Friday, October 19, 2007


"Linux was made by foreign terrorists to take money from true US companies like Microsoft."
~ Anonymous.

Ah! Poetic justice.

Now, on to more important things . . .

I posted something yesterday about how the NSA is inside your Windows box and how you could fix that problem. Today there's something on computer security at the Stress blog, but you really only need to read it if you insist upon using windows. As stated there: "These rules only apply to Windows users. Mac users are too rich to care, and Linux is immune."

Earlier in the day, CNET published an excellent post on security for instant messaging:

The major IM networks, which include AOL IM/iChat, MSN, and Google Talk (when using the gmail embedded chat function) all send data over the clear. Using IM over an unencrypted wireless network (such as at a coffee shop or hotel lobby) is an open invitation for nasty folks to read your conversations. Those people using the downloadable Google Talk client will at least have their conversations encrypted between their own computers and Google's servers - but that doesn't solve the problem of the NSA forcing/paying Google to hand over your data. Likewise, AOL confirmed in 2005 that if presented with a court order, it would let the government eavesdrop on IM conversations between customers.

The solution then, is to use an encrypted instant-messaging program--one made by a third party and not one of the major IM networks. That is, a software client with which the conversation is encrypted from one user's computer all the way to the recipient--and not just to the central servers of the IM network. While the popular Trillian multinetwork client does offer encryption, its design is flawed, and is subject to a number of attacks. The tool of choice for privacy-conscious geeks everwhere is a protocol known as Off The Record (OTR). This scheme, designed by a team of security researchers including professors Ian Goldberg and Nikita Borisov, provides a number of really cool features. The benefits of OTR include:

* Encryption: No one else can read your instant messages.

* Authentication: You are assured the correspondent is who you think it is.

* Deniability: The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.

* Perfect forward secrecy: If you lose control of your private keys (such as if your computer is hacked, for example), no previous conversation is compromised.

Do I have to mention that OTR is a standard plug-in, not only for Linux's Pidgin, but also for Linux's Gaim? Well, now you know.

If you'd like to carry your OS around in your pocket, on a 1GB flashdrive, you should check out Puppy Linux. Why would you want to do that? Here are a couple of good reasons:

The two main uses for Puppy Linux (or any Linux live CD) are to:

* Rescue files from the host PC's hosed hard drive or perform various maintenance tasks (like imaging that drive)

* Compute on a machine without leaving a trace—like browser history, cookies, documents or any other files—behind on the internal hard drive

While there's a wide range of Linux live distro's available, Puppy Linux is a fantastic option which offers a full computing environment with rich graphical apps like the Mozilla Seamonkey suite, Word and Excel equivalents, calendar, chat and photo editors, too.

See Puppy Linux screenshots or visit the Puppy Linux site.

I think Puppy Linux will be my next project.


Anonymous said...

In the past, Google has been the only company to deny the U.S. Government any information. Google probably holds the more information on it's users than most of these companies with it's customization apps, because it needs the information for the purposes of advertisements (which is where all the company's revenues come from). However, Google has still continuously denied giving any of the info up to the government.

I hope they continue to in the future.

Mizgîn said...

Well, Google denies but what does that mean?

I trust NO corporation.