My entertaining and educational experience with immi.us

This post is a short story about my experience with the domain, immi.us. I was attracted to the idea of owning immi.us because I wanted my own platform to share information about the Icelandic Modern Media Initiative. I try and talk to anyone who will listen to me about the IMMI and why I think it’s so important.

December 2010

The story starts out with me inquiring about the cost of the domain since it was parked at the time and owned by a company dedicated to domain squatting. I hate companies that do that so I don’t feel sorry for how things have turned out.

I received two messages with the same content but was not interested in dealing with the ridiculous price. So I left it at that for a few months.

July 2011

I felt anxious again and decided to email them directly, ignoring their previous communications.

Still being frustrated by the high price for immi.us, I noticed that the domain was expiring soon. There was no harm in waiting to see if they’d let it go, especially with their last message sounding like they were willing to let it go for less than their imaginary asking price.

I also noticed that it was registered with GoDaddy. Gross, I know, but one of their services was clearly worth it considering the outcome. I signed up for GoDaddy Auctions (godaddy.com) so that if the domain were to not be renewed, I could try to bid for immi.us.

August 2011

This was my best move ever with regard to domain management, because, it turns out, the company who was parking it didn’t pay for renewal. And I was the only bidder for $12! So much for 2,000 GBP (~$3,000).

So I was a happy little camper. I used (and still am using) immi.us to host a WordPress blog for documenting the news about the IMMI. I even spoke about the IMMI and the immi.us website in October at InfoCamp (infocamp.org) 2011 at the University of Washington, which was successful because I ended up getting feedback from one person who is now a good friend.

December 2011

The tides turned as I became even more educated about politics and the internet when the SOPA and PIPA bullshit became hot topics. GoDaddy helped develop the legislation (thedomains.com) and I couldn’t tolerate using them as a company anymore.

While netizens were sharing information (reddit.com) about who to avoid, who to use, and why, I learned quite a lot and discovered that Dyn is a registrar. Dyn was both transparent and educational about SOPA which I have a lot of respect for:

April 2012

I finally got around to starting the process of a domain transfer.


In the mean time, I received an unexpected email from the company who formerly owned immi.us. The timing was really weird.
LOL? I didn’t bother responding.

May 2012

The transfer was taking longer than any transfer I’ve experienced before. I inquired but didn’t get anything useful.

But something completely unheard of to me had happened during the transfer process. It failed, and at this point in time, neither GoDaddy, Dyn, or Dyn’s registrar-parent Tucows knew why. More on this further down.

May 2012

After a couple of weeks, speaking to GoDaddy support and Dyn support, I finally had my issue escalated to Tucows since WHOIS was correct and they were listed as the registrar (the .us TLD affiliate of Tucows). A gentleman by the name of Paul had called me to inform me about Tucow’s relationship with  Dyn. Here’s a partially redacted transcript of the nice voicemail he left me:

Hi, It’s Paul from Tucows returning your call. Christopher, it looks like DynDNS is a Tucows affiliate, so they are a reseller of ours, so whereas you may not see them when you query WHOIS, they are indeed your first point of contact. But because Tucows runs a wholesale model, you’ll see us in various parts of the Internet, and you may see them in various parts of the internet. This probably isn’t making much sense. But, can I invite you to send me an email to [redacted] at Tucows dot com and I’ll try to clarify it a bit better for you. Thanks.

So obviously Paul at Tucows wasn’t fully aware of my situation, so I sent him an informative email to help the situation.

And here’s what had happened according to Dyn!

…there was a problem on there end due to DNSSEC being enabled on the domain. This caused their system to believe the transfer failed and subsequently fail in our system (including cancellation of payment).

So if you ever have DNSSEC (wikipedia.org) enabled on a site before transferring, be mindful of this possible issue! To the best of my knowledge, I did not disabled DNSSEC on GoDaddy’s’ end prior to transfer. GoDaddy did, in fact, successfully transfer the domain away. Tucows had a problem receiving the domain because of the DNS key signing.

Upon investigation, it looks like ICANN was looking into the issue:

DNS/DNSSEC and Domain Transfers: Are they compatible? (PDF)

Further, it looks like (dnssec-deployment.org) GoDaddy is not a competent DNSSEC operator.

There is a downside, of course, and that is that it will be hard to move away from an incompetent DNSSEC provider. However, you can do that by removing the DS completely from the parent (i.e. going insecure), in which case none of the checking by the registry is needed.

Had I known, I would have just removed my DS records prior to moving. Cheers!

Editing WordPress’ BuddyPress image header

Researching how to do this took way to long–these are simple notes to help others. My goal was to use a taller image, in the header, in the default BuddyPress theme. Below is what worked for me–adjust accordingly.

EDIT: (line 156)

 /*path*/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/css/default.css

FROM:

 padding-top: 25px;

TO:

 padding-top: 250px;

EDIT: (line 94)

 /*path*/wp-content/plugins/buddypress/bp-themes/bp-default/functions.php

FROM:

 define( 'HEADER_IMAGE_HEIGHT', apply_filters( 'bp_dtheme_header_image_height', 133 ) );

TO:

 define( 'HEADER_IMAGE_HEIGHT', apply_filters( 'bp_dtheme_header_image_height', 363 ) );

And that’s it! Cheers

The .US and .CN’s Relationship Regarding National Cyber Defense

This post is still under development. Really, it’s a mess. Just making it public so I don’t have to log in to read and think about it.

Finally! My amateur information studies and current affairs interest collide. I am fascinated by a recent meeting of China’s Minister for National Defense Liang Guanglie and the United States Secretary of Defense Leon Panetta. So much so that I’d like to take this opportunity to analyze the event using some OSINT and some ideas that I’ve been toying with.

The information that I’d like to focus on–the primary information–revolves around the specific discussion of internet-based threats between the two countries. There are many genuine news articles covering Guanglie’s visit, many of which simply reiterate the same information, but there are less that concentrate on cyber defense issues.

Objectives:
  1. Collect related OSINT and define the primary information and information sub-classifications
  2. Graph on a 2-dimensional ERD the four preidentified “dimensions” (analysis of each dimension should output their own unique data)
    1. The people and organizations that the news media is about and their relationships (focus: classifications I-V)
    2. The people and organizations that document and process the information shared by ‘2A’ and their relationships (focus: classifications II-V)
    3. The information that ‘2B’ shares and the relationships between information for a single news article (focus: classifications I-V)
    4. The information that ‘2B’ shares and the relationships between information between all articles concerning the predefined primary information (focus: classifications I-V)
  3. Describe the relationships via information classification normalization (focus: dimension 2C and 2D), or, in other words, juxtapose all four dimensions
Goal:
  • To describe, as holistically as possible using internet-based media, the public’s theoretical whole-view of the event.
Note:
  • I’m actually going to limit myself on the number of information sources that I use since none of this is automated and it is all very theoretical. Ideally, an automated system, such as new functionality built into Google News, would be able to process all indexed articles on the web.
Classification I (primary) sources:
  1. http://www.bbc.com/news/technology-17989560
  2. http://www.v3.co.uk/v3-uk/news/2173196/chinese-security-chiefs-defuse-cyber-cold-war
  3. http://news.nationalpost.com/2012/05/08/u-s-and-china-working-together-to-prevent-cyberattacks/
  4. http://latimesblogs.latimes.com/world_now/2012/05/washingtonchinas-defense-minister-denied-monday-that-his-country-was-the-source-of-cyber-attacks-directed-at-the-us.html
  5. http://blogs.voanews.com/breaking-news/2012/05/08/us-china-to-cooperate-on-cyber-security-2/
  6. http://www.thejakartapost.com/news/2012/05/09/us-defense-chief-cyber-attacks-affect-both-nations.html-0
  7. https://www.ajc.com/news/nation-world/us-china-to-cooperate-1433185.html

Raw txt: http://anon.is/raw1.txt

Classification II-V sources:
  1. http://www.chinadaily.com.cn/cndy/2012-05/12/content_15275513.htm

 

https://en.wikipedia.org/wiki/Liang_Guanglie
https://en.wikipedia.org/wiki/Leon_Panetta

————————-
Retrospective observations:
  1. Are we, as information consumers on the net, just supposed to assume that the primary information is the condensed subject matter in an article’s title?
    1. Are we to presume that the author is aware?
    2. Why is information not clearly identified via classification or relationship description?
    3. The net provides vast OSINT. Why do news media organizations limit themselves by pulling targeted information out of other information sources?
  2. Why are those sources, at times, not hyperlinked?
    1. Why don’t said organizations design information gathering systems (#bigdata) to provide seamless information traversal using smart UX?
– Some do minor historical analysis and even less do trend analysis.

Information producer takeaways:

Information consumer takeaways:

Questions: Intel S1200KP and 520 series SSD Full Disk Encryption

I’m writing this post to remind myself to pick up an Intel 520 Series SSD in *hopes* that the Intel S1200KP supports ATA passwords to utilize the 520’s AES, 256-bit, full disk encryption. I really want these two products to play nice for a couple of reasons:

  1. The S1200KP is mITX, has two SATA III ports, has two Intel GbE ports, and a 3 year warranty
  2. The 520 is SATA III and has a 5 year warranty (unlike the slightly cheaper 330 with a 3 year warranty)

The 520 series product spec includes:

Advanced Encryption Standard (AES) 256-bit EncryptionAES 256-bit encryption is an  industry standard in data security, providing a hardware-based mechanism for encryption and decryption of user data. Utilizing a 256-bit encryption key, AES encryption — when combined with an ATA drive password — helps protect user data.

But the S1200KP product spec isn’t verbose about ATA passwords:

3.9    BIOS Security Features

The BIOS includes security features that restrict access to the BIOS Setup program and who can boot the computer. A supervisor password and a user password can be set for the BIOS Setup program and for booting the computer, with the following restrictions:

  • The supervisor password gives unrestricted access to view and change all the Setup options in the BIOS Setup program. This is the supervisor mode.
  • The user password gives restricted access to view and change Setup options in the BIOS Setup program. This is the user mode.
  • If only the supervisor password is set, pressing the <Enter> key at the password prompt of the BIOS Setup program allows the user restricted access to Setup.
  • If both the supervisor and user passwords are set, users can enter either the supervisor password or the user password to access Setup. Users have access to Setup respective to which password is entered.
  • Setting the user password restricts who can boot the computer. The password prompt will be displayed before the computer is booted. If only the supervisor password is set, the computer boots without asking for a password. If both passwords are set, the user can enter either password to boot the computer.
  • For enhanced security, use different passwords for the supervisor and user passwords.
  • Valid password characters are A-Z, a-z, and 0-9. Passwords may be up to 16 characters in length.

More info:

The ATA Password is often referred to as an “HDD Password” in system BIOS.  If the system allows, it is recommended that both “User” and “Master” passwords are configured for maximum security.

Good news update! The S1200KP looks promising with the most current BIOS update!

Up-to-date BIOS
HDD password options!

It’s really odd though–Intel’s complete lack of documentation on how to use FDE for their own products. No benchmarks and no security reviews or whitepapers. Even on the Intel forums, people are bewildered. On third-party review sites, they mention the ability but don’t test it. Ridiculous.

I’ll see if the S1200KP can do it. It might be a month, but I’ll update this post when I do.

Installing Tomb in Ubuntu 12.04 LTS

The following guide was written since Crypto.is has been offline for a couple of months. The guide has been updated and tested for Ubuntu 12.04 x64.

This guide can be used in conjunction with my previous, related post, Installing and using Tomb in Ubuntu 11.10.

Tomb is a lightweight encryption tool for managing encrypted containers. It’s ideal for backing up password files somewhere on the Internet since you keep the keyfile separate, like on your USB memory drive. With the release of Google Drive, Google has provided an excellent service for your Tomb files (in tandem with Google Authenticator, a free multi-factor authentication service, you can better secure your Google-managed data). Ubuntu One is another cloud-based service which is also free.

Note: This specific blog post is licensed as Creative Commons CC0 for the purpose of contributing to the Crypto.is project. You are free to copy, change, delete, or publish any part of this guide.

# sudo apt-get update ; sudo apt-get install build-essential autoconf libtool libgtk2.0-dev libnotify-dev zsh pinentry-curses pinentry-gtk2 debconf git vim
# git clone git://github.com/cryptodotis/Tomb.git
# sudo vim /etc/apt/sources.list

Add to the bottom of your sources list:
deb http://apt.dyne.org/ubuntu dyne main
deb-src http://apt.dyne.org/ubuntu dyne main

# wget http://apt.dyne.org/software.pub
# gpg --import software.pub
# sudo apt-key add ~/.gnupg/pubring.gpg
# sudo apt-get update ; sudo apt-get install -y tomb

Check version:

# tomb -v

Then check out how to use Tomb here: Installing and using Tomb in Ubuntu 11.10.