NSA: Please Turn off the Lights When You Leave. Nothing to See Here.

Linux Advocate Dietrich Schmitz shows how the general public can take action to truly protect their privacy using GnuPG with Evolution email. Read the details.

Mailvelope for Chrome: PGP Encrypted Email Made Easy

Linux Advocate Dietrich Schmitz officially endorses what he deems is a truly secure, easy to use PGP email encryption program. Read the details.

Step off Microsoft's License Treadmill to FOSS Linux

Linux Advocate Dietrich Schmitz reminds CIOs that XP Desktops destined for MS end of life support can be reprovisioned with FOSS Linux to run like brand new. Read how.

Bitcoin is NOT Money -- it's a Commodity

Linux Advocate shares news that the U.S. Treasury will treat Bitcoin as a Commodity 'Investment'. Read the details.

Google Drive Gets a Failing Grade on Privacy Protection

Linux Advocate Dietrich Schmitz puts out a public service privacy warning. Google Drive gets a failing grade on protecting your privacy.

Email: A Fundamentally Broken System

Email needs an overhaul. Privacy must be integrated.

Opinion

Cookie Cutter Distros Don't Cut It

Opinion

The 'Linux Inside' Stigma - It's real and it's a problem.

U.S. Patent and Trademark Office Turn a Deaf Ear

Linux Advocate Dietrich Schmitz reminds readers of a long ago failed petition by Mathematician Prof. Donald Knuth for stopping issuance of Software Patents.

Saturday, September 27, 2014

Public Computer Security Misperceptions Abound

Gmail Google Phishing Message

Generally, I try to avoid giving out unsolicited advice, but, sometimes, will reflexively do so, especially for a friend who I know encountered some kind of "Windows" security issue.

Well, a friend posted up a gmail message they had received with concern to make their circle of friends aware of.

It is of the email 'click-bait' variety.  They all work the same on legacy Windows (x86) from present 8.1 back to Windows 2000.  The commonality is that all versions share the same core WinNT design that Microsoft cannot change as it will 'break' Enterprise software badly.

No, it's more what I call "shooting fish in a barrel" or "taking candy from a baby".  The email sent to the unwary Windows user is 'socially engineered' to steer them to opening the email and/or attachment, either of which (on Windows) will spawn Javascript to download and inject DLL code and run all silently unbeknownst to the user -- until, of course, it's too late when suddenly a rogue fake security warning comes up or the dreaded CryptoLocker virus has just finished locking (encrypting hard drive) the user out of their system and very professionally offers up a screen of payment credit card options for making payment, which will unlock said PC.  CryptoLocker is becoming endemic.

So, my weak moment was to offer unsolicited advice to the poster of Drive-by threats inherent in the use of Windows.  This kind of advice was coupled to my 'standard' recommendation to the poster to consider switching to Linux which I have used since 2005.

I've been in the IT business for 20 years and ought to know something at this point in my life about issues regarding computer security, one would think.  Yet, despite offering up this kind of friendly advice, there is always the random respondent who turns up and shows his/her ignorance with great facile, I might add.  Here are their remarks:


"I hate this kind "commercial" attitude some people have. I dont like Linux. It may be the safest whatever OS and good for servers. But I don't like it. How can someone possibly even think Linux is safer when its open source for God's sake the only reason Linux is safe is  because is not as popular as windows yet. Maybe it might become that much popular and be used almost everywhere but as far as I'm concerned almost all companies and 90 % of the users worldwide are still on windows. That is why its the most vulnerable because if I was a criminal who would I attack?  A bigger area of effect obviously. 
How little people think nowadays really. Thank you for your kind offer but I'm not going to an open source program. Keep your eyes open for "these kind of threats" and alert others.
No operating system that is on the internet is safe. Not even Linux. Linux has one of the biggest issues if anything for being open source. If anything attacking the Linux website one day for example and their downloads and all other server connections they have would  compromise absolutely every single user and you do not need to be a computer tech to realize that. 
Thank you, but no. Have a wonderful day. :)"

Okay, instead of responding in my friends post, I chose to submit to her woeful ignorance and put things into perspective here point by point:

1) "I hate this kind "commercial" attitude some people have."


Commercial?  This was posted to a 'friend' for her benefit and so wasn't a commercial or if she meant an endeavor to profit, Linux is FREE.  It wasn't motivated by money.

2) "How can someone possibly even think Linux is safer when its open source for God's sake."


Huh?  The user presumably associates the word 'open' with some form of security vulnerability like 'leaving the door open'?  One of the cornerstones of Linux is its Gnu Public License for sharing the entire source code base and making changes to it freely.   Because of this, user of Linux enjoy true "Transparency", which means many eyes (more so than what Microsoft has in employee headcount), around the globe are looking at and vetting source code to ensure no rogue code insertion occurs.  Unlike Linux, Windows is proprietary and the end-user cannot see their source code, cannot copy it, and thus have NO idea whatsoever what the employees of legacy Windows did or did not do to the code base.  Being proprietary means effectively, Microsoft can write the operating system and applications however they wish, and, that includes code insertion of functionality like 'back doors'.

Yep, back doors exist in Windows for both Microsoft's use and for their partnering governmental agencies which wish to access your PC.  They come and go silently with impunity.  After you've thought about that for a minute, go find some black electric tape and place it over your Laptop's camera, mmmkay?

This doesn't even speak to the unfixed zero-day exploits present and hidden because Microsoft's code base is not viewable by anyone other than their privileged but shrinking staff of programmers most of whom didn't write the original code and might not have a clue as to how to go about changing it.  Those programmers left 5-10-15 years ago.  So, Zero-Day exploits are rampant, and, the hackers that have discovered them sell their exploits on the black market to people on the other side of the globe who want access to you, usually for money.

Microsoft code doesn't get continually refactored like Linux and vetted for safety.  It gets written and then forgotten.  Their maintainers will fix what they can if they can do so without breaking the system, but their resources are limited.

3) "Linux is safe is because is not as popular as windows yet."


Oh right.  The security by obscurity argument.  Alright let me explain the central security issue with Windows:

If an exploit (drive-by, email attachment same difference) on Windows is 'successful' in running, it will make its own SYSTEM call() to perform an 'Administrative' function.  It is at this point that Windows should stop to check on what that 'action' is and by what process id (parent) is making the call.  It doesn't.  Nope.  Once the exploit gets a toe hold, it proceeds to run administratively with no other cross-check security mechanism.  Got that?  Your PC is officially owned.

With Fedora Linux, you have what is called sandboxing technology.  SELinux, a Linux Security Module (LSM), binds to the kernel at bootstrap and maintains a 'hook' api in the SYSTEM kernel.  This 'hook' gets called on each granular system administrative process invoked on Linux.  SELinux (the Sandbox or Mandatory Access Control), cross-checks each discrete action against its policy group for the calling app  and if it isn't an allowed action, it on returning from the hook sends a 'deny' to the kernel.  The rogue code, exploit, is stopped cold.

It doesn't matter from whenst it came, the sandbox blocks it from getting a toe hold in Fedora Linux.

Windows Legacy users?  To you I say: Go with God.

Fedora Linux: The safest operating system on the Planet.
I stake my reputation on it.  -- Dietrich



Sunday, September 14, 2014

Terminology: The Terminal Emulator With Bling

Image credit: Wikimedia.org

If memory serves, it was +Greg Kroah-Hartman who last December enthused on Google Plus about Terminology, the terminal emulator component of Enlightenment.  It was just released at version 0.4.0 by one very talented, industrious Samsung developer, Daniel Juyung Seo.

I took a look at it, put it away and all was forgotten.  The other day, I was looking around for new software and decided to revisit the state of Terminal Emulators.

Incidentally, Solarized Theme will be part of Fedora 21 and I remember trying it at some point.  But didn't recall how.  To my surprise, Terminology includes a number of themes, one of which is Solarized, so, I decided to install it.  Yes, one can install Terminology separate from Enlightenment and it won't pull in a lot of dependencies -- just what it needs.

Okay so, I thought lets see what this puppy can do.  Five minutes later it was installed and shown on my Fedora 20 LXDE menu under System Tools.

It's quite pleasant in terms of aesthetics and given it is an Enlightenment component, that is to be expected.  But there's nothing keeping one from using it with another Desktop UI and many do just that.

Those partial to certain emulators like Gnome-terminal, Konsole, will prefer one over another, especially if doing development work and dwelling in a character-based shell.

What is especially nice about Terminology is that selecting a theme, such as Solarized, makes doing other things at the terminal prompt most pleasant and easy on the eyes, including other ncurses-based applications like vim, nano, htop.  And the entire window is bit-mapped scalable which means it can be as small or large as needed just by moving the lower-left screen corner.






Features




  • Most escapes supported by xterm, rxvt etc. work
  • Xterm 256 color escapes work
  • Backgrounds (bitmap, scalable/vector, animated gif, videos)
  • Transparency
  • Bitmap and scalable fonts supported
  • Themes for the layout and design
  • URL, file path and email address detection and link-handling
  • Inline display of link content
  • Multiple copy and paste selections and buffer support
  • Works in X11
  • Works in Wayland
  • Works directly in the linux framebuffer (fbcon)
  • Can be finger/touch controlled
  • Scan scale by UI scaling factors
  • Can render using OpenGL or OpenGL-ES2 (not a requirement - just an option)
  • Can display inlined media content (images, video, documents)
  • Can do multiple "tabs"
  • Can do splitting into multiple panes
  • Block text selection
  • Drag and drop of text selections and links
  • Can stream media from URLs
  • Tab switcher has live thumbnail content
  • Single process, multiple windows/terminals support
  • Fast (gives urxvt a run for its money)
  • Themable visual bell
  • Compress backscroll
  • Text reflow on resize
  • Color palette selection

More...



I am including below a few screen shots I took of Terminology running on Fedora 20 LXDE.



Terminology with Solarized theme shown in split-screen mode

Terminology with Solarized theme running ncurses-based htop

Terminology settings screen with Themes selected

Install


As mentioned, it took all of 5 minutes to install Terminology on Fedora 20 with this command from the lxterminal:

$sudo yum install terminology

Then, I went straight to the terminal window, right-click, settings and selected my personal favorite font Droid Sans Monospace 12 point, and, of course, Terminology's Solarized ('Dark') theme.

  
Bayam!  Sweet relief.  My eyes feel so much better now.

Go get some relief.  Now. 

Terminology.  The terminal emulator with bling.  -- Dietrich



Saturday, September 13, 2014

Bodhi Linux Developer Retires

( Image Credit: Michelangelo's The Creation of Adam )


The solo developer of Bodhi Linux has announced his retirement.

I sincerely wish +Jeff Hoogland  well.  It's not difficult to appreciate that putting together a truly polished Linux Distro is hard, but by one developer, it seems almost an impossible task.  


One Mr. Hoogland set out to do so and I will say that by all accounts he has been a success.  Bodhi Linux has always been a 'standout' Distribution in my view and well respected.  Bodh Linux's level of consistency typically requires a rank and file of workers to make for polish, fit, finish and seamless processes.  Bodhi Linux has become perhaps the best known lightweight Linux Distro.  CrunchBang is perhaps the only other true contender in this category.

Yet, I fear that we will see more of this attrition and with increased frequency.


As geopolitical events unfold and the global economy gets worse by the day, it becomes increasingly difficult for the individual to merely 'exist', much less, do voluntary work on a project of this magnitude.

Yes, if you are lucky, another developer will pick up and continue with Bodhi maintenance.  If you aren't, well, that is the nature of things in today's world.


Linux on the Desktop is much like a garden, if you will.  It requires true dedication, constant attention and nurturing.  Looking at Distrowatch, one sees a wide array of choices.  Some flowers in the garden are hardy, and even perennial flowering all year round giving manifold benefits to the Linux User community.

Indeed, there is much freedom of choice.  But with choice comes risk.  One such risk is that many Distros by default create newcomer confusion.  The immediate question becomes, "Which one is best?"  All one need do is ask and there will be no shortage of opinion offered to help out.  Getting answers to questions with Linux has always been one of its cornerstones and those who maintain support forums are there to help.  This has always been one of the great benefits of Linux.  That hasn't changed.

What has changed?  The pure number of Distros has grown as more developers obtain toolchains which facilitate cloning their own 'me too' Distro.  This is done mostly with good intentions.  It's part of the Gnu Public License and encouraged.

But, the by-product has yielded a side-effect I call Distro-Sprawl.  As such, it has become increasingly difficult for users to come to a quick answer as to which Distro they should use.

Despite, Bodhi Linux points to another important issue:  Ongoing Support.

When researching which Distro to use, make not just looking at the feature set a consideration.  Look also at the number of people involved in support.  If it's one or two people, that doesn't mean it isn't a good Distro.  Far from it, Bodhi is the exemplar.  But, the longevity of that Distro is put at risk when there are fewer to support it.  And thus, we see here yet another developer finds himself in the throws of life circumstance with not enough 'bandwidth' to devote to his open source development pursuits.  The critical decision is made to pull the plug.  The developer retires.  You are left high and dry.

It doesn't have to be that way if you look at the top 5 Distributions on Distrowatch.  Those are the hardy flowers in the garden.  Those flowers have many gardeners who cultivate and nurture them so as to remain healthy, lush and full.

I encourage developers not to spread themselves 'thin' across vaguely familiar Distros.  Come on board one of the larger Top 5 Distros and put your talent towards something which will be long-lasting and meaningful.  -- Dietrich



Friday, September 5, 2014

RetroShare: An Essential Privacy Tool Introduction

RetroShare shown running on my Fedora 20 LXDE Desktop


Maybe you feel defeated?  You have that sense of helplessness?

Yout think, "Don't fight it.  We can't win against them.  There is no privacy on the Internet."


Give up?

No.  Don't give up.  Fight back.  There is an easy tool, now, today, at your disposal, which as far as I am concerned is not difficult to install and immediately use that will assure 100% privacy on the Internet.

What tool?  It's shown above running on my desktop.  It's called RetroShare.

You see, the NSA is perfectly happy you use Google's tools, including Drive, Gmail.  They are clear text and there's no difficutly in their getting to that repository if they choose to do so.

On the other hand, the NSA is not happy about tools like RetroShare.  So much so, in fact, they cannot invade your privacy space on Retroshare.  They cannot penetrate the encryption.  Enjoy privacy on your own terms with RetroShare.

RetroShare is a mature product in continual refinement since 2006.  The feature set is robust.  To learn more, check out their wiki, FAQ, and screenshots.

So, go ahead and try RetroShare.  If you get on-line, give me a shout.  I'm here.

RetroShare is open source and free.  Download here.


Watch my screencast: RetroShare: An Essential Privacy Tool



-- Dietrich

Thursday, September 4, 2014

CryptoWall RansomWare: The Psychology of Mass Insanity

(Image Credit: Geek.com)
Albert Einstein once defined insanity as this, "Doing the same thing over and over again expecting different results."

Are you using Windows Legacy (x86) 8.1 and older?

If you answered yes, then, I am afraid you are technically insane. ;)

Oh.  That Anti-Virus software subscription tool you so diligently run?  It is money and time wasted.  The types of attacks now occurring simply fly 'below the radar' of AV scans and morph their signatures on a daily basis so as to not be seen.


If you aren't thinking about switching operating systems, you really need to have your head examined.  It has become child's play for global crime rings to perpetrate the kinds of attacks such as the one depicted at the top of this story (aka RansomWare) and they get away with it by a process known as 'Drive-By' Javascript DLL injection into Windows Legacy operating systems going all the way back from 8.1 to Windows 2000.  Why?  Because they all share the same legacy WinNT kernel design and because Enterprise has been thoroughly invested in Windows, they cannot change the code or it would break Enterprise systems.

This is their dilemma -- their personal nightmare.  And just as with the slow death of XP, Legacy won't go away any time soon -- it is entrenched and businesses are 'married' to it for better or for worse.

You, the consumer, have a choice.  Distance yourself from a known problem.  Research 'Stuxnet' and then ask yourself how that could possibly happen (cough backdoors).

As long as you insist on using Windows Legacy, you are assuming the role of a 'victim'.  Don't be a victim.  Own your privacy.  It's your right.

Reclaim it with Fedora Desktop Edition Linux: the safest operating system on the Planet.

I stake my reputation on it.

Get Free Fedora Desktop Edition here.


-- Dietrich