NSA: Please Turn off the Lights When You Leave. Nothing to See Here.

Linux Advocate Dietrich Schmitz shows how the general public can take action to truly protect their privacy using GnuPG with Evolution email. Read the details.

Mailvelope for Chrome: PGP Encrypted Email Made Easy

Linux Advocate Dietrich Schmitz officially endorses what he deems is a truly secure, easy to use PGP email encryption program. Read the details.

Step off Microsoft's License Treadmill to FOSS Linux

Linux Advocate Dietrich Schmitz reminds CIOs that XP Desktops destined for MS end of life support can be reprovisioned with FOSS Linux to run like brand new. Read how.

Bitcoin is NOT Money -- it's a Commodity

Linux Advocate shares news that the U.S. Treasury will treat Bitcoin as a Commodity 'Investment'. Read the details.

Google Drive Gets a Failing Grade on Privacy Protection

Linux Advocate Dietrich Schmitz puts out a public service privacy warning. Google Drive gets a failing grade on protecting your privacy.

Email: A Fundamentally Broken System

Email needs an overhaul. Privacy must be integrated.

Opinion

Cookie Cutter Distros Don't Cut It

Opinion

The 'Linux Inside' Stigma - It's real and it's a problem.

U.S. Patent and Trademark Office Turn a Deaf Ear

Linux Advocate Dietrich Schmitz reminds readers of a long ago failed petition by Mathematician Prof. Donald Knuth for stopping issuance of Software Patents.

Saturday, December 13, 2014

Kim DotCom Facing Down a Death Sentence Without a Trial

Kim Schmitz aka Kim DotCom


Many of the readers of this story know of Kim Schmitz aka Kim DotCom.  It's a mix of either great respect or contempt depending on what is understood about him.

There is an untold story about him that needs to be recorded as to what happened to his MegaUpload website.

MegaUpload was a popular file sharing website up to a few years ago when it was summarily ordered to be taken down by the U.S. Federal Government.

As Kim recently said the MegaUpload case is "a death sentence without a trial".

He has managed to remain out of jail in New Zealand up to now but his financial resources have dwindled.  In the time spent since MegaUpload's take down, Mr. Schmitz formed Mega, the technological embodiment of change necessary to avoid MegaUpload ever happening again.

Mega is now in full production offering 50 gigabytes of free cloud storage space.

What sets it apart from other cloud ISPs?

MEGA employs Zero Knowledge end-to-end encryption (ZKE) and a MEGAsync graphical drag/drop files client to 100% guarantee privacy.

What the technology also affords is something which took down MegaUpload in the first place.  Plausible Deniability.  ZKE ensures Mega knows nothing about your data.  It is just an encrypted block of data.

Mr. Schmitz was assumed guilty of being complicit with illicit file sharing activities, alleged to have occurred on MegaUpload.  Today, he still maintains his innocence but a legal case is pending.

Despite his adversities, he has somehow managed to achieve what few others have.  Cloud storage can and should be a safe choice.  Your data and meta data on the Internet are presumed to be yours and only yours.  They belong to no one else.  Mega, the fruit of Mr. Schmitz' labors, is a resounding success.

In reality, few ISPs offer such guarantees.

Mr. Schmitz just put up on his personal website a Whitepaper which is a 'must read'.  It tells the untold story of what happened to MegaUpload.

Kim DotCom Twitters a message to let the public know about his just published whitepaper


Here is part of the whitepaper's opening Executive Summary:

The criminal prosecution of Megaupload and Kim Dotcom is purportedly the “largest copyright case in history,” involving tens of millions of users around the world, and yet it is founded on highly dubious legal principles and apparently propelled by the White House’s desire to mollify the motion picture industry in exchange for campaign contributions and political support.
The U.S. government’s attack on the popular cloud storage service Megaupload and the dramatized arrest of Kim Dotcom, the company’s principal founder – together with the seizure of all their worldwide assets – represents one of the clearest examples of prosecutorial overreach in recent history. One day after the U.S. Congress failed to enact the controversial Stop Online Piracy Act (SOPA), the executive branch of the U.S. government commandeered Megaupload in a coordinated global take-down, and drew battle lines between digital rights advocates, technology innovators and ordinary information consumers on the one side, and Hollywood and the rest of the Copyright Lobby on the other.
Megaupload operated for seven years as a successful cloud storage business that enabled tens of millions of users around the world to upload and download content of the users’ own choosing and initiative. The spectrum of content ran from (to name just a few) family photos, artistic designs, business archives, academic ourse work, legitimately purchased files, videos and music, and – as with any other cloud storage service – some potentially infringing material. Despite Megaupload’s lawful uses, the U.S. government has charged the company and its executives under the Racketeer Influenced and Corrupt Organizations (RICO) Act, and has branded the company, its personnel and its tens of millions of users a “criminal enterprise” dedicated solely to infringing U.S. copyright laws.
The U.S. government’s case against Megaupload is grounded in a theory of criminal secondarycopyright infringement. In other words, the prosecution seeks to hold Megaupload and its executives criminally responsible for alleged infringement by the company’s third-party cloud storage users.  The problem with the theory, however, is that secondary copyright infringement is not – nor has it ever been – a crime in the United States. The federal courts lack any power to criminalize secondary copyright infringement; the U.S. Congress alone has such authority, and it has not done so.
As such, the Megaupload prosecution is not only baseless, it is unprecedented. Although the U.S. government has previously shut down foreign websites engaged in direct infringement, such as the sale or distribution of infringing material, never before has it brought criminal charges against a cloud file storage service because of the conduct of its users. Thus, the Megaupload case is the first time the government has taken down a foreign website – destroying the company and seizing all of the assets of its owners (and the data of its users), without so much as a hearing – based on a crime that does not exist.

Clearly, there was a baseless rush to judgment without any legal due process of law.  In fact, there was total disregard for protective mechanisms in our U.S. Constitution that should have resulted in Mr. Schmitz being presumed "innocent until proven guilty".

Dear Reader, we live in very troubled times and I would dare say at this time we don't have much in the way of Constitutional rights which are negated by special Supreme Court Judicial powers that ignore the Constitution, the continuing presence of the Patriot Act, and the NDAA.

Thus, I feel obligated to share this developing story with you in order to shine the light on a 'wrong' dealt to a Man who has shown himself to be of great integrity and willing to stand up for his and your rights and fight back.

Please help Kim Schmitz by reading and sharing his whitepaper with Friends and Family, your state Senator and Congressman.  -- Dietrich

Tuesday, December 9, 2014

Linux Turla Malware Infection? Not Going to Happen.

cdoor.c - packet coded backdoor (credit: phenolit.de)
C'mon.  Here is yet another sensational report 'wishing' that Linux is infection prone.  It isn't okay?

The SecureList authors imply that there is a Linux version of a known Windows malware, called Turla.  Conveniently, they call it a variant.

Where is the documentation for a Linux 'vector of infection'?  Oops, somehow, they forgot to include it.

Including the source code doesn't count as documentation for vector of infection.  It merely documents the program's purpose, not how it lands on a Linux PC.

On the other hand, one can visit Kaspersky to see it is well-documented for Windows.

This code simply isn't in any Linux repository.

That means one must intentionally deviate and go outside of the keyring-protected repo of applications 'into the wild' to obtain this rogue software.

By definition, a trojan, requires one to install the application and then explicitly run it to have its 'payload' execute.

In the conclusion of the SecureList story, the authors wrote:

"Although Linux variants from the Turla framework were known to exist, we haven't seen any in the wild yet."
Paleeze.  This sensational reporting has got to stop.

Known to exist?  Based on what exactly?  Again, no details.

Folks, Fedora Linux is the safest operating system on the Planet.

I stake my reputation on it.  -- Dietrich


Sunday, December 7, 2014

Linux Distro Survey 2014

Final Results of Linux Distro Survey 2014

[Edit: Linux Distro Survey 2014 is closed.  See summary above. Details can be obtained by clicking the the 'View results' link below.]

So, okay, it's been a while since I did a survey.  You know the drill.  Time to pick your brain.  


What is your favorite Linux Distribution?  [View results]


Friday, December 5, 2014

ALERT: A Software Security Transparency Breach Warning

(Image credit:  Wikipedia.org)

We've witnessed what happens when changes in source code to intentionally insert rogue code go unnoticed.

The example of how the NSA intentionally inserted weakened string constants into Elliptic Curve Cryptography lay hidden for several years, in fact, and was only exposed by a languishing open Red Hat trouble ticket.  What was odd was how given the potential seriousness of the incident, no action was being taken to look at the source code and change it.  As more comments appended to the ticket, the level of suspicion grew to the point of where NIST was forced to open up an investigation.

It was a potential public relations disaster in the making for them, as they pleaded being unaware of what the NSA had done.  Immediately, the code base was opened up for public comment.  The code has since received a thorough going over, particularly those merged diffs that sourced from the NSA and corrective action was taken.

But, this was a roadside billboard that should have alerted everyone in the FOSS Community to the realization that every corner of FOSS should be revisited for a thorough security review and vetting.

Code obfuscation should be a 'red flag' to anyone who has seen it.  The first concern should be:  Why is this code obfuscated?  If there isn't good documentation giving a reason for doing so, then, it's time to dig in and find out what the code is or isn't doing, at the very least.

It is believed, however, relative to all FOSS code, little obfuscated code exists.

It would be most difficult to secret rogue code otherwise, as it must pass several levels of code review to reach final merge.

This is why it is an imperative that the FOSS Community become rigid and not deviate on the issue of Security Transparency.

Security Transparency assurance can only be guaranteed if and only if ALL source code is vetted independently by more than one project maintainer.  Oversight must be maintained and all Linux Distribution binaries which don't provide accompanying Gnu General Public Licensed (GPL) source code should be rejected out of hand as not just a license violation but also a breach of Security Transparency.

That being the case, Linux Advocates is taking a position against the following software vendor sources of 'semi-open' code bases.  They are:

  • Google ChromeOS
  • Google Chrome Browser
  • Opera Browser

Linux Advocates categorically does not support using the above-listed products which include a mix of open source and proprietary code.  There is an attendant heightened risk of exposure to cyber attack and exploitation when using any non-FOSS proprietary stack implementation on your computing device.

Enforce Security Transparency by insisting on using Linux with GPL open source code only.  -- Dietrich

December 9, 2014: The Day Desktop Computing Got Fun Again



Remember when Desktop Computing was fun?

The early days of Ubuntu were a time when GNOME really had things going for it.  Then, one Mark Shuttleworth took the product in another direction.  Unity.

Unity was initially interesting but didn't fit usability and that began the period of when I didn't like what I saw happening to Ubuntu.

During that period, The GNOME Foundation was undergoing its own change.  GNOME 2.x was determined at end of life and GNOME Shell, a concept GUI was established.

As with any GUI paradigm change comes a period of 'growing pains'.  I was really resistant to what GNOME was doing.  And so, I spent a long period in search of a good alternative GUI.  Ultimately, I found myself liking LXDE, and dwelled in Lubuntu.

Then, I tried Fedora 18 LXDE spin.  I concluded it was from a technical standpoint as good as Lubuntu.

Philosophically, I didn't like what Debian and Ubuntu were doing.

When it became apparent that Mark Shuttleworth was running his own railroad and broke ties with The GNOME Project, I thought he was trying to control delays in upstream decision making.  That made good business sense.

But in the process, he flip-flopped on putting full support behind Wayland turning to creating his 'own' Display driver, Mir.

To make it short and to the point, there is no other Distro which uses Unity.  NONE.

Today, Unity is on an island all by itself.

During the period of 'transition' The GNOME Project came out with initial revisions with GNOME Classic 'fall-back' to keep the malcontents happy.  In each iteration, GNOME made feature enhancements in an effort to continually refine the 3.x shell.

Each major revision, I gave it a try and turned away giving it a 'thumbs down' on usability.

Until 3.12, I didn't like Shell.  It was at that level it became truly usable and ready for prime time.  That was a year ago.

Today, GNOME Shell has reached 3.14 and I have been using it for several months on Fedora 21 Alpha/Beta/RC Workstation.

Even with Alpha, I found myself smiling and laughing at just how well the interface meshed.  It is polished, professional and just fun to use.

Yes, it is fun to use.  I really haven't felt that way in a very long time and I look forward to turning on my PC every day because Fedora 21 Workstation with GNOME Shell 3.14 is just that good.  I would add, Red Hat is the largest supporter of The GNOME Foundation and has worked closely in the design of GNOME Shell.  Red Hat also provides web infrastructure for The GNOME Project.  The relationship is close knit.  The end result is what you see and use.

December 9, 2014, has been promised by the Fedora Team as a 'Go' for Fedora 21 Workstation.  The day will be remembered as when Desktop Computing got fun again.  -- Dietrich

Tuesday, December 2, 2014

Lions, Tigers, Bears, and FBI Warnings, Oh My!

Wizard of Oz Movie (Image credit: prairiecloudware.com)


Seriously, do you tire of seeing major news plastered with warnings about cyber attacks, malware and viruses?

It really has grown to a fever pitch lately.

What stuck in my craw today was a Bloomberg report Exclusive: FBI warns of 'destructive' malware attack in the wake of the SONY attack.

Like, I should be mortified maybe?  Do these 'brainiacs' remember StuxNet?

Would it help to revisit the topic?  I'd rather not, thank you very much.  Please feel free to read the Wikipedia link on the subject.

It was the perfect road-side billboard if there ever was for why Microsoft Legacy (x86) Windows should be abandoned on grounds of National Security.

Sadly, the software industry hasn't changed and quite frankly isn't going to as long as 'big business' is married to a security-flawed 'by design' operating system.

What do I mean by 'by design'?  Microsoft provides undocumented APIs through their Trusted Platform to domestic and foreign governmental agencies (the FBI included) to have unfettered access to any Windows PC without the user's expressed permission.  (Insert sound of crickets here.)

That seems to me to be a major violation of public privacy.  And that's what the public get using proprietary software.  Transparency is non-existent.

Could writing code that facilitates having 'back doors' on to computers exist in the Open Source World?  I should think not!

Well, so far, we haven't seen any.

Of course there have been recent documented attempts by the NSA to weaken string constants in Elliptic Curve Cryptography used by Secure Sockets Layer, but it is a different kettle of fish to write a bank of code, spanning perhaps thousands of lines, dedicated to the specific purpose of providing 'backdoors' without going noticed under the Gnu General Public License for Open Source.  That kind of exploitative code cannot exist in FOSS projects.  Transparency is in full force with 'many eyes' providing the much-needed oversight.  As it should be.

Edward Snowden is correct:


“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on." 

Unlike Open Source, the Proprietary Software Anti-Virus Business gets a boost every time one of these 'sensational' stories comes out.  It's a stimulus to obtain a desired result: the masses run out to buy AV Tools which get immediately installed.  End users fire up their AV tools, then passively watch a pretty widget on screen scanning, despite for foregoing 'backdoor' api.  The asthetic is dispensed  as the user receives a 'false sense of security'.   AV software vendors make billions of dollars in sales annually.  The partnership between Microsoft and AV Vendors is entrenched and the myth lives on.

None of this would have been mentioned if I didn't know better -- it insults my intelligence.

I know full well that if every Windows PC were to switch to Fedora Linux, all of the security issues would be gone.  Zero.  None.

So, please.  Spare me the FUD.  -- Dietrich


Monday, December 1, 2014

MegaSync Your Cloud Data for True Internet Privacy

MegaSync Client for Linux with GNOME Nautilus 'Drag Drop' Support shown on my Fedora 21 Workstation Desktop

Strong Encryption is the only choice to secure the Public's Internet Privacy against unwarranted access.

I really don't know how to make that message any more clear.

You see, ISPs are going to 'feather their own nests' as we bear witness to changing Terms of Service with Google and most recently at Facebook.

Personally, I could not care less about their Terms of Service.

Because, as far as I am concerned, anything put on their sites becomes theirs.  Period.  They can claim otherwise.  It doesn't matter.

Google doesn't want to encrypt your Gmail, or Drive.  Why?  Because 'they claim' it's parsed for Advertising revenue purposes.  Does that seem legitimate to you?

Let me lay it bare for you.

The truth of the matter and what Google won't say is, they profit also from intelligence gathering by parsing keyword triggers that get forwarded to domestic and foreign governmental agencies. That is not Transparency. No, it is outright lying by omission.

Your Gmail and Drive get scrutinized every time you use it.

I've written on how to manage your Gmail using OpenPGP Encrypted Evolution Email on Linux Advocates.

The technique I illustrated renders any third-party's ability to parse clear text useless.

As for Google Drive?  Avoid it 'like the plague'.  MegaSync employs 'zero knowledge' end-to-end encryption and gives 50GB of free space by default.

Mega's strong encryption makes your personal folders and files just streams of block data totally unintelligible, so that Mega doesn't know what is getting stored.

You may recall, the take down of Kim Dot Com's MegaUpload by the U.S. Government.  Kim Dot Com said it was "a death sentence without a trial".

Mega with MegaSync client changes all that.

Now, Mega can reliably claim what is legally termed 'plausible deniability' for what clients store on their site, by virtue of how this method of encryption works.

And, isn't that the way it should have been all along?  Really.  It's nobody's business what a law abiding Netizen stores on the Internet.  It's personal.  It's private.  And Mega fills this gaping unmet need.

In the final analysis, if the government wants to know what is stored in the cloud of an account holder, they need to take out a search warrant issued by a Judge.  Then and only then, should a 'Good Netizen' comply by unlocking their encrypted files.

With MegaSync strong encryption, nobody can see your data without your expressed consent.

MegaSync your cloud data for true Internet Privacy.

-- Dietrich

Saturday, November 29, 2014

Debian Forks as Stormy Seas Lie Ahead.

Johannes Hermanus Koekkoek - Sailing the Stormy Seas (Image credit: imagehere.com)


Seriously, I think some people just have self-destructive personalities.

Such is the case for Debian, where a few souls have foolishly convinced themselves that a Fork is necessary.

For what, exactly?

I submit the big unspoken reason is 'work avoidance'.

It would seem, the majority of major Distros have had no difficulty merging systemd and there are no reports I am aware of that would indicate problems of any kind aside from planned and routine systemd maintenance upgrades.

So, I am thinking, What kind of effect will such a fork have?

Most likely, it will create fear, uncertainty, doubt about whether either Distro is viable and if either should be taken seriously at this point.

Thus, a cloud now has formed over the Debian camp and all indications are that Devuan will be the name of a newly announced Fork.

Will Devuan be taken seriously?  Will there be a fractious split and move en masse from Debian to Devuan?

I am going to say No to both questions.

This marks the end of the systemd controversy at Debian.  Those who wish to leave for greener pastures are welcome to do so.  Debian will continue their slow, pragmatic, sloth-like progress and those who have hitched their wagons to it, will submit to whatever happens.

The cheering for Devuan will eventually reach a crescendo, then fade.  Reality will set in.  A very large volume of work must be done if Devuan will ever come to fruition.  Work avoidance won't suffice this time.

It should come as no surprise, and for good technical reasons, I wouldn't touch Debian with a barge pole, much less a fork of it.

As far as I am concerned, neither has anything to offer that would be considered superior to Red Hat (Fedora ) technology.  For one, Red Hat is fully Linux Standard Base and systemd compliant. Two, it is a commercial Distro that actually makes a 'profit', unlike Canonical Ltd.Ubuntu where Mr. Shuttleworth plucks down an occasional IOU to cover operating expenses so he can keep his insolvent business going.

You see, unfortunately and in retrospect Mr. Shuttleworth made a bad strategic decision early on.

Namely, Ubuntu hitched its wagon to Debian, which, as we all know, now has forked. Canonical Ltd. regardless of their gantt charts, project management milestones, and other various metrics will have to 'cow-tow' to whatever Debian chooses to do.  That, alone, breeds much confusion and has taken its toll.  It even pushes out the planned roll-out of Mir display technology for at least another year (16.04 tentatively).  Unity, the Ubuntu desktop GUI, has become effectively an island unto itself.  None of the other Distros will support it.  Not one.  Mr. Shuttleworth succeeded in only driving a wedge into the upstream development community.  Unlike Unity, GNOME with Wayland is on time, stable, and well supported, particularly by Red Hat.

There is no confusion in the Fedora camp.  It's full steam ahead for the anticipated release of Fedora 21 Workstation, along side the newly created divisions for Server and Cloud, this all being done under the governance and financial assistance of Red Hat.

Fedora is the largest Community Distro and the R&D factory for Red Hat Enterprise Linux.  No confusion exists due to their thoughtful planning and execution.

Stay the course Red Hat, Fedora, stormy seas lie ahead.  -- Dietrich


Fedora How-To: End Unresponsive Applications with Xkill



There are times when I miss KDE, like, when an application suddenly freezes up for no apparent reason.

I wait and try to close the window clicking on the close [x] glyph.  Tap fingers....

Still nothing.  "Sweet Lord.  Please make it stop!", I mutter.

Then I remember that pressing ctrl-alt-Esc would work in KDE to kill an unresponsive application.  Yes!  (Slaps forehead)  That's it.

Presses ctrl-alt-Esc.   Waits.  (insert sound of crickets...)  NOTHING.

So, as I have discovered, Fedora doesn't have a keyboard mapping to xkill, despite having the utility installed.  My Fedora Peeps are you reading this?  For the Love of God, Add it!  Please.

There.  I said 'please'.  I was nice.

Hokay, deep breaths.  Serenity now... ;)

Ready for a brief how-to to show you how to add a keyboard mapping in Fedora Desktop Edition or Workstation?  Alright.  Here goes.

First you need to go to Settings and click Keyboard to create the shortcut:




Then, click Shortcuts:




Click on Custom Shortcut and the plus (+) symbol to add a shortcut:


Name the shortcut "Force Quit" and the command "xkill":


Click Add to add the shortcut.  Then click on the word 'Disabled' and enter the keys you wish to use to activate this shortcut (I've used Ctrl-Escape as Ctrl-Alt-Escape is already mapped to something else):



My finished Force Quit shortcut:



Finito.  Good grief, I am exhausted.  Just kidding.  That wasn't difficult was it?  I hope not.


So, okay, if and when you encounter a frozen application you can now force it to quit by pressing, in my case, Ctrl-Esc.  Directly above, I show Nautilus Terminal after I have pressed ctrl-esc.  Note that the cursor changes shape to an 'x' to signify you are armed with xkill and dangerous.

Assuming you do want to kill an application, position your mouse cursor over the offending application window and 'left-click'.  That should result in the window closing.  Should you decide to cancel, simply 'right-click' at any time and the 'x' cursor will be replaced by a normal mouse arrow.

And that should do it!  -- Dietrich

Friday, November 28, 2014

Customize Fedora's Out-of-the-Box Experience

My Fedora 21 Workstation - Customized


As if I need to tell you, I am 100% behind Fedora.  Those looking for a story on their 'other' Distro can turn away now.

There's nothing wrong with being selective and wanting the best of everything life has to offer, yes?

So, when it comes to Linux on the Desktop, I have put Fedora at the top of my list.  I'll show you my personal configuration and yes it is running remarkably well on my trusty Acer Aspire One D260 Netbook in just 2GB of ram.

I've been on the Fedora bandwagon for nearly a year.  I've watched what other Distro communities are doing and chose Fedora for several reasons.  As for security, there's no better platform than Linux equipped with SELinux, a Linux Security Module (LSM).

With the largest community and having the governance of Red Hat, you can be assured Fedora is going to be around in 5 years.  Safe is not just security;  it's also about stability and longevity.

The 'out of the box' experience with Fedora is quite good.  That is meant to say, one can assume little in the way of post-install configuration is needed.  All bases are covered.

Still, one can put their own personality into adding extra features which is part of the fun of Linux on the Desktop.  There is much one can do--just reach into the Linux parts bin for what you are looking for and bolt on.  Some things require more effort than others.  Let's see what I've done to personalize Fedora Workstation 21.

Fedora chose to break out three products -- Server, Workstation, and Cloud -- in revision 21.  This is no small undertaking and more than trebles the volume of work.  But with careful planning, they will meet their target date for general release, December 9, 2014.

Formerly called Fedora Desktop Edition, Workstation is approximately the same, but the target audience is slanted more towards Student and Developer.  That doesn't make it any more difficult to use -- instead it means the 'mix' of pre-installed applications is slightly different.  What you do is entirely subjective and up to you.  Here goes.

Post-Install Graphical Application Additions



Gnome-Tweak-Tool

As previously mentioned, this tool should be installed by default and as discussed below simply eases making configuration changes.






Gimp
As I do posting to Linux Advocates, often I need access to GIMP and it is a universe unto itself in terms of features for image editing and manipulation.  A must-have for me.







dwb
Fortunately, Fedora Workstation, as in previous revisions, comes with Firefox by default.  This is a pure open source web browser.  I no longer endorse or support Google's Chrome which is proprietary.

I trust that +Tom Callaway will be updating open source Chromium in due course and make it available on or before general release of 21.  I usually keep that on hand for special situations that benefit from using it.  A Big thank you goes to Tom for his hard work.

dwb is my day-to-day browser.  It is lightweight written in C, with webkitgtk bindings and vim keyboard optimizations.  Gear heads will appreciate the vim shortcuts which speeds up everything, besides the compiled C code being inherently super fast.

The version last checked in the 21 repo is from early spring of 2014 and flash isn't working in it.  So, if you are technically inclined, I would suggest getting the dwb-git version with a September 2014 commit number:

[dietrich@localhost ~]$ dwb --version
    This is : dwb-git
    Version : commit 2014-09-20 6a0e483
      Built : Oct 14 2014 13:19:42
  Copyright : (C) 2010-2014 Stefan Bolte
    License : GNU General Public License, version 3 or later

Naturally, you'll need to install the Developer tools that include git, gcc, make and the dependencies listed in the README file and manually with make and make install to fulfill an install of dwb-git.  If you are a true speed geek, it is well worth the effort.


Shutter
Shutter is written in Perl with GTK bindings and ImageMagick.  It is quite useful for special image edit and effects needs.  I recommend both Shutter and ImageMagick to those who are running a website.







Pidgin
Pidgin is a multi-protocol instant messenger GTK program and with the GNOME Shell Extension integration allows one to chat from the shell without opening a Pidgin Chat window.  I prefer it and have used it for years.







Corebird
I've only discovered Corebird in evaluating Fedora 21 Workstation and must say I like it.  This is a GTK Twitter client and it does a nice job of keeping track of those who I follow.





Mailnag
Mailnag is a fairly new Python program with GNOME Shell Extension integration support.  It works quite well in that I use Evolution Email to process my Gmail.  But I leave Evolution closed until Mailnag tells me there is mail.  The notification appears on the top bar with a count for number of emails found.  A python application must be installed and the accompanying Mailnag shell extension.  Opening Mailnag-config, and completing the details for your mail will automatically start a mailnag deamon process running in the background on your system.  I prefer not having Evolution open all the time as it is a memory consumer so go into it only if there is mail to process and then close it to conserve ram.


Under the Hood Non-Graphical System Tweaks



Zswap
Zswap is a Linux kernel loadable module that has been available since version 3.11. It runs resident in its own kernel memory space and compresses data destined for swap to its zram swap 'instead' of your physical swap partition.  When the kernel can put transient data into zram compressed swap, foregoing sending it to slower I/O disk swap space, there is a realized net speed benefit.  This utility is not user-friendly so I would leave it to the gear heads to install it.  There's plenty of documentation on it and I am hoping Fedora will soon upstate the LZO compression method to a newer LZ4 method.

Append the following bolded text to /etc/sysconfig/grub:
GRUB_CMDLINE_LINUX="rhgb quiet zswap.enabled=1 zswap.zpool=zsmalloc zswap.max_pool_percent=80" 

Then, save the changes made to grub and run:

#grub2-mkconfig -o /boot/grub2/grub.cfg

You will need then to reboot your PC to have the zwap kernel module load.

Preload
Preload runs as a deamon and monitors your habits, autonomously preloading applications into ram that are used most often.  This can be advantageous on PCs with less ram (2GB or less), such as mine.  Install Preload from a terminal with the following:

$sudo yum install preload

Then you'll need to sudo to root and type:

#systemctl enable preload.service
#systemctl start preload.service

This sets up preload to be maintained by systemd so it will always be resident on boot.

dconf-edit
This graphical tool allows the edit of gnome settings displayed in a tree-structured hierarchical fashion.  Without it you must use gsettings command line tool.  It's good to have not just for editing but for surveying the entire array of configurable settings available.

htop
I always include htop.  Even though I have system-monitor running in the shell tray, sometimes if I am already in a terminal window, it makes doing things easier and faster.  htop is an Ncurses application.

Wallpapers


I'll just mention that there is a nice array of 'stock' wallpapers that many will find aesthetically pleasing.  For those with special needs, there is a 'Pictures' button at the top of the Background application -- pressing that will open into Nautilus to show what you've downloaded into your ~/Pictures folder for selection (see samples below).  I've had more fun lately with GNOME Shell wallpapers than I've had in a long time.  Find that special wallpaper that fits your mood and sensibility.  Here are some that I like:








Customizations Using GNOME-Tweak-Tool



Most people will not go to a terminal to use gsettings and manually install an extension.  It's only gear heads like myself who brave the terminal prompt for various good and peculiar reasons.  As for myself, I prefer not to torture myself and so commenced with installing GNOME-Tweak-Tool.  It's a curiosity to me as to why this tool is not installed by default.  I hope that the Fedora Community will include it in the near term.

So, once installed you are presented with a nice graphical menu with categories, which I will walk down letting you know what changes, if any, I made in each.

Appearance

I've download a bunch of Themes from gnome-look.org and a couple of them are really nice, but, I keep returning to the default, Adwaita.  It's just that good and so I'll leave it up to you to peruse the themes on the website and experiment.

Before you can install a theme, however, you'll need to install the User Theme extension, which takes two seconds to do.  After installing, reload GNOME-Tweak-Tools and a change will be reflected at the bottom of the Appearance page which will allow selection of a user theme.  The only item I changed on the Appearance page is the Font.  I find Faenza icon theme quite pleasing to the eye.  I don't think it is available (yet?) in Fedora 21 repo, but you can still install it from Fedora 19's repo by typing from a terminal:

$sudo yum install --releasever=19 --nogpgcheck faenza-icon-theme

Desktop

On the Desktop page, I've changed nothing with exception to Background Location (aka wallpaper).  You can change it here or by right-clicking on the Desktop and selecting Change Background, or, by going into Settings and clicking the Background Icon.

Extensions
(Go here to view and select from all the available and compatible GNOME Shell Extensions referred to in this section.)

Bitcoin Markets
If you are using Bitcoin (I have a Coinbase account), then, you might want to know where the price is in realtime.  This is the only shell extension for Bitcoin as far as I am aware and updates on the Top Bar.

Caffeine
Have you had it with screensaver?  Well, fret no more.  Go straight to installing Caffeine and this widget will keep screensaver from kicking in.  It can be clicked on and toggled off/on at will and includes preferences in Tweak-Tool.

Dash to Dock
Dash to Dock takes the hidden Dash from the Activities Overview and anchors it to a Dock to so cause Dash to intelligently display and/or be forced to manually display by putting your mouse cursor on the left margin of your screen.  It also has various preferences and allows on appearance the rolling of the mouse wheel to move through your workspaces.

Frippery Applications Menu
This is a simple menu for finding your applications.  It has a right-click preferences menu wherein one can turn off 'text' which results in just the Fedora Icon showing on the left-most part of the Top Bar.  Installing this menu will remove 'Activities' from the Top Bar.  Putting the mouse cursor into the upper left corner of the screen still triggers Activities Overview mode.

Gradient Top Bar
A simple extension with a singular purpose.  It adds a translucent gradient to the Top Bar.  A nice touch.

Mailnag
You'll need this extension as well as the python Mailnag daemon application.  This extension shows a mail icon reminder when your mail arrives and rings a bell to get your attention.  Highly recommended.

OpenWeather
This is so simple, yet, I find it incredibly convenient.  It sits on your top bar and one-click will trigger it's overlay display of useful weather information.  Clean, professional, appropriate.  Recommended.

Pidgin Instant Message Integration
This extension simply integrates with the message tray and facilitates responding to chat directly in the shell message screen without setting focus to your Pidgin application.  An unobtrusive time-saving addition.

Remove dropdown arrows
This does what is says.  The default down arrow on Applications and Places is removed.  I say GNOME should drop the arrow, but that's just my personal preference.

System Monitor
This extension essentially loads your System-Monitor application resident into the message tray.  Using your superkey-M will show a graphical display of the CPU utilization and RAM consumption.  Clicking either sends you into the full-screen application.  I find this and htop quite informational.

User Themes
If you want to use user themes installable outside of the RPM repo and from a user directory, then you need to install this extension first.  After installing the extension, close GNOME-Tweak-Tool and reopen to reflect the change.  A menu option on the Appearance page, Shell Themes, then becomes enabled.

Workspaces to Dock
Much as Dash to Dock applies additional intelligence so too will Workspaces to Dock.  Moving your cursor to the right margin when running a full-screen application will reveal your workspaces in a slightly enhanced but beneficial format.  Drag and Drop of an application from one workspace to another works seamlessly too.  A must have.  I now find myself using workspaces more than ever, spreading out the applications.  A tap of the super-key reflexively goes into Activities Overview and reveals the Dock and Workspaces as well.


Conclusion


As mentioned, the out of the box settings for GNOME Shell are quite adequate.

But within a matter of minutes you can be up to speed installing Shell extensions, applications and tweaks that personalize your Desktop to your liking.  I have found the experience of using Fedora 21 Workstation quite satisfying and, dare I say, Linux on the Desktop has truly become fun again and rivals the professional feel of commercial counterparts Windows and Apple OSX.

That's Fedora 21 customized.  Get the prerelease here.  -- Dietrich




Wednesday, November 26, 2014

Fedora Linux: The Safest Operating System on the Planet

(Image credit: harrisburghelpdesk.com)


Computer Viruses cannot mount an attack on Fedora Linux.

It's a simple fact that millions of Windows users don't know.  In fact, largely, they don't care.  They assume an operating system, like Microsoft Legacy (x86) Windows, comes with AV software to handle the job of fending off viruses as being 'normal'.

Truth be told, it isn't normal.  And whether or not your AV Software catches a virus can be 'hit or miss' and a matter of timing.

I'll get to why Windows gets infected and why Fedora does not in a minute.

How AV Software Works


AV software relies on the fact that every virus will have its own exploit characteristics and the exploit code that invades your PC has it's very own unique CRC 'fingerprint' that when scanned for and compared to a database of 'known exploits' will get a match on that CRC value, which is a unique check sum number.

The problem with that approach is that some of the more clever viruses once they have compromised your system, intentionally alter their own executing code's CRC value on even an hourly basis so as to avoid detection against an AV database which might update only once a day if you are lucky, or worse, once every several days.

And they effectively sit on your system undetected, flying below the radar of your AV software.


Aged Windows NT Kernel


Even today with the very newest Microsoft Windows 8.1 (x86), the WinNT kernel is the same as those going all the way back to Windows 2000.  That's right.  The same.

Microsoft's large base of installed Enterprise systems are running on that kernel and any major redesign would cause hurrendous interruption of service, which simply cannot happen.  So, they continue with their haphazard patch Tuesday sending out updates to known exploits -- that's ones which they 'officially' have taken corrective action on, and doesn't include zero-day exploits.


Zero Day Exploits Prevail


Zero Day Exploits is another matter entirely.  These are exploits which can attack vulnerable unpatched Windows systems for which there is no official fix available.  The wild is filled with a 'black market' for writing Zero Day exploits which sellers sell to criminals who are intent on circumventing your PC on the promise that a Zero Day exploit will be effective.

Around the World, Windows PCs by the millions are prey to attack and this has become quite profitable for a syndicate of criminals intent on parting you from your money.

Such exploits include RansomWare, which is perhaps the most prevalent and pernicious type of virus.  If a successful attack is mounted against your Windows PC, said RansomWare quietly encrypts your hard drive, then puts a private key lock on it, and, only then, notifies the end-user that their PC is locked until they make payment.  It's become like shooting fish in a barrel and the software is now sophisticated enough to even offer the added convenience of payment by Credit Card!  Nice touch ey?  Terrible.

Windows Security is Not Assured


So, you see, running AV on Windows will not guarantee your PC will remain virus-free.  Nope.  Really, from my vantage point, there's nothing that can stop a successful exploit.

Other attacks include Drive by download where the user visits a legitimate website (which is compromised) and by merely going to your 'favorite' website, it can trigger a silent download from your browser a Javascript tag injection of DLL code which then runs unchecked on Windows.

Policing the Kernel's Actions


Unchecked.  The prime defect in WinNT, the aged 2000 kernel, is that there is NO 'third party' policing of what actions are taken by the kernel itself.

Imagine there being a police officer on sentry 24x7 who not only checks the actions taken by your favorite Application, but also those actions spawned by said Application to the kernel to perform specific system functions.

It is at the instant that an Application spawns a SYSTEM call to the Windows kernel (by the injected DLL of a Javascript attack) that a 'third party' should step in to investigate the discrete granular action being taken.  It simply doesn't happen.  The DLL injected code runs and exploit code at this point can perform any SYSTEM related administrative function.  No one called the police.  Your system is owned whether you know it (RansomWare) or not (SpyBot).

Linux Security Modules - A Better Design


Unlike the flawed design of Windows' WinNT kernel, Fedora Linux comes installed with a 'third party' Policing agent -- generically speaking it's called a 'Linux Security Module', specifically the module that is running is called SELinux.

It is this 'policing' aspect of SELinux that sets Linux apart in design and safety from Microsoft Windows.

Any software design which produces an unintended side effect that the software designer never intended to have happen as part of the feature set of a given Application is a 'bug'.  It is also true, that viruses exploit such a bug to induce the Application to behave in an unintended way.  The goal (induced side effect), is to escalate and gain access to the core SYSTEM function API.

SELinux, when your PC boots, binds to the Linux kernel and then makes a 'hook' into the kernel.  This 'hook' is a pause in execution by the SYSTEM at which point SELinux gets the opportunity to approve/deny what the kernel wants to do, BEFORE, execution can happen.  There is no getting by the 'hook' and so anything which is deemed not part of a normal 'policy' for the application which spawned a child SYSTEM call gets a 'deny'.

The exploit simply is stopped cold in its tracks.

So, this was necessarily verbose.  I apologize.  But it is hopefully clearer to you now why I endorse using Fedora 21 Workstation, because it is truly safe and viruses cannot mount an attack.  Ever.

Get Fedora 21 Workstation Prerelease for free (general release December 9, 2014) today, here.

Fedora Linux: The safest operating system on the Planet.

I stake my reputation on it. -- Dietrich

Tuesday, November 25, 2014

Thanksgiving for a Continued Thriving Linux FOSS Harvest

Happy Thanksgiving (Image Credit: Mepiscommunity.org)

More than ever, we need to give thanks as part of our American yearly custom of celebrating Thanksgiving on the fourth Thursday of November.

It's not about the harvest.  Nor is it about the President 'pardoning' a Turkey or religious proclamations made by Church priesthood in any secular sense.

No, we should not lose sight of what initially formed as the 'Pilgrim' holiday during the early 1600's in New England.  Pilgrim and Puritan immigrants from England brought their traditions to New England in the form of Days of Fasting and Days of Thanksgiving celebration.

It might make more sense to have such celebration following when the 'real' harvest bounty occurs, but history being what it is, the date chosen for Thanksgiving changed over time, most recently to the fourth Thursday of November from the last with a resolution made by President Roosevelt in 1941.

In terms of what we should be thankful for in the Linux Community, I feel the strongest consideration should go to the Gnu Public License from which a great bounty or code base sprang forth.  This bounty remains the stock of open source software that keeps giving of itself over and over, thanks to one Richard Stallman.  We should never forget that without such a novel licensing framework in place, the success of a Linux kernel and its 'moving parts' in the open source 'factory' would not have been possible.

So, remember as you celebrate this holiday that giving back to the FOSS community is essential, or, we would still be under the rigid control of monopolistic proprietary software vendors the likes of Microsoft and Apple.

Thanksgiving wishes go out for a continued thriving Linux FOSS harvest! -- Dietrich