Online freedom baby, yeah!

I was surprised to see Everyone's guide to by-passing Internet censorship for citizens worldwide as the first item under Information Management on UNESCO's Open Training Platform - an online repository of open license training materials.

To quote from the source:

This guide is meant to introduce non-technical users to Internet censorship circumvention technologies, and help them choose which of them best suits their circumstances and needs.

Everyone's guide to by-passing Internet censorship for citizens worldwide is a great guide for those who want to use the Internet anonymously, or circumvent filtering on their LAN or WAN, or help others to circumvent filtering in their country or organization, or all three. It contains clearly worded advice and has URLs for numerous free and commercial solutions including, to name but a few:

• Proxify
• CGIProxy
• UltraReach
• Anonymizer
• Guardster/SSH
• tor
• JAP ANON

Internet users who desire freedom of expression and intellectual freedom should read this guide. Similarly, law enforcement organizations should read this guide as the same tools and tactics are used by online criminals.

Photo by: Norma Desmond

RIP HnC: another renegade blog bites the dust

Another notorious anti-interim government blog goes offline. Hyde and Seek, which went live in May of 2007, seems to have taken itself offline within the last several hours after around 400 posts and thousands of comments.
As with the death of WFC, rumors abound about whether or not the bloggers took the site down willingly or unwillingly. If you want to see how the site looked in June and July of 2007, there are three pages captured by the Internet Archive's Way Back Machine.

No doubt, a blog or two will take hnc's place.

Photo by: a shot in the dark

Blogged with Flock

USA and Fiji are "nations of lawbreakers"

Let's be honest, it is difficult to spend $5 to rent a DVD for a day when you can own it for $1. Every year, hundreds of thousands of Fijians chose the $1 option. A FAVIA press release (with no supporting evidence whatsoever) claims that, "Fiji's piracy rate is about 98%." These numbers were rolling around in my head as I read a recent article by Nate Anderson on ars technica about a country that has chosen a very different path from Fiji when it comes to copyright.

Tehranian's paper points out just how pervasive copyright has become in our lives. Simply checking one's e-mail and including the full text in response could be a violation of copyright. So could a tattoo on Tehranian's shoulder of Captain Caveman—and potential damages escalate when Tehranian takes off his shirt at the university pool and engages in public performance of an unauthorized copyrighted work.

Singing "Happy Birthday" [and Happy Long-Life -cht] at a restaurant (unauthorized public performance) and capturing the event on a video camera (unauthorized reproduction) could increase his liability, and that's to say nothing of the copyrighted artwork hanging on the wall behind the dinner table (also captured without authorization by the camera). Tehranian calculates his yearly liability at $4.5 billion...

What better way could there be to create a nation of constant lawbreakers than to instill in that nation a contempt for its own laws? And what better way to instill contempt than to hand out rights so broad that most Americans simply find them absurd?
[Overly-broad copyright law has made USA a "nation of infringers", ars technica, Novemebr 19, 2007]

The USA has created a nation of constant lawbreakers by handing out absurd rights to copyright holders combined with millions of dollars of public money spent on enforcement. Fiji has created a nation of lawbreakers through a complete failure to enforce almost any rights of copyright holders.

Having unenforced laws in place for the sake of meeting Fiji's WIPO commitments (is there another reason?) may be doing more harm than good. In a nation who's elite has consistently had difficulty with the rule of law for the past twenty years, breach of copyright has become every man and woman's opportunity to join in the tradition of trampling on one of the nation's fundamental institutions. Is this really what we want for our beloved Fiji? Is this really what we want to teach our children?

My advice to the country: Either repeal the 1999 Copyright Act or figure out a way to enforce it.

Photo by: Dr John2005

Blogged with Flock

Do you read your server logs?

Do you read your server logs? I admit that I only read them rarely. Let's face it, they are pretty dull and repetitive. Most sensible administrators - those who do not find reading syslogs eight times a day to be rewarding - will use some sort of log monitoring tool to let them know if anything interesting is going on. My favorite would be logwatch and I have also used swatch in the past. However, these and other fine tools, even after very careful and time consuming configuration, are prone to raising alarms when there is really nothing to see. And these false positives lead, over time, to the never cry wolf syndrome. You just stop listening to the alarms. Or you configure the monitoring tool to ignore potentially interesting information just to shut it up.

One of the systems that I am responsible for is an old Compaq/HP Tru64 Unix box. Tru64 has among its features an alarm that is tripped if too many log entries are made to the system binary log in a short period of time. Recently, we received this alarm stating that over 500 log entries had been made in a one minute period. I immediately thought that one of the drives was dying a most unwelcome death again. However, when I checked the log, it turned out that some IP at a Spanish university (names withheld to protect the guilty) had made over 1000 attempts to brute force the root password via ssh in a two minute period (try THC-Hydra). Of course, root logins via ssh were disabled (check your sshd.conf) and the root password is very strong anyway so no harm was done.

But an attack is an attack and even if revenge is not possible, at least some action should be taken to reduce the likelihood of reoccurence. How can you do that? Let the attacker and the attacker's ISP know that you detected the attack and are motivated enough to do something about it. Hackers, whether pimply-faced script kiddiez or hardened criminals, are lazy and risk-averse and prefer to go after easy prey. If you detected this attack, you might detect others in the future. If you write a complaint email, you might call the police or at least your lawyer next time. How do you find your assailant's ISP? Through the controversial whois database.

After a couple of whois queries (try Sam Spade if you don't want to use the command line), I was able to contact the abuse email of the assailant's institution. Within 24 hours, they acknowledged receipt of my email. Within 48 hours they sent me an email stating that they had contacted the owner of the offending IP and were closing the trouble ticket. While I would like to have seen the assailant suffer in front of my own eyes, this is probably the best resolution that I could hope for. After all, the break in was not successful and no damage was done other than wasting my time - not to mention the fact that Fiji has no cybercrime legislation nor has a computer crime (or attempted computer crime) ever gone before Fiji's courts.

Photo by: kenwood

Blogged with Flock

Wow! The Quick Links are great!

While I have not had time to write a great deal in recent weeks, I have tried to keep you on top of interesting ICT stories from Fiji and around the world with the dfiji Quick Links which you can see on the right hand side of this blog or via the RSS feed.

A few interesting recent Quick Links include:

• The Oceanic blog comments on gross financial mismanagement at USP in response to a lengthy article in Islands Business magazine. It is unfortunate that the hard working students and staff at USP are already experiencing the aftermath of recent disastrous financial decisions.
• The O'Reilly Radar blog draws a comparison between libraries and the Oink music site that was recently taken offline by law enforcement.
• The Fiji Times reports that new telecom licenses will be granted in Fiji some time on November. Creating genuine competition - not just competition between companies in the ATH family - would be a real boon for Fijian consumers.

How do I manage these great Quick Links? I use the free del.icio.us bookmark management and sharing site.

Photo by: splorp