Archive December | Stuart's Soliloquy to the void

Archive for December, 2007

Calzone

Monday, December 24th, 2007 | Cooking | No Comments

Since we have bought an Italian cookbook, what better way to start trying out how useful it is than to make pizza? So, yesterday we tried making calzones, but since we were out of the ingredients listed in the book, we used fried mushrooms, garlic, chili pepper and chorizo. The end result: marvellous!

Tags: baking, bread, pizza, white bread

Ihre Papiere, bitte

Sunday, December 23rd, 2007 | Personal | No Comments

The surveillance society is upon us, whether we would like it or not. All in the name of catching serious criminal offenses like ‘terrorism’. In particular the digital realm is being monitored with phone calls, phone text messages and communications on the internet. Based on the EU data retention law, which I have written about here and here, my dear country, Denmark, enacted their surveillance laws a few months ago: Bekendtgørelse om udbydere af elektroniske
kommunikationsnets og elektroniske kommunikationstjenesters registrering og opbevaring af oplysninger om teletrafik (logningsbekendtgørelsen); in short, the logging proclamation. According to it, the following items must be logged in an internet session:

Transmitter’s IP address
Receiver’s IP address
Transport protocol
Transmitter’s port number
Receiver’s port number
Time for the start and end of the communication

So what does this leave us with? Sure, we can see what machine you connect to and how long your connection lasts, so for the fun of it, and because this is about as ridiculous as it gets, I decided to take a try at logging all my TCP connects/disconnects an entire afternoon and evening and see what that would lead us to discover about me. Since the originating IP in this instance is a bit irrelevant, let us focus on the receiver’s IP address and port number.

A day’s worth of log information takes up a good bunch of lines, so instead of going through all of it, I will go through enough of it to illustrate the pointlessness of the entire thing. This took less than eleven minutes to do.

11:43:11 - 11:43:13: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:11 - 11:43:16: 81.19.246.12:www (RDNS N/A)
11:43:11 - 11:43:20: 81.19.246.12:www (RDNS N/A)
11:43:12 - 11:46:41: 193.88.32.86:www (RDNS N/A)
11:43:13 - 11:43:14: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:13 - 11:43:20: 81.19.246.12:www (RDNS N/A)
11:43:15 - 11:43:16: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:15 - 11:43:16: 64.158.223.144:www (RDNS img.snv.mediaplex.com)
11:43:20 - 11:43:27: 81.19.246.12:www (RDNS N/A)
11:43:29 - 11:43:31: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:31 - 11:43:55: 81.19.246.12:www (RDNS N/A)
11:43:32 - 11:43:33: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:34 - 11:43:35: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:35 - 11:43:36: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:35 - 11:43:36: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:37 - 11:43:40: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:37 - 11:43:43: 81.19.246.12:www (RDNS N/A)
11:43:38 - 11:48:51: 80.167.236.88:www (RDNS a80-167-236-88.deploy.akamaitechnologies.com)
11:43:38 - 11:49:19: 80.167.236.88:www (RDNS a80-167-236-88.deploy.akamaitechnologies.com)
11:43:39 - 11:43:45: 81.19.246.96:www (RDNS N/A)
11:43:49 - 11:44:14: 128.242.125.13:www (RDNS N/A)
11:43:51 - 11:43:53: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:51 - 11:43:52: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:51 - 11:43:55: 81.19.246.12:www (RDNS N/A)
11:43:54 - 11:43:55: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:54 - 14:20:33: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:55 - 11:43:56: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:55 - 14:20:35: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:43:55 - 11:44:04: 81.19.246.12:www (RDNS N/A)
11:44:00 - 11:44:01: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:00 - 11:44:01: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:02 - 11:44:03: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:02 - 11:47:13: 64.158.223.128:www (RDNS ad.snv.mediaplex.com)
11:44:02 - 11:44:16: 83.133.64.252:www (RDNS N/A)
11:44:03 - 11:44:05: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:03 - 11:44:05: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:03 - 11:46:36: 193.88.32.86:www (RDNS N/A)
11:44:04 - 11:44:09: 81.19.246.12:www (RDNS N/A)
11:44:06 - 11:44:07: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:07 - 11:44:08: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:09 - 11:44:14: 81.19.246.12:www (RDNS N/A)
11:44:10 - 11:44:12: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:14 - 11:44:17: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:15 - 11:44:20: 81.19.246.12:www (RDNS N/A)
11:44:19 - 11:44:20: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:20 - 11:44:21: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:20 - 11:44:23: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:20 - 11:44:47: 128.242.125.13:www (RDNS N/A)
11:44:20 - 11:44:32: 83.133.64.252:www (RDNS N/A)
11:44:22 - 11:44:23: 193.88.71.163:www (RDNS N/A)
11:44:24 - 11:44:26: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:27 - 11:44:28: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:28 - 11:44:29: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:29 - 11:44:32: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:30 - 11:44:32: 194.126.131.130:www (RDNS adserver2.adtech.de)
11:44:37 - 11:44:38: 77.79.194.194:www (RDNS 77.79.194.194.adocean.pl)

To people who have spent some time looking into DNS, it should come as no surprise that reverse DNS is shaky at best, since most companies either don’t have the correct PTR records or they do not have them at all. So what did trigger all these calls to adtech? Well, that’s fairly easy: I visited pol.dk, which is the 81.19.246.12 entry above without an available reverse DNS. Pol.dk is the online version of the Danish newspaper Politiken, which is slightly on the left of the political spectrum, so if I consistently visit this news source as my primary source for news, people watching the logs could probably peg me to be on the left of the political spectrum as well.

11:52:16 - 11:52:17: 66.35.250.150:www (RDNS slashdot.org)
11:52:17 - 11:52:18: 216.73.86.153:www (RDNS annymegaadvip3.doubleclick.net)
11:52:18 - 11:52:22: 69.28.241.125:www (RDNS static-vip.srv.jobthread.com)
11:52:19 - 11:52:29: 66.35.250.55:www (RDNS images.slashdot.org)

Next is a trip around Slashdot to check for the latest geekish news. A huge portion of their readers are strong privacy advocates and for the most part they think copyright is too far-reaching in its current form and refer to MPAA and RIAA as the MAFIAA. At least the vocal part of their readers seem to hold these opinions. If I follow a lot of the yro.slashdot.org stories (your rights online) then odds are that I am also interested in these things and hold these views; however, from this log entry we can only tell that I’ve visited the main slashdot site.

11:52:23 - 11:52:24: 212.187.213.175:www (RDNS uk-pix05.quantserve.com)
11:52:56 - 11:53:00: 66.96.26.214:www (RDNS uf.ServerNorth.net)
11:52:56 - 11:53:17: 82.165.177.183:www (RDNS u15185240.onlinehome-server.com)
11:52:57 - 11:53:05: 209.172.63.166:www (RDNS iw-fb-apache-2.zeservers.com)
11:52:58 - 11:53:00: 66.96.26.214:www (RDNS uf.ServerNorth.net)
11:52:58 - 11:53:01: 66.207.163.2:www (RDNS N/A)
11:52:58 - 11:53:01: 64.131.83.210:www (RDNS princess.questionablecontent.net)
11:52:59 - 11:53:00: 64.4.241.33:https (RDNS www.paypal.com)
11:52:59 - 11:53:00: 64.4.241.33:https (RDNS www.paypal.com)
11:52:59 - 11:53:04: 209.172.63.166:www (RDNS iw-fb-apache-2.zeservers.com)
11:52:59 - 11:53:10: 66.96.26.211:www (RDNS uf2.ServerNorth.net)
11:52:59 - 11:53:09: 66.96.26.211:www (RDNS uf2.ServerNorth.net)
11:52:59 - 11:53:10: 66.220.2.5:www (RDNS ['ns1.keenspot.com', 'ns1.keenspace.com', 'binky.keenspace.com'])
11:53:00 - 11:53:10: 208.122.4.178:www (RDNS N/A)
11:53:00 - 11:53:01: 207.7.147.85:www (RDNS optimize.indieclick.com)
11:53:00 - 11:53:01: 64.4.241.33:https (RDNS www.paypal.com)
11:53:00 - 11:53:01: 204.11.109.21:www (RDNS a.tribalfusion.com)
11:53:01 - 11:53:08: 208.122.4.178:www (RDNS N/A)
11:53:01 - 11:53:05: 74.208.78.7:www (RDNS s214871675.onlinehome.us)
11:53:01 - 11:53:27: 66.220.2.5:www (RDNS ['ns1.keenspot.com', 'ns1.keenspace.com', 'binky.keenspace.com'])
11:53:02 - 11:53:05: 66.220.2.19:www (RDNS nineteen.keenspot.com)
11:53:02 - 11:53:09: 69.17.116.124:www (RDNS webhosting.speakeasy.net)
11:53:02 - 11:53:05: 66.220.2.25:www (RDNS twentyfive.keenspot.com)
11:53:03 - 11:53:13: 69.17.116.124:www (RDNS webhosting.speakeasy.net)
11:53:04 - 11:53:05: 66.220.2.25:www (RDNS twentyfive.keenspot.com)
11:53:04 - 11:53:14: 66.96.26.211:www (RDNS uf2.ServerNorth.net)
11:53:04 - 11:53:14: 66.96.26.211:www (RDNS uf2.ServerNorth.net)
11:53:05 - 11:53:06: 67.15.50.37:www (RDNS ev1s-67-15-50-37.ev1servers.net)
11:53:05 - 11:53:13: 66.249.93.166:www (RDNS ug-in-f166.google.com)
11:53:05 - 11:53:09: 69.17.116.124:www (RDNS webhosting.speakeasy.net)
11:53:05 - 11:53:11: 66.220.2.25:www (RDNS twentyfive.keenspot.com)
11:53:06 - 11:53:13: 66.249.93.166:www (RDNS ug-in-f166.google.com)
11:53:06 - 11:53:11: 66.207.163.2:www (RDNS N/A)
11:53:07 - 11:53:25: 12.18.170.211:www (RDNS frost.mtaonline.net)
11:53:08 - 11:53:13: 216.197.119.157:www (RDNS N/A)
11:53:08 - 11:53:11: 66.220.2.25:www (RDNS twentyfive.keenspot.com)
11:53:09 - 11:53:10: 207.7.147.85:www (RDNS optimize.indieclick.com)
11:53:09 - 11:53:11: 66.207.163.2:www (RDNS N/A)
11:53:09 - 11:53:10: 195.78.94.245:www (RDNS N/A)
11:53:10 - 11:53:25: 66.220.2.19:www (RDNS nineteen.keenspot.com)
11:53:10 - 11:53:11: 8.7.217.43:www (RDNS N/A)
11:53:10 - 11:53:11: 204.11.109.24:www (RDNS a.tribalfusion.com)
11:53:11 - 11:55:28: 209.101.90.33:www (RDNS dndorks.com)
11:53:11 - 11:53:13: 66.33.217.213:www (RDNS basic-kant.dawber.dreamhost.com)
11:53:11 - 11:53:12: 80.252.93.102:www (RDNS N/A)
11:53:11 - 11:53:13: 195.78.94.245:www (RDNS N/A)
11:53:12 - 11:53:19: 66.207.163.2:www (RDNS N/A)
11:53:12 - 11:53:13: 66.220.2.25:www (RDNS twentyfive.keenspot.com)
11:53:12 - 11:53:15: 72.29.92.15:www (RDNS server.whiteninjacomics.com)
11:53:13 - 11:54:22: 192.217.199.107:www (RDNS N/A)
11:53:13 - 11:53:19: 66.207.163.2:www (RDNS N/A)
11:53:13 - 11:53:19: 66.33.217.213:www (RDNS basic-kant.dawber.dreamhost.com)
11:53:14 - 11:53:17: 64.131.83.210:www (RDNS princess.questionablecontent.net)
11:53:15 - 11:53:16: 216.197.119.157:www (RDNS N/A)
11:53:15 - 11:53:19: 209.101.90.33:www (RDNS dndorks.com)
11:53:16 - 11:53:17: 8.7.217.43:www (RDNS N/A)
11:53:16 - 11:53:20: 64.233.171.104:www (RDNS rn-in-f104.google.com)
11:53:16 - 11:53:20: 64.233.171.104:www (RDNS rn-in-f104.google.com)
11:53:17 - 11:53:18: 8.7.217.43:www (RDNS N/A)
11:53:18 - 11:53:24: 208.122.4.178:www (RDNS N/A)
11:53:18 - 11:53:24: 208.122.4.178:www (RDNS N/A)
11:53:18 - 11:53:29: 66.249.93.166:www (RDNS ug-in-f166.google.com)
11:53:20 - 11:53:22: 207.44.216.40:www (RDNS 1002-3.lowesthosting.com)
11:53:20 - 11:53:22: 66.228.125.212:www (RDNS server3.blibs.com)
11:53:23 - 11:53:24: 217.163.21.31:www (RDNS ad1.vip.rm.ch1.yahoo.net)
11:53:23 - 11:53:24: 217.163.21.31:www (RDNS ad1.vip.rm.ch1.yahoo.net)
11:53:24 - 11:53:42: 69.89.31.88:www (RDNS box288.bluehost.com)

This bunch of sites are the webcomics I read. There are a few of them, as you can see. Now, we don’t actually need to go any further than this in dissecting my personal browsing habits to see where this falls apart. A few of them are hosted on a hosted solution for a bunch of webcomics on keenspot. So how do we discern between what we actually visited on that specific address given the logs? Well, you can’t! This has all to do with the fact of how webservers host non-SSL webpages.

At the core level a webserver runs on a machine, typically listening on port 80 (the www port). This webserver may provide any number of pages using what in the Apache world is known as virtual hosts, so if you request a page from foo.com it will serve you one set of pages, and if you request a page from bar.com it will serve you another set of pages, but all this will happen just by you connecting to port 80 on some machine. If we couple this with the fact that a terrorist could be running a webserver that serves two sites: a reputable site that logs calls and a shady terroristy site (advocating privacy, or what have you) that does not log visits then it does not require huge amounts of training in Computer Science or in systems administration in general to quickly see zillions of ways through this.

Fortunately we have expert politicians dealing with these things. In fact, in Danish law we have something called §20 questions where a minister can be forced to answer some question from a member of parliament (folketinget). Here we have a question asking the justice minister’s opinion on the fact that a survey indicated that 54% of educated Engineers and Computer Scientists thought they could circumvent the legislated logging. For the non-Danish readers I will translate the minister’s answer:

I have no further knowledge of the survey that is referred in the question, including how and on what accounts Computer Scientists and Engineers think they can circumvent the requirements in the logging proclamation.

The purpose of the rules on logging is to prevent and solve very serious crime and it is difficult for me to imagine that Computer Scientists and Engineers in general would have a wish to try to circumvent the rules in this area.

It should be noted that it, in itself, will cause an increased attention on a person if the police, in the course of an investigation of a person, discover that he has tried to circumvent the logging proclamation.

In other words, it is suspicious to circumvent the logging, even though over half the higher educated IT workforce believe they can circumvent it without issues. I guess the criminals are extra fearful on account of this, it’s not as if the criminals are breaking a bunch of other laws already. Since I prefer to not be a suspect, I will not regale you with the ways this can be circumvented, but suffice it to say, the law is a joke, and the justice minister’s understanding of the implications are a joke. If it wasn’t so very sad, I’d probably be laughing my ass off.

If you wish to redo this experiment, or if you just want to see exactly how much information is logged about what you are doing online, grab a copy of tcpspy and leave it running for a while. If you are in Denmark, then all this is logged and is related to you personally (another requirement of the proclamation), or rather it is related to the account holder of the internet connection you are using, because there is no way to discern between the individuals using a connection, and it is saved for a year and made available for all investigations into ‘serious crime’. Welcome to the surveillance society, your privacy is gone.

Tags: legislation, privacy, surveillance

Toffee pie

Sunday, December 23rd, 2007 | Cooking | No Comments

One particular kind of food that we are very fond of is cakes of all sorts. The photo below shows the toffee pie, which is a regular pie dough with home-made caramel poured onto the baked dough and with a cover of meringue. Lovely.

Tags: baking, cake, dessert, pie

Il Cucchiaio d’Argento

Friday, December 14th, 2007 | Personal | No Comments

My wife and I both appreciate good food, be it Danish, French, Chinese, Thai, Italian, or what have you. Our bookcase will most likely bear witness to this as we have an entire shelf dedicated to cookbooks. A few days ago when we were passing the time until my wife’s boots were fixed, we invariably found our way past a bookshop, and, of course, to the cooking section (I had to drag my wife away from the gardening section, but that’s a whole other matter).

In Denmark we have some solid classics like God Mad: Let at lave (Good food, easy to cook), and Frk. Jensens kogebog (Mrs. Jensen’s cookbook), and both are fairly complete with lots of information about cooking. However, the book I discovered in the bookshop put both to shame, Il Cucchiaio d’Argento (Sølvskeen in Danish, The Silverspoon in English) is the traditional Italian cookbook, with more than 2000 recipes from all the Italian regions. As a testament to its completeness, the book weighs in at over a thousand pages, more than 20 recipes with rabbit, themed recipes from antipasto over pesci (fish) to carni (meat) and dolci (desserts).

The cookbook is entirely unwieldy and extremely lovely, and while there are altogether too few pictures of the food, the book promises to turn you into a real connoisseur on traditional Italian food, and with the thorough descriptions of what kitchen equipment serves what purposes, illustrations of how animals are cut and what each piece of meat is good for, it will, in my opinion, be a priceless reference when cooking. Lastly, as the book also mentions, nothing goes to waste in the Italian kitchen, so the book also features recipes on brain, ox jaws and calf head. Intriguing!

Buono appetito.

Tags: book, book review

Boiled sweets

Thursday, December 13th, 2007 | Cooking | No Comments

Sweets. It is the ever corrupting sugary epiphany that drives us back to their delectable temptations. Home-made boiled sweets doubly so.

Sorry about the flash reflection, it’s really hard getting these shots good (either that or I need to work on my photography skills) due to the less than ideal lighting conditions in our house in these dark winter months. We really need to figure out what lamps we’d like to get. We still haven’t gotten around to that yet and we’ve already lived here for over a year. Crikey!

Edit: Updated the post with a new photo taken with somewhat better lighting conditions. It helped tremendously, but we still need to figure out what lamps we want to have in the house, of course.

Tags: candy, dessert, sweets

RSS Feed

Stuart's Soliloquy to the void

A blog on development, baking and the universe.