Crimes commited using public computers

Earlier today the Swedish newspaper Svenska Dagbladet, SvD for short. Published an article about cyber crimes being committed using public computers at libraries and internet cafes. The police, of course, are not happy about this, most libraries in Sweden don't have user accounts but simply lend their computers to anyone. There are how ever good examples of libraries that enforce user accounts. Most crimes commited are related to personal affairs, such as slander, insults and threats. It seems that our youth has understood the importance of covering your tracks. This I consider to be a good thing, because when they grow up they will not offer access to anybody without ensuring that they will be able to trace him or her later on. In a best case scenario this will lead to all libraries having user accounts, and in a worst case scenario the libraries ending up logging everything, which is unnecessary and will only invade on the users privacy. All the necessary logs are kept (or at least should be kept) by the accessed host.

But what about all other points of access? Cafes? WiFi? Schools? Especially in the WiFi case I doubt that the police will have much to go on. We could of course charge the owner, but if a Swedish court rules in favor of full responsibility for your internet connection people will get afraid and WiFi sales plummet. Since this is not clear from a juridical point of view, this is the very reason that I will not use WiFi at home. I simply don't want anyone breaching security and possibly leaving me responsible with what ever crime they want to commit.

I am looking forward to seeing how our courts will handle this and how our laws will change.

Article number one in SvD (In Swedish)
Article number two in SvD, a response from the public library of Stockholm (In Swedish)

Passwords

E24 has published an article about common passwords, in Swedish of course and in my opinion it's not really worth reading. It contains barely no substance and no analysis at all. Passwords that are simple to crack is nothing new and it's a fact that most users don't even bother thinking twice before selecting "carla" as a password. After all, how can the attacker know that I fancy that girl? If you have read a bit about password security however you realize that an attacker won't make any guesses but will fire an arsenal of dictionary words. Against this, poor carla won't stand a chance.

Administrators such as myself try to force the users to use decent passwords, such as enforcing policies of mixed case, alphanumerical mixing and so on. Does this work? Not really, users usually just make a quick workaround and we are back at square one. Some good reading on the subject is Schneiers analysis of the cracked MySpace passwords.

For more critical services such as SSH the best option is likely to be to abandon passwords altogether, they do more harm than good. A good alternative are cryptographic keys, they will allow you easy and secure access. At the cost of slightly more trouble when setting them up. I guess that rules them out as an option for everyday users at MySpace though...

Ports maintainer

Some time ago cjg and I decided to try porting some software. Since we both code some Python now and had some interest in coding audio we took upon ourselves to port two modules for Python that involved audio. cjg was done within an hour, I was not. He is a far better FreeBSD user than me (and coder for that matter) and after a few hours of sweat and blood I managed to succeed in my porting aswell. This of course took a lot of help from cjg, so I claim that he deserves atleast >= 50% of the credits for "my" port aswell. Of course, I forgot to blog about it but porting software can be a lot of fun and is great training for ones patience. Perhaps this is one step closer to becoming more involved in my O/S, who knows. Atleast I hope so.

Link to "my" port.

"Good" commercials

Yesterday I discovered a poster in the subway that made me smile. They are rather nasty towards new age, belief and psycho dynamic therapy but what the hell. I don't mind giving any of those fields a kick in the but now and then. They all claim to help people but are unable to prove it unlike other means that are scientifically proven to be both effective and harmless. Since they are Swedish I will supply a translation. Alvedon is a brand of painkillers made by AstraZeneca.

"Heahache? Try a pair of healing hands.
Or trust in Alvedon"

"Headache? Try self hypnosis, stare at the sign for ten minutes. Or trust in Alvedon"

"Headache? Call Saira Solskensöga, 08-50 52 22 05.
Or trust in Alvedon"

Translators note: Solskensöga is literally "Sunshine eye" and is refering to a "typical" name of a fortune teller.

More computer woes and spring

Two days ago my workstation died, I won't even get a signal upon boot. If only I had the time to look into it, but exams and all. I simply have to use my laptop for now.

I am planning on starting my own company, in order to make it easier for my clients (currently only one) to pay me for the work I do for them. Now, I only need a good name. I will also get paid for some work and I do think that I will get through the summer, work is scarce when you lack business contacts and don't like doing web pages.

It's spring in Sweden and when walking across campus I have noted that we have some lovely trees blooming. I promised myself to take photos a week ago and now I finally took myself a 30 minute break and did it. I like the outcome, the flowers sure are pretty.

The tree is right outside my dormitory (on campus) and the weather was just right. Clear blue sky and a warming sun.

HDD issues

During the last three weeks I have had several HDD;s failing. What it might be that makes HDD;s cause DMA errors, I do not know. R/W on specific sectors on one of my workstation disks caused a core dump. The same thing happened to my old reliable Pentium 3 last Wednesday. I have lost some minor data, but recovering it is tedious. And now a pretty old 8.1Gb drive in another computer has begun to cause DMA errors. Nothing serious yet but taking last weeks errors into account I am worried. I am running dangerously low on HDD;s and I have promised to set up a CVS server for a bunch of students. *sigh* I might have to purchase a new one, less food, more hardware.

And this is what happens to HDD;s that don't behave...

Highpoint RocketRaid 2210 under FreeBSD 6.2-RELEASE

Today I have fiddled with raid, it has been a pleasant ride. Highpoint has supplied good documentation and most problems has been related to my old hardware. When you get hardware for free, there is bound to be trouble. Only one minor flaw from Highpoint's side, you have to change the configuration file for the raid management tools in order for it to even detect the raid controller. This is mentioned once in the FreeBSD specific installation guide for the driver but not in the CLI-tool guide. The configuration file should look like this.

/etc/hptcfg
rr2210
hptmv.status

rr2210 should be replaced with your driver name. I named my driver rr2210.ko as you can see. After doing this, simply start or restart the daemon using.

/usr/local/etc/rc.d/hptdaemon.sh

And you should now detect your controller.

One last thing, why did Highpoint comment out

echo "The daemon is running. Please stop it first."

In the rc-script? I enabled it again anyhow, things like that can lead to headaches just being given exit 1.

Now, back to using that lovely raid card.

A wonderful "Swedish" thing?

I was in town today and bought some things. One of the things I bought was this.

Now, ask yourself. What is it?

The answer is hidden here: It's a multi-purpose pump from France! And YES, I did think twice before purchasing it. cjg pointed out that the designer must have had previous work experience elsewhere, I have no idea what he is implying.