millions of peoples’ data out there in the ethers floating.

Now, in all likelihood the data was not the target of the thefts. A laptop is a nice score for a minor criminal; they are easy to move, liquid. The risk, if caught, is not monumental and the risk of being caught is not either. Identity theft or conspiracy to commit fraud, those are not things the average thief after a quick turn of a laptop wants to involve themselves in for the most part. Maybe the reward is greater, but so are the risks and the punishments.

So we need to recognize that rather than giving thousands, millions of people an extra dose of stress for an indeterminable time period, we should seek to change the way companies and governments store and access their data. I was just commenting about how the Library of Congress search is not a good example of government leading the way in technologies that bring information access to new thresholds. Neither do they set a good example for information security.

The solution is to put the sensitive data behind the firewall, behind the encrypted protocol, behind the password protected server login. Some need the data on the go? All the more reason to move forward in our information delivery infrastructure. More pipes, more availability. There is simply no excuse to take that data and wrap it in what amounts to a candy wrapper and place it on the entrancetable’s candy dish. A laptop is a tempting thing to steal, and it doesn’t really matter what data is on it. A majority of the time the goal will not be data, but the ability to turn that laptop into quick, easy money.

So, let’s use some sense.

dpkg-buildpackage subversion tutorial

This is a brief writeup of how to take a package or version of package that’s not yet in incoming debian but is on the subversion. Please note it pertains to sid/unstable, though may be applicable for other versions.

First thing you want to do is hit up the above web-subversion browser and find the location of the package you want. For example I was annoyed that they merged the gtk2 engines into one package and thus broke the industrial cursor theme. Well, there is a new package being developed to put the industrial theme back in, but it’s not in incoming yet. You can see similar packages here in the “New and Byhand” listing.

So you find the package you want on the SVN, now you need to download the source:

svn co svn://svn.debian.org/pkg-gnome/packages/unstable/industrial-cursor-theme ~/new

svn co invokes the subversion client to connect to the address that follows: svn.debian.org. Use the directory that applies. In this case the theme is a member of gnome, so pkg-gnome, then almost always packages/unstable/package-you-want. then ~/new will download that source to ~[home]/new, a directory called ‘new’ in your home directory. You should be fine running this as a regular user.

Now, you have the source in ~/new, what’s next? You want to go ahead and build the source into a dpkg so it will properly register in your installation and can be updated seamlessly. So, go ahead and jump to ~/new, and then dpkg-buildpackage

It may report needed dependencies and/or give errors regarding a makefile. In that case you need to root up and install the needed packages, try looking in ~/new/debian/rules file for any package you need. In my case I had to install gnome-pkg-tools.

So root down and build it, don’t give up if it has errors, look around, inspect, try to determine any other packages that may be needed that could cause errors. You may have to resign eventually if it’s just a broken package, but generally you should be able to get it built. Once you’ve done that, hop back to ~/ and you should find your shiny new .deb to dpkg -i. And you’re done, buy yourself a beer and toast to the debian developers all over the world.

To recap:

1. Locate the package in upstream subversion repository. ie, industrial-cursor-theme
2. Construct your svn command to check out the code. ie, svn co svn://svn.debian.org/pkg-gnome/packages/unstable/industrial-cursor-theme ~/new
3. Build the package from source using dpkg-buildpackage. Simply cd to the appropriate location and dpkg-buildpackage
4. Read the output. If there’s an error, look at it, stare it down. If it says something about no such directory or file, what file, what directory? Maybe you’re missing a dependency. If it’s more complicated, talking about some error in code (ie, “foo.c:38 expected ‘)'”) you may be out of luck unless you can do some coding and fix it.
5. Assuming you had no (4) or you resolved it, you’ll have a .deb file containing your package. Just dpkg -i file.deb and it will install.

Please feel free to comment if you have any questions, suggestions, clarifying points, et cetera.

Knockless Warrants Upheld

Briefly — looking at this AP story via Yahoo!, the SCOTUS has upheld police entering without announcement for warranted searches. What does this really get us except a lot of gunfights? If someone crashes into your home without announcement, you have the right to shoot first and ask questions later. So now if someone does so, you need to worry that they are the law, and that they will kill you for trying to protect your home. Great.

The only solution I see is to renovate. Place six feet of bricks behind all traditional entrances, and start building hidden passages entering and exiting your abode. It’s the only way. Let them rupture their internal organs trying to ram-batter solid steel plates. At least their curses at failure will serve as proper announcement of their presence and intentions. I mean, after all it is unreasonable to have a reasonable search and seizure without the simple courtesy of clearing up the question of legality.

It’s not like they haven’t divebombed the wrong house on a lawful warrant before. It’s not like this makes sense. The whole reason is in the event you might be able to destroy the evidence they seek. Well last I checked until you are informed they want and have been granted legal right to “evidence,” you can destroy it all you want. Set up thermite lozenges of love with remote triggers attached to the doors and their barging without first disabling the system via a sixteen digit security code will result in a firebomb on the precious spice they seek to confiscate.

It’s a bad ruling without sense except to bolster the “we’re tough, go Joe!” attitude that is so prevalent in the post-American Century. What’s next on the agenda, allowing officers to excavate your cess pool without first taking the proper steps to make sure it doesn’t flow over into your neighbor’s yard? The whole point of search warrants and the due process associated with them is to make sure that there is a cordial circumstance to precede and follow the admitted but necessary breach of public liberty and private rights. The more you erode it, the thinner the line. The thinner the line, the easier it is to cross it. The easier it is to cross it, the less free we all are.

The GOP Memorandum.

You can read it here as well as that site[ThinkProgress.org]’s commentary here.

The attacks we witnessed that day serve as a reminder of the dangers we face as a nation in a post-9/11 world. We can no longer expect oceans between us and our enemies to keep us safe. The plotting and planning taking place in terror camps protected by rogue regimes could no longer go unchecked or unchallenged. In a post-9/11 world, we could no longer allow despots and dictators like the Taliban and Saddam Hussein to ignore international sanctions and resolutions passed by the United Nations Security Council.

So, during this debate we must make clear to the American people that the United States had to take action in the best interests of the security of our nation and the world community. As Republicans who supported military action against Saddam Hussein and terrorists around the globe, the United States had to show our resolve as the world’s premier defender of freedom and liberty before such ideals were preyed upon, rather than after standing witness to their demise at the hands of our enemies.

This is the part I’m mainly concerned over. Let’s examine and get the facts straight. First, this “post-9/11 world” business. What the hell are they talking about? We lived in the post-9/11 world before 9/11. It’s not like Al Qaida had not attacked us before that. It’s not like we didn’t have the intelligence we needed to thwart that attack. The only things that changed on Semptember 11, 2001 was the Manhattan skyline, the lives of tens of thousands of people directly affected, and a completely ill-held false worldview that many still cling to the tattered remnants of today. pre-9/11 was post-9/11, and post-9/11 is not some new era where America does things right, it’s one where America continues to misdirect our resources and efforts in a way incompatible with our laws and our hopes and dreams.

We never could depend on “oceans” to keep us safe. That was why we formed a government: to coordinate our efforts and resources in order to benefit us all. Well, I know I’m not the only one who noticed the failure of that government on 9/11, before 9/11, and after 9/11. But I am not the least bit surprised that the majority of people in the government as well as those who support it blindly are willing to give a pass for that misappropriation of resources. As far as I can tell the only people that responded correctly in the wake of that disaster as well as the disaster in New Orleans last year, were individuals and groups of individuals that were allowed to do their jobs. Firefighters and hospital workers, police and utility workers, were the people that got out and did their work. The leaders act like their hands were tied, and while I admit our leaders are pretty kinky, I’m pretty sure any one of them could have about 100 of their personal aids show up with a key to the handcuffs on a moment’s notice.

As for the UN’s sanctions and resolutions for stemming the behavior of evil, you really have to admit, GOP, that you are playing a game of “I spy.” You say “I spy this government over here is disobeying the international community,” which translates to “we need to police them.” Meanwhile the dozen other violators are allowed to continue their same behaviors. You are not censuring Saudi Arabia for their involvement in terror. You are not implicating yourselves for violation of international law. Where does the buck stop, except for where you point with your giant foam finger made out of $100 bills?

Okay, finally I want to look at this label of “world’s premier defender of freedom and liberty.” Not to piss on your parade, but your “Awesome colossal world’s superhero for shopping and private industry” rhetoric is laughable. First you say we have allies, then you say it’s all us. First you say Saddam was involved in 9/11, so we run to war, then you admit he wasn’t, but we should have gone anyway because Saddam was bad. There’s a far cry between the two. One poses a threat of attack. The other makes his own people suffer. While both are bad, there’s a lot of other places making their own people suffer that you’ve not once suggested we jump headlong into. Meanwhile, again, what about Saudi Arabia? When are we going to bring them to bear for their involvement in the support and funding of terror?

And one thing you don’t state in the memo, GOP. Why all this new invasion of privacy? Why the wiretaps and nipple-clamps? You’ve not shown these will do any good, yet they cost money and weaken the rights of citizens. We with eyes to read and see, we know that you had the information needed to stop 9/11 and fumbled the ball. So why the hell should we think you won’t do it again, even if you have all the information in the world? It seems very dumb and misguided. But don’t be discouraged. I’m sure my fellow citizens don’t feel the same. You’ll all be gladly reelected to your posts in Congress to represent us. Your rhetoric is too strong for the feeble-minded, because more than anything they want to believe that your actions are right, that America is Superman, and all that jazz.

Love the Invisible Laws.

Just a brief note here. We’ve got domestic spying. We’ve got secret warrantless wiretaps, no court oversight. We’ve got the NSA puffed out like blowfish ready to explode their venemous spikes if we so much as try to find out the truth. We’ve got complicity from AT&T and other major carriers; companies that care so little for their customers they sell them out without so much as notice or explanation.

But it gets worse: we’ve got invisible laws. The argument from the government when suits are brought to try to force oversight of these secret programs? “We can’t tell you why, but trust us, it’s completely legal.” That in itself is either a lie, a crime, or both. There is a very good reason for transparency in government, for transparency in law. The reason? While “ignorance is not a defense” if the laws are visible, invisible laws are not .. well, lawful. If a police officer gave you a ticket for speeding, but didn’t indicate your speed, it would be in your interest to contest the ticket. If he got up on the stand in court and said “I can’t disclose the speed this person was ticketed for,” the ticket would be dropped. It is simply not compatible with a free and open society to have this sort of situation.

If you really have a justification for these spying programs, you need to get off your asses, into a FISA or other closed-hearing court, and outline your reasons there. Any judge that simply accepts the argument “we have reason, but we can’t say,” is not doing their job. Not by a long shot.

That is all.