Tag Archives: internet

the culture and technology of, and participants in, the internet

Bradley Manning’s Statement

The transcript of Bradley Manning’s statement at his providence inquiry is well worth reading. It is a picture of a man who was deeply troubled by information he found in his duties as an intelligence analyst, and who decided to make that information public out of a belief that it ultimately would make the United States a better country, and the world a better place. Here’s a quote:

In attempting to conduct counter-terrorism or CT and counter-insurgency COIN operations we became obsessed with capturing and killing human targets on lists and not being suspicious of and avoiding cooperation with our Host Nation partners, and ignoring the second and third order effects of accomplishing short-term goals and missions. I believe that if the general public, especially the American public, had access to the information contained within the CIDNE-I and CIDNE-A tables this could spark a domestic debate on the role of the military and our foreign policy in general as [missed word] as it related to Iraq and Afghanistan.

I also believed the detailed analysis of the data over a long period of time by different sectors of society might cause society to reevaluate the need or even the desire to even to engage in counterterrorism and counterinsurgency operations that ignore the complex dynamics of the people living in the effected environment everyday.

His statement also shows that he understands that he broke the law and takes responsibility for his actions, and in that sense his actions should be considered civil disobedience. And that makes it all the more appalling that he’s been kept in humiliating and inhumane conditions for over a thousand days without trial.

Why I don’t rely on Google

Recently several otherwise tech-savvy friends have been perplexed that I don’t just use Google for everything. They explain that I could use Google Voice for my U.S. phone number, use Google Checkout for The Mathematician’s Dice, sync my contacts and calendars through GMail, and log in to many things on the web using their OpenID service. And they wonder why I suffer a bit of spam instead of using GMail for my primary email account.

Continue reading

[CUSTOMER NAME REDACTED] or Anything is possible on the internets

I just received this email. Details have been redacted to anonymize it. Rant follows.

From: [CUSTOMER NAME REDACTED]

Matt,

Sorry for bothering you, but I found your CV online and saw that you used to be the Lead Developer for [PRODUCT NAME REDACTED] a few years back. My wife owns a small [BUSINESS TYPE REDACTED] in [LOCATION REDACTED] and we recently migrated to [PRODUCT NAME REDACTED], which was a fluid easy process, no doubt due to some of your work — thank you for that!

One question I’ve had since moving over though is regarding their scheduling and if there’s any way to make it play with google cal or ical — I’ve asked [PRODUCT NAME REDACTED] and the techs there and it seems to be a pretty straight forward “no”… but knowing the internets and that “anything is possible” more or less, I gotta think that there must be a way to write some kind of script that could at least scrape the [REDACTED] calendar and at least provide a way just subscribe or “view” the schedule– I’m not even talking about two-way functionality… viewing would be a huge help for us and her colleagues. Moreover, my guess is that we aren’t the only ones who would love to have a way to check the schedule that wasn’t dependent on logging in to [PRODUCT NAME REDACTED], especially since they have yet to offer any mobile apps for smart phones, and that any script/app/plugin/program that’s created could even be shared with other [REDACTED].

Anyway… I won’t carry on as this is a straight cold call… but if you do have any advice and have a chance to respond, I would be most grateful!

Cheers!

[CUSTOMER NAME REDACTED]

This is jaw-droppingly awful. Let me count the ways:

  1. This guy is asking me to think about a job and a piece of software that I stopped working on years ago. Since a programmer’s job is, in many ways, to think, he’s essentially asking me to work for free.
  2. He is fishing for me to contradict what he has been told by the company I used to work for, which would be a totally unacceptable thing for a programmer to do even when still employed by said company.
  3. Even if I was willing to think about a software project that I haven’t looked at in years and undercut my former employer by contradicting them, it’s likely that the project has changed since I left in ways I cannot even begin to imagine. So even if I did remember enough about the project to confidently answer his question, I would probably be totally wrong.
  4. What would he do if I told him it would be totally easy to implement? Go back to my former employers and tell them that some random who used to work for them said that it would be easy? Is that going to make them change their mind about implementing this feature? No.
  5. Anything is possible? On the internets?

This is the kind of obnoxious customer that small software companies just don’t need. End of rant.

Another skill to omit from résumés

Ryan W is done building Facebook apps:

Clients don’t care that it was Facebook (not you) who broke the feature that was working yesterday, and they don’t care that what you said you could do two months ago can no longer be done because Facebook decided to change the platform (again).

I built a (very simple) Facebook app for a client back in March, and it left exactly the same bitter taste in my mouth.

Get online as safely as possible while traveling

I’ve backpacked all over the world, and a friend embarking on a similar trip asked for my advice about how to stay safe when using internet cafés and youth hostel terminals. This advice might be helpful to other budget travelers, so here it is.

It’s important to understand that you’re putting yourself at significant risk every time you use a computer that’s not your own (and sometimes even when you’re using your own computer). The safest way to access the internet while traveling is to only use your own computer or smart phone. But budget travelers can’t always afford to carry a computer or a smart phone. The risk of theft of an expensive laptop or smart phone is much higher when traveling, especially when staying in shared rooms in hostels. And, as every backpacker knows, every single pound (or kilogram) you carry counts tenfold when you have to run a mile to catch a train. Traveling with your own, trusted internet device is often not feasible.

Another option is to just never go online while backpacking, but this often is not feasible either. The internet has become a tremendous source of tourist information plus an amazing tool to meet and coordinate with other travelers. And the long-term traveler must go online from time to time, to check their bank balances, pay off credit cards and mobile phone bills, and communicate with loved ones. The only alternative to this is the telephone, which requires staying up late or getting up early, and navigating an expensive and foreign telephone system.

All this adds up to the uncomfortable fact that you sometimes absolutely must get online in the next few days, and your options for doing so range from mildly to completely insecure.

The general idea is to first categorize your online activities by how secure they need to be, then, make an educated guess about the security of each computer you use, and use that as a guide for what you are willing to do online on that computer.

Step 1: Categorize your activities

Reading WikiTravel, finding hostels, or getting bus or train schedules doesn’t need a safe connection. If someone steals your password to a social network or CouchSurfing, the worst thing that can happen is that they use your account to say weird things to your friends, and you’ll have to reset your password or (worst-case) create a new account. Not that serious, in the great scheme of things. This, of course, assumes that you use different passwords for your different accounts, which is a good idea.

Checking your email needs to be a bit more secure, since with access to your email, anyone can impersonate you or steal your accounts on sites that use that email address. And lastly, making reservations with a credit card or logging in to your online banking are high risk, since with your credit card or bank details, you can be out of a chunk of money quickly.

Step 2: Categorize the available computer

Since I’ve never seen a single internet café running anything but Windows1, and since I’ve seen only one youth hostel with Linux computers2, I’ll only talk about judging the security of Windows computers.

The more professional internet cafés and hostel computers require you to log in, and usually you can tell if you’ve been logged in to a temporary, sandbox account, or if it’s the same account that every user gets logged into. If it’s the same account that every user uses, you’ll see personal files left on the desktop, in the trash, in the documents folder, and in the browser you’ll see browsing history and bookmarks and toolbars and plugins installed, etc, etc. If it’s a sand-boxed account, it should look like a pristine, clean install of Windows.

If it’s a Windows computer that you can just sit down at, don’t trust it. If there’s lots of random software visibly installed and files lying around, this means it hasn’t even been cleaned up recently. Use it to do research, but don’t type your passwords on it, and certainly don’t ever log in to online banking or type in your credit card details.

Sandbox accounts are much less likely to have malware installed, because only the owners/administrators, or someone who used an exploit to get administrator access, could have installed malware. If it’s sand-boxed, I generally feel ok logging in to my email, but I’m still wary about using it to log on to my online banking. In a pinch you could use Mint just to check bank balances, since it has read-only access to your financial information. Oftentimes I find myself making hostel reservations with my credit card on computers like this, but I’m never very happy about it.

Then there are places like EasyInternet, where users don’t have access to the filesystem, CD drive, or USB ports, you’re not allowed to download and run any programs, and where the entire Windows installation–not just the user account–appears to be wiped over the network each time the user is logged out. You can tell that the entire Windows OS is being wiped because the computer reboots as soon as you log out, and the startup process indicates that it’s booting over the network. These kinds of computers are the safest. These are the only places where I feel comfortable logging in to my online banking. There’s still a chance that someone administering the café is capturing your passwords, but there are probably only a few people who have enough authority to do so.

I also judge hostel computers to be more secure than internet cafés. Internet cafés are open to the general public, including locals who would have the time, and the motivation, to regularly visit the café, install malware, gather collected data. Hostel computers are generally just used by hostel visitors, which would mean a traveler installing malware would have much less time to install and troubleshoot the data-collection process, no chance to reinstall it when it gets removed, and they’d have to gather the collected data remotely. You still have to worry about a member of the hostel staff installing something malicious, but again, there’s fewer staff members, so a smaller chance that it’s been compromised.

If the computer has Firefox3 installed, I usually take that as an indication that they aren’t total morons about security. Even better if it’s set to the default browser. Installing Firefox yourself, and using it, protects you against malware in Internet Explorer, but not against malware installed on the system.

If you know anything about Windows, you could check the version of Windows it’s running and see how recently it’s had security updates installed, which would give you an even better idea how security conscious the administrators are.

Other tips

If you can’t get to a secure computer and absolutely must access your bank account, most ATMs will let you check your balance and make transfers (and watch out for ATM skimmers). And staying up late or getting up early to call your bank, while a hassle, is much better than finding yourself stuck in a foreign country with cancelled credit cards and not much cash.

Always make sure you’re using SSL. If your bank doesn’t use SSL, switch to one that does. Gmail and most of the other major email providers allow you to log in using SSL. Use it. Don’t make credit card reservations if the site doesn’t support SSL. And don’t do any of this if the browser on the computer you’re using doesn’t support SSL.

The last step in staying secure while traveling is to change all your passwords and pin numbers as soon as you are back at your home computer again. That way, if anything did leak, it’s rendered useless.

Those are my white-hat, benevolent-hacker notes about internet while traveling. Soon, I’ll post some true black-hat tales of hacking internet café to get free, or cheap, internet.

  1. No love for Mac OS X. []
  2. High praise for Hostel Ruthensteiner, Vienna, Austria, running some sort of sand-boxed KDE, and where I felt almost as safe as on my home computer. []
  3. I’ve never seen Safari or Opera in the wild, and Chrome was released after my most recent trip. []