NSA: Please Turn off the Lights When You Leave. Nothing to See Here.

Linux Advocate Dietrich Schmitz shows how the general public can take action to truly protect their privacy using GnuPG with Evolution email. Read the details.

Mailvelope for Chrome: PGP Encrypted Email Made Easy

Linux Advocate Dietrich Schmitz officially endorses what he deems is a truly secure, easy to use PGP email encryption program. Read the details.

Step off Microsoft's License Treadmill to FOSS Linux

Linux Advocate Dietrich Schmitz reminds CIOs that XP Desktops destined for MS end of life support can be reprovisioned with FOSS Linux to run like brand new. Read how.

Bitcoin is NOT Money -- it's a Commodity

Linux Advocate shares news that the U.S. Treasury will treat Bitcoin as a Commodity 'Investment'. Read the details.

Google Drive Gets a Failing Grade on Privacy Protection

Linux Advocate Dietrich Schmitz puts out a public service privacy warning. Google Drive gets a failing grade on protecting your privacy.

Email: A Fundamentally Broken System

Email needs an overhaul. Privacy must be integrated.

Opinion

Cookie Cutter Distros Don't Cut It

Opinion

The 'Linux Inside' Stigma - It's real and it's a problem.

U.S. Patent and Trademark Office Turn a Deaf Ear

Linux Advocate Dietrich Schmitz reminds readers of a long ago failed petition by Mathematician Prof. Donald Knuth for stopping issuance of Software Patents.

Friday, August 29, 2014

Firefox Sponsored Tiles Advert Strategy: Do You Object?

Mozilla Firefox nightly builds now include Sponsored Tiles on the 'New Tab' page
Here is the issue:  Firefox has survived on Advertisement revenue right along.  Yes?   Most of their revenue is based on a contract with Google which has been confirmed will end in November 2014, unless Google has a change of heart and renews.

Consequently, Mozilla is looking at contingency planning and has now added Sponsored Tiles to their nightly Firefox builds.  Sponsored Tiles appear on the 'New Tab' page and won't appear in your regular browser stream.  Being found on the New Tab page means they won't get blocked by tools like Adblock.

Remember, Mozilla is an Open Source company and this will help them to continue to fund Firefox development and continue to expand Mozilla Corporation at the same time.

So, I am fine with it, as long as Firefox remains Open Source.  What say you?  -- Dietrich

The Linux Distro Repository System Safety Assurance

(Image credit: ablogabouthistory.com)
THE LINUX DISTRIBUTION REPOSITORY CONCEPT

Most people don't give a thought to this subject.  In fact, with Legacy Windows (x86), including Windows 8.1, there is no such concept as a 'repository'.

Every Linux Distribution (call it a 'flavor' if that helps), provides its own repository.  What is a repository?  Imagine a Castle (Library of Applications) with a moat around it and a draw bridge.  Only keyholders can get in and get out.

The keyholder conceptually is provided by a technology used extensively with Linux, called GNU Privacy Guard (GnuPG or GPG for short).  The idea is to guard all software in the library to assure that no 'tampering' can ever occur.  Tampering scenarios include adding rogue software (applications with hidden trojan viruses), unauthorized code edits which have negative repurcussions and usually include software exploits, such as the kind that politely advises the user that their drive is now officially encrypted/locked and cannot be used unless a monetary consideration (extortion) is provided that will cause the encryption to be unlocked (CryptoLocker being one such application aka Ransomware targets Windows, not Linux).

This GPG technology allows each piece of software in the Library to be linked to your Linux on the Desktop GPG-keyring and will not install, per se, unless it can be unlocked by your Desktop keyring (Fedora is my Distribution of choice).

The advantage is clear.  The maintainers of the repository for your Distribution are thus able to  maintain strict control over who can contribute code, vetting of software and the author's background, all done to assure that the program being considered for acceptance into the Library is safe for general use, devoid of any rogue code.

The absence of a repository of protected software applications has been an historic security problem of endemic proportions for Microsoft who must continually apply Zero-Day security patches to the operating system once a month to thwart introduction of rogue software onto the operating system.  It is a hopeless, unending situation and the fact that such software as CryptoLocker and Stuxnet exist should be a flashing neon roadside billboard to the average user, but, sadly isn't.  The public is bamboozled and has bought into the accepted practice  of running third-party Anti-Virus software, lulled by its false sense of security and done by the user at their additional out-of-pocket expense for purchasing said software, time and effort.  


Indeed, the Windows Legacy security software business produces multi-billion annual sales all of which does nothing to deflect a Drive-by Download, for example.  The user won't see it, but their machine is infected and there isn't anything they or Microsoft can do about it, short of a complete redesign effort which has gone into their ARM processor based product which has suffered languishing sales.

Below is my system running an update download from the GPG keyring-protected repository at Fedora.  If you run automated updates, this will occur daily with Linux, not monthly as Microsoft does on Patch Tuesday.


Fedora Linux:  The safest operating system on the Planet


Users of Windows Legacy must therefore 'fend for themselves' and go into the 'wild' so to speak in search of software, whatever that may be, with no assurance that it isn't laden with trojans ready to deploy silently, unbeknownst to the victim user, who believes they have found a nice game program, for example.

You may think things are safe with Windows.  They are not.

Fedora Linux: The safest operating system on the Planet.

I stake my reputation on it.  -- Dietrich

Thursday, August 28, 2014

Google Does Evil. And Then Some.


Every day, I go about my business using my computer tools, all the whilst thinking about what I am doing.  Specifically, I am most concerned about Privacy on the Internet.

We all know what that means at this point and given past events that punctuate the need for Privacy Protection, I see little being done about it, in particular, by Google.

You see, Google stands to profit on every little piece of meta data connected to you.  Use their products, as they want you to and you will become a slave.

Yet, the reality is Google's Terms of Service let them get away with doing with your data as they see fit.  Some of the readers may be non-plused by that fact, but it grinds my gears.


Do No Evil

Remember that slogan?  I bought into it.  They gaffed me, pulled me up on the boat.  It was real easy.

You might be thinking:  "But they have free Gmail and I've become so dependent on it and also Drive is coOL".

That is a pervasive mindset which hasn't diminished and despite my writing this post, isn't going to change anytime soon.  But my purpose here is to help the reader gain a new perspective on the services Google provides.

And, the services to which I refer are NOT the ones which you, the consumer, use.

No, this is about what Google does to profit from parsing your clear-text gmails and Drive documents.  Clear Text means they are not encrypted in any way.  That is by design.

Among all of the hideous revelations that came last year from one Edward Snowden, was the disclosure of the PRISM program run by the NSA.  When the story hit the press, the ISPs reflexively, like sleeping hound dogs, woke up and began to howl in unison, Google, Yahoo, Microsoft, expressing outrage at the extent to which the NSA has intruded electronically in Americans' private lives.  The story turned quickly to it becoming apparent that the NSA was pitching camp as revealed by Edward Snowden on the inside of Google's firewall, knowledge of which was immediately disclaimed by Google, Inc., naturally.

Time passes, people revert to their normal habits.  Not a lot has changed to force the end-user to alter their computer habits insofar as using the Internet is concerned, really.

Initiatives have been started by the ISPs to make their repositories more secure and encrypted, with exceptions, Google being one of them.

Google won't encrypt your Gmail.  Nor will they encrypt your Drive.  That would defeat their ability to parse meta data and key words they claim are used in a 'benign' way for generating Advertising revenue.  Really Google?  I've checked my Drivers License and can confirm, I wasn't born yesterday.  So please.  Don't insult my intelligence and the intelligence of my readers.

This may come to you as a surprise, but, Google is not just in the Advertising business.

And here is the kicker.  According to a story on Veterans Today by Gordon Duff dated April 10, 2013, entitled Google, Beyond the CIA: Insurgence and Espionage Factory, Mr. Duff sheds light on some of the undisclosed 'profit centers' in which Google has a vested ongoing and active interest:

"Intercepted emails expose Google as an intelligence contractor openly involved in aiding terror organizations throughout Africa, Asia and the world, working well outside any official oversight and authority, far beyond even the CIA’s wildest abuses."
Wikileaks obtained copies of some interesting email exchanges with STRATFOR, an American global intelligence company headquartered in Austin, Texas.

From one such STRATFOR email comes this:


“GOOGLE is getting White House and State Department support & air cover. In reality, they are doing things the CIA cannot do. But, I agree with you. He’s going to get himself kidnapped or killed. Might be the best thing to happen to expose Google’s covert role in foaming up-risings, to be blunt. The US Gov. can then disavow knowledge and GOOGLE is left holding the (expletive deleted) bag.”
Gordon Duff goes into further detail to explain Google's Google Ideas Groups special interests with:

"Among the STRATFOR emails Wikileaks received were some exposing Google as, not just an intelligence contractor for the CIA and Department of Defense but foreign governments as well.
Text within the highly sensitive cables outlines criminal and even terrorist activities on the part of Google including the planning of insurgency operations.  Sources have confirmed Google has helped plan military operations against Syria and has been directly involved, working with Arab states, Turkey and Azerbaijan to plan destabilization of Iran.
Emails expose meetings between Google executives and insurgency groups in Azerbaijan operating against Iran.
Under the front name of “Google Ideas Groups,” with support including “air cover,” authorized by the White House and State Department, Google Corporation is directly involved in planning terror attacks.
Wikileaks intercepted STRATFOR emails outlining Google operations in planning insurgencies and illegally conduction both foreign policy and espionage."

It is apparent that Google holds a special place in the hearts of certain Domestic and Foreign Intelligence agencies with whom they conduct business and exchange information presumably for profit.

You, the consumer are their target.  And if your profile is parsed searching for key word triggers, then you become, oh, let's see, A Person of Interest?  Yes, that's it.  Mr. Duff writes further:


"Google had long been criticized for selling “keyword intercepts” from Gmail accounts to advertisers.
However, it has long been known that, not only does Google go much further, scanning emails for intelligence, both security related and corporate, but there is no clear accounting of who Google’s clients are.
Sources indicate that Google sells email and search related intercepts to governments like China, Vietnam, North Korea and others.
Additionally, Google has been proven to accept payment for suppressing searches of news stories clients find embarrassing, to push conspiracies, to support hate groups, to work in smear campaigns and now, of course, is exposed as having armed personnel working directly with insurgents in direct violation of international law."

So, I will tell you this.  Google is doing you no favors, in fact, if you happen to be a shareholder, what they are allegedly doing constitutes Investor fraud, being involved in covert activities of the kind described above.

The Google Investor site goes so far as to say:

“We believe in the importance of building stockholder trust. We adhere to the highest levels of ethical business practices, as embodied by the Google Code of Conduct, which provides guidelines for ethical conduct by our directors, officers and employees.”

Mr. Duff astutely writes:

Nothing in any Google publication indicates that employees are involved in illegal covert operations that fall within the ICC’s definition of “war crimes.”
That pretty much makes it clear, yes?

You can appreciate that during the past few months I have begun distancing myself from Google product usage where possible and as regards especially Internet Privacy.  I felt obligated to share this information since I am now taking a much more guarded position with usage of any software.  The starting criterion for me is, it must be Open Source.  That means Google Chrome is out.  I don't store anything on Drive or Gmail unless it has been encrypted with GnuPG encryption (Ultimate) before uploading -- this is easily accomplished from the command line with google-drive-ocaml and Evolution Email Client with GnuPG.

This is a strong caution to everyone reading this.  Google is not your Friend.

Google Does Evil.  And then some. -- Dietrich

Wednesday, August 27, 2014

Patch as Patch Can

(Image credit:  theregister.co.uk)

What happens when you use proprietary code?  This story from The Register is quite representative.

Yes.  Google Chrome is proprietary.  Chromium is Open Source.

Open Source Chromium gets looked at by 'many eyes' and that is by Contributors across the Globe Folks.

Bugs get fixed quickly.

With any piece of proprietary code, including Chrome, only the employees who work as developers can make fixes to source code, no one else.  Unlike Open Source, Proprietary source code is not made accessible to the general public.  Only the binary executables get distributed.

It's a classic problem and has lent to a perpetual tread-mill of security issues for Microsoft Windows Legacy (x86) and the litany continues unabated to such an extent that Microsoft now wants to change the name of Internet Explorer to remove some of the legitimate stigma involved with user market perception.  It ain't gonna work.  The horse is out the barn door.

No, in fact, I made a policy decision some time ago not to use proprietary software whatsoever and wrote specifically about Google Chrome.

So, I strongly urge the readers to avoid Chrome like the plague and stick with Open Source developed software only, such as Chromium.

As for myself, I have Open Source dwb and Chromium installed, but use dwb 95% of the time.  dwb is written in pure C with gtk2/3 bindings and a webkit back-end on steroids.  It is understated, spartan, greased-lightning fast, and super lightweight with a 75MB startup RAM footprint.  Highly recommended.  Chromium is the easier of the two to install and use and will gobble up as much ram as it can find but, then, it has all the bells and whistles going for it.  -- Dietrich

Friday, August 22, 2014

Cry Babies Cry. Programmers Code.

A schism of sorts is forming in the Debian developer community as one developer has gone on record to formally criticize Debian's decision to adopt systemd in an Open Letter to the Linux World.

Here's what I have to say to Mr. Christopher Barry and others who may agree with his viewpoint.  Accept it.  Systemd is a done deal.  It's here for good reasons whether you realize it or not.  But I hope you eventually grasp why it was written, as it does solve many inherent 'known' problems with aged sysvinit.

And, as expected, a chorus of cry babies has been awoken, like sleeping dogs, taking aim (again) at systemd.


Those who complain in this instance, I am afraid, have a simple agenda.  


They are lazy.

As such and with much creativity they will persist lodging complaints so as to avoid doing some difficult, but not insurmountable, work.  Yes, there are many pain points in addressing merging systemd PID 1 code that are due to its 'middleware' central/critical role, which result in dependency changes and in some cases some major code rewrites that must be done to conform with this new technology standard.

Ah, standard.  There's the rub.  There are legions of arrogant, swaggering Open Source code jockeys who like to strut their stuff by spinning off their 'me too' Distro with their own branding overnight.  Have you taken a count of how many Linux Distributions there are now?


Standardization strengthens the power of Linux.  Distro sprawl does not.

The planned integration of systemd is now officially deployed to Debian Jessie Beta 1. This means that all the 'foot dragger' derivatives must follow suit with doing what is needed to align with this major system design change.





So, while we see some dig in their heels by organizing a boycott, others choose to simply whine, as the din gets louder and louder.  Soon, though, the cry babies will run out of tears, pick up their toys, and go home whilst the real-world Programmers continue to keep their heads down, doing the grunt work with little fanfare and nary a complaint.

Cry Babies cry.  Programmers code.  -- Dietrich