Really, now is the day 3 I am just considering this day 2 for I had to do a lot of things again due to my dumbness. Let me explain: I had a desktop environment in place (with fluxbox), wired network, and most of my daily softwares (Iceweasel, X-Chat, Pidgin, GkRellM), then I decided to test the Suspend-to-Disk At first, it seemed to work well: I made a swap file for uswsusp, just as documented what is not documented is that this file must be outside the encrypted partition! So, when I turned it on again, an error telling me about some corruption in the opened luks partition. I though OK, something gone mad, just a matter of running an e2fsck . So I booted with the netinst pendrive, opened the luks partition and ran it with -y. Everything seemed to be corrupted!!! It spend almost 5 minutes fixing bogus inodes and stuff before I decided to interrupt the process this fixed filesystem would never work anyway. So I began from scratch All over again. When I got into a working base-system, some other thought stroke me: what if Brenda were to use rohan (have I mentioned the name is rohan? I name all my machines after places in Middle-earth)? So, a minimal user-friendly desktop is needed After some research, I decided to go for LXDE. This is a minimalist desktop with OpenBox as the window-manager. I ve been using FluxBox for a long time now, so running another BlackBox-based would not be such a problem. LXDE is quite good. So far, everything I expected is working fine . Then I decided it s time to move on to configure the Wi-Fi stuff. I installed the RT2860 modules from Debian/EEEPC Repository and added rt2860sta to /etc/modules. At first I was worried that some reports of it not working with WEP showed up in a Google Search But nothing could be smoother! I installed wicd and it detected our WEP AP like a charm (and a bunch of other APs nearby)... after entering our key it just connected fine and I ve been using it since no glitches so far. I would like to play a little more, but I called the day since I got a lot of work going on Next item planned is the webcam

Following my previous post, today I began to turn my brand new Asus EEE PC 901 into a Debian Machine. At first I wanted to do all in one day, but since work is taking too much out of me (and everything seems to take more time than expected), I ll have to split this in different days So, first things first. I read Debian Wiki on the issue and began by doing the most important: backing it up. So I got a daily netinst iso, put it on a USB Pendrive and followed the tip on backup over the network using netcat. Easy and effective, and took only 8 minutes on the 901 (I think the 35 minutes described on the wiki were for models with slower NICs). From there, I had to decide which version of the installer I d use. I chose Standard, since I want an encrypted disk on my EEE. So I run the installer and, on the partition manager, I deleted /dev/sda1 (where Xandros was installed), turning it into a 300 MB /dev/sda5 (to use as /boot) and a 3 GB /dev/sda6 building a Logical Volume over an LVM Volume Group with it and /dev/sdb1 (where the user directory was), and enciphering it. This took a long time, since, I believe, random data were being written to the device to increase crypto strength. I left /dev/sda 2,3,4 as they were, since they can belong to the Asus EEE Recovering System (and they don t take too much space :-) ) Now base system is installed, and wired network works like a charm Next steps will have to wait until tomorrow.

I got an Asus EEE PC 901 Linux. Unfortunately it arrived just now, at the end of the day. I ll document the process of turning it into a Debian machine as I go, beginning tomorrow. So, stay tuned!

I just read on Slashdot a pointer to an article about GitTorrent and it made me wonder about these meta-distributed systems. Although I don t share the article s author enthusiasm, it s a really good idea. Anyways, browsing that article, I ended up on another one about Debtorrent. This I ve already read about and decided to keep an eye on for some time now It happens that one line on that article called my attention (and I quote):

At the last major upgrade of Debian/Stable, all the routers at the major International fibreoptic backbone sites across the world redlined for a week. (emphasis added)

Well that was a surprise. Of course I know of the size and importance of Debian, but I thought our systems were more efficient (or that our release-generated-traffic were not of that magnitude). I began googling for a pointer on that Anything: a quote, an URL, a list message anything that could make that claim verifiable: Guess what: I found none! Meanwhile, on Slashdot, other people started following the same subject... So, is it true? Does anyone have any pointers to that? It seems quite unlikely to me But hey! That s just me: maybe the Internet is not that big :-)

Some of you might be wondering where I ve gone (my last post was on 2008-11-18), but I have a short explanation for that: I got married! Yes It was on November 22nd, in a non-religious ceremony among the majority of my close friends and family. Brenda and I are together for more than 6 years already, so it was about time! After the party we went on honey moon to Bariloche (Argentina), undoubtfully one of the most beautiful parts of the planet, for one week. We were back just Monday and back to real life just now. Pictures of the party and the trip will follow

Bash is probably the most common command-line shell in the GNU/Linux world. Although a lot of people use alternate shells (such as Zsh), Bash is still shipped with most mainstream distros as the default. Once you have a lot of different remote machines, all running Bash as the shell, it becomes increasingly difficult to pay attention to the prompt, and typing reboot in a machine different from the one you wanted becomes more likely. I deal with that problem by changing Bash prompts First of all, the basics: Bash prompts are just environment variables with special characters you can set and export. Bash has four of these variables: PS1 to PS4, but usually only the first two matters (actually, just PS1 for a reference on the others, check the manpage). The most common PS1 string is:

spectra@home:~$ echo $PS1
\u@\h:\w\$
spectra@home:~$

This has 4 special characters, escaped with a backslash: \u informing us the username; \h informing us the hostname; \w, informing us the working directory; and \$, which gives us the $ in the end of the prompt (more on this later). So, essentially, one can change that string to anything else

spectra@home:~$ PS1="my_shell_prompt\$ " 
my_shell_prompt$

Pretty easy. You can check a complete reference of the special characters at the section PROMPTING of bash manpage, but the most useful IMHO are the following:

• \d the date
• \t the time (24-hour format)
• \W the basename of the current working directory
• \! the history number of this command
• \# the command number of this command
• \$ shows # if the UID is 0 (is we are root), or $ for all the rest

Also, as part of the prompt string, one can use ANSI Colors enclosed as non-printing characters (that is between \[ and \]). ANSI sequences always begin with an ESC[ and end with an m . (Yes Really arbitrary but that s the way it is ). ESC can be represented as \e Here is a list of the most common colors in ANSI sequences:

• Black: 0;30
• Red: 0;31
• Green: 0;32
• Brown: 0;33
• Blue: 0;34
• Purple: 0;35
• Cyan: 0;36
• Light Gray: 0;37

Now, notice that there are two numbers separated by a semi-colon the first is always 0 (zero) in the colors I pointed above, but it actually refers to an ANSI attribute called Select Graphic Rendition You can use 0 (zero) to normal colors, 1 for bold, 2 to faint, etc. So \e[0;30m refers to BLACK, \e[1;30m refers to DARK GREY. The Wikipedia has a good article on these escape sequences. Once you re satisfied with something printed in a color, to go back to the default (to reset), you issue the \e[0m escape sequence. So, back to my problem Each different machine gets a different color for the hostname. On hospital machine, for instance, my PS1 looks like:

spectra@hospital:~$ PS1="\[\e[1;33m\]\u\[\e[0m\]@\[\e[0;35m\]\h\[\e[0m\]:\[\e[0;32m\]\w\[\e[0m\]\$ " 
spectra@hospital:~$

With \e[0;35m (Purple) for the hostname. On home machine, it may be \e[0;34m (Blue)... On server , it may be \e[0;36m (Cyan), and so on After a while, you get used to the color and end up linking the color to the machine so that typing reboot on a machine with the wrong color gets harder than before. To make the changes permanent, put export PS1 in one of the config script of bash (.bashrc, .bash_profile, etc). On some systems, /etc/environment holds lots of environment variables definitions. I just scratched the surface That s just what works for me The Bash-Prompt-HOWTO has some interesting examples, and I actually have a friend who uses more esoterical stuff, such as fancybash or bashish, but I ll leave this up to you

DISCLAIMER: Paranoid rant ahead. You ve been warned. Every two years, around this time of the year, I feel concerned: it s voting time in Brazil. For quite some time now, Brazil has had electronic voting, but that doesn t make me more confortable with it. Yes, having the results within the same day is an enormous advantage, but I am not sure about the security of the whole process. You can call me paranoid (and surely I am a bit), but there are some things that give me the creeps about it. For a start, let s look at the operational process. The voting machines are certified and sealed by Electoral Justice officers the week before the voting. They are opened in the electoral section by those officers in the presence of common citizens. Those citizens are called to work in the Electoral process usually for four or five elections in a row, being replaced after that by newcomers . The voting machines are not connected to any network. During the day, voters come with the voting document (voting is mandatory in Brazil), one of those citizens enable the voting machine by typing the document unique number in it, the voter give his vote and go home. Then the voting machine is unable to receive votes if not enabled by entering another document number, and it goes on and on the whole day long (pretty boring work ). At the end of the day, the president of the section (usually the most experienced of those citizens) close the voting machine, prints a tally sheet , hand a colored 3 -inch floppy disk to the Electoral Justice officer with the votes and go home. Other officers will pick up the voting machines later on. The first officer then goes to the voting processing central of the Electoral Justice and within hours we will know the result of the election. As you can see, there are lots of points of failure in the whole process! All this sealing of voting machines are just a matter of trust. First point: there s no way we can know for sure if the machine does what it s suppose to do. Even if officers say that they randomly choose machines to be tested, there s no way to know how random is that. There s a report [pt-BR] made by a prestigious university (English summary here), stating that 1/3 of the voting machines in a particular studied state had corrupted log-files (among other important security problems!). This study also showed differences in the countings (sometimes as large as 20-thousand votes!)... Hey! This is supposed to be a deterministic system: if nothing in the conditions changed, counts should always match! Until recently, closed-source software were used in the voting machines, but that has changed recently. I doubt that it makes any difference, since we ll never really know what is actually running in the machine. Surely, Electoral Justice officers know (or should know), so we d have to trust them So second point: we don t know how the voting is processed within the machine. (Also, we don t know for sure the machine doesn t have a network connection. It may have a wireless connection we don t know about and can be passing all the votes to someone else, or even receiving instructions But since that can be spotted with a scanner, I ll trust other paranoids have already done that.) Surely the machine must be enabled before every vote with the voters document number. If it were not, how could we know that no one voted twice, or that a non-voter have voted? But we don t know how the machine records that! Third point: we cannot know if the voting machine database doesn t link the voter to the vote. That is a nasty one it opens up the possibility of voting by intimidation . Also, the tally sheet that is printed at the end of the day only brings the total of votes, the total of absent-voters, and the votes each candidate (or party) have received. So, on to the fourth point: there s no way of knowing for sure that your vote was counted right (or was counted at all!). At least a copy of this tally sheet is glued at the entrance of the voting section, so an independent audit only on the numbers is do-able (although hard to do!). What happens to the colored disk between the voting section and the voting processing central is not known. It goes with the officer and what he does with it is just a matter of trust. Now for the most insteresting point: the security is based on the color of the disk!. The Electoral Justice checks if the officer handed the right colored disk and puts the data in the system. Surely (?) they might have some way to check data integrity other than that On the same issue, maybe even worse: even if the disk is not tampered, but just read (or copied) by the officer before being handed, and if the database links the voter to the vote, this information is valuable, and may be sold. Finally, since we don t know (and have no way to know for sure) what the machine does, we don t know if the machine keeps a copy of the voting database in it. So when it is taken back by other officers, we cannot know whether the same thing that may happen to the disk also could happen with the machine. I am missing a lot of things about the whole Brazilian E-Voting process, and also I surely have missed other points of failure. I heard of fraud in the past, with paper ballots, and those were pretty nasty frauds. But this whole tale of impossible fraud in e-voting is nothing but a tale (as fraud is more than possible!). I think we have to begin investigating other systems, surely with cryptography involved. A system like Debian s, far from perfect (we all have to trust secretary s word on the secrecy of the voting system key), is much better, for instance. I understand that it s not simple enough for non-geeks, but there might be a way! It doesn t need to be a whole new system! I would be happy if, as an example, the tally sheet printed a hash of my vote that I could verify later on or if the security of the disk is not just color-based or if the tally sheets had a way of being validated and be available on-line for auditing (and not just glued at the entrance of every voting section). Look! I am not distrusting any officer a priori... I think the message is auditing should be made easy... then I could trust a version of Linus s Law adapted to E-Voting: Given enough eyeballs, all frauds can be discovered .

I ve been silent in this blog last few days, but that has an explanation: I ve been trying to make JRuby 1.1.4 work with one of my scripts. The problem is that after having done all the tweaks I can imagine, I still can t get enough performance with Ruby 1.8.7 (latest etch-backports). Our client will not allow Ruby 1.9 in the server (what is really a pity, for the performance boost I had with Ruby 1.9 is awesome!), but it already have Java6 So the only option I have left is trying JRuby beast. Since our script deals with system stuff, it uses syslog a lot, and that is where the main problem seems to be. Syslog support is new in JRuby, has had some implementation problems, and sure are not something to rely on right now so I dropped it from the script, and it run! Twice as fast (not as good as Ruby 1.9, though)! There are some other problems with this script and JRuby, more important ones being (1) at_exit doesn t work; and (2) errors are not easy to backtrace (when JRuby fails it seems to mess up with the backtrace stack), but not preventing it to work So with the increased performance of JRuby, and after fixing those minor glitches, I was still left with the syslog problem Until I investigate some final solution (I think I ll have to use some Java native syslog library given such a thing exist), I ve split the script in performance-boost needing and syslog-needing parts; the first is using JRuby, and the second, Ruby 1.8.7 They communicate using sockets (I know ugly I would like to use DRuby, but I would not introduce another point of failure in an already messy situation) and the overall performance was brought to a satisfactory level. So far, it s been interesting to study the issue Mainly because I haven t used JRuby since it s early versions, and it has improved a lot. But also because I read a lot about the future of Ruby (bytecode compilation, YARV and so on), and it made me even happier with my primary-do-it-all programming language. Now I ll try to compile java bytecode generated by JRuby into a native binary with GCJ :-D. Let s see if that is do-able Updated 2008-09-24 18:03:00: As you can see in the comments, syslog actually works. I figured this out this morning, but JRuby Subversion already had a patch. Anyway, I submitted another bug I found.

People frequently ask me what I am doing typing on my Palm right before logging in one of my remote systems. The answer is quite simple: generating my next password . People always seem puzzled by that answer Maybe I am just too old to have had only telnet sessions available to remote connections (that was the time before SSH took over)... or maybe I am just too paranoid regarding the access to my systems Anyway, I like One Time Passwords, and here is an article I can refer to when I get asked again ;-) One Time Passwords are just that: passwords that are good for one time use. They never repeat and once used you can throw it away securely. They were quite common when the authentication was done in clear text (so that any man-in-the-middle could steal your passwords), back in the r-tools age (rcp, rsh, rlogin, rexec, etc). After the SSH-related tools took over, providing easy tunneling and remote access, MITM attacks were of much concern, so OTPs became less relevant. What a shame, for they even have a couple of standards for those! But there s still room for OTPs Question: Is it easier to deploy a MITM attack or a keylogger? That s right We are always connecting to our remote systems in public terminals (well at least I am right now typing from the hospital computer), and a keylogger is so easily installed in one of those terminals, even remotely, that no one would ever get close to deploy a refined MITM attack just to steal someone s password. One would just install a keylogger! All the security SSH provides would just be gone by then. That s why I use SSH to connect to my remote machines, but use OTPs to authenticate myself. It s so easy to deploy it. In Debian you ll find packages opie-server and libpam-opie and those are the only things you ll need on the server side (besides SSH, obviously). OPIE means One-time Passwords In Everything , and combined with PAM, one can really use it everywhere. After installing it, you ll have to generate the password file for your account:

spectra@home:~$ opiepasswd -c
Adding spectra:
Only use this method from the console; NEVER from remote. If you are using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter new secret pass phrase:
Again new secret pass phrase:
ID spectra OTP key is 499 ho6484
HAVE COOK LOLA AIRY NEIL ROAM

The pass phrase will be used to generate the passwords in a step before your login. Please, try not to forget it (specially if you re following this article and playing with some remote system at the same time). Now you can edit /etc/pam.d/ssh file (or its equivalent in non-Debian systems) to require that kind of authentication. Mine just looks like this:

# /etc/pam.d/ssh
auth       required     pam_env.so
auth       required     pam_env.so envfile=/etc/default/locale
auth       required     pam_opie.so

First two lines are unrelated and just load the environment variables. Last line is where the fun is. Please, note two things: (1) I removed references to pam_unix.so, which is what would ask for my real password, that I want to disable (no login is allowed with that password). And (2), I declared it as required, meaning that failing it will keep one out of the system. We are not ready yet! SSH will work by now, but will not present you the OTP challenge. Probably you could still login, but you d have to remember which is the current password (Trust me, you would not!). To get the challenge you ll need to enable it in /etc/ssh/sshd_config change the following line:

ChallengeResponseAuthentication yes

That s it. Now to login to your remote machine, that s what will usually happen:

spectra@hospital:~$ ssh home
otp-md5 498 ho6484 ext, Response:
spectra@home:~$

Voil ! It asks for password #498. By default, it starts with 500 passwords and goes down from that. Password #498 were asked, so the next will be #497. After that, #498 is not useable anymore, and #496 is not useable yet. You can generate a list of those passwords (let s say 10), print it and keep it in your pocket. This is the command you d use for that:

spectra@home:~$ opiekey -n 10 498 ho6484
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Sorry, but you don't seem to be on the console or a secure terminal.
Warning: Continuing could disclose your secret pass phrase to an attacker!
Enter secret pass phrase:
489: CALM INTO WEEK APS LOON VIE
490: HASH GYM RAID GOSH HOYT DUAL
491: BELL GIN RIFT HELM GUY BUNK
492: HEBE OBOE SUP LEG LULU LANG
493: HOYT JOT ASK JOG GIBE BETH
494: NASH MOOT HIND YEAH  YAP CARL
495: MATE OF BARD LAVA LEAK AHOY
496: TAB BAG KEY GILT AVID VEAL
497: MOLE FORM NIB LEER ROSS HAVE
498: SING WERE OVEN SOD VEIN NIBS

That is not so secure, since you can loose the paper and be doomed Luckily there are lots of small softwares that does this generation for you. Some you can use from your Palm or from some J2ME-enabled phone (such as N95). Some your can use from another (trusted) computer. Some are even online, written in javascript! There are at least one other side-benefit of using OPIE as above: You can give away your user password (even root password OK, probably not a Good Thing^TM), that the system would still be secure, since it only allows SSH authentications via OPIE! If the session is started with a username whose opiepasswd was not activated (first step scroll back to the beginning of the article), SSH will greet you with a bogus challenge only opie-activated users will be allowed to login with the above configuration. Easy enough, isn t it? Now, next time you see me typing on my Palm before opening an SSH connection you ll know what I am doing ;-)

I am still laughing of IdolHands comparison between Obama and McCain. Watching how people can make tech-fun out of absolutely anything is amazing Maybe I can put a similar comparison of Porto Alegre mayor election in the pt-BR section

I told you I was re-reading Paul Graham s Hackers and Painters essay in order to update one of my lectures. I feel I like Ruby for I too have the same coding style as Paul s:

I found that I liked to program sitting in front of a computer, not a piece of paper. Worse still, instead of patiently writing out a complete program and assuring myself it was correct, I tended to just spew out code that was hopelessly broken, and gradually beat it into shape. Debugging, I was taught, was a kind of final pass where you caught typos and oversights. The way I worked, it seemed like programming consisted of debugging.

Ruby sort of frees me of figuring out everything beforehand. Of course, Ruby is not the only language with that in it It s just the one I like the most Anyway This is not a language-versus-language rant Rather this is about another article I just read by Carol S. Dweck The article focus on teaching kids that challenges can be taken as opportunities to improve. Failure at a challenge, in this sense, has less to do with intelligence than with effort. And I just mentioned Paul s essay because I think what Carol is really talking about is that hacking can be taught ... or rather that we should teach kids to be hackers. Here I mean hacker in the broad sense of the word, as in Paul s essay, or in the Jargon File.

7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

Maybe if knowledge researchers, teachers and psychologists embrace and extend what we already understand as hacking, and begin applying it at schools, we can all improve as a society. Who knows Hacker-society might very well be our future society! ;-) What do you think about it?

I first read about Y Combinator while browsing Paul Graham s website. I am a huge fan of his and have tried many times to bring him to Brazil for FISL (unsuccessfully so far). By that time I was updating a lecture of mine where I quote something from his Hackers and Painters essay and sudenly I noted an YC link on the left, and decided to click to learn what was that. Y Combinator is a venture capital firm to help start-ups. It was built on the concept that not much money is needed for first-stage start-ups ( from idea to company , as they call it). Quite a concept! I lost track of it until yesterday, when I read this blog post summarizing one of its events for start-ups. I found it amazing how far it came in such little time. They ve already funded about 100 start-ups, some of them really interesting. Of those presented in that post, Posterous is one I found most interesting. They create instant blogs just by sending emails to some address. There s no sign-up procedure Just send the email with any attachments and voil . There you have: a new blog. Many others are really interesting (PollEveryWhere, IDidWork, Frogmetrics, just to name a few), so I really suggest reading that post. I think Y Combinator is another great idea from Paul Graham, and I will be following it more closely, as a way to keep myself updated Who knows maybe I can get them to come to FISL to present that! ;-)

It s certainly funny to read articles about the future, but it s even funnier to read past articles about now. I ve just found an article written in 1968 about how thing would be 40 years in the future (or today). Of all the foreseen things, I would really like to see domed cities. Although I don t think any real goal would be achieved by it, surely it s quite a sight. Also more free time for leisure wouldn t hurt

Although far from winning the war against Azeredo s bill, we finally won a battle. Chamber-of-Deputies IT Committee approved the request [pt-BR] for a public hearing [pt-BR]. Although a small step forward, all people involved with entities and NGOs interested in blocking this bill will have a chance to speak their minds. This comes in a very special timing. A pool was published early this week [pt-BR] run by Vox Populi revealing that more than a half of the Brazilian voters distrust e-voting and about 20% think it s possible to spy on their choices. This is a election year in Brazil, and all this setting can end up helping our case. More than 106-thousand already signed the petition and I think with all those signatures adding to this setting this is going to be a very interesting hearing. At least people supporting this bill will have to stand up and say they are for it And who knows what damage this can cause to them in a election year. Some public hearings are broadcast through Internet. I ll let you know if this one will be.

Of course, trying to block the Brazilian Internet Surveillance Bill is something we are really focused on doing. But as more people with political skills join us on convincing the Deputies this bill is just plain wrong, the rest of us, geek guys, are investigating Tor deployment. I d have to study the bill deeper than I have already, and probably ask some lawyer about it, but I think that the bill effectively makes unlawful to deploy Tor in Brazil as an end router. Via article 22 of the bill, providing an end-point Tor router can be considered providing access to a worldwide computer network , thus would require to keep three years of logs, what would render pointless having a Tor router in the first place. What can save an end-point Tor router is the wording of this very article. It states that just commercial or public sector providers are entangled by it. What if I make a free (as in free beer) end-point Tor router available? It is not public sector , since it s not tied to the government It s not commercial, since I am not selling access to it. But then, someone can argue that it s commercial activity with zero-price Brazilian law is just so confuse Anyway if we can get it straight with the lawyers, I think we ll watch a proliferation of end-point Tor routers in Brazil. This would assure that, even if this bill passes, it will not be easy for the government to peek on the citizens traffic. Geeks always having to fix what politicians break so easily

For those of you wondering how is the battle against the Brazilian Internet Surveillance Bill, I have to report we already got more than 100-thousand people to sign the petition. You can check the current count in the image on the right. I am updating it every 15 minutes, so you can even use its URL in another place (as are some people doing already). The bill will be voted by the Chamber-of-Deputies any time now We heard it would be on yesterday, but apparently it was not even enlisted for this week. This doesn t mean much, since the Deputies can hold an out-of-list voting we ll be watching. Meanwhile, I read an article by S rgio Amadeu that summarizes some of our feeling about that bill. Are we in the Western World (allegedly freedom lovers) turning into control-freaks? A whole lot of people I know are not even offended by this bill! These are the same people that don t think it s weird that USA claimed the right to seize any storage device entering their borders, for any time they want, with no warranted privacy. Are we in a middle of a paradigm shift? Are we accepting less freedom? What would George Orwell think of that? Maybe we got in a wormhole and ended up in 1984

I am following closely this new DNS mess. In fact, there s nothing really new in that. DNS has been attacked lots of times over the years as a result of not being designed with security in mind from the ground up -, just this new one is a combination of known attacks against known security flaws. The quick fix is not a real fix, and just incorporate old ideas into the most used DNS software, strengthening it to face the attack. The details leaked, and there s already at least one public exploit (and who knows how many in the wild). The new buzzword is DNSSEC. I don t like DNSSEC. I never did. The first time I heard of it, around year 2001, it was a centralization of a decentralized database: A proposed company (called Network Solutions) would serve as a central authority, signing every root DNS entry. It was a joke! Come on! DNS is suppose to be decentralized! Having a central company anywhere is just a huge step back in decentralization (not to mention a huge step back in security). Time passed, and the DNSSEC specs evolved to a more decentralized way of thinking. The state it is now, and the implementations we saw so far are not good. No! I am not talking about security I am talking about the KISS principle: DNSSEC turns something really simple to deploy into a full-time job, with frequent key roll-overs and re-signing everytime you change the zone a huge mess! Yes, there are automated tools, but, come on! you still have to wait for TTL to expire before publishing this part or that part of the cryptographic machinery And, if we are talking about real security, are we going to build some automated tool fire-and-forget -style and not follow it? If we are not looking at it as it goes, and it fails, we could end up with a completely wrong set-up or (even worse) a non-validating zone. And I haven t yet mentioned the increase in payload I am not completely convinced that this alone would not lead to DoS attacks just by compromising the responsiveness of the servers (and DoS attacks are already available for quite some time maybe the DNSSEC-medicine is worse than the disease ). The root ( . ) servers are not even DNSSEC-aware, and there s a whole class of other stuff to work-around the fact that they may not be DNSSEC-aware for quite some time yet. There has to be a simpler way! I can imagine at least three ways to fix the problem until we can fix DNS in a KISS way And they re all KISS also:

• Change Transaction ID field. This is the first Achiles heel of this crisis. Let s increase the length of this field to 2048 bits, or even larger. Better yet, let s make it variable, so every system administrator can set his servers own size. Yes, I know this leads to replacing ALL the DNS infrastructure, but isn t that what we are doing right now, anyway?

• Deactivate in-bailiwick injection. Over the years, DNS have been expanded to allow a lot of things other than translation of names into numbers (or to ease this translation). The second Achiles heel is the ability to inject the IP address for WWW.VICTIM.COM while consulting for 10294DKGJSDL.VICTIM.COM since both name-addresses are in the same bailiwick (in-bailiwick). Let s take a step back, and deactivate all this Before 1995, the same thing could happen with any addresses, including those out of bailiwick , and it was fixed to only allow those in-bailiwick Let s fix it again to not allow it at all!

• Good, and old iptables. Couldn t we just use iptables LIMITS to stop this attack and blacklist the attacker? We ve been doing this for a lot of other things (SYN-floods, ICMP attacks, etc). Can t we just do the same. Again: this is not a new thing it relies on multiple attacks in a short period of time, just like other attacks we ve seen and successfully blocked with these techniques

Maybe some of those three solutions are flawed Maybe none are flawed and can be deployed together Maybe I am wrong and DNSSEC is the only way to go But let s not panic, let s cool our minds and begin thinking it through. I still don t think DNSSEC is the holy grail Now I already spent more time than intended on this let me go back signing some zones ;-)

Great to hear about etch and a half . I ve just upgraded all my systems and everything went smooth. I dumped my home-compiled Ruby in favor of Debian s version now, since it fixes the annoying security bug. Thanks for the good work people!

Here I am writing today to tell something that might not be known outside Brazil at least, I haven t read much in English about it the attempt to turn the Internet into a government surveillance device. This story goes back to 2006 (and even back), when we first successfully blocked the approval of a bill that would, in effect, turn the Brazilian Internet into a giant Big Brother. This bill was introduced by Senator Eduardo Azeredo as a replacement to a series of other similar bills that were attempted before and was followed by a strong resistance by civil organizations, one of those being ASL, of which I am proud of being one of the founders. By that time we ended having it postponed for more debate. It happened that the bill made a come back last weeks, and was pushed into approval by a subcommittee of the Senate (one that was suppose to deal with the constitutionality of bills) and now is heading to the Chamber of Deputies for appreciation. Apart from the first debates back in 2006, nothing happened between then and the approval. The bill have changed a little bit, but not much as to change its effects. In Brazil, we have two legislative houses, Federal Senate and Chamber of Deputies. If a Law Project is proposed by one, is revised by the other. So we have already lost 50% of the fight. Ronaldo Lemos, professor of Funda o Get lio Vargas (think about a Brazilian version of Harvard Law School ) have already stated how dangerous such a Law can be, once approved. In his own words: The wording of the law is too broad, and can be applied in several cases. The interpretation of what is a crime or not will be done by a criminal judge, who is used to deal with homicides and not with technology . Since its approval in Senate, several people have been putting together a resistance. Central to it is a Petition, hosted at Petition Online, that already holds 64-thousand signatures. One of the writers of that petition, Andr Lemos, a university professor and researcher, have said that the regular user will have the feeling of being watched, and not knowing if what he s doing in legal or not: For instance, if I disseminate a virus without knowing, will I be arrested? Can I exchange my files in P2P networks (my pictures, my musics, my text files) without asking for permission? How will the ISPs interpretate these exchanges? Can I copy a part of a text from a blog and paste it into mine? This law creates a feeling of insecurity and generalized fear . FGV s Center for Society and Technology have published an analysis of the Law Project, and have spotted a lot of problems in it. For instance:

• Unlock a cellphone to be used in another carrier or unlock a DVD player, so it reads disks from different regions, can be a crime punished with 1 to 3 years of imprisonment and a fine, as deals article 285-A;
• Copy something from a blog that doesn t state access restrictions is turned into a crime since a blog is covered by copyright and, if not stated otherwise, those restrictions should apply, and someone that copies can be punished with the same 1 to 3 years of inprisonment and a fine, as deals article 285-B;
• Unlock the iPhone using softwares like jailbreak is turned into a crime punished with 2 to 4 years of imprisonment and a fine, as deals article 163-A. Even put a link somewhere in your site pointing to the software jailbreak is considered a crime;
• The ISP is turned into a surveillance apparatus, and is mandate to inform the authorities about any of the crimes the Law deals with, as states article 22.

Thinking of how I can help, after sending an email to every Deputy whose email address I was able to get, I decided to translate the law into English (I also uploaded a version with indentation, since it s pretty hard to understand the whole law without it, if you re not used to), so the World can be made aware of what s going on in Brazil. I also just sent an email with it to EFF, asking for their help. Not that I think they can do much, but they surely will know one or two strings to pull in order to put more pressure on the Brazilian government. I also hope that, once this post reaches Planet Debian, even more people become aware of the issue. In a sense, this is an appeal for all the Freedom Culture lovers out there to take any actions they can to help us prevent this Law Project to become a Law. (In time, I d like to thank Alexandre Oliva, who revised the translation). Update (2008-07-23 11:50): Steve Langasek also revised the translation of the Law Project and I ve made a cherry-pick merge , which resulted in the version currently linked in the text above. Older version of the plain and the indented documents are still available. Thanks Steve!

I ve just tested the improvements in the performance of Javascript in Firefox 3 and WOW! Javascript in FF3 is really fast. While googling about it I just ran across a recent interview with Brendan Eich about the future of Javascript and I got excited about two things about this future. First was what we already have, still in the beginning, but with a lot of potential: HotRuby. Really interesting to script a webpage in Ruby (which is my favorite language) and, while it s not embedded the way Javascript is, it gets compiled in the server side with YARV (the new bytecode compiler for the next version of Ruby, 1.9), and then served to the browser in the form of JSON objects, so it can be interpreted by the Javascript engine in it. All this is transparent and work with XMLHttpRequest. It s not a coincidence that Eich mentions it as being a form of ARAX (changing the J in AJAX for R from Ruby). I already do a lot of coding in Ruby not having to deal with Javascript anymore is surely a plus. ITOH, Eich is talking about improvements in Javascript that would render it as a real programming language Maybe coding in it would not be so painful anymore by then ;-) The whole interview have to do with this Project Tamarin, a high-performance, open source implementation of the ECMAScript 4th edition (ES4) language specification [ ECMAScript 4 is the same thing as Javascript 2 ] by the Mozilla developers. And this is the second thing I got excited for: they ve planned to glue IronRuby (Ruby compiler for argh! .NET) to it via IronMonkey. So exciting news! Either via Tamarin or via HotRuby, we ll get Ruby browser scripting. My free mind tends to favor HotRuby instead of IronRuby/IronMonkey/Tamarin But in the end what matters is that all those people now cursed by Javascript will finally have a taste of what a real programming language feels like.. Who knows! They might even like it ;-D