Dan Siemon

From How to Lose Your Job on Your Own Time:

Personal disclosure is the norm on social networking sites. But the Pew study included an unexpected finding: Teenagers have the most sophisticated understanding of privacy controls on these sites, and they are far less likely than adults to permit their profiles to be visible to anyone and everyone.

If you are a teenager, restricting public access to your profile has the nice effect of restricting your parents access to your social network data. I suspect lots of teenagers have pictures from parties and other activities that they don’t want their parents to see. This makes me wonder how much the use of privacy controls by teenagers has to do with a desire for more privacy in a general sense versus hiding from mom and dad.

Teenagers are also much more under the control of other authority figures than most adults are. Teachers are a good example of this situation. It is dangerous to speak negatively about your teacher when there is no way to know that they are not following your online activities.

Monitoring how these same teenagers change their privacy settings as they mature and become more independent would be a very interesting study.

A few years ago I wrote about the backup script that I use to do daily and weekly backups of my computers. Since this script must run unattended it makes use of a passphrase-less SSH key. The SSH key in question only exists on my main workstation and is used to login as a user which does not own any other files. While this isn’t a big security problem it would be nice to limit the privileges of this user. To this end I started using scponly some time ago. Scponly is a restricted shell which limits a logged in user to only executing a few commands such as scp, sftp and rsync. This small set of available programs greatly reduces the chances that the user will be able to find a local exploit. Scponly is already packaged for Fedora so installing it is simple.

yum install scponly

Setting an user’s shell to scponly is accomplished with the usermod command.

usermod -s /usr/bin/scponly backup

Like any shell, scponly must also be added to /etc/shells. Just add “/usr/bin/scponly” (without the quotes) to the end of this file.

As I mentioned when describing the backup script, the script works great except for large amounts of data such as media collections. Over time my photo collection has grown to over nine thousand images and now consumes more than eighteen gigabytes of disk space. So today I decided to cron up rsync to synchronize my photos to the same location where my backups are sent every night. Unlike my backup script, rsync will only send the changes to the remote server not the entire archive.

After much debugging I discovered that the most recently released version of scponly does not work with rsync. The thread where this problem was first discussed started in March 2006. More related posts can be found in subsequent months. Fortunately the scponly authors have fixed this bug in their CVS repository so I built a RPM for the CVS version.

scponly-4.7CVS20071229-1.fc8.x86_64.rpm

scponly-debuginfo-4.7CVS20071229-1.fc8.x86_64.rpm

scponly-4.7CVS20071229-1.fc8.src.rpm

This package successfully upgrades the scponly package provided by Fedora. Hopefully these RPMs are useful to someone.

The main yum executable doesn’t have an option for downloading source RPMs. Fortunately, this task is made easy by yumdownloader which can be found in the yum-utils package.

yum install yum-utils
yumdownloader --source scponly

This will leave a copy of the scponly source RPM in the current directory.

I didn’t have much time for tourist activities on my recent trip to San Francisco but I did manage a few pictures.

These pictures were taken from San Francisco’s famous pier 39. The island is Alcatraz and if you look closely, you can see the golden gate bridge behind the ship.

A Preview of HTML 5 gives a quick overview of some of the new features being worked on as part of HTML5. Especially interesting is the fact that HTML5 is being developed based on the DOM representation not the syntax as was done with previous versions of the standard. Also, two serializations, HTML and xHTML will be supported.

Good friends of mine, Darryl and Kate, are in the final stages of opening a dog and cat kennel just out side of London, Ontario. Below are a few pictures that I took at the grand opening yesterday.

Countryside kennel: Dog and Cat Resort

Article in the London Free Press on the kennel

Network address translation (NAT) has become so common on the Internet that many people consider it normal for their Internet access to use NAT. It may be common, but it is not how the Internet is supposed to work. A large amount of unnecessary complexity has to be added to applications to work around NAT.

For more information take a look at this list of things NAT breaks.

And just for the record, NAT is not a security device. This is the most common argument I hear when I try to tell people how much NAT complicates Internet software. For more information on NAT and security read this NANOG thread (the topic changes to security and NAT a few posts in).