The Australian Mandatory Internet Filter

I’m ashamed that in today’s society I have to begin this post with this paragraph but I have to nonetheless. For the record I am absolutely opposed to child pornography, bestiality, sexual violence and rape. I am abhorred that people are involved in the production and distribution of such material and I strongly feel that these people need to be brought to justice. I feel strongly that the government needs to implement measures to catch and prosecute these people and to make such material impossible to produce or distribute. I do however believe that the Mandatory Internet Filter as proposed by Steven Conroy is the wrong way to go about this.

The Internet filter, quite simply put is technically infeasible. The filter will work by directing all requests from Australian users towards a site containing RC content to a filtering device. This device then relays all requests to that site to the actual server, unless a requests is made for a blocked page, which will instead return a page indicating the site is blocked. This is similar to the way the firewall in China and other countries with a national Internet filter. This method is effective in that it is often 100% effective (which means that every page on the blocked list is blocked, with no false positives) when done right. There is a problem however, this method does not scale well. If the government were to block a page on a large site (as was attempted to Wikipedia in the UK) then the filter would not be able to handle the load. Secondly it appears to the administrators of that site that all requests are coming from a few IP adresses. This could cause Wikipedia to eventually block all Australians either because the requests will look similar to a DDOS or because they have no way to distinguish between users and need to prevent abuse. Although the filter may be 100% accurate at blocking web traffic it will not be capable of dealing with many other varieties of Internet data.

The proposed filter will only be capable of filtering standard web traffic from web browsers. The Internet consists of a large number of computers talking in any number of protocols. While web traffic is one of these there are many other ways to exchange information. This filter will not be capable of filtering email, bit torrent, edonkey, gnutella, XMPP, DDC, SSH, VPN, TOR and that is only naming a small portion. Many people caught to have been in possession of child pornography and other illegal content are found to have downloaded it via peer to peer technology. This is because standard web traffic makes it easy to trace and identify the owner, where as peer to peer traffic can be hidden much easier. Secondly web traffic can be ‘tunnelled’ or hidden inside these other protocols and this way completely bypass the filter. This means anyone with sufficient knowledge or five minutes to learn will be able to configure their PC to hide their data amongst an SSH or VPN connection. These technical arguments come from my experience as a systems Administrator, but there are other arguments not so technical.

Steven Conroy has said that the filter will only deal with RC rated content, however there is no transparency about what will be blocked. The government can’t publish a list of sites that are blocked because that will effectively give people looking for this content a list of places to find it. Without knowing what sites are being blocked we won’t know if or when the government decides that they would like to start blocking sites that are debating for or against abortion, euthanasia or any other politically sensitive topic. It may be interesting to know that the definition for RC content includes pages instructing in any crime, which would include euthanasia. A representative for Steven Conroy has specifically stated the filter won’t be filtering pages related to euthanasia but because of this broad definition it could be changed at any time and we wouldn’t know until after the material was blocked.

I am a Unix Systems Administrator, and for the reasons listed above, and more covered better by other bloggers, I am opposed to the filter proposed by Senator Steven Conroy and the Labor government. I urge my readers who are also opposed to the filter to write to your local MP, to Senator Conroy, to Tony Smith (Shadow Minister Minister for Broadband, Communications
and the Digital Economy). If all else fails and the Government does not see sense then use your vote. The filter will not work and will waste taxpayer money that could be used in many better ways.

Random Thought: Will posting instructions about how to bypass the filter be illegal?

April 20th, 2010 | Tags: , , | Category: The Internet | 2 comments

Google G1: Six months on

So six months ago I bought my Google G1, my first impressions were excited and extremely positive. Has this phone stood the test of time though?

Physically

The phone is still in good physical condition, which is more than I could have said about my old XDA Atom Flame after six months. There are a few scratches on the screen, but I bought a screen protector for it so I can simply peel them off. Surprisingly the various crevices on the phone have avoided build ups of dust which commonly plagues my phones. The battery is beginning to fade, and can only last me around 12 hours with my ordinary usage (which is probably considered heavy usage). This makes weekends away from home interesting as I have to avoid using my phone to stretch the battery over 24 hours.

When I first got the phone I expected that the keyboard keys would fade, or that the keyboard snap mechanism would somehow break. I was wrong, the keys are still as visible as when I first got it, and the snap mechanism still works perfectly.

The OS

In the time I’ve had this phone Android has gone from 1.1 to 2.0. Sadly there haven’t been any official new releases of the phone software. There have however been releases of the well known mod for this phone called ‘CyanogenMod’. Currently CyanogenMod is at Android version 1.5 with parts of 2.0 ported across.

Since the first week I had the phone I’ve been using CyanogenMod and have seen the improvements in it take it from strength to strength. Originally it looks almost the exact same as the original OS but now it includes several features that I could not live without. My favorites would be:

  • Tethering to my Linux PC
  • OpenVPN settings
  • 360 degree rotation
  • Improved contacts screen with direct call links
  • Voice Search

The Applications

Like any mobile OS the best part is the applications. This is where an OS either make it or breaks it. While Google have been constantly improving the Android platform old apps have remained around and stayed compatible with the phone. Google has also held two developer competitions during the time I’ve had the phone which has brought loads of new apps and innovation. So as each application is its own entity I’m going to review my favorites separately.

Google Maps

When I got the phone Google Maps was simply a map, with limited search capability and able to give directions. Since then however Google have added Street View, Navigation (US Only sadly), Buzz and much better searching. For something I used once a month I now use it almost daily.

ConnectBot

One of the reasons I went for a phone with a hardware keyboard was to make SSHing into my Linux machines easier. ConnectBot handles this perfectly. I cannot stress enough how useful this application is. Recently it has been improved to include support for SSH agents too which improved things even further.

My Tracks

As someone who enjoys hiking and walking having a GPS logger can be extremely useful. My Tracks basically turns your Android phone into a GPS logger and displays the data for you on a map. It also allows you to export the logs in popular formats or simply upload them to My Maps on Google. It can also graph your elevation, speed and display interesting statistics.

Conclusion

All up I still enjoy this phone, and still use it daily. I am looking at moving to either an N900 or the Google Nexus One next. I haven’t moved because the N900 has been having trouble with the USB connectors breaking off, and the Nexus One is too expensive to import into Australia. I doubt I’ll be moving to another phone any time soon and this phone doesn’t look like it will give out any time in the near future.

Random Thought: What is the cell phone market going to look like five years from now? And where the hell is my wristwatch phone?

March 31st, 2010 | Tags: , , , , | Category: Linux | 2 comments

Fingerprint readers and PC security

How fingerprint readers work

The user sees

You register your fingerprint using the built in reader and it saves it as your password. Next time you go to login you choose your username, swipe your finger and the PC verifies it against the one you scanned last time. If it matches then the computer logs you in.

What actually happens

  1. You open up the fingerprint reader application on your laptop, it adds hooks into the Windows login system (Credential Providers).
  2. You scan in one or more fingers and register them to your account.
  3. The application stores the fingerprints for later use, some will even store them unencrypted.
  4. When the user goes to login next time they select their username and scans a finger.
  5. The fingerprint reader takes the scan and compares it to the previous scan
  6. If the scan matches one of the stored scans then the user is authenticated

Why its not secure

How often do you write down your password? If you do where would you leave it? Now think about your fingerprint. Where would you leave your fingerprint? In general people don’t constantly where gloves and end up leaving fingerprints all over the place, on glasses, door handles, keyboards, touch screens and mobiles. It is a little bit harder to copy a fingerprint but security by obscurity is not an excuse. So it can be argued that a password is more secure (in that its harder to obtain) than a fingerprint.

Most fingerprint authentications allow you to use either your fingerprint, or your password. This effectively doubles the possible attack vectors for trying to get into the system. A malicious attacker can now either use a dictionary attack against your password, a fingerprint based attack against the fingerprint reader, or look for holes in either system.

Why it may actually endanger you

Do you know how the fingerprint reader is storing your fingerprints? Is it storing them as bitmaps, as a collection of swirls and whorls or as a md5 hash or some key identifiable features? If you can’t answer that question with 100% certainty then you should be concerned. If someone managed to hack your machine and retrieve bitmaps of your fingerprints then they could use them to open any other fingerprint locks you have, or implicate you in a crime.

Finally if someone is determined enough to break a law to hack your computer they could simply cut off your fingers to gain access to your PC. Of course if the fingerprint sensor has a warmth sensor they might need to microwave them first. I would hope though that you keep something that sensitive or valuable under all sorts on encryption and armed guards.

Don’t rely on fingerprint readers for added security, that is quite simply not the case. Fingerprint readers are primarily for convenience, and they could put your security and your wellbeing in danger.

Random Thought: What is this obsession with altering perfectly fine machines to remove an component that never bothers anyone? Dyson has the bladeless fan, and recently we’re seeing the spokeless bike. Have you ever looked at a fan and said: “Those blades really make that fan so annoying!”?

February 17th, 2010 | Tags: , | Category: Security | Leave a comment

Writing a Daemon in C

What is a Daemon?

A daemon is a program that runs in the background. A daemon will usually be started at system startup and end at system shutdown. The exceptions to this rule are programs like the Bluetooth SDP daemon, which is activated when a new Bluetooth HCI is found,, and ends when it is removed. Daemons run transparently and do not normally interact with the user directly.

Daemons start as ordinary processes but they eventually ‘fork and die’ to start running in the background. Some daemons do only the ‘fork and die’ step but ignore other important steps. Here is a list of what a daemon should do:

  1. Fork to create a child, and exit the parent process.
  2. Change the umask so that we aren’t relying on the one set in the parent.
  3. Open logs to write to in the case of an error.
  4. Create a new session id and detach from the current session.
  5. Change the working directory to somewhere that won’t get unmounted.
  6. Close STDIN, STDOUT and STDERR.

These steps ensure that our association with the calling environment is destroyed and our daemon is now free to run as a completely separate process.

Lastly before writing the daemon you should make sure the code is written securely and in a way that fails gracefully. If your daemon crashes it will not be able to prompt the user about what action to take. The user may not even notice until it is too late.

Forking a child process

In Unix fork() is the only system call with two return values. When you call fork a child process is created which is a near copy of its parent (some things will be different in the child eg. process id). The fork command then returns a 0 in the child and the childs process id in the parent, on failure a -1 is sent to the parent. Generally a program will then check whether it is the child or parent by these return values (just like in movies when a cloned character will check to see if he has a belly button and hence is the original). Here is a snippet of code to do this:

pid_t pid;

/* Clone ourselves to make a child */
pid = fork(); 

/* If the pid is less than zero,
   something went wrong when forking */
if (pid < 0) {
    exit(EXIT_FAILURE);
}

/* If the pid we got back was greater
   than zero, then the clone was
   successful and we are the parent. */
if (pid > 0) {
    exit(EXIT_SUCCESS);
}

/* If execution reaches this point we are the child */

Changing the umask

Because we are a clone of our parent we’ve inherited its umask. This means the child doesn’t know what permissions files will end up with when it tries to create them. We do this by simply calling umask like this:

/* Set the umask to zero */
umask(0);

Open logs to write to

This part can be done in several different ways. You could open text files, log to a database or use syslog. The method I’m going to demonstrate here is to log using syslog. Syslog sends your log messages to a system wide logger, where they can be configured to be written to a file, send to a network server or filtered away entirely.

/* Open a connection to the syslog server */
openlog(argv[0],LOG_NOWAIT|LOG_PID,LOG_USER); 

/* Sends a message to the syslog daemon */
syslog(LOG_NOTICE, "Successfully started daemon\n"); 

/* this is optional and only needs to be done when your daemon exits */
closelog();

Create a new session id

Each process on a Unix system is a member of a process group (or session). The id of each group is the process id of its owner. When we forked from our parent earlier we will have inherited its process group, and our process group leader will still be its parent process. We want to create our own process group and become our own process leader otherwise we will look like an orphan. We can do this easily as follows:

pid_t sid;

/* Try to create our own process group */
sid = setsid();
if (sid < 0) {
    syslog(LOG_ERR, "Could not create process group\n");
    exit(EXIT_FAILURE);
}

Changing the working directory

At the moment we have the working directory we inherited from our parent. This working directory could be a network mount, a removable drive or somewhere the administrator may want to unmount at some point. To unmount any of these the system will have to kill any processes still using them, which would be unfortunate for our daemon. For this reason we set our working directory to the root directory, which we are sure will always exist and can’t be unmounted.

/* Change the current working directory */
if ((chdir("/")) < 0) {
    syslog(LOG_ERR, "Could not change working directory to /\n");
    exit(EXIT_FAILURE);
}

Closing the standard file descriptors

A daemon doesn’t interact with the user directly it has no use for STDIN, STDOUT and STDERR and we really have no idea where these are connected or where anything we write to them will end up. As these file descriptors are not required and effectively useless we should close them to save some system resources and prevent any related security problems. We close these descriptors like this:

/* Close the standard file descriptors */
close(STDIN_FILENO);
close(STDOUT_FILENO);
close(STDERR_FILENO);

Writing the payload

Now you have a C program that is capable of becoming a daemon, but its a pretty useless daemon if it exits immediately. Payload code is really up to you to design. I’ll offer you a few tips on designing your payload.

  • Put your payload in a loop. Generally in a daemon you want to perform the same action over and over again until you’re killed. If you have to cleanup (such as closing syslog) when the daemon is about to be killed you should add an exit clause that will be activated by a SIGTERM signal handler.
  • Make your code as fast an efficient as possible. This is something you should do with any program, but with daemons it is important that you do not hamper the performance of the rest of the system. This is especially true if you’re going to be running this daemon on desktop systems.
  • Be aware that your code may be preempted very often. As your daemon is going to be running for the amount of time the system is up, it is likely that its execution will be preempted.
  • Be paranoid about security. Daemons are common attack vectors and can be used to gain privileged access to a system. You should consider dropping any privileges that you don’t require.

Conclusion

So if we take all the code I’ve mentioned in this post and put it all together you have a simple daemon. You can download the source from the link here: daemon.c.
If your daemon is only going to be run on Linux and not on a System V style system such as Solaris you can use the daemon function to do a lot of this work for you.

References

Linux Daemon Writing HOWTO in C
Linux Daemon writing in C++

Random Thought: It appears the devil uses a Unix based OS, probably OSX.

January 1st, 2010 | Tags: , , , , | Category: C/C++ | Leave a comment

Crazy Melbourne Weather

We just had a huge thunderstorm pass over Melbourne. For anyone watching from home it meant a temperature drop of 7 degrees in about 30 seconds! Here are the logs from my weather station:

mysql> SELECT time, temp, humidity FROM sensor_outside
       WHERE time > '2009-11-26 14:39'
         AND time < '2009-11-26 14:53';

+---------------------+------+----------+
| time                | temp | humidity |
+---------------------+------+----------+
| 2009-11-26 14:39:02 |   30 |       40 |
| 2009-11-26 14:39:39 | 29.6 |       40 |
| 2009-11-26 14:40:16 | 28.9 |       40 |
| 2009-11-26 14:40:53 | 28.4 |       41 |
| 2009-11-26 14:41:30 | 27.9 |       45 |
| 2009-11-26 14:50:08 |   20 |       83 |
| 2009-11-26 14:50:45 |   20 |       84 |
| 2009-11-26 14:51:22 | 19.9 |       85 |
| 2009-11-26 14:51:59 | 19.8 |       85 |
| 2009-11-26 14:52:36 | 19.7 |       86 |
+---------------------+------+----------+
10 rows in set (0.00 sec)

Random Thought: We now return you to your regular programming.

November 26th, 2009 | Tags: , , | Category: Uncategorized | One comment
« Newer Entries  
  Older Entries »