Tuesday, June 25, 2013

How to configure your system to run Xojo Web Applications


Xojo, formally Real Studio, is an amazing development tool. Not only does it allow you to easily and quickly develop professional quality, cross-platform, desktop applications but it also allows you to create stunning web applications without all the hassles involved with having to understand a whole stack of technologies like PHP, CSS, HTML5, etc.

Unfortunately, getting a server set up for deploying Xojo created web applications has been fairly challenging to some so I'm creating this guide that details the path I followed in getting my server ready. Note that this is the process I followed on Linux. Windows might be slightly different!

Also, I'm going to show you how to deploy your Xojo web apps as cgi scripts instead of the standalone version. I chose this method because I want to be able to use an SSL certificate with the application I built. Standalone apps cannot use SSL certs, only cgi based ones that are tied to Apache (or the web server of your choice; we'll use Apache).


Step 1: Have a functioning web server

It is beyond the scope of this tutorial to help you set up a functional web server. So I'm going to assume that you at least have been able to set up Apache to serve HTML content. It you need help getting to that point, see the Apache documentation for help.


Step 2: Installing and configuring FastCGI

Xojo web applications make use of a technology called FastCGI. FastCGI allows you to interface interactive programs (like the kind you write in Xojo) with a webserver. You can write these programs in a variety of languages like Xojo, C#, C++,  Java, Perl, and even PHP. FastCGI just allows them to interact with the web server and provides a performance boost.

FastCGI does not come installed or configured with the standard Apache installation. So let's do that now. It's pretty simple:

1. Let's install the requirements. Note that I am using CentOS and the Yum package manager. If you are not using Yum, it should be fairly trivial to translate this command to whatever package manager your distro uses:


# yum install httpd-devel apr apr-devel libtool

2.  Next, we need to download the mod_fastcgi source code.  Again, pretty straightforward and simple. It assumes you have the wget program on your computer. Most Linux distros come with wget installed.

# cd /opt
# wget http://www.fastcgi.com/dist/mod_fastcgi-current.tar.gz


3.  Since the package came in as a tar archive, we next need to untar it using the tar command.

# tar -xvzf mod_fastcgi-current.tar.gz

4.  Now, we need to install the module.  When I wrote this tutorial, the latest version of mod_fastcgi as 2.4.6. Make sure that you substitute whatever version number the version your mod_fastcgi package is below.

# cd mod_fastcgi-2.4.6
# cp Makefile.AP2 Makefile
# make top_dir=/usr/lib/httpd
# make install top_dir=/usr/lib/httpd


5. Next, we need to tell Apache to load the module so that we can use it. To do this, you'll need to edit the /etc/httpd/conf/httpd.conf file in your favorite text editor.

Look for the section of the configuration file with a lot of LoadModule directives and append this line to the end of those entries:

LoadModule fastcgi_module modules/mod_fastcgi.so

That's all you need to do to the configuration file. No need to use 'AddHandler' or anything else.

6. Now, restart Apache

# /etc/inid.d/httpd restart

Note: some Linux systems no longer user init.d to manage services starting and stopping. If the above command doesn't work, find out what service management system your distro uses and use that.

7.  Now, let's validate that the module is installed and loaded:

# grep -i "FastCGI" /var/log/httpd/error_log 

If everything went right, you should see something like:

[Tues Jun 25 15:18:32 2013] [notice] FastCGI: process manager initialized (pid 8853)

If everything has gone right, we have our Apache properly configured and ready to serve up our Xojo apps. All we need to do are upload them to the right place and change a few permissions.

Step 3. Uploading your Xojo App

Uploading your Xojo app is just like uploading just about any other file. When you compile your app, Xojo creates several files and folders. You will need to upload all of those files and folders to your server.

Using the default Apache configuration, you should upload all of your Xojo web apps to the /var/www/cgi-bin directory. You can create subdirectories of that directory to contain each of your apps or you can change the Apache config to server your cgi scripts from anywhere. But, for this tutorial, we'll assume a default installation.

Step 4. Setting Permissions

In order for Xojo apps to run properly, you will need to set permissions on several files. You can usually do this through your FTP program. If you can't, or if you want to do it by hand, you can type the following commands:

# chmod 755 appname.cgi
# chmod 755 appname
# chmod 755 appname.config

Your app should now be ready to run and can be called from the browser like any other web app:

http://hostname/cgi-bin/appname.cgi
 
Final Thoughts

This guide is by no means the be all and end all of configuration guides for running Xojo apps. It's only what I did to get Xojo web apps running on my server.  If you have trouble getting things running using this guide, feel free to email me at anthony@cajuntechie.org or ask questions on the Xojo Mailing List. You'll find some amazingly helpful people there who can answer just about any question you have.

Did you like this post? Why not send me some Bitcoin!



Sunday, June 23, 2013

The Government, The Media, and the Big Diversion of 2013

Why are we so obsessed with Edward Snowden?  It's been almost three weeks since the NSA employee turned whistleblower leaked information about a secret program within the NSA to spy on Americans and the media is still dissecting his personal life and toilet habits.  It seems everywhere I go: Twitter, Facebook, Google+, magazines, newspapers, all I see are headlines like "Five things you need to know about Edward Snowden", followed by long, meaningless data about a man who, in the grand scheme of things, doesn't really matter.

Sure, what Snowden exposed matters. The personal risks he took and continue to take matter. But neither of those matter as much as the information he exposed. Snowden showed us, beyond doubt, that the US government does not care about Constitutional rights, privacy, or the rule of law. Snowden showed us that trusted companies are not just being complicit in the government violating the privacy of Americans but actively helping them do it.

This is a time when our blood should boil.  Every American should be out in the streets protesting the wholesale, rubber-stamped, violation of our Constitutional rights by an out of control government. We should be meeting together to plan political strategy and discuss how we're going to punish Obama and every single traitor in Congress who supports these programs. We should be actively getting ready to make sure every member of Congress who voted for the program or has openly voiced support never works in government again..

But, instead, we're learning about Snowden's pretty girlfriend with a broken heart and 'crazy eyes'.

Yeah, that matters. It matters because the media has told us it matters. The media has told us to focus on anything but the actual information Snowden released. "Don't look behind the curtain!", we're told, and, just like the obedient sheep we've become, we quietly sit down and do as we're told. We're great at being diverted. The media plays us like a cheap fiddle bought at an "Everything's a Buck" store and we lap it all up.

We should be ashamed. We should be disgusted, not only with our scumbag politicians, but with ourselves as well. How can we call ourselves "Americans" and say that we support the ideal of freedom when our own government is turning the whole world into one big episode of EdTV? Every one of us who hasn't spoken out, who's gotten endlessly trapped in the salaciousness of the Snowden affair should be disgusted.

In the end, and I think Snowden would agree with me, his life doesn't matter. The legality or morality of his actions don't matter. Certainly, what color panties his girlfriend chose to wear today doesn't matter. The only thing that matters is that we have been betrayed by those we elected to serve us.

And that should make us mad as hell.

Monday, June 17, 2013

How the NSA PRISM Program Works

On June 6th, 2013 and in the days following, a series of leaks about a secret program run by the US National Security Agency were published by The Guardian newspaper.  These leaks detailed a program in which the NSA was tapping the data, emails, voice conversations, and other Internet activities of millions of innocent American citizens without a warrant and claimed to have 'direct access' to the servers of six major Internet companies: Google, Yahoo, Microsoft, Skype, PalTalk, and Apple.

The companies involved immediately rushed to deny the claims. All involved seemed to assert two thing 1) That they only complied with 'lawful requests' made by the government for user data and 2) that the government did not have 'direct access' to their servers.  Some, like Google, claimed the very first time they ever heard the term PRISM was in that days newspaper reporting.

Of course, these companies might just be lying. Certainly any kind of order for such access would also be accompanied by a companion order that would prevent the companies from talking about the program or their involvement in it. But I think it's something deeper and perhaps more sinister than that. I think that both the government and the companies involved are being honest and I'd like to discuss how I believe that is in this blog post (or website, if you're coming to it through www.hownsaprismworks.com).

Going Back to the Beginning: Mark Klein, 2006

In May 2006, AT&T technician Mark Klein blew the whistle on a secret collaboration between his employer and the National Security Agency. According to Kleins sworn testimony, the agency set up a special room at AT&T where they were able to tap a large amount of American Internet traffic as it flowed through the AT&T wires. While most of this data was intended for or sent by AT&T customers, because the company carries a large amount of data from other carriers, it is widely believed that much of the traffic captured had nothing to do with AT&T or their customers. The equipment in the secret room simply scooped up everything that came through it and a lot of that 'everything' was domestic Internet traffic that did not come from foreign countries and was not going to foreign countries.

According to Klein, the system worked by installing a fiber optic 'splitter' on the AT&T network. All traffic that came into the location was 'copied' by the splitter and a copy of it was sent to the secret NSA room for recording while the other copy was routed over the network as usual.

Fiber optic cables carry their data in light form. That means that what goes over these cables isn't sound or regular electrical pulses but light. The splitter installed on the network divided that light into two copies and, thus, we have the program name: PRISM.

It is particularly interesting that all of the companies involved used some pretty precise wording while refuting the NSA claims on how they monitored millions of Americans. In each case, the companies specifically denied that the government had 'direct access' to their servers. I believe this language is important because I believe this is the key to how we were all monitored.

How the internet shuffles data from place to place

The key to this scandal isn't 'servers' like everyone reported. Servers are the physical location where data is stored. This is where the data lives. If for nothing more than security reasons, it is highly unlikely that major Internet companies like Google and Microsoft would give anyone direct access to their servers. The key instead is another part of the foundation of the Internet called routers.

Routers are single purpose machines that connect to a network with the sole purpose of moving data from one place to another. You may be familiar with routers in that many of us have them in our home. They are the small, plastic, boxes that provide wireless access or allow us to share our Internet connection with several computers.

Large networks like the ones run by the companies listed by the NSA program also use routers. The routers they use are capable of routing enormous amounts of data into and out of their networks and pushing that data closer towards its destination.

When a 'packet', a small piece of data representing an email, IM, voice chat, etc, leaves a computer, it is sent through whatever the closest router to that computer is. This packet contains some identifying data including the source address (where that packet came from) and the destination address (where that packet is going to). The initial router will take that packet and 'forward' it to another router that is closer to the destination which will in turn forward it to yet another router still closer. This forwarding process continues until the packet reaches its final destination. This means that a packet may go through hundreds of routers before reaching its destination, any of which could make a copy of that packet before forwarding it on.

As a packet gets closer to its destination, the routers it is forwarded through tend to become more and more concentrated. That is, the closer a router is to a specific location, the more likely that the majority of the traffic that router carries is for that location. So routers that are closest to Google will often carry mostly traffic for or from Google while routers closer to Microsoft will usually carry mostly traffic for or from Microsoft.

At some point, there is one final hop in the packet transfer process: the point where the last router in the chain directly connects to a network (say, Google) and transfers data to and from that network.  I believe this final hop, or the ones directly before it, are the key to how both the government and the comnpanies could both be telling the truth about PRISM.

What likely happened.

Most likely, the government did not go to each of these companies and compel their participation in the program. They didn't have to. All they had to do was to install a tap immediately upstream of each target company and capture any data going in or coming out of their network. This would not require the companies tapped to participate or even know that such surveillance was going on. In fact, they likely didn't know and didn't comply.

The best part, for the government, is that having deals with these 'upstream' companies instead of individual companies like Google or Microsoft, allows a much wider and comprehensive surveillance net to be thrown. The providers who provide connectivity to Google, for example, likely also provide connectivity to hundreds or thousands of other companies. Going to Google would allow the NSA to tap Google. Going to an upstream provider would allow them to tap anyone who they provided connectivity to without the need to approach and compel each company. It's a beautiful solution.

What about SSL? 

When you connect to your Gmail account, your bank, and countless other services, you usually do so through an encrypted connection between your computer and the remote machine. So if you check your Gmail, anyone attempting to monitor the connection between you and Gmail would see nothing but garbage because the connection is encrypted. Capturing that information would be useless because it's practically impossible to decrypt even for the NSA.

Unfortunately, that usually isn't the end of your data's journey. Let's use Gmail for example:

  • Your computer establishes an encrypted connection to Gmail in order to compose and send an email. Nobody along the line can read what you're typing or the contents of your email.
  • You compose your email and click 'send'. Gmail will then reach out and send your email to the other persons mail provider. This is likely done without encryption. Most mail transfer between providers is done unencrypted in plain text.
See the problem here? Because the tap is installed on the routers and networks providing connectivity to Google, they are able to capture everything sent out of the Google network. That means that they can capture your email as it's being delivered to the remote service or as a remote email is being delivered to your Gmail.  Again, remember, Google does not have to be complicit in this spying nor do they have to even know about it (and they likely didn't).

That's how I believe the PRISM program works. It's deceptively simple and allows the government to work with a much smaller amount of companies to capture vast amounts of Internet traffic from multiple companies. It also allows the companies they're spying on to truthfully say they didn't participate because,. well, they didn't.  While these companies certainly knew this kind of capture was possible, I doubt any of them knew for certain that it was actually going on.

How can I stop my data from being captured?

It is impossible to prevent our data from being captured by PRISM or any similar programs the government might be running. They have tapped the foundations of the Internet and, thus, can likely capture the data of anyone they'd like to. The question then isn't how we can stop our data from being captured but how we can make it useless when it is captured.

The answer is quite simple: encryption. Email should always be encrypted, files that are stored on cloud providers should be encrypted before leaving your computer, and voice and IM conversations should be encrypted either using Off the Record Messaging or ZRTP.  Remember, these technologies would not stop your data from being captured, but it will make your data useless when it is captured.

In some cases it may be impossible to encrypt your data. For example, what happens when you must send email to someone who doesn't use encryption or you have a chat session with someone who doesn't use OTR? In those cases you really only have two choices: don't do it or do it and accept that your data will likely be captured and stored. It's as black and white as that.

What about hosting my own email, file storage, etc?

In all cases, hosting your own data is preferable to sending it to someone else else for hosting. It's trivial to set up something like SpiderOak instead of Dropbox or your own XMPP server instead of Google Talk or Yahoo Messenger.  But hosting your own data isn't a magic bullet and won't always save you from data capture.


As long as data stays on your local network (in your house), it's likely not being tapped. But the moment it leaves your network it's subject to interception. As we discussed above, there are multiple places that data can be captured and you should consider any data that leaves your network as up for grabs.

The main benefit of hosting your own data is 'where the court order goes'. If you host data with a provider like Google or Microsoft or anyone else, those companies are subject to a knock on their doors by someone with a court order demanding your data. That court order will likely come with a gag order that prevents the company from even telling you that knock and demand happened. You're defenseless.

If you host your own data, that knock and court order will come to you. You will know if they demand a copy of your data and you will be able to contact a lawyer and defend yourself. They can't hide behind secret court orders.

Summary

The above is a description of how I believe the PRISM data collection works. As you can see, it's comprehensive, Orweillan, and very hard to evade. In the end, it's going to take a combination of social, political, and technical manevures to defeat it and it's going to be an enormously difficult task.

The US Intelligence community is constantly demanding more access into our lives. The NSA, for example, has built a massive data center in Bluffdale, Utah that is capable of storing all of the worlds communications for 100 years.  When you're up against that sort of technology, it's very hard to fight against it and win. But I believe it is possible. We just have to use the right tools.

Lastly, I think it's important that we cut through the crap we're being told about how if we have nothing to hide then we have nothing to fear. The fact is that the things we do today may be illegal or suspicious tomorrow. When everything we do and say is captured and stored, it allows them to go back later, as the law or social and political climate changes, and retroactively define who 'has something to hide'. We might not have something to hide today, but who knows how our perfectly legal and just actions might be perceived in the future?

Additionally, think about this: we all go to the bathroom. We're not ashamed of it, there's nothing wrong with it, and it's not even socially improper. If someone announces to a table "I'm going to the bathroom" it's likely no secret what they are going to do in there. Why, then, do we demand privacy when we go to the toilet?

The fact is that we have a right to control our privacy. A society cannot be truly free unless each individual gets to decide what private information will be shared with whom. That decision never falls to the government or a corporation, or another individual.

Liberty without privacy isn't liberty. It's borrowing time until someone uses your private thoughts and actions to deprive you of liberty. That is not a society I want to live in and I suspect you don't want to either. That's why it falls to each of us to stand against these programs even if we have nothing to hide. It's a matter of principle. More importantly, it's a matter of freedom

How to Contact Me

Interested in discussing this article with me or have questions? Email me at anthony@cajuntechie.org. 

Friday, June 14, 2013

New disclosures reveals Microsoft deliberately compromises user security


Just when you thought the NSA spying scandal couldn't get any worse, Bloomberg News reports that Microsoft Corp openly shares vulnerabilities it finds in its software with spy agencies before it issues patches for them. That's right, not only do you have to worry about hackers and the government discovering vulnerabilities that compromise your computer, Microsoft is giving spy agencies an open invitation to anything that's on it!

While Microsoft is specifically named, it's probably safe to assume that many other companies we trust are doing the same thing because the risk of them ever being caught is so slim. But the particularly worrisome thing about the Microsoft revelation is the sheer reach that the company has through it's products. Microsoft currently controls 97% of the desktop market and has a significant presence in both the mobile device and server market. Additionally, the company has a deepening reach into consumers living rooms through its XBOX entertainment system and its Kinect device which can track voice, facial gestures, and even see in the dark with its always on, always connected to the Internet camera.

This makes Microsoft one very dangerous company cooperating with the government

How they got away with it

The underlying computer code that makes up Microsoft software is a closely guarded secret with anyone stealing that code facing decades in prison. Microsoft, and other companies who don't share their source code, day they don't share because the code is valuable to their business and would lower their competitive advantage if everyone know exactly how their software worked.

But not sharing source code also has a more sinister side as well: it allows the companies to hide anything they want to in their programs and it's virtually impossible for users to find out what those programs are really doing or what data thy may be sharing with whom.  Companies will often argue that, because of their reputations, users can trust them to do the right thing and not deliberately do anything malicious or compromise their security.

Obviously, Microsoft didn't get the memo because today's revelation about them informing the NSA of problems before they're fixed does both.

Users of Microsoft software like Windows should ask two critical questions right now: how long died the company wait after telling the NSA about a problem before they fix it and, more importantly, what happens if the agency asks them not to fix a particular problem?

Those are two questions neither Microsoft or the government can be trusted to honestly answer, leaving users in the uncomfortable position of trusting the word of a company who has just betrayed them.

What can you do about it?

Thankfully, the answer to this revelation us pretty simple: stop using software from Microsoft and any other company that refuses to allow users to look at the underlying computer code of the programs they run on their computers. Yes the companies will make a million excuses why they can't show you their source code. You need just one reason not to accept any of those reasons: your privacy.  If the source isn't available, you have no way to verify that your software isn't spying on you or being deliberately left vulnerable so you can be spied on.

Taking this route means change. It means often walking away from software and platforms you may have used for decades. But the good news is that there has never been a better or easier time for you to walk away and it's getting easier every daub operating systems like Linux are amazingly user friendly, software like LibreOffice is fully compatible with Microsoft Office, and there are open alternatives to almost every closed program you're running now. From Windows down to calculator, everything is covered.

Punishment as well as Security

Moving away from closed software will help you protect your privacy. But more than that, it will punish the companies who've violated your privacy by denying them that which they value most: money. It will send a clear message that this kind of behavior is not OK and that you won't tolerate it.


Stand up today and take your privacy back. Tell these companies and these spies that you won't tolerate being spied on and lied to. Enough is enough!

Wednesday, June 12, 2013

The Problem with Hushmail

Since the recent NSA spying story broke last week, the public's interest in protecting their communications has skyrocketed. Like never before, people are checking out technologies like encrypted emails. Several articles from well known publications have recommended moving our email away from providers like Gmail and AOL and to a provider called Hushmail.

Hushmail is a web based email system similar to Gmail, Yahoo Mail, and others that boasts the feature that all of your email is heavily encrypted and that nobody but you and your recipient will be able to read it.  They even mention that the mail is encrypted using GnuPG, the open source version of PGP  That all sounds right and fantastic but Hushmail isn't telling you the whole story - or at least not right up front without digging a little deeper. Because of what I consider a critical security flaw in the way Hushmail is designed, I strongly recommend that anyone concerned with their privacy not use the service at all.

How the Technology Works

When a user signs up for a new Hushmail account, the service uses GnuPG to create a new encryption "key pair" for them.  This system is known as "public key cryptography" and consists of two complete separate keys: a public key that you can give out to everyone and allows them to encrypt email to you, and a private key that you keep to yourself and allows you to decrypt messages sent to you and sign messages for authentication purposes.

From that point on, anytime you send a message to another Hushmail user, that message is automatically encrypted to their public key and in theory can only be read by them. If you send the message to a non-Hushmail user, Hushmail generates a message encryption key and the user must either click a link with the key in it or enter a password to read the message.

Sounds pretty sound. What's wrong with it?

As I mentioned a moment ago, your private key is what allows you to decrypt messages sent to your Hushmail address. In fact, your private key is the only thing that stops someone who doesn't have your Hushmail password from reading your emails.  In ordinary encryption setups, you would be the only person to possess your private key. If someone gets a hold on that key and can break the password on it, they can read email encrypted to you and sign email as if they were you.

Hushmail breaks security by keeping both your private and your public key on their servers. That means that, at all times, Hushmail has access to your private key, can decrypt your email, and could even, in the case of a malicious system administrator or hacker, even sign email as if they were you.

This, of course, also means that your email is not completely secure. You're not the only one in charge of your key. In fact, there are situations where Hushmail can (and has) handed over users private, encrypted, email to law enforcement during criminal investigations.

Your mail is not private on Hushmail! Anyone who can get access to the system can trivially gain access to your encrypted emails.

Anyone. Not just law enforcement or the government. Anyone.

What are the options to using Hushmail?

Unfortunately, there just aren't that many encrypted email providers out there that don't operate exactly in the way Hushmail does. If you truly want to secure your emails from everyone's prying eyes, I suggest you download and learn to use GnuPG and a few associated tools. If you learn GnuPG, you can even use Hushmail in a secure way where even they can't read your emails. The trick is always handling encryption yourself and never letting your private key out of your hands.

GnuPG isn't hard to use. It does have a slight learning curve but with a little patience anyone can learn to protect themselves and not worry about anyone having the ability to spy on their emails.

Tomorrow, we'll discuss setting these tools up and basic use.   

Saturday, June 8, 2013

What happens when the government spies on you


COMMENTS FROM CAJUNTECHIE:

This was posted on the discussion website Reddit earlier today and is a powerful and moving discussion about why we cannot allow government, American or otherwise, to spy on its citizens.  While the situation in the United States isn't as dire as the situation in this posters country, it could become that way if agencies like the NSA are allowed to spy without real limits. What happened in this persons country doesn't happen overnight. It's little by little, inch by inch. THIS is why we must continue to fight.
A link to the original discussion post is at the bottom.

"I live in a country generally assumed to be a dictatorship. One of
the Arab spring countries. I have lived through curfews and have seen
the outcomes of the sort of surveillance now being revealed in the US.
People here talking about curfews aren't realizing what that actually
FEELS like. It isn't about having to go inside, and the practicality
of that. It's about creating the feeling that everyone, everything is
watching. A few points:

1) the purpose of this surveillance from the governments point of view
is to control enemies of the state. Not terrorists. People who are
coalescing around ideas that would destabilize the status quo. These
could be religious ideas. These could be groups like anon who are too
good with tech for the governments liking. It makes it very easy to
know who these people are. It also makes it very simple to control
these people.

Lets say you are a college student and you get in with some people who
want to stop farming practices that hurt animals. So you make a plan
and go to protest these practices. You get there, and wow, the protest
is huge. You never expected this, you were just goofing off. Well now
everyone who was there is suspect. Even though you technically had the
right to protest, you're now considered a dangerous person.

With this tech in place, the government doesn't have to put you in
jail. They can do something more sinister. They can just email you a
sexy picture you took with a girlfriend. Or they can email you a note
saying that they can prove your dad is cheating on his taxes. Or they
can threaten to get your dad fired. All you have to do, the email
says, is help them catch your friends in the group. You have to report
back every week, or you dad might lose his job. So you do. You turn in
your friends and even though they try to keep meetings off grid,
you're reporting on them to protect your dad.

2) Let's say number one goes on. The country is a weird place now.
Really weird. Pretty soon, a movement springs up like occupy, except
its bigger this time. People are really serious, and they are saying
they want a government without this power. I guess people are
realizing that it is a serious deal. You see on the news that tear gas
was fired. Your friend calls you, frantic. They're shooting people. Oh
my god. you never signed up for this. You say, fuck it. My dad might
lose his job but I won't be responsible for anyone dying. That's going
too far. You refuse to report anymore. You just stop going to
meetings. You stay at home, and try not to watch the news. Three days
later, police come to your door and arrest you. They confiscate your
computer and phones, and they beat you up a bit. No one can help you
so they all just sit quietly. They know if they say anything they're
next. This happened in the country I live in. It is not a joke.

3) Its hard to say how long you were in there. What you saw was
horrible. Most of the time, you only heard screams. People begging to
be killed. Noises you've never heard before. You, you were lucky. You
got kicked every day when they threw your moldy food at you, but no
one shocked you. No one used sexual violence on you, at least that you
remember. There were some times they gave you pills, and you can't say
for sure what happened then. To be honest, sometimes the pills were
the best part of your day, because at least then you didn't feel
anything. You have scars on you from the way you were treated. You
learn in prison that torture is now common. But everyone who uploads
videos or pictures of this torture is labeled a leaker. Its considered
a threat to national security. Pretty soon, a cut you got on your leg
is looking really bad. You think it's infected. There were no doctors
in prison, and it was so overcrowded, who knows what got in the cut.
You go to the doctor, but he refuses to see you. He knows if he does
the government can see the records that he treated you. Even you
calling his office prompts a visit from the local police.

You decide to go home and see your parents. Maybe they can help. This
leg is getting really bad. You get to their house. They aren't home.
You can't reach them no matter how hard you try. A neighbor pulls you
aside, and he quickly tells you they were arrested three weeks ago and
haven't been seen since. You vaguely remember mentioning to them on
the phone you were going to that protest. Even your little brother
isn't there.

4) Is this even really happening? You look at the news. Sports scores.
Celebrity news. It's like nothing is wrong. What the hell is going on?
A stranger smirks at you reading the paper. You lose it. You shout at
him "fuck you dude what are you laughing at can't you see I've got a
fucking wound on my leg?"

"Sorry," he says. "I just didn't know anyone read the news anymore."
There haven't been any real journalists for months. They're all in jail.

Everyone walking around is scared. They can't talk to anyone else
because they don't know who is reporting for the government. Hell, at
one time YOU were reporting for the government. Maybe they just want
their kid to get through school. Maybe they want to keep their job.
Maybe they're sick and want to be able to visit the doctor. It's
always a simple reason. Good people always do bad things for simple
reasons.

You want to protest. You want your family back. You need help for your
leg. This is way beyond anything you ever wanted. It started because
you just wanted to see fair treatment in farms. Now you're basically
considered a terrorist, and everyone around you might be reporting on
you. You definitely can't use a phone or email. You can't get a job.
You can't even trust people face to face anymore. On every corner,
there are people with guns. They are as scared as you are. They just
don't want to lose their jobs. They don't want to be labeled as traitors.

This all happened in the country where I live.

You want to know why revolutions happen? Because little by little by
little things get worse and worse. But this thing that is happening
now is big. This is the key ingredient. This allows them to know
everything they need to know to accomplish the above. The fact that
they are doing it is proof that they are the sort of people who might
use it in the way I described. In the country I live in, they also
claimed it was for the safety of the people. Same in Soviet Russia.
Same in East Germany. In fact, that is always the excuse that is used
to surveil everyone. But it has never ONCE proven to be the reality.

Maybe Obama won't do it. Maybe the next guy won't, or the one after
him. Maybe this story isn't about you. Maybe it happens 10 or 20 years
from now, when a big war is happening, or after another big attack.
Maybe it's about your daughter or your son. We just don't know yet.
But what we do know is that right now, in this moment we have a
choice. Are we okay with this, or not? Do we want this power to exist,
or not?

You know for me, the reason I'm upset is that I grew up in school
saying the pledge of allegiance. I was taught that the United States
meant "liberty and justice for all." You get older, you learn that in
this country we define that phrase based on the constitution. That's
what tells us what liberty is and what justice is. Well, the
government just violated that ideal. So if they aren't standing for
liberty and justice anymore, what are they standing for? Safety?

Ask yourself a question. In the story I told above, does anyone sound
safe?

I didn't make anything up. These things happened to people I know. We
used to think it couldn't happen in America. But guess what? It's
starting to happen.

I actually get really upset when people say "I don't have anything to
hide. Let them read everything." People saying that have no idea what
they are bringing down on their own heads. They are naive, and we need
to listen to people in other countries who are clearly telling us that
this is a horrible horrible sign and it is time to stand up and say no."

*Link to original post:
http://www.reddit.com/r/changemyview/comments/1fv4r6/i_believe_the_government_should_be_allowed_to/caeb3pl?context=3

Friday, June 7, 2013

An interesting article on NSA domestic spying from the Calgary Herald

MAY 13, 2013

Kotarski: The snoop factor is shocking

BY KRIS KOTARSKI, CALGARY HERALD

In October 2008, a 39-year-old former U.S. navy linguist who worked at
a National Security Agency (NSA) centre in Georgia went on ABC News
and blew the whistle on himself and his fellow NSA operators for
listening in on the private conversations of hundreds of American aid
workers and soldiers calling home to the United States from Iraq.

“Hey, check this out,” David Murfee Faulk says he would be told.
“There’s good phone sex or there’s some pillow talk, pull up this
call, it’s really funny, go check it out.”

Another linguist, 31-year-old Adrienne Kinne, told ABC that the NSA
would listen to calls made by military officers, journalists and aid
workers from organizations such as the International Red Cross and
Doctors Without Borders, listening to “personal, private things with
Americans who are not in any way, shape or form associated with
anything to do with terrorism.”

“We knew they were working for these aid organizations. They were
identified in our systems as ‘belongs to the International Red Cross’
and all these other organizations,” Kinne told ABC News. “And yet,
instead of blocking these phone numbers, we continued to collect on
them.”

How far has this spread since then?

Earlier this month, Tim Clemente, a former FBI counterterrorism agent,
revealed on CNN that details from a private telephone conversation
between one of the Boston bombing suspects and his wife could be
retrieved at will.

“We certainly have ways in national security investigations to find
out exactly what was said in that conversation,” he said. “It’s not
necessarily something that the FBI is going to want to present in
court, but it may help lead the investigation and/or lead to
questioning of her. We certainly can find that out.”

When pressed by the shocked news anchor whether “they can actually get
that,” Clemente was adamant.

“Welcome to America,” he answered. “All of that stuff is being
captured as we speak, whether we know it or like it or not.”

What has happened to our American cousins? And what has happened to
the rest of us? This is not North Korea, Saudi Arabia or Soviet
Russia.

This is the United States, where according to the constitution, “the
right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be
violated.”

This is also Canada’s biggest and most important security partner, our
closest military and intelligence ally, and the country where our
government continues to strive for “harmonization,” even as the U.S.
is revealed again and again to have abandoned the American citizen’s
right to basic privacy.

Just last week, the New York Times’s Charlie Savage reported that the
Obama administration is on the verge of backing an FBI plan for new
surveillance laws that would force companies like Facebook and Google
to build a capacity to comply with wiretap orders into their
instant-messaging systems.

In an April 2012 interview with Democracy Now, another NSA
whistleblower, William Binney, estimated the NSA assembled 20 trillion
“transactions,” which likely included copies of almost all e-mails
sent and received by those living in the United States.

What does this mean for Canadians?

Once upon a time, it was obvious that we would not tolerate our
governments trawling through everyone’s mail or installing a tape
recorder or a video camera in every room of every home. So why are we
so complacent about our electronic data, our phone calls and our
e-mails?

Almost all of us use some kind of American-based online infrastructure
to communicate with each other, but privacy concerns do not seem to
interest our government very much. The old “if you’ve got nothing to
hide, you’ve got nothing to fear” trope is nonsense. We all have
something to hide.

There are intimate thoughts shared between spouses and lovers. Family
quarrels, fears, hopes, family photos and business ideas.

These are all things that can be used to intimidate and abuse us, and
government analysis should not be listening to them, even if they say
that it’s for our own good.

Kris Kotarski’s column appears every second Monday.

© Copyright (c) The Calgary Herald
--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

MAY 13, 2013

Kotarski: The snoop factor is shocking

BY KRIS KOTARSKI, CALGARY HERALD

In October 2008, a 39-year-old former U.S. navy linguist who worked at
a National Security Agency (NSA) centre in Georgia went on ABC News
and blew the whistle on himself and his fellow NSA operators for
listening in on the private conversations of hundreds of American aid
workers and soldiers calling home to the United States from Iraq.

“Hey, check this out,” David Murfee Faulk says he would be told.
“There’s good phone sex or there’s some pillow talk, pull up this
call, it’s really funny, go check it out.”

Another linguist, 31-year-old Adrienne Kinne, told ABC that the NSA
would listen to calls made by military officers, journalists and aid
workers from organizations such as the International Red Cross and
Doctors Without Borders, listening to “personal, private things with
Americans who are not in any way, shape or form associated with
anything to do with terrorism.”

“We knew they were working for these aid organizations. They were
identified in our systems as ‘belongs to the International Red Cross’
and all these other organizations,” Kinne told ABC News. “And yet,
instead of blocking these phone numbers, we continued to collect on
them.”

How far has this spread since then?

Earlier this month, Tim Clemente, a former FBI counterterrorism agent,
revealed on CNN that details from a private telephone conversation
between one of the Boston bombing suspects and his wife could be
retrieved at will.

“We certainly have ways in national security investigations to find
out exactly what was said in that conversation,” he said. “It’s not
necessarily something that the FBI is going to want to present in
court, but it may help lead the investigation and/or lead to
questioning of her. We certainly can find that out.”

When pressed by the shocked news anchor whether “they can actually get
that,” Clemente was adamant.

“Welcome to America,” he answered. “All of that stuff is being
captured as we speak, whether we know it or like it or not.”

What has happened to our American cousins? And what has happened to
the rest of us? This is not North Korea, Saudi Arabia or Soviet
Russia.

This is the United States, where according to the constitution, “the
right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be
violated.”

This is also Canada’s biggest and most important security partner, our
closest military and intelligence ally, and the country where our
government continues to strive for “harmonization,” even as the U.S.
is revealed again and again to have abandoned the American citizen’s
right to basic privacy.

Just last week, the New York Times’s Charlie Savage reported that the
Obama administration is on the verge of backing an FBI plan for new
surveillance laws that would force companies like Facebook and Google
to build a capacity to comply with wiretap orders into their
instant-messaging systems.

In an April 2012 interview with Democracy Now, another NSA
whistleblower, William Binney, estimated the NSA assembled 20 trillion
“transactions,” which likely included copies of almost all e-mails
sent and received by those living in the United States.

What does this mean for Canadians?

Once upon a time, it was obvious that we would not tolerate our
governments trawling through everyone’s mail or installing a tape
recorder or a video camera in every room of every home. So why are we
so complacent about our electronic data, our phone calls and our
e-mails?

Almost all of us use some kind of American-based online infrastructure
to communicate with each other, but privacy concerns do not seem to
interest our government very much. The old “if you’ve got nothing to
hide, you’ve got nothing to fear” trope is nonsense. We all have
something to hide.

There are intimate thoughts shared between spouses and lovers. Family
quarrels, fears, hopes, family photos and business ideas.

These are all things that can be used to intimidate and abuse us, and
government analysis should not be listening to them, even if they say
that it’s for our own good.

Kris Kotarski’s column appears every second Monday.

© Copyright (c) The Calgary Herald
--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

Thursday, June 6, 2013

We can't let NSA spying go unchallenged

As most of you know, it came to light a few days ago that the US National Security Agency got a FISA court order to force US mobile phone carrier Verizon to turn over daily logs containing the metadata of every single call made on or to the Verizon network for a period of three months. That means that every call that is made to or by a Verizon customer is essentially being monitored and information about that call is being sent to the NSA every day. It doesn't matter if you've committed a crime or not. It doesn't matter if you're under any sort of official investigation or not. It only matters that you somehow interacted with the Verizon network.

Apparently, they don't actually need that pesky 'reasonable suspicion' thing anymore in order to get our personal information. All they need to do is wave the 'we catch terrorists' flag in front of the right judge and everything is unlocked for them. Everything. And please, don't make the mistake of thinking 'wow, I'm safe since I'm not on Verizon'. It's more than Verizon. While there's no conclusive proof, people like NSA whistleblower William Binny have stated on the record that NSA is capturing every single communication American citizens have. Emails, phone calls, texts. faxes. everything.

It's become obvious that we can't rely on the government, courts, or congress, to protect us from an out of control intelligence agency hell-bent on knowing everything. It's time we take matters into our own hands. We have to stop asking them to stop spying on us and simply stop them from doing so ourselves. The technology is there and it's freely available. We just have to get off our lazy asses, care about our privacy enough to do something about it, and use the tools we have.

But I think it's going to take more than that. We need to actively work to foil these surveillance systems. We need to overwhelm them with useless data that has to be analyzed. We need to tie them up with so many false-positives that they will find the task of monitoring ordinary Americans who've committed no crime distasteful and over burdensome. We have to take direct action.

It's time we put a stop to this over-reaching government. It's time we set limits as to what and how much they can take. It's time that we say "HELL NO" to their intrusions into our privacy and our lives.  It's something that only we can do; nobody can do it for us.


Over the next few weeks, I'll be posting a series of articles and videos on how we can defend ourselves against these intruders. Some will deal with the technical aspects of such a defense while others will deal with the social aspects of it. I hope you find these posts useful and use them to protect yourself against surveillance.

The time for asking them to respect our rights has passed. It is now time to make them respect our rights. Their time has passed. Our time has come.

Tuesday, June 4, 2013

How to set up a web server on Linux - Part I

 

Hosting web content is perhaps the most common task that Linux is currently being applied to. Using an old computer, almost any Linux distribution, and a little know-how, you don't have to pay anyone to host your website for you - you can do it yourself.

While setting up a web server in Linux is amazingly easy, doing it properly can be somewhat tricky. And, since your server will be facing the public Internet, you want to make sure you do it right.

This video, part of Redhat certification training from VTC, is part of a two part series on how to properly set up the Apache web server on RHEL. Part II will come later in the week. You should note that, while this video uses RHEL as the base OS for setting up Apache, the configuration instructions will mostly translate over to any Linux distribution you happen to be using.