Charles Gutjahr

Melbourne, Australia

Don't let crime flourish online, keep strong encryption.

Malcolm Turnbull said this week that “the law must prevail online as well as offline”, and I wholeheartedly agree. We shouldn’t let crime flourish just because it happens online.

Lawful interception is a long-standing way of dealing with crime, and I think it has been a good thing. Australian Federal Police should be able to intercept and monitor communication between people when they have a warrant. However if end-to-end encryption is used then police are unable to read intercepted messages, even if companies handling the communication do their best to help. One day lawful interception could become completely useless because none of the information will be readable, and that could be devasting for police investigations.

However it is also reality. Lawful interception is dying, and Turnbull forcing companies to break into end-to-end encryption is not going to bring it back.

The laws won’t work because they’re intended for use in serious crime, and serious criminals aren’t going to be worried about using an encryption method banned by the law. It is inconceivable that keeping a message secret would ever be a more serious crime than terrorism or paedophilia. Criminals will keep their messages secret.

That’s probably why Turnbull is talking about going after Facebook and Google rather than the criminals. If tech companies replace secure encryption with an alternative that they can break into for police, perhaps a few criminals who don’t understand tech will get caught… until the word gets out that you can’t trust Facebook or Google any more, and everyone learns to use something secure. There are heaps of alternatives that will endure because they are decentralised and not dependant on any one company, for example OpenPGP or OTR.

But there are real risks to companies being forced to make people’s private data readable. Companies can have rogue employees who abuse that access. In the past Google fired staff who read private messages and stalked teenagers. Then of course there are hackers. In recent years hackers have stolen data on 500 million Yahoo users, 167 million people on LinkedIn and 150 million Adobe customers. Hackers held to ransom millions of messages between kids and parents in a CloudPets breach earlier this year. End-to-end encryption prevents hackers from gaining access to millions of private messages: if the company cannot read messages then their hackers cannot either.

What’s the point of undermining the security of things most people use, when anyone with an incentive to avoid interception can easily use something else to stay out of reach from the authorities?

We should not introduce this law if it stops few serious criminals but allows other cybercrime to flourish.

Natural gas in Victoria compared to world prices

A number of recent articles claimed that Japan was paying less for Australian natural gas than Australians are. That surprised me because I always thought natural gas was very cheap here in Victoria, and remember uni lecturers telling me that we were underpaying for gas here. Did I have it wrong?

The articles lacked specific numbers so I went looking for data myself. What I found was less dull than I expected, so I put it in this graph:1

Natural gas wholesale prices, A$ per gigajoule
Natural gas wholesale prices, A$ per gigajoule

So it is true that gas prices in Victoria have been very cheap in the past, especially compared to Japan. But recently Victorian prices have jumped up, and that coincides with a fall in world prices.

That is presumably why gas prices are a big deal in politics now.

Sources:

  1. Disclaimer: I know hardly anything about natural gas or its pricing! I just looked up numbers from reliable sources, standardised the units and graphed them. There might be subtleties in natural gas pricing that I failed to account for.

Adding a catchall to OS X Server Mail

OS X Server 5 provides very few options for its inbuilt mail server, and does not provide an apparent way to configure a catchall — an inbox that receives all email sent to your domain. Catchalls risk being spammed, but catchalls are still valuable if you use a different email address for every website – as I do.

Fortunately the mail server in OS X Server is powered by Postfix, an open-source mail transfer agent that has plenty of options, including support for catchalls. I couldn’t find another guide on how to do this, so here is mine:

tl;dr

Create a new Postfix virtual alias file with the catchall definition — don’t try to edit the one OS X Server generates — then use Apple’s serveradmin tool to change the Postfix virtual_alias_maps setting to include both your virtual alias file and the one generated by OS X Server.

Step-by-step guide

1. Choose a user

You need to pick one user that the catchall delivers to. You can choose your normal user if you like, but I recommend that you create a new user which is dedicated to receiving catchall email. That allows you to easily separate important email sent directly to you from the unimportant email your catchall will likely get.

For my example, I created a user called catchall.

2. Create a virtual users file

Postfix catchalls are normally configured in a virtual users file, and a standard installation of OS X Server 5 includes such a file in /Library/Server/Mail/Config/postfix/virtual_users. However OS X Server controls that file and will overwrite it whenever it chooses, so you cannot configure your catchall in here without the risk of it being lost.

Instead, use Terminal to create a new file called virtual_catchall in the same folder:

$ sudo nano /Library/Server/Mail/Config/postfix/virtual_catchall

Add line for each catchall that you want. Write your domain name (with an @ prefix) first, then a tab, then the name of the user you chose to receive the catchall emails. So if your domain is example.com and your user catchall then write this in your file:

@example.com	catchall

If you’re using nano to edit the file, type Ctrl-O, Return, Ctrl-X to save and close the file.

3. Compile the virtual users file

Postfix does not read your new file directly, but instead will read a compiled binary version of it. To produce that, run postmap:

$ sudo postmap /Library/Server/Mail/Config/postfix/virtual_catchall 

4. Update OS X Server’s configuration

The final step is to tell OS X Server to use your new virtual_catchall file in addition to the one that already exists. Again, you cannot edit the Postfix configuration files directly because OS X Server will overwrite them. Instead in this case you must use Apple’s serveradmin tool.

First check what your current virtual_alias_maps setting is by looking at the main Postfix config file:

$ grep "^virtual_alias_maps" /Library/Server/Mail/Config/postfix/main.cf

By default it should be:

virtual_alias_maps = $virtual_maps hash:/Library/Server/Mail/Config/postfix/virtual_users

You need to take that existing setting and your catchall file onto the end. The critical thing is to use serveradmin to do that instead of editing the file directly:

$ sudo serveradmin settings mail:postfix:virtual_alias_maps = $virtual_maps hash:/Library/Server/Mail/Config/postfix/virtual_users hash:/Library/Server/Mail/Config/postfix/virtual_catchall

OS X Server will immediately apply the changes to Postfix, and your catchall should now be accepting email. It is worth checking that the main Postfix config file was updated correctly, ie:

$ grep "^virtual_alias_maps" /Library/Server/Mail/Config/postfix/main.cf

This time you should see something like:

virtual_alias_maps = hash:/Library/Server/Mail/Config/postfix/virtual_users hash:/Library/Server/Mail/Config/postfix/virtual_catchall

I notice that the $virtual_maps setting disappeared on my system when I did this. I don’t know why that is, but given that its loss didn’t seem to cause problems I haven’t looked into it.

The final test is simple: just email any random email address @ your domain and you should see it arrive in your catchall inbox!