What Happens When You Fail To Comply With NSA Wiretaps?

June 12th, 2013 illunatic

This is what happens.

> How far up the chain of command did the decision-making process
> reach? Did the NSA contact the CEO of Verizon, the chairman of the
> board of Google, etc. and say, “Do you mind if we take a peek?” or
> did they target some VP of operations and say, “Do this for us, and
> don’t tell your boss”?
>
> If the decision to comply with the request reached the executive
> levels, why were there no mass resignations, a la Nixon’s Saturday
> Night Massacre? Why did no one take a stand and say, “I will not
> sign off on doing this”? If some number of executives all tendered
> their resignations with no explanation, Wall Street would have taken
> notice.

We know what happened in the case of QWest before 9/11. They
contacted the CEO/Chairman asking to wiretap all the customers. After
he consulted with Legal, he refused. As a result, NSA canceled a
bunch of unrelated billion dollar contracts that QWest was the top
bidder for. And then the DoJ targeted him and prosecuted him and put
him in prison for insider trading — on the theory that he knew of
anticipated income from secret programs that QWest was planning for
the government, while the public didn’t because it was classified and
he couldn’t legally tell them, and then he bought or sold QWest stock
knowing those things.

This CEO’s name is Joseph P. Nacchio and TODAY he’s still serving a
trumped-up 6-year federal prison sentence today for quietly refusing
an NSA demand to massively wiretap his customers.

This has ugly parallels with the Aaron Swartz case and with the
federal persecution of hundreds of state-legal medical marijuana
providers. In this case a corrupt federal prosecutor (is there any
other kind?) did the dirty work of the NSA by performing an “ordinary,
everyday” legal rape of an innocent person: find any of the half a
dozen federal felonies that every person commits every day, and
prosecute them for it. Not because their “crime” was terrible or
heinous. But because they didn’t kowtow to some smiling bastard in an
out-of-control agency.

kbox – Add a Mini Linux Environment to Android Without Rooting Device

May 24th, 2013 illunatic

It’s fairly easy to set up this small linux distro called kbox on a device running Android 3.0 or higher. The miniature Debian environment has a few useful packages available which you can find at the kbox package downloads page. By the end of this guide you will have a small linux command line environment which you can shell into or out from with ssh without rooting your device.

Install Android Terminal Emulator The Android Terminal Emulator by Jack Palevich can be found, at the time of this publishing, at the Google play store. I have not tried other terminal emulators, but this one creates a writable data area which will allow you to install kbox2.

kbox2 Installation Notes

The complete instructions for how to install kbox2 required a couple of additional notes, so follow the official instructions and keep the following in mind.

The documentation describes the writable directory as /data/data/jackpal.androidterm
On my Nexus S, however, the directory is actually found at /android_root/data/data/jackpal.androidterm You should be able to run ls / to view the root directory and determine if the data directory is there or nested inside of android_root.

Keep in mind that you won’t be able to tab complete (volume up button + t) the directory names if you don’t have root permission. So you will need to type the entire path to the directory “jackpal.androidterm”.

Download the kbox2 base installer and copy it to your device’s download directory. As long as you know the path to this file and the path to the jackpal.android term directory, you should be able to follow the official kbox2 instructions without problems.

Configure Terminal to Run KBOX shell By Default

This is step number 8 of the official instructions. Take note that you have the correct path to the kbox shell. For me it is /android_root/data/data/jackpal.androidterm/kbox2/bin/kbox_shell. This will ensure that you are in the kbox environment every time you open the Android Terminal Emulator.

Setting Up ssh, scp and sshd Server

That’s right. You can actually shell into your Android device now. The first thing you need to do is install the Dropbear dependency, kbox-login, which a few kbox.deb packages rely on. Running dpkg -i /sdcard/download/kbox-login_0.0.1_kbox.deb or whatever the path may be for you should do the trick.

Next, install Dropbear package which includes ssh, scp and sshd. If kbox-login is installed, dpkg -i /sdcard/download/dropbear_0.52_kbox.deb should install these services.

Automate Your ssh

This what primarily attracted me to kbox, so I took a few steps to make ssh life easier.

We’re going to need a text editor, so grab the vim package for dbox and install it with dpkg -i /sdcard/download/vim_7.3.3_kbox.deb or whatever the path is for you.

Let’s test out our ssh destination to make sure it works. If you have shell access to a server, run ssh -l username xxx.xxx.xxx.xxx, where xxx is the IP of the server (assuming the server is listening on the default port of 22). You should be prompted with a password and asked to accept a key upon login. For the sake of trivia, keys are stored in /home/kbox.ssh/known_hosts.

Creating a config in .ssh with host info did not work for me in this environment, so let’s create a simple bash script to do make ssh connection to our host much easier.

The key to automating this script is to create the script in the default bin directory. Change to that directory with cd /usr/bin

Now run vim scriptname.sh. I like to use names such as sshNameOfHost.sh so it’s easy to remember. If you’re not used to vim or this terminal, here is how to use it.

Press “i” to toggle insert mode which allows you to begin typing. Now you may enter the following script, replacing the IP and username with your info. The port option (-p) does not need to be included if your host is using port 22, but be sure to specify if your host uses a different port.

#!/bin/bash

ssh "xxx.xxx.xxx.xxx" -p "22" -l "username"

After the script is entered, press the volume up button followed by the “e” key to escape insert mode. Now enter :w (it should appear at the bottom of the screen) and press return. It should say “…characters written”. Close vim by entering :q and pressing return.

Run ls /usr/bin/ and your script should be listed.

Now run chmod u+x scriptname.sh, replacing scriptname with your actual scriptname.

Chang back to /home/kbox and try to run your script by typing the first few letters of the script name and tab complete by pressing volume up + t. It should auto-complete the script name for you to run by pressing return. If all went well, you should be prompter for your password by your host. You can create one of these scripts for each host you intend to connect to often.

Hosting ssh Server on Your Android Device

The ssh server works out of the box using the details found under Dropbear at the KBOX downloads page or see the blockquote below. I recommend changing the default password and port.

Get your wlan0 “inet addr” by entering ifconfig in the KBOX terminal. This is what you will connect to over a local network. I have no idea how to connect to the rmnet0 inet addr and the public IP of the mobile network so far.

Ignore the dss error since we’re using rsa. It should be running and connectible. Open a linux terminal (or Putty if you’re Winstipated) and run ssh -p 10022 xxx.xxx.xxx.xxx using your devices inet addr. Congrats! You can now shell into your kbox terminal from a desktop machine like a normal person.
… More like an awesome person.

ssh (server)
This is a somewhat modified version of the Dropbear ssh server, which takes the user credentials as command-line arguments. This is because Android Linux has no user-level authentication. Note that the user ID (specified by the -U argument) must be the user ID of the terminal emulator app running the script, or nobody will be able to log in.

The package provides a script /bin/ssh_daemon.sh that will launch the ssh server with somewhat sensible arguments, specifying user credentials and port number. This script is provided as a basis for customization, and is not really intended to be used as it is. The credentials are taken from /etc/kbox-passwd, which is a plain text file, and default to kbox/kbox. The port number for client connection is specified in /etc/kbox_ports.rc. As in any Linux system, the port number must be above 1024 for non-root usage.

The script will read an RSA server key from $HOME/.rsa_host_key. The dropbearkey utility can be used to create this key, but it should be created automatically the first time ssh_daemon.sh is executed.

In order to connect to the sshd server, when run as described above, clients need to specify the port number on the command line (e.g., ssh -p 10022 kbox@[my_andoid_ip]).

List of Utilities

This list includes those added by kbox-login, dropbear and vim. Please excuse the monospace runoff.

[                  fgrep              mesg               sha512sum
[[                 file               mkdir              showkey
ar                 file.bin           mkfifo             sleep
arp                find               mknod              smemcap
ash                findfs             mkswap             softlimit
base64             flash_lock         mktemp             sort
basename           flash_unlock       modinfo            split
bash               flashcp            modprobe           ssh
beep               flock              more               backup-ssh_daemon.sh
bin                fold               mpstat             sshHostname.sh
blkid              freeramdisk        mv                 sshd
blockdev           ftpd               nbd-client         sshmemepirate.sh
bunzip2            ftpget             nc                 start-stop-daemon
busybox            ftpput             netstat            strings
bzcat              fuser              nice               stty
bzip2              getopt             nmeter             sum
cal                grep               nohup              sv
cat                groff              nroff              svlogd
catv               grotty             od                 sync
chat               gtbl               openvt             sysctl
chattr             gunzip             patch              tabs
chgrp              gzip               pidof              tac
chmod              halt               ping               tail
chown              hd                 pipe_progress      tar
chpst              hdparm             pmap               tbl
chroot             head               poweroff           tcpsvd
chrt               hexdump            powertop           tee
chvt               hostname           printenv           telnet
cksum              httpd              printf             test
clear              id                 ps                 time
cmp                ifconfig           pscan              timeout
comm               ifdown             pstree             top
cp                 ifup               pwd                touch
cpio               init               pwdx               tput
cttyhack           inotifyd           raidautorun        tr
cut                insmod             rdev               troff
date               install            readlink           true
dbclient           iostat             readprofile        tset
dc                 ip                 realpath           ttysize
dd                 ipaddr             reboot             tunctl
deallocvt          ipcalc             reformime          tune2fs
depmod             iplink             renice             udhcpc
devmem             iproute            reset              uname
diff               iprule             resize             uncompress
dirname            iptunnel           rev                unexpand
dmesg              kbox-login         rm                 uniq
dnsdomainname      kbox_shell         rmdir              unix2dos
dos2unix           klogd              rmmod              unlzma
dpkg               less               route              unlzop
dpkg-deb           linuxrc            rtcwake            unxz
dropbear           ln                 run-parts          unzip
dropbearkey        loadkmap           runsv              uudecode
du                 login              runsvdir           uuencode
dumpkmap           losetup            rx                 vi
echo               ls                 scp                vim
egrep              lsattr             script             volname
envdir             lsmod              scriptreplay       watch
envuidgid          lspci              sed                wc
expand             lsusb              seq                wget
expr               lzcat              setconsole         which
fakeidentd         lzma               setkeycodes        whoami
false              lzop               setlogcons         whois
fbset              lzopcat            setserial          xargs
fbsplash           make_ssh_keys.sh   setsid             xz
fdflush            makedevs           setuidgid          xzcat
fdformat           makemime           sh                 yes
fdisk              man                sha1sum            zcat
fgconsole          md5sum             sha256sum

Porting Linux Utilities to KBOX

If there is a linux utility that you can’t live without, it may be possible to port it to KBOX. See the section “What is involved in porting Linux utilities to KBOX?” in the KBOX faq. That said, there is a decent list of packages currently available for kbox including ftp, unrar, hexeditor, gcc, make, perl, gpg, kcrypt (file encryption), rsynch and more.

Tweet at the House Intelligence Committee and tell them to stand up for your privacy!

March 19th, 2013 illunatic

You may also like to contact your representatives and ask them to oppose CISPA.

White House Wages War On Freedom

February 28th, 2013 illunatic

liberty-drowning

The title reads “Return the Statue of Liberty to France until the Patriot Act is repealed” in what may be one of the most concise petitions to have appeared on the site. The body of a new whitehouse.gov petition consists of a single sentence.

We the People of the United States petition our government to return the Statue of Liberty to France until Congress repeals the Patriot Act.

The creator of this petition, referred to on the site as S.T., says his motivation for creating this petition came when he “… was watching a video of a press conference of Joe Biden talking about intellectual property, someone commented we don’t deserve the statue of liberty anymore and I agreed.”

The video mention features Vice President Joe Biden introducing Victoria Espinel, U.S. Intellectual Property Enforcement Coordinator. Her opening statement describes workers, artists, engineers, scientists and small businesses as being concerned that they are going to lose jobs because of overseas counterfeiting. Also, the entertainment production workers and technicians, whose pension funds are at risk of being drained by piracy. Pension funds?

She outlines six broad categories for fighting against the erroneous term “intellectual property” infringement. The fallacy of this term must be pointed out here to ensure that the false assumption this plan is built on is apparent. Please take time to read this work by Dr. Richard Stallman regarding some of the problems that stem from the use of the nonsensical term “intellectual property“. BTW, consider including the words “intellectual property” in any links you share to this page so that search engines will be better able to direct users to this page based on searches that include this term.

The first category is to lead by example. This can likely be taken as a request to the U.S. House of Representatives to stop downloading and sharing movies and music that are subject to copyright. Which makes sense. If you were waging an all out war on copyright infringement, you wouldn’t want to have 800 government pirates leading a contrasting example, would you?

The second strategy is to be transparent, which is described as “making sure the public has good information about our policies and our actions.” With this statement, Victoria Espinel gives the impression that she doesn’t understand that transparency means making sure that the public has all information about their policies, not just the good information. The whole purpose of transparency is to allow for criticism from the public when they propose terrible, costly and dangerous strategies based on an unfounded threat.

The third item is simply to improve coordination to improve efficiency and effectiveness. This is extended to the fourth which is to work with foreign governments to enforce American rights overseas. Ah, nothing quite like the old fashioned enforcement of U.S. civil law on foreign countries. Exactly the type of thing that makes the U.S. so popular with the rest of the world. Specifically, shutting down foreign websites that violate American “property” rights and prioritizing enforcement of these laws in China are mentioned. Considering that in 2011 we saw China named world’s top patent filer, there is a good chance this could backfire and the world will come to learn the the U.S. has been violating China’s patents all along! Who knew?

The fifth agenda under the umbrella of protecting the erroneous term called “intellectual property” is to give law enforcement more authority to invade your privacy, encourage the private sector to police the public for civil torts such as copyright infringement (see the six strikes policy) to reduce infringing “products” from entering our country through our borders and over the internet. You know, if it can enter our country over the internet, it is not a product. This is a huge assumption deserving serious consideration from recognized experts who have dedicated their lives to the development and study of the internet. It also deserves consideration of the organizations dedicated to protecting the human rights and freedoms that have been swept aside by this agenda.

That last part of this very broad attack on global freedoms is to gather better information and data to make sure their methods are effective as possible in combating theft of ideas and creativity. WTF? Did somebody steal Victoria Espinel’s ideas and creativity? This must be the case because, short of physically stealing her brain, there is no way to steal her ideas or creativity. Is that really what we’re waging this expensive war against? The childish presumption that pirates are going to steal our ideas and creativity? The “better data” that is to be gathered should relate to assessing the actual threat, or complete lack thereof, that piracy poses to our nation. This should then be compared to the extraordinary costs that have been allocated to fighting this phantom threat.

On the one hand, piracy has been blamed for unverified claims of lost revenue and the unverified claims of unverified jobs lost or the potential of jobs lost.

On the other hand, file-sharing pirates buy more. That is verified, increased revenue that is directly related to file-sharing. The only money lost here is the money spent to attack this source of revenue.

Another way anti-pirates are harming the economy is buy attacking innovation in the industry built on providing access to works (not properties) of art and intellect. This means that not only are actual jobs lost as budding solutions are raped by a callous anti-pirate regime, but any jobs these solutions would grow to create are being prevented. We are not only losing jobs to anti-piracy, but we are also prevented from gaining jobs and growing an industry that would improve our economy.

“To state is very bluntly and obviously, piracy hurts. It hurts our economy to the tune of billions. Some argue tens of billions of dollars in lost private sector profit and government revenue,” Biden claims.

Why, yes. That is an obviously blunt statement. In so many words, the figures pertaining to the actual damage cause by piracy are unverified. It could be billions. It could be tens of billions, depending on who is arguing. Why, it has even been argued that the cost of fighting piracy is far more detrimental to our economy and human rights than any actual threat piracy may pose. Got a roach problem? Burn the fucking house down, baby!

“Counterfeits kill! Counterfeits kill!” Threats to safety are erected like scarecrow by the Vice Pres. in order to ward off any doubts against these attacks on file-sharing. Counterfeit medicine and auto parts are going to destroy us all unless we stop internet piracy! Counterfeit products are in no way related to your freedoms and right to a fair trial over a civil tort related to file-sharing. It is completely uncalled for to attack civilian rights which in no way contribute to these counterfeit problems.

Oh yeah, counterfeits also stifle creativity. Because if somebody copies you, fuck it! There goes your ability to think of something new! u4t has stolen your creativity and sold it on ebay.

Well, considering all this bullshit is being pushed based on a clearly false assumption of “intellectual property,” debating anything beyond that is a waste of time. Below you may watch the video that inspired the petition to return our great symbol of liberty which now seems to be a representation of the ideals this country once lived by to the country that gave it to us. That country is France, home of HADOPI which allows those who infringe copyright online to be severely punished by having their internet service disconnected. Hopefully, all of France will lost their internet connection and they can spend their time maintaining their returned gift, the Ghost of Liberty.

The petition can be found here:
Return the Statue of Liberty to France until the Patriot Act is repealed.

Cory Doctorow Speaks While Promoting Homeland Book

February 22nd, 2013 illunatic

Homeland_Cory_Doctorow

Here is a video of Cory Doctorow’s talk at his Decatur, Georgia stop of his tour for his new book Homeland. Video courtesy of Andrew Norton of Politics & P2P.

There is some good information in this talk about the difference between the law as it is legislated and the law as it is decided by the judicial system, which is not always what you would expect based on the written law. The story of Aaron Schwartz is told, from his jstor case to his involvement in raising awareness of SOPA.

Take a look at the video below and if you are in the Austin, TX area you can come see Cory Doctorow speak at Book People tonight, 02/22/13 7:00PM.

603 N Lamar Blvd
Austin,
Texas
78703-5413
United States

If you can’t make that, you can find the last few stops of the Homeland tour schedule at tor.com.

Examining the CC BY-ND License

February 20th, 2013 illunatic

Having jumped into a discussion between Dr Richard Stallman and some Pirate Party leaders, it came to a point in the discussion where examining this particular license seemed appropriate. So here it is, hopefully with more responses from Pirate Party International affiliates and RMS to follow. If you would like to read previous posts by others, follow future discussions until the end of February or even leave your own response, you may do so at the PPI General Mailing List archive. If you are reading this GPL WordPress blog and don’t recognize the name Richard Stallman, minimal research will probably show you that his work is already a part of your life.


Is it ever appropriate for works of opinion and art be limited to a no derivative (ND) licenses?

Thank you, Richard, for the helpful responses and consideration. While I have the opportunity, thanks for FSF and GPL as well! Thanks to everyone here for taking a moment to go back to basics.

Please consider that these questions and observations are motivated by an effort to understand why RMS, who has expressed a wish to preserve his message, has chosen this license. It is also an attempt to really clarify what limits are still imposed by such licensing, who they are imposed upon and whether it is to be considered an actual imposition at all. ( “Imposition” Def. 1b http://www.merriam-webster.com/dictionary/imposition )

/* The freedom to use works as defined by http://creativecommons.org/licenses/by-nd/3.0/us/ */

########## Questions! Questions Everywhere! ##########
Under this license you are free to share and free to make commercial use of work, yet the work must always remain in its original context. It demands that, as far as the law is observed, an original copy of the work as intended will be produced.

For each copy that is made, it is mandatory that the original context and message expressed by the author or artist is preserved and disseminated without distortion. This seems similar to the spirit or intent that once inspired copyright law. A clear difference apparent in the CC BY-ND license is attempt to clearly provide safe harbor to users in a way that creates a few layers of security against much of the abuses the modern copyright law allows for. Copyright troll lawyers and the use of copyright as a tool for censorship being two examples of how such licensing is exploited.

This is a most honorable intention which may be lost on copyright, but does it find legs to stand on in the CC BY-ND license? If, from the dawn of copyright hitherto, CC BY-ND had been adopted as the popular license to apply toward works of our time, the public position that is growing as a response to harsh copyright law in our actual time line may not exist today to include the minority of individuals are currently limited by the license. Most of us would be content.

What are the limits of the freedoms of a ND license?

/* Definitions http://creativecommons.org/licenses/by-nd/2.0/legalcode
b. “Derivative Work” means a work based upon the Work or upon the Work
and other pre-existing works, such as a translation, musical
arrangement, dramatization, fictionalization, motion picture version,
sound recording, art reproduction, abridgment, condensation, or any
other form in which the Work may be recast, transformed, or adapted,
except that a work that constitutes a Collective Work will not be
considered a Derivative Work for the purpose of this License. For the
avoidance of doubt, where the Work is a musical composition or sound
recording, the synchronization of the Work in timed-relation with a
moving image (“synching”) will be considered a Derivative Work for the
purpose of this License. */

Because this license is designed to preserve existing fair use and fair dealing or good faith rights, it seems that this is where the real limits of the license are to be found. Fair use and fair dealing, as they are legislated in the US, may deserve some scrutiny, but that falls outside the scope of this license.

Who is the individual whose usage of CC BY-ND licensed work is being limited?

Based on the preservation of fair use rights in the US, the individual being limited by CC BY-ND licensing appears to be the remix artists who intend to produce a commercial derivative work without the permission of the producer of the work. Or is this lending too much credit to what fair use allows? What does fair use allow in other regions? The way this license is applied seems as though it has the potential to vary quite a bit.

Is this interpretation accurate? Of whom else does this license limit freedom of use?

Under fair use in the US, derivative works could be made for purposes such as criticism, comment, news reporting, teaching, scholarship, or research.

Under the terms of ND licensing, a high value is placed on preserving and sharing the message embodied in the work of an artist, author or speaker.

Is ND licensing intended to or does it, in fact, interrupt the production of non-commercial works derived from CC BY-ND licensed works? It seems like derivative works are restricted only by the limits of regional fair use and fair dealing.

Is this an accurate interpretation of the license? It is what you had previously expected from this license?

So, this happened…

February 18th, 2013 illunatic

There’s really only one reason to follow Green Pirate on twitter and that is because occasionally this happens, which is mildly amusing.

tpb-afk

My favorite thing about that response is how clearly the tone of “not sure if troll or really that stupid” comes across with the response.

Anyway, the documentary is a great introduction to the whole pirate movement thing as well as a fun glimpse at the personalities of the founders of The Pirate Bay. If you haven’t seen it yet, go search for TPB-AFK on Duck Duck Go or some other search site that doesn’t break your search results by filtering out torrents.

Yes. Yes you did just read a blog post about a tweet.

Steam Games Now Supported on Linux

February 15th, 2013 illunatic

Ehrmagherd! Look at all these Valve games available on linux now. I haven’t been able to try any yet, but seeing games like Counter-Strike and Half-Life ported over to linux is really cool.

This means a lot for linux based operating systems as game support has long been a big hangup for people who might otherwise use some of the more competitive linux based operating systems such as Ubuntu and Mint. Granted, it will be a while before we see just how much game these systems can handle and how far companies like Valve are willing to take their support for linux.

In the meantime, this is a huge jump-start to putting linux gaming on the map and may possibly serve as a statement to other popular game devs who could have a likewise response.

To kick things off they are offering these titles for a big discount price. Each linux release is offered for %50 to %75 off the price previously available for Win/Mac users.

http://store.steampowered.com/sale/linux_release

Anodyne Game Developer Pirates His Own Game

February 11th, 2013 illunatic

After finding out about a copy of his game being released on The Pirate Bay, Sean Hogan responded quite positively in the torrent comments. Read the TorrentFreak article for details on that. As you’ll see in the TorrentFreak article, the original torrent has since been removed.

A super duper top secret insider at The Pirate Bay tells me that the account of the user, Frewyrn, who uploaded the game was banned by mistake, most likely getting caught up in a flood of fakes TPB mods are constantly battling to remove. (On a side note, modding is not only a lot of work, but it is volunteer work so please buy your TPB mods beer if you ever get the opportunity.)

At some point during the comments of the TF article, Sean engaged with other readers a bit. At least a couple of people suggested that Sean upload a torrent of the game and it appears that he has taken heed of the communities desire to access Anodyne and uploaded a torrent of the game using the account name seagaia, the same he had earlier used to comment on the first torrent.

Without drawing this update out any further, here is the new, official torrent along with a big Green Pirate thanks to Sean for being awesome.

Thanks to Frewyrn as well. If not for that torrent, I never would have found out about this amazing looking game which stirs up nostalgic memories of StarTropics and Secret of Mana.

Green Pirate Smoothies Are Good For You

February 1st, 2013 illunatic

Juicetruck

Some of you may recall a brief drunk blogging about how to make a Green Pirate, an alcoholic smoothie beverage. Well, I barely remembered myself, but this article about the Green Pirate juice truck was just sent to me which jogged my memory.

Apparently, “Green Pirate… aims to stimulate a hip and sexy culture of conscious healthy living in our community.” That’s not all. See that fire hydrant? The no parking sign? Green Pirate doesn’t give a fuck. People need to drink.

It’s a way of life, baby. That the name Green Pirate echoes on for great justice is fantastic. So, as this site will likely retain much of the Green Pirate search rank, this page will stand as an unofficial promotion of the Green Pirate juice truck. Mmm synergy.

PS – I drink a green smoothie for breakfast every morning and they’re delicious.