The Daily Parker

Politics, Weather, Photography, and the Dog

Pick a peck of pickled packets (Shanghai residency day 9)

The Internet experience at Pudong International Airport differs markedly from the experience at our hotel. I've noticed a pattern, whereby unencrypted data, like The Daily Parker, seems to move about an order of magnitude faster than encrypted data, like the HTTPS connection I've got going with my mail server. The interesting part is that both sites are going through the same router back in Chicago. So, either the Web terminal I'm using has a particularly hard time with secure websites, or something is slowing down the mail packets. Hmmm...can't think what that might be...

Compounding my Internet woes, my laptop's hard drive corrupted its boot sector Saturday afternoon. I have no idea how this happened. The Bitlocker recovery key no longer works. I expect tomorrow I'm going to have to install a new hard drive and then install all my software again. This does not make me happy. On the other hand, I have two episodes of Lost to catch up on before Tuesday.

This, anyway, explains why I didn't post anything yesterday, and why the video clip of the world's fastest land vehicle will have to wait until later today. (Because of the International Date Line, even though I have a 13-hour overnight flight, I arrive at O'Hare 30 minutes after I leave Shanghai.)

Two hours until my flight home. Maybe my email will finish downloading by then?

Stupefying

If this story is true, someone needs time in jail to think about civic responsibility:

In a lawsuit filed Tuesday in federal court, [a Pennsylvania] family said the school's assistant principal had confronted their son, told him he had "engaged in improper behavior in [his] home, and cited as evidence a photograph from the webcam embedded in [his] personal laptop issued by the school district."

The suit contends the Lower Merion School District, one of the most prosperous and highest-achieving in the state, had the ability to turn on students' webcams and illegally invade their privacy.

The suit says that in November, assistant principal Lynn Matsko called in sophomore Blake Robbins and told him that he had "engaged in improper behavior in his home," and cited as evidence a photograph from the webcam in his school-issued laptop.

Matsko later told Robbins' father, Michael, that the district "could remotely activate the webcam contained in a student's personal laptop . . . at any time it chose and to view and capture whatever images were in front of the webcam" without the knowledge or approval of the laptop's users, the suit says.

A security professional in New York has investigated the technical claims and found them convincing. He also expanded on the original news story with some circumstantial evidence:

The truly amazing part of this story is what's coming out from comments from the students themselves. Some of the interesting points:

  • Possession of a monitored Macbook was required for classes
  • Possession of an unmonitored personal computer was forbidden and would be confiscated
  • Disabling the camera was impossible
  • Jailbreaking a school laptop in order to secure it or monitor it against intrusion was an offense which merited expulsion

When I spoke at MIT about the wealth of electronic evidence I came across regarding Chinese gymnasts, I used the phrase "compulsory transparency". I never thought I would be using the phrase to describe America, especially so soon, but that appears to be exactly the case.

I can't wait to see how this turns out.

Is your computer backed up?

Software entrepreneur Joel Spolsky says that's a good start, but only part of it:

[L]et’s stop talking about “backups.” Doing a backup is too low a bar. Any experienced system administrator will tell you that they have a great backup plan, the trouble comes when you have to restore.

And that’s when you discover that:

  • The backed-up files were encrypted with a cryptographically-secure key, the only copy of which was on the machine that was lost
  • The server had enormous amounts of configuration information stored in the IIS metabase which wasn’t backed up
  • The backup files were being copied to a FAT partition and were silently being truncated to 2GB
  • Your backups were on an LTO drive which was lost with the data center, and you can’t get another LTO drive for three days
  • And a million other things that can go wrong even when you “have” “backups.”

The minimum bar for a reliable service is not that you have done a backup, but that you have done a restore.

As someone who's got reliable, clockwork backups running, and has had them fail for one of the reasons Spolsky listed (and others that he didn't), I think this is tremendously good advice.

You don't tug on Superman's cape

And you don't let a convicted hacker near the prison computers, either:

Douglas Havard, 27, serving six years for stealing up to £6.5million using forged credit cards over the internet, was approached after governors wanted to create an internal TV station but needed a special computer program written.

He was left unguarded and hacked into the system's hard drive at Ranby Prison, near Retford, Notts. Then he set up a series of passwords so no one else could get into the system.

How could this be worse? Glad you asked:

The blunder emerged a week after the Sunday Mirror revealed how an inmate at the same jail managed to get a key cut that opened every door.

It's scary when the Mirror starts to sound like the Onion...

(Via Bruce Schneier.

Please don't tell the TSA

I can't wait to see what they'll have us do after this:

On the evening of Aug. 28, Prince Mohammed bin Nayef, the Saudi Deputy Interior Minister — and the man in charge of the kingdom’s counterterrorism efforts — was receiving members of the public in connection with the celebration of Ramadan....

One of the highlights of the Friday gathering was supposed to be the prince’s meeting with Abdullah Hassan Taleh al-Asiri, a Saudi man who was a wanted militant from al Qaeda in the Arabian Peninsula (AQAP). Al-Asiri had allegedly renounced terrorism and had requested to meet the prince in order to repent and then be accepted into the kingdom’s amnesty program. Such surrenders are not unprecedented....

But the al-Asiri case ended very differently from the al-Awfi case. Unlike al-Awfi, al-Asiri was not a genuine repentant — he was a human Trojan horse. After al-Asiri entered a small room to speak with Prince Mohammed, he activated a small improvised explosive device (IED) he had been carrying inside his anal cavity. The resulting explosion ripped al-Asiri to shreds but only lightly injured the shocked prince — the target of al-Asiri’s unsuccessful assassination attempt.

(Via Bruce Schneier.)

Securely stupid (London residency day 11)

I learned a valuable lesson yesterday: when you lock your computer to your hotel room desk, and you put the cable-lock key in your pocket, you have to remove the key from your pocket before sending the slacks down to the laundry.

This realization crept up on me over a very quiet 90-second period that started when I looked in my room safe for the key and didn't find it there.

I won't keep you in suspense: housekeeping found and returned the key this morning. This is good, because I had no idea how I was going to fit the desk in the overhead compartment on my flight home.

Seriously loving the G1

Photos and reviews of Ribfest tomorrow morning. Right now, though, I'm all about the novelty of updating TDP from my phone. Also tomorrow, I'll explain why this is a bigger deal than it seems.

How not to hold secret documents

Via Bruce Schneier, a demonstrably incompetent police chief in the UK has resigned after mishandling a secret document:

Police were forced to carry out raids on addresses in the north-west of England in broad daylight yesterday, earlier than planned, after [Bob] Quick, the Metropolitan police's assistant commissioner [and senior-most counter-terrorism official], was photographed carrying sensitive documents as he arrived for a meeting in Downing Street.

A white document marked "secret", which carried details of the operation being planned by MI5 and several police forces, was clearly visible to press photographers equipped with telephoto lenses.

Yesterday, realising the existence of the ­photographs of the ­document – which included the names of several senior officers, sensitive locations and details about the nature of the overseas threat – the government imposed a "D notice" to restrict the media from revealing the contents of the picture.

The Guardian article has a photo of the document, taken as Quick got out of his car.

Police also revealed that Quick's Windows password was "bob1" and that he routinely leaves his keys in his car "so [he'll know] where to find them."