OpenNMS, RANCID and Juniper

Just a quick note that I was about to get the RANCID integration working on my OpenNMS instance with our Juniper SRX router.

We used to use a Cisco router but switched to Juniper last year. I hadn’t had time to mess with the integration but a client asked to see it so I decided to see what was involved in making the change.

I changed the password but while it connected, the logs just complained about timing out. I found this helpful post that pointed out that the “root” user in JunOS is dropped into the BSD interface and not the CLI interface.

To fix that, I created a new “rancid” user:

set system login user rancid class super-user authentication plain-text-password

and entered in a new password. Once committed, I edited .cloginrc with the new credentials and then RANCID was able to successfully talk to the SRX.

Review: The Snowden Files

As someone with very strong opinions of the illegal surveillance being performed by the NSA, I was eager to read the account of how they became exposed in The Snowden Files by Luke Harding. I highly recommend it to everyone, especially those people who believe the government exists at the will of the people and not the other way around.

Do note that the book is entitled The Snowden Files and not The Ed Snowden Story. While Edward Snowden does figure prominently, the book is much more about the Orwellian domestic spying machine his revelations describe than the man himself. It has a lot of detail on the NSA as well as organizations such as Britain’s GCHQ, massively funded by the NSA to spy on people both domestically and abroad.

Among my social circles, Snowden is a bit polarizing. There are those who think that he broke an oath when he used his position as a contractor at the NSA to obtain these documents and that the end didn’t justify the means. Other more public figures describe him as “a grandiose narcissist who deserves to be in prison“. However, most of my friends tend to believe, and this book demonstrates, that Snowden is a patriot in the truest sense of the word.

The Snowden portrayed by Harding is a rather humble and shy man. Nothing in this story indicates he is a narcissist. Perhaps his brief association with Wikileaks and Julian Assange (a narcissist of the first order) is where the idea comes from, but I think that NSA apologists feel more comfortable portraying him as a man acting in extreme self interest. If that were the case, he would have sold the information secretly and be living out his life in some warm paradise instead of remaining as a “guest” of the Russian government.

The only inflation of his position I found in this story was in the beginning when he describes himself as a “senior” member of the intelligence community. He was, in fact, a rather junior member, and the mere fact that he was able to acquire all of this extremely secret information just goes to demonstrate that the government can’t be trusted with it. I’m pretty much willing to forgive him for that, since had he prefaced his initial press contact with “yo, I’m a contracted sysadmin for the US government and happen to have a treasure trove of sensitive documents” he wouldn’t have been believed.

Critics will often cry that he should have used formal channels to express his unease. This book shows several examples of people who tried to do just that and found their lives ruined and their careers over. It is hard to trust in the system when people like James R. Clapper, the Director of National Intelligence, lies directly to Congress and not only still has his job but is not in prison.

While the book is written in a very “matter of fact” manner, parts of it read like a spy novel. One of the more surreal chapters deals with the forced destruction of computers at the London offices of The Guardian. Great Britain doesn’t have a written Constitution nor does it guarantee freedom of the press. So to avoid possible incarceration of Guardian staff, Two GCHQ agents named “Ian” and “Chris” arrive to oversee the physical demolition of the computers used to break the story (of course, The Guardian simply moved the operation to their US offices and while there were similar threats nothing at this level occurred).

Personally, I think Snowden’s greatest “crime” was embarrassing the powers that be. President Obama won his first term on a campaign to overturn the Constitutional abuses of his predecessor and Snowden demonstrated that he not only continued those policies but strengthened them. The British government in this affair comes across as not only petty but pretty much lap dogs to the US intelligence service, with US tax money going to fund the GCHQ. Congress is currently full of self-interested sheep who take being lied to in stride as long as they don’t look weak on “terrorism”. Basically, forget popular opinion, just don’t end up on Jon Stewart.

While I try very hard to avoid Godwin’s Law, perhaps I should mint Balog’s Law, a corollary where all discussions of national security abuses end up referencing Al-Qaida.

Often, power is referred to as a “structure”. In my experience it is much more fluid, and right now it is flowing into the hands of a small minority of people. I know from first hand experience that these people are way more concerned with their own wellbeing versus mine, regardless of the rhetoric they spout to the contrary, and the end result will be disastrous.

There are things you can do to make power flow in the other direction. In general these are things like shopping locally (the more self-sustaining a community is the less they can be influenced by central government) but concerning privacy in particular there are a number of steps you can take to make the NSA’s job more difficult.

Use encryption. It is easier than you think. There are a number of tools that can plug right into your e-mail client. I use Enigmail for Thunderbird. OS X Mail.app users should check out GPGMail. There is even GPG4Win for you Outlook users. Once installed and configured it can be pretty seamless to use. The biggest thing you lose is the ability to search your encrypted mail.

Use as much open source software as you can. The Snowden documents reveal that the NSA has been actively trying to both subvert encryption standards (making all of us less safe from foreign prying eyes) as well as to install backdoors into commercial software. This is much more difficult with open source. Even if, say, Canonical put in a backdoor to openssh-server into Ubuntu, someone would notice that the package they compiled had a different hash than the binary on the server, and an investigation would ensue. Even if you can’t make the jump to an open source desktop operating system, a lot of open source applications (think Firefox and Thunderbird) are available on proprietary platforms such as Windows and OS X.

Also, limit what you share. Remember that if you aren’t paying for the product, you are the product, so think twice about your Facebook habits. You can also learn about tools such as Tor that allow your Internet traffic to be somewhat anonymous. I also “sandbox” all of my Google activity within the Chrome browser but do most of my work in Firefox using Firefox Sync to coordinate with all of my devices.

To bring this somewhat “more rambling than usual” post to an end, I just want to point out that totalitarian societies do not happen overnight. Instead, there is a gradual erosion of personal freedoms until one day there is nothing left. Some people I’ve talked to about Snowden reply with “of course the government is spying on me”, in much they same way that getting groped at the airport is now “normal”.

It doesn’t have to be that way, and sometimes it takes brave people to point that out.

Review: Dell "Sputnik 3" Ubuntu Edition

I’m in the market for a new laptop, or at least I was. My first generation Dell XPS 13 is getting a little long in the tooth and I really could use a little more screen real estate. I decided to order the latest third generation XPS 13 after trying out the second generation Lenovo X1 Carbon. After all, it has a nicer screen, Haswell, and since it still ships with Ubuntu 12.04 the hardware ought to be supported, at least with Linux Mint, my current desktop distro of choice.

When talking about laptops, it is hard to not make comparisons to Apple. While I think Macbooks are overpriced and too proprietary, they are nice machines and for the most part “just work”. I just wish I could buy something as good that runs Linux well.

The Sputnik 3 could have been that laptop but I had to send it back due to pretty severe LCD backlight “bleeding”, especially along the bottom edge. It was very apparent when I was booting up to install Mint, but my pictures don’t really do it justice. Here you can see a sort of “half moon” bleed on the left side:

and here is a similar area on the right:

Since I knew I couldn’t live with it, I decided to send it back and just stick with my older laptop awhile longer. While we have a small Macbook available to me that would probably run Mint just fine, I just can’t bring myself to use Apple products when they are so determined to use their marketing clout to prevent competition. I can’t go a day without reading about another example, such as the one I just read about Apple pulling a bitcoin app from their store.

I’d rather deal with “old shiny” than to give up my freedom like that.