WEEK ago I asked my bank for clarifications on privacy. The bank manager never called back at all (they had promised s/he would), essentially making promises in vain and evading the serious issue. I contacted NatWest again, expressing disappointment that they broke their promise. An advisor told me they would call back shortly, but I have been waiting for many hours in vain. Here is the chat log:

You are now connected with an adviser.

Guri: Hi, you’re chatting with Guri. How may I help you?

Dr. Roy Schestowitz: Hi Guri

Dr. Roy Schestowitz: Last week I spoke with a Rep. called Manny

Guri: Hi Dr. Schestowitz

Guri: How may I help you today?

Dr. Roy Schestowitz: He spoke to his boss and said they would call me back by Friday

Guri: okay

Dr. Roy Schestowitz: That was a week ago, on Monday

Dr. Roy Schestowitz: He said they would have phoned by the end of the week, but did not

Guri: I am very sorry to hear that…

Guri: may i know regarding what he has arranged the call for you ?

Dr. Roy Schestowitz: I left my telephone number with him, can you please check this?

Dr. Roy Schestowitz: The cal was regarding data privacy in my 5 accounts, I said I would like my data not to be shared across nations.

Guri: May I know the sort code, your full name and first line of address to check the details for you?

Dr. Roy Schestowitz: Sort code: XXXX , Dr. Roy Schestowitz, XXXX

Guri: Thank you. I will locate your details. There may be a slight delay while I check your information. I appreciate your patience.

Dr. Roy Schestowitz: No problem

Guri: Dr. Schestowitz, If you want I will set a new call back for you and you will get the call within 3-4 hours

Dr. Roy Schestowitz: Please.

Guri: May I know your Telephone number?

Dr. Roy Schestowitz: XXXX

Guri: Thank you

Dr. Roy Schestowitz: I look forward to the call in a few hours, thanks and good day

Guri: I have arranged the call back for you

Guri: You will get the call within 3-4 hours

Guri: Is there anything else I can help you with today?

Dr. Roy Schestowitz: That’s all, thanks

it’s not over yet. They failed to call back twice in a row now. I think it’s deliberate because of the nature of the query. They want secrecy around their abuse of customers’ data.

ARLIER THIS month the server running Techrights got migrated and upgraded (from Linux techrights.org 2.6.18-308.el5xen #1 SMP Tue Feb 21 20:47:10 EST 2012 x86_64 x86_64 x86_64 GNU/Linux with 2 cores on CentOS release 5.9 (Final) to Linux techrights.org 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux with 4 cores on CentOS release 6.4 (Final)). Thanks go to Copilotco for providing hosting space and kind support. Here is a look at some of the work involved in this whole process. It can be subdivided into a bunch of tasks as follows:

• Setting up the backup cron job, among other jobs. For the standard user/s this involves just nightly backups of all databases overnight, at around 8 PM East Coast time (the physical server is based in California). For root, the story is a little different. Monitoring is run with E-mail alerts (in addition to third-party services which poll over HTTP and dispatch warnings in Web/E-mail form). Someone wrote a script for automatically restarting Apache and sending some diagnostics around multiple maintainers if the service seems to be malfunctioning. I wonder, however, if we need this to run on the new server by default, considering the fact we might have uptime/continuity of service for months as we did years ago. This used to be run as a cron job, in a line which contains */5 * * * * /usr/local/sbin/web-watch. We will be saving it in the home directory before we decommission the old server and lose data. The scripts associated with the jobs have been copied and given the same permissions as before, so they should be usable. HTTPD restart script (in cron job with correct permissions in associated files) requires some cold testing, with additional cron jobs-related tests (requires lots of testing to prevent major catastrophe, e.g. .htaccess should not be (mis-)configured to permit access to privileged parts of the site (none except system files)).
• Needing to compare DB sizes to assure all data was migrated successfully (about 1.8 GB of text in the databases). This is tricky for a tool like diff to address. Given that the import yielded no warings and the database dump sizes are roughly right (with the newer, active database being slightly larger), this seems to be passing the sanity check. Readers were encouraged to report problems with the site, as well.
• Blocking wiki edits which are anonymous, i.e. from the new address of Varnish. There are Wiki spamming attempts ongoing, and as soon as new registrations and edits by them are allowed, the Wiki gets littered with spam. None of that has stopped.
• Merging of domains is work in progress. In Google, site:http://boycottnovell.com might start showing duplicates (w.r.t. Techrights.org) because access to the former domain does not result in the URL being overwritten/rewritten as Techrights.org. To prevent the search engines’ indexes from filling up for two separate domains, the old behaviour is preferred and should be restored. In short: Needing to check that all domains, two .com domains and the default .org domain, are all merged properly to give one single URL for each page, with no plurality (canonical form). Testing a lot of pages on different kinds of sites/domains, redirections included, e.g. boycottnovell.com/SOME-POST-PATH, helps provide reassurance here (for link integrity, i.e. no 404s, not just SEO-driven).
• Finding the master template for /etc/sudoers, wherever it resides. We need to add a line to sudoers to allow for faster restarting of the IRC bot/s.
• The statistics package we use (needed for security with 4-week retention, but locally-accessible only, for privacy reasons), a simple program called Visitors, has been recompiled for the new server and data passed to /root where scripts reside whose function is retained, having replicated Apache configurations and other settings that relate to them. Some testing is still required for some bots’ function, e.g. access via HTTP to localhost. The Varnish proxy complicates debugging.
• Checking of cache directories and plugins, ensuring that they work and aid performance. Pages should generally be loaded more quickly, owing in part to hardware improvements.
• IRC logs and access to them should be verified (5 years’ worth), along with access to directories through contents listing (blocked by default in some Apache configurations). Seeing errors through logs can help diagnose such issues.
• MIME types for filetypes such as Ogg should be checked, with different file extensions and in-page embedding being tested. A test of oggs seems mostly fine, at least for TechBytes episodes. On the old server (under /etc/mime.types), “video/ogg ogg ogv ogm” was used to capture variations of file extensions. The new server needed OGM added (cat /etc/mime.types | grep ogm showed it to be conspiciously missing).
• Mailing technical details to another privileged user, perhaps getting another public key on the server.
• Magpie RSS in the Wiki for fetching latest stories from WordPress. Currently, this does not work and it did prove problematic in the past, too.
• There are 4 directories of Patent Troll Tracker posts which need to be made inaccessible (chmod 000 for instance) as the author asked them to be made invisible (he got sued over it) before we made the mirror. This is needed for offline preservation (information about notorious patent trolls).
• Needing to recheck root directories for similarities, ensuring nothing valuable is left behind on the decommissioned server. This can be achieved most simply using a count of files in several locations, checking space used in areas of importance.
• Directory listings, e.g. listing of court exhibits, should be enabled despite the default paranoid setting in Apache. Alternative domain names will inherit those same rules if properly set up.
• Resorting a regular remote backup routine, e.g. through the gateway or from server directly to desktop (in the UK), in addition to backups near the rack.

ITH PRISM all over the news, politicians in Finland (land of Nokia) are being pressured to drop E-mail services that give the US data which compromises sovereignty, e.g. political espionage.

Contributing my own bit to this push for sovereignty, I have contacted my bank, National Westminster, which will probably tell me I can’t opt out of sending my financial data to the US, land of illegal surveillance by NSA. I am now waiting for a phonecall from someone higher up in National Westminster. Here is my chat log from an hour ago:

Manny: Hi, you’re chatting with Manny. How may I help you?

Dr. Roy Schestowitz: Hi Manny, good afternoon.

Manny: Good Afternoon

Manny: How can I help today?

Dr. Roy Schestowitz: I have 5 accounts with NatWest, 1 of which is a USD account

Dr. Roy Schestowitz: Several months ago I contacted NatWest regarding my newly-issued debit card, which is tied to Visa, not Maestro/Switch

Dr. Roy Schestowitz: I had asked them to stop sending my financial data to Visa

Dr. Roy Schestowitz: I wish to use my account without going through a foreign party

Manny: Okay, is that for your USD account, or the regular account?

Dr. Roy Schestowitz: All accounts preferably

Dr. Roy Schestowitz: I want my financial data to stay within the UK, I think the law protects me on this matter

Dr. Roy Schestowitz: I can give my account details if they helps

Manny: Okay, do you do online banking with your accounts?

Dr. Roy Schestowitz: Yes, I do

Manny: Okay, can you log in online for me please?

Dr. Roy Schestowitz: The USD account I cannot access online, it’s a Currency Account, but it’s based on Warwick, if I recall correcly, so I assume the data stays in the UK

Manny: Okay, can you log in online for me please?

Dr. Roy Schestowitz: Sure, hang on..

Dr. Roy Schestowitz: I am logged in now

Dr. Roy Schestowitz: By the way, the chat facility did not work in Firefox

Dr. Roy Schestowitz: Maybe a bug, I had to launch Chromium to get to it

Manny: Thank you, okay, and what is it you would like me change on the account exactly please?

Dr. Roy Schestowitz: My accounts are, based on information I have been given by NatWest, enable my financial activity to be sent to another nation, even when I make payments within the UK

Dr. Roy Schestowitz: I would like to opt out

Manny: Okay, one moment please.

Dr. Roy Schestowitz: thank you, Manny

Manny: Okay, we wouldn’t share an specific financial information with any parties outside of the UK, and any monitoring on your account or Visa card, would be done solely by the bank, and no one else.

Manny: I haven’t heard from you for a while. Are you still there?

Dr. Roy Schestowitz: yes

Manny: Is this in reference to making payment via the internet or just using your card in general anywhere?

Dr. Roy Schestowitz: I am trying to interpret this because it’s sufficient for the processing to be done by Visa for another nation to hold a copy of all transactions

Dr. Roy Schestowitz: Using my card as well as making transaction over the Internet. I need reassurance that in both cases the financial data is in no way trickling out outside the UK.

Dr. Roy Schestowitz: That would contradict what NatWest told me before, as they said Visa is a “man-in-the-middle” in the transactions

Manny: Okay, I don’t have access specifically to that information here I’m afraid, Dr. but what I will do for you is, send this on for investigation, and then my supervisory will look into this situation further for you, and then call you back once all the necessary information has been located for you.

Manny: You will get a call back within 5 working days at the very latest, is that okay for you?

Dr. Roy Schestowitz: Thank you, Manny

Manny: You’re very welcome, may I take your best daytime contact number please?

Dr. Roy Schestowitz: I am at home most of the time, the number to reach me on is xxxxxx

Manny: Thank you, I will get this request send for you right away, and you will hear back within 5 working days.

Manny: Is there anything else I can help you with today?

Dr. Roy Schestowitz: That’s enough for today, thank you. I shall wait for the call for clarifications, I hope they can amend my accounts to address the privacy problems that I never opted into

Manny: Okay, not to worry.

Manny: I would be grateful if you could take a moment of your time to complete the attached survey in connection with the service I have provided today?

Manny: Thank you for chatting with me. I hope you enjoy the rest of your day.

Stay tuned…

THER than the fact that Google Glass is Linux-powered and partly Free/Open Source, I have never had interest in Google Glass. The fact that it is hackable — in the sense one can install one’s own system on the hardware — sure makes a difference, but most people will never practise this freedom. As long as Google, by default, hoovers in data from Google Glass (like it does on the Nexus series), the data is easily accessible to the Surveillance Industrial Complex. This ties into the previous post about peer-surveillance. There is no escaping it and there is reason to antagonise Google Glass as a concept, irrespective of whether one buys/uses it. A lot of people will have no choice as to whether their life(as dynamic imagery) is taken and then uploaded to a datacentre with weak data sharing/protection/retention policy. This is not the same as CCTV. Here we talk about videos that are captured in private spaces, too, more so than surveillance drones whose motion is limited to aerial and is still privacy-infringing, albeit they’re less ubiquitous due to cost, air traffic control, legislation and so on.

This is not about resisting a brand. It’s not hating advancement or fearing the future as Google likes to paint it. It is about telling the difference between marketing (the technology for Google Glass as an implementable concept has been around for decades) and societal effects. It’s like antagonising proprietary software for its effects on society, regardless of practical uses. Fog Computing (‘cloud’) should be rejected on similar grounds. Not everything that can be done should be done, at least or especially if it disregards the consent of non-participants.

To the user, the novelty here is the size of the hardware, the image resolution, and the wireless connection speeds (not related to Google at all).

To the Surveillance Industrial Complex, the novelty here is the ability to access a private (i.e. not accessible by us) database of videos for any given person queried (identity can be derived in a variety of ways, ranging from inter-personal connections to audio, video, and geographical location).

raph theory is essential to the Surveillance Industrial Complex — the privatised branch which maps people and assigns risk levels to them, depending for example on who they meet/met and/or speak/spoke to. Facebook extracts an immeasurable amount of work previously carried out by the Surveillance Industrial Complex. It outsources the effort. The cost is being passed to the public in exchange for games and pseudo-status.

Recently, owing to a friend, I came to realise that Facebook no longer requires anything more than a person adding himself/herself to the site in order for surveillance to commence. Users are now prompted to inform on peers, even those whose accounts (profiles) are vacant or inactive. Family connections, geo-location, face recognition/tagging are all done by one’s peers now. The only thing more worrying than this degradation of privacy is people’s lack of awareness of the ramifications.

The prompting mechanisms add all sorts of relational metadata, adding to prompting for tagging of photos with names, even names of people who are not registered Facebook users.

I often hear arguments that go something along the lines of, “if you don’t like Facebook, then don’t use it.” Well, it’s not as simple as that. You may choose to leave Facebook alone, but Facebook will never — ever — leave you alone. The Surveillance Industrial Complex uses is to gather intelligence on everyone in civilisation. I can almost sympathise with countries that banned Facebook.

“Wait, What? Identi.ca Doesn’t Care About My Data???”

ell, it just had to happen sooner or later. Face the facts. So-called ‘Cloud’ (or Fog as I prefer to call it) Computing is hype and it is dangerous not just in the security sense. Your data, or even your sentimentally-valued information, memories, etc. have no value to others, those who merely provide hosting for self gain or ego or whatever.

Over the years I have seen many so-called ‘clouds’ collapse, whereas with my stuff, almost everything is in tact, even what was online a decade ago (maybe IP addresses changed a little, but it is all still “up there”). This is because to oneself, data matters and data has value. It’s my data. To Fog Computing providers, your data is just mere “content”, something for other users to “consume”, potentially for “monetisation” by the managing party.

Even if the ‘cloud’ is built on Free/Open Source software, and even if that software is made available for download, there is no guarantee that data will be exportable from the database. Identi.ca is a good example of this point (more on that later). What a travesty!

“Why Are You Surprised?”

I previously wrote about my experience losing all my data and work at Digg and Netscape (see the posts “Digg Stabs All Users in the Back, Deletes All Their Content, EVERYTHING!” and “With ‘Cloud Computing’ You Can’t Keep Your Data Under Your Control“).

One could rename and do a rendition of “never fall in love again” as “never fall in cloud again”. Fog Computing is toxic, and the more years go by, the more people (and businesses) will recognise this. From losing access to new binary releases or newly-updated source code people are now losing access to actual data, which they never even retained on their own devices in the first place. What a suicidal decision that would have to be…

“Backup? Export? Where’s the Profit in That?”

Some days ago I made an effort to advise Identi.ca to preserve content and make old URLs accessible, for the sake of preservation. About a week earlier I enquired about the backup feature (experimental) being broken and not allowing me to export my data; this had been broken for years! I never receives a response Right now it says it “provides an incomplete backup” and finally I can actually export some data, but only the past month’s data (I have posted there for over 4 years).

Recently, having suffers another major ‘cloud’ data loss, I made a local copy of all my tweets. Twitter’s archive dump is well-formatted after Twitter announced the feature (months ago) and refined it over time, making it available to all users and not just select few, taking minutes to generate an archive and then sending a notification by E-mail, indicating an archive is ready for download (I have posted nearly 85,000 tweets). This is a commendable move by Twitter, but still, given that Twitter traffic declined 20% in the past 3 months alone (based on Alexa.com), how long will Twitter be hosting the tweets itself and thus keep URLs in tact?

“Sites Go Dark? Never!”

Well, actually it happens all the time, usually financial considerations being a major factor for the operator/s. Consider all the third-party image hosting services and link shorteners such as http://ping.fm/ that I used a lot in 2009-2010. These latter services are a nightmare even in the eyes of the founder of the World Wide Web as lacking any contextual information like link/page, the URLs are worthless; they are utterly dead and useless links, they cannot be recovered even through the Web Archive. Often enough this renders the tweets too rather useless. If people use shorteners in blogs, then they are truly misguided and they too will suffer the consequences.

“Didn’t Identi.ca PR Say it Was Just a Conversion

Identi.ca is trying to call this a “conversion”, but the only thing such sites seem to be planning to convert is user accounts, and not even many of them. Reading “Identi.ca conversion to pump.io” again, it seems clear all user data will be deleted (not left online, thrown away). As manual backup is trimmed/incomplete, this leaves users like myself unable to even pull the raw data while the site and the database are still online. What incompetence; what a betrayal!

“So New Software Platform Means Starting From Scratch?”

It sure seems to be the case. “The Identi.ca social network service will be moving to a new software platform on June 1, 2013,” says the announcement. This is a nice way of saying that the site is reassessing the way it operates and perhaps the business/operating model, neglecting all that was put into it by many users. It started by stating the migration would occur in one of the secondary domains and now this is coming to Identi.ca, as some people feared.

In a month-old post titled “Identi.ca conversion to pump.io” says:

Active accounts will be converted automatically to the new platform. Active users don’t have to do anything to continue using the service.

Accounts that have not been used since May 1, 2012 will not be converted. If you have friends or people you like on Identi.ca that you think should keep being users, please let them know. Just posting one notice will mean their account gets converted.

If you’re interested in seeing how pump.io works right now, you can set up an account by going to http://pump.io/ and clicking the “try it” button.

pump.io has a very different API than StatusNet. If you use a desktop or mobile client for Identi.ca, please check with the software developer to see if they’re planning to port to pump.io.

Backups of all public data will be available on archive.org after the switchover. You can also make a manual backup.

pump.io is under active development; some features you’re used to from StatusNet will be unavailable or will be implemented by third parties. There are a lot of things that pump.io does better, though. Social games, sharing pictures, and web-wide social buttons are just part of the new fun.

How hard would it have been to just keep the old CMS in tact, even for the sake of old URLs being accessible? Probably trivial bar space and CPU concerns, right? Identi.ca should reconsider its position on this. Maybe Evan (Identi.ca founder) can ‘kickstart’ a fund-raiser to help sponsor this; I would put my money in to preserve my data. Maybe others would, too.

New Identi.ca means the following: Heaps of broken URLs, disregard for people’s work which was posted online (essentially just like in the case of Digg, Netscape/Propeller, etc.), and elimination of many connections like “Followers”/”Following”. It was bad enough when theme-related information got dumped as part of the previous software upgrade. Not the same is being done with post data. Only user data is preserved (name, E-mail, etc.). Imagine if YouTube did the same thing, throwing people’s videos out with the bathwater… YouTube did throw away people’s theme-related information when it applied some updated, but these are often restorable with some effort. The same goes for Facebook with its layout tweaks. Imagine the outrage resulting from a Facebook announcement that it is dumping all old posts and photos…

“So It’s All Gone in a Few Days?”

Seems so, unless Identi.ca decides to keep the StatusNet setup in tact, as least for legacy purposes (I have thousands of links to Identi.ca URLs out there, and they are needed for context).

I have some mirroring of selected Identi.ca accounts in a IRC channel, which I back up and make available online for good. Alas, that is hardly a substitute.

“What Can I Learn From This Disaster?”

When your online work (including Facebook, Twitter, etc.) will no longer align with someone else‘s business model, say goodbye to it all. Yes, seriously. This is not a charity.

Yesterday I wrote about self-hosting one’s photographs. No guarantee of export options in Flickr, eh? Are you listening, Flickr MicroHoo! users? As my friend Tract put it in “Tracy’s photo album,” this is “better than flickr! I won’t lose all of my pics when flickr disappears.”

Recently, speaking to relatives or mine, I advised them to access Friendster to export or save their accounts’ contents before it’s too late to do so. A stampede to export would cost a site in the process of shutting down a lot in terms of bandwidth, reducing incentive to provide such an option, especially when there is no brand/reputation to protect anymore. And if you think Twitter and Facebook are any different, think again. The only difference is, those sites are probably quite a few years away from shutting down and throwing the content down the drain. Why else would the Library of Congress already amass tweets of everyone? Spying concerns aside (profiling people based on their posts from decades in the past), this shows that the US government too recognises that all Fog Computing ends up the same way — it ends up down. Not up, down. Offline, probably stored on some magnetic tape/disc in some warehouse owned by some company which had nothing to do with the data and not making accessible online, even to those who provided all this data. In due course this storage media too will erode, collect dust, and become inaccessible (incapable or getting salvaged), in essence destroying the data for good and not even giving data contributors a chance to preserve/curate the data themselves.

“What Should Identi.ca Do?”

It’s simple. Keep the data up. Keep the old URLS in tact. Make the privately-owned database accessible one way or another. If the backup feature permits complete download of all data for a given user, then it doesn’t resolve all the issues, but it may resolve some.

ALLERY (see Wikipedia for background) was first installed in this Web site about 8 years ago. That was version 1. I installed version 2 a few years later (for security reasons and general exploration), but did not delve deep into it. It is still installed, but I chmoded it to 700. Recently, shortly after our wedding, I started experimenting with version 3, which is also known as Gallery3 (because the name “Gallery” is very generic, non-unique). Despite is being barebones by default, with additional modules it is highly extensible/configurable and I have added many modules that can be seen in the live site. For me, Gallery3 seems to be the best FOSS Web-based photo album software bar none. It is far better than Facebook’s proprietary ‘cloud’-based option, which I installed Gallery3 to replace (the wife was quitting Facebook for image hosting). I did experiment with some other options, but these were less well-suited. For those who may be curious (or those wanting to replicate some functionality), the latest Gallery3 album uses a slightly modified (by me) Clean Canvas Theme. along with the following modules (configured appropriately):

• AddThis
• Akismet
• Album Carousel
• Album Tree
• Carousel
• DownloadAlbum
• Exif Data
• Gallery Stats
• Image Block
• Local print
• Notification
• Search
• Slideshow
• Social Share
• Tags

A few more modules are installed by default and additional languages got installed manually.

People should increasingly self-host their photos. The opposite trend is worrisome as there is no guarantee of albums preservation; it’s hinged on somebody else’s business model. Go to the Gallery Web site and learn how to reclaim your photos. It is a long-term investment of time and effort.

ITHOUT a doubt, there are circumstances where evidence extracted from CCTV is valuable. For instance, if there is a street/pub brawl, one can use footage to verify or falsify eyewitness accounts or the story told by those involved in a brawl.

For the most part, however, CCTV fails to justify its great cost, not just monetary cost but also the cost to our civil liberties. Today I got a good reminder of that.

Having spent nearly an hour speaking to security personnel and the local police, I found that CCTV did, in fact, capture the stealing of my hybrid bike (retails at around £500) roughly two hours ago. This was captured because I only ever park and chain my bike to solid objects like designated bike rails in front of cameras and in the presence of many people.

Not only did several cameras capture good footage of my bike being stolen but also the store manager (the store I was in for just 10 minutes) was at the parking lot witnessing the crime. Was that enough to prevent the crime? No. To capture the perpetrator? No. To return the stolen bike? No.

The perpetrator wore a hoodie, so it is hard to identify him (the footage only identifies him as a black man in his mid-twenties, to quote security personell who investigated it). It is too early to assume that the bike won’t be returned and the perpetrator caught, but the matter of fact is, CCTV, as I long argued (for many years), does not help prevention and rarely helps identification.

If the perpetrator is very naive, in which case he or she is removed from the scene early on, then it might work, but the hard cases cannot be resolved by CCTV. All that can be achieved is the confirmation that a certain crime occurred and in cases where an insurance agency is involved, it may help prevent insurance/benefit fraud. My bike was not insured. I don’t know any people who buy bike insurance.

Surveillance tools which are run and owned by the state (or law-enforcement agencies), as in CCTV, are not there to protect and arguably they do not serve as a deterrent either. They are probably not worth the investment. More people need to be on the ground, creating more jobs and adding to real security, not sci-fi pseudo-futuristic security theatre.