Whatihavetosay

Founded in 2006 by Rick Falkvinge, the Pirate party movement has scored some significant victories over the years.

The greatest success is the continuing presence in the European Parliament, but in Iceland the local Pirate Party is writing history as well.

The Pirates have a great track record in Iceland already, with three members in the national Parliament. However, many more may join in the future as the Pirates have become the largest political party in the polls.

Earlier this year we already reported on this remarkable achievement. At the time the Pirate Party had 23.9% of the polled votes, a number that has now grown to 34.2% in the last MMR survey.

According to the most recent polls the Pirate Party now has more support than the local coalition Government, which consists of the Independence Party (21.7%) and Progressive Party (10.4%).

The continued rise is quite a success for a party that was founded just three years ago, and for now the upward trend continues.

TF spoke with Ásta Helgadóttir, Member of Parliament for the Icelandic Pirate Party, who believes that many people are fed up with the current state of politics.

“I believe people are tired of the old fashioned politics the old parties are practicing,” she says.

“We have been focusing on making decisions based on evidence, being honest when we make mistakes and ready to change our minds if that is needed. We have also been working on changing the system from within and demanding that the people in position of power are responsible for their actions.”

Unlike some outsiders believe, the Pirates are not a one issue party. The party is known to fight against increased censorship and protect freedom of speech, but also encourages transparency and involvement of citizens in political issues.

“We are working on taking our democratic system into the 21st century,” Ásta says. “The division between the executive and legislative should be much clearer than it is today, as ministers can and most often are also members of parliament now.”

This is just one of the many ideas the party is working on. While the current poll results are promising, it has to hold these for a while as the next elections are scheduled in 2017.

While the Pirate Party may be more popular than the current government at the moment, it doesn’t mean that governing is a main goal. The Pirates just want to make sure that the status quo changes.

“We don’t really want to govern, but rather have the system working as a whole where everyone in it has responsibility for their actions.”

“I don’t know how realistic it is that we’ll form a government, only time will tell,” she concludes.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

In Western countries piracy is often seen as a leisure tool, granting people unauthorized access to the latest hits and Hollywood blockbusters.

However, there are also parts of the world where piracy is frequently used as a means to gather and spread knowledge. In parts of Africa, for example, where legal access to educational books and software is often restricted or unavailable.

Over the years we have seen various illustrations of the educational importance of piracy in developing countries. When the e-book portal Library.nu was shut down, for instance, we were contacted by a United Nations worker in Kenya, who voiced his disappointment.

“I am very concerned about the recent injunction against library.nu. The site was particularly useful for people like me working in Nairobi, a city that has no more than four bookshops with nothing but bestsellers,” the UN worker informed TF at the time.

In an effort to determine how piracy affects literacy and the spread of knowledge, the African Governance and Development Institute conducted an in-depth study comparing piracy and human development data from 11 African countries.

The findings, presented in a paper titled “The Impact of Software Piracy on Inclusive Human Development: Evidence from Africa” show that “software piracy increases literacy”.

“Adoption of tight IPRs regimes may negatively affect human development by diminishing the literacy rate and restricting diffusion of knowledge,” the authors write.

Not all copyright protection measures have a negative effect though, and the researchers found that is negatively linked to the human development index.

“Adherence to international IPRs protection treaties (laws) may not impede per capita economic prosperity and could improve life-expectancy,” the paper reads.

The paper reports mostly correlational data so it’s not unthinkable that countries where human development is higher have less need to pirate, as there are better alternatives.

The reverse effect could also apply to the literacy findings but according to the researchers this is unlikely. Researcher Simplice Asongu informed TF that his previous work showed a causal effect from piracy on scientific publications.

“I tested the impact of piracy on scientific publications and established a positive causality flowing from the former to the latter,” Asongu says.

From that research, it was concluded that African countries with less copyright restrictions on software will substantially boost the spread of knowledge through scientific and technical publications.

The findings reported here are limited to the effect of software piracy, but it’s not hard to see how book piracy may also positively influence literacy and the spread of knowledge.

In sum, the research suggests that piracy does have its positive sides, especially in terms of human development. Still, it seems unlikely that rightsholders will take that into account when lobbying for new policy changes.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

MakuluLinux Cinnamon is a freely distributed, easy-to-use, easy-to-install, portable and open source desktop-oriented operating system based on the award-winning Debian GNU/Linux distribution and built around the beautiful, lightweight and modern Cinnamon desktop environment.

Its claimed as a very first x64 Edition for Makulu Linux family. This release is special for so many reasons, It is sure to mark a major milestone, not just for Makulu, but considering what is inside, the whole of the linux world.

Source:http://linux.softpedia.com/get/Linux-Distributions/MakuluLinux-Cinnamon-103650.shtml
Submitted by: Marius Nestor

Read more of this story at Slashdot.

SSH is the de facto remote access technique for Ubuntu and Linux servers and yet some of the defaults you'll get from sudo apt-get install ssh can be downright dangerous in the wrong circumstances. This article will steer you around the biggest pitfalls to keep your server's front door well protected.

Good security is all about layers.

It's not enough to pick a strong password or hide your SSH server. You need to take multiple approaches to wrap your server. Ubuntu gives you fairly sane application defaults but in terms of actual security, it's only going to stop you setting a <6 character password. Installing SSH on a brand new Ubuntu install with a weak password can result in a near-instant hack.

I'm suggesting the following in order of importance. They can be applied independently but I would strongly suggest using all of them. There are some extension ideas at the end for the really paranoid.

And none of these is a substitute for other good-security practices. Keep your packages and websites updated, don't run things you don't need and use a firewall so only the right services are exposed to the internet.

Stop logging in as root directly

Generally speaking you shouldn't need to run as root to get things done. Modern systems have utilities like sudo that make group-based permissions easy to allocate. I'm not going to enumerate all the reasons for not using root directly here but for the purposes of attacking a server, if root login is allowed, the attacker knows the username it should be attacking. If you disable it, they would also need to guess your username. Layers, baby.

So if you're still running everything as root, let's change that. Log into the server (as root) and we'll start by creating a user in the sudo group. If you're using an Ubuntu machine from before 12.04 —or one updated from then— you may need the admin group.

adduser <username> sudo

Try logging in as that user and make sure commands like sudo whoami work (it uses the account's password, not root's). Then we need to disable root login. This is a two-pronged attack. We'll start by removing the root password:

sudo passwd -l root

Then we'll explicitly disable root access via SSH by running:

sudo sed -ir 's/^(PermitRootLogin) .+/\1 no/' /etc/ssh/sshd_config
sudo /etc/init.d/ssh restart

Use key-based authentication and disable password authentication

A strong passphrase might keep you secure enough today but the botnets of tomorrow are going to chow through 20+ char phrases. What is impossible today will be childsplay in ten years time.

Key-based authentication uses algorithmic signing to verify a challenge/response and encrypt traffic between server and host. You keep a private half of the key in your $HOME/.ssh/ directory and upload a public hash to the server (under the remote users' $HOME/.ssh/authorized_keys file).

While theoretically still crackable, it makes your "password" thousands of characters long and full of punctuation; essentially impossible to crack within the lifetime of any would-be attacker, even factoring in the advance of computing.

There are multiple types of key cryptography on offer. DSA and RSA are probably strong enough and are supported everywhere. Newer versions of Ubuntu support elliptical-curve algorithms. These are shorter and generally considered stronger encryption than a similar RSA or DSA keypair counterpart (please feel free to correct me in the comments).

Anyway, let's create a key on the client. I'm using the fancy newer ed25519 crypto (suitable for 14.04 but not 12.04 clients and servers). If you need 12.04 support, use -t rsa.

ssh-keygen -t ed25519

This will give you an opportunity to add a password to your key. This is optional but it does make it two-factor authentication (something you have, something you know). Certainly worth considering if you feel there's any risk of your private key falling into the wrong hands before you can revoke it.

When you're done there, let's upload the public half:

ssh-copy-id user@my.host

ssh-copy-id supports a -p <port> argument if your sshd already lives on a port other than 22.

OSX users can use a bit of simple scripting to emulate ssh-copy-id:

cat ~/.ssh/id_ed25519.pub | \
  ssh user@my.host "mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys"

It's a bit harder in Windows. You're probably limited to RSA/DSA. The procedure is essentially:

• Download and generate a key with PuTTYgen
• Install the key in PuTTY
• Upload the .ppk file to the server
• Convert and insert your public key into ~/.ssh/authorized_keys

  ssh-keygen -i -f id.ppk >> ~/.ssh/authorized_keys
  

You should be able to log in without a password now with just ssh user@my.host. Once all your SSH users have keys, and you have tested them, we can disable password login. Run sudoedit /etc/ssh/sshd_config and change

sudo sed -ir 's/^#?(PasswordAuthentication) .+/\1 no/' /etc/ssh/sshd_config
sudo /etc/init.d/ssh restart

Before you close you current connection to the server, test the following in new local terminals:

• ssh user@my.host should work still, and
• ssh -o PubkeyAuthentication=no user@my.host should deny entry.

Block brute-force attackers with fail2ban

Even with an "uncrackable" authentication method, we shouldn't be over-confident. Why would we want to let people keep attacking our a once we know they're trying to maliciously attack it? fail2ban is a great system that watches various log files for bad login attempts (amongst other things). If a number of failed attempts come from one IP within a certain timeframe, that IP is blocked for five minutes.

This level of time-ban isn't going to ruin your life if you accidentally need to try five or six attempts at legitimately remembering your password but it's going to completely arrest a true brute force attempt by limiting it to 72 attempts an hour. Given they would likely need to attempt billion of billions to crack your key-based auth, attackers will very quickly give up when faced with that throughput.

Installation is dead simple too:

sudo apt-get install fail2ban

It ships with a number of filters. /ets/fail2ban/filters.d/ contains the configurations for discovering perpetrators and /ets/fail2ban/jail.{conf,local} handle how they're dealt with. There are SSH rules included by default.

Move the SSH server to another port

Every bot scanning for exploitable and crackable SSH servers is looking on port 22. Let's move your SSH server off to a port other than 22.

Some people claim this is mere "security through obscurity" but they're clearly not paying attention. Security through obscurity refers to situations when secrecy is your only line of defence. Having a hidden but otherwise open door, for example. We still have all our other security. We're just adding a layer of camouflage.

This won't stop a directed attack. Somebody checking all your ports will find it but that does take extra time and that means it stops the everyday people scanning for exploits.

The first thing to do is pick a port. You have a huge choice but I would suggest something in the 10,000-64,000 range that isn't already taken and most importantly, something that isn't in use by your server currently. Once you have that, log into the server and run:

sudo sed -ir 's/^(Port) .+/\1 12345/' /etc/ssh/sshd_config
sudo /etc/init.d/ssh restart

Obviously change the port number to the one you want. Finish by restarting SSH: It is critical that you test this on the new port before you disconnect your current session. Open a new session in a new client terminal:

ssh -p 12345 user@my.host

If that doesn't work, something's sqwonk.
Check /etc/ssh/sshd_config for obvious issues, fix them and try again.

You can make things easier by editing your local ~/.ssh/config to tell it about your new server configuration:

Host my.host
    User user
    Port 12345

Then you'll be able to run ssh my.host and you'll be straight in.

Network isolation

So a bunch of computers in China and Russia are still trying to crack your SSH server? Well, why do they have access to it in the first place? Most people only access their server from a limited number of networks. You have a couple of choices here.

You can whitelist a few addresses if you have static outgoing addresses. This is obviously unsuitable for people who are on dynamically assigned IPs (unless you know every IP your ISP can allocate you) but works well if you're on a static IP or can route your connection through one. To enable this we run sudoedit /etc/ssh/sshd_config and add a line like:

AllowUsers *@1.2.3.* *@7.8.9.*

This is the equivilent of whitelisting any user from the 1.2.3.0/24 and 7.8.9.0/24 subnets. You can add wildcards further up the IP to widen the net. It wouldn't take too long to work out your ISP's entire range and enter that in. Similarly you could just add a single IP if you want to limit it to a single IP. Once you've done that, sudo /etc/init.d/ssh restart and test that it works before you disconnect.

If that's impractical (because you hop between too many networks, you could adopt a GeoIP blocking in IPTables.

And if you have more than one server, you could designate one as the main SSH server and limit SSH connections to the others from that server's IP. It complicates some connections (like deep SFTP access) but it ultimately protects the herd.

Ideas for going further

By this point we're blocking all but the most concentrated attacks. Somebody is going to need a colossal botnet and more than one lifetime to crack your system through conventional means. There is still the risk that somebody could discover your SSH port and deploy an exploit against an unpatched vulnerability.

I can offer you here are a few more ideas for further obfuscating access to the SSH server:

• Port-scan detection and blocking using psad. This rate-limits your discovery but is circumventable with enough bots; there are single botnets big enough to handle one port each.

• Port knocking keeps the port locked down until a client taps the right sequence of ports. It's like adding a mined garden path up to your door. However, this would happen in the open and could be sniffed on the local network. Plus it's a pain in the arse if you don't have a knock client.

Whichever combination of solutions you end up going with, remember that SSH isn't the only way into a system. Make sure you use a firewall to block access to services that don't need to be externally (ufw is a good one for Ubuntu users, just make sure you allow your new SSH port before you activate it) and keep things (including popular web-scripts like Wordpress and Drupal) up to date.

And if none of this meant anything to you, perhaps you shouldn't be running a web-accessible server. I don't mean that in an unkind way but just because anybody can afford to rent a VPS these days, doesn't mean they're ready for the job of looking after it. Keeping on top of security can be miserable at times. If you think you fall into that bracket, by all means learn on Ubuntu at home but go with managed web services. Or hire me or some other chump to look after your server for you.

Read more of this story at Slashdot.

Tomorrow is The Day We Fight Back and its good to know Mozilla is lending its name to support this day of action which focuses on restoring privacy and ending spying by intelligence agencies. You can signup and add the code or if you use WordPress install the plugin and help support TDWFB!

Read more of this story at Slashdot.

From humble beginnings a few short years ago, the smartphone and tablet app market has turned into a monster, with some predicting sales nearing $30 billion this year.

However, while millions of apps are sold with a price tag of a few cents to a few dollars, the real beauty of the market is that countless games and utilities are completely (or at least initially) free of charge. These apps make their revenue from advertising or in-app purchases, reducing the barrier to entry to the lowest possible level and elevating user-bases to previously unimagined levels.

One such app that has done incredibly well is Flappy Bird. The game was introduced in May 2013 but in just over six months has turned into a giant, clocking up 50 million downloads on iOS and Android. The game is a social media phenomenon but now the dream is coming to an end.

Over the weekend Dong Nguyen, the creator of Flappy Bird, announced that he would be removing the game from sale, claiming it had ruined his life. While some gamers reacted with relief that they could reclaim some of their lives back, others late to the game are bitterly disappointed that it’s no longer available.

But of course, it is.

Torrents for both the iOS and Android versions of Flappy Bird are currently doing very well indeed on The Pirate Bay and other torrent sites. So-called DDL (Direct Download) sites, forums and associated file-hosting sites are also doing a roaring trade on the game’s withdrawal, and posts have been appearing around the web on where to get a copy of the game and how to install it.

But to have people bending over backwards to pirate what was until recently a free game is a huge opportunity lost. There are reports that Nguyen had been making $50K a day from Flappy’s in-game advertising, which is money that dozens of charities would happily fight over. Still, it’s Nguyen’s game to do with as he likes.

Which raises an interesting point.

The introduction of ad-supported models have removed a significant incentive for many people to pirate and have allowed free products like Flappy Bird to thrive and generate revenue for their creators. But what happens when their creators decide they’ve had enough? Someone illegally downloading Flappy Bird today is definitely not depriving Nguyen of any revenue and he’s on record as refusing to sell the game and has stated that he’s not interested in its future.

Does that make it completely Ok then, morally and by any other barometer, to snag a ‘pirate’ copy of a piece of gaming history and help stop it drift into oblivion?

With the Internet Archive now proudly and openly offering a torrent containing thousands of MAME arcade games from the 70s, 80s and 90s for free download, there is definitely a feeling that much-loved, abandoned (but probably still copyrighted) games should be kept alive.

Whether a game that died just 48 hours ago qualifies for resurrection is something up for debate but one thing is certain. The press this game has got will ensure that Nguyen’s next creation is a huge hit from the second it lands, even if it did take the needless death of a bird to achieve that.

Or maybe its sacrificial slaughter had been on the viral marketing agenda for some time….

Source: TorrentFreak, for the latest info on copyright, file-sharing and VPN services.

Read more of this story at Slashdot.

Read more of this story at Slashdot.

For many years Spain was a country leading the way when it came to liberal attitudes towards those who share files online. Spaniards have become accustomed to obtaining media for free and as a result file-sharing networks and sites have flourished.

With that background today’s news comes as somewhat of a surprise. The case involves a user known as nito75 who used his computer to share 5,100 tracks via hub-based file-sharing application Direct Connect.

With the assistance of anti-piracy monitors DtecNet, local music/anti-piracy group Promusicae tracked nito75 down to his ISP via his IP address, but beyond that the sharer remained unidentified.

In response, major recording labels Universal, Sony, Warner and EMI took legal action against R Cable y Telecomunicaciones Galicia, nito75′s ISP, in order to prevent further copyright infringement.

As a result, Commercial Court 6 of the Provincial Court of Barcelona has just handed down a first-of-its-kind decision against the ISP, which orders it to “immediately and permanently stop providing Internet access to the user ‘nito75′.”

In their decision the judges explain that placing copyrighted music tracks on a computer with the aim of allowing their distribution to others “is an act of [illegal] copying and communication” since only the music companies have the right to engage in the reproduction and public communication of their content.

In previous file-sharing cases Spanish courts have been interested in whether the alleged infringer carried out sharing for financial gain. No such proof was presented in this case.

The landmark judgment, which is the first ordering a Spanish ISP to disconnect a file-sharing customer, overturns an earlier decision which found that nito75 had not committed copyright infringement.

The personal circumstances of nito75 are unknown, but it is possible that his or her entire household will now be disconnected from the Internet, something which may yet be deemed excessive under European law.

The lawfirm which represented the labels has not yet responded to TorrentFreak’s request for comment.

Source: TorrentFreak, for the latest info on copyright, file-sharing and VPN services.

Read more of this story at Slashdot.

Read more of this story at Slashdot.

Any digital, private communications channel can be used for private protected correspondence, or to transfer works that are under copyright monopoly.

In order to prevent copyright monopoly violations from happening in such channels, the only means possible is to wiretap all private digital communications to discover when copyrighted works are being communicated. As a side effect, you would eliminate private communications as a concept. There is no way to sort communications into legal and illegal without breaching the postal secret – the activity of sorting requires observation.

Therefore, as a society, we are at a crossroads where we can make a choice between privacy and the ability to communicate in private, with all the other things that depend on that ability (like whistleblower protections and freedom of the press), or a distribution monopoly for a particular entertainment industry. These two have become mutually exclusive and cannot coexist, which is also why you see the copyright industry lobbying so hard for more surveillance, wiretapping, tracking, and data retention (they understand this perfectly).

Also, the means of discussing knowledge and culture has changed quite a bit with new enabling technology. Before the internet, you’d discuss a song or movie by listening or seeing it on your own and then discussing it together; today, the culture and knowledge itself is part of the discussion – we share a file with something and then discuss it, all in the same conversation. Therefore, the initial statement that a private communications channel can be used for either private, privileged correspondence or violations of the copyright monopoly isn’t really true; the way we talk and work today, it’s used for both at the same time.

When I was a young kid, the Internet did not exist. My father and mother would tell me stories at bedtime; stories that I would normally have told to my kids in turn. For some reason, this is now illegal. (Not that the law is being respected – but still.) This is a very similar example of how private communications is also used for cultural exchange, although before the net and “modern” law on the area.

In one of my first presentations on this subject in 2006, at the net-entrepreneur SIME conference in Stockholm, Sweden, I gave a piece of advice to wannabe entrepreneurs that relates to this observation.

I said; “The companies that will be struggling in ten years will be those with business models that depend on preventing people from sharing with each other. The companies that survive will be those who are indifferent to sharing. But those who thrive and dominate, they will be the ones that wholly depend on people sharing with each other.”

Eight years later, this seems rather obvious, but it wasn’t in 2006. At the time, it was rather provocative that somebody would have a business model that depended on sharing.

So what’s that magic sentence, then, after all this background? It’s this (somewhat paraphrased):

“The very concept of a business around the copyright monopoly revolves around the ability to prevent people from telling each other interesting things.” — Scary Devil Monastery (as part of a larger comment to this article)

And that, in a nutshell, is why the copyright industry is dead as a doornail. It’s just zombieing around for a bit first.

Source: TorrentFreak, for the latest info on copyright, file-sharing and VPN services.