September 26, 2007

Anonymity

Anonymity is derived from the Greek word ανωνυμία, meaning "without a name" or "namelessness". In colloquial use, the term typically refers to a person, and often means that the personal identity, or personally identifiable information of that person is not known.

More strictly, and in reference to an arbitrary element (e.g. a human, an object, a computer), within a well-defined set (called the "anonymity set"), "anonymity" of that element refers to the property of that element of not being identifiable within this set. If it is not identifiable, then the element is said to be "anonymous".

An example: Suppose that only Alice, Bob, and Carol have the keys to a bank safe and that, one day, the contents of the safe are missing (without the lock being violated). Without any additional information, we do not know for sure whether it was Alice, Bob or Carol that opened the safe; the perpetrator remains anonymous. In particular, each of the elements in {Alice, Bob, Carol} has a 1/3 chance of being the perpetrator. However, as long as none of them has been identified as being the perpetrator with 100% certainty, we can say that the perpetrator remains anonymous.

Anonymity is not an absolute. That is, the degree of anonymity one enjoys may vary. In the above example, if Carol has an ironclad alibi at the time of the perpetration, then we may deduce that it must have been either Alice or Bob who opened the safe. That is, the probability of the elements {Alice, Bob, Carol} of being the perpetrator is now 1/2, 1/2, and 0 respectively. This clearly amounts to a reduction of the perpetrator's anonymity (i.e. although the perpetrator still remains anonymous, it is now more likely than before that (s)he is either Alice or Bob).

The term "anonymous message" typically refers to message (which is, for example, transmitted over some form of a network) that does not carry any information about its sender and its intended recipient. It is therefore unclear if multiple such messages have been sent by the same sender or if they have the same intended recipient.

Sometimes it is desired that a person can establish a long-term relationship (such as a reputation) with some other entity, without his/her personal identity being disclosed to that entity. In this case, it may be useful for the person to establish a unique identifier, called a pseudonym, with the other entity. Examples of pseudonyms are nicknames, credit card numbers, student numbers, bank account numbers, IP addresses. A pseudonym enables the other entity to link different messages from the same person and, thereby, the maintenance of a long-term relationship. Although typically pseudonyms do not contain personally identifying information, communication that is based on pseudonyms is often not classified as "anonymous", but as "pseudonymous" instead. Indeed, in some contexts, anonymity and pseudonymity are separate concepts.

However, in other contexts what matters is that both anonymity and pseudonymity are concepts that are, among other things, concerned with hiding a person's legal identity. In such contexts people may not distinguish between anonymity and pseudonymity.

The problem of determining whether or not the identity of a communication partner is the same as one previously encountered is the problem of authentication.

Means of obtaining anonymity

Anonymity is a result of not having identifying characteristics (such as a name or description of physical appearance) disclosed. This can occur from a lack of interest in learning the nature of such characteristics, or through intentional efforts to hide these characteristics. An example of the former would include a brief encounter with a stranger, when learning the other person's name is not deemed necessary. An example of the latter would include someone hiding behind clothing that covers identifying features like hair color, scars, or tattoos, in order to avoid identification.

In some cases, anonymity is reached unintentionally, as is often the case with victims of crimes or war battles, when a body is discovered in such a state that the physical features used to identify someone are no longer present. Anonymity is not always found in such morbid situations, however. As an example, a winner of a lottery jackpot is anonymous (one of however many play the lottery) until that person turns in the winning lottery ticket. Many acts of charity are performed anonymously, as well, as benefactors do not wish, for whatever reason, to be acknowledged for their action.

There are many reasons why a person might choose to obscure their identity and become anonymous. Several of these reasons are legal and legitimate - someone, for example, who feels threatened by someone else might attempt to hide from the threat behind various means of anonymity. There are also many illegal reasons to hide behind anonymity. Criminals typically try to keep themselves anonymous either to conceal the fact that a crime has been committed, or to avoid capture.

Anonymity and social situations

Anonymity may reduce the accountability one perceives to have for their actions, and removes the impact these actions might otherwise have on their reputation. This can have dramatic effects, both useful and harmful.

In conversational settings, anonymity may allow people to reveal personal history and feelings without fear of later embarrassment. Electronic conversational media can provide physical isolation, in addition to anonymity. This prevents physical retaliation for remarks, and prevents negative or taboo behavior or discussion from tarnishing the reputation of the speaker. This can be beneficial when discussing very private matters, or taboo subjects or expressing views or revealing facts which may put someone in physical, financial, or legal danger (such as illegal activity, or unpopular or outlawed political views).

With few perceived negative consequences, anonymous or semi-anonymous forums often provide a soapbox for disruptive conversational behavior. Some people^{[attribution needed]} label those who do this online as Internet trolls.

Relative anonymity is often enjoyed in large crowds. Different people have different psychological and philosophical reactions to this development, especially as a modern phenomenon. This anonymity is an important factor in crowd psychology.

Anonymity, commerce, and crime

Anonymous commercial transactions can protect the privacy of consumers. Some consumers prefer to use cash when buying everyday goods (like groceries or tools), to prevent sellers from aggregating information or soliciting them in the future. (Credit cards are linked to a person's name, and can be used to discover other information, such as postal address, phone number, etc.) When purchasing taboo goods and services, anonymity makes many potential consumers more comfortable with or more willing to engage in the transaction. Many loyalty programs use cards which personally identify the consumer engaging in each transaction (possibly for later solicitation, or for redemption or security purposes), or which act as a numerical pseudonym, for use in data mining.

Anonymity can also be used as a protection against legal prosecution. For example, when committing a robbery, many criminals will obscure their faces to avoid identification. In organized crime, groups of criminals may collaborate on a certain project without revealing to each other their names or other personally identifiable information. The anonymous purchase of a gun or knife to be used in a crime helps prevent linking an abandoned weapon to the identity of the perpetrator.

Issues facing the anonymous

Attempts at anonymity are not always met with support from society. There is a trend in society to mistrust someone who makes an effort to maintain their anonymity. This is often summed up in the statement, "You wouldn't want to stay anonymous unless you had something to hide." The implication is that there is no legitimate reason to obscure one's identity from the world as a whole.

Anonymity sometimes clashes with the policies and procedures of governments or private organizations. In the United States, disclosure of identity is required to be able to vote. In airports in most countries, passengers are not allowed to board flights unless they have identified themselves to some sort of airline or transportation security personnel, typically in the form of the presentation of an identification card.

On the other hand, some policies and procedures require anonymity. According to the Universal Declaration of Human Rights, "... periodic and genuine elections which shall be by universal and equal suffrage ... shall be held by secret vote or by equivalent free voting procedures."

Referring to the anonymous

When it is necessary to refer to someone who is anonymous, it is typically necessary to create a type of pseudo-identification for that person. In literature, the most common way to state that the identity of an author is unknown is to refer to them as simply "Anonymous." This is usually the case with older texts in which the author is long dead and unable to claim authorship of a work. When the work claims to be that of some famous author the pseudonymous author is identified as "Pseudo-", as in Pseudo-Dionysius the Areopagite, an author claiming—and long believed—to be Dionysius the Areopagite, an early Christian convert.

Anonymus, in its Latin spelling, generally with a specific city designation, is traditionally used by scholars in the humanities to refer to an ancient writer whose name is not known, or to a manuscript of their work. Very many such writers have left valuable historical or literary records: an incomplete list of such Anonymi is at Anonymus.

In the history of art, many painting workshops can be identified by their characteristic style and discussed and the workshop's output set in chronological order. Sometimes archival research later identifies the name, as when the "Master of Flémalle"—defined by three paintings in the Städelsches Kunstinstitut in Frankfurt— was identified as Robert Campin. The 20th-century art historian Bernard Berenson methodically identified numerous early Renaissance Florentine and Sienese workshops under such sobriquets as "Amico di Sandro" for an anonymous painter in the immediate circle of Sandro Botticelli.

In legal cases, a popularly accepted name to use when it is determined that an individual needs to maintain anonymity is "John Doe." This name is often modified to "Jane Doe" when the anonymity-seeker is female.

The military often feels a need to honor the remains of soldiers for whom identification is impossible. In many countries, such a memorial is named the Tomb of the Unknown Soldier.

Anonymity and the press

Most modern newspapers and magazines attribute their articles to individual editors, or to news agencies. An exception is the British weekly The Economist, which may be world's only un-bylined paper. All British newspapers run their leaders (i.e. editorials) anonymously.

Anonymity and politics

The history of anonymous expression in political dissent is both long and honourable, as in the Letters of Junius or Voltaire's Candide, or scurrilous as in pasquinades. In the tradition of anonymous British political criticism, the Federalist Papers were anonymously authored. Without the public discourse on the controversial contents of the U.S. Constitution, ratification would likely have taken much longer as individuals worked through the issues. The United States Declaration of Independence, however, was not anonymous. If it had been unsigned, it might well have been less effective. In The Infrastructure of Democracy, John Perry Barlow, Joichi Ito, and other US bloggers express a very strong support for anonymous editing as one of the basic requirements of open politics as conducted on the Internet. Saipansucks.com is an example of an anonymously written website that socially and politically criticizes the United States' Commonwealth of the Northern Mariana Islands.

@http://en.wikipedia.org/wiki/Anonymity

September 17, 2007

What is a Shell Account?

To run an Eggdrop bot, you need a "shell account". This is your own personal space on computer linked to the Internet via high-speed connections, typically housed in a data facility or colocation centre alongside many other computers configured as dedicated "servers". A shell server runs a Unix-derived operating system, such as GNU/Linux or FreeBSD. You can upload files to and run programs on your account using FTP, telnet, or SSH. Shell accounts are very similar to web hosting accounts, but are more basic, cheaper, and feature the tools necessary to compile your own programs, like Eggdrop. The term "shell" comes from the text-based command line interface you use to manage your account on the Unix server.

Unfortunately, unlike Eggdrop, shell accounts generally aren't free. But since they're always connected to the Internet, they are the most popular and cost-effective platform for hosting IRC bots. Shell accounts can also be used for other things, from IRC-related stuff like running a bouncer or your own IRC server, to sending/receiving e-mail, maintaining a web site, and downloading files at high speed for temporary storage (until you're ready to download them to your own machine). You don't have to be experienced with Unix in order to set up and maintain a bot on a shell account, but you will need to learn a few basic commands.

@www.egghelp.org

September 15, 2007

Installing OpenVPN

OpenVPN can be downloaded here.

For security, it's a good idea to check the file release signature after downloading.

The OpenVPN executable should be installed on both server and client machines, since the single executable provides both client and server functions.

Linux Notes (using RPM package)

If you are using a Linux distribution which supports RPM packages (SuSE, Fedora, Redhat, etc.), it's best to install using this mechanism. The easiest method is to find an existing binary RPM file for your distribution. You can also build your own binary RPM file:

rpmbuild -tb openvpn-[version].tar.gz

Once you have the .rpm file, you can install it with the usual

rpm -ivh openvpn-[details].rpm

or upgrade an existing installation with

rpm -Uvh openvpn-[details].rpm

Installing OpenVPN from a binary RPM package has these dependencies:

openssl
lzo
pam

Furthermore, if you are building your own binary RPM package, there are several additional dependencies:

openssl-devel
lzo-devel
pam-devel

See the openvpn.spec file for additional notes on building an RPM package for Red Hat Linux 9 or building with reduced dependencies.

Linux Notes (without RPM)

If you are using Debian, Gentoo, or a non-RPM-based Linux distribution, use your distro-specific packaging mechanism such as apt-get on Debian or emerge on Gentoo.

It is also possible to install OpenVPN on Linux using the universal ./configure method. First expand the .tar.gz file:

tar xfz openvpn-[version].tar.gz

Then cd to the top-level directory and type:

./configure
make
make install

Windows Notes

OpenVPN for Windows can be installed from the self-installing exe file on the OpenVPN download page. Remember that OpenVPN will only run on Windows 2000 or later. Also note that OpenVPN must be installed and run by a user who has administrative privileges (this restriction is imposed by Windows, not OpenVPN). The restriction can be sidestepped by running OpenVPN in the background as a service, in which case even non-admin users will be able to access the VPN, once it is installed. More discussion on OpenVPN + Windows privilege issues.

OpenVPN can also be installed as a GUI on Windows, using Mathias Sundman's installation package, which will install both OpenVPN and the Windows GUI.

After you run the Windows installer, OpenVPN is ready to use and will associate itself with files having the .ovpn extension. To run OpenVPN, you can:

Right click on an OpenVPN configuration file (.ovpn) and select Start OpenVPN on this configuration file. Once running, you can use the F4 key to exit.
Run OpenVPN from a command prompt Window with a command such as:
```
openvpn myconfig.ovpn
```
Once running in a command prompt window, OpenVPN can be stopped by the F4 key.
Run OpenVPN as a service by putting one or more .ovpn configuration files in \Program Files\OpenVPN\config and starting the OpenVPN Service, which can be controlled from Start Menu -> Control Panel -> Administrative Tools -> Services.

A GUI is also available for the Windows version of OpenVPN.

Additional Windows install notes.

Mac OS X Notes

Angelo Laub and Dirk Theisen have developed an OpenVPN GUI for OS X.

Other OSes

Some notes are available in the INSTALL file for specific OSes. In general, the

./configure
make
make install

method can be used, or you can search for an OpenVPN port or package which is specific to your OS/distribution.

September 14, 2007

Popular proxy software

The Squid cache is a popular HTTP proxy server in the UNIX/Linux world.
The Apache HTTP Server can be configured to act as a proxy server.
Private Proxy is a software product by PrivacyView Software that connects to an anonymous proxy server to mask a computers IP address.
Blue Coat's (formerly Cacheflow's) purpose-built SGOS proxies 15 protocols including HTTPS/SSL, has an extensive policy engine and runs on a range of appliances from branch-office to enterprise.
WinGate is a multi-protocol proxy server and NAT solution that can be used to redirect any kind of traffic on a Microsoft Windows host. It also provides firewall, VPN and mail server functionality. Its WWW proxy supports integrated windows authentication, intercepting proxy, and multi-host reverse-proxying.
Privoxy is a free, open source web proxy with privacy and ad-blocking features.
Microsoft Internet Security and Acceleration Server is a product that runs on Windows 2000/2003 servers and combines the functions of both a proxy server and a firewall.
IceWarp Mail Server includes web server with HTTP proxy which can be configured to screen all traffic with integrated antivirus and/or an external scanner.
JAP - A local proxy, web anonymizer software connecting to proxy server chains of different organisations
Tor - A proxy-based anonymizing Internet communication system.
Proxomitron - User-configurable web proxy used to re-write web pages on the fly. Most noted for blocking ads, but has many other useful features.
PHProxy is a Web HTTP proxy programmed in PHP to bypass firewalls and other proxy restrictions through a Web interface very similar to the popular CGIProxy.
The HTTP-Tunnel is a SOCKS and HTTP proxy server and client for Windows.
SJSWebProxy (SunMicrosystems) is a proxy server for HTTP and HTTPS (CONNECT) requests. It can also serve as a gateway for Ftp and Gopher traffic. It is also free for download.
Nginx Web and Reverse proxy server, that can act as POP3 proxy server.
SSH Secure Shell can be configured to proxify a connection, by setting up a SOCKS proxy on the client, and tunneling the traffic through the SSH connection.
yProxy is a NNTP proxy server that converts yEnc encoded message attachments to UUEncoding, complete with SSL client support.
PingFu is a proxy server and client for TCP and UDP applications
WWWOFFLE has been around since the mid-1990s, and was developed for storing online data for offline use.
Varnish is a high-performance HTTP accelerator with some features comparable to squid.
Ziproxy is a non-caching proxy for acceleration purposes. It recompresses pictures and optimizes html code, among other features.

September 11, 2007

Advanced Installation Guide

Contributed by Valentino Vaschetto.

This section describes how to install FreeBSD in exceptional cases.

Installing FreeBSD on a System without a Monitor or Keyboard

This type of installation is called a “headless install”, because the machine that you are trying to install FreeBSD on either does not have a monitor attached to it, or does not even have a VGA output. How is this possible you ask? Using a serial console. A serial console is basically using another machine to act as the main display and keyboard for a system. To do this, just follow the steps to create installation floppies, explained in Section 2.3.7.

To modify these floppies to boot into a serial console, follow these steps:

1. Enabling the Boot Floppies to Boot into a Serial Console

If you were to boot into the floppies that you just made, FreeBSD would boot into its normal install mode. We want FreeBSD to boot into a serial console for our install. To do this, you have to mount the boot.flp floppy onto your FreeBSD system using the mount(8) command.

# mount /dev/fd0 /mnt

Now that you have the floppy mounted, you must change into the /mnt directory:

# cd /mnt

Here is where you must set the floppy to boot into a serial console. You have to make a file called boot.config containing /boot/loader -h. All this does is pass a flag to the bootloader to boot into a serial console.

# echo "/boot/loader -h" > boot.config

Now that you have your floppy configured correctly, you must unmount the floppy using the umount(8) command:

# cd /

# umount /mnt

Now you can remove the floppy from the floppy drive.

2. Connecting Your Null-modem Cable

You now need to connect a null-modem cable between the two machines. Just connect the cable to the serial ports of the 2 machines. A normal serial cable will not work here, you need a null-modem cable because it has some of the wires inside crossed over.

3. Booting Up for the Install

It is now time to go ahead and start the install. Put the boot.flp floppy in the floppy drive of the machine you are doing the headless install on, and power on the machine.

4. Connecting to Your Headless Machine

Now you have to connect to that machine with cu(1):

# cu -l /dev/cuad0

On FreeBSD 5.X, use /dev/cuaa0 instead of /dev/cuad0.

That's it! You should now be able to control the headless machine through your cu session. It will ask you to put in the kern1.flp, and then it will come up with a selection of what kind of terminal to use. Select the FreeBSD color console and proceed with your install!

Preparing Your Own Installation Media

Note: To prevent repetition, “FreeBSD disc” in this context means a FreeBSD CDROM or DVD that you have purchased or produced yourself.

There may be some situations in which you need to create your own FreeBSD installation media and/or source. This might be physical media, such as a tape, or a source that sysinstall can use to retrieve the files, such as a local FTP site, or an MS-DOS® partition.

For example:

· You have many machines connected to your local network, and one FreeBSD disc. You want to create a local FTP site using the contents of the FreeBSD disc, and then have your machines use this local FTP site instead of needing to connect to the Internet.

· You have a FreeBSD disc, and FreeBSD does not recognize your CD/DVD drive, but MS-DOS/Windows® does. You want to copy the FreeBSD installation files to a DOS partition on the same computer, and then install FreeBSD using those files.

· The computer you want to install on does not have a CD/DVD drive or a network card, but you can connect a “Laplink-style” serial or parallel cable to a computer that does.

· You want to create a tape that can be used to install FreeBSD.

Creating an Installation CDROM

As part of each release, the FreeBSD project makes available at least two CDROM images (“ISO images”) per supported architecture. These images can be written (“burned”) to CDs if you have a CD writer, and then used to install FreeBSD. If you have a CD writer, and bandwidth is cheap, then this is the easiest way to install FreeBSD.

1. Download the Correct ISO Images

The ISO images for each release can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/ISO-IMAGES-arch/version or the closest mirror. Substitute arch and version as appropriate.

That directory will normally contain the following images:

Table 2-4. FreeBSD 5.X and 6.X ISO Image Names and Meanings

Filename	Contains
`version-RELEASE-arch-bootonly.iso`	Everything you need to boot into a FreeBSD kernel and start the installation interface. The installable files have to be pulled over FTP or some other supported source.
`version-RELEASE-arch-disc1.iso`	Everything you need to install FreeBSD and a “live filesystem”, which is used in conjunction with the “Repair” facility in sysinstall.
`version-RELEASE-arch-disc2.iso`	FreeBSD documentation (prior to FreeBSD 6.2) and as many third-party packages as would fit on the disc.
`version-RELEASE-arch-docs.iso`	FreeBSD documentation (for FreeBSD 6.2 and later).

You must download one of either the bootonly ISO image (if available), or the image of disc one. Do not download both of them, since the disc one image contains everything that the bootonly ISO image contains.

Use the bootonly ISO if Internet access is cheap for you. It will let you install FreeBSD, and you can then install third-party packages by downloading them using the ports/packages system (see Chapter 4) as necessary.

Use the image of disc one if you want to install a FreeBSD release and want a reasonable selection of third-party packages on the disc as well.

The additional disc images are useful, but not essential, especially if you have high-speed access to the Internet.

2. Write the CDs

You must then write the CD images to disc. If you will be doing this on another FreeBSD system then see Section 18.6 for more information (in particular, Section 18.6.3 and Section 18.6.4).

If you will be doing this on another platform then you will need to use whatever utilities exist to control your CD writer on that platform. The images provided are in the standard ISO format, which many CD writing applications support.

Note: If you are interested in building a customized release of FreeBSD, please see the Release Engineering Article.

Creating a Local FTP Site with a FreeBSD Disc

FreeBSD discs are laid out in the same way as the FTP site. This makes it very easy for you to create a local FTP site that can be used by other machines on your network when installing FreeBSD.

1. On the FreeBSD computer that will host the FTP site, ensure that the CDROM is in the drive, and mounted on /cdrom.

2.           # mount /cdrom

3. Create an account for anonymous FTP in /etc/passwd. Do this by editing /etc/passwd using vipw(8) and adding this line:

4.           ftp:*:99:99::0:0:FTP:/cdrom:/nonexistent

5. Ensure that the FTP service is enabled in /etc/inetd.conf.

Anyone with network connectivity to your machine can now chose a media type of FTP and type in ftp://your machine after picking “Other” in the FTP sites menu during the install.

Note: If the boot media (floppy disks, usually) for your FTP clients is not precisely the same version as that provided by the local FTP site, then sysinstall will not let you complete the installation. If the versions are not similar and you want to override this, you must go into the Options menu and change distribution name to any.

Warning: This approach is OK for a machine that is on your local network, and that is protected by your firewall. Offering up FTP services to other machines over the Internet (and not your local network) exposes your computer to the attention of crackers and other undesirables. We strongly recommend that you follow good security practices if you do this.

Creating Installation Floppies

If you must install from floppy disk (which we suggest you do not do), either due to unsupported hardware or simply because you insist on doing things the hard way, you must first prepare some floppies for the installation.

At a minimum, you will need as many 1.44 MB floppies as it takes to hold all the files in the base (base distribution) directory. If you are preparing the floppies from DOS, then they must be formatted using the MS-DOS FORMAT command. If you are using Windows, use Explorer to format the disks (right-click on the A: drive, and select “Format”).

Do not trust factory pre-formatted floppies. Format them again yourself, just to be sure. Many problems reported by our users in the past have resulted from the use of improperly formatted media, which is why we are making a point of it now.

If you are creating the floppies on another FreeBSD machine, a format is still not a bad idea, though you do not need to put a DOS filesystem on each floppy. You can use the bsdlabel and newfs commands to put a UFS filesystem on them instead, as the following sequence of commands (for a 3.5" 1.44 MB floppy) illustrates:

# fdformat -f 1440 fd0.1440

# bsdlabel -w fd0.1440 floppy3

# newfs -t 2 -u 18 -l 1 -i 65536 /dev/fd0

Then you can mount and write to them like any other filesystem.

After you have formatted the floppies, you will need to copy the files to them. The distribution files are split into chunks conveniently sized so that five of them will fit on a conventional 1.44 MB floppy. Go through all your floppies, packing as many files as will fit on each one, until you have all of the distributions you want packed up in this fashion. Each distribution should go into a subdirectory on the floppy, e.g.: a:\base\base.aa, a:\base\base.ab, and so on.

Important: The base.inf file also needs to go on the first floppy of the base set since it is read by the installation program in order to figure out how many additional pieces to look for when fetching and concatenating the distribution.

Once you come to the Media screen during the install process, select Floppy and you will be prompted for the rest.

Installing from an MS-DOS® Partition

To prepare for an installation from an MS-DOS partition, copy the files from the distribution into a directory called freebsd in the root directory of the partition. For example, c:\freebsd. The directory structure of the CDROM or FTP site must be partially reproduced within this directory, so we suggest using the DOS xcopy command if you are copying it from a CD. For example, to prepare for a minimal installation of FreeBSD:

C:\> md c:\freebsd

C:\> xcopy e:\bin c:\freebsd\bin\ /s

C:\> xcopy e:\manpages c:\freebsd\manpages\ /s

Assuming that C: is where you have free space and E: is where your CDROM is mounted.

If you do not have a CDROM drive, you can download the distribution from ftp.FreeBSD.org. Each distribution is in its own directory; for example, the base distribution can be found in the 6.2/base/ directory.

For as many distributions you wish to install from an MS-DOS partition (and you have the free space for), install each one under c:\freebsd -- the BIN distribution is the only one required for a minimum installation.

Creating an Installation Tape

Installing from tape is probably the easiest method, short of an online FTP install or CDROM install. The installation program expects the files to be simply tarred onto the tape. After getting all of the distribution files you are interested in, simply tar them onto the tape:

# cd /freebsd/distdir

# tar cvf /dev/rwt0 dist1 ... dist2

When you perform the installation, you should make sure that you leave enough room in some temporary directory (which you will be allowed to choose) to accommodate the full contents of the tape you have created. Due to the non-random access nature of tapes, this method of installation requires quite a bit of temporary storage.

Note: When starting the installation, the tape must be in the drive before booting from the boot floppy. The installation probe may otherwise fail to find it.

Before Installing over a Network

There are three types of network installations available. Ethernet (a standard Ethernet controller), Serial port (SLIP or PPP), or Parallel port (PLIP (laplink cable)).

For the fastest possible network installation, an Ethernet adapter is always a good choice! FreeBSD supports most common PC Ethernet cards; a table of supported cards (and their required settings) is provided in the Hardware Notes for each release of FreeBSD. If you are using one of the supported PCMCIA Ethernet cards, also be sure that it is plugged in before the laptop is powered on! FreeBSD does not, unfortunately, currently support hot insertion of PCMCIA cards during installation.

You will also need to know your IP address on the network, the netmask value for your address class, and the name of your machine. If you are installing over a PPP connection and do not have a static IP, fear not, the IP address can be dynamically assigned by your ISP. Your system administrator can tell you which values to use for your particular network setup. If you will be referring to other hosts by name rather than IP address, you will also need a name server and possibly the address of a gateway (if you are using PPP, it is your provider's IP address) to use in talking to it. If you want to install by FTP via a HTTP proxy, you will also need the proxy's address. If you do not know the answers to all or most of these questions, then you should really probably talk to your system administrator or ISP before trying this type of installation.

The SLIP support is rather primitive, and limited primarily to hard-wired links, such as a serial cable running between a laptop computer and another computer. The link should be hard-wired as the SLIP installation does not currently offer a dialing capability; that facility is provided with the PPP utility, which should be used in preference to SLIP whenever possible.

If you are using a modem, then PPP is almost certainly your only choice. Make sure that you have your service provider's information handy as you will need to know it fairly early in the installation process.

If you use PAP or CHAP to connect your ISP (in other words, if you can connect to the ISP in Windows without using a script), then all you will need to do is type in dial at the ppp prompt. Otherwise, you will need to know how to dial your ISP using the “AT commands” specific to your modem, as the PPP dialer provides only a very simple terminal emulator. Please refer to the user-ppp handbook and FAQ entries for further information. If you have problems, logging can be directed to the screen using the command set log local ....

If a hard-wired connection to another FreeBSD (2.0-R or later) machine is available, you might also consider installing over a “laplink” parallel port cable. The data rate over the parallel port is much higher than what is typically possible over a serial line (up to 50 kbytes/sec), thus resulting in a quicker installation.

Before Installing via NFS

The NFS installation is fairly straight-forward. Simply copy the FreeBSD distribution files you want onto an NFS server and then point the NFS media selection at it.

If this server supports only “privileged port” (as is generally the default for Sun workstations), you will need to set the option NFS Secure in the Options menu before installation can proceed.

If you have a poor quality Ethernet card which suffers from very slow transfer rates, you may also wish to toggle the NFS Slow flag.

In order for NFS installation to work, the server must support subdir mounts, for example, if your FreeBSD 6.2 distribution directory lives on: ziggy:/usr/archive/stuff/FreeBSD, then ziggy will have to allow the direct mounting of /usr/archive/stuff/FreeBSD, not just /usr or /usr/archive/stuff.

In FreeBSD's /etc/exports file, this is controlled by the -alldirs options. Other NFS servers may have different conventions. If you are getting “permission denied” messages from the server, then it is likely that you do not have this enabled properly.

September 9, 2007

Encryption Key Management

What needs to be done to effectively store the keys to your encrypted data.

· Published: Aug 22, 2007

· Updated: Aug 22, 2007

· Section: Articles :: Authentication, Access Control & Encryption

· Author: Ricky M. Magalhaes

This article is about Encryption key management, and will highlight what needs to be done to effectively store the keys to your encrypted data. Information in this article will prove useful and in many instances you may find that only after reading this article it will become apparent that encryption and key management needs to be well managed, to avoid catastrophe.

Encryption, a brief background

Man has always wanted to communicate with a trusted party in a confidential manner. In times of war the encryption used to transmit and store information was vital to winning the war. Today organizations are connected to the internet, using the internet as a medium the organization can communicate and transact with clients, suppliers and its own employees. Keeping the transactions confidential and the stored data confidential is a challenge, and many organizations have started to employ strong technical controls like device encryption and content (data) encryption to better secure their data and communications.

Encryption by virtue is a way of keeping data confidential and unreadable by unauthorized users. Typically a cipher is used; the cipher can be described as a lock, together with a key to process or Encrypt - lock and Decrypt - unlock the data. What was readable data, once processed, now becomes unreadable without the correct cipher and most importantly the key.

But why is the key so important? Well let’s look at this question logically. You have a safe. In the safe you have valuables. You need a key to get into the safe. If you lose the key to the safe it will take too long to get to your valuables. In turn this will cause a denial of service, meaning you will be denied access to your valuables. Now we have a few questions to ask ourselves. Where do we keep the key? Would it be a good idea to keep the key on top of the safe? If an intruder were to get into the location where the safe is, then he would most likely search for the key then gain access to the valuables. Even keeping the key in the same room as the safe is potentially a problem, as this could result in an unauthorized person locating the key.

It is clear that keys are fundamental to opening locks; similarly encryption keys are used to decrypt encrypted data and communication. It is clear that if the keys were found and copied, destroyed or lost, you would have a problem gaining access to whatever the keys were protecting. Ever lost the keys to your car? Not a good feeling… If you have a spare set, then you can find those and use them, but you are left wondering about who found the keys and what they might do with the keys.

Types of keys

Below are some different types of keys as described by NIST in the Key lifecycle documentation available

Key Management Lifecycle

Signing Keys
Transport Private Keys
Public Keys Used to Verify
Static Key Agreement Private Keys
Digital Signatures
Static Key Agreement Public Keys
Secret Authentication Keys
Domain Parameters
Public Authorization Keys
Initialization Vectors
Long term Data Encrypting Keys
Shared Secrets
Encrypted Keys
Seeds
Master Keys Used to Derive

So what is the solution?

It is very important to treat keys with the same, if not higher, regard to what the keys protect. If the encryption key protects your laptop and the prime is lost, it can result in you losing access to all the data on your laptop. Then it may be a good idea to have proper key management.

Key management

Good key management entails 10 simple yet necessary steps which will ensure that you will be able to gain access to your data or communications in a secure manner when you need it. Reference: NIST

Generally Should Archive

Signature verification key,
Secret authentication key,
Public authentication key,
Long term data encryption,
Key encrypting key used,
Key for key wrapping
Domain parameters

Should Not Archive

Signing key,
Private authentication key,
Short term data encryption key,
RNG key,
Key transport public key,
Ephemeral key agreement,
Private keys,
Secret authorization key,
Private authorization key,
Public authorization key,
Intermediate results and key material.

Make a backup of your encryption keys. If the encryption keys change, ensure that the changes are also backed up. This includes the restorability of the keys that are used for your archived data. If ever you need to restore the data you will need to decrypt the data. Countless organizations fall victim to this because of poor key management.
Ensure that the backups are recoverable and an effective disaster recovery plan that details the recovery of the keys from backup is in place. If historical data has been encrypted then this data should also be recovered and decrypted as part of your test.

Note:
As discussed in this article, storing the decryption keys with the encrypted data is bad practice, for this reason the keys should not be stored on the tapes that contain the encrypted achieved data.
Make sure that the logical access control to your encryption keys is secure and available to authorized users. Logical access to keys plays a vital role in keeping your data encrypted. Storing encryption keys on your local drives can lead to compromise, especially if the computer or device is partially encrypted. Typically keys are stored securely out of reach in a secure location.
Ensure that the keys are stored in a physically secure environment and that only authorized users can gain access to the keys. Physical access controls are of high importance as disruption in the key availability may result in failure in the decryption process.
Escrow the keys with a trusted third party, although you may feel that this is not a necessary step when things go wrong, I can assure you, you will wish you had escrowed the keys. Typically keys are escrowed and kept safely for many organizations without incident.
Ensure that the keys are not stored logically where someone could make a duplicate or destroy the key. Logical access controls are not enough if an unauthorized user can alter the state of the machine that the keys are stored on remotely or physically you will have a denial of service on your hands, resulting in the data not being able to be decrypted.
Ensure that you have a way of disposing the keys, locking out older, possibly compromised keys and creating new keys that will decrypt the data. This process needs to be carefully managed and security needs to be monitored throughout. It is common that through the key issue and revocation process a key compromise is structured by an unauthorized user.
Understand what data and communications has been encrypted by the keys so that if you have to issue a new key you are able to first decrypt and encrypt the data if your software does not perform this function automatically.
Ensure that the key is only used and issued from a secure system; often this rule is overlooked and will result in compromise. Not all computer systems are secure and as rootkits and software recording software become more pervasive caution needs to be taken when using the decryption key. Systems like the ones found at internet kiosks and other public facilities are good examples where more caution is needed.
Ensure that the key generation process has high security and that the process has integrity.

The above ten rules are guidelines that will aid an organization and individual in effectively managing keys to their most confidential information. On many occasions, decryption fails because of fundamental pitfalls made by key staff members that manage keys but lack the experience to make the right decisions.

Conclusion

Keeping an organization secure has many facets. In particular one of them is Encryption key management without the careful consideration of how the keys are managed. You may find yourself or your organization in a sticky situation. This article has taken you through a brief yet useful key management journey that will aid in keeping your organization and its encrypted data available and secure.

2007@www.windowsecurity.com

September 8, 2007

What is marijuana?

Marijuana is the dried flowers, leaves and stems of the Cannabis sativa plant. The main active ingredient in marijuana is THC (delta 9 tetrhydrocannabinol). Marijuana can range from 1% THC to 8%. Hashish can be 7% to 14% THC and hash oil is up to 50% THC. THC is a fat soluble substance and can remain in the lungs and brain tissue for up to 3 weeks. There are over 200 nicknames for marijuana, including pot, herb, mary jane and chronic.

How is marijuana used?
Marijuana is usually smoked, using a pipe, a bong or by rolling a joint. Blunts are cigars that are emptied of tobacco and refilled with marijuana, sometimes in combination with other drugs. It can also be eaten in food, for example, by baking it in brownies.

Why do people use marijuana?
Smoking marijuana can relax a person and elevate their mood. This can be followed by drowsiness and sedation. Other effects include heightened sensory awareness, euphoria, altered perceptions and feeling hungry ("the munchies"). High concentrations of THC may produce a more hallucinogenic response.

Are there short-term dangers of smoking marijuana?
Discomforts associated with smoking marijuana include dry mouth, dry eyes, increased heart rate and visible signs of intoxication such as bloodshot eyes and puffy eyelids. Other problems include:

Impaired memory and ability to learn
Difficulty thinking and problem solving
Anxiety attacks or feelings of paranoia
Impaired muscle coordination and judgment
Increased susceptibility to infections
Dangerous impairment of driving skills. Studies show that it impairs braking time, attention to traffic signals and other driving behaviors.
Cardiac problems for people with heart disease or high blood pressure, because marijuana increases the heart rate

It is virtually impossible to overdose from marijuana, which sets it apart from most drugs.

Are there long-term consequences to smoking marijuana?
Respiratory problems
Someone who smokes marijuana regularly can have many of the same respiratory problems as cigarette smokers. Persistent coughing, symptoms of bronchitis and more frequent chest colds are possible symptoms. There are over 400 chemicals that have been found in marijuana smoke. Benzyprene, a known human carcinogen, is present in marijuana smoke. Regardless of the THC content, the amount of tar inhaled by marijuana smokers and the level of carbon monoxide are 3 to 5 times higher than in cigarette smoke. This is most likely due to inhaling marijuana more deeply, holding the smoke in the lungs and because marijuana smoke is unfiltered.

Memory and learning
Recent research shows that regular marijuana use compromises the ability to learn and to remember information by impairing the ability to focus, sustain, and shift attention. One study also found that long-term use reduces the ability to organize and integrate complex information.

In addition, marijuana impairs short-term memory and decreases motivation to accomplish tasks, even after the high is over. In one study, even small doses impaired the ability to recall words from a list seen 20 minutes earlier.

Fertility
Long-term marijuana use suppresses the production of hormones that help regulate the reproductive system. For men, this can cause decreased sperm counts and very heavy users can experience erectile dysfunction. Women may experience irregular periods from heavy marijuana use. These problems would most likely result in a decreased ability to conceive but not lead to complete infertility.

Is marijuana addictive?
No one would argue that marijuana is as addictive as alcohol or cocaine. However, it's wrong to say that it is not at all addictive. More and more studies are finding that marijuana has addictive properties. Both animal and human studies show physical and psychological withdrawal symptoms from marijuana, including irritability, restlessness, insomnia, nausea and intense dreams. Tolerance to marijuana also builds up rapidly. Heavy users need 8 times higher doses to get the same effects as infrequent users.

For a small percentage of people who use it, marijuana can be highly addictive. It is estimated that 10% to 14% of users will become heavily dependent. More than 120,000 people in the US seek treatment for marijuana addiction every year. Because the consequences of marijuana use can be subtle and insidious, it is more difficult to recognize signs of addiction. Cultural and societal beliefs that marijuana cannot be addictive make it less likely for people to seek help or to get support for quitting.

How do I recognize a problem with marijuana?
Some warning signs are:

More frequent use
Needing more and more to get the same effect
Spending time thinking about using marijuana
Spending more money than you have on it
Missing class or failing to finish assignments because of marijuana
Making new friends who do it and neglecting old friends who don't
Finding it's hard to be happy without it

Because THC is fat soluble and remains in the body for up to 3 weeks, it's important to remember that withdrawal symptoms might not be felt immediately. If you find that you can't stop using marijuana, then remember, there's help on campus.

Is marijuana illegal?
Yes, marijuana is illegal and its possession, use, and sale carry heavy prison sentences and fines and disciplinary consequences at Brown. See the Brown University Policy on Drugs in the Student Handbook

What about the medical use of marijuana?
Marijuana's ability to enhance appetite has led to its medical use to reduce the physical wasting caused by AIDS and to reduce nausea for chemotherapy patients. According to the Marijuana Policy Project, 11 states have laws that allow patients to use medical marijuana despite the prohibition by federal law. For more information on state and federal laws, go the Marijuana Policy Project.

How do I help a friend who's having trouble with drugs?
If you are concerned about a friend's drug or alcohol use, this page contains information about different ways to help them.

Resources at Brown and in Providence
If you or a friend are having trouble with drugs or alcohol, or just have questions, there is help available.

from: www.brown.edu

August 31, 2007

How good a boss are you?

After 34 years in the attitude-survey business and thousands of employee polls, David Sirota knows what your subordinates want. Do you? Check this out, then take our quiz.
By Anne Fisher, Fortune senior writer

NEW YORK (Fortune) -- "A large part of what a good boss does is expedite things for employees - that is, help them get their jobs done by removing obstacles. This is not at all the same as 'making sure' they get their jobs done by raising the anxiety level. Most people are anxious enough already." So says David Sirota, head of Sirota Survey Intelligence, a research firm headquartered in Purchase, N.Y., that has surveyed millions of employees in Fortune 500 companies since its founding in 1972.

See the winners of Winning Workplaces' Best Bosses competition

Along with two co-authors, Sirota has summed up what the firm has discovered in a new book, "The Enthusiastic Employee: How Companies Profit by Giving Workers What They Want" (Wharton School Publishing, $26.95). We recently spoke about how to tell whether you're a good boss or a bad one. Some excerpts from our conversation:

To start with the most basic question: What makes a good boss, in employees' eyes?

All of our research consistently shows that people in general have three goals at work. First is fairness. They want to feel that they're being recognized and rewarded fairly for what they contribute. Second is achievement. People want to be proud of the organization and of their place in it. And third, camaraderie, meaning good working relationships and a sense of belonging to a team. If these three goals are met, you have enthusiastic employees.

The trouble is that, in most companies, morale among new hires is high and then, by about the six-month point, it has dropped sharply. Management has destroyed it. One thing bad bosses do is to deliberately make people feel insecure about their jobs. Another is, treat employees like children or criminals instead of like responsible adults.

A sign of a really bad boss is micromanaging, which I define as devoting punitive amounts of attention to minutiae. We've seen workplaces where people have to raise their hands if they want to go to the restroom. Another sign of a bad boss is when you hear employees say that they get no positive feedback at all. A common complaint is, "If we make a mistake, we hear about it, but for doing our jobs well, there is never a 'thank you'."

Just to play devil's advocate for a minute here, let me ask you this: Why should companies care whether employees are enthusiastic or not, as long as the work gets done?

Well, there is plenty of persuasive evidence of a direct link between employee morale and the overall performance of the company, including its stock price. That correlation seems to be a result of enthusiastic employees treating the company's customers particularly well. All of us at one time or another have dealt with an apathetic or even hostile customer-service person or salesperson and, by contrast, with someone who's enthused about his or her work. Enormous difference! A good or a bad direct boss is most often responsible for that.

And it can make or break a company's reputation. We recently did some work with the Mayo Clinic, whose prestige among patients and fellow practitioners comes partly from its employees' enthusiasm. We met nurses there who come in on their days off, just to check on their patients - not because they have to, but because they want to. But it's not just in the life-or-death medical profession that enthusiasm matters. We also worked with Keebler, and there was tremendous dedication and high morale there. People are pleased to be making a product that customers enjoy.

Don't most bosses - even rotten ones - think they are doing the right things? If you are a manager, how can you tell if you're a good boss or a bad one?

The surest way is to ask your people for feedback. How do they think you're doing? This is why 360-degree evaluations are so useful, because they give people the chance to offer you some constructive criticism. If your company has no formal 360-degree program, you have to seek out people's opinions yourself, and you may be glad you did. But you have to be careful how you ask, because people often are afraid to be honest with the boss. So you may need a bit of training in how to open the discussion so that you can actually learn something from it.

August 30, 2007

Microsoft will release Windows Vista SP1 early 2008

After dancing around the subject for months, Microsoft finally opened up Wednesday and said it will release the first Service Pack for Windows Vista in the first quarter of 2008 with a wider beta version coming in "a few weeks."

The announcement confirms Microsoft comments in a Department of Justice filing in June that the company would have a test version of SP1 out before the end of the year.

"We're feeling good about Windows Vista," said David Zipkin, a Microsoft senior product manager for Windows Client, in an interview.

He pointed out that among other metrics, Windows Vista had 12 security issues in its first six months compared with Windows XP's 36 during its first six months.

"At the same time, we are getting notes back that some people are having not so great experiences."

Microsoft has seen a number of setbacks with Windows Vista thus far. Earlier this year, Dell decided that it would again sell Windows XP systems due to high customer demand and then announced it would be selling computers pre-installed with Linux.

Many businesses, meanwhile, have opted to hold off on installing Vista indefinitely until Microsoft works out compatibility problems and other kinks.

Last month, Microsoft CFO Chris Liddell changed an earlier prediction for an 85 percent to 15 percent split between sales of Vista and XP in 2008 to a 78 percent to 22 percent split.

Performance, compatibility, and reliability have been among the biggest complaints of Windows Vista users. Many of the Windows Update fixes for Vista to date have addressed problems related to these three major trouble areas.

Microsoft appears to have listened, focusing most of Vista SP1 on under-the-cover features. As is typical for Windows service packs, many of the patches, fixes, and updates thus far released through Windows Update will be included in SP1, as well as some other fixes and adds.

However, Vista SP1 will not include new drivers, as they would weigh down the service pack because they are computer-specific. Those will continue being released by the driver vendor or via Windows Update.

One of the main goals of SP1 will be to improve performance. Among the performance enhancements will be a package released Tuesday via Windows Update that fixes problems related to poor memory management, long calculation times for estimating the time it will take to move or copy files, screen saver memory leaks, and delays returning from hibernation or stand-by mode. Vista SP1 will also include some tweaks to make Internet Explorer 7 speedier.

Other focuses for Vista SP1 will be reliability and administration. Several recent patches issued on Windows Update, including one Tuesday, have addressed reliability concerns. In the administrative arena, BitLocker Drive Encryption will now support encryption of any drive volume, rather than just the Vista drive.

Vista SP1 also will make it easier to connect and print to a local printer within Terminal Server sessions, add network diagnostics for file sharing problems, provide more options for Windows' disk defragmenter, and include the a remote access VPN tunneling protocol called the Secure Sockets Tunnel Protocol.

There will be some minor feature upgrades in Vista SP1, the most significant of which will be an ability for users to choose which program they want to handle desktop search by default, rather than making Microsoft's own search capabilities the only default. Google complaints brought on the announcement of those changes earlier this year.

Other changes include a new encryption generator, improved security algorithms, support for the ExFAT file format used in new consumer devices, better performance for SD Card data transfer, and common security APIs for security partners.

Users might think of service packs as heavy fixes because of the massive overhaul of the operating system in Windows XP SP2, but Vista SP1 will not include any major user interface changes. That means no new version of Windows Media Center, for example.

"This is not a feature delivery vehicle," Zipkin said. "It's not about breaking applications."

The download for Vista SP1 will be smaller than that of XP SP2, weighing in at about 50 Mbytes to XP SP2's 120 Mbytes. Vista SP1 also will be available through Windows Server Update Services, as a standalone one-gigabyte software package (larger because it includes full software components instead of only incrementally changed file portions), and through computer manufacturers once the final version is released.

Zipkin said Microsoft delayed discussion of Vista SP1 this long because it needed to find a balance between giving customers the right amount of time to react to the announcement and Microsoft the right amount of time to formulate and test the updates.

Also on Wednesday, Microsoft announced that Windows XP SP3 will be available in the first half of next year. Microsoft standard practice is to issue a service pack that includes all recent hot fixes and patches as a product reaches the end of its career. The only new feature in XP SP3 will be support for Network Access Protection, a security mechanism included in Windows Server 2008 and in Vista.

Microsoft began testing early pre-beta versions of Vista SP1 and XP SP3 earlier this month with approximately 100 testers, but copies of both quickly began appearing online to the chagrin of Zipkin. Some fixes in the leaks will not appear in the final versions of the updates.

"I think it's unfortunate that they were leaked," he said. "At this point in the game, that kind of information can give misdirection and misinformation to our customers."

See original article on InformationWeek.com

How do you have sex?

Sexual intercourse is sometimes called making love or having sex. It is when a man's hard penis goes inside a woman's vagina. If a man and woman are having sexual intercourse, then using a contraceptive properly, every time, will prevent the woman becoming pregnant. There is more information on the contraceptive page.

If two people have sexual intercourse, and one of them has a sexual infection, they could pass it on the other person. These infections are sometimes called sexually transmitted infections (STIs) or diseases (STDs). Using a condom is the best way to prevent any infection from being passed from one person to the other.

Sexual intercourse between a man and a woman starts with them both getting sexually excited. This is sometimes referred to as foreplay, and might involve kissing and cuddling, touching each other and other sexual activities. Foreplay is important as it means a woman's vagina begins to get moist and a man gets an erection. If the woman's vagina does not get moist enough, then having sexual intercourse could be difficult or painful for her.

If a couple are going to use a condom for protection against pregnancy or infections, they should put it on the man's penis as soon as he gets an erection. Some men say they worry about using condoms in case they lose their erection or have difficulty putting the condom on. You could get some condoms and practice beforehand. Condoms come with instructions in words and pictures which show exactly how to use them.

After the condom is on, the man or woman can guide his penis into her vagina. The couple then move their bodies so that his penis moves up and down inside her vagina. This usually rubs the penis and makes the man sexually excited so that he has an orgasm. The movement might rub the woman's clitoris too so she can have an orgasm. But this depends on the position the couple are in when they have sexual intercourse.

August 29, 2007

'Spider-man' suit secret revealed

A "Spider-man" suit that enables its wearer to scale vertical walls like the comic and movie superhero could one day be a reality, according to a study.

Natural technology used by spiders and geckos could help a human climb the side of a building or hang upside down from a roof, the analysis suggests.

The findings are published in the Journal of Physics: Condensed Matter.

Both spiders and geckos possess tiny "hairs" that allow them to stick to surfaces.

Some studies suggest that geckos can hold hundreds of times their own body weight.

In 2002, US research suggested this adhesion in geckos was due to very weak intermolecular forces.

These are produced by billions of hair-like structures of different sizes that are arranged in a hierarchical structure on each gecko foot.

The intermolecular "van der Waals" forces arise when unbalanced electrical charges around molecules attract one another.

The cumulative attractive force of billions of gecko hairs allows the reptiles to scurry up walls and even hang upside down on polished glass.

Size effect

Professor Nicola Pugno, from the Polytechnic of Turin, Italy, has calculated how sufficient stickiness could be generated in the same way to support an adult human's body weight.

But the bigger the surface that needs to stick, the lower its adhesion strength. So a glove able to fit a man's hand, and covered with artificial gecko hairs, should not be as sticky as a gecko's foot.

Luckily, the gecko only uses a fraction of the theoretical stickiness available through van der Waals forces.

"Some researchers were able to measure a [theoretical] adhesion strength 200 times higher than the adhesion strength in the gecko. But between theory and practical applications there is a large gap," said Professor Pugno.

"If we are able to make a surface a little bit stronger, so that the size effect vanishes, we might be able to make a suit with the same adhesion as a gecko."

The Turin-based researcher proposes that carbon nanotubes could be used as an artificial alternative to the gecko's hairs.

Carbon nanotubes are tiny cylinders of carbon that measure just a few billionths of a metre across. They are ultra-strong and can be organised into larger fibres.

Cleaning windows

Professor Pugno also outlined three properties which a real Spider-man suit must demonstrate.

Firstly, and most obviously, it must be able to demonstrate strong adhesive properties. Secondly, the suit must be able to detach easily from a surface after it has stuck. Thirdly, the suit must, to some degree, be able to clean itself.

The latter requirement is considered important because dirt particles could get in the way, interfering with the adhesive properties of the suit.

One way to do it is to make the suit "superhydrophobic", so that it strongly repels water. As water droplets are forced away from the contact areas of the outfit, they should wash away particles of dirt.

This property could be achieved simply by altering the geometrical properties, or topology, of the surface.

"To have all these mechanisms working together is difficult, because they are in competition with one another," Professor Pugno told the BBC News website.

"But geckos and spiders provide a natural demonstration that this can be done."

He added that there were many interesting applications for adhesive suits, in areas ranging from space exploration to defence. The work could also aid the design of gloves and shoes for window cleaners working on tall skyscrapers.

But human muscles are very different to those of geckos, so people would probably suffer from muscle fatigue if they tried to stick to a wall for many hours.

Copyright2007@news.bbc.co.uk