NSA: Please Turn off the Lights When You Leave. Nothing to See Here.

Linux Advocate Dietrich Schmitz shows how the general public can take action to truly protect their privacy using GnuPG with Evolution email. Read the details.

Mailvelope for Chrome: PGP Encrypted Email Made Easy

Linux Advocate Dietrich Schmitz officially endorses what he deems is a truly secure, easy to use PGP email encryption program. Read the details.

Step off Microsoft's License Treadmill to FOSS Linux

Linux Advocate Dietrich Schmitz reminds CIOs that XP Desktops destined for MS end of life support can be reprovisioned with FOSS Linux to run like brand new. Read how.

Bitcoin is NOT Money -- it's a Commodity

Linux Advocate shares news that the U.S. Treasury will treat Bitcoin as a Commodity 'Investment'. Read the details.

Google Drive Gets a Failing Grade on Privacy Protection

Linux Advocate Dietrich Schmitz puts out a public service privacy warning. Google Drive gets a failing grade on protecting your privacy.

Email: A Fundamentally Broken System

Email needs an overhaul. Privacy must be integrated.

Opinion

Cookie Cutter Distros Don't Cut It

Opinion

The 'Linux Inside' Stigma - It's real and it's a problem.

U.S. Patent and Trademark Office Turn a Deaf Ear

Linux Advocate Dietrich Schmitz reminds readers of a long ago failed petition by Mathematician Prof. Donald Knuth for stopping issuance of Software Patents.

Showing posts with label Searching. Show all posts
Showing posts with label Searching. Show all posts

Wednesday, November 6, 2013

Google: You've Been Owned. Fix Your F'ing Security

11/06/2013 05:30:00 PM  , , , , , , ,  No comments

by Dietrich Schmitz
Theatrics.  That's all it is.  We see blustering, cries of 'outrage' by Eric Schmidt in a public reaction of 'surprise' to the fact that the NSA penetrated their firewall and set up camp reading any and all of their 'clear text' data files with impunity.

 This same company, prides itself on selling Chromebooks with an unblemished record at Pwnium 2013 of no successful hack which resulted in fully owning the ChromeOS operating system.

 How is it that so much effort can be put forth to develop ChromiumOS with a sincere intent to make security a prime order of concern yet Google's data centers store data in clear text?

 This isn't being discussed in any of the media stories.

 The real 'top dog' priority for Google is advertising revenue.  And, they know full well that if they encrypted the public's data they could no longer parse it to exploit, mine, for advertising purposes and that would put a major choke hold on a part of their revenue stream they so cherish.

 The public's trust, good faith, and right to privacy takes a 'back seat' to Google's penchant for profit.  Google is colliding directly with 'Do No Evil' as they continue to change their ways with a clear intent to take major portions of their technology base proprietary

 That is the bottom line and there is no clear indication from them policy-wise, one way or another, as to what they plan to do at this point, if at all, other than public 'feel good' talk and expletives from Google Engineers seen in today's news.

 Google.  You've been owned real bad and at the Public's expense.  It's time for you to fix your F'ing security.  I think you just might have screwed the pooch this time.

 -- Dietrich

Related articles

Enhanced by Zemanta

Read More

Tuesday, June 11, 2013

Google Drive Gets Failing Grade on Privacy Protection

6/11/2013 06:53:00 PM  , , , , , , ,  No comments

by Dietrich Schmitz

Never mind that Google reneged on their promise to bring a native Google Drive Client to Linux.  It really doesn't matter to me at this point.  We have much bigger fish to fry.

You see, Google is as much complicit as any other ISP in cooperating with our beloved U.S. government in handing over your private data without a warrant.  The government waltzes in simply cherry picks whatever they are looking for unimpeded.

This is flouting our privacy rights and, with each successive day, more and more of our constitutional rights are being dismantled in the name of fighting terrorism.

"At what point do we stop taking away our rights?", is an open question everyone should be thinking about.  Because, the latest news regarding disclosure of the NSA's Prism project confirms just how far 'out of hand' things have progressed with the overreach by our government into our private affairs.  Seeing such news, one wonders where we will be in five years.  I fear the erosion of our rights will continue unless these projects are abandoned.

Your only recourse in fighting back to hold off these intrusions?:




Folks, I cannot stress this enough.  There is no other option if you plan on storing any personal data on the Internet other than encryption to keep prying eyes from reading it.

And, I feel obligated to tell you that NONE of your data stored in Gmail or Google Drive is encrypted.

In fact, Google will not offer an encryption service in the interest of protecting your privacy.  Why?  Because, it will render their 'parsers' useless in parsing through your data for advertising purposes, their main 'cash cow'.

This stands as being a gross conflict of interests and Google has overtly chosen to make profit a higher priority than protecting your privacy.

I give Google a FAIL on their moral ethics and stance on privacy.  

The bottom line?: Don't use Google Drive or Gmail if you don't want your data seen by third parties.  

-- Dietrich

Related articles

Enhanced by Zemanta

Read More

Monday, March 25, 2013

The JSON API: An Example

3/25/2013 10:42:00 AM  , , , , , , ,  2 comments

by Dietrich Schmitz

I'm not one to let things go.  If I can't figure something out, it simmers and brews, sometimes for days, even weeks at length until I get an answer.

That was my experience with JSON.  I'm not a web uber geek by any stretch of the imagination and have spent over two decades doing IT programming all without coding a line of html.

I am quite fine with that.  But I was confronted by what seemed to be a simple exercise in configuring this website: having it return a list of posts 'by Author'.

Well, no.  It turns out that there isn't a lever, toggle, switch one can pull to make that happen.  Yes, a post does indeed have category tags, but to have that work reliably one must explicitly append a 'tag' to the post, i.e., the name of the Author.  One omission will result in the query missing a post.  That isn't acceptable.

So, I thought there must be a way to get that seemingly basic information from a post. Yes?

Yes!  It turns out that Google has an array of APIs to their product line and, categorically, Blogger has its very own.  It's called Javascript Object Notation or JSON for short.

This is good news. Yes?

So, I proceeded to pour over the documentation in earnest hoping that if I stared long enough and tried various API calls I could get it to cooperate.

This went on for over two weeks with my poking at it periodically without success.

Finally, I decided to try a simple test to see what Google's API would return using JSON.  It is pretty basic:



  
    Blogger API Example


When I saved the html and opened the test.html from my local share, it returned to the screen 'Undefined' 'Undefined' as if to taunt me once again.  I was taunted.

So, I double-checked my settings in the Google API console, even recreated my apikey just to be sure and then took just the RESTful portion (I've obfuscated the api key as 'xxxxxxxxxxxxxxxxxx'), and ran it from a terminal command line to see what was in the response.  It returned 200 OK but the response included information I had not seen up to this point, a clue to what was keeping my simple JSON query from giving over the goods:


// API callback
handleResponse({
 "error": {
  "errors": [
   {
    "domain": "usageLimits",
    "reason": "dailyLimitExceededUnreg",
    "message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.",
    "extendedHelp": "https://code.google.com/apis/console"
   }
  ],
  "code": 403,
  "message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
 }
}
);


Ah hah!  Now we are getting somewhere.  So, in spite of my due diligence in obtaining an api key, it turns out that obtaining an api key has a very limited quota so I had spent it in my previous incantations and the message was clear in saying I should 'sign up'.  So, yesterday, late in the day, I signed up and sent off the form to Google which replied that it might take as much as several days before my request would receive a review.

Late last night, an email came from a chap at Google who enabled my apikey.  I was quite pleased with the quick turn-around and sent him a thank you email.

With that I dispatched directly back to firing off my test.html opening it from my local share.  Much to my pleasant surprise, it dutifully responded with a response:

My test.html to exercise the Blogger JSON api confirms success


So, as you can see above, the issue wasn't my JSON--it was the fact that the apikey was not 'authorized'.  Once enabled it worked flawlessly.

This now opens the door to an array of possibilities for adding addition features, widgets, etc.
Initially, I would like to have a link in the post 'About the Author' box which when clicked will open a browser tab and display the title and link to each article belonging to the Author.  Should be easy right?  That is on today's plate.

Okay then, that is just a very simple JSON api example which I hope might help some of the readers to get motivated to do the same for their website.  -- Dietrich



Related articles

Enhanced by Zemanta

Read More
Subscribe to: Comments (Atom)