Categories
GNU/Linux Free Software & Open Source

PRISM Break: A list of resources for privacy and freedom

Unchained

With the recent news scandal about the NSA surveillance program code named PRISM more people is starting to question their use of cloud services thinking about their privacy. I’ve talked about free network services and ugly cloud stories but this is the ugliest of all stories going mainstream.

The autonomo.us group was focused in producing free network services and established the “definition” of what makes a free network service with the Franklin Street Statement. There is also a big list of self-hosted software you can use to replace most of the popular web based applications and services.

But in addition to that list, Peng Zhong created a web site called PRISM Break with a nice and easy to understand list of software, both desktop and web services to help protect your privacy.

I’ve already been using several of these programs and discovered new ones. It might be scary to run your own instances of web services or change the software you’ve always used, but freedom and privacy are worth a shot. I hope these list gets bigger with new software developments and current offerings get better as more people use them and get more attention.

Categories
GNU/Linux Free Software & Open Source Tutorials & Tips

Protect your personal information privacy with GPG encryption

Secure Cloud Computing

Political scandals have always been about leaked information. Don’t
you wonder why sensitive data has been passed around in clear text on
the leaked cables that Wikileaks has been making public, while your
latest SpongeBob Blu-ray or DVD disc is encrypted with DRM locks and
transactions like your book purchase at Amazon is secured and
encrypted by SSL certificates?

Encryption has been overlooked by general public all the time. You
only hear about it in “hacker” films or breaking news scandals. Although
encryption is commonly associated with hiding secrets, when in fact
it’s more about securing information. When you change the mindset
you’ll start considering encryption as something more relevant for
your everyday digital life.

For example, the cloud storage service Mega has encryption built in, after the
lessons learned on the data kidnapping of MegaUpload servers. This is
for the protection of both parties, the service providers and
yourself, the user. This way, only you can open the files and not even
Mega employees can know what is in your storage account. Dropbox,
Google Drive and other services don’t provide the same level of
security, so basically anyone that has access to those servers can see
your personal information.

There are many types of encryption methods. One of them is called GPG
(initially PGP but the free software version is known as GPG).

GPG is a two key system, where you hold a private key and a public
key. The way it works is that you encrypt a file with someone’s public
key and send it. On the receiving end, the other person has a private
key, and only with the private key the message can be deciphered.

Public keys can be obtained from the person directly through a file
transfer or email attachment prior to encrypted communication. Some
people, like me, publish their public keys on their personal web
page. The most common method to get a public key is to search it on
key servers. Most GPG GUI programs have the option to search, download
and upload public keys on key servers.

Encryption jargon

So to get started with protecting our data using encryption, you’ll
need to learn the basic concept words:

Encrypt

A blue lock for George

Encryption will protect the contents of the file, image, text or
whatever is being encrypted, so that only the owner of the private key
can view it.

If you want to protect a file only for your eyes, encrypt
it with your own public key.

Decrypt

Lock

This is the process of removing the encryption so that you can view
the contents of the protected file. This can only be done if the
contents were encrypted with the public key of the person who’s
supposed to see the information.

If someone sends you a file that was
encrypted with your public key, only you, who has the private key, can
decrypt the file.

Sign

Autograph

Sometimes the only layer of protection you need, is to make sure the
contents of a file or email were not altered between the time you send
it and the time it is received by the other person.

It also works as a way to make sure that a message is coming from you,
since you need your private key to sign the file and only you have
access to it.

Signing a file or text is a mechanism to know that the contents are
intact. This does not hide the message itself, it only adds a
signature to the file to ensure that every bit is in place with no
modifications.

Verify

Goodbye, Sammy. (With Flickr notes)

This is how you check a file or message’s signature for authenticity
and integrity. If the signature doesn’t match, it means that the file
has been altered or didn’t came from the right person.

You can sign or encrypt a message or file. Signing doesn’t hide the
information but it helps to certify that the information hasn’t been
modified by anyone else before reaching you. Encrypting will hide
the information so no one can see the message or file’s contents.

Setup

SSL

To setup GPG on your system, you’ll need to generate your public and
private keys. Any GNU based system is compatible with GPG (GNU Privacy
Guard). Most GNU/Linux distributions are already bundled with the gpg
command-line tool. If not, on a Debian-based distribution you can
install it with:

sudo aptitude install gpg

Generating your keys

Keys.

After you installed gpg on your system, to create your keys for the
first time, all you need to do is open a terminal and type:

gpg --gen-key

This will start a step by step process with some simple
questions. When in doubt, use the default options by just pressing
Enter. Don’t fear the command line, it’s just text.

When asked for a passphrase, note that GPG is not asking for a pass
*word*, it’s asking for a pass *phrase* so make sure it is longer than
one word and an easy to remember sentence.

Once that is done, you can check your list of keys with

gpg --list-keys

Key search and import

If someone hands you their public key on a file, you’ll need to import it to your keyring to use it:

gpg --import key.asc

The key.asc is the file with the public key.

You can also search for someone’s public key on key servers

gpg --search-keys [email protected]

After the results, the GPG will ask which key you want to
import. Select the key from the results list by their number at the
beginning.

Basic usage

Security

Encrypt

To encrypt a file, first you need to import the receiver’s public key,
then you can use it like this:

gpg --encrypt --recipient [email protected] my_message.txt

This will generate a file my_message.txt.gpg which is the encrypted
file you’ll want to send.

Decrpyt

To decrypt a file, the sender must have used your public key. You can
use whatever name you want for the output file, in this case
“my_message.txt”

gpg --output my_message.txt --decrypt my_message.txt.gpg

Sign

To sign a file you use this command:

gpg --armor --detach-sign myverifiedfile.zip

This will create an additional file called ‘myverifiedfile.zip.asc’
which is the signature to verify the file. Send both files to the
receiving end.

Verify

You receive two files: the data file and the signature file. You can
verify the signature with this command:

gpg --verify signature_file.asc myverifiedfile.zip

Frontend tools

If you’re on GNU/Linux and using KDE you can install the user interface KGPG

sudo aptitude install kgpg

On Gnome, you can use Seahorse

sudo aptitude install seahorse

For graphical user interface options on Mac OS X and Windows, you can
check the GPG website.

These GUI front ends will integrate well with your desktop
environments, so you can easily encrypt, decrypt, sign or verify files
from the file manger right-click menu options.

GPG and Email

The easiest way I can recommend to use encryption with email, is with
Enigmail, an extension for the Mozilla Thunderbird email client. It
integrates very well and makes it easy to sign, encrypt, verify and
decrypt email messages.

In case you haven’t generated any keys, Enigmail will help you
generate them with an easy step by step graphical Wizard.

locks

I hope this guide helps you know more about encryption and how to use it. And remember: Encryption is not only about hiding secrets; It’s about protecting your personal information.

Categories
Emacs GNU/Linux Free Software & Open Source

Paying for a text editor

programming

Lifehacker published an article about how a plain text code editor called Textastic rivals the famous Textmate in features with a lower price. I find this kind of articles a bit funny when the “fathers” of almost all text code editors are Emacs and Vi, both of which free as in freedom and cost. Why would anyone pay for a proprietary product that has only a subset of features from these two? It’s beyond my comprehension.

I can understand it a bit more when comparing text editors to IDEs like Eclipse, Netbeans or Zend Studio, which have their unique connectors and fancy things to debug stuff (like the whole Android development kit, which is, by the way, also available at no cost). But when talking about text editors, I really don’t see the advantages.

In this case, since I’m an Emacs user, I can only compare to that. If you’re a Vi(m) user, leave some tips in the comments.

On the features mentioned in the article it talks about code completion and highlighting for “many popular languages”, when Emacs has that for those, plus the unpopular ones. Both Vi and Emacs run on the three major platforms (Gnu/Linux, OS X and Windows) and there are some mobile versions of them too. In any case, you can use them through a remote terminal on your device. Autosaves and versioning are built in on Emacs since I don’t know how many years ago, it also has theming since about two years ago. Emacs also supports “textmate snippets” using YaSnippet mode. To manage files I haven’t seen anything more powerful than Dired mode and you can even view images and PDF files inside your text editor.

There is so much more you can do using Emacs as your text editor. The advantage of learning one tool for many tasks is that you won’t need to relearn new commands, workflows or keyboard shortcuts. But there are also many other alternatives: Vi, Nano, Kedit, Gedit, Notepad++ and the list goes on.

So my question still remains: Why do people pay for sub-par products when better options are available at no cost?

Categories
GNU/Linux Free Software & Open Source

Free & Open source web based Google Reader alternatives

Google Reader logo

Google has announced that they are terminating the Google Reader application. I’ve written before about the risks of depending on web services, and well, for those users of this service, it is time to look out for options. At least they play nice and thanks to the Data Liberation Front you can export all your data for other services.

Google Reader will not be available after July 1, 2013

I’ve seen many posts about alternative RSS feed readers out there. But when they talk about open source feed readers they refer to desktop clients, and when they don’t make the freedom distinction, they mention proprietary web services. But these days, with all the mobility and multiple devices, who wants a desktop feed reader?

If you are worried about another web service you love to use might go dark in the future, there is hope. Here are some good free and open web based RSS feed reader clients you can use as Google Reader alternatives and host them yourself.

Newsblur

Newsblur

A very nice looking site, with responsive design for mobile devices. You can also mute or feature certain articles based on tags found in the content. Written in Python using Django, Celery, RabbitMQ, MongoDB and PostgreSQL.

Lilina

Lilina

A PHP 5.2 based web reader with a simple interface. You can run it easily on any cheap shared hosting service.

Tiny Tiny RSS

Tiny Tiny RSS

It has a user interface very similar to Google Reader. It supports Authentication for reading protected feeds. Written in PHP 5.3 and supports MySQL and PostgreSQL databases.

Open WebReader

Open Web Reader

This is another PHP 5 based feed reader, with a little more elaborated user interface. Supports multiple users and the developers seem proud of their code being OOP and using the MVC pattern.

Yocto Reader

I know little about this one. The project’s web page is offline, but the code can be obtained from Debian repositories.

sudo aptitude install yocto-reader

Conclusion

Switching from Google Reader to another proprietary feed reader service makes little difference. It doesn’t solve the real issue, just solves the short term need before that other service decides to terminate the service as well or something weird happens. Hosting your own web based feed reader will provide you with the convenience of having your feeds available from any device anywhere, and be in control of your data and applications.

Categories
GNU/Linux Free Software & Open Source

My Mediagoblin instance with better image quality & EXIF data

GNU Mediagoblin logo

In my continuous attempts to free myself from proprietary webservices and run my own Free Network Services, I’ve finally set up my own GNU Mediagoblin instance. This is a multimedia gallery project to host, show and share several kinds of media files, like images, videos, ascii art, SVGs and even 3D models. From the Mediagoblin site it describes the project as:

MediaGoblin is a free software media publishing platform that anyone can run. You can think of it as a decentralized alternative to Flickr, YouTube, SoundCloud, etc.

One thing I noticed was that the quality of the images was not good. I enhanced the quality of the image resizes done by default and the improvement was noticeable. It’s still not as sharp as Flickr’s quality yet (I don’t know how they do it) but it is cleaner and with no artifacts.

Mediagoblin thumbnail quality before
Thumbnail quality before

Mediagoblin thumbnail quality after
Thumbnail quality after

Mediagoblin Full image before
Full image before. You can notice lack of sharpness and some artifacts around the guy’s hat
Mediagoblin Full image after
Full image after, much cleaner and sharper image

Also I’ve enhanced the way the EXIF info is presented. I added a camera settings section that shows key relevant info most photographers are interested in looking at: what camera was used, when the photo was taken, exposure, aperture, ISO and focal length. By clicking the “Additional Information” button you can now see all the EXIF information on the file that was previously being omitted.

Mediagoblin camera info panel
Mediagoblin camera info panel on the right

I hope my patches get accepted upstream and I plan to continue working on the project as I find it very useful. The planned features for future releases I’m eagerly waiting for are the API and the multiple file upload. That way I can post more of my content easily and maybe write a script to import all photos from Flickr. That would be nice.

Categories
GNU/Linux Free Software & Open Source Programming & Web Development

Free virtual box & other VM images to test website in IE

Cross platform IE testing

Testing your web design in multiple Internet Explorer browser versions is now easier. I’ve written before about how to test your website in IE using GNU/Linux machines. But now the process is simpler since Microsoft has finally began to distribute cross platform virtual images for testing against IE browser versions.

Of course, nothing from Microsoft can be well done. Not even something as simple as a zipped VM image. So they have put up a message saying that they’ve had problems unzipping the files in OS X and GNU/Linux and they recommend some specific programs to open it up. Not a big deal though.