We’re so used to the restrictions applied to passengers of flights, that we almost think of them as routine, while we should always think about the effectiveness of "security" measures as they are applied. The most lacking resource being often common sense.

In this case, we can already read of the next restrictive measures, on the NHS site:

The Department of Homeland Security immediately put additional screening measures into place [...]

Passengers flying from international locations to U.S. destinations may notice additional security measures in place. These measures are designed to be unpredictable, so passengers should not expect to see the same thing everywhere.

So, we’ll get more restrictions, but not the same everywhere. (WTF #1)

Next, let’s see what the TSA has in mind for us:

Among other things, during the final hour of flight customers must remain seated, will not be allowed to access carry-on baggage, or have personal belongings or other items on their laps[...]

as someone else said, I’m glad that the "terrorist" didn’t try to blow himself up three or more hours before. Now, I will not be allowed to take a book (or put it away) during just the last hour of the flight, but this will surely scare all those terrorists that can act and think only during that last flight hour. (WTF #2)

I still consider myself lucky, though, because:

Effective today, the TSA has informed Northwest that travelers are not allowed to transport any liquids, gels, lotions or similar items in their carry-on luggage. This includes items such as beverages, hairspray, toothpaste and shampoo. These types of items can only be carried in checked luggage.

In the end, I do not agree with those who say that as the attack was not successful, no additional security measures would be needed. I still strongly believe that in this cases early intelligence

Mutallab’s name had surfaced earlier on at least one U.S. intelligence database, but not to the extent that he was placed on a watch list or a no-fly list.

is much more useful than a guy asking me to leave my water bottle at the security check.

In the meanwhile, it leaves me surprised that the bomber left from an airport that the TSA confirmed compliant just a month ago. Again: either the airport security failed, or the security procedures and requirements are just wrong.

(it turns out that Husdawg LLC is a perfectly “legal” ActiveX provider, but Intel does not mention them anywhere — just hoping people will click through?)

Well, I learned (thanks Google) that Snow Leopard does a secure erase of the trash by default. Annoying.
And that I did not realize that until now. Embarassing.

So, this can be solved at least in two ways:

The GUI one
Go into Finder preferences, Advanced, and uncheck “Empty Trash securely”

or

the CLI one
Go into ~/Library/Preferences, convert the Finder preferences to xml (it’s binary by default)
plutil -convert xml1 com.apple.finder.plist
and change the stanza

<key>EmptyTrashSecurely</key>
<true/>
to
<key>EmptyTrashSecurely</key>
<false/>

weird.
The very same www.flickr.vip.mud.yahoo.com handles api.flickr.com (which is, unsurprisingly, down).
Doesn’t look smart from here.

I grew tired of asking myself what OSX was deleting (the operation can take a while, especially when — as I often do — you’re doing a secure erase) so this ugly one-liner, run as root, will give you the file the OS is working on:


ps auxw | grep -i locum | grep -v grep | awk '{print $2}' | xargs lsof -p | grep -i Trash | awk '{print $9}'


It will output something like this:
/Volumes/FAT80GB/.Trashes/502/xcode3210a432.dmg

You can wrap that command inside the usual while/sleep loop if you want something that keeps you updated on what is going on — or make it an alias for your favourite shell.

Now, no doubt it is handy and user-friendly and automagical and… but I feel it disturbing: if by chance I hand over the laptop to somebody for a quick glance at a web page, for example, she can use it to connect anywhere without my consent — ok, I’m oversimplifying, but you get the idea.

The mistery lies into our old friend ssh-agent: it is spawn using
/System/Library/LaunchAgents/org.openbsd.ssh-agent.plist
[on a single line for yout copying pleasure] as a configuration file and it will cache your passphrase the first time you use ssh.
Up to here it’s fine.

What is troublesome to me is that the default cache time is unlimited (see the man page, this is the default behaviour when it is launched without specifying a “-t” option) therefore it will never forget the passphrase until I logout — being the only user of my laptop, this does not happen often.

Enter the joy of xml configuration files: edit the org.openbsd.ssh-agent.plist, and add the option to your liking, that is change this

<array>
<string>/usr/bin/ssh-agent</string>
<string>-l</string>
</array>

to something like this

<array>
<string>/usr/bin/ssh-agent</string>
<string>-l</string>
<string>-t</string>
<string>120</string>
</array>

if a couple of minutes of “grace period” suit your usage.
Then, just kill the process — it will spawn again the next time you use ssh.

[By the way:
Dear Internet, posting code like the XML up here sucks big time.
It took me more time to format the two snippets to render correctly then writing the whole post.
What do you use to ease this pain?
thank you.]

Sorry it has taken a while, this type of configuration is fairly new to me and a little bit more complex than the previous one — including the upgrade of all the software I was using, and an operating system swap.
I hope this setup will be stable for a while: it carries some of the advantages you will always hope you’ll not be using but that will be extremely useful those few times (remote reboots anyone?).

Last but not least, I’d like to thank both the people who have been hosting my old machine (you know who you are) and those hosting the “new” one.

All these people have always been extremely kind and helpful even when they had no other particular reason than friendship.
I have a long list of beers that I owe them and I’m determined to pay down my debt :)

Interviewees:

1. Dan Kaminsky, Director
2. Pete Lindstrom, Director
3. Marcus Ranum, Chief Security Officer

http://www.nodecity.com/empower