stuff, just stuff

• 2010-04-21

  Google buying ITA for $1bn?

• 2010-04-20

  Government requests directed to Google and YouTube

  Google presents numbers on government agencies requesting removal of content from Google services in the form of a map. Related to http://googleblog.blogspot.com/2010/04/controversial-content-and-free.html

• 2010-03-24

  New Research Suggests That Governments May Fake SSL Certificates

• →

  WikiLeaks under pressure

• 2010-03-16

  US Army considered attack on Wikileaks -- The Register

• 2010-03-15

  Run a Tor node

  I am running a Tor relay node and I can highly recommend it. It’s not hard at all and it gives you a good feeling, knowing that you’re helping people in countries where ordinary Internet users are prohibited from reaching the rest of the world.

  Here’s how you do it on a NetBSD 5.0 system.

  If you’re going to push anything more than a couple of hundreds of kilobytes of data on a NetBSD system, you’ll have to do three things in order to have any success:

  1. Increase the system maximum number of file descriptors
  2. Increase the tor process maximum number of file descriptors
  3. Increase the number of NMBCLUSTERS

  A tor node (which is not a bridge node) will eventually establish a TCP connection with each and every other Tor node in the network. This currently means that about 1600 file descriptors is going to be needed for this purpose only. On top of this, any potential Tor client needs its own TCP connection and file descriptor. I decided to increase the system maximum from 1,772 to 20,000.

  To do it once:

  $ sudo sysctl -w kern.maxfiles=20000
  

  And to make the change survive a reboot, add kern.maxfiles=20000 to /etc/sysctl.conf.

  I decided to let the tor process have 15,000 of these by putting this in the script that I use for starting the tor process:

  ulimit -n 15000
  

  The last resource that needs tweaking is the NMBCLUSTERS setting in the kernel. I figured 4096 would be a good number for this. It has to be set in the kernel configuration file and the kernel needs to be rebuilt and installed.

  I use commands like

  printf "#connections | open files | mbuf clusters\n"
  printf "%d %d %d\n" \
          `netstat -nf inet | egrep ESTAB | wc -l` \
          `fstat -p $TORPID | wc -l` \
           `netstat -m | awk '/allocated to data/{print $1;}'`
  

  to keep an eye on how these numbers progress and

  ps axuwwl | head -1; ps axuwwwl | egrep bin/tor
  

  to see how much RAM the Tor process is using. I’m sure that you can come up with more elaborate things than this yourself.

  I use these three tools to keep track of how much traffic I’m pushing:

  • vnstat
  • nload
  • mrtg

  Please make sure that you don’t expose your statistics to the rest of the world without adding about six or more hours of delay — it may help attackers finding out things about your traffic that can harm your Tor users. Thanks.

• 2010-03-10

  Curing WLAN dropouts in Ubuntu

  Short story

  $ sudo apt-get install wicd           # replace NetworkManager
  $ sudo wicd-ncurses                   # configure connection
  

  Long story

  Since I was supposed to work tonight, I had to do something else. I decided to fix that stupid WLAN dropouts that I’ve suffered from ever since I installed Ubuntu on this IBM T60.

  The machine is equipped with the Atheros AR5212 chipset and I’m using the ath5k driver with it. I noticed by watching output from watch --interval=1 iwconfig wlan0 that contact with the AP was lost every now and then, where now and then was twice a minute and sometimes more often than that.

  /var/log/daemon.log showed signs of wpa_supplicant and NetworkManager being upset at about the same time as contact with AP was lost. The NetworkManager said things like

  periodic_update(): Roamed from BSSID 00:21:29:EB:A3:30 (<my SSID>) to (none) ((none))
  

  which led me to the thread network-manager roams to (none) ((none)) - background scanning where some people suggested that they were happy after throwing out the NetworkManager replacing it with wicd. So:

  $ sudo apt-get install wicd           # replace NetworkManager
  $ sudo wicd-ncurses                   # configure connection
  

  Did this hours ago now, and I’m still happy.

• 2010-01-31

  Ironfox - Sandboxed firefox wrapper for MacOSX

  Protect yourself against bugs in Firefox by running it in a sandbox. It’s protection without the usual pain.

  Security fetishists at (Romab AB)[http://romab.com/] have spent some time reverse engineering some OSX stuff that Apple refuses to reveal any details on. Good thing!

  Source: romab.com

• 2010-01-29

  Dr. Dobb's | Parallel Algorithm Leads to Crypto Breakthrough | January 28, 2010

  This beast does 280 billion 56-bit DES decryptions per second.

  Source: ddj.com

• 2010-01-24

  In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

  — U.S. enables Chinese hacking of Google - CNN.com

  Source: CNN