Re: Prism continued
...yes indeed given smella-vision ;-) ./Randy --- On Sat, 6/15/13, Mark Gauvin wrote: > From: Mark Gauvin > Subject: Re: Prism continued > To: "Matthew Petach" > Cc: "nanog@nanog.org" > Date: Saturday, June 15, 2013, 2:28 PM > Only victim in all of this is the > poor NSA contractor who had to sift thru my browser history > > Sent from my iPhone > > On 2013-06-15, at 4:24 PM, "Matthew Petach" > wrote: > > > On Thu, Jun 13, 2013 at 7:20 AM, Jon Lewis > wrote: > > > >> On Wed, 12 Jun 2013 goe...@anime.net > wrote: > >> > >> cellphones with cameras are probably better for the > purposes of covert > >>> mass surveillance, especially ones with front > facing cameras. far more of > >>> them out there, and wireless to boot. > >>> > >>> suprised everyone gets their panties in a bunch > over presumed games > >>> console monitoring, what about all your iphones > already out there? > >> > >> My iPhone lives in a holster that covers both > cameras when not in use or > >> charging. Do you throw a sheet over your > gaming console when you're not > >> using it? > > > > You'd be amazed at how many hours of footage > > the government has of the inside of my pants > > pockets... > > > > :D > > > > Matt > >
Re: Prism continued
Only victim in all of this is the poor NSA contractor who had to sift thru my browser history Sent from my iPhone On 2013-06-15, at 4:24 PM, "Matthew Petach" wrote: > On Thu, Jun 13, 2013 at 7:20 AM, Jon Lewis wrote: > >> On Wed, 12 Jun 2013 goe...@anime.net wrote: >> >> cellphones with cameras are probably better for the purposes of covert >>> mass surveillance, especially ones with front facing cameras. far more of >>> them out there, and wireless to boot. >>> >>> suprised everyone gets their panties in a bunch over presumed games >>> console monitoring, what about all your iphones already out there? >> >> My iPhone lives in a holster that covers both cameras when not in use or >> charging. Do you throw a sheet over your gaming console when you're not >> using it? > > You'd be amazed at how many hours of footage > the government has of the inside of my pants > pockets... > > :D > > Matt
Re: Prism continued
On Thu, Jun 13, 2013 at 7:20 AM, Jon Lewis wrote: > On Wed, 12 Jun 2013 goe...@anime.net wrote: > > cellphones with cameras are probably better for the purposes of covert >> mass surveillance, especially ones with front facing cameras. far more of >> them out there, and wireless to boot. >> >> suprised everyone gets their panties in a bunch over presumed games >> console monitoring, what about all your iphones already out there? >> > > My iPhone lives in a holster that covers both cameras when not in use or > charging. Do you throw a sheet over your gaming console when you're not > using it? > You'd be amazed at how many hours of footage the government has of the inside of my pants pockets... :D Matt
Re: Prism continued
Subject: Re: Prism continued Date: Wed, Jun 12, 2013 at 05:13:45PM -0700 Quoting Scott Weeks (sur...@mauigateway.com): > or "cat /var/log/router.log | egrep -v 'term1|term2|term3' | less" Surely you mean egrep -v 'term1|term2|term3' /var/log/router.log | less (http://partmaps.org/era/unix/award.html) -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 While you're chewing, think of STEVEN SPIELBERG'S bank account ... his will have the same effect as two "STARCH BLOCKERS"! signature.asc Description: Digital signature
Re: Prism continued
On Jun 13, 2013, at 3:52, Rich Kulawiec wrote: > On Wed, Jun 12, 2013 at 09:30:53PM -0400, valdis.kletni...@vt.edu wrote: >> Ask the ex-CEO of Qwest what happens if you try to turn down an >> offer the NSA makes you. :) > > Ah, yes. This: > >https://mailman.stanford.edu/pipermail/liberationtech/2013-June/008815.html And Bernie Ebbers was framed, too? The linked email above erroneously describes Nacchio's defense as DOJ's theory, which is even more ridiculous (defense to insider trading charge is trading on insider information-- ok...). As nice as it would have to have a martyr, Nacchio isn't it.
Re: Prism continued
On Wed, 12 Jun 2013 goe...@anime.net wrote: cellphones with cameras are probably better for the purposes of covert mass surveillance, especially ones with front facing cameras. far more of them out there, and wireless to boot. suprised everyone gets their panties in a bunch over presumed games console monitoring, what about all your iphones already out there? My iPhone lives in a holster that covers both cameras when not in use or charging. Do you throw a sheet over your gaming console when you're not using it? Would hacking (or abusing) Xbox One and using Kinect for remote surveillance create "house RATs"? :) -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Prism continued
On Wed, Jun 12, 2013 at 09:30:53PM -0400, valdis.kletni...@vt.edu wrote: > Ask the ex-CEO of Qwest what happens if you try to turn down an > offer the NSA makes you. :) Ah, yes. This: https://mailman.stanford.edu/pipermail/liberationtech/2013-June/008815.html ---rsk
Re: Prism continued
On Thu, Jun 13, 2013 at 11:35 AM, Jonathan Lassoff wrote: > > In the PRISM context, I highly doubt their using Splunk for any kind > of analysis beyond systems and network management. It's not good at > indexing non-texty-things. > What if you need to search for events that were geographically > proximate to one another? That takes a special kind of index. I was under the impression stuff like Palantir was used a bit, in this context (but I don't even have nth-hand evidence for that.) -- Noon Silk
Re: Prism continued
cellphones with cameras are probably better for the purposes of covert mass surveillance, especially ones with front facing cameras. far more of them out there, and wireless to boot. suprised everyone gets their panties in a bunch over presumed games console monitoring, what about all your iphones already out there? -Dan On Wed, 12 Jun 2013, John Lightfoot wrote: Let's see: Requires "always-on" internet connection Only available with Kinect Includes infrared sensor Manufactured by Microsoft, the first company to sign up for Prism When can I get my Xbox One?? http://www.nbcnews.com/technology/new-kinect-can-track-you-so-well-you-may- not-6C10287970 On 6/9/13 12:26 PM, "Warren Bailey" wrote: I suppose this system was part of the 20MM as well? http://gizmodo.com/meet-boundless-informant-the-nsa-tool-that-watches-the- 512107983 Sent from my Mobile Device.
Re: Prism continued
On Wed, Jun 12, 2013 at 06:35:35PM -0700, Jonathan Lassoff wrote: > In the PRISM context, I highly doubt their using Splunk for any kind > of analysis beyond systems and network management. It's not good at > indexing non-texty-things. > What if you need to search for events that were geographically > proximate to one another? That takes a special kind of index. PostgreSQL has PostGIS, but I doubt it's high-performance.
Re: Prism continued
Also checkout kibana.org for a rather splunk like experience. Chip Marshall wrote: >On 2013-06-12, Phil Fagan sent: >> Speaking of Splunk; is that really the tool of choice? > >I've been hearing a lot of good things about logstash these days >too, if you prefer the open source route. > >http://logstash.net/ > >-- >Chip Marshall >http://2bithacker.net/ -- Charles Wyble char...@knownelement.com / 818 280 7059 CTO Free Network Foundation (www.thefnf.org)
Re: Prism continued
Decent frontend... hmm... grep --color Monies please! Phil Fagan wrote: >And a basic front-end and your in business!! >On Jun 12, 2013 6:15 PM, "Scott Weeks" wrote: > >> >> >> --- eyeronic.des...@gmail.com wrote: >> From: Mike Hale >> >> >> Splunk >> >> It would make sense. It's a friggin' sick syslog analyzer. >Expensive >> as hell, but awesome. >> -- >> >> >> So is "tail -f /var/log/router.log | egrep -v 'term1|term2|term3'" >> or "cat /var/log/router.log | egrep -v 'term1|term2|term3' | less" >> >> >> ;-) >> scott >> >> -- Charles Wyble char...@knownelement.com / 818 280 7059 CTO Free Network Foundation (www.thefnf.org)
Re: Prism continued
Logstash and Splunk are both wonderful, in my experience. What sets them apart from just a plain grep(1) is that they build an index that points keywords to to logging events (lines). What if you're looking for events related to a specific interface or LSP? Not a problem with a modest log volume, as grep can tear through text nearly as quickly as your disk can pass it up. However, once you have a ton of historical logs, or just a large volume, grep becomes way to slow as you have to retrieve tons of unrelated log messages to check if they're what you're looking for. Having an index gives you a way to search for that interface or LSP name, and get a listing of all the locations that contain log events matching what you're looking for. In the PRISM context, I highly doubt their using Splunk for any kind of analysis beyond systems and network management. It's not good at indexing non-texty-things. What if you need to search for events that were geographically proximate to one another? That takes a special kind of index. On Wed, Jun 12, 2013 at 6:13 PM, Chip Marshall wrote: > On 2013-06-12, Phil Fagan sent: >> Speaking of Splunk; is that really the tool of choice? > > I've been hearing a lot of good things about logstash these days > too, if you prefer the open source route. > > http://logstash.net/ > > -- > Chip Marshall > http://2bithacker.net/
Re: Prism continued
On Wed, Jun 12, 2013 at 6:30 PM, wrote: > > Ask the ex-CEO of Qwest what happens if you try to turn down an > offer the NSA makes you. :) +1 - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
Re: Prism continued
On Thu, 13 Jun 2013 00:46:27 +0100, Bacon Zombie said: > There is no way they could of paid for all the Splunk licencing costs > which the budget quoted before That's assuming they paid full list price. Ask the ex-CEO of Qwest what happens if you try to turn down an offer the NSA makes you. :) pgpKM_XbfDq76.pgp Description: PGP signature
Re: Prism continued
On 2013-06-12, Phil Fagan sent: > Speaking of Splunk; is that really the tool of choice? I've been hearing a lot of good things about logstash these days too, if you prefer the open source route. http://logstash.net/ -- Chip Marshall http://2bithacker.net/ pgpSopEO5YDs6.pgp Description: PGP signature
Re: Prism continued
On Jun 12, 2013, at 9:01 PM, "Scott Weeks" wrote: > --- do...@dougbarton.us wrote: > From: Doug Barton > > On 06/12/2013 05:13 PM, Scott Weeks wrote: >> "cat /var/log/router.log | egrep -v 'term1|term2|term3' | less" > > Prototypical "useless use of cat" :) > - > > > What would you use and what's wrong with concatenation > of a file with nothing? 1+0=1 ;) --- Wow, a person gets corrected quickly here! ;-) And the answer is... "egrep -v 'term1|term2|term3' /var/log/router.log | less" All I can say is DOH! :-) scott
Re: Prism continued
--- do...@dougbarton.us wrote: From: Doug Barton On 06/12/2013 05:13 PM, Scott Weeks wrote: > "cat /var/log/router.log | egrep -v 'term1|term2|term3' | less" Prototypical "useless use of cat" :) - What would you use and what's wrong with concatenation of a file with nothing? 1+0=1 ;) scott
Re: Prism continued
On 06/12/2013 05:13 PM, Scott Weeks wrote: "cat /var/log/router.log | egrep -v 'term1|term2|term3' | less" Prototypical "useless use of cat" :)
Re: Prism continued
And a basic front-end and your in business!! On Jun 12, 2013 6:15 PM, "Scott Weeks" wrote: > > > --- eyeronic.des...@gmail.com wrote: > From: Mike Hale > > >> Splunk > > It would make sense. It's a friggin' sick syslog analyzer. Expensive > as hell, but awesome. > -- > > > So is "tail -f /var/log/router.log | egrep -v 'term1|term2|term3'" > or "cat /var/log/router.log | egrep -v 'term1|term2|term3' | less" > > > ;-) > scott > >
Re: Prism continued
--- eyeronic.des...@gmail.com wrote: From: Mike Hale >> Splunk It would make sense. It's a friggin' sick syslog analyzer. Expensive as hell, but awesome. -- So is "tail -f /var/log/router.log | egrep -v 'term1|term2|term3'" or "cat /var/log/router.log | egrep -v 'term1|term2|term3' | less" ;-) scott
Re: Prism continued
On 6/12/2013 7:59 PM, Mike Hale wrote: > It would make sense. It's a friggin' sick syslog analyzer. Expensive > as hell, but awesome. Compare it to most any other SIEM (ArcSight?) and it's a bargain. But still, yeah. Jeff
Re: Prism continued
It would make sense. It's a friggin' sick syslog analyzer. Expensive as hell, but awesome. On Wed, Jun 12, 2013 at 4:55 PM, Phil Fagan wrote: > Speaking of Splunk; is that really the tool of choice? > > > On Wed, Jun 12, 2013 at 5:46 PM, Bacon Zombie wrote: > >> There is no way they could of paid for all the Splunk licencing costs >> which the budget quoted before >> >> On 9 June 2013 18:42, Daniel Rohan wrote: >> > Anyone else notice that the Boundless Informant GUI looks suspiciously >> like >> > the Splunk GUI? >> > >> > And according to the article, it sounds like it does exactly what Splunk >> is >> > capable of, albeit on a grander scale than I thought possible. >> > >> > dgr >> > On Jun 9, 2013 9:29 AM, "Warren Bailey" < >> > wbai...@satelliteintelligencegroup.com> wrote: >> > >> >> I suppose this system was part of the 20MM as well? >> >> >> >> >> >> >> http://gizmodo.com/meet-boundless-informant-the-nsa-tool-that-watches-the-512107983 >> >> >> >> >> >> >> >> Sent from my Mobile Device. >> >> >> >> >> >> -- >> >> >> BaconZombie >> >> LOAD "*",8,1 >> >> > > > -- > Phil Fagan > Denver, CO > 970-480-7618 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Prism continued
Speaking of Splunk; is that really the tool of choice? On Wed, Jun 12, 2013 at 5:46 PM, Bacon Zombie wrote: > There is no way they could of paid for all the Splunk licencing costs > which the budget quoted before > > On 9 June 2013 18:42, Daniel Rohan wrote: > > Anyone else notice that the Boundless Informant GUI looks suspiciously > like > > the Splunk GUI? > > > > And according to the article, it sounds like it does exactly what Splunk > is > > capable of, albeit on a grander scale than I thought possible. > > > > dgr > > On Jun 9, 2013 9:29 AM, "Warren Bailey" < > > wbai...@satelliteintelligencegroup.com> wrote: > > > >> I suppose this system was part of the 20MM as well? > >> > >> > >> > http://gizmodo.com/meet-boundless-informant-the-nsa-tool-that-watches-the-512107983 > >> > >> > >> > >> Sent from my Mobile Device. > >> > > > > -- > > > BaconZombie > > LOAD "*",8,1 > > -- Phil Fagan Denver, CO 970-480-7618
Re: Prism continued
There is no way they could of paid for all the Splunk licencing costs which the budget quoted before On 9 June 2013 18:42, Daniel Rohan wrote: > Anyone else notice that the Boundless Informant GUI looks suspiciously like > the Splunk GUI? > > And according to the article, it sounds like it does exactly what Splunk is > capable of, albeit on a grander scale than I thought possible. > > dgr > On Jun 9, 2013 9:29 AM, "Warren Bailey" < > wbai...@satelliteintelligencegroup.com> wrote: > >> I suppose this system was part of the 20MM as well? >> >> >> http://gizmodo.com/meet-boundless-informant-the-nsa-tool-that-watches-the-512107983 >> >> >> >> Sent from my Mobile Device. >> -- BaconZombie LOAD "*",8,1
Re: Prism continued
Let's see: Requires "always-on" internet connection Only available with Kinect Includes infrared sensor Manufactured by Microsoft, the first company to sign up for Prism When can I get my Xbox One?? http://www.nbcnews.com/technology/new-kinect-can-track-you-so-well-you-may- not-6C10287970 On 6/9/13 12:26 PM, "Warren Bailey" wrote: >I suppose this system was part of the 20MM as well? > >http://gizmodo.com/meet-boundless-informant-the-nsa-tool-that-watches-the- >512107983 > > > >Sent from my Mobile Device.
Re: Prism continued
Anyone else notice that the Boundless Informant GUI looks suspiciously like the Splunk GUI? And according to the article, it sounds like it does exactly what Splunk is capable of, albeit on a grander scale than I thought possible. dgr On Jun 9, 2013 9:29 AM, "Warren Bailey" < wbai...@satelliteintelligencegroup.com> wrote: > I suppose this system was part of the 20MM as well? > > > http://gizmodo.com/meet-boundless-informant-the-nsa-tool-that-watches-the-512107983 > > > > Sent from my Mobile Device. >