Home of Stigster

Image: Matt hamm @ Flickr

Last week Google went live with it’s latest addition to the social media arena: Google Buzz. In short, Buzz is a miro-blogging system much like Twitter and the news feed in Facebook, that allows the user to post text, links and images for their friends (and the public) to read, see and comment. You an also connect your other social medias to Buzz and have your posts from these systems displayed in your Buzz stream.

Now, I’ve mentioned this on several other occasions, but some things can’t be said often enough: What about the comment streams? When I post something on my Twitter it is copied to my Facebook profile and my Buzz stream, and people can comment and reply to my posts on the respective sites. But these comments aren’t linked to the other sites. And that is beginning to annoy me.

A conversation used to be carried out at one place at one time. With Internet relay chat (IRC) and instant messaging (IM) the “one place”-part was whisked out, and with email, SMS, forums and online social media the “one time”-part is also gone. What we are seeing now are single conversations being fragmented and split to different medias while they really would benefit from being carried out as one. And in order to have this done properly, all replies and comments spawned from the same post have to be duplicated to all the other participating streams.

Is this possible? Sure it is! Like everything else in the field of informatics, there are at least three ways to accomplish this. Are we going to see at least five attempts to solve it? Probably. And hopefully one will prevail as the best solution. I am even tempted to have a go at a solution my self, but I’d like to know if anyone else shares my frustration.

If you have anything to say in this matter, please to so at any of the social medias where I am currently signed in: Twitter, Facebook, Google Buzz, and of course, right here at my very own blog!

Foto: akeg @ Flickr

I am drafting a new website for some friends using Wordpress, and for theme I chose Piano Black by mono-lab. The site is Norwegian and thus I had to translate the theme language pack. I followed Urban Giraffe’s Translating WordPress Plugins & Themes-guide and ended up in a flaming red fight with poEdit to get the program to read the theme language files correctly. Thanks in part to Gettin’ Geek’s post I finally worked out that in the path-tab in the New Catalogue-dialog you have to give the basepath to the theme (in my case “C:\Users\<myusername>\Documents\piano-black”) as the base path, then add the “languages” path AND the “.” path to the list of paths. Hope this can be of assistance to other batteling the same issue.

Anwyay, if you want to get my Norwegian Bokmal translation of the theme you can download it here. The zip-file contains the nb_NO.mo and nb_NO.po files. Beware of one issue though: A bug prevented me from translating the “% comments”-line. Since it is just draft I didn’t bother to debug the issue, but if you find a fix – let me know!

Foto: Mzelle Biscotte @ Flickr

A journalist friend of mine approached me with a question about whether it is smart or not to use encryption to secure email conversations with an anonymous source. In the article Story-Based Inquiry: A manual for investigative journalists by Mark Lee Hunter that he had read, the author claims that “secure email contact requires encryption, a method that stands out and can bring unwanted attention.” The author also points out that both the journalist and the source should “use mobile phones with prepaid cards”, and that the journalist should “lock up all material related to the source, ideally in a place that is not identified with yourself.”

While Mr. Hunter is right that encryption is the only way to truly secure email, his point about encrypted email standing out is only partly valid. If while looking through someones files, emails or computer in general, all an investigator can find is a single or maybe to-three encrypted emails or files among hundreds or thousands, then sure. That email or file is going to stand out like Rudolf’s big, red nose showing up at Easter. But if someone, like the journalist in this case, makes a habit of encrypting all his files and most of his email, then there will be a lot less suspicious about that one email to the anonymous source.

Another important point to remember though, is that the ‘to’ and ‘from’ addresses in emails cannot be encrypted. If they were, the email servers wouldn’t know where to send them or who the reply is going to. To cope with this, I would suggest opening anonymous accounts for both the journalist and the source so that the fact that the two people are communicating isn’t obvious. Then I would use encryption to secure the content of the emails. There are webmail services that offer both anonymity and encryption, but the encryption part can also be done offline by writing the content in a separate document/file, encrypt the file with your favorite crypto software, and just paste the ciphertext (the encrypted document/text) into the body of an email. This utilization of anonymous email accounts is equivalent to Hunter’s suggestion on using prepaid mobile phones.

There are several other issues to be aware of, though. For example, logging into a webmail service (or any mail service or other type of resource that requires authentication) can leave tracks on your computer which a skilled examiner can extract, forensically if so required. Necessary care should be taken whenever accessing an email account or any other resource that you don’t want to have associated to your name. (I’ll leave this for a later post.)

While I am on the subject, I would like to point out that if the journalist can find some way to solve the association issue, encryption can be employed to “lock up” any notes, documents, files, digital recordings or photos the journalist may receive from or create while dealing with the source. The same point about the single encrypted file standing out is valid for this material as well, but again – it’s hard to tell equals apart.

Issues like key how to exchange crypto keys/passwords and what encryption tool to choose are topics for later discussions. For now, if you have any questions or comments, feel free to post them right here at stigFromOslo.com.

As a hobby photographer I take a lot of photos. I own a Nikon D70, and my Nokia N95 also has a decent camera, which means that when I first get started I take a lot of photos. My external hard drive has something like 38000 photos and I don’t want to loose any of them. Also, I would like to have access to them whenever I need them. If it’s at work, at home, when visiting friends and family or even when I’m out traveling I would like to have my collection at hand – either because I want to use one of them for something or if I want to show some of them to someone. But I don’t want to carry the external hard drive with me wherever I go. This is where the wonderful cloud comes to the rescue!

A few years ago, a fellow student introduced me to Flickr - the online photo storage and sharing service owned by Yahoo. I signed up and for a few years stayed on the free limited account. I only uploaded my best photos and shared them with everyone. Didn’t get many hits though, but that wasn’t so important. Earlier this year a friend of mine show me how he used Flickr for a street art photo blogging project. He’d use his Nokia N95 to take pictures of every day things he encountered on the street and upload them directly to Flickr using the phone’s pre-installed “Share online”-feature. I immediately got hooked and started taking photos and sharing them much the same way he was. It didn’t take long for my free account to fill up and I quickly upgraded to a pro account with unlimited storage and bandwidth.

And yesterday it struck me: With a no-limit account on Flickr, and several instances of “if I’d only had my external hard drive with all my photos on”-moments, why don’t I just upload everything to the cloud? Then I’ll have easy access from everywhere, I can share my photos with anyone who might want to see them and my photos are backed up – all at the same time. So today I started the tedious task of uploading 70 gigabytes of photos to Flickr. Am I going to finish this week? Probably not. And do I have a huge task of sorting, tagging and naming all my photos? Yes, most definitively. But I do believe it is worth it, and it represents my first step towards real utilization of the cloud. Now, if I could only find a smoother way of eliminating duplicates…

I have been battling the question “what shall my homepage be like” for many years now. I’ve started blogs, written home pages, gotten my own domain, started more blogs, merged different pages and blogs, gotten on Facebook, started tweeting… It’s basically been a big, hairy mess. And here is my problem:

I wanted to separate my personal life and my professional life online. As a consequence I started to blogs – one professional blog where I could post comments and articles about information security, digital forensics and other IT-related topics, and one personal blog where I would write about stuff that friends and family would be interested in. Like how my vacation was and how much I hate snow.

This worked out great for about two days, when I noticed I had another problem: Language! My primary language is Norwegian and living in Norway I mainly read Norwegian news papers. Which means I am most likely to want to comment on Norwegian events and news articles. But working with computer science, my main professional language is English. And let’s face it: There is a huge difference in audience volume when writing in English as opposed to Norwegian. So now I had to deal with that too.

The result was that I more or less gave up on the whole thing. My blogs were nothing but dead weight in cyberspace, and all I could be bothered with was a few micro-posts on Facebook and Twitter. Until today!

Thanks to inspiration from the Twig podcast, my friend Azathosk’s blog and a series of discussions I’ve had with friends, I have come to the realization that my online presence – my cyberpersona if you will – must be one! My professional and personal life is the same life, and if people just want to read half the stuff on my blog, well, then they just read half the stuff.

Therefor I have consolidated all my posts here at stigFromOslo.com and I have started to formulate in my head a project on exploring the wonderful world of Web 2.0, social media and cloud computing. I hope to bring to you a series of experiences and ideas on how these things can work together to make life more cyberpunk (in a cool way) and how social media and the cloud can work as an integrated tool for entertainment, news and practical life experience.

Stay tuned and please feel free to comment, ask questions and share your own experience and ideas. After all – even cyberspace is interactive!

In one month I’ll be starting a new job as a digital forensic specialist with the Norwegian Tax Administration. I must say, after almost two years of working with security accreditation methodology and policy I’m excited about getting closer to the technology again and to hopefully work a bit closer to code, bits and bytes. Not that I haven’t enjoyed and learned a lot these past years, but having a masters degree and not really getting to use what I know seems a bit wasteful. I just hope my new employer will welcome me equally well as my current one, and that the work environment is as good as the one I am leaving.

Til de fleste risikofylte aktiviteter – fra bilkjøring til dykking – kreves både kurs, opplæring og sertifikat før man får lov til å drive på uten kompetent tilsyn. I Norge har det til og med vært snakk om førerkort for hundeeiere, både fordi hunder kan være farlige og fordi de kan lide hvis de ikke blir tatt vare på på en god og riktig måte. De siste årenes rivende teknologiske utvikling har også vist at PCer og Internet kan være farlige greier, som hvis de brukes på feil måte kan skade både brukeren selv og andre. Likevel er det ikke knyttet andre krav til ivaretakelsen av sikkerheten i cyberspace enn de kravene den enkelte PCeier og bedrift stiller selv. Dette gjør cyberspace til et farlig og ukontrollert sted å være. Men hva hvis det ble stilt formelle krav til sikkerhet for PCer som kobler seg til Internet? Er det mulig å forestille seg en ordning der alle pcer som skal knytte seg til den store verdensveven må bevise at de er sikre?

Å sikre en PC er i stor grad synonymt med å oppdatere den med de siste sikkerhetsoppdateringene til operativsystemet og programmene, installere og kjøre en programpakke som hindrer, finner og fjerner ondsinnet kode, samt å sperre for uautorisert nettverkstrafikk til og fra maskinen. Mange av dagens PC-brukere har i det minste hørt om ett eller flere av disse tiltakene og har en viss ide om hva de innebærer. Men dessverre er det alt for få som følger opp tiltakene ofte nok – enten fordi de ikke vet hvordan, eller fordi de ikke har tid eller ork til å laste ned de siste oppdateringene eller fullføre hele virussøket. Denne uvitenheten og giddaløsheten spiller en stor rolle når hele Internet skal sikres.

En ordning der alle PCer som knytter seg til Internet må verifiseres som “sikre” før forbindelsen til resten av verden åpnes, kan både hindre at sårbare maskiner utsettes for fare, og at infiserte maskiner sprer ondsinnet kode videre til andre – bevisst eller ubevist. Ordningen vil også medføre en høyere bevissthet og generell kompetanse om farer og sikkerhet i cyberspace, og at alle PCeiere blir nødt til å holde orden i egen maskin.

Spørsmålet er ikke om dette lar seg gjøre rent teknisk. Teknologien som trengs for å få på plass en slik ordning eksisterer allerede i dag. Spørsmålet er om det er riktig måte å løse problemet på? Er vi komfortable med at loven strekker seg enda lenger inn i vår mer eller mindre private cyber-sfære? Hvem skal kontrollere og utøve denne myndigheten? Og hvordan kan vi være sikre på at det vil fungere?

Bare gjennom politisk debatt kan vi håpe på å få svar på spørsmålene om det er slik vi vil ha det og hvem som eventuelt skal håndheve ordningen. Og siden årets valgkamp har vist at enkelte politiske partier vegrer seg for å i det hele tatt ta stilling til om datalagringsdirektivet er en god ide eller ikke, har jeg mine tvil til at dette tema kommer på den politiske agendaen med det første. Det er tross alt lite sexy å snakke om informasjonssikkerhet og ikke akkurat noe sjakktrekk å snakke om mer kontroll og styring av frihetens siste globale skanse. Men kanskje det kan være rom for en slik debatt på skansen selv?

Og hvor vidt det vil fungere kan vi egentlig bare finne ut av ved å prøve ut løsningen. Diskusjoner og teoretiske akademiske øvelser kan si mye om hvordan løsningen må fungere, men kun gjennom erfaring kan vi se om en dørvakt i cyberspace faktisk vil fungere eller om vi også her vi se en oppblomstring av falsk legitimasjon og “trynefaktor”.

stigFromOslo.com announces a new wiki for the Shadowrun RPG campaign Roumble in the Jungle. The campaign is closed, but the wiki is available at http://www.stigfromoslo.com/sr3/.

stigFromOslo.com har gleden av å annonsere at Erdal IL Kampsportforumnå er klart. Forumadministrasjonen er i ferd med å gjøre de siste tilpasningene, men forumet er klart for bruk og nye brukere er velkomne til å registrere seg.

Erdal IL Kampsportforum er foreløpig bare tilgjengelig på http://www.stigfromoslo.com/erdalil.

OSI Taekwondo forum er nå oppdatert med siste versjon av forumprogramvaren. Det er også opprettet et eget subdomene for forumet: http://ositkd.stigfromoslo.com/. Brukere av forumet oppfordres til å oppdatere bokmerkene sine til å peke til denne nye adressen, og til å rapportere alle feil per epost til ositkd (at) stigfromoslo.com eller direkte på forumet.