mcr at sandelman.ca
Tue, 02 May 2006
Canadian online census violates privacy
On May 16, 2006, Canadians will do their 5-year census. There is an option to fill it out online.
According to:
http://www50.statcan.ca/census2006/settings_1-0_e.htm#
You need to have one of:
Internet Explorer 7.0 Internet Explorer 6.0 Internet Explorer 5.5 Internet Explorer 5.01 Netscape Navigator 7.0 or higher Firefox 1.0.4 Mozilla 1.7.8 Safari 1.2.4 with webkit 125.5.7
This is because:
Notice: You must have a browser with Java virtual machine (JVM) from Sun Microsystems Inc. (Version 1.4.2_3 or higher), Microsoft virtual machine (any version), or Apple JVM (1.4.2_5 or higher) that supports 128-bit encryption.
Now if there is one thing everyone should have learnt --- client side Java is not a way to deal with private information.
If I were doing an online census, I would require the opposite: that you have Java, Javascript and ActiveX disabled when you fill out the forms. While there is no practical or theoretical way to be sure that there are no key-loggers running as a Windows BackOrifice service, at least one can be sure that there are no trivial ones living in the web browser.
I intend to bring this up with the Chief Statistician.
posted at: 22:40 | path: /oss | permanent link to this entry
A big problem for anything that manages many systems is keeping the systems working. A company recently put out something that I think is basically a GPL'ed syslogd for windows. http://www.loglogic.com/logforge/ It looks like hey are thinking about syslog, and mention "TCP syslog".
(A joke... you can't use the same port. syslog is UDP port 514, while TCP port 514 is... rlogin! That was a surprise one day in firewall land, a decade ago)
TCP syslog is not perfect --- the problem is that you want reliability, but you need to not slow the machines down due to network congestion. That calls, really, for SCTP.
For now, I stick to UDP, and use IPsec to keep it private, if available.
I've long pointed the syslogd on my Unix machines to one machine, usually my desktop, and arrange for my desktop to show them on my screen. Okay, when I'm not plugged in at that IP, I don't see suff.
It used to be that you could run xconsole or xterm -C, and you'd get the /dev/console stolen to that pty. This doesn't work as well anymore, but one can now use:
xconsole -file /dev/xconsole -geometry 1000x30+0+1 -font 5x7 -fg green -bg black -name Console
along with the default entries in /etc/syslog.conf:
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.crit;news.err;news.notice;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole
Note that xconsole's geometry is in pixels, vs xterm's which is in characters.
Don't forget to edit /etc/init.d/sysklogd to set
SYSLOGD="-r"
You'd expect to see an /etc/default/syslog file on Debian, but I don't.
The challenge now, is actually to get a better xconsole program-- one with a menu of some kind, and a way to interactively set filters, and have it show me logs with a given pattern, from a given host, etc.
posted at: 13:42 | path: /colo | permanent link to this entry
installing git/cogito on cygwin
go to http://sources.redhat.com/cygwin and install the cygwin system.
It runs a setup program that downloads core pieces that gives you bash, gcc, etc. under Windows. While you won't be compiling the code on your windows desktop/laptop, you may want to browse documents or code.
get and install cygwin (http://www.cygwin.com (http://www.cygwin.com/setup.exe)) when you are asked for the components make shure you install curl, curl-devel, openssl, make, gcc, openssh, cvs, openssl-devel, wget, zlib. Run the cygwin setup program a second time if you missed something.
wget http://kernel.org/pub/software/scm/cogito/cogito-0.17.2.tar.gz wget http://kernel.org/pub/software/scm/git/git-1.3.1.tar.gz zcat git-1.3.1.tar.gz | tar xf - cd git-1.3.1 make make install cd .. zcat cogito-0.17.2.tar.gz | tar xf - cd cogito-0.17.2 make make install ssh-keygen cat .ssh/id_rsa.pub
The key that is displayed should be copied your server.
posted at: 05:13 | path: /howto | permanent link to this entry
