NSA: Please Turn off the Lights When You Leave. Nothing to See Here.

Linux Advocate Dietrich Schmitz shows how the general public can take action to truly protect their privacy using GnuPG with Evolution email. Read the details.

Mailvelope for Chrome: PGP Encrypted Email Made Easy

Linux Advocate Dietrich Schmitz officially endorses what he deems is a truly secure, easy to use PGP email encryption program. Read the details.

Step off Microsoft's License Treadmill to FOSS Linux

Linux Advocate Dietrich Schmitz reminds CIOs that XP Desktops destined for MS end of life support can be reprovisioned with FOSS Linux to run like brand new. Read how.

Bitcoin is NOT Money -- it's a Commodity

Linux Advocate shares news that the U.S. Treasury will treat Bitcoin as a Commodity 'Investment'. Read the details.

Google Drive Gets a Failing Grade on Privacy Protection

Linux Advocate Dietrich Schmitz puts out a public service privacy warning. Google Drive gets a failing grade on protecting your privacy.

Email: A Fundamentally Broken System

Email needs an overhaul. Privacy must be integrated.


Cookie Cutter Distros Don't Cut It


The 'Linux Inside' Stigma - It's real and it's a problem.

U.S. Patent and Trademark Office Turn a Deaf Ear

Linux Advocate Dietrich Schmitz reminds readers of a long ago failed petition by Mathematician Prof. Donald Knuth for stopping issuance of Software Patents.

Friday, August 29, 2014

Firefox Sponsored Tiles Advert Strategy: Do You Object?

Mozilla Firefox nightly builds now include Sponsored Tiles on the 'New Tab' page
Here is the issue:  Firefox has survived on Advertisement revenue right along.  Yes?   Most of their revenue is based on a contract with Google which has been confirmed will end in November 2014, unless Google has a change of heart and renews.

Consequently, Mozilla is looking at contingency planning and has now added Sponsored Tiles to their nightly Firefox builds.  Sponsored Tiles appear on the 'New Tab' page and won't appear in your regular browser stream.  Being found on the New Tab page means they won't get blocked by tools like Adblock.

Remember, Mozilla is an Open Source company and this will help them to continue to fund Firefox development and continue to expand Mozilla Corporation at the same time.

So, I am fine with it, as long as Firefox remains Open Source.  What say you?  -- Dietrich

The Linux Distro Repository System Safety Assurance

(Image credit: ablogabouthistory.com)

Most people don't give a thought to this subject.  In fact, with Legacy Windows (x86), including Windows 8.1, there is no such concept as a 'repository'.

Every Linux Distribution (call it a 'flavor' if that helps), provides its own repository.  What is a repository?  Imagine a Castle (Library of Applications) with a moat around it and a draw bridge.  Only keyholders can get in and get out.

The keyholder conceptually is provided by a technology used extensively with Linux, called GNU Privacy Guard (GnuPG or GPG for short).  The idea is to guard all software in the library to assure that no 'tampering' can ever occur.  Tampering scenarios include adding rogue software (applications with hidden trojan viruses), unauthorized code edits which have negative repurcussions and usually include software exploits, such as the kind that politely advises the user that their drive is now officially encrypted/locked and cannot be used unless a monetary consideration (extortion) is provided that will cause the encryption to be unlocked (CryptoLocker being one such application aka Ransomware targets Windows, not Linux).

This GPG technology allows each piece of software in the Library to be linked to your Linux on the Desktop GPG-keyring and will not install, per se, unless it can be unlocked by your Desktop keyring (Fedora is my Distribution of choice).

The advantage is clear.  The maintainers of the repository for your Distribution are thus able to  maintain strict control over who can contribute code, vetting of software and the author's background, all done to assure that the program being considered for acceptance into the Library is safe for general use, devoid of any rogue code.

The absence of a repository of protected software applications has been an historic security problem of endemic proportions for Microsoft who must continually apply Zero-Day security patches to the operating system once a month to thwart introduction of rogue software onto the operating system.  It is a hopeless, unending situation and the fact that such software as CryptoLocker and Stuxnet exist should be a flashing neon roadside billboard to the average user, but, sadly isn't.  The public is bamboozled and has bought into the accepted practice  of running third-party Anti-Virus software, lulled by its false sense of security and done by the user at their additional out-of-pocket expense for purchasing said software, time and effort.  

Indeed, the Windows Legacy security software business produces multi-billion annual sales all of which does nothing to deflect a Drive-by Download, for example.  The user won't see it, but their machine is infected and there isn't anything they or Microsoft can do about it, short of a complete redesign effort which has gone into their ARM processor based product which has suffered languishing sales.

Below is my system running an update download from the GPG keyring-protected repository at Fedora.  If you run automated updates, this will occur daily with Linux, not monthly as Microsoft does on Patch Tuesday.

Fedora Linux:  The safest operating system on the Planet

Users of Windows Legacy must therefore 'fend for themselves' and go into the 'wild' so to speak in search of software, whatever that may be, with no assurance that it isn't laden with trojans ready to deploy silently, unbeknownst to the victim user, who believes they have found a nice game program, for example.

You may think things are safe with Windows.  They are not.

Fedora Linux: The safest operating system on the Planet.

I stake my reputation on it.  -- Dietrich

Thursday, August 28, 2014

Google Does Evil. And Then Some.

Every day, I go about my business using my computer tools, all the whilst thinking about what I am doing.  Specifically, I am most concerned about Privacy on the Internet.

We all know what that means at this point and given past events that punctuate the need for Privacy Protection, I see little being done about it, in particular, by Google.

You see, Google stands to profit on every little piece of meta data connected to you.  Use their products, as they want you to and you will become a slave.

Yet, the reality is Google's Terms of Service let them get away with doing with your data as they see fit.  Some of the readers may be non-plused by that fact, but it grinds my gears.

Do No Evil

Remember that slogan?  I bought into it.  They gaffed me, pulled me up on the boat.  It was real easy.

You might be thinking:  "But they have free Gmail and I've become so dependent on it and also Drive is coOL".

That is a pervasive mindset which hasn't diminished and despite my writing this post, isn't going to change anytime soon.  But my purpose here is to help the reader gain a new perspective on the services Google provides.

And, the services to which I refer are NOT the ones which you, the consumer, use.

No, this is about what Google does to profit from parsing your clear-text gmails and Drive documents.  Clear Text means they are not encrypted in any way.  That is by design.

Among all of the hideous revelations that came last year from one Edward Snowden, was the disclosure of the PRISM program run by the NSA.  When the story hit the press, the ISPs reflexively, like sleeping hound dogs, woke up and began to howl in unison, Google, Yahoo, Microsoft, expressing outrage at the extent to which the NSA has intruded electronically in Americans' private lives.  The story turned quickly to it becoming apparent that the NSA was pitching camp as revealed by Edward Snowden on the inside of Google's firewall, knowledge of which was immediately disclaimed by Google, Inc., naturally.

Time passes, people revert to their normal habits.  Not a lot has changed to force the end-user to alter their computer habits insofar as using the Internet is concerned, really.

Initiatives have been started by the ISPs to make their repositories more secure and encrypted, with exceptions, Google being one of them.

Google won't encrypt your Gmail.  Nor will they encrypt your Drive.  That would defeat their ability to parse meta data and key words they claim are used in a 'benign' way for generating Advertising revenue.  Really Google?  I've checked my Drivers License and can confirm, I wasn't born yesterday.  So please.  Don't insult my intelligence and the intelligence of my readers.

This may come to you as a surprise, but, Google is not just in the Advertising business.

And here is the kicker.  According to a story on Veterans Today by Gordon Duff dated April 10, 2013, entitled Google, Beyond the CIA: Insurgence and Espionage Factory, Mr. Duff sheds light on some of the undisclosed 'profit centers' in which Google has a vested ongoing and active interest:

"Intercepted emails expose Google as an intelligence contractor openly involved in aiding terror organizations throughout Africa, Asia and the world, working well outside any official oversight and authority, far beyond even the CIA’s wildest abuses."
Wikileaks obtained copies of some interesting email exchanges with STRATFOR, an American global intelligence company headquartered in Austin, Texas.

From one such STRATFOR email comes this:

“GOOGLE is getting White House and State Department support & air cover. In reality, they are doing things the CIA cannot do. But, I agree with you. He’s going to get himself kidnapped or killed. Might be the best thing to happen to expose Google’s covert role in foaming up-risings, to be blunt. The US Gov. can then disavow knowledge and GOOGLE is left holding the (expletive deleted) bag.”
Gordon Duff goes into further detail to explain Google's Google Ideas Groups special interests with:

"Among the STRATFOR emails Wikileaks received were some exposing Google as, not just an intelligence contractor for the CIA and Department of Defense but foreign governments as well.
Text within the highly sensitive cables outlines criminal and even terrorist activities on the part of Google including the planning of insurgency operations.  Sources have confirmed Google has helped plan military operations against Syria and has been directly involved, working with Arab states, Turkey and Azerbaijan to plan destabilization of Iran.
Emails expose meetings between Google executives and insurgency groups in Azerbaijan operating against Iran.
Under the front name of “Google Ideas Groups,” with support including “air cover,” authorized by the White House and State Department, Google Corporation is directly involved in planning terror attacks.
Wikileaks intercepted STRATFOR emails outlining Google operations in planning insurgencies and illegally conduction both foreign policy and espionage."

It is apparent that Google holds a special place in the hearts of certain Domestic and Foreign Intelligence agencies with whom they conduct business and exchange information presumably for profit.

You, the consumer are their target.  And if your profile is parsed searching for key word triggers, then you become, oh, let's see, A Person of Interest?  Yes, that's it.  Mr. Duff writes further:

"Google had long been criticized for selling “keyword intercepts” from Gmail accounts to advertisers.
However, it has long been known that, not only does Google go much further, scanning emails for intelligence, both security related and corporate, but there is no clear accounting of who Google’s clients are.
Sources indicate that Google sells email and search related intercepts to governments like China, Vietnam, North Korea and others.
Additionally, Google has been proven to accept payment for suppressing searches of news stories clients find embarrassing, to push conspiracies, to support hate groups, to work in smear campaigns and now, of course, is exposed as having armed personnel working directly with insurgents in direct violation of international law."

So, I will tell you this.  Google is doing you no favors, in fact, if you happen to be a shareholder, what they are allegedly doing constitutes Investor fraud, being involved in covert activities of the kind described above.

The Google Investor site goes so far as to say:

“We believe in the importance of building stockholder trust. We adhere to the highest levels of ethical business practices, as embodied by the Google Code of Conduct, which provides guidelines for ethical conduct by our directors, officers and employees.”

Mr. Duff astutely writes:

Nothing in any Google publication indicates that employees are involved in illegal covert operations that fall within the ICC’s definition of “war crimes.”
That pretty much makes it clear, yes?

You can appreciate that during the past few months I have begun distancing myself from Google product usage where possible and as regards especially Internet Privacy.  I felt obligated to share this information since I am now taking a much more guarded position with usage of any software.  The starting criterion for me is, it must be Open Source.  That means Google Chrome is out.  I don't store anything on Drive or Gmail unless it has been encrypted with GnuPG encryption (Ultimate) before uploading -- this is easily accomplished from the command line with google-drive-ocaml and Evolution Email Client with GnuPG.

This is a strong caution to everyone reading this.  Google is not your Friend.

Google Does Evil.  And then some. -- Dietrich

Wednesday, August 27, 2014

Patch as Patch Can

(Image credit:  theregister.co.uk)

What happens when you use proprietary code?  This story from The Register is quite representative.

Yes.  Google Chrome is proprietary.  Chromium is Open Source.

Open Source Chromium gets looked at by 'many eyes' and that is by Contributors across the Globe Folks.

Bugs get fixed quickly.

With any piece of proprietary code, including Chrome, only the employees who work as developers can make fixes to source code, no one else.  Unlike Open Source, Proprietary source code is not made accessible to the general public.  Only the binary executables get distributed.

It's a classic problem and has lent to a perpetual tread-mill of security issues for Microsoft Windows Legacy (x86) and the litany continues unabated to such an extent that Microsoft now wants to change the name of Internet Explorer to remove some of the legitimate stigma involved with user market perception.  It ain't gonna work.  The horse is out the barn door.

No, in fact, I made a policy decision some time ago not to use proprietary software whatsoever and wrote specifically about Google Chrome.

So, I strongly urge the readers to avoid Chrome like the plague and stick with Open Source developed software only, such as Chromium.

As for myself, I have Open Source dwb and Chromium installed, but use dwb 95% of the time.  dwb is written in pure C with gtk2/3 bindings and a webkit back-end on steroids.  It is understated, spartan, greased-lightning fast, and super lightweight with a 75MB startup RAM footprint.  Highly recommended.  Chromium is the easier of the two to install and use and will gobble up as much ram as it can find but, then, it has all the bells and whistles going for it.  -- Dietrich

Friday, August 22, 2014

Cry Babies Cry. Programmers Code.

A schism of sorts is forming in the Debian developer community as one developer has gone on record to formally criticize Debian's decision to adopt systemd in an Open Letter to the Linux World.

Here's what I have to say to Mr. Christopher Barry and others who may agree with his viewpoint.  Accept it.  Systemd is a done deal.  It's here for good reasons whether you realize it or not.  But I hope you eventually grasp why it was written, as it does solve many inherent 'known' problems with aged sysvinit.

And, as expected, a chorus of cry babies has been awoken, like sleeping dogs, taking aim (again) at systemd.

Those who complain in this instance, I am afraid, have a simple agenda.  

They are lazy.

As such and with much creativity they will persist lodging complaints so as to avoid doing some difficult, but not insurmountable, work.  Yes, there are many pain points in addressing merging systemd PID 1 code that are due to its 'middleware' central/critical role, which result in dependency changes and in some cases some major code rewrites that must be done to conform with this new technology standard.

Ah, standard.  There's the rub.  There are legions of arrogant, swaggering Open Source code jockeys who like to strut their stuff by spinning off their 'me too' Distro with their own branding overnight.  Have you taken a count of how many Linux Distributions there are now?

Standardization strengthens the power of Linux.  Distro sprawl does not.

The planned integration of systemd is now officially deployed to Debian Jessie Beta 1. This means that all the 'foot dragger' derivatives must follow suit with doing what is needed to align with this major system design change.

So, while we see some dig in their heels by organizing a boycott, others choose to simply whine, as the din gets louder and louder.  Soon, though, the cry babies will run out of tears, pick up their toys, and go home whilst the real-world Programmers continue to keep their heads down, doing the grunt work with little fanfare and nary a complaint.

Cry Babies cry.  Programmers code.  -- Dietrich

Monday, July 28, 2014

Linux Desktop Application Development Flounders

You know, I have been trying to remain objective on this topic and have debated whether or not it would be constructive to write a post for going on several months now. (Image credit: illustrationsource.com)

Each day I survey the news pan-handling for those 'nuggets' that would indicate someone out there is 'thinking' and actually innovating on the Linux Desktop.  When I sort through the chaff of daily trumpeting of the newest Distro cookie cutter 'me too!' clone, I come up with scant information on new software development for specifically the Linux Desktop market.

Okay, you are grumbling.  You see, being an Advocate doesn't mean I will feed you platitudes and say 'nice things' all the time.  Quite the opposite.  I take a critical eye to what is, or in case of this story, isn't going on with Linux.

I don't get as excited about Linux on the Desktop (LoD).  Where are the killer apps?

Close your eyes and what do you see?  Heh.  Yep.  Nothing.  This is saying something but I am not sure what it means.

Are Developers too busy doing other things in their lives?

Are the global economic conditions putting pressure on LoD software development in general?

Companies with a bankroll and capability to pay Developers to do their work allow them a decent livelihood.  So, consequently companies like Microsoft and Apple have traditionally done well.

Yet, even now, Microsoft just announced a major lay-off of 18,000 employees.

Along with the effects of a recession, which I prefer to call a depression, come the attendant 'side-effects':

Business contraction, job loss, increased unemployment are all symptoms of what is not just regional, but encompassing the global economy as it were.

Thus, if you are one of those committers who volunteers their service in writing Open Source code in your spare time, and you find yourself out of a day job, that will most undoubtedly put a crimp on your ability, willingness to volunteer services when you cannot put dinner on the table.

We see ongoing development continues with Apple, Microsoft, Red Hat Linux and their orbiting software vendors in the commercial arena, but on the community side of Linux, I see few interesting new software applications in the offing.

Does this fit with what you see?  What are your thoughts?  -- Dietrich

Monday, July 21, 2014

Vokoscreen Screencast Utility So Easy Even a Caveman Can Do It

So, you probably thought I died?  Heh.  Yeah, I know.  I haven't posted in a while.  You know, life happens and I rather not write if I don't have anything good to say so that's why I've been MIA.

But, I am back with a short video to show you a product which is, in my humble estimation, a great, simple, screencast utility.  It is the last screencast utility I tried and turned out to be 'the best'.  Funny how that happened.  Among the contenders for 'drop-dead' easy to use are: recordMyDesktop and Screen-Cast-O-Matic.  Vokoscreen is better as far as I am concerned.

Watch the video, try it for yourself, and see what I mean.  If I can use it, anyone can.  -- Dietrich

Tuesday, June 24, 2014

Extensible Blockchain for a New Digital Rights Management Standard

When I was younger and had a true passion for music as most kids do, I went out and bought the traditional Long Playing (LP) record, brought it home, tore off the shrink wrap, and mounted the LP on the platter of my hi-fi system, kicked up and enjoyed listening usually with a beer in hand. (Image credit: Wikipedia.org)

Nobody was trying to steal music at the time.  There was really no way to copy an LP without expensive reel-to-reel stereo playback systems and the price of such equipment was a barrier to even trying to dub a copy. (Image right credit: Wikipedia.org)

The music industry enjoyed a long period of profitability through the 70's until the advent of compact cassette tapes. (Image credit: Wikipedia.org)

The music industry naturally began producing music on cassettes, first 8 track, then mini-cassettes which became more common.

When the first integrated chip solid-state stereo system came out, I had to have it.  I even went into debt, maxing out my credit card, the American Way.  Nobody knew what integrated chips were in the late 70's, but I did.  I even got a matching cassette deck from the same manufacturer with magneto actuated drives.  It was convenient to take the LPs I had purchased and dub them onto a blank cassette so I could listen to them on my new cassette stereo car radio.  That was fun and it seemed 'reasonable' to me and I never felt I was stealing anything.

Of course, the music industry caught onto the fact that some were 'abusing' the privilege of dubbing in an effort to steal copyrighted material.  The abuse was there waiting to happen and only needed a 'technology' to happen.  That was cassettes and the beginning of Digital Rights Management (DRM) began to form in the minds of the MPAA RIAA industry giants. (Image Credit: Wikipedia.org)

During the early 80's SONY introduced BetaMAX cassettes for video recording along side a competing VHS cassette format.  The latter won out as the 'de facto' format for video entertainment and became ubiquitous overnight.  In America,  everyone had a VHS player and the video rental industry exploded.  Soon, the MPAA began releasing movies on VHS cassette.  There was money to be made.  But the potential for 'black market' boot leg copies of cassettes was there.  It grew because it was relatively easy to dub one cassette to another in mass production style once the criminals got their hands on the same production equipment used by the MPAA.  Something had to be done.  Enter the CD-ROM. (Image credit: Wikipedia.org)

During the 90's both the MPAA and RIAA dropped LP and cassettes in favor of CD-ROM.
Putting music albums and movies on CDs was exceedingly profitable.  Of course, as the personal computer became cheaper, inclusion of a CD drive became standard equipment.

So, the urge to copy music and videos never really went away with the death of cassettes.  The momentum might have slowed, but a rebound during the 90's was seen in an overnight explosion of a new multimedia music format: mp3.  It was a compact, lossy format, which made audio files relatively small and thus convenient for download before broadband became prevalent.  In these days, 56k modems were as much bandwidth as one could get.  In the absence of broadband, there was no practical way to download very large CD iso image files.  So, that curbed copying CDs over the Internet.  But mp3 websites flourished.

If you wanted to find a copy of any song, it only took a few minutes to locate an mp3 on the Internet.  It was free for the download.  But that didn't last more than a year or so before aggressive Congressional legal action was taken against websites distributing pirated music.

In the end, the RIAA won out.  Then, in subsequent years, came along formats which allowed copying videos from CD.  Windows Media Format (wmv), Audio Video Format (avi) were perhaps the most popular until a superior format MPEG/4 came along.  As computer hardware and software became more sophisticated and the n'er-do-wells found ways around standard CD copyright protection, it became child's play to rip a copy of any CD or newer higher capacity Digital Video Disc (DVD) using decoder software utilities.

Very quickly, the criminals learned that they could set up servers 'off shore' shielded from legal action since there weren't treaties (yet) in place that would allow an MPAA or RIAA to legally pursue individuals internationally.

Websites like The Pirate Bay soon became dominant players (facilitators, accessories to the crime) in the theft of music, video and other copyrighted materials.

Theft of licensed music and movies was rampant.  It became a veritable 'free-for-all' where one could easily find any music, any video in minutes, simply download and consume without legal recourse. (Image credit: Wikipedia.org)

It has only been during the last five years or so that the RIAA/MPAA have been successful in introducing new laws on the books that make such theft illegal with severe fines.  They have enjoined ISPs to act as 'police' on the Internet gateways using deep packet inspection technology to detect when a theft is taking place.  The coordinated actions have been effective, but a costly deterrent.

Yet, as pirate websites relocate to avoid the long hand of the law and new technologies like Tor and BitTorrent decentralized Peer-to-Peer (P2P) with Distributed Hash Tables (DHT) are now coming into play, shielded by Secure Sockets Layer (SSL) tunnel encryption, it has become all the more difficult for the music and video industry to track down copyright violators who are learning and applying these new avoidance mechanisms.

The high cost to protect electronic copyrighted materials, i.e., music, video, ebooks, and the like, is being now being passed onto both distributors (like Pandora, Spotify, iTunes, Google Play) and legitimate consumers who want their music but must pay 'the pirate tax' reflected in higher prices.

An intricate web of Licensing and Cross-Licensing agreements made with distributing ISPs is mind-boggling and exacts a huge burden of operational overhead legal costs.

The MPAA/RIAA are not keeping pace with changes in technology.
DRM doesn't work.  It never will.

Let's go back to the LP.  Why did it work?  Because, by and large, nobody could dub a copy from the media, a vinyl record etched with wavy grooves.  It was effective and discouraged theft for many years.

A New DRM Solution

I read an interesting story a few months back in the Financial Times which really makes a lot of sense.

As many readers may know, Bitcoin is a relatively new technology and is classified as a cryptocurrency.  The technology essentially allows an electronic format (Wallet) to uniquely track, on a global basis, a quantity of value, with its own unique, secure fingerprint, guaranteed to never be duplicated.

I am an advocate of Bitcoin and have written about it here on LA and why it will grow explosively in the next year or so.  Bitcoin essentially behaves as a store of value, or, to be more precise, a commodity.  Oil, Corn, Copper, Wheat, Aluminum, Gold, Silver, Soybeans, all are commodities and 'trade' with a store of value brokered daily in their respective regulated trading markets.  Everyone is happy as the system works.  A quantity of said commodity is traded, bought, sold, in exchange for the respective country denominated
currency that represents its intrinsic fungible value at the point of trade.  It's fungible because a quantity of commodity can be moved and sold anywhere for its current value.

Bitcoin behaves this way because of its wallet properties.  Specifically, the underlying software uses something called a blockchain ledger which when embedded with a quantity of bitcoin guarantees that store of value uniquely and the owner of bitcoin stores a private encryption key to that bitcoin until they are ready to 'spend' it or, to be more technically correct, trade it.

Best of breed companies like Coinbase are positioning themselves as the 'middle-man', if you will, on the Internet, providing the needed 'go-between' from the consumer who holds a quantity of bitcoin in their wallet to facilitate purchases of participating web merchants who offer goods that can be now purchased with bitcoin.

The catch is, Coinbase is the 'middle-man' acting transparently to bridge a trade of your bitcoin, which they convert to your respective country's denominated currency, say  U.S. Dollars, which Coinbase then pushes (a legal IRS designated 'Currency Emitter') to the participating merchant in payment on behalf of the purchaser (you).

Wikipedia's definition for Fungibility:

Fungibility is the property of a good or a commodity whose individual units are capable of mutual substitution. For example, since one ounce of gold is equivalent to any other ounce of gold, gold is fungible. Other fungible commodities include sweet crude oil, company shares, bonds, precious metals, and currencies. Fungibility refers only to the equivalence of each unit of a commodity with other units of the same commodity. Fungibility does not relate to the exchange of one commodity for another different commodity.

That quantity of value moves from your Coinbase bitcoin wallet to the transaction broker (Coinbase) who now own that quantity of bitcoin.  You cannot reuse that bitcoin.  (Being a broker, Coinbase takes a small 'transaction discount' on your trade of bitcoin to them and that's where they profit.)

The key here is, nobody questions the secure electronic transfer of ownership.  It left your wallet and as far as you are concerned, payment for goods was made.

Blockchain Extensibility

Here's a passage from the Financial Times article Bitcoin is far more than a currency for speculators (subscription required) for your consideration:

"...Old-fashioned financial services are thus an obvious target for Bitcoin-like networks. But there could be wider applications in the future, as the technology evolves. Nakamoto’s use of cryptography to assign and transfer ownership of online tokens creates possibilities that reach beyond payments. 

One is the idea of “smart contracts”, suggested by Nick Szabo, a computer scientist and former law professor (Mr Szabo is among those suspected of being Mr Nakamoto, which he denies). They would be completed with cryptography – for example, by giving a person who buys a car digital keys. 
Another is that people could gain ownership rights to digital goods similar to physical ones – lending or trading them as they want. At the moment companies tend to restrict digital rights to online goods because they are so simple to replicate – one item can be copied millions of times from the original source. 
Bitcoin solves this for currencies – it provides a method for the effective transfer of ownership. Once a Bitcoin is handed to someone else, the first holder cannot spend it again. If the same kind of transfer were achieved for other digital items, ownership would be meaningful." (...)


The idea of having music, videos, books, art, writings, etc. embedded with blockchain in such a way that 'Smart Licensing' could be guaranteed as much as Bitcoin ownership is currently guaranteed, is worthy of consideration.

Making a new standard that extends blockchain to incorporate the other attributes needed for tracking copyrighted works would open up new wide-spread markets for different products and services as well as copyrighted and patentable works for the world.

The extensibility of blockchain.info to facilitate such is key.

Once such a presumed technology 'plugin' extension is thoroughly field tested and production ready, certified by the International Standards Organization (ISO), every entity using the technology could rely on the underlying functionality to guarantee uniqueness and ownership of electronic media of all kinds.

It would remove all doubt as to whether or not an item is registered to its proper owner or not.  This is the central issue and blockchain ledger extensibility is the solution.  Music, Video, legal contracts, books, software, could all be treated the same, theft would be eliminated as well, and as important, the current tremendous costs exacted for Digital Rights Management would no longer be necessary.

-- Dietrich

Sunday, June 22, 2014

Is it Okay to Disable SELinux or AppArmor?

I am flabbergasted at what some so-called, self-anointed 'Linux Experts' offer in the way of sound technical advice.

Take Igor Ljubuncic (aka Dedoimedo) for example.  He seems to be a smart guy and many look to him for reviews of Linux Distributions.  But, I tend to disagree with him about as much as I agree.

His latest story, Linux Mint vs. Ubuntu Security, spurred me to write this post and as it is more than a bit problematic and misguided, I take exception here to disagree with his security recommendation.

As we, in the IT business, should know, security is a process, not a thing.  The effectiveness of one Distro's security implementation may or may not be as good as another's.  And, how each Distro's developers choose to configure security isn't necessarily guided by good decision making.  In fact, I have written, many cookie-cutter clones, or spins if you will, inherit the bad design decisions of their parent Distro, which is one of my pet peeves for why cloning is not necessarily good for Linux at large.

It was causing problems so we disabled it

A response to resolving Linux Security Modules (LSM) issues often heard is the advice given to disable the 'offending' module entirely, when such errors arise.

Igor writes:

Aha, I knew it. There you go. Linux Mint does not ship with AppArmor or any profiles. Well, interesting, not. The thing is, security tools like Apparmor or SELinux are much like HIPS software in Windows. In other words, not necessary. Moreover, they usually cause more harm than good by blocking legitimate software from running. What we like to call the false positive, or fail publicly (FP).

Here, Igor takes it upon himself, despite the considerable design efforts put forth by Canonical Ltd. to provide enhanced LSM sandboxing technology, to marginalize the importance of such technology.  I find that rather irresponsible, given today's situation, what with world-wide rampant security exploitation and surveillance on the Internet growing by leaps and bounds.

No, I am afraid Igor is giving bad advice and has no business telling readers to disable a service provided by software vendors, backed by good justification and years of experience.  

Igor goes on to say:

Indeed, if I look at the history of my involuntary use of Apparmor and SELinux in various distros, I have seen the former kick in only once, and the latter about three dozen times, and each example was a case of a legitimate program being mislabeled. In theory, yes, they might prevent exploits, but you're not running a commercial Web server, so relax.
So, on the one hand, he's admitting that LSMs do indeed prevent exploits, yet on the other he's suggesting (paraphrasing) there was a bug in mislabeling a legitimate application.

So, why, then, did Canonical choose to include LSM AppArmor with Ubuntu and Fedora choose to include LSM SELinux for their several Desktop spins?  

Evidence like Stuxnet, Identity Theft, Ransomware, Malware, Bots, Keyloggers ought to be good clues as to the gravity of the situation.  This clearly isn't sensational.  It is real and happening to the unwary every day.  Igor, strangely, minimizes the seriousness of the situation.

What should be done in the case of a reproducible LSM sandbox error?

If you are experiencing a reproducible error (verses a 'one-time' intermittent error)  using a signed application in your Distro's software repository, do open a software support call ticket on their website so that the vendor can take immediate corrective action.

Don't disable your LSM sandbox.  Go directly to your software vendor for support.  Your issues will be resolved expediently with revisions to your security software

-- Dietrich

Monday, June 16, 2014

Linux on the Desktop: It's Not Me. It's You.

by Dietrich Schmitz

Have you grown tired of Linux on the Desktop?

Does 'familiarity breed contempt'?

At times, I feel I have a 'relationship' and when it reaches the point of saturation, or, I don't see anything in the way of innovation going on, I feel the urge to say in parting, "Linux, It's not Me.  It's You."

Yes.  You.  I'm flipping that famous line, "It's not you, it's me intentionally to make a point.

What is my point?

I am a human from planet Earth.  I am really smart and Linux, you are doing a terrible job of keeping up with things.

So much so, I am just about to break up with you if you don't start shaping up.  I know you've been busy with Android and other embedded devices, but you really need to pay attention to me.  Over here, that's me sitting at a conventional keyboard, monitor, desktop unit (or Laptop).

And I keep hoping you'll begin paying attention to me.

But it seems like things are, well, boring, unchanging.  You've made a few attempts to sweeten things up.

Like Gnome Shell, for example.  Okay you worked hard on that, but, it's just that it is easy to use, but too simple.  Why is it so hard to innovate?

Unity?  You've really gone out of your way to be 'different' but again, the gui is not usable and limiting.

I've stuck with you this long only because of LXDE.  Now, after all of the upstream struggles to get Gnome 3.x to a point of 'usability', I have resorted to using lightweight LXDE.  Why?

Because, it doesn't reinvent the wheel.  Don't fix what isn't broken.

Panels, Desktop, Desktop folders, icons, menus, terminal windows, they all work in a classic intuitive way which is why I have always liked you Linux.

I think the problem is, you are trying to be different but no matter how hard you try, the technology just comes up short, deficient.

Maybe you should just be yourself again?  You know like when Ubuntu first came out?  Gnome 2.x worked so darned well.

Why did you change?  I don't like you as much anymore.

Please change.  I mean, innovate, in the truest sense of the word.
Let's not make new widgets that replicate existing functionality.  We already have in my estimation too much of that.

And please.  STOP cloning yourself.  You could go blind doing that.

How many of you do we really need?  I think you should just work on making one Distro better.  No, perfect.  That's right, perfect.

Make yourself sexy with a purpose, but let's stick to just the Linux Standard Base (LSB), one Filesystem Hiearchy Standard (FHS), one graphical API (like Windows GUI).  Yes?  Come to think of it, isn't that what makes Windows so successful?

Please.  Don't put on pretenses for me.  I know you.  I just want what's best for you and think you should really strive to simplify.  And, never mind what the other clones are doing.  They are just copy cats trying to emulate.  You are better than that.

Linux on the Desktop:  Be the best that you can be and I won't leave you.  Promise.

-- Dietrich