Geek Excursions: BitMessage

Along with my curiosity surrounding Bitcoin, there is a similar technology that has been released for public use called BitMessage. This system is a really neat way to securely communicate in a secure method that involves absolutely no trust whatsoever. It’s a completely decentralized email infrastructure and has captured a lot of my spare attention. BitMessage works a lot like how Bitcoin does, you can create email addresses on the fly, they are a long sequence of random characters that your system can display because you have both a public key and a private key. In a lot of ways BitMessage deals with the biggest problem surrounding PGP/GPG, which is key management. Nobody really wants to manage keys or use the system because it’s extra work. Plus even with PGP/GPG, your identity is written on your keys for everyone to see.

Getting started with BitMessage is a snap. First you need to download the BitMessage client, and you can get that at bitmessage.org. There’s a Windows and Mac client available, you can start it and be instantly attached to the BitMessage network, ready to create new “BitMessage Addresses” and throw them away just as easily. So, for example, you could reach me by sending me a BitMessage to this address: BM-2cWAk99gBxdAQAKYQGC5Gbskon21GdT29X. When you send a message using BitMessage, its to this address and from an address that your client makes, so the conversation occurs securely and since every node has a copy of the data it’s impossible to tell who is getting what information. I think an even more secure method would be to cross BitMessage with a PGP/GPG key. The only problem with a key like that is that classically PGP/GPG keys require that you include your email address as a subkey so that you can be identified by a human-readable email address when looking for your public key or when someone else is looking for it, to verify a signature for example. The PGP/GPG system doesn’t require an email address, you can of course create a public and private keypair using PGP/GPG and make the email address up from whole cloth, and instead just let people know the key ID that you want them to use. So technically if Alice wanted to secretly communicate with me, we could give each other our public keys to start and then use BitMessage as the messaging mule. I don’t see how any eavesdropper could make sense out of any of that data flow. It’s unclear what the contents are, the PGP/GPG encryption keeps the contents of the message secure, and BitMessage itself seriously obfuscates if not outright eliminates being able to tell where the messages are ultimately going to or coming from.

I have to admit that BitMessage is very user friendly and very handy to have. My only issue with it is that I don’t know anyone who uses it, but perhaps this blog post will change that. If you are interested in this bleeding-edge crypto/privacy software, I encourage you to chat me up on BitMessage for serious matters or for fun.

OS Tryouts 3: ElementaryOS

The start of ElementaryOS is quite like Linux Mint 17, as they are both based on Ubuntu Linux. One notable difference is that Elementary prompts you by default to choose whether you wish to use the LiveCD system or install it on a computer, whereas Linux Mint 17 simply brings you right into the LiveCD system and provides you a link to install it on your computer, as a shortcut on the Desktop of the LiveCD system.

ElementaryOS requires less space, by about half than Linux Mint 17 does. That’s remarkable but not really a stumbling block since most modern computers all have more than 10GB of primary storage just to start. The installation was really quiet and direct, a pleasant change from PC-BSD for sure. Updates were slipstreamed into the installation routine so there shouldn’t be any need for them once the system is up and running.

The primary login screen is remarkably beautiful. The graphical login has my full name with a place for my password and a Login button, and to the right of that is todays date and time styled in a very appealing way. There also appears to be a “Guest Session” which I will have to investigate, as Linux Mint 17 didn’t include that. Looking around the basic OS I am pleased to see many “Look and Feel” similarities to my beloved Mac OSX. After starting the software update app I expected all the apps to be updated however that wasn’t to be, there are 347 updates pending – so that’s the first thing that needs to happen. Since I have the updater open, clicking on “Install Updates” should get that ball rolling. True to form, the updater is quietly processing it’s duties without user intervention beyond the authentication for elevated privileges that all updaters require in Linuxland. One really neat thing to note in this review is that the devs for ElementaryOS wrote a kernel extension driver for VirtualBox all by themselves. The activation was very straightforward, that’s very impressive. Almost all other OSes force you to install the VBox addins from VBox itself.

The installation of optional software is easily found through the Software Center, it’s icon is a big friendly downward pointing arrow. Many of the apps I would figure would be installed by default, like Firefox and Thunderbird and LibreOffice are not, but they are available. That’s perfectly fine. Having a lot of apps delivered by default only adds to the size of the installation media and can complicate the installation routine if one of those other projects doesn’t behave properly upon installation.

It’s really a toss-up so far between Linux Mint 17 and ElementaryOS. My bias for the Mac OSX interface pushes me ever so slightly over into Elementary territory personally because it isn’t hamstrung by an impossible to eliminate Gnome prime panel that you just can’t get rid of, Elementary comes with a Dock by default. The only irk that gets me about Elementary is that the Dock has no mouse-sensitive effects, but that’s the weakest of quibbles. So far for machines that we’ll end up surplussing, Linux Mint 17 wins for work, but if I were to buy one of the surplussed machines I’d go for Elementary OS instead. It’s mostly just a matter of taste. I could just as easily live with Linux Mint 17.

BSD and Linux Tryouts – Four Distributions

I’ve got a pile of dead hardware that I’m going to be surplussing soon here at work and much of it won’t be able to handle Microsoft Operating Systems, either because the system lacks a restore partition or lacks a Microsoft licensing sticker to make the install of Windows XP work properly. So we’ll have to live without Windows, which means some other operating system. There are four that I’m looking at currently:

  • PC-BSD
  • Linux Mint 17
  • ElementaryOS
  • CentOS

Generally I think none of these are really ready for prime-time consumer use, but maybe I’ll be surprised.

Did You Get That Thing I Sent Ya?

Museum of Communications

This video, adapted from a character on Cartoon Network’s Harvey Birdman animated series. Asks the most fundamental question that exists and is at the center of my issues with workplace communications.

“Did you get that thing, that thing, THAT THING, … that… I sent ya?”

It happens a lot, I do it, and a lot of other people do it too and it’s so annoying, irritating, and upsetting. You send a message to someone else and if it’s email, it can be like it flew into a black hole. You don’t know if they got it, if they read it, if they don’t care. Did they file it? Did they laugh when they got it? Dunno. When will whatever it is get attention? Dunno.

It’s the not knowing that irks me. We used to use GroupWise which made this particular issue somewhat of a non-event because it would record the fate of the message and you could get read receipts automatically sent back to you. Generally, this isn’t a problem either with SupportPress as we get emailed when a ticket comes in and the system enforces a receipt structure whenever we get tickets and manipulate them. It’s just, well, everything else. And it’s not something you want to include with every email because it should be a matter of common courtesy to acknowledge that you got a message and that you are working on it, or whatever is really going on with it.

Then again, my experience is that much like verbal arguments, nobody is really listening. In email, nobody is really reading. Time and time again I notice people who only pick out keywords from a cursory scan of what I send and reply to the things they feel they want to reply with, ignoring the actual message itself.

When asked, “What is the biggest stumbling block for you professionally?” The answer can be only this: Basic human communication and the lack of it. How can anyone get anything accomplished if we aren’t listening or reading or even paying attention to each other? Thank god for cognitive dissonance. It’s an absurd life if it is this way and obviously it isn’t because things get done, somehow, so it can’t be that bad, not really. But I think it is bad and I fear that it’s just getting worse.

If you get an email, maybe it’s a good idea to form a new habit and immediately reply telling the other party that you got it. At least when everyone knows, it’s one less little chunk of mystery floating out there.

photo by: Cargo Cult

Tag Painting in Day One Journal

I’ve been really enjoying DayOne and they have recently updated their app so that the iPad, iPhone and Mac Apps can all create and manage tags. What’s been missing is a way to blast in tags based on keywords.

In this example, every time I have a journal entry with “Scott” in it, I want it to be tagged “Scott”.

Here’s how I did it:

1) Open Terminal, go to ~/Dropbox/Apps/Day One/Journal.dayone/entries

2) FOR FILES THAT DON’T HAVE TAGS, A TAG SECTION, PAINT THE SECTIONS WITH THE TAG

find . -print0 |xargs -0 grep -L “<string>Scott</string>”|xargs grep -l “Scott” |xargs grep -l “<key>Tags</key>”|xargs -I file /usr/libexec/PlistBuddy -c “add Tags:Key string ‘Scott'” file

3) FOR FILES THAT DON’T HAVE TAGS, DON’T HAVE A TAG SECTION, CREATE TAG SECTION

find . -print0 |xargs -0 grep -L “<string>Scott</string>”|xargs grep -l “Scott” |xargs grep -L “<key>Tags</key>”|xargs -I file /usr/libexec/PlistBuddy -c “add Tags array” file

4) Then go back to #2 and re-run it. Everything that has your text should be tagged with the text you choose.

Swanky! The only thing you have to watch out for here is the little l (little ell) looks a lot like a capital I (capital-eye) – might be best to copy this into a browser and set the font to Courier just to make sure before you run it, also, the last xargs does the changes, so skipping out on that might be smart. I can’t make any guarantees that it’ll work, but as far as I can tell, it works great!

YMMV. Careful.

Limit Login Attempts Plugin

IMG_0025I recently added to my WordPress blog security now that blogs like these are being targeted by botnets. I’ve found a great plugin called “Limit Login Attempts” which allows me to set lockout values to people who try to guess what the ‘admin’ account password is.

First, lets just say that the level of entropy in my admin accounts is so high that there isn’t enough time left in the Universe to try every combination – but that being said, my values for this plugin would make this a non-issue. I give people 4 attempts to try the ‘admin’ account, after that they are locked out for 1440 minutes, a day. If they lockout twice, the lockout penalty goes to 720 hours, or a month. There is 4320 hour span until retries are reset, that’s 6 months.

Of course, the filter also captures the IP address, so I’m going to look into getting a IP blacklist plugin and adding these captured IP addresses to that blacklist. They’ll never be allowed to my blog. This line of reasoning led me to think about an immune system for the Internet. If an IP does something wrong, it is blacklisted and that fact is then sent to every other site and they blacklist it as well. One false move and you are suddenly banished from the network. I think this would radically change how people behave online. There would definitely be a lot of noise raised when people are suddenly unable to communicate with any host whatsoever because their systems were filthy, compromised, or malevolent. That would add a certain value of responsibility. It would only be a little bit more to establish a site like Digg where people vote on the malevolence of comment traffic, putting trolls right along with botnets and black-hats, out in the cold, banished where they all belong.

I can smell an RFC forming. 🙂

photo by: katerha

Nook HD: Built for Sluggish Annoyance

47:366(Y2) - HungeringI really would like Apple to come out with a iPad Mini with Retina display. I’m quite tired of this Nook HD. It’s not very user-friendly and definitely not me-friendly. I don’t want to take a hammer to the device but when I use it, I sort of do.

So I was online to a site that lets you browse various fan-written fiction stories and they have a feature where you can download epub files, so I did so and saved it to my Dropbox. Then I went into Dropbox app on my Nook HD and went to go look for it. The Wifi on the Nook HD is a flaky pile of junk so that took way longer than it should have. Once I found the file I wanted I downloaded it to my Nook because the only other way to get it in there is to pop the MicroSD card, root around for a universal adapter and then put it in that way. That’s annoying, I’d much rather just be able to tap and download, like I would with an iPad Mini.

I downloaded it from my Dropbox and it ended up somewhere in my Nook’s own storage, which I hate to use, I much prefer my MicroSD plugged into the Nook instead, but there is no way to tell it where you want it to store the files. So I had to find another app called OpenExplorer which has an awful interface but lets you move files around the Nook.

Then the Nook library was confused about where I put that file. Every time I went to go look for it and tap on what it found, I’d be sent to the Wifi activation screen, where I would turn it on (why?) and then nothing. Nothing more than that. When I went back to the search and tapped on my file, it told me “File is not present.” and that was that.

I’ve never been happy with the Nook HD user interface. I bought it because it was cheap and supported Barnes & Nobles but really I think I would have been better off getting an iPad Mini. I regret this Nook HD. It could be so much better if only the B&N User Interface wasn’t so fascist. That’s what it really is. B&N doesn’t trust anyone with anything so they make it impossible to use beyond the B&N Book Experience. I don’t want all my ebooks at B&N, I’ve got thousands of ePub files all on my own – could I upload them and locker them at B&N? Of course not. That’s what the MicroSD card is for. So what value does the B&N store have for me? Little.

So is there any way I could get ePubs from Project Guternberg? Nope. I have to find some other way to get them, like on my iPad and then use Dropbox and OpenExplorer to… it’s way too much work. I’m tired even thinking about it.

So, if and when Apple decides to sell a iPad Mini Retina I’ll put all my Nook stuff on eBay and save up for the iPad Mini Retina. At least iOS respects me and I don’t feel like a criminal trying to cajole Android to give an inch.

I still don’t know why people think Android is any good. Wretched system.

photo by: Nomadic Lass

Starting Out Small

ethernet cablesThere is an issue I have at work, something I’ve written about before in my logs that I’ve found a solution for that I feel I can blog about. I can’t really talk about the why behind all of this, but I can share a technical explanation of how I am addressing this problem. It’s a half-thing, bear with me.

At Western, I’m very interested in the number of open TCP connections that a workstation has open at any one time. I don’t care what state the connection is in, ACK_WAIT to any of the others, if there is a line, I want to know about it. Specifically I want to know how many lines there are. Mac OSX is based on Darwin, and Darwin is based on BSD – so you get a shell to work with when you start Terminal.app. There is a lot of power in the command line interface and once you get the hang of it, it’s really quite useful.

So remote stations, at least two of them I have turned on “Remote Login” in their Sharing applet in System Preferences which enables the machines SSH servers to answer incoming connections. I can use SSH to call up a command line window to those remote stations, feeding them commands. I have done this for a long while for our servers in the office but this is the first time I’ve seriously done this for workstations. So, with this connection established I want to collect the number of TCP connections that machine has established. On the command line there are lots of pieces to get this to work:

First, you need a loop structure so that the command happens regularly: 

while true; do [command]; sleep 60; done

This will run a command every 60 seconds and it will never end unless I send a Control-C character which represents “Break” to the shell.

At first I just needed to count how many connections. You get this number, or at least an approximation of it this way:

netstat -p tcp|wc -l

That calls netstat to list out all the TCP connections, which then I pipe, using the pipe character ‘|’ to another command called wc, which calculates word-counts. I make wc ignore words and just count lines by using the -l switch. I don’t really care what other stations my targets are communicating with, just a count of how many. And yes, technically the SSH connection inflates this by at least one connection, it’s not intended to be forensic.

But something was missing. I need a date stamp. In BSD, there is a command called date, and you can give it a format so you can make date write out the Hours, Minutes, and Seconds the way you want to see them, but date has an annoyance to it. The command date always inserts a ‘newline’ character at the end, so what you’d get is a date, a new line, and your count. It’s okay, but it’s annoying. It would be far better to get rid of that newline character altogether. Enter in the ‘tr’ command, which translates characters. In this case, we tell tr to just delete the newline character, so ask date for the right sort of date, have tr nail off that newline at the end because it’s annoying and…

while true; do date '+%H:%M:%S '|tr -d '\n'; netstat -p tcp|wc -l; sleep 60; done

This outputs a very nicely formatted report on a remote workstation. So now I have datestamps, connection count levels, and when the count gets to a certain number and things happen, I can be faux-psychic.

UPDATE: Apparently I just can’t leave well enough alone. Seeing a slow parade of numbers trot by is rather dull when all I really want to know is when these numbers say, get over 70. So…

while true; do test "$(netstat -p tcp|wc -l)" -gt 70 && (date '+%H:%M:%S '|tr -d '\n'; netstat -p tcp|wc -l;); sleep 60; done

 

photo by: Bull3t

Tent Flapping

Spam wall
Went back and forth just now on IntenseDebate plugin for WordPress.org. I thought it might be useful and add some features to my blog that would be nice to have, like After-The-Deadline plugin for comments and such. Everything was going well until I noticed that my Akismet Spam queue was at 74 comments. I tried to open the queue and couldn’t as IntenseDebate had replaced that part of my blog with its own controls. So, with no way to look at my Akismet Spam queue I decided that the pros for the IntenseDebate plugin couldn’t compensate for the way it broke my blog when it came to Akismet Spam queue access. So, there was for a brief time a new comment system, and then there wasn’t.

Which doesn’t mean a lot because people aren’t actually commenting on my blog, they are commenting on Facebook. I do get the one-off Twitter retweet or favorite, but that’s it.

Encrypted Time Machine Drive Botch in Mac OSX 10.8.2 Mountain Lion

We had a Firewire 800 drive botch when it came to whole-volume encryption in Mac OSX 10.8.2 Mountain Lion. We lost the password and couldn’t recover it. The drive refused to erase, all the options were grayed out. I refuse to believe that a software change can render hardware junk, so there had to be a way, and I found it. Here’s the procedure:

  • Attach botched drive to computer, since the password won’t work, cancel the unlock dialog box
  • Open Terminal
  • Enter command: diskutil CoreStorage list
  • You will get a long list, you are looking for the UUID of the “Logical Volume Group” at the very top of the list, for the drive that is affected.
  • Enter command: diskutil CoreStorage delete [UUID]
  • The system will eject the volumes, destroy the grouping, erase the disk, then initialize the disk, mount it and finish.
  • Done!