Living in the past

Imagine a future world, complex and technologically advanced, where children are forced to grow up ax previous generations did, with manual labor, poor sanitation, all the privations and risks that the present society was built to improve upon. The idea: that no one grow up without realizing why things are as they are, without entitlement or unearned privilege.

The conflict: this system is mothballed, decommissioned, and for awhile things are ok. But a sense of complacency creeps in, generations grow up feeling like they built their world, rather than accepting it as a legacy from thoughtful predecessors. The society is at risk of collapse when it is discovered that some people, families who were forced out of the mainstream, have been living in The Past, the old proving ground where generations came of age. They are tough, resourceful people who need nothing but may be the deliverers – if they are willing to take it on and if those who marginalized them can swallow their pride and ask.

Mechanica

An alternate future where war is waged by machines, by drones under the control of a sentient controller that monitors the borders and airspace of its host nation. Its neighbor states are similarly automated and any conflict becomes a stalemate, as no nation has an advantage. The controllers communicate amongst themselves to avoid surprises and needless loss of equipment. Even the ground crews are automated/robotic.

No contact between these nations is permitted. The drone forces control all travel and communication.

The conflict: There is resistance to this control. Some people want to visit other nations in the region but cannot. What happens when one side in a contested/patrolled area finds a human on the opposing side? The core principles of the controllers and each drone prohibit harming humans. But this human is using that rule and the fact that it can operate outside the understanding of the systems to upset the balance. It can only be detected visually.

Humans do not show up on sensors, the sounds they make are too irregular to detect, and they have jamming tools that broadcast false information. How do the other nations respond? Field their own human fighters? Remove the ban on harming humans? Can they agree to allow travel? Or are the reasons for banning it forgotten?

Accountability

In the wake of the midterm elections, how long do we wait for the new leadership to fix everything they think Obama has neglected?

The new session will begin in January 2011. I say we give them til April 15 (a date that reminds us that we own a piece of this enterprise). If we don’t like what we see, we start writing letters, emailing, and calling these public servants to find out what the hold-up is. Where are the jobs? Why is the deficit still so high?

They claim to have the answers: let’s find out.

instead of a blackout, why not a blacklist?

[repurposing this from G+]

I just installed a #SOPA blackout plugin for WordPress on the blog that no one but Google reads and it occurred to me, rather than content providers turning their sites black, why not start blocking gov’t netblocks? Congressional offices don’t need the internet, do they? They can use the telephone or a FAX machine, maybe go to the library. Though if I was a librarian and a SOPA sponsor or his staff tried to use the public terminals, I might be inclined to turn them away: you have to know how it works before you can use this, and those people plainly don’t get it.

We know that torrent downloads have been traced to governments everywhere, even our own. Seems to me the best option is a variant of how we deal with email spam: a realtime blacklist. Any organization that attacks free speech should be banned from accessing any website that objects to those attacks. I can see a special 503 error page that makes plain why they can’t be served at this time.

Imagine if email relays refused to send mail from .gov addresses (just the legislative branch), just sent them all back with an error explaining why their mail is undeliverable. Web page loads would fail, display a simple black and white message that “This content cannot be served to you at this time. Users in your domain have engaged in copyright infringement which means your domain is banned. Have a nice day.”

Maybe it’s unworkable, maybe not enough sites would do it, certainly no large ones. But I am tired of this being labelled a technology problem when it’s really a business problem. Someone abuses a technology, be it the internet or a hammer, it’s not the person who made the tool who is at fault but the person using it and in this case, the organization claiming injury.

this is security?

Found out this afternoon that the email gurus at the local institution where I have an account don’t understand or don’t care about security: asked why, after a maintenance outage, I was unable to read email and an insider sent me a new server name I could use but told me that imap is going away as it doesn’t support encryption, sends passwords in the clear.

Really?

[/Users/paul]:: openssl s_client -connect mail:993
CONNECTED(00000003)
[ handshaking omitted ] 
SSL handshake has read 1272 bytes and written 328 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: B448E7A7B703C73C57BC7FA7E8D4E30F8B67DC76E4868C17C16AC2E48B88C642
    Session-ID-ctx: 
    Master-Key: 076960369DEDC2E9A2B8BC70D2FF070277D1E440CB2B5D1B0F5AA3770B48BB115FF61DDDF81E39CA23387186C0510F38
    Key-Arg   : None
    Start Time: 1310532030
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

Hmm, that seems to work.

openssl s_client -connect some.email.host:993
connect: Operation timed out
connect:errno=60

That doesn’t look like they’re listening on that port.

openssl s_client -connect some.email.host:143
CONNECTED(00000003)
49016:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s23_clnt.c:607:

So no SSL on the server.

Huh. If I was going to hazard a guess here, I would say that it’s not that imap is busted or insecure but that someone’s doing it wrong. When I pointed out that imap wasn’t to blame, it turns out that they did try requiring SSL 4 years ago but when it turned out that a lot of the user base didn’t have client software to support it, they turned it off. That’s actually worse: to know that the security of your communications is no better than the worst email client out there, with no standards or requirements, would be a fireable offense in some workplaces.

cutting your own throat?

The idea that the South commemorates/venerates the Civil War is not new but the analysis here — that the decision to focus on manual agriculture, rather than do anything that might add value or elevate the status of slaves or freedmen — was right to the point. It’s understood that the North prevailed due to its industrial base, a key asset to the warfare of the time, but I hadn’t considered that there were decisions made beyond the simplest market analysis.

[From Freakonomics » Why Does the South Still Commemorate the Civil War, But Not the North? Bring Your Questions for Historian Peter Coclanis]

updating dynamic DNS automatically

None of the allegedly automatic methods actually, you know, work. Automatically, that is. So I hacked this together. It grabs the last-known address and the actual dynamic address then compares them. If in sync, it exits: if not, it sends update requests. Not sure what interval to run it on but I guess I’ll just pick one and crank it up or down until I see minimal disruptions in service; ie notes to the logfile that the addresses got out of sync.

#!/usr/local/bin/bash
export THEN=`dnsip mail.thistledew.org` # hostname you're monitoring
#export THEN=`nslookup ${HOME} | tail -1 | awk -F" " '{ print $3 }'` # alternate method w/o djbdns
export NOW=`http://wget -qO- icanhazip.com` # what the internet thinks your address is
if [ ${NOW} != ${THEN} ]; then
    # echo "ping"
    logger "ip addresses out of sync: updating"
    /usr/local/bin/update-afraidns.sh # your various update methods go here 
    /usr/local/bin/dyndns.sh > /dev/null 2>&1
else
    # echo "pong"
    exit 0
fi

Update: at the month mark, this seems to be working. I get notified when it needs to sync addresses (usually at just past 4AM) and it’s not too often. It runs every 5 minutes (not sure when I changed it to that: used to be once per hour but that seemed miss some of the IP address fluctuations). I could use some of the other client software I see (OpenDNS recommends one but I never got on with it) but this seems to work. Just enough to get the job done, not enough to be truly useful anywhere else, except as a model of how not to do it, perhaps.

Update, July 5, 2011: If I had thought this through, I would have tested the DNS servers I use more carefully. Turns out one of the four, between two providers, was constantly flaky.

$ host mail.thistledew.org ns1.afraid.org
mail.thistledew.org has address 174.21.112.113

$ host mail.thistledew.org ns3.afraid.org
mail.thistledew.org has address 174.21.112.113

$ host mail.thistledew.org ns9.zoneedit.com
mail.thistledew.org has address 174.21.112.113

$ host mail.thistledew.org ns15.zoneedit.com
mail.thistledew.org has address 174.21.122.16

Someone got voted off the island.