November 30

With Operation Aurora in mind, I have been wondering about the potential for compromised privacy of e-mail messages sent from China to places outside China, and of those sent from outside China to places in China. What precautions should be taken by a person with an e-mail account hosted outside China?
(As with all questions which I post at the Wikipedia Reference Desk, I appreciate being told not only answers that are accurate, complete, concise, and clearly expressed, but also [1] supporting references, [2] the research process [how the information was found], [3] research recommendations [how I can find answers to similar questions], [4] leads and partial answers, and [5] other closely related information. )
—Wavelength (talk) 00:30, 30 November 2010 (UTC)[reply]

We need some clarification on your question. By What precautions should be taken by a person with an e-mail account hosted outside China, do you mean "a person who lives in China" or "a person who lives outside China"?

Either way, as our E-mail privacy and Email articles detail, e-mail is sent unencrypted and with no way to guard against tampering with the headers or the message itself. Any e-mail that is sent, anywhere in the world, can be read by any computer along the route path to the destination mail server. (See traceroute for a way to try to discern this.) Since the e-mail is unencrypted, people who own or control these computers can read or modify the message while in transit. By the way, various Western countries are alleged to eavesdrop on e-mail on a large scale, too, by the way, via Project ECHELON and Carnivore (software) and their relatives.

It is possible to prevent e-mail snooping by using encryption on your messages. If you use a large enough encryption key, brute-force techniques used by any eavesdropper will be ineffective. Comet Tuttle (talk) 01:44, 30 November 2010 (UTC)[reply]

I was not aware that the country of residence of the person with the e-mail account was an important criterion for determining what precautions should be taken, but I am interested in all important distinctions. What precautions should be taken (a) by a person living in China with an e-mail account hosted outside China, and (b) by a person living outside China with an e-mail account hosted outside China? Also, what about (c) a person who lives outside China with an e-mail account outside China, but who travels in China and sends and receives e-mail messages by means of a wireless device?

I have read most of the information in the six articles which you linked, but I hope to read them again later in more depth. Thank you for those links.

—Wavelength (talk) 03:41, 30 November 2010 (UTC)[reply]

In light of echelon, carnivore, aurora, etc, one who is concerned about privacy may be interested in Pretty_Good_Privacy, or perhaps Freenet. SemanticMantis (talk) 03:27, 30 November 2010 (UTC)[reply]

Thank you for providing links to those articles. E-mail security is complicated by so many concepts and terms—enough to make a person wish for a world in which everyone can and does trust everyone else all the time.

—Wavelength (talk) 17:54, 30 November 2010 (UTC)[reply]

I would also recommend a read of the electronic envelope concept, and GNU Privacy Guard, a free and open source implementation that provides for "pretty good privacy." Also consider avoiding the use of the EMAIL technology in general: the specific implementation of electronic messaging that is known as "email" has inherent flaws as a result of its legacy architecture and a protocol that pre-dates the modern internet. Consider an alternative technology, such as XMPP (commonly known as Jabber), which by design provide for a security layer, a message-certification authority, and message-relay encryption (Transport Layer Security). To the average user, you really won't know the difference whether your messages to your acquaintances are delivered by XMPP or RFC5322 email - but the newer technology inherently allows for more transport security, message-tampering evidence, and authenticated sources. Nimur (talk) 18:42, 30 November 2010 (UTC)[reply]

The reason I had asked whether the user was inside or outside China is that if the government of China is your concern, then since the assumption is that the Chinese government can read every communication that is sent or received by any person within China, everything sent or received by a person in China must be encrypted in order to discourage snooping.

If the user is in, say, Great Britain, and is sending an e-mail to a person in France, it seems unlikely that the e-mail is going to hop through a Chinese computer on the way to its destination ... but you never know, so encrypting the e-mail with sufficient encryption strength should prevent snooping by the government of China in the unlikely event that the e-mail does hop through China during its journey. The main reason everyone doesn't do this already is because it's a pain, since encryption is unfortunately not part of the e-mail standard. By contrast, encryption is in widespread use in Web browsing when you purchase something (see Transport Layer Security). Not to confuse the issue further, but it is common for e-mail clients to use encryption when they communicate with their e-mail server — and then the e-mail server turns around and sends the e-mail in unencrypted plaintext! Comet Tuttle (talk) 18:44, 30 November 2010 (UTC)[reply]

Thank you, Nimur and Comet Tuttle, for the additional replies with links to additional articles. I have "read" much of the information in the articles, to the extent that I can accurately call it "reading" when I am sometimes reading words more than understanding the immediate context. I hope to read them again later, after I have fortified my knowledge by a study of computer terminology, perhaps by means of Category:Glossaries on computers.

—Wavelength (talk) 22:00, 30 November 2010 (UTC)[reply]

I want to be able to listen to custom music in NHL 11 on my 4gb XBOX 360. I don't have an external hard drive. Is it possible to rip a CD directly to a flash drive for use in the game instead? 67.142.173.25 (talk) 02:45, 30 November 2010 (UTC)[reply]

You'll need to rip the CD's contents to a computer, by using a program like Windows Media Player, then copying the files, from your computer, to the flash drive. I'm not aware of a program or process that can directly copy it to a flash drive, from a CD. Thanks --George2001^hi 13:20, 30 November 2010 (UTC)[reply]

That won't work, because the Xbox 360 won't be able to read the files from your flash drive. When you insert a USB thumbstick into one of the USB ports on a 360, it asks if it can delete everything on the flash drive and prepare it for Xbox 360-only storage. Once you do so, the flash drive is still a FAT32 device, containing one folder entitled "Xbox360" and marked "hidden", and then inside that folder are placed numerous large files in some proprietary Microsoft format, probably encrypted; when you copy an XBLA game (or whatever) to your thumbstick, the game is placed within one of those large files. I just tried using my 360 to rip a CD to the hard disc but then the Xbox would not allow me to copy the music files to the USB thumbstick like you can with 360 games, profiles, save files, etc. The 360 also wouldn't allow me to rip directly to the flash drive when I booted the 360 with no hard disc. One possibility, if you have a PC on your network, is to rip the CD to your PC's hard disc and use the Xbox to stream the music from your PC. (Go to "My Xbox -> Music Library -> Computer".) Comet Tuttle (talk) 18:33, 30 November 2010 (UTC)[reply]

I and the asker were referring to a USB flash drive. --George2001^hi 10:32, 1 December 2010 (UTC)[reply]

So was Comet Tuttle. He is describing using a USB flash drive in lieu of a 360 memory unit. (This is a relatively new feature.) To my knowledge that is the only support for USB flash drives that the 360 has. APL (talk) 15:29, 1 December 2010 (UTC)[reply]

To better explain my answer, the Xbox 360 has the feature to play music directly from a USB flash drive, so you can listen to music whilst it's plugged in, but to my knowledge you can't copy the files over. Sorry for my original confusing answer. --George2001^hi 17:00, 1 December 2010 (UTC)[reply]

Sorry, George2001; your original answer was correct. I just tried inserting my USB thumbstick into the 360 while in the "My Music" screen (rather than on the Memory screen) and the three MP3 files I had placed on the thumbstick showed right up. So, original poster, yes; you need to use a PC to rip your CD to MP3 files, then copy them to the USB flash drive, then plug the USB flash drive into the 360. I've stricken the first sentence of my paragraph above, accordingly. What I had been discussing was, as APL wrote, the feature of the Xbox 360 formatting a USB flash drive so you can use it instead of a memory unit. Comet Tuttle (talk) 19:52, 1 December 2010 (UTC)[reply]

had visited taj mahal with my wife once and i stored the photos in my laptop but unfortunately my brother formatted the computed about twice now. is there a way still i can get those treasured pics back before my wife is out of the hosp? —Preceding unsigned comment added by 203.122.36.6 (talk) 12:57, 30 November 2010 (UTC)[reply]

You'll need to supply some details of the model, original/post-format operating systems and which tools your brother used to get specific help here. If your pictures are really that valuable you'd be best advised to take the PC to your nearest reputable computer store rather than attempt a recovery yourself. Blakk and ekka 13:15, 30 November 2010 (UTC)[reply]

It is also important that you stop using the computer now to increase the chances of finding anything. Further use of the computer increases the chances of overwriting the old files (if they are still there). Trustinchaos (talk) 13:52, 30 November 2010 (UTC)[reply]

It depends on whether the formatting was a quick format or a full format. A quick format really just deletes files and marks the sectors as empty, so something like "PC Inspector Smart Recovery" (or a newer equivalent) might recover some of the JPEG files if they have not been overwritten. Don't install anything or store anything on the hard drive of the laptop, but if you know what you are doing, you could try a recovery yourself from another computer (or run the recovery software from a flash drive). As mentioned above, for valuable pictures, it is safer to take the machine to an expert, but you should be aware that some (or most or all) of the pictures might be unrecoverable, even using the (very expensive) methods and specialist variable track readers of espionage and criminal investigations. If the sectors have been overwritten twice with new operating systems, then it is going to be impossible or prohibitively expensive to recover the pictures (unless money is no object), but if they happen to be stored in sectors that have not been overwritten then there is a good chance that they are still there and can be recovered using simple software. Dbfirs 19:00, 30 November 2010 (UTC)[reply]

Which simple software? Gparted can restore partitions, if the user is extremely technically proficient; but it can not restore file-systems. Recuva might be of some assistance, but it probably won't work after formatting the disk (though it claims to have some chance of success). Data recovery article has some uncited claims. I am not aware of software that makes it easy to restore files after the file-system has been reformatted. The data may "theoretically" still exist - the bits may still be on the disk, provided that they haven't been overwritten yet - but that data is nonfunctional without a correct file system that puts it all together. Modern file-systems are very complicated - data may be fragmented, strobed, or stored in non-contiguous blocks on disk - so without the correct file system in place, it's as impossible as piecing together a shattered cup. All the pieces are still present (except any that have been overwritten or zeroed), but that does not mean they can be easily glued back together. We can hope and speculate that files were contiguous and no parts were overwritten, but in general that is not the case. Nimur (talk) 19:08, 30 November 2010 (UTC)[reply]

That is exactly what PC Inspector Smart Recovery does, we need someone to write the article. You will also need to connect a second drive to get all the copies of the reconstructed image files. And a whole hard drive may take ages. Graeme Bartlett (talk) 09:50, 1 December 2010 (UTC)[reply]

Yes, perhaps I should have said "simple-to-use" software. PC Inspector Smart Recovery is designed for flash memory cards, and I have never tested it on a reformatted hard drive. Obviously it will not work at all after a low-level format where the only option is to dismantle the hard drive and re-mount the platter on a high precision specialist machine where the alignment of the tracking can be varied. I have doubts about whether even the most sophisticated equipment could recover any data at all from a modern hard drive after two low-level formats because the tracks are so close together that there is probably little residual magnetisation between tracks. Recovering data after a low-level format used to be possible on very old floppies and hard platters, especially if the format was on a different machine with slightly different track alignment. Even if it is possible, the cost would be many thousands of any currency. Are the pictures worth a fortune? Dbfirs 14:12, 2 December 2010 (UTC)[reply]

I suspect you're right on that later point (although the term low-level format is generally avoided because no one does real low-level formats at home anymore, zero-fill is generally taken as the better term). It's something I've looked in to before and when I did I saw various commentators noting that while sometimes claims are made about being able to recover data from a zero-fill or otherwise truly overwritten data there doesn't seem to be much evidence of anyone doing it, no recovery companies appear to offer it, no one has came up with court cases where it was done etc. E.g. [1] (2004) our even our Data remanence article. (Of course no one none of us really know what the CIA and other intelligence agencies may be capable of and you never know what may happen in the future so if for some reason it really matters your data is destroyed may want to play it safe.) Notably Peter Gutmann, who's work is sometimes cited as evidence for recovery also considers it unlikely it's possible with more then a single level (and even for that it doesn't seem he thinks it likely) and modern HDs [2]. Nil Einne (talk) 08:38, 4 December 2010 (UTC) [reply]

Thanks for the interesting links. My experience with magnetic tape and floppy drives (on which I used to write hidden data between sectors and tracks, just for fun) led me to believe that it would be fairly easy to read overwritten data on hard drives, so I used to destroy sensitive data on old hard drives with the help of a sledge hammer and angle grinder! I no longer go to these lengths because high precision heads don't need to waste space between tracks. I have no contacts in the CIA, MI6 or MOSSAD, so I don't know whether they have developed any techniques. I think we can agree that, for recovery of holiday snaps, it is not worth considering the possibility. One thing I'm not clear about: do modern hard drives contain the mechanics and circuitry for low-level formatting (writing the tracks and sector headers), or is this done before the disc is fitted to the drive? Most manufacturers have always kept the details of their disc operating systems very secret. Dbfirs 17:47, 4 December 2010 (UTC)[reply]

We should also mention what to do if the pics are unrecoverable, or if you don't want to pay what recovery would cost. You can find many excellent pics on the web by doing a Google image search (or just by following our Taj Mahal link). You can then download those. If you want your friends and family in them, though, that would require some Photoshoping. StuRat (talk) 01:28, 2 December 2010 (UTC)[reply]

This all depends on the level of use the computer has had since the photos were first erased (or the hard drive formatted), and whether the formats were "quick formats" or full low-level formatting. Based on the information given, I am guessing it has been more than a few days and the laptop has been in regular use. In reality, in this case you have a very remote chance of finding the files intact. But it's probably worth trying some of the tools others have mentioned above, but it is not a simple process and likely requires the attention of a data recovery expert. --§Pumpmeup 04:21, 2 December 2010 (UTC)[reply]

Resolved

I'm curious about something. How does Google's Android handle updates to apps? Do you have to go to the App store and manually update them or are updates handled automatically (the way Google Chrome is updated automatically)? A Quest For Knowledge (talk) 16:03, 30 November 2010 (UTC)[reply]

I found someone who has an Android and apparently, there's a setting that lets you do it either way. Thanks. A Quest For Knowledge (talk) 16:38, 30 November 2010 (UTC)[reply]

Something's wrong with IE7 on my computer. Whenever I visit a web site that is signed with a certificate, I always get an error saying that the certificate is invalid - even when the certificate is valid. Not even sure where to begin. PS. I cannot install IE8 or 9 as it's forbidden by our IT dept. A Quest For Knowledge (talk) 16:36, 30 November 2010 (UTC)[reply]

If you do not have administrative rights on your work computer, then it is probably better to ask your IT department to fix the problem. Do all other work computers exhibit the same behaviour? Dbfirs 18:28, 30 November 2010 (UTC)[reply]

This might be a configuration error, or it may be intentional. If you work in a corporate environment or government agency that actually values security, your computer(s) probably have few or zero pre-installed root certificate authorities. This means that no computers are trustworthy (unless they are authenticated by your organization). On most standard Windows computers, a few root certificate authorities - that is, private agencies that are trusted by Microsoft and IANA, are pre-installed. Anything that these root authorities certify is then trusted via a chain of trust. So, by default, most Windows computers are "hard-wired" to trust VeriSign and Thawte - and by proxy, Google, and Yahoo, and eBay, and so on. Of course, if your organization deals with sensitive information, and as a rule doesn't trust outside agencies (such as VeriSign or Microsoft), then they will not consider any website "authenticated" unless it can trace its chain back to the agency's internal security root. Compare, for example, the root certificate authorities trusted by Mozilla. Nimur (talk) 19:16, 30 November 2010 (UTC)[reply]

You could use another browser instead on a flash drive, if the administraitor allows you to. General Rommel (talk) 21:22, 30 November 2010 (UTC)[reply]

I want to set up a wiki but can't run my own wiki software (running MediaWiki is the ideal but not achievable right now). As a Wikipedia habitué, I like the MediaWiki syntax (logic/content/function-driven) and am appalled at the idea of a wiki with a WYSIWYG editor (pbworks, wikispaces, moodle). By these criteria, I believe the only option is wikidot (quite dissimilar to MediaWiki syntax, and perhaps a chore for my collaborators to acquire a not-directly-transferable skill in it, but following comparable principles). Or is there another one I'm missing? Wareh (talk) 19:24, 30 November 2010 (UTC)[reply]

Have you considered using Wikia? Surely there are other wikimedia systems out there for hire! Graeme Bartlett (talk) 09:22, 1 December 2010 (UTC)[reply]

If you need more control might using Amazon EC2 ([3]) be an option? Running an appliance (like Turnkey's for example) on it might simplify things even further. Blakk and ekka 13:16, 1 December 2010 (UTC)[reply]

Thanks for the responses, and especially to Graeme for pointing out the obvious. I have no idea how I had forgotten about Wikia, which will be ideal for my purposes. Wareh (talk) 16:23, 2 December 2010 (UTC)[reply]

In php, what is the opposite of "array_reverse" 82.44.55.25 (talk) 20:29, 30 November 2010 (UTC)[reply]

There isn't an opposite of it. All it does is reverse the order of elements in an array. "Reverse" is relative to the starting array. Reverse the input array twice and it's the original input array again. If you're worried that the elements are unshuffled (Even though the keys are), just run ksort on the array to re-sort it by keys. --Mr.98 (talk) 20:37, 30 November 2010 (UTC)[reply]

Thank you for the answer but I am confused. In the php file there is the line "$text= array_reverse($text);" which when echoed produces a list which is in backwards order to the original. I want it to be in the same order as the input. I tried "$text= array($text);" but that didn't work 82.44.55.25 (talk) 21:20, 30 November 2010 (UTC)[reply]

str_split? 118.96.156.106 (talk) 23:46, 30 November 2010 (UTC)[reply]

If you don't want it reversed, you just don't use the function (e.g. comment out that line of code). If you have already run it through the function and want it reversed again, just run it through array_reverse again, and it will be the same as the input was. --Mr.98 (talk) 03:20, 1 December 2010 (UTC)[reply]

Is there any software that will take a large collection of images and automatically sort them into groups that are similar in appearance? Thanks 92.28.247.40 (talk) 22:07, 30 November 2010 (UTC)[reply]

Two programs I know of; ImgSearch and ImageSorter 82.44.55.25 (talk) 23:23, 30 November 2010 (UTC)[reply]

Thanks, Imagesorter only sorts by colour. Have not tried ImageSearch yet. Visipics is a duplicate finder that shows groups of similar photos at its lowest setting, but unfortunately you are unable to save them in groups. 92.29.116.196 (talk) 13:13, 1 December 2010 (UTC)[reply]