Recovering root password on Fedora 19

I ran into a problem a few weeks ago with my Linux system.  After performing a kernel update and rebooting, I couldn’t remember the disk encryption password.  I tried for an hour or more, running through all of the passwords I could think of, including with new combinations and possible miskeys, but nothing worked.  Finally, I shut it off in frustration.

Last night, I figured I’d take another crack at it.  After nearly 30 minutes, I finally stumbled across the right password, and it was something that I’d tried before several times both last night and during the previous failure but apparently managed to miskey it a few dozen times.  Success!

Until I tried to log in.

Password for my account?  Wasn’t happening.  Couldn’t remember what it was.  Worse, I couldn’t remember the root password, either.  OK, I figure.  I’ll just reboot into single-user mode and reset the password.

It wasn’t quite that simple.

Continue reading “Recovering root password on Fedora 19”

Google sacrifices privacy in the name of speed

A couple of days ago, I was invited by Google to enable a new mobile Chrome feature. Thinking that perhaps this was the new QUIC protocol, I went ahead and accepted. What I got instead was an offer to run all cleartext traffic through Google’s proxy servers.

Still in extremely limited, invitation-only beta, Google’s claims regarding improved performance are probably accurate.  Being in the middle of the connection, the proxy certainly can compress traffic and convert images to a format better suited for a mobile device, particularly one with low screen resolution, reducing the amount of data to be downloaded and thus improving network performance, especially over slower connections. Exceptions would be made for HTTPS traffic any anything coming from an Incognito session.

But this is at a severe cost in privacy.  Every single unencrypted connection in a normal browser session would run through Google’s servers, allowing not only possible interception of passwords and other sensitive data (remember that not all data is legally protected) but also the possibility of feeding otherwise hidden pages into Google’s index.  Despite the potential (certainly not assured) speed advantages, I fear that Google will at least make this a prominent option for users to enable without understanding the risks.  Most people will choose convenience (in this case speed) over security given the option.

This is one of those things that I’ve long warned against.  I’m fine with home filters, but those are generally under the owner’s control.  A proxy that you don’t control gives ultimate power to whomever does own the proxy.  It could block the traffic for any (or no) reason and the information that the user gets back about the block may or may not be accurate.

It also makes for a central point of monitoring that any government would love to have the opportunity to use.  Looking at things optimistically, I’m sure the FBI would love to tap it in criminal cases, but there are plenty of other countries (like India) that are trying to or have set up monitoring as a fact of life, and I doubt that those countries’ networks will be made exempt from this feature.

I can’t get excited over this at even the most basic level. Usually when I see a new Google feature, I see what they’re trying to do even if the implementation is a little iffy. However, in this case I really can’t see the net good to come from it.

Extraordinary times and measures: How the NSA might justify its injust actions

There’s a long history in the United States of backing the hero doing the wrong thing for the right reason.  We love movies like Dirty Harry, Lethal WeaponBeverly Hills Cop, and Hard Boiled where the good guy (usually a cop) finds no other way to get the bad guy than to break the law.  At the same time, some of the best villains are seen to have done the wrong thing for the right reason: Gen. Hummel in The Rock exemplifies this when he takes hostages to force the government to tell the truth about the deaths of Special Forces soldiers over the years.

While those are fantasy worlds, there’s also a long history of sympathy for those real people who break the law for what society (or parts of it) deem to be the right reason.  From those who resort to cannibalism to survive to those who refuse to disperse while in largely peaceful protest to a president who ignored separation of powers and ordered military trials of civilians, we look upon them with approval or at least forgiveness because we realize that sometimes extraordinary times require extraordinary measures.

But most of these approvals of real actions are in hindsight.  At the time of the action, they are often controversial, even unpopular.  But perhaps there’s another aspect to them that is often overlooked: they’re not happening to us.  When an action doesn’t directly affect a person, they’re less likely to take a strong negative view on it than when they see a real or potential impact in their own lives.

This happens when we hear about the reality of combat, especially if we know someone who has been in the fighting.  Even if we disagree with the war, we tend to give the benefit of the doubt to the individual because we want to trust that they did the right thing at the time even if it was illegal or usually considered immoral or unethical.  But when we specifically are caught in the cross-fire, literally or figuratively, we tend to have a very different view.

And that’s what I think has caused the uproar over the NSA surveillance.  Don’t get me wrong–I have some serious issues with it, too–but when there was reason to believe that it was primarily happening to people in other countries or to potential terrorists in the United States, people didn’t get too worked up over it.

Now that the Snowden documents have revealed ever-increasing surveillance of many millions of Americans–perhaps nearly all of them–it’s suddenly hit home that the average person could come under suspicion for the simple act of making or taking a phone call, visiting a website, or chatting with a friend.  We start to worry that in connecting various dots, we could become a dot, and the known protections against this are nebulous at best.  We have only claims from the government which include a court that has little or no adversarial activity.  And that’s not good enough.

It doesn’t help that for most people, the NSA is a faceless entity.  Most people don’t know anyone who works there, or if they do they don’t realize it as those who draw an NSA paycheck generally don’t advertise it.  When we can’t put a familiar face on an activity, the motives become questionable, even sinister, because we have no one to question.

I’ve known some who have worked for some of these agencies.  One shared trait is not talking about foreign affairs, usually for the same reason.  From the inside, those with a TOP SECRET/SCI clearance see things that change their view of the world.  I’ve been told by someone who would know that the average stay in the NSA’s counter-terrorism group is two years or less; after that, they burn out.  They see so much that the general public not only doesn’t get but doesn’t want to see that they can’t talk even about things not covered by their clearance.  It’s just too frustrating.

And maybe that’s led to scope creep.  The analysts and their bosses are, at least in their minds, dealing with extraordinary times and they require extraordinary measures.  If we had just done this one other thing, maybe we would have caught the attack before it could do damage.

I imagine this happens fairly regularly.  Someone comes up with an idea, someone else expresses discomfort, it gets bounced around the lawyers and perhaps the White House, and then a rationale is provided.  I expect not everything is approved.  Some things are too complex, too expensive, too niche, or just too blatantly unconstitutional.  And sometimes there’s very strong push-back.  But someone, somewhere, comes up with a legal reasoning and those who are not steeped in the law tend to go with it.  It becomes easy to justify: We’re not the legal experts, we need this capability, it will save lives.  Extraordinary times, extraordinary measures.  That’s what they tell themselves.

But in extraordinary times, it takes extraordinary people to stand up against the illegal and unconstitutional.  It’s critical that those protecting us remember what is being protected.  People are being protected, but so is the foundation on which the country was built.  That foundation has served for more than 200 years as an inspiration to people everywhere.  The personal rights enshrined in the United States Constitution have largely become the accepted way that things should be around the world.  When they’re set aside by stretched reasoning, even for extraordinary times,  it undermines the very foundation of our society.  Edward Snowden remembered that, and whatever his personal faults and mistakes, his actions have opened our eyes and caused an international discussion about how much is enough.

Yes, something might slip through.  Another Boston Marathon bombing may happen.  But even in its aftermath the country and–more importantly–its ideals survive.  There are times when the wrong thing is the right thing to do.  But it’s the exception, never the rule.  Extraordinary measures used every time become ordinary–and wrong.  And we must remember that, whether we are an average citizen, a police officer, a soldier, an intelligence analyst, or a president.

Compilation of NIST docs with sensible filenames

For some time, I’ve been collecting NIST SP800 and FIPS documents to have locally, such as when in a meeting and the need comes to reference one of them.  I have some of the older versions around, too.  A few months ago, I started renaming the files themselves with a more normalized format, and recently thought that others could use them.  The format is generally <document number>-<YYMM>-<suffix> – <Description>, though there is some slight variation.  I typically don’t keep drafts around, so you won’t find them here.  The lists themselves are after the break.

Continue reading “Compilation of NIST docs with sensible filenames”