TrueCrypt

I came across a full hard drive encryption program called truecrypt. I've always wondered "why would i use these programs" or "well thats a bit overkill" but at the same time, i've said countless times: "what would i do if the RIAA or MPAA raided my house"... not that US laws apply to me, but you get the point... A majority of stuff I've downloaded is fine under the terms of 'fair use' but thats not to say it would be difficult (or impossible) to prove in court.

Enter TrueCrypt... It meets my requirements: Its free, and open source. But actually, I've spent some time toying around with it on a spare drive, and after an hour, I'm throughly convinced that it is simply awesome. A 10 out of 10 and truely a wonderful program. I can't help but think that this app could easily sell to government agencies and corperations world wide for hundreds of dollars hands down.

The app is everything you wouldn't want an encryption program to be - invasive, slow & confusing. Its extremely quick... more transparent than a window... and the help and support documentation is top notch. If you aren't picking up what im throwing down, this is by far one of the best written apps I've seen. It's quiet a shock to me -- that i haven't discovered or used this program before. I simply can't say how awesome it is.

So how far does the encryption reach? The whole drive/partition.

• Page files? yup
• OS? the kernels? uh huh
• Documents, Applications, Movies? too easy
  
• What about free space? That too!

What about:

• Needing to reformat? Nah, that would be a pain!
• Decypting files so i can read them? You crazy?! that would suck!

Basically, with the free program, you can encypt a whole drive, including the OS in real time and on the fly for data access... That means anything thats written to the drive is encrypted before being laid down on the disk, and when you jam your MP3's that data is decrypted in ram when its pulled off the disk.

Now, you might say... "with all this encryption/decyrptions... doesn't this consume some serious CPU cycles?!" Well, it does... kinda... copying a 10GB file in my tests put my CPU to 50% (maxed out a core) but i noticed no disk performance degradation. Reading/playing a 1080p x264 movie made no difference (my biggest fear -- my comp sucks ass). In my benchmarks, encrypting a 5MB file has a throughput (off my shitty 1.87Ghz Core2Duo and 1GB ram) of 113MB/s... thats much better than my ~70MB/s drive bandwidth...

Lastly, and the most amazing thing I've seen is the hidden volumes. A hidden volume is a like a hidden disk. But whats cool is not the fact that you can hide a volume, but what you can do with it and how you access it... and also HOW its hidden. Here's the idea... An encrypted drive is more or less useless without its key. The data appears random and its not provable that the disk is encrypted, unless you have a boot loader that says its encrypted. Yet even with a key, some real (or old data) will just appear as noise because files get fragmented, deleted, moved and overwritten. Also, if your smart enough to encrypt a whole drive... your smart enough to know what a secure file deletion is. So in the end, free space starts to appear as just noise, someone can tell the drive is encrypted because the boot loader prompts you.

So say you reach a point where someone FORCES your to give your password/key out... (say extortion or a sopena)... are you out of luck then? lol... no!

What you do is hide a volume (or even an entire OS!) inside this volume. After all, free space appears as noise, so aslong as the space isn't written over, it still looks like noise. And thats what the system does, it marks this space as free, but data doesn't get written there. The only data that gets written in this free space is when your actually using this hidden volume. Its written with a different key (or possibly the same key with a different encryption method... or a different key and encryption method altogether). But here's the real bad ass part: You can put on OS on this volume, and on boot up, from the boot loader. Enter the normal key to bring up your regular encrypted disk, or enter your super secret hidden volume key and bust out a different OS James Bond style. When your 'adversary' forces your key, he gets your 'decoy' or 'duress' key and accesses your encrypted drive, but your super secret volume/OS is safe... it can't even be proven that it exists. Plausible Deniability.

Open video isn't open enough

For the past 2 days, I've solidly spent time working on a post, and I'm greatly disappointed because this post isn't it.

I know its a bit early, but I was hoping to create a video on this blog; one using the new HTML5 video tag, and a theora/vobris clip. However, tasks have turned out to be a complete mess and there will be no video on this post (maybe for a while on this blog!). :-/

I first set out to create a video encoded using Theora. You'd think that the encoder being free to distribute and open sourced, it'd be as easy -- you'd have your video encoded quickly & posted in seconds. But actually it was much more difficult, and I started to get angry. Xiph.org the maintainers of the codec don't make it very easy to encode. I started out wanting to use a VFW encoder to just encode my clip directly on the fly as I recorded my screen capture. Pretty cut and dry stuff... run the screen capture, send the frames to the encoder. But there is not VFW encoder, and there is none made -- this was a HUGE shortfall for the xiph.org fellows. 2 hours later I looked at the encoders posted on the xiph.org site, the easiest way was to use a command line interface (CLI) version (the DOS prompt sytle) to encode my video from some format to theora (A "Point, Shoot, Convert" Style). Real men can work the CLI, and I've had my time spent on CLI's so I wasn't scared.

All my encoding produced video that was dramatically sped up through some bug. It didn't matter what my source video was at... the output was 5 times faster (or 80% shorter time wise) so a 10 second clip turned into a real fast 2 second clip, yet all the data (frames) played. Even if I set an override on the encoder for output FPS or input FPS. All videos were 5x faster. What... The... &%#!! My experimental encoder came with a few more things. I think it may have had to do with the source encoder, which i didn't change (because it was lossless).

I actually set out to make a how to guide and ended up looking for a how to guide and asking for help!

Even after I FINALLY got my file lined up and encoded... 2 days later. I was unable to post it:

Blogger will only post video on this blog using the flash player. It simply doesn't allow me to post a video the same was uploading a JPEG... I just can't upload an OGG, OGV, OGM file. That made me really angry. In fact, the only way to post a video on this site is to use the FUCKING flashing player...

OGG Vorbis - Open source audio

For those that don't know what OGG vorbis is or have never heard of it, i thought i would write a short, easy to understand article about how awesome it is.

Vorbis is an audio format, while OGG is a container format. You know what audio is (unless your deaf like me) and you can think of a 'container format' kinda like a file bucket, sorta like a zip file. Depending on the format, you have the options to add in whatever you want into this 'virtual bucket' -- video, audio... Multiple video tracks and audio tracks... even some fancy container formats let you put subtitles in them. AVI is a common contianer... but im not going to talk about containers, im going to talk about OGG... i mean Vorbis... whatever.

Simply Vorbis audio, is inside the OGG container...

OGG brings some serious advantages that the MP3 lacks. For starters, OGG is free, where MP3 isn't (for big companies to produce or encode, not for the little guys). Because OGG is free, it could mean in theory, that if songs sold on iTunes (lol, buying songs on iTunes -- thats a later post) were in OGG format, they should be cheaper (but they probably wouldn't so apple could get some better profits). There are no licensing fees for OGG so if your producing a game? you could use OGG... selling songs?... yup, you can use OGG. Its cheap.

OGG is also open source. While open source doesn't seem like a real clear advantage, it is. Because the source is free to modify, it means it can be worked on and improved by any/everyone interested. Now some critics my say "well, that depends on how much support it has, and who ever modifies these things anyway." But truth be know, OGG/vorbis is worked on and updated quiet frequently, and there are different 'tuned' versions ('forked' versions) of it like AoTuV. OGG/vorbis encoders are worked on as regularly as say firefox or IE and are maintained by the Xiph foundation.

OGG is superior. I was a sonar technician onboard a nuclear submarine for 5 years... when i was underway, my job description could be summed in a few words.... listen carefully. I spent from 9-12 hours a day simply listening to audio while monitoring screens to detect various sounds... anything from Ocean waves... helicopters & planes (jets & props)... shrimp... whales... fishing ships... warships... other people's warships... and other super secret things i can't talk about. When you compare OGG to MP3 at the same file size and bit-rate, ogg is typically superior... You can visit soundexperts.info where normal folk judge audio (you can easily participate too)... or professional listening tests found OGG to be even more superior... at different bitrates.

Compact. Comparing a lossless audio source to OGG Vorbis encoded at the highest quality is like trying to figure out if the mona lisa at the Lourve, Paris is a fake; even if someone told you, you'd never would have been the wiser. But the file size difference is typically 50% smaller than FLAC - another free, open-source, lossless audio codec.

OGG Vorbis is now the new standard for web-based audio in HTML5. Just like JPEG images and GIF's can be embedded and read natively, so now can audio. Most browsers (Firefox, Safari, Chrome, Opera) support this audio natively while others (IE6, IE7, IE8) don't with out some plug-in or work around.

In summary, OGG is a audio format, compatible to MP3, but free to encode, has typically higher audio quality for files at same size/bit rate, is open source and is also free to distribute. OGG is well maintained, and can now embedded directly in web pages (using HTML) natively without the use of a plug-in (such as adobe flash, another non-free license based application). OGG is a great competitor against MP3 and other proprietary, closed sourced codecs. Goo OGG!

Host you foes!

There are several ways to block ads.

You could get Firefox and install some add-ons like Adblock Plus or get something like an ad filtering proxy such as privoxy which is bundled with Tor (The Onion Router). You can even BUY stuff to block ads. However, there are even easier and cheaper ways. But first, i gotta run my agenda and tell you why its ok to block ads.

While some argue that blocking ads is Bad for the free Internet, I can't help but disagree. Most advertisers got themselves into this mess by being obnoxious and intrusive. Others are simply paying too much and willing to do anything to get noticed. It simply doesn't make sense that people should be SUBJECTED to ads.

You can turn off you TV or change the channel... People with TiVo or a PVR can pause and fast-forward. We actually record free movies and can edit ads out completely. In the future i wouldn't be surprised to see something that reads closed captions, voice/audio data and other things like time reference and determine automagically -- This is the show, and this is a series of ads.

People listen to music in the car can push simple buttons to scan through stations to listen to music, not ads. Its clear radio stations try NOT to use ads as it always seems to be a good advertising point (Hey, thats a Paradox! Advertise you don't Advertise!). It would almost seem this is the #1 quality a station has... less talk, more music.

Newspapers could sell for NOTHING and get survive off ad revenue a few years back.

Why shouldn't the Internet be any different?

Ok, here's the point of the post. You can block ads with windows alone... (or linux). Windows uses this thing called a HOSTS file to store address information with site information. For example instead of having to rely on DNS or memorizing some IP address for a URL, you could add an entry in your HOSTS file... simply visiting the remote server requires looking up the address to see if its in the HOSTS file. All OS's do it. The system was originally intended for large networks, where IP address were fixed... visiting your company's Intranet simply required typing URL's into your address bar and the OS would route the traffic across the network.

But there is one address that special... Yours.

Its called a loopback test. Its an address thats used to simulate send data "out" a network interface (or network device such as a USB DSL router) and come right back to you... hence "loopback". So if i added an entry into my WindowsXP host table, and said AOL.com had an IP or this loopback address (which is 127.0.0.1), what would happen?

1. The browser checks the HOST table.
2. An entry is found and correlates to 127.0.0.1
3. 127.0.0.1 is contacted, thus the signal comes 'right back'
4. No activity is heard back, because 127.0.0.1 (your system) is not hosting any HTTP/web traffic

Basically, AOL.com becomes inaccessible. So what does this have to do with blocking ads... all i've shown you how to do was block AOL.com

Well.... what about Doubleclick.com? Ads come from that server right? Hmm....

But the best part is that people already know where ads come from, or have a list of sites and address that send advertisements. you can visit This wonderful site and download a compiled HOSTS table and use your OS to block ads. The site gives you a guide and its pretty easy to do even if your not very tech savvy.

The Paranoid Kit

In real life, I am a person who is best described as shy, and quiet. People that know me personally would probably think different... I'm loud, argumentative, and when i don't like something, I'm all talk with no walk.

However, one great thing about the Internet is that people are not encumbered by 'who they are'. The rich, spoiled, teenager has about the same 'power' as a middle aged blue collar worker that deserves more. Its not that people want to be someone else when they step online, but more like the playing field becomes equal. Newspapers compete with YouTuber's that want to produce news worth information. Goons can troll all day long to try and run some agenda while someone else works on a project for public benefit. It doesn't matter, people are powerful while purpose and information have no bounds. But the story in my eyes isn't that the Internet is so great because we are empowered with these tools, but that we can do these things almost completely anonymously... almost.

While some people willingly post their personal information in screen name or hop on to sites like MySpace & Facebook without a second thought, these same people have ability use another email address or alias as they choose... Its pretty easy. I think most people tend to think of the Internet as some portal -- they can walk around in it and have little to fear about what they choose go or what to look at. After all, your simply reading this aren't you... that's not harmful (yet) is it?!

But i think the reality is that this is simply not true. People are being watched, across one site on to the next. History gets stored and analyzed. Traffic is logged and patterns develop. Anonymity has been replaced as a 'unique visitor ID' and isn't really possible. Even the most earnest attempts to keep yourself anonymous don't always work: you can get identified or embarrassed publicly. People deserve better than to have some corporation leak out your personal life (disgusting or not) and rain on your parade, and you there isn't some magic button that lets you 'opt-out' in most cases.

But i thought i would give it my best effort and created a collection of Mozilla add-ons on the AMO site. To say the least, you might not be able to be anonymous, but you can at least curve yourself away from some of the most common privacy concerns and stay under the radar most of the time.

Please check out my add-on collection: The Paranoid Kit.

Its goal is to block ads, as well as scripts that launch ads, targeted advertising, analytics... bugs, beacons... cookies & LSO... ...all the garbage, but try not to break your web. If you have any recommendations, please follow up and thanks for reading.

Firefox 3.5 and memory usage.

I came across an article while searching for news regarding firefox 3.5. I've been very excited about the new mozilla release so its been on my watch list. I stumbled upon an article from an author who decided to test each of the new browser's memory consumption. Well, i'll tell you what: I made a very bold claim in my last post that memory usage in firefox has been poor. This goes to show the world that when you make statements like these, you need to have facts to back them up with... So here are the facts:



Chrome is Yellow/orange
Opera is Green
Safari is Blue
Firefox is Red

...In a single word: huh?!

This image was publish thanks to what seems to be a very standardized test that a fellow at dotnetperls.com did. What the author did was open up the top 150 URLs (as of 19 Jun reported by alexa) into tabs of each browser using a hand made CLI. He took memory tabulations every 3 seconds for each browser, and after opening 30 tabs, closed them down to 1 tab and repeated the process with 30 new URLs. Each new URL was opened after a short random time frame (not sure why, maybe to to let pages load?).

IE8 was excluded from the test because the author couldn't open URLs in a tab directly (they appeared in a new windows instead) which is a bummer... It would be nice to see how IE8 played out to see what it brings to the table.

This test method mimics some seriously intense browsing, and its kinda realistic too... we might not open 30 tabs at once, but the concept is the same: We start with one URL, and branch from it, usually to another tab... we gather a set of tabs, and then close them down and start over. The only things that different is the time frame and the sites we look at. But this is inaccurate, becuase he uses the top 150 sites. The time thing is probably not important. I can't see memory leaking after each passing second. Another thing that different is add-ons... and this is why I'm starting to think firefox has become such a memory hog: the Add-on developers are writing bad code... But Suprisingly:

Firefox 3.5 RC2 had the lowest memory use all together.

It had the lowest max consumed, Lowest average consumed and the lowest tally at the end. Chrome ended using 3 more megs than firefox in the final tally, but peaked at 1216 megs (the system was winxp 32 with 4 gigs). Im guessing thats why chrome appears so fast as it looks to cache anything/everything... that fact that its javascript speed is a third of firefox 3.5 probably doesn't hold up so much now. The way i see it, nothing is faster than reading from ram. So if firefox is caching to the HDD, and not to memory, and chrome is caching to memory... chrome will always be quicker, at the expense of memory consumption. We can also see that firefox and chome don't "leak' over time, and both do a fantasitic job of cleaning up the memory mess.

I ended this post using firefox 3.0.11 using 80464K (78.6 megs) of memory. Im also using 15 add-ons.

Firefox 3.5 -- Faster? Slower?

If there is one application I truly am a fanboy of, it’s Firefox. Firefox is an open source success that is changing the way people use the web. Its sole purpose is a browser that is built by people, for the people. According to GlobalStatCounter.com, almost 1 out of 3 people use Firefox, whilst 58% use IE. What’s funny is when you look at their graph, you can tell which days were work days, and which ones weren’t as people left the office browser and used the home browser. Clearly, the fox is here to stay and show the world what a browser should be.

As a former nightly [build] tester, the improvements behind the browser are monstrous. But the average Joe user is still left in the dark in my opinion, and here’s why I think so.

It’s hard for me not to form a biased opinion, because I absolutely am disgusted with Microsoft, and the entire IE line (Include IE8, which is a great improvement). I would like nothing more than the very browser Microsoft ‘shutdown’ (Netscape) come back and destroy them. Oh… Im supposed to be talking about why Firefox 3.5 sucks… ok, here I go.

One thing that really makes me angry is the slowness behind Mozilla. It’s one thing to be delayed on every single beta release, but its another when you hold up simple enhancements. Here’s one pet peeve: Auto completing Tags.

This was a feature that was added in Firefox 3.5, which started development back in September 2008? It took them that long to make these user set tags -- auto complete? Are you kidding me?! This is a massive failure on Mozilla’s part to ‘keep up’ with the stiff competition. There is absolutely NO WAY – you can say they couldn’t have made a Firefox 3.1.0 with that feature in a reasonable timeframe while they worked on other issues. It should have taken them 2 weeks to 1 month to build, test and integrate that feature and make it available. Producing software with these huge long waiting periods is not smart now. Browsers are released regularly these days almost monthly...Competition among browsers these days is at an apex. I know mozilla's tagline with brower releases is: "when its ready, we'll release it" but thats very different than: "when everything else is ready". Simply put, releasing a Firefox 3.1.0 with auto-completing seems like a very easy and quick way to 1) improve user experience immediately 2) Respond to community feedback quickly.

Another thing that really irritates me is it seems Mozilla is not listening hard enough to its users, and now it’s finally starting to bite them I think. Some of the most common complaints that users are quick to point out with Firefox is:

1) Memory usage
2) Start-up Time
3) Add-ons decrease the performance of the browser.


It just angers me that Mozilla has started to slip on things. We shouldn’t be waiting so long for quick easy enhancements. The good news is that It’s now scheduled to improve start-up time (and other internal events) on Firefox 3.6 by atleaset (greater than) 50ms, which is really a whole lot considering Safari 4 starts up in .54 secs now. Firefox 3.5 starts in 2.82 secs… If Mozilla gets smart about things (they usually do) they’ll focus on performance with add-ons… that is, adding a bunch of add-ons won’t degrade performance as much. If they can set that in motion, firefox 3.6 will be more in line of browser's like chrome 2 – easy, robust, and compatible/compliant.

I really am excited about Firefox 3.5 thou... But i think 3.6 is really going to get the users going with lightweight add-ons, themes, and an overall better browser (not browsing) experience.

DRM is another way to spell DUMB

I recently bought a new TV, a Samsung one. I’ve never owned a Samsung TV until now, and I can understand what all the hype is about. It truly was a great find, and an awesome buy. I've been burned By LG twice on a DVR and a fridge, So it was either someone that i don't know too much about, or Samsung, which I've heard good things about.

In fact, the TV is soo awesome... (How awesome is it?)... It shows the world how dumb, DRM can really be. Like most devices that are media intensive, the TV allows me to play MP3s, but WAIT! That’s not all... I can play AVIs, MKVs, MP4, Divx, Xvid, H.264, even WMV files! Oh yea, and Images like JPEG can be viewed too (whoopee!). I didn’t exactly know for sure that this TV had these specific capabilities... I knew something was up with the Ethernet interface and a lot of options on the menu... I really got lucky in picking a TV with these features in it and more. Dumb luck is great isn’t it!

According to the manual, I quote on page 32, (with my emphasis in bold) ”MP3 Files with DRM that have been downloaded from a non-free site cannot played. Digital Rights Management (DRM) is a technology that supports the creation of content, the distribution and management of the content in an integrated and comprehensive way, including the protection of the rights and interests of the content providers, the prevention of illegal copying of contents, as well as managing billings and settlements.“

Basically: Interchangeability

In one short response: LOL! According to this statement, if you actually PAID MONEY for an MP3 (or WMV?), you would NOT be able to play this music on the TV. However, if you owned the music CD and ripped the MP3, you would. Same goes for the DVDs and WMV.

Whoa, break lights, brake lights – Is this really implying what it says: If I DOWNLOADED this music from say a torrent and my MP3 is not DRM locked... does that mean it plays on my TV? Yup... the ones I paid for that have DRM? Nope. What about the video files...? I hate those MPAA companies and I download movies all the time from axxo... do those play? Yup. What about the WMV that I paid for with DRM? Nope. Can you buy movies in WMV format with DRM? I’m not sure, but anything file with DRM in them, simply won’t play.

...Oh shit son! Are you serious! You can play Blu-ray rips and H264 HD encodings on your TV... even the 1080p ones? Thats right... but your telling me if you actually bought a Blu-ray disc would you be able to copy it into MP4 or H264 format for easy playback on the TV...

Has anyone ever tried to copy a Blu-ray disc?

They’ve really severed the consumer’s wrists in this.

This is quiet humorous... but it’s also dangerous. Could we see a day (somewhat likely) where all media is encumbered with DRM? Would it be likely that that media cannot be broken/cracked with things like Trusted Computing(Secure IO) running under our tower’s hood? It sure is. My biggest worry is that some day, all media players (from iPods to PC) enforce DRM 100% and anything none DRM can’t be played. But for the mean time, it shows how dumb DRM really is.

A system that rewards media that has been broken, DRM freed, or blatantly pirated, yet punishes those who “do the right thing” and pay for it (In more than one way!). This TV is proof of such a system... and I really should get back to watching Spiderman 3 in 1080p now... You can take that as what you will.

The Exact Same Thing

For a while, i simply did not know what a hash was... or what is meant by a 'hash function'.

A hash is a cryptographic function that takes a string of data, and spits out a unique 'fingerprint' to represent it (called a digest). The best hash functions are able to take a very large amount of data (say... 20 gigs) and produce a different digest even if one single bit changes somewhere in the code.

A hash function is useful for checking the integrity of a file, For example, if your going to send a large file, it might be a good idea to break the file into parts, and include an MD5 or SHA1 with it. This lets your receive know if they get what the think is a corrupted file in the batch they can: 1) know for sure by hashing the files and comparing it to the sent digest, and 2) simply re-download the bad piece.

I found a really nice app that's very useful when it comes to hashes... Its called ExactFile and i highly recommend YOU get it and use it.

And to anyone out there that going to send a large amount of data (Such as someone that's going to post a large torrent -- hint hint) it would be nice of you to archive your files into a set of split files (like 50 meg RAR files) and provide an MD5 (or better yet SHA512) with it.

Exact file can create a digest for a single file, or a folder of files... it can take a file/group of files and check them against a digest as well... it can make a windows association to with hash formats (like an *.MD5 file) so all you have to do is open the digest to start checking the file (it finds it). and even if that .MD5 file really has a SHA1 digests in it, its able to figure out that the MD5 files is not an MD5, and will check the file(s) against SHA1. You can also create multiple Digest types for multiple files and store them in a single digest file... Its also multi-thread so your dual core can do 2 files at once, or 2 functions at once... You can create an Applet for your users, so they don't have to use exact file: They can run the applet and the app will hash and check the files...

God I'm so sick of trying to sell this app... its so damn useful... and its FREE...

And it could have saved me a few days of downloading had you SPLIT THE FILES & USE THE DAMN PROGRAM... it takes 30 seconds, to 10 minutes... to help THOUSANDS of people.

And BTW, the MD5 for the picture is: 4ed71eb4a98becfad2cbc15197aacf78

Logistics Supply Officer

As a former US Navy sonar technician, i used to live and die by acronyms. It seems there were acronyms for acronyms. You could almost approach someone, and make up an acronym OTS and people just knew what your talking about. So when i heard "LSO" I thought of an officer that took care of the logistical operations on my old boat.

So what does the supply officer have to do with this post? Not much. I consider myself a reasonably smart, capable person... so when something new comes along... especial something I know little or nothing about in the IT world, I'm quiet amused. And today was one of those days: Im going to briefly talk about LSO's... and considering I just read some snippets about them... I thought since i don't know much about them... maybe you don't either. So I'll pretend I know everything.

An LSO is an acronym that stands for Locally Shared Object. When you break that down, its pretty clear what it is... Its something that's held locally... and gets shared. It works like this:

You start out with nothing... you go somewhere on the intertubes and someone gives you this LSO... how thoughtful, you put it away... The next day, when the same dude tries to gives you an LSO again, you tell him "No thanks dude, i got one here". This dude wants a peek at it, so you decide to share it with him. Now, i know this was a real dumbed down story, but you should be able to easily relate this with another function on the internets: Cookies. You can think of an LSO as a 'type' of cookie, because it is.

In real life, there are a lot of things messed up with my story:

1) "Some dude" - Not all people are good people.

2) "Gives you something" - Like being hypnotize, you have no option to reject it.

3) "You store it" - But where did you store it... can you tell me where your LSO's are? I swear they were around here somewhere?!

4) "Wishes to peek" - Just like #1, your wish is my command.

An LSO is infact a cookie, but its not the "text" based ones we're a custom to, instead:

• They Don't Expire.
• They can be as large as 100 KB (Normal cookies are only 4 KB).
• Cross-platform tracking, LSO's work in ANY Flash-enabled application/browser.
• Flash apps can be invisible BTW.
• Most browsers are not aware of LSO's since they're flash based and 'usually' cannot be removed.
• They have the ability to send stored information, without user's permission. (to the appropriate domain)
• This is via Flash, we can now send very critical personal data or technical data: (system, user name, files,...). Flash is 'executable'.
  
• Many domains and tracking companies use these flash-based cookies.
• I got this list from a Mozilla add-on, but i changed the words around hoping you won't notice.

Check out BetterPrivacy for a good Firefox extension. The location of LSO's on windows systems is %appdata%/Macromedia/Flash Player/#SharedObjects/????????/

You can delete them yourself if you don't use firefox (why?!) and the only thing i have picked up on about them is that some games store high scores in them... among what ever else. And due to 'privacy reason' these cookies act like normal cookies: only the originating domain can access them... (But what if they proxy?).

I had some from my bank... among other sites... and a lot from google... even one from weather.com

I would like some good comments with valuable information about them if possible.

Open Source & BitTorrent Clients

While the legitimacy of bit torrent can be argued till we're both blue in the face, i would like to put all that aside and write about the clients. Any torrent going individual has a lot to say about organizations that may disrupt their traffic, but I don't want to write about that either -- maybe later. I thought I would get critical on the clients. Its probably just paranoia... alright, it is just paranoia, but I can't help but think this system is marked for destruction.

A few months (years) back, Bit torrent clients were nearly all open sourced -- just like the protocol. But as of late, things certainly have changed. I'm not someone that 'dislikes' or 'fears' change, just the bad kind. Lets start with the clear No. 1 client: uTorrent. uTorrent was a complete Open Source Success. And now... well, much has gone left unchanged, except it has been bought out by BitTorrent Inc. and is now closed sourced -- has any wondered what closed source code has been added in to it? The Bit Torrent (client) from Bit Torrent Inc. (yuck) surprisingly remains open sourced, but has undergone heavy commercialization... and Vuze (once Azureus) has gone from being a Java based, resource hungry client to... oh wait... lol... never mind. We still know Vuze is still a heavy weight, but it has also became Bit Torrent's twin in terms of the commercial aspect (Look closely and you'll see the word "price" and the acronym "DRM" on that page).

My point is that most developers that now produce these clients, are no longer in it for the end users. They have slowly been adding to the protocol, and trying to commercialize/monetize their efforts. And what better way to earn money if you could catch, report, and track piracy through the very program you make, that everyone uses.

While i know this sounds silly, but at least give it some thought. Slowly, these developers have made changes to the bit torrent protocol, usually to our own benefit. And while most of these non-standard additions we either over look, or use without a thought second, what happens when the 'new gen' of clients start having problems with the 'old gen'... A lot of people today use these new clients... easily over 95%. Clearly, It shouldn't be difficult to add some feature that could be monitored traffic, media etc., or take away the anonymity of an individual.

How should i say this... Will we see a point where the new gen pushes the old gen out... to the point where it may not be functional? If were trying to kill torrent sites left and right, then who needs to visit a site for the .torrent then when you could visit your friend? If he is... in deed a trustworthy friend.

I decided today to no longer use uTorrent... I will be finishing up my remaining downloads, and from here on, i will use deluge as my main client. I also looked at Halite, but it needs a lot of work still.

Signed Email, Encrypted Email

The Problem:

The other day, I installed the latest nightly of Thunderbird, code named: Shredder. I am not a big email person I guess, and I only receive a couple of emails a week. Most are bills, invoices and junk. To me, there are a lot of things wrong with email, but mainly... i don't receive a lot of email from people i wish would email me.

Lets talk about scams. I have at least on one occasion received an email scam -- one spoofed up to be my very own bank. I knew from the start it was a scam, but i decided "why not play along". After all, Firefox (and some others) have a built in filter to try and catch phishing sites, and Thunderbird marked the email as a scam anyway. How far can one go? I visited the site, and it was very easy to tell that this was indeed a scam with the big red warning screen. But I wonder, not everyone uses these products/features and sometimes, they blatantly fail.

How do we create a "safe and secure" email system that lets people know that "what we receive is from who and what they say they are from". What can be done to beef up email Identity when all it takes is 5 minutes to create an email address?

The Answer:

SSL.

Think about it, we should be able to send email (and receive email) that we can trust our confidential data on. I get emails from Bank Of America, telling me i have messages to check on my account... Literally: an email, about an email. Second, if we receive email, Which is unsigned, we can build a case that its junk. If it IS signed, we can reasonably assume its someone we know or, We are getting SIGNED spam... Clearly it will be easier to filter mail that's from a known signed Spammer? And lastly, No one but the people we send mail to should be able to access our mail... Its like that with snail mail, it NEEDS to be like that with email. Piss off admins, this doesn't concern you.

And the ability to do this is already here, and luckily.... its free or pretty cheap at a minimum.

Step 1:
Get a Security Certificate.

Just like banks, brokers and other important institutions have obtained a certificate, you should too. While the better ones cost money, you can get a basic one... Free. Just Google around. I found Comodo offers free ones (at the bottom), and some that cost too much.

Obviously, a degree of trust can be formed by the certificate in use. The new EV certificates are clearly better and go through a more rigorous verification, but for general email, that's not needed.

Using Comodo, I simply provided some personal information, received an email with a verification code/password, and then had to visit a link. After that, the certificate was installed in my browser. Finding/Backing up the cert is as easy as going to (in Firefox) Tools > Options, Advanced Tab, Encryption Tab, "View Certificates" Button. Or you can go to Control Panel > Internet Options, Content Tab, "Certificates".

Too easy... Click "Backup"

Note: If you have the tor button add-on installed, you need to disable it otherwise you won't be able to export properly.

Step 2:
Configure Your Client:

While everyone uses different email providers, and different email clients, they all stem from the same basic concept. I use Thunderbird, and Gmail -- a match made in heaven. The new Thunderbird makes configuring your client with Gmail a snap, and includes the IMAP Protocol, N00b proof. Gmail provides a huge amount of space, is typically pretty reliable, and offers free IMAP, POP, and SMTP access... while other typically cost something (yahoo). I use the Nightly version of Thunderbird 3, and have had no major problems using it as my main client, but this is not for everyone.

Importing your certificate into Thunderbird is just as easy as it was exporting it in Firefox by going to Tools > Account Settings, then the "Security" section on the left -- View Certificates.

This looks familiar:



After clicking "Import", Browse to your certificate and that's it...

Considerations:

I recommend SIGNING all emails by default... Anyone that does NOT have the capacity to view signed emails, will simply get the attachment used for signing a message and wonder what it is... Anyone that does have the capacity, gets a notifications somewhere. However, encrypted messages work a little bit different: The message gets sent AS an attachment. Which means if the receiver does NOT have the capabilities to receive encrypted emails (Using web pages, most clients can handle the protocol) then they get a blank email with a (literally) Unusable/Unreadable attachment and wonder "what did he send me?". In Thunderbird, either a lock appears, and/or a sealed envelop appears depicting that the message is signed, encrypted, or both. Double clicking either one displays this message:


A lot can learn from this signed & encrypted message:

1) The message is "verified" by a third party (although a weak "verification").

2) The message has a hash function built into it, which means it could not have been altered in transit.

3) Its encrypted, which means only the receiver should be able to receive it, since it could not have been modified. [Citation needed]