System Overlord

A blog about security engineering, research, and general hacking.

SELF - Vendor Booths and BoF: GPG

13 Jun 2009 in Linux (Reading time: 2 minute)

I missed a couple of hours of speakers, but hopefully they'll post the videos of it online. During that time, I visited the booths a bit more, and got into some interesting discussions. I found out about The Linux Link Tech Show, a weekly live podcast talking about Linux related issues. I talked with int eighty from Dual Core about their music, and his appearance on Hak.5. I also spent a bit of time talking with the Zenoss Community Manager, and I'm going to propose switching our monitoring at work from Nagios to Zenoss. It's significantly more powerful and robust, and I'm sure I'll have more to say after giving it a try. On top of all this, I talked with the guys from Free IT Athens. They refurbish computers for, and provide training to, the underprivileged citizens of Athens, GA.

I also attended a Birds of a Feather session for a GPG keysigning. Hopefully that will improve the web of trust for my key, as well as the keys of others. It's also something I'd like to organize for ALF or an ALE meeting. Having independently trusted keys strengthens both the web of trust and the usefulness of GPG.

SELF - DMCA and Copyright Law

13 Jun 2009 in Linux (Reading time: 3 minutes)

Presentation by Wendy Seltzer <firstname@lastname.org>

DMCA
-Section 512 (ISP Safe Harbor, Notice, Takedown)
-Section 1201 (Anticircumvention)
1998 Sonny Bono Copyright Term Extension Act
- +20 years to all copyright terms (existing and future)

Betamax exception: Technology used primarily for non-infringing purposes should not be seen as infringing even if some infringing use occurs.

McCain posted clips of interviews on YouTube, networks of original videos filed DMCA takedown notices, resulting in removal of his clips. Lawsuits under 512(f) to remedy false takedown claims.

Google shows that links have been removed per DMCA as well as publication of DMCA complaint via Chilling Effects. These complaints include the original links to the content, as the DMCA requires specificity in filing a takedown complaint.

Similar to Chilling Effects, MIT runs a site known as YouTomb which attempts to track videos removed as DMCA violations. In this site, you will find both legitimate and abusive uses of the DMCA.

The French HADOPI act, struck down by French Constitutional Court (Internet Access is key to exercising basic human rights), said that 3-time violators of copyright should have their Internet access shut off and be banned from getting a new ISP account.

Anticircumvention: If there is a technological measure intended to protect copyright, it is an independent violation of the law to break that measure. Sharpies for copy-protected CDs? Lexmark claimed the chip in their toner cartridge constituted an "effective technological measure" to prevent production of 3rd party cartridges.

MPAA claims that videorecording a TV set constitutes an acceptable analog alternative to using software to circumvent DVD protection, and thus DeCSS and similar technologies should not be allowed as an exemption under DMCA. This comes from the same group that has fought for laws prohibiting bringing a videorecording device into a movie theater. (Recorded by Timothy Vollmer, video of video of video on Vimeo)

"Sorry, you can't interoperate with that with Free Software." Anti-consumer features embedded solely in hardware and proprietary software. Free software would make users able to increase the usefulness of their DVDs and other media, but would potentially allow for infringing uses of the system.

Authors of DMCA probably did not realize impact of anticircumvention provisions, nor realize the potential power of FOSS in the realm of media. Congress is also probably not aware of the nature of the Open Source software running the rendering clusters involved in producing the movies, the servers distributing the content and trailers and other information, and many other components necessary for their infrastructure.

In closing: Monorail Kitteh now stops @ Library.

SELF - Initial Impressions

13 Jun 2009 in Linux (Reading time: 2 minute)

I'm currently at the first annual South East Linux Fest (in the opening keynote) and I'm really impressed with what they put together. It's not huge, but it's really impressive and really professional. I'm very impressed by the conference badges, the bags, the turnout, and the arrangements. I think there's a lot from this we can take away for the Atlanta Linux Fest, especially promotion-wise. ALF is in about 3 months, but that doesn't mean we can't get some things together.

Handing out conference schwag doesn't seem like a big benefit, but giving these things out to attendees will foster a more professional image for speakers and vendors, and provides attendees something to take home to remind them about the conference for the next one. (Delayed returns, yes, but returns nonetheless).

Increased promotion is a no-brainer. Organizing (and possibly funding) increased promotion can pose a problem. Some ideas: break up promotional methods, areas, etc. Start attaching conference stickers to Ubuntu CDs being distributed. Find out about placing signs at Frys, Microcenter, and maybe game stores (even the DND style game stores probably have a decent overlap with the Linux community). Also, academic institutions -- signs at universities, especially around their Computer Science departments, are likely to attract attention.

Perhaps most importantly is to build an 'image' for a conference. SELF has a very distinctive logo, and the logo is present on their website, their conference materials, and the badges at the conference. This provides cohesiveness and prepares a brand for the conference.

Some thoughts to think about, and I'm sure I'll come up with more as we progress through the day.

Automatic PPA Key Installation

07 Jun 2009 in Misc (Reading time: 1 minute)

I often use a number of PPAs on one or more of my systems, such as FreeNX, Firefox dailies, Chromium dailies, etc. I do like to use signed packages, even if they're automatically signed, but manually installing the PPA keys is a bit of a pain. The Source Guru has a solution.

New Site!

16 May 2009 in Meta (Reading time: 1 minute)

Things have been very busy since I started my job at Kennesaw State University. Because my department uses Drupal extensively for producing dynamic websites, I decided it was time to migrate my own content to Drupal. So my intent is that this replaces my old WordPress blog and also provides a place to host projects and other work.