The BFC Computing Weblog

I’ve written before about the limited usefulness of plausible deniability, especially in relation to software like TrueCrypt, a hard drive encryption program.

The gist of plausible deniability with TrueCrypt is this: You have multiple encrypted hard drive partitions. When your enemy forces you to reveal your keys, you reveal the low-cost key, and the enemy sees some data that he doesn’t care about and sends you on your merry way. The ‘real’ stuff you want to hide is still hidden.

This works if two conditions are true:

• The enemy doesn’t know you employ a product with plausible deniability
• The enemy can merely detain you

If those conditions aren’t true, you’re in big trouble. Say a violent group gets you and your data. They know TrueCrypt has plausible deniability, and they really want your data. You’re going to be tortured until they get what they want, it’s that simple, and ugly.

Now, the worst possible scenario is that you can’t give up ‘your data’ because it doesn’t exist. But only you know that. The bad guys think you have it and they know you have plausible deniability. You’re completely screwed.

For this reason I’ve been against plausible deniability systems for defending against all threats (yes, TrueCrypt would still be fine from hiding that porn you have stashed away on your home PC).

This changed when Cal Harding introduced the concept of Complete Deniability. That is, you can prove that you have no more plausible deniability.

Here’s how it can work: With TrueCrypt, you could have a utility that, once inside a locked data set, could be given a set of keys and ensure that those keys account for all readable data and all blocks of the storage device. Because TrueCrypt is open source, the bad guys can trust this utility to verify that you’re no longer hiding anything. They can review the source and compile it themselves, if they wish.

But, good news for you, you get to go home. Because even bad guys don’t like to waste their time and you’re not otherwise terribly interesting. Odds are you’re not getting your laptop back once the bad guys find your porn bank, though.

I was cleaning up my hard drive today and found some screenshots I took of websites on 9/11, in Apple PICT format. Less than 7 years later, those PICT’s aren’t viewable on OSX in the Preview application (the standard image viewer). Seeing as this OS came out in 2005, it was likely abandoned then. At the time I was running the latest version of Mac OS 9, judging by the screenshots.

So, less than 4 years of support for that presumably very common file format.

I’ve converted the pictures to PNG (Using Photoshop 7, which can parse them), which as an industry standard open format ought to be recoverable for some time to come.

This has been reason #687 to avoid proprietary file formats.

Have a read here and boggle in disbelief.

I used to run Trixbox on my PBX; I started when it wasn’t a commercial product, and Tim did a great prezo on it for SLUG. When they required registration to run the software I became very uncomfortable. When I couldn’t administer my PBX one day because their server was down, I switched to Elastix, and I couldn’t be happier - I should have done it sooner; it’s a superior product.

If you’re still sitting on the fence, this behavior from Fonality is likely to knock you square off it. That Fonality relies so heavily on FreePBX only makes it so much more inconceivable. Assuming this is true, only the dismissal of the individual involved could regain any trust the community once had in Fonality.

Oh, and BTW, a FreePBX backup and restore makes it fairly simple to switch from Trixbox to Elastix.

After reading about Barracuda moving to invalidate a bogus patent Trend Micro filed for on virus-scanning at an e-mail gateway (many of my clients depend on this technology) in January, I sent Barracuda the following note:

          -----Original Message-----
          From: Bill McGonigle [mailto:bill@bfccomputing.com] 
          Sent: Tuesday, January 29, 2008 12:24 PM
          To: legal@barracuda.com
          Subject: possible SMTP prior art - TFS
          
          From:
          
          http://groups.google.com/group/comp.mail.sendmail/
          browse_frm/thread/3cee3dc93ea81690/a8cd75d669fbd6b7?lnk=st&q=smtp+virus+scan#a8cd75d669fbd6b7
          
          Its pretty functional - gateways between any/all MS/MAIL,
          WP-OFFICE, CC:MAIL, SMTP, UUCP, MCI-MAIL. It does uuencode
          and MIME attachments (configurable per address or domain
          wildcard) and international characters. It can also virus
          scan attachments on the way through the gateway, and access
          can be controlled on a user by user basis!
          
          (message dated July 25th, 1995).
          
          It looks like it's still around in some form from foxT:
             http://www.tfstech.com/
          
          Good luck,
          -Bill
          

I never heard back more than a quick “thanks!” from Dean Drako, CEO of Barracuda, but today, I read they’ve moved ahead with this strategy and Goran Fransson, developer on TFS, is a new open source ally.

Dean writes of Goran, “We greatly appreciate the time that Goran Fransson took in coming forward to share this very important piece of prior art,” Drako says. “We believe that his testimony is instrumental in our case against what we believe is an unjust patent claim by Trend Micro against Barracuda Networks and the open source ClamAV project. In our view, Goran is an open source hero.”

Full disclosure: I’ve sold completely open solutions, based on postfix/MailScanner/clamav/sqlgrey against Barracuda’a blackbox appliances, but I’m glad they’re fighting against Trend Micro’s abuse of the system.

If you run across:

function "lexize" already exists with same argument types
          

in PostgreSQL, when adding tsearch2 to a database, even when you’ve created a fresh new database, you probably have a corrupt copy of tsearch2 in your template1 database, which is used to create your ‘fresh’ database.

To fix this, copy the uninstalltsearch2.sql somewhere temporarily (on a Fedora-derived OS it’s at: /usr/share/pgsql/contrib/uninstalltsearch2.sql) and remove the BEGIN; and END; transaction statements from the file, then run it against your template1, ala:

psql template1 < /tmp/uninstalltsearch2notransaction.sql

and it will go through and delete all of tsearch2. Expect some failure messages if it’s partially deleted already, this is normal.

Now you can load tsearch2 into your new database without complaints.

Ouch.

Every flash-enabled web browser without a Flash-blocking feature (ala NoScript) is vulnerable to remote compromise.

Having this much exposure completely controlled by one proprietary 3rd-party closed-source vendor is bad for the ecosystem. There’s a Free Flash clone underway, but it’s not good enough to replace Flash for many sites that require Flash, and many sites now require Flash.

Please, website designers: Stop hurting the web. Make sites that can be used without Flash, and add all the glam you want around it. Because Flash isn’t an open standard this problem will always exist. AJAX and SVG can accomplish all or most of what Flash can do, and any talented designer can figure these out.

Update: Adobe has updated their info, and it appears the very latest version (9,0,124,0) is not exploitable, thus this is not zero-day, and I didn’t need to publish this article. Title was: “0-Day Flash Vulnerability In The Wild”.

Sure enough, Microsoft has come back and offered to buy only part of Yahoo! this time (the part it cares about, obviously). This doesn’t prove my conjecture that it only cares about Zimbra, but it sure doesn’t rule it out!

Photos of Jeff Bonwick of ZFS fame and Linus Torvalds of Linux fame. Turns out that they’re neighbors and Jeff was just helping Linus hook up a new gas grill. (j/k)

ZFS is the ‘one filesystem to rule them all’ but it can’t be brought into the Linux kernel because of patents and licenses. ZFS is licensed under the CDDL, which gets it into FreeBSD and OSX, which are BSD and thus compatible with the CDDL, but not into the Linux kernel, which is GPLv2. If Linux were GPLv3, it would be possible for Sun to also license ZFS as GPLv3 and the twain could meet. However, Sun doesn’t really need to bother if Linux isn’t going to do it.

Note that a cleanroom implementation of ZFS could be GPLv2-compatible, but since it’s not CDDL-based the code wouldn’t have patents grants. “Sun Sues Linux Kernel Developers, News at 11” helps nobody.

I wrote on the ZFS list that having ZFS as a de-facto standard would lift all boats, and help Sun sell Thumpers. Assuming Jonathan dispatched Jeff to broker a “I’ll show you mine if you’ll show me yours” with Linus, we can look forward to the day when digital cameras come with ZFS flash cards instead of FAT32. And that the current owner of the FAT32 patents would be further isolated is really a key point.

Blaine Cook, formerly of Twitter, reminds folks that architectures scale, not languages.

Some folks have been complaining recently that RoR doesn’t scale, yet sites like Yellowpages.com know how to do architecture and do just fine with it. This isn’t to say that Ruby and Rails both couldn’t be faster and better optimized for scaling, but ‘going wide’ should be easy with a good architecture.

The claim of request uniqueness in Twitter’s case is an illustration of an architecture challenge. I’m always amazed how well Slashdot does with that same problem.

In the past I’ve covered security problems in various software packages I don’t use or recommend, and I haven’t been doing that for some time, but I don’t think I wrote a note to that effect. Going forward I’ll try not to replicate the work US-CERT is doing and avoid pointing out anything less than problems that are highly out of the ordinary, like the recent debian OpenSSL problem or where official channels are just simply too slow.