Category Archives: Technology

Posted on
by

One of the hardest things I’ve found during my ongoing process of PRISM breaking my life, was securing my communication with others, especially via email.

Interestingly, this has very little to do with technical reasons; Email encryption is a faff, true, but there has been a lot of work to smooth over the rough edges (and it’s certainly not a big ask for technical people like myself). There are OpenPGP plugins for most clients these days, and technologies like S/MIME are universally supported and almost completely transparent in every day use.

The main problem is that nobody else seems bothered, even technical people, so my tactic here is really just to keep going on about this like a broken record…

Even if you think you have got “Nothing to hide…” (the canonical example of a bullshit argument if ever there was one), you should be encrypting your communication.

Consider that ECHELON, the forerunner of PRISM, has been used for industrial espionage in order to give American companies a competitive advantage, if your business has an American competitor (or Chinese or Russian or French for that matter), do you really want them knowing about the deals you’re working on?

Or to put it all more succinctly; when you send a letter, why do you put it in an envelope?

Of course, if the person you’re emailing is using Gmail or Hotmail you’re doubly screwed, so perhaps it’d be better to give up on email altogether… and to some extent I have, and now do much of my communication via IM, certainly if it’s anything confidential.

Skype, we know now is monitored, so that’s out, as to is Google Talk, however both can be secured by using a technology like OTR, which is much less of a UX nightmare providing you use a talk client rather than Google web interface. I’ve at least had some success in getting people to secure their chats, but there’s still a long way to go.

As an aside, it is relatively trivial to run Jabber on your own server and communicate with other users on other servers (like google talk) entirely transparently. This doesn’t do much to secure your communication unless both sides of the communication have done this, but running your own stuff is all for the good, and hey, it means you’re not a whoever@gmail!

Onwards…

Posted on
by

Unless you’ve been living under a rock, you’ll know by now that government agencies around the world are watching everything you do online, collecting this data and using it for various undisclosed purposes. Even before then, we knew that various private companies were harvesting data on us, and we could only hope that the worst they wanted to do was sell us things.

To say I wasn’t comfortable with this arrangement was something of an understatement.

So, I used all this as a spur to get my data out of NSA/Big Corporate controlled systems and onto FOSS based platforms that I own and control.

Starting Point

I was somewhat fortunate in regards my starting point. I had never bought into gmail, so my email accounts are hosted by a private mail server, to which I connect over an encrypted link. My main server, which hosts, among other things this website, is run of a private server in Germany.

My main computers at home are Linux based, and I already make extensive use of encryption; I use DNSCrypt to secure my DNS lookups from prying eyes, have HTTPS Everywhere and Adblock Plus installed on every browser, and secure sites with HTTPS (made considerably more affordable by StartSSL’s provision of free SSL certificates), and private code is hosted on my gitolite (nee gitosis) install rather than Github.

However, I still made use of services like Dropbox and Google drive, talked on Google chat, and use Google analytics for tracking.

The low hanging fruit…

The first thing I did was to grab and install a whole bunch of free certificates from StartSSL to remove the browser warnings from a bunch of the non-user facing sites that I run. This was important since the browser warning encouraged people to click through errors, and since the site always generated an error (even thought the site was being encrypted) it would be very vulnerable to MITM attacks.

Once this was accomplished I installed ownCloud, with the client software configured to talk only to the HTTPS endpoints. This was painless, and basically just a matter of downloading and installing the server software on a subdomain for it (the latter isn’t strictly necessary, but I like having things separate like that). The ownCloud client works exactly like the dropbox one, and is available for Linux, OSX, Windows (and a paid for one for iOS – presumably to drum up some money for the project – but it’s only a few pence).

Next, I started moving my sites away from Google Analytics. The open source world has moved a long way since I last looked at this, and Piwik, the best of breed, is very performant. Again, it was just a matter of installing the software on my server and then changing the embed code on the various sites. WordPress has a very functional plugin that integrates nicely with most themes.

The last easy thing I did was to change my browser’s default search engine from google to Startpage. The reason I picked Startpage over DuckDuckGo (which is the other main alternative) is twofold, firstly, the engine piggybacks off of google (but with identifiers removed), and despite while Google profile you for the NSA they still built a damn good search engine. Second, as a US company based in Pensilvania, DDG falls squarely under the sinister shadow of the US Patriot act and FISA, so, regardless of what they do now, they could still be forced to start spying.

Next, the harder stuff…

Update: while at the time of writing the, events in the pressure cooker article, linked above, were believed to be the result of active surveillance on the part of google, it now turns out to have been the result of an employee tipoff. Nevertheless, it seems nightly unlikely that this honeypot of profiling data isn’t being actively monitored, given how much other stuff is, although at the moment we have no evidence. This is one of the things that makes the Snowden revelations so frustrating.

Posted on
by

So, this weekend, I ran in the Spartan Sprint, the event I and a few friends were training for over the past month or so. The Spartan sprint is a 5KM long obstacle course, which was tiring, but very very fun.

I had my Go Pro strapped to my chest and got some great footage, which I edited together into a little video (which I’m quite please with, especially as it was a first attempt put together in a hurry).

I am aware this post digresses from my usual technology focus, but watch the video and I’ll bring it back to the point in a minute.

Right.

I put this together with Apple iMovie on the Mac Mini I bought so I could do some iOS development. Previous attempts at editing video using FOSS tools had been painful, but iMovie was a total dream to use – simple and intuitive interface, I could add and edit the soundtrack, there was a bunch of handy effects. Obviously, it’s not a professional edit suite, but it was more than enough for me to hack together a little demo video on an evening.

However, I’m pretty pissed off. For two reasons.

Firstly, FOSS… pull your finger out! Video editing on Linux is absolutely horrific… sort it out.

Secondly, Apple have made the wonderfully intuitive and simple application that works really well. So what the hell is the excuse for iTunes?

You have none, Apple.

The UX is ropey and inconsistent, it is bloated and needs to be updated every ten minutes, and my biggest gripe; if you have your music library on a network drive and forget to mount it before starting iTunes, it’ll forget it entirely and then force you to factory reset your phone before it’ll let you do any updates.

I know this is down to the DRM Apple was forced to build to get music industry buy-in on the iPod concept, but it’s 2013 and if DRM went away tomorrow, the music industry would not pull everything out of the iTunes store. So, why are you making my life suck Apple? Why did I have to buy a new MP3 player just so I could update my playlist and avoid having to run iTunes?

You make some great stuff Apple, so why does iTunes suck so hard?