Take the following ingredients:
- Software as a service,
- End-users failing to grasp security,
- Brain-drain because of outsourcing,
- Governments confusing control and security.
Let it simmer for about ten years, and you’ve got the future of security.
Recipe for disaster
December 4th, 2007Privacy Concerns
October 24th, 2007In the last few months there have been a lot of news items in the Netherlands concerning privacy. To name a few:
These things are mostly being designed with good intentions in mind, to increase security (”stop terrorists!”), to facilitate healthcare, and to facilitate public transportation respectively. In order to achieve these noble goals a lot of information about people is being recorded in there, and it becomes a lot easier to access this data.
You can argue that information such as this was already always being recorded. However, the information was never in such a form that it was so easy to process. More importantly, the data was never automatically linked to a single identity: currently, you can gather information about how many people pass through a certain station, if you try hard, you can perhaps identify and track several persons. With an electronic OV Chip card you are automatically tracked, and this data is stored and archived for some time.
While hearing news about the above things, I am growing more and more concerned about my electronic privacy. The privacy legislation in the Netherlands seems to be lagging behind the (fast) evolving technology, and also relying on self regulation. On the other hand the government is also (ab)using the new possibilities of gathering private data, for example the legislation for saving traffic data. I am also concerned that the government is not looking hard enough at the security issues involved with projects such as the electronic passport or the patient dossier.
While discussing this with friends and colleagues, I learned that I am not the only one with these kind of concerns. It is unfortunate that only last year Bits of Freedom, a big anti-privacy organisation, shut down. At the moment, I am looking into other ways to voice my concern to the right politicians, both for myself, but hopefully also as a bigger group of concerned citizens. Of course I am also going to dig deeper into the issue, and will post my findings here.
Burgemeesters Referendum
October 14th, 2007A couple of days ago we had a Mayor Referendum in Utrecht. This meant that we, the people, were asked to vote for a new mayor for our city. Well, vote is not the right word, the city counsel would have the ultimate decision, so we were asked to select a mayor. Well, select is not completely the right word, because we could only pick from two preselected candidates. And picking, that was kind of hard too, the two candidates are from the same party (Labour), they look almost the same, and they agreed on the most significant points. This lead to people painting words on the promotional material (taken by eti):
“Lood om oud ijzer”, translates literally to “Trading lead for old iron”, roughly meaning “six or half a dozen”. And when you think about it: the candidates did not even have a poster campaign of their own…
The result of the referendum was kind of predictable, only 9.25% bothered to vote in this charade, and more than 16% of those votes was either blank or invalid.
The most sad thing of this whole situation is that based on this charade, the political parties are now concluding that the people do not care, and that the referendum should be abolished. What a great way to end the national week of democracy.
Python Macport and pydistutils.cfg
August 2nd, 2007I updated my python installation using MacPorts today, and it all seemed to go well. However, running python gave the following error:
Could not find platform dependent libraries <exec_prefix> Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>]
Searching on the web did not really give an answer, but luckily the MacPort Trac could help me, #9831 was opened over a year ago, but still not solved.
The solution is simple, but time consuming. You’ll have to rebuild your python installation (yes, again…):
mv ~/.pydistutils.cfg ~/.pydistutils.cfg.bak port -f install python24
You may have to do a port -f uninstall python24 along the way, but it should speak for itself.
Not so Hot Mail
June 6th, 2007Just last week I was chatting with a friend, and I sent a photo to him using his hotmail address (yes, MSN/Adium filetransfer is horrible). After a couple of minutes he got back to me saying that he still had not received anything. This seemed strange: usually everything that I send using my own mail server arrives instantly. I use it everyday and never had problems with delivery. I blamed it on Hotmail servers being probably very busy filtering and/or delivering all the junk email that they regularly get.
Then a couple of days later the same thing happened with someone else: mail did not get delivered to his Hotmail address. He also had a GMail address, which delivered instantly. So I started investigating what could possibly go wrong, since I did not get any failure emails back. The postfix’ log proved my suspicion, nothing went wrong on this side:
postfix/smtp[36741]: C9D372E03B: to=<***@hotmail.com>, relay=mx3.hotmail.com[65.54.245.72]:25, delay=25, delays=3/0.03/0.57/21, dsn=2.0.0, status=sent (250 <466406F3.6030701@ je-ju.net> Queued mail for delivery)
Then I checked sending to a test account of my own. The message got sent correctly, but nothing apppeared in the inbox, nor in the junkbox. Even adding the domain to the trusted senders did not help one bit.
So I turned to the Hotmail FAQ pages. They have some nice pages specificaly aimed at postmasters. The tips there include checking your own mail server, and implementing SPF/SenderID (with lots of disclaimers that SPF/SenderID itself will not guarantee delivery). There is also a form where you can contact their support.
A word of warning about their support: if you have read the FAQ (like you should) you can just as well ignore their first reply and restate your question again. The first reply you get will be a pure copy & paste of most of the FAQ. The second reply suggested that I implement SPF (with the disclaimer that SPF/SenderID will not guarantee delivery), while I had carefully explained that my DNS provider does not allow that. A more helpful suggestion was to send represenative messages to randomtestacct@hotmail.com, which would help training their spamfilters.
Note that my mailserver is for private use only. My girlfriend and I are the only people who use it, and we rarely send messages to Hotmail accounts, and when we do, this will purely be personal communication. We have never used the mailserver to do any kind of commercial messaging. So there was no reason for me to suspect blocking, nor has there been any kind of warning from Hotmail.
When I checked back a day later, my test messages had mysteriously appeared in my Hotmail inbox, even those sent before I sent a message to that test account.
So everyone with a Hotmail address is hereby warned: emails to you can and will be filtered at will by Hotmail, without anyone knowing about this. You should be very careful about drawing conclusions when you are not receiving emails you are expecting…