NSA: Please Turn off the Lights When You Leave. Nothing to See Here.

Linux Advocate Dietrich Schmitz shows how the general public can take action to truly protect their privacy using GnuPG with Evolution email. Read the details.

Mailvelope for Chrome: PGP Encrypted Email Made Easy

Linux Advocate Dietrich Schmitz officially endorses what he deems is a truly secure, easy to use PGP email encryption program. Read the details.

Step off Microsoft's License Treadmill to FOSS Linux

Linux Advocate Dietrich Schmitz reminds CIOs that XP Desktops destined for MS end of life support can be reprovisioned with FOSS Linux to run like brand new. Read how.

Bitcoin is NOT Money -- it's a Commodity

Linux Advocate shares news that the U.S. Treasury will treat Bitcoin as a Commodity 'Investment'. Read the details.

Google Drive Gets a Failing Grade on Privacy Protection

Linux Advocate Dietrich Schmitz puts out a public service privacy warning. Google Drive gets a failing grade on protecting your privacy.

Email: A Fundamentally Broken System

Email needs an overhaul. Privacy must be integrated.


Cookie Cutter Distros Don't Cut It


The 'Linux Inside' Stigma - It's real and it's a problem.

U.S. Patent and Trademark Office Turn a Deaf Ear

Linux Advocate Dietrich Schmitz reminds readers of a long ago failed petition by Mathematician Prof. Donald Knuth for stopping issuance of Software Patents.

Saturday, June 29, 2013

So Long Google Reader. Hello Feedly, InoReader

by Dietrich Schmitz

If you depend on Google Reader, hopefully you've made plans for the switch being turned off, Monday July 1, 2013.

It was one of those tools that I found indispensable and used for the longest time.  I started using Akgregator, then BlogLines because it was always available from any PC with a login to the subscription.  Then I discovered Google Reader and have been using it since around 2006 to present.

The good news is that there are a few really good choices for you to consider as a replacement for Google Reader.

The first is Feedly.  I started using Feedly last year because it read my Google Reader subscription of RSS feeds automatically and the magazine format was nice and easy to use and read.

Feedly extension shown running on Google Chrome 28

Feedly comes in plugins for Google Chrome and Mozilla Firefox and the Feedly mobile application is available for Apple's iPad and iPhone and Android devices.

Another excellent contender for doing full-time duty and will probably be liked by many who are accustomed to the Google Reader layout and interface is INOReader.

I've got it installled and it automatically imported all of my Google Reader settings and was instantly usable because of its familiar layout, look and feel.

INOReader running on Google Chrome 28

It would behoove you to go directly to your Google Reader account to export to a file all of your RSS feeds, so that you can import them to another aggregator of your choice.  To do that open Google Reader, click the wheel at the far right, then click 'Settings':

Click the wheel on far right, then click 'Settings'

The click on the Import/Export tab in the Setting screen and click on "Download your data through Takeout" link.

Click "Download your data through Takeout"

Once you've clicked the link for Takeout, your screen will transition to Google Takeout where pressing the red button marked "Create Archive" will generate an archive.  Then click the Download button to download to your local drive:

After pressing Create Archive, select Download to download the archive to your local drive

That takes care of exporting all of your RSS feeds from Google Reader.  The OPML format is readable by many applications, so your reader should be able to import it without difficulty.

Well, if you've become as dependent on aggregators like Google Reader as I have, then you'll be relieved to know you have options now that Google Reader goes off-line on Monday.

Good Luck and happy feed reading!

-- Dietrich

Enhanced by Zemanta

Friday, June 28, 2013

Warning U.S. Cloud Tenants: There's a Fox in the Henhouse

by Dietrich Schmitz

It's more than a bit worrisome not just for Amazon Web Services, but other Cloud ISPs as well as their customers who need to come to terms with the legality of what the disclosure of the NSA PRISM surveillance program means in pure risk management terms. (Image credit: ncsl.typepad.com)

"What are the chances of an unforeseen issue causing extended interruption of service to my Cloud ISP infrastructure (vis a vis MegaUpload search and seizure), where I am potentially one of thousands upon thousands of tenants?"

"Is the threshold of risk acceptable given that currently the Patriot Act and National Security Letter allow intrusion and interruption of service at any time and without my being able to prevent it from happening?"

These questions should be on the minds of any domestic or international corporation at this juncture which depends on a U.S. domestic soil-based Cloud ISP for their business operations.

Data privacy should be a big deal in the U.S. but thus far hasn't been.

The situation is quite the opposite in the EU.  In fact, in Germany the level of insecurity is sufficiently high that European customers don't want their data exposed to the U.S. government Patriot Act.

One proposal from Reinhard Clemens, CEO of Deutshe Telekom's T-systems group would like certifications to enable the creation of super-secure clouds in Germany to safely isolate their data away from the U.S and the U.K. who work closely with the NSA. This cloud 'fortress' would allay the concerns of present tenants in the EU cloud who are applying due diligence to ensure that security standards are now tightened to eliminate any possibility of U.S. snooping.  In a comment made to Bloomberg by Clemens he said:

"The Americans say that no matter what happens ‘I’ll release the data to the government if I’m forced to do so, from anywhere in the world’ … Certain German companies don’t want others to access their systems. That’s why we’re well-positioned if we can say we’re a European provider in a European legal sphere and no American can get to them."

Americans are currently 'under the thumb' of laws enacted for 9/11 which no longer serve to protect our country.  Instead, they have overstayed their use during a tumultuous period of uncertainty over a decade ago.  Today, instead the laws are now being used to overreach government authority and violate basic privacy laws of the U.S. citizens.

U.S. Citizens have every right as taxpayers to reach our State Senators and Congress people to say we question the need for the NSA's PRISM program and we question the need to continue the Patriot Act and to state clearly that a new set of Internet standards of privacy must be set forth as a Federal mandate to keep government and other entities 'in check' from overreaching their authority in violation of the American's basic right to Internet privacy, including the data stored in the Cloud.

Clearly momentum is building for heightened security measures in the Cloud and movement away from U.S. jurisdictional authority is just one option current Cloud tenants have to consider.

-- Dietrich

Enhanced by Zemanta

Thursday, June 27, 2013

Privacy. It's Your Right. Own It With Zero Knowledge Application Framework

by Dietrich Schmitz

It's really time to stop having our Internet Privacy rights trifled with.  And SpiderOak's new Crypton Zero Knowledge Application Framework (ZKAF) could not have come soon enough, a toolset for developers world-wide to employ in encrypted data storage applications.

The idea behind ZKAF is that a developer need not understand cryptography to write applications which need to implement ZKAF to the underlying data store's hardware.  The framework guarantees that stored data will never be accessible to anyone other than its owner who is the only authority that can unlock it.

Third parties will simply be unable to access such data without the permission of the owner.  And, the premise of Zero Knowledge is that the Cloud ISP which is providing storage service using ZKAF can prove 'plausible deniability'.

Possessing absolutely no knowledge of what is being stored on their hardware drive infrastructure relieves them from any responsibility for what gets stored and also contingent liability (recall the MegaUpload Dot Com website Government seizure).  That type of seizure cannot happen with ZKAF.

This puts third party commercial or governmental agencies at a distinct disadvantage in not having any choice but to go straight to the owner of the data requesting access.  Citizen's taking advantage of ZKAF-enabled Cloud storage can invoke their right to privacy and leave those agencies to take legal action in public court to challenge why such access should be granted.  

We used to be a country where a court ordered warrant meant something and was first obtained before a search and seizure in a citizen's home or on their private property could be performed.  With 9/11, that effectively went out the window with the Patriot Act and National Security Letter which are unconstitutional at best.

Isn't this really the way things should be?  Isn't it time for Americans to fight back and reclaim their right to privacy?

Assert guaranteed privacy in the cloud. Insist that your Cloud ISP employ ZKAF for their storage service.  Accept no other standard.

Internet Privacy.  It's your right.  Own it with ZKAF.

God Bless America.

-- Dietrich
Enhanced by Zemanta

Google's Chrome Packaged Apps (Local) Development Strategy

by Dietrich Schmitz

I've been watching Google's progress for some time.

We've seen most recently related technology improvements made to the Linux Kernel that specifically relate to support for software drivers and hardware on the Google Chromebook.

A few months ago, we saw the newest Pixel Chromebook arrive on the scene with superior display and other performance characteristics -- arguably as good as Apple's Retina MacBook line.

Now another adjustment to Chrome was announced in May for the official development of Google Chrome Packaged Apps.  This page explains packaged apps in further detail and includes a video.

If you watch the video which tries to explain what Packaged Apps are, Google talk euphemistically in terms which won't say we're writing local Apps, but if you read between the lines, that's really what they are doing.  Pay close attention Folks, these won't be half-baked Javscript Apps.  No, they'll be running with Native Client (NaCl) C/C++ compiled executables which are the fastest compiled code one can have driving any application.  Here's a brief text explaining what to expect when running a packaged app:

How they behave 
Packaged app pages always load locally. This allows apps to be less dependent on the network. Once a user installs an app, they have full control over the app's lifecycle. Apps open and close quickly, and the system can shut apps down at any time to improve performance. Users can fully uninstall apps. 
Without any effort on your part, your apps will launch offline. But you will need to put some effort into making sure user data is stored locally while offline and then synced back up to your data server once online (see Offline First).

You see, the Apps will be free-standing and so will run outside of the browser, but still use their fork of WebKit, called Blink, which is at the heart of Chrome.   Blink won't be recognizable after they've finished refactoring and tearing out the parts they don't want--it has been reported they already have removed over 8.8 millions lines of code.

And that's another thing they did which is beginning to make more sense.  They now can modify the WebKit code to their heart's content to satisfy both browser and packaged apps as they see fit without upstream hassles.

So, that leaves us where?

It leaves us with the proposition that Google know there is still a need for good local Desktop software, a la the days of Microsoft Windows past, only they aren't saying it.  Microsoft still have a market for Windows-based legacy x86 software which have always had the performance characteristics and the gold standard applications which so many still rely upon today and Google know they can't capture this traditional buyer's market without local Apps.  Local Apps still rule.

Initially, it seems they released a photography-driven app which comes pre-installed on the Pixel Chromebook.

And rest assured, there will be others to follow.  Applications fuel sales.  It's that simple.

With the recent disclosure of the NSA PRISM surveillance program, that leaves a major stigma attached to doing anything in the Cloud, which can potentially hinder sales of their Cloud-based Chromebook.  How long that stigma stays around remains to be seen, but, Google isn't placing all of their eggs in one basket.

Realistically, Google can go in any direction after whatever market they choose--and they usually do.  They have the know-how, cash, and have shown themselves to be quite capable at software development--innovative in fact, much to Microsoft's disliking and worry.

Can Google pull off writing a decent Office clone packaged App?  If they did, that might really send sales through the roof.  All they have to do is make up their minds to do it and it will happen, which should be one of the major concerns at One Microsoft Way.

So, watch the video above and see if you agree with my thinking.

-- Dietrich

Enhanced by Zemanta

Tuesday, June 25, 2013

The Puzzling Case of Google Chromebook Packaged Apps

by Dietrich Schmitz

Ah, Google Chrome packaged applications.  I see.  What?!

So maybe you are as confused as I am.  Apparently, Google is, once again, on the move not sitting still, not complacent, innovating as they are wont to do and on Internet Time.

That means, a frenetic pace, which hasn't let up continues with more announcements that makes one's head spin.

The most recent is packages.  Now, you are wondering, for what are packages needed?

After all, the Chromebook's raison d'etre has been that you don't need to install any software right?

Wrong.  That appears to be changing.  And, looking just this past weekend at a Walmart $199 Acer C710 in-store display, I thought, what is a Chromebook with 1TB of disk space going to be used for?

Acer C710 Chromebook sold in U.S. Walmart stores
[Update: It was pointed out on reddit that if one drills down on the website SKU shown above and behind in 'specifications', it shows 16GB SSD; still there are other SKUs being sold with large local hard drives, so the question stands: why a large HDD?]

It also includes a blue-ray drive which will keep the movie industry happy.

But, I digress.  Packages.  What are they all about?  Well, it seems that Google Chrome is now offering packaged Apps for ChromeOS.  At least they're available to those using the developer channel for now.  And only show if you use Windows or Chromebook.  That explains me not noticing.  I usually skim through the Chrome Store once a week with my drag-net looking for trends.  The announcement came quietly.  I missed it.  I suppose because there have been so many from Google, it becomes part of the ambient Internet background noise level.

I really don't know what this portends for the future of Chromebook.  I suppose that the proof is in the pudding and those packaged Apps have yet to materialize in any major way.

Let's call it an escape hatch for Google.  They won't or can't (or both) encrypt your data on Google Drive, but you sure can keep your data safe on a local drive--far better than in the Cloud (cough NSA).  That might allay potential buyer concerns.  Local storage good.  Cloud bad.

And back to school is only a blink of an eye away in August, so, there is a yet unrealized explosion of sales to be exploited from the newest Walmart and Staples distribution channels.

The potential for sales is huge at Walmart and of course Google knows that.  And, the potential for students to adopt Chromebook is also good, but is it good enough for many who still are wanting to install apps locally?  That is Google's hedge with packages.  Really, if Google made up their mind, they could simply package ChromeOS as a free-standing Linux Distribution.  They just have to decide to do it.  For now, you get ChromeOS only on Chromebook.

Packages is not going to fly if there aren't Apps--good ones.  That will tell the tale in the long run.

-- Dietrich
Enhanced by Zemanta

Monday, June 24, 2013

Your Career: Large Linux Project Involvement Key

by Dietrich Schmitz

When everyone pulls their own oar and to a beat the vessel moves along quite well does it not?

Every organization operates much like this on a certain level.

Without a cadence, timing, planning, and execution, the vessel won't move forward -- at least not efficiently.

It might even sit still and possibly move backwards.

When conflicting goals and interests arise, those oars no longer operate in unison.

What would it be like if suddenly, the majority of developers chose not to write for their respective Distribution and all came aboard one large vessel equipped with many oars?

Might then the ability to reach goals and objectives increase and be obtained more quickly?  Might the vessel be more powerful and move with greater speed?

How do you see yourself (the Developer) having an effect on the outcomes of Linux 'at large' in terms of achieving success?  What is your measure of success?

Would working on a single larger project be more meaningful if you knew the potential for your work's positive effect would be realized?

These are things which I have thought about as I survey the current Distribution sprawl.  So many are bound to recede into insignificance and I predict only a few, larger ones, will remain standing in five years.  I submit, as few as six Distros will still be around.  The rest of you, former hackers, wasting time on an obscure Distribution, will have grown jaded, tired and moved on leaving dead projects behind.  Those Distros will whither, dry up and simply die.  If this is true, then wouldn't making a decision today to redirect your talent to actually doing something which has a chance of being genuinely useful in five years be an important career decision?

I fear for young Developers who have invested their energy in smaller Distros and their projects without thinking about whether they are doing what's best for their own career path.

I've written that I feel there are too many Distros.  Qualitatively, only a few have merit, technology-wise, and the rest, like Cloverleaf, are merely clones with just some minor adaptation.  Sadly, this isn't progress.  It isn't innovating and for the young ambitious Developer, it is a waste of your precious skills, talent and time.  It won't advance your career.  Worse, if a project closes unexpectedly, you'll have potentially wasted many hours or years of your life, for naught.  Don't allow that to happen.  Don't say, "I wasted [x] years of my life."  That would be a shame.

Find a large project.  Move up the food chain and mingle with the Big Fish in the Big Pond and learn from truly experienced technology professionals.  Gain from advanced thinking that thrives in those environments and benefit from accelerated learning.

I don't care which, but move up the scale to the large Distros, Debian, Fedora, Mageia, Ubuntu, and get involved.  Get your foot in the door there however you can and stay there where one can truly make a difference and grow intellectually at the same time.

Don't Become a Big Fish in a Little Pond.  It won't help your career.

-- Dietrich
Enhanced by Zemanta

Sunday, June 23, 2013

Don't Become a Big Fish in a Little Pond

by Dietrich Schmitz

I see it quite often.  Many, too many, Developers 'think' they've got talent.

They live and associate in small circles and naturally compare themselves in the context of their achievements within a small, close-knit community.

To a large degree, these individuals believe their skill set is superior to those around them with whom they choose to affiliate.  Their esteem and self concept continues to develop and the familiar group becomes self-referential.

Often, Developers who enjoy a small group are not compared with a larger population outside of the group with whom they may discover their talents are viewed as marginal.

The risk of staying a Big Fish in a little pond is that the level of learning will level off and the risk of not acquiring leading edge skills increases with a complacency and false sense of accomplishment.

In the book Apprenticeship Patterns: Guidance for the Aspiring Software Craftsman, authors Dave Hoover and Adewale Oshineye help the prospective Developer perform a thorough self-assessment and give constructive advice on what will help them advance and grow:

"The talented and hard-working apprentice must not become self-satisfied with his success.  It is very easy to rise above the mediocre in the field of software development because too many people become satisfied with staying only slightly ahead of the curve.  You must fight this tendency toward mediocrity by seeking out and learning about other teams, organizations, journeymen, and master craftsmen that work at a level of proficiency that an apprentice cannot even imagine. 
You must be willing to let go of your perceived competence and allow yourself to recognize that you have traveled only a short distance on The Long Road.  Your goal isn't to become better than the "average developer."  Your goal is to measure your abilities and find ways to be better than you were yesterday.  We're all on the same journey, and comparing ourselves to others is useful only when it allows us to find ways to help each other to improve."

The authors go through many work scenarios and provide constructive advice on how best to handle each situation, for example:

Be the Worst

"Context: You have unleashed your enthusiasm and taken every opportunity to learn new skills.  As a result, you have outgrown your team and possibly your entire development organization.  Problem: Your rate of learning has leveled off.  Solution: Surround yourself with developers who are better than you.  Find a stronger team where you are the weakest member and have room to grow.
Be the Worst was the seminal pattern of this pattern language.  It was lifted from some advice that Pat Metheny offered to young musicians: "Be the worst guy in every band you're in."  Pat's advice struck a chord with Dave, and was one of the reasons he started writing this book."

On Community

"Despite the many benefits of a community of like-minded folk, you must also be aware of group-think.  Force yourself to retain the capacity to ask questions that shock your community.  Try to use that little bit of intellectual distance to generate the kind of respectful dissent that will keep your community healthy.  Your community's health can be measured in the way it reacts to new ideas.  Does it embrace the idea after vigorous debate and experimentation? Or does it quickly reject the idea and the person who proposed it? Today's dissident is tomorrow's leader, and one of the most valuable services you can provide to your community is defending it against those who believe that marching in lockstep is the price of membership."

So, if you are a young aspiring programmer with high ambitions, please have a look at this book.  It is filled with common sense nuggets of wisdom which will give you the needed temperance and perspective to accept the larger intellectual challenges which lay ahead of you.  These are exciting times for software development.

Don't become a Big Fish in a little pond.  And, Good Luck!

-- Dietrich

Enhanced by Zemanta

Friday, June 21, 2013

Open Source Downloads An Endangered Species

With news this week that GitHub is banning storage of any file over 100Mb and discouraging files larger than 50Mb, their retreat from offering download services is complete. It's not a surprising trend; dealing with downloads is unrewarding and costly. Not only is there a big risk of bad actors using download services to conceal malware downloads for their badware activities, but additionally anyone offering downloads is duty-bound to police them at the behest of the music and movie industries or be treated as a target of their paranoid attacks. Policing for both of these -- for malware and for DMCA violations -- is a costly exercise. (Image credit: iconseeker.com)

As a consequence we've seen a steady retreat from offering downloads, even by those claiming to serve the open source community. First GitHub bowed out of offering the service, claiming that it was "confusing" for the clients. More recently Google followed suit, bringing Google Code Download services to an end. They stated that “downloads have become a source of abuse, with a significant increase in incidents recently”. Community reactions to this have been mixed.

GitHub didn’t have an alternative plan for it’s users and clearly has no desire to be a full-service community host. Google suggested using its Drive cloud file storage service to host files, though this is clearly far from ideal as, for a start, no analytics are available for downloaders. Small projects are left with a rapidly decreasing number of options. They could pay of course, for S3, but for a free downloader solution SourceForge seem to be the only high-profile answer. SourceForge are doing everything in their power to make it easy for users of Google Code and GitHub to transition across to their service and GitHub have even included a link to SourceForge in their help pages, recommending them as a viable alternative. SourceForge assures us that they have no intention of shutting down their upload/download services at all.

SourceForge providing an alternative is potentially handy for those whose projects would otherwise be held up by this lapse in services and they will no doubt welcome the wave of new users. The issue shouldn’t be coming up at all though. Confusion for and abuse by users may sound like reasonable pretexts, but perhaps the real problem encountered by both the closing services is a somewhat less reasonable one. There’s a growing expectation that they should regulate the downloads, acting the part of police on behalf of copyright holders.

The pressure to behave that way, whether through a desire to preserve a safe harbour status or simply to tread carefully in the eyes of the law, is an unreasonable hack that appears to mend copyright law online but in fact abdicates the responsibility of legislators to properly remake copyright law for the meshed society and over-empowers legacy copyright barons. These changes to downloads are an inconvenience for open source developers, but should serve as a warning to the rest of us that the copyright system is beyond simple patching.
Enhanced by Zemanta