Well a nice long but fun screencast series is all in the can. You can find the first episode of eight over at typicalmacuser.com. I spent a good bit of time doing the recording and thanks to Victor for the editing and post production. By the time the series is over you will know pretty much everything I know about SSH. At least all the juicy functional parts. It is done for the target audience of Mac users so it is all about setting it up and tunneling all sorts of traffic through it to protect yourself when on public wifi hotspots or other risky public networks.
I found a neat little site called Retaggr.com through a good blogger and Mac enthusiast Christine Cavalier over at http://www.purplecar.net/. Christine contributed a good segment on an upcoming episode of Typical Mac User. So I went to check out her blog.
You will see on her and now my page on the right hand side a button for a retaggr.com card. This lets a nice popup business like card come up. Links to all the various social services and my professional associations are consolidated all into that card. Pretty neat.
You can embed it onto your web site like to the right or into html based email as a signature etc.
It is interesting how self referential all these identity sites become. Once I made my retaggr card, I then went and put a link to it at claimID. And of course on the card is a link to my claimID profile. You get the idea.
So I was glancing over at CNN.com today and saw the article:Airline captain, lawyer, child on terror ‘watch list’ on several definitely not terrorist folks on the terror watch list just by their name.
So let me get this straight. Our government security officials are so clever they cannot come up with better control than a simple name is either on the list or it isn’t? How about taking these folks who are OBVIOUSLY not terrorists. Gather some basic but private facts about their identity. Hash the information together. Then when these folks travel the information they provide quickly when a flag is raised is rehashed and if it matches let them go on about their business. If enough basic but not easy to obtain answers are gathered then it should serve as a much speedier check to let the person go on without risking a terrorist simply farms public facts about someone with the same name.
Today I spent a bit playing with Yahoo’s new Fire Eagle location service. It has some pretty decent privacy controls and it is taking off fast as a junction point for location aware applications. If you sign up for Fire Eagle you can get an automatic invite to Bright Kite which has good sms and email mechanisms for updating your location. It also has decent privacy controls. Such as only close friends see your exact location and everyone else gets the city.
So I tied them together and then tied Brightkite to my twitter location. While I was doing this I was surprised to see how many of my twitter followers have their exact longitude and latitude coordinates updating from their iPhone. I would wager a lot of them did not give a real thought to the privacy concerns. Or that it tells a lot of people when you are definitely not home. Worse, imagine your kids with iPhones and twitter. Raises cyber bullying to a whole new level if the bully can go straight to where they really are.
I would recommend disabling location updates and wipe the current location. Or use something like Fire Eagle/Brightkite to mask your location to a city level where it has value to you.
A long time back I had tested the online backup service Mozy. By long time back I mean my version was mozy-0_6_2_6-502.dmg. Today I was trouble shooting an application I am beta testing for someone. I needed console logs. Low and behold the Mozy removal script from that version was so bad it had left something behind. I have TONS of the following events showing in my Console.
8/6/08 9:15:53 PM com.apple.launchd (com.mozy.backup) posix_spawnp(“/Applications/Mozy.app/Contents/Resources/MozyBackup”, …): No such file or directory
8/6/08 9:15:53 PM com.apple.launchd (com.mozy.backup) Exited with exit code: 1
Well a bit of googling and I find that this combination works to finally get rid of that sucker.
sudo launchctl unload /Library/LaunchDaemons/com.mozy.backup.plist
Follow that up with going into the /Library/LaunchDaemons and tossing the file com.mozy.backup.plist into the trash. Now I have nice clean console logs for troubleshooting a real problem. Not something sucking up CPU cycles trying to relaunch every 10 seconds.
I read today about Jonathan Zdziarski finding a link down in the iPhone code for supporting revocation of individual applications. It goes beyond taking an application off the store from distribution. It shuts down applications already deployed onto iPhones. You can read the posting over at Macrumors.com
So why is this a surprise? And I am not particularly concerned. Keep in mind they digitally sign all applications etc. Normally it is part of proper design to check for revocation of certificates in a PKI infrastructure. So this extended it beyond just shutting down every application signed with a particular key to individual applications. Honestly I would rather they have a mechanism for this than not. Just as long as they use it only for true threats. Unfortunately their track record in yanking applications off the store itself without explanation does not bolster the warm fuzzies.
Update Aug 7 2008
I should also point out Microsoft eliminates blacklisted applications using its malware removal tool that comes down through windows updates.
A while back I was messing with tunneling iTunes sharing through SSH. During that experimentation I noticed that there was a dynamic dns name showing up on my system of my dotMac username in this format: username.members.mac.com I found it by looking at Bonjour, aka mDNS traffic. That is kind of scary to think that anyone who knows your @me.com or @mac.com email address or iChat login could find the active IP address you are on just by resolving that name.
I revisited the issue today because I was thinking of the problem with syncing data between iPhone/iPod applications and their desktop mac cousins. Like syncing 1Password from my desktop to my iPod touch. They could theoretically leverage my MobileME user dynamic dns name to sync back to my desktop as long as I opened a custom port on my router.
Interestingly I can no longer resolve username.members.mac.com or username.members.me.com. So I am not sure if they just haven’t fixed that since the MobileME migration. Or did they realize the clear scriptable way someone could target mac users. Toss a dictionary at the front of members.mac.com/members.me.com and fire off an exploit just for Mac users. *shudder*
Well one of my fellow Friends in Tech members, Steve Holden coaxed me into setting up Friend Feed. It lets you consolidate all your major social networking services into one feed for your friends to follow. Mainly I did it just to reserve my name on it for Identity purposes. That in turn led me to update my claimID page and a few other things like my 2idi (iName) link redirections. If you want to see my friendfeed page just click the “My Social” link in the top right. Notice the link is not the actual friendfeed page but my iName XRI formatted url redirector. That way if I decide I want to move from Friendfeed to something else I can just update my iName redirection link and everywhere someone linked to the XRI formatted link they always go to the current service I am using.
It got me to thinking that it would be interesting to see a merged service of ClaimID and Friendfeed. Also it really makes me wish applications like skype, IM clients and email clients like Apple mail.app would recognize iNames. Just think if you wanted to skype a friend and not knowing their real skype name you could just type like =starcher and have it go query their iName provider for the correct name. I bring this up because as I slowly transition the old @starinfosec.com name out of existence to @me.com it would help me hide the old starinfosec name in use on things like skype when telling folks how to find me. I mean how hard would it be for skype to parse =starcher go to my iName provider and look for a defined skype service to tell it my real skype name as I defined it.
Oh well here’s hoping it just starts catching on. I think if enough developers simply added it that it would turn into a slow burning ground fire. Even if most users didn’t know the support was there till the first time a friend tells them to just type my name as =myiName.