Wednesday, June 24, 2009

No Comparison

Texas is refusing to join an effort to develop national standards for Math and English education. Texas, Alaska, Missouri, and South Carolina are the only states to decline. The stated reasons for refusing to participate and declining these Race to the Top Funds is cost and maintaining independence. The cost excuse doesn't hold water since a cost that is currently borne entirely within the state would be shared among many. The second reason, distaste for adopting any idea that wasn't developed in Texas, may well be sincere but is hardly helpful. My contention is that the real reason for refusing to participate is something else altogether: Texan politicians don't want a transparent comparison of our schools' achievements with those of other states.

What many people fail to recognize about the current No Child Left Behind program is that is measures how well schools and districts meet their own state standards. So states which set low proficiency standards will find that they perform better on NCLB measures than states that set a higher bar. And because each state develops its own testing, there is no easy way to see which states set the bar lower than others. This makes it possible for politicians in states to tout their achievements with the federal NCLB (making it seem to voters that this is a real national comparison) even as standards and results remain low. People in the state, wanting to believe that their state is holding their own, are eager to believe their politicians. This leads to a Lake Wobegon effect, where every state is above average.

I have argued earlier that there is nothing wrong with low minimum standards as long as they used as minimum standards instead of as targets. But the current system, in which each states sets its own target and then is judged on how well it meets that, just encourages a race to the bottom. What we have now obfuscates comparison among states, but we are going to break out of this race to the bottom, we need relatively easy and reliable ways for the public to compare education in the various states. So let's not let the State of Texas' pride and independence stand in the way of creating an education system that we can honestly be proud of.

Monday, June 22, 2009

Tor for Windows: Easy!

In my previous post, I put in a big plug for people setting up tor relays to help those in Iran browse the web anonymously and evade censorship. What I didn't mention is that installing Tor on a Windows desktop machine is apparently very easy.

There is a very nice blog post describing exactly how to do this over at Ian's Brain.

Update: Ian Souter's site is down at the moment. The information he posted about Tor is cached on google.

Tor or Squid for Iran proxies?

The short answer is do both.

Please note that the people (Austin Heap and Helpful American) who are working to safely pass on information from Iran the rest of the world via twitter are recommending that people set up HTTP proxies. So the people who are in contact with the Iranians who are working to pass messages on have their recommendations. Obviously they know better the needs of the people in Iran than I do. Nonetheless, I am going to recommend another approach that can be pursued along side the use of squid.

As I've mentioned earlier, Squid and other HTTP proxy servers were not designed for the purpose we are putting them to. Squid is a powerful tool which can be configured to do what is needed, but even properly configured it has some limitations. Also squid is very easy to configure for those who are familiar with Unix configuration files, but configuration may be daunting to others.

I am far from the first to recommend tor for this purpose, but I do wish to provide a description of why in the long run tor will be the safer and more effective approach to providing online anonymity and evading censorship. However, running a tor really does have one very substantial drawback which I will get to later.

Logging connections

Squid knows the source IP address of the machine that using it, and it knows what website people are connecting to. This information, in the hands of the bad guys, could be very dangerous to the people we are trying to help. We are therefore given instructions to turn of logging. Or at least to anonymize the information that is logged as I described in my previous post. But there are two problems with this,

  1. The people using your proxy can't know for certain that you have anonymized logging
  2. Even if you do disable or anonymize logging, your machine still receives this information; and so if your machine is compromised, that information can be captured

Tor provides a peer-to-peer anonymized network and so only when your machine is used as an entry point will it know the IP address of the source and only when it is used as an exit point will it know the destination information. For most transactions, your machine will have no information whatsoever about either source or destination, and for no transaction will it have information about both. Thus no one can steal information from you that you don't have. And end users can trust that you are neither accidently or deliberately collecting sensitive information.

Anonymizing and abuse

This true anonymizing that tor allows leads to its biggest drawback. You have no control whatsoever of who uses it. Because your system can't know what networks the originator is from you can't, say, allow Iran and block Russia. If you run a tor relay that allows exit you should inform the abuse desk of your ISP of your intentions. Note that you can run tor as a relay only, meaning that it only passes on connections to other tor peers, but what is most needed are people that are willing to run exits.

Protection from snooping

[This section is an update. I had forgotten to mention this very important point until someone reminded me in the comments.] HTTP traffic from a source in Iran to your HTTP proxy is unencrypted. This means that the operators of bits of the network (the government of Iran) will be able to eavesdrop on the communication. Secure web traffic, HTTPS, is already blocked from Iran, which strongly suggests that the government is listening in to HTTP traffic. With tor, on the other hand, the traffic from the source and throughout the network of tor relays is encrypted. It is only when the traffic exits the the tor network that HTTP traffic will be unencrypted. Furthermore, tor will allow people in Iran to evade the filters that block HTTPS, thus enabling them to have end to end encryption

No central administration

With the Squid proxies, someone has to pass on the IP addresses and port numbers to the good guys without them being seen by the bad guys. Once the bad guys know the address they can add that proxy to a list of addresses to block and the proxy thus becomes useless. I stupidly listed my proxy's IP address publicly and it became useless before it given got distributed to the right people.

Tor's peer-to-peer and automatic discovery processes makes this problem irrelevant. While it may be cool to think of your IP address being passed on clandestinely among protestors in Iran, it is hardly the most secure and effective way to do things. People in Iran will need to run a Tor client, but once they've set that up, they won't need to be fiddling with ever changing lists of IP addresses in browser proxy configurations.

Blocking proxies

The government of Iran is almost certainly blocking access to my proxy server. I have no way to test for certain without having access to a machine in Iran, but I have every reason to suspect that my HTTP proxy server is blocked and therefore useless. My tor relay can still provide help no matter what the authorities in Iran block.

Static server vs dynamic home machines

Squid was designed to run on a server (often one dedicated to running squid) on its own permanent IP address on a machine that never gets turned off. Although home machines with dynamic IP address can still be useful as HTTP proxies, it is not an ideal situation. Tor, however, was designed for the purpose. And while the more stable the machine is the better, with tor downtime or a change of IP address isn't a big problem.

In Sum

There is no reason not to run a squid proxy if you can. But running a tor relay will probably be of greater help in providing anonymous web browsing to those who need it. The only concern with running a typical tor relay is that people doing malicious things on the network may use your network connection to do that. However, most of that nasty stuff is done through various botnets, and chances are that if you inform your ISP that you are running a tor relay they will at least know what is going on if they see network abuse from your machine.

Squid proxies for Iran part 2

This is a followup to my previous posting. And it is worth repeating something that I've said there:

in a few places my advice goes against those of Austin Heap and by http://twitter.com/ProtesterHelp. Keep in mind that those individuals are much more connected to people in Iran and most certainly have a better sense of what they need than I do ... In terms of helping people in Iran you should certainly consider Austin Heap and Helpful American more trustworthy than I am. I am perfectly trustworthy, but you have no way to know that. They have established reputations at the center of efforts to help Iranians evade censorship. I merely disagree with some of the security and technical advice they offer.

New proxy submission and testing methods

The big news is that Austin Heap has set up a form for submitting proxy information and a mechanism for testing your proxies. In order to use either of these (and thus have your proxy submitted and distributed to those who need it) you need to allow access to your proxies from the hosts that are used for testing. So you need to add an ACL (Access Control List) for the proxy testing sources in the section of you squid configuration where ACLs are defined.

# The proxyheap validation servers 
acl proxyheap src 208.116.53.210 
acl proxyheap src 208.116.53.211
And later, where you access policy is defined you need the line
# Allow the proxyheap validation servers
http_access allow proxyheap

Austin Heap posts a complete squid configuration for Iran proxies.

Blocking the Government

Austin Heap and others have recommended that people running these proxies block access from bits of network operated by the government of the Islamic Republic of Iran. This is a point on which I disagree, but please see my caveat above for how you take disagreements.

  • To my (very limited) knowledge there have been no attacks (other than blocking) on any of these proxy servers
  • I suspect (again with no real information) that there are plenty of good people who's internet access is from government nets. This may be particularly true of networks operated by the ministry of education.

Therefore, I think that little good, and some real harm, might come from blocking access until we have evidence of targeted attacks from those networks on our proxies. Furthermore, the most obvious attack that comes to my mind would not be prevented by blocking access to the government networks within Squid. The only way to prevent attacks of that nature would be at your firewall.

Anonymizing logging

Here is another point of disagreement. Austin Heap recommend turning off logging of your squid cache. The (very good) reasons for this is that if your host is compromised by the bad guys, you don't want the logs with the various IP addresses of those using your proxy to fall into the wrong hands. I fully concur with the goals. But it is also important to know that your proxy is working. Disabling logs makes that impossible to tell.

I recommend changing the log format to not include the source IP address or the details of the HTTP request.

logformat squidanon %ts.%03tu %6tr X.X.X.X  %Ss/%03Hs %<st %rm XXX %un %Sh/%<A %mt
And then specifying your access log to use that format.
access_log /usr/local/squid/logs/access.log squidanon
Note that you should set the patch to the log for what is normal on your system.

It is possible to have different logging for different ACLs. That is, you can have anonymized logging for connections from iran-net, while having regular logging for all other connections. That would be useful identifying attacks or attempted abuse of your proxy. But I haven't tested those yet, and I am meeting a friend for coffee in a few minutes. So this is all for now.

Saturday, June 20, 2009

Squid configuration notes for Iran proxies

According to a twitter post by Austin Heap there are now more than 2000 HTTP proxies set up outside of Iran to help people in Iran evade various forms of censorship. In various blog posts, he's provided instructions for setting up a proxy. That page also includes links to installation instructions for various operating systems.

In this post, I'll comment and elaborate on some of the Squid proxy configuration details. Keep in mind that that using an HTTP proxy is only one of the ways to help keep people in Iran anonymously connected. Two other tools of note are Tor and FreeGate. I hope to write about Tor in a later post; I do not know enough about Freegate to really comment on it.

Once you have your proxy up and running send email or a twitter Direct Message to Austin Heap or Helpful American with the IP address and ports your system is listening on. Do not post the details of your proxy publicly. For those new to Twitter, as I am, an "reply" is listed publicly, a Direct Message is not, so only use the latter to tell them the IP addresses and ports of your proxy. Posting it publicly will just get it blocked. I committed that blunder with my own, and so now my proxy is useless.

What is say here is supplementary material. These aren't complete instructions. You must first look at the stuff I've liked to above.

A Caveat and Caution

For the most part, I elaborate on some aspects of squid configuration, but in a few places my advice goes against those of Austin Heap and by @ProsterHelp (AKA Helpful American). Keep in mind that those individuals are much more connected to people in Iran and most certainly have a better sense of what they need than I do. What I offer is technical experience with squid. Although I haven't used it recently, I've used it and its predecessor (harvest) extensively in the 1990s. In the few places where I disagree with those who've been coordinating things, I will try to explain my reasons.

In terms of helping people in Iran you should certainly consider Austin Heap and Helpful American more trustworthy than I am. I am perfectly trustworthy, but you have no way to know that. They have established reputations at the center of efforts to help Iranians evade censorship. I merely disagree with some of the security and technical advice they offer.

Proxy background

HTTP proxy systems like Squid were designed to for other purposes than to enable anonymous web browsing. ironically enough, these tools are often used as part of web filtering systems for households and businesses. However, web proxies can easily be configured for this purpose. Squid is big, and does lots of things, and so you will see that it has a very large configuration file with many complicated options and settings. Fortunately, you only need to set a few of them to make squid work as an anonymizing proxy.

Squid originated as a Unix program, intended to run on servers. I did not know until a few days ago that there was a Windows version. As a typical Unix service, its configuration file is a text file which needs to be edited with a plain text editor.

Alternative ports

Under its default configuration, Squid listens for requests from the network on port 3128. For days now, the Iranian government has been blocking outbound traffic to that port, so you will need to configure squid to listen on alternative ports. This is done with the http_port configuration item. You list this item multiple times, one for each port you want your system to listen on. Here is an excerpt from my configuration, which sets my system to listen on parts 70, 2831, and 3128:

# Iran is blocking 3128.  Use gopher port instead (70)
http_port 3128
http_port 2831
http_port 70

You can use as many ports as you like, and don't just pick the ones that I've done. We want to mix things up so that it will be harder for the Iranian government to block. Also you don't want to conflict with the ports that other services on your system are listening on. For example, if you are already running a web server on port 80, don't use that for squid. To find out what ports things on your Unix-like machine are already listening on run the command

$ netstat -na -f inet | grep LISTEN
And look at the last number in the 4th column. For those of you on BSD Unix, you will probably find that the sockstat command provides nicer output; look at its manual page for details. If someone knows a useful incantation for Windows systems, please let me know. The Unix instructions apply to OS X.

If you wish to use a privileged port (one less than 1024) then squid will need to start as root. From what I've seen, that is the default situation on most Unix installations. But if you are using FreeBSD and squid version 3, you will need to set

squid_user=root
in /etc/rc.conf.

Keeping connected

If you run an HTTP proxy it is important to keep your machine running all the time. Also if you have a dynamic IP address, it is particularly useful to keep your machine running as your IP address may change the next time you connect to your ISP. Note that with running a Tor service, this isn't an issue.

More to come ...

I will write a second part of this latter, which will include notes about blocking IRI government sites and logging. It's there where I disagree with what's been advised, but I found that so far this took more more time to write than I'd anticipated.

Monday, June 1, 2009

Lucky dog!

After learning about my car accident, a friend and very kind and thoughtful person sent me a very solicitous email which included this:
I am thanking God for your safety, because that is the only way you and Tímea came out of that accident unscathed.
Another friend sent me a story of someone who was unbelievably lucky to survive a dramatic wreck. I, too, have the feeling that Tímea and I were extremely lucky to come out unscathed. But simple fact of the matter is that we were extremely unlucky to have been in the accident at all. This way of thinking is best illustrated through a probably apocryphal story of a neighborhood dog:
Some friends down the street have a dog named Lucky. The dog got the name, so the story goes, because he was hit by a car three times and survived each time. It seems to be an almost automatic reaction to consider how lucky the dog was. But a little reflection suggests that this is one of the most unlucky dogs around to manage to get hit three times.

The kind of thinking illustrated here is common, compelling, and irrational. It doesn't seem to come from religious teachings, since this this kind of thinking seems prevalent among the non-religious as well. I, along with some of my fellow atheists, have probably been too hard on some religious people by failing to recognize the near universality of this way of thinking.

It's easy to ridicule the tsunami survivor who attributes their (good?) fortune to the grace of God yet does not at the same time hold God responsible for the death and suffering of those less fortunate. The sportsmen who credit Jesus for their victory don't really believe that the Lord abandoned their competitors. Certainly the logic in their declarations are twisted, but it doesn't originate from being religious; it comes from being human.

But as long as the rest of us feel that dog Lucky is lucky, we should be looking at this as a human irrationality. Although I intellectually know that I was unlucky to have that accident and that Lucky is an unfortunate animal, the feeling that I and Lucky are lucky to be alive is very hard to shake. As with many optical illusions, knowledge that something is an illusion doesn't make the experience go away.

With optical illusions, it is fairly well understood why most of them occur. Cognitive scientists have a pretty good accounts of what sorts of heuristics our visual perception system uses and how those can be fooled. Here we have an illusion of fortune, and this suggests that there are some heuristics used in our perception of chance. Indeed, there is an entire stream of extremely well conducted research in cognitive psychology on this. But I do not know if the phenomenon that I've described here has been addressed.

Exceptional driver

According to one survey 88% of respondents consider themselves to be above average drivers. I am an exception. This makes me an exceptional driver, right? As an exception it may mean that I don't suffer the same levels of self-deception as many people, or it may mean that my driving is so atrocious that no amount of delusion can mask it. However, I had thought that what I lack in skill I make up for with good judgement. This had kept me accident free for my entire life until Saturday, May 23, when a lapse of judgement combined with poor skills left my car totaled and someone's minivan badly damaged in the middle of north bound US75 between Park and Parker. (No injuries).

Tímea's piano teacher usually comes to the house, but he recently had a hip replacement (he's recovering nicely), so I was taking Timea to his house in McKinney on Saturday. We entered US 75 at the George H. Bush Turnpike, and I decided that I wanted to take the HOV lane. I was able to make it to the number 2 lane, but there was a large truck in the fast lane between myself and the HOV lane. I waited for the truck to pass before going over, but once the truck did so, I saw that I had only moments to get in the HOV lane before the entrance closed off. In an act of very poor judgement, I decided to go for it anyway. I missed.

I hit the first of the plastic posts separating the HOV lane from the rest of the traffic. I over-corrected for that and scrapped the concrete median divider. From there I over-corrected again and went into the plastic posts, over correcting again I hit the concrete barrier again after which I completely lost control of the car and went spinning into the main traffic where I went right into the driver's side of the minivan. It was at this point that Tímea, who'd been engrossed in her DS in the back seat, noticed that something was amiss. [Update: I have since been informed that she noticed there was a problem when I began swearing. Although I have no recollection of saying anything, I have no doubt that her report is accurate.]

After the impact I smelled and saw smoke from the dashboard. Only later did I realize that this was from the explosive charge used to deploy the airbag, instead I thought something was on fire. So I quickly got Timea and me out of the car and across two lanes of traffic to safety. The driver of the minivan had pulled off the road, and although the driver side door was smashed she said she was unhurt and asked about me and Tímea. She was also already calling the police.

A police car arrived almost immediately, and then the full emergency squad who gave Tímea and I the once over (Pulse, blood pressure). Everyone looking at the remains of our car was a bit surprised that we needed no medical treatment. The paramedics insisted on checking us out anyway. Mostly talking to us and taking our pulse and blood pressure. I must say that they have some pretty cool gear inside those vehicles. I was a bit shaky, and my glasses had been seriously bent out of shape by the airbag, but that was about it.

I am also pleased that I managed to hold my tongue when asked for what seemed like the tenth time to describe the accident. When asked whether I was wearing a seatbelt, I refrained from responding, "we'll I'm here talking to you aren't I?" Apparently for the official accident report there is a standard list of questions that the police ask. This included, "where you wearing a helmet?" When I asked the police officer to repeat the question, he did so and told me that they use the same set of questions for motorcycle accidents.

I had also been asked early on where I wanted the remains of the car towed. I had no idea, but said that there was a Subaru place on Plano Parkway. Later the same police officer told me that the Subaru dealership doesn't do body work and so wouldn't accept the vehicle, so I had to select some other destination. Having never needed body work before, I had no idea of what to do. I said to the officer, "you probably aren't allowed to recommend a place." This was indeed the case, but he very helpfully told me that the other vehicle was being towed to Caliber Collision Center right across the highway, and he pointed to a big sign in plain view.

Without going into the tedious part of the story, I would just like to say that I am extremely happy with the safety features on a 2005 Subaru Legacy, the performance of the Plano Police and Emergency Fire and Rescue Services, Caliber Collision Center, and particularly with GEICO Insurance. I would also like to thank the anonymous women whose vehicle I crashed into for her courtesy, concern and cool headedness.

The only people I'm miffed with (other than myself) would be the designers of this particular HOV lane. My complaint doesn't take away form my responsibility for my judgement error, but one is left with the feeling that this HOV lane is designed to fail. This is Texas and one of our leading industries would be hurt by real gasoline conservation. The other folks I'm annoyed at is Wells Fargo, my bank, for putting a long hold on the check from the insurance company.

Now from Tímea's point of view the excitement of the day was twelve hours after the accident when Molly (our larger dog) brought a possum into the house to play with. We at first thought it was dead, but true to its nature it was just playing, well, possum. After a confused scene (with me wearing oven mitts) of capturing it, it too seemed uninjured from the days events. I released it down by the creek.