The site uses cookies that you may not want. Continued use means acceptance. For more information see our privacy policy.

Move the Data.

Posted in security by Adam
Posted on

Criticism of laptops containing sensitive data when they don’t need to.

No link. Just a simple suggestion. The number of stories of mainframe storage being compromised to steal identity data are very few, but it seems we’re hitting a once a month story of a laptop that got lapnapped. Thousands, millions of peoples’ data out there in the ethers floating.

Now, in all likelihood the data was not the target of the thefts. A laptop is a nice score for a minor criminal; they are easy to move, liquid. The risk, if caught, is not monumental and the risk of being caught is not either. Identity theft or conspiracy to commit fraud, those are not things the average thief after a quick turn of a laptop wants to involve themselves in for the most part. Maybe the reward is greater, but so are the risks and the punishments.

So we need to recognize that rather than giving thousands, millions of people an extra dose of stress for an indeterminable time period, we should seek to change the way companies and governments store and access their data. I was just commenting about how the Library of Congress search is not a good example of government leading the way in technologies that bring information access to new thresholds. Neither do they set a good example for information security.

The solution is to put the sensitive data behind the firewall, behind the encrypted protocol, behind the password protected server login. Some need the data on the go? All the more reason to move forward in our information delivery infrastructure. More pipes, more availability. There is simply no excuse to take that data and wrap it in what amounts to a candy wrapper and place it on the entrancetable’s candy dish. A laptop is a tempting thing to steal, and it doesn’t really matter what data is on it. A majority of the time the goal will not be data, but the ability to turn that laptop into quick, easy money.

So, let’s use some sense.

dpkg-buildpackage subversion tutorial

Posted in linux by Adam
Posted on

Grabbing source from subversion and making a package out of it (Debian).

This is a brief writeup of how to take a package or version of package that’s not yet in incoming debian but is on the subversion. Please note it pertains to sid/unstable, though may be applicable for other versions.

First thing you want to do is hit up the above web-subversion browser and find the location of the package you want. For example I was annoyed that they merged the gtk2 engines into one package and thus broke the industrial cursor theme. Well, there is a new package being developed to put the industrial theme back in, but it’s not in incoming yet. You can see similar packages here in the “New and Byhand” listing.

So you find the package you want on the SVN, now you need to download the source:

svn co svn://svn.debian.org/pkg-gnome/packages/unstable/industrial-cursor-theme ~/new

svn co invokes the subversion client to connect to the address that follows: svn.debian.org. Use the directory that applies. In this case the theme is a member of gnome, so pkg-gnome, then almost always packages/unstable/package-you-want. then ~/new will download that source to ~[home]/new, a directory called ‘new’ in your home directory. You should be fine running this as a regular user.

Now, you have the source in ~/new, what’s next? You want to go ahead and build the source into a dpkg so it will properly register in your installation and can be updated seamlessly. So, go ahead and jump to ~/new, and then dpkg-buildpackage

It may report needed dependencies and/or give errors regarding a makefile. In that case you need to root up and install the needed packages, try looking in ~/new/debian/rules file for any package you need. In my case I had to install gnome-pkg-tools.

So root down and build it, don’t give up if it has errors, look around, inspect, try to determine any other packages that may be needed that could cause errors. You may have to resign eventually if it’s just a broken package, but generally you should be able to get it built. Once you’ve done that, hop back to ~/ and you should find your shiny new .deb to dpkg -i. And you’re done, buy yourself a beer and toast to the debian developers all over the world.

To recap:

1. Locate the package in upstream subversion repository. ie, industrial-cursor-theme
2. Construct your svn command to check out the code. ie, svn co svn://svn.debian.org/pkg-gnome/packages/unstable/industrial-cursor-theme ~/new
3. Build the package from source using dpkg-buildpackage. Simply cd to the appropriate location and dpkg-buildpackage
4. Read the output. If there’s an error, look at it, stare it down. If it says something about no such directory or file, what file, what directory? Maybe you’re missing a dependency. If it’s more complicated, talking about some error in code (ie, “foo.c:38 expected ‘)'”) you may be out of luck unless you can do some coding and fix it.
5. Assuming you had no (4) or you resolved it, you’ll have a .deb file containing your package. Just dpkg -i file.deb and it will install.

Please feel free to comment if you have any questions, suggestions, clarifying points, et cetera.

Knockless Warrants Upheld

Posted in warpath by Adam
Posted on

Should the police have to announce they are serving a warrant? Balancing the rights of the accused and protection of evidence needed for prosecution.

Briefly — looking at this AP story via Yahoo!, the SCOTUS has upheld police entering without announcement for warranted searches. What does this really get us except a lot of gunfights? If someone crashes into your home without announcement, you have the right to shoot first and ask questions later. So now if someone does so, you need to worry that they are the law, and that they will kill you for trying to protect your home. Great.

The only solution I see is to renovate. Place six feet of bricks behind all traditional entrances, and start building hidden passages entering and exiting your abode. It’s the only way. Let them rupture their internal organs trying to ram-batter solid steel plates. At least their curses at failure will serve as proper announcement of their presence and intentions. I mean, after all it is unreasonable to have a reasonable search and seizure without the simple courtesy of clearing up the question of legality.

It’s not like they haven’t divebombed the wrong house on a lawful warrant before. It’s not like this makes sense. The whole reason is in the event you might be able to destroy the evidence they seek. Well last I checked until you are informed they want and have been granted legal right to “evidence,” you can destroy it all you want. Set up thermite lozenges of love with remote triggers attached to the doors and their barging without first disabling the system via a sixteen digit security code will result in a firebomb on the precious spice they seek to confiscate.

It’s a bad ruling without sense except to bolster the “we’re tough, go Joe!” attitude that is so prevalent in the post-American Century. What’s next on the agenda, allowing officers to excavate your cess pool without first taking the proper steps to make sure it doesn’t flow over into your neighbor’s yard? The whole point of search warrants and the due process associated with them is to make sure that there is a cordial circumstance to precede and follow the admitted but necessary breach of public liberty and private rights. The more you erode it, the thinner the line. The thinner the line, the easier it is to cross it. The easier it is to cross it, the less free we all are.