JDPFu.com 2025

In this Tax season, I find myself needing to share sensitive documents with relatively unsophisticated people and organizations. How should I share my files with them?

The Options

There are a few options to get those sensitive files to a provider. I will attempt to list the options, then describe the problems with each. Sadly, there aren’t any good solutions unless the service provider already has a solution setup. In my experience, be it an accountant, lawyer, doctor or shipping company, they do not.

1. Encrypted Email with PGP or OpenPG or GnuPG
2. Encrypted files, probably ZIPped attached to emails with a shared password
3. Encrypted shared file service – perhaps Dropbox or sftp
4. SSL Encrypted web portal with non-trivial userids and passwords

Sadly, there is no universal standard for sharing files, securely.

I’ve been playing with XBMC on an Asus Eee 1008H for a few months, but never bothered to set it up as the main player in the house. This weekend, I attended a demonstration of XBMC at a local computer security meeting and was impressed. Very Impressed. Below are some tips that I learned setting up XBMC on my home network.

Oct 2013 Update

Sometimes companies do slimy things. It is usually because they didn’t think through the decision and I suspect Canonical simply didn’t think thru this decision before doing it.

Think again, Canonical.

BTW, Canonical puts together and markets the Ubuntu distribution of the Linux operating system. I have 15+ Ubuntu systems running here – most are servers. Ubuntu is based on FLOSS superheros Debian and Gnome and thousands of other FLOSS project teams, like Banshee. I don’t want to downplay what Canonical has done for Linux and usability, but the Debian guys do a tremendous amount of completely free work that is the base of Ubuntu and many other Linux distributions.

Amazon Affiliate

Banshee is a popular audio player on Linux. Banshee has an Amazon MP3 Music affiliate key embedded in their program so MP3 purchases made by users through that interface give them a little finders’ fee. This is common practice in open source software. Firefox earned millions of dollars last year from Google doing this.

Think again, Canonical.

Big Money

Banshee earned less than $3100 last year from this affiliate program. Further, the Banshee developers give all that money to the Gnome foundation – another critical FLOSS software project that almost every Linux distribution makes use of. Canonical decided to change that affiliate code in the Banshee version released with Ubuntu so that Canonical keeps 75% of the money and passes on 25% to Banshee. Uh … sorry … Canonical. Didn’t your mother teach you that stealing is wrong?

Think again, Canonical.

Ask and Negotiate First

Canonical, if you had contacted the Banshee guys and worked out an agreement, I bet that some win-win solution could be found. Sure, your distribution of Banshee as the default music player will certainly increase the number of users and probably increase the amount of cash the affiliate program makes.

Canonical. You are acting like Facebook and Apple and Microsoft. Stop it.

With the new Debian Squeeze release and Mint-Linux, Ubuntu users have viable alternatives. I hope that Canonical/Ubuntu rethinks this stealing and comes up with a published revenue sharing model that works for all FLOSS projects they distribute. Hummmmm. That has me thinking …

If you are in IT, you hear Open Source Software – OSS – all the time. This is better than Closed Source_, but alone it still doesn’t mean you can modify the code or install it on 2,000 machines for no added costs. Wikipedia article on Free Software Licenseslicence .

Terms like

• OSS – Open Source Software
• FOSS – Free Open Source Software
• FLOSS – Free Libre Open Source Software

have vastly different meaning today.

10 yrs ago, OSS was enough. Then commercial software started being released with the source code, but still contained the same proprietary restrictions. Many companies had source code licenses to C++ libraries from Rogue Wave Software. We could see how everything was implemented, but were not allowed to modify the code or the libraries to our needs. Often OSS is still commercial and requires payment for use.

FOSS goes another step. It adds free, as in cost, to the software. You can use it for free and you can have the code, but you may be restricted from modifying, distributing, or the number of systems where you run it. Lots of newer open core software projects use this loophole. They advertise FOSS everywhere, but retain significant restrictions.

FLOSS adds Libre, the Spanish term for Freedom to the discussion. This is what I prefer my software. Zero, or very low, cost. You are free to modify (or pay someone else to modify it). You have the source code and you can give it away and/or run it on 2,000 machines without any cost.

There are lots of different Open Source License Agreements for software. I’m not a lawyer, but I have read most of the agreements and think that I understand them. Always read the agreement and/or get legal advice on each license agreement yourself.

Summary of Popular Software License Agreements

Big, centralized, services like Facebook and Twitter are great when all your friends are there … until there is an outage. If you update or tweet constantly, you can notice when those tools are down. There are alternatives that are not centralized.

Identi.ca, A Twitter Alternative

The guys over at status.net have a free micro-blogging site (i.e. twitter clone) that is both centralized, but also supports federation. Federated services work like email does. Lots and lots of servers communicating using a standard protocol. If any single server goes down, that doesn’t matter, the exchange of ideas keep flowing.

Federation Is Good for Freedom

Timeline

• 9/10 President of Microsoft’s Business division leaves to become Nokia’s CEO
• 9/14 Nokia World doesn’t mention MeeGo at all
• Nokia Leaves MeeGo Alliance
• 2/10 Nokia and Microsoft form a partnership to push Windows Mobile7 on Nokia phones

A few links

• New CEO
• MeeGo not mentioned at Nokia World in 2010.
• Windows Mobile 7 Partnership

Linux Hate

We all know that Microsoft doesn’t like Linux. It is afraid and it should be. Microsoft owns the desktop, but not much else. The millions and millions of uncounted Linux servers and Android cell phones is cleaning Microsoft out of those markets. All that Cloud Computing stuff runs on Linux. For IT professionals, Linux is a joy to use and saves over $100/month in added costs required for a Microsoft solution.

To be fair, Maemo (which I have 3 yrs experience with) wasn’t ever going to be a mainstream mobile platform. It wasn’t sexy and was missing some critical software – the contact manager was a joke. I can’t really blame Nokia for wanted to back out from a business perspective. Most GUI designers, fewer engineeers would have helped.

If this wasn’t carefully planned, I’d be surprised. It was an easy and cheap way to effectively kill Linux at Nokia and turn a competitor into a pawn. Nice job Microsoft. As a stock holder, I’m encouraged. OTOH, I really need to sell those MSFT shares.

Seems the other news media caught on to this.

I use Firefox – whatever version that Ubuntu 10.04 LTS pushes. I don’t do beta testing – that is for the younger crowd.

Today, I found another extension that I’ll probably enable for shopping, but disable the rest of the time.

InvisibleHand

InvisibleHand is a browser extension that watches as you shop on 20-100 websites and suggests alternative, cheaper places to purchase the same item. When you finally get to a specific item page, it looks for that same item on all those other websites and show you where you can find it cheaper. It isn’t perfect, but WOW! For some items, you’ll see over 50% savings and for others, just a few dollars. Some of the suggested cheaper websites are not places that I’ve shopped before and for a few dollars, I’d probably go to NewEgg or Amazon first. Still, when Amazon isn’t priced right, seeing a $30 savings another company I’ve heard of before is nice. I found that most of the time, the alternative was exactly the same item, however, once it suggested the wrong model device, so definitely check that the suggested alternative really is what you want.

Came across this article form 2004 about a small business that dumped Microsoft after the BSA showed up and discovered 8 installed, but not used, pieces of software on their systems. Keeping up with software licenses is tough. The software marshals arrived, closed his business for the audit and found about 8 pieces of unlicensed software. $65K in fines and $35K in legal fees forced him to settle rather than fight.

The CEO got mad and told his IT guys to dump Microsoft. This was back in 2004. Back then, things were harder than today. That company doesn’t use any Microsoft products anymore, but they do use proprietary tools. Redhat Linux was their choice back then. I’d be curious to find out whether they’ve changed to CentOS on their servers or a different desktop.

Key Takeaways

Stolen from my comment over at LH …

1. Launch a Distributed Denial Of Service attack, DDoS
2. Setup your own botnet
3. Spread spyware
4. Release huge password databases
5. Release hacks for PS3s

Most of the time, Cloud Computing = Careless Computing.

Just because something is free and easy, doesn’t mean you should actually use it.

OTOH, there are times where using the Cloud makes perfect sense. When you want the widest distribution of data/info possible. In that case, remote, carefree computing is perfect.

When in doubt, don’t put it into the cloud because you can never get it back regardless of what the ToS say. IT security professionals are split on whether anything can be secured in the cloud. Certainly there are ways to accomplish it, but those methods are probably out of reach for individuals. I would have zero expectation of any real security on shared hosts or shared storage, but many people consider me paranoid. If it were your corporate data in the cloud, wouldn’t you want someone who is paranoid validating the security architecture?

You visit a web site and like the article enough to want to post a comment … of some kind. Then the website has a block that prevents you from posting. Comment-blocking. They do this by:

• login required or
• 3rd party service for comments
• non-working captcha
• requiring javascript for commenting of any kind (usually for anti-privacy domains like google.com)

Boo. The internet should be anonymous, if you want it that way. Sometimes you just want to say something without the repercussions to other areas of your life.

If I were not afraid of the repercussions, I’d setup a database of logins to websites that you could use to post with. If I had friends in foreign countries with servers, we could setup a loose federation.

Wouldn’t it be nice if we didn’t have to choose against privacy?

BTW, you can post on-topic comments here without a login.