Ubuntu ZA

There have been a number of countries, like UAE and India that have demanded access to encrypted communications of Research-In-Motion's (RIM) BlackBerry smartphones. These efforts are misguided, and unfairly target RIM's business.

Public key encryption

We need a quick primer on today's encryption. We pick the standard scenario where Alice wants to talk to Bob, and Charlie is trying to listen in.

In the old days Alice had to get a 'secret' to Bob before they can chatter. This was vulnerable because there was always the possibility that Charlie could intercept that initial exchange.

Nowadays, public key encryption makes that unnecessary. Bob can publish a (large) number, in his newspaper, or on his business card. This Bob's public key. If Alice uses some well-known, open-source software like GPG that even Charlie has, Alice can send a message to Bob that only Bob (with a second, private large number key) can decrypt.

Let us be clear. The code that does the encryption and decryption is open, available for inspection by Charlie, who may spend years with scientists and huge computers and will still never break the code. The secret to decoding the message is Bob's private key, which he has never given to anyone.

Duality of the key pair

The two keys, Bob's Private and Public key, are a dual - what is done by one can only be undone by the other. There are infinitely many of these key pairs, and when you need them they can be generated. The bigger these numbers are, the harder it is to decrypt. The numbers can be made up to any size.

They can be used for signatures too - Bob can create an email, and sign it - attach a (very big) number to that email created with his private key. Anyone, like Alice or Charlie, can verify that only someone with access to Bob's private key could have 'guessed' the number Bob put at the bottom of the Email - proving that Bob wrote it.

Secure communication protocols

Public key encryption is at the cornerstone of SSL - the secure wrapper to a number of protocols - https:// that is used to access your banking website, ssmtp for email submission, and imaps for email retrieval to name a few. It is a very well studied mathematical science - we have a pretty good idea what America's National Security Agency is able to do concerning cracking these protocols.

Blackberry phones

Research-In-Motion have two types of customers - corporate, and casual smartphone buyers that like the BlackBerry phone. For corporate customers, they install the BlackBerry Enterprise Server (BES) - a computer at their premises that interfaces to their corporate mail server and securely delivers the mail to the smartphone.

This traffic is encrypted at the BES (Alice), send over RIM's network and the public phone network (Charlie) and decrypted on Bob's smartphone - using the private key that has never left the innards of his phone. RIM corporate clients know this, and that is why they buy RIMs devices.

Snooping traffic

The only way the message could be read by Charlie is if he installed snooping software on either the BES or the phone itself. UAE tried to install at the phone, but they were outed. RIM go into exhaustive detail on the steps used to generate and exchange the keys. If this process is followed nobody except that corporation can read those messages. Especially not Charlie, RIM themselves, or the UAE or Indian government.

With proper attention to detail, SSL protocols like SSMTP and IMAPS can be made just as secure, with no possibilities of eavesdropping. RIM has just come under the spotlight because its business model is based on this security. My Nokia E71 can access my mailserver, and the traffic between the two is secured as tightly as RIM's service. What is different is that key management on my phone is too sloppy. A Corporate Nokia customer could request more strictness.

BlackBerry Internet Service

The BlackBerry Internet Service is the service non-corporate individuals get if they just buy a BlackBerry at the corner store. Depending where that server is located, and who has access to it, will entirely determine the security of the service. If Charlie controls this server, then naturally Alice and Bob can expect no privacy.

If the UAE or India lean too hard on RIM, hard enough to either control the key generation process so private keys are revealed, or the numbers representing the keys are small enough to be broken by a large computer, or if either the BES or smartphone have spyware installed, there will no longer be any reason for corporates to buy their service, and RIM will go out of business in those markets.

Security-conscious Blackberry buyers will instead buy another smartphone, most of which (with attention to detail) can be made just as secure to eavesdroppers. The government will have gained very little in snooping on someone determined to keep their privacy.

Android

Furthermore, the new Google smartphone OS, Android, is open-source. Soon individuals or companies will be able to install their own version of the same encryption software RIM uses and neither their network provider, cellphone provider or government will be able to do anything about it.

Conclusions

Perhaps India and the UAE are just going after the conveniently-packaged security-in-a-box that the casual smartphone user has been able to buy in the BlackBerry brand - and they want to at least deny that to their perceived enemies. But it is a limited solution, will not stand the test of time, and unfairly targets one company - RIM.

As a user, don't stand for this bullying by the governments. Take your privacy and security seriously. Hold companies like Yahoo and Google and Facebook and Twitter accountable for your privacy using their services, or use them understanding that it might be, and probably is, routinely snooped.

hello -c "hello superfly"

There is more but one pic is a start. We jammed even though many of the regulars were running between the Jam and helping rooms full of kids to learn Python. Thanks to all who made it and helped out. The cooker of fly-lead spaghetti with socks proxy sauce especially.

Last month wikileaks published a large tranche of Afghan war documents, that the Pentagon doesn't like. Actually, they want it all back, if such a thing is possible in the download age.

Crowd-sourcing

This is the new 'enemy' - the indiscriminate information age. Even during the case, wikileaks gave its followers - 120 thousand and growing - a sharply-focused feed into this continually-evolving situation. Wikipedia is there to helpfully keep the permanent record, written by the crowds, not by chosen editors. We choose our own news these days - I don't read what just one editor says.

Kenya Election

I believe in free information - I host on my ftp server "statements of domestic election observers the night before the announcement of the results" in case that information were lost. I get about 100 downloads a month.

Iran

Authoritarian governments everywhere - most recently demonstrated in Iran, fear this uncontrollable melange of information - created by twitter and short urls. It is funny to see government trying to swat the fly.

South Africa

There is a proposed Media Tribunal in South Africa - with the government's motive questioned. All governments have to acknowledge that it is impossible now to control the information - perhaps they think that if they have the TV, radio and newspapers covered they have dealt with the majority of the ANC electorate. I will miss the straight-talking Desmond Tutu in the South African media.

Europe

Julian Assange is the founder of wikileaks, reportedly permanently on the move like the Cathar Perfecti. He was bizarrely accused of rape and molestation in Sweden, and equally hastily withdrawn. Even the legal system cannot keep up with this instant feedback loop.

America

America is the land of the free. It is the homesteaders, the hackers, the start of the open source movement and the tools that built Linux and the software I use every day.

Democracy

America is also proud of its democratic heritage and sees nothing wrong with exporting informed choice for the electorate onto countries whose government would prefer the old days.

It has been hard to see the hacker culture that made a lot of what is good today in a struggle with its own government. Omnipresent cameras mean that The Man already has powerful tools. But the strength of the American system is they will resolve it, if necessary by counting heads.

More Afghan War Documents

Wikileaks has published in association with the War Diarys above, a huge, unknown, encrypted file. Possibly more war documents ? A few hundred pages of /dev/random ? All it needs is a password to unlock it. Yes, I already tried "Assange" and all the dog names I could think of.

After getting the message below on each chromium start for months, I finally googled it:

Your profile could not be opened correctly.
Some features may be unavailable.  
Please check that the profile exists and you have permission to read and write its contents.

The solution for me was simple:

rm ~/.config/chromium/Default/History

I can't believe I suffered so long with a broken awesomebar which never found new history :(
Previously I assumed its something broken in chromium that would get fixed by a newer Ubuntu packages. The fix never came so I'm really happy that I finally found the solution today:
see Ariel's solution.<><

Earlier this week I started to work at a new company and like most companies these day they have secure WIFI and runs their internal network through a proxy server to connect to the internet.  One have to authenticate with the proxy server to access the internet.  This is normal procedure for about 99% of all companies out there.

Setting up Android to connect to the secure WIFi was a since. The problem started when I wanted to tell Android what proxy setting to use. To my dismay I found there is no way to define proxy settings on Android, nothing, nada, null.  Just google for android wifi proxy server and you will find lots of people complaining about it but I could not find any response from Google on this glaring omission.

Who in their right mind has made a decision like this, and we are not talking here about the first version of Android.  I have version 2.1 so they (google) had ample time to fix this.  I do not know what the situation is in 2.2.  Any 2.2 user want to check for me?

I have the privilege to share my birthday with some wellknown  people like Madonna (same age) and also the one thing that underpins the Operating System I use on a daily basis.  Yesterday, 16 August and 17 years ago Debian was born.  And Debian is the grand daddy of Ubuntu and all things **buntu*.

Congrats to Debian and all the people that makes Debian what it is.

Today, Debian turns 17. It’s great to see how one of the first GNU/Linux distributions out there still manages to be important and relevant. Happy birthday, Debian!

This may also be a good time to say thanks to a team or package maintainer who makes it possible.

Recently I needed to simulate a serial device (a GPS, to be precise) for a Windows application I'm modifying for a client.

I don't use Windows on a regular basis, but I do have a license for it, and an original Windows XP CD from back in the day, so I loaded Windows in a VirtualBox virtual machine for the odd occasion I might need Windows, like when I build the Windows version of OpenLP 2.0.

Fortunately for me, because I'm running Linux on my system, and I have Windows running in VirtualBox, it's actually quite easy to simulate a serial device.

VirtualBox allows you to specify where to connect the guest's serial device on the host, and provides a few options. I selected "pipe" which is a standard Un*x socket, and I set VirtualBox to create the pipe if it didn't exist. I set the value of the pipe to be /tmp/vbox-socket.

Next I hauled out an extremely handy little program called socat. I had to install this, but that was a simple case of sudo aptitude install socat. Once I had installed socat, I set up a connection from a pseudo serial device (man pty can tell you more about that) to the Un*x socket:

@:~$ socat UNIX-CONNECT:/tmp/vbox-socket PTY,link=/tmp/vbox-pty

That will create a pseudo serial device called /tmp/vbox-pty and connect the Un*x socket to the pseudo serial device. Now, to connect up your script to the PTY device, simply use the standard Linux redirection:

python gps_simulator.py > /tmp/vbox-pty

As you know, my HTC Desire looses the ability to write to the SD Card from time to time.  For the past 3 days or so this has not happened (touch wood) and I was wondering what was different over the past couple of days than before.  Note that I have not upgraded to Android 2.2 yet, still running the stock standard HTC Sense Android 2.1update1. 

The one thing that was different was that my phone’s battery stayed fairly charged.  I think over the last couple of days the battery never dropped below 40% and I kept it plugged into my USB or power socket when I could.  Now this make me think that the loosing of write access has something to do with battery power.  The moment the battery drops below a certain point, then the phone looses write access.  I do not know that much about the amount of power that is needed to write to a SD Card but I would assume it is more than reading the card.  I will be testing this theory out over the next couple of days.  Will keep my phone charged up and see if the write access holds.  If so then I will let it drain down and see what happens.  Will keep you all posted.

Technorati Tags: htc desire sd card problems

It looks like we will move the Stellenbosch Ubuntu Hour to a Saturday at eleven for the time being. This is due to the larger attendance we had today, 7 Aug, at the Java cafe. Maybe it's just left over excitement spilling over from the re-approval success of last Tuesday. We discussed T-shirts and things to do at the GlobalJam, how to get free CDs to distribute at the begining of student registration and a few other things (Hilton in a penguin suit? tin-foil hats?) while we waited and waited and waited for coffee. Yes another venue next time is a good idea. Watch the mailing list, irc or website for details.

My first tweet

When I first started this blog, I started with a self-referential piece .

There I covered snail mail, fax, email, Usenet News and instant messaging (AIM and others). Since then I have been blogging, and I have stats on what people look at. My most popular posts appear to be those on Zulu weddings, and my visit to the school where One Laptop per Child was launched in Nigeria.

Since then I learned IRC, (which you see below), which is a more refined tool than the old unix "talk" where you just banged a message on their screen. I like IRC, and especially the Cape Linux Users Group IRC chatroom. A busy linux users group, where we get together once in a while, either for technical talks or Geekdinners. It is my first port of call if I am stuck on some problem to do with programming or system administration.

Facebook arrived. Facebook has a walled garden feel to it - you are writing to and for your friends, not the world at large. Its major value is connecting with old friends, like school buddies. A lot of the privacy options are slipping away as Facebook try to monetize their incredible popularity.

I am a trailing edge technology guy - 5 year old laptop is fine. This philosophy has served me well over Google Wave. But you buy new once in a while. So, I have resisted Twitter, as another rolled over version of stuff we have seen before above, but maybe it is different.

So I am blogging the IRC conversation that lead to my first tweet. Delicate temperaments might be a little surprised at the robust exchanges, but in real-time cyberspace there is a sliding line between truth and fiction, joking and seriousness. Spinach, below, is a 'bot - a program that lives in the chatroom to perform helpful things like check the weather forecast and leave people messages.

• 19:20 * wizzy gets a 3 minute international phone call from Kenneth Kaunda's grandson replying to http://en.wikipedia.org/wiki/User_talk:Mkaund
• 20:01 <&highvoltage> wizzy: wow :)
• 20:01 <&highvoltage> wizzy: you should tweet that
• 20:07 * wizzy doesn't tweet
• 20:07 <&highvoltage> it's about time you start.
• 20:08 < wizzy> highvoltage: I'm scared
• 20:08 <&highvoltage> that irc oneliner you posted is really cool but it will go forgotten in our irc logs.
• 20:08 < wizzy> I am only just getting the hang of IRC
• 20:09 <&highvoltage> I'm too and that didn't stop me
• 20:09 < wizzy> will it be remembered in tweettown?
• 20:10 <&highvoltage> yep, people can mark it as a favourite, they can repeat it, google can find it, it can be indexed/searched better...
• 20:10 <&highvoltage> just make sure Vhata follows you (at least in the beginning), and he'll be sure to tell you when you do anything kak
• 20:11 <&highvoltage> doing that and following some basic guidelines will turn you into a pro in no time
• 20:13 <&tumbleweed> joe reports that GD change has been submitted to org.za
• 20:47 <&highvoltage> man reflective screens suck in offices with stupid flourecent lighting
• 21:00 < wizzy> Spinach: twitter
• 21:00 < Spinach> wizzy: twitter is http://www.penny-arcade.com/comic/2008/4/23/
• 21:03 < wizzy> I bet Kenneth Kaunda's grandson doesn't tweet
• 21:59 < wizzy> highvoltage: I tweeted. Am I as hip as Vhata yet ?
• 22:02 * Vhata is basically one large pelvic bone
• 22:12 < wizzy> http://twitter.com/wizzyct
• 22:13 * wizzy is too much the noob to know if the hip people find out about their followers
• 22:13 < cocooncrash> Spinach: last tweet from wizzyct
• 22:13 < Spinach> cocooncrash: "wizzy gets a 3 minute international phone call from Kenneth Kaunda's grandson replying to http://en.wikipedia.org/wiki/User_talk:Mkaund" 19 minutes and 11 seconds ago, http://twitter.com/wizzyct/status/20163674522
• 22:16 <&highvoltage> I just realised I don't know how to favourite a tweet in twitter (identi.ca is easier like that)

The GlobalJam in Cape Town will be held 27 Aug 14:00 - 18:00 at the Shuttleworth Lab. More on what will be on the program as soon as I know. Hopefully there will be Jams elsewhere in the country.
Just some handy hints on how to find out what is happening in the ubuntu-za community:You can go to the loco team page and find the handy links next to Upcoming events. There is an rss feed and an official ical feed which you can add to your favourite rss feed reader or calendar utility.You can also subscribe to the mailing list or talk to us on IRC or ask in the forum. Then there is the ubuntu-za.org website which will have info on the home page. Then sometimes people twitter and identi.ca and there is another more detailed ical feed as well.
Almost any style of web communication is supported, so no more excuses. To paraphrase Dr Suess in his classic work, Marvin K. Mooney will you Please go now?You can go on stilts.
You can go by fish.

You can go in a Crunk car if you wish.

Here is an update on my earlier post. Leaf, the distributors of HTC phones in South Africa has clarified the situation regarding Android updates in South Africa.  I quote from a article that appeared on MyBroadband:
To make zero-rated firmware OTA (FOTA) possible the operators need to agree to it and the required infrastructure needs to be put in place. Leigh explained that Leaf had already met with all the operators and that the system’s deployment is held up only by the zero-rating agreements and setup of local servers to host the updates.

“We’re a couple of months behind in South Africa, but it is coming,” Leigh said. He added that getting all the agreements and servers in place would be a 2-4 week process.

When asked about those people that did received the update, this was the answer:
There have been numerous reports from South African HTC Desire users receiving an update to Android 2.2 “Froyo” over the weekend and early this week.

Leigh said that this would only be possible for users who didn’t purchase their phones in South Africa. There are users that were able to update their phones that assert that they obtained their phones through operators such as Vodacom and MTN, however.

If these reports are accurate it could suggest that the FOTA systems were being tested during the times that the updates were available or that some devices sold by operators point at international update servers.

This all seems very feasible but I do not like that Leaf nake assumptions on my behalve.  What if I can update my phone via WIFI and have the bandwidth available?  Let me decide when and how I want to receive the OTA.  It is good that they try to get the update zero-rated but I should be given the option to do it now even if there is a cost involved and I am prepared to pay for it.

So it looks like us with network (MTN, Vodacom) supplied phones will still have to wait a while.

Yes, I know I can load an updated ROM like some has done.

Technorati Tags: htc desire android upgrade

I have more than one @gmail.com account that I use on a daily basis.  Yesterday Google enabled to make it possible to log into more than one account at the same time.  There currently is a limit of 3 accounts you can be logged into at the same time.

Here you can see that I have 3 tabs open with 3 different @gmail.com accounts simultaneously.  

At the top where you normally see the account you currently logged into, there is a dropdown with all the accounts that you can log into or switched to if you already logged into that account.

If you want to know how to set this up the just visit this page – http://googlesystem.blogspot.com/2010/08/google-multiple-sign-in-now-available.html

Technorati Tags: Google Multiple Sign-in

I think most folks are probably well aware of the Windows Subversion client, TortoiseSVN. It has been around for a number of years, and is easily one of the most handy version control clients on any platform.

Recently, I have been wanting to be able to do the same thing in Linux. Simply right-click and update. Sure I can use the command line, and sure I could even use Bazaar Explorer, but I don't always have a terminal open, and Bazaar Explorer doesn't work with files as much as workflow, and that doesn't always fly.

So, I started looking around to find out how I could edit Konqueror or Dolphin's context menu, or "service menu" as it is known in FreeDesktop terms. After much hunting, looking at existing service menu files, I was able to put together a submenu for QBazaar, the Qt dialogs for Bazaar (the same dialogs that get used in TortoiseBZR, in fact).

You can get my QBazaar.desktop file from the Scripts & Programs section on my blog. Once you have downloaded it, you need to copy it into the following location:

~/.kde/share/kde4/services/ServiceMenu

Note: The capitalisation is required, so don't make "ServiceMenu" all small letters.

In my last post, I talked about using Bazaar on Subversion repositories. Soon afterward, David Rubin asked me in IRC if I can do the standard branching and merging on a Bazaar working copy of a Subversion repository, and how easy it is.

The answer is, "Yes, very easy." In fact, you don't even need to care that it is from a Subversion repository. For instance:

@:~$ bzr checkout https+urllib://svn.domain.com/svnroot/project/trunk trunk
@:~$ bzr branch trunk newfeature
@:~$ cd newfeature
[... do some stuff ...]
@:~$ bzr commit
@:~$ cd ../trunk
@:~$ bzr merge ../newfeature
@:~$ bzr commit

All done!

Coming week HTC will start to roll out Froyo (Android 2.2) to some users in Europe. Just to give you an idea what is new in Froyo:

• 720p video recording
• iTunes syncing via HTC’s Sync software — this is for all you Windows guys/gals out there
• The “AppShare” widget that came on the Wildfire
• Smart CallerID

In South Africa HTC devices are distributed by Leaf so the question arises, when will us HTC Desire owners see the rollout of Froyo here in South Africa. I just had a look at the Leaf website and to be honest, what a waste of time.  Over the past week I tried to get some answers out of Leaf and that was even a bigger waste of time.

If one looks at the upgrade for HTC Hero (from Android 1.6 to Android 2.1) by Leaf then I am not very hopeful that we will see anything soon.

I know that HTC sometime make the update pack available on their site for manual download and upgrade. Here is a way to manually upgrade as soon as that pack becomes available. Unfortunately that download was pulled by HTC but I am sure it will become available again as soon as the OTA upgrade starts in Europe.  You do not need to root you’re phone to use this upgrade.  It is the official HTC update with Sense in it.

So lets see what the coming week bring’s and Roy, do not check your update every couple of minute – you going to workout that button

Technorati Tags: htc desire upgrade to froyo

A few weeks ago I moved to Québec, Canada. Today I bought this car from a colleague at Révolution Linux, he doesn’t need it anymore since he’s moving to Montréal. He bough it just a few months ago from another colleague who moved to France.

It doesn’t have a CD player, instead, it has a tape deck, which plays analogue magnetic tapes. They’re horribly obsolete now but this was how I listened to music way back when I was a kid. Another college that lives down the street from me has a hi-fi with a CD player AND a tape deck. I was planning to go there to write the Offspring Smash album to tape, it’s one of my favourite driving albums and I never tire from it.

All the tapes from 2 owners back was still in the car. I decided to remove them when I got home this afternoon. The *first* tape I took out happened to be this one:

I was amazed and delighted! Then I removed the next tape:

It had “High voltage” written on it, which is very close to my IRC/Identica/Twitter nickname, “highvoltage”. If I were at all superstitious, I’d take it as a very good sign that this car will serve me very well!