Aug 24, 2007

GPG vs. S/MIME

So, after learning how to send emails with Python, I discovered that anybody can impersonate any email address. This is rather dangerous. Consider some hypothetical situations: Someone sends a flaming email to your boss using your email address, and you get fired! Or someone could send an email to my girlfriend (these are hypothetical situations) saying I want to break up with her. I ask her what is wrong, but she refuses to talk to me for a week! Even if I eventually find out what happened and assure her the email wasn't sent my me, damage is still done in the mean time.

So I when I read that in the latest preview of Kubuntu (Gutsy Gibbon, Tribe 5) that Kmail would be installed with all the programs needed for GPG (GnuPrivacyGuard), I decided to try GPG. I followed these simple instructions on the Ubuntu community documentation page. It was as simple as "sudo apt-get install mozilla-thunderbird-enigmail". I then followed the commandline instructions to generate a key pair and import them into Enigmail. (Enigmail has a GUI to generate and manage keys, I later found out.) It was as simple as putting in my name and email address and then issuing a command to upload my public key to the Ubuntu keyserver. (Keys are propagated to all the keyservers after some time.) Then, I could compose an email in Thunderbird and digitally sign or encrypt it via the menu or toolbar buttons. I sent a few emails to myself to test. The signature would automatically be verified and little icons and status bars would indicate that emails were signed or encrypted.

With the default settings, in order to sign my message, all the HTML formatting would have to be removed, and ugly text was added to the body of the email. E.g.,

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a sample text.

This is more sample text.

The End
Love,
William
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzvFPhnWcV3yyfeERAsnFAKCUHyC5AZuI7jDAxhDI6DUfm6wN2gCgpbJw
vQXQ9cbH1TirrA4ppa6QYKg=
=SQbg
-----END PGP SIGNATURE-----

I surely wasn't going to send emails looking like that! Luckily, there is an option (called PGP/MIME) that makes the PGP signature an attachment and preserves the HTML formatting. However, unless the people receiving the emails have a PGP plugin installed, they would simply see normal emails with attachments called "signature.asc". Not only is that anoying, it defeats the purpose, which is for them to be able to know if the email really came from me.

I learned that a different type of security, called S/MIME, is built into most email clients, including Microsoft Outlook and Mozilla Thunderbird. It uses the same encryption technology, but instead of using self-generated keys that are uploaded to public servers, it requires getting a key pair from a "certificate authority". In essence, instead of a community based "web of trust", it is a corporate based "buy a certificate and trust us, the corporation". Obviously, S/MIME has caught on, because companies like VeriSign make money off of it. ;-)

Fortunately, at least one certificate authority, Thawte, will give you a free "certificate" (read "private/public key pair") for personal email use. (These certificates, by the way, are the same technology used in SSL and HTTPS secure websites.) Therefore, I decided I would get a free "certificate" and and try S/MIME.

EASIER SAID THAN DONE!!!

I had to register with Thawte by giving them my name, email, date of birth, nationality, prefered currency and (because they need five security questions in case I ever forget my account password) the name of my first goldfish, first crush, favorite band, birth location, and the year I started homeschooling. The had to send me an email to verify my address. The first email didn't come, so I had to do the whole registration process over again. I got the email, followed the link to put in some codes they gave me in the email. Finally, I was allowed to request a certificate. I could get either:
  • a Mozilla Firefox/Thunderbird, Netscape Communicator/Messenger certificate
  • a Microsoft Internet Explorer, Outlook and Outlook Express certificate
  • a Lotus Notes R5 certificate
  • an OperaSoftware Browser certificate
  • or a C2Net SafePassage Web Proxy certificate
    certificate.

Because I currently use Mozilla Thunderbird, I asked for a Mozilla Firefox/Thunderbird, Netscape Communicator/Messenger certificate. It complained because I was using the Opera web browser! So I tried getting the certificate with Firefox, but Firefox would not accept it. (I got the impression that Firefox would only accept PKCS 12 files, and apparently this was a PKCS 7 certificate?) I went to the support page, and found instructions on how to export a certificate from IE to Thunderbird. So I booted Vista and requested a certificate for IE (remember, these certificates work for Internet browsing too, although I have no idea why one would need one). It would not work on IE7 in Vista. (VBScript error.) So I went downstairs to an XP computer and requested a certificate for IE on it. Still using IE7, but on XP, it worked. I then exported the certificate from IE with the "export private key" option, and imported it into Thunderbird. But when I tried to send a signed message, I got an error! So I exported the certificate from IE again, with both the "private key" and "Include all certificates in certification path if possible" options, and imported into Thunderbird again. At long last, voilĂ ! It worked! About time! Creating a GPG key pair and configuring Enigmail took about an hour of my morning. Getting a S/MIME certificate and importing it into Thunderbird took the whole afternoon!

The advantage of S/MIME, of course, is that I can sign all my messages, and other people will see it and think "Hey! That's like, secured or something," instead of "What's with the weird attachment?" They don't have to install extra plugins. (And there may be no good GPG plugins for Outlook. The Gpg4win project is doing it's best to make GPG easy on Windows, but they say Outlook doesn't allow the kind of functionality needed for PGP/MIME encryption or automatic decryption.)

So what can I say? I like GPG better. It's open-source, easy to set up, and is more than secure enough to verify that this email came from the real owner of this email address. S/MIME is less transparent, is designed to benefit corporations like Thawte and VeriSign, and the setup process - which could have been made very easy! - is a terrible user experience, at least with Thawte. (However, Thawte may be the only company that issues free email certificates that don't expire.) With GPG, I know that the only copy of my private key in the world is on my computer: you would have to hack into my computer to steal it. Thawte, on the other hand, generated the keypair for me, and they have a copy of my private key that I can redownload at any time. I'm trusting the employees of Thawte not to steal my key, AND I'm trusting that their servers can withstand attacks from hackers. Thawte harvested a lot of personal information in the registration process, which makes the possibility of identity theft even worse. However, I can't revoke the certificate. So which will I use: GPG or S/MIME? S/MIME, because it works with the leading email clients without my friends having to install extra software. However, I will keep my GPG signature and Enigmail around, because it might come in handy someday.

Aug 21, 2007

GNU/Linux

Someone else's blog post on why he uses the name Linux instead of GNU/Linux inspired me to write my own opinion of the matter. I too, choose to say "Linux", although if I was actually talking to someone who was interested, I'd probably say I use "Kubuntu Linux", because that is more accurate.

Here's what I think:
Arguing about the name is stupid. You might as well argue that America should be renamed America/Columbus. All Amerigo Vespucci did was recognized the land as a new continent; he couldn't have done that without the help of Columbus, who discovered the land. (True history buffs would insist it should be called America/Ericson, because Leif Ericson discovered America long before Christopher Columbus did.)

Only a small few think "Linux" refers only to a kernel. To the rest of us, "Linux" is the catch-all posterchild word for "open source operating system and software."

Arguing over the name is looking backwards instead of forwards. It is fighting over recognition instead of cooperating towards real recognition... by the world.

Jun 19, 2007

The future of: Spell Checking

November 17th, 2006

Spell checking is in serious need of improvement! I’m currently writing this in OpenOffice.org Writer, so I’ll use it as an example. Say I add the word “macronutrient” to the standard custom dictionary. After adding the word, none of the obvious variations are recognized; I have to add “macronutrients” (plural), “macronutrient’s” (possessive), “Macronutrient” (capital), “Macronutrients’ ” (capital plural possesive), and so on individually. It’s a pain in the butt!!! How hard could it be to apply a little grammatical logic? At a bare minimum, OpenOffice ought to be able to ignore “s” and ” ’s” at the end of a word, and accept capitalized words at the beginning of sentences. Ideally, whenever I add a word to the dictionary, OpenOffice would let me choose what part of speech the word is (noun, verb, adjective, adverb) and use that information to determine that “Macronutrients’ ” is logical, but not “macronutriented”.

The best idea would be to ask users, whenever they add a word to their custom dictionaries, whether the word ought to be part of the standard dictionary. If they say yes, a message would be sent to the folks who write the OpenOffice spelling dictionary, so they could double check the word’s authenticity and quickly add it to the main dictionary. That way the main dictionary would improve over time.

What spell checking OUGHT to be like NOW:

But let’s consider spell check at the global level. Spelling dictionaries ought to be shared between all the applications on your computer: word processors, email clients, web browsers, text editors, etc. Switching between dictionaries or enabling combinations of dictionaries should be a piece of cake. For instance, I’d like to have an “Email slang” dictionary that is applied only to emails and forum postings, containing words such as “lol”, “iirc”, and “rtfm”. However, I ought to be able to switch that dictionary off quickly if I’m writing a formal email.

Advanced ideas for Spell Checking in the future

In the future, I’d love to see more “project based” spell checking. I’d love to have custom dictionaries specifically for certain subjects, such as chemistry or biology, and to be able to specify in my Chemistry and Biology document templates that those dictionaries ought to be applied when spell checking documents made from these templates. Or if I’m writing an essay about The Ramayana, it would be nice if my word processor could downloaded a dictionary of character and place names to supplement the spell check. For materials whose copyright has expired, word processors could download the entire e-text to help correct quotations. Auto-completion could be a huge boon, too. Imagine I’m writing a report on The Adventures of Huckleberry Finn. I type:

“You don’t know about me without you have read

and a balloon appears, saying

“… a book by the name of The Adventures of Tom Sawyer; but that ain’t no matter.” [Complete Quote] [More Sentences]

Such a feature would allow users to quickly and accurately quote large portions of text. It could be especially helpful if you knew how a quote started, but not what page it was on.

Think about it. The next time some tells you spell checking has reached it’s potential, reply “Nay! we have not yet begun to spell check!”

Smart Wallpapers

November 17th, 2006

Here’s an “I like my desktop to be beautiful and informative” idea.

Today, we pretty much choose static wallpapers because they look good. (Although I think Macs have a slideshow wallpaper function.) I once thought: “Wouldn’t it be cool if my wallpaper could reflect the environment outdoors?” Meaning, could I have a wallpaper that reflected the season, weather, and time of day? (I’m not the only person to come up with this idea.) Doubtless there is software that can do that (I didn’t find any freeware that did it) but it got me thinking. What if wallpaper was more information-aware?

What if instead of a static image, we had “Wallpaper Widgets”? Imagine a Wallpaper Widget that showed a different picture if you have new email, or that displayed a slideshow of the latest NASA images, or that changed colors depending on the stock market. Add transparency support, and multiple Wallpaper Widgets could be layered, so that your desktop could show a weather based wallpaper by default, an envelope wallpaper if you had new mail, and on top of those, a translucent wallpaper that was tinted green or red based on the stock market! Obviously, a generic wallpaper widget could be made that simply lets users pick a static image to display, but advanced generic wallpaper widgets could be written to handle picture slideshows, wallpaper rotating, and so on.

Postscript 6-19-07:
I bet this is achievable in Plasma. (Meaning I could make transparent Plasma applets that take up as much size as the screen.)

Postscript 9-17-07:
Wow!  Plasma "backgrounds" really are applets!  This is going to be so cool!

The thing about Desktops

November 16th, 2006

I’ve recently come to the conclusion that today’s desktop paradigm is no good. I’ll list my reasons and justify them in a minute.

<Windows specific rant>

First, let me get this out of the way – it doesn’t have to do with the modern desktop paradigm, but SHARED DESKTOP ICONS SUCK!!! Reason: There’s no way to distinguish between shared and non-shared desktop shortcuts! When person A installs software X, software X almost always sticks a single shortcut in the shared desktop folder. Each person can place the shared icon in a different position on the screen, which makes users oblivious that it’s shared until person B says “I’m tired of this icon” and deletes it. Then person A wonders what happened, and has to dig around in the Start Menu to find the program, create a new shortcut, and put it on his desktop. Shared desktop shortcuts are a STUPID idea. They just cause extra work, by eventually needing to be replaced with multiple non-shared shortcuts. Software X should just install a separate shortcut for each user in the first place. In my experience, this is the dumbest idea Microsoft incorporated into XP.

</Windows specific rant>

I fell better now. Onto my essay!

What is the Desktop?

The Desktop is a “special” folder. What are you supposed to do with it? Well, it’s like a real desk: you set whatever you want on it. It is not organized in any way. Currently the desktop serves two main functions: Application/file Launcher, and File Folder. (It also has some strange miscellaneous functions in Windows, such as possessing the Recycling Bin, which is neither in the Desktop folder, nor is it a shortcut, and if you install Microsoft Outlook, a mysterious Outlook icon that has unique and powerful properties, yet is neither a shortcut, nor a file.) On all operating systems I’ve encountered, Desktops perform essentially these two functions, and do both only crudely.

Why is the Desktop an application launcher? Windows already presents two other paradigms, the Start Menu and the Quick Launch bar, for that purpose, and Linux has even more (such as Katapult). (In Windows, I use an auto-hiding Custom Toolbar on the left side of the screen as a third paradigm.)

Why is it a file folder? It is not a very good one, because placing files on the Desktop means they can’t be organized into other folders. The only files that make sense belonging on the Desktop are miscellaneous or temporary files.

(On Mac and Linux): The desktop is a place where mounted drives appear (cameras, USB drives, CD-ROMs, etc.) That is convenient, but somehow it doesn’t make sense to me. That is simply assigning a third, magical property to the Desktop. The drives are not files or shortcuts, and the fact that they appear and disappear seems out of line with the normally “fixed” nature of other desktop icons. However, it may be the only thing the Desktop does well.

What should the Desktop be?

So today’s desktops are crummy, but what should tomorrow’s desktop be like? How could the desktop become useful again? (I try not to rant about something without first having some idea about how it could be better.)

Should the Desktop be a place for temporary files? Keeping temporary files on the Desktop looks messy - and we want our computers to be beautiful. Besides, Windows has another folder called “Temp”, and Linux had “lost+found” and “tmp”. A separate tool that specialized in dealing with temporary files, by letting you assign notes to files or automatically cleaned out old files for instance, would be better.

Should the Desktop be an Application launcher? It could be a good one, if it allowed labels, grouping, and organizing. However, it has some disadvantages. One, the desktop takes longer to get to than the Start Menu. Two, it takes up an awful lot of space. It would be convenient for those programs you use rarely, though, because it probably has enough space to list all the programs on your computer. I think an improved start menu, or an enhanced version of KDE’s Katapult launcher could perform the task of launching applications and files equally well.

The Desktop should be a portal for information. That’s the concept I’m favoring right now. I think the trend towards “widgets” and “gadgets” that display weather, pictures, new emails, and so on seems to indicate that other people agree this is a better use for the desktop.

As a final note, I wrote this essay before reading about the plans for the KDE 4 Desktop (Plasma). Plasma shows signs of being very useful. It will integrate a widget platform (SuperKaramba) into the desktop applet system, so that applets can live in system panels (bars), the desktop, or float freely. Plasma also plans to give the desktop the “bring to front” on a hot key power that is popular among widget engines, making the Desktop a useful tool for display information. But chances are, it will still work as a crappy folder and application launcher.

Edit: Either I'm a brilliant visionary, or A. Seigo and I are crazy in the same way... for KDE 4.1, Aaron is removing the desktop's ability to be a crappy folder and application launcher! Instead, he's delegating that responsibility to a new Folder View plasmoid (which can be made full screen to please old farts) that brings the new ability to show several folders (including remote folders!) on the desktop in an orderly fashion. Good for him!

My Take: why KDE is better than GNOME

November 16th, 2006

I tried both Ubuntu and Kubuntu. I have both installed, but have come to prefer Kubuntu so much that I only boot Ubuntu to perform rescue operations on my Kubuntu partition. (As a newbie, I did a lot of those the first month, lol.) Arguing that one desktop environment is better than the other is generally flame-bait and leads to pointless arguing over differing philosophies, so instead of some high, philosophical argument, I thought I’d just share my personal experiences, and explain why I like KDE.

I use KDE for a few reasons.
  • I find KDE is more responsive: e.g. my mouse NEVER FREEZES! (Except when the whole computer freezes…. ) That’s what had me hooked. It felt snappier running from the live CD than Ubuntu did running off my hard disk. For instance, I get a noticeable delay (a quarter or half second) between when the Gnome “Applications” menu drops down and when it gets populated with icons.
  • I like the default “look” (shiny and blue) for Kubuntu much more than the default “look” for Ubuntu (flat and brown). I know some people don’t care about eye candy, but it really does matter to me. Little things, like how the close button in KDE windows fades to red when you hover over it, just makes KDE a more pleasent asthetic experience. If you use a computer for hours on end like I do, it helps if you’re staring at something beautiful. (Although I found customizing the theme and window decorations much easier in Gnome than in KDE.)
  • I’m a customizing freak. I change everything. KDE has more options to change. A lot more options. I’m a very capable person, and Gnome sacrifices capability just to make things “simple”. For instance, compare Gnome’s and KDE’s handling of removable mass storage devices. On Gnome, I only found one option: “Mount devices automatically” or not. On KDE, you get an XP style pop-up with customizable options based on the type of content (CD, flash drive), and you can define commands to run automatically when certain types of media are inserted (e.g. “Play Audio CD’s with Kaffeine”), and what options to present when different media is inserted.
Lastly and most importantly, I like KDE software better than their Gnome counterparts. Konqueror is superior to Nautilus, for instance, and I think Amarok is cooler than the default Gnome music player (Rhythmbox). Also KDE has killer apps, like Yakuake, a console that drops down at the touch of F12, and Katapult, which lets you launch programs by typing Alt+Space and the first few letters of the program’s name.

These are just my opinions of course. Both Gnome and KDE are good desktops and should both be developed further, because competition will help encourage them both to improve. I can easily see a future where I use Gnome at work and KDE at home.

Postscript 6-19-07:
As I've delved deeper into the inner workings of Linux, I'm impressed by the technology inside KDE, particularly DCOP.  (Although I'm looking forward to when all applications adopt the new DBUS standard.)  I've also been impressed by the level of integration among applications and consistency.  I'm really looking forward to KDE4, which has lots of exciting libraries to make life easier for developers.

First Post

I got a Blogger account so that I could post comments on other people's blogs. Now, I think that instead of maintaining my WordPress blog on a machine at home, I'll try using Google for convenience. I had 4 or 5 posts on my WordPress blog, and I will replicate them here.

Hello world!
November 14th, 2006

This is my first post. This is my second blog. It’s not a blog about me.

It’s a blog about my ideas.

Because I want to share them with the world. I hope you like them.

This time I don't think I'll limit myself like that.  If I want to blog about something personal, I'll just do that OK?  No need to always be detached.