Some ramblings on data silos and online identity

I have a problem with Google.
Google know far too much about me, and they also hold far too much of my data. Their policy of ‘don’t be evil’ isn’t comforting, especially with their recent increased product-cull rate and their lack of support among other things. All it would take is their login process to be compromised and anyone could have access to my data. If you think that’s unlikely, you should read about how their two-factor authentication lead to full account access without the second factor, nor the accounts master password.
There’s also the issue of US law enforcement having essentially carte-blanche access to the data Google owns. As someone who takes privacy seriously this sort of thing worries me.
So, what services do I use that belong to Google?

  • Email
  • Calendar
  • Contacts
  • Browsing History, Chrome extensions, bookmarks etc. (through Chrome Sync)
  • Search History
  • YouTube History
  • Old Blogger accounts
  • Google+ account
  • RSS feeds that I followed back when Google Reader was a thing.
  • Old Google Wave postings
  • Purchases through Google Checkout
  • Documents/Files in Google Docs (including University work)
  • Location information – through Google Maps searches, journey planning etc.
  • Information about websites I own through Google Analytics – even this blog.

Given Google’s lack of support for anything (even their paid Google Apps accounts aren’t much better), if I should loose access to my Google account overnight, the effect would be immediate and devastating. I’d loose access to my email until I could get a mail server online (or a different provider) and redirect the DNS. I’d have to hope that my IMAP backups worked. My Calendar and Contacts would become unsynced – Calendar is something I use quite a lot, often updating it on different devices relatively frequently. Loss of other information wouldn’t be quite as devastating, although Google Docs/Drive access would inconvenience me a lot.
My other worry, given my privacy, is how complete a picture could be drawn up should someone go through all this. They’d be able to find me on multiple services through sign-up/notification emails. They’d find all my blog postings from previous blogs.
All of this has been percolating inside me for a long time. As someone who really doesn’t like this kind of data correlation to be easy, or to be going on without me knowing, it bugs me. I’m a paid supporter of the ORG (it’s the UK’s version of the EFF); I use, advocate and run a relay for Tor. I take my privacy seriously. It’s somewhat ironic given how public I can be on sites like Twitter, and Tumblr. Notice how I didn’t link to my Tumblr? That’s because I don’t want to publicly link the content there to here, or to my real life identity.
It’s kind of funny in a way. I have posted links to my Tumblr on my Facebook and Twitter before, but despite that I still like to think that it’s semi-private. It’s not linked via a common username like some of my other accounts are. This (unintentionally) brings me nicely to the second half of this post. My online identities.
I use so many servies, and social networking sites. I have a Twitter, a Facebook, a Tumblr, a reddit account, a LibraryThing, a YouTube account, a HackerNews account, a Dragonmount account. I even have a DeviantArt account (which I occasionally log in to), a MySpace account and a Bebo account – both of which were receiving my Twitter updates last time I looked several years ago. For someone who is determined to find all of my accounts, and is nifty with Google it wouldn’t be that hard. And yet, that also has me conflicted. I often claim that I don’t filter my Twitter feed as if someone is interested in me personally then they get me personally, not a filtered me. If someone isn’t interested in the law and legal process, but they are interested in Wheel of Time then they can either get their Wheel of Time fix elsewhere, or follow all of me and get to know me better. In other words, I want people to follow me because they’re interested in me, not because they’re interested in a small subset of my interests.
And yet, there are some things I’m not comfortable with both groups knowing. For instance, I ‘came out’ on reddit before I posted on my Facebook or even my tumblr. And now I’m feeling that I want to ‘re-invent’ myself online. It’s too easy to link my profiles to me, there’s also too much content going too far back. The picture someone could construct of me if they had the time and motivation to do so is something that creeps me out – not in a bad way, but in a “this sort of thing shouldn’t be possible” way. It’s a thing with our generation, that we seem to live more and more of our lives online and in public. And yet I want the pseudonymity  that a more.. disconnected set of online profiles would provide.
I guess what I’m saying is that I want to start fresh. A total disconnect would be impractical and likely impossible. And certain things, such as HackerNews, and Facebook I want tied to my real identity. But other identities such as my reddit profile, or my various forum accounts don’t need to be. And I feel like I should embrace that they don’t.
Someday soon I shall break up my online identities, in every sense of the phrase. InnerLambada shall die. In my place shall rise….. well now, that would be telling, wouldn’t it? 😉

Redux: How I actually migrated my hard-drive

As a follow up to my previous post, I’m briefly outlining what things went wrong. This shall be a much briefer entry, and isn’t menat to be a full guide.
My guide was good until Step 11.
Firstly I did everything I needed to with standard tools – An OSX installation USB, OSX Disk Utility, Windows Installer. I used OSX Disk Utility to clone across my OSX Partition, and attempted my Windows partition, which seemed to clone fine, but another issue cropped up with Windows…..
It turns out that Windows can be funny about moving HDs and locations on HDs. I got the infamously generic blinking cursor, and none of the standard suggestions seemed to work (if someone is looking for some SuperUser rep, just post a plausible answer that could have solved the issue). Eventually I just used BootCamp assistant to remove, and then recreate the partition, proceeding with the standard installer. I then just pulled the files I needed (mostly game installers) off my old hard drive.
Everything else works fine, and the system is much speedier now.
One word of earning for Microsoft Office for Mac users. Apparently it uses some kind of hard-drive based identifier when you register it, and now that’s changed so it wants my licence key again. Which is stuck back in Norfolk. *grumble*

Migrating Hard Drives on a Mac with RecoveryHD, Filevault and Bootcamp

Please read the follow up post to this post after reading this one. Windows didn’t like the move, but the rest of my plan worked fine.
I’m shortly going to be replacing my spinning-rust hard-drive with a shiny new (fast) SSD. One hitch is that my SSD is smaller than my existing drive – but I’ve checked the sizes, and everything should fit.
Due to my slight obsession with ensuring nothing goes wrong, I’ve been googling how best to make sure nothing goes wrong. Although I’ve found various guides on how to Migrate OSX and Windows and how to recreate RecoveryHD (The accepted answer doesn’t actually answer the question, so I’ve linked directly to the answer), I haven’t found an all encompassing guide yet. So I’m going to write one as a plan.
Some software (CarbonCopyCloner and WinClone) seem to be the standard software most tutorials use for cloning. CCC claims it can handle Recovery Partitions now, but no tutorial I’ve found mentions using that feature, or deals with migrating (as opposed to recreating) RecoveryHD.
Naturally, as a plan, this is untested. And knowing my luck I may have forgotten some crucial step, so if you follow this guide then it’s at your own risk.
For reference: I’m using an Early 2011 MacBook Pro. Mountain Lion (10.8.3) with FileVault 2, Windows 7.
Things I still should check up on:
Enabling Filevault 2 or creating Bootcamp first? – I don’t imagine it will make any difference, but as both mess with the Partition layout (as I understand it), I want to be sure.
Update: As far as I can tell it, it makes no difference. All the problem reports I’ve seen refer to cases when FV was enabled with Bootcamp, but only the 3.2 Bootcamp drivers were installed – this would cause a BSoD in Windows as it choked on trying to mount an encrypted HFS+ partition. So I’ll stick with the order outlined below.
Step 0: Disable FileVault 2, to eliminate any risks it may create. Do this first as it can take a while, and it doesn’t actually make a difference for a while.
As I’m going to create a new recovery partition, I don’t want to restore an encrypted OSX, only for the recovery partition (which is used to bootup and ask for the password) to not have the method to unlock it.
UPDATE: Apparently OSX doesn’t like resizing CoreStorage (i.e. FileVault 2 volumes), so this is necessary for me as I need to resize my OSX partition.
Step 1: Check you have a full backup of everything.
My plan here is to use my normal Time Machine backup for OSX, and take an image of my Windows Partition, which shall be stored on my NAS.
Step 2: Download the Mountain Lion installer from the App Store. Use Lion DiskMaker to create a bootable USB with the Mountain Lion installer. Altnertively: Extract the installer and create a bootable USB by hand :/
(My Mac doesn’t have Internet Recovery independent from the Recovery Partition IIRC, so I need to have the OS installer around for when I switch the discs.
Step 3: Delete the ML Installer you downloaded – it’s 4GB!
Step 4: Check Filevault has fully decrypted. Double check. Triple check.
Step 5: Shrink your partitions on your source disc so they’ll fit on your new disc. For me it will mostly be OSX I shrink as that’s where a lot of my free space is…..
Step 6: Take a new TM backup and a new Windows Image. – The new Windows Image is especially if you touched the sizes of their partitions – as you want to ensure your images will fit onto the new disc.
Step 6: Swap the discs. Keep your old disc disconnected.
Step 7: Use the USB installer you created to install Mountain Lion. You should now have a recovery partition on your new disc. Along with a virgin OSX install. Install all OSX updates available – incase they update the Recovery Partition (you don’t want an out of date recovery partition).
Step 8: Clone your Mac Partition across. You should now have a working OSX install with all your OSX data.
Step 9: Disconnect your old disc. You’re done with that now (in theory).
Step 10: USe Bootcamp Assistant to create the Windows Partition. Don’t install it.
Step 11: Use the image of your Windows partition 1 to put Windows back onto that partition.
Step 12: Boot into windows and deal with anything that throws your way if Windows decides it’s not license or whatever. And we now have a working Windows install
Step 13: Re-enable Filevault 2 in OSX. Let it encrypt itself in the background.
Step 14: Take a new set of backups.
Step 15: Dance a merry jig.
Step 16: Realise you’ve forgotten something crucial and give up on this and head back to your old disc with your tail between your legs.

2012 in Review

An unimaginative title, I know, but it’s that time when we celebrate the Earth moving past an arbitrary point in its orbit around the Sun.
So, what have I done, and what has happened over the last twelve months?
In no particular order…

  • I finished my placement with IBM. From July 2011, through June 2012 I was on placement. Overall a very enjoyable time. It had stress, but compared to second year of University it was very very enjoyable. I met people who really knew their stuff, and gained several friends. To go from earning £15,000 over those twelve months, back down to living off student loans and parents was not a pleasant experience.
  • I’ve read quite a few books – no real surprise there. I’ve picked up a taste for Dystopian Fiction it seems – several of the series I’ve started have revolved around that theme. Although There’s my normal mix of books in there as well.
  • My dog, who I’ve had for over half my life died on 27th December 2012. He’d been with me for 14 and a half years. The house feels empty without him now.
  • I accepted who I am, and came out to friends. It’s helped to make the first semester of Final Year so much more enjoyable. I’m still not out to my family however.
  • I shifted my website from an unmanaged VPS to a Dedicated Server. And promptly managed to break its networking entirely. IPv6 is still dodgy for some reason.
  • I took part in Stripes Capture the Flag challenge. Over the summer, I spent a few days feverishly trying to break various web applications and APIs. I managed to be the 295th person to finish it – in a hair over 4 days. Half of which was spent on the last challenge.
  • Started my final year of Uni. Module wise it’s going much better than second year was. I put that down to being able to actually choose my options this year. So I’m finding the content interesting, and most of the modules are fairly well taught.
  • Got a job offer. Assuming I get a 2:1 I’ll be back at IBM Hursley in September. No idea what I’ll be working on yet.
  • I got a tumblr. March 9th was my first post. Since then I’ve racked up almost 1,500 posts. It has some great people on there, and some not-so-great sides, Like any community. I’m still not sure whether I love it or hate it. Either way, it’s somewhat addictive. Luckily my dashboard is manageable, and I rarely venture into tags.

There may be more, but I honestly can’t remember them, so they can’t have been that important.
 
What do I hope for 2013? I really don’t know. I think at the moment I just want to get a 2:1 and start working.

This is the hardest thing I've ever had to post

This is the hardest thing I’ve ever had to post, and if you’re reading this I consider you a friend; so it’s time to be honest with you. My only request is that you don’t share this with my family. They don’t know, and they’ll need their own explanation in time, in person.
I’ve been running and hiding. For so long I’ve denied who I am, but I know that you stuck with me through my ups and downs. Some of you may have suspected part of this, for others it will be totally out of left field. Either way if you have any questions feel free to comment, or message me, or ask me in person.
The short version is that I’m gender-queer. This means that I don’t happily fit in as either a male or female. I’m happy presenting as male most of the time, But sometimes I want to be more feminine. When I have to I can go for months at a time being male and relatively happy, but I feel much more comfortable when I don’t confine myself to presenting as male. So occasionally I may wear something feminine. Currently it’s most likely to be shoes, but in the future, it could be more comprehensive. I hope to one day be able to present as entirely female, or at least androgynous when I choose. In the mean time I will look like a guy wearing some female stuff. And I’m fine with that. It’s how I am. and I hope you will be fine with that too.
I’ve known something wasn’t right for a long time. Definitely since I was about 11 or 12, although possibly earlier. I had occasional forays into exploring my gender, but I only started actually questioning myself properly in my first year of university. And now after 3 years of questioning and learning, I’ve accepted who I am. I’m not always a male. I’m not always a female. I am who I am. I’m happy with the name Sam(uel). I’m happy with being biologically male. But I’m also happy with presenting as female, or androgynous. I’m happy with male, female and gender-neutral pronouns. I am happy with wearing whatever clothes I feel like. I am happy with me.
If you’ve made it through that, thank you. Again, if you have any questions, you are more than welcome to ask.
Maybe now the super-happy-times can begin? ^_^

Apologies for the Downtime

Just incase anyone legitimate was trying to reach this site recently, apologies.
I took down my blog after I was alerted to someone using my server to host a phishing website. Currently I believe the initial attack vector was WordPress – I recently had a glut of fake user signups. Needless to say, I won’t be letting it get out of date again.
Due to this, and the fact that Uni has now started again, my post on Stripe’s CTF and my solutions is delayed, possibly indefinitely. The irony of writing up a post on how to exploit/avoid security vulnerabilites after this happend to my site is not lost on me.
However, if Intelligent Agents is as good it seemed today, you could expect a post shortly on the similarities between the social/communication issues Agents face, and those faced by nodes in Freenet and relays in Tor.

FAQ on #Assange

So it seems like there’s a lot of FUD out there on Assange, and his situation with the UK, Sweden and the US. So let’s get some things straight:
#1 He is wanted for questionning on two alleged rapes.
I’ve seen it claimed that he is wanted for “sex without a condom” which is such a twisting of the facts it’s beyond belief.
Two two complainants claim that they made it clear that consent was only given if Assange used a condom. They then claim that whilst they were asleep he had sexual intercourse with them without a condom. So, putting the condom aside (so to speak), they claim he had sex with them WHILE THEY WERE ASLEEP. This clearly meets the definitions of sexual assault under both UK and Sweedish law.
#2 Sweish law requires the second round of questionning to happen on Swedish soil.
This is why they have refused to question him in the UK. The Swedish legal system has a very different structure from the UK/US one, in that when you are charged with something you will see court very quickly and are unlikely to be released for lack of evidence. (this is also a reason why the EAW is valid).
#3 He cannot face the death penalty in the US.
Under EU law (specifically the ECHR) someone cannot be extradited to a country where they will face the death penalty. Both the UK and Sweden are bound by this law.
#4 He cannot be extradited to the US until he is charged with something in the US.
He has not been charged, thus any extradition cannot yet happen. If the charge carries a possibility of death, then he cannot be extradited (See #2).
#5 The UK->US extradition process is far easier than Sweden->US.
The swedish system has a very long and complex extradition process, compare that with the simple process in the UK that people such as Gary McKinnon have faced.
#6 Any secret extraction could easily have happened when he was stuck in Suffolk.
He was stuck in  a remote place for MONTHS. In terms of secret operations it would have been a perfect chance for the CIA to strike. Once he’s in the Swedish legal system though, a quiet extraction is hardly likely.

Cryptosphere

Found out about Cryptosphere today.
It seems similar to Freenet, but from my understanding should be less attractive to the people who share almost-universally-illegal-material. This is because it doesn’t hold anonymity as the first pillar above all else, and also by discouraging short-term idenities through what seems to be a web-of-trust style system.
That said it still provides Plausible Deniability around whether any requestor has access to the unencrypted contents or was merely caching a random file; but in cases where mere possesion is a crime it may not be sufficient, as the law undoubtably has huge databases of known illegal material, and can trivially compute the hashes for them, thus showing whether the node contains the file.
Hopefully this will help to make it be more successful than Freenet, but the fact it could still hold unsavoury data means it probably won’t, which will again limit its size. This is ultimately the problem of all similar networks – Freenet, Tor, and i2p; the small size of the networks immediately pinpoints you as suspicious.

Am I burning out? / WTF is wrong with me?

Disclaimer: These are my semi-incoherent ramblings, and despite what is set out below I do still overall enjoy working for my employer. I just haven’t mentioned this to them yet, as I’m not even sure what to say. Perhaps this is why I’m writing this? So I can sort it out? Who knows, but this post shouldn’t be taken as a criticism of work in any way.
I think I might be getting burnt out. Or atleast beginning to.
I’ve been on Placement now for about just over 6 months (over half way!), and generally I have really enjoyed it.
But ever since the ~3 weeks that I took off for XMas, my heart hasn’t been in it. Not fully anyway. Occasionally I’ll throw myself into something – and I seriously hope that happens tomorrow; but overall my productivity has, I feel, nosedived. I used to take just a couple of breaks away from the screen to rest my eyes, and I feel like I’m taking more breaks, more frequently and for longer.
I realise 6 months is nothing, but given that this is really my first real demanding job, could it be that I’m not used to it? Or perhaps that a 9-5 job isn’t my thing. Or perhaps a career in programming isn’t my thing? Perhaps this is what they meant when they said that Placements often tell you what you don’t want to do, rather than what you do want to do. I don’t know, it’s odd, I do still get some satisfaction when I complete a task, it just seems to be taking me far longer than it should. this probably isn’t helped by the fact that my afternoons seem to have about 2 hours of meetings happening more regularly. It’s not like we just have the 30 minute scrum call anymore. That’s another thing actually, I don’t think it’s worth starting anything if there is just 30-40 minutes left before another scheduled interruption.
When I get back to my Southampton house after work, I essentially die. I browse the internet (mostly refreshing Twitter, Facebook, HackerNews and Reddit), I watch TV. I can’t even be bothered to read at the moment – despite having several books on my shelf that I am looking forward to reading. I just don’t have the energy anymore. When I get in the car now , either to or from work, I often jsut want to drive. Whether it’s up the M3, missing the exit to work; or down to.. well I don’t know. I don’t tend to think of a particular destination. Sometimes it’s Home, in Norfolk, sometimes Stevenage although there is nothing there for me anymore; mostly it’s just anywhere except where I’m meant to be going.
I don’t even want to think about Final Year. I’m dreading it. I think that’s because I know that the concept of ‘Free Time’ doesn’t exist with a Uni schedule, particularly in Final year. It’s something I’ve got used to whilst being on Placement, but then again I’m not exactly doing anything with it, am I? Even at weekends I either vegetate, or head into town and window shop.
I don’t think the subreddits I browse help me much. They tend to give me the travel bug for some of the amazing pictures they have. Combine that with me searching for blog posts of people going on around the world backpack holidays and I think I’ve given myself a recipe for disaster. Except that I can’t help it. Even before I applied to Uni I toyed with the idea of taking a gap year. I didn’t on the advice of my college tutors who said that Uni’s don’t like those oging into Science subjects tkaing a year out. Something about Maths skills degrading. I regret taking their advice. In second year the itch wasn’t too bad. But now, when I can’t do anything about it for atleast 18 months…
I don’t even know why. My pseudo-internal-psychologist tells me that I want to escape from whatever the root cause of this is, but I don’t know if it would help in any way. Let me be clear, when I say travel I don’t mean staying in Hotels in the touristy parts. I mean me + backpack + camera. Everyone agrees that it totally changes your perspective, which perhaps is what I need afterall. But then, that’s my Wish-I’d-Taken-Psych self talking. As if I have a fucking clue about it.
That’s another thing actually, I’m starting to wish I’d done a US Uni degree thing – simply so I could branch out. I feel too stifled in this rigid box called comp sci. Or perhaps that’s just me rationalising a reason for my poor performance to date. Seriously, at this rate I think I’ll be lucky to get a 2:1. And to think I arrived with hopes of a 1st. Hah!
I don’t know, perhaps I am a jack-of-all-trades. My interests are too many to list them all. Off the top of my head I’m facinated with Psychology, Software Dev,
Actually that truely was off the top of my head, and Psych popped out before anything related to my degree. Does that say anything? I have no fucking clue. Only that, perhaps, I shouldn’t bother trying to get anything more than a BSc.
Anyway, I’m not sure. I know I should probably jsut make some fucking decision about anything. Work, Degree whatever, but I can’t. Currently I’m already counting down the days until my easter holiday that I’m going to book off when the holiday system lets me.
Speaking of counting the days, getting rid of leap seconds? what a fucking crazy idea.
Addendum: Perhaps browsing HackerNews has changed my expectations about doing programming for a job? Surely not every day should result in a new website launch / UX revelation / [Insert spurious personal wellbeing story that may involve polyphasic sleep. Actually perhaps I should submit this, under a title of ‘Did HN do this to me?’
And that was me trying, again, to find someone other than me to blame for this. I’m going to shove Mr ‘I’m going to BS about Psych like I do it for a Living’ into a box for now.