I have made a few posts over the years about reggae and how much I love not just the music, but the music’s unique ability to fuse with other music. Sometimes this forms sub-genres like rocksteady or dancehall and sometimes it leads to new forms of music, like 2 Tone or ragga.
Reggae and Dub are the original remix culture. In England, it draws many parallels with hiphop in the US. Reggae is the original protest music and the original rebel sound. The video below is pretty long, but it’s well worth watching.
“Beef” is a pretty harsh criticism by Mos Def of not just institutional racism in the U.S., but also of his own community. The track has powerful message, but the with the slower tempo means a lot of mixes use beats without much energy in them. Fortunately Max Tannone shared my concern and mashed up “Beef” with “Johnny Too Bad” by The Slickers. The result is a powerful reggae/ragga protest song..
Technically, “Johnny Too Bad” sounds more like rocksteady than reggae, but unless you are a ska nerd like me, the difference between the different genres of Jamaican music is fairly academic.
Here is one version of “Beef” that sounds like a freestyle on a radio show:
Mos Def has done “Beef” in a bunch of different places, including The Dave Chappelle Show, so it’s not a freestyle.
Here is The Slickers version of “Johnny Too Bad”:
And here is the mash-up, known as “Johnny Too Beef”:
A while ago, I wrote about Baidu’s new smartphone. Baidu is also getting in to the anti-virus business, according to ZDnet. I find this news kind of interesting, since China is one of the top 3 countries of origin for malicious software, according to most folks who work in Information Security (the other two being Russia and Romania).
On a similar note, the Chinese government is also looking to build out a “national OS” based on Ubuntu. I thought that the Chinese tried this a few years ago with Red Flag Linux. I can’t tell from the article if this is a new version of Red Flag, or something different.
A couple of weeks ago I was talking with a former professor of mine about the negative portrayal of hackers in the media. The discussion concerned how that negativity has framed the discussion about a number of things, from legislation, to the ill treatment of people accused of illegal computer hacking. I mentioned a few books and other things and their relevance from a rhetorical standpoint. I was going to email a list of things to my professor, but I thought I should put it up here instead.
The first item is The Hacker Manifesto which sums up hacking as an almost pathological curiosity and an almost phobic rejection of intellectual laziness or bureaucracy:
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
It was written by a hacker in the mid-eighties known as The Mentor. Ironically, he wrote it while sitting in a jail cell after being arrested in a nationwide law enforcement sweep of bulletin board systems known in the hacker community as the Private Sector Bust.
the PSB is the archetype for a lot of hacking busts: a law enforcement agency is often moved to take action by a private company or other party not associated with law enforcement. The law enforcement agency, usually the FBI but often the Secret Service or Department of Defense, then acts on intelligence and evidence gathered by the private party. The private party is usually a large corporation like AT&T, but it can also be an educational institution or a even another government agency not associated with law enforcement or the military.
A great book that details a private party providing evidence and expertise to law enforcement is The Cuckoo’s Egg, by Clifford Stoll.
The year is 1986, the private party is UC Berkely, and the hacker is a KGB contractor known as The Hunter. Stoll was tasked with figuring out a billing irregularity on a time sharing that turned out to be a compromised account. After months of investigation on his own, Stoll went to various three-letter-agencies and ended up participating in an international manhunt for a German hacker working for the KGB.
The Cuckoo’s Egg also gets points for talking in great detail about systems that don’t exist anymore, like TymNet, which was a service that basically used the Internet to connect local dial up Points-of-Presence. Users would dial-in to a local POP, and then use the Internet to either connect to a dedicated a government or corporate network, or to dial-out of a remote POP in order to dial-in to another system and avoid long distance charges. Businesses like TymNet were largely obsoleted in the late 90′s by commercial Internet Service Providers that let corporations and consumers connect directly to the Internet.
The year is 1992, the private party is AT&T, and the law enforcement agency is the FBI, and the hackers are the M.O.D, a gang of phone phreaks from New York City. This book differs from The Cuckoo’s Egg because it includes input from the hackers involved. It’s also less of a story about the hunt for the hackers, and more about an electronic turf war between two rival hacker crews. What is interesting to note is that while AT&T is building a case against members of the two crews, the Great Crash Of 1990 happened, and for a while, members of the M.O.D. were prime suspects. As is often the case, phreaks and hackers were not to blame.
Up next are two books that tell different accounts of the same story.
The first account is Takedown, by Tsutomu Shimomura and John Markoff.
The year is 1993, the private party is Shimomura himself, the law enforcement agency is the FBI, and the hacker is Keving Mitnick. Takedown is Shimomura’s account of how his private Unix workstation was hacked by Mitnick, and how Shimomura led the FBI to track down and arrest Mitnick.
Years later, Mitnick himself would write Ghost in the Wires, an account of his life on the run, his arrest, and his mistreatment in jail as a result.
The books listed here are written more like detective or spy novels rather than historical accounts. They’re also great glimpses into different aspects of the hacking scene which include Unix hacking, Fone Phreaking, and Social Engineering.
A recurring theme throughout these books is the lack of technical expertise on the part of the various law enforcement agencies, the non-existent chain of custody for evidence gathered by private parties, and the sometimes questionable claims of these private parties about the damages that were done to them at the hands of these digital trespassers. Probably the the most obvious example is in the Shimomura/Mitnick beef. Shimomura accused Mitnick of breaking into his computer, but Mitnick was mostly charged with wire fraud, and computer fraud relating to Motorola and Sun Microsystems. Shimomura was supposed to be a hotshot NSA security researcher, yet there appears to be little NSA involvement, other than Shimomura himself.
What you also see is the growth of legislation to control hacking. In The Cuckoo’s Egg, there hardly any laws on the books to be broken and jurisdictions for computer crimes were difficult to sort out. The pursuit of The Hunter is based mostly on the threat he poses to national security.
Mitnick states repeatedly that many of the crimes he is accused of are either impossible (being able to launch nuclear missiles with a phone call), embellished (stealing source code from Sun Microsystems valued at hundreds of millions of dollars), or things he simply didn’t do (disabling the telephones of judges and states attorneys).
When the bulk of your intelligence and evidence is collected by a private party with a grievance with the accused, there is often a lot of room for errors to be made, for half truths to be sold as facts, and for reputations to be protected by scapegoating.
This is why I oppose strengthening the provisions in the Computer Fraud and Abuse Act. This is also why I support initiatives to bring sanity into copyright, cyber-crime and cyber-security legislation, because it is very easy for a big company or a government agency with a gripe against you to accuse you of a crime that either doesn’t exist, is physically impossible, or that you didn’t commit, effectively ruining your life.
Here is Kevin Mitnick at HOPE talking about caller ID and other stuff:
Since then, I have been doing my best to make people aware of the problem posed by the vague language of the Computer Fraud and Abuse Act and it’s misguided use as a club to prevent people from doing things with a computer that threaten the status-quo of our government’s favorite corporations.
Rather than post one of my trademark walls of text, instead I would like to direct you to a film about two others who saw mistreatment and abuse as a result of the Computer Fraud and Abuse Act. And keep in mind that both of these gentlemen actually defrauded and abused computer systems, unlike Mr. Swartz, who did no such thing.
I decided to get a prepaid phone to use as a backup phone for emergencies, and to take with me when I travel. My primary mobile is provided by my employer, and while I appreciate the free smartphone, I don’t want to lose my mobile phone or number if I change jobs. Also the idea of losing or breaking my work phone while doing non-work stuff just sounds like a set-up for a conversation that I don’t want to have.
A few assumptions were made when I purchased my prepaid minutes:
I assumed that I would only use a few minutes per month, if any.
I assumed that my phone would just sit in a bag until it needed to be used.
I assumed that a prepaid mobile had the same basic features as a contract mobile plan.
I was wrong on a couple of points:
I did not account for my number being a target for telemarketers, bill collectors for the line’s previous owners, and robodialers – I fixed this problem first by setting my voice mail greeting to a disconnect tone and recording. I was also receiving texts from My Coke Rewards, which I was able to put an end to by texting STOP to 2693. In the past year, I have used around 350 minutes, although probably a quarter of that was from unwanted calls and texts.
I also found that having two working mobiles comes in handy in a few random circumstances, like when a friend from England is having trouble with his UK mobile, or you happen to leave your primary phone at home, or a random person on the street needs to use a phone and you don’t want to hand them your expensive (and company owned) smartphone. Also, sometimes you just want to wear basketball shorts and not live in fear of getting pantsed by your quarter-pound smartphone. As a result, I have used way more minutes this first year than I figured I would, although now that I have eliminated the unwanted callers, hopefully I will use significantly fewer minutes and texts in the coming year.
It turns out that for some reason, you can’t use a t-Mobile prepaid mobile with Google voice mail. Google Voice mail is nice because I receive a transcript of the voice mail, and I can play the message using the GV website or mobile app. t-Mo voice mail is problematic for me because it picks up before GV rolls over to voice mail. Since my prepaid phone is turned off 99% of the time, having it silently answer calls that should go to voice mail is not good. Also when t-Mo VM picks up, it burns at least one prepaid minute, possibly more, hence my concern for robo-calls. To route around this, I called t-Mo customer service and completely disabled voice mail for my prepaid line. Now, as long as the phone is powered on, will just ring and ring until Google Voice mail picks up. There is one caveat: when the phone is powered off (again, 99% of the time) an incoming call will ring 3 times and then play a recording about the mobile subscriber not being available. This is an acceptable limitation. I face a similar problem with the voice mail for my desk phone at work, so I have it activated as a phone in Google Voice, and I just un-check to box to forward calls to that number unless I’m equipped to receive calls on that phone.
Also, I was concerned that my “gold status” as a t-Mo prepaid customer would expire after a year. I am pleased to report that it did not, and when I bought the smallest denomination of prepaid minutes, I was able to keep all of my unused minutes active for another year. This is important because I bought a bunch of minutes at first, and every year I can re-up for the smallest amount ($10) it drags the total cost down by a significant margin.
As a wireless security measure, WPS is almost maliciously stupid. You shouldn’t use it, and if at all possible, you should disable it.
I sometimes use PDAnet to get online when I am without other means, sometimes that’s an airport or hotel without free WiFi, but more often it’s when I’m staying with friends or family and it’s the middle of the night and I don’t want to bother anyone for their WPA password.
A few days ago a family friend fell victim to the latest Yahoo! breach, and I was doing a kind of incident response, checking machines at his business for malware. While I was waiting for the scans to run, I used the WiFi on my phone to hop onto a nearby wireless network. I figured the network was open because my phone connected to it without asking for any credentials. I also assumed that it was the network for my friend’s business, but apparently it was not.
I then decided to get my laptop out and connect it to the same network, and I discovered that my Win 7 machine would not connect without providing a WPS PIN. I thought that this was curious since my phone connected without providing a PIN, but I was not interested in breaking into this mystery wireless network, so I used PDANet to connect to my mobile.
I discovered long while ago that if your phone is connected to WiFi, and you use PDAnet’s USB tether feature, PDAnet routes your computer’s traffic through the phone’s wifi connection and not the 3g/4g connection. This isn’t very useful in most situations, but I have used it in the past to temporarily add WiFi to a desktop computer, and in this case to side-step WPS authentication.
What I have not done in the past was to scan WiFi networks that I was connected to via PDANet. My computer was able to pull an IP address on the target network, and after a few minutes of basic ping scanning with nMap I was able to see a couple other hosts on the network. I think it’s pretty rude to mess with people’s networks, so I didn’t do anything more than scan it briefly to see if I could, and then finish my Internetting.
I have two laptops, one is a 15+” wide screen with a full sized keyboard and number pad and the other is an older 10″ netbook that I have been useing exclusively for school. The netbook is a great size for taking notes without taking up too much space in my backpack, and while its battery life leaves much to be desired, it has served me well for the last 4 years I’ve had it. When I bought my big laptop, I decided to pull out all the stops and put a solid state drive in it. I figured that since 40gb on my old XP/Debian laptop had been sufficient, that a 60gb SSD (also the cheapest) would be plenty. I threw the 320gb drive that came with the laptop into a USB enclosure that I keep in my laptop bag and I figured I would be in great shape. I was so wrong. 64k ought to be enough for anybody, indeed.
With my new laptop came the move to Windows 7 64bit, Windows XP mode via Windows Virtual PC, and graphics capable of running lightweight 3d games. This, coupled with the decision to return to playing Lord of the Rings Online again, left me with a whopping 1gb of free space.
I waited for 128gb SSD’s to come down in price, and when the finally did, I bought one straight away. Once the drive arrived, I set about upgrading my laptop to a bigger drive, and swapping the old fashioned mechanical drive in my netbook for the faster and energy efficient SSD. I have used Redo Backup in the past when upgrading disks and while the process can be time consuming, the results are fantastic. Redo will dump a disk to a series of (large) files, either on an attached USB drive or on a network file share. You can then swap disks and restore your backup on the larger replacement disk. The partitions are recreated, byte for byte, and redo comes with a partition editor that will let you grow or shrink partitions if you need to after the restore.
If you are going from a smaller disk to a larger disk, it’s pretty straight forward. Unless there is crypto involved.
I use TrueCrypt to encrypt the drives on my laptops. I do this for protection. From ze germans.
It turns out that Redo’s editor and most other editors will not resize TureCrypt-ed partitions.
Sometimes being a delusional paranoid is *really* inconvenient.
Also, for the 60gb SSD laptop-to-netbook transplant, I would be cloning a larger encrypted volume to a smaller encrypted volume.
So the reality is that I am basically trying to cross the streams and divide by zero at the same time.
Oh, and I only have two legit copies of Windows 7 and no Certificates of Authenticity, so reinstalling is basically out of the question.
I managed to do it, but it was an ordeal.
Crossing the Streams
How do you get an elephant into a matchbox? First you take out all the matches and then you put the elephant in the matchbox.
So if you want to clone and resize an encrypted volume, first you have to decrypt the volume.
Redo was able to back up the encrypted 60gb SSD in my laptop and restore it to the new 128 GB SSD with no problem. Redo did not resize the copied volume, so my new drive was 50% empty.
What needed to happen was for me to resize the 60gb encrypted partition to take up the whole 128gb drive. Thankfully the laptop booted up into Windows OK, so I could use TrueCrypt to permanently decrypt the drive.
Once the drive was decrypted, I could use Redo to resize the drive. I’m not sure why, but TC removes the 100mb “System Reserved” partition that Win7 creates, but leaves the 100mb of space unallocated. When I resized the partition to fill the entire drive, the drive became inaccessible to windows.
Thankfully I had a Redo Backup of the drive, so I could restore it again, decrypt it again, and resize it again. Except this time I left the unallocated 100mb at the beginning of the drive, and 100mb at the end, just to be safe.
This worked flawlessly, other than the 200mb of “wasted” space, but such is life. I was then able to use TrueCrypt to encrypt the drive again, and transplant the 60gb SSD to my netbook.
Dividing by Zero
Before I did anything, I made a Redo Backup of the 160gb drive in my netbook to an external drive. That way I could futz with and break my partitions and and still get my stuff back.
Once I had a backup of my volume, I used TrueCrypt to decrypt the drive and deleted some stuff to make sure the drive had significantly less that 60gb of used space. I thought about doing the backup again, after I decrypted and pruned the drive, but I decided that it would be better to keep the backup encrypted.
I then swapped the 160gb drive for the 60gb SSD and the real adventure began.
Having already hit the limitations of Redo Backup’s partition editor, I opted instead to use the System Rescue CD and/or GParted to copy the unencrypted partition over to the smaller SSD.
Many years ago, I used Ghost to do this stuff, and it worked great. I have always judged open sourcce tools like Clonezilla to be lacking because ghost used to clone partitions from smaller disks to larger ones. I took a detour with version 15 of Ghost, now owned by either Symantec or Norton, maybe both or neither. It turns out that not even Ghost (as of version 15) is capable of disk-to-disk copies from a larger source to a smaller destination. I guess that is some sort of lost art. I would like to apologize to all open source disk cloning tools for thinking them inferior for all these years.
So after wasting time with Ghost 15, I went back to Gparted and/or System Rescue. I say and/or because I don’t remember which disk I used, but I am fairly certain that both disks use PartImage. Either way, the process is to:
Copy the 100mb “System Reserved” partition from your source disk to the SSD.
Copy the Windows System Partition from your source disk to the SSD.
Copy the Master Boot Record over from your source disk to the SSD.
Boot your computer from the SSD and see if it worked. If it didn’t have no fear.
At this point it wasn’t working for me either. I never quite worked out the exact incantation, but it works out a bit like this:
If Windows doesn’t boot, as in no “Starting Windows” screen, then recopy or recreate the MBR.
If you have both recopied and recreated the MBR and Windows still won’t boot, recopy the 100mb “System Reserved” partition.
Once you get Windows to boot, it still may not succeed. If you are getting the “Starting Windows” screen, but the log in prompt/desktop does not load, then recopy the Windows System partition.
At this point you should be loading Windows. If not, you may have to slog through the two lists again. I was worried that it simply couldn’t be done, but I managed to succeed, and so can you.
Once you can boot into Windows on the SSD, then it’s time to re-size the partition. I left around 100mb at the end of the disk just to be safe. After re-sizing, you can re-encrypt the disk and you are in business once again.
Upgrading/transplanting the drives in two laptops took me like 3 days, but my big laptop has ~50gb of free space, and my school netbook is noticeably faster with an SSD. I haven’t used it for a full battery cycle yet, so I don’t know if the SSD has prolonged its battery life or not.
The downside to using TrueCrypt is that I can’t multi-boot Windows and Linux, but that’s what USB drives and Virtual Machines are for.