Tuesday, May 28, 2019

Tools of the Resistance (encryption)

Any resistance to be successful requires communication to organize. The prefered way to communicate is face to face, but this is not always possible. Many times communication must happen electronically be it email, text, or voice. Because of the nature of electronic communication it is possible for others, the status quo, to listen in on what we are saying. Because of this it is best to limit our use of the methods. If one must communicate electronically one should always use encryption. Today, 2019, we have free, open source encryption that 10 years ago would be considered military grade.

Even with strong encryption we need to be careful what we say in our email and text. The establishment has enormous resources at their disposal and can, if given enough time, crack most any encryption. So one should take care what one writes. A message like "The chair is against the wall" is not so clear as "We are having a sit-in at the CEO's office"

This post is the first in a series of posts explaining what modern encryption tools exist and how to use them. The first, this one, will be about PGP and it's open source counterpart, GPG. Then I will be writing about using GPG with email. The I'll cover text apps that encrypt.

PGP & GPG

The encryption tool pgp (Pretty Good Privacy) was written by Phil Zimmermann in 1991 and was the first serious encryption tool that supported public key encryption. After several years of lawsuits and government challenges pgp was declared to be legal for US citizens to own and use. Phil Zimmerman then founded a company to sell pgp as a security tool. Around 1997 Phil and several engineers decided that there should be an open standard for pgp encryption with an open source implementation. The Free Software Foundation agree with him and wrote what is now called gpg AKA GnuPG or GNU Privacy Guard.

Public Key Encryption

So what is public key encryption? The answer to that can get very deep and complicated The link above is to an excellent article on Wikipedia but to make this simple PKE (Public Key Encryption) is a way for 2 people to have an encrypted communication with only the recipients of the messages being able to decrypt the message and a way to confirm the identity of the person sending the message.

To begin with, both parties of the conversation have 2 keys, a public key and a private key. The public key is public, that is the public key is listed on a public key server. Anyone who wishes to have an encrypted conversation with you will write a message and encrypt it with your public key. which they downloaded from the public key server. The sender does not have, nor do they need a password to encrypt a message with a public key.

Once the message has been encrypted with the public only the person with the private key can decrypt the message. This requires the recipient of the encrypted message to decrypt with the private key and their password. To be truly secure the person sending the encrypted message will sign the message with their public key. The signature is confirmed against the sender's public key that is retrieved from the public key server.

This all sounds very complicated but, if one is using the correct tools, all this is hidden under the hood. There are a few simple steps needed to get set up. The steps are


  1.  Install the software
  2. Create your public and private key
  3. Configure Thunderbird (email reader)
  4. Distribute your public key 

I will be publishing three additional blog posts about how to do the above steps on Linux, Macintosh, and Windows.









Tuesday, September 18, 2018

Money as a weapon

The basic problem is that those that wish to maintain the status quo, the 1%, have the money to do it. They don't have the numbers, the demographics to maintain control but they have the money to buy the control. Their money buys them police, politicians, laws, policy, and access. The question is how to fight these people and I believe the only way to fight this kind of power is to be smart about our struggle and not confront it head on but to wage an irregular campaign, an insurgency. And one of our primary weapons is money, to turn their strength into a weakness but restricting the flow of money to them.

Keep in mind that 70% of all GDP is consumer spending and the 1% have arranged for most of that spending to go into their pocket. Consider for a moment the following, you need to buy a dress shirt to wear to work. You have several choices; you can buy from a big retailer, a thrift store, a garage sale, barter with friends or get off of craigslist or freecycle. Lets put aside garage sales, bartering and craigslist for the moment and consider the difference between buying retail and used sales.

So you walk into one of those big box stores and buy a shirt off the rack. Lets say the shirt costs $20.00. and lets say the store is doing what is called a keystone markup which means that their cost is half of what you will pay so their cost is $10.00. And lets say that after all the costs of running a business is paid for they have $4.00 left as a profit. Congratulations! You just put a weapon into their hands to be used against you and your community. Suppose the owners of that big box store oppose equal rights for our gay and lesbian brothers and sister or they oppose women having the right to choose. By doing business with our enemy, and make no mistake they are the enemy to our communities, you are giving they a weapon to be used against us.

On the other hand, you went and bought that shirt at a local thrift store. First thing that shirt is not going to cost $20.00 but probability $2.00 or $3.00 so you have saved $17.00 or $18.00.  There there is who is this thrift store ? They are most likely people in your own community supporting a charity in your community.  If you choose wisely, that thrift store is being run by an organization that supports you and your community. By supporting your local community, by buying used, you have 1) recycled a shirt that would have been thrown out and ended up in a land-fill 2) supported yourself and your local community and 3) kept a weapon out of the hands of our enemy. I want to delve a little further  into the makeup of our enemy the 1%.

The power structure, the 1%, is not interested in any of the concerns of our community, they may or may not be aware of the various problems that exist here in this dying empire called America, that is irrelevant. Their primary and most likely only concern is the acquisition of wealth. The knowledge that a resource is growing scarce, resources like redwoods, water, etc. they see as an opportunity to increase their wealth and they need to hurry up and use up that resource before its gone. The model they are working with is an extractive model, to put it bluntly the rape of the natural world . In short the status quo have, either consciously  or unconsciously, decided that the American Empire's days are numbered and to essentially strip mine what is left while they can and prepare for their exist.

The evidence of this is the number of wealthy individuals and corporations who are moving their assets out of America and into off-shore tax havens. Plus purchasing politicians who will pack the courts with their lackeys, pass laws to remove regulations, pass tax breaks for the 1%, and de-fund the agencies that protect our environment, work places and our health care.

So what can we do. We can fight fire with fire, turn their weapons against them. Remember there are more of us then there are of them. Here are a few ideas;

  • Stop spending money. Buy only what you need and then only used. The corporations have sold people on the idea of shopping, ie. giving them your money, as entertainment.  
  • Buy at flea markets and garage sales. The prices are much cheaper than retail and no tax. I have a web site that lists the flea markets around America called Flea Market Finder.
  • If you have a bank account close it and open an account with a local credit union preferably a not for profit one. In general credit unions keep the money in the community.
  • If you have a car, learn how to fix it and keep it running. Drive your car as little as possible, walk or ride a bicycle, it's much healthier. Use public transportation. If you must buy a car, buy an older used one and again learn how to fix it. 
  • Grow your own food or join a community garden. Aside from not giving your money to the corporate supermarkets, community gardens help feed those who struggle to feed their families and your food will be healthier.
  • Learn to can and preserve food. Growing your own food is good but unless you can keep it long time it is a waste. Learning to can is really not hard and there are many resources on how to preserve food on the Internet.
  • Keep bees.  Bees are really a miracle.  They pollinate 75% of all the fruit, nuts and vegetables we eat and the bonus is they make honey. It's not hard to learn how to keep bees but it is best to partner up with experienced beekeepers.  The good new is that beekeeping is have a resurgence in the last 7 years so it not hard to find beekeeper groups. Again searching the Internet is a good place to start.
  • Get out of debit. Debit is modern day slavery, its what keeps you working that shit job you have. Imagine being debit free with enough money in the credit union to cover you expenses for a year. You quit that shit job and do the things you really want to do.
  • Join with you community to help each other out. For example, do you need to trim some hedges but you don't own a hedger trimmer, ask around in your community, some one has one you can borrow. What you get out of it is you can trim your hedges without having to buy one, you shared with your neighbor, and maybe made a friend. The person who lent you the hedge trimmers got the karma of helping someone out, got back a newly cleaned hedge trimmer (you did remember to clean them, right?), and also maybe made a friend.









Saturday, June 11, 2016

Your cellphone, a goverenment tracking device you pay for.

Your cellphone is a double edged sword.

On one hand it is a tool that can be used as a phone, to read your email, look at webpages, for getting directions, etc. On the other hand it is a tracking device that can be used against you and to keep tabs on you.

All smartphones sold today come with built in GPS. You can use it to find your location and figure out how to get where you want to go. It can also be used to track your movements. As of the writing of this post (June, 2016) the average 4G cell phone sold in North America has a GPS accuracy  of 3 meters, about 9 feet. This means the cell phone  GPS can tell the difference between you standing in front of your car or behind. With a special app installed on your phone your phone can be tracked and, in effect, you are being tracked.

Normally the tracking app has to be installed on your phone which means someone has to physically install the app. Most cell phones in North America are either iPhones, about 28% of the market,  or Android which is about 67% http://www.ibtimes.com/apples-ios-still-getting-crushed-android-us-2130868. The rest is either Windows phones of Blackberries. Both iPhone and Android are alike in that their is a central repository for apps to be installed on your phone.

Tuesday, March 12, 2013

Security for Activists - passwords

I've been reading a lot lately about activists and their lack of knowledge about computer and on-line security is a little scary. Given the empire's long track record of attempting to suppress and silence activists (see the Wikipedia entry for COINTELPRO) it is imperative that those in the movement know how to protect themselves and prevent the status quo from disrupting us. To that end I am planning a series of blog posts about the tools and techniques we can use to protect our selfs and to try to prevent the empire from learning of our activities.   The first blog post will be about passwords.

Most computer systems and many web-sites require the user to have a password to go along with their login. While a password may not completely prevent a hacker from getting access to your information it is the first line of defense. A well-chosen and used password will stop most of the amateur. But just having a password is not enough, the password has to meet certain requirements in order to thought of as safe. Here are a few points

The password should be at least 6 characters in length. With each character added the password gets harder to crack. If a password is composed of all ASCII printable characters, thats 95, and the password is one character in length, the number of guesses a password cracking program has to make is 95. If the password is 3 characters in length the number of guess to crack the password is 857,375 (95 x 95 x 95 or 95 raised to the third power). So a 6 character password would require 735,091,890,625 guesses. There two points I am making here 1) the longer the password the harder to crack and 2) using mixed case characters, numbers and special characters makes it even harder to crack.

Use mixed case characters, numbers and special characters in your password. Again this makes the password harder to crack.

Never use an easily guessed password. Words like "sex", "money", "secret" and "password" are not passwords. Nor should the password be something about you like the city where you were born or your significant others name. A password should never be a word found in the dictionary. A common hacking technique is called a "Dictionary Attack".

A dictionary attack is system where the program that is attempting a break in will randomly pick a work from the dictionary, say the word cat, and will attempt to login to your account while changing the case of the letters like so; cat, Cat, cAt, caT, CAt, cAT, etc. if none of these combinations works the word is marked as tried and another word is randomly selected from the dictionary until either they successfully logged in or they have worked their way through the dictionary. A phrase or word with mixed case characters, numbers and special characters on the surface looks good but it contains words from the dictionary and it's just a matter of time.

One of the more secure password algorithms is what I call the "Name That Tune" algorithm. One picks a song, say "Take It Easy" by The Eagles, then one picks a phrase from that song, lets use "Standing on the corner in Winslow Arizona". Using the first letter of each word of the phrase the password would be "sotciwa". Not bad but we can make it harder to guess by changing the case of some letters and substituting numbers for letters like so, "s0tc1WA?". We have substituted a zero for a lower case o and a one for a lower case i. We have also made the letters w and a upper case and just for the hell of it tacked on a question mark.

The really beauty of the "Name That Tune" algorithm is that it's easy to remember, hard to crack and one can talk about the password without saying the password. For example, lets say we used the above example as the root password to a group of web servers. If someone who knew the password but forgot it (it happens) wanted to know what the password was all you would have to say is, "It's the Eagles song." You have just conveyed the password without saying it and even if someone knows the "Name That Tune" algorithm that don't know which song, which phrase and how the phrase was twisted.

Having a strong password is one thing it is quite another thing if used stupidly. Writing down your password is a bad idea, especially if it is written down in a place where it can be found. I've seen cases where a root password was written on a piece of paper that was taped to top of the monitor. Another bad idea is to use your password everywhere. One of the basic principles of security is compartmentalization, that is to keep things separate. One should be using different passwords for different accounts. Maybe not every account be every different class of accounts, one for social media, one for bank accounts, etc.

One last point, one should change your passwords every 3 to 6 months. The longer a password is in use the longer the hackers have to break into your account.

Friday, February 1, 2013

I Will Not Bow Down

I Will Not Bow Down America  

I will not Bow Down
to your Government
to your Religion

I will not Bow Down America
to your Materialism
to your International Corporations
to your Religious Shrines
your Stock Markets
your Shopping Malls

I will not Bow Down America
to your Coal Mines
to your Power Plants

I will not go crawling down the deep shafts at midnight

I will not Bow Down America
to your invasion of privacy
to your moral absolutes
your religious political might

I will not Bow Down America
to your Assassins
the CIA the FBI the Corporate Police State
your Killing Murdering Machines

I will not Bow Down America
to your Bureaucracies
to your schools
to your attempt to make me the model citizen
of Your State of Your Church

I will not Bow Down America
to your Hisstory
of Lies
to your Secrets
in the Best interest of
to protect
the People

America
I pledge allegiance
to those who were here before you
to those who will be here after you are gone

America
I pledge allegiance
to the woman I love
and to our children
I pledge allegiance
to my friends and allies
my guides and angels
both seen and unseen

America
I pledge allegiance
to poetry to music to art
to the literary renaissance
to the global literary community
I pledge allegiance to the Beat to the Outsider
I pledge allegiance to meditation to stillness
to magic to beautiful mysticism to ecstasy
to AH and AHA
to the Big Bang Epiphany
to altered states of consciousness
I pledge allegiance
to seeing
into the occult the unknown
to seeing
into everyday into the ordinary
and being amazed
I pledge allegiance to the Sacred and the Profane
to gnostical turpitude
I pledge allegiance to my physical body
and to the knowledge that I am more than
my physical body
I pledge allegiance to seeing more than
the physical world and to those
of higher frequency vibration
and consciousness
I pledge allegiance to passing through
the Sacred Fire
to entering the upper chamber of the
golden pyramid
to levitating over the open sarcophagus
to out of body experience
I pledge allegiance to the hottest sex
and to gentle affection
I pledge allegiance to fractal geometry
the geometry of clouds and coastlines
to 2x2 equaling 5
I pledge allegiance to Failure
to failing as no other dare fail
I pledge allegiance to taking risks
to holy daring
to nam myoho renge kyo
to accepting responsibility for my own actions
I pledge allegiance to not achieving
the American Dream of Success

America
I pledge allegiance to trees to green grass
to brown earth to wildflowers of every color
to wilderness to turquoise Native American skies
to rivers lakes and seas
to healing the earth
I pledge allegiance to the Holy Spirit
to the Word and to Silence
I pledge allegiance to Dreams
I pledge allegiance to Birth to the Journey and to Death
I pledge allegiance
to Candor to Sincerity to Laughter and to Irony
I pledge allegiance to Passion to Compassion
to Empathy and to helping those in need |
I pledge allegiance to Resurrection of the Heart

NO
America
I Will Not Bow Down

copyright©2003 Ron Whitehead

Ron Whitehead, 932 Franklin Street, Louisville, Kentucky 40206 usa,

Sunday, January 20, 2013

Supporting the resistance, money

The other day I was in one of those large box hardware stores buying some nails. I found what I wanted and then went to pay at one of the self-service pay stations. I scanned the box of nails, popped a twenty into the machine, collected my change, and went out to my car. Just as I got to my car the thought occurred to me;  "How did the machine know I gave it a twenty?" That got me thinking.

For a while now I have been wondering how best to securely and anonymously support the various groups I am interested in.  Paying by credit card or check is a dead give away. Whether or not the government has access to the databases at my bank or credit card company is irreverent.  In the first place if the authorities wanted it, it would not be difficult for them to get access and in the second place a basic practice of any activist is to assume they are being watched. Accessing databases is really not difficult for people trained in programming. As long as one is given access, a login and password, and an understanding of how the data is laid out, a schema, then it becomes straight forward to make a query to the database.

So, credit cards and checks are ruled out. That leaves cash but how to donate securely and anonymously? Here is my thinking. There are a number of web pages talking about RFID tags being embedded into US currency others say that this is nonsense. Either way the point is there are other ways that currency bills can be tracked. Have a look at any US bill. Every one has two serial numbers on the front of the bill. It is possible, given a bills serial number, to determine what is the monetary value as well as it's printing year and which mint it was printed at. A clever programmer could write code that, given the serial number of a bill, return this information.

The next thought is how does one get their bills. Well, if I consider my actions to be like everyone else then you either get your paper money from a bank, most likely an ATM, or in change from some transaction like buying nails in a hardware store. Lets consider the ATM. Getting money out of the ATM is straight forward. You walk up to one of your banks ATM, put your ATM card in the machine, enter your PIN, select the amount you want and the machine spits out the cash and your ATM card.

OK, first step, putting your ATM card into the ATM. The card has an account number embossed on it as well as a magnetic strip. What is written onto the magnetic strip is a bank secret but one can guess it has the same number as the one embossed on the card and probability information identifying the bank as well as checksum to ensure the information has not been tampered with.  Next you supply your PIN. At this point you have proven your identity to the ATM and it now access your account. It determines if you have enough in your account to dispense the requested amount. The ATM counts out the requested amount, usually in twenties, and dispenses it and the same time it ejects your ATM card.

At this point an entry has been made in the bank's database that at such and such time, at a specific ATM, you withdrew a certain amount of money from your bank account. The ATM might have even taken your picture and added it the withdraw record. But you got your cash now you can safely send it to the organization your are supporting or can you? Lets consider the self-service check out at the big-box hardware store. How did it know I gave it a twenty ?

Well, the self-service machine scanned the bill. Every bill has the monetary value of the bill written in a very large font in each of the four corners. The bill also has the bills serial number in two places. This serial number is written in a standard font and might be printed in magnetic ink. Did the scanner read the serial number to determine the monetary value of the bill ? I think so, one more check to make sure the bill is not a counterfeit. The machine could also check for the plastic strip embedded in the paper, when exposed to ultraviolet light it fluoresce a specific color but what do you do about bill printed before the mint started putting that strip into the paper?  I have several one dollar silver certificates from the late 1950's that my grandfather gave me. It is still legal tender but does not have the plastic strip embedded in it plus also has the old layout. The serial numbers may or may not be printed with magnetic ink but the font is exactly the same so I'm pretty sure that the modern bill scanners do read the serial numbers of the bills.

If the self-service pay stations scan the bills, an assumption, then I think it is safe to assume that the ATM also scans the bills when it dispenses the bills. If it does read the serial numbers what does it do with the information. I can think of a couple of reasons why law enforcement would want to know which individual bills got dispensed to which person. Think about drug dealers and money laundering. If we go with that assumption, I know it sounds paranoid, then the safe thing is assume that every time you take money out of the ATM a database entry is made of each bills serial number dispensed to you.  Say you mail some of those bills to an organization that has been labeled a terrorist organization then you could be charged to giving support to a terrorist organization.

The rulers of this country have decided that any activist organization could be labeled a terrorist organization thereby making it easier for them to suppress decent and support the agenda of their true constituents, the corporations. As activists we need to support each other but how to do it without having the status quo take notice. I've given this a bit of thinking and in think about all of the above I have decided that the following is the way around this delima .

The way forward is to obtain bills that have not been tied to yourself. First step is to establish a pattern of usage. Deposit your paycheck or however you get paid in your bank every week or every other week based on how you get paid. Then take an amount of cash out of the ATM to last you the week, think of it, as my grand father used to call it, your walk-around money. Now, every time you buy anything, gas, food, what ever use that cash. Pay your bills you get in the mail with your checking account but everything else use your cash. Save the bills you get in change, when you get enough to make a twenty out those bills put them in a separate place in your wallet. Next time you are buying something with your cash pay the merchant then ask him if he can take the bills you have put aside and give you a twenty. Most merchants are always low on small denomination bills and will be happy to take your bills. That twenty that you just got from the merchant is not tied to you in any database so when you get home put it in a separate place like in a book or an envelope in your sock drawer. Over time you will put together a nice stash of bills.

Now how to send it to the organization you support? Simply putting it in the US mail I think is kinda of risky. The FBI has been known to open postal mail, see the wikipedia entry for COINTELPRO, and if the new paper money does have RFID tags embedded in them it wold be easy to scan for them. A better way would be using FedEX or UPS. Sending the money in a book would be best. Put in a box slightly larger than the book would make it just another box and not very noteworthy.

I know all of the above sounds paranoid but, if we have to live by Moscow Rules, the question is; are we paranoid enough

Thursday, December 15, 2011

Tools of the Occupation (Our Voices)

My Grandfather, who went to his grave a card carrying member of the Wobblies, used to tell me that the Republicans were the party of the wealthy, the privileged & the corporations and were out to fuck the working man. In the 40 since his death the GOP have done nothing to prove him wrong. In fact they have redoubled their efforts to return this country back to the 19th century. The difference between then, the glory days of the Labor movement and now is that today every man can be his own publisher.

In the early part of the 20th century, when men and women like my Grandparents were working toward change in this country, the ability to organize and spread the words and news of the deeds of the Labor movement were very limited. Radio was just beginning and most of the print media was owned by those in power who had no interest in helping the labor movement. What publishing that was done was minmograph sheets passed out on a street corner and small print run underground newspapers which were distributed mostly locally. The audience for these was small and local, mostly preaching to the converted. That was then this is now.

In the last 15 years there has been a revolution in communications, the Internet has gone from being a network of universities, research labs and DOD/DOE facilities to a world wide hookup of computers. What was once an expensive and exclusive network has become network that almost anyone can hookup to. At the same time that the Internet was opening up there has been an explosion of free and almost free software and very low cost hardware and networking that allows most everyone to have facilities that were unavailable 15 years ago.

The first and most obvious is the drop in the price of computer equipment. In the early to mid 90's an Intel 486 was a hot processor and cost around $200.00, a gig of ram was over $1000.00. Today an Intel i5 processor, which is almost 10,000 times more powerful than a 486, is about $200.00 and 4 gig of ram can be had for under $50.00.

At the same time that computer equipment has gotten cheaper and more powerful there has bee a rise in free operating systems like Linux and FreeBSD. Once a computer OS was hundreds if not thousands of dollars and it took a team of experts several weeks to install an OS. Today Linux and FreeBSD can be had for free and a computer hobbyist can install one of these in less than an hour.

Another big advance has been in networking. When the Internet was being built the standard connection was a 56 Kbits/sec line. This was between large sites. Smaller sites would be using an on demand 24 Kbits/sec dial up connection. Today the average co-location facility (a co-lo is a place where companies like Google and Apple place their servers) has a minimum of an OC-12 (600 Mbits/sec) The larger facilities will have multiple OC-192 connections to serve the co-lo. The speeds and ubuiquisness of fast connection has made the distance between data centers in Europe and North America irrelevant. What this means is that a person using a web browser in San Francisco will not see any difference, in terms of speed and latency, between a site in Chicago and one in Berlin. On the Internet national borders do not exist.

The big difference is the software. Virtually anyone who wants one can have an email address, a web-site, twitter account, a photo sharing account and an RSS feed for the asking. These resources did not exist 15 years ago. Combine these with search engines like Google and Bing and anyone who to can become a publisher and these publications can easily get the wider circulation they need. The down side to every man a publisher is every man is a publisher. Not everything on the Internet helps us. A large part is useless and there is an increasing amount of dis-information about us and our causes.

With the search engines one can find any and all points of view but this opens up opputunites for sock puppets (people pretending to be someone other than who they really are) and astro-turfing (fake grass root movements). It also allows for false flags and agents provocateurs to hijack our movements. The way out of this dilemma is for us, as a group, to collect and vet links to those web-sites, mailing lists, blogs, Internet radio stations that are truly supporting our cause and to out those sites that have been put up disrupt our movment. To that end I have started a website Redwood Empire as a start to this.

This site is a first step and it is largely disorganized but it a work in progress. One should not consider this to be the end all - be all; others, maybe you, should put up their own web-sites and link to others. Remember, an informed community is a strong community.