Saturday, June 11, 2016

Your cellphone, a goverenment tracking device you pay for.

Your cellphone is a double edged sword.

On one hand it is a tool that can be used as a phone, to read your email, look at webpages, for getting directions, etc. On the other hand it is a tracking device that can be used against you and to keep tabs on you.

All smartphones sold today come with built in GPS. You can use it to find your location and figure out how to get where you want to go. It can also be used to track your movements. As of the writing of this post (June, 2016) the average 4G cell phone sold in North America has a GPS accuracy  of 3 meters, about 9 feet. This means the cell phone  GPS can tell the difference between you standing in front of your car or behind. With a special app installed on your phone your phone can be tracked and, in effect, you are being tracked.

Normally the tracking app has to be installed on your phone which means someone has to physically install the app. Most cell phones in North America are either iPhones, about 28% of the market,  or Android which is about 67% http://www.ibtimes.com/apples-ios-still-getting-crushed-android-us-2130868. The rest is either Windows phones of Blackberries. Both iPhone and Android are alike in that their is a central repository for apps to be installed on your phone.

Tuesday, March 12, 2013

Security for Activists - passwords

I've been reading a lot lately about activists and their lack of knowledge about computer and on-line security is a little scary. Given the empire's long track record of attempting to suppress and silence activists (see the Wikipedia entry for COINTELPRO) it is imperative that those in the movement know how to protect themselves and prevent the status quo from disrupting us. To that end I am planning a series of blog posts about the tools and techniques we can use to protect our selfs and to try to prevent the empire from learning of our activities.   The first blog post will be about passwords.

Most computer systems and many web-sites require the user to have a password to go along with their login. While a password may not completely prevent a hacker from getting access to your information it is the first line of defense. A well-chosen and used password will stop most of the amateur. But just having a password is not enough, the password has to meet certain requirements in order to thought of as safe. Here are a few points

The password should be at least 6 characters in length. With each character added the password gets harder to crack. If a password is composed of all ASCII printable characters, thats 95, and the password is one character in length, the number of guesses a password cracking program has to make is 95. If the password is 3 characters in length the number of guess to crack the password is 857,375 (95 x 95 x 95 or 95 raised to the third power). So a 6 character password would require 735,091,890,625 guesses. There two points I am making here 1) the longer the password the harder to crack and 2) using mixed case characters, numbers and special characters makes it even harder to crack.

Use mixed case characters, numbers and special characters in your password. Again this makes the password harder to crack.

Never use an easily guessed password. Words like "sex", "money", "secret" and "password" are not passwords. Nor should the password be something about you like the city where you were born or your significant others name. A password should never be a word found in the dictionary. A common hacking technique is called a "Dictionary Attack".

A dictionary attack is system where the program that is attempting a break in will randomly pick a work from the dictionary, say the word cat, and will attempt to login to your account while changing the case of the letters like so; cat, Cat, cAt, caT, CAt, cAT, etc. if none of these combinations works the word is marked as tried and another word is randomly selected from the dictionary until either they successfully logged in or they have worked their way through the dictionary. A phrase or word with mixed case characters, numbers and special characters on the surface looks good but it contains words from the dictionary and it's just a matter of time.

One of the more secure password algorithms is what I call the "Name That Tune" algorithm. One picks a song, say "Take It Easy" by The Eagles, then one picks a phrase from that song, lets use "Standing on the corner in Winslow Arizona". Using the first letter of each word of the phrase the password would be "sotciwa". Not bad but we can make it harder to guess by changing the case of some letters and substituting numbers for letters like so, "s0tc1WA?". We have substituted a zero for a lower case o and a one for a lower case i. We have also made the letters w and a upper case and just for the hell of it tacked on a question mark.

The really beauty of the "Name That Tune" algorithm is that it's easy to remember, hard to crack and one can talk about the password without saying the password. For example, lets say we used the above example as the root password to a group of web servers. If someone who knew the password but forgot it (it happens) wanted to know what the password was all you would have to say is, "It's the Eagles song." You have just conveyed the password without saying it and even if someone knows the "Name That Tune" algorithm that don't know which song, which phrase and how the phrase was twisted.

Having a strong password is one thing it is quite another thing if used stupidly. Writing down your password is a bad idea, especially if it is written down in a place where it can be found. I've seen cases where a root password was written on a piece of paper that was taped to top of the monitor. Another bad idea is to use your password everywhere. One of the basic principles of security is compartmentalization, that is to keep things separate. One should be using different passwords for different accounts. Maybe not every account be every different class of accounts, one for social media, one for bank accounts, etc.

One last point, one should change your passwords every 3 to 6 months. The longer a password is in use the longer the hackers have to break into your account.

Friday, February 1, 2013

I Will Not Bow Down

I Will Not Bow Down America  

I will not Bow Down
to your Government
to your Religion

I will not Bow Down America
to your Materialism
to your International Corporations
to your Religious Shrines
your Stock Markets
your Shopping Malls

I will not Bow Down America
to your Coal Mines
to your Power Plants

I will not go crawling down the deep shafts at midnight

I will not Bow Down America
to your invasion of privacy
to your moral absolutes
your religious political might

I will not Bow Down America
to your Assassins
the CIA the FBI the Corporate Police State
your Killing Murdering Machines

I will not Bow Down America
to your Bureaucracies
to your schools
to your attempt to make me the model citizen
of Your State of Your Church

I will not Bow Down America
to your Hisstory
of Lies
to your Secrets
in the Best interest of
to protect
the People

America
I pledge allegiance
to those who were here before you
to those who will be here after you are gone

America
I pledge allegiance
to the woman I love
and to our children
I pledge allegiance
to my friends and allies
my guides and angels
both seen and unseen

America
I pledge allegiance
to poetry to music to art
to the literary renaissance
to the global literary community
I pledge allegiance to the Beat to the Outsider
I pledge allegiance to meditation to stillness
to magic to beautiful mysticism to ecstasy
to AH and AHA
to the Big Bang Epiphany
to altered states of consciousness
I pledge allegiance
to seeing
into the occult the unknown
to seeing
into everyday into the ordinary
and being amazed
I pledge allegiance to the Sacred and the Profane
to gnostical turpitude
I pledge allegiance to my physical body
and to the knowledge that I am more than
my physical body
I pledge allegiance to seeing more than
the physical world and to those
of higher frequency vibration
and consciousness
I pledge allegiance to passing through
the Sacred Fire
to entering the upper chamber of the
golden pyramid
to levitating over the open sarcophagus
to out of body experience
I pledge allegiance to the hottest sex
and to gentle affection
I pledge allegiance to fractal geometry
the geometry of clouds and coastlines
to 2x2 equaling 5
I pledge allegiance to Failure
to failing as no other dare fail
I pledge allegiance to taking risks
to holy daring
to nam myoho renge kyo
to accepting responsibility for my own actions
I pledge allegiance to not achieving
the American Dream of Success

America
I pledge allegiance to trees to green grass
to brown earth to wildflowers of every color
to wilderness to turquoise Native American skies
to rivers lakes and seas
to healing the earth
I pledge allegiance to the Holy Spirit
to the Word and to Silence
I pledge allegiance to Dreams
I pledge allegiance to Birth to the Journey and to Death
I pledge allegiance
to Candor to Sincerity to Laughter and to Irony
I pledge allegiance to Passion to Compassion
to Empathy and to helping those in need |
I pledge allegiance to Resurrection of the Heart

NO
America
I Will Not Bow Down

copyright©2003 Ron Whitehead

Ron Whitehead, 932 Franklin Street, Louisville, Kentucky 40206 usa,

Sunday, January 20, 2013

Supporting the resistance, money

The other day I was in one of those large box hardware stores buying some nails. I found what I wanted and then went to pay at one of the self-service pay stations. I scanned the box of nails, popped a twenty into the machine, collected my change, and went out to my car. Just as I got to my car the thought occurred to me;  "How did the machine know I gave it a twenty?" That got me thinking.

For a while now I have been wondering how best to securely and anonymously support the various groups I am interested in.  Paying by credit card or check is a dead give away. Whether or not the government has access to the databases at my bank or credit card company is irreverent.  In the first place if the authorities wanted it, it would not be difficult for them to get access and in the second place a basic practice of any activist is to assume they are being watched. Accessing databases is really not difficult for people trained in programming. As long as one is given access, a login and password, and an understanding of how the data is laid out, a schema, then it becomes straight forward to make a query to the database.

So, credit cards and checks are ruled out. That leaves cash but how to donate securely and anonymously? Here is my thinking. There are a number of web pages talking about RFID tags being embedded into US currency others say that this is nonsense. Either way the point is there are other ways that currency bills can be tracked. Have a look at any US bill. Every one has two serial numbers on the front of the bill. It is possible, given a bills serial number, to determine what is the monetary value as well as it's printing year and which mint it was printed at. A clever programmer could write code that, given the serial number of a bill, return this information.

The next thought is how does one get their bills. Well, if I consider my actions to be like everyone else then you either get your paper money from a bank, most likely an ATM, or in change from some transaction like buying nails in a hardware store. Lets consider the ATM. Getting money out of the ATM is straight forward. You walk up to one of your banks ATM, put your ATM card in the machine, enter your PIN, select the amount you want and the machine spits out the cash and your ATM card.

OK, first step, putting your ATM card into the ATM. The card has an account number embossed on it as well as a magnetic strip. What is written onto the magnetic strip is a bank secret but one can guess it has the same number as the one embossed on the card and probability information identifying the bank as well as checksum to ensure the information has not been tampered with.  Next you supply your PIN. At this point you have proven your identity to the ATM and it now access your account. It determines if you have enough in your account to dispense the requested amount. The ATM counts out the requested amount, usually in twenties, and dispenses it and the same time it ejects your ATM card.

At this point an entry has been made in the bank's database that at such and such time, at a specific ATM, you withdrew a certain amount of money from your bank account. The ATM might have even taken your picture and added it the withdraw record. But you got your cash now you can safely send it to the organization your are supporting or can you? Lets consider the self-service check out at the big-box hardware store. How did it know I gave it a twenty ?

Well, the self-service machine scanned the bill. Every bill has the monetary value of the bill written in a very large font in each of the four corners. The bill also has the bills serial number in two places. This serial number is written in a standard font and might be printed in magnetic ink. Did the scanner read the serial number to determine the monetary value of the bill ? I think so, one more check to make sure the bill is not a counterfeit. The machine could also check for the plastic strip embedded in the paper, when exposed to ultraviolet light it fluoresce a specific color but what do you do about bill printed before the mint started putting that strip into the paper?  I have several one dollar silver certificates from the late 1950's that my grandfather gave me. It is still legal tender but does not have the plastic strip embedded in it plus also has the old layout. The serial numbers may or may not be printed with magnetic ink but the font is exactly the same so I'm pretty sure that the modern bill scanners do read the serial numbers of the bills.

If the self-service pay stations scan the bills, an assumption, then I think it is safe to assume that the ATM also scans the bills when it dispenses the bills. If it does read the serial numbers what does it do with the information. I can think of a couple of reasons why law enforcement would want to know which individual bills got dispensed to which person. Think about drug dealers and money laundering. If we go with that assumption, I know it sounds paranoid, then the safe thing is assume that every time you take money out of the ATM a database entry is made of each bills serial number dispensed to you.  Say you mail some of those bills to an organization that has been labeled a terrorist organization then you could be charged to giving support to a terrorist organization.

The rulers of this country have decided that any activist organization could be labeled a terrorist organization thereby making it easier for them to suppress decent and support the agenda of their true constituents, the corporations. As activists we need to support each other but how to do it without having the status quo take notice. I've given this a bit of thinking and in think about all of the above I have decided that the following is the way around this delima .

The way forward is to obtain bills that have not been tied to yourself. First step is to establish a pattern of usage. Deposit your paycheck or however you get paid in your bank every week or every other week based on how you get paid. Then take an amount of cash out of the ATM to last you the week, think of it, as my grand father used to call it, your walk-around money. Now, every time you buy anything, gas, food, what ever use that cash. Pay your bills you get in the mail with your checking account but everything else use your cash. Save the bills you get in change, when you get enough to make a twenty out those bills put them in a separate place in your wallet. Next time you are buying something with your cash pay the merchant then ask him if he can take the bills you have put aside and give you a twenty. Most merchants are always low on small denomination bills and will be happy to take your bills. That twenty that you just got from the merchant is not tied to you in any database so when you get home put it in a separate place like in a book or an envelope in your sock drawer. Over time you will put together a nice stash of bills.

Now how to send it to the organization you support? Simply putting it in the US mail I think is kinda of risky. The FBI has been known to open postal mail, see the wikipedia entry for COINTELPRO, and if the new paper money does have RFID tags embedded in them it wold be easy to scan for them. A better way would be using FedEX or UPS. Sending the money in a book would be best. Put in a box slightly larger than the book would make it just another box and not very noteworthy.

I know all of the above sounds paranoid but, if we have to live by Moscow Rules, the question is; are we paranoid enough

Thursday, December 15, 2011

Tools of the Occupation (Our Voices)

My Grandfather, who went to his grave a card carrying member of the Wobblies, used to tell me that the Republicans were the party of the wealthy, the privileged & the corporations and were out to fuck the working man. In the 40 since his death the GOP have done nothing to prove him wrong. In fact they have redoubled their efforts to return this country back to the 19th century. The difference between then, the glory days of the Labor movement and now is that today every man can be his own publisher.

In the early part of the 20th century, when men and women like my Grandparents were working toward change in this country, the ability to organize and spread the words and news of the deeds of the Labor movement were very limited. Radio was just beginning and most of the print media was owned by those in power who had no interest in helping the labor movement. What publishing that was done was minmograph sheets passed out on a street corner and small print run underground newspapers which were distributed mostly locally. The audience for these was small and local, mostly preaching to the converted. That was then this is now.

In the last 15 years there has been a revolution in communications, the Internet has gone from being a network of universities, research labs and DOD/DOE facilities to a world wide hookup of computers. What was once an expensive and exclusive network has become network that almost anyone can hookup to. At the same time that the Internet was opening up there has been an explosion of free and almost free software and very low cost hardware and networking that allows most everyone to have facilities that were unavailable 15 years ago.

The first and most obvious is the drop in the price of computer equipment. In the early to mid 90's an Intel 486 was a hot processor and cost around $200.00, a gig of ram was over $1000.00. Today an Intel i5 processor, which is almost 10,000 times more powerful than a 486, is about $200.00 and 4 gig of ram can be had for under $50.00.

At the same time that computer equipment has gotten cheaper and more powerful there has bee a rise in free operating systems like Linux and FreeBSD. Once a computer OS was hundreds if not thousands of dollars and it took a team of experts several weeks to install an OS. Today Linux and FreeBSD can be had for free and a computer hobbyist can install one of these in less than an hour.

Another big advance has been in networking. When the Internet was being built the standard connection was a 56 Kbits/sec line. This was between large sites. Smaller sites would be using an on demand 24 Kbits/sec dial up connection. Today the average co-location facility (a co-lo is a place where companies like Google and Apple place their servers) has a minimum of an OC-12 (600 Mbits/sec) The larger facilities will have multiple OC-192 connections to serve the co-lo. The speeds and ubuiquisness of fast connection has made the distance between data centers in Europe and North America irrelevant. What this means is that a person using a web browser in San Francisco will not see any difference, in terms of speed and latency, between a site in Chicago and one in Berlin. On the Internet national borders do not exist.

The big difference is the software. Virtually anyone who wants one can have an email address, a web-site, twitter account, a photo sharing account and an RSS feed for the asking. These resources did not exist 15 years ago. Combine these with search engines like Google and Bing and anyone who to can become a publisher and these publications can easily get the wider circulation they need. The down side to every man a publisher is every man is a publisher. Not everything on the Internet helps us. A large part is useless and there is an increasing amount of dis-information about us and our causes.

With the search engines one can find any and all points of view but this opens up opputunites for sock puppets (people pretending to be someone other than who they really are) and astro-turfing (fake grass root movements). It also allows for false flags and agents provocateurs to hijack our movements. The way out of this dilemma is for us, as a group, to collect and vet links to those web-sites, mailing lists, blogs, Internet radio stations that are truly supporting our cause and to out those sites that have been put up disrupt our movment. To that end I have started a website Redwood Empire as a start to this.

This site is a first step and it is largely disorganized but it a work in progress. One should not consider this to be the end all - be all; others, maybe you, should put up their own web-sites and link to others. Remember, an informed community is a strong community.

Wednesday, November 16, 2011

Tools of the Occupation (The Camera)

One of the camera manufactures has the slogan. "Preserve the moment". Sound advice when dealing with status quo. Without a record the 1% can do anything they want and when someone kicks up a fuss, there is no record and their statement has validity.  But with a photograph or a video, well they end up looking like the lying bastards they are. Because of this a still and/or video camera is an essential tool in our struggle.

Time was, and not so long ago, all cameras were film camera. The process was you would take some pictures, drop the film off at the drug store and several days later you would get your pictures back printed on photo paper. Tricky part was there was a negative and only one or two prints. The image was not in a digital format and it was hard to share with others.

That was then, this is now. Today you would be hard pressed to find a film camera and a place to get it processed. Almost all consumer cameras are digital and they are so advanced that just about anyone can produce a reasonable picture. Not that the new digital cameras will turn your Aunt Jane into Ansel Adams but the images will be mostly in focus with a good exposure.

Since manufactures have started putting cameras in to cell phones and the price of a reasonable point-and-shoot camera is now hovering around $100.00 every activist can and should have a camera with they at all times. But just because you have a digital camera that does not mean that you can just point & shoot and get great pictures. There are a few things that you need to do to be prepared.

Batteries -- All digital camera rely on batteries. Weather your camera uses a built-in battery or replaceable batteries one needs to carry spares at all time or make sure that the internal battery is fully charged up. If your camera uses an internal, non-replaceable battery one needs to know exactly how long the battery will last. For this reason field replaceable batteries are preferable.

The lens -- The heart and soul of any camera is its lens. The better the lens the better the camera. Modern cameras come in two types when it comes to the lens; there are those that when the camera is turned off the lens retracts into the body and a shutter cover the lens. This type protects the lens from any damage when the camera is off. The down side to this is that the lens on the camera is the one you are stuck with, you can't swap it out.

The other type of camera has a lens that is not protected by a cover. These usually are the more advanced types that one can swap out the lens for another one. The way to protect this lens is to put a neutral filter on the lens. Take your camera into a camera store and ask for a neutral filter, they will know what you want. They generally cost between $10 and $15, cheap insurance for your camera's lens.

The care of a lens is critical. Never, never, ever touch the surface of the lens with your finger or anything else other than a cleaning cloth. Your fingers have oils on them that are not good for the lens coating. Get a lens cleaning cloth at a camera store, it will run you between $5 and $10, and have the people at the store show you how to use it. Then carry it with you at all times. Don't remove the neutral filter, keep it on at all times, but keep the filter spotlessly clean at all times.

The setup -- The default settings on your camera may be good enough but a quick check is a good idea. Most camera have a built-in calendar/clock, make sure yours is on and set to the correct time. The higher end cameras are starting to come with a built-in GPS, if you have this turn it on and make sure it has synced to your location.

Most cameras record the image in a JPEG format, some in a "raw" format and some record both at the same time. If your camera will record in the raw formant you do want that. Think of the raw format as a negative. There is a lot more information in a raw then a JPEG. A JPEG is a processed image and some of the information is lost in the processing.

While we are talking about image formats, you want the largest format you can get. This will preserve lots of detail so that if you blow up the image it will still be workable. Yes, they take up a lot of space but that can easily be fixed by buying the a large fast SD card for your camera. A fast, 16GB card will set you back $50 but you can get many large images on it. While at the camera store get a large memory card. They will be able to match the memory card to your camera.

Saving the image -- Now that you have the images copied from your camera to your computer its time to do a backup. You could copy the files to another directory but that is not a backup. Should the hard drive in your computer fail you have lost both copies of those images. A better solution copy the images to an external drive. A 500 GB USB external drive can be had for around $75. Yes, it is a little pricey but it is cheap insurance. Another suggestion is to use one of the on-line storage sites. Dropbox, Box and Adrive all offer free on-line storage.  A drive seems to offer the best deal.

Keeping your images on your computer at work is a bad idea. Most employers don't mind a few pictures of family members on a work computer but large numbers of images could be a problem. Most employers regularly scan the computers hard disks and these scans do get looked at.

Publishing -- The number of on-line photo site is just amazing. The big ones like flicker and photobucket offer large amounts of storage for free. A short list of other sites can be found HERE. These sites can be used to inform others of our struggle while at the same time documenting the abuses of those who attempt to shut us down.

You should choose 2 sites for your images and sign up using 2 different names and email addresses. There will come a time when the status quo will attempt to silence us by removing evidence of their deeds by compelling those sites that host our photos, videos, blogs and other materials. By having your images on multiple sites this will slow them down.

Thursday, October 27, 2011

OWS Oakland

The last couple of days have been bad ones for OWS Oakland. The cops attacked a group of peaceful demonstrators the other night, putting one of them into intensive care. The fact that this demonstrator had done 2 tours of Iraq didn't seem to matter. He was shot for exercising his constitutional rights, the same ones he went to Iraq to defend. Didn't matter to the cops, he was just another dirty hippy who was not doing as he was told.

Today, OWS Oakland re-took the park outside of the Oakland city hall and the calls for  Mayor Jean Quan's recall are getting louder. She was in trouble with Oakland resident for her lack of action on the city's crime problem but the police riot the other night has galvanized people into action. The facebook link to this group is here:  Recall Oakland mayor Jean Quan

Mayor Quan thinks that she this is just a flash in the pan. Most of the politicians in cities around America that are seeing an OWS movement think that this will be gone with the first snows of winter. I suspect they are seriously mistaken. The winter weather may drive people away from their encampments and indoors but the issues that caused them to march in the first place are still there.

People are angry and not just the young. The young may be the ones marching but the older generation are the ones backing things up. It's the older generations, the hippies of the 60's who were in the home stretch of their working careers with a modest but comfortable retirement coming into view. That dream has vanished with the collapse of the housing & stock market. People have seen the value of their retirement money cut in half and have come to the realization that they will most likely not get to retire. What is pissing everyone off is the fact, and they are now waking up to this, the wealthy, the privileged and the corporations have spent the last 20 years or so gutting the middle class by cutting the social safety net, shipping jobs overseas and cutting their taxes to the lowest levels since the Gilded Age.  But what is really chapping their ass is the fact that the people who crashed the economy got bailed out with tax payers money and are now walking away Scott free with the tax payers money in their pockets.

Anyone who thinks this will all blow over and it will be back to business as usual is delusional. The police riot at Oakland is just the opening act of this play.  George Santayana said, "Those who cannot remember the past are condemned to repeat it". History does not repeat itself by there are patterns that come up time and again. OWS has the same flavor of the social actions of the early part of the Depression.  How bad can this get? One can start by reading about the Bonus Army. In short, pretty bad.