NSA: Please Turn off the Lights When You Leave. Nothing to See Here.

Linux Advocate Dietrich Schmitz shows how the general public can take action to truly protect their privacy using GnuPG with Evolution email. Read the details.

Mailvelope for Chrome: PGP Encrypted Email Made Easy

Linux Advocate Dietrich Schmitz officially endorses what he deems is a truly secure, easy to use PGP email encryption program. Read the details.

Step off Microsoft's License Treadmill to FOSS Linux

Linux Advocate Dietrich Schmitz reminds CIOs that XP Desktops destined for MS end of life support can be reprovisioned with FOSS Linux to run like brand new. Read how.

Bitcoin is NOT Money -- it's a Commodity

Linux Advocate shares news that the U.S. Treasury will treat Bitcoin as a Commodity 'Investment'. Read the details.

Google Drive Gets a Failing Grade on Privacy Protection

Linux Advocate Dietrich Schmitz puts out a public service privacy warning. Google Drive gets a failing grade on protecting your privacy.

Email: A Fundamentally Broken System

Email needs an overhaul. Privacy must be integrated.

Opinion

Cookie Cutter Distros Don't Cut It

Opinion

The 'Linux Inside' Stigma - It's real and it's a problem.

U.S. Patent and Trademark Office Turn a Deaf Ear

Linux Advocate Dietrich Schmitz reminds readers of a long ago failed petition by Mathematician Prof. Donald Knuth for stopping issuance of Software Patents.

Tuesday, December 30, 2014

Fedora Does Real World Work. Debian is for Hobbyists



It's interesting to watch the pace of change with Linux on the Desktop.

Want technology on the leading edge?  Fedora is here today with best of breed solutions, all of which merge to Red Hat Enterprise Linux, the largest commercial Linux Distribution in the World.

Fedora was first to implement systemd.

Fedora is first with a robust implementation of state of the art technologies including rpm-ostree and Docker on their Project Atomic platform.  And, Cockpit eases the process of managing servers and containers in the cloud via a unified web management interface.

You see, at release 21, Fedora split into server, workstation, and cloud divisions.

The transition was amazingly uneventful, due to Red Hat's senior guidance and the incredibly hard work done by the Fedora Team coordinated with upstream GNOME Project.

Fedora takes what they do very seriously and when it comes to meeting target milestones, they galvanize into action and meet them in a timely business-like fashion. 

Every time Debian runs into delays, that pushes back Canonical's Ubuntu milestones who hitched their wagon to Debian and delays get passed in turn down the line to the rest of the Ubuntu derivatives who hitched their wagons to Ubuntu.  It's a serious problem, particularly for Canonical Ltd. who are trying to run a business.

No, the real work is done by Red Hat/Fedora in the business world.  No messing around.  No divisiveness, stalling, stonewalling.  Tasks move along with rhythm and cadence, all oarsmen stroking to a beat, following directions and executing them as ordered in synchronous precision.


Debian is the proverbial speed-bump on the road to innovation and with an 18 month release cycle nothing gets done in a hurry.

Debian devotees won't like to read this but, Debian isn't behaving like a professional Distro should.  They allow themselves the luxury of procrastination and all the while 'make pretend' some highly technical issue must be considered before embarking on any kind of work.  I call it 'work avoidance'.  Because, that is really what it is under a veil of techno-speak designed to obfuscate what is or isn't really happening in their hallowed organization.  If they are to survive, a radical change must be made to their release management policy.

The real world can't afford to behave like 'hobbyists'.  The real world won't wait.  Debian is falling farther behind, but that's okay as far as they are concerned.

The work will get done.  Eventually.  


Fedora does the real-world work.  Debian is for hobbyists.  -- Dietrich

Wednesday, December 24, 2014

Merry Christmas

Currier and Ives Winter (Image credit: familychristmasonline.com)

Merry Christmas Folks.  -- Dietrich


Sunday, December 21, 2014

What Difference Does it Make if I Use Chrome vs. Firefox?

Free Mozilla Firefox Open Source Web Browser


What difference does it make if I use Chrome vs. Firefox?

Transparency:

Transparency, as used in science, engineering, business, the humanities and in a social context more generally, implies openness, communication, and accountability. Transparency is operating in such a way that it is easy for others to see what actions are performed. It has been defined simply as "the perceived quality of intentionally shared information from a sender". For example, a cashier making change after a point of sale transaction by offering a record of the items purchased (e.g., a receipt) as well as counting out the customer's change on the counter demonstrates transparency.

Google chose to make Chrome, as distinguished from its open source counterpart Chromium, proprietary, non-open source.  Their decision to exclude public access to the software's code was intentional and designed to place the end-user at a 'disadvantage'.

Should the public have a right to participate in oversight of software's source code that runs on their personal computers?  The answer is an emphatic yes.

If an end-user chooses proprietary solutions, they leave themselves open to exploitation in some fashion.  The licensing terms restrict, the true functionality of the software cannot be vetted as being devoid of 'rogue code' or having hidden unmaintained software defects which, if unpatched, could leave said software in a vulnerable state.



Global Crime Rings find defects and then sell exploit kits on the black market for as yet unpatched 'Zero Day Exploits'.  The likelihood that an unpatched software defect will remain unnoticed increases when using proprietary software.


Most often Linux open source is updated with a downloadable patch within a matter of hours of discovery.  If on the other hand the end-user is running Microsoft Windows Legacy, a patch may never come if the vulnerability remains hidden, unnoticed by Microsoft programming staff, or, at best will be corrected on 'Patch Tuesday', once a month by Microsoft.


The point I hope readers get from this post is this:  

With open source code maintenance, it is difficult at best for an exploitable software 'bug' to go unnoticed for an extended period of time, and it is near-impossible to merge 'rogue code' into a developer team's git repo tree which gets reviewed by many peers around the globe.

The World can and will thrive if we all share, each and every one of us.  It is our human nature to do so.  Without sharing, we will continue to see great exploitation by proprietary business and government which results in human inequality and suffering.

Make a statement which is powerful.  Demand openness.

Insist on and be selective by using only open source software.

Open Source and free Firefox can be downloaded here.  -- Dietrich


Friday, December 19, 2014

Using Extensible Blockchain to Sign Digital Documents and Copyrighted Materials



It should be apparent to anyone who has watched the progress of Bitcoin that it behaves as a virtual commodity.  It also is fungible in that one Bitcoin can be exchanged for an equal quantity anywhere in the World.

The success of bitcoin comes from its Blockchain software design.

Every Bitcoin has a unique signature that follows it through its travels from one Wallet to another.  That 'fingerprint' never goes away and remains an indelible  and essential property.

The bitcoin's ownership cannot be transferred from one owner more than once, much as a Dollar with a unique serial number is physically exchanged on a transaction.  The serial number follows the life of that dollar and is always associated with it at any point in time.

So, we see clearly that bitcoin does indeed work, and we see indirectly that the underlying extensible blockchain can be applied to other scenarios.

Digital Legal documents, copyrighted documents, books, images, videos, audio files all can benefit from using the blockchain technology.

Imagine if the MPAA and RIAA dispensed with their legal campaign to protect copyrighted works and turned to blockchain technology.

In a blockchain server for music for example, each discrete copy of an 'album' or 'song' would contain an embedded fingerprint to live with the copyrighted material for its entire life in the music equivalent of a bitcoin 'ledger'.

That discrete quantity would then become protected by its identity in the global ledger as is the case for bitcoin.  And that music could not be dispensed twice or its in-built encrypted ledger cross-check would return an error to stop the work from being used in more than one instance.

Music might be a blockchain with attributes only for transfer of ownership of just once.

Other kinds of documents might lend to having ownership transferrable multiple times, such as works of art.

This is my thought process and I hope that we as a global society move in this direction.  It affords solutions to reduce and eliminate much of the current costs imposed on businesses which need to protect their copyrighted and Legal materials and eliminate theft of said materials entirely.

-- Dietrich

Do Smartwatches Make You Stupid?

Smartwatches (Image credit: theregister.co.uk)

The implied advertisement subliminal message:  "You need this.  You can't live without it."

The newest wave of technology apparatus has reached American soil.  Among the many offerings now comes Smartwatches.

Yes, they not only look smart, but, they are smart in the sense of having none other than a built in computer -- literally.

I don't know about you, but when I come home, at night I take my analog Timex watch off and leave it on the dresser where it stays until the next day.

Yet, I too am the same person who in the 70's was the first to buy an LED watch.  I have always been a 'sucker' for technology.  Was then.  Am now.

So, how important is it to have a smartwatch?  Will it change my life for the better?  Is it a fad?  And if so, what will it be replaced by in the next technology wave?

These are things I think about.  I haven't had a bad case of techno-lust for quite some time.  Not since 2007 CES did I experience a bad case of it.

That was the year of Nokia's N95 smartphone.  It was also the year for the introduction of Apple's first smartphone, the iPhone.

I didn't hesitate to buy the N95.  It was (and still is in many respects) the best technology I'd ever seen or wanted.

The price $800 wasn't an obstacle.  It's all about want vs. need.  I wanted it.

Do I feel anything akin to that today?  Nope.  In fact, I don't like most smartphones.  I'd rather have a phone with buttons personally.  I miss that aspect of the N95.

But time marches on.  Here come the smartwatches.  And now a new young generation swells with lust to have.  Their focus diverts from the smartphone.

Will the smartphone get left behind?  I don't think so.

But I am not convinced smartwatches will be anything as large a market as smartphones is.

So, is using a Smartwatch stupid?  I argue for the point that it is, unless someone can convince me otherwise.

If I need to carry any form of computing on my person, it will remain the smartphone if I can locate a decent one that lives up to my expectations.

Smartwatches isn't something that represents a life changer like the smartphone.  It's just proof that we can put silicon wafer chips into smaller and smaller form factors, that's all.  And I don't need to prove that by wearing one.

-- Dietrich


Thursday, December 18, 2014

Your Browser: A General Purpose Remote Code Execution Tool

Google Chrome web browser security warning message


I've been reviewing the current state of Internet Privacy.

It's still a mixed bag and my conclusion is that it will remain so for quite some time.

Efforts to provide Internet Privacy are varied, depending on which ISP is employed.

The primary means for conveyance to a target website to do any kind of task is the web browser.

To put security risk into context, the web browser is a remote code execution tool.

Yep.  Let that sink in for a minute.

Where ever the user goes, the browser is set to 'trust' a remote stream of bytes which get 'interpreted' as program instructions on your PC by the web engine.

Sounds quite troubling when you think about it really.

I mean, your browser is one big catcher's mit and absorbs everything it sees in an attempt to execute instructions sent from a remote web server.

So, this catcher's mit is by default a 'security risk'.

Different software vendors take different approaches to the responsibility of writing their software in a manner that ensures it should always operate securely.

For example, Internet Explorer on Microsoft Windows, is written by Microsoft and employs 'protected mode', something akin to a software sandbox, but, technically isn't.

Google Chrome for Windows is designed with a quasi-sandbox by Google Engineers.  But they have publicly stated it cannot stop certain kinds of exploits (Javascript DLL injection) from successfully executing and gaining administrative control on Legacy Windows.  This is a fact.

But, that isn't really my point.  In each software project some 'defensive' coding has or has not taken place.

I've reported in the past that, where Fedora Linux is concerned, users running Firefox, the default installed browser, are placed in a 'real' sandbox, called Linux Security Modules (LSM) and the particular module used by Fedora is SELinux.

From a security standpoint, this is a prime differentiator between Linux and Windows.

An exploit may propagate on Windows running Chrome.  It will never propagate using Linux with SELinux.

The word 'never' comes with a catch.  You see the browser's memory space is up for 'fair game' and various code, Java, Javascript can execute remotely exposing certain parts of your running PC.

In theory, nothing bad should happen and it is assumed that code in the browser PID will never escalate to the Admin level.

But what it is doing in its own memory space is an open question.  The issue of cross site scripting remains an unsolved problem.

In this context, if a user chooses to employ a browser-based security tool designed to protect their local PC, this sets up the conditions  -- a 'fictional' exploit may, for example, attempt to steal a local browser's in-memory private keys for encryption.

So, you see, I am revising my thinking.  I'm not sure any more about using the browser for any kind of security.  It's that risky.

Using compiled, well maintained free standing open source security applications is entirely a different matter.

For example, I have Gmail.  But I don't use the browser client to access it.
I use GNOME Shell's integrated Evolution Email client, which is also used to prepare outgoing mail using GnuPG (OpenPGP) encryption.

The PID for decoding/encoding gmail runs in Evolutions local memory space, not in a browser.  Once the email is encrypted, signed, it is then and only then sent and a copy gets stored (IMAP) on the Gmail web server, in PGP encrypted form.

That's a routine process I feel confident in completely.

The notion that other software vendors can fork GnuPG and refactor it in Javascript troubles me.  This is precisely what Google is doing in their End-to-End encryption project, currently in Alpha.

The whole end to end encryption runs as javascript in the browser.
That puts the whole premise of security in the hands of the browser.

It's not acceptable.  Even now, I am rethinking how MEGA works.  Again, here, there is secureboot.js code running in your browser.

I believe there has to be a total segregation from the browser for any kind of security tool client application.  It must be compiled.  It must be open source and it must employ upstream industry standard GnuPG OpenPGP.

The browser will always be a target for attack.  Always.  Letting it also run your security is a fundamental mistake.  -- Dietrich

Saturday, December 13, 2014

Kim DotCom Facing Down a Death Sentence Without a Trial

Kim Schmitz aka Kim DotCom


Many of the readers of this story know of Kim Schmitz aka Kim DotCom.  It's a mix of either great respect or contempt depending on what is understood about him.

There is an untold story about him that needs to be recorded as to what happened to his MegaUpload website.

MegaUpload was a popular file sharing website up to a few years ago when it was summarily ordered to be taken down by the U.S. Federal Government.

As Kim recently said the MegaUpload case is "a death sentence without a trial".

He has managed to remain out of jail in New Zealand up to now but his financial resources have dwindled.  In the time spent since MegaUpload's take down, Mr. Schmitz formed Mega, the technological embodiment of change necessary to avoid MegaUpload ever happening again.

Mega is now in full production offering 50 gigabytes of free cloud storage space.

What sets it apart from other cloud ISPs?

MEGA employs Zero Knowledge end-to-end encryption (ZKE) and a MEGAsync graphical drag/drop files client to 100% guarantee privacy.

What the technology also affords is something which took down MegaUpload in the first place.  Plausible Deniability.  ZKE ensures Mega knows nothing about your data.  It is just an encrypted block of data.

Mr. Schmitz was assumed guilty of being complicit with illicit file sharing activities, alleged to have occurred on MegaUpload.  Today, he still maintains his innocence but a legal case is pending.

Despite his adversities, he has somehow managed to achieve what few others have.  Cloud storage can and should be a safe choice.  Your data and meta data on the Internet are presumed to be yours and only yours.  They belong to no one else.  Mega, the fruit of Mr. Schmitz' labors, is a resounding success.

In reality, few ISPs offer such guarantees.

Mr. Schmitz just put up on his personal website a Whitepaper which is a 'must read'.  It tells the untold story of what happened to MegaUpload.

Kim DotCom Twitters a message to let the public know about his just published whitepaper


Here is part of the whitepaper's opening Executive Summary:

The criminal prosecution of Megaupload and Kim Dotcom is purportedly the “largest copyright case in history,” involving tens of millions of users around the world, and yet it is founded on highly dubious legal principles and apparently propelled by the White House’s desire to mollify the motion picture industry in exchange for campaign contributions and political support.
The U.S. government’s attack on the popular cloud storage service Megaupload and the dramatized arrest of Kim Dotcom, the company’s principal founder – together with the seizure of all their worldwide assets – represents one of the clearest examples of prosecutorial overreach in recent history. One day after the U.S. Congress failed to enact the controversial Stop Online Piracy Act (SOPA), the executive branch of the U.S. government commandeered Megaupload in a coordinated global take-down, and drew battle lines between digital rights advocates, technology innovators and ordinary information consumers on the one side, and Hollywood and the rest of the Copyright Lobby on the other.
Megaupload operated for seven years as a successful cloud storage business that enabled tens of millions of users around the world to upload and download content of the users’ own choosing and initiative. The spectrum of content ran from (to name just a few) family photos, artistic designs, business archives, academic ourse work, legitimately purchased files, videos and music, and – as with any other cloud storage service – some potentially infringing material. Despite Megaupload’s lawful uses, the U.S. government has charged the company and its executives under the Racketeer Influenced and Corrupt Organizations (RICO) Act, and has branded the company, its personnel and its tens of millions of users a “criminal enterprise” dedicated solely to infringing U.S. copyright laws.
The U.S. government’s case against Megaupload is grounded in a theory of criminal secondarycopyright infringement. In other words, the prosecution seeks to hold Megaupload and its executives criminally responsible for alleged infringement by the company’s third-party cloud storage users.  The problem with the theory, however, is that secondary copyright infringement is not – nor has it ever been – a crime in the United States. The federal courts lack any power to criminalize secondary copyright infringement; the U.S. Congress alone has such authority, and it has not done so.
As such, the Megaupload prosecution is not only baseless, it is unprecedented. Although the U.S. government has previously shut down foreign websites engaged in direct infringement, such as the sale or distribution of infringing material, never before has it brought criminal charges against a cloud file storage service because of the conduct of its users. Thus, the Megaupload case is the first time the government has taken down a foreign website – destroying the company and seizing all of the assets of its owners (and the data of its users), without so much as a hearing – based on a crime that does not exist.

Clearly, there was a baseless rush to judgment without any legal due process of law.  In fact, there was total disregard for protective mechanisms in our U.S. Constitution that should have resulted in Mr. Schmitz being presumed "innocent until proven guilty".

Dear Reader, we live in very troubled times and I would dare say at this time we don't have much in the way of Constitutional rights which are negated by special Supreme Court Judicial powers that ignore the Constitution, the continuing presence of the Patriot Act, and the NDAA.

Thus, I feel obligated to share this developing story with you in order to shine the light on a 'wrong' dealt to a Man who has shown himself to be of great integrity and willing to stand up for his and your rights and fight back.

Please help Kim Schmitz by reading and sharing his whitepaper with Friends and Family, your state Senator and Congressman.  -- Dietrich

Tuesday, December 9, 2014

Linux Turla Malware Infection? Not Going to Happen.

cdoor.c - packet coded backdoor (credit: phenolit.de)
C'mon.  Here is yet another sensational report 'wishing' that Linux is infection prone.  It isn't okay?

The SecureList authors imply that there is a Linux version of a known Windows malware, called Turla.  Conveniently, they call it a variant.

Where is the documentation for a Linux 'vector of infection'?  Oops, somehow, they forgot to include it.

Including the source code doesn't count as documentation for vector of infection.  It merely documents the program's purpose, not how it lands on a Linux PC.

On the other hand, one can visit Kaspersky to see it is well-documented for Windows.

This code simply isn't in any Linux repository.

That means one must intentionally deviate and go outside of the keyring-protected repo of applications 'into the wild' to obtain this rogue software.

By definition, a trojan, requires one to install the application and then explicitly run it to have its 'payload' execute.

In the conclusion of the SecureList story, the authors wrote:

"Although Linux variants from the Turla framework were known to exist, we haven't seen any in the wild yet."
Paleeze.  This sensational reporting has got to stop.

Known to exist?  Based on what exactly?  Again, no details.

Folks, Fedora Linux is the safest operating system on the Planet.

I stake my reputation on it.  -- Dietrich


Sunday, December 7, 2014

Linux Distro Survey 2014

Final Results of Linux Distro Survey 2014

[Edit: Linux Distro Survey 2014 is closed.  See summary above. Details can be obtained by clicking the the 'View results' link below.]

So, okay, it's been a while since I did a survey.  You know the drill.  Time to pick your brain.  


What is your favorite Linux Distribution?  [View results]


Friday, December 5, 2014

ALERT: A Software Security Transparency Breach Warning

(Image credit:  Wikipedia.org)

We've witnessed what happens when changes in source code to intentionally insert rogue code go unnoticed.

The example of how the NSA intentionally inserted weakened string constants into Elliptic Curve Cryptography lay hidden for several years, in fact, and was only exposed by a languishing open Red Hat trouble ticket.  What was odd was how given the potential seriousness of the incident, no action was being taken to look at the source code and change it.  As more comments appended to the ticket, the level of suspicion grew to the point of where NIST was forced to open up an investigation.

It was a potential public relations disaster in the making for them, as they pleaded being unaware of what the NSA had done.  Immediately, the code base was opened up for public comment.  The code has since received a thorough going over, particularly those merged diffs that sourced from the NSA and corrective action was taken.

But, this was a roadside billboard that should have alerted everyone in the FOSS Community to the realization that every corner of FOSS should be revisited for a thorough security review and vetting.

Code obfuscation should be a 'red flag' to anyone who has seen it.  The first concern should be:  Why is this code obfuscated?  If there isn't good documentation giving a reason for doing so, then, it's time to dig in and find out what the code is or isn't doing, at the very least.

It is believed, however, relative to all FOSS code, little obfuscated code exists.

It would be most difficult to secret rogue code otherwise, as it must pass several levels of code review to reach final merge.

This is why it is an imperative that the FOSS Community become rigid and not deviate on the issue of Security Transparency.

Security Transparency assurance can only be guaranteed if and only if ALL source code is vetted independently by more than one project maintainer.  Oversight must be maintained and all Linux Distribution binaries which don't provide accompanying Gnu General Public Licensed (GPL) source code should be rejected out of hand as not just a license violation but also a breach of Security Transparency.

That being the case, Linux Advocates is taking a position against the following software vendor sources of 'semi-open' code bases.  They are:

  • Google ChromeOS
  • Google Chrome Browser
  • Opera Browser

Linux Advocates categorically does not support using the above-listed products which include a mix of open source and proprietary code.  There is an attendant heightened risk of exposure to cyber attack and exploitation when using any non-FOSS proprietary stack implementation on your computing device.

Enforce Security Transparency by insisting on using Linux with GPL open source code only.  -- Dietrich

December 9, 2014: The Day Desktop Computing Got Fun Again



Remember when Desktop Computing was fun?

The early days of Ubuntu were a time when GNOME really had things going for it.  Then, one Mark Shuttleworth took the product in another direction.  Unity.

Unity was initially interesting but didn't fit usability and that began the period of when I didn't like what I saw happening to Ubuntu.

During that period, The GNOME Foundation was undergoing its own change.  GNOME 2.x was determined at end of life and GNOME Shell, a concept GUI was established.

As with any GUI paradigm change comes a period of 'growing pains'.  I was really resistant to what GNOME was doing.  And so, I spent a long period in search of a good alternative GUI.  Ultimately, I found myself liking LXDE, and dwelled in Lubuntu.

Then, I tried Fedora 18 LXDE spin.  I concluded it was from a technical standpoint as good as Lubuntu.

Philosophically, I didn't like what Debian and Ubuntu were doing.

When it became apparent that Mark Shuttleworth was running his own railroad and broke ties with The GNOME Project, I thought he was trying to control delays in upstream decision making.  That made good business sense.

But in the process, he flip-flopped on putting full support behind Wayland turning to creating his 'own' Display driver, Mir.

To make it short and to the point, there is no other Distro which uses Unity.  NONE.

Today, Unity is on an island all by itself.

During the period of 'transition' The GNOME Project came out with initial revisions with GNOME Classic 'fall-back' to keep the malcontents happy.  In each iteration, GNOME made feature enhancements in an effort to continually refine the 3.x shell.

Each major revision, I gave it a try and turned away giving it a 'thumbs down' on usability.

Until 3.12, I didn't like Shell.  It was at that level it became truly usable and ready for prime time.  That was a year ago.

Today, GNOME Shell has reached 3.14 and I have been using it for several months on Fedora 21 Alpha/Beta/RC Workstation.

Even with Alpha, I found myself smiling and laughing at just how well the interface meshed.  It is polished, professional and just fun to use.

Yes, it is fun to use.  I really haven't felt that way in a very long time and I look forward to turning on my PC every day because Fedora 21 Workstation with GNOME Shell 3.14 is just that good.  I would add, Red Hat is the largest supporter of The GNOME Foundation and has worked closely in the design of GNOME Shell.  Red Hat also provides web infrastructure for The GNOME Project.  The relationship is close knit.  The end result is what you see and use.

December 9, 2014, has been promised by the Fedora Team as a 'Go' for Fedora 21 Workstation.  The day will be remembered as when Desktop Computing got fun again.  -- Dietrich

Tuesday, December 2, 2014

Lions, Tigers, Bears, and FBI Warnings, Oh My!

Wizard of Oz Movie (Image credit: prairiecloudware.com)


Seriously, do you tire of seeing major news plastered with warnings about cyber attacks, malware and viruses?

It really has grown to a fever pitch lately.

What stuck in my craw today was a Bloomberg report Exclusive: FBI warns of 'destructive' malware attack in the wake of the SONY attack.

Like, I should be mortified maybe?  Do these 'brainiacs' remember StuxNet?

Would it help to revisit the topic?  I'd rather not, thank you very much.  Please feel free to read the Wikipedia link on the subject.

It was the perfect road-side billboard if there ever was for why Microsoft Legacy (x86) Windows should be abandoned on grounds of National Security.

Sadly, the software industry hasn't changed and quite frankly isn't going to as long as 'big business' is married to a security-flawed 'by design' operating system.

What do I mean by 'by design'?  Microsoft provides undocumented APIs through their Trusted Platform to domestic and foreign governmental agencies (the FBI included) to have unfettered access to any Windows PC without the user's expressed permission.  (Insert sound of crickets here.)

That seems to me to be a major violation of public privacy.  And that's what the public get using proprietary software.  Transparency is non-existent.

Could writing code that facilitates having 'back doors' on to computers exist in the Open Source World?  I should think not!

Well, so far, we haven't seen any.

Of course there have been recent documented attempts by the NSA to weaken string constants in Elliptic Curve Cryptography used by Secure Sockets Layer, but it is a different kettle of fish to write a bank of code, spanning perhaps thousands of lines, dedicated to the specific purpose of providing 'backdoors' without going noticed under the Gnu General Public License for Open Source.  That kind of exploitative code cannot exist in FOSS projects.  Transparency is in full force with 'many eyes' providing the much-needed oversight.  As it should be.

Edward Snowden is correct:


“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on." 

Unlike Open Source, the Proprietary Software Anti-Virus Business gets a boost every time one of these 'sensational' stories comes out.  It's a stimulus to obtain a desired result: the masses run out to buy AV Tools which get immediately installed.  End users fire up their AV tools, then passively watch a pretty widget on screen scanning, despite for foregoing 'backdoor' api.  The asthetic is dispensed  as the user receives a 'false sense of security'.   AV software vendors make billions of dollars in sales annually.  The partnership between Microsoft and AV Vendors is entrenched and the myth lives on.

None of this would have been mentioned if I didn't know better -- it insults my intelligence.

I know full well that if every Windows PC were to switch to Fedora Linux, all of the security issues would be gone.  Zero.  None.

So, please.  Spare me the FUD.  -- Dietrich


Monday, December 1, 2014

MegaSync Your Cloud Data for True Internet Privacy

MegaSync Client for Linux with GNOME Nautilus 'Drag Drop' Support shown on my Fedora 21 Workstation Desktop

Strong Encryption is the only choice to secure the Public's Internet Privacy against unwarranted access.

I really don't know how to make that message any more clear.

You see, ISPs are going to 'feather their own nests' as we bear witness to changing Terms of Service with Google and most recently at Facebook.

Personally, I could not care less about their Terms of Service.

Because, as far as I am concerned, anything put on their sites becomes theirs.  Period.  They can claim otherwise.  It doesn't matter.

Google doesn't want to encrypt your Gmail, or Drive.  Why?  Because 'they claim' it's parsed for Advertising revenue purposes.  Does that seem legitimate to you?

Let me lay it bare for you.

The truth of the matter and what Google won't say is, they profit also from intelligence gathering by parsing keyword triggers that get forwarded to domestic and foreign governmental agencies. That is not Transparency. No, it is outright lying by omission.

Your Gmail and Drive get scrutinized every time you use it.

I've written on how to manage your Gmail using OpenPGP Encrypted Evolution Email on Linux Advocates.

The technique I illustrated renders any third-party's ability to parse clear text useless.

As for Google Drive?  Avoid it 'like the plague'.  MegaSync employs 'zero knowledge' end-to-end encryption and gives 50GB of free space by default.

Mega's strong encryption makes your personal folders and files just streams of block data totally unintelligible, so that Mega doesn't know what is getting stored.

You may recall, the take down of Kim Dot Com's MegaUpload by the U.S. Government.  Kim Dot Com said it was "a death sentence without a trial".

Mega with MegaSync client changes all that.

Now, Mega can reliably claim what is legally termed 'plausible deniability' for what clients store on their site, by virtue of how this method of encryption works.

And, isn't that the way it should have been all along?  Really.  It's nobody's business what a law abiding Netizen stores on the Internet.  It's personal.  It's private.  And Mega fills this gaping unmet need.

In the final analysis, if the government wants to know what is stored in the cloud of an account holder, they need to take out a search warrant issued by a Judge.  Then and only then, should a 'Good Netizen' comply by unlocking their encrypted files.

With MegaSync strong encryption, nobody can see your data without your expressed consent.

MegaSync your cloud data for true Internet Privacy.

-- Dietrich

Saturday, November 29, 2014

Debian Forks as Stormy Seas Lie Ahead.

Johannes Hermanus Koekkoek - Sailing the Stormy Seas (Image credit: imagehere.com)


Seriously, I think some people just have self-destructive personalities.

Such is the case for Debian, where a few souls have foolishly convinced themselves that a Fork is necessary.

For what, exactly?

I submit the big unspoken reason is 'work avoidance'.

It would seem, the majority of major Distros have had no difficulty merging systemd and there are no reports I am aware of that would indicate problems of any kind aside from planned and routine systemd maintenance upgrades.

So, I am thinking, What kind of effect will such a fork have?

Most likely, it will create fear, uncertainty, doubt about whether either Distro is viable and if either should be taken seriously at this point.

Thus, a cloud now has formed over the Debian camp and all indications are that Devuan will be the name of a newly announced Fork.

Will Devuan be taken seriously?  Will there be a fractious split and move en masse from Debian to Devuan?

I am going to say No to both questions.

This marks the end of the systemd controversy at Debian.  Those who wish to leave for greener pastures are welcome to do so.  Debian will continue their slow, pragmatic, sloth-like progress and those who have hitched their wagons to it, will submit to whatever happens.

The cheering for Devuan will eventually reach a crescendo, then fade.  Reality will set in.  A very large volume of work must be done if Devuan will ever come to fruition.  Work avoidance won't suffice this time.

It should come as no surprise, and for good technical reasons, I wouldn't touch Debian with a barge pole, much less a fork of it.

As far as I am concerned, neither has anything to offer that would be considered superior to Red Hat (Fedora ) technology.  For one, Red Hat is fully Linux Standard Base and systemd compliant. Two, it is a commercial Distro that actually makes a 'profit', unlike Canonical Ltd.Ubuntu where Mr. Shuttleworth plucks down an occasional IOU to cover operating expenses so he can keep his insolvent business going.

You see, unfortunately and in retrospect Mr. Shuttleworth made a bad strategic decision early on.

Namely, Ubuntu hitched its wagon to Debian, which, as we all know, now has forked. Canonical Ltd. regardless of their gantt charts, project management milestones, and other various metrics will have to 'cow-tow' to whatever Debian chooses to do.  That, alone, breeds much confusion and has taken its toll.  It even pushes out the planned roll-out of Mir display technology for at least another year (16.04 tentatively).  Unity, the Ubuntu desktop GUI, has become effectively an island unto itself.  None of the other Distros will support it.  Not one.  Mr. Shuttleworth succeeded in only driving a wedge into the upstream development community.  Unlike Unity, GNOME with Wayland is on time, stable, and well supported, particularly by Red Hat.

There is no confusion in the Fedora camp.  It's full steam ahead for the anticipated release of Fedora 21 Workstation, along side the newly created divisions for Server and Cloud, this all being done under the governance and financial assistance of Red Hat.

Fedora is the largest Community Distro and the R&D factory for Red Hat Enterprise Linux.  No confusion exists due to their thoughtful planning and execution.

Stay the course Red Hat, Fedora, stormy seas lie ahead.  -- Dietrich


Fedora How-To: End Unresponsive Applications with Xkill



There are times when I miss KDE, like, when an application suddenly freezes up for no apparent reason.

I wait and try to close the window clicking on the close [x] glyph.  Tap fingers....

Still nothing.  "Sweet Lord.  Please make it stop!", I mutter.

Then I remember that pressing ctrl-alt-Esc would work in KDE to kill an unresponsive application.  Yes!  (Slaps forehead)  That's it.

Presses ctrl-alt-Esc.   Waits.  (insert sound of crickets...)  NOTHING.

So, as I have discovered, Fedora doesn't have a keyboard mapping to xkill, despite having the utility installed.  My Fedora Peeps are you reading this?  For the Love of God, Add it!  Please.

There.  I said 'please'.  I was nice.

Hokay, deep breaths.  Serenity now... ;)

Ready for a brief how-to to show you how to add a keyboard mapping in Fedora Desktop Edition or Workstation?  Alright.  Here goes.

First you need to go to Settings and click Keyboard to create the shortcut:




Then, click Shortcuts:




Click on Custom Shortcut and the plus (+) symbol to add a shortcut:


Name the shortcut "Force Quit" and the command "xkill":


Click Add to add the shortcut.  Then click on the word 'Disabled' and enter the keys you wish to use to activate this shortcut (I've used Ctrl-Escape as Ctrl-Alt-Escape is already mapped to something else):



My finished Force Quit shortcut:



Finito.  Good grief, I am exhausted.  Just kidding.  That wasn't difficult was it?  I hope not.


So, okay, if and when you encounter a frozen application you can now force it to quit by pressing, in my case, Ctrl-Esc.  Directly above, I show Nautilus Terminal after I have pressed ctrl-esc.  Note that the cursor changes shape to an 'x' to signify you are armed with xkill and dangerous.

Assuming you do want to kill an application, position your mouse cursor over the offending application window and 'left-click'.  That should result in the window closing.  Should you decide to cancel, simply 'right-click' at any time and the 'x' cursor will be replaced by a normal mouse arrow.

And that should do it!  -- Dietrich

Friday, November 28, 2014

Customize Fedora's Out-of-the-Box Experience

My Fedora 21 Workstation - Customized


As if I need to tell you, I am 100% behind Fedora.  Those looking for a story on their 'other' Distro can turn away now.

There's nothing wrong with being selective and wanting the best of everything life has to offer, yes?

So, when it comes to Linux on the Desktop, I have put Fedora at the top of my list.  I'll show you my personal configuration and yes it is running remarkably well on my trusty Acer Aspire One D260 Netbook in just 2GB of ram.

I've been on the Fedora bandwagon for nearly a year.  I've watched what other Distro communities are doing and chose Fedora for several reasons.  As for security, there's no better platform than Linux equipped with SELinux, a Linux Security Module (LSM).

With the largest community and having the governance of Red Hat, you can be assured Fedora is going to be around in 5 years.  Safe is not just security;  it's also about stability and longevity.

The 'out of the box' experience with Fedora is quite good.  That is meant to say, one can assume little in the way of post-install configuration is needed.  All bases are covered.

Still, one can put their own personality into adding extra features which is part of the fun of Linux on the Desktop.  There is much one can do--just reach into the Linux parts bin for what you are looking for and bolt on.  Some things require more effort than others.  Let's see what I've done to personalize Fedora Workstation 21.

Fedora chose to break out three products -- Server, Workstation, and Cloud -- in revision 21.  This is no small undertaking and more than trebles the volume of work.  But with careful planning, they will meet their target date for general release, December 9, 2014.

Formerly called Fedora Desktop Edition, Workstation is approximately the same, but the target audience is slanted more towards Student and Developer.  That doesn't make it any more difficult to use -- instead it means the 'mix' of pre-installed applications is slightly different.  What you do is entirely subjective and up to you.  Here goes.

Post-Install Graphical Application Additions



Gnome-Tweak-Tool

As previously mentioned, this tool should be installed by default and as discussed below simply eases making configuration changes.






Gimp
As I do posting to Linux Advocates, often I need access to GIMP and it is a universe unto itself in terms of features for image editing and manipulation.  A must-have for me.







dwb
Fortunately, Fedora Workstation, as in previous revisions, comes with Firefox by default.  This is a pure open source web browser.  I no longer endorse or support Google's Chrome which is proprietary.

I trust that +Tom Callaway will be updating open source Chromium in due course and make it available on or before general release of 21.  I usually keep that on hand for special situations that benefit from using it.  A Big thank you goes to Tom for his hard work.

dwb is my day-to-day browser.  It is lightweight written in C, with webkitgtk bindings and vim keyboard optimizations.  Gear heads will appreciate the vim shortcuts which speeds up everything, besides the compiled C code being inherently super fast.

The version last checked in the 21 repo is from early spring of 2014 and flash isn't working in it.  So, if you are technically inclined, I would suggest getting the dwb-git version with a September 2014 commit number:

[dietrich@localhost ~]$ dwb --version
    This is : dwb-git
    Version : commit 2014-09-20 6a0e483
      Built : Oct 14 2014 13:19:42
  Copyright : (C) 2010-2014 Stefan Bolte
    License : GNU General Public License, version 3 or later

Naturally, you'll need to install the Developer tools that include git, gcc, make and the dependencies listed in the README file and manually with make and make install to fulfill an install of dwb-git.  If you are a true speed geek, it is well worth the effort.


Shutter
Shutter is written in Perl with GTK bindings and ImageMagick.  It is quite useful for special image edit and effects needs.  I recommend both Shutter and ImageMagick to those who are running a website.







Pidgin
Pidgin is a multi-protocol instant messenger GTK program and with the GNOME Shell Extension integration allows one to chat from the shell without opening a Pidgin Chat window.  I prefer it and have used it for years.







Corebird
I've only discovered Corebird in evaluating Fedora 21 Workstation and must say I like it.  This is a GTK Twitter client and it does a nice job of keeping track of those who I follow.





Mailnag
Mailnag is a fairly new Python program with GNOME Shell Extension integration support.  It works quite well in that I use Evolution Email to process my Gmail.  But I leave Evolution closed until Mailnag tells me there is mail.  The notification appears on the top bar with a count for number of emails found.  A python application must be installed and the accompanying Mailnag shell extension.  Opening Mailnag-config, and completing the details for your mail will automatically start a mailnag deamon process running in the background on your system.  I prefer not having Evolution open all the time as it is a memory consumer so go into it only if there is mail to process and then close it to conserve ram.


Under the Hood Non-Graphical System Tweaks



Zswap
Zswap is a Linux kernel loadable module that has been available since version 3.11. It runs resident in its own kernel memory space and compresses data destined for swap to its zram swap 'instead' of your physical swap partition.  When the kernel can put transient data into zram compressed swap, foregoing sending it to slower I/O disk swap space, there is a realized net speed benefit.  This utility is not user-friendly so I would leave it to the gear heads to install it.  There's plenty of documentation on it and I am hoping Fedora will soon upstate the LZO compression method to a newer LZ4 method.

Append the following bolded text to /etc/sysconfig/grub:
GRUB_CMDLINE_LINUX="rhgb quiet zswap.enabled=1 zswap.zpool=zsmalloc zswap.max_pool_percent=80" 

Then, save the changes made to grub and run:

#grub2-mkconfig -o /boot/grub2/grub.cfg

You will need then to reboot your PC to have the zwap kernel module load.

Preload
Preload runs as a deamon and monitors your habits, autonomously preloading applications into ram that are used most often.  This can be advantageous on PCs with less ram (2GB or less), such as mine.  Install Preload from a terminal with the following:

$sudo yum install preload

Then you'll need to sudo to root and type:

#systemctl enable preload.service
#systemctl start preload.service

This sets up preload to be maintained by systemd so it will always be resident on boot.

dconf-edit
This graphical tool allows the edit of gnome settings displayed in a tree-structured hierarchical fashion.  Without it you must use gsettings command line tool.  It's good to have not just for editing but for surveying the entire array of configurable settings available.

htop
I always include htop.  Even though I have system-monitor running in the shell tray, sometimes if I am already in a terminal window, it makes doing things easier and faster.  htop is an Ncurses application.

Wallpapers


I'll just mention that there is a nice array of 'stock' wallpapers that many will find aesthetically pleasing.  For those with special needs, there is a 'Pictures' button at the top of the Background application -- pressing that will open into Nautilus to show what you've downloaded into your ~/Pictures folder for selection (see samples below).  I've had more fun lately with GNOME Shell wallpapers than I've had in a long time.  Find that special wallpaper that fits your mood and sensibility.  Here are some that I like:








Customizations Using GNOME-Tweak-Tool



Most people will not go to a terminal to use gsettings and manually install an extension.  It's only gear heads like myself who brave the terminal prompt for various good and peculiar reasons.  As for myself, I prefer not to torture myself and so commenced with installing GNOME-Tweak-Tool.  It's a curiosity to me as to why this tool is not installed by default.  I hope that the Fedora Community will include it in the near term.

So, once installed you are presented with a nice graphical menu with categories, which I will walk down letting you know what changes, if any, I made in each.

Appearance

I've download a bunch of Themes from gnome-look.org and a couple of them are really nice, but, I keep returning to the default, Adwaita.  It's just that good and so I'll leave it up to you to peruse the themes on the website and experiment.

Before you can install a theme, however, you'll need to install the User Theme extension, which takes two seconds to do.  After installing, reload GNOME-Tweak-Tools and a change will be reflected at the bottom of the Appearance page which will allow selection of a user theme.  The only item I changed on the Appearance page is the Font.  I find Faenza icon theme quite pleasing to the eye.  I don't think it is available (yet?) in Fedora 21 repo, but you can still install it from Fedora 19's repo by typing from a terminal:

$sudo yum install --releasever=19 --nogpgcheck faenza-icon-theme

Desktop

On the Desktop page, I've changed nothing with exception to Background Location (aka wallpaper).  You can change it here or by right-clicking on the Desktop and selecting Change Background, or, by going into Settings and clicking the Background Icon.

Extensions
(Go here to view and select from all the available and compatible GNOME Shell Extensions referred to in this section.)

Bitcoin Markets
If you are using Bitcoin (I have a Coinbase account), then, you might want to know where the price is in realtime.  This is the only shell extension for Bitcoin as far as I am aware and updates on the Top Bar.

Caffeine
Have you had it with screensaver?  Well, fret no more.  Go straight to installing Caffeine and this widget will keep screensaver from kicking in.  It can be clicked on and toggled off/on at will and includes preferences in Tweak-Tool.

Dash to Dock
Dash to Dock takes the hidden Dash from the Activities Overview and anchors it to a Dock to so cause Dash to intelligently display and/or be forced to manually display by putting your mouse cursor on the left margin of your screen.  It also has various preferences and allows on appearance the rolling of the mouse wheel to move through your workspaces.

Frippery Applications Menu
This is a simple menu for finding your applications.  It has a right-click preferences menu wherein one can turn off 'text' which results in just the Fedora Icon showing on the left-most part of the Top Bar.  Installing this menu will remove 'Activities' from the Top Bar.  Putting the mouse cursor into the upper left corner of the screen still triggers Activities Overview mode.

Gradient Top Bar
A simple extension with a singular purpose.  It adds a translucent gradient to the Top Bar.  A nice touch.

Mailnag
You'll need this extension as well as the python Mailnag daemon application.  This extension shows a mail icon reminder when your mail arrives and rings a bell to get your attention.  Highly recommended.

OpenWeather
This is so simple, yet, I find it incredibly convenient.  It sits on your top bar and one-click will trigger it's overlay display of useful weather information.  Clean, professional, appropriate.  Recommended.

Pidgin Instant Message Integration
This extension simply integrates with the message tray and facilitates responding to chat directly in the shell message screen without setting focus to your Pidgin application.  An unobtrusive time-saving addition.

Remove dropdown arrows
This does what is says.  The default down arrow on Applications and Places is removed.  I say GNOME should drop the arrow, but that's just my personal preference.

System Monitor
This extension essentially loads your System-Monitor application resident into the message tray.  Using your superkey-M will show a graphical display of the CPU utilization and RAM consumption.  Clicking either sends you into the full-screen application.  I find this and htop quite informational.

User Themes
If you want to use user themes installable outside of the RPM repo and from a user directory, then you need to install this extension first.  After installing the extension, close GNOME-Tweak-Tool and reopen to reflect the change.  A menu option on the Appearance page, Shell Themes, then becomes enabled.

Workspaces to Dock
Much as Dash to Dock applies additional intelligence so too will Workspaces to Dock.  Moving your cursor to the right margin when running a full-screen application will reveal your workspaces in a slightly enhanced but beneficial format.  Drag and Drop of an application from one workspace to another works seamlessly too.  A must have.  I now find myself using workspaces more than ever, spreading out the applications.  A tap of the super-key reflexively goes into Activities Overview and reveals the Dock and Workspaces as well.


Conclusion


As mentioned, the out of the box settings for GNOME Shell are quite adequate.

But within a matter of minutes you can be up to speed installing Shell extensions, applications and tweaks that personalize your Desktop to your liking.  I have found the experience of using Fedora 21 Workstation quite satisfying and, dare I say, Linux on the Desktop has truly become fun again and rivals the professional feel of commercial counterparts Windows and Apple OSX.

That's Fedora 21 customized.  Get the prerelease here.  -- Dietrich