1) If you’re on Windows, download this and skip to Step 3. Mac, Linux, and Unix users download the source code for connect.c
2) Compile it. On most systems, the command would be: gcc connect.c -o connect
3) Add this to your ssh command: -o ProxyCommand=”connect -S localhost:9050 %h %p”
For example, I could use this command to connect to Silence is Defeat over Tor:
ssh -o ProxyCommand=”connect -S localhost:9050 %h %p” silenceisdefeat.org

And that’s it… Pretty easy. More info can be found here.

And you thought Facebook would attract stalkers. Imagine a service that shows people every move you make on Facebook, MySpace, Digg, YouTube, Amazon, Flickr, StumbleUpon, Friendster, Last.fm, and over a dozen other services at the same time but in one easy-to-stalk place. Spokeo, a recently launched Web 2.0 service that bills itself as a “hyper-aggregator”, does just that.

No need to log into thirty different websites to track your ex-boyfriend - Spokeo will do it for you! Start by giving it the username and password to your GMail account (not at all implying this is a good idea), and Spokeo will automatically show you all of your friends and all of your friends’ accounts on other services. Think your ex-boyfriend might have an account on sites that you don’t know about? Problem solved. Need more Stalk Data on your friends? Just give it more login credentials for the other websites you have accounts on… it’ll do the work.

Of course, when Spokeo’s servers are compromised, the attacker will have ALL of your login credentials for just about every account you have.
Spokeo says they don’t store your passwords, but since they don’t use SSL, they can’t stop others from sniffing the login credentials you give them.

From Slashdot:

The Department of Homeland Security’s Real ID program has a real challenge on its hands from California. DHS had said it will only grant extensions from the Real ID rules taking effect on May 11 to states that apply by March 31 and promise to implement Real ID by 2010. California requested an extension but would not make the latter promise. DHS buckled and said, in effect, “Good enough.” Perhaps they realized that trying to slap giant California around is qualitatively different than doing the same to New Hampshire.

Click here for the full article.

Don’t get suckered into paying $20, $30, or even $70 per month for nationwide wireless internet. If you’re a T-Mobile customer, you can do it with their $6 T-zones plan just by making a minor change on your laptop. Here’s how:

Table of Contents

1. Instructions for Mac OS X, Linux, or *BSD
2. Instructions for Windows
3. How it Works

Instructions for Mac OS X, Linux, or *BSD

1. Add T-Zones to your calling plan, if you haven’t already.
2. Sign up for a free shell account at SilenceisDefeat.org (instant activation is a one-time fee of $1)
3. Setup tethering, if you haven’t already.
4. From a terminal, issue the following command:
   ssh -p 143 -D localhost:1080 username@ssh.silenceisdefeat.org
   Of course, you need to replace “username” with the username you picked in Step 2. The password to use was emailed to you when you completed Step 2. If there are any problems, check the support channel.
5. You can change your default password by using the psswd command once you’ve logged in. You now have a local SOCKS5 proxy with no restrictions. Just configure your browser to use it. For Firefox, (Click Edit > Preference > Advanced > Network > Settings > Manual proxy configuration; At SOCKS Host put in localhost and for the port, use 1080.)

Enjoy the freedom!

Instructions for Windows

1. Add T-Zones to your calling plan, if you haven’t already.
2. Sign up for a free shell account at SilenceisDefeat.org (instant activation is a one-time fee of $1)
3. Setup tethering, if you haven’t already.
4. Download and run PuTTY
5. For hostname, enter ssh.silenceisdefeat.org. For Port, enter 143, like this:
   
6. On the left site, in the Category box, click over to Connection > SSH > Tunnels. Click the second check box, enter 1080 for the Source Port, click the Dynamic radio button, and click Add. Make sure it looks like this before you click Add:
   
7. Now go back to the Session screen (at the very top in the Category box), under Saved Sessions, type “Silence is Defeat” without quotes, and click Save. This will allow you to re-use these settings in the future without having to enter them again.
8. Now click “Open” to start the session. You’ll be prompted for a password, which should have been emailed to you when you completed Step 2. If there are any problems, check the support channel.
9. You can change your default password by using the psswd command once you’ve logged in.
   You now have a local SOCKS5 proxy with no restrictions! Just configure
   your browser to use it. For Firefox, (Click Tools > Options >
   Advanced > Network > Settings > Manual proxy configuration; At
   SOCKS Host put in localhost and for the port, use 1080.)

Enjoy the freedom!

How it Works

The T-Zones APN, wap.voicestream.com, has a proxy available at 216.155.165.50 on port 8080 that used to allow most HTTP traffic to any server, but as of late it blocks normal websites. However, the APN still allows unrestricted traffic on ports 25, 110, 143, 465, 587, 993, 995, and 8080 for various reasons. ssh.silenceisdefeat.org accepts SSH connections on ports 80, 143, 465, 443, and 587. So, we’re just connecting to Silence is Defeat on port 143 and then tunneling all of the traffic from our local SOCKS proxy to Silence is Defeat, where there are no traffic restrictions. This can be used for the web, IRC, instant messaging, and just about anything else.

If you like this trick, please consider donating to Silence is Defeat via paypal at sdpaus@gmail.com, as they are footing the bill for the bandwidth required to do this. Also, check out their chat room. Enjoy!

So back in June, Apple came out with their iPhone.  I’ve always liked how it looks, but given that there are so many features missing from it, I decided to keep my unlocked Sony Ericsson W810i.  However, as of late, I’ve been given the opportunity to acquire a free iPhone.  So, for the purpose of deciding which one to use, I’m going to outline the advantages and disadvantages of the $400 iPhone as compared to my two-year-old W810i.

Disadvantages:

• It’s much bigger
• No MMS (picture messaging)
• No third-party app support and no Java - you’re stuck with the software that came with it
• No voice recording
• No video recording
• No cut-and-paste
• Can’t assign personal music tones
• No AIM/iChat
• No voice tags for voice dialing
• Semi-difficult to unlock
• No memory card slot

Advantages:

• It looks pretty
• Better browser
• Wi-Fi (but since there’s no support for third-party applications, there’s no way to run Skype or VoIP)

As far as the iPhone’s other claims to fame — MP3/video player, Google Maps, a working web browser, and YouTube — that stuff existed in other phones long before the iPhone came out.  Frankly, I think the reason it sold so well is that it looks really cool and Americans were largely unaware of what cell phones could already do.  Don’t get me wrong.  I’m not criticizing Apple for coming out with it, I just wish they incorporated some basic cell phone features.

I’ll give the iPhone a shot, but it’s hard to imagine going without some of these standard features.

Although I’m not a very eloquent writer, I’ve tried to stress the importance of voting machines running on Open Source software, instead of Closed Source software.

Please understand: There is no point in having elections when the voting machine source code is a secret (aka. Closed-Source).  No point whatsoever.

How much faith would you have in a system where everyone passed their ballots under the door of a dark closet where one man is trusted to announce the results at the end?

Would that make sense to you?  Would you trust that man to be honest?  Would you still bother voting?

Of course not.

However, this is exactly what closed-source voting machines are.  There are a handful of guys who write the code and then keep it a secret.  That code is then used to tabulate the results, and then we just trust whatever it says.

Doesn’t anyone realize how bat-shit-insane that is?!?

Think I’m nuts?  Watch this video:

Want to watch someone actually rig a random voting machine? Watch the last half of Hacking Democracy:

Here’s a short clip about a different Diebold model, although it’s not documented as well as the video above:

Background: Source Code, Open Source, and Closed Source
In the world of software development, there are two major schools of thought.  In one, source code, which is basically just a set of instructions for a computer, is developed in private and is generally kept secret.  This is the closed-source model of development that companies like Microsoft use to develop Windows, Office, and dozens of other applications that you may use daily.  In contrast, the source code for open source software is readily available.  Anyone is free to download, examine, or even modify one’s own copy of open source software.  Two examples are the linux-based Ubuntu operating system and OpenOffice.org office suite.

When it comes to operating systems, the choice between open and closed source software is often a matter of security. That is, in the closed-source world, security largely depends on the secrecy of the source code. Since the source code can only be reviewed by a finite number of experts within the firm that created the software, there are inevitably mistakes that slip through the cracks. Mistakes that are found after the software is released can only be fixed by the software vendor, and the whole world has to wait until a fix is available. Having access to source code makes it much, much easier to find mistakes. That’s why closed-source vendors keep it a secret.  So, when source code of closed-source software gets leaked to the public, it’s considered a disaster, especially when most of the world depends on the software in question.

In contrast, source code in the Open Source community is available for the whole world to see. Mistakes that would otherwise go unnoticed are caught early in the development process, and mistakes that are found after the initial release can be quickly fixed by anyone.  That fix (usually in the form of a software “patch”) can then be made available to the rest of the community.  It is not necessary to wait for a fix from the software vendor.

Source Code and Voting Machines
I could drone on about how the closed-source development model is responsible for almost all of the most damaging computer worms, but instead let’s look at how these two development models apply to voting machines.  This is actually very simple.  Every computerized voting machine I have ever seen implemented operates using closed-source software that runs on closed-source operating systems.  As long as that’s the case, worrying about physical security and chain-of-custody is almost pointless.  As soon as someone finds a way to exploit a mistake in the software, he could exploit the mistake to manipulate the voting machine.

Premier Election Solutions (formerly Diebold Election Systems, Inc or DESI) has the lion’s share of the computerized voting machine market. Their source code, which was written using the closed-source development model, has been leaked more than once.  A book could be written about the security flaws in their code, but suffice to say that anyone with access to a voting terminal (read: tech-savvy voters) could completely change the ballot file.

Closed-source software has no place on public voting machines!  The very notion is ridiculous, but it’s a growing trend in the United States.

Hacking Democracy
If you’re still not convinced that America is facing a serious problem, please watch this video in entirety.  The last half hour is the most important part:

Have I mentioned that Tim Swanson and B.K. Marcus are two of my heroes?  The first time I read B.K. Marcus’s piece on why spectrum should be private property, I almost had a Glenn Beck moment.  If you’ve ever thought for a second that the FCC might be good thing for America, you must read these two articles:

• The Spectrum Should Be Private Property: The Economics, History, and Future of Wireless Technology by B.K Marcus
• The Spectrum Swindle by Tim Swanson

Every American has been screwed by the FCC.  A vast, vast majority of them will never know just how much they’ve been affected, but sadly they all have and will pay the price.

This news is a few days old but is critically important, none the less. A federal judge in Vermont has ruled that the right not to divulge his PGP (Pretty Good Privacy) passphrase is protected by the 5th amendment. A pseudo-anonymous blogger points out the significance:

If this becomes a precedent, it will be distinctly different from European countries such as the U.K, where a new law provides for up to two years of jail time simply for refusing to reveal a key.

As people’s digital storage increasingly becomes an integrated part of their identity, the right to keep certain data private will become increasingly important. The right to keep encryption keys private will increasingly mean the freedom to keep certain thoughts private, whether they are stored in wetware or digital form.

Click here to read the story on News.com Since the ruling, the DOJ has refused to answer any questions regarding their stance on citizens being forced to reveal encryption keys.

Until I read Jeff Tucker’s piece today about the POP-mail generation, I had almost completely forgotten why I fell in love with Gmail in the first place.

It’s not the way it organizes my email, or the incredible spam-filtering. The real reason I love Gmail is that I’ve tried just about every email client known to man, and they all eventually crash, resulting in either a tremendous waste of time trying to clean it up or a total loss of data. With Gmail, the burden to keep things working is on Google, not me. No more strange error messages, no more searches that take five minutes, no more repairing of databases, no more worrying. It just works. And if it ever stops working, they’ll have millions of unhappy customers to answer to, and thus great incentive to rapidly fix it. Whereas, if Outlook breaks, I’m just plain fucked.