Blog

Signing and Encrypting messages

Have you ever seen those e-mails and news messages that start out with “Begin Signed PGP Message”? Have you wondered what the big deal with those messages is, and what that phrase actually means? Have you wondered how you can get into that? And, to an extent, have you wondered about getting a Digital Certificate, but can’t afford the cost? I have wondered all of this, and more. And, I started looking into it.

What I’ve found out suprised me to an extent, and made me change my habits as far as e-mail and newsgroups go. It may suprise you as well.

Before I started looking into the Signing and Encryption, I used Microsoft Outlook for all of my e-mail accounts, and Microsoft Outlook Express for my Newsgroups. I’m not a fan of Outlook Express (although there’s nothing wrong with it), so I used an add-on called FidoLook. It gave Outlook Express a few of the things that you would hear people demand in the newsgroups. I had looked into PGP-signing, but never found anything that caught my eye. Until one day, I got a signed newsgroup message. I asked for any information on getting PrivacyGuard (PGP) in Outlook, and was presented with this link http://www.g10code.com/p-outlgpg.html.

Although I wasn’t able to configure it in Outlook (because the documentation is limited on their program) I did get it configured in Mozilla Thunderbird. So, I moved my POP3 accounts over to Thunderbird, and some of my newsgroups over as well. I still use Microsoft Outlook for my MSN and Hotmail accounts, but as for the rest of it, I’m a Mozilla fan. I’ve even moved my Calendar over to Thunderbird, although one of my organizers won’t synch with it, so I’ll still end up using Outlook as well.

So, how does Open-PGP work? Well, basically it works like this. You install the software (OpenPGP) on your computer, and create keys based on your first and last name, a comment, and the e-mail address you want to sign. A public key and a private key are created. Now that you have a key, how do you sign your e-mails? If you’re using Thunderbird, you can download the Enigmail extention. If you’re using Outlook, you need to check the site that I listed above out. Other e-mail clients will use other programs or have the ability built into them.

When you create the e-mail, you have a button to sign and/or encrypt the e-mail message. If you choose to sign or encrypt it, you will be prompted for a passphrase that you used to create your keys. When you receive a signed or encrypted e-mail, you can download the sender’s public key from a “keyserver” site. You’ll want to upload your keys to the keyservers as well, so people can verify that you are the sender of your e-mails.

But, signing and encrypting e-mails involves more than just putting a key on a ‘keyserver’. You need to establish a method of Trust between yourself and the senders. To do this, you need to verify the public key with the other person, either at a ‘keysigning party’ or over the phone. Or you need to find another method of confirming that the person is who they sign that they are. The keysigning parties are the best way, because the more people who establish a Trust with you, the easier it will be to prove to others that you are the signer.

So, as you can see, I’ve made a change in how I do my e-mails. Even though I beta test some Microsoft products, if I could view my e-mails in Mozilla Thunderbird easily, I wouldn’t use Outlook at all. There are programs that claim to be able to get your hotmail and msn.com e-mails, but I’m not sure how well they work.

If you want more information on signing messages, let me know. If I don’t have the link, I’ll do what I can to find it for you. Or, simply do a google search (or whatever search engine you use) for Open PGP and GNUPrivacy Guard. That will get you started.

Patrick.

More Adventures in Computing

In the earlier post, I talked about how I tried to install FreeBSD on a Virtual computer, and it didn’t work out as planned. Since then, I’ve installed Debian Linux on both an old Acer computer (AMD K6-200 with 64MB of EDO RAM) and on a Virtual Server. Also, I’ve installed Xandros Linux on a virtual PC.

The Debian installations went fairly well. I did run into problems with installing from the CD on the old Acer computer. But, I decided to reinstall via FTP, and it went smooth. So, when I did the virtual machine, I installed via FTP also. In the end, I wasted about 10 CD’s (as I didn’t need them with the FTP installation).

With the Xandros Linux installation, I chose to do it on Virtual Server 2005. It installed with minimal issues, but when I tried to start the virtual machine up, it would lock up totally. So, before scrapping it, I decided to remove it from Virtual Server, and open it in Virtual PC, 2004. I got the usual warnings that VPC didn’t recognize Virtual Server 2005 (which is understandable since VS 2005 came out after VPC did) and that some settings wouldn’t be used. However, when I finally started the Virtual Machine, it loaded up and started perfectly. As I’m writing this blog post, Xandros Linux is installing it’s first round of updates and new applications in the background.

What do I plan on doing with these, you ask? Well, it’s three-fold. First of all, I’m getting experience in installing and configuring Linux. That’s beneficial because people may decide to completely move away from Windows to Linux, or at least move some of their older computers over to Linux (as opposed to throwing the old computer out).

Secondly, I’m involved in beta testing for Microsoft, so believe it or not, installing and using Linux helps out in that. I’m able to test out their compatibility with Linux (both in Operating Systems and in Virtual Server/Virtual PC) and compare features of each. Certain things that Linux has, Microsoft could incorporate in their own way, and vice versa.

Thirdly, if I find a version of Linux that I really like, and if it will work on my older computer (or an older computer) I’ll probably start using it more. And eventually I’m hoping to learn C++ programming (along with Visual Basic and other languages), so I could possibly create applications that are able to be used in both Windows and Linux. Also, when I learn how to program in C++ or other languages, I could create my own modification to Linux and other Open Source programs.

There is a fourth reason that is similar to the first reason. Because Linux is based on the Unix Operating System, by learning how to work in a Linux environment, it’s helping me to learn how to work in a Unix environment. This will help me to do well in my college courses, and to achieve my degree in Microcomputer Information Technology.

So, keep an eye on my blogs. As I get working with Debian and Xandros, I’ll post screenshots of what I’m doing. And, eventually I plan on creating a couple of step-by-step guides in installing and using them.

Patrick.

Microsoft is up to some good things…

Microsoft hasn’t been sitting around taking a summer vacation this year. As most everyone knows, Longhorn is scheduled to go into beta soon. And some of the more recent builds have been made available to select people (legally). No, I’m not one of them, nor am I a tester for Longhorn. But, Longhorn isn’t the only thing on Microsoft’s plate this summer…

The MSN Division of Microsoft released version 7.0 of their MSN Messenger Instant Messaging program recently. Although it has a few notable ‘bugs’ in it, the program is a much improved design over the 6.x versions. Some of the features that were included in 7.0 are the ability to sign in as a status other than “online” (this includes Offfline), “Offline messages for Mobile users”, Video Conversation and improved Audio/Video capabilities, integration with MSN Spaces (their new blog site), “Contact Cards” which are an improved version of the properties option, Winks, dynamic display pictures, and more emoticons (just to name a few items).

For the Small Business owners out there, Microsoft is releasing their SBA (Small Business Accounting) program soon. This will compete with Quicken Quickbooks and PeachTree Accounting’s programs. I haven’t used Quickbooks or PeachTree’s programs, but I can tell you that compared to Quicken Home & Business Premier, SBA has a nicer interface, and an all-around better system (IMHO). The program uses Microsoft’s Business Contact Manager to synchronize with Microsoft Outlook 2003. That way, you can keep track of your customer information regardless of which program you need to access it from.

On the security front, Microsoft has been grabbing everything it can. They have released the final “RTM” version of their Baseline Security Analyzer 2.0, and are in the Beta2 stage of their Microsoft AntiSpyware Beta. Both programs are important tools in keeping your computer/network secure. Whether you’re running a computer with Windows 2000 or XP Home to a server running Windows Server 2003 with Active Directory, these tools will go a long way in making sure that your protected. MBSA will even allow you to scan remote computers using information from the latest version of the Windows Update known as Microsoft Update, and will allow you to create Visio diagrams showing the security status of your network or computer.

Finally, speaking of Windows Server 2003, Microsoft has released Service Pack 1 for the Operating System, and is working on their mid-cycle release, R2. For persons interested in server Operating Systems (whether it be for personal use, or corporate use) you can check out the R2 information in the technet section. And, you can even download the public beta version to try out. R2 is bringing improvments in everything from Active Directory to Branch office networks, to Print Servers. And even more than that. To find out everything that is being improved, you’ll need to check out the R2 section in the technet area.

These are just a small portion of the things that Microsoft is working on this summer. As more products are released, and more public information is brought out about products in beta, I’ll report what I can about them. So, as you can see, it’s not just about Longhorn– it’s about a whole plethora of things…

Until next time,
Patrick.

Have Idle Processor will compute…

Ok so it seems like a strange name for a topic, but it’s true. Unless you’re opening a program, burning a CD, or doing something extremely graphically intense (yes, I’m sure there are other times as well), you’re only using about 7% to 12% of your total Processor power. So, the rest of the CPU (Processor) power is sitting there idle. They say “Idle hands are the devil’s work.”

I’ve discovered a couple of programs that make good use of the procesor power that is sitting idle. One is called folding@home and the other is called seti@home. Folding is using your processor to ‘fold proteins’ in order to discover how they work on a genetic level. Sounds like scientific mumbo-jumbo to you? Well, the theory is that if they figure out how the proteins work on the genetic level, they can use that to counter diseases such as cancer and HIV.

Seti@home uses your processor to analyze radio signals that they have received. What exactly they’re looking for, I cannot say for certain. However, the belief is that they will hear some signal that proves life outside of our planet. (For some reason, the song “Children of the Sun” comes to mind).

I currently have both folding and seti running on the computer that I’m using to write this post. And, since it’s my main computer, I use it for everything. But, regardless of what I put to this, both of these programs run like champs, and they don’t tax my processor very much.

So, why am I blogging about this? Because both programs are very worthwhile causes. You never know… That one signal your computer processes, could contain the magic words that SETI is looking for or, it could be the right ‘fold’ to show how HIV attaches itself to your cells. On a more realistic scale, your processor is helping to create a super computer which is how the programs do their work. It’s like you are hooked to thousands or millions of other computers, and you’re all working as one.

I’m also blogging this, because I’m looking for a good team to join up with. I realize that my computer is just a tiny ripple in a giant pond, but my ripple can help to move a ship. So, if you have a team, and are looking for more people, I’d be interested in contributing what I can to help you out.

For anyone else that happens to read this, I’ll give you the links to folding and seti, so you can check them out. I should tell you that folding will run on an ancient computer with only 64MB of RAM (although I’ve seen snails run faster). SETI, however, is a little more demanding.

Here are the links for you. Folding@home is located at http://folding.stanford.edu and Seti@home is located at http://boinc.berkeley.edu/. I hope that people will join in the causes, and help make a difference.

Patrick.

Adventures in Computing..

Well tonight I’m installing FreeBSD on a Virtual Machine using Microsoft’s Virtual PC,2004. Hopefully it goes well. Why am I doing this, you may be asking? Just to try it out. I use Windows every day, and have upgraded from Windows 95 to 98SE to Windows 2000 and Windows XP Professional. I’ve even installed trial versions of Windows Server 2003 for testing purposes. But, at the same time, I’m interested in Linux, and other Operating Systems.

If all goes well, and if I can find applications that work on FreeBSD (or Linux) and that I like, I may actually switch to an extent. I’ll still keep my computer set up for Windows, but I’ll probably do most of my work in the Virtual PC. Also, I have an older computer that I’ve installed Windows 98SE on. If I like FreeBSD, and if it will run on that computer, I may switch it. One of the considerations in that is whether I can find a copy of folding @ home that will run on Linux or FreeBSD.

As the installation continues, and my experience happens, I’ll post entries for this. If anyone has ideas of good applications that I can run on FreeBSD, feel free to drop me a line or a comment. Also, if you’ve used FreeBSD in the past, please share your experiences (both good and bad) with me.

Patrick.

Update: The installation of FreeBSD on a Virtual PC didn’t work out as planned. For some reason, I could never get the mouse to work right, and I also couldn’t get it to log in correctly. My latest venture is to install Debian Linux on either an older Acer computer, or on a virtual computer (or both). In the next few days, I hopefully will have results from this venture. And, hopefully they’ll be favorable.

BBC NEWS | Education | How schools can get free software

BBC NEWS | Education | How schools can get free software

This article in the BBC news shows exactly how Open Source combined with proprietary software works in a school system to cut costs in half. In fact, the school mentioned in the article plans to phase out Microsoft Windows completely in the future. Whether this happens or not, remains to be seen.

It would be encouraging to see school systems and other organizations inside of the United States trying this as well. I’m not a total advocate of completely eliminating so called ‘closed source’ products from the picture. But, where it’s more cost-effective to use the Open Source version, I think that’s the route organizations should take.

Just think…. States could lower their budget deficits, by switching to Open Source models for their systems. It probably wouldn’t be a tremendous lowering of their deficits, but I’m of the opinion that every little bit helps. And, the effects probably wouldn’t be immediate. But, they would be seen over the long-term. Simply becuase money that would have been spent paying for upgraded versions of Server and Desktop Operating Systems wouldn’t need to be used for that. So, it could be put to something more important.

I encourage people to read the article, and if they think that it’s something feasible, they should write their State Legislature and Governors about it. And do more research into both the costs of Open Source and ‘closed source’ programs.

Patrick.

CNN.com – PC makers, distributors pass on Windows XP N – Jun 24, 2005

CNN.com – PC makers, distributors�pass on�Windows XP N – Jun 24, 2005

Ok, so Microsoft released their version of Windows XP without Windows Media Player in it. My question is this. Will anyone actually buy it? And if so, why? As was mentioned in the article, you can uninstall Windows Media Player easily enough in XP. So, what is the big deal about having it or not? I would have thought something like Internet Explorer would have been their bargaining point, since you can’t uninstall it.

I’m one of the rare people who likes both Windows and Linux. And, I think they should, not just can, live together in a world (or home). And, in fact, if you check out sourceforge.net, you’ll see a lot of examples of where programs are being created to work with both Windows and Unix systems (including Linux).

The one thing the EU is asking for, that I highly doubt we will ever see, is the releasing of source-code for Windows. The EU is asking that Microsoft release this source code to competitors, so they can design products that will better communicate with the Operating Systems. Since the biggest competitor of Windows is Linux, you won’t see this happen. Because in order for the Linux community to create the Open Source versions that will communicate with Windows, they would have to release the source code as Open Source. Otherwise it would force some companies to close the source code for their versions of Linux.

Back to the original article, the computer manufacturers mentioned (Sony and Dell) won’t be putting XP N on their computers as a standard, and quite a few stores in Europe don’t even plan on stocking the software. The version is being offered at the same price as the full-featured version. So, given the options, people will buy the full version anyhow.. Since, in their eyes, you’re getting more for your money.

I can see where this is going next. The EU is going to complain that Microsoft shouldn’t be charging the same price for the XP N version, as they are for the regular XP.. Since it’s not the “full version” of the software. So, facing more lawsuits, Microsoft will probably lower the price, and a few more people will purchase it, since they can’t afford the regular version. One question that hasn’t been answered is this. In order to use Media Player, you have to download the one you want to use. Is the download free? I know RealPlayer isn’t. And WinAmp may be, but they limit it in some ways (their Pro version, for $14.95 USD, offers the ability to Rip/Encode MP3’s and Burn CDs up to 48x).

I still can’t see how this is a victory against Microsoft’s “monopoly”. Because in the end, the only true “Free” Media Player out there, other than Open Source ones, is Microsoft’s Windows Media Player. So, people pay for something that doesn’t have the program, then download it for free. But, they’re not getting any bargains. Because they’re paying the same price, whether it’s installed or they download it.

Let me know your opinions on this. And, let me know if you’re planning on buying the “N” version or not.

Patrick.

Commercial Software vs. Open Source software

Lately the debate has been whether to purchase commercial software, or use Open Source (essentially free) software. Before that can be answered, it’s important to know what each is, and what each brings to the table for you. Companies who specialize in Proprietary (commercial) software would like to see you only use their type of software. And, the Open Source community would like to see you go strictly Open Source. Yet still there are others who believe that the best practice is actually a combination of the two.

So, what is commercial software, and what is Open Source software anyhow? Commercial software is considered “Closed source” because the creators do not want to reveal the source-code behind the programs. This is due to different factors, such as the idea that if they reveal the code, then someone else will make the same software for free. Which means, you’ll download that, instead of purchasing their version. Another factor is the belief that if potential hackers or malware creators have the original source-code, they can find the ‘holes’ and exploit them faster than the software creator can fix them.

Open source on the other hand, believes that the source-code should be freely available to modify as the user sees fit. However, the original author still retains the copyright and ownership to the code. Some of the projects are collaborations consisting of many people, who don’t necessarily know each other. They just all have the same goal of making their piece of the project work. The Open Source community also believes that by having the code freely available, potential security issues and other “bugs” will be fixed faster. It’s kind of the theory of four eyes are better than two (or in some cases, thousands of eyes are better than two).

In the first paragraph, I labeled Open Source as “essentially free”. This is because the person creating the software (or people modifying it) can sell the software (or support for it). The difference is, they have to provide the source-code, and credit the people who wrote the source-code they used (in the case of modifications). An excellent example of this was RedHat Linux up to version 9.0. RedHat offered the source-code, and the Operating System for free. However, if you wanted a boxed set, including printed manuals, and support, you had to purchase their Enterprise Edition. This still holds true today. RedHat offers the “Fedora Project” as their free version of Linux, and their Enterprise Edition (with updates and support) as their paid version.

So, which is better? In reading what I’ve posted so far, you’re probably going to say “Open Source” without a doubt. But, there are other things to consider. The commercial versions (especially the software created by Microsoft and their partners) are extensively tested on Windows. And in the case of Microsoft, the developers of the software have access to the source-code of the Operating System(s) that they are intending to run the software on. And, the commercial software company can afford to spend money on good technical and customer support for their software.

In future posts, I’ll explore this a little more. I will also include the “5 Myths of Open Source” as published in the Enterprise Open Source Journal.

As always, I welcome your comments and clarifications in this post. And, thank you for taking the time to read through this.

Patrick.

Breach affects 40M+ credit cards – Jun. 18, 2005

Breach affects 40M+ credit cards – Jun. 18, 2005

CNN.COM reported yesterday that Card Systems Solutions, which processes transactions for Visa and Mastercard was hacked into on May 22.. The hackers gained access to the credit card information for approximately 40 million customers. Approximately 13.9 million MasterCard holders and 22 million Visa holders were affected by this.

MasterCard has notified the financial institutions that hold the accounts for affected customers, and Visa is monitoring the transactions on their affected customers for suspicious activity. And, as always, you are protected against fraudalent activities on your card, through their zero-liability policies.

In light of this, should you stop using your credit cards online? No, I don’t think so. There’s no guarantee that the transactions the hackers monitored were online transactions. Even the purchase you make at your local grocery store or Burger King goes through a computer system somewhere. This is about the same as the old worry about the clerk keeping your carbon copy after you walked out the door. It shouldn’t stop you from using the credit cards, but it SHOULD make you more careful about how you use them.

Just because Visa and MasterCard are monitoring your account for suspicious activity, doesn’t mean you don’t have to. You should be checking your statements every month, to compare your list of purchases with theirs. And, you need to keep all of the receipts from your credit card transactions for at least three to six months. I’m saying three to six months, so you are guaranteed that it will show up on your statement while you still have the receipt. If the purchase is for commercial uses, you already have to keep the receipt longer for your taxes.

Below are a few more links from the CNN article about how to protect yourself from identity theft, and credit card fraud. And, with that, I’m off to newegg.com to buy the latest computer gadgets that I don’t need.;)

Patrick.

The related links in the CNN article are….

Fund Clients vulnerable to ID theft?
ID theft: The Real Risk
Damage Control for Identity Theft
Choice Point: More ID Theft warnings

****UPDATE******

In a related story http://www.cnn.com/2005/US/06/19/credit.breach.ap/index.html MasterCard announced that only approximately 68,000 cardholders are considered a high risk. And, also that they have checks and balances set up to monitor and detect fraudalent activities. That was how they became aware of the situation.

Visa, Discover, and MBNA declined to give specifics about their cardholders. American Express did say that a few of their cardholders were affected, but didn’t disclose how many.