We’re extending your filesystems usefulness with extended attributes! We learn what they are & how they might be useful. Plus, we take a look behind the scenes of a major spambot operation & check in with Bruce Schneier on the state of internet privacy.

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

Show Notes:

Extended File Attributes – What?

  • Extended File Attributes Rock! – article from 2011

  • Extended file attributes are file system features that enable users to associate computer files with metadata not interpreted by the filesystem, whereas regular attributes have a purpose strictly defined by the filesystem (such as permissions or records of creation and modification times). from Wikipedia

  • Different namespaces (or attribute spaces if you will), often system and user. You can use the user namespace as non-root.

  • Use them for your own purposes, e.g.backup tags, reminders

  • If you rely upon them, make sure your archive & restore tools suppor them. – test test test

  • Most Linux and BSD modern file systems have had this capability for years. So does Mac OS X. Apart from minor interface differences, the feature works identically on all three systems.

  • We mention this mostly to prompt ideas, perhaps you’ve been trying to solve a problem and suddenly this information will show you the solution you’ve been waiting for.

On internet privacy, be very afraid

  • In the internet era, consumers seem increasingly resigned to giving up fundamental aspects of their privacy for convenience in using their phones and computers, and have grudgingly accepted that being monitored by corporations and even governments is just a fact of modern life.

  • In fact, internet users in the United States have fewer privacy protections than those in other countries. In April, Congress voted to allow internet service providers to collect and sell their customers’ browsing data. By contrast, the European Union hit Google this summer with a $2.7 billion antitrust fine.

  • Right now, the answer is basically anything goes. It wasn’t always this way. In the 1970s, Congress passed a law to make a particular form of subliminal advertising illegal because it was believed to be morally wrong. That advertising technique is child’s play compared to the kind of personalized manipulation that companies do today.

  • …. The result is that there are more controls over government surveillance in the U.S. than in Europe. On the other hand, Europe constrains its corporations to a much greater degree than the U.S. does.

Inside the Massive 711 Million Record Onliner Spambot Dump

  • The mechanics of this spambot

  • The one I’m writing about today is 711m records which makes it the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe. This blog posts explains everything I know about it.

  • I’ll take a stab at it and say that there’s not many legitimate drivers using the New South Wales toll road system with Russian email addresses!

  • A random selection of a dozen different email addresses checked against HIBP showed that every single one of them was in the LinkedIn data breach.

  • Yet another file contains over 3k records with email, password, SMTP server and port (both 25 and 587 are common SMTP ports):

  • This immediately illustrates the value of the data: thousands of valid SMTP accounts give the spammer a nice range of mail servers to send their messages from. There are many files like this too; another one contained 142k email addresses, passwords, SMTP servers and ports.

Feedback

Round Up:

Zsh Configuration From the Ground Up

Question? Comments? Contact us here!