Saturday 30 July 2011

Ubuntu One is Celebrating!

Ubuntu One is celebrating one million users by giving away 3GB of additional storage with the basic package. Users now get 5GB free when they sign up for Ubuntu One!

"From today, Ubuntu One Basic will become Ubuntu One Free and users will get 5GB of free storage when they set up an account. Current users of Ubuntu One Basic will see their free storage allowance automatically increase from 2GB to 5GB. "

If you remember to take the appropriate steps to protect your data from unauthorized access, getting an extra 3GB of storage for free is a nice gift from Canonical to its users.

Sources & References:

Thursday 28 July 2011

Government IT - Is the Answer Open Source?

It's easy to overreact to salacious headlines about the waste of public resources by incompetent government departments or careless officials. However, one of the nice things about living in a democracy is that you can often get to the source material of some of these claims.

The BBC posted a story online today (28 July 2011) suggesting that some government desktop computers cost as much as £3,500! OK, let's go to the source and see if that is really what the Public Administration Committee claims:

"According to the UK Central Government IT Benchmarking Study conducted by Gartner[37] in 2005 median total cost of ownership per Government desktop was running at £2,300, when best practice was around £1,800 a year " (para.16)
The £3,500 figure seems to relate to expenditure by the Cabinet Office which "spent an average of £3,664 per desktop computer for each full-time employee" (para.16). Estimates for system costs do vary - significantly - however, it seems to me that £800 (the cheapest annual figure quoted in the report) is an astonishing sum for a desktop computer. I would have hoped that any organization that spends up to £16 billion a year on IT procurement could leverage some influence on the unit cost!

But, am I really being fair? After all, Government has significant considerations when sourcing products, not least security, stability, and continuity of supply. There's also the cost of maintenance and support to be considered (not everyone can fix their pc when they have a problem!), so let's calculate a reasonable average cost for a desktop pc.

During the course of the inquiry, the DWP cancelled a contract with Fujitsu for desktop computers (para.5) - this gives us a starting point for evaluating the expected cost of a standard, no-frills pc. A quick search via Fujitsu's home page turned up several preferred suppliers: choosing the first supplier (a company called, Insight) and then a standard Fujitsu ESPRIMO E3521 base, I received a quote for £297.99 (ex VAT, which the Government pays back to itself anyway!). No cables or monitor, so let's add the cost of a screen. Choosing the first (but not the cheapest) Fujitsu monitor from the same supplier adds £92.99 for a 19" monitor - the total is still less than £400 but I haven't allowed for licensing (Windows & Office) or support - let's add another £75 for software and another £150/year for onsite support - call it £600 for year 1 and £225/year thereafter.

Remember, I haven't chosen the cheapest base or monitor, nor have I applied a bulk discount - this is the list price advertised on Insight's web page. Also remember that I can reasonably expect such a pc to last for three years, making the average cost per year £350 - a lot less than the £1,800 quoted for best practice.

So, what is it that inflates the cost of government IT? The simple answer seems to be over-specification (para.70-75). This is the hallmark of an ignorant customer: hardware security and stability can be had for much less than £1,800 and software security and stability can be had for free!

Whilst the principle of caveat emptor applies, it's always easy to squander someone else's money! The good news for open source (and, hopefully, taxpayers) is that the Government intends:

"creating a level playing field for open source software" (para.10)
and the Committee recommends (Conclusions and Recommendations):
Open standards

27. Adherence to open standards is important if the Government is to make data more readily accessible. It will also help the Government avoid lock-in to any one provider. We welcome attempts to identify the open standards to be used across departments. However, we are concerned that the recent Government survey indicates that the current understanding of open standards is incomplete. The Government should prioritise the adoption of a set of core open standards which focus on interoperability between systems, making data available through open interfaces and formats that allow meaningful public access. (Paragraph 141)

28. Government should omit references to proprietary products and formats in procurement notices, stipulating business requirements based on open standards. The Government should also ensure that new projects, programmes and contracts, and where possible existing projects and contracts, mandate open public data and open interfaces to access such data by default. (Paragraph 142)

Sources & References:

Monday 25 July 2011

Plan C

Given my views on the cloud, I've been thinking about alternatives to uploading data backups to third-party servers.

In common with other types of memory, flash memory has seen a significant fall in price over recent years and large usb flash drives of 64GB can be had for under £70 (or as little as $90 if you're lucky enough to live in the USA). Flash drives are also small and portable, making them an ideal format for keeping data backups close at hand and separate from the data source.

However, size can also have its disadvantages: flash drives are easily misplaced or stolen, so keeping data secure, even if it should fall into the wrong hands, is of paramount importance.

The good news is that it's easy to create an encrypted directory on a flash drive using free encryption tools readily available from the Ubuntu Software Centre: just install EncFS & Cryptkeeper and you're good to go!

To create your directory:

  • Insert your usb flash drive & and it should mount under the /media/ directory.
  • Click the Cryptkeeper icon in the systray and select the New encrypted folder option.
  • In the Create a new encrypted directory dialog, select the usb drive from the Places menu and type a name for the new directory in the Name: text box.

  • Click Forward.
  • Enter & confirm a password for the directory and click Forward.
  • The directory should be created and mounted.

To import the encrypted folder on another machine:

  • Insert your usb flash drive & and it should mount under the /media/ directory.
  • Click the Cryptkeeper icon in the systray and select the Import EncFS Folder option.
  • In the Import and Encfs encrypted folder dialog, select the directory with a name ending with _encfs and then type a name for the mount point in the Location: text box.

  • Click the Forward button.

At any other time you can mount the encrypted directory by inserting the flash drive, clicking the Cryptkeeper icon, and selecting the checkbox next to the directory name. You'll be prompted for your password and your file browser will display the directory.

Now you can store data in the directory without the need to encrypt individual files. It is worth pointing out that flash drives have limited life-spans so it may even be prudent to have a Plan D!

Sources & References:

Switched Off

Two days ago I wrote:

"Whilst data theft is perhaps the most obvious risk, users should also think carefully about the reliability of a service and continuity of access. Service providers can fail or simply withdraw a service; governments and laws change with dizzying frequency; infrastructures may collapse and any of these can result in a user being separated (either temporarily or permanently) from his data."

Even as I was drafting those words, it seems that Google was deleting a "striking number" of accounts leaving some of its users with no access to their data: one Google user, Thomas Monopoly, wrote on TwitLonger:

"My Google account was tied to nearly every product Google has developed, meaning that I lost everything in those accounts as well. I was also in the process of consolidating everything into my one Google account. I had actually thought through this a few months ago and determined Google to be a trustworthy, dependable company. So I had imported all of my other email accounts, hotmail, yahoo, etc., into that one gmail account. I had spent roughly four months slowly consolidating my entire online presence, email accounts, banking info, student records, etc., into that one Google account, having determined it to be reliable. That means in terms of information, approximately 7 years of correspondence, over 4,800 photographs and videos, my Google Voice messages, over 500 articles saved to my Google Reader account for scholarship purposes..."

It's only fair to point out that the users that have had their accounts deleted may well have been in breach of Google+ T&C (although there seems to be little evidence that everyone who had their account closed is guilty of an infraction), but it seems that the penalties for violations can be pretty brutal - even William Shatner has reportedly fallen foul of Google's reprisals!

The lesson is clear: do not rely on capricious corporations to protect you or your data!

Sources & References:

Sunday 24 July 2011

Fontconfig Error

I've finally got around to solving a puzzle in the terminal on my 8400. Whenever I opened an xml file for editing using the command line, I would get the following error message:

"~/.fonts.conf", lne 1: xml declaration not well-formed

As it's never stopped me from working, I've never really paid much attention to the message, but, as I had some time to spare today, I thought I'd see if I could work out what the it was telling me. Actually, it turned out that getting rid of this irritating error message was quite simple.

Opening the ~/.fonts.conf file from the command line (& receiving the usual error!):

sudo gedit /home/jogga/.fonts.conf

revealed that the quotation marks that define the variables in the file were of the wrong type - simply changing the double quotation marks (by deleting the existing marks and replacing them using the Shift + 2 keys) and rebooting the system was all that was required!

Sources & References:

SciTE(ing) Numbers

Having recently figured out how to change the default language and turn on line-wrapping in SciTE, I've just got around to amending the SciTE properties file on my laptop. Although I don't do any programming, I thought that it might be useful to turn on the line-numbering function at the same time.

Open a terminal and type:

sudo cp /usr/share/scite/SciTEGlobal.properties /usr/share/scite/SciTEGlobal.properties.bak

This command creates a backup of the SciTEGlobal properties file and saves it with a .bak extension in the same directory as the original. Inexplicably, I omitted this step in my previous post - however, it is always a good idea to create backup copies of system or properties files before making changes!

In order to turn on the line numbering function, we have to amend two properties in the Global Properties file. Using the command line, open the file with:

sudo gedit /usr/share/scite/SciTEGlobal.properties

The first property to change is the line.margin.visible variable. Open a search dialog in gedit (Ctrl + C) and type:

line.margin.visible

All that is required is to un-comment this line (remove the # character from the start of the line) in the SciTEGlobal.properties file. Next, we need to specify that the margin should expand as the number size increases. The line under the line.margin.visible property should be the line.margin.width property with a default value of 4. Change this variable to read:

line.margin.width=3+

Save the changes and close the SciTEGlobal.properties file. When you next start SciTE, you should now have line numbering turned on by default.

Sources & References:

Saturday 23 July 2011

Nothing to Hide, Nothing to Fear?

In June, Wendy Seltzer (Freedom to Tinker) posted a fascinating piece on the privacy issues surrounding Facebook's roll-out of facial recognition software. Whilst Seltzer's article is an interesting contribution to the wider debate about online privacy, the real surprise for me was the revelation that Dropbox employees can access users' files despite previous assurances that its servers were encrypted and that users' data was"inaccessible without [an] account password".

The unseemly rush to cloud computing is an issue that has been nagging at me for a while but, until now, I've found it hard to articulate why it makes me uneasy. Even a cursory evaluation of the potential of facilities like Dropbox and Ubuntu One reveal obvious benefits; not least, disaster recovery and (authorized) data sharing. Moreover, many commentators seem both comfortable with the concept of third-party storage/services and unconcerned that personal data is potentially vulnerable to unauthorized access; as Sarah Jacobsson Purewal puts it:

"Ok, so no worries--so long as you're not doing anything wrong, you should be fine. So why is this news?"

However, I can think of a number of reasons why it might not be fine if personal data is accessed and disseminated without the owner's consent or knowledge. Let's start with the easy stuff. Those backups of personal files stored in the cloud (you know, financial records, medical files, compromising emails to a lover and the like) are valuable - not only to the owner, but also to those that steal identities - that makes them financially valuable and more attractive to dishonest employees. Of course, it may not be dishonest employees that pose the greatest danger of data theft from third-party servers! Some providers don't even encrypt users' data on their servers, for instance, Ubuntu One tells us:

"We do not store your files encrypted in our data storage since we need them unencrypted in order to send them to the people you choose to share with. If you are concerned about storing your files unencrypted in the Ubuntu One cloud, you could always store the files already encrypted so Ubuntu One never sees the plain text files. Doing so may prevent the proper functionality of some Ubuntu One features such as multiple computer synchronization, web browser access, and sharing with others. "
I don't suppose that I need point out that Sony, RSA, & the IMF have all been victims of hacking attempts during 2011 - it's worth thinking about that fact before uploading plain text files to third-party servers!

Whilst data theft is perhaps the most obvious risk, users should also think carefully about the reliability of a service and continuity of access. Service providers can fail or simply withdraw a service; governments and laws change with dizzying frequency; infrastructures may collapse and any of these can result in a user being separated (either temporarily or permanently) from his data. Couple this with the fact that a user in the UK may be storing data on a server in the US and the whole morass becomes a little more complicated.

Even if access and theft are considered manageable risks, there's also the concern of data corruption (or destruction) through hardware failure of software viruses: not every service provider implements the latest security patches!

The fact is that, once you upload information to a third-party server, you effectively surrender control over that information. That doesn't (necessarily) make The Cloud a bad place, but users should not rely on service providers to protect them. Take reasonable precautions to protect your own data:

  • Do not upload plain text documents to a storage facility (unless you don't care whether they can be accessed without permission).
  • Do not rely on the service provider's encryption mechanisms - encrypt your own data.
  • Have a Plan C for accessing your data.

Sources & References:

Thursday 21 July 2011

Clear Line of SciTE

Recently I mentioned that I was using SciTE to draft my blog posts. This deceptively simple program is invaluable and one of the first apps that I load if I've updated or changed my OS. However, unlike many applications, there is no preferences options in the menu bar where users set their default options such as their preferred language. In order to change these options, users must edit the global options file.

As I use SciTE mainly for drafting and reviewing blog posts, I've changed my default language to html and turned on the line-wrapping function. To make changes to the global options file, open a terminal and type:

sudo gedit /usr/share/scite/SciTEGlobal.properties

Enter your password at the prompt and the file will open in the gedit text editor.

To change the default (programming) language, open a search dialog (Ctrl + F) and type:

default.file.ext

and change the .cxx extension to the language of choice (mine is .html). SciTE can manage over thirty programming languages, so there should be one to suit your needs!

To turn on the line-wrapping function, type (in a search dialog):

wrap

change the # wrap=1 to read wrap=1 (that is, simply remove the comment tag).

Save and close the global options file and reopen SciTE for your changes to take effect.

Sources & References:

Wednesday 20 July 2011

Cryptic - ISP Steganography

Recently I blogged about steganography and my (very) simple experiment to see how it works. If that piqued your interest, you may be interested in just how useful steganography can be: Anticensorship in the Internet's Infrastructure.

Telex is a way of using public-key steganography to circumvent censorship:

"The client secretly marks the connection as a Telex request by inserting a cryptographic tag into the headers. We construct this tag using a mechanism called public-key steganography. This means anyone can tag a connection using only publicly available information, but only the Telex service (using a private key) can recognize that a connection has been tagged."

Sources & Resources:

Essential Reading

Secrets & Lies: Digital Security in a Networked World
Bruce Schneier
Wiley Publishing Inc
ISBN: 978-0-471-45380-2

Put simply, everyone who owns (or uses) a computer that is attached to a network should read Secrets & Lies. Schneier himself recommends reading it "through a second time" (p.xxiii), but I'm not sure that even reading it twice will be sufficient to absorb all the lessons and wisdom that the author offers his readers to keep them safe online! Without doubt, this is the finest book on computing (of any type) that I have read to date and throughout I found myself wishing that I had read it when it was first published.

Sure, this seminal treatise on digital security is starting to show signs of age, but then it was originally published in 2000 and the fact that technology has developed so quickly over the intervening decade is a testament to both the simplicity and the enduring relevance of the underlying message: "[s]ecurity is a process, not a product" (p.xxii). As our personal information and virtual existence is increasingly spread across the Internet, this is a lesson that we should all heed. Fortunately, Schneier's uncomplicated approach coupled with his lucid and inclusive prose means that non-technical readers should not be intimidated by the book's four-hundred or so pages and it seems to have been written as much for the layman as for technicians and geeks. Indeed, the book's format and layout are designed to make digital security as accessible as possible and Schneier breaks it into logical sections that provide: the context and justification for digital security (The Landscape); the tools for providing security (Technologies); and how best to deploy these tools (Strategies). However, this is no technical manual - there's very little in the way of direct implementation advice - more, it is a way of thinking about and planning for security and this is the real secret of the book's durability.

Throughout, there are echoes of Schneier's despair with his earlier manuscripts and the lack of hope the early drafts gave his readers (p.396). Nonetheless, this serves only to reinforce the importance of the message and the urgency of the risks. Schneier's epiphany in 1999 (p.397) that led to the resurrection and publication of this book provides us all with the hope that, once we understand the risks and plan our responses, even when those risks are manifest we can mitigate the damage.

Whether you have an interest in network security generally or you are one of the computer security's mystified majority, Secrets & Lies is essential reading.

Saturday 16 July 2011

8400 Desktop Refresh

Time to update the desktop background on the DELL Dimension 8400:

This is another Nat Geo Photo of the Day and would probably look great on my Mint machine!

Sources & References:

LifeCam VX-1000 - Repairs

I tried to make a Skype call today and, whilst I could see my interlocutor in the Skype call-screen, she couldn't hear me. I tried restarting Skype and rebooting my computer - all to no avail.

Then it occurred to me that yesterday I had installed some updates including some linux-header packages and I assumed that one of these had broken the gspca patch. Simply reinstalling the patch was all that was required to restore my webcam to rude health.

One of the interesting lessons of this otherwise banal event is that you can review your update history using Synaptic. Open Synaptic from the Administration Menu and then click File and select History.

Sources & References:

Friday 15 July 2011

Ctrl + C

Everyone knows how to copy & paste; right?

Well, in Linux copy and paste can be easier than in Windows: simply highlight the text that you want to copy in one application and, switching to the destination application, click the middle button on your mouse.

However, unlike Windows, the clipboard contents are only available while the source application is open and that can be a little disconcerting for new users. Fortunately, there are a couple of options available from the Ubuntu & Mint software repositories.

Glipper is a clipboard manager that works with Gnome.

"It maintains a history of text copied to the clipboard from which you can choose. Glipper uses plugins to give the user all the extra functionality.

In previous versions Glipper was a GNOME applet, but now it uses app indicator to support Ubuntu Unity and Ubuntu's Gnome Classic."

As I don't use Gnome, I've chosen Parcellite which integrates well with the AWN notification applet.

"Parcellite is a lightweight GTK+ clipboard manager. This is a stripped down, basic-features-only clipboard manager with a small memory footprint for those who like simplicity."

Both are excellent applications and, if you find yourself doing a lot of copy/paste (or authoring your own blog!) either would prove to be an invaluable addition to your application armoury.

Oh, and a little confession is in order: I didn't know about the middle button trick until I started researching clipboards for Linux!

Sources & References:

Thursday 14 July 2011

Keyping Safe

I've been doing a little bit of housekeeping today - catching up on those important/non-urgent tasks that never seem to get done.

One of the things that I've been meaning to find is a Linux replacement for Spb Wallet. I use this program a lot: I originally bought (yes, purchased!) it for my WinMob device, but I also used the desktop version extensively before I found my way to Ubuntu. Interestingly, the alternative that I settled on is a cross-platform application called KeePassX originally written for Windows in 2003.

The application has a good pedigree and it can be found in both the Mint and Ubuntu official software repositories.

Once the application is downloaded and installed, it can be opened from the Accessories menu.

It's got a nice (simple) interface for creating and using password databases and one really nice feature is that you can import .xml files (exported from other PC) so you don't have to recreate your password store from scratch on every machine!

If you have trouble remembering a multitude of passwords for online accounts, servers, hardware, and the seemingly endless other authentication requirements, this handy application might be just what you've been looking for.

Sources & References:

Wednesday 13 July 2011

Cryptic - Steganography

Regular readers of this blog will have probably guessed that I've been reading Bruce Schneier's book, Secrets & Lies. It's a superb exposition on digital security (expect a review soon) and I only wish that I had read it when it was originally published! The book has introduced me to several security concepts and one in particular intrigued me so much that I decided to investigate in more detail.

According to Schneier, steganography "is the science of hiding messages in messages" and in the digital world, messages can be hidden "in graphics, pictures, movies, or sound" (Schneier 2004 p.245). Schneier describes hiding a secret text message in a picture of giraffes and I wondered how easy it is to replicate the process. The answer is that it is simplicity itself! I embedded a short text message in a picture file on my DELL Dimension 8400 (Ubuntu) and emailed it to my Inspiron 1501 (Mint) where I decrypted the plaintext with a single command (coupled with a pre-arranged passphrase) in a terminal window.

For ease, I put all of my files in a single directory: clearly, if you wanted to hide what you were doing, this is probably not a good idea but it serves well enough for testing purposes.

  1. First I installed a program called steghide on both computers (using the Ubuntu Software Centre and Mint's Software Manager). This is easy enough to find and install, just use the search function and type, steghide, select the program and click, install.
  2. Next I selected the photograph that I was going to use as the message mule and saved a copy in my test directory (/home/jogga/Documents/Blog/steganography) called steg_test.JPG
  3. I created a text file called steg_test.txt and saved it in the same directory as the photograph.
  4. I opened a terminal and changed directory to where the photograph and text file were stored. I did this only to reduce typing file addresses during the encryption/embedding process and it really isn't necessary.
  5. Then, at the terminal prompt, I typed:

    steghide embed -cf steg_test.JPG -ef steg_test.txt

    The terminal prompted me for a passphrase and then prompted me to confirm the passphrase.
  6. A handy status message confirmed that the process had been completed.
  7. Now I emailed my photograph as an attachment and opened it on my Mint laptop.
  8. I saved the file (again, in a purpose built directory) and used a terminal to change directory to the photograph's location.
  9. Decrypting the file was simple - from the command prompt, I typed:

    steghide extract -sf steg_test.JPG

    The terminal prompted for the passphrase and then decrypted the message as a text file in the same directory.

Now that's pretty cool!

Sources & References:

  • Schneier B, Secrets & Lies: Digital Security in a Networked World, 2004, Wiley Publishing Inc.
  • Steghide - Documentation
  • Steghide - Manual

Monday 11 July 2011

Fresh Mint

OK, so even I got fed up with my Mint desktop - it only took three days!

I've always loved pictures of the Milky Way, it reminds me of how small I am and how big the universe is.

This picture is from the European Southern Observatory and shows four of the antennas at the Atacama Large Millimeter/submillimeter Array (ALMA).

Paranoid

If you've been reading my recent posts on 'nix security you may be starting to think that I'm getting a little paranoid - and you'd be right!

Whilst it's easy to point and laugh at the Edward 'Brill' Lyle types out there who live in cages and don't have an email address, the more cautious among us may have the right idea. The BBC recently posted an article of Yahoo!'s intention to scan personal emails and apparently, "the world's largest email provider" is not alone!

Yahoo! is among a number of e-mail service providers which scans content.

Google mail, on its website, says it looks at the text of Gmail messages to filter spam and detect viruses.

"Google also uses this scanning technology to deliver targeted text ads and other related information."

BBC Newsbeat 08/07/2011 (as linked)

Of course, this isn't exactly news: Bruce Schneier warned us as early as 2000 that:

"E-mail has no built-in security.

Like any network packet, any machine between the source and the destination can read e-mail. (You can even see the names for some of those machines in the headers of your received mail.) The common metaphor used for Internet e-mail is postcards: Anyone - letter carriers, mail sorters, nosy delivery truck drivers - who can touch the postcard can read what's on the back."

Schneier (2004 p.200)

However, what Yahoo! and Google are doing isn't some benign equivalent of a nosy delivery truck driver, they are engaging in wholesale snooping on their customers with the intent of stealing information for the purpose of corporate enrichment. This is nothing short of an invasion of privacy.

Not so long ago, those of us who were new to the Internet were encouraged to delete cookies at the end of a browsing session, protect our computers with a strong password (and change it often), and never put anything in an email that we wouldn't put in a sealed envelope: as time has passed and we have all become more familiar with the Internet and its technologies, we seem to be forgetting those valuable lessons. Perhaps it's time to remind ourselves of those lessons and, if something is private, to take responsibility for our own privacy.

Sources & References:

Sunday 10 July 2011

Sharing Mint

Here's an interesting fact; file and folder sharing is not enabled by default in Mint. Fortunately, it's easy to fix this oversight.

To enable sharing from Nautilus, you'll need to install an application called, nautilus-share from the Software Manager:

If you want to share your file or directory on your network and you're using SAMBA, you'll also need to add a username and password to the smbpasswd file just open a terminal and type:

sudo smbpasswd -a [user_name]

Where [user_name] is the name that the remote user will use to login to the shared folder.

Once the username has been accepted, you will be prompted for a password and then prompted to confirm the password. Once you have rebooted your PC, sharing is a simple matter:

You can also add a comment, choose to allow users to create and delete files, and allow guest access from the same dialog box.

Mint Condition

OK, so it isn't that spectacular, but, in my defence, the background is usually the last thing I worry about when I've just installed a new operating system!

A Taste of Mint

Yesterday I decided to take a peek at how Linux Mint performs on my DELL Inspiron 1501. In reality, this is as much a tacit acknowledgement that it is time to abandon Natty (at least until the bugs are ironed out) as it is about personal curiosity.

Because Mint is an derivative of Debian and Ubuntu, I don't have much drama to report! Downloading the OS and burning it to a CD is exactly the same as for the Ubuntu distro - I chose to install Version 10 (Julia) which is based on Maverick and supported until 2012. First impressions are generally favourable but that's not entirely unexpected - this is essentially a fork of the Ubuntu project.

The good news is that the hardware drivers for my wireless network card were painless to install (and WiFi now connects at boot rather than needing to be started manually) and media such as DVD work without the need for restricted drivers - nice! Another nice touch is the MintMenu but I have decided to forgo this particular feature as I prefer using AWN rather than Gnome-panels - and even the patched version of the dockbar applet (using Docky) wouldn't load properly (or quickly) and it wasn't worth the bother to persist.

However, there are some surprises: for one thing, the Update Manager doesn't appear to manage OS updates (only patches) and the recommended approach seems to be a fresh install every time users want to upgrade (perhaps that's not a bad thing!). Another notable omission is the absence of Libre Office from the Software Manager and Thunderbird is the default mail client. However, all the usual suspects (Scite, Chromium, Shutter, etc) are in the Software Manager so getting the machine into a familiar look and feel took only a few hours.

So, in summary, this distro is easy to install, runs perfectly on my 1501 and looks the part! I'll be playing with Mint over the next day or so - doubtless, I'll have more observations in the near future.

Sources & References:

Tuesday 5 July 2011

Cryptic - IntroToCrypto

In my recent review of Michael Lucas's PGP & GPG, I suggested that there are comparable and cheaper alternatives on the Internet. In order to demonstrate just how good some of this (free) information is, here is an automatic download link (see below for the link to the download page) to a PGP publication, Introduction to Cryptography: it's a free download in .pdf format.

The publication includes extensive contributions from Phil Zimmermann and is probably as good an introduction as you will ever need to cryptography!

Sources & References:

Monday 4 July 2011

Great....BUT - Book Review

PGP & GPG: Email for the Practical Paranoid
Michael W. Lucas
No Starch Press
ISBN: 9 781593 270711

Michael Lucas certainly knows his stuff when it comes to encrypting email and he imparts his wisdom with a light, uncomplicated style that makes this book an easy and enjoyable read. As an introductory text on the subject, it's difficult to imagine a better single-source of information for anyone considering encrypting their private information before sending it across the public network.

Lucas takes his readers through the installation and configuration of his two chosen encryption programs (PGP & GPG) and provides useful insights and excellent practical advice throughout. There's also a brief (but fascinating) introduction to the origins of PGP as well as absorbing discussions on key management and the principles that underpin the web of trust concept. But (and this is quite a big but), there are problems with this book that make it questionable as to whether the cover price represents value-for-money.

Firstly, this really is an introductory text and, unless the reader is a complete computer novice, much of this book is pointless: most users will already know how to install a program using the default installation settings (or know enough to be able to follow the installation wizard) and therefore, the significant portion of the book that describes these processes seems somewhat redundant. That's not to say that there is no useful information in the descriptions (for instance, using hashes or checksums to confirm the integrity of the download), only that too much time is spent describing processes that will be patently obvious to virtually everyone that reads this book.

Then, there's the layout: Lucas glibly skips from discussing one program to another in alternate chapters and this has a calamitous impact on the text's rhythm. In fairness, Lucas does warn his readers that they can skip the chapters that are not germane to their circumstances, but that's not entirely helpful to reader with either a general interest in the topic or is concerned with multiple operating platforms or single encryption programs. Perhaps a better approach would have been to separate the contents into three sections allowing readers to have an overview of the subject followed by comprehensive (and uninterrupted) discussions about each encryption program.

Finally, Lucas provides no information here that is not freely available on the Internet: for instance, try searching online using the simple text string, "installation guide PGP". That there are alternative sources of information is not a problem per se, nor is the fact that many comparable guides are available free-of-charge; however, it does make the near twenty quid cover price extravagant!

If you're too lazy to find your own sources and have some money to burn, this is a great introduction to encryption.

Deleting Files Securely.

It's no secret that deleting files from a directory doesn't actually erase the files from a hard-drive: it simply marks the disk space as writeable (or empty) and removes any links to the file from the file-tree. For most purposes this is sufficient, but what about those sensitive bank account records and other files that you'd rather not leave hanging around?

Fortunately, Ubuntu ships with the GNU core utilities package which contains the shred command to overwrite a file and effectively destroy its data1.

Let's say that you have a text file called test.txt in the your /home/USR_Name directory that you want to obliterate. Open a terminal and type:

$ shred -u -z -v -n [N] /home/[USR_NAME]/test.txt

Where:
-uTruncates & removes the file after overwriting.
-zAdds a final overwrite with zeros to obscure the shredding process.
-vShows the progress (verbose output) of the operation in the terminal window.
-nThe number [N] of iterations instead of the default.

So, to shred the test.txt file from my /home/[USR_NAME] directory with 30 iterations:

$ shred -u -z -v -n 30 /home/jogga/test.txt

The command can manage multiple files and wildcards. For instance, if you want to delete all .jpg files in a directory; change to the directory (cd /home/[USR_NAME]/directory) and type:

$ shred -u -z -v -n [N] ./*.jpg

However, you should exercise caution when destroying multiple files (or, in fact, when destroying individual files)!

Sources & References:

Notes:

1 There are limitations to this claim: some file systems negate the efficacy of the shred command and you should read the man page to ensure that this form of data obliteration meets your needs. In Ubuntu, the ext3 file system is particularly problematic.

Friday 1 July 2011

Dumping Unity

The ceaseless grumbling about Ubuntu's new user interface shows no sign of abating and some commentators have even gone so far as to suggest that Unity is responsible for Ubuntu's recent slide from top-spot in the DistroWatch ranking table.

Whilst I've expressed reservations about Unity in the past, the truth is that my experience of Canonical's latest offering has been largely positive: in terms of stability, it's been a rock-solid interface with few (if any) system crashes and it is delightfully responsive on my old DELL Inspiron 1501. However, last weekend I joined the growing band of Ubuntu fanboys that has decided that it's time to dump Unity. Notice that I said that I was dumping Unity - I did not say that I was dumping Natty!

To be honest, despite Unity's dependability, I found it to be one of the dreariest graphical environments that I've ever used (all black boxes & grey panels) and I wasn't really turned-on by the netbook-style interface over which I had little or no control. Suddenly, I felt hemmed in by my GUI; restricted to Canonical's vision of how an OS should look and I haven't felt like that since...

...well, the last time I booted a Windows® machine actually!

However, the real tipping-point came at the weekend. My 1501 is a test machine: I use it to play around with ideas or to evaluate new software before exposing my stable machines to my tinkering whims. Having figured out how to create and manage an encrypted directory using EncFS, I was disappointed to realize that Unity was not going to co-operate and would not allow the Cryptkeeper applet to appear in my system tray. Of course, there's no reason that I couldn't use the command line to gain access to my encrypted directory but, like many ex-Windows users, I'm familiar with point & click and, where it's the simple option, prefer this method to any other.

Fortunately, Ubuntu makes it easy to switch to something more familiar without the hassle of rolling-back the current operating system: simply select your preferred desktop environment at the login screen. I've gone back to Gnome as my desktop of choice and my Cryptkeeper applet does what it's supposed to do. It also means that some (but, by no means, all) of my customisation options are restored: my AWN dock bar has made a welcome return!

So, I've abandoned Unity but stuck with Natty - let's hope that Canonical irons out some of Unity's wrinkles in the next LTS (due in 2012).

Sources & References: