NSA: Please Turn off the Lights When You Leave. Nothing to See Here.

Linux Advocate Dietrich Schmitz shows how the general public can take action to truly protect their privacy using GnuPG with Evolution email. Read the details.

Mailvelope for Chrome: PGP Encrypted Email Made Easy

Linux Advocate Dietrich Schmitz officially endorses what he deems is a truly secure, easy to use PGP email encryption program. Read the details.

Step off Microsoft's License Treadmill to FOSS Linux

Linux Advocate Dietrich Schmitz reminds CIOs that XP Desktops destined for MS end of life support can be reprovisioned with FOSS Linux to run like brand new. Read how.

Bitcoin is NOT Money -- it's a Commodity

Linux Advocate shares news that the U.S. Treasury will treat Bitcoin as a Commodity 'Investment'. Read the details.

Google Drive Gets a Failing Grade on Privacy Protection

Linux Advocate Dietrich Schmitz puts out a public service privacy warning. Google Drive gets a failing grade on protecting your privacy.

Email: A Fundamentally Broken System

Email needs an overhaul. Privacy must be integrated.

Opinion

Cookie Cutter Distros Don't Cut It

Opinion

The 'Linux Inside' Stigma - It's real and it's a problem.

U.S. Patent and Trademark Office Turn a Deaf Ear

Linux Advocate Dietrich Schmitz reminds readers of a long ago failed petition by Mathematician Prof. Donald Knuth for stopping issuance of Software Patents.

Showing posts with label Chrome. Show all posts
Showing posts with label Chrome. Show all posts

Friday, December 5, 2014

ALERT: A Software Security Transparency Breach Warning

12/05/2014 03:17:00 PM  , , , , , , , ,  No comments

(Image credit:  Wikipedia.org)

We've witnessed what happens when changes in source code to intentionally insert rogue code go unnoticed.

The example of how the NSA intentionally inserted weakened string constants into Elliptic Curve Cryptography lay hidden for several years, in fact, and was only exposed by a languishing open Red Hat trouble ticket.  What was odd was how given the potential seriousness of the incident, no action was being taken to look at the source code and change it.  As more comments appended to the ticket, the level of suspicion grew to the point of where NIST was forced to open up an investigation.

It was a potential public relations disaster in the making for them, as they pleaded being unaware of what the NSA had done.  Immediately, the code base was opened up for public comment.  The code has since received a thorough going over, particularly those merged diffs that sourced from the NSA and corrective action was taken.

But, this was a roadside billboard that should have alerted everyone in the FOSS Community to the realization that every corner of FOSS should be revisited for a thorough security review and vetting.

Code obfuscation should be a 'red flag' to anyone who has seen it.  The first concern should be:  Why is this code obfuscated?  If there isn't good documentation giving a reason for doing so, then, it's time to dig in and find out what the code is or isn't doing, at the very least.

It is believed, however, relative to all FOSS code, little obfuscated code exists.

It would be most difficult to secret rogue code otherwise, as it must pass several levels of code review to reach final merge.

This is why it is an imperative that the FOSS Community become rigid and not deviate on the issue of Security Transparency.

Security Transparency assurance can only be guaranteed if and only if ALL source code is vetted independently by more than one project maintainer.  Oversight must be maintained and all Linux Distribution binaries which don't provide accompanying Gnu General Public Licensed (GPL) source code should be rejected out of hand as not just a license violation but also a breach of Security Transparency.

That being the case, Linux Advocates is taking a position against the following software vendor sources of 'semi-open' code bases.  They are:

  • Google ChromeOS
  • Google Chrome Browser
  • Opera Browser

Linux Advocates categorically does not support using the above-listed products which include a mix of open source and proprietary code.  There is an attendant heightened risk of exposure to cyber attack and exploitation when using any non-FOSS proprietary stack implementation on your computing device.

Enforce Security Transparency by insisting on using Linux with GPL open source code only.  -- Dietrich

Related articles

Read More

Wednesday, August 27, 2014

Patch as Patch Can

8/27/2014 05:56:00 PM  , , , , , , ,  No comments

(Image credit:  theregister.co.uk)

What happens when you use proprietary code?  This story from The Register is quite representative.

Yes.  Google Chrome is proprietary.  Chromium is Open Source.

Open Source Chromium gets looked at by 'many eyes' and that is by Contributors across the Globe Folks.

Bugs get fixed quickly.

With any piece of proprietary code, including Chrome, only the employees who work as developers can make fixes to source code, no one else.  Unlike Open Source, Proprietary source code is not made accessible to the general public.  Only the binary executables get distributed.

It's a classic problem and has lent to a perpetual tread-mill of security issues for Microsoft Windows Legacy (x86) and the litany continues unabated to such an extent that Microsoft now wants to change the name of Internet Explorer to remove some of the legitimate stigma involved with user market perception.  It ain't gonna work.  The horse is out the barn door.

No, in fact, I made a policy decision some time ago not to use proprietary software whatsoever and wrote specifically about Google Chrome.

So, I strongly urge the readers to avoid Chrome like the plague and stick with Open Source developed software only, such as Chromium.

As for myself, I have Open Source dwb and Chromium installed, but use dwb 95% of the time.  dwb is written in pure C with gtk2/3 bindings and a webkit back-end on steroids.  It is understated, spartan, greased-lightning fast, and super lightweight with a 75MB startup RAM footprint.  Highly recommended.  Chromium is the easier of the two to install and use and will gobble up as much ram as it can find but, then, it has all the bells and whistles going for it.  -- Dietrich

Related articles

Read More

Monday, April 21, 2014

WARNING: Google Chrome UNSAFE FOR GENERAL USE

4/21/2014 04:14:00 PM  , , , , , , ,  No comments

by Dietrich Schmitz


You read that right.  I deem Google's proprietary Chrome (Freeware License) browser UNSAFE FOR GENERAL USE .

I can't make it any clearer than that.

Why is Google's Chrome browser unsafe?

It's pretty simple.  Google chose to not allow Chrome's code base to be shareable to the general public.

For your purposes, that means it doesn't operate under Open Source Gnu General Public License v2 (GPLv2) license terms which would allow the entire code base to be independently vetted by external audit for hidden vulnerabilities and exploits that may be resident much like HeartBleed in openSSL and NIST's Eliptical Curve Cryptography (ECC) which was discovered to have been weakened by the NSA.  The aforementioned rogue bugs lay hidden for quite some time, exploitable to those who knew of their presence.

The only ray of sunshine is that their source code is open source, which allowed discovery and corrective action to be taken.

Sadly, one has to draw the line in today's world.  We know the score with the NSA.  The Fox is in the hen house and now it's time to take action.

Severe action is needed.  

Accordingly, I am putting Google on notice and charging them with knowledge that their code base is 'closed' to the general public and must be 'opened' for independent external audit to assure no vulnerabilities exist of any kind (excluding discovered defects in Chrome's upstream dependencies).

It's no more Google Chrome for me.  And I hope you will follow suit.

Take action.  Switch to a 100% open source browser, like Mozilla's Firefox or Midori or Gnome's Web or KDE's Konqueror today.

I would remind the readers that despite assurances from Google to consumers that their privacy remains intact, it turns out last year that the NSA were able to drill through Google's SSL firewall and pitch camp on the inside for an unspecified period of time, unbeknownst to Google, as they sampled the clear text unencrypted Gmail and Drive meta data belonging to you.  Of course, publicly Google expressed outrage for what the NSA had done.

But actions speak louder than words.  You see, Google has had ample time to formally announce and roll out strong encryption for Gmail and Drive for their consumer-facing services.  To date, they have done nothing.  

Yet, on their commercial service side, they quickly reacted to the Fox in the Hen House last year and put in place FIPS governmental standard strong encryption.  

Corporate America is 'big business'.  Consumers play second fiddle, and because Google state in a revised language TOS agreement that they parse your clear text meta data to generate advertising revenue, the message to the consumer is that 'profit' takes precedence over their privacy.  

That is simply unacceptable and quite worrisome despite the 'lip service' they have given on tightening up their SSL standard.

No, consumer data, yours, is still sitting in clear text drive storage medium in the Gmail / Drive cloud where it can be read at will if/as/when it suits Google and/or any other governmental agency.

And, with Chrome being closed source, there is no way to know for sure what is or isn't happening during your Internet browser sessions is there?


Dear Reader, switching to open source is the only way that Security through Transparency can be achieved.  Do it today.

Google Chrome is UNSAFE FOR GENERAL USE.


-- Dietrich

Enhanced by Zemanta

Read More

Friday, April 18, 2014

Advocating for Security through Transparency

4/18/2014 04:10:00 PM  , , , , , , ,  No comments

by Dietrich Schmitz




That's a screen shot (below) of the BitBucket repository for commits to ongoing development of dwb (dynamic web browser).

Oh, that's nice.  What's my point?

dwb is 100% pure Gnu Public Licensed code. That means, you, anyone, developers, users, the world, can see it, change it, for free. That has always been the basis for GPLv2 and the primary reason for why I opt to use dwb. Want to know what's going on with their code? Help yourself -- look around. Only, don't forget to turn the lights out when you leave. ;)


dwb (dynamic web browser) BitBucket repository commits page

You don't get that with Google's Chrome. Nope. Sorry. They won't let you see their code base. Of course, they are within their legal rights to do so, but, that doesn't mean I have to use their browser if I cannot know what it is doing, do I?

Ask yourself this question: Notice lately how Google Plus will periodically 'freeze' with the cpu utilization at 100%? 

What are they doing exactly?  (Shrugs)

That's Chrome doing whatever it does. :/ Whatever has a big question mark hanging over it for me.  My confidence in Google to 'Do No Evil' has fallen dramatically in the past 9 months since the Edward Snowden NSA Prism and other revelations.

You see, 'proprietary code' (not open source) often leads to some level of exploitation for commercial or 'other' purposes. Because Chrome is 'closed source', we cannot know for certain 'if' Google cooperates in some capacity with governmental information collection and sharing. That's because there is no public access for review of their code base, unlike dwb.

Taking the overt step to use dwb is my personal choice.  Yours may be different, but, if you truly believe in the power we (Humanity) hold over the "n'er-do-wells" of the world by embracing Open Source, then I urge you to make it your policy to not use proprietary software.  Take a stand and fight back. Set an example for others to follow and use open source applications only such as dwb, Mozilla Firefox, for the sake of security through transparency.

-- Dietrich

Related articles

Enhanced by Zemanta

Read More

Wednesday, April 16, 2014

dwb - A Webkit Browser, Highly Understated, Lightweight and FAST

4/16/2014 12:42:00 PM  , , , , , , ,  No comments

by Dietrich Schmitz



I've been looking for browser alternatives to Chrome and Firefox.

Both are relatively bulky -- replete with features -- which is to be expected.

Chrome does things I don't like and I simply cannot account for why. At times it will remain quiet and at other times it will do whatever it decides to do and throttle up even pegging the cpu. My netbook strains to cooperate when that happens.

To a lesser extent that happens with Firefox, but really not nearly as often. I know from personal experience that opening a google plus tab will elicit periods of frenetic cpu activity which I watch in my LXDE cpu graph. Seconds can pass even minutes before Chrome settles down.  That annoys me.

So, I know Google Chrome is not 100% open source like Chromium. What are they doing exactly with my bandwidth? There is no way to know for sure and there certainly isn't any transparency given one cannot see Google's Chrome source code. That is 'off limits'.

This goes against the grain with me. I hold in reverence open source standards; Gnu Public License v2 in particular ensures public oversight to any single piece of code used.

This is what transparency is all about. It's hard to create 'rogue' code in the open source world, when 'many eyes' can see what is or isn't being coded and if something is 'amiss', corrective action can be taken appropriately.

Still, one wonders, if Linux was not open source, how long would such exploits thrive before being noticed? That is an important question and a major distinction for readers to consider -- especially those who currently depend on proprietary and closed source Microsoft Legacy (x86) Windows. Transparency is not a given in the Windows world.

Alright, you get the point. So, I began looking for something which is more lightweight and open source and, as important, would run reasonably well on my Netbook without pegging the cpu like Chrome does. Luckily, after a few days of searching around with Google and testing various browsers, I came upon one obscure Lightweight browser called dwb (dynamic webkit browser). It struck me at how minimal the developer's web page appeared to be. That minimalist mindset fit with my programming philosophy and was just what I was looking for.

With that, initially, I installed a revision of dwb found in the Fedora 20 repo. It worked, but, for some unknown reason it was not recognizing the presence of Adobe's Flash plugin. And, even after I reinstalled the newest 11.2.202 update, the error still persisted on youtube's website.

So, I uninstalled dwb with yum and then dispatched directly to the BitBucket dwb project site which supports git, downloaded a copy of the project, manually compiled and installed the newest version of dwb. That fixed the flash problem. That was yesterday and I've been puttering around using dwb exclusively ever since.

This is day two and I am here posting up my experience with dwb after several hours of use under my belt.

What a hoot. That's right. dwb is making me smile and I really think it is funny how straight up I was able to quickly adapt to using a 'keyboard-centric' minimalist browser and it got me to thinking about the general public.

People tend to be lazy and are reluctant to change habits.

But using dwb was not a radical change either.

In fact after a few minutes of googling dwb, I located some documentation at the BitBucket git project where dwb is developed and also some good material on the Arch wiki. (Is there ever anything but 'good' material on the Arch wiki?)

So, I admit being a computer geek does help getting up to speed. But I would bet some of the curious readers might be wondering if they should try dwb.

I say: "Why not?"

You stumble. You fall. You then pick yourself up, dust off and try again. It's like your first experience with a bicycle and training wheels as a child. After a while (hours) you start building up confidence as navigation becomes easier. Reading the Arch Wiki on dwb helped immensely and I don't think I have read for more than a half hour to find the keyboard shortcuts I use most often.

It's not that you can't use your mouse. Quite the opposite. A judicious amount of mouse use in combination with the keyboard will result in gained efficiency as you begin recalling which key does what.

I began to chuckle at how fast I was able to perform the same tasks on dwb verses Google Chrome. And I would add that I have yet to see an open tab to Google Plus peg the cpu -- not once has it happened. So, that makes me wonder even more -- what the heck is Chrome doing with my bandwidth? 

As I continued using dwb, the thought occurred to me, it's not just that dwb is small, compact and arguably the fastest browser -- it's that the keyboard still provides major advantages when included in the design of any software. As the dwb home page says:

"dwb is a lightweight web browser based on the webkit web browser engine and the gtk toolkit. dwb is highly customizable and can be easily configured through a web interface. It intends to be mostly keyboard driven, inspired by firefox's vimperator plugin."

And that is the point:  Keyboard optimization.  The icing on the cake is, if you should happen to know how to use the vi editor, all the better, as many of dwb's shortcuts parallel with vi.

Features


  • vi-like shortcuts
  • Link following via keyboard hints
  • Bookmarks
  • Quickmarks
  • Cookie support, whitelisting of cookies
  • Proxy support
  • Userscript support
  • Tab completion for history, bookmarks, userscripts
  • Custom stylesheets
  • Javascript blocker with whitelisting support
  • Flash plugin blocker with whitelisting support
  • Adblocking with filterlists
  • Webinterface for keyboard and settings configuration
  • Custom commands, binding command sequences to shortcuts
  • Extendable via extensions/scripts
  • Extension manager



So, are you feeling adventurous today? Give dwb a try.

dwb should be found in your Distro's repo, otherwise, the above link reaches the git repo.

Reach me with questions. -- Dietrich

Related articles

Enhanced by Zemanta

Read More

Sunday, March 31, 2013

Google Chrome Tricked Out

3/31/2013 02:32:00 PM  , , , , , , , ,  No comments

by Dietrich Schmitz

Alright.  I've been a long-time Mozilla and Mozilla Firefox devotee, but, the time came and went (months ago) when I decided that the value of using Chrome exceeded anything that Firefox could muster.

Today, I share with you some of the things which will improve your Chrome experience.

Graphics Hardware Acceleration

It has become popular for browsers to support 3D graphics--that is when a graphics cpu is detected, the browser will send work to the Graphics Processing Unit (GPU) vs. letting your Central Processing Unit (CPU) do all of the heavy lifting.  This greatly speeds up screen writes to the canvas.

Checking your system's support is simple enough:

Override software rendering list (blacklist)

Now, restart your browser and type into the omnibar: chrome://gpu

It should look like this:


All green is good.  That last one isn't supported yet by the graphics driver on my Netbook so otherwise we are now 'firing on all cylinders' and the GPU will handle graphics primitive calls instead of the CPU now.  Good deal.

Security Sandbox



With Linux, you know that security is being taken seriously.  In fact, now as of Linux Kernel 3.5, support for seccomp-bpf is baked right into the kernel.  Any application can take advantage of it and the good news is Chrome will see and use this security sandbox feature.  To check if your Chrome is sandboxed type chrome://sandbox and you should see this:



This is a good thing.  Be sure it is set on your Linux system.  Microsoft Windows does not have it.

Google Chrome Extensions

Visiting the Google Chrome Web Store is a right of passage for every newcomer to Chrome.  It's exciting and you'll find a vast array of Apps, Extensions, and Themes a click away from adding to your browser.

Here are a few that I recommend every user consider adding to Chrome.


The above extensions will automatically appear on your Chrome toolbar (right of the Omnibar)

In addition, there are some Apps which only appear in your 'New Tab' Chrome menu that I recommend.


Don't get carried away.  Remember each extension is going to consume some memory.  The above are what I use day to day and minimally really provide some good features and value.

I hope you enjoy Google Chrome and get the most out of your browsing experience.

-- Dietrich


Related articles

Enhanced by Zemanta

Read More
Subscribe to: Posts (Atom)