Categories
personal

Setbacks as opportunities

Q0CuEJU

Just when life is becoming stable, life shakes you up. This time, three people broke into my house and stole most of my gear. And by gear I mean my photography gear, our computers as well as some jewelry. We came back from a small trip to downtown and the door was busted open, things missing and a hell of a mess everywhere.

I can say it was 3 people (of a gang of 5) because I have them on video, but you know how justice works (or not) in Mexico. That’s another story. What I want to talk about is how I take this situation and what’s next.

An example of the mess we found at home after the break in
An example of the mess we found at home after the break-in.

First of all, security. Yes, we are in the process of tightening the physical security at home. From getting new locks with higher security features all the way to changing the door for a more resistant one.

Then the psychological part of the situation. Most people I’ve talked to have expressions like: “well…you’re lucky your dog wasn’t home, she could have gotten killed.” or “you’re lucky you were not at home so you were not hurt” and also “you’re lucky they only stole few things and not empty out your home”. I just nod in silence to those comments to be polite, but my real answer to those comments is: If I’m so lucky, I wouldn’t have been robbed in the first place! This is not luck, this is a bad situation and we all have to accept things for what they are. And don’t get me started with those comments that mention a God and a gratefulness to such bondage-like deity idea where you are loved but get punished.

Now that the steam is off, onward to the opportunity part. A friend of my mom told me: “when you experience a robbery, in a way, they reduce your clutter”. And that is the sanest comment I’ve heard so far. Yes, this situation sets me back on my budget, my plans, etc. But it is also an opportunity to renovate things and appreciate the ones you’re left with. Also they put me in an unexpected hard situation where I have the opportunity to be creative to solve it. Like in The Martian book (and movie), I’ll have to science the shit out of this situation to replace my stolen equipment with the budget I have.

39NsjOa

Unlike the movie, help is not on the way. I’ll just have to work my ass off.

So for the moment, I have no photography gear to shoot new things and I don’t have a good reliable computer to do my job fast and easy. I’m back to my old Dell XPS computer that doesn’t hold a charge. And you know what? The situation is not that bad. I can still work and I can still… well, let’s not talk about photography for a while.

Lessons learned:

1. Burglars apparently don’t bother with kitchens, under sink cabinets or blanket storage spaces.
2. It doesn’t matter that you have a locked front door in the building, CCTV system and a doorman. You’ll still get robbed. Don’t depend on building security, make your own. Get a stronger door and security systems.
3. Constant backups ARE a life saver. My redundant weekly backup systems have everything, so I didn’t lost much data. These days, digital losses are more important than physical ones.
4. Disk encryption in your computer and other devices is important. They can’t turn on my computer (bios password) or steal away data from the hard disk because it is fully encrypted.
5. Mexico’s gun control laws need to be relaxed. We need protection and the government is not doing a great job at it. It never has.
6. Getting robbed forces you to get creative with what you have left and renovate.

So now, I’ll go to get creative on ways to recover and plan ahead.

p.s. You know what pissed me the most? They stole my whiteboard markers. Really?? And they were not expensive or fancy or anything, just plain cheap stupid markers! They were THAT desperate they took my markers??!! It’s the little things that really hurt…like paper cuts.

Categories
Interesting random stuff

5 alternatives to Whatsapp

Now that Whatsapp is part of Facebook, some might feel a bit exposed using it. But I wouldn’t worry about Facebook doing something with their chat conversation data. I would worry more about the fact that it has been known to have very weak security.

Also last weekend, after the Facebook purchase, the service had a major fail. I had several friends going back to SMS messages to communicate.

So for those cases, here are 5 alternatives to Whatsapp in case you don’t like it, don’t trust it or when it fails:

### Line

line logo

Besides normal chat like Whatsapp, Line offers free video and voice calls. It has emoji like Whatsapp plus stickers, and you can also send location, photos, videos and voice messages in the chat stream. Another plus with Line is that it has a desktop client, so you can reply and continue your conversations on your desktop while doing other things, instead of having to reach your phone every time.

Download Line

### Viber

viber logo

Viber also supports emoji, stickers (and you can download extra ones if you need), and like Whatsapp it supports group messages with up to 100 members. Besides texts, Viber only supports voice calls. Like Line, it also has a desktop client. Oh, and they explicitly say they value your privacy.

Download Viber

### Telegram

telegram logo

When Whatsapp went down, Telegram signed up 5 million new users. This app is getting more popular every day.

Telegram supports group chats with a maximum of 200 members. You can share photos and any other media, and videos up to 1Gb. The most unique feature of Telegram is Secure Chats. These chats have end-to-end encryption and they claim are not logged in the chat servers. Also you can set them to auto delete themselves after certain time on both ends.

They also claim to be concerned about your privacy and security and they show it with their features. They also claim to never disclose data to third parties.

The interface is very similar to Whatsapp if you’re migrating from that. The downside is that it doesn’t support voice or video chats. It supports emoji but no stickers like other clients and no desktop client either. Although you can install it on a tablet, it lacks a tablet design.

Download Telegram

### Skype

skype logo

Well, we all know Skype by now. It supports chats with very limited emoticons, no emoji or stickers. You can send files but not share pictures easily in the chat timeline. The advantage of Skype is its large user base and its voice and video chats. And if you have skypeout or similar you can have an additional phone number to receive calls on any device.

Download Skype

### Google Hangouts

hangouts logo

Hangouts is Google’s chat client replacing Google Talk. It supports voice and video chats, emoji, photos and location (no videos or voice messages for now). It has a desktop client (actually a Chrome extension) so you can continue your chats anytime your browser is open, or you can do it while having your Gmail or Google+ window open. Like Google+ in the social media landscape, Google Hangouts is a late-comer into the mobile messaging world and it has slowly been adopting features from its competitors. But since it has the Gmail user base behind it and every new Android phone seems to have Hangouts included, it is slowly gaining popularity and it is very likely that your friends already have it, ready to receive your messages in case other services are unavailable.

Download Hangouts

If your concerns are more into the privacy and security area, I recommend you to read my post about secure communication apps.

Categories
Digital rights Law & Freedom GNU/Linux Free Software & Open Source

10 apps for privacy and secure communication

Mobile security

With all the recent news about privacy violations, user data requests, gag orders and the like, it is useful to know that there are tools to communicate in safer ways. I can’t say that they are bullet-proof, as I’m not a security analyst, but at least you can add an extra layer of complexity to those trying to tap into your communications.

  1. Redphone – allows you to have encrypted phone calls
  2. TextSecure – for secure SMS/MMS communication
  3. Gibberbot – for encrtypted chat over Jabber (XMPP) or Google Talk (Hangouts), Facebook Chat, VKontakte, Yandex, Hyves, Odnoklassniki, StudiVZ, Livejournal, and more
  4. OscuraCam – helps you censor out parts of an image like a phone number, license plate, a face…or body part
  5. NoteCipher – stores encrypted notes on your mobile device
  6. GNU Privacy Guard for Android – to encrypt anything, from notes, photos.. any file and emails
  7. K-9 Mail – an open source email client with PGP support for sending and receiving encrypted emails
  8. Orbot – a free proxy app for your mobile device that encrypts your traffic using the TOR network.

    On the browser you can use:

  9. Mailvelope – for encrypting your emails through webmail.
  10. Cryptocat – for private chats within the web browser using OTR encryption

As I mentioned before in my encryption tutorial, having your privacy is not about having something to hide, it’s more about protecting yourself.

In the words of author Ayn Rand:

Civilization is the progress toward a society of privacy. The savage’s whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men.

Categories
GNU/Linux Free Software & Open Source Tutorials & Tips

Protect your personal information privacy with GPG encryption

Secure Cloud Computing

Political scandals have always been about leaked information. Don’t
you wonder why sensitive data has been passed around in clear text on
the leaked cables that Wikileaks has been making public, while your
latest SpongeBob Blu-ray or DVD disc is encrypted with DRM locks and
transactions like your book purchase at Amazon is secured and
encrypted by SSL certificates?

Encryption has been overlooked by general public all the time. You
only hear about it in “hacker” films or breaking news scandals. Although
encryption is commonly associated with hiding secrets, when in fact
it’s more about securing information. When you change the mindset
you’ll start considering encryption as something more relevant for
your everyday digital life.

For example, the cloud storage service Mega has encryption built in, after the
lessons learned on the data kidnapping of MegaUpload servers. This is
for the protection of both parties, the service providers and
yourself, the user. This way, only you can open the files and not even
Mega employees can know what is in your storage account. Dropbox,
Google Drive and other services don’t provide the same level of
security, so basically anyone that has access to those servers can see
your personal information.

There are many types of encryption methods. One of them is called GPG
(initially PGP but the free software version is known as GPG).

GPG is a two key system, where you hold a private key and a public
key. The way it works is that you encrypt a file with someone’s public
key and send it. On the receiving end, the other person has a private
key, and only with the private key the message can be deciphered.

Public keys can be obtained from the person directly through a file
transfer or email attachment prior to encrypted communication. Some
people, like me, publish their public keys on their personal web
page. The most common method to get a public key is to search it on
key servers. Most GPG GUI programs have the option to search, download
and upload public keys on key servers.

Encryption jargon

So to get started with protecting our data using encryption, you’ll
need to learn the basic concept words:

Encrypt

A blue lock for George

Encryption will protect the contents of the file, image, text or
whatever is being encrypted, so that only the owner of the private key
can view it.

If you want to protect a file only for your eyes, encrypt
it with your own public key.

Decrypt

Lock

This is the process of removing the encryption so that you can view
the contents of the protected file. This can only be done if the
contents were encrypted with the public key of the person who’s
supposed to see the information.

If someone sends you a file that was
encrypted with your public key, only you, who has the private key, can
decrypt the file.

Sign

Autograph

Sometimes the only layer of protection you need, is to make sure the
contents of a file or email were not altered between the time you send
it and the time it is received by the other person.

It also works as a way to make sure that a message is coming from you,
since you need your private key to sign the file and only you have
access to it.

Signing a file or text is a mechanism to know that the contents are
intact. This does not hide the message itself, it only adds a
signature to the file to ensure that every bit is in place with no
modifications.

Verify

Goodbye, Sammy. (With Flickr notes)

This is how you check a file or message’s signature for authenticity
and integrity. If the signature doesn’t match, it means that the file
has been altered or didn’t came from the right person.

You can sign or encrypt a message or file. Signing doesn’t hide the
information but it helps to certify that the information hasn’t been
modified by anyone else before reaching you. Encrypting will hide
the information so no one can see the message or file’s contents.

Setup

SSL

To setup GPG on your system, you’ll need to generate your public and
private keys. Any GNU based system is compatible with GPG (GNU Privacy
Guard). Most GNU/Linux distributions are already bundled with the gpg
command-line tool. If not, on a Debian-based distribution you can
install it with:

sudo aptitude install gpg

Generating your keys

Keys.

After you installed gpg on your system, to create your keys for the
first time, all you need to do is open a terminal and type:

gpg --gen-key

This will start a step by step process with some simple
questions. When in doubt, use the default options by just pressing
Enter. Don’t fear the command line, it’s just text.

When asked for a passphrase, note that GPG is not asking for a pass
*word*, it’s asking for a pass *phrase* so make sure it is longer than
one word and an easy to remember sentence.

Once that is done, you can check your list of keys with

gpg --list-keys

Key search and import

If someone hands you their public key on a file, you’ll need to import it to your keyring to use it:

gpg --import key.asc

The key.asc is the file with the public key.

You can also search for someone’s public key on key servers

gpg --search-keys [email protected]

After the results, the GPG will ask which key you want to
import. Select the key from the results list by their number at the
beginning.

Basic usage

Security

Encrypt

To encrypt a file, first you need to import the receiver’s public key,
then you can use it like this:

gpg --encrypt --recipient [email protected] my_message.txt

This will generate a file my_message.txt.gpg which is the encrypted
file you’ll want to send.

Decrpyt

To decrypt a file, the sender must have used your public key. You can
use whatever name you want for the output file, in this case
“my_message.txt”

gpg --output my_message.txt --decrypt my_message.txt.gpg

Sign

To sign a file you use this command:

gpg --armor --detach-sign myverifiedfile.zip

This will create an additional file called ‘myverifiedfile.zip.asc’
which is the signature to verify the file. Send both files to the
receiving end.

Verify

You receive two files: the data file and the signature file. You can
verify the signature with this command:

gpg --verify signature_file.asc myverifiedfile.zip

Frontend tools

If you’re on GNU/Linux and using KDE you can install the user interface KGPG

sudo aptitude install kgpg

On Gnome, you can use Seahorse

sudo aptitude install seahorse

For graphical user interface options on Mac OS X and Windows, you can
check the GPG website.

These GUI front ends will integrate well with your desktop
environments, so you can easily encrypt, decrypt, sign or verify files
from the file manger right-click menu options.

GPG and Email

The easiest way I can recommend to use encryption with email, is with
Enigmail, an extension for the Mozilla Thunderbird email client. It
integrates very well and makes it easy to sign, encrypt, verify and
decrypt email messages.

In case you haven’t generated any keys, Enigmail will help you
generate them with an easy step by step graphical Wizard.

locks

I hope this guide helps you know more about encryption and how to use it. And remember: Encryption is not only about hiding secrets; It’s about protecting your personal information.

Categories
Digital rights Law & Freedom GNU/Linux Free Software & Open Source

Is your ISP messing with your Internet traffic?

Switzerland logo
There’s been some reports on ISPs slowing down your Internet connection if you use BitTorrent or cutting your VoIP calls and many other nasty things.

The Electronic Frontier Foundation (EFF) has published a free software tool to check your connection for ISP’s bad behavior. It will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets.

Unfortunately for the non geeky users, there is no installer packages to easily install it on any Linux distribution, nor there is any GUI. Its a command line tool that you have to compile yourself. The project is hosted on sourceforge.net for you to grab if you’d like to make a package for it.

But anyway, its a great thing to have, if your ISP is messing with your traffic, you should know about it (and change ISP). I’ll be giving it a try soon, because I’m getting suspicious about this cable company in Monterrey city.

To run the tests, I recommend you to first use the wiki page. There’s a little guide to test different protocols.