NSA: Please Turn off the Lights When You Leave. Nothing to See Here.

Linux Advocate Dietrich Schmitz shows how the general public can take action to truly protect their privacy using GnuPG with Evolution email. Read the details.

Mailvelope for Chrome: PGP Encrypted Email Made Easy

Linux Advocate Dietrich Schmitz officially endorses what he deems is a truly secure, easy to use PGP email encryption program. Read the details.

Step off Microsoft's License Treadmill to FOSS Linux

Linux Advocate Dietrich Schmitz reminds CIOs that XP Desktops destined for MS end of life support can be reprovisioned with FOSS Linux to run like brand new. Read how.

Bitcoin is NOT Money -- it's a Commodity

Linux Advocate shares news that the U.S. Treasury will treat Bitcoin as a Commodity 'Investment'. Read the details.

Google Drive Gets a Failing Grade on Privacy Protection

Linux Advocate Dietrich Schmitz puts out a public service privacy warning. Google Drive gets a failing grade on protecting your privacy.

Email: A Fundamentally Broken System

Email needs an overhaul. Privacy must be integrated.


Cookie Cutter Distros Don't Cut It


The 'Linux Inside' Stigma - It's real and it's a problem.

U.S. Patent and Trademark Office Turn a Deaf Ear

Linux Advocate Dietrich Schmitz reminds readers of a long ago failed petition by Mathematician Prof. Donald Knuth for stopping issuance of Software Patents.

Sunday, October 12, 2014

Fedora 21 Alpha Workstation Impressions

Fedora 21 Workstation (GNOME 3.14 Desktop GUI)

Draining the Swamp, is the title of a 2001 GUADEC presentation done in Seville Spain back in 2001 by +Jim Gettys, author of the X Window system.  Citing his remarks in an April 2014 story, Christian Schaller (Senior Software Engineering Manager at Red Hat, Developer at GNOME) writes about Gettys' vision:

(...) "We are trying to bring that ‘draining the swamp’ mindset with us into creating the Fedora Workstation product.

With that in mind what is the driving ideas behind the Fedora Workstation? The Fedora Workstation effort is meant to provide a first class desktop for your laptop or workstation computer, combining a polished user interface with access to new technologies. We are putting a special emphasis on developers with our first releases, both looking at how we improve the desktop experience for developers, and looking at what tools we can offer to developers to let them be productive as quickly as possible. And to be clear when we say developers we are not only thinking about developers who wants to develop for the desktop or the desktop itself, but any kind of software developer or DevOPs out there." (...)
That sums up what Fedora 21 Workstation is all about.

Fedora has embarked on an ambitious plan called Fedora.next which breaks out three distinct product lines: Server, Workstation and Cloud.  I only give my initial impressions for Workstation.  Here goes.

Shiny and New

It's a good sign when I find myself smiling, which is what happened after installing Fedora 21 Alpha Workstation.

As I write, and after a week of poking around Fedora Workstation Alpha, I am thinking:

"This is Alpha?  It's more production-ready than other general releases I have seen".  Seriously Folks, it's that stable.

The most obvious change?  Visual.

Fedora Workstation gets the proverbial face lift with GNOME 3.14.   And that is what keeps me smiling.

Adwaita Gets Some Love

In its default form GNOME is fitted to Adwaita Theme.  There are no rough edges.  Just smooth contours, gradients, delicious fonts, all composited to make the eyes feel good.   GNOME has worked diligently in shaping their Human Interface Guidelines to assist GTK Application Developers.

In other work done outside of Fedora, the Adwaita team did a major redesign which improves portability, provides maximum GTK compatibility for Developers and is now the default theme for the GTK toolset.

Bells and Whistles

Alan Day has labored and brings swarming animation.  A nice professional touch of glitz never hurts and lends to the overal professional feel.

Venturing into GNOME Software, you'll discover the newest version now offers Live Search.

Pressing the nine dots icon (or tap the Super key) to type any city name will return the current time in GNOME Clock.

As well, typing a quick calculation into the search field will return from GNOME Calculator an instant result.

Other New Features

  • Touchscreen Gesture support
  • Interactive GTK Inspector (for Developers)
  • Mozilla Location Service
  • New Animations for Activities
  • New Minimize Maximize Transition Effects

Updated Apps

  • Weather App Geolocation Support
  • Maps Route Planning
  • Boxes Multi-Window, VM Snapshot Support
  • Music Online Provider Support
  • Photos Google/PicasaWeb Integration
  • Evince PDF Reader Redesigned
  • dnf (Yum replacement) Speed Improvements

Kernel Update

During this week, Fedora 21 yum update-testing downloaded Linux Kernel 3.17, which the Linux Foundation reports includes several feature enhancements.

New Default Terminal Theme

GNOME Terminal now defaults to using the Solarized theme (below).

GNOME 3.14 Solarized Theme

New System Log Utility

For those who feign going near system logs, a new utility called Logs will come in very handy (below) and makes viewing logs simple.

New System Logs Utility

Wayland Remains Non-Default

To those who have been anxiously awaiting the arrival of Wayland production support, I say: "Good things come to those who wait." ;)

Seriously, Christian Schaller gives an update on the status of Wayland and I will say from my own vantage point while Wayland may be stable, the process of migrating GTK Apps to use Wayland is ongoing.  Schaller writes:

(...) "So we want to keep being a place where you do get access to new and exciting technologies first, but as you see with the Wayland effort we are now going to go the extra mile to make sure we offer this new technologies in a way that allows you to still use Fedora as your day to day working machine without worrying that these new features will hinder your work. So we will keep Wayland available as a separate non-default session until we feel very confident that our users are not going to be negatively impacted by the switch. Which means we want to fix and polish up the last remaining bits and pieces, make sure that performance is top notch, make sure all input hardware works flawlessly, work with NVidia and AMD to help them make their binary drivers available for Wayland before we make this the new default." (...)


As for 'Draining the Swamp', I am giving a thumbs up to the Fedora and GNOME Teams for their hard work.  Fedora Workstation really shines and despite being Alpha, I have not had any major problems aside from what gets sent in the automated crash reports.

Fedora succeeds and while the use case Target Audience includes, Students and Developers I would feel comfortable recommending it to Grandma.

Fedora Workstation product documentation can be found here.
Alpha/Beta Testers are encouraged to participate.  Get the Prerelease here.

-- Dietrich

Wednesday, October 1, 2014

Shuttleworth Pronouncements, Proclamations, Palaver and Privacy Integration

I see Mr. "I'm Special" Shuttleworth is at it again.

He seems to enjoy being in the limelight.  And, if you take pictures of him on stage with pictures of him in the backdrop with his name emblazoned -- all the better.  His ego fulfillment is unabashedly on display.

Seriously, I have taken jabs at Canonical Ltd., MS and his community of psychophants in the past and, quite frankly, enjoy doing it.  This is a small society which has little effect on the quality of Linux on the Desktop.

Ubuntu purports to offer new technology paradigms, but, in reality, is in opposition to anything but its own bastardized notions of innovation.  Left-handed doo-dads instead of right, global menus (Mac emulation), broken scrollbars, subverted Wayland code (Mir) all designed with a solitary purpose -- to wrest control from and drive a wedge into the open source community and advance a cause with no clear purpose.

Canonical Ltd. continues to 'spend' down MS IOUs as it capriciously plots its vision of the future that nobody quite understands.

Yesterday, "the King" made another one of his "Brilliant Man!" pronouncements.  Paraphrasing his overly verbose Here be Dragons post:  "Erahhh, gee, this whole invasion of privacy thing is getting out of hand -- I think I need to say something about it -- lend the appearance of having lofty thoughts at least and maybe I can buy some time while I actually come up with some new bright ideas -- Oh a fellowship! -- yes, that's it -- let me throw them a bone -- token gesture".

News Flash, Mr. Shuttleworth.  True Internet Privacy is attainable.  The technology used to protect your Distro, GnuPG, is viable and pivotal to 'the solution'.  It just needs to be made more user friendly with some help from the open source community with Apps that approach usability like Enigma.  Enigma isn't getting the love it could use, in fact, it has gone stale and lost support.  Still, we are not without recourse.

No, Google's End-toEnd encryption is not the solution.  That endeavor is 'reinventing the wheel'.  Google wants to port GPG to Javascript.  Bad Bad Bad.  Improve upstream OpenPGP.  What is needed is a true Desktop-Integrated Privacy App.  It should be transparent and drop-dead easy to use.

Much as we have come to expect of Microsoft Office or LibreOffice, we should provide the means for obtaining iron-clad Internet Privacy as a matter of right.

This is the true mandate.

So, please.  Mr. Shuttleworth.

Pronouncements, Proclamations, and Palaver are not needed.  Start by putting together a list of 'draft actionable items' for discussion that can become the final framework upon which to move forward in the Open Source Community, collectively, without divisiveness, or proprietary twists of any kind. -- Dietrich

Saturday, September 27, 2014

Public Computer Security Misperceptions Abound

Gmail Google Phishing Message

Generally, I try to avoid giving out unsolicited advice, but, sometimes, will reflexively do so, especially for a friend who I know encountered some kind of "Windows" security issue.

Well, a friend posted up a gmail message they had received with concern to make their circle of friends aware of.

It is of the email 'click-bait' variety.  They all work the same on legacy Windows (x86) from present 8.1 back to Windows 2000.  The commonality is that all versions share the same core WinNT design that Microsoft cannot change as it will 'break' Enterprise software badly.

No, it's more what I call "shooting fish in a barrel" or "taking candy from a baby".  The email sent to the unwary Windows user is 'socially engineered' to steer them to opening the email and/or attachment, either of which (on Windows) will spawn Javascript to download and inject DLL code and run all silently unbeknownst to the user -- until, of course, it's too late when suddenly a rogue fake security warning comes up or the dreaded CryptoLocker virus has just finished locking (encrypting hard drive) the user out of their system and very professionally offers up a screen of payment credit card options for making payment, which will unlock said PC.  CryptoLocker is becoming endemic.

So, my weak moment was to offer unsolicited advice to the poster of Drive-by threats inherent in the use of Windows.  This kind of advice was coupled to my 'standard' recommendation to the poster to consider switching to Linux which I have used since 2005.

I've been in the IT business for 20 years and ought to know something at this point in my life about issues regarding computer security, one would think.  Yet, despite offering up this kind of friendly advice, there is always the random respondent who turns up and shows his/her ignorance with great facile, I might add.  Here are their remarks:

"I hate this kind "commercial" attitude some people have. I dont like Linux. It may be the safest whatever OS and good for servers. But I don't like it. How can someone possibly even think Linux is safer when its open source for God's sake the only reason Linux is safe is  because is not as popular as windows yet. Maybe it might become that much popular and be used almost everywhere but as far as I'm concerned almost all companies and 90 % of the users worldwide are still on windows. That is why its the most vulnerable because if I was a criminal who would I attack?  A bigger area of effect obviously. 
How little people think nowadays really. Thank you for your kind offer but I'm not going to an open source program. Keep your eyes open for "these kind of threats" and alert others.
No operating system that is on the internet is safe. Not even Linux. Linux has one of the biggest issues if anything for being open source. If anything attacking the Linux website one day for example and their downloads and all other server connections they have would  compromise absolutely every single user and you do not need to be a computer tech to realize that. 
Thank you, but no. Have a wonderful day. :)"

Okay, instead of responding in my friends post, I chose to submit to her woeful ignorance and put things into perspective here point by point:

1) "I hate this kind "commercial" attitude some people have."

Commercial?  This was posted to a 'friend' for her benefit and so wasn't a commercial or if she meant an endeavor to profit, Linux is FREE.  It wasn't motivated by money.

2) "How can someone possibly even think Linux is safer when its open source for God's sake."

Huh?  The user presumably associates the word 'open' with some form of security vulnerability like 'leaving the door open'?  One of the cornerstones of Linux is its Gnu Public License for sharing the entire source code base and making changes to it freely.   Because of this, user of Linux enjoy true "Transparency", which means many eyes (more so than what Microsoft has in employee headcount), around the globe are looking at and vetting source code to ensure no rogue code insertion occurs.  Unlike Linux, Windows is proprietary and the end-user cannot see their source code, cannot copy it, and thus have NO idea whatsoever what the employees of legacy Windows did or did not do to the code base.  Being proprietary means effectively, Microsoft can write the operating system and applications however they wish, and, that includes code insertion of functionality like 'back doors'.

Yep, back doors exist in Windows for both Microsoft's use and for their partnering governmental agencies which wish to access your PC.  They come and go silently with impunity.  After you've thought about that for a minute, go find some black electric tape and place it over your Laptop's camera, mmmkay?

This doesn't even speak to the unfixed zero-day exploits present and hidden because Microsoft's code base is not viewable by anyone other than their privileged but shrinking staff of programmers most of whom didn't write the original code and might not have a clue as to how to go about changing it.  Those programmers left 5-10-15 years ago.  So, Zero-Day exploits are rampant, and, the hackers that have discovered them sell their exploits on the black market to people on the other side of the globe who want access to you, usually for money.

Microsoft code doesn't get continually refactored like Linux and vetted for safety.  It gets written and then forgotten.  Their maintainers will fix what they can if they can do so without breaking the system, but their resources are limited.

3) "Linux is safe is because is not as popular as windows yet."

Oh right.  The security by obscurity argument.  Alright let me explain the central security issue with Windows:

If an exploit (drive-by, email attachment same difference) on Windows is 'successful' in running, it will make its own SYSTEM call() to perform an 'Administrative' function.  It is at this point that Windows should stop to check on what that 'action' is and by what process id (parent) is making the call.  It doesn't.  Nope.  Once the exploit gets a toe hold, it proceeds to run administratively with no other cross-check security mechanism.  Got that?  Your PC is officially owned.

With Fedora Linux, you have what is called sandboxing technology.  SELinux, a Linux Security Module (LSM), binds to the kernel at bootstrap and maintains a 'hook' api in the SYSTEM kernel.  This 'hook' gets called on each granular system administrative process invoked on Linux.  SELinux (the Sandbox or Mandatory Access Control), cross-checks each discrete action against its policy group for the calling app  and if it isn't an allowed action, it on returning from the hook sends a 'deny' to the kernel.  The rogue code, exploit, is stopped cold.

It doesn't matter from whenst it came, the sandbox blocks it from getting a toe hold in Fedora Linux.

Windows Legacy users?  To you I say: Go with God.

Fedora Linux: The safest operating system on the Planet.
I stake my reputation on it.  -- Dietrich

Sunday, September 14, 2014

Terminology: The Terminal Emulator With Bling

Image credit: Wikimedia.org

If memory serves, it was +Greg Kroah-Hartman who last December enthused on Google Plus about Terminology, the terminal emulator component of Enlightenment.  It was just released at version 0.4.0 by one very talented, industrious Samsung developer, Daniel Juyung Seo.

I took a look at it, put it away and all was forgotten.  The other day, I was looking around for new software and decided to revisit the state of Terminal Emulators.

Incidentally, Solarized Theme will be part of Fedora 21 and I remember trying it at some point.  But didn't recall how.  To my surprise, Terminology includes a number of themes, one of which is Solarized, so, I decided to install it.  Yes, one can install Terminology separate from Enlightenment and it won't pull in a lot of dependencies -- just what it needs.

Okay so, I thought lets see what this puppy can do.  Five minutes later it was installed and shown on my Fedora 20 LXDE menu under System Tools.

It's quite pleasant in terms of aesthetics and given it is an Enlightenment component, that is to be expected.  But there's nothing keeping one from using it with another Desktop UI and many do just that.

Those partial to certain emulators like Gnome-terminal, Konsole, will prefer one over another, especially if doing development work and dwelling in a character-based shell.

What is especially nice about Terminology is that selecting a theme, such as Solarized, makes doing other things at the terminal prompt most pleasant and easy on the eyes, including other ncurses-based applications like vim, nano, htop.  And the entire window is bit-mapped scalable which means it can be as small or large as needed just by moving the lower-left screen corner.


  • Most escapes supported by xterm, rxvt etc. work
  • Xterm 256 color escapes work
  • Backgrounds (bitmap, scalable/vector, animated gif, videos)
  • Transparency
  • Bitmap and scalable fonts supported
  • Themes for the layout and design
  • URL, file path and email address detection and link-handling
  • Inline display of link content
  • Multiple copy and paste selections and buffer support
  • Works in X11
  • Works in Wayland
  • Works directly in the linux framebuffer (fbcon)
  • Can be finger/touch controlled
  • Scan scale by UI scaling factors
  • Can render using OpenGL or OpenGL-ES2 (not a requirement - just an option)
  • Can display inlined media content (images, video, documents)
  • Can do multiple "tabs"
  • Can do splitting into multiple panes
  • Block text selection
  • Drag and drop of text selections and links
  • Can stream media from URLs
  • Tab switcher has live thumbnail content
  • Single process, multiple windows/terminals support
  • Fast (gives urxvt a run for its money)
  • Themable visual bell
  • Compress backscroll
  • Text reflow on resize
  • Color palette selection


I am including below a few screen shots I took of Terminology running on Fedora 20 LXDE.

Terminology with Solarized theme shown in split-screen mode

Terminology with Solarized theme running ncurses-based htop

Terminology settings screen with Themes selected


As mentioned, it took all of 5 minutes to install Terminology on Fedora 20 with this command from the lxterminal:

$sudo yum install terminology

Then, I went straight to the terminal window, right-click, settings and selected my personal favorite font Droid Sans Monospace 12 point, and, of course, Terminology's Solarized ('Dark') theme.

Bayam!  Sweet relief.  My eyes feel so much better now.

Go get some relief.  Now. 

Terminology.  The terminal emulator with bling.  -- Dietrich

Saturday, September 13, 2014

Bodhi Linux Developer Retires

( Image Credit: Michelangelo's The Creation of Adam )

The solo developer of Bodhi Linux has announced his retirement.

I sincerely wish +Jeff Hoogland  well.  It's not difficult to appreciate that putting together a truly polished Linux Distro is hard, but by one developer, it seems almost an impossible task.  

One Mr. Hoogland set out to do so and I will say that by all accounts he has been a success.  Bodhi Linux has always been a 'standout' Distribution in my view and well respected.  Bodh Linux's level of consistency typically requires a rank and file of workers to make for polish, fit, finish and seamless processes.  Bodhi Linux has become perhaps the best known lightweight Linux Distro.  CrunchBang is perhaps the only other true contender in this category.

Yet, I fear that we will see more of this attrition and with increased frequency.

As geopolitical events unfold and the global economy gets worse by the day, it becomes increasingly difficult for the individual to merely 'exist', much less, do voluntary work on a project of this magnitude.

Yes, if you are lucky, another developer will pick up and continue with Bodhi maintenance.  If you aren't, well, that is the nature of things in today's world.

Linux on the Desktop is much like a garden, if you will.  It requires true dedication, constant attention and nurturing.  Looking at Distrowatch, one sees a wide array of choices.  Some flowers in the garden are hardy, and even perennial flowering all year round giving manifold benefits to the Linux User community.

Indeed, there is much freedom of choice.  But with choice comes risk.  One such risk is that many Distros by default create newcomer confusion.  The immediate question becomes, "Which one is best?"  All one need do is ask and there will be no shortage of opinion offered to help out.  Getting answers to questions with Linux has always been one of its cornerstones and those who maintain support forums are there to help.  This has always been one of the great benefits of Linux.  That hasn't changed.

What has changed?  The pure number of Distros has grown as more developers obtain toolchains which facilitate cloning their own 'me too' Distro.  This is done mostly with good intentions.  It's part of the Gnu Public License and encouraged.

But, the by-product has yielded a side-effect I call Distro-Sprawl.  As such, it has become increasingly difficult for users to come to a quick answer as to which Distro they should use.

Despite, Bodhi Linux points to another important issue:  Ongoing Support.

When researching which Distro to use, make not just looking at the feature set a consideration.  Look also at the number of people involved in support.  If it's one or two people, that doesn't mean it isn't a good Distro.  Far from it, Bodhi is the exemplar.  But, the longevity of that Distro is put at risk when there are fewer to support it.  And thus, we see here yet another developer finds himself in the throws of life circumstance with not enough 'bandwidth' to devote to his open source development pursuits.  The critical decision is made to pull the plug.  The developer retires.  You are left high and dry.

It doesn't have to be that way if you look at the top 5 Distributions on Distrowatch.  Those are the hardy flowers in the garden.  Those flowers have many gardeners who cultivate and nurture them so as to remain healthy, lush and full.

I encourage developers not to spread themselves 'thin' across vaguely familiar Distros.  Come on board one of the larger Top 5 Distros and put your talent towards something which will be long-lasting and meaningful.  -- Dietrich

Friday, September 5, 2014

RetroShare: An Essential Privacy Tool Introduction

RetroShare shown running on my Fedora 20 LXDE Desktop

Maybe you feel defeated?  You have that sense of helplessness?

Yout think, "Don't fight it.  We can't win against them.  There is no privacy on the Internet."

Give up?

No.  Don't give up.  Fight back.  There is an easy tool, now, today, at your disposal, which as far as I am concerned is not difficult to install and immediately use that will assure 100% privacy on the Internet.

What tool?  It's shown above running on my desktop.  It's called RetroShare.

You see, the NSA is perfectly happy you use Google's tools, including Drive, Gmail.  They are clear text and there's no difficutly in their getting to that repository if they choose to do so.

On the other hand, the NSA is not happy about tools like RetroShare.  So much so, in fact, they cannot invade your privacy space on Retroshare.  They cannot penetrate the encryption.  Enjoy privacy on your own terms with RetroShare.

RetroShare is a mature product in continual refinement since 2006.  The feature set is robust.  To learn more, check out their wiki, FAQ, and screenshots.

So, go ahead and try RetroShare.  If you get on-line, give me a shout.  I'm here.

RetroShare is open source and free.  Download here.

Watch my screencast: RetroShare: An Essential Privacy Tool

-- Dietrich

Thursday, September 4, 2014

CryptoWall RansomWare: The Psychology of Mass Insanity

(Image Credit: Geek.com)
Albert Einstein once defined insanity as this, "Doing the same thing over and over again expecting different results."

Are you using Windows Legacy (x86) 8.1 and older?

If you answered yes, then, I am afraid you are technically insane. ;)

Oh.  That Anti-Virus software subscription tool you so diligently run?  It is money and time wasted.  The types of attacks now occurring simply fly 'below the radar' of AV scans and morph their signatures on a daily basis so as to not be seen.

If you aren't thinking about switching operating systems, you really need to have your head examined.  It has become child's play for global crime rings to perpetrate the kinds of attacks such as the one depicted at the top of this story (aka RansomWare) and they get away with it by a process known as 'Drive-By' Javascript DLL injection into Windows Legacy operating systems going all the way back from 8.1 to Windows 2000.  Why?  Because they all share the same legacy WinNT kernel design and because Enterprise has been thoroughly invested in Windows, they cannot change the code or it would break Enterprise systems.

This is their dilemma -- their personal nightmare.  And just as with the slow death of XP, Legacy won't go away any time soon -- it is entrenched and businesses are 'married' to it for better or for worse.

You, the consumer, have a choice.  Distance yourself from a known problem.  Research 'Stuxnet' and then ask yourself how that could possibly happen (cough backdoors).

As long as you insist on using Windows Legacy, you are assuming the role of a 'victim'.  Don't be a victim.  Own your privacy.  It's your right.

Reclaim it with Fedora Desktop Edition Linux: the safest operating system on the Planet.

I stake my reputation on it.

Get Free Fedora Desktop Edition here.

-- Dietrich

Friday, August 29, 2014

Firefox Sponsored Tiles Advert Strategy: Do You Object?

Mozilla Firefox nightly builds now include Sponsored Tiles on the 'New Tab' page
Here is the issue:  Firefox has survived on Advertisement revenue right along.  Yes?   Most of their revenue is based on a contract with Google which has been confirmed will end in November 2014, unless Google has a change of heart and renews.

Consequently, Mozilla is looking at contingency planning and has now added Sponsored Tiles to their nightly Firefox builds.  Sponsored Tiles appear on the 'New Tab' page and won't appear in your regular browser stream.  Being found on the New Tab page means they won't get blocked by tools like Adblock.

Remember, Mozilla is an Open Source company and this will help them to continue to fund Firefox development and continue to expand Mozilla Corporation at the same time.

So, I am fine with it, as long as Firefox remains Open Source.  What say you?  -- Dietrich

The Linux Distro Repository System Safety Assurance

(Image credit: ablogabouthistory.com)

Most people don't give a thought to this subject.  In fact, with Legacy Windows (x86), including Windows 8.1, there is no such concept as a 'repository'.

Every Linux Distribution (call it a 'flavor' if that helps), provides its own repository.  What is a repository?  Imagine a Castle (Library of Applications) with a moat around it and a draw bridge.  Only keyholders can get in and get out.

The keyholder conceptually is provided by a technology used extensively with Linux, called GNU Privacy Guard (GnuPG or GPG for short).  The idea is to guard all software in the library to assure that no 'tampering' can ever occur.  Tampering scenarios include adding rogue software (applications with hidden trojan viruses), unauthorized code edits which have negative repurcussions and usually include software exploits, such as the kind that politely advises the user that their drive is now officially encrypted/locked and cannot be used unless a monetary consideration (extortion) is provided that will cause the encryption to be unlocked (CryptoLocker being one such application aka Ransomware targets Windows, not Linux).

This GPG technology allows each piece of software in the Library to be linked to your Linux on the Desktop GPG-keyring and will not install, per se, unless it can be unlocked by your Desktop keyring (Fedora is my Distribution of choice).

The advantage is clear.  The maintainers of the repository for your Distribution are thus able to  maintain strict control over who can contribute code, vetting of software and the author's background, all done to assure that the program being considered for acceptance into the Library is safe for general use, devoid of any rogue code.

The absence of a repository of protected software applications has been an historic security problem of endemic proportions for Microsoft who must continually apply Zero-Day security patches to the operating system once a month to thwart introduction of rogue software onto the operating system.  It is a hopeless, unending situation and the fact that such software as CryptoLocker and Stuxnet exist should be a flashing neon roadside billboard to the average user, but, sadly isn't.  The public is bamboozled and has bought into the accepted practice  of running third-party Anti-Virus software, lulled by its false sense of security and done by the user at their additional out-of-pocket expense for purchasing said software, time and effort.  

Indeed, the Windows Legacy security software business produces multi-billion annual sales all of which does nothing to deflect a Drive-by Download, for example.  The user won't see it, but their machine is infected and there isn't anything they or Microsoft can do about it, short of a complete redesign effort which has gone into their ARM processor based product which has suffered languishing sales.

Below is my system running an update download from the GPG keyring-protected repository at Fedora.  If you run automated updates, this will occur daily with Linux, not monthly as Microsoft does on Patch Tuesday.

Fedora Linux:  The safest operating system on the Planet

Users of Windows Legacy must therefore 'fend for themselves' and go into the 'wild' so to speak in search of software, whatever that may be, with no assurance that it isn't laden with trojans ready to deploy silently, unbeknownst to the victim user, who believes they have found a nice game program, for example.

You may think things are safe with Windows.  They are not.

Fedora Linux: The safest operating system on the Planet.

I stake my reputation on it.  -- Dietrich

Thursday, August 28, 2014

Google Does Evil. And Then Some.

Every day, I go about my business using my computer tools, all the whilst thinking about what I am doing.  Specifically, I am most concerned about Privacy on the Internet.

We all know what that means at this point and given past events that punctuate the need for Privacy Protection, I see little being done about it, in particular, by Google.

You see, Google stands to profit on every little piece of meta data connected to you.  Use their products, as they want you to and you will become a slave.

Yet, the reality is Google's Terms of Service let them get away with doing with your data as they see fit.  Some of the readers may be non-plused by that fact, but it grinds my gears.

Do No Evil

Remember that slogan?  I bought into it.  They gaffed me, pulled me up on the boat.  It was real easy.

You might be thinking:  "But they have free Gmail and I've become so dependent on it and also Drive is coOL".

That is a pervasive mindset which hasn't diminished and despite my writing this post, isn't going to change anytime soon.  But my purpose here is to help the reader gain a new perspective on the services Google provides.

And, the services to which I refer are NOT the ones which you, the consumer, use.

No, this is about what Google does to profit from parsing your clear-text gmails and Drive documents.  Clear Text means they are not encrypted in any way.  That is by design.

Among all of the hideous revelations that came last year from one Edward Snowden, was the disclosure of the PRISM program run by the NSA.  When the story hit the press, the ISPs reflexively, like sleeping hound dogs, woke up and began to howl in unison, Google, Yahoo, Microsoft, expressing outrage at the extent to which the NSA has intruded electronically in Americans' private lives.  The story turned quickly to it becoming apparent that the NSA was pitching camp as revealed by Edward Snowden on the inside of Google's firewall, knowledge of which was immediately disclaimed by Google, Inc., naturally.

Time passes, people revert to their normal habits.  Not a lot has changed to force the end-user to alter their computer habits insofar as using the Internet is concerned, really.

Initiatives have been started by the ISPs to make their repositories more secure and encrypted, with exceptions, Google being one of them.

Google won't encrypt your Gmail.  Nor will they encrypt your Drive.  That would defeat their ability to parse meta data and key words they claim are used in a 'benign' way for generating Advertising revenue.  Really Google?  I've checked my Drivers License and can confirm, I wasn't born yesterday.  So please.  Don't insult my intelligence and the intelligence of my readers.

This may come to you as a surprise, but, Google is not just in the Advertising business.

And here is the kicker.  According to a story on Veterans Today by Gordon Duff dated April 10, 2013, entitled Google, Beyond the CIA: Insurgence and Espionage Factory, Mr. Duff sheds light on some of the undisclosed 'profit centers' in which Google has a vested ongoing and active interest:

"Intercepted emails expose Google as an intelligence contractor openly involved in aiding terror organizations throughout Africa, Asia and the world, working well outside any official oversight and authority, far beyond even the CIA’s wildest abuses."
Wikileaks obtained copies of some interesting email exchanges with STRATFOR, an American global intelligence company headquartered in Austin, Texas.

From one such STRATFOR email comes this:

“GOOGLE is getting White House and State Department support & air cover. In reality, they are doing things the CIA cannot do. But, I agree with you. He’s going to get himself kidnapped or killed. Might be the best thing to happen to expose Google’s covert role in foaming up-risings, to be blunt. The US Gov. can then disavow knowledge and GOOGLE is left holding the (expletive deleted) bag.”
Gordon Duff goes into further detail to explain Google's Google Ideas Groups special interests with:

"Among the STRATFOR emails Wikileaks received were some exposing Google as, not just an intelligence contractor for the CIA and Department of Defense but foreign governments as well.
Text within the highly sensitive cables outlines criminal and even terrorist activities on the part of Google including the planning of insurgency operations.  Sources have confirmed Google has helped plan military operations against Syria and has been directly involved, working with Arab states, Turkey and Azerbaijan to plan destabilization of Iran.
Emails expose meetings between Google executives and insurgency groups in Azerbaijan operating against Iran.
Under the front name of “Google Ideas Groups,” with support including “air cover,” authorized by the White House and State Department, Google Corporation is directly involved in planning terror attacks.
Wikileaks intercepted STRATFOR emails outlining Google operations in planning insurgencies and illegally conduction both foreign policy and espionage."

It is apparent that Google holds a special place in the hearts of certain Domestic and Foreign Intelligence agencies with whom they conduct business and exchange information presumably for profit.

You, the consumer are their target.  And if your profile is parsed searching for key word triggers, then you become, oh, let's see, A Person of Interest?  Yes, that's it.  Mr. Duff writes further:

"Google had long been criticized for selling “keyword intercepts” from Gmail accounts to advertisers.
However, it has long been known that, not only does Google go much further, scanning emails for intelligence, both security related and corporate, but there is no clear accounting of who Google’s clients are.
Sources indicate that Google sells email and search related intercepts to governments like China, Vietnam, North Korea and others.
Additionally, Google has been proven to accept payment for suppressing searches of news stories clients find embarrassing, to push conspiracies, to support hate groups, to work in smear campaigns and now, of course, is exposed as having armed personnel working directly with insurgents in direct violation of international law."

So, I will tell you this.  Google is doing you no favors, in fact, if you happen to be a shareholder, what they are allegedly doing constitutes Investor fraud, being involved in covert activities of the kind described above.

The Google Investor site goes so far as to say:

“We believe in the importance of building stockholder trust. We adhere to the highest levels of ethical business practices, as embodied by the Google Code of Conduct, which provides guidelines for ethical conduct by our directors, officers and employees.”

Mr. Duff astutely writes:

Nothing in any Google publication indicates that employees are involved in illegal covert operations that fall within the ICC’s definition of “war crimes.”
That pretty much makes it clear, yes?

You can appreciate that during the past few months I have begun distancing myself from Google product usage where possible and as regards especially Internet Privacy.  I felt obligated to share this information since I am now taking a much more guarded position with usage of any software.  The starting criterion for me is, it must be Open Source.  That means Google Chrome is out.  I don't store anything on Drive or Gmail unless it has been encrypted with GnuPG encryption (Ultimate) before uploading -- this is easily accomplished from the command line with google-drive-ocaml and Evolution Email Client with GnuPG.

This is a strong caution to everyone reading this.  Google is not your Friend.

Google Does Evil.  And then some. -- Dietrich

Wednesday, August 27, 2014

Patch as Patch Can

(Image credit:  theregister.co.uk)

What happens when you use proprietary code?  This story from The Register is quite representative.

Yes.  Google Chrome is proprietary.  Chromium is Open Source.

Open Source Chromium gets looked at by 'many eyes' and that is by Contributors across the Globe Folks.

Bugs get fixed quickly.

With any piece of proprietary code, including Chrome, only the employees who work as developers can make fixes to source code, no one else.  Unlike Open Source, Proprietary source code is not made accessible to the general public.  Only the binary executables get distributed.

It's a classic problem and has lent to a perpetual tread-mill of security issues for Microsoft Windows Legacy (x86) and the litany continues unabated to such an extent that Microsoft now wants to change the name of Internet Explorer to remove some of the legitimate stigma involved with user market perception.  It ain't gonna work.  The horse is out the barn door.

No, in fact, I made a policy decision some time ago not to use proprietary software whatsoever and wrote specifically about Google Chrome.

So, I strongly urge the readers to avoid Chrome like the plague and stick with Open Source developed software only, such as Chromium.

As for myself, I have Open Source dwb and Chromium installed, but use dwb 95% of the time.  dwb is written in pure C with gtk2/3 bindings and a webkit back-end on steroids.  It is understated, spartan, greased-lightning fast, and super lightweight with a 75MB startup RAM footprint.  Highly recommended.  Chromium is the easier of the two to install and use and will gobble up as much ram as it can find but, then, it has all the bells and whistles going for it.  -- Dietrich